Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Poll model - validate end events #3072

Merged
merged 38 commits into from
Feb 1, 2023

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented Jan 17, 2023

Includes #3036

Repeated end events are ignored - only the first (valid) closure event by origin_server_ts is counted.

If a m.poll.end event is received from someone other than the poll creator or user with permission to redact other's messages in the room, the event must be ignored by clients due to being invalid.

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

Here's what your changelog entry will look like:

✨ Features

@SimonBrandner
Copy link
Contributor

Any chance the base of this could be changed for easier review?

@kerryarchibald kerryarchibald changed the base branch from develop to psg-1014/poll-model January 17, 2023 22:47
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems to be mixing in a bunch of changes to threads - is that deliberate?

src/models/poll.ts Outdated Show resolved Hide resolved
Base automatically changed from psg-1014/poll-model to develop January 26, 2023 02:07
@kerryarchibald
Copy link
Contributor Author

@richvdh @SimonBrandner This is ready for another look!

src/models/poll.ts Outdated Show resolved Hide resolved
Comment on lines 195 to 196
const endEventSender = endEvent.getSender();
return !!endEventSender && roomCurrentState.maySendRedactionForEvent(this.rootEvent, endEventSender);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this doesn't seem to be quite the same thing as the comment above. It's possible that endEventSender is the same as the sender of the root event, and yet they lack permission to redact that create event (for example, because sending m.room.redaction events has been disabled).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch, have added a sender === creator check here

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm otherwise

return !!endEventSender && roomCurrentState.maySendRedactionForEvent(this.rootEvent, endEventSender);
return (
!!endEventSender &&
(endEventSender === this.matrixClient.getSafeUserId() ||
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is checking if the sender of the end event is the current user? Don't we want to check if it was the sender of the rootEvent?

Suggested change
(endEventSender === this.matrixClient.getSafeUserId() ||
(endEventSender === this.rootEvent.getSender() ||

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦‍♀️ fixed and improved the tests to catch this. Thanks!

@kerryarchibald kerryarchibald enabled auto-merge (squash) February 1, 2023 20:25
@kerryarchibald kerryarchibald merged commit 2800681 into develop Feb 1, 2023
@kerryarchibald kerryarchibald deleted the psg-1014/poll-model-only-valid-end-events branch February 1, 2023 20:32
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this pull request Feb 28, 2023
* Element-R: implement encryption of outgoing events ([\matrix-org#3122](matrix-org#3122)).
* Poll model - page /relations results ([\matrix-org#3073](matrix-org#3073)). Contributed by @kerryarchibald.
* Poll model - validate end events ([\matrix-org#3072](matrix-org#3072)). Contributed by @kerryarchibald.
* Handle optional last_known_event_id property in m.predecessor ([\matrix-org#3119](matrix-org#3119)). Contributed by @andybalaam.
* Add support for stable identifier for fixed MAC in SAS verification ([\matrix-org#3101](matrix-org#3101)).
* Provide eventId as well as roomId from Room.findPredecessor ([\matrix-org#3095](matrix-org#3095)). Contributed by @andybalaam.
* MSC3946 Dynamic room predecessors ([\matrix-org#3042](matrix-org#3042)). Contributed by @andybalaam.
* Poll model ([\matrix-org#3036](matrix-org#3036)). Contributed by @kerryarchibald.
* Remove video tracks on video mute without renegotiating ([\matrix-org#3091](matrix-org#3091)).
* Introduces a backwards-compatible API change. `MegolmEncrypter#prepareToEncrypt`'s return type has changed from `void` to `() => void`. ([\matrix-org#3035](matrix-org#3035)). Contributed by @clarkf.
* Stop the ICE disconnected timer on call terminate ([\matrix-org#3147](matrix-org#3147)).
* Clear notifications when we can infer read status from receipts ([\matrix-org#3139](matrix-org#3139)). Fixes element-hq/element-web#23991.
* Messages sent out of order after one message fails ([\matrix-org#3131](matrix-org#3131)). Fixes element-hq/element-web#22885 and element-hq/element-web#18942. Contributed by @justjanne.
* Element-R: fix a bug which prevented encryption working after a reload ([\matrix-org#3126](matrix-org#3126)).
* Element-R: Fix invite processing ([\matrix-org#3121](matrix-org#3121)).
* Don't throw with no `opponentDeviceInfo` ([\matrix-org#3107](matrix-org#3107)).
* Remove flaky megolm test ([\matrix-org#3098](matrix-org#3098)). Contributed by @clarkf.
* Fix "verifyLinks" functionality of getRoomUpgradeHistory ([\matrix-org#3089](matrix-org#3089)). Contributed by @andybalaam.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants