Fix knock->leave transition in auth rules (#3694)

* Fix knock->leave transition in auth rules

This was an oversight from knocking being added.

For safety, this has been verified as at least intended by Synapse to work:
f5e2cde3f5/synapse/event_auth.py (L390-L391)

* changelog
pull/977/head
Travis Ralston 3 years ago committed by GitHub
parent 2cd2a7122c
commit 0f9eadd1a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1 @@
Fix auth rules to allow membership of `knock` -> `leave` in v7, v8, and v9.

@ -91,7 +91,8 @@ The rules are as follows:
5. Otherwise, reject.
5. If `membership` is `leave`:
1. If the `sender` matches `state_key`, allow if and only if
that user's current membership state is `invite` or `join`.
that user's current membership state is `invite`, `join`,
or `knock`.
2. If the `sender`'s current membership state is not `join`,
reject.
3. If the *target user*'s current membership state is `ban`,

@ -114,7 +114,8 @@ The rules are as follows:
5. Otherwise, reject.
4. If `membership` is `leave`:
1. If the `sender` matches `state_key`, allow if and only if
that user's current membership state is `invite` or `join`.
that user's current membership state is `invite`, `join`,
or `knock`.
2. If the `sender`'s current membership state is not `join`,
reject.
3. If the *target user*'s current membership state is `ban`,

Loading…
Cancel
Save