Commit graph

2347 commits

Author SHA1 Message Date
Timo Kösters
7a5b893013
Bump version 2024-06-12 19:43:18 +02:00
Matthias Ahouansou
c453d45598
fix(keys): only use keys valid at the time of PDU or transaction, and actually refresh keys
Previously, we only fetched keys once, only requesting them again if we have any missing, allowing for ancient keys to be used to sign PDUs and transactions
Now we refresh keys that either have or are about to expire, preventing attacks that make use of leaked private keys of a homeserver
We also ensure that when validating PDUs or transactions, that they are valid at the origin_server_ts or time of us receiving the transaction respectfully
As to not break event authorization for old rooms, we need to keep old keys around
We move verify_keys which we no longer see in direct requests to the origin to old_verify_keys
We keep old_verify_keys indefinitely as mentioned above, as to not break event authorization (at least until a future MSC addresses this)
2024-06-12 19:41:43 +02:00
Matthias Ahouansou
144d548ef7
fix: permission checks for aliases 2024-06-12 19:41:31 +02:00
Benjamin Lee
7b259272ce
fix: do not return redacted events from search 2024-06-12 19:41:02 +02:00
Matthias Ahouansou
48c1f3bdba
fix: userid checks for incoming EDUs 2024-06-12 19:39:27 +02:00
Timo Kösters
dd19877528 Merge branch 'bump-ruma' into 'next'
chore: bump all dependencies

See merge request famedly/conduit!627
2024-06-11 20:59:58 +00:00
Matthias Ahouansou
ba2a5a6115
chore: bump all dependencies 2024-06-11 20:35:56 +01:00
Matthias Ahouansou
a36ccff06a Merge branch 'security-readme' into 'next'
docs: add security disclosure instructions

See merge request famedly/conduit!691
2024-06-06 21:21:07 +00:00
Matthias Ahouansou
39b4932725
docs: add security disclosure instructions 2024-06-06 21:48:45 +01:00
Matthias Ahouansou
c45e52f45a Merge branch 'media-csp' into 'next'
fix(media): use csp instead of modifying content-type

See merge request famedly/conduit!689
2024-06-04 05:31:35 +00:00
Matthias Ahouansou
1dbb3433e0
fix(media): use csp instead of modifying content-type 2024-06-03 21:40:25 +01:00
Matthias Ahouansou
efecb78888 Merge branch 'local-event-non-restricted-room-vers' into 'next'
fix(membership): fallback to locally signed event if the join wasn't a restricted one on send_join response

See merge request famedly/conduit!680
2024-06-03 13:28:41 +00:00
Matthias Ahouansou
f25a0b49eb Merge branch 'recurse-relationships' into 'next'
feat: recurse relationships

See merge request famedly/conduit!613
2024-06-03 13:19:16 +00:00
Matthias Ahouansou
b46000fadc
feat: recurse relationships 2024-06-03 13:42:52 +01:00
Matthias Ahouansou
7b19618136 Merge branch 'server-user-globals' into 'next'
refactor: add server_user to globals

See merge request famedly/conduit!686
2024-05-31 21:27:26 +00:00
Matthias Ahouansou
19154a9f70
refactor: add server_user to globals 2024-05-31 21:56:11 +01:00
Matthias Ahouansou
ec8dfc283c
fix(membership): fallback to locally signed event if the join wasn't a restricted one on send_join response 2024-05-31 16:37:06 +01:00
Matthias Ahouansou
be1b8b68a7 Merge branch 'remove-alias-command' into 'next'
feat(admin): remove alias command

See merge request famedly/conduit!685
2024-05-29 17:05:45 +00:00
Matthias Ahouansou
6c2eb4c786
feat(admin): remove alias command 2024-05-29 17:49:51 +01:00
Matthias Ahouansou
3df791e030 Merge branch 'ruma-server-util' into 'next'
refactor: let ruma-server-util handle X-Matrix parsing

See merge request famedly/conduit!684
2024-05-29 13:16:08 +00:00
Matthias Ahouansou
9374b74e77
refactor: let ruma-server-util handle X-Matrix parsing 2024-05-29 12:27:37 +01:00
Matthias Ahouansou
c732c7c97f Merge branch 'toggle_allow_register' into 'next'
add command to set the allow registration status

See merge request famedly/conduit!477
2024-05-29 09:08:59 +00:00
Matthias Ahouansou
33c9da75ec Merge branch 'clarify-3pids-are-unsupported' into 'next'
fix: clarify that 3pids are currently unsupported

See merge request famedly/conduit!683
2024-05-29 08:52:59 +00:00
Matthias Ahouansou
59d7674b2a
fix: clarify that 3pids are currently unsupported 2024-05-29 09:36:35 +01:00
tony
6bcc2f80b8
add command to set the allow registration status
Co-Authored-By: Matthias Ahouansou <matthias@ahouansou.cz>
2024-05-29 09:25:08 +01:00
Matthias Ahouansou
817f382c5f Merge branch 'openid-api' into 'next'
feat: support OpenID endpoints

Closes #453

See merge request famedly/conduit!681
2024-05-28 15:11:03 +00:00
mikoto
a888c7cb16
OpenID routes
Co-Authored-By: Matthias Ahouansou <matthias@ahouansou.cz>
2024-05-28 15:39:19 +01:00
Timo Kösters
47aadcea1d Merge branch 'membership-reason-fixes' into 'next'
fix(membership): always set reason & allow new events if reason changed

Closes #452

See merge request famedly/conduit!669
2024-05-26 07:22:29 +00:00
Matthias Ahouansou
9b8ec21e6e Merge branch 'admin-faq' into 'next'
docs(faq): add instructions on how to make a user admin

See merge request famedly/conduit!677
2024-05-14 20:37:21 +00:00
Matthias Ahouansou
e51f60e437
docs(faq): add instructions on how to make a user admin 2024-05-14 21:20:16 +01:00
Matthias Ahouansou
11990e7524 Merge branch 'admin-hash-sign' into 'next'
feat(admin): add hash-and-sign-event command

See merge request famedly/conduit!670
2024-05-09 16:19:40 +00:00
Matthias Ahouansou
3ad7675bbf Merge branch 'format-toml' into 'next'
style: format all toml with taplo

See merge request famedly/conduit!673
2024-05-06 20:16:13 +00:00
Matthias Ahouansou
e2d91e26d6
style: format all toml with taplo 2024-05-06 20:57:56 +01:00
Matthias Ahouansou
20d9f3fd5d Merge branch 'media' into 'next'
fix: make media response match spec

See merge request famedly/conduit!672
2024-05-06 18:37:13 +00:00
Timo Kösters
965b6df83d
fix: make media response match spec 2024-05-06 20:05:51 +02:00
Matthias Ahouansou
8876d54d78
feat(admin): add hash-and-sign-event command 2024-05-05 17:35:02 +01:00
Matthias Ahouansou
d8badaf64b
fix(membership): always set reason & allow new events if reason changed 2024-05-05 15:28:18 +01:00
Matthias Ahouansou
08485ea5e4 Merge branch 'bump-rust-nix' into 'next'
chore: bump rust & nix

See merge request famedly/conduit!668
2024-05-05 12:48:36 +00:00
Matthias Ahouansou
eec9b9ed87
chore: bump nix 2024-05-05 13:28:00 +01:00
Matthias Ahouansou
256dae983b
chore: bump rust
and fix new lints that come with it
2024-05-05 13:27:56 +01:00
Matthias Ahouansou
79c4bb17ca Merge branch 'build-and-cache-everything' into 'next'
Draft: build and cache all packages and CI dependencies

See merge request famedly/conduit!667
2024-05-05 11:00:12 +00:00
Matthias Ahouansou
57a24f234d
Revert "ci: temporarily disable CONDUIT_VERSION_EXTRA"
This reverts commit 2a2b9554c8.
2024-05-05 11:43:06 +01:00
Charles Hall
a4c973e57e
build and cache all packages and CI dependencies
This fixes the problem where some artifacts were not being cached when
they should have been. The secret sauce is the  `nix-store` command.
2024-05-05 10:35:31 +01:00
Matthias Ahouansou
f9953c31fc
Revert "ci: use sh instead of bash"
This reverts commit 70b07dfabf.
2024-05-05 09:43:32 +01:00
Matthias Ahouansou
6b669d2f4d Merge branch 'only-cache-attic-when-nix' into 'next'
ci: only cache attic when nix is available

See merge request famedly/conduit!666
2024-05-05 08:19:15 +00:00
Matthias Ahouansou
90c9794221 Merge branch 'sh-not-bash' into 'next'
ci: use sh instead of bash

See merge request famedly/conduit!665
2024-05-05 08:12:20 +00:00
Matthias Ahouansou
358164f49d
ci: only cache attic when nix is available 2024-05-05 09:01:40 +01:00
Matthias Ahouansou
70b07dfabf
ci: use sh instead of bash 2024-05-05 08:53:53 +01:00
Matthias Ahouansou
d97f5aa3b8 Merge branch 'ci/fastzip' into 'next'
ci: faster cache and artifact handling

See merge request famedly/conduit!664
2024-05-05 05:54:18 +00:00
Matthias Ahouansou
bed9072a69 Merge branch 'always-cache-attic' into 'next'
ci: prevent unnecessary rebuilds

See merge request famedly/conduit!662
2024-05-05 05:54:16 +00:00