From fcbab08cbd46d28976411b1d014a4efb76c8b7a4 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Mon, 10 Aug 2020 12:29:47 +0100
Subject: [PATCH] Add an assertion on prev_events in create_new_client_event
 (#8041)

I think this would have caught all the cases in
https://github.com/matrix-org/synapse/issues/7642 - and I think a 500 makes
more sense here than a 403
---
 changelog.d/8041.misc           | 1 +
 synapse/handlers/message.py     | 9 +++++++++
 tests/storage/test_redaction.py | 4 ++++
 3 files changed, 14 insertions(+)
 create mode 100644 changelog.d/8041.misc

diff --git a/changelog.d/8041.misc b/changelog.d/8041.misc
new file mode 100644
index 0000000000..eefa98d744
--- /dev/null
+++ b/changelog.d/8041.misc
@@ -0,0 +1 @@
+Add an assertion on prev_events in create_new_client_event.
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index 708533d4d1..8ddded8389 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -768,6 +768,15 @@ class EventCreationHandler(object):
         else:
             prev_event_ids = await self.store.get_prev_events_for_room(builder.room_id)
 
+        # we now ought to have some prev_events (unless it's a create event).
+        #
+        # do a quick sanity check here, rather than waiting until we've created the
+        # event and then try to auth it (which fails with a somewhat confusing "No
+        # create event in auth events")
+        assert (
+            builder.type == EventTypes.Create or len(prev_event_ids) > 0
+        ), "Attempting to create an event with no prev_events"
+
         event = await builder.build(prev_event_ids=prev_event_ids)
         context = await self.state.compute_event_context(event)
         if requester:
diff --git a/tests/storage/test_redaction.py b/tests/storage/test_redaction.py
index 41511d479f..1ea35d60c1 100644
--- a/tests/storage/test_redaction.py
+++ b/tests/storage/test_redaction.py
@@ -251,6 +251,10 @@ class RedactionTestCase(unittest.HomeserverTestCase):
             def room_id(self):
                 return self._base_builder.room_id
 
+            @property
+            def type(self):
+                return self._base_builder.type
+
         event_1, context_1 = self.get_success(
             self.event_creation_handler.create_new_client_event(
                 EventIdManglingBuilder(
-- 
GitLab