-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't specify an invalid "join_authorised_via_users_server"
key for a test that doesn't require it
#224
Conversation
… a test that doesn't require it This breaks the signature checks in gomatrixserverlib/dendrite, because we expect the `"join_authorised_via_users_server"` key to be well-formed so we can extract the server name.
I'm unsure about this change, it was added in #208 as a regression test against something which was actually happening in the wild (clients were including that additional field when changing nicknames for rooms). I think for the test to be accurate it really needs the field to be included, not just missing -- although we might actually want to test both situations. Changing the value so it can be parsed (instead of the wrong form) is likely OK, but shouldn't gomatrixserverlib bet treating this as "untrusted data" and not assuming it is well-formed? |
gomatrixserverlib can only require the extra signature from the authorising server in the event auth if it can parse the server name from that field. If we fail to parse then we can’t add the second “needed” server name for the signature checking, which would result in the event possibly passing the signature checks when it otherwise shouldn’t. The https://github.com/matrix-org/gomatrixserverlib/blob/master/eventcrypto.go#L85-L96 |
This test-case is testing that the extra signature isn't needed since it is a join -> join transition. |
I am guessing then that Synapse needs to tangle the signature checking and event auth checks together for this to work? That is not how gomatrixserverlib works (Dendrite and GMSL on the whole are much more compartmentalised out of necessity) and this is obviously why things are ending up so difficult to implement. |
I think what is missing here is that Synapse strips any I think it is necessary though for |
I brought this up on the spec PR: matrix-org/matrix-spec-proposals#3387. |
So what's the status of this PR? Is it good and should be merged or does it test something we don't allow? |
I believe this PR is weakening a test that will likely cause Dendrite (and other homeservers) to break under the same conditions that Synapse did. |
Closing this for now then. |
This breaks the signature checks in gomatrixserverlib/dendrite, because we expect the
"join_authorised_via_users_server"
key to be well-formed so we can extract the server name.