From f340259fa723731c9d9b3b964810700dfcf9ae8d Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Sat, 11 Jul 2020 13:06:55 +0100
Subject: [PATCH 1/2] Fix handling of "off" in
 encryption_enabled_by_default_for_room_type

Fixes https://github.com/matrix-org/synapse/issues/7821, introduced in https://github.com/matrix-org/synapse/pull/7639

Turns out PyYAML translates `off` into a `False` boolean if it's
unquoted (see https://stackoverflow.com/questions/36463531/pyyaml-automatically-converting-certain-keys-to-boolean-values),
which seems to be a liberal interpretation of this bit of the YAML spec: https://yaml.org/spec/1.1/current.html#id864510

An alternative fix would be to implement the solution mentioned in the
SO post linked above, but I'm aware it might break existing setups
(which might use these values in the configuration file) so it's
probably better just to add an extra check for this one. We should be
aware that this is a thing for the next times we do that though.

I didn't find any other occurrence of this bug elsewhere in the
codebase.
---
 changelog.d/7822.bugfix | 1 +
 synapse/config/room.py  | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/7822.bugfix

diff --git a/changelog.d/7822.bugfix b/changelog.d/7822.bugfix
new file mode 100644
index 000000000000..faf249a6787f
--- /dev/null
+++ b/changelog.d/7822.bugfix
@@ -0,0 +1 @@
+Fix a bug causing Synapse to misinterpret the value `off` for `encryption_enabled_by_default_for_room_type` in its configuration file(s) if that value isn't surrounded by quotes. This bug was introduced in v1.16.0.
diff --git a/synapse/config/room.py b/synapse/config/room.py
index 6aa4de0672e6..dff7554bb33d 100644
--- a/synapse/config/room.py
+++ b/synapse/config/room.py
@@ -50,7 +50,12 @@ def read_config(self, config, **kwargs):
                 RoomCreationPreset.PRIVATE_CHAT,
                 RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
             ]
-        elif encryption_for_room_type == RoomDefaultEncryptionTypes.OFF:
+        elif (
+            encryption_for_room_type == RoomDefaultEncryptionTypes.OFF
+            or not encryption_for_room_type
+        ):
+            # PyYAML translates "off" into False if it's unquoted, so we also need to
+            # check for encryption_for_room_type being False.
             self.encryption_enabled_by_default_for_room_presets = []
         else:
             raise ConfigError(

From 68a25ed14c86add34ac0db46e1461b381b953a5f Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Sat, 11 Jul 2020 23:11:51 +0100
Subject: [PATCH 2/2] Explicitely test for False

---
 synapse/config/room.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/config/room.py b/synapse/config/room.py
index dff7554bb33d..52cf0b62fcf3 100644
--- a/synapse/config/room.py
+++ b/synapse/config/room.py
@@ -52,7 +52,7 @@ def read_config(self, config, **kwargs):
             ]
         elif (
             encryption_for_room_type == RoomDefaultEncryptionTypes.OFF
-            or not encryption_for_room_type
+            or encryption_for_room_type is False
         ):
             # PyYAML translates "off" into False if it's unquoted, so we also need to
             # check for encryption_for_room_type being False.