From 0ea0d09b974d27d3c1108ee130cb68791514ea51 Mon Sep 17 00:00:00 2001
From: timedout <git@nexy7574.co.uk>
Date: Fri, 6 Feb 2026 18:09:09 +0000
Subject: [PATCH] fix: Don't fail open when a PDU doesn't have a short state
 hash

---
 src/api/server/utils.rs                        | 17 ++++-------------
 src/service/rooms/state_accessor/server_can.rs |  9 +++++++--
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/src/api/server/utils.rs b/src/api/server/utils.rs
index 5696e44b..e698f235 100644
--- a/src/api/server/utils.rs
+++ b/src/api/server/utils.rs
@@ -1,6 +1,6 @@
 use conduwuit::{Err, Result, implement, is_false};
 use conduwuit_service::Services;
-use futures::{FutureExt, StreamExt, future::OptionFuture, join};
+use futures::{FutureExt, future::OptionFuture, join};
 use ruma::{EventId, RoomId, ServerName};
 
 pub(super) struct AccessCheck<'a> {
@@ -31,15 +31,6 @@ pub(super) async fn check(&self) -> Result {
 		.state_cache
 		.server_in_room(self.origin, self.room_id);
 
-	// if any user on our homeserver is trying to knock this room, we'll need to
-	// acknowledge bans or leaves
-	let user_is_knocking = self
-		.services
-		.rooms
-		.state_cache
-		.room_members_knocked(self.room_id)
-		.count();
-
 	let server_can_see: OptionFuture<_> = self
 		.event_id
 		.map(|event_id| {
@@ -51,14 +42,14 @@ pub(super) async fn check(&self) -> Result {
 		})
 		.into();
 
-	let (world_readable, server_in_room, server_can_see, acl_check, user_is_knocking) =
-		join!(world_readable, server_in_room, server_can_see, acl_check, user_is_knocking);
+	let (world_readable, server_in_room, server_can_see, acl_check) =
+		join!(world_readable, server_in_room, server_can_see, acl_check);
 
 	if !acl_check {
 		return Err!(Request(Forbidden("Server access denied.")));
 	}
 
-	if !world_readable && !server_in_room && user_is_knocking == 0 {
+	if !world_readable && !server_in_room {
 		return Err!(Request(Forbidden("Server is not in room.")));
 	}
 
diff --git a/src/service/rooms/state_accessor/server_can.rs b/src/service/rooms/state_accessor/server_can.rs
index 2befec22..5613d369 100644
--- a/src/service/rooms/state_accessor/server_can.rs
+++ b/src/service/rooms/state_accessor/server_can.rs
@@ -1,4 +1,4 @@
-use conduwuit::{implement, utils::stream::ReadyExt};
+use conduwuit::{implement, utils::stream::ReadyExt, warn};
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, ServerName,
@@ -19,7 +19,12 @@ pub async fn server_can_see_event(
 	event_id: &EventId,
 ) -> bool {
 	let Ok(shortstatehash) = self.pdu_shortstatehash(event_id).await else {
-		return true;
+		warn!(
+			"Unable to visibility check event {} in room {} for server {}: shortstatehash not \
+			 found",
+			event_id, room_id, origin
+		);
+		return false;
 	};
 
 	let history_visibility = self