Skip to content

Commit 1c36430

Browse files
matrixbotmatrixbot
authored
Automatic merge back to main (#4781)
2 parents 9958c3b + 99f347f commit 1c36430

File tree

4 files changed

+131
-58
lines changed

4 files changed

+131
-58
lines changed

Cargo.lock

Lines changed: 28 additions & 28 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ members = ["crates/*"]
99
resolver = "2"
1010

1111
# Updated in the CI with a `sed` command
12-
package.version = "0.19.0-rc.0"
12+
package.version = "0.19.0-rc.1"
1313
package.license = "AGPL-3.0-only OR LicenseRef-Element-Commercial"
1414
package.authors = ["Element Backend Team"]
1515
package.edition = "2024"
@@ -33,35 +33,35 @@ broken_intra_doc_links = "deny"
3333
[workspace.dependencies]
3434

3535
# Workspace crates
36-
mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.19.0-rc.0" }
37-
mas-cli = { path = "./crates/cli/", version = "=0.19.0-rc.0" }
38-
mas-config = { path = "./crates/config/", version = "=0.19.0-rc.0" }
39-
mas-context = { path = "./crates/context/", version = "=0.19.0-rc.0" }
40-
mas-data-model = { path = "./crates/data-model/", version = "=0.19.0-rc.0" }
41-
mas-email = { path = "./crates/email/", version = "=0.19.0-rc.0" }
42-
mas-graphql = { path = "./crates/graphql/", version = "=0.19.0-rc.0" }
43-
mas-handlers = { path = "./crates/handlers/", version = "=0.19.0-rc.0" }
44-
mas-http = { path = "./crates/http/", version = "=0.19.0-rc.0" }
45-
mas-i18n = { path = "./crates/i18n/", version = "=0.19.0-rc.0" }
46-
mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.19.0-rc.0" }
47-
mas-iana = { path = "./crates/iana/", version = "=0.19.0-rc.0" }
48-
mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.19.0-rc.0" }
49-
mas-jose = { path = "./crates/jose/", version = "=0.19.0-rc.0" }
50-
mas-keystore = { path = "./crates/keystore/", version = "=0.19.0-rc.0" }
51-
mas-listener = { path = "./crates/listener/", version = "=0.19.0-rc.0" }
52-
mas-matrix = { path = "./crates/matrix/", version = "=0.19.0-rc.0" }
53-
mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.19.0-rc.0" }
54-
mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.19.0-rc.0" }
55-
mas-policy = { path = "./crates/policy/", version = "=0.19.0-rc.0" }
56-
mas-router = { path = "./crates/router/", version = "=0.19.0-rc.0" }
57-
mas-spa = { path = "./crates/spa/", version = "=0.19.0-rc.0" }
58-
mas-storage = { path = "./crates/storage/", version = "=0.19.0-rc.0" }
59-
mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.19.0-rc.0" }
60-
mas-tasks = { path = "./crates/tasks/", version = "=0.19.0-rc.0" }
61-
mas-templates = { path = "./crates/templates/", version = "=0.19.0-rc.0" }
62-
mas-tower = { path = "./crates/tower/", version = "=0.19.0-rc.0" }
63-
oauth2-types = { path = "./crates/oauth2-types/", version = "=0.19.0-rc.0" }
64-
syn2mas = { path = "./crates/syn2mas", version = "=0.19.0-rc.0" }
36+
mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.19.0-rc.1" }
37+
mas-cli = { path = "./crates/cli/", version = "=0.19.0-rc.1" }
38+
mas-config = { path = "./crates/config/", version = "=0.19.0-rc.1" }
39+
mas-context = { path = "./crates/context/", version = "=0.19.0-rc.1" }
40+
mas-data-model = { path = "./crates/data-model/", version = "=0.19.0-rc.1" }
41+
mas-email = { path = "./crates/email/", version = "=0.19.0-rc.1" }
42+
mas-graphql = { path = "./crates/graphql/", version = "=0.19.0-rc.1" }
43+
mas-handlers = { path = "./crates/handlers/", version = "=0.19.0-rc.1" }
44+
mas-http = { path = "./crates/http/", version = "=0.19.0-rc.1" }
45+
mas-i18n = { path = "./crates/i18n/", version = "=0.19.0-rc.1" }
46+
mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.19.0-rc.1" }
47+
mas-iana = { path = "./crates/iana/", version = "=0.19.0-rc.1" }
48+
mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.19.0-rc.1" }
49+
mas-jose = { path = "./crates/jose/", version = "=0.19.0-rc.1" }
50+
mas-keystore = { path = "./crates/keystore/", version = "=0.19.0-rc.1" }
51+
mas-listener = { path = "./crates/listener/", version = "=0.19.0-rc.1" }
52+
mas-matrix = { path = "./crates/matrix/", version = "=0.19.0-rc.1" }
53+
mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.19.0-rc.1" }
54+
mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.19.0-rc.1" }
55+
mas-policy = { path = "./crates/policy/", version = "=0.19.0-rc.1" }
56+
mas-router = { path = "./crates/router/", version = "=0.19.0-rc.1" }
57+
mas-spa = { path = "./crates/spa/", version = "=0.19.0-rc.1" }
58+
mas-storage = { path = "./crates/storage/", version = "=0.19.0-rc.1" }
59+
mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.19.0-rc.1" }
60+
mas-tasks = { path = "./crates/tasks/", version = "=0.19.0-rc.1" }
61+
mas-templates = { path = "./crates/templates/", version = "=0.19.0-rc.1" }
62+
mas-tower = { path = "./crates/tower/", version = "=0.19.0-rc.1" }
63+
oauth2-types = { path = "./crates/oauth2-types/", version = "=0.19.0-rc.1" }
64+
syn2mas = { path = "./crates/syn2mas", version = "=0.19.0-rc.1" }
6565

6666
# OpenAPI schema generation and validation
6767
[workspace.dependencies.aide]

crates/storage-pg/migrations/20250709142230_id_token_claims_trigger.sql

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
-- Copyright 2025 New Vector Ltd.
2+
--
3+
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
4+
-- Please see LICENSE in the repository root for full details.
5+
6+
-- We may be running an older version of the app that doesn't fill in the
7+
-- id_token_claims column when the id_token column is populated. So we add a
8+
-- trigger to fill in the id_token_claims column if it's NULL.
9+
--
10+
-- We will be able to remove this trigger in a future version of the app.
11+
--
12+
-- We backfill in a second migration after this one to make sure we don't miss
13+
-- any rows, and don't lock the table for too long.
14+
CREATE OR REPLACE FUNCTION fill_id_token_claims()
15+
RETURNS TRIGGER AS $$
16+
BEGIN
17+
-- Only process if id_token_claims is NULL but id_token is not NULL
18+
IF NEW.id_token_claims IS NULL AND NEW.id_token IS NOT NULL AND NEW.id_token != '' THEN
19+
BEGIN
20+
-- Decode JWT payload inline
21+
NEW.id_token_claims := (
22+
CASE
23+
WHEN split_part(NEW.id_token, '.', 2) = '' THEN NULL
24+
ELSE
25+
(convert_from(
26+
decode(
27+
replace(replace(split_part(NEW.id_token, '.', 2), '-', '+'), '_', '/') ||
28+
repeat('=', (4 - length(split_part(NEW.id_token, '.', 2)) % 4) % 4),
29+
'base64'
30+
),
31+
'UTF8'
32+
))::JSONB
33+
END
34+
);
35+
EXCEPTION
36+
WHEN OTHERS THEN
37+
-- If JWT decoding fails, leave id_token_claims as NULL
38+
NEW.id_token_claims := NULL;
39+
END;
40+
END IF;
41+
42+
RETURN NEW;
43+
END;
44+
$$ LANGUAGE plpgsql;
45+
46+
-- Create the trigger
47+
CREATE TRIGGER trg_fill_id_token_claims
48+
BEFORE INSERT OR UPDATE ON upstream_oauth_authorization_sessions
49+
FOR EACH ROW
50+
WHEN (NEW.id_token_claims IS NULL AND NEW.id_token IS NOT NULL AND NEW.id_token <> '')
51+
EXECUTE FUNCTION fill_id_token_claims();

0 commit comments

Comments
 (0)