PDU Sender split (#3100)

Initial cut of splitting PDU Sender into SenderID & looking up UserID where required.
author: devonh <devon.dmytro@gmail.com> 2023-06-06 20:55:18 +0000
committer: GitHub <noreply@github.com> 2023-06-06 20:55:18 +0000
commit: 7a1fd7f512ce06a472a2051ee63eae4a270eb71a (patch)
tree: 20128b0d3f7c69dd776aa7b2b9bc3194dda7dd75 /internal
parent: 725ff5567d2a3bc9992b065e72ccabefb595ec1c (diff)
4 files changed, 33 insertions, 12 deletions
diff --git a/internal/pushrules/evaluate.go b/internal/pushrules/evaluate.go
index 7c98efd3..da33d386 100644
--- a/internal/pushrules/evaluate.go
+++ b/internal/pushrules/evaluate.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/spec"
 )
 
 // A RuleSetEvaluator encapsulates context to evaluate an event
@@ -53,7 +54,7 @@ func NewRuleSetEvaluator(ec EvaluationContext, ruleSet *RuleSet) *RuleSetEvaluat
 
 // MatchEvent returns the first matching rule. Returns nil if there
 // was no match rule.
-func (rse *RuleSetEvaluator) MatchEvent(event gomatrixserverlib.PDU) (*Rule, error) {
+func (rse *RuleSetEvaluator) MatchEvent(event gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) (*Rule, error) {
 	// TODO: server-default rules have lower priority than user rules,
 	// but they are stored together with the user rules. It's a bit
 	// unclear what the specification (11.14.1.4 Predefined rules)
@@ -68,7 +69,7 @@ func (rse *RuleSetEvaluator) MatchEvent(event gomatrixserverlib.PDU) (*Rule, err
 				if rule.Default != defRules {
 					continue
 				}
-				ok, err := ruleMatches(rule, rsat.Kind, event, rse.ec)
+				ok, err := ruleMatches(rule, rsat.Kind, event, rse.ec, userIDForSender)
 				if err != nil {
 					return nil, err
 				}
@@ -83,7 +84,7 @@ func (rse *RuleSetEvaluator) MatchEvent(event gomatrixserverlib.PDU) (*Rule, err
 	return nil, nil
 }
 
-func ruleMatches(rule *Rule, kind Kind, event gomatrixserverlib.PDU, ec EvaluationContext) (bool, error) {
+func ruleMatches(rule *Rule, kind Kind, event gomatrixserverlib.PDU, ec EvaluationContext, userIDForSender spec.UserIDForSender) (bool, error) {
 	if !rule.Enabled {
 		return false, nil
 	}
@@ -113,7 +114,12 @@ func ruleMatches(rule *Rule, kind Kind, event gomatrixserverlib.PDU, ec Evaluati
 		return rule.RuleID == event.RoomID(), nil
 
 	case SenderKind:
-		return rule.RuleID == event.Sender(), nil
+		userID := ""
+		sender, err := userIDForSender(event.RoomID(), event.SenderID())
+		if err == nil {
+			userID = sender.String()
+		}
+		return rule.RuleID == userID, nil
 
 	default:
 		return false, nil
@@ -143,7 +149,7 @@ func conditionMatches(cond *Condition, event gomatrixserverlib.PDU, ec Evaluatio
 		return cmp(n), nil
 
 	case SenderNotificationPermissionCondition:
-		return ec.HasPowerLevel(event.Sender(), cond.Key)
+		return ec.HasPowerLevel(event.SenderID(), cond.Key)
 
 	default:
 		return false, nil
diff --git a/internal/pushrules/evaluate_test.go b/internal/pushrules/evaluate_test.go
index 5045a864..34c1436f 100644
--- a/internal/pushrules/evaluate_test.go
+++ b/internal/pushrules/evaluate_test.go
@@ -5,8 +5,13 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/spec"
 )
 
+func UserIDForSender(roomID string, senderID string) (*spec.UserID, error) {
+	return spec.NewUserID(senderID, true)
+}
+
 func TestRuleSetEvaluatorMatchEvent(t *testing.T) {
 	ev := mustEventFromJSON(t, `{}`)
 	defaultEnabled := &Rule{
@@ -45,7 +50,7 @@ func TestRuleSetEvaluatorMatchEvent(t *testing.T) {
 	for _, tst := range tsts {
 		t.Run(tst.Name, func(t *testing.T) {
 			rse := NewRuleSetEvaluator(fakeEvaluationContext{3}, &tst.RuleSet)
-			got, err := rse.MatchEvent(tst.Event)
+			got, err := rse.MatchEvent(tst.Event, UserIDForSender)
 			if err != nil {
 				t.Fatalf("MatchEvent failed: %v", err)
 			}
@@ -82,15 +87,15 @@ func TestRuleMatches(t *testing.T) {
 		{"contentMatch", ContentKind, Rule{Enabled: true, Pattern: pointer("b")}, `{"content":{"body":"abc"}}`, true},
 		{"contentNoMatch", ContentKind, Rule{Enabled: true, Pattern: pointer("d")}, `{"content":{"body":"abc"}}`, false},
 
-		{"roomMatch", RoomKind, Rule{Enabled: true, RuleID: "!room@example.com"}, `{"room_id":"!room@example.com"}`, true},
-		{"roomNoMatch", RoomKind, Rule{Enabled: true, RuleID: "!room@example.com"}, `{"room_id":"!otherroom@example.com"}`, false},
+		{"roomMatch", RoomKind, Rule{Enabled: true, RuleID: "!room:example.com"}, `{"room_id":"!room:example.com"}`, true},
+		{"roomNoMatch", RoomKind, Rule{Enabled: true, RuleID: "!room:example.com"}, `{"room_id":"!otherroom:example.com"}`, false},
 
-		{"senderMatch", SenderKind, Rule{Enabled: true, RuleID: "@user@example.com"}, `{"sender":"@user@example.com"}`, true},
-		{"senderNoMatch", SenderKind, Rule{Enabled: true, RuleID: "@user@example.com"}, `{"sender":"@otheruser@example.com"}`, false},
+		{"senderMatch", SenderKind, Rule{Enabled: true, RuleID: "@user:example.com"}, `{"sender":"@user:example.com"}`, true},
+		{"senderNoMatch", SenderKind, Rule{Enabled: true, RuleID: "@user:example.com"}, `{"sender":"@otheruser:example.com"}`, false},
 	}
 	for _, tst := range tsts {
 		t.Run(tst.Name, func(t *testing.T) {
-			got, err := ruleMatches(&tst.Rule, tst.Kind, mustEventFromJSON(t, tst.EventJSON), nil)
+			got, err := ruleMatches(&tst.Rule, tst.Kind, mustEventFromJSON(t, tst.EventJSON), nil, UserIDForSender)
 			if err != nil {
 				t.Fatalf("ruleMatches failed: %v", err)
 			}
diff --git a/internal/transactionrequest.go b/internal/transactionrequest.go
index c9d321f2..0bbe0720 100644
--- a/internal/transactionrequest.go
+++ b/internal/transactionrequest.go
@@ -167,7 +167,9 @@ func (t *TxnReq) ProcessTransaction(ctx context.Context) (*fclient.RespSend, *ut
 			}
 			continue
 		}
-		if err = gomatrixserverlib.VerifyEventSignatures(ctx, event, t.keys); err != nil {
+		if err = gomatrixserverlib.VerifyEventSignatures(ctx, event, t.keys, func(roomID, senderID string) (*spec.UserID, error) {
+			return t.rsAPI.QueryUserIDForSender(ctx, roomID, senderID)
+		}); err != nil {
 			util.GetLogger(ctx).WithError(err).Debugf("Transaction: Couldn't validate signature of event %q", event.EventID())
 			results[event.EventID()] = fclient.PDUResult{
 				Error: err.Error(),
diff --git a/internal/transactionrequest_test.go b/internal/transactionrequest_test.go
index fb30d410..6f3ce0b3 100644
--- a/internal/transactionrequest_test.go
+++ b/internal/transactionrequest_test.go
@@ -70,6 +70,10 @@ type FakeRsAPI struct {
 	bannedFromRoom  bool
 }
 
+func (r *FakeRsAPI) QueryUserIDForSender(ctx context.Context, roomID string, senderID string) (*spec.UserID, error) {
+	return spec.NewUserID(senderID, true)
+}
+
 func (r *FakeRsAPI) QueryRoomVersionForRoom(
 	ctx context.Context,
 	roomID string,
@@ -638,6 +642,10 @@ type testRoomserverAPI struct {
 	queryLatestEventsAndState func(*rsAPI.QueryLatestEventsAndStateRequest) rsAPI.QueryLatestEventsAndStateResponse
 }
 
+func (t *testRoomserverAPI) QueryUserIDForSender(ctx context.Context, roomID string, senderID string) (*spec.UserID, error) {
+	return spec.NewUserID(senderID, true)
+}
+
 func (t *testRoomserverAPI) InputRoomEvents(
 	ctx context.Context,
 	request *rsAPI.InputRoomEventsRequest,
author	devonh <devon.dmytro@gmail.com>	2023-06-06 20:55:18 +0000
committer	GitHub <noreply@github.com>	2023-06-06 20:55:18 +0000
commit	7a1fd7f512ce06a472a2051ee63eae4a270eb71a (patch)
tree	20128b0d3f7c69dd776aa7b2b9bc3194dda7dd75 /internal
parent	725ff5567d2a3bc9992b065e72ccabefb595ec1c (diff)