Merge branch 'develop' into dehydration_v2

.github/workflows/static_analysis.yml

@@ -90,3 +90,19 @@ jobs:
                   path: _docs
                   # We'll only use this in a workflow_run, then we're done with it
                   retention-days: 1
+
+    analyse_dead_code:
+        name: "Analyse Dead Code"
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+
+            - name: Install Deps
+              run: "yarn install --frozen-lockfile"
+
+            - name: Run linter
+              run: "yarn run lint:knip"

CHANGELOG.md

@@ -1,3 +1,30 @@
+Changes in [32.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.0.0) (2024-04-09)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove various deprecated methods \& re-exports ([#4125](https://github.com/matrix-org/matrix-js-sdk/pull/4125)). Contributed by @t3chguy.
+* Remove the logic that throws when the lazy loading options has changed. ([#4124](https://github.com/matrix-org/matrix-js-sdk/pull/4124)). Contributed by @langleyd.
+* Fix highlights from threads disappearing on new messages ([#4106](https://github.com/matrix-org/matrix-js-sdk/pull/4106)). Contributed by @dbkr.
+
+## ✨ Features
+
+* Add new `decryptExistingEvent` test helper ([#4133](https://github.com/matrix-org/matrix-js-sdk/pull/4133)). Contributed by @richvdh.
+* Improve types for `sendEvent` ([#4108](https://github.com/matrix-org/matrix-js-sdk/pull/4108)). Contributed by @t3chguy.
+* Remove various deprecated methods \& re-exports ([#4125](https://github.com/matrix-org/matrix-js-sdk/pull/4125)). Contributed by @t3chguy.
+* Add new enum for verification methods. ([#4129](https://github.com/matrix-org/matrix-js-sdk/pull/4129)). Contributed by @richvdh.
+* Add some test utils in a new entrypoint ([#4127](https://github.com/matrix-org/matrix-js-sdk/pull/4127)). Contributed by @richvdh.
+* Improve types for `sendStateEvent` ([#4105](https://github.com/matrix-org/matrix-js-sdk/pull/4105)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* Improve types for `IPowerLevelsContent` and `hasSufficientPowerLevelFor` ([#4128](https://github.com/matrix-org/matrix-js-sdk/pull/4128)). Contributed by @galash13.
+* Remove the logic that throws when the lazy loading options has changed. ([#4124](https://github.com/matrix-org/matrix-js-sdk/pull/4124)). Contributed by @langleyd.
+* Fix highlights from threads disappearing on new messages ([#4106](https://github.com/matrix-org/matrix-js-sdk/pull/4106)). Contributed by @dbkr.
+* Extend logic for local notification processing to threads ([#4111](https://github.com/matrix-org/matrix-js-sdk/pull/4111)). Contributed by @dbkr.
+* Fix public rooms post request search params and body ([#4110](https://github.com/matrix-org/matrix-js-sdk/pull/4110)). Contributed by @ajbura.
+* Fix bugs with the first reply to a thread ([#4104](https://github.com/matrix-org/matrix-js-sdk/pull/4104)). Contributed by @dbkr.
+
+
 Changes in [31.6.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v31.6.1) (2024-03-28)
 ==================================================================================================
 ## 🐛 Bug Fixes

knip.ts

@@ -0,0 +1,36 @@
+import { KnipConfig } from "knip";
+
+export default {
+    entry: [
+        "src/index.ts",
+        "src/types.ts",
+        "src/browser-index.ts",
+        "src/indexeddb-worker.ts",
+        "scripts/**",
+        "spec/**",
+        "release.sh",
+        // For now, we include all source files as entrypoints as we have been bad about gutwrenched imports
+        "src/**",
+    ],
+    project: ["**/*.{js,ts}"],
+    ignore: ["examples/**"],
+    ignoreDependencies: [
+        // Required for `action-validator`
+        "@action-validator/*",
+        // Used for git pre-commit hooks
+        "husky",
+        // Used in script which only runs in environment with `@octokit/rest` installed
+        "@octokit/rest",
+        // Used by jest
+        "jest-environment-jsdom",
+        "babel-jest",
+        "ts-node",
+        // Used by `@babel/plugin-transform-runtime`
+        "@babel/runtime",
+    ],
+    ignoreBinaries: [
+        // Used when available by reusable workflow `.github/workflows/release-make.yml`
+        "dist",
+    ],
+    ignoreExportsUsedInFile: true,
+} satisfies KnipConfig;

package.json

@@ -1,6 +1,6 @@
 {
     "name": "matrix-js-sdk",
-    "version": "31.6.1",
+    "version": "32.0.0",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
         "node": ">=18.0.0"
@@ -19,6 +19,7 @@
         "lint:js-fix": "prettier --log-level=warn --write . && eslint --fix src spec",
         "lint:types": "tsc --noEmit",
         "lint:workflows": "find .github/workflows -type f \\( -iname '*.yaml' -o -iname '*.yml' \\) | xargs -I {} sh -c 'echo \"Linting {}\"; action-validator \"{}\"'",
+        "lint:knip": "knip",
         "test": "jest",
         "test:watch": "jest --watch",
         "coverage": "yarn test --coverage"
@@ -80,10 +81,8 @@
         "@babel/plugin-transform-runtime": "^7.12.10",
         "@babel/preset-env": "^7.12.11",
         "@babel/preset-typescript": "^7.12.7",
-        "@babel/register": "^7.12.10",
         "@casualbot/jest-sonar-reporter": "2.2.7",
         "@matrix-org/olm": "3.2.15",
-        "@peculiar/webcrypto": "^1.4.5",
         "@types/bs58": "^4.0.1",
         "@types/content-type": "^1.1.5",
         "@types/debug": "^4.1.7",
@@ -117,15 +116,17 @@
         "jest-mock": "^29.0.0",
         "lint-staged": "^15.0.2",
         "matrix-mock-request": "^2.5.0",
-        "node-fetch": "^2.7.0",
         "prettier": "3.2.5",
         "rimraf": "^5.0.0",
-        "ts-node": "^10.9.1",
+        "ts-node": "^10.9.2",
         "typedoc": "^0.25.10",
         "typedoc-plugin-coverage": "^3.0.0",
         "typedoc-plugin-mdn-links": "^3.0.3",
         "typedoc-plugin-missing-exports": "^2.0.0",
-        "typescript": "^5.3.3"
+        "typescript": "^5.3.3",
+        "node-fetch": "^2.7.0",
+        "knip": "^4.0.1",
+        "@peculiar/webcrypto": "^1.4.5"
     },
     "@casualbot/jest-sonar-reporter": {
         "outputDirectory": "coverage",

spec/test-utils/oidc.ts

@@ -44,6 +44,7 @@ export const mockOpenIdConfiguration = (issuer = "https://auth.org/"): Validated
     token_endpoint: issuer + "token",
     authorization_endpoint: issuer + "auth",
     registration_endpoint: issuer + "registration",
+    device_authorization_endpoint: issuer + "device",
     jwks_uri: issuer + "jwks",
     response_types_supported: ["code"],
     grant_types_supported: ["authorization_code", "refresh_token"],

spec/unit/oidc/register.spec.ts

@@ -90,4 +90,31 @@ describe("registerOidcClient()", () => {
             OidcError.DynamicRegistrationInvalid,
         );
     });
+
+    it("should throw when required endpoints are unavailable", async () => {
+        await expect(() =>
+            registerOidcClient(
+                {
+                    ...delegatedAuthConfig,
+                    registrationEndpoint: undefined,
+                },
+                metadata,
+            ),
+        ).rejects.toThrow(OidcError.DynamicRegistrationNotSupported);
+    });
+
+    it("should throw when required scopes are unavailable", async () => {
+        await expect(() =>
+            registerOidcClient(
+                {
+                    ...delegatedAuthConfig,
+                    metadata: {
+                        ...delegatedAuthConfig.metadata,
+                        grant_types_supported: [delegatedAuthConfig.metadata.grant_types_supported[0]],
+                    },
+                },
+                metadata,
+            ),
+        ).rejects.toThrow(OidcError.DynamicRegistrationNotSupported);
+    });
 });

src/@types/oidc-client-ts.d.ts

@@ -0,0 +1,24 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import "oidc-client-ts";
+
+declare module "oidc-client-ts" {
+    interface OidcMetadata {
+        // Add the missing device_authorization_endpoint field to the OidcMetadata interface
+        device_authorization_endpoint?: string;
+    }
+}

src/crypto/backup.ts

@@ -871,6 +871,9 @@ export const algorithmsByName: Record<string, BackupAlgorithmClass> = {
     [Aes256.algorithmName]: Aes256,
 };
 
+// the linter doesn't like this but knip does
+// eslint-disable-next-line tsdoc/syntax
+/** @alias */
 export const DefaultAlgorithm: BackupAlgorithmClass = Curve25519;
 
 /**

src/oidc/register.ts

@@ -50,23 +50,31 @@ interface OidcRegistrationRequestBody {
 }
 
 /**
- * Make the client registration request
- * @param registrationEndpoint - URL as returned from issuer ./well-known/openid-configuration
- * @param clientMetadata - registration metadata
- * @returns resolves to the registered client id when registration is successful
- * @throws An `Error` with `message` set to an entry in {@link OidcError},
- *      when the registration request fails, or the response is invalid.
+ * Attempts dynamic registration against the configured registration endpoint
+ * @param delegatedAuthConfig - Auth config from {@link discoverAndValidateOIDCIssuerWellKnown}
+ * @param clientMetadata - The metadata for the client which to register
+ * @returns Promise<string> resolved with registered clientId
+ * @throws when registration is not supported, on failed request or invalid response
  */
-const doRegistration = async (
-    registrationEndpoint: string,
+export const registerOidcClient = async (
+    delegatedAuthConfig: OidcClientConfig,
     clientMetadata: OidcRegistrationClientMetadata,
 ): Promise<string> => {
+    if (!delegatedAuthConfig.registrationEndpoint) {
+        throw new Error(OidcError.DynamicRegistrationNotSupported);
+    }
+
+    const grantTypes: NonEmptyArray<string> = ["authorization_code", "refresh_token"];
+    if (grantTypes.some((scope) => !delegatedAuthConfig.metadata.grant_types_supported.includes(scope))) {
+        throw new Error(OidcError.DynamicRegistrationNotSupported);
+    }
+
     // https://openid.net/specs/openid-connect-registration-1_0.html
     const metadata: OidcRegistrationRequestBody = {
         client_name: clientMetadata.clientName,
         client_uri: clientMetadata.clientUri,
         response_types: ["code"],
-        grant_types: ["authorization_code", "refresh_token"],
+        grant_types: grantTypes,
         redirect_uris: clientMetadata.redirectUris,
         id_token_signed_response_alg: "RS256",
         token_endpoint_auth_method: "none",
@@ -82,7 +90,7 @@ const doRegistration = async (
     };
 
     try {
-        const response = await fetch(registrationEndpoint, {
+        const response = await fetch(delegatedAuthConfig.registrationEndpoint, {
             method: Method.Post,
             headers,
             body: JSON.stringify(metadata),
@@ -108,20 +116,3 @@ const doRegistration = async (
         }
     }
 };
-
-/**
- * Attempts dynamic registration against the configured registration endpoint
- * @param delegatedAuthConfig - Auth config from {@link discoverAndValidateOIDCIssuerWellKnown}
- * @param clientMetadata - The metadata for the client which to register
- * @returns Promise<string> resolved with registered clientId
- * @throws when registration is not supported, on failed request or invalid response
- */
-export const registerOidcClient = async (
-    delegatedAuthConfig: OidcClientConfig,
-    clientMetadata: OidcRegistrationClientMetadata,
-): Promise<string> => {
-    if (!delegatedAuthConfig.registrationEndpoint) {
-        throw new Error(OidcError.DynamicRegistrationNotSupported);
-    }
-    return doRegistration(delegatedAuthConfig.registrationEndpoint, clientMetadata);
-};

src/oidc/validate.ts

@@ -83,6 +83,7 @@ export const validateOIDCIssuerWellKnown = (wellKnown: unknown): ValidatedIssuer
         requiredStringProperty(wellKnown, "revocation_endpoint"),
         optionalStringProperty(wellKnown, "registration_endpoint"),
         optionalStringProperty(wellKnown, "account_management_uri"),
+        optionalStringProperty(wellKnown, "device_authorization_endpoint"),
         optionalStringArrayProperty(wellKnown, "account_management_actions_supported"),
         requiredArrayValue(wellKnown, "response_types_supported", "code"),
         requiredArrayValue(wellKnown, "grant_types_supported", "authorization_code"),
@@ -118,6 +119,7 @@ export type ValidatedIssuerMetadata = Partial<OidcMetadata> &
         | "response_types_supported"
         | "grant_types_supported"
         | "code_challenge_methods_supported"
+        | "device_authorization_endpoint"
     > & {
         // MSC2965 extensions to the OIDC spec
         account_management_uri?: string;
@@ -176,7 +178,12 @@ const decodeIdToken = (token: string): IdTokenClaims => {
  * @param nonce - nonce used in the authentication request
  * @throws when id token is invalid
  */
-export const validateIdToken = (idToken: string | undefined, issuer: string, clientId: string, nonce: string): void => {
+export const validateIdToken = (
+    idToken: string | undefined,
+    issuer: string,
+    clientId: string,
+    nonce: string | undefined,
+): void => {
     try {
         if (!idToken) {
             throw new Error("No ID token");
@@ -201,7 +208,7 @@ export const validateIdToken = (idToken: string | undefined, issuer: string, cli
          * If a nonce value was sent in the Authentication Request, a nonce Claim MUST be present and its value checked
          * to verify that it is the same value as the one that was sent in the Authentication Request.
          */
-        if (claims.nonce !== nonce) {
+        if (nonce !== undefined && claims.nonce !== nonce) {
             throw new Error("Invalid nonce");
         }
 

src/rust-crypto/libolm_migration.ts

@@ -25,6 +25,8 @@ import { requestKeyBackupVersion } from "./backup";
 import { IRoomEncryption } from "../crypto/RoomList";
 import { CrossSigningKeyInfo } from "../crypto-api";
 import { RustCrypto } from "./rust-crypto";
+import { KeyBackupInfo } from "../crypto-api/keybackup";
+import { sleep } from "../utils";
 
 /**
  * Determine if any data needs migrating from the legacy store, and do so.
@@ -105,7 +107,7 @@ export async function migrateFromLegacyCrypto(args: {
 
     if (migrationState === MigrationState.NOT_STARTED) {
         logger.info("Migrating data from legacy crypto store. Step 1: base data");
-        await migrateBaseData(args.http, args.userId, args.deviceId, legacyStore, pickleKey, args.storeHandle);
+        await migrateBaseData(args.http, args.userId, args.deviceId, legacyStore, pickleKey, args.storeHandle, logger);
 
         migrationState = MigrationState.INITIAL_DATA_MIGRATED;
         await legacyStore.setMigrationState(migrationState);
@@ -144,6 +146,7 @@ async function migrateBaseData(
     legacyStore: CryptoStore,
     pickleKey: Uint8Array,
     storeHandle: RustSdkCryptoJs.StoreHandle,
+    logger: Logger,
 ): Promise<void> {
     const migrationData = new RustSdkCryptoJs.BaseMigrationData();
     migrationData.userId = new RustSdkCryptoJs.UserId(userId);
@@ -160,7 +163,18 @@ async function migrateBaseData(
     // If we have a backup recovery key, we need to try to figure out which backup version it is for.
     // All we can really do is ask the server for the most recent version.
     if (recoveryKey) {
-        const backupInfo = await requestKeyBackupVersion(http);
+        let backupCallDone = false;
+        let backupInfo: KeyBackupInfo | null = null;
+        while (!backupCallDone) {
+            try {
+                backupInfo = await requestKeyBackupVersion(http);
+                backupCallDone = true;
+            } catch (e) {
+                logger.info("Failed to get backup version during migration, retrying in 2 seconds", e);
+                // Retry until successful, use simple constant delay
+                await sleep(2000);
+            }
+        }
         if (backupInfo) {
             migrationData.backupVersion = backupInfo.version;
             migrationData.backupRecoveryKey = recoveryKey;