From b4687f2ed24ae4f397e039776118c6efee306fa9 Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed, 9 Feb 2022 11:24:49 +0000
Subject: [PATCH 1/4] Fix storage bug in PSQL events table

---
 roomserver/storage/postgres/events_table.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roomserver/storage/postgres/events_table.go b/roomserver/storage/postgres/events_table.go
index ece1d9e3c..c136f039a 100644
--- a/roomserver/storage/postgres/events_table.go
+++ b/roomserver/storage/postgres/events_table.go
@@ -74,7 +74,7 @@ const insertEventSQL = "" +
 	"INSERT INTO roomserver_events AS e (room_nid, event_type_nid, event_state_key_nid, event_id, reference_sha256, auth_event_nids, depth, is_rejected)" +
 	" VALUES ($1, $2, $3, $4, $5, $6, $7, $8)" +
 	" ON CONFLICT ON CONSTRAINT roomserver_event_id_unique DO UPDATE" +
-	" SET is_rejected = $8 WHERE e.is_rejected = FALSE" +
+	" SET is_rejected = $8 WHERE e.event_id = $4 AND e.is_rejected = FALSE" +
 	" RETURNING event_nid, state_snapshot_nid"
 
 const selectEventSQL = "" +
@@ -192,7 +192,8 @@ func (s *eventStatements) InsertEvent(
 ) (types.EventNID, types.StateSnapshotNID, error) {
 	var eventNID int64
 	var stateNID int64
-	err := s.insertEventStmt.QueryRowContext(
+	stmt := sqlutil.TxStmt(txn, s.insertEventStmt)
+	err := stmt.QueryRowContext(
 		ctx, int64(roomNID), int64(eventTypeNID), int64(eventStateKeyNID),
 		eventID, referenceSHA256, eventNIDsAsArray(authEventNIDs), depth,
 		isRejected,

From cf447dd52a0015c2c5b10813ed11e59a3712607e Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed, 9 Feb 2022 11:41:21 +0000
Subject: [PATCH 2/4] Revert "Fix storage bug in PSQL events table"

This reverts commit b4687f2ed24ae4f397e039776118c6efee306fa9.
---
 roomserver/storage/postgres/events_table.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/roomserver/storage/postgres/events_table.go b/roomserver/storage/postgres/events_table.go
index c136f039a..ece1d9e3c 100644
--- a/roomserver/storage/postgres/events_table.go
+++ b/roomserver/storage/postgres/events_table.go
@@ -74,7 +74,7 @@ const insertEventSQL = "" +
 	"INSERT INTO roomserver_events AS e (room_nid, event_type_nid, event_state_key_nid, event_id, reference_sha256, auth_event_nids, depth, is_rejected)" +
 	" VALUES ($1, $2, $3, $4, $5, $6, $7, $8)" +
 	" ON CONFLICT ON CONSTRAINT roomserver_event_id_unique DO UPDATE" +
-	" SET is_rejected = $8 WHERE e.event_id = $4 AND e.is_rejected = FALSE" +
+	" SET is_rejected = $8 WHERE e.is_rejected = FALSE" +
 	" RETURNING event_nid, state_snapshot_nid"
 
 const selectEventSQL = "" +
@@ -192,8 +192,7 @@ func (s *eventStatements) InsertEvent(
 ) (types.EventNID, types.StateSnapshotNID, error) {
 	var eventNID int64
 	var stateNID int64
-	stmt := sqlutil.TxStmt(txn, s.insertEventStmt)
-	err := stmt.QueryRowContext(
+	err := s.insertEventStmt.QueryRowContext(
 		ctx, int64(roomNID), int64(eventTypeNID), int64(eventStateKeyNID),
 		eventID, referenceSHA256, eventNIDsAsArray(authEventNIDs), depth,
 		isRejected,

From ac25065a54149117761e7a1b471a9b742f920ebc Mon Sep 17 00:00:00 2001
From: S7evinK <2353100+S7evinK@users.noreply.github.com>
Date: Wed, 9 Feb 2022 13:11:43 +0100
Subject: [PATCH 3/4] Fix sytest `uploading signed devices gets propagated over
 federation` (#2162)

* Remove unneeded logging

* Add MasterKey & SelfSigningKey to update
Avoid panic if signatures are not present

* Add passing test

* Revert "Add MasterKey & SelfSigningKey to update"

This reverts commit 2c81b34884be8b5b875a33420c0f985b578d3fb8.

* Send MasterKey & SelfSigningKey with update

* Debugging

* Remove delete() so we also query signingkeys
---
 federationapi/consumers/roomserver.go | 6 +-----
 keyserver/internal/cross_signing.go   | 6 +++++-
 keyserver/internal/internal.go        | 7 ++++++-
 sytest-whitelist                      | 1 +
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/federationapi/consumers/roomserver.go b/federationapi/consumers/roomserver.go
index 60066bb2f..ac29f930b 100644
--- a/federationapi/consumers/roomserver.go
+++ b/federationapi/consumers/roomserver.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+
 	"github.com/matrix-org/dendrite/federationapi/queue"
 	"github.com/matrix-org/dendrite/federationapi/storage"
 	"github.com/matrix-org/dendrite/federationapi/types"
@@ -113,11 +114,6 @@ func (s *OutputRoomEventConsumer) onMessage(ctx context.Context, msg *nats.Msg)
 			}
 		}
 
-	case api.OutputTypeNewInviteEvent:
-		log.WithField("type", output.Type).Debug(
-			"received new invite, send device keys",
-		)
-
 	case api.OutputTypeNewInboundPeek:
 		if err := s.processInboundPeek(*output.NewInboundPeek); err != nil {
 			log.WithFields(log.Fields{
diff --git a/keyserver/internal/cross_signing.go b/keyserver/internal/cross_signing.go
index 527990cf9..bfb2037f8 100644
--- a/keyserver/internal/cross_signing.go
+++ b/keyserver/internal/cross_signing.go
@@ -308,8 +308,12 @@ func (a *KeyInternalAPI) PerformUploadDeviceSignatures(ctx context.Context, req
 
 	// Finally, generate a notification that we updated the signatures.
 	for userID := range req.Signatures {
+		masterKey := queryRes.MasterKeys[userID]
+		selfSigningKey := queryRes.SelfSigningKeys[userID]
 		update := eduserverAPI.CrossSigningKeyUpdate{
-			UserID: userID,
+			UserID:         userID,
+			MasterKey:      &masterKey,
+			SelfSigningKey: &selfSigningKey,
 		}
 		if err := a.Producer.ProduceSigningKeyUpdate(update); err != nil {
 			res.Error = &api.KeyError{
diff --git a/keyserver/internal/internal.go b/keyserver/internal/internal.go
index 259249217..2536c1f76 100644
--- a/keyserver/internal/internal.go
+++ b/keyserver/internal/internal.go
@@ -326,8 +326,14 @@ func (a *KeyInternalAPI) QueryKeys(ctx context.Context, req *api.QueryKeysReques
 			if err = json.Unmarshal(key, &deviceKey); err != nil {
 				continue
 			}
+			if deviceKey.Signatures == nil {
+				deviceKey.Signatures = map[string]map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
+			}
 			for sourceUserID, forSourceUser := range sigMap {
 				for sourceKeyID, sourceSig := range forSourceUser {
+					if _, ok := deviceKey.Signatures[sourceUserID]; !ok {
+						deviceKey.Signatures[sourceUserID] = map[gomatrixserverlib.KeyID]gomatrixserverlib.Base64Bytes{}
+					}
 					deviceKey.Signatures[sourceUserID][sourceKeyID] = sourceSig
 				}
 			}
@@ -447,7 +453,6 @@ func (a *KeyInternalAPI) queryRemoteKeysOnServer(
 	for userID, deviceIDs := range devKeys {
 		if len(deviceIDs) == 0 {
 			userIDsForAllDevices[userID] = struct{}{}
-			delete(devKeys, userID)
 		}
 	}
 	// for cross-signing keys, it's probably easier just to hit /keys/query if we aren't already doing
diff --git a/sytest-whitelist b/sytest-whitelist
index c6ce1daad..04b1bbf36 100644
--- a/sytest-whitelist
+++ b/sytest-whitelist
@@ -591,3 +591,4 @@ Can receive redactions from regular users over federation in room version 9
 Forward extremities remain so even after the next events are populated as outliers
 If a device list update goes missing, the server resyncs on the next one
 uploading self-signing key notifies over federation
+uploading signed devices gets propagated over federation

From cc688a9a386f48e38687a697b50f9be7d2b06fb0 Mon Sep 17 00:00:00 2001
From: S7evinK <2353100+S7evinK@users.noreply.github.com>
Date: Wed, 9 Feb 2022 15:46:52 +0100
Subject: [PATCH 4/4] Avoid unnecessary logs and marshaling (#2167)

Co-authored-by: kegsay <kegan@matrix.org>
---
 federationapi/consumers/eduserver.go |  2 +-
 federationapi/consumers/keychange.go | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/federationapi/consumers/eduserver.go b/federationapi/consumers/eduserver.go
index 22fedbeb4..1f81fa258 100644
--- a/federationapi/consumers/eduserver.go
+++ b/federationapi/consumers/eduserver.go
@@ -134,7 +134,7 @@ func (t *OutputEDUConsumer) onSendToDeviceEvent(ctx context.Context, msg *nats.M
 		return true
 	}
 
-	log.Infof("Sending send-to-device message into %q destination queue", destServerName)
+	log.Debugf("Sending send-to-device message into %q destination queue", destServerName)
 	if err := t.queues.SendEDU(edu, t.ServerName, []gomatrixserverlib.ServerName{destServerName}); err != nil {
 		log.WithError(err).Error("failed to send EDU")
 		return false
diff --git a/federationapi/consumers/keychange.go b/federationapi/consumers/keychange.go
index 1ec9f4c18..22dbc32da 100644
--- a/federationapi/consumers/keychange.go
+++ b/federationapi/consumers/keychange.go
@@ -127,6 +127,9 @@ func (t *KeyChangeConsumer) onDeviceKeyMessage(m api.DeviceMessage) bool {
 		return true
 	}
 
+	if len(destinations) == 0 {
+		return true
+	}
 	// Pack the EDU and marshal it
 	edu := &gomatrixserverlib.EDU{
 		Type:   gomatrixserverlib.MDeviceListUpdate,
@@ -146,7 +149,7 @@ func (t *KeyChangeConsumer) onDeviceKeyMessage(m api.DeviceMessage) bool {
 		return true
 	}
 
-	logger.Infof("Sending device list update message to %q", destinations)
+	logger.Debugf("Sending device list update message to %q", destinations)
 	err = t.queues.SendEDU(edu, t.serverName, destinations)
 	return err == nil
 }
@@ -181,6 +184,10 @@ func (t *KeyChangeConsumer) onCrossSigningMessage(m api.DeviceMessage) bool {
 		return true
 	}
 
+	if len(destinations) == 0 {
+		return true
+	}
+
 	// Pack the EDU and marshal it
 	edu := &gomatrixserverlib.EDU{
 		Type:   eduserverAPI.MSigningKeyUpdate,
@@ -191,7 +198,7 @@ func (t *KeyChangeConsumer) onCrossSigningMessage(m api.DeviceMessage) bool {
 		return true
 	}
 
-	logger.Infof("Sending cross-signing update message to %q", destinations)
+	logger.Debugf("Sending cross-signing update message to %q", destinations)
 	err = t.queues.SendEDU(edu, t.serverName, destinations)
 	return err == nil
 }