|
|
|
@ -32,10 +32,10 @@ as do the versions v6 is based upon.
|
|
|
|
|
|
|
|
|
|
### Authorization rules
|
|
|
|
|
|
|
|
|
|
{{% added-in this=true %}} For checks performed upon `m.room.member` events, a
|
|
|
|
|
{{< added-in this=true >}} For checks performed upon `m.room.member` events, a
|
|
|
|
|
new point for `membership=knock` is added.
|
|
|
|
|
|
|
|
|
|
Events must be signed by the server denoted by the `sender` key.
|
|
|
|
|
Events must be signed by the server denoted by the `sender` property.
|
|
|
|
|
|
|
|
|
|
`m.room.redaction` events are not explicitly part of the auth rules.
|
|
|
|
|
They are still subject to the minimum power level rules, but should always
|
|
|
|
@ -60,12 +60,12 @@ the default power level for users in the room.
|
|
|
|
|
The rules are as follows:
|
|
|
|
|
|
|
|
|
|
1. If type is `m.room.create`:
|
|
|
|
|
1. If it has any previous events, reject.
|
|
|
|
|
1. If it has any `prev_events`, reject.
|
|
|
|
|
2. If the domain of the `room_id` does not match the domain of the
|
|
|
|
|
`sender`, reject.
|
|
|
|
|
3. If `content.room_version` is present and is not a recognised
|
|
|
|
|
version, reject.
|
|
|
|
|
4. If `content` has no `creator` field, reject.
|
|
|
|
|
4. If `content` has no `creator` property, reject.
|
|
|
|
|
5. Otherwise, allow.
|
|
|
|
|
2. Reject if event has `auth_events` that:
|
|
|
|
|
1. have duplicate entries for a given `type` and `state_key` pair
|
|
|
|
@ -76,22 +76,24 @@ The rules are as follows:
|
|
|
|
|
3. If event does not have a `m.room.create` in its `auth_events`,
|
|
|
|
|
reject.
|
|
|
|
|
4. If type is `m.room.member`:
|
|
|
|
|
1. If no `state_key` key or `membership` key in `content`, reject.
|
|
|
|
|
1. If there is no `state_key` property, or no `membership` property in
|
|
|
|
|
`content`, reject.
|
|
|
|
|
2. If `membership` is `join`:
|
|
|
|
|
1. If the only previous event is an `m.room.create` and the
|
|
|
|
|
`state_key` is the creator, allow.
|
|
|
|
|
2. If the `sender` does not match `state_key`, reject.
|
|
|
|
|
3. If the `sender` is banned, reject.
|
|
|
|
|
4. If the `join_rule` is `invite` or `knock` then allow if
|
|
|
|
|
4. {{< changed-in this=true >}}
|
|
|
|
|
If the `join_rule` is `invite` or `knock` then allow if
|
|
|
|
|
membership state is `invite` or `join`.
|
|
|
|
|
5. If the `join_rule` is `public`, allow.
|
|
|
|
|
6. Otherwise, reject.
|
|
|
|
|
3. If `membership` is `invite`:
|
|
|
|
|
1. If `content` has `third_party_invite` key:
|
|
|
|
|
1. If `content` has `third_party_invite` property:
|
|
|
|
|
1. If *target user* is banned, reject.
|
|
|
|
|
2. If `content.third_party_invite` does not have a `signed`
|
|
|
|
|
key, reject.
|
|
|
|
|
3. If `signed` does not have `mxid` and `token` keys,
|
|
|
|
|
property, reject.
|
|
|
|
|
3. If `signed` does not have `mxid` and `token` properties,
|
|
|
|
|
reject.
|
|
|
|
|
4. If `mxid` does not match `state_key`, reject.
|
|
|
|
|
5. If there is no `m.room.third_party_invite` event in the
|
|
|
|
@ -102,8 +104,8 @@ The rules are as follows:
|
|
|
|
|
7. If any signature in `signed` matches any public key in
|
|
|
|
|
the `m.room.third_party_invite` event, allow. The public
|
|
|
|
|
keys are in `content` of `m.room.third_party_invite` as:
|
|
|
|
|
1. A single public key in the `public_key` field.
|
|
|
|
|
2. A list of public keys in the `public_keys` field.
|
|
|
|
|
1. A single public key in the `public_key` property.
|
|
|
|
|
2. A list of public keys in the `public_keys` property.
|
|
|
|
|
8. Otherwise, reject.
|
|
|
|
|
2. If the `sender`'s current membership state is not `join`,
|
|
|
|
|
reject.
|
|
|
|
@ -113,7 +115,8 @@ The rules are as follows:
|
|
|
|
|
the *invite level*, allow.
|
|
|
|
|
5. Otherwise, reject.
|
|
|
|
|
4. If `membership` is `leave`:
|
|
|
|
|
1. If the `sender` matches `state_key`, allow if and only if
|
|
|
|
|
1. {{< changed-in this=true >}}
|
|
|
|
|
If the `sender` matches `state_key`, allow if and only if
|
|
|
|
|
that user's current membership state is `invite`, `join`,
|
|
|
|
|
or `knock`.
|
|
|
|
|
2. If the `sender`'s current membership state is not `join`,
|
|
|
|
@ -132,7 +135,8 @@ The rules are as follows:
|
|
|
|
|
the *ban level*, and the *target user*'s power level is less
|
|
|
|
|
than the `sender`'s power level, allow.
|
|
|
|
|
3. Otherwise, reject.
|
|
|
|
|
6. If `membership` is `knock`:
|
|
|
|
|
6. {{< added-in this=true >}}
|
|
|
|
|
If `membership` is `knock`:
|
|
|
|
|
1. If the `join_rule` is anything other than `knock`, reject.
|
|
|
|
|
2. If `sender` does not match `state_key`, reject.
|
|
|
|
|
3. If the `sender`'s current membership is not `ban` or `join`, allow.
|
|
|
|
|