-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Prevent historical state from being pushed to an application service via /transactions
(MSC2716)
#11265
Prevent historical state from being pushed to an application service via /transactions
(MSC2716)
#11265
Conversation
Regression tests for matrix-org/synapse#11241 Synapse changes: matrix-org/synapse#11265
…n Complement Complement tests: matrix-org/complement#221
@@ -221,6 +221,7 @@ async def persist_state_events_at_start( | |||
action=membership, | |||
content=event_dict["content"], | |||
outlier=True, | |||
historical=True, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of these changes are just piping historical
down to create_event
update_membership
update_membership_locked
_local_membership_update
create_event
@@ -240,6 +241,7 @@ async def persist_state_events_at_start( | |||
), | |||
event_dict, | |||
outlier=True, | |||
historical=True, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of these changes are just piping historical
down to create_event
create_and_send_nonmember_event
create_event
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whatever else happens, please please please make sure that any parameters are added to the docstrings at each level, with the intended purpose clearly described.
Relatedly: as a general rule, I would say it is preferable for method parameters to describe a change in behaviour ("inhibit_sync_to_clent
") rather than describe some bit of state that the function is free to interpret as it wishes: it's much clearer for a later reader to understand how things tie together, particularly when things then get modified later on. Obviously this isn't a hard-and-fast rule, but it's worth considering.
[Currently we have a bit of a mess in some places (FederationEventHander.backfilled
being a prime example) where you have to dig through 150 methods to find out what a flag actually does, and then somehow reverse-engineer what it is supposed to do. Don't do that.]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please please please make sure that any parameters are added to the docstrings at each level, with the intended purpose clearly described.
Will do 🙇
Relatedly: as a general rule, I would say it is preferable for method parameters to describe a change in behaviour ("inhibit_sync_to_clent") rather than describe some bit of state that the function is free to interpret as it wishes
Seems reasonable. I've created a separate issue to track this #11300
/transactions
/transactions
/transactions
/transactions
(MSC2716)
eaf4d9a
to
64df8cd
Compare
@@ -0,0 +1 @@ | |||
Prevent [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical state events from being pushed to an application service via `/transactions`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a bit confused why these would come down /transactions
and not down /sync
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was a little bit curious about this as well and saw that /transactions
only cares about stream_ordering
so it made sense why it still came down and didn't look into it further.
Diving into this more now, here are the details:
/sync
looks for stream_ordering
but excludes all outliers
.
synapse/synapse/storage/databases/main/stream.py
Lines 519 to 527 in b09d90c
sql = """ | |
SELECT event_id, instance_name, topological_ordering, stream_ordering | |
FROM events | |
WHERE | |
room_id = ? | |
AND not outlier | |
AND stream_ordering > ? AND stream_ordering <= ? | |
ORDER BY stream_ordering %s LIMIT ? | |
""" % ( |
Whereas /transactions
only cares about stream_ordering
. Perhaps we should exclude outliers
in /transactions
? I can tackle that in a separate PR if we decide.
synapse/synapse/storage/databases/main/appservice.py
Lines 358 to 368 in b09d90c
def get_new_events_for_appservice_txn(txn): | |
sql = ( | |
"SELECT e.stream_ordering, e.event_id" | |
" FROM events AS e" | |
" WHERE" | |
" (SELECT stream_ordering FROM appservice_stream_position)" | |
" < e.stream_ordering" | |
" AND e.stream_ordering <= ?" | |
" ORDER BY e.stream_ordering ASC" | |
" LIMIT ?" | |
) |
/sync
stack trace
SyncRestServlet.on_GET
wait_for_sync_for_user
_wait_for_sync_for_user
current_sync_for_user
generate_sync_result
_generate_sync_entry_for_rooms
_get_rooms_changed
get_room_events_stream_for_rooms
get_room_events_stream_for_room
/transactions
stack trace
enqueue_event
_send_request
appservice.scheduler.send
create_appservice_txn
AppServiceTransaction.send
push_bulk
/transactions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for jumping in without context, but
Perhaps we should exclude outliers in /transactions?
the outlier flag seems like a poor way to decide whether we should push this data. (Yes, outliers shouldn't be sent over /transactions
, but there are probably many other events which shouldn't be sent).
FederationEventHandler._process_received_pdu
has a backfilled
parameter (see
synapse/synapse/handlers/federation_event.py
Line 945 in b09d90c
backfilled: bool = False, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whatever we decide on to make /sync
and /transactions
behave similarly, we can tackle in another PR. This PR is still good to ship on its own, i.e. It's a good idea to mark historical state as historical
FederationEventHandler._process_received_pdu
has abackfilled
parameter [...]
Maybe we should use similar logic to that, somehow?
For /transactions
, we can't tell whether the event was backfilled
. The only indication is that the stream_ordering
would be negative which is what the /transactions
code already takes into account. And is why the fix in this PR to mark the historical state events historical
-> backfilled
works to not show up in /transactions
.
I just suggested adding outlier
to /transactions
query as well so it would match the query in /sync
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created #11394 to track this ⏩
This approach seems reasonable to me as a stop gap before we try and use the same rules for sending events down |
@erikjohnston Approval please 🙂 Do you want @richvdh to approve as well before merge? |
given erik has the context here, I'm happy to defer to him, if he has the bandwidth to look at it. I was just making driveby comments before! |
Thanks for the review @erikjohnston and @richvdh 🐖 |
Synapse 1.48.0 (2021-11-30) =========================== This release removes support for the long-deprecated `trust_identity_server_for_password_resets` configuration flag. This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0. No significant changes since 1.48.0rc1. Synapse 1.48.0rc1 (2021-11-25) ============================== Features -------- - Experimental support for the thread relation defined in [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11161](matrix-org/synapse#11161)) - Support filtering by relation senders & types per [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\#11236](matrix-org/synapse#11236)) - Add support for the `/_matrix/client/v3` and `/_matrix/media/v3` APIs from Matrix v1.1. ([\#11318](matrix-org/synapse#11318), [\#11371](matrix-org/synapse#11371)) - Support the stable version of [MSC2778](matrix-org/matrix-spec-proposals#2778): the `m.login.application_service` login type. Contributed by @tulir. ([\#11335](matrix-org/synapse#11335)) - Add a new version of delete room admin API `DELETE /_synapse/admin/v2/rooms/<room_id>` to run it in the background. Contributed by @dklimpel. ([\#11223](matrix-org/synapse#11223)) - Allow the admin [Delete Room API](https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#delete-room-api) to block a room without the need to join it. ([\#11228](matrix-org/synapse#11228)) - Add an admin API to un-shadow-ban a user. ([\#11347](matrix-org/synapse#11347)) - Add an admin API to run background database schema updates. ([\#11352](matrix-org/synapse#11352)) - Add an admin API for blocking a room. ([\#11324](matrix-org/synapse#11324)) - Update the JWT login type to support custom a `sub` claim. ([\#11361](matrix-org/synapse#11361)) - Store and allow querying of arbitrary event relations. ([\#11391](matrix-org/synapse#11391)) Bugfixes -------- - Fix a long-standing bug wherein display names or avatar URLs containing null bytes cause an internal server error when stored in the DB. ([\#11230](matrix-org/synapse#11230)) - Prevent [MSC2716](matrix-org/matrix-spec-proposals#2716) historical state events from being pushed to an application service via `/transactions`. ([\#11265](matrix-org/synapse#11265)) - Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @Neeeflix. ([\#11288](matrix-org/synapse#11288)) - Fix a bug, introduced in Synapse 1.46.0, which caused the `check_3pid_auth` and `on_logged_out` callbacks in legacy password authentication provider modules to not be registered. Modules using the generic module interface were not affected. ([\#11340](matrix-org/synapse#11340)) - Fix a bug introduced in 1.41.0 where space hierarchy responses would be incorrectly reused if multiple users were to make the same request at the same time. ([\#11355](matrix-org/synapse#11355)) - Fix a bug introduced in 1.45.0 where the `read_templates` method of the module API would error. ([\#11377](matrix-org/synapse#11377)) - Fix an issue introduced in 1.47.0 which prevented servers re-joining rooms they had previously left, if their signing keys were replaced. ([\#11379](matrix-org/synapse#11379)) - Fix a bug introduced in 1.13.0 where creating and publishing a room could cause errors if `room_list_publication_rules` is configured. ([\#11392](matrix-org/synapse#11392)) - Improve performance of various background database updates. ([\#11421](matrix-org/synapse#11421), [\#11422](matrix-org/synapse#11422)) Improved Documentation ---------------------- - Suggest users of the Debian packages add configuration to `/etc/matrix-synapse/conf.d/` to prevent, upon upgrade, being asked to choose between their configuration and the maintainer's. ([\#11281](matrix-org/synapse#11281)) - Fix typos in the documentation for the `username_available` admin API. Contributed by Stanislav Motylkov. ([\#11286](matrix-org/synapse#11286)) - Add Single Sign-On, SAML and CAS pages to the documentation. ([\#11298](matrix-org/synapse#11298)) - Change the word 'Home server' as one word 'homeserver' in documentation. ([\#11320](matrix-org/synapse#11320)) - Fix missing quotes for wildcard domains in `federation_certificate_verification_whitelist`. ([\#11381](matrix-org/synapse#11381)) Deprecations and Removals ------------------------- - Remove deprecated `trust_identity_server_for_password_resets` configuration flag. ([\#11333](matrix-org/synapse#11333), [\#11395](matrix-org/synapse#11395)) Internal Changes ---------------- - Add type annotations to `synapse.metrics`. ([\#10847](matrix-org/synapse#10847)) - Split out federated PDU retrieval function into a non-cached version. ([\#11242](matrix-org/synapse#11242)) - Clean up code relating to to-device messages and sending ephemeral events to application services. ([\#11247](matrix-org/synapse#11247)) - Fix a small typo in the error response when a relation type other than 'm.annotation' is passed to `GET /rooms/{room_id}/aggregations/{event_id}`. ([\#11278](matrix-org/synapse#11278)) - Drop unused database tables `room_stats_historical` and `user_stats_historical`. ([\#11280](matrix-org/synapse#11280)) - Require all files in synapse/ and tests/ to pass mypy unless specifically excluded. ([\#11282](matrix-org/synapse#11282), [\#11285](matrix-org/synapse#11285), [\#11359](matrix-org/synapse#11359)) - Add missing type hints to `synapse.app`. ([\#11287](matrix-org/synapse#11287)) - Remove unused parameters on `FederationEventHandler._check_event_auth`. ([\#11292](matrix-org/synapse#11292)) - Add type hints to `synapse._scripts`. ([\#11297](matrix-org/synapse#11297)) - Fix an issue which prevented the `remove_deleted_devices_from_device_inbox` background database schema update from running when updating from a recent Synapse version. ([\#11303](matrix-org/synapse#11303)) - Add type hints to storage classes. ([\#11307](matrix-org/synapse#11307), [\#11310](matrix-org/synapse#11310), [\#11311](matrix-org/synapse#11311), [\#11312](matrix-org/synapse#11312), [\#11313](matrix-org/synapse#11313), [\#11314](matrix-org/synapse#11314), [\#11316](matrix-org/synapse#11316), [\#11322](matrix-org/synapse#11322), [\#11332](matrix-org/synapse#11332), [\#11339](matrix-org/synapse#11339), [\#11342](matrix-org/synapse#11342)) - Add type hints to `synapse.util`. ([\#11321](matrix-org/synapse#11321), [\#11328](matrix-org/synapse#11328)) - Improve type annotations in Synapse's test suite. ([\#11323](matrix-org/synapse#11323), [\#11330](matrix-org/synapse#11330)) - Test that room alias deletion works as intended. ([\#11327](matrix-org/synapse#11327)) - Add type annotations for some methods and properties in the module API. ([\#11341](matrix-org/synapse#11341)) - Fix running `scripts-dev/complement.sh`, which was broken in v1.47.0rc1. ([\#11368](matrix-org/synapse#11368)) - Rename internal functions for token generation to better reflect what they do. ([\#11369](matrix-org/synapse#11369), [\#11370](matrix-org/synapse#11370)) - Add type hints to configuration classes. ([\#11377](matrix-org/synapse#11377)) - Publish a `develop` image to Docker Hub. ([\#11380](matrix-org/synapse#11380)) - Keep fallback key marked as used if it's re-uploaded. ([\#11382](matrix-org/synapse#11382)) - Use `auto_attribs` on the `attrs` class `RefreshTokenLookupResult`. ([\#11386](matrix-org/synapse#11386)) - Rename unstable `access_token_lifetime` configuration option to `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. ([\#11388](matrix-org/synapse#11388)) - Do not run the broken MSC2716 tests when running `scripts-dev/complement.sh`. ([\#11389](matrix-org/synapse#11389)) - Remove dead code from supporting ACME. ([\#11393](matrix-org/synapse#11393)) - Refactor including the bundled relations when serializing an event. ([\#11408](matrix-org/synapse#11408))
Synapse 1.48.0 (2021-11-30) =========================== This release removes support for the long-deprecated `trust_identity_server_for_password_resets` configuration flag. This release also fixes some performance issues with some background database updates introduced in Synapse 1.47.0. No significant changes since 1.48.0rc1. Synapse 1.48.0rc1 (2021-11-25) ============================== Features -------- - Experimental support for the thread relation defined in [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\matrix-org#11161](matrix-org#11161)) - Support filtering by relation senders & types per [MSC3440](matrix-org/matrix-spec-proposals#3440). ([\matrix-org#11236](matrix-org#11236)) - Add support for the `/_matrix/client/v3` and `/_matrix/media/v3` APIs from Matrix v1.1. ([\matrix-org#11318](matrix-org#11318), [\matrix-org#11371](matrix-org#11371)) - Support the stable version of [MSC2778](matrix-org/matrix-spec-proposals#2778): the `m.login.application_service` login type. Contributed by @tulir. ([\matrix-org#11335](matrix-org#11335)) - Add a new version of delete room admin API `DELETE /_synapse/admin/v2/rooms/<room_id>` to run it in the background. Contributed by @dklimpel. ([\matrix-org#11223](matrix-org#11223)) - Allow the admin [Delete Room API](https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#delete-room-api) to block a room without the need to join it. ([\matrix-org#11228](matrix-org#11228)) - Add an admin API to un-shadow-ban a user. ([\matrix-org#11347](matrix-org#11347)) - Add an admin API to run background database schema updates. ([\matrix-org#11352](matrix-org#11352)) - Add an admin API for blocking a room. ([\matrix-org#11324](matrix-org#11324)) - Update the JWT login type to support custom a `sub` claim. ([\matrix-org#11361](matrix-org#11361)) - Store and allow querying of arbitrary event relations. ([\matrix-org#11391](matrix-org#11391)) Bugfixes -------- - Fix a long-standing bug wherein display names or avatar URLs containing null bytes cause an internal server error when stored in the DB. ([\matrix-org#11230](matrix-org#11230)) - Prevent [MSC2716](matrix-org/matrix-spec-proposals#2716) historical state events from being pushed to an application service via `/transactions`. ([\matrix-org#11265](matrix-org#11265)) - Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @Neeeflix. ([\matrix-org#11288](matrix-org#11288)) - Fix a bug, introduced in Synapse 1.46.0, which caused the `check_3pid_auth` and `on_logged_out` callbacks in legacy password authentication provider modules to not be registered. Modules using the generic module interface were not affected. ([\matrix-org#11340](matrix-org#11340)) - Fix a bug introduced in 1.41.0 where space hierarchy responses would be incorrectly reused if multiple users were to make the same request at the same time. ([\matrix-org#11355](matrix-org#11355)) - Fix a bug introduced in 1.45.0 where the `read_templates` method of the module API would error. ([\matrix-org#11377](matrix-org#11377)) - Fix an issue introduced in 1.47.0 which prevented servers re-joining rooms they had previously left, if their signing keys were replaced. ([\matrix-org#11379](matrix-org#11379)) - Fix a bug introduced in 1.13.0 where creating and publishing a room could cause errors if `room_list_publication_rules` is configured. ([\matrix-org#11392](matrix-org#11392)) - Improve performance of various background database updates. ([\matrix-org#11421](matrix-org#11421), [\matrix-org#11422](matrix-org#11422)) Improved Documentation ---------------------- - Suggest users of the Debian packages add configuration to `/etc/matrix-synapse/conf.d/` to prevent, upon upgrade, being asked to choose between their configuration and the maintainer's. ([\matrix-org#11281](matrix-org#11281)) - Fix typos in the documentation for the `username_available` admin API. Contributed by Stanislav Motylkov. ([\matrix-org#11286](matrix-org#11286)) - Add Single Sign-On, SAML and CAS pages to the documentation. ([\matrix-org#11298](matrix-org#11298)) - Change the word 'Home server' as one word 'homeserver' in documentation. ([\matrix-org#11320](matrix-org#11320)) - Fix missing quotes for wildcard domains in `federation_certificate_verification_whitelist`. ([\matrix-org#11381](matrix-org#11381)) Deprecations and Removals ------------------------- - Remove deprecated `trust_identity_server_for_password_resets` configuration flag. ([\matrix-org#11333](matrix-org#11333), [\matrix-org#11395](matrix-org#11395)) Internal Changes ---------------- - Add type annotations to `synapse.metrics`. ([\matrix-org#10847](matrix-org#10847)) - Split out federated PDU retrieval function into a non-cached version. ([\matrix-org#11242](matrix-org#11242)) - Clean up code relating to to-device messages and sending ephemeral events to application services. ([\matrix-org#11247](matrix-org#11247)) - Fix a small typo in the error response when a relation type other than 'm.annotation' is passed to `GET /rooms/{room_id}/aggregations/{event_id}`. ([\matrix-org#11278](matrix-org#11278)) - Drop unused database tables `room_stats_historical` and `user_stats_historical`. ([\matrix-org#11280](matrix-org#11280)) - Require all files in synapse/ and tests/ to pass mypy unless specifically excluded. ([\matrix-org#11282](matrix-org#11282), [\matrix-org#11285](matrix-org#11285), [\matrix-org#11359](matrix-org#11359)) - Add missing type hints to `synapse.app`. ([\matrix-org#11287](matrix-org#11287)) - Remove unused parameters on `FederationEventHandler._check_event_auth`. ([\matrix-org#11292](matrix-org#11292)) - Add type hints to `synapse._scripts`. ([\matrix-org#11297](matrix-org#11297)) - Fix an issue which prevented the `remove_deleted_devices_from_device_inbox` background database schema update from running when updating from a recent Synapse version. ([\matrix-org#11303](matrix-org#11303)) - Add type hints to storage classes. ([\matrix-org#11307](matrix-org#11307), [\matrix-org#11310](matrix-org#11310), [\matrix-org#11311](matrix-org#11311), [\matrix-org#11312](matrix-org#11312), [\matrix-org#11313](matrix-org#11313), [\matrix-org#11314](matrix-org#11314), [\matrix-org#11316](matrix-org#11316), [\matrix-org#11322](matrix-org#11322), [\matrix-org#11332](matrix-org#11332), [\matrix-org#11339](matrix-org#11339), [\matrix-org#11342](matrix-org#11342)) - Add type hints to `synapse.util`. ([\matrix-org#11321](matrix-org#11321), [\matrix-org#11328](matrix-org#11328)) - Improve type annotations in Synapse's test suite. ([\matrix-org#11323](matrix-org#11323), [\matrix-org#11330](matrix-org#11330)) - Test that room alias deletion works as intended. ([\matrix-org#11327](matrix-org#11327)) - Add type annotations for some methods and properties in the module API. ([\matrix-org#11341](matrix-org#11341)) - Fix running `scripts-dev/complement.sh`, which was broken in v1.47.0rc1. ([\matrix-org#11368](matrix-org#11368)) - Rename internal functions for token generation to better reflect what they do. ([\matrix-org#11369](matrix-org#11369), [\matrix-org#11370](matrix-org#11370)) - Add type hints to configuration classes. ([\matrix-org#11377](matrix-org#11377)) - Publish a `develop` image to Docker Hub. ([\matrix-org#11380](matrix-org#11380)) - Keep fallback key marked as used if it's re-uploaded. ([\matrix-org#11382](matrix-org#11382)) - Use `auto_attribs` on the `attrs` class `RefreshTokenLookupResult`. ([\matrix-org#11386](matrix-org#11386)) - Rename unstable `access_token_lifetime` configuration option to `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. ([\matrix-org#11388](matrix-org#11388)) - Do not run the broken MSC2716 tests when running `scripts-dev/complement.sh`. ([\matrix-org#11389](matrix-org#11389)) - Remove dead code from supporting ACME. ([\matrix-org#11393](matrix-org#11393)) - Refactor including the bundled relations when serializing an event. ([\matrix-org#11408](matrix-org#11408))
@@ -231,13 +231,32 @@ async def push_bulk( | |||
json_body=body, | |||
args={"access_token": service.hs_token}, | |||
) | |||
if logger.isEnabledFor(logging.DEBUG): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I came back to this and was confused why I did this since it's guarding debug against debug.
AFAICT, this is to avoid potentially expensive string construction when we loop through all of the events
here. We do this in a few other places in the codebase too.
Prevent historical state from being pushed to an application service via
/transactions
. We now mark historical state from the MSC2716/batch_send
endpoint ashistorical
which makes itbackfilled
and have a negativestream_ordering
so it doesn't get queried by/transactions
.Fix #11241
Complement tests: matrix-org/complement#221
Part of MSC2716: matrix-org/matrix-spec-proposals#2716
Dev notes
/sync
looks forstream_ordering
but excludes alloutliers
.synapse/synapse/storage/databases/main/stream.py
Lines 519 to 527 in b09d90c
Whereas
/transactions
only cares aboutstream_ordering
. Perhaps we should excludeoutliers
in/transactions
?synapse/synapse/storage/databases/main/appservice.py
Lines 358 to 368 in b09d90c
/sync
stack traceSyncRestServlet.on_GET
wait_for_sync_for_user
_wait_for_sync_for_user
current_sync_for_user
generate_sync_result
_generate_sync_entry_for_rooms
_get_rooms_changed
get_room_events_stream_for_rooms
get_room_events_stream_for_room
/transactions
stack tracenotify_interested_services
_notify_interested_services
get_new_events_for_appservice
submit_event_for_as
submit_event_for_as
->enqueue_event
_send_request
appservice.scheduler.send
create_appservice_txn
AppServiceTransaction.send
push_bulk
/transactions
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.Pull request includes a sign off(run the linters)