Improve restricted room join handling #1368
No reviewers
Labels
No labels
Blocked
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
To-Merge
Wont fix
old/ci/cd
old/rust
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
continuwuation/continuwuity!1368
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "nex/fix/remote-restricted-joins"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
A series of changes have been made in the past few months that changed how we handled
restrictedandknock_restrictedjoin rules. However, this did not make our handling fully spec complaint. The following issues were found and fixed in this PR:room_versionformake_join(did not default to v1)make_join_request's logs:M_UNABLE_TO_AUTHORISE_JOIN,M_UNABLE_TO_GRANT_JOIN,M_INCOMPATIBLE_ROOM_VERSION,M_FORBIDDEN, orM_NOT_FOUNDerror now logs a more informative error.M_FORBIDDENorM_INCOMPATIBLE_ROOM_VERSIONimmediately terminates themake_joinattempt loop, meaning we don't needlessly ask up to 40 servers for the same failing joinmake_joinrequiring an authorising user when the joining user is already joinedM_FORBIDDENis always returned ifallowis empty in the join rule (this is akin to using theinvitejoin rule)make_joinnow correctly returnsM_FORBIDDENorM_UNABLE_TO_AUTHORISE_JOINdepending on whether we recognised all of the requirements and could check them or not.This is a huge UI/UX improvement and also gives us free performance gains.
Pull request checklist:
mainbranch, and the branch is named something other thanmain.myself, if applicable. This includes ensuring code compiles.
WIP: fix inaccuracies in remote restricted joinsto Improve restricted room join handlinge46a832e0014b90afcb1@ -254,0 +283,4 @@// We were able to check all the restrictions and can be certain that the// prospective member is not permitted to join.Err!(Request(Forbidden("You do not belong to any of the required rooms to join this one."possible better wording:
You do not belong to any of the rooms which are required to join this room.still not the clearest but it scans a bit better to me@ -254,0 +291,4 @@// the user's membership, and consequently the user *might* be able to join if// they ask another server.Err!(Request(UnableToAuthorizeJoin("Joining user is not known to be in any required room."possible better wording:
This server cannot check all restricted join rules for the joining user.reminder to add an error message for disinvites!
b35de96bd575f715fe64Fixed the mistake in inverting the check, should be good to merge
75f715fe64117c581948