Merge remote-tracking branch 'upstream/main' into conduwuit-changes

crates/ruma-client-api/CHANGELOG.md

@@ -26,6 +26,8 @@ Improvements:
 - Add optional cookie field to `session::sso_login*::v3` responses.
 - Add support for local user erasure to `account::deactivate::v3::Request`,
   according to MSC4025.
+- Allow `discovery::get_supported_versions::v1` to optionally accept
+  authentication, according to MSC4026.
 
 # 0.17.4
 

crates/ruma-client-api/src/discovery/get_supported_versions.rs

@@ -14,7 +14,7 @@ use ruma_common::{
 const METADATA: Metadata = metadata! {
     method: GET,
     rate_limited: false,
-    authentication: None,
+    authentication: AccessTokenOptional,
     history: {
         1.0 => "/_matrix/client/versions",
     }
@@ -32,6 +32,9 @@ pub struct Response {
     pub versions: Vec<String>,
 
     /// Experimental features supported by the server.
+    ///
+    /// Servers can enable some unstable features only for some users, so this
+    /// list might differ when an access token is provided.
     #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
     pub unstable_features: BTreeMap<String, bool>,
 }

crates/ruma-common/CHANGELOG.md

@@ -9,6 +9,7 @@ Breaking changes:
   If the field is missing, push rules that depend on it will never match. However, this allows to
   match the `.m.rule.invite_for_me` push rule because usually the `invite_state` doesn't include
   `m.room.power_levels`.
+- Add support for endpoints that take an optional authentication
 
 Improvements:
 

crates/ruma-common/src/api.rs

@@ -484,6 +484,12 @@ pub enum AuthScheme {
     /// It is recommended to use the header over the query parameter.
     AccessToken,
 
+    /// Authentication is optional, and it is performed by including an access token in the
+    /// `Authentication` http header, or an `access_token` query parameter.
+    ///
+    /// It is recommended to use the header over the query parameter.
+    AccessTokenOptional,
+
     /// Authentication is performed by including X-Matrix signatures in the request headers,
     /// as defined in the federation API.
     ServerSignatures,

crates/ruma-common/src/api/metadata.rs

@@ -74,6 +74,11 @@ impl Metadata {
                 Some((header::AUTHORIZATION, format!("Bearer {token}").try_into()?))
             }
 
+            AuthScheme::AccessTokenOptional => match access_token.get_required_for_endpoint() {
+                Some(token) => Some((header::AUTHORIZATION, format!("Bearer {token}").try_into()?)),
+                None => None,
+            },
+
             AuthScheme::ServerSignatures => None,
         })
     }

crates/ruma-identifiers-validation/CHANGELOG.md

@@ -1,5 +1,13 @@
 # [unreleased]
 
+Bug fixes:
+
+- Allow underscores (`_`) when validating MXC URIs.
+  - They have always been allowed in [the spec][mxc validation spec]
+    in order to support URL-safe base64-encoded media IDs.
+
+[mxc validation spec]: https://spec.matrix.org/v1.9/client-server-api/#security-considerations-5
+
 Improvements:
 
 - Point links to the Matrix 1.9 specification

crates/ruma-identifiers-validation/src/mxc_uri.rs

@@ -18,8 +18,9 @@ pub fn validate(uri: &str) -> Result<NonZeroU8, MxcUriError> {
     let server_name = &uri[..index];
     let media_id = &uri[index + 1..];
     // See: https://spec.matrix.org/v1.9/client-server-api/#security-considerations-5
-    let media_id_is_valid =
-        media_id.bytes().all(|b| matches!(b, b'0'..=b'9' | b'a'..=b'z' | b'A'..=b'Z' | b'-' ));
+    let media_id_is_valid = media_id
+        .bytes()
+        .all(|b| matches!(b, b'0'..=b'9' | b'a'..=b'z' | b'A'..=b'Z' | b'-' | b'_' ));
 
     if !media_id_is_valid {
         Err(MxcUriError::MediaIdMalformed)