|
|
@ -334,8 +334,22 @@ Authorization of PDUs
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
|
|
Whenever a server receives an event from a remote server, the receiving server
|
|
|
|
Whenever a server receives an event from a remote server, the receiving server
|
|
|
|
must check that the event is allowed by the authorization rules. These rules
|
|
|
|
must ensure that the event:
|
|
|
|
depend on the state of the room at that event.
|
|
|
|
|
|
|
|
|
|
|
|
1. Is a valid event, otherwise it is dropped
|
|
|
|
|
|
|
|
2. Passes signature checks, otherwise it is dropped.
|
|
|
|
|
|
|
|
3. Passes hash checks, otherwise it is redacted before being processed
|
|
|
|
|
|
|
|
further.
|
|
|
|
|
|
|
|
4. Passes authorization rules based on the event's auth events, otherwise it
|
|
|
|
|
|
|
|
is rejected.
|
|
|
|
|
|
|
|
5. Passes authorization rules based on the state at the event, otherwise it
|
|
|
|
|
|
|
|
is rejected.
|
|
|
|
|
|
|
|
6. Passes auth rules based on the current state of the room, otherwise it
|
|
|
|
|
|
|
|
is "soft failed".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Further details of these checks, and how to handle failures, are described
|
|
|
|
|
|
|
|
below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Definitions
|
|
|
|
Definitions
|
|
|
|
+++++++++++
|
|
|
|
+++++++++++
|
|
|
|