From 2890218c4b81c260239549d909ca7440bd0510a5 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 15 Nov 2021 14:05:52 +0000 Subject: [PATCH] Tweak requirement checking for send join --- federationapi/routing/join.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/federationapi/routing/join.go b/federationapi/routing/join.go index c68f4d1a..67c0d193 100644 --- a/federationapi/routing/join.go +++ b/federationapi/routing/join.go @@ -530,10 +530,10 @@ func SendJoin( } } if joinRule.JoinRule == gomatrixserverlib.Restricted { - if ev, err := verifyRestrictedMembershipForSendJoin( + if signedEvent, err := verifyRestrictedMembershipForSendJoin( httpReq.Context(), cfg, rsAPI, provider, event, joinRule, ); err == nil { - event = ev + event = signedEvent } else { logrus.WithError(err).Error("Failed to verify restricted join") return util.JSONResponse{ @@ -603,6 +603,13 @@ func verifyRestrictedMembershipForSendJoin( return nil, fmt.Errorf("json.Unmarshal(memberContent): %w", err) } + // If there's no `join_authorised_via_users_server` key then there's + // nothing else to do. Return the original event and it'll either + // succeed for some other reason or it will fail auth. + if memberContent.AuthorisedVia == "" { + return event, nil + } + // As a last effort, see if any of the restricted join rules match. // If so, we might be able to modify and sign the event so that it // does pass auth. @@ -649,9 +656,7 @@ func verifyRestrictedMembershipForSendJoin( continue } - // Now look through all of the join events of the other members. Our goal - // is to try and find a user from our own server that has a suitable power - // level to popuate into the `join_authorised_via_users_server` field. + // Now look through all of the join events of the nominated user. for _, member := range queryRes.JoinEvents { // Check if the user is the selected user from the join event. if *member.StateKey != memberContent.AuthorisedVia { @@ -669,7 +674,7 @@ func verifyRestrictedMembershipForSendJoin( } } - return event, nil + return nil, fmt.Errorf("the required memberships were not satisfied") } type eventsByDepth []*gomatrixserverlib.HeaderedEvent