Skip to content

Automatic merge back to main #4781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jul 10, 2025
Merged

Automatic merge back to main #4781

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9644a2b
Backfill the id_token_claims column in the upstream_oauth_authorizati…
sandhose Jul 9, 2025
81efccf
Only apply the trigger on rows without the id_token_claims set
sandhose Jul 9, 2025
620f214
Split the migration in two parts, two transactions.
sandhose Jul 9, 2025
de80063
Make back-channel logout work on existing sessions (#4767)
sandhose Jul 10, 2025
99f347f
0.19.0-rc.1
github-actions[bot] Jul 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 28 additions & 28 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

60 changes: 30 additions & 30 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ members = ["crates/*"]
resolver = "2"

# Updated in the CI with a `sed` command
package.version = "0.19.0-rc.0"
package.version = "0.19.0-rc.1"
package.license = "AGPL-3.0-only OR LicenseRef-Element-Commercial"
package.authors = ["Element Backend Team"]
package.edition = "2024"
Expand All @@ -33,35 +33,35 @@ broken_intra_doc_links = "deny"
[workspace.dependencies]

# Workspace crates
mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.19.0-rc.0" }
mas-cli = { path = "./crates/cli/", version = "=0.19.0-rc.0" }
mas-config = { path = "./crates/config/", version = "=0.19.0-rc.0" }
mas-context = { path = "./crates/context/", version = "=0.19.0-rc.0" }
mas-data-model = { path = "./crates/data-model/", version = "=0.19.0-rc.0" }
mas-email = { path = "./crates/email/", version = "=0.19.0-rc.0" }
mas-graphql = { path = "./crates/graphql/", version = "=0.19.0-rc.0" }
mas-handlers = { path = "./crates/handlers/", version = "=0.19.0-rc.0" }
mas-http = { path = "./crates/http/", version = "=0.19.0-rc.0" }
mas-i18n = { path = "./crates/i18n/", version = "=0.19.0-rc.0" }
mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.19.0-rc.0" }
mas-iana = { path = "./crates/iana/", version = "=0.19.0-rc.0" }
mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.19.0-rc.0" }
mas-jose = { path = "./crates/jose/", version = "=0.19.0-rc.0" }
mas-keystore = { path = "./crates/keystore/", version = "=0.19.0-rc.0" }
mas-listener = { path = "./crates/listener/", version = "=0.19.0-rc.0" }
mas-matrix = { path = "./crates/matrix/", version = "=0.19.0-rc.0" }
mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.19.0-rc.0" }
mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.19.0-rc.0" }
mas-policy = { path = "./crates/policy/", version = "=0.19.0-rc.0" }
mas-router = { path = "./crates/router/", version = "=0.19.0-rc.0" }
mas-spa = { path = "./crates/spa/", version = "=0.19.0-rc.0" }
mas-storage = { path = "./crates/storage/", version = "=0.19.0-rc.0" }
mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.19.0-rc.0" }
mas-tasks = { path = "./crates/tasks/", version = "=0.19.0-rc.0" }
mas-templates = { path = "./crates/templates/", version = "=0.19.0-rc.0" }
mas-tower = { path = "./crates/tower/", version = "=0.19.0-rc.0" }
oauth2-types = { path = "./crates/oauth2-types/", version = "=0.19.0-rc.0" }
syn2mas = { path = "./crates/syn2mas", version = "=0.19.0-rc.0" }
mas-axum-utils = { path = "./crates/axum-utils/", version = "=0.19.0-rc.1" }
mas-cli = { path = "./crates/cli/", version = "=0.19.0-rc.1" }
mas-config = { path = "./crates/config/", version = "=0.19.0-rc.1" }
mas-context = { path = "./crates/context/", version = "=0.19.0-rc.1" }
mas-data-model = { path = "./crates/data-model/", version = "=0.19.0-rc.1" }
mas-email = { path = "./crates/email/", version = "=0.19.0-rc.1" }
mas-graphql = { path = "./crates/graphql/", version = "=0.19.0-rc.1" }
mas-handlers = { path = "./crates/handlers/", version = "=0.19.0-rc.1" }
mas-http = { path = "./crates/http/", version = "=0.19.0-rc.1" }
mas-i18n = { path = "./crates/i18n/", version = "=0.19.0-rc.1" }
mas-i18n-scan = { path = "./crates/i18n-scan/", version = "=0.19.0-rc.1" }
mas-iana = { path = "./crates/iana/", version = "=0.19.0-rc.1" }
mas-iana-codegen = { path = "./crates/iana-codegen/", version = "=0.19.0-rc.1" }
mas-jose = { path = "./crates/jose/", version = "=0.19.0-rc.1" }
mas-keystore = { path = "./crates/keystore/", version = "=0.19.0-rc.1" }
mas-listener = { path = "./crates/listener/", version = "=0.19.0-rc.1" }
mas-matrix = { path = "./crates/matrix/", version = "=0.19.0-rc.1" }
mas-matrix-synapse = { path = "./crates/matrix-synapse/", version = "=0.19.0-rc.1" }
mas-oidc-client = { path = "./crates/oidc-client/", version = "=0.19.0-rc.1" }
mas-policy = { path = "./crates/policy/", version = "=0.19.0-rc.1" }
mas-router = { path = "./crates/router/", version = "=0.19.0-rc.1" }
mas-spa = { path = "./crates/spa/", version = "=0.19.0-rc.1" }
mas-storage = { path = "./crates/storage/", version = "=0.19.0-rc.1" }
mas-storage-pg = { path = "./crates/storage-pg/", version = "=0.19.0-rc.1" }
mas-tasks = { path = "./crates/tasks/", version = "=0.19.0-rc.1" }
mas-templates = { path = "./crates/templates/", version = "=0.19.0-rc.1" }
mas-tower = { path = "./crates/tower/", version = "=0.19.0-rc.1" }
oauth2-types = { path = "./crates/oauth2-types/", version = "=0.19.0-rc.1" }
syn2mas = { path = "./crates/syn2mas", version = "=0.19.0-rc.1" }

# OpenAPI schema generation and validation
[workspace.dependencies.aide]
Expand Down
51 changes: 51 additions & 0 deletions crates/storage-pg/migrations/20250709142230_id_token_claims_trigger.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-- Copyright 2025 New Vector Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE in the repository root for full details.

-- We may be running an older version of the app that doesn't fill in the
-- id_token_claims column when the id_token column is populated. So we add a
-- trigger to fill in the id_token_claims column if it's NULL.
--
-- We will be able to remove this trigger in a future version of the app.
--
-- We backfill in a second migration after this one to make sure we don't miss
-- any rows, and don't lock the table for too long.
CREATE OR REPLACE FUNCTION fill_id_token_claims()
RETURNS TRIGGER AS $$
BEGIN
-- Only process if id_token_claims is NULL but id_token is not NULL
IF NEW.id_token_claims IS NULL AND NEW.id_token IS NOT NULL AND NEW.id_token != '' THEN
BEGIN
-- Decode JWT payload inline
NEW.id_token_claims := (
CASE
WHEN split_part(NEW.id_token, '.', 2) = '' THEN NULL
ELSE
(convert_from(
decode(
replace(replace(split_part(NEW.id_token, '.', 2), '-', '+'), '_', '/') ||
repeat('=', (4 - length(split_part(NEW.id_token, '.', 2)) % 4) % 4),
'base64'
),
'UTF8'
))::JSONB
END
);
EXCEPTION
WHEN OTHERS THEN
-- If JWT decoding fails, leave id_token_claims as NULL
NEW.id_token_claims := NULL;
END;
END IF;

RETURN NEW;
END;
$$ LANGUAGE plpgsql;

-- Create the trigger
CREATE TRIGGER trg_fill_id_token_claims
BEFORE INSERT OR UPDATE ON upstream_oauth_authorization_sessions
FOR EACH ROW
WHEN (NEW.id_token_claims IS NULL AND NEW.id_token IS NOT NULL AND NEW.id_token <> '')
EXECUTE FUNCTION fill_id_token_claims();
Loading
Loading