From 10587366e9eb831f36aadc8911a661a46a7895d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Commaille?=
 <76261501+zecakeh@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:00:32 +0100
Subject: [PATCH] =?UTF-8?q?For=20room=20versions=206=20and=207,=20clarify?=
 =?UTF-8?q?=20that=20events=20with=20rejected=20auth=20eve=E2=80=A6=20(#20?=
 =?UTF-8?q?65)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Other room versions were updated in #1103 and #1137, but not these ones.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
---
 .../newsfragments/2065.clarification           |  1 +
 content/rooms/v6.md                            | 18 ++++++++++++------
 content/rooms/v7.md                            | 18 ++++++++++++------
 3 files changed, 25 insertions(+), 12 deletions(-)
 create mode 100644 changelogs/room_versions/newsfragments/2065.clarification

diff --git a/changelogs/room_versions/newsfragments/2065.clarification b/changelogs/room_versions/newsfragments/2065.clarification
new file mode 100644
index 00000000..e7fc9f20
--- /dev/null
+++ b/changelogs/room_versions/newsfragments/2065.clarification
@@ -0,0 +1 @@
+For room versions 6 and 7, clarify in the authorization rules that `m.federate` must be checked and that events with rejected auth events must be rejected, for parity with all the other room versions.
diff --git a/content/rooms/v6.md b/content/rooms/v6.md
index b2a5f024..72007d97 100644
--- a/content/rooms/v6.md
+++ b/content/rooms/v6.md
@@ -88,14 +88,20 @@ The rules are as follows:
         version, reject.
     4.  If `content` has no `creator` property, reject.
     5.  Otherwise, allow.
-2.  Reject if event has `auth_events` that:
-    1.  have duplicate entries for a given `type` and `state_key` pair
-    2.  have entries whose `type` and `state_key` don't match those
+2.  Considering the event's `auth_events`:
+    1.  If there are duplicate entries for a given `type` and `state_key` pair,
+        reject.
+    2.  If there are entries whose `type` and `state_key` don't match those
         specified by the [auth events
         selection](/server-server-api#auth-events-selection)
-        algorithm described in the server specification.
-3.  If event does not have a `m.room.create` in its `auth_events`,
-    reject.
+        algorithm described in the server specification, reject.
+    3.  If there are entries which were themselves rejected under the [checks
+        performed on receipt of a
+        PDU](/server-server-api/#checks-performed-on-receipt-of-a-pdu), reject.
+    4. If there is no `m.room.create` event among the entries, reject.
+3. If the `content` of the `m.room.create` event in the room state has the
+   property `m.federate` set to `false`, and the `sender` domain of the event
+   does not match the `sender` domain of the create event, reject.
 4.  If type is `m.room.member`:
     1.  If there is no `state_key` property, or no `membership` property in
         `content`, reject.
diff --git a/content/rooms/v7.md b/content/rooms/v7.md
index 216646d3..ba711c55 100644
--- a/content/rooms/v7.md
+++ b/content/rooms/v7.md
@@ -74,14 +74,20 @@ The rules are as follows:
         version, reject.
     4.  If `content` has no `creator` property, reject.
     5.  Otherwise, allow.
-2.  Reject if event has `auth_events` that:
-    1.  have duplicate entries for a given `type` and `state_key` pair
-    2.  have entries whose `type` and `state_key` don't match those
+2.  Considering the event's `auth_events`:
+    1.  If there are duplicate entries for a given `type` and `state_key` pair,
+        reject.
+    2.  If there are entries whose `type` and `state_key` don't match those
         specified by the [auth events
         selection](/server-server-api#auth-events-selection)
-        algorithm described in the server specification.
-3.  If event does not have a `m.room.create` in its `auth_events`,
-    reject.
+        algorithm described in the server specification, reject.
+    3.  If there are entries which were themselves rejected under the [checks
+        performed on receipt of a
+        PDU](/server-server-api/#checks-performed-on-receipt-of-a-pdu), reject.
+    4. If there is no `m.room.create` event among the entries, reject.
+3. If the `content` of the `m.room.create` event in the room state has the
+   property `m.federate` set to `false`, and the `sender` domain of the event
+   does not match the `sender` domain of the create event, reject.
 4.  If type is `m.room.member`:
     1.  If there is no `state_key` property, or no `membership` property in
         `content`, reject.