State-reset and security mitigations.

Upgrade Ruma to present. The following are intentionally benign for activation in a later commit: - Hydra backports not default. - Room version 12 not default. - Room version 12 not listed as stable. Do not enable them manually or you can brick your database. Signed-off-by: Jason Volk <jason@zemos.net>
2025-06-29 03:33:29 +00:00
parent 2c6dd78502
commit 628597c318
134 changed files with 14961 additions and 4935 deletions
--- a/src/api/client/session/ldap.rs
+++ b/src/api/client/session/ldap.rs
@@ -1,3 +1,4 @@
+use futures::FutureExt;
 use ruma::{OwnedUserId, UserId};
 use tuwunel_core::{Err, Result, debug};
 use tuwunel_service::Services;
@@ -63,6 +64,7 @@ pub(super) async fn ldap_login(
 		services
 			.admin
 			.make_user_admin(lowercased_user_id)
+			.boxed()
 			.await?;
 	} else if !is_ldap_admin && is_tuwunel_admin {
 		services
--- a/src/api/client/session/token.rs
+++ b/src/api/client/session/token.rs
@@ -56,10 +56,7 @@ pub(crate) async fn login_token_route(

 	let mut uiaainfo = uiaa::UiaaInfo {
 		flows: vec![password_flow],
-		completed: Vec::new(),
-		params: Box::default(),
-		session: None,
-		auth_error: None,
+		..Default::default()
 	};

 	match &body.auth {