-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Allow guests to operate in encrypted rooms #7314
Conversation
Signed-off-by: Michael Albert <michael.albert@awesome-technologies.de>
@awesome-michael Looks like this needs a newsfile added (and maybe a merge from develop since it has been a bit)? Were you waiting for feedback on the approach? |
Is a newsfile the same as the changelog mentioned in the checklist? |
synapse/rest/client/v1/events.py
Outdated
@@ -81,7 +81,7 @@ def __init__(self, hs): | |||
self._event_serializer = hs.get_event_client_serializer() | |||
|
|||
async def on_GET(self, request, event_id): | |||
requester = await self.auth.get_user_by_req(request) | |||
requester = await self.auth.get_user_by_req(request, allow_guest=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this endpoint is deprecated, and nothing should be using it. See https://matrix.org/docs/spec/client_server/r0.6.1#deprecated-get-matrix-client-r0-events-eventid.
yes.
The list of endpoints which guests can access is specced at https://matrix.org/docs/spec/client_server/r0.6.1#id112. If we want to open up more endpoints, then that is a spec change, which would require a spec-change proposal. I'm a bit surprised if |
@awesome-manuel just checking in on this. are you still interested in working on it? |
From your last comment I assume there is a spec change needed before this PR can be used. Unfortunately I'm not sure I can write a propper spec-change proposal for that as I'm not enough into the details of the existing guest concept. |
Ok, thanks. My impression is that having guests operate in e2e rooms is a fundamentally flawed concept, since there is no way for them to get the keys to the events in the room (which is probably as it should be: there's no point in encrypting events if anyone can turn up as a guest and get the keys to those events). So for now I'm going to close this, but if you'd like to discuss this in more detail, we can! |
I kind of disagree. If you dont want guests to join the room thats what the guest join rules are for. Now you force guests (and users that want to communicate with them) to use unencrypted rooms. |
The chat is probably still encrypted (HTTPS), just not e2e encrypted. The hard problem with encryption is usually key management. How do you manage keys with a guest account? |
Maybe we should explain our use case in more detail:
Especially the last point is tricky to enforce with normal user accounts, so we had the idea to use guest accounts for that. The guest accounts are only for temporary conversations and all content can or must be deleted after that conversation. |
Ok, this is fair, and I mis-spoke when I said that this was a fundamentally flawed concept; I'd forgotten that guest users could actually join rooms in the same way as normal users. Now that I look again at the list of what guest users can and can't do, I can't actually see much reason that e2e shouldn't work for them. So a couple of things here: firstly, have you actually tested this, and confirmed that it is both necessary and sufficient to get e2e working correctly for guest accounts? If so, I'd very much encourage you to create an MSC for this: it shouldn't need much more than creating a document that explains the proposed change and why it is a useful extension to the protocol. However, I'd also say this: it's unclear to me what role guest accounts actually have in the matrix protocol and where the lines of what you can and can't do end up. That's a larger topic which might bear discussion in
Have you looked into third_party_event_rules? https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml#L2163. It provides a hook where you can say whether a given user is, or is not, allowed to create a room. |
Now that the MSC is merged, would you open this PR again or should I file a new one? |
9c1f9b9
to
5d323c2
Compare
@awesome-michael I think you'll need to merge in |
@awesome-michael Your changelog must end in either For this change, I would probably mark it as a |
Thanks for that hint.. the error message didn't help me getting there.. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you for bearing with this while the CI completed!
(As a note for future reference: ideally changes like this to the specified behaviour of the API would be backed up with sytest
tests to ensure that the new feature doesn't regress, and so that other homeserver implementations also provide the specced behaviour. But in this case that would probably be more work than making the code change, so I'll not insist on it.)
Synapse 1.19.0rc1 (2020-08-13) ============================== Removal warning --------------- As outlined in the [previous release](https://github.com/matrix-org/synapse/releases/tag/v1.18.0), we are no longer publishing Docker images with the `-py3` tag suffix. On top of that, we have also removed the `latest-py3` tag. Please see [the announcement in the upgrade notes for 1.18.0](https://github.com/matrix-org/synapse/blob/develop/UPGRADE.rst#upgrading-to-v1180). Features -------- - Add option to allow server admins to join rooms which fail complexity checks. Contributed by @lugino-emeritus. ([\#7902](#7902)) - Add an option to purge room or not with delete room admin endpoint (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). Contributed by @dklimpel. ([\#7964](#7964)) - Add rate limiting to users joining rooms. ([\#8008](#8008)) - Add a `/health` endpoint to every configured HTTP listener that can be used as a health check endpoint by load balancers. ([\#8048](#8048)) - Allow login to be blocked based on the values of SAML attributes. ([\#8052](#8052)) - Allow guest access to the `GET /_matrix/client/r0/rooms/{room_id}/members` endpoint, according to MSC2689. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#7314](#7314)) Bugfixes -------- - Fix a bug introduced in Synapse v1.7.2 which caused inaccurate membership counts in the room directory. ([\#7977](#7977)) - Fix a long standing bug: 'Duplicate key value violates unique constraint "event_relations_id"' when message retention is configured. ([\#7978](#7978)) - Fix "no create event in auth events" when trying to reject invitation after inviter leaves. Bug introduced in Synapse v1.10.0. ([\#7980](#7980)) - Fix various comments and minor discrepencies in server notices code. ([\#7996](#7996)) - Fix a long standing bug where HTTP HEAD requests resulted in a 400 error. ([\#7999](#7999)) - Fix a long-standing bug which caused two copies of some log lines to be written when synctl was used along with a MemoryHandler logger. ([\#8011](#8011), [\#8012](#8012)) Updates to the Docker image --------------------------- - We no longer publish Docker images with the `-py3` tag suffix, as [announced in the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/UPGRADE.rst#upgrading-to-v1180). ([\#8056](#8056)) Improved Documentation ---------------------- - Document how to set up a client .well-known file and fix several pieces of outdated documentation. ([\#7899](#7899)) - Improve workers docs. ([\#7990](#7990), [\#8000](#8000)) - Fix typo in `docs/workers.md`. ([\#7992](#7992)) - Add documentation for how to undo a room shutdown. ([\#7998](#7998), [\#8010](#8010)) Internal Changes ---------------- - Reduce the amount of whitespace in JSON stored and sent in responses. Contributed by David Vo. ([\#7372](#7372)) - Switch to the JSON implementation from the standard library and bump the minimum version of the canonicaljson library to 1.2.0. ([\#7936](#7936), [\#7979](#7979)) - Convert various parts of the codebase to async/await. ([\#7947](#7947), [\#7948](#7948), [\#7949](#7949), [\#7951](#7951), [\#7963](#7963), [\#7973](#7973), [\#7975](#7975), [\#7976](#7976), [\#7981](#7981), [\#7987](#7987), [\#7989](#7989), [\#8003](#8003), [\#8014](#8014), [\#8016](#8016), [\#8027](#8027), [\#8031](#8031), [\#8032](#8032), [\#8035](#8035), [\#8042](#8042), [\#8044](#8044), [\#8045](#8045), [\#8061](#8061), [\#8062](#8062), [\#8063](#8063), [\#8066](#8066), [\#8069](#8069), [\#8070](#8070)) - Move some database-related log lines from the default logger to the database/transaction loggers. ([\#7952](#7952)) - Add a script to detect source code files using non-unix line terminators. ([\#7965](#7965), [\#7970](#7970)) - Log the SAML session ID during creation. ([\#7971](#7971)) - Implement new experimental push rules for some users. ([\#7997](#7997)) - Remove redundant and unreliable signature check for v1 Identity Service lookup responses. ([\#8001](#8001)) - Improve the performance of the register endpoint. ([\#8009](#8009)) - Reduce less useful output in the newsfragment CI step. Add a link to the changelog section of the contributing guide on error. ([\#8024](#8024)) - Rename storage layer objects to be more sensible. ([\#8033](#8033)) - Change the default log config to reduce disk I/O and storage for new servers. ([\#8040](#8040)) - Add an assertion on `prev_events` in `create_new_client_event`. ([\#8041](#8041)) - Add a comment to `ServerContextFactory` about the use of `SSLv23_METHOD`. ([\#8043](#8043)) - Log `OPTIONS` requests at `DEBUG` rather than `INFO` level to reduce amount logged at `INFO`. ([\#8049](#8049)) - Reduce amount of outbound request logging at `INFO` level. ([\#8050](#8050)) - It is no longer necessary to explicitly define `filters` in the logging configuration. (Continuing to do so is redundant but harmless.) ([\#8051](#8051)) - Add and improve type hints. ([\#8058](#8058), [\#8064](#8064), [\#8060](#8060), [\#8067](#8067))
* commit 'b6c6fb795': Allow guests to operate in encrypted rooms (#7314)
Guests are not able to operate in encrypted rooms and keep getting lots of errors. These changes enable the guests to write in encrypted rooms. I think one problem is that the guest was not allowed to get the member list of the room and therefore had no list which encryption keys he has to request to encrypt his message properly.
Honestly I'm not sure why I needed the change in the events.py file. I tested this configuration and guests can write and read in encrypted rooms now.
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.Signed-off-by: Michael Albert michael.albert@awesome-technologies.de