Room versions 8 and 9: Restricted rooms (#3387)

* Room versions 8 and 9: Restricted rooms MSCs: * https://github.com/matrix-org/matrix-doc/pull/3083 * https://github.com/matrix-org/matrix-doc/pull/3289 * https://github.com/matrix-org/matrix-doc/pull/3375 * Changelogs * Capitalization Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Remove verbiage for spaces because they don't exist * Iterations on text * Another clarification * Make error code descriptions consistent * Apply suggestions from code review Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Incorporate from merge * Misc language update per review * Update accuracy before splitting auth rules * fix wtf moment * Fix up v8 and v9 to match "fully specify room versions" * Scope auth events selection to room version * Apply consistency * Add changelogs * Review part 1 * Apply suggestions from code review Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Split out redaction sections * Clarify general case of join conditions Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2022-01-18 09:55:34 -07:00 · 2022-01-18 09:55:34 -07:00 · 6c4aabd053
commit 6c4aabd053
parent 3475ef62ab
22 changed files with 772 additions and 39 deletions
--- a/content/server-server-api.md
+++ b/content/server-server-api.md
@ -407,21 +407,25 @@ the sender permission to send the event. The `auth_events` for the
 `m.room.create` event in a room is empty; for other events, it should be
 the following subset of the room state:

-   The `m.room.create` event.
+- The `m.room.create` event.

-   The current `m.room.power_levels` event, if any.
+- The current `m.room.power_levels` event, if any.

-   The sender's current `m.room.member` event, if any.
+- The sender's current `m.room.member` event, if any.

-   If type is `m.room.member`:
+- If type is `m.room.member`:

-    -   The target's current `m.room.member` event, if any.
-    -   If `membership` is `join` or `invite`, the current
-        `m.room.join_rules` event, if any.
-    -   If membership is `invite` and `content` contains a
-        `third_party_invite` property, the current
-        `m.room.third_party_invite` event with `state_key` matching
-        `content.third_party_invite.signed.token`, if any.
+    - The target's current `m.room.member` event, if any.
+    - If `membership` is `join` or `invite`, the current
+      `m.room.join_rules` event, if any.
+    - If membership is `invite` and `content` contains a
+      `third_party_invite` property, the current
+      `m.room.third_party_invite` event with `state_key` matching
+      `content.third_party_invite.signed.token`, if any.
+    - If `content.join_authorised_via_users_server` is present,
+      and the [room version supports restricted rooms](/rooms/#feature-matrix),
+      then the `m.room.member` event with `state_key` matching
+      `content.join_authorised_via_users_server`.

 #### Rejection

@ -744,19 +748,47 @@ The joining server is expected to add or replace the `origin`,
 `origin_server_ts`, and `event_id` on the templated event received by
 the resident server. This event is then signed by the joining server.

-To complete the join handshake, the joining server must now submit this
-new event to a resident homeserver, by using the `PUT /send_join`
+To complete the join handshake, the joining server submits this new event
+to the resident server it used for `GET /make_join`, using the `PUT /send_join`
 endpoint.

-The resident homeserver then accepts this event into the room's event
-graph, and responds to the joining server with the full set of state for
-the newly-joined room. The resident server must also send the event to
-other servers participating in the room.
+The resident homeserver then adds its signature to this event and
+accepts it into the room's event graph. The joining server receives
+the full set of state for the newly-joined room as well as the freshly
+signed membership event. The resident server must also send the event
+to other servers participating in the room.

 {{% http-api spec="server-server" api="joins-v1" %}}

 {{% http-api spec="server-server" api="joins-v2" %}}

+### Restricted rooms
+
+Restricted rooms are described in detail in the
+[client-server API](/client-server-api/#restricted-rooms) and are available
+in room versions [which support restricted join rules](/rooms/#feature-matrix).
+
+A resident server processing a request to join a restricted room must
+ensure that the joining server satisfies at least one of the conditions
+specified by `m.room.join_rules`. If no conditions are available, or none
+match the required schema, then the joining server is considered to have
+failed all conditions.
+
+The resident server uses a 400 `M_UNABLE_TO_AUTHORISE_JOIN` error on
+`/make_join` and `/send_join` to denote that the resident server is unable
+to validate any of the conditions, usually because the resident server
+does not have state information about rooms required by the conditions.
+
+The resident server uses a 400 `M_UNABLE_TO_GRANT_JOIN` error on `/make_join`
+and `/send_join` to denote that the joining server should try a different
+server. This is typically because the resident server can see that the
+joining user satisfies one of the conditions, though the resident server
+would be unable to meet the auth rules governing `join_authorised_via_users_server`
+on the resulting `m.room.member` event.
+
+If the joining server fails all conditions then a 403 `M_FORBIDDEN` error
+is used by the resident server.
+
 ## Knocking upon a room

 Rooms can permit knocking through the join rules, and if permitted this