Fix signatures on pseudoID invites (#404)

Author: devonh

eventauth.go

@@ -990,22 +990,32 @@ func (m *membershipAllower) membershipAllowed(event PDU) error { // nolint: gocy
 		)
 	}
 
-	sender, err := m.userIDQuerier(m.roomID, spec.SenderID(m.senderID))
-	if err != nil {
-		return err
+	var sender *spec.UserID
+	var err error
+	if event.Type() == spec.MRoomMember {
+		mapping := MemberContent{}
+		if err := json.Unmarshal(event.Content(), &mapping); err != nil {
+			return err
+		}
+		if mapping.MXIDMapping != nil {
+			sender, err = spec.NewUserID(mapping.MXIDMapping.UserID, true)
+			if err != nil {
+				return err
+			}
+		}
 	}
+
 	if sender == nil {
-		return errorf("userID not found for sender %q in room %q", m.senderID, event.RoomID())
-	}
-	if err := m.create.UserIDAllowed(*sender); err != nil {
-		return err
+		sender, err = m.userIDQuerier(m.roomID, spec.SenderID(m.senderID))
+		if err != nil {
+			return err
+		}
 	}
 
-	target, err := m.userIDQuerier(m.roomID, spec.SenderID(m.senderID))
-	if err != nil {
-		return err
+	if sender == nil {
+		return errorf("userID not found for sender %q in room %q", m.senderID, event.RoomID())
 	}
-	if err := m.create.UserIDAllowed(*target); err != nil {
+	if err := m.create.UserIDAllowed(*sender); err != nil {
 		return err
 	}
 

keyring.go

@@ -382,7 +382,7 @@ func (v JSONVerifierSelf) VerifyJSONs(ctx context.Context, requests []VerifyJSON
 		// convert to public key
 		key, err := spec.SenderID(requests[i].ServerName).RawBytes()
 		if err != nil {
-			results[i].Error = fmt.Errorf("unable to get key from senderID: %w", err)
+			results[i].Error = fmt.Errorf("unable to get key from senderID for %s: %w", requests[i].ServerName, err)
 			continue
 		}
 

performinvite.go

@@ -184,14 +184,21 @@ func PerformInvite(ctx context.Context, input PerformInviteInput, fedClient Fede
 
 			// Sign the event so that other servers will know that we have received the invite.
 			fullEventBuilder := verImpl.NewEventBuilderFromProtoEvent(&input.EventTemplate)
-			inviteEvent, err = fullEventBuilder.Build(input.EventTime, origin, keyID, input.SigningKey)
+			inviteEvent, err = fullEventBuilder.Build(input.EventTime, spec.ServerName(inviteeSenderID), keyID, inviteeSigningKey)
 			if err != nil {
 				logger.WithError(err).Error("failed building invite event")
 				return nil, spec.InternalServerError{}
 			}
 
-			// Have the invitee also sign the event
-			inviteEvent = inviteEvent.Sign(string(origin), keyID, inviteeSigningKey)
+			// Have the inviter also sign the event
+			inviteEvent = inviteEvent.Sign(string(origin), keyID, input.SigningKey)
+
+			verifier := JSONVerifierSelf{}
+			err = VerifyEventSignatures(ctx, inviteEvent, verifier, input.UserIDQuerier)
+			if err != nil {
+				logger.WithError(err).Error("local invite event has invalid signatures")
+				return nil, spec.Forbidden(err.Error())
+			}
 
 			err = checkEventAllowed(inviteEvent)
 			if err != nil {
@@ -205,6 +212,7 @@ func PerformInvite(ctx context.Context, input PerformInviteInput, fedClient Fede
 			}
 			logger.Debugf("Federated SendInviteV3 success to user %s", input.Invitee.String())
 
+			// Have the inviter also sign the event
 			inviteEvent = inviteEvent.Sign(
 				string(origin), keyID, input.SigningKey,
 			)

performinvite_test.go

@@ -20,11 +20,19 @@ func SenderIDForUserTest(roomID spec.RoomID, userID spec.UserID) (spec.SenderID,
 func CreateSenderID(ctx context.Context, userID spec.UserID, roomID spec.RoomID, roomVersion string) (spec.SenderID, ed25519.PrivateKey, error) {
 	_, key, err := ed25519.GenerateKey(nil)
 	if err != nil {
-		panic("failed generating ed25519 key")
+		return "", nil, err
 	}
 	return spec.SenderID(userID.String()), key, nil
 }
 
+func CreateSenderIDPseudoIDs(ctx context.Context, userID spec.UserID, roomID spec.RoomID, roomVersion string) (spec.SenderID, ed25519.PrivateKey, error) {
+	_, key, err := ed25519.GenerateKey(nil)
+	if err != nil {
+		return "", nil, err
+	}
+	return spec.SenderIDFromPseudoIDKey(key), key, nil
+}
+
 func StoreSenderIDTest(ctx context.Context, senderID spec.SenderID, userID string, id spec.RoomID) error {
 	return nil
 }
@@ -684,7 +692,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{},
 				UserIDQuerier:             UserIDForSenderTest,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -708,7 +716,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{shouldFailAuth: true},
 				UserIDQuerier:             UserIDForSenderTest,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -732,7 +740,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{shouldFailState: true},
 				UserIDQuerier:             UserIDForSenderTest,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -755,7 +763,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{},
 				UserIDQuerier:             UserIDForSenderTest,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -779,7 +787,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{createEvent: createEvent, inviterMemberEvent: inviterJoinEvent},
 				UserIDQuerier:             UserIDForSenderTest,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -803,7 +811,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{createEvent: createEvent, inviterMemberEvent: inviterJoinEvent},
 				UserIDQuerier:             userIDForSender,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},
@@ -825,7 +833,7 @@ func TestPerformInvitePseudoIDs(t *testing.T) {
 				StateQuerier:              &TestStateQuerier{createEvent: createEvent, inviterMemberEvent: inviterJoinEvent},
 				UserIDQuerier:             userIDForSender,
 				SenderIDQuerier:           SenderIDForUserTest,
-				SenderIDCreator:           CreateSenderID,
+				SenderIDCreator:           CreateSenderIDPseudoIDs,
 				EventQuerier:              eventQuerier.GetLatestEventsTest,
 				StoreSenderIDFromPublicID: StoreSenderIDTest,
 			},