From 073ebb051b84ead1be988c5dec03fb11ceddc356 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 29 Aug 2018 13:08:07 +0100 Subject: [PATCH 1/3] Spec third party invites in auth rules --- specification/server_server_api.rst | 37 +++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index e6e4625c..f2d14738 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -342,6 +342,7 @@ be inserted. The types of state events that affect authorization are: - ``m.room.member`` - ``m.room.join_rules`` - ``m.room.power_levels`` +- ``m.room.third_party_invite`` Servers should not create new events that reference unauthorized events. However, any event that does reference an unauthorized event is not itself @@ -393,7 +394,33 @@ The rules are as follows: #. If ``membership`` is ``invite``: - i. If the ``sender``'s current membership state is not ``join``, reject. + i. If ``content`` has ``third_party_invite`` key: + + #. Reject if *target user* is banned. + + #. Reject if ``content.third_party_invite`` does not have a + ``signed`` key. + + #. Reject if ``signed`` does not have ``mxid`` and ``token`` keys. + + #. Reject if ``mxid`` does not match ``state_key`` + + #. Reject if no ``m.room.third_party_invite`` event in + current state with ``state_key`` matching ``token``. + + #. Reject if ``sender`` does not match ``sender`` of third party + invite. + + #. If any signature in ``signed`` matches any public key in third + party invite, allow. The public keys are in ``content`` of + third party invite under: + + #. A single public key in ``public_key`` field + #. A list of public keys in ``public_keys`` field + + #. Otherwise, reject. + + #. If the ``sender``'s current membership state is not ``join``, reject. #. If *target user*'s current membership state is ``join`` or ``ban``, reject. @@ -433,6 +460,11 @@ The rules are as follows: #. If the ``sender``'s current membership state is not ``join``, reject. +#. If type is ``m.room.third_party_invite``: + + a. Allow if and only if ``sender``'s current power level is greater than + or equal to the *invite level*. + #. If the event type's *required power level* is greater than the ``sender``'s power level, reject. @@ -489,9 +521,6 @@ The rules are as follows: the kick *and* ban levels, *and* greater than the target user's power level. -.. TODO-spec - - I think there is some magic about 3pid invites too. Retrieving event authorization information ++++++++++++++++++++++++++++++++++++++++++ From 3c53e1910d87750ef1b8844298dc1e720aba6620 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 10:51:59 +0100 Subject: [PATCH 2/3] Fixup --- specification/server_server_api.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index f2d14738..a9c2b1fb 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -396,27 +396,27 @@ The rules are as follows: i. If ``content`` has ``third_party_invite`` key: - #. Reject if *target user* is banned. + #. If *target user* is banned, reject. - #. Reject if ``content.third_party_invite`` does not have a - ``signed`` key. + #. If ``content.third_party_invite`` does not have a + ``signed`` key, reject. - #. Reject if ``signed`` does not have ``mxid`` and ``token`` keys. + #. If ``signed`` does not have ``mxid`` and ``token`` keys, reject. - #. Reject if ``mxid`` does not match ``state_key`` + #. If ``mxid`` does not match ``state_key``, reject. - #. Reject if no ``m.room.third_party_invite`` event in - current state with ``state_key`` matching ``token``. + #. If no ``m.room.third_party_invite`` event in current state with + ``state_key`` matching ``token``, reject. - #. Reject if ``sender`` does not match ``sender`` of third party - invite. + #. If ``sender`` does not match ``sender`` of third party invite, + reject. - #. If any signature in ``signed`` matches any public key in third - party invite, allow. The public keys are in ``content`` of - third party invite under: + #. If any signature in ``signed`` matches any public key in the + ``m.room.third_party_invite``, allow. The public keys are in + ``content`` of ``m.room.third_party_invite`` as: - #. A single public key in ``public_key`` field - #. A list of public keys in ``public_keys`` field + #. A single public key in the ``public_key`` field. + #. A list of public keys in the ``public_keys`` field. #. Otherwise, reject. From a1aedb386a5ce8ca20bbc2bd79de35262306eb88 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 11:04:44 +0100 Subject: [PATCH 3/3] Actually use proper sentences like a proper adult --- specification/server_server_api.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index a9c2b1fb..c225874e 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -405,15 +405,15 @@ The rules are as follows: #. If ``mxid`` does not match ``state_key``, reject. - #. If no ``m.room.third_party_invite`` event in current state with - ``state_key`` matching ``token``, reject. + #. If there is no ``m.room.third_party_invite`` event in the + current room state with ``state_key`` matching ``token``, reject. - #. If ``sender`` does not match ``sender`` of third party invite, - reject. + #. If ``sender`` does not match ``sender`` of the + ``m.room.third_party_invite``, reject. #. If any signature in ``signed`` matches any public key in the - ``m.room.third_party_invite``, allow. The public keys are in - ``content`` of ``m.room.third_party_invite`` as: + ``m.room.third_party_invite`` event, allow. The public keys are + in ``content`` of ``m.room.third_party_invite`` as: #. A single public key in the ``public_key`` field. #. A list of public keys in the ``public_keys`` field.