From d921b81c703d8845dc6ea5894880d47564e90a21 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 29 Aug 2018 14:17:52 +0100 Subject: [PATCH] Reject events with superfluous auth_events entries --- specification/server_server_api.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst index f2d14738..fb221357 100644 --- a/specification/server_server_api.rst +++ b/specification/server_server_api.rst @@ -365,6 +365,12 @@ The rules are as follows: c. Reject if ``content.room_version`` key is an unrecognized version d. Otherwise, allow. +#. Reject if event has ``auth_events`` that: + + a. have duplicate entries for a given ``type`` and ``state_key`` pair + #. have entries whose ``type`` and ``state_key`` don't match those + specified by the algorithm described previously. + #. Reject if event does not have a ``m.room.create`` in its ``auth_events`` #. If type is ``m.room.aliases``: