continuwuation/continuwuity
continuwuation/continuwuity
16
60
Fork 64
Code Issues 99 Pull requests 31 Releases 26 Packages 3 Activity Actions 4

Federated invite creates ghost room with same room_id but wrong room version; invite must be manually rejected before re-invite works #1331

New issue
Closed
opened 2026-02-04 04:41:31 +00:00 by tonywei49 · 2 comments
tonywei49 commented 2026-02-04 04:41:31 +00:00
Copy link

Continuwuity version:

  • v0.5.3 (latest)

Environment:

  • Two federated homeservers, both running continuwuity v0.5.3
  • Server A: matrix.gotradetalk.com
  • Server B: matrix.hululucky.com
  • Client: Element Desktop
  • Federation enabled
  • Encryption disabled
  • CONDUIT_TRUSTED_SERVERS empty ([])

Problem description:
When inviting users across federated homeservers, the first invited user
can usually join the room successfully. However, when inviting an additional
user, the invited client consistently encounters a broken room state.

On the invited user's client (Element), the following happens:

  1. A room appears with the SAME room_id as the original room
  2. Element shows this room as room version v1
  3. Clicking "Join" fails with 403 M_FORBIDDEN
  4. The user cannot join the room
  5. The user must manually leave/delete this "ghost room"
  6. Leaving the ghost room implicitly rejects the invite
  7. Only AFTER the inviter sends a NEW invite can the user join successfully

Important observations:

  • The ghost room and the real room share the SAME room_id
  • The room version shown in the ghost room (v1) is DIFFERENT from the actual room version
  • Deleting/leaving the ghost room automatically rejects the invite
  • A new invite is required after rejection for the user to join

Server-side log on the invited user's homeserver:
WARN event_auth: sender cannot send events without being joined to the room
membership_state="invite"

This indicates that an event requiring "join" permission is being processed
while the membership state is still "invite", leading to authorization failure.

Reproduction steps:

  1. User A creates a room on Server A
  2. User A invites User B -> User B joins successfully
  3. User A invites User C
  4. User C sees a ghost room with the same room_id but wrong room version
  5. User C cannot join (403 M_FORBIDDEN)
  6. User C must leave/delete the ghost room, which rejects the invite
  7. User A sends a NEW invite
  8. User C can now join successfully

Expected behavior:
Invited users should receive a complete and consistent room state
and be able to join the room without encountering a ghost room,
authorization failure, or forced invite rejection.

Notes:

  • This is not a frontend-only issue
  • The issue reproduces even without sending messages or upgrading rooms
  • Deleting the ghost room is currently the only way to recover, but it
    incorrectly rejects the invite
Continuwuity version: - v0.5.3 (latest) Environment: - Two federated homeservers, both running continuwuity v0.5.3 - Server A: matrix.gotradetalk.com - Server B: matrix.hululucky.com - Client: Element Desktop - Federation enabled - Encryption disabled - CONDUIT_TRUSTED_SERVERS empty ([]) Problem description: When inviting users across federated homeservers, the first invited user can usually join the room successfully. However, when inviting an additional user, the invited client consistently encounters a broken room state. On the invited user's client (Element), the following happens: 1. A room appears with the SAME room_id as the original room 2. Element shows this room as room version v1 3. Clicking "Join" fails with 403 M_FORBIDDEN 4. The user cannot join the room 5. The user must manually leave/delete this "ghost room" 6. Leaving the ghost room implicitly rejects the invite 7. Only AFTER the inviter sends a NEW invite can the user join successfully Important observations: - The ghost room and the real room share the SAME room_id - The room version shown in the ghost room (v1) is DIFFERENT from the actual room version - Deleting/leaving the ghost room automatically rejects the invite - A new invite is required after rejection for the user to join Server-side log on the invited user's homeserver: WARN event_auth: sender cannot send events without being joined to the room membership_state="invite" This indicates that an event requiring "join" permission is being processed while the membership state is still "invite", leading to authorization failure. Reproduction steps: 1. User A creates a room on Server A 2. User A invites User B -> User B joins successfully 3. User A invites User C 4. User C sees a ghost room with the same room_id but wrong room version 5. User C cannot join (403 M_FORBIDDEN) 6. User C must leave/delete the ghost room, which rejects the invite 7. User A sends a NEW invite 8. User C can now join successfully Expected behavior: Invited users should receive a complete and consistent room state and be able to join the room without encountering a ghost room, authorization failure, or forced invite rejection. Notes: - This is not a frontend-only issue - The issue reproduces even without sending messages or upgrading rooms - Deleting the ghost room is currently the only way to recover, but it incorrectly rejects the invite
nex commented 2026-02-04 04:42:30 +00:00
Owner
Copy link

Is this different to #1249? Furthermore does this happen on clients other than element (I think the "ghost" room is a UI bug resulting from undefined behaviour caused by the stateless invites, I think other clients handle it better)

Is this different to #1249? Furthermore does this happen on clients other than element (I think the "ghost" room is a UI bug resulting from undefined behaviour caused by the stateless invites, I think other clients handle it better)
nex commented 2026-02-12 22:05:07 +00:00
Owner
Copy link

Fixed by #1346

Fixed by #1346
nex closed this issue 2026-02-12 22:05:07 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/rand-0.x
renovate/axum-server-0.x
renovate/rust-patch-updates
renovate/crate-ci-typos-1.x
jade/dehydrated-devices
renovate/axum-monorepo
aranje/illegal-car-mods
nex/fix/remote-aliases
jade/liveit-guide
jade/http3
nex/feat/admin-hide-empty-rooms
ginger/oobe
nex/fix/debian-thingy
renovate/libloading-0.x
renovate/lddtree-0.x
jade/ldap-admin-check
nex/fix/remote-restricted-joins
nex/feat/msc4406-sender-ignored
jade/deadlock-detection
ginger/779-in-troubleshooting
nex/feat/room-shutdown
renovate/cargo-bins-cargo-binstall-1.x
renovate/rspress-plugin-client-redirects-2.x-lockfile
tcpipuk/docker-docs
renovate/rspress-plugin-sitemap-2.x-lockfile
renovate/rspress-core-2.x-lockfile
renovate/ruma-digest
jade/get-started
jade/docs-guide
ginger/fix-local-invites
nex/fix/tpi
jade/snafu
renovate/rspress-plugin-preview-2.x-lockfile
nex/feat/room-deletion
nex/feat/msc4322-media-redaction
ginger/stitched-order
jade/build-info
nex/stateres-refactor
ginger/deps/update-rspress
jade/admin-announce-improvements
ginger/xtask-improvements
jade/improve-admin-config-display
nex/fix/better-stateres-error-logs
jade/sender-timeouts
nex/feat/custom-v12-room-ids
ginger/update-metadata
nex/feat/admin-force-logout
tom/max-perf-docs
nex/fix/invalid-appservice-reg
nex/feat/antispam
nex/feat/account-locking
jade/logging-cleanup
jade/remove-legacy-appservice-auth
nex/fix/key-query
jade/update-prek
nex/fix/room-summaries
ginger/restrict-admin-commands
ginger/enable-console-by-default
jade/tag-fixes
jade/otlp
nex/meta/pull-req-template
nex/fix/fed-invite-compliance
nex/feat/build-commit
nex/feat/join-logging
jade/mailmap-updates
jade/hack-ci-tmp
jade/v12-stable
jade/relations
ginger/database-refactor
jade/fix-ldap-uiaa
nex/fix/validation
ginger/nuke-invalid-msc4133-fields-in-migration
ginger/downgrade-artifact-actions
oddlid/reload-fix
jade/fix-assert
ginger/sync-v3-cleanup
ginger/remove-absolute-action-urls
jade/website
nex/fix/backoff
ginger/fix-mdbook-for-0.5
ginger/no-docker-on-prs
backport/v0.5.0-rc.8-1
nex/fed-improvements
dahsa_uwu/axum-0.8
jade/rust-1.90
jade/mirror-dockerhub
jade/clippy-fixes
jade/fix-support
jade/clean-images
jade/wal-compression-type
jade/flake-clone
ginger/upload-rpms-on-schedule
nex/fix/incoming-fetch
nex/fix/upgrade
tom/ci-fedora-rpm
jade/ci-release-fix
jade/rocksdb-10-5
ginger/fix-msc4133-migration
ginger/migrate-busted-tz
hydra/public
nex/feat/manual-extremities
nex/feat/async-media
nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE
nex/feat/better-logging
trigger-ci-so-latest-isnt-on-illegal-car-mods
nex/feat/pins-backfill
jade/tuwunel-2025-06-old
jade/ai-slop-db-docs
nex/fix-create-auth
jade/version-stats
jade/read-receipts
jade/rust-toolchain-no-targets
jade/logging-features
jade/syncv5-typing
jade/msc2815
jade/purge-sync-tokens
morguldir/see-eye
jade/css-small-screen
nex/wip-751
tuwunel-rebase
test
oddlid/rename-admin-room-bot
strawberry/nix-ci-stuff
strawberry/valgrind
phonemain
strawberry/morgs-snake-sync-jason-main
newer-media-endpoints
folly-coroutines-async-io
federation-retry-timer-port
bad-attempt-at-extracting-homeserver-signing-key
room-deletion-attempt-do-not-use
v0.5.5
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.5.0-rc.8.1
v0.5.0-rc.8
v0.5.0-rc.7
v0.5.0-rc.6
v0.5.0-rc.5
v0.5.0-rc4
v0.5.0-rc3
v0.5.0-rc2
v0.5.0-rc
v0.4.7-rc
v0.4.6
v0.4.6-rc
v0.4.5-rc
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
Labels
Clear labels   
Blocked

This pull request or issue is currently blocked from being merged/closed

  
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI

Issues related to CI changes

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed
This issue has enough information and is confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Support

Questions or support requests

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity#1331
No description provided.