Merge branch 'main' into main

Author: S7evinK

eventV2.go

@@ -196,6 +196,7 @@ var lenientByteLimitRoomVersions = map[RoomVersion]struct{}{
 	RoomVersionV8:        {},
 	RoomVersionV9:        {},
 	RoomVersionV10:       {},
+	RoomVersionV11:       {},
 	RoomVersionPseudoIDs: {},
 	"org.matrix.msc3787": {},
 	"org.matrix.msc3667": {},

eventauth.go

@@ -370,7 +370,11 @@ func (a *allowerContext) update(provider AuthEventProvider) {
 		}
 	}
 	if e, _ := provider.PowerLevels(); a.powerLevelsEvent == nil || a.powerLevelsEvent != e {
-		if p, err := NewPowerLevelContentFromAuthEvents(provider, a.create.Creator); err == nil {
+		creator := ""
+		if a.createEvent != nil {
+			creator = string(a.createEvent.SenderID())
+		}
+		if p, err := NewPowerLevelContentFromAuthEvents(provider, creator); err == nil {
 			a.powerLevelsEvent = e
 			a.powerLevels = p
 		}
@@ -431,21 +435,15 @@ func (a *allowerContext) createEventAllowed(event PDU) error {
 	if sender.Domain() != event.RoomID().Domain() {
 		return errorf("create event room ID domain does not match sender: %q != %q", event.RoomID().Domain(), sender.String())
 	}
-	c := struct {
-		Creator     *string      `json:"creator"`
-		RoomVersion *RoomVersion `json:"room_version"`
-	}{}
-	if err := json.Unmarshal(event.Content(), &c); err != nil {
-		return errorf("create event has invalid content: %s", err.Error())
-	}
-	if c.Creator == nil {
-		return errorf("create event has no creator field")
+
+	verImpl, err := GetRoomVersion(event.Version())
+	if err != nil {
+		return nil
 	}
-	if c.RoomVersion != nil {
-		if !KnownRoomVersion(*c.RoomVersion) {
-			return errorf("create event has unrecognised room version %q", *c.RoomVersion)
-		}
+	if err = verImpl.CheckCreateEvent(event, KnownRoomVersion); err != nil {
+		return err
 	}
+
 	return nil
 }
 
@@ -1013,7 +1011,7 @@ func (m *membershipAllower) membershipAllowed(event PDU) error { // nolint: gocy
 
 	// Special case the first join event in the room to allow the creator to join.
 	// https://github.com/matrix-org/synapse/blob/v0.18.5/synapse/api/auth.py#L328
-	if m.targetID == m.create.Creator &&
+	if m.targetID == string(m.createEvent.SenderID()) &&
 		m.newMember.Membership == spec.Join &&
 		m.senderID == m.targetID &&
 		len(event.PrevEventIDs()) == 1 {

eventcontent.go

@@ -575,3 +575,27 @@ type RelatesTo struct {
 	EventID      string `json:"event_id"`
 	RelationType string `json:"rel_type"`
 }
+
+func noCheckCreateEvent(event PDU, knownRoomVersion knownRoomVersionFunc) error {
+	return nil
+}
+
+func checkCreateEvent(event PDU, knownRoomVersion knownRoomVersionFunc) error {
+	c := struct {
+		Creator     *string      `json:"creator"`
+		RoomVersion *RoomVersion `json:"room_version"`
+	}{}
+	if err := json.Unmarshal(event.Content(), &c); err != nil {
+		return errorf("create event has invalid content: %s", err.Error())
+	}
+	if c.Creator == nil {
+		return errorf("create event has no creator field")
+	}
+	if c.RoomVersion != nil {
+		if !knownRoomVersion(*c.RoomVersion) {
+			return errorf("create event has unrecognised room version %q", *c.RoomVersion)
+		}
+	}
+
+	return nil
+}

eventcontent_test.go

@@ -217,11 +217,13 @@ func TestMXIDMapping_SignValidate(t *testing.T) {
 	assert.NoError(t, err)
 
 	// this should pass
-	err = validateMXIDMappingSignature(context.Background(), ev, &StubVerifier{}, verImpl)
+	evMapping, err := getMXIDMapping(ev)
+	assert.NoError(t, err)
+	err = validateMXIDMappingSignatures(context.Background(), ev, *evMapping, &StubVerifier{}, verImpl)
 	assert.NoError(t, err)
 
 	// this fails, for some random reason
-	err = validateMXIDMappingSignature(context.Background(), ev, &StubVerifier{
+	err = validateMXIDMappingSignatures(context.Background(), ev, *evMapping, &StubVerifier{
 		results: []VerifyJSONResult{{Error: fmt.Errorf("err")}},
 	}, verImpl)
 	assert.Error(t, err)
@@ -231,7 +233,6 @@ func TestMXIDMapping_SignValidate(t *testing.T) {
 	ev, err = eb.Build(time.Now(), serverName, keyID, priv)
 	assert.NoError(t, err)
 
-	err = validateMXIDMappingSignature(context.Background(), ev, &StubVerifier{}, verImpl)
+	_, err = getMXIDMapping(ev)
 	assert.Error(t, err)
-
 }

eventcrypto.go

@@ -85,7 +85,11 @@ func VerifyEventSignatures(ctx context.Context, e PDU, verifier JSONVerifier, us
 
 		// Validate the MXIDMapping is signed correctly
 		if verImpl.Version() == RoomVersionPseudoIDs && membership == spec.Join {
-			err = validateMXIDMappingSignature(ctx, e, verifier, verImpl)
+			mapping, err := getMXIDMapping(e)
+			if err != nil {
+				return err
+			}
+			err = validateMXIDMappingSignatures(ctx, e, *mapping, verifier, verImpl)
 			if err != nil {
 				return err
 			}
@@ -154,28 +158,32 @@ func VerifyEventSignatures(ctx context.Context, e PDU, verifier JSONVerifier, us
 	return nil
 }
 
-// validateMXIDMappingSignature validates that the MXIDMapping is correctly signed
-func validateMXIDMappingSignature(ctx context.Context, e PDU, verifier JSONVerifier, verImpl IRoomVersion) error {
+func getMXIDMapping(e PDU) (*MXIDMapping, error) {
 	var content MemberContent
 	err := json.Unmarshal(e.Content(), &content)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// if there is no mapping, we can't check the signature
 	if content.MXIDMapping == nil {
-		return fmt.Errorf("missing mxid_mapping, unable to validate event")
+		return nil, fmt.Errorf("missing mxid_mapping")
 	}
 
-	var toVerify []VerifyJSONRequest
+	return content.MXIDMapping, nil
+}
 
-	mapping, err := json.Marshal(content.MXIDMapping)
+// validateMXIDMappingSignatures validates that the MXIDMapping is correctly signed
+func validateMXIDMappingSignatures(ctx context.Context, e PDU, mapping MXIDMapping, verifier JSONVerifier, verImpl IRoomVersion) error {
+	mappingBytes, err := json.Marshal(mapping)
 	if err != nil {
 		return err
 	}
-	for s := range content.MXIDMapping.Signatures {
+
+	var toVerify []VerifyJSONRequest
+	for s := range mapping.Signatures {
 		v := VerifyJSONRequest{
-			Message:              mapping,
+			Message:              mappingBytes,
 			AtTS:                 e.OriginServerTS(),
 			ServerName:           s,
 			ValidityCheckingFunc: verImpl.SignatureValidityCheck,

eventversion.go

@@ -33,8 +33,11 @@ type IRoomVersion interface {
 	CheckNotificationLevels(senderLevel int64, oldPowerLevels, newPowerLevels PowerLevelContent) error
 	CheckCanonicalJSON(input []byte) error
 	ParsePowerLevels(contentBytes []byte, c *PowerLevelContent) error
+	CheckCreateEvent(event PDU, knownRoomVersion knownRoomVersionFunc) error
 }
 
+type knownRoomVersionFunc func(RoomVersion) bool
+
 // StateResAlgorithm refers to a version of the state resolution algorithm.
 type StateResAlgorithm int
 
@@ -58,6 +61,7 @@ const (
 	RoomVersionV8        RoomVersion = "8"
 	RoomVersionV9        RoomVersion = "9"
 	RoomVersionV10       RoomVersion = "10"
+	RoomVersionV11       RoomVersion = "11"
 	RoomVersionPseudoIDs RoomVersion = "org.matrix.msc4014"
 )
 
@@ -96,6 +100,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV1,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV1,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV1,
@@ -115,6 +120,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV1,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV1,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV1,
@@ -134,6 +140,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -153,6 +160,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -172,6 +180,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -191,6 +200,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               disallowKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -210,6 +220,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -229,6 +240,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         allowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -248,6 +260,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         allowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -267,6 +280,27 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parseIntegerPowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         allowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
+		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
+		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
+		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
+	},
+	RoomVersionV11: RoomVersionImpl{
+		ver:                                    RoomVersionV11,
+		stable:                                 true,
+		stateResAlgorithm:                      StateResV2,
+		eventFormat:                            EventFormatV2,
+		eventIDFormat:                          EventIDFormatV3,
+		redactionAlgorithm:                     redactEventJSONV5,
+		signatureValidityCheckFunc:             StrictValiditySignatureCheck,
+		canonicalJSONCheck:                     verifyEnforcedCanonicalJSON,
+		notificationLevelCheck:                 checkNotificationLevels,
+		restrictedJoinServernameFunc:           extractAuthorisedViaServerName,
+		checkRestrictedJoin:                    checkRestrictedJoin,
+		parsePowerLevelsFunc:                   parseIntegerPowerLevels,
+		checkKnockingAllowedFunc:               checkKnocking,
+		checkRestrictedJoinAllowedFunc:         allowRestrictedJoins,
+		checkCreateEvent:                       noCheckCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -286,6 +320,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parseIntegerPowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         allowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -305,6 +340,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		parsePowerLevelsFunc:                   parseIntegerPowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
 		checkRestrictedJoinAllowedFunc:         disallowRestrictedJoins,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -323,6 +359,7 @@ var roomVersionMeta = map[RoomVersion]IRoomVersion{
 		checkRestrictedJoin:                    checkRestrictedJoin,
 		parsePowerLevelsFunc:                   parsePowerLevels,
 		checkKnockingAllowedFunc:               checkKnocking,
+		checkCreateEvent:                       checkCreateEvent,
 		newEventFromUntrustedJSONFunc:          newEventFromUntrustedJSONV2,
 		newEventFromTrustedJSONFunc:            newEventFromTrustedJSONV2,
 		newEventFromTrustedJSONWithEventIDFunc: newEventFromTrustedJSONWithEventIDV2,
@@ -404,6 +441,7 @@ type RoomVersionImpl struct {
 	restrictedJoinServernameFunc           func(content []byte) (spec.ServerName, error)
 	checkRestrictedJoinAllowedFunc         func() error
 	checkKnockingAllowedFunc               func(m *membershipAllower) error
+	checkCreateEvent                       func(e PDU, knownRoomVersion knownRoomVersionFunc) error
 	newEventFromUntrustedJSONFunc          func(eventJSON []byte, roomVersion IRoomVersion) (result PDU, err error)
 	newEventFromTrustedJSONFunc            func(eventJSON []byte, redacted bool, roomVersion IRoomVersion) (result PDU, err error)
 	newEventFromTrustedJSONWithEventIDFunc func(eventID string, eventJSON []byte, redacted bool, roomVersion IRoomVersion) (result PDU, err error)
@@ -470,6 +508,10 @@ func (v RoomVersionImpl) ParsePowerLevels(contentBytes []byte, c *PowerLevelCont
 	return v.parsePowerLevelsFunc(contentBytes, c)
 }
 
+func (v RoomVersionImpl) CheckCreateEvent(event PDU, knownRoomVersion knownRoomVersionFunc) error {
+	return v.checkCreateEvent(event, knownRoomVersion)
+}
+
 func (v RoomVersionImpl) CheckRestrictedJoin(
 	ctx context.Context,
 	localServerName spec.ServerName,

handlejoin.go

@@ -22,7 +22,6 @@ import (
 
 	"github.com/matrix-org/gomatrixserverlib/spec"
 	"github.com/matrix-org/util"
-	"github.com/tidwall/gjson"
 )
 
 type HandleMakeJoinInput struct {
@@ -351,15 +350,14 @@ func HandleSendJoin(input HandleSendJoinInput) (*HandleSendJoinResponse, error)
 	// validate the mxid_mapping of the event
 	if input.RoomVersion == RoomVersionPseudoIDs {
 		// validate the signature first
-		if err = validateMXIDMappingSignature(input.Context, event, input.Verifier, verImpl); err != nil {
+		mapping, err := getMXIDMapping(event)
+		if err != nil {
+			return nil, spec.BadJSON(err.Error())
+		}
+		if err = validateMXIDMappingSignatures(input.Context, event, *mapping, input.Verifier, verImpl); err != nil {
 			return nil, spec.Forbidden(err.Error())
 		}
 
-		mapping := MXIDMapping{}
-		err = json.Unmarshal([]byte(gjson.GetBytes(input.JoinEvent, "content.mxid_mapping").Raw), &mapping)
-		if err != nil {
-			return nil, err
-		}
 		// store the user room public key -> userID mapping
 		if err = input.StoreSenderIDFromPublicID(input.Context, mapping.UserRoomKey, mapping.UserID, input.RoomID); err != nil {
 			return nil, err

performjoin.go

@@ -304,20 +304,17 @@ func storeMXIDMappings(
 		if ev.Type() != spec.MRoomMember {
 			continue
 		}
-		mapping := MemberContent{}
-		if err := json.Unmarshal(ev.Content(), &mapping); err != nil {
+		mapping, err := getMXIDMapping(ev)
+		if err != nil {
 			return err
 		}
-		if mapping.MXIDMapping == nil {
-			continue
-		}
 		// we already validated it is a valid roomversion, so this should be safe to use.
 		verImpl := MustGetRoomVersion(ev.Version())
-		if err := validateMXIDMappingSignature(ctx, ev, keyRing, verImpl); err != nil {
+		if err := validateMXIDMappingSignatures(ctx, ev, *mapping, keyRing, verImpl); err != nil {
 			logrus.WithError(err).Error("invalid signature for mxid_mapping")
 			continue
 		}
-		if err := storeSenderID(ctx, ev.SenderID(), mapping.MXIDMapping.UserID, roomID); err != nil {
+		if err := storeSenderID(ctx, ev.SenderID(), mapping.UserID, roomID); err != nil {
 			return err
 		}
 	}