continuwuation/continuwuity
continuwuation/continuwuity
16
60
Fork 64
Code Issues 99 Pull requests 31 Releases 26 Packages 3 Activity Actions 10

Improve restricted room join handling #1368

Merged
Jade merged 10 commits from nex/fix/remote-restricted-joins into main 2026-02-15 16:11:32 +00:00
Conversation 4 Commits 10 Files changed 8 +282 -342
nex commented 2026-02-13 02:06:17 +00:00
Owner
Copy link

A series of changes have been made in the past few months that changed how we handled restricted and knock_restricted join rules. However, this did not make our handling fully spec complaint. The following issues were found and fixed in this PR:

  • Removed unused TPI stuff from join helper
  • Fixed technically incorrect handling of returned room_version for make_join (did not default to v1)
  • Fixed inconsistency between local and remote joins where remote joins logged they were happening but local joins were just debug logs
  • Cleaned up the logic that determined whether an authorising user was required, and fetching said authorising user, for local joins
  • Deduplicated code that was shared between the remote join helper and the local join helper's federation fallback
  • Improved the clarity of make_join_request's logs:
    • The log telling us which server is being asked now clearly indicates its progress
    • Getting an M_UNABLE_TO_AUTHORISE_JOIN, M_UNABLE_TO_GRANT_JOIN, M_INCOMPATIBLE_ROOM_VERSION, M_FORBIDDEN, or M_NOT_FOUND error now logs a more informative error.
  • Getting M_FORBIDDEN or M_INCOMPATIBLE_ROOM_VERSION immediately terminates the make_join attempt loop, meaning we don't needlessly ask up to 40 servers for the same failing join
  • Fixed make_join requiring an authorising user when the joining user is already joined
  • M_FORBIDDEN is always returned if allow is empty in the join rule (this is akin to using the invite join rule)
  • make_join now correctly returns M_FORBIDDEN or M_UNABLE_TO_AUTHORISE_JOIN depending on whether we recognised all of the requirements and could check them or not.

This is a huge UI/UX improvement and also gives us free performance gains.

Pull request checklist:

  • This pull request targets the main branch, and the branch is named something other than
    main.
  • I have written an appropriate pull request title and my description is clear.
  • I understand I am responsible for the contents of this pull request.
  • I have followed the contributing guidelines:
A series of changes have been made in the past few months that changed how we handled `restricted` and `knock_restricted` join rules. However, this did not make our handling fully spec complaint. The following issues were found and fixed in this PR: - Removed unused TPI stuff from join helper - Fixed technically incorrect handling of returned `room_version` for `make_join` (did not default to v1) - Fixed inconsistency between local and remote joins where remote joins logged they were happening but local joins were just debug logs - Cleaned up the logic that determined whether an authorising user was required, and fetching said authorising user, for local joins - Deduplicated code that was shared between the remote join helper and the local join helper's federation fallback - Improved the clarity of `make_join_request`'s logs: - The log telling us which server is being asked now clearly indicates its progress - Getting an `M_UNABLE_TO_AUTHORISE_JOIN`, `M_UNABLE_TO_GRANT_JOIN`, `M_INCOMPATIBLE_ROOM_VERSION`, `M_FORBIDDEN`, or `M_NOT_FOUND` error now logs a more informative error. - Getting `M_FORBIDDEN` or `M_INCOMPATIBLE_ROOM_VERSION` immediately terminates the `make_join` attempt loop, meaning we don't needlessly ask up to 40 servers for the same failing join - Fixed `make_join` requiring an authorising user when the joining user is already joined - `M_FORBIDDEN` is always returned if `allow` is empty in the join rule (this is akin to using the `invite` join rule) - `make_join` now correctly returns `M_FORBIDDEN` or `M_UNABLE_TO_AUTHORISE_JOIN` depending on whether we recognised all of the requirements and could check them or not. This is a huge UI/UX improvement and also gives us free performance gains. **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [x] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [x] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
fix: Produce more useful errors in make_join_request
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m31s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 4m36s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 25m36s
Details
616b611f33
fix: Refactor local join process
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m31s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m44s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 20m56s
Details
3a19a2d71c
style: Fix IncompatibleRoomVersion log line
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m19s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m2s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 19m7s
Details
a41ccbe4e4
nex changed title from WIP: fix inaccuracies in remote restricted joins to Improve restricted room join handling 2026-02-13 07:47:13 +00:00
nex added this to the 0.5.5 milestone 2026-02-13 07:47:35 +00:00
nex requested review from Owners 2026-02-13 07:47:42 +00:00
chore: Add news frag
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m28s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 2m3s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m52s
Details
e46a832e00
ginger force-pushed nex/fix/remote-restricted-joins from e46a832e00
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m28s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 2m3s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m52s
Details
to 14b90afcb1
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m43s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m2s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 20s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 7m53s
Details
2026-02-14 19:20:54 +00:00 Compare
ginger reviewed 2026-02-14 19:27:06 +00:00
src/api/server/make_join.rs Outdated
@ -254,0 +283,4 @@
// We were able to check all the restrictions and can be certain that the
// prospective member is not permitted to join.
Err!(Request(Forbidden(
"You do not belong to any of the required rooms to join this one."
ginger commented 2026-02-14 19:25:33 +00:00
Owner
Copy link

possible better wording: You do not belong to any of the rooms which are required to join this room. still not the clearest but it scans a bit better to me

possible better wording: `You do not belong to any of the rooms which are required to join this room.` still not the clearest but it scans a bit better to me
nex marked this conversation as resolved
src/api/server/make_join.rs Outdated
@ -254,0 +291,4 @@
// the user's membership, and consequently the user *might* be able to join if
// they ask another server.
Err!(Request(UnableToAuthorizeJoin(
"Joining user is not known to be in any required room."
ginger commented 2026-02-14 19:26:56 +00:00
Owner
Copy link

possible better wording: This server cannot check all restricted join rules for the joining user.

possible better wording: `This server cannot check all restricted join rules for the joining user.`
nex marked this conversation as resolved
ginger commented 2026-02-14 23:00:31 +00:00
Owner
Copy link

reminder to add an error message for disinvites!

reminder to add an error message for disinvites!
style: Update error messages in make_join.rs
All checks were successful
Update flake hashes / update-flake-hashes (pull_request) Successful in 25s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m13s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m59s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 20m3s
Details
a1c91d4e9d
feat: Support rescinding invites over federation
All checks were successful
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 5m2s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 6m28s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 2m25s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 20m48s
Details
cde4761b43
style: Compress should_rescind_invite
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m15s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 25s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
96da336a34
style: Invert pending_invite_state check
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 2m26s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 49s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m43s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 11m34s
Details
b35de96bd5
ginger approved these changes 2026-02-15 14:46:46 +00:00
Jade force-pushed nex/fix/remote-restricted-joins from b35de96bd5
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 2m26s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 49s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 3m43s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 11m34s
Details
to 75f715fe64
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 8m56s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
2026-02-15 15:50:21 +00:00 Compare
Jade commented 2026-02-15 15:50:41 +00:00
Owner
Copy link

Fixed the mistake in inverting the check, should be good to merge

Fixed the mistake in inverting the check, should be good to merge
Jade force-pushed nex/fix/remote-restricted-joins from 75f715fe64
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 8m56s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
to 117c581948
Some checks failed
Documentation / Build and Deploy Documentation (push) Waiting to run
Details
Checks / Prek / Pre-commit & Formatting (push) Waiting to run
Details
Checks / Prek / Clippy and Cargo Tests (push) Waiting to run
Details
Release Docker Image / Build linux-amd64 (release) (push) Waiting to run
Details
Release Docker Image / Build linux-arm64 (release) (push) Waiting to run
Details
Release Docker Image / Create Multi-arch Release Manifest (push) Blocked by required conditions
Details
Release Docker Image / Build linux-amd64 (max-perf) (push) Blocked by required conditions
Details
Release Docker Image / Build linux-arm64 (max-perf) (push) Blocked by required conditions
Details
Release Docker Image / Create Max-Perf Manifest (push) Blocked by required conditions
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 1m19s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m34s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 1h0m0s
Details
2026-02-15 16:11:25 +00:00 Compare
Jade merged commit 117c581948 into main 2026-02-15 16:11:32 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
ginger
Labels
Clear labels   
Blocked

This pull request or issue is currently blocked from being merged/closed

  
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI

Issues related to CI changes

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed
This issue has enough information and is confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Support

Questions or support requests

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
0.5.5
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity!1368
No description provided.