Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-26 13:04:10 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix references to "keys" and "fields" in the auth rules

Browse source 
Fixes #1112
This commit is contained in:
Richard van der Hoff 2022-10-04 18:00:24 +01:00
parent 66f0b52c27
commit 16f0ec9861
6 changed files with 42 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
content/rooms/fragments/v1-auth-rules.md
View file

@ -24,7 +24,7 @@ The rules are as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Considering the event's `auth_events`: 2. Considering the event's `auth_events`:
1. If there are duplicate entries for a given `type` and `state_key` pair, 1. If there are duplicate entries for a given `type` and `state_key` pair,
@ -57,11 +57,11 @@ The rules are as follows:
5. If the `join_rule` is `public`, allow. 5. If the `join_rule` is `public`, allow.
6. Otherwise, reject. 6. Otherwise, reject.
3. If `membership` is `invite`: 3. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has a `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -72,8 +72,8 @@ The rules are as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.

14
content/rooms/fragments/v3-auth-rules.md
View file

@ -6,7 +6,7 @@ toc_hide: true
signature from the domain of the `event_id` in order to be considered signature from the domain of the `event_id` in order to be considered
valid. This room version does not include an `event_id` over federation valid. This room version does not include an `event_id` over federation
in the same respect, so does not need a signature from that server. in the same respect, so does not need a signature from that server.
The event must still be signed by the server denoted by the `sender`, The event must still be signed by the server denoted by the `sender` property,
however. however.
The types of state events that affect authorization are: The types of state events that affect authorization are:
@ -31,7 +31,7 @@ The complete list of rules, as of room version 3, is as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Considering the event's `auth_events`: 2. Considering the event's `auth_events`:
1. If there are duplicate entries for a given `type` and `state_key` pair, 1. If there are duplicate entries for a given `type` and `state_key` pair,
@ -64,11 +64,11 @@ The complete list of rules, as of room version 3, is as follows:
5. If the `join_rule` is `public`, allow. 5. If the `join_rule` is `public`, allow.
6. Otherwise, reject. 6. Otherwise, reject.
3. If `membership` is `invite`: 3. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has a `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -79,8 +79,8 @@ The complete list of rules, as of room version 3, is as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.

17
content/rooms/fragments/v8-auth-rules.md
View file

@ -2,7 +2,7 @@
toc_hide: true toc_hide: true
--- ---
Events must be signed by the server denoted by the `sender` key. Events must be signed by the server denoted by the `sender` property.
`m.room.redaction` events are not explicitly part of the auth rules. `m.room.redaction` events are not explicitly part of the auth rules.
They are still subject to the minimum power level rules, but should always They are still subject to the minimum power level rules, but should always
@ -32,7 +32,7 @@ The rules are as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Considering the event's `auth_events`: 2. Considering the event's `auth_events`:
1. If there are duplicate entries for a given `type` and `state_key` pair, 1. If there are duplicate entries for a given `type` and `state_key` pair,
@ -51,8 +51,7 @@ The rules are as follows:
4. If type is `m.room.member`: 4. If type is `m.room.member`:
1. If there is no `state_key` property, or no `membership` property in 1. If there is no `state_key` property, or no `membership` property in
`content`, reject. `content`, reject.
2. If `content` has a `join_authorised_via_users_server` 2. If `content` has a `join_authorised_via_users_server` property:
key:
1. If the event is not validly signed by the homeserver of the user ID denoted 1. If the event is not validly signed by the homeserver of the user ID denoted
by the key, reject. by the key, reject.
3. If `membership` is `join`: 3. If `membership` is `join`:
@ -71,11 +70,11 @@ The rules are as follows:
6. If the `join_rule` is `public`, allow. 6. If the `join_rule` is `public`, allow.
7. Otherwise, reject. 7. Otherwise, reject.
4. If `membership` is `invite`: 4. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has a `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -86,8 +85,8 @@ The rules are as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.

14
content/rooms/v10.md
View file

@ -74,7 +74,7 @@ correctly structured are rejected under the authorization rules below.
### Authorization rules ### Authorization rules
Events must be signed by the server denoted by the `sender` key. Events must be signed by the server denoted by the `sender` property.
`m.room.redaction` events are not explicitly part of the auth rules. `m.room.redaction` events are not explicitly part of the auth rules.
They are still subject to the minimum power level rules, but should always They are still subject to the minimum power level rules, but should always
@ -104,7 +104,7 @@ The rules are as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Considering the event's `auth_events`: 2. Considering the event's `auth_events`:
1. If there are duplicate entries for a given `type` and `state_key` pair, 1. If there are duplicate entries for a given `type` and `state_key` pair,
@ -144,11 +144,11 @@ The rules are as follows:
6. If the `join_rule` is `public`, allow. 6. If the `join_rule` is `public`, allow.
7. Otherwise, reject. 7. Otherwise, reject.
4. If `membership` is `invite`: 4. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has a `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -159,8 +159,8 @@ The rules are as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.

14
content/rooms/v6.md
View file

@ -55,7 +55,7 @@ of type `m.room.power_levels` now include the content key `notifications`.
This new rule takes the place of rule 10.4, which checked the `events` and This new rule takes the place of rule 10.4, which checked the `events` and
`users` keys. `users` keys.
Events must be signed by the server denoted by the `sender` key. Events must be signed by the server denoted by the `sender` property.
The types of state events that affect authorization are: The types of state events that affect authorization are:
@ -79,7 +79,7 @@ The rules are as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Reject if event has `auth_events` that: 2. Reject if event has `auth_events` that:
1. have duplicate entries for a given `type` and `state_key` pair 1. have duplicate entries for a given `type` and `state_key` pair
@ -102,11 +102,11 @@ The rules are as follows:
5. If the `join_rule` is `public`, allow. 5. If the `join_rule` is `public`, allow.
6. Otherwise, reject. 6. Otherwise, reject.
3. If `membership` is `invite`: 3. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has a `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -117,8 +117,8 @@ The rules are as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.

14
content/rooms/v7.md
View file

@ -35,7 +35,7 @@ as do the versions v6 is based upon.
{{% added-in this=true %}} For checks performed upon `m.room.member` events, a {{% added-in this=true %}} For checks performed upon `m.room.member` events, a
new point for `membership=knock` is added. new point for `membership=knock` is added.
Events must be signed by the server denoted by the `sender` key. Events must be signed by the server denoted by the `sender` property.
`m.room.redaction` events are not explicitly part of the auth rules. `m.room.redaction` events are not explicitly part of the auth rules.
They are still subject to the minimum power level rules, but should always They are still subject to the minimum power level rules, but should always
@ -65,7 +65,7 @@ The rules are as follows:
`sender`, reject. `sender`, reject.
3. If `content.room_version` is present and is not a recognised 3. If `content.room_version` is present and is not a recognised
version, reject. version, reject.
4. If `content` has no `creator` field, reject. 4. If `content` has no `creator` property, reject.
5. Otherwise, allow. 5. Otherwise, allow.
2. Reject if event has `auth_events` that: 2. Reject if event has `auth_events` that:
1. have duplicate entries for a given `type` and `state_key` pair 1. have duplicate entries for a given `type` and `state_key` pair
@ -88,11 +88,11 @@ The rules are as follows:
5. If the `join_rule` is `public`, allow. 5. If the `join_rule` is `public`, allow.
6. Otherwise, reject. 6. Otherwise, reject.
3. If `membership` is `invite`: 3. If `membership` is `invite`:
1. If `content` has `third_party_invite` key: 1. If `content` has `third_party_invite` property:
1. If *target user* is banned, reject. 1. If *target user* is banned, reject.
2. If `content.third_party_invite` does not have a `signed` 2. If `content.third_party_invite` does not have a `signed`
key, reject. property, reject.
3. If `signed` does not have `mxid` and `token` keys, 3. If `signed` does not have `mxid` and `token` properties,
reject. reject.
4. If `mxid` does not match `state_key`, reject. 4. If `mxid` does not match `state_key`, reject.
5. If there is no `m.room.third_party_invite` event in the 5. If there is no `m.room.third_party_invite` event in the
@ -103,8 +103,8 @@ The rules are as follows:
7. If any signature in `signed` matches any public key in 7. If any signature in `signed` matches any public key in
the `m.room.third_party_invite` event, allow. The public the `m.room.third_party_invite` event, allow. The public
keys are in `content` of `m.room.third_party_invite` as: keys are in `content` of `m.room.third_party_invite` as:
1. A single public key in the `public_key` field. 1. A single public key in the `public_key` property.
2. A list of public keys in the `public_keys` field. 2. A list of public keys in the `public_keys` property.
8. Otherwise, reject. 8. Otherwise, reject.
2. If the `sender`'s current membership state is not `join`, 2. If the `sender`'s current membership state is not `join`,
reject. reject.