Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/members endpoint incorrectly returning 403 #16913

Open
kegsay opened this issue Feb 13, 2024 · 1 comment
Open

/members endpoint incorrectly returning 403 #16913

kegsay opened this issue Feb 13, 2024 · 1 comment
Labels
A-Workers O-Uncommon S-Minor T-Defect

Comments

@kegsay
Copy link
Contributor

kegsay commented Feb 13, 2024
edited
Loading

Description

I created a DM over federation. Upon the room being created, I sent a message in Element-Web, which refused to send due to: Error sending event M_FORBIDDEN: MatrixError: [403] User @kegan:matrix.org not allowed to view events in room !LFuqCQZUwZtXTLWLLw:matrix.org at token StreamToken(room_key=RoomStreamToken(stream=4697475137, instance_map=immutabledict({'event_persister-5': 4697475604, 'event_persister-4': 4697475604, 'event_persister-2': 4697475604, 'event_persister-1': 4697475604}), topological=None), presence_key=757284974, typing_key=323532, receipt_key=MultiWriterStreamToken(stream=2638193413, instance_map=immutabledict({})), account_data_key=2822308049, push_rules_key=5248105, to_device_key=1268713876, device_list_key=9889126520, groups_key=0, un_partial_stated_rooms_key=239350). This is clearly in error, as I created the room.

As far as I can tell either:

  • the token I got is too far behind and the worker is correctly saying that well before that point the room didn't exist (or did exist but prior to the m.room.member join event for myself)
  • or the worker that I hit on matrix.org is too far behind and was unaware that the room existed.

Waiting a while and retrying to send a message eventually worked. DMs are E2EE hence in order to send messages the client will first hit /members for an up-to-date member list.

Anoa says that

synapse/synapse/rest/client/room.py

Lines 627 to 632 in 23740ea

events = await handler.get_state_events(
room_id=room_id,
requester=requester,
at_token=at_token,
state_filter=StateFilter.from_types([(EventTypes.Member, None)]),
)
eventually goes through to

synapse/synapse/handlers/message.py

Lines 212 to 219 in 23740ea

if not await self._user_can_see_state_at_event(
user_id, room_id, last_event_id
):
raise AuthError(
403,
"User %s not allowed to view events in room %s at token %s"
% (user_id, room_id, at_token),
)
where the error is being returned.

Steps to reproduce

Unknown. Created a DM over federation and sent a message (not particularly quickly either!).

Homeserver

matrix.org

Synapse Version

1.101.0 (b=matrix-org-hotfixes,6dbedcf601)

Installation Method

I don't know

Database

PostgreSQL

Workers

Multiple workers

Platform

Configuration

No response

Relevant log output

2024-02-13 14:59:06,115 - synapse.http.server - 130 - INFO - GET-854deeeb1b0a2216-MAN - 
<XForwardedForRequest at 0x7f26f6307c60 method='GET' uri='/_matrix/client/v3/rooms/!LFuqCQZUwZtXTLWLLw%3Amatrix.org/members?not_membership=leave&at=m4697475137%7E37.4697475604%7E36.4697475604%7E2.4697475604%7E1.4697475604_757284974_323532_2638193413_2822308049_5248105_1268713876_9889126520_0_239350' 
clientproto='HTTP/1.1' site='11108'> SynapseError: 403 - User @kegan:matrix.org not allowed to view events in room !LFuqCQZUwZtXTLWLLw:matrix.org at token StreamToken(room_key=RoomStreamToken(stream=4697475137,
instance_map=immutabledict({'event_persister-5': 4697475604, 'event_persister-4': 4697475604, 'event_persister-2': 4697475604, 'event_persister-1': 4697475604}), topological=None),
 presence_key=757284974, typing_key=323532, receipt_key=MultiWriterStreamToken(stream=2638193413, instance_map=immutabledict({})), account_data_key=28223080
49, push_rules_key=5248105, to_device_key=1268713876, device_list_key=9889126520, groups_key=0, un_partial_stated_rooms_key=239350)
2024-02-13 14:59:06,116 - synapse.access.http.11108 - 472 - INFO - GET-854deeeb1b0a2216-MAN - redacted - 11108 - {@kegan:matrix.org} Processed request:
 0.006sec/0.000sec (0.004sec, 0.000sec) (0.000sec/0.002sec/2) 657B 403 "GET /_matrix/client/v3/rooms/!LFuqCQZUwZtXTLWLLw%3Amatrix.org/members?not_membership
=leave&at=m4697475137%7E37.4697475604%7E36.4697475604%7E2.4697475604%7E1.4697475604_757284974_323532_2638193413_2822308049_5248105_1268713876_9889126520_0_2
39350 HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Element/1.11.57 Chrome/120.0.6099.199 Electron/28.1.
3 Safari/537.36" [0 dbevts]

Anything else that would be useful to know?

No response
@kegsay
Copy link
Contributor Author

kegsay commented Feb 13, 2024

Maybe related? matrix-org/synapse#14158

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Workers O-Uncommon S-Minor T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anoadragon453 @kegsay