Merge branch 'updated-msc4311' into 'next'

feat: updated MSC4311 support See merge request famedly/conduit!778
2025-09-15 18:57:03 +00:00 · 2025-09-12 11:43:09 +00:00 · 2025-09-12 11:43:09 +00:00 · cd3a8b9f2e
commit cd3a8b9f2e
parent 6d227019ec 1c6b2e0016
10 changed files with 236 additions and 183 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2575,7 +2575,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.12.6"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "assign",
 "js_int",
@ -2594,7 +2594,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.12.2"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "js_int",
 "ruma-common",
@ -2606,7 +2606,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.20.4"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "as_variant",
 "assign",
@ -2629,7 +2629,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.15.4"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "as_variant",
 "base64 0.22.1",
@ -2661,7 +2661,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.30.5"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "as_variant",
 "indexmap 2.9.0",
@ -2685,7 +2685,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.11.2"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "bytes",
 "headers",
@ -2707,7 +2707,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.10.1"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "js_int",
 "thiserror 2.0.12",
@ -2716,7 +2716,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.15.2"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "cfg-if",
 "proc-macro-crate",
@ -2731,7 +2731,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.11.0"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "js_int",
 "ruma-common",
@ -2743,7 +2743,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.17.1"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "base64 0.22.1",
 "ed25519-dalek",
@ -2759,7 +2759,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.13.0"
-source = "git+https://github.com/ruma/ruma.git#547efbf24831066ae3199dc51b93f6b3a30ea8e7"
+source = "git+https://github.com/ruma/ruma.git#d879f7df16ba9928a73649f8149dabeee939691e"
 dependencies = [
 "js_int",
 "ruma-common",
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@ -9,7 +9,10 @@ use ruma::{
                unban_user,
            },
        },
-        federation::{self, membership::create_invite},
+        federation::{
+            self,
+            membership::{create_invite, RawStrippedState},
+        },
    },
    events::{
        room::{
@ -188,9 +191,6 @@ pub async fn knock_room_route(
            }
            _ => return Err(Error::BadServerResponse("Room version is not supported")),
        };
-        let rules = room_version_id
-            .rules()
-            .expect("Supported room version has rules");

        let (event_id, knock_event, _) = services().rooms.helpers.populate_membership_template(
            &knock_template.event,
@ -215,8 +215,6 @@ pub async fn knock_room_route(
            )
            .await?;

-        utils::check_stripped_state(&send_kock_response.knock_room_state, &room_id, &rules)?;
-
        info!("send_knock finished");

        let mut stripped_state = send_kock_response.knock_room_state;
@ -231,7 +229,7 @@ pub async fn knock_room_route(
                .to_stripped_state_event()
                .into(),
        );
-        let stripped_state = utils::convert_stripped_state(stripped_state, &rules)?;
+        let stripped_state = utils::convert_stripped_state(stripped_state)?;

        services().rooms.state_cache.update_membership(
            &room_id,
@ -717,12 +715,22 @@ pub(crate) async fn invite_helper(
                .rooms
                .state
                .stripped_state_federation(&pdu.room_id())?;
-            if let Some(sender) = services().rooms.state_accessor.room_state_get(
+            if let Some(sender_member_event_id) =
+                services().rooms.state_accessor.room_state_get_id(
                    &pdu.room_id(),
                    &StateEventType::RoomMember,
                    sender_user.as_str(),
-            )? {
-                invite_room_state.push(sender.to_stripped_state_event().into());
+                )?
+            {
+                let pdu = services()
+                    .rooms
+                    .timeline
+                    .get_pdu_json(&sender_member_event_id)
+                    .transpose()
+                    .expect("Event must be present for it to make up the current state")
+                    .map(PduEvent::convert_to_outgoing_federation_event)
+                    .map(RawStrippedState::Pdu)?;
+                invite_room_state.push(pdu);
            }

            drop(state_lock);
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -2105,7 +2105,7 @@ pub async fn create_invite_route(
        .rules()
        .expect("Supported room version has rules");

-    utils::check_stripped_state(&invite_room_state, &room_id, &rules)?;
+    utils::check_stripped_state(&invite_room_state, &room_id, &rules).await?;

    let mut signed_event = utils::to_canonical_object(&event)
        .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invite event is invalid."))?;
@ -2169,7 +2169,7 @@ pub async fn create_invite_route(
    })?;

    invite_state.push(pdu.to_stripped_state_event().into());
-    let invite_state = utils::convert_stripped_state(invite_state, &rules)?;
+    let invite_state = utils::convert_stripped_state(invite_state)?;

    // If we are active in the room, the remote server will notify us about the join via /send
    if !services()
--- a/src/database/key_value/rooms/state_cache.rs
+++ b/src/database/key_value/rooms/state_cache.rs
@ -1,7 +1,8 @@
 use std::{collections::HashSet, sync::Arc};

 use ruma::{
-    api::client::sync::sync_events::StrippedState, events::AnySyncStateEvent, serde::Raw,
+    events::{AnyStrippedStateEvent, AnySyncStateEvent},
+    serde::Raw,
    OwnedRoomId, OwnedServerName, OwnedUserId, RoomId, ServerName, UserId,
 };

@ -38,7 +39,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-        last_state: Option<Vec<Raw<StrippedState>>>,
+        last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
    ) -> Result<()> {
        let (roomuser_id, userroom_id) = get_room_and_user_byte_ids(room_id, user_id);

@ -65,7 +66,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-        last_state: Option<Vec<Raw<StrippedState>>>,
+        last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
    ) -> Result<()> {
        let (roomuser_id, userroom_id) = get_room_and_user_byte_ids(room_id, user_id);

@ -482,7 +483,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
    fn rooms_invited<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a> {
+    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a> {
        scan_userroom_id_memberstate_tree(user_id, &self.userroomid_invitestate)
    }

@ -492,7 +493,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
    fn rooms_knocked<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a> {
+    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a> {
        scan_userroom_id_memberstate_tree(user_id, &self.userroomid_knockstate)
    }

@ -501,7 +502,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        let mut key = user_id.as_bytes().to_vec();
        key.push(0xff);
        key.extend_from_slice(room_id.as_bytes());
@ -522,7 +523,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        let mut key = user_id.as_bytes().to_vec();
        key.push(0xff);
        key.extend_from_slice(room_id.as_bytes());
@ -543,7 +544,7 @@ impl service::rooms::state_cache::Data for KeyValueDatabase {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        let mut key = user_id.as_bytes().to_vec();
        key.push(0xff);
        key.extend_from_slice(room_id.as_bytes());
--- a/src/service/rooms/event_handler/mod.rs
+++ b/src/service/rooms/event_handler/mod.rs
@ -32,6 +32,7 @@ use ruma::{
    },
    int,
    room_version_rules::{AuthorizationRules, RoomVersionRules, StateResolutionV2Rules},
+    serde::Base64,
    state_res::{self, StateMap},
    uint, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
    OwnedServerName, OwnedServerSigningKeyId, RoomId, ServerName,
@ -338,43 +339,14 @@ impl Service {
            }

            // TODO: For RoomVersion6 we must check that Raw<..> is canonical do we anywhere?: https://matrix.org/docs/spec/rooms/v6#canonical-json
-
            // We go through all the signatures we see on the value and fetch the corresponding signing
            // keys
            self.fetch_required_signing_keys(&value, pub_key_map)
                .await?;

-            let origin_server_ts = value.get("origin_server_ts").ok_or_else(|| {
-                error!("Invalid PDU, no origin_server_ts field");
-                Error::BadRequest(
-                    ErrorKind::MissingParam,
-                    "Invalid PDU, no origin_server_ts field",
-                )
-            })?;
-
-            let origin_server_ts: MilliSecondsSinceUnixEpoch = {
-                let ts = origin_server_ts.as_integer().ok_or_else(|| {
-                    Error::BadRequest(
-                        ErrorKind::InvalidParam,
-                        "origin_server_ts must be an integer",
-                    )
-                })?;
-
-                MilliSecondsSinceUnixEpoch(i64::from(ts).try_into().map_err(|_| {
-                    Error::BadRequest(ErrorKind::InvalidParam, "Time must be after the unix epoch")
-                })?)
-            };
-
-            let guard = pub_key_map.read().await;
-
-            let pkey_map = (*guard).clone();
-
-            // Removing all the expired keys, unless the room version allows stale keys
-            let filtered_keys = services().globals.filter_keys_server_map(
-                pkey_map,
-                origin_server_ts,
-                &room_version_rules,
-            );
+            let filtered_keys = self
+                .filter_required_signing_keys(&value, pub_key_map, &room_version_rules)
+                .await?;

            let mut val =
                match ruma::signatures::verify_event(&filtered_keys, &value, &room_version_rules) {
@ -416,8 +388,6 @@ impl Service {
                    Ok(ruma::signatures::Verified::All) => value,
                };

-            drop(guard);
-
            // Now that we have checked the signature and hashes we can add the eventID and convert
            // to our PduEvent type
            val.insert(
@ -1451,6 +1421,47 @@ impl Service {
        Ok((sorted, eventid_info))
    }

+    /// Filters down the given signing keys, only keeping those which could be valid for this event.
+    #[tracing::instrument(skip_all)]
+    pub async fn filter_required_signing_keys(
+        &self,
+        event: &BTreeMap<String, CanonicalJsonValue>,
+        pub_key_map: &RwLock<BTreeMap<String, SigningKeys>>,
+        room_version_rules: &RoomVersionRules,
+    ) -> Result<BTreeMap<String, BTreeMap<String, Base64>>> {
+        let origin_server_ts = event.get("origin_server_ts").ok_or_else(|| {
+            error!("Invalid PDU, no origin_server_ts field");
+            Error::BadRequest(
+                ErrorKind::MissingParam,
+                "Invalid PDU, no origin_server_ts field",
+            )
+        })?;
+
+        let origin_server_ts: MilliSecondsSinceUnixEpoch = {
+            let ts = origin_server_ts.as_integer().ok_or_else(|| {
+                Error::BadRequest(
+                    ErrorKind::InvalidParam,
+                    "origin_server_ts must be an integer",
+                )
+            })?;
+
+            MilliSecondsSinceUnixEpoch(i64::from(ts).try_into().map_err(|_| {
+                Error::BadRequest(ErrorKind::InvalidParam, "Time must be after the unix epoch")
+            })?)
+        };
+
+        let guard = pub_key_map.write().await;
+
+        let pkey_map = (*guard).clone();
+
+        // Removing all the expired keys, unless the room version allows stale keys
+        Ok(services().globals.filter_keys_server_map(
+            pkey_map,
+            origin_server_ts,
+            room_version_rules,
+        ))
+    }
+
    #[tracing::instrument(skip_all)]
    pub(crate) async fn fetch_required_signing_keys(
        &self,
--- a/src/service/rooms/state/mod.rs
+++ b/src/service/rooms/state/mod.rs
@ -6,13 +6,11 @@ use std::{

 pub use data::Data;
 use ruma::{
-    api::{
-        client::{error::ErrorKind, sync::sync_events::StrippedState},
-        federation::membership::RawStrippedState,
-    },
+    api::{client::error::ErrorKind, federation::membership::RawStrippedState},
    events::{
        room::{create::RoomCreateEventContent, member::MembershipState},
-        StateEventType, TimelineEventType, RECOMMENDED_STRIPPED_STATE_EVENT_TYPES,
+        AnyStrippedStateEvent, StateEventType, TimelineEventType,
+        RECOMMENDED_STRIPPED_STATE_EVENT_TYPES,
    },
    room_version_rules::AuthorizationRules,
    serde::Raw,
@ -273,31 +271,28 @@ impl Service {
                services()
                    .rooms
                    .state_accessor
-                    .room_state_get(room_id, state_event_type, "")
+                    .room_state_get_id(room_id, state_event_type, "")
                    .transpose()
            })
            .map(|e| {
-                if e.as_ref()
-                    .is_ok_and(|e| e.kind == TimelineEventType::RoomCreate)
-                {
                e.and_then(|e| {
                    services()
                        .rooms
                        .timeline
-                            .get_pdu_json(&e.event_id)
+                        .get_pdu_json(&e)
                        .transpose()
                        .expect("Event must be present for it to make up the current state")
                        .map(PduEvent::convert_to_outgoing_federation_event)
                        .map(RawStrippedState::Pdu)
                })
-                } else {
-                    e.map(|e| RawStrippedState::Stripped(e.to_stripped_state_event()))
-                }
            })
            .collect::<Result<Vec<_>>>()
    }

-    pub fn stripped_state_client(&self, room_id: &RoomId) -> Result<Vec<Raw<StrippedState>>> {
+    pub fn stripped_state_client(
+        &self,
+        room_id: &RoomId,
+    ) -> Result<Vec<Raw<AnyStrippedStateEvent>>> {
        RECOMMENDED_STRIPPED_STATE_EVENT_TYPES
            .iter()
            .filter_map(|state_event_type| {
@ -307,7 +302,7 @@ impl Service {
                    .room_state_get(room_id, state_event_type, "")
                    .transpose()
            })
-            .map(|e| e.map(|e| e.to_stripped_state_event().cast()))
+            .map(|e| e.map(|e| e.to_stripped_state_event()))
            .collect::<Result<Vec<_>>>()
    }

--- a/src/service/rooms/state_cache/data.rs
+++ b/src/service/rooms/state_cache/data.rs
@ -2,7 +2,8 @@ use std::{collections::HashSet, sync::Arc};

 use crate::{service::appservice::RegistrationInfo, Result};
 use ruma::{
-    api::client::sync::sync_events::StrippedState, events::AnySyncStateEvent, serde::Raw,
+    events::{AnyStrippedStateEvent, AnySyncStateEvent},
+    serde::Raw,
    OwnedRoomId, OwnedServerName, OwnedUserId, RoomId, ServerName, UserId,
 };

@ -13,13 +14,13 @@ pub trait Data: Send + Sync {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-        last_state: Option<Vec<Raw<StrippedState>>>,
+        last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
    ) -> Result<()>;
    fn mark_as_knocked(
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-        last_state: Option<Vec<Raw<StrippedState>>>,
+        last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
    ) -> Result<()>;
    fn mark_as_left(&self, user_id: &UserId, room_id: &RoomId) -> Result<()>;

@ -85,32 +86,32 @@ pub trait Data: Send + Sync {
    fn rooms_invited<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a>;
+    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a>;

    /// Returns an iterator over all rooms a user has knocked on.
    #[allow(clippy::type_complexity)]
    fn rooms_knocked<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a>;
+    ) -> Box<dyn Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a>;

    fn invite_state(
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>>;
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>>;

    fn knock_state(
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>>;
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>>;

    fn left_state(
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>>;
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>>;

    /// Returns an iterator over all rooms a user left.
    #[allow(clippy::type_complexity)]
--- a/src/service/rooms/state_cache/mod.rs
+++ b/src/service/rooms/state_cache/mod.rs
@ -4,12 +4,12 @@ use std::{collections::HashSet, sync::Arc};
 pub use data::Data;

 use ruma::{
-    api::client::sync::sync_events::StrippedState,
    events::{
        direct::DirectEvent,
        ignored_user_list::IgnoredUserListEvent,
        room::{create::RoomCreateEventContent, member::MembershipState},
-        AnySyncStateEvent, GlobalAccountDataEventType, RoomAccountDataEventType, StateEventType,
+        AnyStrippedStateEvent, AnySyncStateEvent, GlobalAccountDataEventType,
+        RoomAccountDataEventType, StateEventType,
    },
    serde::Raw,
    OwnedRoomId, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId, RoomId, ServerName, UserId,
@ -31,7 +31,7 @@ impl Service {
        user_id: &UserId,
        membership: MembershipState,
        sender: &UserId,
-        last_state: Option<Vec<Raw<StrippedState>>>,
+        last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
        update_joined_count: bool,
    ) -> Result<()> {
        // Keep track what remote users exist by adding them as "deactivated" users
@ -317,7 +317,7 @@ impl Service {
    pub fn rooms_invited<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> impl Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a {
+    ) -> impl Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a {
        self.db.rooms_invited(user_id)
    }

@ -326,7 +326,7 @@ impl Service {
    pub fn rooms_knocked<'a>(
        &'a self,
        user_id: &UserId,
-    ) -> impl Iterator<Item = Result<(OwnedRoomId, Vec<Raw<StrippedState>>)>> + 'a {
+    ) -> impl Iterator<Item = Result<(OwnedRoomId, Vec<Raw<AnyStrippedStateEvent>>)>> + 'a {
        self.db.rooms_knocked(user_id)
    }

@ -335,7 +335,7 @@ impl Service {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        self.db.invite_state(user_id, room_id)
    }

@ -344,7 +344,7 @@ impl Service {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        self.db.knock_state(user_id, room_id)
    }

@ -353,7 +353,7 @@ impl Service {
        &self,
        user_id: &UserId,
        room_id: &RoomId,
-    ) -> Result<Option<Vec<Raw<StrippedState>>>> {
+    ) -> Result<Option<Vec<Raw<AnyStrippedStateEvent>>>> {
        self.db.left_state(user_id, room_id)
    }

--- a/src/service/rooms/timeline/mod.rs
+++ b/src/service/rooms/timeline/mod.rs
@ -455,7 +455,7 @@ impl Service {
                                .state
                                .stripped_state_client(&pdu.room_id())?;
                            // So that clients can get info about who invitied them (not relevant for knocking), the reason, when, etc.
-                            state.push(pdu.to_stripped_state_event().cast());
+                            state.push(pdu.to_stripped_state_event());
                            Some(state)
                        }
                        _ => None,
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@ -5,24 +5,26 @@ use cmp::Ordering;
 use rand::prelude::*;
 use ring::digest;
 use ruma::{
-    api::{
-        client::{error::ErrorKind, sync::sync_events::StrippedState},
-        federation::membership::RawStrippedState,
-    },
+    api::{client::error::ErrorKind, federation::membership::RawStrippedState},
    canonical_json::try_from_json_map,
-    events::{AnyStateEvent, StateEventType},
+    events::AnyStrippedStateEvent,
    room_version_rules::RoomVersionRules,
    serde::Raw,
+    signatures::Verified,
    CanonicalJsonError, CanonicalJsonObject, CanonicalJsonValue, RoomId,
 };
 use serde_json::value::to_raw_value;
 use std::{
-    cmp, fmt,
+    cmp,
+    collections::BTreeMap,
+    fmt,
    str::FromStr,
    time::{SystemTime, UNIX_EPOCH},
 };
+use tokio::sync::RwLock;
+use tracing::warn;

-use crate::{service::pdu::gen_event_id_canonical_json, Result};
+use crate::{service::pdu::gen_event_id_canonical_json, services, Error, Result};

 pub fn millis_since_unix_epoch() -> u64 {
    SystemTime::now()
@ -199,45 +201,39 @@ impl fmt::Display for HtmlEscape<'_> {
    }
 }

-/// Converts `RawStrippedState` (federation format) into `Raw<StrippedState>` (client format)
+/// Converts `RawStrippedState` (federation format) into `Raw<AnyStrippedState>` (client format)
 pub fn convert_stripped_state(
    stripped_state: Vec<RawStrippedState>,
-    rules: &RoomVersionRules,
-) -> Result<Vec<Raw<StrippedState>>> {
+) -> Result<Vec<Raw<AnyStrippedStateEvent>>> {
    stripped_state
        .into_iter()
        .map(|stripped_state| match stripped_state {
-            RawStrippedState::Stripped(state) => Ok(state.cast()),
+            RawStrippedState::Stripped(state) => Ok(state),
            RawStrippedState::Pdu(state) => {
-                let (event_id, mut event) = gen_event_id_canonical_json(&state, rules)?;
+                let mut event: CanonicalJsonObject =
+                    serde_json::from_str(state.get()).map_err(|e| {
+                        warn!("Error parsing incoming event {:?}: {:?}", state, e);
+                        Error::BadServerResponse("Invalid PDU in server response")
+                    })?;

                event.retain(|k, _| {
-                    matches!(
-                        k.as_str(),
-                        "content"
-                            | "event_id"
-                            | "origin_server_ts"
-                            | "room_id"
-                            | "sender"
-                            | "state_key"
-                            | "type"
-                            | "unsigned"
-                    )
+                    matches!(k.as_str(), "content" | "sender" | "state_key" | "type")
                });

-                event.insert("event_id".to_owned(), event_id.as_str().into());
-
                let raw_value = to_raw_value(&CanonicalJsonValue::Object(event))
                    .expect("To raw json should not fail since only change was adding signature");

-                Ok(Raw::<AnyStateEvent>::from_json(raw_value).cast())
+                Ok(Raw::<AnyStrippedStateEvent>::from_json(raw_value))
            }
        })
        .collect()
 }

-pub fn check_stripped_state(
-    stripped_state: &Vec<RawStrippedState>,
+/// Performs checks on incoming stripped state, as per [MSC4311]
+///
+/// [MSC4311]: https://github.com/matrix-org/matrix-spec-proposals/pull/4311
+pub async fn check_stripped_state(
+    stripped_state: &[RawStrippedState],
    room_id: &RoomId,
    rules: &RoomVersionRules,
 ) -> Result<()> {
@ -246,65 +242,106 @@ pub fn check_stripped_state(
        return Ok(());
    }

+    #[cfg(feature = "enforce_msc4311")]
    let mut seen_create_event = false;
    #[cfg(feature = "enforce_msc4311")]
-    let mut seen_valid_create_event = false;
-
-    for state in stripped_state {
-        match state {
-            RawStrippedState::Pdu(pdu) => {
-                let Ok((event_id, value)) = gen_event_id_canonical_json(pdu, rules) else {
-                    continue;
-                };
-                let Some(event_type) = value.get("type").and_then(|t| t.as_str()) else {
-                    continue;
-                };
-                if event_type != "m.room.create" {
-                    continue;
-                }
-                if seen_create_event {
-                    return Err(error::Error::BadRequest(
+    if !stripped_state.iter().all(|state| match state {
+        RawStrippedState::Pdu(_) => true,
+        RawStrippedState::Stripped(_) => false,
+    }) {
+        return Err(Error::BadRequest(
            ErrorKind::InvalidParam,
-                        "Stripped state has multiple create events",
+            "Non-pdu found in stripped state",
        ));
    }
-                if event_id.localpart() != room_id.strip_sigil() {
-                    return Err(error::Error::BadRequest(
+
+    let stripped_state = stripped_state
+        .iter()
+        .filter_map(|event| {
+            if let RawStrippedState::Pdu(pdu) = event {
+                Some(pdu)
+            } else {
+                None
+            }
+        })
+        .map(|pdu| gen_event_id_canonical_json(pdu, rules))
+        .collect::<Result<Vec<_>>>()?;
+
+    let pub_key_map = RwLock::new(BTreeMap::new());
+
+    for (_, pdu) in &stripped_state {
+        services()
+            .rooms
+            .event_handler
+            .fetch_required_signing_keys(pdu, &pub_key_map)
+            .await?;
+    }
+
+    for (event_id, pdu) in stripped_state {
+        let filtered_keys = services()
+            .rooms
+            .event_handler
+            .filter_required_signing_keys(&pdu, &pub_key_map, rules)
+            .await?;
+
+        if !ruma::signatures::verify_event(&filtered_keys, &pdu, rules)
+            .is_ok_and(|verified| verified == Verified::All)
+        {
+            return Err(Error::BadRequest(
+                ErrorKind::InvalidParam,
+                "Signature check on stripped state failed",
+            ));
+        }
+
+        let Some(event_type) = pdu.get("type").and_then(|t| t.as_str()) else {
+            return Err(Error::BadRequest(
+                ErrorKind::InvalidParam,
+                "Event with no type returned",
+            ));
+        };
+
+        if !(event_type == "m.room.create" && rules.authorization.room_create_event_id_as_room_id) {
+            let pdu_room_id = pdu
+                .get("room_id")
+                .ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing room ID"))
+                .map(|v| v.as_str())?
+                .ok_or_else(|| {
+                    Error::BadRequest(ErrorKind::InvalidParam, "Event has non-string room id")
+                })
+                .map(RoomId::parse)?
+                .map_err(|_| {
+                    Error::BadRequest(ErrorKind::InvalidParam, "Event has invalid room ID")
+                })?;
+
+            if pdu_room_id != room_id {
+                return Err(Error::BadRequest(
+                    ErrorKind::InvalidParam,
+                    "Stripped state room ID does not match the one of the request",
+                ));
+            }
+        }
+
+        if event_type == "m.room.create" {
+            #[allow(clippy::collapsible_if)]
+            if event_id.localpart() != room_id.strip_sigil()
+                && rules.authorization.room_create_event_id_as_room_id
+            {
+                return Err(Error::BadRequest(
                    ErrorKind::InvalidParam,
                    "Room ID generated from create event does not match that from the request",
                ));
            }

-                seen_create_event = true;
            #[cfg(feature = "enforce_msc4311")]
            {
-                    seen_valid_create_event = true;
-                }
-            }
-            RawStrippedState::Stripped(event) => {
-                let Ok(event) = event.deserialize() else {
-                    continue;
-                };
-
-                if event.event_type() != StateEventType::RoomCreate {
-                    continue;
-                }
-
-                if seen_create_event {
-                    return Err(error::Error::BadRequest(
-                        ErrorKind::InvalidParam,
-                        "Stripped state has multiple create events",
-                    ));
-                }
-
                seen_create_event = true;
            }
        }
    }

    #[cfg(feature = "enforce_msc4311")]
-    if !seen_valid_create_event {
-        return Err(error::Error::BadRequest(
+    if !seen_create_event {
+        return Err(Error::BadRequest(
            ErrorKind::InvalidParam,
            "Stripped state contained no valid create PDUs",
        ));