From c297c6a35d831f52e0518952725c0992858219e1 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Tue, 28 Aug 2018 13:06:52 -0600
Subject: [PATCH] Update schemas and auth rules to cover the @ state key
 restriction

Fixes https://github.com/matrix-org/matrix-doc/issues/1305

Also fixes an issue regarding the `_` being restricted previously, which is false.
---
 event-schemas/schema/core-event-schema/state_event.yaml | 6 +++++-
 event-schemas/schema/m.room.member                      | 5 ++++-
 specification/server_server_api.rst                     | 5 ++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/event-schemas/schema/core-event-schema/state_event.yaml b/event-schemas/schema/core-event-schema/state_event.yaml
index 020e9087a..71c4137b7 100644
--- a/event-schemas/schema/core-event-schema/state_event.yaml
+++ b/event-schemas/schema/core-event-schema/state_event.yaml
@@ -11,7 +11,11 @@ properties:
   state_key:
     description: A unique key which defines the overwriting semantics for this piece
       of room state. This value is often a zero-length string. The presence of this
-      key makes this event a State Event. The key MUST NOT start with '_'.
+      key makes this event a State Event. 
+
+      State keys starting with an ``@`` are reserved for referencing user IDs, such
+      as room members. With the exception of a few events, state events set with a
+      given user's ID as the state key MUST only be set by that user.
     type: string
 required:
 - state_key
diff --git a/event-schemas/schema/m.room.member b/event-schemas/schema/m.room.member
index 5fb5356d8..de14644d4 100644
--- a/event-schemas/schema/m.room.member
+++ b/event-schemas/schema/m.room.member
@@ -105,7 +105,10 @@ properties:
     title: EventContent
     type: object
   state_key:
-    description: The ``user_id`` this membership event relates to.
+    description: |-
+      The ``user_id`` this membership event relates to. In all cases except for when ``membership`` is
+      ``join``, the user ID sending the event does not need to match the user ID in the ``state_key``,
+      unlike other events. Regular authorisation rules still apply.
     type: string
   type:
     enum:
diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst
index 439b35f90..a66f249c6 100644
--- a/specification/server_server_api.rst
+++ b/specification/server_server_api.rst
@@ -450,7 +450,10 @@ The rules are as follows:
 
   #. Otherwise, reject.
 
-7. Otherwise, allow.
+7. If the ``state_key`` starts with ``@`` and the ``state_key`` does not match
+   the ``sender``, reject.
+
+8. Otherwise, allow.
 
 .. NOTE::