From 0b7b3bfcb0c2da63ef0eff799e83bbaf00ce40f0 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 29 Aug 2018 11:20:33 +0100 Subject: [PATCH 1/7] Reindent auth rules section RST expects sub lists to be indented by three or more spaces. By doing so we can then rely on `#.` for automatic numbering. --- specification/server_server_api.rst | 112 ++++++++++++++-------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index 9440f2f2..c67bea3d 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -359,100 +359,100 @@ The rules are as follows: 1. If type is ``m.room.create``, allow if and only if it has no previous events - *i.e.* it is the first event in the room. -2. If type is ``m.room.member``: +#. If type is ``m.room.member``: - a. If ``membership`` is ``join``: + a. If ``membership`` is ``join``: - i. If the only previous event is an ``m.room.create`` - and the ``state_key`` is the creator, allow. + i. If the only previous event is an ``m.room.create`` + and the ``state_key`` is the creator, allow. - #. If the ``sender`` does not match ``state_key``, reject. + #. If the ``sender`` does not match ``state_key``, reject. - #. If the user's current membership state is ``invite`` or ``join``, - allow. + #. If the user's current membership state is ``invite`` or ``join``, + allow. - #. If the ``join_rule`` is ``public``, allow. + #. If the ``join_rule`` is ``public``, allow. - #. Otherwise, reject. + #. Otherwise, reject. - b. If ``membership`` is ``invite``: + #. If ``membership`` is ``invite``: - i. If the ``sender``'s current membership state is not ``join``, reject. + i. If the ``sender``'s current membership state is not ``join``, reject. - #. If *target user*'s current membership state is ``join`` or ``ban``, - reject. + #. If *target user*'s current membership state is ``join`` or ``ban``, + reject. - #. If the ``sender``'s power level is greater than or equal to the *invite - level*, allow. + #. If the ``sender``'s power level is greater than or equal to the *invite + level*, allow. - #. Otherwise, reject. + #. Otherwise, reject. - c. If ``membership`` is ``leave``: + #. If ``membership`` is ``leave``: - i. If the ``sender`` matches ``state_key``, allow if and only if that user's - current membership state is ``invite`` or ``join``. + i. If the ``sender`` matches ``state_key``, allow if and only if that user's + current membership state is ``invite`` or ``join``. - #. If the ``sender``'s current membership state is not ``join``, reject. + #. If the ``sender``'s current membership state is not ``join``, reject. - #. If the *target user*'s current membership state is ``ban``, and the - ``sender``'s power level is less than the *ban level*, reject. + #. If the *target user*'s current membership state is ``ban``, and the + ``sender``'s power level is less than the *ban level*, reject. - #. If the ``sender``'s power level is greater than or equal to the *kick - level*, and the *target user*'s power level is less than the - ``sender``'s power level, allow. + #. If the ``sender``'s power level is greater than or equal to the *kick + level*, and the *target user*'s power level is less than the + ``sender``'s power level, allow. - #. Otherwise, reject. + #. Otherwise, reject. - d. If ``membership`` is ``ban``: + #. If ``membership`` is ``ban``: - i. If the ``sender``'s current membership state is not ``join``, reject. + i. If the ``sender``'s current membership state is not ``join``, reject. - #. If the ``sender``'s power level is greater than or equal to the *ban - level*, and the *target user*'s power level is less than the - ``sender``'s power level, allow. + #. If the ``sender``'s power level is greater than or equal to the *ban + level*, and the *target user*'s power level is less than the + ``sender``'s power level, allow. - #. Otherwise, reject. + #. Otherwise, reject. - e. Otherwise, the membership is unknown. Reject. + #. Otherwise, the membership is unknown. Reject. -3. If the ``sender``'s current membership state is not ``join``, reject. +#. If the ``sender``'s current membership state is not ``join``, reject. -4. If the event type's *required power level* is greater than the ``sender``'s power +#. If the event type's *required power level* is greater than the ``sender``'s power level, reject. -5. If type is ``m.room.power_levels``: +#. If type is ``m.room.power_levels``: - a. If there is no previous ``m.room.power_levels`` event in the room, allow. + a. If there is no previous ``m.room.power_levels`` event in the room, allow. - b. For each of the keys ``users_default``, ``events_default``, - ``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as - each entry being changed under the ``events`` or ``users`` keys: + #. For each of the keys ``users_default``, ``events_default``, + ``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as + each entry being changed under the ``events`` or ``users`` keys: - i. If the current value is higher than the ``sender``'s current power level, - reject. + i. If the current value is higher than the ``sender``'s current power level, + reject. - #. If the new value is higher than the ``sender``'s current power level, - reject. + #. If the new value is higher than the ``sender``'s current power level, + reject. - c. For each entry being changed under the ``users`` key, other than the - ``sender``'s own entry: + #. For each entry being changed under the ``users`` key, other than the + ``sender``'s own entry: - i. If the current value is equal to the ``sender``'s current power level, - reject. + i. If the current value is equal to the ``sender``'s current power level, + reject. - d. Otherwise, allow. + #. Otherwise, allow. -6. If type is ``m.room.redaction``: +#. If type is ``m.room.redaction``: - a. If the ``sender``'s power level is greater than or equal to the *redact - level*, allow. + a. If the ``sender``'s power level is greater than or equal to the *redact + level*, allow. - #. If the ``sender`` of the event being redacted is the same as the - ``sender`` of the ``m.room.redaction``, allow. + #. If the ``sender`` of the event being redacted is the same as the + ``sender`` of the ``m.room.redaction``, allow. - #. Otherwise, reject. + #. Otherwise, reject. -7. Otherwise, allow. +#. Otherwise, allow. .. NOTE:: From 86b5486445cbe5fc8d7092b2aba30486850da9a8 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 29 Aug 2018 11:32:14 +0100 Subject: [PATCH 2/7] Add missing clauses to and fix authorization rules They are still missing third party invites. --- specification/server_server_api.rst | 39 +++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index c67bea3d..e6e4625c 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -356,20 +356,36 @@ the state of the room. The rules are as follows: -1. If type is ``m.room.create``, allow if and only if it has no - previous events - *i.e.* it is the first event in the room. +1. If type is ``m.room.create``: + + a. Reject if it has any previous events + b. Reject if the domain of the ``room_id`` does not match the domain of the + ``sender``. + c. Reject if ``content.room_version`` key is an unrecognized version + d. Otherwise, allow. + +#. Reject if event does not have a ``m.room.create`` in its ``auth_events`` + +#. If type is ``m.room.aliases``: + + a. Reject if event has no ``state_key`` + b. Allow if and only if sender's domain matches ``state_key`` #. If type is ``m.room.member``: - a. If ``membership`` is ``join``: + a. Reject if no ``state_key`` key or ``membership`` key in ``content``. + + #. If ``membership`` is ``join``: i. If the only previous event is an ``m.room.create`` and the ``state_key`` is the creator, allow. #. If the ``sender`` does not match ``state_key``, reject. - #. If the user's current membership state is ``invite`` or ``join``, - allow. + #. If the ``sender`` is banned, reject. + + #. If the ``join_rule`` is ``invite`` then allow if membership state + is ``invite`` or ``join``. #. If the ``join_rule`` is ``public``, allow. @@ -420,9 +436,16 @@ The rules are as follows: #. If the event type's *required power level* is greater than the ``sender``'s power level, reject. +#. If the event has a ``state_key`` that starts with an ``@`` and does not match + the ``sender``, reject. + #. If type is ``m.room.power_levels``: - a. If there is no previous ``m.room.power_levels`` event in the room, allow. + a. If ``users`` key in ``content`` is not a dictionary with keys that are + valid user IDs with values that are integers (or a string that is an + integer), reject. + + #. If there is no previous ``m.room.power_levels`` event in the room, allow. #. For each of the keys ``users_default``, ``events_default``, ``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as @@ -447,8 +470,8 @@ The rules are as follows: a. If the ``sender``'s power level is greater than or equal to the *redact level*, allow. - #. If the ``sender`` of the event being redacted is the same as the - ``sender`` of the ``m.room.redaction``, allow. + #. If the domain of the ``event_id`` of the event being redacted is the same + as the domain of the ``event_id`` of the ``m.room.redaction``, allow. #. Otherwise, reject. From 6c8a45c165f72884bfc53a90566d77c495529ee0 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 09:57:00 +0100 Subject: [PATCH 3/7] Full stops --- specification/server_server_api.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index e6e4625c..a69273eb 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -358,18 +358,18 @@ The rules are as follows: 1. If type is ``m.room.create``: - a. Reject if it has any previous events + a. Reject if it has any previous events. b. Reject if the domain of the ``room_id`` does not match the domain of the ``sender``. - c. Reject if ``content.room_version`` key is an unrecognized version + c. Reject if ``content.room_version`` key is an unrecognized version. d. Otherwise, allow. -#. Reject if event does not have a ``m.room.create`` in its ``auth_events`` +#. Reject if event does not have a ``m.room.create`` in its ``auth_events``. #. If type is ``m.room.aliases``: - a. Reject if event has no ``state_key`` - b. Allow if and only if sender's domain matches ``state_key`` + a. Reject if event has no ``state_key``. + b. Allow if and only if sender's domain matches ``state_key``. #. If type is ``m.room.member``: From f3aea32a243c04e79f52304273ab0050ed967872 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 09:59:45 +0100 Subject: [PATCH 4/7] Be consistent with 'If..., reject' --- specification/server_server_api.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index a69273eb..a72f5dc6 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -358,22 +358,23 @@ The rules are as follows: 1. If type is ``m.room.create``: - a. Reject if it has any previous events. - b. Reject if the domain of the ``room_id`` does not match the domain of the - ``sender``. - c. Reject if ``content.room_version`` key is an unrecognized version. + a. If it has any previous events, reject. + b. If the domain of the ``room_id`` does not match the domain of the + ``sender``, reject. + c. If ``content.room_version`` key is an unrecognised version, reject. d. Otherwise, allow. -#. Reject if event does not have a ``m.room.create`` in its ``auth_events``. +#. If event does not have a ``m.room.create`` in its ``auth_events``, reject. #. If type is ``m.room.aliases``: - a. Reject if event has no ``state_key``. - b. Allow if and only if sender's domain matches ``state_key``. + a. If event has no ``state_key``, reject + b. If sender's domain doesn't matches ``state_key``, reject. + c. Otherwise, allow. #. If type is ``m.room.member``: - a. Reject if no ``state_key`` key or ``membership`` key in ``content``. + a. If no ``state_key`` key or ``membership`` key in ``content``, reject. #. If ``membership`` is ``join``: From f4706c888986e3e20aa9c4a7b4a3bd77d8812c4b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 10:06:26 +0100 Subject: [PATCH 5/7] Require creator field --- specification/server_server_api.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index a72f5dc6..54b6e07c 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -362,7 +362,8 @@ The rules are as follows: b. If the domain of the ``room_id`` does not match the domain of the ``sender``, reject. c. If ``content.room_version`` key is an unrecognised version, reject. - d. Otherwise, allow. + d. If ``content`` has no ``creator`` field, reject. + e. Otherwise, allow. #. If event does not have a ``m.room.create`` in its ``auth_events``, reject. From 59f86ec8f2a3b7b07b742ccf5706b44d30c65767 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 10:07:53 +0100 Subject: [PATCH 6/7] Reindent as RST requires sublists to be three spaces --- specification/server_server_api.rst | 128 ++++++++++++++-------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index 54b6e07c..b82901be 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -358,80 +358,80 @@ The rules are as follows: 1. If type is ``m.room.create``: - a. If it has any previous events, reject. - b. If the domain of the ``room_id`` does not match the domain of the - ``sender``, reject. - c. If ``content.room_version`` key is an unrecognised version, reject. - d. If ``content`` has no ``creator`` field, reject. - e. Otherwise, allow. + a. If it has any previous events, reject. + b. If the domain of the ``room_id`` does not match the domain of the + ``sender``, reject. + c. If ``content.room_version`` key is an unrecognised version, reject. + d. If ``content`` has no ``creator`` field, reject. + e. Otherwise, allow. #. If event does not have a ``m.room.create`` in its ``auth_events``, reject. #. If type is ``m.room.aliases``: - a. If event has no ``state_key``, reject - b. If sender's domain doesn't matches ``state_key``, reject. - c. Otherwise, allow. + a. If event has no ``state_key``, reject + b. If sender's domain doesn't matches ``state_key``, reject. + c. Otherwise, allow. #. If type is ``m.room.member``: - a. If no ``state_key`` key or ``membership`` key in ``content``, reject. + a. If no ``state_key`` key or ``membership`` key in ``content``, reject. - #. If ``membership`` is ``join``: + #. If ``membership`` is ``join``: - i. If the only previous event is an ``m.room.create`` - and the ``state_key`` is the creator, allow. + i. If the only previous event is an ``m.room.create`` + and the ``state_key`` is the creator, allow. - #. If the ``sender`` does not match ``state_key``, reject. + #. If the ``sender`` does not match ``state_key``, reject. - #. If the ``sender`` is banned, reject. + #. If the ``sender`` is banned, reject. - #. If the ``join_rule`` is ``invite`` then allow if membership state - is ``invite`` or ``join``. + #. If the ``join_rule`` is ``invite`` then allow if membership state + is ``invite`` or ``join``. - #. If the ``join_rule`` is ``public``, allow. + #. If the ``join_rule`` is ``public``, allow. - #. Otherwise, reject. + #. Otherwise, reject. - #. If ``membership`` is ``invite``: + #. If ``membership`` is ``invite``: - i. If the ``sender``'s current membership state is not ``join``, reject. + i. If the ``sender``'s current membership state is not ``join``, reject. - #. If *target user*'s current membership state is ``join`` or ``ban``, - reject. + #. If *target user*'s current membership state is ``join`` or ``ban``, + reject. - #. If the ``sender``'s power level is greater than or equal to the *invite - level*, allow. + #. If the ``sender``'s power level is greater than or equal to the *invite + level*, allow. - #. Otherwise, reject. + #. Otherwise, reject. - #. If ``membership`` is ``leave``: + #. If ``membership`` is ``leave``: - i. If the ``sender`` matches ``state_key``, allow if and only if that user's - current membership state is ``invite`` or ``join``. + i. If the ``sender`` matches ``state_key``, allow if and only if that user's + current membership state is ``invite`` or ``join``. - #. If the ``sender``'s current membership state is not ``join``, reject. + #. If the ``sender``'s current membership state is not ``join``, reject. - #. If the *target user*'s current membership state is ``ban``, and the - ``sender``'s power level is less than the *ban level*, reject. + #. If the *target user*'s current membership state is ``ban``, and the + ``sender``'s power level is less than the *ban level*, reject. - #. If the ``sender``'s power level is greater than or equal to the *kick - level*, and the *target user*'s power level is less than the - ``sender``'s power level, allow. + #. If the ``sender``'s power level is greater than or equal to the *kick + level*, and the *target user*'s power level is less than the + ``sender``'s power level, allow. - #. Otherwise, reject. + #. Otherwise, reject. - #. If ``membership`` is ``ban``: + #. If ``membership`` is ``ban``: - i. If the ``sender``'s current membership state is not ``join``, reject. + i. If the ``sender``'s current membership state is not ``join``, reject. - #. If the ``sender``'s power level is greater than or equal to the *ban - level*, and the *target user*'s power level is less than the - ``sender``'s power level, allow. + #. If the ``sender``'s power level is greater than or equal to the *ban + level*, and the *target user*'s power level is less than the + ``sender``'s power level, allow. - #. Otherwise, reject. + #. Otherwise, reject. - #. Otherwise, the membership is unknown. Reject. + #. Otherwise, the membership is unknown. Reject. #. If the ``sender``'s current membership state is not ``join``, reject. @@ -443,39 +443,39 @@ The rules are as follows: #. If type is ``m.room.power_levels``: - a. If ``users`` key in ``content`` is not a dictionary with keys that are - valid user IDs with values that are integers (or a string that is an - integer), reject. + a. If ``users`` key in ``content`` is not a dictionary with keys that are + valid user IDs with values that are integers (or a string that is an + integer), reject. - #. If there is no previous ``m.room.power_levels`` event in the room, allow. + #. If there is no previous ``m.room.power_levels`` event in the room, allow. - #. For each of the keys ``users_default``, ``events_default``, - ``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as - each entry being changed under the ``events`` or ``users`` keys: + #. For each of the keys ``users_default``, ``events_default``, + ``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as + each entry being changed under the ``events`` or ``users`` keys: - i. If the current value is higher than the ``sender``'s current power level, - reject. + i. If the current value is higher than the ``sender``'s current power level, + reject. - #. If the new value is higher than the ``sender``'s current power level, - reject. + #. If the new value is higher than the ``sender``'s current power level, + reject. - #. For each entry being changed under the ``users`` key, other than the - ``sender``'s own entry: + #. For each entry being changed under the ``users`` key, other than the + ``sender``'s own entry: - i. If the current value is equal to the ``sender``'s current power level, - reject. + i. If the current value is equal to the ``sender``'s current power level, + reject. - #. Otherwise, allow. + #. Otherwise, allow. #. If type is ``m.room.redaction``: - a. If the ``sender``'s power level is greater than or equal to the *redact - level*, allow. + a. If the ``sender``'s power level is greater than or equal to the *redact + level*, allow. - #. If the domain of the ``event_id`` of the event being redacted is the same - as the domain of the ``event_id`` of the ``m.room.redaction``, allow. + #. If the domain of the ``event_id`` of the event being redacted is the same + as the domain of the ``event_id`` of the ``m.room.redaction``, allow. - #. Otherwise, reject. + #. Otherwise, reject. #. Otherwise, allow. From d63184ebacc9ff16a620152fb9b057405fd91326 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 31 Aug 2018 10:59:42 +0100 Subject: [PATCH 7/7] Fixup --- specification/server_server_api.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index b82901be..4b099e11 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -361,7 +361,8 @@ The rules are as follows: a. If it has any previous events, reject. b. If the domain of the ``room_id`` does not match the domain of the ``sender``, reject. - c. If ``content.room_version`` key is an unrecognised version, reject. + c. If ``content.room_version`` is present and is not a recognised version, + reject. d. If ``content`` has no ``creator`` field, reject. e. Otherwise, allow. @@ -369,7 +370,7 @@ The rules are as follows: #. If type is ``m.room.aliases``: - a. If event has no ``state_key``, reject + a. If event has no ``state_key``, reject. b. If sender's domain doesn't matches ``state_key``, reject. c. Otherwise, allow.