From 9a9257c2be76f5752e0935ef57dbb4c20870cc32 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <andrewf@element.io>
Date: Thu, 27 Jun 2024 14:08:41 -0400
Subject: [PATCH] Skip strict state_key rule when MSC3779 is enabled

When the MSC is enabled, do not reject all events with a state_key
beginning with @ but not equal to the sender, as that overrides the
desired rule to allow the state key to have an optional suffix.
---
 synapse/event_auth.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 2091afc50d..662f123bab 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -808,11 +808,12 @@ def get_send_level(
 def _can_send_event(event: "EventBase", auth_events: StateMap["EventBase"]) -> bool:
     power_levels_event = get_power_level_event(auth_events)
 
+    uses_owned_state_events = event.room_version is RoomVersions.MSC3779v10
     send_level = get_send_level(
         event.type,
         event.get("state_key"),
         power_levels_event,
-        event.user_id if event.room_version is RoomVersions.MSC3779v10 else None,
+        event.user_id if uses_owned_state_events else None,
     )
     user_level = get_user_power_level(event.user_id, auth_events)
 
@@ -826,7 +827,7 @@ def _can_send_event(event: "EventBase", auth_events: StateMap["EventBase"]) -> b
 
     # Check state_key
     if hasattr(event, "state_key"):
-        if event.state_key.startswith("@"):
+        if not uses_owned_state_events and event.state_key.startswith("@"):
             if event.state_key != event.user_id:
                 raise AuthError(403, "You are not allowed to set others state")