Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4167: Copy bans on room upgrade #4167

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Kladki
Copy link
Contributor

@Kladki Kladki commented Jul 6, 2024

@tulir tulir added proposal A matrix spec change proposal client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec labels Jul 7, 2024
Comment on lines +17 to +19
In rooms with many banned users, it may take a while to perform the upgrade, as all the bans will need
to be performed. However, not doing this would allow previously banned users to access the room, which
is why this is deemed as worth it.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional potential issue: remote servers iirc are informed of the membership change, causing the banned user to potentially receive "You were banned from : " prompts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remote servers iirc are informed of the membership change

Why do you think that? Even if it were true, this scenario doesn't really make sense in situations where the remote server isn't even aware of a room.

Copy link
Contributor

@Gnuxie Gnuxie Jul 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you have @alice:matrix.org present within a room, and @bob:matrix.org becomes banned, then @bob:matrix.org will be force joined to the room and notified that they are banned (The event is sent to them down /sync iirc). This is because @bob:matrix.org's server (matrix.org) is sent the ban because @alice:matrix.org is participating in the room. Which is an issue because now bob is aware or has been reminded of the new room's existence.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't really know if there's anything in the spec that causes that behaviour or of it's all just implicit and Synapse is doing something without thinking too much, which is still a problem.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to check, this only happens with users on the same server as the user upgrading the room, right? Because last I checked if you /send events to remote servers from rooms they don't know about, they should get rejected.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Notifying a user that they were banned in a room they never participated in (or are not currently participating in, i.e. their membership is leave) seems like strange behavior anyways, and I don't think it is something that should happen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to check, this only happens with users on the same server as the user upgrading the room, right?

Haven't tested.

seems like strange behavior anyways, and I don't think it is something that should happen.

It does happen though until there is some work to clarify or make sure that this doesn't happen (if it is even possible to do so since it might be quite hard for a server to work out the extent that a user was participating in the room or not).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it might be quite hard for a server to work out the extent that a user was participating in the room or not

It shouldn't be, since the server already needs to know their membership to send the event over /sync anyways (since the rooms field has different sub-fields for events depending on their current membership).

after the upgrade. However, the spec currently states that "Membership events should not be transferred
to the new room due to technical limitations of servers not being able to impersonate people from other
homeservers". While this is most notably true for `join` membership events, this is not true for `ban`
membership, which users likely want copied over to the new room.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is the argument to be made that users want the ability to control this behavior.

Why? Because if the room in question uses a Bot like Draupnir or Mjolnir they have no need to clone the bans potentially as they do all their bans via the bot. If all the bans are done via the bot why clutter the room state the room might argue.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok then, adding a query parameter like copy_membership could be a good way to toggle this then. I don't specify bans with this parameter as in the future there may be other membership states which could be copied over, such as mutes. Does that sound good?

Also I'm not sure whether to mention in the MSC whether mutes should also be copied over once in the spec, and what to do about other future membership states.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To not dig too deep into the intracies of #3909 and #4106 they have a problem in that being muted under them is counted as being a room member. Now if you copied the leave mute states that could work without issue. And you could in theory allow preemptively setting it via a trivial from my perspective change to #3909 that would be inherited by #4106

Current day mutes as in mutes before 3909 are coppied as they are baked into the powerlevels event.

Copy link
Member

@turt2live turt2live Jul 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Server

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When a room upgrade is performed, servers SHOULD copy membership states with the `ban` `membership` to
the new room, to ensure that users banned in the old room are still banned in the new room.

## Potential issues
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are potential safety concerns with this behaviour, fwiw. Namely:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its good that Draupnir and Mjolnir allows you to avoid these issues if you are willing to accept the tradeoff that comes with reactive sanctions instead of preemptive sanctions.

@@ -0,0 +1,40 @@
# MSC4167: Copy bans on room upgrade
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unclear to me if we want to be more prescriptive in the room upgrade process: matrix-org/matrix-spec#1906 exists for discussion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec proposal A matrix spec change proposal
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants