Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2025-12-27 11:28:38 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Specify basic validation for federation membership endpoints

Browse source 
Signed-off-by: Tulir Asokan <tulir@maunium.net>
This commit is contained in:
Tulir Asokan 2025-12-21 15:19:57 +02:00
parent 2f6867348f
commit fe6c97f498
8 changed files with 142 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/server_server/newsfragments/2284.clarification Normal file
View file

@ -0,0 +1 @@
Specified input validation for PDUs passed to federation membership endpoints.

17
data/api/server-server/invites-v1.yaml
View file

@ -172,6 +172,17 @@ paths:
}
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `invite`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not a user ID on the receiving server.
Servers MUST apply the validation above to the invite event before
signing it regardless of room version.
The `M_MISSING_PARAM` error code is used to indicate one or more of
the following:
@ -186,9 +197,9 @@ paths:
Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a
Client-Server API request, the Client-Server API request SHOULD fail
with a 5xx error rather than being passed through.
If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
is associated with a Client-Server API request, the Client-Server API
request SHOULD fail with a 5xx error rather than being passed through.
content:
application/json:
schema:

17
data/api/server-server/invites-v2.yaml
View file

@ -154,6 +154,17 @@ paths:
The error should be passed through to clients so that they
may give better feedback to users.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `invite`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not a user ID on the receiving server.
Servers MUST apply the validation above to the invite event before
signing it regardless of room version.
The `M_MISSING_PARAM` error code is used to indicate one or more of
the following:
@ -168,9 +179,9 @@ paths:
Servers MAY apply the validation above to room versions 1 through 11,
and SHOULD apply the validation above to all other room versions.
If `M_MISSING_PARAM` is returned and the request is associated with a
Client-Server API request, the Client-Server API request SHOULD fail
with a 5xx error rather than being passed through.
If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
is associated with a Client-Server API request, the Client-Server API
request SHOULD fail with a 5xx error rather than being passed through.
content:
application/json:
schema:

39
data/api/server-server/joins-v1.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string
- in: path
name: userId
description: The user ID the join event will be for.
description: The user ID the join event will be for. This MUST be a user ID on the origin server.
required: true
example: "@someone:example.org"
schema:
@ -388,6 +388,43 @@ paths:
}
}
]
"400":
description: |-
The request is invalid in some way.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `join`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the join event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a join event."
}
"403":
description: |-
The room that the joining server is attempting to join does not permit the user
to join.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_FORBIDDEN",
"error": "You are not invited to this room"
}
servers:
- url: "{protocol}://{hostname}{basePath}"
variables:

10
data/api/server-server/joins-v2.yaml
View file

@ -247,6 +247,16 @@ paths:
The error should be passed through to clients so that they
may give better feedback to users.
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `join`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the join event.
New in `v1.2`, the following error conditions might happen:
If the room is [restricted](/client-server-api/#restricted-rooms)

23
data/api/server-server/knocks.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string
- in: path
name: userId
description: The user ID the knock event will be for.
description: The user ID the knock event will be for. This MUST be a user ID on the origin server.
required: true
example: "@someone:example.org"
schema:
@ -330,6 +330,27 @@ paths:
"$ref": "./examples/invite_or_knock_state.json"
}
}
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The knock event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `knock`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the knock event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a knock event."
}
"403":
description: |-
The knocking server or user is not permitted to knock on the room, such as when the

23
data/api/server-server/leaving-v1.yaml
View file

@ -36,7 +36,7 @@ paths:
type: string
- in: path
name: userId
description: The user ID the leave event will be for.
description: The user ID the leave event will be for. This MUST be a user ID on the origin server.
required: true
example: "@someone:example.org"
schema:
@ -249,6 +249,27 @@ paths:
200,
{}
]
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `leave`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the leave event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a leave event."
}
servers:
- url: "{protocol}://{hostname}{basePath}"
variables:

21
data/api/server-server/leaving-v2.yaml
View file

@ -134,6 +134,27 @@ paths:
examples:
response:
value: {}
"400":
description: |-
The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
* The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
* The event type is not `m.room.member`.
* The `membership` field inside the event content is not `leave`.
* The event sender is not a user ID on the origin server.
* The `state_key` is not equal to the `sender`.
Servers MUST apply the validation above to the leave event.
content:
application/json:
schema:
$ref: ../client-server/definitions/errors/error.yaml
examples:
response:
value: {
"errcode": "M_INVALID_PARAM",
"error": "Not a leave event."
}
servers:
- url: "{protocol}://{hostname}{basePath}"
variables: