continuwuation/continuwuity
8
20
Fork 18
Code Issues 82 Pull requests 8 Projects Releases 17 Packages 1 Activity Actions

Implement user suspension #876

Merged
nex merged 23 commits from nex/user-suspension into main 2025-06-29 15:38:02 +00:00
Conversation 4 Commits 23 Files changed 20 +276 -66
nex commented 2025-06-28 20:30:35 +00:00
Owner
Copy link

This PR implements user suspension, part of the 1.13 matrix spec.

Specifically, the set of specific forbidden actions are implemented, rather than explicitly permitted. Room creation is additionally forbidden, despite it being missing from the spec defs, because there's no legitimate reason to create rooms you cannot send nor invite to.

This PR implements [user suspension](https://spec.matrix.org/v1.15/client-server-api/#account-suspension), part of the 1.13 matrix spec. Specifically, the set of specific forbidden actions are implemented, rather than explicitly permitted. Room creation is additionally forbidden, despite it being missing from the spec defs, because there's no legitimate reason to create rooms you cannot send nor invite to.
nex added this to the 0.5.0 milestone 2025-06-28 20:30:35 +00:00
nex added the
Database
Enhancement
Matrix/Administration
Matrix/Client
Matrix/Auth
 labels 2025-06-28 20:30:35 +00:00
nex added 12 commits 2025-06-28 20:30:35 +00:00
feat: Prevent suspended users creating new rooms
Some checks failed
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Prefligit / prefligit (push) Successful in 38s
Details
Checks / Rust / Format (push) Successful in 42s
Details
Checks / Rust / Clippy (push) Failing after 3m13s
Details
Checks / Rust / Cargo Test (push) Successful in 4m13s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 9m59s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 19m30s
Details
Release Docker Image / merge (push) Successful in 31s
Details
424b2b039b
fix: Inappropriate empty check
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 1s
Details
Checks / Prefligit / prefligit (push) Successful in 28s
Details
Checks / Rust / Format (push) Successful in 47s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Checks / Rust / Cargo Test (push) Has been cancelled
Details
Checks / Rust / Clippy (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
762f9e59f0 
I once again, assumed `true` is actually `false`.
feat: Do not allow suspending admin users
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Prefligit / prefligit (push) Successful in 40s
Details
Checks / Rust / Format (push) Successful in 55s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Checks / Rust / Clippy (push) Has been cancelled
Details
Checks / Rust / Cargo Test (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
712acc6cb1
style: Remove unneeded statements (clippy)
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 3s
Details
Checks / Prefligit / prefligit (push) Successful in 25s
Details
Checks / Rust / Format (push) Successful in 45s
Details
Checks / Rust / Cargo Test (push) Successful in 3m40s
Details
Checks / Rust / Clippy (push) Successful in 4m10s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
13ba3f278f
feat: Forbid suspended users from sending state events
Some checks failed
Release Docker Image / define-variables (push) Successful in 3s
Details
Checks / Prefligit / prefligit (push) Successful in 34s
Details
Checks / Rust / Format (push) Successful in 49s
Details
Checks / Rust / Clippy (push) Successful in 4m15s
Details
Checks / Rust / Cargo Test (push) Successful in 4m45s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 27s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 50s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Failing after 13m57s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Failing after 17m29s
Details
Release Docker Image / merge (push) Has been cancelled
Details
a6ceaa8259
requested review from Owners 2025-06-28 20:31:03 +00:00
nex added 3 commits 2025-06-28 21:43:57 +00:00 
Prevents kicks, bans, unbans, and alias modification
feat: Prevent suspended users upgrading rooms
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Prefligit / prefligit (push) Successful in 29s
Details
Checks / Rust / Format (push) Successful in 39s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 27s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 47s
Details
Checks / Rust / Clippy (push) Successful in 3m30s
Details
Checks / Rust / Cargo Test (push) Successful in 4m5s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
c4ce2aa291
nex commented 2025-06-28 21:45:35 +00:00
Author
Owner
Copy link

Added some additional suspension checks:

  • Creating & Deleting aliases are forbidden
  • Changing the room visibility is forbidden
  • Banning, unbanning, and kicking users is forbidden
  • Uploading new media is forbidden
  • Upgrading rooms via /upgrade is forbidden
Added some additional suspension checks: - Creating & Deleting aliases are forbidden - Changing the room visibility is forbidden - Banning, unbanning, and kicking users is forbidden - Uploading new media is forbidden - Upgrading rooms via /upgrade is forbidden
nex added 2 commits 2025-06-28 21:53:33 +00:00
feat: Do not allow suspended users to send typing statuses
All checks were successful
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Prefligit / prefligit (push) Successful in 14s
Details
Checks / Rust / Format (push) Successful in 41s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 46s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 28s
Details
Checks / Rust / Clippy (push) Successful in 3m59s
Details
Checks / Rust / Cargo Test (push) Successful in 4m25s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 12m6s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 12m40s
Details
Release Docker Image / merge (push) Successful in 25s
Details
b3428c2e3d
nex commented 2025-06-28 21:54:06 +00:00
Author
Owner
Copy link

Also, suspended users can no-longer send public read receipts, or typing. I'm pretty sure this covers the basis for all "write" endpoints now.

Also, suspended users can no-longer send public read receipts, or typing. I'm pretty sure this covers the basis for all "write" endpoints now.
Jade reviewed 2025-06-28 22:05:45 +00:00
src/service/users/mod.rs Outdated
@ -143,6 +145,16 @@ impl Service {
Ok(())
}
/// Suspend account, placing it in a read-only state
Jade commented 2025-06-28 22:05:45 +00:00
Owner
Copy link

Might want to use an actual struct here. In case we want to add things like time to suspensions, oh being able to send in specific rooms to communicate with admins

Might want to use an actual struct here. In case we want to add things like time to suspensions, oh being able to send in specific rooms to communicate with admins
nex commented 2025-06-28 22:11:02 +00:00
Author
Owner
Copy link

oh being able to send in specific rooms to communicate with admins

if this is a suggestion rather than a reasoning for using a struct, I think that's best suited for another PR

> oh being able to send in specific rooms to communicate with admins if this is a suggestion rather than a reasoning for using a struct, I think that's best suited for another PR
nex marked this conversation as resolved
nex added 1 commit 2025-06-29 00:52:13 +00:00
fix: Missing suspensions shouldn't error
All checks were successful
Checks / Prefligit / prefligit (push) Successful in 33s
Details
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Rust / Format (push) Successful in 1m1s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 48s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 25s
Details
Checks / Rust / Clippy (push) Successful in 5m0s
Details
Checks / Rust / Cargo Test (push) Successful in 5m25s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 13m33s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 13m43s
Details
Release Docker Image / merge (push) Successful in 27s
Details
c6ed641dcb 
Turns out copying and pasting the function
above verbatim actually introduces more
problems than it solves!
nex added 1 commit 2025-06-29 01:28:12 +00:00
fix: Failing open on database errors
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 12s
Details
Checks / Prefligit / prefligit (push) Successful in 29s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 17s
Details
Checks / Rust / Format (push) Successful in 45s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 50s
Details
Checks / Rust / Clippy (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Checks / Rust / Cargo Test (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
a67d9eb76a 
oops
nex added 1 commit 2025-06-29 01:30:58 +00:00
style: Remove unnecessary imports (clippy)
All checks were successful
Release Docker Image / define-variables (push) Successful in 8s
Details
Checks / Prefligit / prefligit (push) Successful in 27s
Details
Checks / Rust / Format (push) Successful in 35s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 14s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 47s
Details
Checks / Rust / Clippy (push) Successful in 2m59s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 10m23s
Details
Checks / Rust / Cargo Test (push) Successful in 3m7s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 19m46s
Details
Release Docker Image / merge (push) Successful in 19s
Details
db07480aec
Jade added 1 commit 2025-06-29 14:07:44 +00:00
feat: Record metadata about user suspensions
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 12s
Details
Checks / Prefligit / prefligit (push) Successful in 31s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 15s
Details
Checks / Rust / Format (push) Successful in 42s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 55s
Details
Checks / Rust / Clippy (push) Successful in 3m4s
Details
Checks / Rust / Cargo Test (push) Successful in 5m41s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
ffe34a91db
Jade added 1 commit 2025-06-29 14:17:34 +00:00
feat: Pass sender through admin commands
Some checks failed
Release Docker Image / define-variables (push) Successful in 3s
Details
Checks / Prefligit / prefligit (push) Successful in 29s
Details
Checks / Rust / Format (push) Successful in 57s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 53s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 24s
Details
Checks / Rust / Clippy (push) Failing after 3m47s
Details
Checks / Rust / Cargo Test (push) Successful in 5m30s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 12m1s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 11m32s
Details
Release Docker Image / merge (push) Successful in 37s
Details
e01181d7e5
nex added 1 commit 2025-06-29 15:26:14 +00:00
style: Remove redundant, unused functions
All checks were successful
Release Docker Image / define-variables (push) Successful in 4s
Details
Checks / Prefligit / prefligit (push) Successful in 28s
Details
Checks / Rust / Format (push) Successful in 47s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 16s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 47s
Details
Checks / Rust / Clippy (push) Successful in 4m26s
Details
Checks / Rust / Cargo Test (push) Successful in 4m48s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 12m56s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 15m11s
Details
Release Docker Image / merge (push) Successful in 19s
Details
e547145748
requested reviews from Jade and removed review requests for Owners 2025-06-29 15:26:33 +00:00
Jade approved these changes 2025-06-29 15:36:50 +00:00
Jade left a comment
Owner
Copy link

Comments can be fixed when a 'list suspended users' command or something is added

Comments can be fixed when a 'list suspended users' command or something is added
src/admin/context.rs
@ -37,2 +38,4 @@
})
}
/// Get the sender as a string, or service user ID if not available
Jade commented 2025-06-29 15:35:02 +00:00
Owner
Copy link

Oh no this comment is wrong, oh well, never mind

Oh no this comment is wrong, oh well, never mind
src/admin/user/commands.rs
@ -227,0 +238,4 @@
if self.services.users.is_admin(&user_id).await {
return Err!("Admin users cannot be suspended.");
}
// TODO: Record the actual user that sent the suspension where possible
Jade commented 2025-06-29 15:35:27 +00:00
Owner
Copy link

And this one

And this one
nex merged commit d4862b8ead into main 2025-06-29 15:38:02 +00:00
nex deleted branch nex/user-suspension 2025-06-29 15:38:02 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Jade
Labels
Clear labels   
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

   
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Bug
Cherry-picking
Database
Dependencies
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/MSC
Matrix/Media
Meta
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
0.5.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#876
No description provided.
Delete branch "nex/user-suspension"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?