fix: Don't fail open when a PDU doesn't have a short state hash

2026-02-06 18:09:09 +00:00 · 2026-02-06 18:09:09 +00:00 · 0ea0d09b97
commit 0ea0d09b97
parent 6763952ce4
2 changed files with 11 additions and 15 deletions
--- a/src/api/server/utils.rs
+++ b/src/api/server/utils.rs
@ -1,6 +1,6 @@
 use conduwuit::{Err, Result, implement, is_false};
 use conduwuit_service::Services;
-use futures::{FutureExt, StreamExt, future::OptionFuture, join};
+use futures::{FutureExt, future::OptionFuture, join};
 use ruma::{EventId, RoomId, ServerName};

 pub(super) struct AccessCheck<'a> {
@ -31,15 +31,6 @@ pub(super) async fn check(&self) -> Result {
 		.state_cache
 		.server_in_room(self.origin, self.room_id);

-	// if any user on our homeserver is trying to knock this room, we'll need to
-	// acknowledge bans or leaves
-	let user_is_knocking = self
-		.services
-		.rooms
-		.state_cache
-		.room_members_knocked(self.room_id)
-		.count();
-
 	let server_can_see: OptionFuture<_> = self
 		.event_id
 		.map(|event_id| {
@ -51,14 +42,14 @@ pub(super) async fn check(&self) -> Result {
 		})
 		.into();

-	let (world_readable, server_in_room, server_can_see, acl_check, user_is_knocking) =
-		join!(world_readable, server_in_room, server_can_see, acl_check, user_is_knocking);
+	let (world_readable, server_in_room, server_can_see, acl_check) =
+		join!(world_readable, server_in_room, server_can_see, acl_check);

 	if !acl_check {
 		return Err!(Request(Forbidden("Server access denied.")));
 	}

-	if !world_readable && !server_in_room && user_is_knocking == 0 {
+	if !world_readable && !server_in_room {
 		return Err!(Request(Forbidden("Server is not in room.")));
 	}

--- a/src/service/rooms/state_accessor/server_can.rs
+++ b/src/service/rooms/state_accessor/server_can.rs
@ -1,4 +1,4 @@
-use conduwuit::{implement, utils::stream::ReadyExt};
+use conduwuit::{implement, utils::stream::ReadyExt, warn};
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, ServerName,
@ -19,7 +19,12 @@ pub async fn server_can_see_event(
 	event_id: &EventId,
 ) -> bool {
 	let Ok(shortstatehash) = self.pdu_shortstatehash(event_id).await else {
-		return true;
+		warn!(
+			"Unable to visibility check event {} in room {} for server {}: shortstatehash not \
+			 found",
+			event_id, room_id, origin
+		);
+		return false;
 	};

 	let history_visibility = self