Description
Previously, the spec implied that threaded receipts were acceptable when referring to thread roots, or reactions to them etc. but this was a spec bug, which is fixed in matrix-org/matrix-spec#1677 . See matrix-org/matrix-spec-proposals#4037 for more detail.
Synapse's code at
|
async def _is_event_in_thread(self, event_id: str, thread_id: str) -> bool: |
|
""" |
|
The event must be related to the thread ID (in a vague sense) to ensure |
|
clients aren't sending bogus receipts. |
|
|
|
A thread ID is considered valid for a given event E if: |
|
|
|
1. E has a thread relation which matches the thread ID; |
|
2. E has another event which has a thread relation to E matching the |
|
thread ID; or |
|
3. E is recursively related (via any rel_type) to an event which |
|
satisfies 1 or 2. |
|
|
|
Given the following DAG: |
|
|
|
A <---[m.thread]-- B <--[m.annotation]-- C |
|
^ |
|
|--[m.reference]-- D <--[m.annotation]-- E |
|
|
|
It is valid to send a receipt for thread A on A, B, C, D, or E. |
|
|
|
It is valid to send a receipt for the main timeline on A, D, and E. |
|
|
|
Args: |
|
event_id: The event ID to check. |
|
thread_id: The thread ID the event is potentially part of. |
|
|
|
Returns: |
|
True if the event belongs to the given thread, otherwise False. |
|
""" |
|
|
|
# If the receipt is on the main timeline, it is enough to check whether |
|
# the event is directly related to a thread. |
|
if thread_id == MAIN_TIMELINE: |
|
return MAIN_TIMELINE == await self._main_store.get_thread_id(event_id) |
|
|
|
# Otherwise, check if the event is directly part of a thread, or is the |
|
# root message (or related to the root message) of a thread. |
|
return thread_id == await self._main_store.get_thread_id_for_receipts(event_id) |
reflects the spec bug, accepting incorrect receipts. It should not accept threaded receipts for events that are not in the thread.
Steps to reproduce
- Create some messages in a room, including a thread
- Create a reaction to the thread root
- Send a threaded receipt for the reaction, that gives the
thread_id as the ID of the thread root event, implying that the reaction is in the thread
- Note that Synapse accepts this receipt
Synapse should reject this receipt since a reaction to a thread root is not in the thread.
Homeserver
matrix.org
Synapse Version
1.98.0rc1 (b=matrix-org-hotfixes,c2deef254a)
Installation Method
I don't know
Database
Workers
Multiple workers
Platform
Configuration
Relevant log output
Anything else that would be useful to know?
