Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-02-15 02:23:42 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge fe6c97f498 into 2a3841347e

Browse source
This commit is contained in:
Tulir Asokan 2026-01-17 09:59:57 +01:00 committed by GitHub
parent 2a3841347e fe6c97f498
commit d858df22e8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 142 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/server_server/newsfragments/2284.clarification Normal file
View file

@ -0,0 +1 @@
Specified input validation for PDUs passed to federation membership endpoints.

17
data/api/server-server/invites-v1.yaml
View file

@ -172,6 +172,17 @@ paths:
} }
"400": "400":
description: |- description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `invite`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not a user ID on the receiving server.
Servers MUST apply the validation above to the invite event before
signing it regardless of room version.
The `M_MISSING_PARAM` error code is used to indicate one or more of The `M_MISSING_PARAM` error code is used to indicate one or more of
the following: the following:
@ -186,9 +197,9 @@ paths:
Servers MAY apply the validation above to room versions 1 through 11, Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions. and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
Client-Server API request, the Client-Server API request SHOULD fail is associated with a Client-Server API request, the Client-Server API
with a 5xx error rather than being passed through. request SHOULD fail with a 5xx error rather than being passed through.
content: content:
application/json: application/json:
schema: schema:

17
data/api/server-server/invites-v2.yaml
View file

@ -154,6 +154,17 @@ paths:
The error should be passed through to clients so that they The error should be passed through to clients so that they
may give better feedback to users. may give better feedback to users.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `invite`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not a user ID on the receiving server.
Servers MUST apply the validation above to the invite event before
signing it regardless of room version.
The `M_MISSING_PARAM` error code is used to indicate one or more of The `M_MISSING_PARAM` error code is used to indicate one or more of
the following: the following:
@ -168,9 +179,9 @@ paths:
Servers MAY apply the validation above to room versions 1 through 11, Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions. and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
Client-Server API request, the Client-Server API request SHOULD fail is associated with a Client-Server API request, the Client-Server API
with a 5xx error rather than being passed through. request SHOULD fail with a 5xx error rather than being passed through.
content: content:
application/json: application/json:
schema: schema:

39
data/api/server-server/joins-v1.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string type: string
- in: path - in: path
name: userId name: userId
description: The user ID the join event will be for. description: The user ID the join event will be for. This MUST be a user ID on the origin server.
required: true required: true
example: "@someone:example.org" example: "@someone:example.org"
schema: schema:
@ -388,6 +388,43 @@ paths:
} }
} }
] ]
"400":
description: |-
The request is invalid in some way.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `join`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the join event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a join event."
}
"403":
description: |-
The room that the joining server is attempting to join does not permit the user
to join.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_FORBIDDEN",
"error": "You are not invited to this room"
}
servers: servers:
- url: "{protocol}://{hostname}{basePath}" - url: "{protocol}://{hostname}{basePath}"
variables: variables:

10
data/api/server-server/joins-v2.yaml
View file

@ -247,6 +247,16 @@ paths:
The error should be passed through to clients so that they The error should be passed through to clients so that they
may give better feedback to users. may give better feedback to users.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `join`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the join event.
New in `v1.2`, the following error conditions might happen: New in `v1.2`, the following error conditions might happen:
If the room is [restricted](/client-server-api/#restricted-rooms) If the room is [restricted](/client-server-api/#restricted-rooms)

23
data/api/server-server/knocks.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string type: string
- in: path - in: path
name: userId name: userId
description: The user ID the knock event will be for. description: The user ID the knock event will be for. This MUST be a user ID on the origin server.
required: true required: true
example: "@someone:example.org" example: "@someone:example.org"
schema: schema:
@ -330,6 +330,27 @@ paths:
"$ref": "./examples/invite_or_knock_state.json" "$ref": "./examples/invite_or_knock_state.json"
} }
} }
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The knock event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `knock`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the knock event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a knock event."
}
"403": "403":
description: |- description: |-
The knocking server or user is not permitted to knock on the room, such as when the The knocking server or user is not permitted to knock on the room, such as when the

23
data/api/server-server/leaving-v1.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string type: string
- in: path - in: path
name: userId name: userId
description: The user ID the leave event will be for. description: The user ID the leave event will be for. This MUST be a user ID on the origin server.
required: true required: true
example: "@someone:example.org" example: "@someone:example.org"
schema: schema:
@ -249,6 +249,27 @@ paths:
200, 200,
{} {}
] ]
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `leave`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the leave event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a leave event."
}
servers: servers:
- url: "{protocol}://{hostname}{basePath}" - url: "{protocol}://{hostname}{basePath}"
variables: variables:

21
data/api/server-server/leaving-v2.yaml
View file

@ -134,6 +134,27 @@ paths:
examples: examples:
response: response:
value: {} value: {}
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `leave`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the leave event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a leave event."
}
servers: servers:
- url: "{protocol}://{hostname}{basePath}" - url: "{protocol}://{hostname}{basePath}"
variables: variables: