Add support for MSC4293 - Redact on Kick/Ban

changelog.d/18540.feature

@@ -0,0 +1 @@
+Add support for [MSC4293](https://github.com/matrix-org/matrix-spec-proposals/pull/4293) - Redact on Kick/Ban.

synapse/config/experimental.py

@@ -569,3 +569,6 @@ def read_config(
 
         # MSC4155: Invite filtering
         self.msc4155_enabled: bool = experimental.get("msc4155_enabled", False)
+
+        # MSC4293: Redact on Kick/Ban
+        self.msc4293_enabled: bool = experimental.get("msc4293_enabled", False)

synapse/handlers/federation_event.py

@@ -1966,6 +1966,9 @@ async def _check_for_soft_fail(
         Does nothing for events in rooms with partial state, since we may not have an
         accurate membership event for the sender in the current state.
 
+        Also checks if event should be redacted due to a MSC4293 redaction flag in kick/ban
+        event for user
+
         Args:
             event
             context: The `EventContext` which we are about to persist the event with.
@@ -2065,6 +2068,42 @@ async def _check_for_soft_fail(
             soft_failed_event_counter.inc()
             event.internal_metadata.soft_failed = True
 
+        if self._config.experimental.msc4293_enabled:
+            # Use already calculated auth events to determine if the event should be redacted due to kick/ban
+            if event.type == EventTypes.Message:
+                for auth_event in current_auth_events:
+                    if (
+                        auth_event.type == EventTypes.Member
+                        and auth_event.state_key == event.sender
+                    ):
+                        if auth_event.membership == Membership.BAN or (
+                            auth_event.membership == Membership.LEAVE
+                            and auth_event.sender != event.sender
+                        ):
+                            # we have a ban or kick for this sender, check for redaction flag and apply if found
+                            autoredact = auth_event.content.get(
+                                "org.matrix.msc4293.redact_events", False
+                            )
+                            if autoredact:
+                                await self._store.db_pool.simple_upsert(
+                                    table="redactions",
+                                    keyvalues={
+                                        "event_id": auth_event.event_id,
+                                        "redacts": event.event_id,
+                                    },
+                                    values={"received_ts": self._clock.time_msec()},
+                                    insertion_values={
+                                        "event_id": auth_event.event_id,
+                                        "redacts": event.event_id,
+                                        "received_ts": self._clock.time_msec(),
+                                    },
+                                )
+                                await self._store.db_pool.runInteraction(
+                                    "invalidate cache",
+                                    self._store.invalidate_get_event_cache_after_txn,
+                                    event.event_id,
+                                )
+
     async def _load_or_fetch_auth_events_for_event(
         self, destination: Optional[str], event: EventBase
     ) -> Collection[EventBase]:

synapse/rest/client/room.py

@@ -1087,6 +1087,7 @@ def __init__(self, hs: "HomeServer"):
         super().__init__(hs)
         self.room_member_handler = hs.get_room_member_handler()
         self.auth = hs.get_auth()
+        self.config = hs.config
 
     def register(self, http_server: HttpServer) -> None:
         # /rooms/$roomid/[join|invite|leave|ban|unban|kick]
@@ -1146,6 +1147,18 @@ async def _do(
         event_content = None
         if "reason" in content:
             event_content = {"reason": content["reason"]}
+        if self.config.experimental.msc4293_enabled:
+            if "org.matrix.msc4293.redact_events" in content:
+                if event_content:
+                    event_content["org.matrix.msc4293.redact_events"] = content[
+                        "org.matrix.msc4293.redact_events"
+                    ]
+                else:
+                    event_content = {
+                        "org.matrix.msc4293.redact_events": content[
+                            "org.matrix.msc4293.redact_events"
+                        ]
+                    }
 
         try:
             await self.room_member_handler.update_membership(

synapse/storage/databases/main/events.py

@@ -376,6 +376,72 @@ async def _persist_events_and_state_updates(
 
                 event_counter.labels(event.type, origin_type, origin_entity).inc()
 
+                if self.hs.config.experimental.msc4293_enabled:
+                    if event.type == EventTypes.Member and event.content.get(
+                        "org.matrix.msc4293.redact_events", False
+                    ):
+                        if event.membership != Membership.BAN and not (
+                            event.membership == Membership.LEAVE
+                            and event.sender != event.state_key
+                        ):
+                            return
+                        # check that sender can redact
+                        state_filter = StateFilter.from_types(
+                            [(EventTypes.PowerLevels, "")]
+                        )
+                        state = await self.store.get_partial_filtered_current_state_ids(
+                            event.room_id, state_filter
+                        )
+                        pl_id = state[(EventTypes.PowerLevels, "")]
+                        pl_event_map = await self.store.get_events([pl_id])
+                        pl_event = pl_event_map.get(pl_id)
+                        if pl_event:
+                            sender_level = pl_event.content.get("users", {}).get(
+                                event.sender
+                            )
+                            if sender_level is None:
+                                sender_level = pl_event.content.get("users_default", 0)
+                            redact_level = pl_event.content.get("redact", 50)
+
+                            if sender_level > redact_level:
+                                ids_to_redact = (
+                                    await self.store.get_events_sent_by_user_in_room(
+                                        event.state_key,
+                                        event.room_id,
+                                        limit=1000000,  # arbitrarily large number
+                                        filter=[
+                                            "m.room.member",
+                                            "m.room.message",
+                                            "m.room.encrypted",
+                                        ],
+                                    )
+                                )
+                                if ids_to_redact:
+                                    key_values = [
+                                        (event.event_id, x) for x in ids_to_redact
+                                    ]
+                                    value_values = [
+                                        (self._clock.time_msec(),)
+                                        for x in ids_to_redact
+                                    ]
+                                    await self.db_pool.simple_upsert_many(
+                                        table="redactions",
+                                        key_names=["event_id", "redacts"],
+                                        key_values=key_values,
+                                        value_names=["received_ts"],
+                                        value_values=value_values,
+                                        desc="redact_on_ban_redaction_txn",
+                                    )
+                                    # normally the cache entry for a redacted event would be invalidated
+                                    # by an arriving redaction event, but since we are not creating redaction
+                                    # events we invalidate manually
+                                    for id in ids_to_redact:
+                                        await self.db_pool.runInteraction(
+                                            "invalidate cache",
+                                            self.store.invalidate_get_event_cache_after_txn,
+                                            id,
+                                        )
+
             if new_forward_extremities:
                 self.store.get_latest_event_ids_in_room.prefill(
                     (room_id,), frozenset(new_forward_extremities)
@@ -2768,9 +2834,8 @@ def _store_redaction(self, txn: LoggingTransaction, event: EventBase) -> None:
         self.db_pool.simple_upsert_txn(
             txn,
             table="redactions",
-            keyvalues={"event_id": event.event_id},
+            keyvalues={"event_id": event.event_id, "redacts": event.redacts},
             values={
-                "redacts": event.redacts,
                 "received_ts": self._clock.time_msec(),
             },
         )

synapse/storage/databases/main/room.py

@@ -1960,6 +1960,28 @@ def __init__(
     ):
         super().__init__(database, db_conn, hs)
 
+        self.db_pool.updates.register_background_index_update(
+            "redactions_add_event_id_idx",
+            "redactions_event_id",
+            "redactions",
+            ["event_id"],
+        )
+
+        self.db_pool.updates.register_background_index_update(
+            "redactions_add_redacts_idx",
+            "redactions_redacts",
+            "redactions",
+            ["redacts"],
+        )
+
+        self.db_pool.updates.register_background_index_update(
+            "redactions_add_have_censored_ts",
+            "redactions_have_censored_ts",
+            "redactions",
+            ["received_ts"],
+            where_clause="NOT have_censored",
+        )
+
         self.db_pool.updates.register_background_update_handler(
             "insert_room_retention",
             self._background_insert_retention,

synapse/storage/schema/main/delta/92/06_redactions_multitarget.py

@@ -0,0 +1,72 @@
+from synapse.storage.database import LoggingTransaction
+from synapse.storage.engines import BaseDatabaseEngine, PostgresEngine
+
+
+def run_create(
+    cur: LoggingTransaction,
+    database_engine: BaseDatabaseEngine,
+) -> None:
+    """
+    Drop unique constraint event_id and add unique constraint (event_id, redacts)
+    """
+    if isinstance(database_engine, PostgresEngine):
+        add_constraint_sql = """
+        ALTER TABLE ONLY redactions ADD CONSTRAINT redactions_event_id_redacts_key UNIQUE (event_id, redacts);
+        """
+        cur.execute(add_constraint_sql)
+
+        drop_constraint_sql = """
+        ALTER TABLE ONLY redactions DROP CONSTRAINT redactions_event_id_key;
+        """
+        cur.execute(drop_constraint_sql)
+
+    else:
+        # in SQLite we need to rewrite the table to change the constraint.
+        # First drop any temporary table that might be here from a previous failed migration.
+        cur.execute("DROP TABLE IF EXISTS temp_redactions")
+
+        create_sql = """
+        CREATE TABLE temp_redactions (
+            event_id TEXT NOT NULL,
+            redacts TEXT NOT NULL,
+            have_censored BOOL NOT NULL DEFAULT false,
+            received_ts BIGINT,
+            UNIQUE(event_id, redacts)
+        );
+        """
+        cur.execute(create_sql)
+
+        copy_sql = """
+        INSERT INTO temp_redactions (
+            event_id,
+            redacts,
+            have_censored,
+            received_ts
+        ) SELECT r.event_id, r.redacts, r.have_censored, r.received_ts FROM redactions AS r;
+        """
+        cur.execute(copy_sql)
+
+        drop_sql = """
+        DROP TABLE redactions
+        """
+        cur.execute(drop_sql)
+
+        rename_sql = """
+        ALTER TABLE temp_redactions RENAME to redactions
+        """
+        cur.execute(rename_sql)
+
+        sqlite3_idx_update_sql = """
+             INSERT INTO background_updates (ordering, update_name, progress_json) \
+             VALUES (?, ?, ?);
+         """
+        cur.execute(sqlite3_idx_update_sql, (9206, "redactions_add_redacts_idx", "{}"))
+        cur.execute(
+            sqlite3_idx_update_sql, (9206, "redactions_add_have_censored_ts", "{}")
+        )
+
+    # in either case the event_id index needs to be re-created
+    idx_sql = """
+          INSERT INTO background_updates (ordering, update_name, progress_json) VALUES (?, ?, ?);
+    """
+    cur.execute(idx_sql, (9206, "redactions_add_event_id_idx", "{}"))