Prefix the user+device state key if needed #4262
Conversation
AndrewFerr
force-pushed
the
af/prefix-state-key
branch
from
fa7bff2 to
ffd2442
Compare
No need to prefix it for rooms that use MSC3779. Otherwise, prefix it to bypass the auth rule for state events with keys starting with @.
Sonar typescript:S6594
Sonar typescript:S3358
AndrewFerr
force-pushed
the
af/prefix-state-key
branch
from
74910e4 to
3f7aec7
Compare
|
Test coverage on new code is 100%, so barring review changes, this PR is ready to go. |
| if (/^org\.matrix\.msc3779\b/.exec(this.room.getVersion())) { | ||
| return stateKey; | ||
| } else { | ||
| return `_${stateKey}`; | ||
| } |
There was a problem hiding this comment.
Ah nice preparing for the owned state events is a smart idea.
There was a problem hiding this comment.
Just to give background on this: We never use the state key to actually compute the state events.
Which is somewhat broken. In theory a proper state event has to use a spec conform key.
With our implementation this is not checked (we could in theory send multiple member events for one user for the same device by using random state keys.)
This is what allows to only update the part where we compute the membership.
We probably want to check if the state key is to spec before parsing a state event.
There was a problem hiding this comment.
Added an issue here to track this: #4265
No need to prefix it for rooms that use MSC3779.
Otherwise, prefix it to bypass the auth rule for state events with keys starting with @.
Signed-off-by: Andrew Ferrazzutti [email protected]
Checklist
public/exportedsymbols have accurate TSDoc documentation.