Fix knock->leave transition in auth rules (#3694)

* Fix knock->leave transition in auth rules This was an oversight from knocking being added. For safety, this has been verified as at least intended by Synapse to work: f5e2cde3f5/synapse/event_auth.py (L390-L391) * changelog
3 years ago · 0f9eadd1a1
parent 2cd2a7122c
commit 0f9eadd1a1
3 changed files with 5 additions and 2 deletions
--- a/changelogs/room_versions/newsfragments/3694.clarification
+++ b/changelogs/room_versions/newsfragments/3694.clarification
@ -0,0 +1 @@
+Fix auth rules to allow membership of `knock` -> `leave` in v7, v8, and v9.
--- a/content/rooms/fragments/v8-auth-rules.md
+++ b/content/rooms/fragments/v8-auth-rules.md
@ -91,7 +91,8 @@ The rules are as follows:
        5.  Otherwise, reject.
    5.  If `membership` is `leave`:
        1.  If the `sender` matches `state_key`, allow if and only if
-            that user's current membership state is `invite` or `join`.
+            that user's current membership state is `invite`, `join`,
+            or `knock`.
        2.  If the `sender`'s current membership state is not `join`,
            reject.
        3.  If the *target user*'s current membership state is `ban`,
--- a/content/rooms/v7.md
+++ b/content/rooms/v7.md
@ -114,7 +114,8 @@ The rules are as follows:
        5.  Otherwise, reject.
    4.  If `membership` is `leave`:
        1.  If the `sender` matches `state_key`, allow if and only if
-            that user's current membership state is `invite` or `join`.
+            that user's current membership state is `invite`, `join`,
+            or `knock`.
        2.  If the `sender`'s current membership state is not `join`,
            reject.
        3.  If the *target user*'s current membership state is `ban`,
				`@ -0,0 +1 @@`
				Fix auth rules to allow membership of `knock` -> `leave` in v7, v8, and v9.