1528 Commits

Author	SHA1	Message	Date
Jason Volk	3127eca67c	Add conditional UIAA flows for SSO and password. (#314) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 04:43:18 +00:00
Jason Volk	449b80de1d	Skip reserving capacity in fetch_auth_chain helper containers for now. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 03:39:13 +00:00
dasha_uwu	fbbea7ae1d	Refactor Event.redacts_id to look at room version rules, use it	2026-03-07 03:18:41 +00:00
Jason Volk	4b03feef85	Handle prev_events without interruption by sibling failure. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 03:18:41 +00:00
Jason Volk	3fa22ea9d9	Ensure limits for prev and auth events are respected. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 00:49:34 +00:00
Jason Volk	0ecdb86aca	Prevent duplicate fetches; optimize conflicted-subgraph. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-06 05:50:51 +00:00
Jason Volk	9a2000744c	Skip sentinel password migration when no SSO IdP configured. (59791db213) (#313) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-06 05:50:51 +00:00
Jason Volk	b423e1c5e6	Add users util to check if account has a password. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-04 19:56:51 +00:00
Jason Volk	0420f527c5	Add oauth util to check for existence of session by user_id. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-04 19:56:51 +00:00
Jason Volk	ab1cbbc8ab	Skip already-accepted events from inclusion in recursive evals. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-04 07:58:11 +00:00
Jason Volk	8c8cc6d91e	Move inner auth_chan eval into closure. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-04 01:42:21 +00:00
Jason Volk	2b2c14513f	Constrain size of FuturesUnordered for conflicted-subgraph. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-04 01:42:21 +00:00
Jason Volk	6d6c5a3a9b	Optimize conflicted-subgraph with single state container. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 14:52:39 +00:00
Jason Volk	59791db213	Add db migration and further origin-overwrite rectifications. (6bed0d38f) (#313) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:44 +00:00
Jason Volk	d00cfcb85a	Merge remote-tracking branch 'hatomist/fix/sso-origin-overwrite'	2026-03-03 06:12:26 +00:00
Jason Volk	39cf124813	Refactor conflicted_subgraph into stream::unfold() pattern. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	63b0014f8f	Split topological_sort; semi try_unfold refactor. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	d959dd740f	Optimize get_shared_rooms()/intersection_sorted_stream2() for tighter loops. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	254b53adf4	Split auth_chain shortid and eventid gathering callstacks. ... Optimize event parse for auth_chain auth_events fetch. Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	42570a5a7c	Optimize sequential auth_chain chasing in power_sort. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	9ede830ffe	Move state_res from tuwunel_core to tuwunel_service. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	6a550baf5f	Add generic timeline.get_pdu suite to deserialize into other structs. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-03 06:12:09 +00:00
Jason Volk	cb219c2135	Additional new nightly lint fixes. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-01 07:29:06 +00:00
Jason Volk	0933943dd6	Remove bad_event_ratelimiter entries after expiration. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-27 22:20:54 +00:00
dasha_uwu	9dfba5904b	Don't grant admin if the first registered user is an appservice, fixes #331	2026-02-25 05:27:43 +05:00
dasha_uwu	d073e17f1a	Refactor RegistrationInfo, fix #330	2026-02-25 05:27:43 +05:00
dasha_uwu	45f4496e4f	Refactor admin rooms moderation ... Split alias.*_alias_by from alias.*_ailias	2026-02-24 09:03:52 +05:00
Jason Volk	7df373524e	Add configurable concurrent batch requests to notary. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-18 04:14:49 +00:00
Jason Volk	6f93436eff	Fix notary result key accounting error. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-18 04:13:17 +00:00
Jason Volk	ef399c1d10	Only trigger sender for local user's receipts. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-18 00:58:54 +00:00
Jason Volk	fc23cc1568	Fix custom profile field values being double-serialized with escapes. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-17 19:04:35 +00:00
dasha_uwu	937cd9fff9	Fix limited use count registration token validity check	2026-02-16 17:54:55 +00:00
Denys Bezmenov	6bed0d38f4	Fix SSO/LDAP user origin overwritten by set_password ... When `create()` registers a user with `origin: Some("sso")`, it correctly sets `userid_origin = "sso"` then calls `set_password()`. However, `set_password()` unconditionally overwrites `userid_origin` to "password" whenever the password hash succeeds — including for the sentinel password "*" used by SSO and LDAP accounts. This causes all SSO/LDAP users to have `origin = "password"` in the database, which breaks the UIA SSO bypass check in `uiaa.rs` that gates on `users.origin(sender_user) == "sso"`. As a result, SSO users cannot delete devices or perform other UIA-protected operations because they are prompted for a password they don't have, and the SSO bypass never triggers. Fix: skip the `userid_origin` overwrite when the password is the sentinel value `"*"`, preserving the origin set by `create()`.	2026-02-15 12:07:17 -08:00
Jason Volk	96fb02ac99	Return NotFound for empty room name string. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-14 22:44:16 +00:00
Jason Volk	1bd4ab0601	Optimize reference graph container value type for topological_sort. ... Optimize initial container capacity estimates. Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-14 22:44:16 +00:00
Jason Volk	ca6cf8ad19	Eliminate mutable state. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-14 18:59:43 +00:00
Jason Volk	1004d99350	Split txn pdu/edu handling with separate spans. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-14 18:59:43 +00:00
dasha_uwu	31fcbe86fc	Include "preview" in url preview user agent string. (fixes #303) ... This is required for fixupx.com to serve previews instead of redirecting	2026-02-12 13:15:41 +00:00
Jason Volk	994e1d12a7	Optimize various case-insensitive comparisons. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-12 13:15:41 +00:00
dasha_uwu	4bba40982c	Refactor room_version support code ... Fix advertising unsupported room versions	2026-02-12 13:15:41 +00:00
dasha_uwu	34fb683ddd	Move reqwest clients behind one shared lazylock	2026-02-12 13:15:41 +00:00
dasha_uwu	e1dc52200c	Remove redundant service.users.is_admin	2026-02-12 13:15:41 +00:00
Jason Volk	5dcb4c9a34	Fix presence worker shutdown sequence. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-12 13:15:41 +00:00
dasha_uwu	87faf818ff	Add webpki roots for reqwest clients. (fixes #296)	2026-02-12 13:15:35 +00:00
Jason Volk	2e19a30ff2	Add conditional default for provider callback_url. ... Co-authored-by: jeidnx <git@domainhier.de> Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-12 03:22:51 +00:00
jeidnx	60d418118f	fix: url calculation in make_url	2026-02-12 03:22:51 +00:00
Jason Volk	a6780697bd	Add username claim from OAuth provider. (closes #287) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-06 15:48:57 +00:00
Jason Volk	13a11ce097	Bump dependencies. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-04 09:43:30 +00:00
Jason Volk	0b864801f5	Use map of identity_provider to accommodate env var enumerations. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-02-01 01:22:13 +00:00
Jason Volk	13ad2c7966	Fix m.tz identifier and bias to stable. ... Bump Ruma; enable spec versions 1.12 and 1.15. Signed-off-by: Jason Volk <jason@zemos.net>	2026-01-30 21:53:52 +00:00