Release 2025-05-12 - (expected chart version 5.15.0) #4573
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* integration: Move testInvalidCookie from brig-integration * Move Brig.ZAuth to Wire.AuthenticationSubsystem.ZAuth This needs more changes to the zauth library before it can be integrated in the the AuthenticationSubsystem. * zauth: Polysemize token creation and use it in AuthSubsys.ZAuth * Remove TokenPair type class The 'newAccessToken' function is moved to the 'AccessTokenLike' typeclass returns an 'AccessToken' type which contains the serialized token, removing the need for polymorphism. Similarly 'renewAccessToken' function in the 'UserTokenLike' typeclass returns an 'AccessToken'. We might be able to get rid of all of this polymophism as things are not _so_ complicated. This is just the first step. * Remove accessTokenClient from AccessTokenLike It was only used in integration tests and only for one type of access token * zauth: Unify User/LegalHoldUser and Acess/LegalHoldAccess using a phantom type paramter These are essentially same things and we have invented type classes to treat them so, but if they contain the same data structures inside and have same serialisation/de-serialisation logic, there is little point in having new type wrappers for LegalHoldUser and LegalHoldAccess. The phantom type parameter is of type `UserTokenType` with values `ActualUser` and `LHUser`. These names don't completely make any sense because there is no such thing as a `LegalHoldUser` different from `ActualUser`. It _should_ rather be called something like `TokenType`, but that name is taken by something else. I suspect this type will go away soon, so while transitioning its probably fine to keep it as it. Doing all this makes it easier for The typeclasses `AccessTokenLike` and `UserTokenLike` to be merged. The actual use of those type classes is to determine which ttls to apply to these the `UserTokenType`, which can now be made clearer in the code. * zauth: Delete unused validation functions * Introduce mappings from UserTokenType to Token.Type These help de-dupe bit more code. * zauth: Polysemize validation Delete bunch of unused code. * zauth: Remove lenses and renamed constructors * zauth: Use 'Type' as the parameter for the 'Token' type instead of body Create a type family 'Body t' which defines the body based on the type of the token. This removes illegal states like token of type Bot having a User as the body. As a result the token creation can be greatly simplified with it being passed the parameters for creating the header and the body of correct type. This helps reduce some duplication between ZAuth.Creation and Wire.AuthenticationSubsystems.ZAuth. This also pushed the need for the random number generation to the subsystems code making the creation even lighter. Maybe we can get rid of polysemy from there too making the whole thing very simple. The classes 'UserTokenLike' and 'AccessTokenLike' also become much simpler as they can just have a general constraint like '(Body t ~ User)' and '(Body t ~ Access) respectively. Perhaps these classes can be gotten rid of once we can use some state from the AuthenticationSubsystem. * integration tests: Adjust expectations of reading invalid tokens Since the token is generic now, read errors don't specify which type of token is invalid to read. This only changes the message of the error and not the label, so it is an acceptable change. * AuthSubs.ZAuth: deduplicate mkUserToken' and mkLegalHoldUserToken They're same functions now, this deals with a futurework * Unify newAccessToken and newLegalHoldAccessToken It is a bit reminiscent of the recently removed TokenPair class. Perhaps this was we can merge AccessTokenLike and UserTokenLike soon. * Unify newUserToken and newLegalHoldUserToken * zauth: Implement renewToken in terms of newToken The implementation only depended on newTokenImpl anyway. * zauth: Remove polysemy Every place it was used, it was immediately run. So there is little point in keeping this abstraction around. * Take newSessionToken out of UserTokenLike This makes UserTokenLike indepedent of MonadZAuth, freeing it to be useable in a polysemy action. * Replace MonadZAuth with Input ZAuthEnv and Embed IO Another way to do this would've been to implement stuff in the prod interpreter of AuthenticationSubsytem using MonadZAuth and then get rid of MonadZAuth. But it so happened this way. This way is worse because it has caused a lot of changes to constraints in brig which would need to be undone. Perhaps that happens in the next commit. * Make wire-api dependent on polysemy-wire-zoo instead of the other around This will help polysemy-wire-zoo to be usable in zauth * zauth: Reintroduce polysemy at a lower level This helps get rid of IO from token creation and validation, which would help avoid IO from AuthenticationSubsystem.Interpreter, which is required because MiniBackend doesn't run IO right now. brig doesn't compile right now, but the functions will be moved into AuthenticationSubsystem anyway, so playing type-tetris isn't as productive. * AuthenticationSubsytem: Move code for issuing a new cookie * Propagate constraint changes and newCookie moving to brig * Don't use singletons. The old code is good enough, and singletons may add more complexity than they abstract away. * Changelog. * integration/testCookieLimit: Add threadDelay to get around failure Brig updates its time every second. If we create many cookies very quickly all of them get assigned the same cookie creation time, this makes it impossible to guess which cookie will get evicted when we have too many cookies. So waiting a second between cookie creation gets around this problem. * AuthenticationSubsystem: Consolidate Input effects * brig: Remove `Member (Input Env)` from everywhere Move the required settings to AuthenticationSubsystemConfig. * brig: Remove ZAuthEnv as an explicit Input * Add test for randomConnId --------- Co-authored-by: Matthias Fischmann <mf@zerobuzz.net> Co-authored-by: Leif Battermann <leif.battermann@wire.com>
Release 2025-04-07 - (expected chart version 5.14.0)
* Add local hooks to deploy/docker-ephemeral/run.sh this can be used to do hacky cleanup tricks before and after restarting docker services. * Makefile hack: disconnect treefmt from posix env this is useful if you're running make in emacs. treefmt seems to be waiting for something for >5 seconds every when run in emacs. * fix typo Co-authored-by: Sven Tennie <sven.tennie@wire.com> * Add a line of docs. --------- Co-authored-by: Sven Tennie <sven.tennie@wire.com>
Streams are broken upstream due to haskell-servant/servant#1781
* Make proxy config follow same schema as other services
Otherwise, integration cannot patch the config correctly.
* Add /services/proxy to `make cr`.
* Add integration test for giphy proxy.
make devtest TEST_INCLUDE=testProxyGiphy now does something!
* wip
* Add giphyEndpoint to Helm chart
* Read giphyEndpoint config option
* Formatting
* WIP: Proxy integration test
* Make Proxy testable
Allow HTTP connections for tests.
* More assertions in test
* More assertions in test.
* Error case.
* Drop SetupHelpers.Proxied and move everything into Test.Proxy.
* Test more error cases.
* refactor: make proxy independent of wai-predicate
* Move giphy proxy from wai-predicate to servant.
* TODO
* Make test more exhaustive.
* Test for youtube proxy; make proxied endpoints optional in yaml.
* Move youtube proxy from wai-predicate to servant.
* Refactor test.
* Fixup
* Make googlemaps proxy take optional google maps endpoint.
* Test for googlemaps proxy.
* Fix google maps test route
The path prefix was wrong.
* Add assertions: Handle 404 responses
* Servantify googlemaps staticmap
* Lint
* Servantify googlemaps geocode api
* make sanitize-pr
* Delete obsolete wai routes
* Remove RawM hack (it's been available upstream since forever).
* Make spotify endpoint configurable
* Fixup: Remove RawM hack (it's been available ... since forever).
* Start test for spotify
* Add assertion to spotify test
* One servant type to rule them all
* Servantify proxy spotify api
* Add test for soundcloud resolve
* Servantify souncloud /resolve endpoint
* Add test for soundcloud stream
* Servantify soundcloud proxy.
this removes the last traces of wai-{routes,predicates} from /services/proxy.
* Enable proxy for integration tests (CI)
Unfortunately, local and CI test setups differ...
* changelog
* Use Endpoint instead of hacking it with CaptureAll.
* Change default log level for proxy in /integration from Trace to Warn.
* Add swagger description.
* Remove outdated TODO.
* Add unrelated haddocks.
---------
Co-authored-by: Sven Tennie <sven.tennie@wire.com>
…roup of a private channel (#4534)
…nal requests (#4543) This will reduce noise log in brig.
WPB-16211: fix the wire-docs build and added the documentation for contribution to wire-docs
* Remove duplication in checkProposal * Check signature keys of leaf nodes in internal commits * Refactor createMLSClient * Migrate mls/clients test to integration * Make mls/clients return only one signature key * Remove GenericClientMap and generalise ClientMap * Use Error effect in getClientInfo * Implement signature check for update paths * fixup! Check signature keys of leaf nodes in internal commits * Skip leaf node signature key check if no key can be found * Lint * Check leaf node of update path * Extract and generalise leaf node signature check * Move new federation endpoint to V3. * fixup! Extract and generalise leaf node signature check * Add CHANGELOG entry * Test signature keys for clients of existing users as well * Test incorrect signature key on external commit * Test compatibility with federation v1 * More explicit wording for ms-identity-mismatch error Co-authored-by: Leif Battermann <leif.battermann@wire.com> --------- Co-authored-by: Leif Battermann <leif.battermann@wire.com>
This PR changes the way assets are uploaded to S3, it makes use of [multi-part uploads API](https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html) via the amazonka-s3-streaming library. cargohold needs to be compatible with StorageGRID. Without this PR cargohold receives 400 Bad request when uploading. It might be related to this comment: : https://docs.netapp.com/us-en/storagegrid/s3/s3-rest-api-supported-operations-and-limitations.html#common-request-headers Switching to multi-part uploads seems to fix the problem. See also https://wearezeta.atlassian.net/browse/WPB-17236
…bbitmq (#4556) This commit introduces a new RecipientClients constructor to express that sometimes notifs should only be pushed to the temporary queue of a user. Co-authored-by: Akshay Mankar <itsakshaymankar@gmail.com>
| image | CVEs | |------------------------------------|------| | bitnami/redis:6.2.6 (debian 10.12) | 411 | | bitnami/redis:6.2.16 (debian 12.8) | 96 |
This version is known to work. Newer versions probably need adjustment(s) to their values.
This commit changes these endpoints for versions V9+:
- POST /get-domain-registration
- POST /domain-verification/{domain}/backend
The `backend_url` is moved into an object (`backend`) as field `config_url`. A new field (`webapp_url`) is added to this. This new field is backed by a column in the database.
Apply new schema (payloads) to DomainRegistrationResponse and DomainRegistrationUpdate.
extend test coverage: when a SCIM provisioned user logs in via SSO, even if validateSAMLEmails is enabled
We allow only TLS connections to the Redis nodes. Thus we replication has to use TLS as well (by default it doesn't.) See https://redis.io/docs/latest/operate/oss_and_stack/management/security/encryption/#replication * Add missing newlines These files are interpreted as "POSIX text files". And, thus should adhere to their standards. See https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206 * Add changelog entry
Inline function: It had only one usage.
* Implement group ID version 2 * Add MLS reset endpoint * Fix GroupId roundtrip test * Basic MLS reset test * Federated reset endpoint * Finish implementation of federated reset * Test delete subconv with new reset endpoint * fixup! Basic MLS reset test * Test mixed conversation reset * Fix fed versioning and add test * Add CHANGELOG entry * Add new endpoint to nginx * Remove TODO * Temporarily remove legacy fed test We will add it back in a follow-up PR
* More SAML login error details. * HasCallStack * cabal bounds.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2025-05-12] (Chart Release 5.15.0)
API changes
From API version V9 on, the
POST /domain-verification/{domain}/backendandPOST /get-domain-registrationendpoints are adjusted to also carry thewebapp_urlin their payloads. The structure of these payloads changes aswell: The former
backend_urland the newwebapp_urlare now combined in oneobject in the
backendfield:{ ... "backend": { "config_url": "{url}", "webapp_url": "{url}" } }The same change is applied to the internal endpoints
PUT /i/domain-registrationandGET /i/domain-registration. (Add a webapp url field to email domain registration (1) #4559)Add a new endpoint
/mls/reset-conversationwhich can be used to restore an MLS group that ended up in an invalid state for any reason. After resetting, the conversation has the same users, but the corresponding MLS group gets a new group ID and resets to epoch 0 with no clients. (Reset MLS conversations #4558)Features
Bug fixes and other updates
Only forward one conversation create event to pydio (WPB-16953 Only one conversation-creation notification should be forwarded to pydio #4535, WPB-16953 fix: conversation delete event is cells notification #4551)
Fixed channel permissions for external partners. They are allowed to add members if they are channel admins or if add-permissions are set to everyone. (WPB-17088 External partners cannot send the first commit to the MLS group of a private channel #4534)
gundeck: Send notifications to temp clients only when there are no rabbitmq clients in the recipient list. Before this, it was wrongly sending the notification to all recipients. (WPB-17378 gundeck: Fix logic to split pushes between cassandra and rabbitmq #4556)
charts/{cannon,nginz}: Add the events endpoint to nginz config (charts/cannon: Add the events endpoint to nginz config #4540, charts/cannon: Add the events endpoint to nginz config #4540)
Lazy streams were broken due to
Remove strict data from servant{,-server}'s cabal files haskell-servant/servant#1781 . So, in specific cases,
the playload of a streamed response was realised in the application's memory
instead of streaming it piecewise. (Use patched version of servant 0.20.2 #4538)
Use multipart upload to S3 for all assets (cargohold: use multi-part uploads to S3 #4548)
Internal changes
Remove wai-routes, wai-predicates deps from proxy and translate routing table and handlers to servant. New integration tests for proxy featuring mock services. ([WPB-1216] servantify proxy (part 2, again) #4525)
Include untouched base64-encoded authentication response from http request body in error messages, not some intermediate parse result. (More SAML login error details. #4570)
Move zauth logic from brig to wire-subsystems (part 1: Brig.ZAuth, simplify implementation) (AuthenticationSubsystem: Move newCookie into it #4479)
Fix Redis replication in our docker-compose env (used to run integration tests
locally): We allow only TLS connections to the Redis nodes. Thus, replication
has to use TLS as well (by default it doesn't.) (Fix docker-compose redis replication #4566)
Bump redis version used by redis-ephemeral to 6.2.16 (fix(redis-ephemeral): bump to 6.2.16 #4524)
The backend now verifies that new leaf nodes occurring in an MLS commit match the signature key registered by the corresponding client (Verify commit leaf nodes #4531)
Federation changes