From 989d843c40f112205e34c454940e3031e30923ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Fri, 21 May 2021 18:12:02 +0200
Subject: [PATCH] fix: unauthorized pdus will be responded to with FORBIDDEN

---
 src/client_server/membership.rs | 12 +++---------
 src/database/rooms.rs           |  2 +-
 src/server_server.rs            |  4 ++--
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/client_server/membership.rs b/src/client_server/membership.rs
index de8b4cb0..9674b7a5 100644
--- a/src/client_server/membership.rs
+++ b/src/client_server/membership.rs
@@ -569,13 +569,7 @@ async fn join_room_by_id_helper(
         {
             let (event_id, value) = match result {
                 Ok(t) => t,
-                Err(e) => {
-                    warn!(
-                        "PDU could not be verified: {:?} {:?} {:?}",
-                        e, event_id, pdu
-                    );
-                    continue;
-                }
+                Err(_) => continue,
             };
 
             let pdu = PduEvent::from_id_val(&event_id, value.clone()).map_err(|e| {
@@ -701,7 +695,7 @@ async fn validate_and_add_event_id(
     db: &Database,
 ) -> Result<(EventId, CanonicalJsonObject)> {
     let mut value = serde_json::from_str::<CanonicalJsonObject>(pdu.json().get()).map_err(|e| {
-        error!("{:?}: {:?}", pdu, e);
+        error!("Invalid PDU in server response: {:?}: {:?}", pdu, e);
         Error::BadServerResponse("Invalid PDU in server response")
     })?;
     let event_id = EventId::try_from(&*format!(
@@ -745,7 +739,7 @@ async fn validate_and_add_event_id(
         &value,
         room_version,
     ) {
-        warn!("Event {} failed verification: {}", event_id, e);
+        warn!("Event {} failed verification {:?} {}", event_id, pdu, e);
         back_off(event_id);
         return Err(Error::BadServerResponse("Event failed verification."));
     }
diff --git a/src/database/rooms.rs b/src/database/rooms.rs
index 48e6e11f..5ba170a0 100644
--- a/src/database/rooms.rs
+++ b/src/database/rooms.rs
@@ -1309,7 +1309,7 @@ impl Rooms {
 
         if !auth_check {
             return Err(Error::BadRequest(
-                ErrorKind::InvalidParam,
+                ErrorKind::Forbidden,
                 "Event is not authorized.",
             ));
         }
diff --git a/src/server_server.rs b/src/server_server.rs
index d51c9eba..699cbbec 100644
--- a/src/server_server.rs
+++ b/src/server_server.rs
@@ -1484,7 +1484,7 @@ pub(crate) async fn fetch_signing_keys(
         }
     }
 
-    debug!("Loading signing keys for {}", origin);
+    trace!("Loading signing keys for {}", origin);
 
     let mut result = db
         .globals
@@ -1943,7 +1943,7 @@ pub fn create_join_event_template_route<'a>(
 
     if !auth_check {
         return Err(Error::BadRequest(
-            ErrorKind::InvalidParam,
+            ErrorKind::Forbidden,
             "Event is not authorized.",
         ));
     }