prune_event strips keys needed for authentication from events.

[NegativeMjark]

It looks like we've been using keys in the event authentication checks without making sure they won't be removed when an event is redacted:

• third_party_invite JSON keys in invite m.room.member event content.
• redacts JSON keys in m.room.redaction events (fixed by msc2716, Implement MSC2176: Updated redaction rules #8984)
• m.federate JSON keys in m.room.create events (fixed by msc2716, Implement MSC2176: Updated redaction rules #8984)

https://github.com/matrix-org/synapse/blob/v0.18.7/synapse/events/utils.py#L41-L57
https://github.com/matrix-org/synapse/blob/v0.18.7/synapse/events/utils.py#L69
https://github.com/matrix-org/synapse/blob/v0.18.7/synapse/events/utils.py#L71

Unfortunately fixing this will break the event signature checks for those events.

[richvdh]

I think this will be fixed by #8984, if/when it ever makes it into a production room version.

[babolivier]

I think this will be fixed by #8984, if/when it ever makes it into a production room version.

It looks like that PR/MSC only fixes things for the redacts key, not third_party_invite or m.federate.

[richvdh]

mmm, true

[richvdh]

as matrix-org/matrix-spec-proposals#2176 (comment) says, MSC2176 doesn't fix third_party_invite.

#8984 does fix m.federate: https://github.com/matrix-org/synapse/pull/8984/files#diff-cd497404c31b1cbaa0bcc442a4c10f1151d151c01e1208e40aede55635e9ab8eR103.

[turt2live]

I've started an MSC2176 2.0 to handle third_party_invite and whatever else we notice: matrix-org/matrix-spec-proposals#3821

[clokep]

I've started an MSC2176 2.0 to handle third_party_invite and whatever else we notice: matrix-org/matrix-spec-proposals#3821

Note that #15563 implements MSC3821. So (assuming the MSC is accepted) we should be able to close this when that's released in a room version.