@@ -2202,21 +2202,37 @@ def _update_auth_events_and_context_for_auth(
22022202 different_auth ,
22032203 )
22042204
2205- # now we state-resolve between our own idea of the auth events, and the remote's
2206- # idea of them.
2207-
2208- room_version = yield self .store .get_room_version (event .room_id )
2209-
22102205 # XXX: currently this checks for redactions but I'm not convinced that is
22112206 # necessary?
22122207 different_events = yield self .store .get_events_as_list (different_auth )
22132208
2214- local_view = dict (auth_events )
2215- remote_view = dict (auth_events )
2216- remote_view .update ({(d .type , d .state_key ): d for d in different_events })
2209+ for d in different_events :
2210+ if d .room_id != event .room_id :
2211+ logger .warning (
2212+ "Event %s refers to auth_event %s which is in a different room" ,
2213+ event .event_id ,
2214+ d .event_id ,
2215+ )
2216+
2217+ # don't attempt to resolve the claimed auth events against our own
2218+ # in this case: just use our own auth events.
2219+ #
2220+ # XXX: should we reject the event in this case? It feels like we should,
2221+ # but then shouldn't we also do so if we've failed to fetch any of the
2222+ # auth events?
2223+ return context
22172224
2225+ # now we state-resolve between our own idea of the auth events, and the remote's
2226+ # idea of them.
2227+
2228+ local_state = auth_events .values ()
2229+ remote_auth_events = dict (auth_events )
2230+ remote_auth_events .update ({(d .type , d .state_key ): d for d in different_events })
2231+ remote_state = remote_auth_events .values ()
2232+
2233+ room_version = yield self .store .get_room_version (event .room_id )
22182234 new_state = yield self .state_handler .resolve_events (
2219- room_version , [ list ( local_view . values ()), list ( remote_view . values ())] , event
2235+ room_version , ( local_state , remote_state ) , event
22202236 )
22212237
22222238 logger .info (
0 commit comments