Merge pull request #1592 from matrix-org/erikj/spec_3pid_ruls

Spec third party invites in auth rules
pull/977/head
Erik Johnston 6 years ago committed by GitHub
commit da3dd40e06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -358,6 +358,7 @@ be inserted. The types of state events that affect authorization are:
- ``m.room.member``
- ``m.room.join_rules``
- ``m.room.power_levels``
- ``m.room.third_party_invite``
Servers should not create new events that reference unauthorized events.
However, any event that does reference an unauthorized event is not itself
@ -412,7 +413,33 @@ The rules are as follows:
#. If ``membership`` is ``invite``:
i. If the ``sender``'s current membership state is not ``join``, reject.
i. If ``content`` has ``third_party_invite`` key:
#. If *target user* is banned, reject.
#. If ``content.third_party_invite`` does not have a
``signed`` key, reject.
#. If ``signed`` does not have ``mxid`` and ``token`` keys, reject.
#. If ``mxid`` does not match ``state_key``, reject.
#. If there is no ``m.room.third_party_invite`` event in the
current room state with ``state_key`` matching ``token``, reject.
#. If ``sender`` does not match ``sender`` of the
``m.room.third_party_invite``, reject.
#. If any signature in ``signed`` matches any public key in the
``m.room.third_party_invite`` event, allow. The public keys are
in ``content`` of ``m.room.third_party_invite`` as:
#. A single public key in the ``public_key`` field.
#. A list of public keys in the ``public_keys`` field.
#. Otherwise, reject.
#. If the ``sender``'s current membership state is not ``join``, reject.
#. If *target user*'s current membership state is ``join`` or ``ban``,
reject.
@ -452,6 +479,11 @@ The rules are as follows:
#. If the ``sender``'s current membership state is not ``join``, reject.
#. If type is ``m.room.third_party_invite``:
a. Allow if and only if ``sender``'s current power level is greater than
or equal to the *invite level*.
#. If the event type's *required power level* is greater than the ``sender``'s power
level, reject.
@ -508,9 +540,6 @@ The rules are as follows:
the kick *and* ban levels, *and* greater than the target user's power
level.
.. TODO-spec
I think there is some magic about 3pid invites too.
Retrieving event authorization information
++++++++++++++++++++++++++++++++++++++++++

Loading…
Cancel
Save