Skip to content

MSC4140: Remove auth from delayed event management endpoints #19152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Nov 13, 2025
Merged

MSC4140: Remove auth from delayed event management endpoints #19152

merged 24 commits into from
Nov 13, 2025
+198 −212

Conversation

@AndrewFerr
Copy link
Member

@AndrewFerr AndrewFerr commented Nov 7, 2025
edited
Loading

As per recent proposals in MSC4140, remove authentication for restarting/cancelling/sending a delayed event, and give each of those actions its own endpoint. (The original consolidated endpoint is still supported for backwards compatibility.)

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct (run the linters)

Half-Shot and others added 10 commits October 27, 2025 16:46
@Half-Shot
Update delayed events to support no tokens
0ce5692
@AndrewFerr
More support for unauthed delayed event management
eef7045 
- Ratelimit based on IP address, as we do for some other unauthed
  endpoints (like login)
- Remove docstrings for methods whose parameters are self-documenting
- Remove named-argument splitter (*) from methods where remaining
  parameters are unambiguous
- Add required SQLite-specific schema migration
- Apply the schema migration & update latest schema version
- Apply automatic formatting & linting fixes
@AndrewFerr
Test delayed event management without auth
7a34e62
@AndrewFerr
Split delayed event management endpoints
711a6c2
@AndrewFerr
Commonize test function
0cf0036
@AndrewFerr
Merge with 'develop'
5418998
@AndrewFerr
Restore tests on common delay evt mgmt endpoint
cf2972a 
As long as it is still supported for backwards compatibility, want to
keep testing it to guard against regressions
@AndrewFerr
Use assert keyword to assist mypy
62b1c56
@AndrewFerr
Merge with 'develop'
1f84c5f
@AndrewFerr
Update schema change comment
a24da1f
@AndrewFerr AndrewFerr requested a review from a team as a code owner November 7, 2025 05:46
@AndrewFerr AndrewFerr changed the title Delayed event management changes MSC4140: Remove auth from delayed event management endpoints Nov 7, 2025
@AndrewFerr
Add changelog
754083f
@AndrewFerr
Rename copied table after index creation
422e843 
Do this to prevent a false-positive failure of the check_schema_delta
script that thinks indexes are being created on an existing table, when
they are really being created on a new replacement table.
@AndrewFerr
Copy link
Member Author

AndrewFerr commented Nov 7, 2025
edited
Loading

This will conflict with #19038, and IMO should go in first because:

  1. This is the simpler of the two PRs
  2. This PR's SQLite-specific schema migration will have less to do if this goes in first; otherwise, it will have more columns to copy EDIT: This is no longer a factor as of 87752c9
  3. There are client-side PRs that use these changes (Delayed event management: split endpoints, no auth matrix-org/matrix-js-sdk#5066, Delayed event management: split endpoints, no auth  element-web#31183), so getting this merged will help get those tested & merged too

@anoadragon453 anoadragon453 mentioned this pull request Nov 11, 2025
Draft
MadLittleMods
MadLittleMods reviewed Nov 11, 2025
View reviewed changes
@MadLittleMods MadLittleMods requested a review from a team November 11, 2025 16:36
@AndrewFerr
Merge with 'develop'
f15b04d
@AndrewFerr
Add UNIQUE INDEX instead of replacing pkey
87752c9 
This prevents having to break DB compatibility / having to bump
SCHEMA_COMPAT_VERSION.

Use UNIQUE INDEX instead of ALTER TABLE for compatibility with SQLite.
@AndrewFerr AndrewFerr mentioned this pull request Nov 11, 2025
Merged
1 task
@AndrewFerr
Copy link
Member Author

AndrewFerr commented Nov 13, 2025

With matrix-org/complement#817 merged, this PR is now covered by Complement tests.

@AndrewFerr
Merge branch 'develop' into delayed-event-management-changes
4cae1a0
@AndrewFerr
Revert "Fix parameterized.expand for trial-olddeps"
f35ff0d 
This reverts commit 76872b1, which is
no longer needed now that the lower-bound version of parameterized has
been increased.
devonh
devonh approved these changes Nov 13, 2025
View reviewed changes
Copy link
Member

@devonh devonh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes seem sensible to me. It's mostly just changing the API shape to align with recent developments on the MSC.

The DB index addition stuff should be okay.

@devonh devonh merged commit 9e23cde into element-hq:develop Nov 13, 2025
41 checks passed
@AndrewFerr AndrewFerr deleted the delayed-event-management-changes branch November 14, 2025 02:04
AndrewFerr added a commit to AndrewFerr/synapse that referenced this pull request Nov 14, 2025
@AndrewFerr
Merge with 'develop' before element-hq#19152
f1383cc
AndrewFerr added a commit to AndrewFerr/synapse that referenced this pull request Nov 14, 2025
@AndrewFerr
Merge with element-hq#19152
274d1cf
@AndrewFerr AndrewFerr mentioned this pull request Nov 14, 2025
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MadLittleMods MadLittleMods MadLittleMods left review comments

@devonh devonh devonh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AndrewFerr @MadLittleMods @devonh @Half-Shot