Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions crates/cli/src/commands/manage.rs
Original file line number Diff line number Diff line change
Expand Up @@ -638,6 +638,12 @@ impl Options {
// synchronously yet.
let user = repo.user().lock(&clock, user).await?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

if deactivate {
warn!(%user.id, "Scheduling user deactivation");
repo.queue_job()
Expand Down Expand Up @@ -668,6 +674,12 @@ impl Options {
.await?
.context("User not found")?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

if reactivate {
warn!(%user.id, "Scheduling user reactivation");
repo.queue_job()
Expand Down
2 changes: 1 addition & 1 deletion crates/handlers/src/admin/v1/users/add.rs
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ pub async fn handler(
let user = repo.user().add(&mut rng, &clock, params.username).await?;

homeserver
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.map_err(RouteError::Homeserver)?;

Expand Down
45 changes: 43 additions & 2 deletions crates/handlers/src/admin/v1/users/lock.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.

use aide::{OperationIo, transform::TransformOperation};
use aide::{NoApi, OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse};
use hyper::StatusCode;
use mas_axum_utils::record_error;
use mas_data_model::BoxRng;
use mas_storage::queue::{ProvisionUserJob, QueueJobRepositoryExt};
use ulid::Ulid;

use crate::{
Expand Down Expand Up @@ -69,6 +71,7 @@ pub async fn handler(
CallContext {
mut repo, clock, ..
}: CallContext,
NoApi(mut rng): NoApi<BoxRng>,
id: UlidPathParam,
) -> Result<Json<SingleResponse<User>>, RouteError> {
let id = *id;
Expand All @@ -80,6 +83,12 @@ pub async fn handler(

let user = repo.user().lock(&clock, user).await?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

repo.save().await?;

Ok(Json(SingleResponse::new(
Expand All @@ -93,7 +102,11 @@ mod tests {
use chrono::Duration;
use hyper::{Request, StatusCode};
use mas_data_model::Clock;
use mas_storage::{RepositoryAccess, user::UserRepository};
use mas_storage::{
RepositoryAccess,
queue::{ProvisionUserJob, QueueJobRepositoryExt},
user::UserRepository,
};
use sqlx::PgPool;

use crate::test_utils::{RequestBuilderExt, ResponseExt, TestState, setup};
Expand All @@ -110,8 +123,25 @@ mod tests {
.add(&mut state.rng(), &state.clock, "alice".to_owned())
.await
.unwrap();

repo.queue_job()
.schedule_job(&mut state.rng(), &state.clock, ProvisionUserJob::new(&user))
.await
.unwrap();

repo.save().await.unwrap();

state.run_jobs_in_queue().await;
assert!(
!state
.homeserver_connection
.query_user_raw("alice")
.await
.unwrap()
.locked,
"User should not be locked at start of test"
);

let request = Request::post(format!("/api/admin/v1/users/{}/lock", user.id))
.bearer(&token)
.empty();
Expand All @@ -124,6 +154,17 @@ mod tests {
body["data"]["attributes"]["locked_at"],
serde_json::json!(state.clock.now())
);

state.run_jobs_in_queue().await;
assert!(
state
.homeserver_connection
.query_user_raw("alice")
.await
.unwrap()
.locked,
"User should be locked"
);
}

#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
Expand Down
4 changes: 2 additions & 2 deletions crates/handlers/src/admin/v1/users/reactivate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ mod tests {
// because this endpoint will try to reactivate it
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();
state
Expand Down Expand Up @@ -181,7 +181,7 @@ mod tests {
// Provision the user on the homeserver
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down
53 changes: 45 additions & 8 deletions crates/handlers/src/admin/v1/users/unlock.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,12 @@
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.

use aide::{OperationIo, transform::TransformOperation};
use aide::{NoApi, OperationIo, transform::TransformOperation};
use axum::{Json, response::IntoResponse};
use hyper::StatusCode;
use mas_axum_utils::record_error;
use mas_data_model::BoxRng;
use mas_storage::queue::{ProvisionUserJob, QueueJobRepositoryExt};
use ulid::Ulid;

use crate::{
Expand Down Expand Up @@ -66,7 +68,10 @@ This DOES NOT reactivate a deactivated user, which will remain unavailable until

#[tracing::instrument(name = "handler.admin.v1.users.unlock", skip_all)]
pub async fn handler(
CallContext { mut repo, .. }: CallContext,
CallContext {
mut repo, clock, ..
}: CallContext,
NoApi(mut rng): NoApi<BoxRng>,
id: UlidPathParam,
) -> Result<Json<SingleResponse<User>>, RouteError> {
let id = *id;
Expand All @@ -78,6 +83,12 @@ pub async fn handler(

let user = repo.user().unlock(user).await?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

repo.save().await?;

Ok(Json(SingleResponse::new(
Expand All @@ -91,7 +102,11 @@ mod tests {
use hyper::{Request, StatusCode};
use mas_data_model::Clock;
use mas_matrix::{HomeserverConnection, ProvisionRequest};
use mas_storage::{RepositoryAccess, user::UserRepository};
use mas_storage::{
RepositoryAccess,
queue::{ProvisionUserJob, QueueJobRepositoryExt},
user::UserRepository,
};
use sqlx::PgPool;

use crate::test_utils::{RequestBuilderExt, ResponseExt, TestState, setup};
Expand All @@ -109,16 +124,27 @@ mod tests {
.await
.unwrap();
let user = repo.user().lock(&state.clock, user).await.unwrap();
repo.save().await.unwrap();

// Also provision the user on the homeserver, because this endpoint will try to
// reactivate it
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
repo.queue_job()
.schedule_job(&mut state.rng(), &state.clock, ProvisionUserJob::new(&user))
.await
.unwrap();

repo.save().await.unwrap();

state.run_jobs_in_queue().await;
assert!(
state
.homeserver_connection
.query_user_raw("alice")
.await
.unwrap()
.locked,
"User should be locked at start of test"
);

let request = Request::post(format!("/api/admin/v1/users/{}/unlock", user.id))
.bearer(&token)
.empty();
Expand All @@ -130,6 +156,17 @@ mod tests {
body["data"]["attributes"]["locked_at"],
serde_json::Value::Null
);

state.run_jobs_in_queue().await;
assert!(
!state
.homeserver_connection
.query_user_raw("alice")
.await
.unwrap()
.locked,
"User should not be locked"
);
}

#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
Expand All @@ -151,7 +188,7 @@ mod tests {
// Provision the user on the homeserver
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();
// but then deactivate it
Expand Down
6 changes: 3 additions & 3 deletions crates/handlers/src/compat/login.rs
Original file line number Diff line number Diff line change
Expand Up @@ -935,7 +935,7 @@ mod tests {
.unwrap();
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, locked))
.await
.unwrap();

Expand Down Expand Up @@ -1238,7 +1238,7 @@ mod tests {

state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down Expand Up @@ -1343,7 +1343,7 @@ mod tests {

state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down
2 changes: 1 addition & 1 deletion crates/handlers/src/compat/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ async fn create_test_user(state: &TestState, username: &str) -> mas_data_model::
// Provision the user on the homeserver
state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down
14 changes: 14 additions & 0 deletions crates/handlers/src/graphql/mutations/user.rs
Original file line number Diff line number Diff line change
Expand Up @@ -551,6 +551,12 @@ impl UserMutations {

let user = repo.user().lock(&state.clock(), user).await?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

if deactivate {
info!(%user.id, "Scheduling deactivation of user");
repo.queue_job()
Expand All @@ -570,6 +576,8 @@ impl UserMutations {
input: UnlockUserInput,
) -> Result<UnlockUserPayload, async_graphql::Error> {
let state = ctx.state();
let clock = state.clock();
let mut rng = state.rng();
let requester = ctx.requester();
let matrix = state.homeserver_connection();

Expand All @@ -592,6 +600,12 @@ impl UserMutations {
let user = repo.user().reactivate(user).await?;
let user = repo.user().unlock(user).await?;

// Schedule a job to provision the user so that the lock flag is propagated
// to Synapse
repo.queue_job()
.schedule_job(&mut rng, &clock, ProvisionUserJob::new(&user))
.await?;

repo.save().await?;

Ok(UnlockUserPayload::Unlocked(user))
Expand Down
2 changes: 1 addition & 1 deletion crates/handlers/src/graphql/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,7 @@ async fn test_oauth2_client_credentials(pool: PgPool) {
// so we need to do it manually
state
.homeserver_connection
.provision_user(&ProvisionRequest::new("alice", user_id))
.provision_user(&ProvisionRequest::new("alice", user_id, false))
.await
.unwrap();

Expand Down
4 changes: 2 additions & 2 deletions crates/handlers/src/oauth2/introspection.rs
Original file line number Diff line number Diff line change
Expand Up @@ -805,7 +805,7 @@ mod tests {

state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down Expand Up @@ -1005,7 +1005,7 @@ mod tests {

state
.homeserver_connection
.provision_user(&ProvisionRequest::new(&user.username, &user.sub))
.provision_user(&ProvisionRequest::new(&user.username, &user.sub, false))
.await
.unwrap();

Expand Down
3 changes: 3 additions & 0 deletions crates/matrix-synapse/src/modern.rs

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be nice if we also had a synapse_legacy implementation, maybe some configurations are still using that, but also we should drop that one.

Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ impl HomeserverConnection for SynapseConnection {
set_emails: Option<Vec<String>>,
#[serde(skip_serializing_if = "std::ops::Not::not")]
unset_emails: bool,
#[serde(skip_serializing_if = "Option::is_none")]
locked: Option<bool>,
}

let mut body = Request {
Expand All @@ -151,6 +153,7 @@ impl HomeserverConnection for SynapseConnection {
unset_avatar_url: false,
set_emails: None,
unset_emails: false,
locked: Some(request.locked()),
};

request.on_displayname(|displayname| match displayname {
Expand Down
Loading
Loading