Merge branch 'develop' into t3chguy/fewer-runners

.github/CODEOWNERS

@@ -10,11 +10,10 @@
 /test/components/views/dialogs/security/                                @element-hq/element-crypto-web-reviewers
 /src/stores/SetupEncryptionStore.ts                                     @element-hq/element-crypto-web-reviewers
 /test/stores/SetupEncryptionStore-test.ts                               @element-hq/element-crypto-web-reviewers
-/src/components/views/settings/tabs/user/EncryptionUserSettingsTab.tsx  @element-hq/element-crypto-web-reviewers
+/src/components/views/settings/tabs/user/EncryptionUserSettingsTab.tsx   @element-hq/element-crypto-web-reviewers
 /src/src/components/views/settings/encryption/                          @element-hq/element-crypto-web-reviewers
 /test/unit-tests/components/views/settings/encryption/                  @element-hq/element-crypto-web-reviewers
-/playwright/e2e/settings/encryption-user-tab/                           @element-hq/element-crypto-web-reviewers
-/src/components/views/dialogs/devtools/Crypto.tsx                       @element-hq/element-crypto-web-reviewers
+/playwright/e2e/settings/encryption-user-tab/                            @element-hq/element-crypto-web-reviewers
 
 # Ignore translations as those will be updated by GHA for Localazy download
 /src/i18n/strings

.github/workflows/build_develop.yml

@@ -26,12 +26,6 @@ jobs:
             R2_URL: ${{ vars.CF_R2_S3_API }}
             R2_PUBLIC_URL: "https://element-web-develop.element.io"
         steps:
-            # Workaround for https://www.cloudflarestatus.com/incidents/t5nrjmpxc1cj
-            - uses: unfor19/install-aws-cli-action@v1
-              with:
-                  version: 2.22.35
-                  verbose: false
-                  arch: amd64
             - uses: actions/checkout@v4
 
             - uses: actions/setup-node@v4

.github/workflows/end-to-end-tests.yaml

@@ -35,8 +35,8 @@ concurrency:
 env:
     # fetchdep.sh needs to know our PR number
     PR_NUMBER: ${{ github.event.pull_request.number }}
-    # Use 6 runners in the default case, but 4 when running on a schedule where we run all 5 projects (20 runners total)
-    NUM_RUNNERS: ${{ github.event_name == 'schedule' && 4 || 6 }}
+    # Use 4 runners in the default case, but 2 when running on a schedule where we run all 5 projects (10 runners total)
+    NUM_RUNNERS: ${{ github.event_name == 'schedule' && 2 || 4 }}
 
 permissions: {} # No permissions required
 
@@ -100,7 +100,7 @@ jobs:
         name: "Run Tests [${{ matrix.project }}] ${{ matrix.runner }}/${{ needs.build.outputs.num-runners }}"
         needs: build
         if: inputs.skip != true
-        runs-on: ubuntu-24.04-arm
+        runs-on: ubuntu-24.04
         permissions:
             actions: read
             issues: read
@@ -159,7 +159,7 @@ jobs:
               with:
                   path: |
                       ~/.cache/ms-playwright
-                  key: ${{ runner.os }}-${{ runner.arch	}}-playwright-${{ steps.playwright.outputs.version }}
+                  key: ${{ runner.os }}-playwright-${{ steps.playwright.outputs.version }}
 
             - name: Install Playwright browsers
               if: steps.playwright-cache.outputs.cache-hit != 'true'

package.json

@@ -91,7 +91,7 @@
         "@types/png-chunks-extract": "^1.0.2",
         "@types/react-virtualized": "^9.21.30",
         "@vector-im/compound-design-tokens": "^2.1.0",
-        "@vector-im/compound-web": "^7.6.1",
+        "@vector-im/compound-web": "^7.5.0",
         "@vector-im/matrix-wysiwyg": "2.38.0",
         "@zxcvbn-ts/core": "^3.0.4",
         "@zxcvbn-ts/language-common": "^3.0.4",
@@ -256,7 +256,7 @@
         "jsqr": "^1.4.0",
         "knip": "^5.36.2",
         "lint-staged": "^15.0.2",
-        "mailpit-api": "^1.0.5",
+        "mailhog": "^4.16.0",
         "matrix-web-i18n": "^3.2.1",
         "mini-css-extract-plugin": "2.9.2",
         "minimist": "^1.2.6",

playwright/e2e/crypto/backups-mas.spec.ts

@@ -19,19 +19,19 @@ test.use(masHomeserver);
 test.describe("Encryption state after registration", () => {
     test.skip(isDendrite, "does not yet support MAS");
 
-    test("Key backup is enabled by default", async ({ page, mailpitClient, app }, testInfo) => {
+    test("Key backup is enabled by default", async ({ page, mailhogClient, app }, testInfo) => {
         await page.goto("/#/login");
         await page.getByRole("button", { name: "Continue" }).click();
-        await registerAccountMas(page, mailpitClient, `alice_${testInfo.testId}`, "alice@email.com", "Pa$sW0rD!");
+        await registerAccountMas(page, mailhogClient, `alice_${testInfo.testId}`, "alice@email.com", "Pa$sW0rD!");
 
         await app.settings.openUserSettings("Security & Privacy");
         await expect(page.getByText("This session is backing up your keys.")).toBeVisible();
     });
 
-    test("user is prompted to set up recovery", async ({ page, mailpitClient, app }, testInfo) => {
+    test("user is prompted to set up recovery", async ({ page, mailhogClient, app }, testInfo) => {
         await page.goto("/#/login");
         await page.getByRole("button", { name: "Continue" }).click();
-        await registerAccountMas(page, mailpitClient, `alice_${testInfo.testId}`, "alice@email.com", "Pa$sW0rD!");
+        await registerAccountMas(page, mailhogClient, `alice_${testInfo.testId}`, "alice@email.com", "Pa$sW0rD!");
 
         await page.getByRole("button", { name: "Add room" }).click();
         await page.getByRole("menuitem", { name: "New room" }).click();
@@ -47,7 +47,7 @@ test.describe("Key backup reset from elsewhere", () => {
 
     test("Key backup is disabled when reset from elsewhere", async ({
         page,
-        mailpitClient,
+        mailhogClient,
         request,
         homeserver,
     }, testInfo) => {
@@ -60,7 +60,7 @@ test.describe("Key backup reset from elsewhere", () => {
 
         await page.goto("/#/login");
         await page.getByRole("button", { name: "Continue" }).click();
-        await registerAccountMas(page, mailpitClient, testUsername, "alice@email.com", testPassword);
+        await registerAccountMas(page, mailhogClient, testUsername, "alice@email.com", testPassword);
 
         await page.getByRole("button", { name: "Add room" }).click();
         await page.getByRole("menuitem", { name: "New room" }).click();

playwright/e2e/crypto/device-verification.spec.ts

@@ -68,8 +68,8 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => {
 
         // Check that the current device is connected to key backup
         // For now we don't check that the backup key is in cache because it's a bit flaky,
-        // as we need to wait for the secret gossiping to happen.
-        await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, false);
+        // as we need to wait for the secret gossiping to happen and the settings dialog doesn't refresh automatically.
+        await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, false);
     });
 
     test("Verify device with QR code during login", async ({ page, app, credentials, homeserver }) => {
@@ -112,7 +112,9 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => {
         await checkDeviceIsCrossSigned(app);
 
         // Check that the current device is connected to key backup
-        await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, true);
+        // For now we don't check that the backup key is in cache because it's a bit flaky,
+        // as we need to wait for the secret gossiping to happen and the settings dialog doesn't refresh automatically.
+        await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, false);
     });
 
     test("Verify device with Security Phrase during login", async ({ page, app, credentials, homeserver }) => {
@@ -133,7 +135,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => {
 
         // Check that the current device is connected to key backup
         // The backup decryption key should be in cache also, as we got it directly from the 4S
-        await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, true);
+        await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, true);
     });
 
     test("Verify device with Security Key during login", async ({ page, app, credentials, homeserver }) => {
@@ -156,7 +158,7 @@ test.describe("Device verification", { tag: "@no-webkit" }, () => {
 
         // Check that the current device is connected to key backup
         // The backup decryption key should be in cache also, as we got it directly from the 4S
-        await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, true);
+        await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, true);
     });
 
     test("Handle incoming verification request with SAS", async ({ page, credentials, homeserver, toasts }) => {

playwright/e2e/crypto/utils.ts

@@ -139,14 +139,14 @@ export async function checkDeviceIsCrossSigned(app: ElementAppPage): Promise<voi
  * Check that the current device is connected to the expected key backup.
  * Also checks that the decryption key is known and cached locally.
  *
- * @param app -` ElementAppPage` wrapper for the playwright `Page`.
+ * @param page - the page to check
  * @param expectedBackupVersion - the version of the backup we expect to be connected to.
- * @param checkBackupPrivateKeyInCache - whether to check that the backup decryption key is cached locally
+ * @param checkBackupKeyInCache - whether to check that the backup key is cached locally.
  */
 export async function checkDeviceIsConnectedKeyBackup(
-    app: ElementAppPage,
+    page: Page,
     expectedBackupVersion: string,
-    checkBackupPrivateKeyInCache: boolean,
+    checkBackupKeyInCache: boolean,
 ): Promise<void> {
     // Sanity check the given backup version: if it's null, something went wrong earlier in the test.
     if (!expectedBackupVersion) {
@@ -155,48 +155,23 @@ export async function checkDeviceIsConnectedKeyBackup(
         );
     }
 
-    const backupData = await app.client.evaluate(async (client: MatrixClient) => {
-        const crypto = client.getCrypto();
-        if (!crypto) return;
+    await page.getByRole("button", { name: "User menu" }).click();
+    await page.locator(".mx_UserMenu_contextMenu").getByRole("menuitem", { name: "Security & Privacy" }).click();
+    await expect(page.locator(".mx_Dialog").getByRole("button", { name: "Restore from Backup" })).toBeVisible();
 
-        const backupInfo = await crypto.getKeyBackupInfo();
-        const backupKeyIn4S = Boolean(await client.isKeyBackupKeyStored());
-        const backupPrivateKeyFromCache = await crypto.getSessionBackupPrivateKey();
-        const hasBackupPrivateKeyFromCache = Boolean(backupPrivateKeyFromCache);
-        const backupPrivateKeyWellFormed = backupPrivateKeyFromCache instanceof Uint8Array;
-        const activeBackupVersion = await crypto.getActiveSessionBackupVersion();
+    // expand the advanced section to see the active version in the reports
+    await page.locator(".mx_SecureBackupPanel_advanced").locator("..").click();
 
-        return {
-            backupInfo,
-            hasBackupPrivateKeyFromCache,
-            backupPrivateKeyWellFormed,
-            backupKeyIn4S,
-            activeBackupVersion,
-        };
-    });
-
-    if (!backupData) {
-        throw new Error("Crypto module is not available");
+    if (checkBackupKeyInCache) {
+        const cacheDecryptionKeyStatusElement = page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(2) td");
+        await expect(cacheDecryptionKeyStatusElement).toHaveText("cached locally, well formed");
     }
 
-    const { backupInfo, backupKeyIn4S, hasBackupPrivateKeyFromCache, backupPrivateKeyWellFormed, activeBackupVersion } =
-        backupData;
+    await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(5) td")).toHaveText(
+        expectedBackupVersion + " (Algorithm: m.megolm_backup.v1.curve25519-aes-sha2)",
+    );
 
-    // We have a key backup
-    expect(backupInfo).toBeDefined();
-    // The key backup version is as expected
-    expect(backupInfo.version).toBe(expectedBackupVersion);
-    // The active backup version is as expected
-    expect(activeBackupVersion).toBe(expectedBackupVersion);
-    // The backup key is stored in 4S
-    expect(backupKeyIn4S).toBe(true);
-
-    if (checkBackupPrivateKeyInCache) {
-        // The backup key is available locally
-        expect(hasBackupPrivateKeyFromCache).toBe(true);
-        // The backup key is well-formed
-        expect(backupPrivateKeyWellFormed).toBe(true);
-    }
+    await expect(page.locator(".mx_SecureBackupPanel_statusList tr:nth-child(6) td")).toHaveText(expectedBackupVersion);
 }
 
 /**
@@ -241,19 +216,18 @@ export async function logOutOfElement(page: Page, discardKeys: boolean = false)
 }
 
 /**
- * Open the encryption settings, and verify the current session using the security key.
+ * Open the security settings, and verify the current session using the security key.
  *
  * @param app - `ElementAppPage` wrapper for the playwright `Page`.
  * @param securityKey - The security key (i.e., 4S key), set up during a previous session.
  */
 export async function verifySession(app: ElementAppPage, securityKey: string) {
-    const settings = await app.settings.openUserSettings("Encryption");
-    await settings.getByRole("button", { name: "Verify this device" }).click();
+    const settings = await app.settings.openUserSettings("Security & Privacy");
+    await settings.getByRole("button", { name: "Verify this session" }).click();
     await app.page.getByRole("button", { name: "Verify with Security Key" }).click();
     await app.page.locator(".mx_Dialog").locator('input[type="password"]').fill(securityKey);
     await app.page.getByRole("button", { name: "Continue", disabled: false }).click();
     await app.page.getByRole("button", { name: "Done" }).click();
-    await app.settings.closeDialog();
 }
 
 /**

playwright/e2e/oidc/index.ts

@@ -6,14 +6,14 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com
 Please see LICENSE files in the repository root for full details.
 */
 
-import { MailpitClient } from "mailpit-api";
+import { API, Messages } from "mailhog";
 import { Page } from "@playwright/test";
 
 import { expect } from "../../element-web-test";
 
 export async function registerAccountMas(
     page: Page,
-    mailpit: MailpitClient,
+    mailhog: API,
     username: string,
     email: string,
     password: string,
@@ -27,13 +27,13 @@ export async function registerAccountMas(
     await page.getByRole("textbox", { name: "Confirm Password" }).fill(password);
     await page.getByRole("button", { name: "Continue" }).click();
 
-    let code: string;
+    let messages: Messages;
     await expect(async () => {
-        const messages = await mailpit.listMessages();
-        expect(messages.messages[0].To[0].Address).toEqual(email);
-        const text = await mailpit.renderMessageText(messages.messages[0].ID);
-        [, code] = text.match(/Your verification code to confirm this email address is: (\d{6})/);
+        messages = await mailhog.messages();
+        expect(messages.items).toHaveLength(1);
     }).toPass();
+    expect(messages.items[0].to).toEqual(`${username} <${email}>`);
+    const [, code] = messages.items[0].text.match(/Your verification code to confirm this email address is: (\d{6})/);
 
     await page.getByRole("textbox", { name: "6-digit code" }).fill(code);
     await page.getByRole("button", { name: "Continue" }).click();

playwright/e2e/oidc/oidc-native.spec.ts

@@ -19,7 +19,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
         context,
         page,
         homeserver,
-        mailpitClient,
+        mailhogClient,
         mas,
     }, testInfo) => {
         await page.clock.install();
@@ -33,7 +33,7 @@ test.describe("OIDC Native", { tag: ["@no-firefox", "@no-webkit"] }, () => {
         await page.getByRole("button", { name: "Continue" }).click();
 
         const userId = `alice_${testInfo.testId}`;
-        await registerAccountMas(page, mailpitClient, userId, "alice@email.com", "Pa$sW0rD!");
+        await registerAccountMas(page, mailhogClient, userId, "alice@email.com", "Pa$sW0rD!");
 
         // Eventually, we should end up at the home screen.
         await expect(page).toHaveURL(/\/#\/home$/, { timeout: 10000 });

playwright/e2e/register/email.spec.ts

@@ -34,7 +34,7 @@ test.describe("Email Registration", async () => {
     test(
         "registers an account and lands on the home page",
         { tag: "@screenshot" },
-        async ({ page, mailpitClient, request, checkA11y }) => {
+        async ({ page, mailhogClient, request, checkA11y }) => {
             await expect(page.getByRole("textbox", { name: "Username" })).toBeVisible();
             // Hide the server text as it contains the randomly allocated Homeserver port
             const screenshotOptions = { mask: [page.locator(".mx_ServerPicker_server")] };
@@ -51,11 +51,10 @@ test.describe("Email Registration", async () => {
 
             await expect(page.getByText("An error was encountered when sending the email")).not.toBeVisible();
 
-            const messages = await mailpitClient.listMessages();
-            expect(messages.messages).toHaveLength(1);
-            expect(messages.messages[0].To[0].Address).toEqual("alice@email.com");
-            const text = await mailpitClient.renderMessageText(messages.messages[0].ID);
-            const [emailLink] = text.match(/http.+/);
+            const messages = await mailhogClient.messages();
+            expect(messages.items).toHaveLength(1);
+            expect(messages.items[0].to).toEqual("alice@email.com");
+            const [emailLink] = messages.items[0].text.match(/http.+/);
             await request.get(emailLink); // "Click" the link in the email
 
             await expect(page.getByText("Welcome alice")).toBeVisible();

playwright/e2e/right-panel/memberlist.spec.ts

@@ -42,7 +42,7 @@ test.describe("Memberlist", () => {
         await app.viewRoomByName(ROOM_NAME);
         const memberlist = await app.toggleMemberlistPanel();
         await expect(memberlist.locator(".mx_MemberTileView")).toHaveCount(4);
-        await expect(memberlist.getByText("Invited")).toHaveCount(1);
+        await expect(memberlist.getByText("(Invited)")).toHaveCount(1);
         await expect(page.locator(".mx_MemberListView")).toMatchScreenshot("with-four-members.png");
     });
 });

playwright/e2e/settings/encryption-user-tab/advanced.spec.ts

@@ -1,73 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import { test, expect } from "./index";
-import { checkDeviceIsCrossSigned } from "../../crypto/utils";
-import { bootstrapCrossSigningForClient } from "../../../pages/client";
-
-test.describe("Advanced section in Encryption tab", () => {
-    test.beforeEach(async ({ page, app, homeserver, credentials, util }) => {
-        const clientHandle = await app.client.prepareClient();
-        // Reset cross signing in order to have a verified session
-        await bootstrapCrossSigningForClient(clientHandle, credentials, true);
-    });
-
-    test("should show the encryption details", { tag: "@screenshot" }, async ({ page, app, util }) => {
-        await util.openEncryptionTab();
-        const section = util.getEncryptionDetailsSection();
-
-        const deviceId = await page.evaluate(() => window.mxMatrixClientPeg.get().getDeviceId());
-        await expect(section.getByText(deviceId)).toBeVisible();
-
-        await expect(section).toMatchScreenshot("encryption-details.png", {
-            mask: [section.getByTestId("deviceId"), section.getByTestId("sessionKey")],
-        });
-    });
-
-    test("should show the import room keys dialog", async ({ page, app, util }) => {
-        await util.openEncryptionTab();
-        const section = util.getEncryptionDetailsSection();
-
-        await section.getByRole("button", { name: "Import keys" }).click();
-        await expect(page.getByRole("heading", { name: "Import room keys" })).toBeVisible();
-    });
-
-    test("should show the export room keys dialog", async ({ page, app, util }) => {
-        await util.openEncryptionTab();
-        const section = util.getEncryptionDetailsSection();
-
-        await section.getByRole("button", { name: "Export keys" }).click();
-        await expect(page.getByRole("heading", { name: "Export room keys" })).toBeVisible();
-    });
-
-    test(
-        "should reset the cryptographic identity",
-        { tag: "@screenshot" },
-        async ({ page, app, credentials, util }) => {
-            const tab = await util.openEncryptionTab();
-            const section = util.getEncryptionDetailsSection();
-
-            await section.getByRole("button", { name: "Reset cryptographic identity" }).click();
-            await expect(util.getEncryptionTabContent()).toMatchScreenshot("reset-cryptographic-identity.png");
-            await tab.getByRole("button", { name: "Continue" }).click();
-
-            // Fill password dialog and validate
-            const dialog = page.locator(".mx_InteractiveAuthDialog");
-            await dialog.getByRole("textbox", { name: "Password" }).fill(credentials.password);
-            await dialog.getByRole("button", { name: "Continue" }).click();
-
-            await expect(section.getByRole("button", { name: "Reset cryptographic identity" })).toBeVisible();
-
-            // After resetting the identity, the user should set up a new recovery key
-            await expect(
-                util.getEncryptionRecoverySection().getByRole("button", { name: "Set up recovery" }),
-            ).toBeVisible();
-
-            await checkDeviceIsCrossSigned(app);
-        },
-    );
-});

playwright/e2e/settings/encryption-user-tab/index.ts

@@ -18,8 +18,6 @@ export { expect };
 export const test = base.extend<{
     util: Helpers;
 }>({
-    displayName: "Alice",
-
     util: async ({ page, app, bot }, use) => {
         await use(new Helpers(page, app));
     },
@@ -69,20 +67,6 @@ class Helpers {
         return this.page.getByTestId("encryptionTab");
     }
 
-    /**
-     * Get the recovery section
-     */
-    getEncryptionRecoverySection() {
-        return this.page.getByTestId("recoveryPanel");
-    }
-
-    /**
-     * Get the encryption details section
-     */
-    getEncryptionDetailsSection() {
-        return this.page.getByTestId("encryptionDetails");
-    }
-
     /**
      * Set the default key id of the secret storage to `null`
      */
@@ -108,6 +92,6 @@ class Helpers {
         const clipboardContent = await this.app.getClipboard();
         await dialog.getByRole("textbox").fill(clipboardContent);
         await dialog.getByRole("button", { name: confirmButtonLabel }).click();
-        await expect(this.getEncryptionRecoverySection()).toMatchScreenshot("default-recovery.png");
+        await expect(dialog).toMatchScreenshot("default-recovery.png");
     }
 }

playwright/e2e/settings/encryption-user-tab/recovery.spec.ts

@@ -32,26 +32,23 @@ test.describe("Recovery section in Encryption tab", () => {
 
     test("should verify the device", { tag: "@screenshot" }, async ({ page, app, util }) => {
         const dialog = await util.openEncryptionTab();
-        const content = util.getEncryptionTabContent();
 
         // The user's device is in an unverified state, therefore the only option available to them here is to verify it
         const verifyButton = dialog.getByRole("button", { name: "Verify this device" });
         await expect(verifyButton).toBeVisible();
-        await expect(content).toMatchScreenshot("verify-device-encryption-tab.png");
+        await expect(util.getEncryptionTabContent()).toMatchScreenshot("verify-device-encryption-tab.png");
         await verifyButton.click();
 
         await util.verifyDevice(recoveryKey);
-
-        await expect(content).toMatchScreenshot("default-tab.png", {
-            mask: [content.getByTestId("deviceId"), content.getByTestId("sessionKey")],
-        });
+        await expect(util.getEncryptionTabContent()).toMatchScreenshot("default-recovery.png");
 
         // Check that our device is now cross-signed
         await checkDeviceIsCrossSigned(app);
 
         // Check that the current device is connected to key backup
         // The backup decryption key should be in cache also, as we got it directly from the 4S
-        await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, true);
+        await app.closeDialog();
+        await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, true);
     });
 
     test(
@@ -64,7 +61,7 @@ test.describe("Recovery section in Encryption tab", () => {
             // The user can only change the recovery key
             const changeButton = dialog.getByRole("button", { name: "Change recovery key" });
             await expect(changeButton).toBeVisible();
-            await expect(util.getEncryptionRecoverySection()).toMatchScreenshot("default-recovery.png");
+            await expect(util.getEncryptionTabContent()).toMatchScreenshot("default-recovery.png");
             await changeButton.click();
 
             // Display the new recovery key and click on the copy button
@@ -92,7 +89,7 @@ test.describe("Recovery section in Encryption tab", () => {
         const dialog = await util.openEncryptionTab();
         const setupButton = dialog.getByRole("button", { name: "Set up recovery" });
         await expect(setupButton).toBeVisible();
-        await expect(util.getEncryptionRecoverySection()).toMatchScreenshot("set-up-recovery.png");
+        await expect(util.getEncryptionTabContent()).toMatchScreenshot("set-up-recovery.png");
         await setupButton.click();
 
         // Display an informative panel about the recovery key
@@ -118,8 +115,9 @@ test.describe("Recovery section in Encryption tab", () => {
         // The recovery key is now set up and the user can change it
         await expect(dialog.getByRole("button", { name: "Change recovery key" })).toBeVisible();
 
+        await app.closeDialog();
         // Check that the current device is connected to key backup and the backup version is the expected one
-        await checkDeviceIsConnectedKeyBackup(app, "1", true);
+        await checkDeviceIsConnectedKeyBackup(page, "1", true);
     });
 
     // Test what happens if the cross-signing secrets are in secret storage but are not cached in the local DB.
@@ -139,19 +137,20 @@ test.describe("Recovery section in Encryption tab", () => {
             const dialog = util.getEncryptionTabContent();
             const enterKeyButton = dialog.getByRole("button", { name: "Enter recovery key" });
             await expect(enterKeyButton).toBeVisible();
-            await expect(util.getEncryptionRecoverySection()).toMatchScreenshot("out-of-sync-recovery.png");
+            await expect(dialog).toMatchScreenshot("out-of-sync-recovery.png");
             await enterKeyButton.click();
 
             // Fill the recovery key
             await util.enterRecoveryKey(recoveryKey);
-            await expect(util.getEncryptionRecoverySection()).toMatchScreenshot("default-recovery.png");
+            await expect(dialog).toMatchScreenshot("default-recovery.png");
 
             // Check that our device is now cross-signed
             await checkDeviceIsCrossSigned(app);
 
             // Check that the current device is connected to key backup
             // The backup decryption key should be in cache also, as we got it directly from the 4S
-            await checkDeviceIsConnectedKeyBackup(app, expectedBackupVersion, true);
+            await app.closeDialog();
+            await checkDeviceIsConnectedKeyBackup(page, expectedBackupVersion, true);
         },
     );
 });

playwright/plugins/homeserver/synapse/consentHomeserver.ts

@@ -10,7 +10,7 @@ import { Fixtures } from "../../../element-web-test.ts";
 
 export const consentHomeserver: Fixtures = {
     _homeserver: [
-        async ({ _homeserver: container, mailpit }, use) => {
+        async ({ _homeserver: container, mailhog }, use) => {
             container
                 .withCopyDirectoriesToContainer([
                     { source: "playwright/plugins/homeserver/synapse/res", target: "/data/res" },
@@ -18,7 +18,7 @@ export const consentHomeserver: Fixtures = {
                 .withConfig({
                     email: {
                         enable_notifs: false,
-                        smtp_host: "mailpit",
+                        smtp_host: "mailhog",
                         smtp_port: 1025,
                         smtp_user: "username",
                         smtp_pass: "password",

playwright/plugins/homeserver/synapse/emailHomeserver.ts

@@ -10,13 +10,13 @@ import { Fixtures } from "../../../element-web-test.ts";
 
 export const emailHomeserver: Fixtures = {
     _homeserver: [
-        async ({ _homeserver: container, mailpit }, use) => {
+        async ({ _homeserver: container, mailhog }, use) => {
             container.withConfig({
                 enable_registration_without_verification: undefined,
                 disable_msisdn_registration: undefined,
                 registrations_require_3pid: ["email"],
                 email: {
-                    smtp_host: "mailpit",
+                    smtp_host: "mailhog",
                     smtp_port: 1025,
                     notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>",
                     app_name: "my_branded_matrix_server",

playwright/plugins/homeserver/synapse/masHomeserver.ts

@@ -11,7 +11,7 @@ import { Fixtures } from "../../../element-web-test.ts";
 
 export const masHomeserver: Fixtures = {
     mas: [
-        async ({ _homeserver: homeserver, logger, network, postgres, mailpit }, use) => {
+        async ({ _homeserver: homeserver, logger, network, postgres, mailhog }, use) => {
             const config = {
                 clients: [
                     {

playwright/services.ts

@@ -6,7 +6,7 @@ Please see LICENSE files in the repository root for full details.
 */
 
 import { test as base } from "@playwright/test";
-import { MailpitClient } from "mailpit-api";
+import mailhog from "mailhog";
 import { Network, StartedNetwork } from "testcontainers";
 import { PostgreSqlContainer, StartedPostgreSqlContainer } from "@testcontainers/postgresql";
 
@@ -14,13 +14,13 @@ import { SynapseConfig, SynapseContainer } from "./testcontainers/synapse.ts";
 import { Logger } from "./logger.ts";
 import { StartedMatrixAuthenticationServiceContainer } from "./testcontainers/mas.ts";
 import { HomeserverContainer, StartedHomeserverContainer } from "./testcontainers/HomeserverContainer.ts";
-import { MailhogContainer, StartedMailhogContainer } from "./testcontainers/mailpit.ts";
+import { MailhogContainer, StartedMailhogContainer } from "./testcontainers/mailhog.ts";
 import { OAuthServer } from "./plugins/oauth_server";
 import { DendriteContainer, PineconeContainer } from "./testcontainers/dendrite.ts";
 import { HomeserverType } from "./plugins/homeserver";
 
 export interface TestFixtures {
-    mailpitClient: MailpitClient;
+    mailhogClient: mailhog.API;
 }
 
 export interface Services {
@@ -28,7 +28,7 @@ export interface Services {
 
     network: StartedNetwork;
     postgres: StartedPostgreSqlContainer;
-    mailpit: StartedMailhogContainer;
+    mailhog: StartedMailhogContainer;
 
     synapseConfig: SynapseConfig;
     _homeserver: HomeserverContainer<any>;
@@ -90,20 +90,20 @@ export const test = base.extend<TestFixtures, Services & Options>({
         { scope: "worker" },
     ],
 
-    mailpit: [
+    mailhog: [
         async ({ logger, network }, use) => {
             const container = await new MailhogContainer()
                 .withNetwork(network)
-                .withNetworkAliases("mailpit")
-                .withLogConsumer(logger.getConsumer("mailpit"))
+                .withNetworkAliases("mailhog")
+                .withLogConsumer(logger.getConsumer("mailhog"))
                 .start();
             await use(container);
             await container.stop();
         },
         { scope: "worker" },
     ],
-    mailpitClient: async ({ mailpit: container }, use) => {
-        await container.client.deleteMessages();
+    mailhogClient: async ({ mailhog: container }, use) => {
+        await container.client.deleteAll();
         await use(container.client);
     },
 

playwright/testcontainers/mailhog.ts

@@ -6,16 +6,13 @@ Please see LICENSE files in the repository root for full details.
 */
 
 import { AbstractStartedContainer, GenericContainer, StartedTestContainer, Wait } from "testcontainers";
-import { MailpitClient } from "mailpit-api";
+import mailhog from "mailhog";
 
 export class MailhogContainer extends GenericContainer {
     constructor() {
-        super("axllent/mailpit:latest");
+        super("mailhog/mailhog:latest");
 
-        this.withExposedPorts(8025).withWaitStrategy(Wait.forListeningPorts()).withEnvironment({
-            MP_SMTP_AUTH_ALLOW_INSECURE: "true",
-            MP_SMTP_AUTH_ACCEPT_ANY: "true",
-        });
+        this.withExposedPorts(8025).withWaitStrategy(Wait.forListeningPorts());
     }
 
     public override async start(): Promise<StartedMailhogContainer> {
@@ -24,10 +21,10 @@ export class MailhogContainer extends GenericContainer {
 }
 
 export class StartedMailhogContainer extends AbstractStartedContainer {
-    public readonly client: MailpitClient;
+    public readonly client: mailhog.API;
 
     constructor(container: StartedTestContainer) {
         super(container);
-        this.client = new MailpitClient(`http://${container.getHost()}:${container.getMappedPort(8025)}`);
+        this.client = mailhog({ host: container.getHost(), port: container.getMappedPort(8025) });
     }
 }

playwright/testcontainers/mas.ts

@@ -92,7 +92,7 @@ const DEFAULT_CONFIG = {
         reply_to: '"Authentication Service" <root@localhost>',
         transport: "smtp",
         mode: "plain",
-        hostname: "mailpit",
+        hostname: "mailhog",
         port: 1025,
         username: "username",
         password: "password",

playwright/testcontainers/synapse.ts

@@ -19,7 +19,7 @@ import { HomeserverContainer, StartedHomeserverContainer } from "./HomeserverCon
 import { StartedMatrixAuthenticationServiceContainer } from "./mas.ts";
 import { Api, ClientServerApi, Verb } from "../plugins/utils/api.ts";
 
-const TAG = "develop@sha256:2f4dbd0b748e9178ea761f5586d0a1ade88f283a0481ba5dd2c42bc19d45b2a4";
+const TAG = "develop@sha256:3594fba0d21ad44f407225baed4be0542da8abcb6e1a7e2e16d3be35c278a7cb";
 
 const DEFAULT_CONFIG = {
     server_name: "localhost",

res/css/_components.pcss

@@ -134,7 +134,6 @@
 @import "./views/dialogs/_ConfirmUserActionDialog.pcss";
 @import "./views/dialogs/_CreateRoomDialog.pcss";
 @import "./views/dialogs/_CreateSubspaceDialog.pcss";
-@import "./views/dialogs/_Crypto.pcss";
 @import "./views/dialogs/_DeactivateAccountDialog.pcss";
 @import "./views/dialogs/_DevtoolsDialog.pcss";
 @import "./views/dialogs/_ExportDialog.pcss";
@@ -355,10 +354,8 @@
 @import "./views/settings/_ThemeChoicePanel.pcss";
 @import "./views/settings/_UpdateCheckButton.pcss";
 @import "./views/settings/_UserProfileSettings.pcss";
-@import "./views/settings/encryption/_AdvancedPanel.pcss";
 @import "./views/settings/encryption/_ChangeRecoveryKey.pcss";
 @import "./views/settings/encryption/_EncryptionCard.pcss";
-@import "./views/settings/encryption/_ResetIdentityPanel.pcss";
 @import "./views/settings/tabs/_SettingsBanner.pcss";
 @import "./views/settings/tabs/_SettingsIndent.pcss";
 @import "./views/settings/tabs/_SettingsSection.pcss";

res/css/structures/_UserMenu.pcss

@@ -37,6 +37,27 @@ Please see LICENSE files in the repository root for full details.
         line-height: $font-24px;
         margin-left: 10px;
     }
+
+    .mx_UserMenu_dndBadge {
+        position: absolute;
+        bottom: -2px;
+        right: -7px;
+        width: 16px;
+        height: 16px;
+        border-radius: 50%;
+
+        &::before {
+            content: "";
+            width: 16px;
+            height: 16px;
+            position: absolute;
+            mask-position: center;
+            mask-size: contain;
+            mask-repeat: no-repeat;
+            background-color: $alert;
+            mask-image: url("$(res)/img/element-icons/roomlist/dnd.svg");
+        }
+    }
 }
 
 .mx_IconizedContextMenu {
@@ -137,6 +158,14 @@ Please see LICENSE files in the repository root for full details.
         mask-image: url("@vector-im/compound-design-tokens/icons/home-solid.svg");
     }
 
+    .mx_UserMenu_iconDnd::before {
+        mask-image: url("$(res)/img/element-icons/roomlist/dnd.svg");
+    }
+
+    .mx_UserMenu_iconDndOff::before {
+        mask-image: url("$(res)/img/element-icons/roomlist/dnd-cross.svg");
+    }
+
     .mx_UserMenu_iconBell::before {
         mask-image: url("$(res)/img/element-icons/notifications.svg");
     }

res/css/views/dialogs/_Crypto.pcss

@@ -1,18 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-.mx_Crypto {
-    table {
-        margin: var(--cpd-space-4x) 0;
-        text-align: left;
-        border-spacing: var(--cpd-space-2x) 0;
-
-        thead {
-            font: var(--cpd-font-heading-sm-semibold);
-        }
-    }
-}

res/css/views/elements/_Pill.pcss

@@ -26,8 +26,7 @@ Please see LICENSE files in the repository root for full details.
     }
 
     &.mx_UserPill_me,
-    &.mx_AtRoomPill,
-    &.mx_KeywordPill {
+    &.mx_AtRoomPill {
         background-color: var(--cpd-color-bg-critical-primary) !important; /* To override .markdown-body */
     }
 
@@ -46,8 +45,7 @@ Please see LICENSE files in the repository root for full details.
     }
 
     /* We don't want to indicate clickability */
-    &.mx_AtRoomPill:hover,
-    &.mx_KeywordPill:hover {
+    &.mx_AtRoomPill:hover {
         background-color: var(--cpd-color-bg-critical-primary) !important; /* To override .markdown-body */
         cursor: unset;
     }

res/css/views/messages/_DisambiguatedProfile.pcss

@@ -35,8 +35,6 @@ Please see LICENSE files in the repository root for full details.
     .mx_DisambiguatedProfile_mxid {
         margin-inline-start: 0;
         font: var(--cpd-font-body-sm-regular);
-        text-overflow: ellipsis;
-        overflow: hidden;
     }
 
     span:not(.mx_DisambiguatedProfile_mxid) {

res/css/views/right_panel/_ThreadPanel.pcss

@@ -15,48 +15,41 @@ Please see LICENSE files in the repository root for full details.
         flex: unset;
     }
 
-    .mx_ThreadPanelHeader {
-        height: 60px;
-        display: flex;
-        box-sizing: border-box;
-        padding: 16px;
-        align-items: center;
-        border-bottom: 1px solid var(--cpd-color-gray-400);
-
-        .mx_AccessibleButton {
-            font-size: 12px;
-            color: $secondary-content;
-        }
-
-        .mx_ThreadPanel_vertical_separator {
-            height: 28px;
-            margin-left: var(--cpd-space-3x);
-            margin-right: var(--cpd-space-2x);
-            border-left: 1px solid var(--cpd-color-gray-400);
-        }
-
-        .mx_ThreadPanel_dropdown {
-            font: var(--cpd-font-body-sm-regular);
-            padding: 3px $spacing-4 3px $spacing-8;
-            border-radius: 4px;
-            line-height: 1.5;
-            user-select: none;
-
-            &:hover,
-            &[aria-expanded="true"] {
-                background: $quinary-content;
+    .mx_BaseCard_header {
+        .mx_BaseCard_header_title {
+            .mx_AccessibleButton {
+                font-size: 12px;
+                color: $secondary-content;
             }
 
-            &::before {
-                margin-left: 2px;
-                content: "";
-                width: 20px;
-                height: 20px;
-                background: currentColor;
-                mask-image: url("@vector-im/compound-design-tokens/icons/chevron-down.svg");
-                mask-size: 100%;
-                mask-repeat: no-repeat;
-                float: right;
+            .mx_ThreadPanel_vertical_separator {
+                height: 16px;
+                margin-left: var(--cpd-space-3x);
+                margin-right: var(--cpd-space-1x);
+                border-left: 1px solid var(--cpd-color-gray-400);
+            }
+
+            .mx_ThreadPanel_dropdown {
+                padding: 3px $spacing-4 3px $spacing-8;
+                border-radius: 4px;
+                line-height: 1.5;
+                user-select: none;
+
+                &:hover,
+                &[aria-expanded="true"] {
+                    background: $quinary-content;
+                }
+
+                &::before {
+                    content: "";
+                    width: 18px;
+                    height: 18px;
+                    background: currentColor;
+                    mask-image: url("@vector-im/compound-design-tokens/icons/chevron-down.svg");
+                    mask-size: 100%;
+                    mask-repeat: no-repeat;
+                    float: right;
+                }
             }
         }
     }

res/css/views/rooms/_EventTile.pcss

@@ -135,6 +135,12 @@ $left-gutter: 64px;
         }
     }
 
+    &.mx_EventTile_highlight,
+    &.mx_EventTile_highlight .markdown-body,
+    &.mx_EventTile_highlight .mx_EventTile_edited {
+        color: $alert;
+    }
+
     &.mx_EventTile_bubbleContainer {
         display: grid;
         grid-template-columns: 1fr 100px;

res/css/views/rooms/_MemberTileView.pcss

@@ -35,7 +35,6 @@ Please see LICENSE files in the repository root for full details.
         font: var(--cpd-font-body-sm-regular);
         font-size: 13px;
         color: var(--cpd-color-text-secondary);
-        margin-left: var(--cpd-space-4x);
     }
 
     .mx_MemberTileView_avatar {

res/css/views/settings/encryption/_AdvancedPanel.pcss

@@ -1,51 +0,0 @@
-/*
- * Copyright 2024 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-.mx_EncryptionDetails,
-.mx_OtherSettings {
-    display: flex;
-    flex-direction: column;
-    gap: var(--cpd-space-6x);
-    width: 100%;
-    align-items: start;
-
-    .mx_EncryptionDetails_session_title,
-    .mx_OtherSettings_title {
-        font: var(--cpd-font-body-lg-semibold);
-        padding-bottom: var(--cpd-space-2x);
-        border-bottom: 1px solid var(--cpd-color-gray-400);
-        width: 100%;
-        margin: 0;
-    }
-}
-
-.mx_EncryptionDetails {
-    .mx_EncryptionDetails_session {
-        display: flex;
-        flex-direction: column;
-        gap: var(--cpd-space-4x);
-        width: 100%;
-
-        > div {
-            display: flex;
-
-            > span {
-                width: 50%;
-                word-wrap: break-word;
-            }
-        }
-
-        > div:nth-child(odd) {
-            background-color: var(--cpd-color-gray-200);
-        }
-    }
-
-    .mx_EncryptionDetails_buttons {
-        display: flex;
-        gap: var(--cpd-space-4x);
-    }
-}

res/css/views/settings/encryption/_ResetIdentityPanel.pcss

@@ -1,26 +0,0 @@
-/*
- * Copyright 2024 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-.mx_ResetIdentityPanel {
-    .mx_ResetIdentityPanel_content {
-        display: flex;
-        flex-direction: column;
-        gap: var(--cpd-space-3x);
-
-        > span {
-            font: var(--cpd-font-body-md-medium);
-            text-align: center;
-        }
-    }
-
-    .mx_ResetIdentityPanel_footer {
-        display: flex;
-        flex-direction: column;
-        gap: var(--cpd-space-4x);
-        justify-content: center;
-    }
-}

res/img/element-icons/roomlist/dnd-cross.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M11.3333 7.3335V8.66683H10.5533L13.56 11.6735C14.26 10.6202 14.6667 9.36016 14.6667 8.00016C14.6667 4.32016 11.68 1.3335 8.00001 1.3335C6.64001 1.3335 5.38001 1.74016 4.32668 2.44016L9.22001 7.3335H11.3333ZM0.926682 2.8135L2.44001 4.32683C1.74001 5.38016 1.33335 6.64016 1.33335 8.00016C1.33335 11.6802 4.32001 14.6668 8.00001 14.6668C9.36001 14.6668 10.62 14.2602 11.6733 13.5602L13.1867 15.0735L14.1267 14.1335L1.87335 1.8735L0.926682 2.8135ZM4.66668 7.3335H5.44668L6.78001 8.66683H4.66668V7.3335Z" fill="#737D8C"/>
+</svg>

res/img/element-icons/roomlist/dnd.svg

@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12 2C6.48 2 2 6.48 2 12C2 17.52 6.48 22 12 22C17.52 22 22 17.52 22 12C22 6.48 17.52 2 12 2ZM17 13H7V11H17V13Z" fill="#17191C"/>
+</svg>

src/CreateCrossSigning.ts

@@ -31,50 +31,49 @@ export async function createCrossSigning(cli: MatrixClient): Promise<void> {
         throw new Error("No crypto API found!");
     }
 
+    const doBootstrapUIAuth = async (
+        makeRequest: (authData: AuthDict) => Promise<UIAResponse<void>>,
+    ): Promise<void> => {
+        try {
+            await makeRequest({});
+        } catch (error) {
+            if (!(error instanceof MatrixError) || !error.data || !error.data.flows) {
+                // Not a UIA response
+                throw error;
+            }
+
+            const dialogAesthetics = {
+                [SSOAuthEntry.PHASE_PREAUTH]: {
+                    title: _t("auth|uia|sso_title"),
+                    body: _t("auth|uia|sso_preauth_body"),
+                    continueText: _t("auth|sso"),
+                    continueKind: "primary",
+                },
+                [SSOAuthEntry.PHASE_POSTAUTH]: {
+                    title: _t("encryption|confirm_encryption_setup_title"),
+                    body: _t("encryption|confirm_encryption_setup_body"),
+                    continueText: _t("action|confirm"),
+                    continueKind: "primary",
+                },
+            };
+
+            const { finished } = Modal.createDialog(InteractiveAuthDialog, {
+                title: _t("encryption|bootstrap_title"),
+                matrixClient: cli,
+                makeRequest,
+                aestheticsForStagePhases: {
+                    [SSOAuthEntry.LOGIN_TYPE]: dialogAesthetics,
+                    [SSOAuthEntry.UNSTABLE_LOGIN_TYPE]: dialogAesthetics,
+                },
+            });
+            const [confirmed] = await finished;
+            if (!confirmed) {
+                throw new Error("Cross-signing key upload auth canceled");
+            }
+        }
+    };
+
     await cryptoApi.bootstrapCrossSigning({
-        authUploadDeviceSigningKeys: (makeRequest) => uiAuthCallback(cli, makeRequest),
+        authUploadDeviceSigningKeys: doBootstrapUIAuth,
     });
 }
-
-export async function uiAuthCallback(
-    matrixClient: MatrixClient,
-    makeRequest: (authData: AuthDict) => Promise<UIAResponse<void>>,
-): Promise<void> {
-    try {
-        await makeRequest({});
-    } catch (error) {
-        if (!(error instanceof MatrixError) || !error.data || !error.data.flows) {
-            // Not a UIA response
-            throw error;
-        }
-
-        const dialogAesthetics = {
-            [SSOAuthEntry.PHASE_PREAUTH]: {
-                title: _t("auth|uia|sso_title"),
-                body: _t("auth|uia|sso_preauth_body"),
-                continueText: _t("auth|sso"),
-                continueKind: "primary",
-            },
-            [SSOAuthEntry.PHASE_POSTAUTH]: {
-                title: _t("encryption|confirm_encryption_setup_title"),
-                body: _t("encryption|confirm_encryption_setup_body"),
-                continueText: _t("action|confirm"),
-                continueKind: "primary",
-            },
-        };
-
-        const { finished } = Modal.createDialog(InteractiveAuthDialog, {
-            title: _t("encryption|bootstrap_title"),
-            matrixClient,
-            makeRequest,
-            aestheticsForStagePhases: {
-                [SSOAuthEntry.LOGIN_TYPE]: dialogAesthetics,
-                [SSOAuthEntry.UNSTABLE_LOGIN_TYPE]: dialogAesthetics,
-            },
-        });
-        const [confirmed] = await finished;
-        if (!confirmed) {
-            throw new Error("Cross-signing key upload auth canceled");
-        }
-    }
-}

src/components/structures/ThreadPanel.tsx

@@ -129,10 +129,10 @@ export const ThreadPanelHeader: React.FC<{
     );
 
     return (
-        <div className="mx_ThreadPanelHeader">
+        <div className="mx_BaseCard_header_title">
             <Tooltip label={_t("threads|mark_all_read")}>
-                <IconButton onClick={onMarkAllThreadsReadClick} size="28px">
-                    <MarkAllThreadsReadIcon height={20} width={20} />
+                <IconButton onClick={onMarkAllThreadsReadClick} size="24px">
+                    <MarkAllThreadsReadIcon />
                 </IconButton>
             </Tooltip>
             <div className="mx_ThreadPanel_vertical_separator" />
@@ -192,7 +192,9 @@ const ThreadPanel: React.FC<IProps> = ({ roomId, onClose, permalinkCreator }) =>
             narrow={narrow}
         >
             <BaseCard
-                header={_t("common|threads")}
+                header={
+                    hasThreads && <ThreadPanelHeader filterOption={filterOption} setFilterOption={setFilterOption} />
+                }
                 id="thread-panel"
                 className="mx_ThreadPanel"
                 ariaLabelledBy="thread-panel-tab"
@@ -202,7 +204,6 @@ const ThreadPanel: React.FC<IProps> = ({ roomId, onClose, permalinkCreator }) =>
                 ref={card}
                 closeButtonRef={closeButonRef}
             >
-                {hasThreads && <ThreadPanelHeader filterOption={filterOption} setFilterOption={setFilterOption} />}
                 <Measured sensor={card} onMeasurement={setNarrow} />
                 {timelineSet ? (
                     <TimelinePanel

src/components/viewmodels/memberlist/tiles/MemberTileViewModel.tsx

@@ -145,7 +145,7 @@ export function useMemberTileViewModel(props: MemberTileViewModelProps): MemberT
         userLabel = _t(PowerLabel[powerStatus]);
     }
     if (props.member.isInvite) {
-        userLabel = _t("member_list|invited_label");
+        userLabel = `(${_t("member_list|invited_label")})`;
     }
 
     return {

src/components/viewmodels/memberlist/tiles/ThreePidTileViewModel.tsx

@@ -30,7 +30,7 @@ export function useThreePidTileViewModel(props: ThreePidTileViewModelProps): Thr
         });
     };
 
-    const userLabel = _t("member_list|invited_label");
+    const userLabel = `(${_t("member_list|invited_label")})`;
 
     return {
         name,

src/components/views/dialogs/DevtoolsDialog.tsx

@@ -24,7 +24,6 @@ import { SettingLevel } from "../../../settings/SettingLevel";
 import ServerInfo from "./devtools/ServerInfo";
 import CopyableText from "../elements/CopyableText";
 import RoomNotifications from "./devtools/RoomNotifications";
-import { Crypto } from "./devtools/Crypto";
 
 enum Category {
     Room,
@@ -50,7 +49,6 @@ const Tools: Record<Category, [label: TranslationKey, tool: Tool][]> = {
         [_td("devtools|explore_account_data"), AccountDataExplorer],
         [_td("devtools|settings_explorer"), SettingExplorer],
         [_td("devtools|server_info"), ServerInfo],
-        [_td("devtools|crypto|title"), Crypto],
     ],
 };
 

src/components/views/dialogs/devtools/Crypto.tsx

@@ -1,256 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import React, { JSX } from "react";
-import { InlineSpinner } from "@vector-im/compound-web";
-
-import { useMatrixClientContext } from "../../../../contexts/MatrixClientContext";
-import BaseTool from "./BaseTool";
-import { useAsyncMemo } from "../../../../hooks/useAsyncMemo";
-import { _t } from "../../../../languageHandler";
-
-interface KeyBackupProps {
-    /**
-     * Callback to invoke when the back button is clicked.
-     */
-    onBack(): void;
-}
-
-/**
- * A component that displays information about the key storage and cross-signing.
- */
-export function Crypto({ onBack }: KeyBackupProps): JSX.Element {
-    const matrixClient = useMatrixClientContext();
-    return (
-        <BaseTool onBack={onBack} className="mx_Crypto">
-            {matrixClient.getCrypto() ? (
-                <>
-                    <KeyStorage />
-                    <CrossSigning />
-                </>
-            ) : (
-                <span>{_t("devtools|crypto|crypto_not_available")}</span>
-            )}
-        </BaseTool>
-    );
-}
-
-/**
- * A component that displays information about the key storage.
- */
-function KeyStorage(): JSX.Element {
-    const matrixClient = useMatrixClientContext();
-    const keyStorageData = useAsyncMemo(async () => {
-        const crypto = matrixClient.getCrypto()!;
-
-        // Get all the key storage data that we will display
-        const backupInfo = await crypto.getKeyBackupInfo();
-        const backupKeyStored = Boolean(await matrixClient.isKeyBackupKeyStored());
-        const backupKeyFromCache = await crypto.getSessionBackupPrivateKey();
-        const backupKeyCached = Boolean(backupKeyFromCache);
-        const backupKeyWellFormed = backupKeyFromCache instanceof Uint8Array;
-        const activeBackupVersion = await crypto.getActiveSessionBackupVersion();
-        const secretStorageKeyInAccount = await matrixClient.secretStorage.hasKey();
-        const secretStorageReady = await crypto.isSecretStorageReady();
-
-        return {
-            backupInfo,
-            backupKeyStored,
-            backupKeyCached,
-            backupKeyWellFormed,
-            activeBackupVersion,
-            secretStorageKeyInAccount,
-            secretStorageReady,
-        };
-    }, [matrixClient]);
-
-    // Show a spinner while loading
-    if (keyStorageData === undefined) return <InlineSpinner aria-label={_t("common|loading")} />;
-
-    const {
-        backupInfo,
-        backupKeyStored,
-        backupKeyCached,
-        backupKeyWellFormed,
-        activeBackupVersion,
-        secretStorageKeyInAccount,
-        secretStorageReady,
-    } = keyStorageData;
-
-    return (
-        <table aria-label={_t("devtools|crypto|key_storage")}>
-            <thead>{_t("devtools|crypto|key_storage")}</thead>
-            <tbody>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|key_backup_latest_version")}</th>
-                    <td>
-                        {backupInfo
-                            ? `${backupInfo.version} (${_t("settings|security|key_backup_algorithm")} ${backupInfo.algorithm})`
-                            : _t("devtools|crypto|key_backup_inactive_warning")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|backup_key_stored_status")}</th>
-                    <td>
-                        {backupKeyStored
-                            ? _t("devtools|crypto|backup_key_stored")
-                            : _t("devtools|crypto|backup_key_not_stored")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|key_backup_active_version")}</th>
-                    <td>
-                        {activeBackupVersion === null
-                            ? _t("devtools|crypto|key_backup_active_version_none")
-                            : activeBackupVersion}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|backup_key_cached_status")}</th>
-                    <td>
-                        {`${
-                            backupKeyCached
-                                ? _t("devtools|crypto|backup_key_cached")
-                                : _t("devtools|crypto|not_found_locally")
-                        }, ${
-                            backupKeyWellFormed
-                                ? _t("devtools|crypto|backup_key_well_formed")
-                                : _t("devtools|crypto|backup_key_unexpected_type")
-                        }`}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|4s_public_key_status")}</th>
-                    <td>
-                        {secretStorageKeyInAccount
-                            ? _t("devtools|crypto|4s_public_key_in_account_data")
-                            : _t("devtools|crypto|4s_public_key_not_in_account_data")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|secret_storage_status")}</th>
-                    <td>
-                        {secretStorageReady
-                            ? _t("devtools|crypto|secret_storage_ready")
-                            : _t("devtools|crypto|secret_storage_not_ready")}
-                    </td>
-                </tr>
-            </tbody>
-        </table>
-    );
-}
-
-/**
- * A component that displays information about cross-signing.
- */
-function CrossSigning(): JSX.Element {
-    const matrixClient = useMatrixClientContext();
-    const crossSigningData = useAsyncMemo(async () => {
-        const crypto = matrixClient.getCrypto()!;
-
-        // Get all the cross-signing data that we will display
-        const crossSigningStatus = await crypto.getCrossSigningStatus();
-        const crossSigningPublicKeysOnDevice = crossSigningStatus.publicKeysOnDevice;
-        const crossSigningPrivateKeysInStorage = crossSigningStatus.privateKeysInSecretStorage;
-        const masterPrivateKeyCached = crossSigningStatus.privateKeysCachedLocally.masterKey;
-        const selfSigningPrivateKeyCached = crossSigningStatus.privateKeysCachedLocally.selfSigningKey;
-        const userSigningPrivateKeyCached = crossSigningStatus.privateKeysCachedLocally.userSigningKey;
-        const crossSigningReady = await crypto.isCrossSigningReady();
-
-        return {
-            crossSigningPublicKeysOnDevice,
-            crossSigningPrivateKeysInStorage,
-            masterPrivateKeyCached,
-            selfSigningPrivateKeyCached,
-            userSigningPrivateKeyCached,
-            crossSigningReady,
-        };
-    }, [matrixClient]);
-
-    // Show a spinner while loading
-    if (crossSigningData === undefined) return <InlineSpinner aria-label={_t("common|loading")} />;
-
-    const {
-        crossSigningPublicKeysOnDevice,
-        crossSigningPrivateKeysInStorage,
-        masterPrivateKeyCached,
-        selfSigningPrivateKeyCached,
-        userSigningPrivateKeyCached,
-        crossSigningReady,
-    } = crossSigningData;
-
-    return (
-        <table aria-label={_t("devtools|crypto|cross_signing")}>
-            <thead>{_t("devtools|crypto|cross_signing")}</thead>
-            <tbody>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|cross_signing_status")}</th>
-                    <td>{getCrossSigningStatus(crossSigningReady, crossSigningPrivateKeysInStorage)}</td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|cross_signing_public_keys_on_device_status")}</th>
-                    <td>
-                        {crossSigningPublicKeysOnDevice
-                            ? _t("devtools|crypto|cross_signing_public_keys_on_device")
-                            : _t("devtools|crypto|not_found")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|cross_signing_private_keys_in_storage_status")}</th>
-                    <td>
-                        {crossSigningPrivateKeysInStorage
-                            ? _t("devtools|crypto|cross_signing_private_keys_in_storage")
-                            : _t("devtools|crypto|cross_signing_private_keys_not_in_storage")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|master_private_key_cached_status")}</th>
-                    <td>
-                        {masterPrivateKeyCached
-                            ? _t("devtools|crypto|cross_signing_cached")
-                            : _t("devtools|crypto|not_found_locally")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|self_signing_private_key_cached_status")}</th>
-                    <td>
-                        {selfSigningPrivateKeyCached
-                            ? _t("devtools|crypto|cross_signing_cached")
-                            : _t("devtools|crypto|not_found_locally")}
-                    </td>
-                </tr>
-                <tr>
-                    <th scope="row">{_t("devtools|crypto|user_signing_private_key_cached_status")}</th>
-                    <td>
-                        {userSigningPrivateKeyCached
-                            ? _t("devtools|crypto|cross_signing_cached")
-                            : _t("devtools|crypto|not_found_locally")}
-                    </td>
-                </tr>
-            </tbody>
-        </table>
-    );
-}
-
-/**
- * Get the cross-signing status.
- * @param crossSigningReady Whether cross-signing is ready.
- * @param crossSigningPrivateKeysInStorage Whether cross-signing private keys are in secret storage.
- */
-function getCrossSigningStatus(crossSigningReady: boolean, crossSigningPrivateKeysInStorage: boolean): string {
-    if (crossSigningReady) {
-        return crossSigningPrivateKeysInStorage
-            ? _t("devtools|crypto|cross_signing_ready")
-            : _t("devtools|crypto|cross_signing_untrusted");
-    }
-
-    if (crossSigningPrivateKeysInStorage) {
-        return _t("devtools|crypto|cross_signing_not_ready");
-    }
-
-    return _t("devtools|crypto|cross_signing_not_ready");
-}

src/components/views/elements/Pill.tsx

@@ -25,7 +25,6 @@ export enum PillType {
     AtRoomMention = "TYPE_AT_ROOM_MENTION", // '@room' mention
     EventInSameRoom = "TYPE_EVENT_IN_SAME_ROOM",
     EventInOtherRoom = "TYPE_EVENT_IN_OTHER_ROOM",
-    Keyword = "TYPE_KEYWORD", // Used to highlight keywords that triggered a notification rule
 }
 
 export const pillRoomNotifPos = (text: string | null): number => {
@@ -77,32 +76,14 @@ export interface PillProps {
     room?: Room;
     // Whether to include an avatar in the pill
     shouldShowPillAvatar?: boolean;
-    // Explicitly-provided text to display in the pill
-    text?: string;
 }
 
-export const Pill: React.FC<PillProps> = ({
-    type: propType,
-    url,
-    inMessage,
-    room,
-    shouldShowPillAvatar = true,
-    text: customPillText,
-}) => {
-    const {
-        event,
-        member,
-        onClick,
-        resourceId,
-        targetRoom,
-        text: linkText,
-        type,
-    } = usePermalink({
+export const Pill: React.FC<PillProps> = ({ type: propType, url, inMessage, room, shouldShowPillAvatar = true }) => {
+    const { event, member, onClick, resourceId, targetRoom, text, type } = usePermalink({
         room,
         type: propType,
         url,
     });
-    const text = customPillText ?? linkText;
 
     if (!type || !text) {
         return null;
@@ -115,7 +96,6 @@ export const Pill: React.FC<PillProps> = ({
         mx_UserPill: type === PillType.UserMention,
         mx_UserPill_me: resourceId === MatrixClientPeg.safeGet().getUserId(),
         mx_EventPill: type === PillType.EventInOtherRoom || type === PillType.EventInSameRoom,
-        mx_KeywordPill: type === PillType.Keyword,
     });
 
     let avatar: ReactElement | null = null;
@@ -151,8 +131,6 @@ export const Pill: React.FC<PillProps> = ({
         case PillType.UserMention:
             avatar = <PillMemberAvatar shouldShowPillAvatar={shouldShowPillAvatar} member={member} />;
             break;
-        case PillType.Keyword:
-            break;
         default:
             return null;
     }

src/components/views/messages/TextualBody.tsx

@@ -7,9 +7,8 @@ Please see LICENSE files in the repository root for full details.
 */
 
 import React, { createRef, SyntheticEvent, MouseEvent, StrictMode } from "react";
-import { MsgType, PushRuleKind } from "matrix-js-sdk/src/matrix";
+import { MsgType } from "matrix-js-sdk/src/matrix";
 import { TooltipProvider } from "@vector-im/compound-web";
-import { globToRegexp } from "matrix-js-sdk/src/utils";
 
 import * as HtmlUtils from "../../../HtmlUtils";
 import { formatDate } from "../../../DateUtils";
@@ -36,7 +35,6 @@ import { EditWysiwygComposer } from "../rooms/wysiwyg_composer";
 import { IEventTileOps } from "../rooms/EventTile";
 import { MatrixClientPeg } from "../../../MatrixClientPeg";
 import CodeBlock from "./CodeBlock";
-import { Pill, PillType } from "../elements/Pill";
 import { ReactRootManager } from "../../../utils/react";
 
 interface IState {
@@ -102,16 +100,6 @@ export default class TextualBody extends React.Component<IBodyProps, IState> {
                 }
             }
         }
-
-        // Highlight notification keywords using pills
-        const pushDetails = this.props.mxEvent.getPushDetails();
-        if (
-            pushDetails.rule?.enabled &&
-            pushDetails.rule.kind === PushRuleKind.ContentSpecific &&
-            pushDetails.rule.pattern
-        ) {
-            this.pillifyNotificationKeywords([content], this.regExpForKeywordPattern(pushDetails.rule.pattern));
-        }
     }
 
     private addCodeElement(pre: HTMLPreElement): void {
@@ -222,55 +210,6 @@ export default class TextualBody extends React.Component<IBodyProps, IState> {
         }
     }
 
-    /**
-     * Marks the text that activated a push-notification keyword pattern.
-     */
-    private pillifyNotificationKeywords(nodes: ArrayLike<Element>, exp: RegExp): void {
-        let node: Node | null = nodes[0];
-        while (node) {
-            if (node.nodeType === Node.TEXT_NODE) {
-                const text = node.nodeValue;
-                if (!text) {
-                    node = node.nextSibling;
-                    continue;
-                }
-                const match = text.match(exp);
-                if (!match || match.length < 3) {
-                    node = node.nextSibling;
-                    continue;
-                }
-                const keywordText = match[2];
-                const idx = match.index! + match[1].length;
-                const before = text.substring(0, idx);
-                const after = text.substring(idx + keywordText.length);
-
-                const container = document.createElement("span");
-                const newContent = (
-                    <>
-                        {before}
-                        <TooltipProvider>
-                            <Pill text={keywordText} type={PillType.Keyword} />
-                        </TooltipProvider>
-                        {after}
-                    </>
-                );
-                this.reactRoots.render(newContent, container, node);
-
-                node.parentNode?.replaceChild(container, node);
-            } else if (node.childNodes && node.childNodes.length) {
-                this.pillifyNotificationKeywords(node.childNodes as NodeListOf<Element>, exp);
-            }
-
-            node = node.nextSibling;
-        }
-    }
-
-    private regExpForKeywordPattern(pattern: string): RegExp {
-        // Reflects the push notification pattern-matching implementation at
-        // https://github.com/matrix-org/matrix-js-sdk/blob/dbd7d26968b94700827bac525c39afff2c198e61/src/pushprocessor.ts#L570
-        return new RegExp("(^|\\W)(" + globToRegexp(pattern) + ")(\\W|$)", "i");
-    }
-
     private findLinks(nodes: ArrayLike<Element>): string[] {
         let links: string[] = [];
 

src/components/views/settings/devices/LoginWithQRSection.tsx

@@ -31,7 +31,8 @@ export function shouldShowQr(
 ): boolean {
     const msc4108Supported = !!versions?.unstable_features?.["org.matrix.msc4108"];
 
-    const deviceAuthorizationGrantSupported = oidcClientConfig?.grant_types_supported.includes(DEVICE_CODE_SCOPE);
+    const deviceAuthorizationGrantSupported =
+        oidcClientConfig?.metadata?.grant_types_supported.includes(DEVICE_CODE_SCOPE);
 
     return (
         !!deviceAuthorizationGrantSupported &&

src/components/views/settings/encryption/AdvancedPanel.tsx

@@ -1,139 +0,0 @@
-/*
- * Copyright 2024 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import React, { JSX, lazy, MouseEventHandler } from "react";
-import { Button, HelpMessage, InlineField, InlineSpinner, Label, Root, ToggleControl } from "@vector-im/compound-web";
-import DownloadIcon from "@vector-im/compound-design-tokens/assets/web/icons/download";
-import ShareIcon from "@vector-im/compound-design-tokens/assets/web/icons/share";
-
-import { _t } from "../../../../languageHandler";
-import { SettingsSection } from "../shared/SettingsSection";
-import { useMatrixClientContext } from "../../../../contexts/MatrixClientContext";
-import { useAsyncMemo } from "../../../../hooks/useAsyncMemo";
-import Modal from "../../../../Modal";
-import { SettingLevel } from "../../../../settings/SettingLevel";
-import { useSettingValueAt } from "../../../../hooks/useSettings";
-import SettingsStore from "../../../../settings/SettingsStore";
-
-interface AdvancedPanelProps {
-    /**
-     * Callback for when the user clicks the button to reset their identity.
-     */
-    onResetIdentityClick: MouseEventHandler<HTMLButtonElement>;
-}
-
-/**
- * The advanced panel of the encryption settings.
- */
-export function AdvancedPanel({ onResetIdentityClick }: AdvancedPanelProps): JSX.Element {
-    return (
-        <SettingsSection heading={_t("settings|encryption|advanced|title")} legacy={false}>
-            <EncryptionDetails onResetIdentityClick={onResetIdentityClick} />
-            <OtherSettings />
-        </SettingsSection>
-    );
-}
-
-interface EncryptionDetails {
-    /**
-     * Callback for when the user clicks the button to reset their identity.
-     */
-    onResetIdentityClick: MouseEventHandler<HTMLButtonElement>;
-}
-
-/**
- * The encryption details section of the advanced panel.
- */
-function EncryptionDetails({ onResetIdentityClick }: EncryptionDetails): JSX.Element {
-    const matrixClient = useMatrixClientContext();
-    // Null when the keys are not loaded yet
-    const keys = useAsyncMemo(() => matrixClient.getCrypto()!.getOwnDeviceKeys(), [matrixClient], null);
-
-    return (
-        <div className="mx_EncryptionDetails" data-testid="encryptionDetails">
-            <div className="mx_EncryptionDetails_session">
-                <h3 className="mx_EncryptionDetails_session_title">
-                    {_t("settings|encryption|advanced|details_title")}
-                </h3>
-                <div>
-                    <span>{_t("settings|encryption|advanced|session_id")}</span>
-                    <span data-testid="deviceId">{matrixClient.deviceId}</span>
-                </div>
-                <div>
-                    <span>{_t("settings|encryption|advanced|session_key")}</span>
-                    <span data-testid="sessionKey">
-                        {keys ? keys.ed25519 : <InlineSpinner aria-label={_t("common|loading")} />}
-                    </span>
-                </div>
-            </div>
-            <div className="mx_EncryptionDetails_buttons">
-                <Button
-                    size="sm"
-                    kind="secondary"
-                    Icon={ShareIcon}
-                    onClick={() =>
-                        Modal.createDialog(
-                            lazy(
-                                () => import("../../../../async-components/views/dialogs/security/ExportE2eKeysDialog"),
-                            ),
-                            { matrixClient },
-                        )
-                    }
-                >
-                    {_t("settings|encryption|advanced|export_keys")}
-                </Button>
-                <Button
-                    size="sm"
-                    kind="secondary"
-                    Icon={DownloadIcon}
-                    onClick={() =>
-                        Modal.createDialog(
-                            lazy(
-                                () => import("../../../../async-components/views/dialogs/security/ImportE2eKeysDialog"),
-                            ),
-                            { matrixClient },
-                        )
-                    }
-                >
-                    {_t("settings|encryption|advanced|import_keys")}
-                </Button>
-            </div>
-            <Button size="sm" kind="tertiary" destructive={true} onClick={onResetIdentityClick}>
-                {_t("settings|encryption|advanced|reset_identity")}
-            </Button>
-        </div>
-    );
-}
-
-/**
- * Display the never send encrypted message to unverified devices setting.
- */
-function OtherSettings(): JSX.Element | null {
-    const blacklistUnverifiedDevices = useSettingValueAt(SettingLevel.DEVICE, "blacklistUnverifiedDevices");
-    const canSetValue = SettingsStore.canSetValue("blacklistUnverifiedDevices", null, SettingLevel.DEVICE);
-    if (!canSetValue) return null;
-
-    return (
-        <Root
-            data-testid="otherSettings"
-            className="mx_OtherSettings"
-            onChange={async (evt) => {
-                const checked = new FormData(evt.currentTarget).get("neverSendEncrypted") === "on";
-                await SettingsStore.setValue("blacklistUnverifiedDevices", null, SettingLevel.DEVICE, checked);
-            }}
-        >
-            <h3 className="mx_OtherSettings_title">{_t("settings|encryption|advanced|other_people_device_title")}</h3>
-            <InlineField
-                name="neverSendEncrypted"
-                control={<ToggleControl name="neverSendEncrypted" defaultChecked={blacklistUnverifiedDevices} />}
-            >
-                <Label>{_t("settings|encryption|advanced|other_people_device_label")}</Label>
-                <HelpMessage>{_t("settings|encryption|advanced|other_people_device_description")}</HelpMessage>
-            </InlineField>
-        </Root>
-    );
-}

src/components/views/settings/encryption/ChangeRecoveryKey.tsx

@@ -18,7 +18,6 @@ import {
     TextControl,
 } from "@vector-im/compound-web";
 import CopyIcon from "@vector-im/compound-design-tokens/assets/web/icons/copy";
-import KeyIcon from "@vector-im/compound-design-tokens/assets/web/icons/key-solid";
 import { logger } from "matrix-js-sdk/src/logger";
 
 import { _t } from "../../../../languageHandler";
@@ -158,12 +157,7 @@ export function ChangeRecoveryKey({
                 pages={pages}
                 onPageClick={onCancelClick}
             />
-            <EncryptionCard
-                Icon={KeyIcon}
-                title={labels.title}
-                description={labels.description}
-                className="mx_ChangeRecoveryKey"
-            >
+            <EncryptionCard title={labels.title} description={labels.description} className="mx_ChangeRecoveryKey">
                 {content}
             </EncryptionCard>
         </>

src/components/views/settings/encryption/EncryptionCard.tsx

@@ -5,8 +5,9 @@
  * Please see LICENSE files in the repository root for full details.
  */
 
-import React, { JSX, PropsWithChildren, ComponentType, SVGAttributes } from "react";
+import React, { JSX, PropsWithChildren } from "react";
 import { BigIcon, Heading } from "@vector-im/compound-web";
+import KeyIcon from "@vector-im/compound-design-tokens/assets/web/icons/key-solid";
 import classNames from "classnames";
 
 interface EncryptionCardProps {
@@ -21,15 +22,7 @@ interface EncryptionCardProps {
     /**
      * The description of the card.
      */
-    description?: string;
-    /**
-     * Whether this icon shows a destructive action.
-     */
-    destructive?: boolean;
-    /**
-     * The icon to display.
-     */
-    Icon: ComponentType<SVGAttributes<SVGElement>>;
+    description: string;
 }
 
 /**
@@ -39,20 +32,18 @@ export function EncryptionCard({
     title,
     description,
     className,
-    destructive = false,
-    Icon,
     children,
 }: PropsWithChildren<EncryptionCardProps>): JSX.Element {
     return (
         <div className={classNames("mx_EncryptionCard", className)}>
             <div className="mx_EncryptionCard_header">
-                <BigIcon destructive={destructive}>
-                    <Icon />
+                <BigIcon>
+                    <KeyIcon />
                 </BigIcon>
                 <Heading as="h2" size="sm" weight="semibold">
                     {title}
                 </Heading>
-                {description && <span>{description}</span>}
+                <span>{description}</span>
             </div>
             {children}
         </div>

src/components/views/settings/encryption/RecoveryPanel.tsx

@@ -106,7 +106,6 @@ export function RecoveryPanel({ onChangeRecoveryKeyClick }: RecoveryPanelProps):
                 />
             }
             subHeading={<Subheader state={state} />}
-            data-testid="recoveryPanel"
         >
             {content}
         </SettingsSection>

src/components/views/settings/encryption/ResetIdentityPanel.tsx

@@ -1,83 +0,0 @@
-/*
- * Copyright 2024 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import { Breadcrumb, Button, VisualList, VisualListItem } from "@vector-im/compound-web";
-import CheckIcon from "@vector-im/compound-design-tokens/assets/web/icons/check";
-import InfoIcon from "@vector-im/compound-design-tokens/assets/web/icons/info";
-import ErrorIcon from "@vector-im/compound-design-tokens/assets/web/icons/error";
-import React, { MouseEventHandler } from "react";
-
-import { _t } from "../../../../languageHandler";
-import { EncryptionCard } from "./EncryptionCard";
-import { useMatrixClientContext } from "../../../../contexts/MatrixClientContext";
-import { uiAuthCallback } from "../../../../CreateCrossSigning";
-
-interface ResetIdentityPanelProps {
-    /**
-     * Called when the identity is reset.
-     */
-    onFinish: MouseEventHandler<HTMLButtonElement>;
-    /**
-     * Called when the cancel button is clicked or when we go back in the breadcrumbs.
-     */
-    onCancelClick: () => void;
-}
-
-/**
- * The panel for resetting the identity of the current user.
- */
-export function ResetIdentityPanel({ onCancelClick, onFinish }: ResetIdentityPanelProps): JSX.Element {
-    const matrixClient = useMatrixClientContext();
-
-    return (
-        <>
-            <Breadcrumb
-                backLabel={_t("action|back")}
-                onBackClick={onCancelClick}
-                pages={[_t("settings|encryption|title"), _t("settings|encryption|advanced|breadcrumb_page")]}
-                onPageClick={onCancelClick}
-            />
-            <EncryptionCard
-                Icon={ErrorIcon}
-                destructive={true}
-                title={_t("settings|encryption|advanced|breadcrumb_title")}
-                className="mx_ResetIdentityPanel"
-            >
-                <div className="mx_ResetIdentityPanel_content">
-                    <VisualList>
-                        <VisualListItem Icon={CheckIcon} success={true}>
-                            {_t("settings|encryption|advanced|breadcrumb_first_description")}
-                        </VisualListItem>
-                        <VisualListItem Icon={InfoIcon}>
-                            {_t("settings|encryption|advanced|breadcrumb_second_description")}
-                        </VisualListItem>
-                        <VisualListItem Icon={InfoIcon}>
-                            {_t("settings|encryption|advanced|breadcrumb_third_description")}
-                        </VisualListItem>
-                    </VisualList>
-                    <span>{_t("settings|encryption|advanced|breadcrumb_warning")}</span>
-                </div>
-                <div className="mx_ResetIdentityPanel_footer">
-                    <Button
-                        destructive={true}
-                        onClick={async (evt) => {
-                            await matrixClient
-                                .getCrypto()
-                                ?.resetEncryption((makeRequest) => uiAuthCallback(matrixClient, makeRequest));
-                            onFinish(evt);
-                        }}
-                    >
-                        {_t("action|continue")}
-                    </Button>
-                    <Button kind="tertiary" onClick={onCancelClick}>
-                        {_t("action|cancel")}
-                    </Button>
-                </div>
-            </EncryptionCard>
-        </>
-    );
-}

src/components/views/settings/tabs/user/EncryptionUserSettingsTab.tsx

@@ -6,7 +6,7 @@
  */
 
 import React, { JSX, useCallback, useEffect, useState } from "react";
-import { Button, InlineSpinner, Separator } from "@vector-im/compound-web";
+import { Button, InlineSpinner } from "@vector-im/compound-web";
 import ComputerIcon from "@vector-im/compound-design-tokens/assets/web/icons/computer";
 
 import SettingsTab from "../SettingsTab";
@@ -18,8 +18,6 @@ import Modal from "../../../../../Modal";
 import SetupEncryptionDialog from "../../../dialogs/security/SetupEncryptionDialog";
 import { SettingsSection } from "../../shared/SettingsSection";
 import { SettingsSubheader } from "../../SettingsSubheader";
-import { AdvancedPanel } from "../../encryption/AdvancedPanel";
-import { ResetIdentityPanel } from "../../encryption/ResetIdentityPanel";
 
 /**
  * The state in the encryption settings tab.
@@ -31,9 +29,8 @@ import { ResetIdentityPanel } from "../../encryption/ResetIdentityPanel";
  *                           This happens when the user has a recovery key and the user clicks on "Change recovery key" button of the RecoveryPanel.
  *  - "set_recovery_key": The panel to show when the user is setting up their recovery key.
  *                        This happens when the user doesn't have a key a recovery key and the user clicks on "Set up recovery key" button of the RecoveryPanel.
- *  - "reset_identity": The panel to show when the user is resetting their identity.
  */
-type State = "loading" | "main" | "set_up_encryption" | "change_recovery_key" | "set_recovery_key" | "reset_identity";
+type State = "loading" | "main" | "set_up_encryption" | "change_recovery_key" | "set_recovery_key";
 
 export function EncryptionUserSettingsTab(): JSX.Element {
     const [state, setState] = useState<State>("loading");
@@ -49,15 +46,11 @@ export function EncryptionUserSettingsTab(): JSX.Element {
             break;
         case "main":
             content = (
-                <>
-                    <RecoveryPanel
-                        onChangeRecoveryKeyClick={(setupNewKey) =>
-                            setupNewKey ? setState("set_recovery_key") : setState("change_recovery_key")
-                        }
-                    />
-                    <Separator kind="section" />
-                    <AdvancedPanel onResetIdentityClick={() => setState("reset_identity")} />
-                </>
+                <RecoveryPanel
+                    onChangeRecoveryKeyClick={(setupNewKey) =>
+                        setupNewKey ? setState("set_recovery_key") : setState("change_recovery_key")
+                    }
+                />
             );
             break;
         case "change_recovery_key":
@@ -70,9 +63,6 @@ export function EncryptionUserSettingsTab(): JSX.Element {
                 />
             );
             break;
-        case "reset_identity":
-            content = <ResetIdentityPanel onCancelClick={() => setState("main")} onFinish={() => setState("main")} />;
-            break;
     }
 
     return (

src/components/views/settings/tabs/user/SecurityUserSettingsTab.tsx

@@ -319,7 +319,7 @@ export default class SecurityUserSettingsTab extends React.Component<IProps, ISt
             );
         }
 
-        let posthogSection;
+        let privacySection;
         if (PosthogAnalytics.instance.isEnabled()) {
             const onClickAnalyticsLearnMore = (): void => {
                 showAnalyticsLearnMoreDialog({
@@ -327,8 +327,9 @@ export default class SecurityUserSettingsTab extends React.Component<IProps, ISt
                     hasCancel: false,
                 });
             };
-            posthogSection = (
-                <>
+            privacySection = (
+                <SettingsSection heading={_t("common|privacy")}>
+                    <DiscoverySettings />
                     <SettingsSubsection
                         heading={_t("common|analytics")}
                         description={_t("settings|security|analytics_description")}
@@ -343,7 +344,7 @@ export default class SecurityUserSettingsTab extends React.Component<IProps, ISt
                     <SettingsSubsection heading={_t("settings|sessions|title")}>
                         <SettingsFlag name="deviceClientInformationOptIn" level={SettingLevel.ACCOUNT} />
                     </SettingsSubsection>
-                </>
+                </SettingsSection>
             );
         }
 
@@ -372,10 +373,7 @@ export default class SecurityUserSettingsTab extends React.Component<IProps, ISt
                     {crossSigning}
                     <CryptographyPanel />
                 </SettingsSection>
-                <SettingsSection heading={_t("common|privacy")}>
-                    <DiscoverySettings />
-                    {posthogSection}
-                </SettingsSection>
+                {privacySection}
                 {advancedSection}
             </SettingsTab>
         );

src/components/views/settings/tabs/user/SessionManagerTab.tsx

@@ -7,7 +7,7 @@ Please see LICENSE files in the repository root for full details.
 */
 
 import React, { lazy, Suspense, useCallback, useContext, useEffect, useRef, useState } from "react";
-import { MatrixClient } from "matrix-js-sdk/src/matrix";
+import { discoverAndValidateOIDCIssuerWellKnown, MatrixClient } from "matrix-js-sdk/src/matrix";
 import { logger } from "matrix-js-sdk/src/logger";
 import { defer } from "matrix-js-sdk/src/utils";
 
@@ -163,7 +163,10 @@ const SessionManagerTab: React.FC<{
     const clientVersions = useAsyncMemo(() => matrixClient.getVersions(), [matrixClient]);
     const oidcClientConfig = useAsyncMemo(async () => {
         try {
-            return await matrixClient?.getAuthMetadata();
+            const authIssuer = await matrixClient?.getAuthIssuer();
+            if (authIssuer) {
+                return discoverAndValidateOIDCIssuerWellKnown(authIssuer.issuer);
+            }
         } catch (e) {
             logger.error("Failed to discover OIDC metadata", e);
         }

src/i18n/strings/de_DE.json

@@ -539,7 +539,6 @@
         "qr_code": "QR-Code",
         "random": "Ohne Thema",
         "reactions": "Reaktionen",
-        "recommended": "Empfohlen",
         "report_a_bug": "Einen Fehler melden",
         "room": "Raum",
         "room_name": "Raumname",
@@ -879,18 +878,14 @@
             "title": "Cross-Signing-Schlüssel zerstören?",
             "warning": "Das Löschen von Quersignierungsschlüsseln ist dauerhaft. Alle, mit dem du dich verifiziert hast, werden Sicherheitswarnungen angezeigt bekommen. Du möchtest dies mit ziemlicher Sicherheit nicht tun, es sei denn, du hast jedes Gerät verloren, von dem aus du quersignieren kannst."
         },
-        "enter_recovery_key": "Geben Sie den Wiederherstellungsschlüssel ein",
         "event_shield_reason_authenticity_not_guaranteed": "Die Echtheit dieser verschlüsselten Nachricht kann auf diesem Gerät nicht garantiert werden.",
         "event_shield_reason_mismatched_sender_key": "Von einer nicht verifizierten Sitzung verschlüsselt",
         "event_shield_reason_unknown_device": "Durch ein unbekanntes oder gelöschtes Gerät verschlüsselt.",
         "event_shield_reason_unsigned_device": "Durch ein von Besitzer nicht verifiziertes Gerät verschlüsselt.",
         "event_shield_reason_unverified_identity": "Durch einen nicht verifizierten Benutzer verschlüsselt.",
         "export_unsupported": "Dein Browser unterstützt die benötigten Verschlüsselungserweiterungen nicht",
-        "forgot_recovery_key": "Wiederherstellungsschlüssel vergessen?",
         "import_invalid_keyfile": "Keine gültige %(brand)s-Schlüsseldatei",
         "import_invalid_passphrase": "Authentifizierung fehlgeschlagen: Falsches Passwort?",
-        "key_storage_out_of_sync": "Ihr Schlüsselspeicher ist nicht synchronisiert.",
-        "key_storage_out_of_sync_description": "Bestätigen Sie Ihren Wiederherstellungsschlüssel, um weiterhin auf Ihren Schlüsselspeicher und den Nachrichtenverlauf zugreifen zu können.",
         "messages_not_secure": {
             "cause_1": "Dein Heim-Server",
             "cause_2": "Der Heim-Server der Person, die du verifizierst",
@@ -2420,36 +2415,6 @@
         "emoji_autocomplete": "Emoji-Vorschläge während Eingabe",
         "enable_markdown": "Markdown aktivieren",
         "enable_markdown_description": "Beginne Nachrichten mit <code>/plain</code>, um sie ohne Markdown zu senden.",
-        "encryption": {
-            "device_not_verified_button": "Dieses Gerät verifizieren",
-            "device_not_verified_description": "Sie müssen dieses Gerät verifizieren, um Ihre Verschlüsselungseinstellungen einsehen zu können.",
-            "device_not_verified_title": "Gerät nicht verifiziert",
-            "dialog_title": "<strong>Einstellungen:</strong> Verschlüsselung",
-            "recovery": {
-                "change_recovery_confirm_button": "Bestätigen Sie den neuen Wiederherstellungsschlüssel",
-                "change_recovery_confirm_description": "Geben Sie unten Ihren neuen Wiederherstellungsschlüssel ein, um den Vorgang abzuschließen. Ihr alter Wiederherstellungsschlüssel funktioniert nicht mehr.",
-                "change_recovery_confirm_title": "Geben Sie Ihren neuen Wiederherstellungsschlüssel ein",
-                "change_recovery_key": "Wiederherstellungsschlüssel ändern",
-                "change_recovery_key_description": "Notieren Sie sich diesen neuen Wiederherstellungsschlüssel an einem sicheren Ort. Klicken Sie anschließend auf Weiter, um die Änderung zu bestätigen.",
-                "change_recovery_key_title": "Wiederherstellungsschlüssel ändern?",
-                "description": "Falls Sie alle Ihre Geräte verloren haben. stellen Sie Ihre kryptografische Identität und Ihren Nachrichtenverlauf mit einem Wiederherstellungsschlüssel wieder her.",
-                "enter_key_error": "Der eingegebene Wiederherstellungsschlüssel ist nicht korrekt.",
-                "enter_recovery_key": "Geben Sie den Wiederherstellungsschlüssel ein",
-                "key_storage_warning": "Ihr Schlüsselspeicher ist nicht synchronisiert. Klicken Sie auf die Schaltfläche unten, um das Problem zu beheben.",
-                "save_key_description": "Teilen Sie dies mit niemandem!",
-                "save_key_title": "Wiederherstellungsschlüssel",
-                "set_up_recovery": "Wiederherstellung einrichten",
-                "set_up_recovery_confirm_button": "Einrichtung abschließen",
-                "set_up_recovery_confirm_description": "Geben Sie den auf dem vorherigen Bildschirm angezeigten Wiederherstellungsschlüssel ein, um die Einrichtung der Wiederherstellung abzuschließen.",
-                "set_up_recovery_confirm_title": "Geben Sie zur Bestätigung Ihren Wiederherstellungsschlüssel ein",
-                "set_up_recovery_description": "Ihr Schlüsselspeicher ist durch einen Wiederherstellungsschlüssel geschützt. Wenn Sie nach der Installation einen neuen Wiederherstellungsschlüssel benötigen, können Sie ihn neu erstellen, indem Sie '%(changeRecoveryKeyButton)s' auswählen.",
-                "set_up_recovery_save_key_description": "Notieren Sie sich diesen Wiederherstellungsschlüssel an einem sicheren Ort, z. B. in einem Passwort-Manager, einer verschlüsselten Notiz oder einem Safe.",
-                "set_up_recovery_save_key_title": "Bewahren Sie Ihren Wiederherstellungsschlüssel an einem sicheren Ort auf",
-                "set_up_recovery_secondary_description": "Nachdem Sie auf Weiter geklickt haben, generieren wir einen Wiederherstellungsschlüssel für Sie.",
-                "title": "Wiederherstellung"
-            },
-            "title": "Verschlüsselung"
-        },
         "general": {
             "account_management_section": "Benutzerkontenverwaltung",
             "account_section": "Benutzerkonto",

src/i18n/strings/en_EN.json

@@ -734,44 +734,6 @@
         "category_room": "Room",
         "caution_colon": "Caution:",
         "client_versions": "Client Versions",
-        "crypto": {
-            "4s_public_key_in_account_data": "in account data",
-            "4s_public_key_not_in_account_data": "not found",
-            "4s_public_key_status": "Secret storage public key:",
-            "backup_key_cached": "cached locally",
-            "backup_key_cached_status": "Backup key cached:",
-            "backup_key_not_stored": "not stored",
-            "backup_key_stored": "in secret storage",
-            "backup_key_stored_status": "Backup key stored:",
-            "backup_key_unexpected_type": "unexpected type",
-            "backup_key_well_formed": "well formed",
-            "cross_signing": "Cross-signing",
-            "cross_signing_cached": "cached locally",
-            "cross_signing_not_ready": "Cross-signing is not set up.",
-            "cross_signing_private_keys_in_storage": "in secret storage",
-            "cross_signing_private_keys_in_storage_status": "Cross-signing private keys:",
-            "cross_signing_private_keys_not_in_storage": "not found in storage",
-            "cross_signing_public_keys_on_device": "in memory",
-            "cross_signing_public_keys_on_device_status": "Cross-signing public keys:",
-            "cross_signing_ready": "Cross-signing is ready for use.",
-            "cross_signing_status": "Cross-signing status:",
-            "cross_signing_untrusted": "Your account has a cross-signing identity in secret storage, but it is not yet trusted by this session.",
-            "crypto_not_available": "Cryptographic module is not available",
-            "key_backup_active_version": "Active backup version:",
-            "key_backup_active_version_none": "None",
-            "key_backup_inactive_warning": "Your keys are not being backed up from this session.",
-            "key_backup_latest_version": "Latest backup version on server:",
-            "key_storage": "Key Storage",
-            "master_private_key_cached_status": "Master private key:",
-            "not_found": "not found",
-            "not_found_locally": "not found locally",
-            "secret_storage_not_ready": "not ready",
-            "secret_storage_ready": "ready",
-            "secret_storage_status": "Secret storage:",
-            "self_signing_private_key_cached_status": "Self signing private key:",
-            "title": "End-to-end encryption",
-            "user_signing_private_key_cached_status": "User signing private key:"
-        },
         "developer_mode": "Developer mode",
         "developer_tools": "Developer Tools",
         "edit_setting": "Edit setting",
@@ -2460,24 +2422,6 @@
         "enable_markdown": "Enable Markdown",
         "enable_markdown_description": "Start messages with <code>/plain</code> to send without markdown.",
         "encryption": {
-            "advanced": {
-                "breadcrumb_first_description": "Your account details, contacts, preferences, and chat list will be kept",
-                "breadcrumb_page": "Reset encryption",
-                "breadcrumb_second_description": "You will lose any message history that’s stored only on the server",
-                "breadcrumb_third_description": "You will need to verify all your existing devices and contacts again",
-                "breadcrumb_title": "Are you sure you want to reset your identity?",
-                "breadcrumb_warning": "Only do this if you believe your account has been compromised.",
-                "details_title": "Encryption details",
-                "export_keys": "Export keys",
-                "import_keys": "Import keys",
-                "other_people_device_description": "By default in encrypted rooms, do not send encrypted messages to anyone until you’ve verified them",
-                "other_people_device_label": "Never send encrypted messages to unverified devices",
-                "other_people_device_title": "Other people’s devices",
-                "reset_identity": "Reset cryptographic identity",
-                "session_id": "Session ID:",
-                "session_key": "Session key:",
-                "title": "Advanced"
-            },
             "device_not_verified_button": "Verify this device",
             "device_not_verified_description": "You need to verify this device in order to view your encryption settings.",
             "device_not_verified_title": "Device not verified",

src/stores/oidc/OidcClientStore.ts

@@ -50,8 +50,11 @@ export class OidcClientStore {
         } else {
             // We are not in OIDC Native mode, as we have no locally stored issuer. Check if the server delegates auth to OIDC.
             try {
-                const authMetadata = await this.matrixClient.getAuthMetadata();
-                this.setAccountManagementEndpoint(authMetadata.account_management_uri, authMetadata.issuer);
+                const authIssuer = await this.matrixClient.getAuthIssuer();
+                const { accountManagementEndpoint, metadata } = await discoverAndValidateOIDCIssuerWellKnown(
+                    authIssuer.issuer,
+                );
+                this.setAccountManagementEndpoint(accountManagementEndpoint, metadata.issuer);
             } catch (e) {
                 console.log("Auth issuer not found", e);
             }
@@ -150,11 +153,14 @@ export class OidcClientStore {
 
         try {
             const clientId = getStoredOidcClientId();
-            const authMetadata = await discoverAndValidateOIDCIssuerWellKnown(this.authenticatedIssuer);
-            this.setAccountManagementEndpoint(authMetadata.account_management_uri, authMetadata.issuer);
+            const { accountManagementEndpoint, metadata, signingKeys } = await discoverAndValidateOIDCIssuerWellKnown(
+                this.authenticatedIssuer,
+            );
+            this.setAccountManagementEndpoint(accountManagementEndpoint, metadata.issuer);
             this.oidcClient = new OidcClient({
-                authority: authMetadata.issuer,
-                signingKeys: authMetadata.signingKeys ?? undefined,
+                ...metadata,
+                authority: metadata.issuer,
+                signingKeys,
                 redirect_uri: PlatformPeg.get()!.getOidcCallbackUrl().href,
                 client_id: clientId,
             });

src/stores/widgets/StopGapWidget.ts

@@ -6,14 +6,7 @@
  * Please see LICENSE files in the repository root for full details.
  */
 
-import {
-    Room,
-    MatrixEvent,
-    MatrixEventEvent,
-    MatrixClient,
-    ClientEvent,
-    RoomStateEvent,
-} from "matrix-js-sdk/src/matrix";
+import { Room, MatrixEvent, MatrixEventEvent, MatrixClient, ClientEvent } from "matrix-js-sdk/src/matrix";
 import { KnownMembership } from "matrix-js-sdk/src/types";
 import {
     ClientWidgetApi,
@@ -33,6 +26,7 @@ import {
     WidgetApiFromWidgetAction,
     WidgetKind,
 } from "matrix-widget-api";
+import { Optional } from "matrix-events-sdk";
 import { EventEmitter } from "events";
 import { logger } from "matrix-js-sdk/src/logger";
 
@@ -62,7 +56,6 @@ import { ViewRoomPayload } from "../../dispatcher/payloads/ViewRoomPayload";
 import Modal from "../../Modal";
 import ErrorDialog from "../../components/views/dialogs/ErrorDialog";
 import { SdkContextClass } from "../../contexts/SDKContext";
-import { UPDATE_EVENT } from "../AsyncStore";
 
 // TODO: Destroy all of this code
 
@@ -158,9 +151,6 @@ export class StopGapWidget extends EventEmitter {
     private mockWidget: ElementWidget;
     private scalarToken?: string;
     private roomId?: string;
-    // The room that we're currently allowing the widget to interact with. Only
-    // used for account widgets, which may follow the user to different rooms.
-    private viewedRoomId: string | null = null;
     private kind: WidgetKind;
     private readonly virtual: boolean;
     private readUpToMap: { [roomId: string]: string } = {}; // room ID to event ID
@@ -187,6 +177,17 @@ export class StopGapWidget extends EventEmitter {
         this.stickyPromise = appTileProps.stickyPromise;
     }
 
+    private get eventListenerRoomId(): Optional<string> {
+        // When widgets are listening to events, we need to make sure they're only
+        // receiving events for the right room. In particular, room widgets get locked
+        // to the room they were added in while account widgets listen to the currently
+        // active room.
+
+        if (this.roomId) return this.roomId;
+
+        return SdkContextClass.instance.roomViewStore.getRoomId();
+    }
+
     public get widgetApi(): ClientWidgetApi | null {
         return this.messaging;
     }
@@ -258,17 +259,6 @@ export class StopGapWidget extends EventEmitter {
             });
         }
     };
-
-    // This listener is only active for account widgets, which may follow the
-    // user to different rooms
-    private onRoomViewStoreUpdate = (): void => {
-        const roomId = SdkContextClass.instance.roomViewStore.getRoomId() ?? null;
-        if (roomId !== this.viewedRoomId) {
-            this.messaging!.setViewedRoomId(roomId);
-            this.viewedRoomId = roomId;
-        }
-    };
-
     /**
      * This starts the messaging for the widget if it is not in the state `started` yet.
      * @param iframe the iframe the widget should use
@@ -295,17 +285,6 @@ export class StopGapWidget extends EventEmitter {
         this.messaging.on("capabilitiesNotified", () => this.emit("capabilitiesNotified"));
         this.messaging.on(`action:${WidgetApiFromWidgetAction.OpenModalWidget}`, this.onOpenModal);
 
-        // When widgets are listening to events, we need to make sure they're only
-        // receiving events for the right room
-        if (this.roomId === undefined) {
-            // Account widgets listen to the currently active room
-            this.messaging.setViewedRoomId(SdkContextClass.instance.roomViewStore.getRoomId() ?? null);
-            SdkContextClass.instance.roomViewStore.on(UPDATE_EVENT, this.onRoomViewStoreUpdate);
-        } else {
-            // Room widgets get locked to the room they were added in
-            this.messaging.setViewedRoomId(this.roomId);
-        }
-
         // Always attach a handler for ViewRoom, but permission check it internally
         this.messaging.on(`action:${ElementWidgetActions.ViewRoom}`, (ev: CustomEvent<IViewRoomApiRequest>) => {
             ev.preventDefault(); // stop the widget API from auto-rejecting this
@@ -350,7 +329,6 @@ export class StopGapWidget extends EventEmitter {
         // Attach listeners for feeding events - the underlying widget classes handle permissions for us
         this.client.on(ClientEvent.Event, this.onEvent);
         this.client.on(MatrixEventEvent.Decrypted, this.onEventDecrypted);
-        this.client.on(RoomStateEvent.Events, this.onStateUpdate);
         this.client.on(ClientEvent.ToDeviceEvent, this.onToDeviceEvent);
 
         this.messaging.on(
@@ -479,11 +457,8 @@ export class StopGapWidget extends EventEmitter {
         WidgetMessagingStore.instance.stopMessaging(this.mockWidget, this.roomId);
         this.messaging = null;
 
-        SdkContextClass.instance.roomViewStore.off(UPDATE_EVENT, this.onRoomViewStoreUpdate);
-
         this.client.off(ClientEvent.Event, this.onEvent);
         this.client.off(MatrixEventEvent.Decrypted, this.onEventDecrypted);
-        this.client.off(RoomStateEvent.Events, this.onStateUpdate);
         this.client.off(ClientEvent.ToDeviceEvent, this.onToDeviceEvent);
     }
 
@@ -496,14 +471,6 @@ export class StopGapWidget extends EventEmitter {
         this.feedEvent(ev);
     };
 
-    private onStateUpdate = (ev: MatrixEvent): void => {
-        if (this.messaging === null) return;
-        const raw = ev.getEffectiveEvent();
-        this.messaging.feedStateUpdate(raw as IRoomEvent).catch((e) => {
-            logger.error("Error sending state update to widget: ", e);
-        });
-    };
-
     private onToDeviceEvent = async (ev: MatrixEvent): Promise<void> => {
         await this.client.decryptEventIfNeeded(ev);
         if (ev.isDecryptionFailure()) return;
@@ -603,7 +570,7 @@ export class StopGapWidget extends EventEmitter {
                 this.eventsToFeed.add(ev);
             } else {
                 const raw = ev.getEffectiveEvent();
-                this.messaging.feedEvent(raw as IRoomEvent).catch((e) => {
+                this.messaging.feedEvent(raw as IRoomEvent, this.eventListenerRoomId!).catch((e) => {
                     logger.error("Error sending event to widget: ", e);
                 });
             }

src/stores/widgets/StopGapWidgetDriver.ts

@@ -19,6 +19,7 @@ import {
     MatrixCapabilities,
     OpenIDRequestState,
     SimpleObservable,
+    Symbols,
     Widget,
     WidgetDriver,
     WidgetEventCapability,
@@ -35,6 +36,7 @@ import {
     IContent,
     MatrixError,
     MatrixEvent,
+    Room,
     Direction,
     THREAD_RELATION_TYPE,
     SendDelayedEventResponse,
@@ -467,69 +469,70 @@ export class StopGapWidgetDriver extends WidgetDriver {
         }
     }
 
-    /**
-     * Reads all events of the given type, and optionally `msgtype` (if applicable/defined),
-     * the user has access to. The widget API will have already verified that the widget is
-     * capable of receiving the events. Less events than the limit are allowed to be returned,
-     * but not more.
-     * @param roomId The ID of the room to look within.
-     * @param eventType The event type to be read.
-     * @param msgtype The msgtype of the events to be read, if applicable/defined.
-     * @param stateKey The state key of the events to be read, if applicable/defined.
-     * @param limit The maximum number of events to retrieve. Will be zero to denote "as many as
-     * possible".
-     * @param since When null, retrieves the number of events specified by the "limit" parameter.
-     * Otherwise, the event ID at which only subsequent events will be returned, as many as specified
-     * in "limit".
-     * @returns {Promise<IRoomEvent[]>} Resolves to the room events, or an empty array.
-     */
-    public async readRoomTimeline(
-        roomId: string,
-        eventType: string,
-        msgtype: string | undefined,
-        stateKey: string | undefined,
-        limit: number,
-        since: string | undefined,
-    ): Promise<IRoomEvent[]> {
-        limit = limit > 0 ? Math.min(limit, Number.MAX_SAFE_INTEGER) : Number.MAX_SAFE_INTEGER; // relatively arbitrary
+    private pickRooms(roomIds?: (string | Symbols.AnyRoom)[]): Room[] {
+        const client = MatrixClientPeg.get();
+        if (!client) throw new Error("Not attached to a client");
 
-        const room = MatrixClientPeg.safeGet().getRoom(roomId);
-        if (room === null) return [];
-        const results: MatrixEvent[] = [];
-        const events = room.getLiveTimeline().getEvents(); // timelines are most recent last
-        for (let i = events.length - 1; i >= 0; i--) {
-            const ev = events[i];
-            if (results.length >= limit) break;
-            if (since !== undefined && ev.getId() === since) break;
-
-            if (ev.getType() !== eventType || ev.isState()) continue;
-            if (eventType === EventType.RoomMessage && msgtype && msgtype !== ev.getContent()["msgtype"]) continue;
-            if (ev.getStateKey() !== undefined && stateKey !== undefined && ev.getStateKey() !== stateKey) continue;
-            results.push(ev);
-        }
-
-        return results.map((e) => e.getEffectiveEvent() as IRoomEvent);
+        const targetRooms = roomIds
+            ? roomIds.includes(Symbols.AnyRoom)
+                ? client.getVisibleRooms(SettingsStore.getValue("feature_dynamic_room_predecessors"))
+                : roomIds.map((r) => client.getRoom(r))
+            : [client.getRoom(SdkContextClass.instance.roomViewStore.getRoomId()!)];
+        return targetRooms.filter((r) => !!r) as Room[];
     }
 
-    /**
-     * Reads the current values of all matching room state entries.
-     * @param roomId The ID of the room.
-     * @param eventType The event type of the entries to be read.
-     * @param stateKey The state key of the entry to be read. If undefined,
-     * all room state entries with a matching event type should be returned.
-     * @returns {Promise<IRoomEvent[]>} Resolves to the events representing the
-     * current values of the room state entries.
-     */
-    public async readRoomState(roomId: string, eventType: string, stateKey: string | undefined): Promise<IRoomEvent[]> {
-        const room = MatrixClientPeg.safeGet().getRoom(roomId);
-        if (room === null) return [];
-        const state = room.getLiveTimeline().getState(Direction.Forward);
-        if (state === undefined) return [];
+    public async readRoomEvents(
+        eventType: string,
+        msgtype: string | undefined,
+        limitPerRoom: number,
+        roomIds?: (string | Symbols.AnyRoom)[],
+    ): Promise<IRoomEvent[]> {
+        limitPerRoom = limitPerRoom > 0 ? Math.min(limitPerRoom, Number.MAX_SAFE_INTEGER) : Number.MAX_SAFE_INTEGER; // relatively arbitrary
 
-        if (stateKey === undefined)
-            return state.getStateEvents(eventType).map((e) => e.getEffectiveEvent() as IRoomEvent);
-        const event = state.getStateEvents(eventType, stateKey);
-        return event === null ? [] : [event.getEffectiveEvent() as IRoomEvent];
+        const rooms = this.pickRooms(roomIds);
+        const allResults: IRoomEvent[] = [];
+        for (const room of rooms) {
+            const results: MatrixEvent[] = [];
+            const events = room.getLiveTimeline().getEvents(); // timelines are most recent last
+            for (let i = events.length - 1; i > 0; i--) {
+                if (results.length >= limitPerRoom) break;
+
+                const ev = events[i];
+                if (ev.getType() !== eventType || ev.isState()) continue;
+                if (eventType === EventType.RoomMessage && msgtype && msgtype !== ev.getContent()["msgtype"]) continue;
+                results.push(ev);
+            }
+
+            results.forEach((e) => allResults.push(e.getEffectiveEvent() as IRoomEvent));
+        }
+        return allResults;
+    }
+
+    public async readStateEvents(
+        eventType: string,
+        stateKey: string | undefined,
+        limitPerRoom: number,
+        roomIds?: (string | Symbols.AnyRoom)[],
+    ): Promise<IRoomEvent[]> {
+        limitPerRoom = limitPerRoom > 0 ? Math.min(limitPerRoom, Number.MAX_SAFE_INTEGER) : Number.MAX_SAFE_INTEGER; // relatively arbitrary
+
+        const rooms = this.pickRooms(roomIds);
+        const allResults: IRoomEvent[] = [];
+        for (const room of rooms) {
+            const results: MatrixEvent[] = [];
+            const state = room.currentState.events.get(eventType);
+            if (state) {
+                if (stateKey === "" || !!stateKey) {
+                    const forKey = state.get(stateKey);
+                    if (forKey) results.push(forKey);
+                } else {
+                    results.push(...Array.from(state.values()));
+                }
+            }
+
+            results.slice(0, limitPerRoom).forEach((e) => allResults.push(e.getEffectiveEvent() as IRoomEvent));
+        }
+        return allResults;
     }
 
     public async askOpenID(observer: SimpleObservable<IOpenIDUpdate>): Promise<void> {
@@ -690,17 +693,6 @@ export class StopGapWidgetDriver extends WidgetDriver {
         return { file: blob };
     }
 
-    /**
-     * Gets the IDs of all joined or invited rooms currently known to the
-     * client.
-     * @returns The room IDs.
-     */
-    public getKnownRooms(): string[] {
-        return MatrixClientPeg.safeGet()
-            .getVisibleRooms(SettingsStore.getValue("feature_dynamic_room_predecessors"))
-            .map((r) => r.roomId);
-    }
-
     /**
      * Expresses a {@link MatrixError} as a JSON payload
      * for use by Widget API error responses.

src/utils/AutoDiscoveryUtils.tsx

@@ -11,6 +11,7 @@ import {
     AutoDiscovery,
     AutoDiscoveryError,
     ClientConfig,
+    discoverAndValidateOIDCIssuerWellKnown,
     IClientWellKnown,
     MatrixClient,
     MatrixError,
@@ -292,7 +293,8 @@ export default class AutoDiscoveryUtils {
         let delegatedAuthenticationError: Error | undefined;
         try {
             const tempClient = new MatrixClient({ baseUrl: preferredHomeserverUrl });
-            delegatedAuthentication = await tempClient.getAuthMetadata();
+            const { issuer } = await tempClient.getAuthIssuer();
+            delegatedAuthentication = await discoverAndValidateOIDCIssuerWellKnown(issuer);
         } catch (e) {
             if (e instanceof MatrixError && e.httpStatus === 404 && e.errcode === "M_UNRECOGNIZED") {
                 // 404 M_UNRECOGNIZED means the server does not support OIDC

src/utils/oidc/authorize.ts

@@ -39,7 +39,7 @@ export const startOidcLogin = async (
     const prompt = isRegistration ? "create" : undefined;
 
     const authorizationUrl = await generateOidcAuthorizationUrl({
-        metadata: delegatedAuthConfig,
+        metadata: delegatedAuthConfig.metadata,
         redirectUri,
         clientId,
         homeserverUrl,

src/utils/oidc/isUserRegistrationSupported.ts

@@ -15,6 +15,8 @@ import { OidcClientConfig } from "matrix-js-sdk/src/matrix";
  * @returns whether user registration is supported
  */
 export const isUserRegistrationSupported = (delegatedAuthConfig: OidcClientConfig): boolean => {
-    const supportedPrompts = delegatedAuthConfig.prompt_values_supported;
+    // The OidcMetadata type from oidc-client-ts does not include `prompt_values_supported`
+    // even though it is part of the OIDC spec, so cheat TS here to access it
+    const supportedPrompts = (delegatedAuthConfig.metadata as Record<string, unknown>)["prompt_values_supported"];
     return Array.isArray(supportedPrompts) && supportedPrompts?.includes("create");
 };

src/utils/oidc/registerClient.ts

@@ -40,9 +40,9 @@ export const getOidcClientId = async (
     delegatedAuthConfig: OidcClientConfig,
     staticOidcClients?: IConfigOptions["oidc_static_clients"],
 ): Promise<string> => {
-    const staticClientId = getStaticOidcClientId(delegatedAuthConfig.issuer, staticOidcClients);
+    const staticClientId = getStaticOidcClientId(delegatedAuthConfig.metadata.issuer, staticOidcClients);
     if (staticClientId) {
-        logger.debug(`Using static clientId for issuer ${delegatedAuthConfig.issuer}`);
+        logger.debug(`Using static clientId for issuer ${delegatedAuthConfig.metadata.issuer}`);
         return staticClientId;
     }
     return await registerOidcClient(delegatedAuthConfig, await PlatformPeg.get()!.getOidcClientMetadata());

test/test-utils/oidc.ts

@@ -6,4 +6,41 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com
 Please see LICENSE files in the repository root for full details.
 */
 
-export { makeDelegatedAuthConfig, mockOpenIdConfiguration } from "matrix-js-sdk/src/testing";
+import { OidcClientConfig } from "matrix-js-sdk/src/matrix";
+import { ValidatedIssuerMetadata } from "matrix-js-sdk/src/oidc/validate";
+
+/**
+ * Makes a valid OidcClientConfig with minimum valid values
+ * @param issuer used as the base for all other urls
+ * @returns OidcClientConfig
+ */
+export const makeDelegatedAuthConfig = (issuer = "https://auth.org/"): OidcClientConfig => {
+    const metadata = mockOpenIdConfiguration(issuer);
+
+    return {
+        accountManagementEndpoint: issuer + "account",
+        registrationEndpoint: metadata.registration_endpoint,
+        authorizationEndpoint: metadata.authorization_endpoint,
+        tokenEndpoint: metadata.token_endpoint,
+        metadata,
+    };
+};
+
+/**
+ * Useful for mocking <issuer>/.well-known/openid-configuration
+ * @param issuer used as the base for all other urls
+ * @returns ValidatedIssuerMetadata
+ */
+export const mockOpenIdConfiguration = (issuer = "https://auth.org/"): ValidatedIssuerMetadata => ({
+    issuer,
+    revocation_endpoint: issuer + "revoke",
+    token_endpoint: issuer + "token",
+    authorization_endpoint: issuer + "auth",
+    registration_endpoint: issuer + "registration",
+    device_authorization_endpoint: issuer + "device",
+    jwks_uri: issuer + "jwks",
+    response_types_supported: ["code"],
+    grant_types_supported: ["authorization_code", "refresh_token"],
+    code_challenge_methods_supported: ["S256"],
+    account_management_uri: issuer + "account",
+});

test/test-utils/test-utils.ts

@@ -116,7 +116,7 @@ export function createTestClient(): MatrixClient {
         },
 
         getCrypto: jest.fn().mockReturnValue({
-            getOwnDeviceKeys: jest.fn().mockResolvedValue({ ed25519: "ed25519", curve25519: "curve25519" }),
+            getOwnDeviceKeys: jest.fn(),
             getUserDeviceInfo: jest.fn().mockResolvedValue(new Map()),
             getUserVerificationStatus: jest.fn(),
             getDeviceVerificationStatus: jest.fn(),
@@ -151,9 +151,6 @@ export function createTestClient(): MatrixClient {
                 },
             }),
             isCrossSigningReady: jest.fn().mockResolvedValue(false),
-            resetEncryption: jest.fn(),
-            getSessionBackupPrivateKey: jest.fn().mockResolvedValue(null),
-            isSecretStorageReady: jest.fn().mockResolvedValue(false),
         }),
 
         getPushActionsForEvent: jest.fn(),

test/unit-tests/Lifecycle-test.ts

@@ -749,8 +749,11 @@ describe("Lifecycle", () => {
                 "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh4ZEhXb0Y5bW4ifQ.eyJzdWIiOiIwMUhQUDJGU0JZREU5UDlFTU04REQ3V1pIUiIsImlzcyI6Imh0dHBzOi8vYXV0aC1vaWRjLmxhYi5lbGVtZW50LmRldi8iLCJpYXQiOjE3MTUwNzE5ODUsImF1dGhfdGltZSI6MTcwNzk5MDMxMiwiY19oYXNoIjoidGt5R1RhUjU5aTk3YXoyTU4yMGdidyIsImV4cCI6MTcxNTA3NTU4NSwibm9uY2UiOiJxaXhwM0hFMmVaIiwiYXVkIjoiMDFIWDk0Mlg3QTg3REgxRUs2UDRaNjI4WEciLCJhdF9oYXNoIjoiNFlFUjdPRlVKTmRTeEVHV2hJUDlnZyJ9.HxODneXvSTfWB5Vc4cf7b8GiN2gdwUuTiyVqZuupWske2HkZiJZUt5Lsxg9BW3gz28POkE0Ln17snlkmy02B_AD3DQxKOOxQCzIIARHdfFvZxgGWsMdFcVQZDW7rtXcqgj-SpVaUQ_8acsgxSrz_DF2o0O4tto0PT6wVUiw8KlBmgWTscWPeAWe-39T-8EiQ8Wi16h6oSPcz2NzOQ7eOM_S9fDkOorgcBkRGLl1nrahrPSdWJSGAeruk5mX4YxN714YThFDyEA2t9YmKpjaiSQ2tT-Xkd7tgsZqeirNs2ni9mIiFX3bRX6t2AhUNzA7MaX9ZyizKGa6go3BESO_oDg";
 
             beforeAll(() => {
-                fetchMock.get(`${delegatedAuthConfig.issuer}.well-known/openid-configuration`, delegatedAuthConfig);
-                fetchMock.get(`${delegatedAuthConfig.issuer}jwks`, {
+                fetchMock.get(
+                    `${delegatedAuthConfig.metadata.issuer}.well-known/openid-configuration`,
+                    delegatedAuthConfig.metadata,
+                );
+                fetchMock.get(`${delegatedAuthConfig.metadata.issuer}jwks`, {
                     status: 200,
                     headers: {
                         "Content-Type": "application/json",
@@ -769,7 +772,9 @@ describe("Lifecycle", () => {
                 await setLoggedIn(credentials);
 
                 // didn't try to initialise token refresher
-                expect(fetchMock).not.toHaveFetched(`${delegatedAuthConfig.issuer}.well-known/openid-configuration`);
+                expect(fetchMock).not.toHaveFetched(
+                    `${delegatedAuthConfig.metadata.issuer}.well-known/openid-configuration`,
+                );
             });
 
             it("should not try to create a token refresher without a deviceId", async () => {
@@ -780,7 +785,9 @@ describe("Lifecycle", () => {
                 });
 
                 // didn't try to initialise token refresher
-                expect(fetchMock).not.toHaveFetched(`${delegatedAuthConfig.issuer}.well-known/openid-configuration`);
+                expect(fetchMock).not.toHaveFetched(
+                    `${delegatedAuthConfig.metadata.issuer}.well-known/openid-configuration`,
+                );
             });
 
             it("should not try to create a token refresher without an issuer in session storage", async () => {
@@ -796,7 +803,9 @@ describe("Lifecycle", () => {
                 });
 
                 // didn't try to initialise token refresher
-                expect(fetchMock).not.toHaveFetched(`${delegatedAuthConfig.issuer}.well-known/openid-configuration`);
+                expect(fetchMock).not.toHaveFetched(
+                    `${delegatedAuthConfig.metadata.issuer}.well-known/openid-configuration`,
+                );
             });
 
             it("should create a client with a tokenRefreshFunction", async () => {

test/unit-tests/components/structures/__snapshots__/ThreadPanel-test.tsx.snap

@@ -3,23 +3,20 @@
 exports[`ThreadPanel Header expect that All filter for ThreadPanelHeader properly renders Show: All threads 1`] = `
 <DocumentFragment>
   <div
-    class="mx_ThreadPanelHeader"
+    class="mx_BaseCard_header_title"
   >
     <button
       aria-labelledby=":r0:"
       class="_icon-button_bh2qc_17"
       role="button"
-      style="--cpd-icon-button-size: 28px;"
+      style="--cpd-icon-button-size: 24px;"
       tabindex="0"
     >
       <div
         class="_indicator-icon_133tf_26"
         style="--cpd-icon-button-size: 100%;"
       >
-        <div
-          height="20"
-          width="20"
-        />
+        <div />
       </div>
     </button>
     <div
@@ -41,23 +38,20 @@ exports[`ThreadPanel Header expect that All filter for ThreadPanelHeader properl
 exports[`ThreadPanel Header expect that My filter for ThreadPanelHeader properly renders Show: My threads 1`] = `
 <DocumentFragment>
   <div
-    class="mx_ThreadPanelHeader"
+    class="mx_BaseCard_header_title"
   >
     <button
       aria-labelledby=":r6:"
       class="_icon-button_bh2qc_17"
       role="button"
-      style="--cpd-icon-button-size: 28px;"
+      style="--cpd-icon-button-size: 24px;"
       tabindex="0"
     >
       <div
         class="_indicator-icon_133tf_26"
         style="--cpd-icon-button-size: 100%;"
       >
-        <div
-          height="20"
-          width="20"
-        />
+        <div />
       </div>
     </button>
     <div

test/unit-tests/components/structures/auth/Login-test.tsx

@@ -384,7 +384,7 @@ describe("Login", function () {
             await waitForElementToBeRemoved(() => screen.queryAllByLabelText("Loading…"));
 
             // didn't try to register
-            expect(fetchMock).not.toHaveBeenCalledWith(delegatedAuth.registration_endpoint);
+            expect(fetchMock).not.toHaveBeenCalledWith(delegatedAuth.registrationEndpoint);
             // continued with normal setup
             expect(mockClient.loginFlows).toHaveBeenCalled();
             // normal password login rendered
@@ -394,25 +394,25 @@ describe("Login", function () {
         it("should attempt to register oidc client", async () => {
             // dont mock, spy so we can check config values were correctly passed
             jest.spyOn(registerClientUtils, "getOidcClientId");
-            fetchMock.post(delegatedAuth.registration_endpoint!, { status: 500 });
+            fetchMock.post(delegatedAuth.registrationEndpoint!, { status: 500 });
             getComponent(hsUrl, isUrl, delegatedAuth);
 
             await waitForElementToBeRemoved(() => screen.queryAllByLabelText("Loading…"));
 
             // tried to register
-            expect(fetchMock).toHaveBeenCalledWith(delegatedAuth.registration_endpoint, expect.any(Object));
+            expect(fetchMock).toHaveBeenCalledWith(delegatedAuth.registrationEndpoint, expect.any(Object));
             // called with values from config
             expect(registerClientUtils.getOidcClientId).toHaveBeenCalledWith(delegatedAuth, oidcStaticClientsConfig);
         });
 
         it("should fallback to normal login when client registration fails", async () => {
-            fetchMock.post(delegatedAuth.registration_endpoint!, { status: 500 });
+            fetchMock.post(delegatedAuth.registrationEndpoint!, { status: 500 });
             getComponent(hsUrl, isUrl, delegatedAuth);
 
             await waitForElementToBeRemoved(() => screen.queryAllByLabelText("Loading…"));
 
             // tried to register
-            expect(fetchMock).toHaveBeenCalledWith(delegatedAuth.registration_endpoint, expect.any(Object));
+            expect(fetchMock).toHaveBeenCalledWith(delegatedAuth.registrationEndpoint, expect.any(Object));
             expect(logger.error).toHaveBeenCalledWith(new Error(OidcError.DynamicRegistrationFailed));
 
             // continued with normal setup
@@ -423,7 +423,7 @@ describe("Login", function () {
 
         // short term during active development, UI will be added in next PRs
         it("should show continue button when oidc native flow is correctly configured", async () => {
-            fetchMock.post(delegatedAuth.registration_endpoint!, { client_id: "abc123" });
+            fetchMock.post(delegatedAuth.registrationEndpoint!, { client_id: "abc123" });
             getComponent(hsUrl, isUrl, delegatedAuth);
 
             await waitForElementToBeRemoved(() => screen.queryAllByLabelText("Loading…"));
@@ -455,7 +455,7 @@ describe("Login", function () {
             await waitForElementToBeRemoved(() => screen.queryAllByLabelText("Loading…"));
 
             // didn't try to register
-            expect(fetchMock).not.toHaveBeenCalledWith(delegatedAuth.registration_endpoint);
+            expect(fetchMock).not.toHaveBeenCalledWith(delegatedAuth.registrationEndpoint);
             // continued with normal setup
             expect(mockClient.loginFlows).toHaveBeenCalled();
             // oidc-aware 'continue' button displayed

test/unit-tests/components/structures/auth/Registration-test.tsx

@@ -158,26 +158,24 @@ describe("Registration", function () {
     describe("when delegated authentication is configured and enabled", () => {
         const authConfig = makeDelegatedAuthConfig();
         const clientId = "test-client-id";
-        authConfig.prompt_values_supported = ["create"];
+        // @ts-ignore
+        authConfig.metadata["prompt_values_supported"] = ["create"];
 
         beforeEach(() => {
             // mock a statically registered client to avoid dynamic registration
             SdkConfig.put({
                 oidc_static_clients: {
-                    [authConfig.issuer]: {
+                    [authConfig.metadata.issuer]: {
                         client_id: clientId,
                     },
                 },
             });
 
             fetchMock.get(`${defaultHsUrl}/_matrix/client/unstable/org.matrix.msc2965/auth_issuer`, {
-                issuer: authConfig.issuer,
+                issuer: authConfig.metadata.issuer,
             });
-            fetchMock.get("https://auth.org/.well-known/openid-configuration", {
-                ...authConfig,
-                signingKeys: undefined,
-            });
-            fetchMock.get(authConfig.jwks_uri!, { keys: [] });
+            fetchMock.get("https://auth.org/.well-known/openid-configuration", authConfig.metadata);
+            fetchMock.get(authConfig.metadata.jwks_uri!, { keys: [] });
         });
 
         it("should display oidc-native continue button", async () => {

test/unit-tests/components/views/dialogs/__snapshots__/DevtoolsDialog-test.tsx.snap

@@ -99,11 +99,6 @@ exports[`DevtoolsDialog renders the devtools dialog 1`] = `
         >
           Server info
         </button>
-        <button
-          class="mx_DevTools_button"
-        >
-          End-to-end encryption
-        </button>
       </div>
       <div>
         <h3>

test/unit-tests/components/views/dialogs/devtools/Crypto-test.tsx

@@ -1,94 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import React from "react";
-import { MatrixClient } from "matrix-js-sdk/src/matrix";
-import { render, screen, waitFor } from "jest-matrix-react";
-import { KeyBackupInfo } from "matrix-js-sdk/src/crypto-api";
-
-import { createTestClient, withClientContextRenderOptions } from "../../../../../test-utils";
-import { Crypto } from "../../../../../../src/components/views/dialogs/devtools/Crypto";
-
-describe("<Crypto />", () => {
-    let matrixClient: MatrixClient;
-    beforeEach(() => {
-        matrixClient = createTestClient();
-    });
-
-    function renderComponent() {
-        return render(<Crypto onBack={jest.fn} />, withClientContextRenderOptions(matrixClient));
-    }
-
-    it("should display message if crypto is not available", async () => {
-        jest.spyOn(matrixClient, "getCrypto").mockReturnValue(undefined);
-        renderComponent();
-        expect(screen.getByText("Cryptographic module is not available")).toBeInTheDocument();
-    });
-
-    describe("<KeyStorage />", () => {
-        it("should display loading spinner while loading", async () => {
-            jest.spyOn(matrixClient.getCrypto()!, "getKeyBackupInfo").mockImplementation(() => new Promise(() => {}));
-            renderComponent();
-            await waitFor(() => expect(screen.getByLabelText("Loading…")).toBeInTheDocument());
-        });
-
-        it("should display when the key storage data are missing", async () => {
-            renderComponent();
-            await waitFor(() => expect(screen.getByRole("table", { name: "Key Storage" })).toBeInTheDocument());
-            expect(screen.getByRole("table", { name: "Key Storage" })).toMatchSnapshot();
-        });
-
-        it("should display when the key storage data are available", async () => {
-            jest.spyOn(matrixClient.getCrypto()!, "getKeyBackupInfo").mockResolvedValue({
-                algorithm: "m.megolm_backup.v1",
-                version: "1",
-            } as unknown as KeyBackupInfo);
-            jest.spyOn(matrixClient, "isKeyBackupKeyStored").mockResolvedValue({});
-            jest.spyOn(matrixClient.getCrypto()!, "getSessionBackupPrivateKey").mockResolvedValue(new Uint8Array(32));
-            jest.spyOn(matrixClient.getCrypto()!, "getActiveSessionBackupVersion").mockResolvedValue("2");
-            jest.spyOn(matrixClient.secretStorage, "hasKey").mockResolvedValue(true);
-            jest.spyOn(matrixClient.getCrypto()!, "isSecretStorageReady").mockResolvedValue(true);
-
-            renderComponent();
-            await waitFor(() => expect(screen.getByRole("table", { name: "Key Storage" })).toBeInTheDocument());
-            expect(screen.getByRole("table", { name: "Key Storage" })).toMatchSnapshot();
-        });
-    });
-
-    describe("<CrossSigning />", () => {
-        it("should display loading spinner while loading", async () => {
-            jest.spyOn(matrixClient.getCrypto()!, "getCrossSigningStatus").mockImplementation(
-                () => new Promise(() => {}),
-            );
-            renderComponent();
-            await waitFor(() => expect(screen.getByLabelText("Loading…")).toBeInTheDocument());
-        });
-
-        it("should display when the cross-signing data are missing", async () => {
-            renderComponent();
-            await waitFor(() => expect(screen.getByRole("table", { name: "Cross-signing" })).toBeInTheDocument());
-            expect(screen.getByRole("table", { name: "Cross-signing" })).toMatchSnapshot();
-        });
-
-        it("should display when the cross-signing data are available", async () => {
-            jest.spyOn(matrixClient.getCrypto()!, "getCrossSigningStatus").mockResolvedValue({
-                publicKeysOnDevice: true,
-                privateKeysInSecretStorage: true,
-                privateKeysCachedLocally: {
-                    masterKey: true,
-                    selfSigningKey: true,
-                    userSigningKey: true,
-                },
-            });
-            jest.spyOn(matrixClient.getCrypto()!, "isCrossSigningReady").mockResolvedValue(true);
-
-            renderComponent();
-            await waitFor(() => expect(screen.getByRole("table", { name: "Cross-signing" })).toBeInTheDocument());
-            expect(screen.getByRole("table", { name: "Cross-signing" })).toMatchSnapshot();
-        });
-    });
-});

test/unit-tests/components/views/dialogs/devtools/__snapshots__/Crypto-test.tsx.snap

@@ -1,289 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`<Crypto /> <CrossSigning /> should display when the cross-signing data are available 1`] = `
-<table
-  aria-label="Cross-signing"
->
-  <thead>
-    Cross-signing
-  </thead>
-  <tbody>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing status:
-      </th>
-      <td>
-        Cross-signing is ready for use.
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing public keys:
-      </th>
-      <td>
-        in memory
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing private keys:
-      </th>
-      <td>
-        in secret storage
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Master private key:
-      </th>
-      <td>
-        cached locally
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Self signing private key:
-      </th>
-      <td>
-        cached locally
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        User signing private key:
-      </th>
-      <td>
-        cached locally
-      </td>
-    </tr>
-  </tbody>
-</table>
-`;
-
-exports[`<Crypto /> <CrossSigning /> should display when the cross-signing data are missing 1`] = `
-<table
-  aria-label="Cross-signing"
->
-  <thead>
-    Cross-signing
-  </thead>
-  <tbody>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing status:
-      </th>
-      <td>
-        Cross-signing is not set up.
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing public keys:
-      </th>
-      <td>
-        not found
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Cross-signing private keys:
-      </th>
-      <td>
-        not found in storage
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Master private key:
-      </th>
-      <td>
-        not found locally
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Self signing private key:
-      </th>
-      <td>
-        not found locally
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        User signing private key:
-      </th>
-      <td>
-        not found locally
-      </td>
-    </tr>
-  </tbody>
-</table>
-`;
-
-exports[`<Crypto /> <KeyStorage /> should display when the key storage data are available 1`] = `
-<table
-  aria-label="Key Storage"
->
-  <thead>
-    Key Storage
-  </thead>
-  <tbody>
-    <tr>
-      <th
-        scope="row"
-      >
-        Latest backup version on server:
-      </th>
-      <td>
-        1 (Algorithm: m.megolm_backup.v1)
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Backup key stored:
-      </th>
-      <td>
-        in secret storage
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Active backup version:
-      </th>
-      <td>
-        2
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Backup key cached:
-      </th>
-      <td>
-        cached locally, well formed
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Secret storage public key:
-      </th>
-      <td>
-        in account data
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Secret storage:
-      </th>
-      <td>
-        ready
-      </td>
-    </tr>
-  </tbody>
-</table>
-`;
-
-exports[`<Crypto /> <KeyStorage /> should display when the key storage data are missing 1`] = `
-<table
-  aria-label="Key Storage"
->
-  <thead>
-    Key Storage
-  </thead>
-  <tbody>
-    <tr>
-      <th
-        scope="row"
-      >
-        Latest backup version on server:
-      </th>
-      <td>
-        Your keys are not being backed up from this session.
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Backup key stored:
-      </th>
-      <td>
-        not stored
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Active backup version:
-      </th>
-      <td>
-        None
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Backup key cached:
-      </th>
-      <td>
-        not found locally, unexpected type
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Secret storage public key:
-      </th>
-      <td>
-        not found
-      </td>
-    </tr>
-    <tr>
-      <th
-        scope="row"
-      >
-        Secret storage:
-      </th>
-      <td>
-        not ready
-      </td>
-    </tr>
-  </tbody>
-</table>
-`;

test/unit-tests/components/views/messages/TextualBody-test.tsx

@@ -7,7 +7,7 @@ Please see LICENSE files in the repository root for full details.
 */
 
 import React from "react";
-import { MatrixClient, MatrixEvent, PushRuleKind } from "matrix-js-sdk/src/matrix";
+import { MatrixClient, MatrixEvent } from "matrix-js-sdk/src/matrix";
 import { mocked, MockedObject } from "jest-mock";
 import { render, waitFor } from "jest-matrix-react";
 
@@ -228,23 +228,6 @@ describe("<TextualBody />", () => {
             const content = container.querySelector(".mx_EventTile_body");
             expect(content.innerHTML.replace(defaultEvent.getId(), "%event_id%")).toMatchSnapshot();
         });
-
-        it("should pillify a keyword responsible for triggering a notification", () => {
-            const ev = mkRoomTextMessage("foo bar baz");
-            ev.setPushDetails(undefined, {
-                actions: [],
-                pattern: "bar",
-                rule_id: "bar",
-                default: false,
-                enabled: true,
-                kind: PushRuleKind.ContentSpecific,
-            });
-            const { container } = getComponent({ mxEvent: ev });
-            const content = container.querySelector(".mx_EventTile_body");
-            expect(content.innerHTML).toMatchInlineSnapshot(
-                `"<span>foo <bdi><span tabindex="0"><span class="mx_Pill mx_KeywordPill"><span class="mx_Pill_text">bar</span></span></span></bdi> baz</span>"`,
-            );
-        });
     });
 
     describe("renders formatted m.text correctly", () => {

test/unit-tests/components/views/rooms/memberlist/__snapshots__/MemberTileView-test.tsx.snap

@@ -228,7 +228,7 @@ exports[`MemberTileView ThreePidInviteTileView renders ThreePidInvite correctly
         <div
           class="mx_MemberTileView_userLabel"
         >
-          Invited
+          (Invited)
         </div>
         <div
           class="mx_Flex mx_InvitedIconView"

test/unit-tests/components/views/settings/encryption/AdvancedPanel-test.tsx

@@ -1,99 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import React from "react";
-import { MatrixClient } from "matrix-js-sdk/src/matrix";
-import { render, screen, waitFor } from "jest-matrix-react";
-import userEvent from "@testing-library/user-event";
-
-import { createTestClient, withClientContextRenderOptions } from "../../../../../test-utils";
-import { AdvancedPanel } from "../../../../../../src/components/views/settings/encryption/AdvancedPanel";
-import SettingsStore from "../../../../../../src/settings/SettingsStore";
-import { SettingLevel } from "../../../../../../src/settings/SettingLevel";
-
-describe("<AdvancedPanel />", () => {
-    let matrixClient: MatrixClient;
-
-    beforeEach(() => {
-        matrixClient = createTestClient();
-    });
-
-    async function renderAdvancedPanel(onResetIdentityClick = jest.fn()) {
-        const renderResult = render(
-            <AdvancedPanel onResetIdentityClick={onResetIdentityClick} />,
-            withClientContextRenderOptions(matrixClient),
-        );
-        // Wait for the device keys to be displayed
-        await waitFor(() => expect(screen.getByText("ed25519")).toBeInTheDocument());
-        return renderResult;
-    }
-
-    describe("<EncryptionDetails />", () => {
-        it("should display a spinner when loading the device keys", async () => {
-            jest.spyOn(matrixClient.getCrypto()!, "getOwnDeviceKeys").mockImplementation(() => new Promise(() => {}));
-            render(<AdvancedPanel onResetIdentityClick={jest.fn()} />, withClientContextRenderOptions(matrixClient));
-
-            expect(screen.getByTestId("encryptionDetails")).toMatchSnapshot();
-        });
-
-        it("should display the device keys", async () => {
-            await renderAdvancedPanel();
-
-            // session id
-            expect(screen.getByText("ABCDEFGHI")).toBeInTheDocument();
-            // session key
-            expect(screen.getByText("ed25519")).toBeInTheDocument();
-            expect(screen.getByTestId("encryptionDetails")).toMatchSnapshot();
-        });
-
-        it("should call the onResetIdentityClick callback when the reset cryptographic identity button is clicked", async () => {
-            const user = userEvent.setup();
-
-            const onResetIdentityClick = jest.fn();
-            await renderAdvancedPanel(onResetIdentityClick);
-
-            const resetIdentityButton = screen.getByRole("button", { name: "Reset cryptographic identity" });
-            await user.click(resetIdentityButton);
-
-            expect(onResetIdentityClick).toHaveBeenCalled();
-        });
-    });
-
-    describe("<OtherSettings />", () => {
-        it("should display the blacklist of unverified devices settings", async () => {
-            const user = userEvent.setup();
-
-            jest.spyOn(SettingsStore, "getValueAt").mockReturnValue(true);
-            jest.spyOn(SettingsStore, "canSetValue").mockReturnValue(true);
-            jest.spyOn(SettingsStore, "setValue");
-
-            await renderAdvancedPanel();
-
-            expect(screen.getByTestId("otherSettings")).toMatchSnapshot();
-            const checkbox = screen.getByRole("checkbox", {
-                name: "Never send encrypted messages to unverified devices",
-            });
-            expect(checkbox).toBeChecked();
-
-            await user.click(checkbox);
-            expect(SettingsStore.setValue).toHaveBeenCalledWith(
-                "blacklistUnverifiedDevices",
-                null,
-                SettingLevel.DEVICE,
-                false,
-            );
-        });
-
-        it("should not display the section when the user can not set the value", async () => {
-            jest.spyOn(SettingsStore, "canSetValue").mockReturnValue(false);
-            jest.spyOn(SettingsStore, "setValue");
-
-            await renderAdvancedPanel();
-            expect(screen.queryByTestId("otherSettings")).toBeNull();
-        });
-    });
-});

test/unit-tests/components/views/settings/encryption/EncryptionCard-test.tsx

@@ -7,14 +7,13 @@
 
 import React from "react";
 import { render } from "jest-matrix-react";
-import KeyIcon from "@vector-im/compound-design-tokens/assets/web/icons/key-solid";
 
 import { EncryptionCard } from "../../../../../../src/components/views/settings/encryption/EncryptionCard";
 
 describe("<EncryptionCard />", () => {
     it("should render", () => {
         const { asFragment } = render(
-            <EncryptionCard Icon={KeyIcon} title="My title" description="My description">
+            <EncryptionCard title="My title" description="My description">
                 Encryption card children
             </EncryptionCard>,
         );

test/unit-tests/components/views/settings/encryption/ResetIdentityPanel-test.tsx

@@ -1,37 +0,0 @@
-/*
- * Copyright 2025 New Vector Ltd.
- *
- * SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Commercial
- * Please see LICENSE files in the repository root for full details.
- */
-
-import React from "react";
-import { MatrixClient } from "matrix-js-sdk/src/matrix";
-import { render, screen } from "jest-matrix-react";
-import userEvent from "@testing-library/user-event";
-
-import { ResetIdentityPanel } from "../../../../../../src/components/views/settings/encryption/ResetIdentityPanel";
-import { createTestClient, withClientContextRenderOptions } from "../../../../../test-utils";
-
-describe("<ResetIdentityPanel />", () => {
-    let matrixClient: MatrixClient;
-
-    beforeEach(() => {
-        matrixClient = createTestClient();
-    });
-
-    it("should reset the encryption when the continue button is clicked", async () => {
-        const user = userEvent.setup();
-
-        const onFinish = jest.fn();
-        const { asFragment } = render(
-            <ResetIdentityPanel onFinish={onFinish} onCancelClick={jest.fn()} />,
-            withClientContextRenderOptions(matrixClient),
-        );
-        expect(asFragment()).toMatchSnapshot();
-
-        await user.click(screen.getByRole("button", { name: "Continue" }));
-        expect(matrixClient.getCrypto()!.resetEncryption).toHaveBeenCalled();
-        expect(onFinish).toHaveBeenCalled();
-    });
-});

test/unit-tests/components/views/settings/encryption/__snapshots__/AdvancedPanel-test.tsx.snap

@@ -1,253 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`<AdvancedPanel /> <EncryptionDetails /> should display a spinner when loading the device keys 1`] = `
-<div
-  class="mx_EncryptionDetails"
-  data-testid="encryptionDetails"
->
-  <div
-    class="mx_EncryptionDetails_session"
-  >
-    <h3
-      class="mx_EncryptionDetails_session_title"
-    >
-      Encryption details
-    </h3>
-    <div>
-      <span>
-        Session ID:
-      </span>
-      <span
-        data-testid="deviceId"
-      >
-        ABCDEFGHI
-      </span>
-    </div>
-    <div>
-      <span>
-        Session key:
-      </span>
-      <span
-        data-testid="sessionKey"
-      >
-        <svg
-          aria-label="Loading…"
-          class="_icon_1ye7b_27"
-          fill="currentColor"
-          height="1em"
-          style="width: 20px; height: 20px;"
-          viewBox="0 0 24 24"
-          width="1em"
-          xmlns="http://www.w3.org/2000/svg"
-        >
-          <path
-            clip-rule="evenodd"
-            d="M12 4.031a8 8 0 1 0 8 8 1 1 0 0 1 2 0c0 5.523-4.477 10-10 10s-10-4.477-10-10 4.477-10 10-10a1 1 0 1 1 0 2Z"
-            fill-rule="evenodd"
-          />
-        </svg>
-      </span>
-    </div>
-  </div>
-  <div
-    class="mx_EncryptionDetails_buttons"
-  >
-    <button
-      class="_button_i91xf_17 _has-icon_i91xf_66"
-      data-kind="secondary"
-      data-size="sm"
-      role="button"
-      tabindex="0"
-    >
-      <svg
-        aria-hidden="true"
-        fill="currentColor"
-        height="20"
-        viewBox="0 0 24 24"
-        width="20"
-        xmlns="http://www.w3.org/2000/svg"
-      >
-        <path
-          d="M12 16a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 15V7.85L9.125 9.725c-.2.2-.433.3-.7.3-.267 0-.508-.108-.725-.325a.93.93 0 0 1-.288-.712A.977.977 0 0 1 7.7 8.3l3.6-3.6c.1-.1.208-.17.325-.212.117-.042.242-.063.375-.063s.258.02.375.063a.877.877 0 0 1 .325.212l3.6 3.6c.2.2.296.438.287.713a.977.977 0 0 1-.287.687c-.2.2-.438.304-.713.313a.93.93 0 0 1-.712-.288L13 7.85V15c0 .283-.096.52-.287.713A.968.968 0 0 1 12 16Zm-6 4c-.55 0-1.02-.196-1.412-.587A1.926 1.926 0 0 1 4 18v-2c0-.283.096-.52.287-.713A.968.968 0 0 1 5 15c.283 0 .52.096.713.287.191.192.287.43.287.713v2h12v-2a.97.97 0 0 1 .288-.713A.968.968 0 0 1 19 15a.97.97 0 0 1 .712.287c.192.192.288.43.288.713v2c0 .55-.196 1.02-.587 1.413A1.926 1.926 0 0 1 18 20H6Z"
-        />
-      </svg>
-      Export keys
-    </button>
-    <button
-      class="_button_i91xf_17 _has-icon_i91xf_66"
-      data-kind="secondary"
-      data-size="sm"
-      role="button"
-      tabindex="0"
-    >
-      <svg
-        aria-hidden="true"
-        fill="currentColor"
-        height="20"
-        viewBox="0 0 24 24"
-        width="20"
-        xmlns="http://www.w3.org/2000/svg"
-      >
-        <path
-          d="M12 15.575c-.133 0-.258-.02-.375-.063a.877.877 0 0 1-.325-.212l-3.6-3.6a.948.948 0 0 1-.275-.7.95.95 0 0 1 .275-.7c.183-.183.42-.28.712-.288.292-.008.53.08.713.263L11 12.15V5c0-.283.096-.52.287-.713A.968.968 0 0 1 12 4c.283 0 .52.096.713.287.191.192.287.43.287.713v7.15l1.875-1.875c.183-.183.42-.27.713-.263.291.009.529.105.712.288a.948.948 0 0 1 .275.7.948.948 0 0 1-.275.7l-3.6 3.6c-.1.1-.208.17-.325.212a1.106 1.106 0 0 1-.375.063ZM6 20c-.55 0-1.02-.196-1.412-.587A1.926 1.926 0 0 1 4 18v-2c0-.283.096-.52.287-.713A.967.967 0 0 1 5 15c.283 0 .52.096.713.287.191.192.287.43.287.713v2h12v-2a.97.97 0 0 1 .288-.713A.968.968 0 0 1 19 15a.97.97 0 0 1 .712.287c.192.192.288.43.288.713v2c0 .55-.196 1.02-.587 1.413A1.926 1.926 0 0 1 18 20H6Z"
-        />
-      </svg>
-      Import keys
-    </button>
-  </div>
-  <button
-    class="_button_i91xf_17 _destructive_i91xf_116"
-    data-kind="tertiary"
-    data-size="sm"
-    role="button"
-    tabindex="0"
-  >
-    Reset cryptographic identity
-  </button>
-</div>
-`;
-
-exports[`<AdvancedPanel /> <EncryptionDetails /> should display the device keys 1`] = `
-<div
-  class="mx_EncryptionDetails"
-  data-testid="encryptionDetails"
->
-  <div
-    class="mx_EncryptionDetails_session"
-  >
-    <h3
-      class="mx_EncryptionDetails_session_title"
-    >
-      Encryption details
-    </h3>
-    <div>
-      <span>
-        Session ID:
-      </span>
-      <span
-        data-testid="deviceId"
-      >
-        ABCDEFGHI
-      </span>
-    </div>
-    <div>
-      <span>
-        Session key:
-      </span>
-      <span
-        data-testid="sessionKey"
-      >
-        ed25519
-      </span>
-    </div>
-  </div>
-  <div
-    class="mx_EncryptionDetails_buttons"
-  >
-    <button
-      class="_button_i91xf_17 _has-icon_i91xf_66"
-      data-kind="secondary"
-      data-size="sm"
-      role="button"
-      tabindex="0"
-    >
-      <svg
-        aria-hidden="true"
-        fill="currentColor"
-        height="20"
-        viewBox="0 0 24 24"
-        width="20"
-        xmlns="http://www.w3.org/2000/svg"
-      >
-        <path
-          d="M12 16a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 15V7.85L9.125 9.725c-.2.2-.433.3-.7.3-.267 0-.508-.108-.725-.325a.93.93 0 0 1-.288-.712A.977.977 0 0 1 7.7 8.3l3.6-3.6c.1-.1.208-.17.325-.212.117-.042.242-.063.375-.063s.258.02.375.063a.877.877 0 0 1 .325.212l3.6 3.6c.2.2.296.438.287.713a.977.977 0 0 1-.287.687c-.2.2-.438.304-.713.313a.93.93 0 0 1-.712-.288L13 7.85V15c0 .283-.096.52-.287.713A.968.968 0 0 1 12 16Zm-6 4c-.55 0-1.02-.196-1.412-.587A1.926 1.926 0 0 1 4 18v-2c0-.283.096-.52.287-.713A.968.968 0 0 1 5 15c.283 0 .52.096.713.287.191.192.287.43.287.713v2h12v-2a.97.97 0 0 1 .288-.713A.968.968 0 0 1 19 15a.97.97 0 0 1 .712.287c.192.192.288.43.288.713v2c0 .55-.196 1.02-.587 1.413A1.926 1.926 0 0 1 18 20H6Z"
-        />
-      </svg>
-      Export keys
-    </button>
-    <button
-      class="_button_i91xf_17 _has-icon_i91xf_66"
-      data-kind="secondary"
-      data-size="sm"
-      role="button"
-      tabindex="0"
-    >
-      <svg
-        aria-hidden="true"
-        fill="currentColor"
-        height="20"
-        viewBox="0 0 24 24"
-        width="20"
-        xmlns="http://www.w3.org/2000/svg"
-      >
-        <path
-          d="M12 15.575c-.133 0-.258-.02-.375-.063a.877.877 0 0 1-.325-.212l-3.6-3.6a.948.948 0 0 1-.275-.7.95.95 0 0 1 .275-.7c.183-.183.42-.28.712-.288.292-.008.53.08.713.263L11 12.15V5c0-.283.096-.52.287-.713A.968.968 0 0 1 12 4c.283 0 .52.096.713.287.191.192.287.43.287.713v7.15l1.875-1.875c.183-.183.42-.27.713-.263.291.009.529.105.712.288a.948.948 0 0 1 .275.7.948.948 0 0 1-.275.7l-3.6 3.6c-.1.1-.208.17-.325.212a1.106 1.106 0 0 1-.375.063ZM6 20c-.55 0-1.02-.196-1.412-.587A1.926 1.926 0 0 1 4 18v-2c0-.283.096-.52.287-.713A.967.967 0 0 1 5 15c.283 0 .52.096.713.287.191.192.287.43.287.713v2h12v-2a.97.97 0 0 1 .288-.713A.968.968 0 0 1 19 15a.97.97 0 0 1 .712.287c.192.192.288.43.288.713v2c0 .55-.196 1.02-.587 1.413A1.926 1.926 0 0 1 18 20H6Z"
-        />
-      </svg>
-      Import keys
-    </button>
-  </div>
-  <button
-    class="_button_i91xf_17 _destructive_i91xf_116"
-    data-kind="tertiary"
-    data-size="sm"
-    role="button"
-    tabindex="0"
-  >
-    Reset cryptographic identity
-  </button>
-</div>
-`;
-
-exports[`<AdvancedPanel /> <OtherSettings /> should display the blacklist of unverified devices settings 1`] = `
-<form
-  class="_root_ssths_24 mx_OtherSettings"
-  data-testid="otherSettings"
->
-  <h3
-    class="mx_OtherSettings_title"
-  >
-    Other people’s devices
-  </h3>
-  <div
-    class="_inline-field_ssths_40"
-  >
-    <div
-      class="_inline-field-control_ssths_52"
-    >
-      <div
-        class="_container_qnvru_18"
-      >
-        <input
-          aria-describedby="radix-:r7:"
-          checked=""
-          class="_input_qnvru_32"
-          id="radix-:r6:"
-          name="neverSendEncrypted"
-          title=""
-          type="checkbox"
-        />
-        <div
-          class="_ui_qnvru_42"
-        />
-      </div>
-    </div>
-    <div
-      class="_inline-field-body_ssths_46"
-    >
-      <label
-        class="_label_ssths_67"
-        for="radix-:r6:"
-      >
-        Never send encrypted messages to unverified devices
-      </label>
-      <span
-        class="_message_ssths_93 _help-message_ssths_99"
-        id="radix-:r7:"
-      >
-        By default in encrypted rooms, do not send encrypted messages to anyone until you’ve verified them
-      </span>
-    </div>
-  </div>
-</form>
-`;

test/unit-tests/components/views/settings/encryption/__snapshots__/RecoveryPanel-test.tsx.snap

@@ -4,7 +4,6 @@ exports[`<RecoveryPanel /> should allow to change the recovery key when everythi
 <DocumentFragment>
   <div
     class="mx_SettingsSection mx_SettingsSection_newUi"
-    data-testid="recoveryPanel"
   >
     <div
       class="mx_SettingsSection_header"
@@ -45,7 +44,6 @@ exports[`<RecoveryPanel /> should ask to enter the recovery key when secrets are
 <DocumentFragment>
   <div
     class="mx_SettingsSection mx_SettingsSection_newUi"
-    data-testid="recoveryPanel"
   >
     <div
       class="mx_SettingsSection_header"
@@ -106,7 +104,6 @@ exports[`<RecoveryPanel /> should ask to set up a recovery key when there is no
 <DocumentFragment>
   <div
     class="mx_SettingsSection mx_SettingsSection_newUi"
-    data-testid="recoveryPanel"
   >
     <div
       class="mx_SettingsSection_header"
@@ -150,7 +147,6 @@ exports[`<RecoveryPanel /> should be in loading state when checking the recovery
 <DocumentFragment>
   <div
     class="mx_SettingsSection mx_SettingsSection_newUi"
-    data-testid="recoveryPanel"
   >
     <div
       class="mx_SettingsSection_header"

test/unit-tests/components/views/settings/encryption/__snapshots__/ResetIdentityPanel-test.tsx.snap

@@ -1,184 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`<ResetIdentityPanel /> should reset the encryption when the continue button is clicked 1`] = `
-<DocumentFragment>
-  <nav
-    class="_breadcrumb_ikpbb_17"
-  >
-    <button
-      aria-label="Back"
-      class="_icon-button_bh2qc_17 _subtle-bg_bh2qc_38"
-      role="button"
-      style="--cpd-icon-button-size: 28px;"
-      tabindex="0"
-    >
-      <div
-        class="_indicator-icon_133tf_26"
-        style="--cpd-icon-button-size: 100%;"
-      >
-        <svg
-          fill="currentColor"
-          height="1em"
-          viewBox="0 0 24 24"
-          width="1em"
-          xmlns="http://www.w3.org/2000/svg"
-        >
-          <path
-            d="m13.3 17.3-4.6-4.6a.877.877 0 0 1-.213-.325A1.106 1.106 0 0 1 8.425 12c0-.133.02-.258.062-.375A.878.878 0 0 1 8.7 11.3l4.6-4.6a.948.948 0 0 1 .7-.275.95.95 0 0 1 .7.275.948.948 0 0 1 .275.7.948.948 0 0 1-.275.7L10.8 12l3.9 3.9a.949.949 0 0 1 .275.7.948.948 0 0 1-.275.7.948.948 0 0 1-.7.275.948.948 0 0 1-.7-.275Z"
-          />
-        </svg>
-      </div>
-    </button>
-    <ol
-      class="_pages_ikpbb_26"
-    >
-      <li>
-        <a
-          class="_link_ue21z_17"
-          data-kind="primary"
-          data-size="small"
-          rel="noreferrer noopener"
-          role="button"
-          tabindex="0"
-        >
-          Encryption
-        </a>
-      </li>
-      <li>
-        <span
-          aria-current="page"
-          class="_last-page_ikpbb_39"
-        >
-          Reset encryption
-        </span>
-      </li>
-    </ol>
-  </nav>
-  <div
-    class="mx_EncryptionCard mx_ResetIdentityPanel"
-  >
-    <div
-      class="mx_EncryptionCard_header"
-    >
-      <div
-        class="_content_md016_17 _destructive_md016_43"
-        data-size="large"
-      >
-        <svg
-          fill="currentColor"
-          height="1em"
-          viewBox="0 0 24 24"
-          width="1em"
-          xmlns="http://www.w3.org/2000/svg"
-        >
-          <path
-            d="M12 17a.97.97 0 0 0 .713-.288A.968.968 0 0 0 13 16a.968.968 0 0 0-.287-.713A.968.968 0 0 0 12 15a.968.968 0 0 0-.713.287A.968.968 0 0 0 11 16c0 .283.096.52.287.712.192.192.43.288.713.288Zm0-4c.283 0 .52-.096.713-.287A.968.968 0 0 0 13 12V8a.967.967 0 0 0-.287-.713A.968.968 0 0 0 12 7a.968.968 0 0 0-.713.287A.967.967 0 0 0 11 8v4c0 .283.096.52.287.713.192.191.43.287.713.287Zm0 9a9.738 9.738 0 0 1-3.9-.788 10.099 10.099 0 0 1-3.175-2.137c-.9-.9-1.612-1.958-2.137-3.175A9.738 9.738 0 0 1 2 12a9.74 9.74 0 0 1 .788-3.9 10.099 10.099 0 0 1 2.137-3.175c.9-.9 1.958-1.612 3.175-2.137A9.738 9.738 0 0 1 12 2a9.74 9.74 0 0 1 3.9.788 10.098 10.098 0 0 1 3.175 2.137c.9.9 1.613 1.958 2.137 3.175A9.738 9.738 0 0 1 22 12a9.738 9.738 0 0 1-.788 3.9 10.098 10.098 0 0 1-2.137 3.175c-.9.9-1.958 1.613-3.175 2.137A9.738 9.738 0 0 1 12 22Z"
-          />
-        </svg>
-      </div>
-      <h2
-        class="_typography_yh5dq_162 _font-heading-sm-semibold_yh5dq_102"
-      >
-        Are you sure you want to reset your identity?
-      </h2>
-    </div>
-    <div
-      class="mx_ResetIdentityPanel_content"
-    >
-      <ul
-        class="_visual-list_4dcf8_17"
-      >
-        <li
-          class="_visual-list-item_bqeu7_17"
-        >
-          <svg
-            aria-hidden="true"
-            class="_visual-list-item-icon_bqeu7_26 _visual-list-item-icon-success_bqeu7_31"
-            fill="currentColor"
-            height="24px"
-            viewBox="0 0 24 24"
-            width="24px"
-            xmlns="http://www.w3.org/2000/svg"
-          >
-            <path
-              d="M9.55 17.575c-.133 0-.258-.02-.375-.063a.876.876 0 0 1-.325-.212L4.55 13c-.183-.183-.27-.42-.263-.713.009-.291.105-.529.288-.712a.948.948 0 0 1 .7-.275.95.95 0 0 1 .7.275L9.55 15.15l8.475-8.475c.183-.183.42-.275.713-.275.291 0 .529.092.712.275.183.183.275.42.275.713 0 .291-.092.529-.275.712l-9.2 9.2c-.1.1-.208.17-.325.212a1.106 1.106 0 0 1-.375.063Z"
-            />
-          </svg>
-          Your account details, contacts, preferences, and chat list will be kept
-        </li>
-        <li
-          class="_visual-list-item_bqeu7_17"
-        >
-          <svg
-            aria-hidden="true"
-            class="_visual-list-item-icon_bqeu7_26"
-            fill="currentColor"
-            height="24px"
-            viewBox="0 0 24 24"
-            width="24px"
-            xmlns="http://www.w3.org/2000/svg"
-          >
-            <path
-              d="M11.287 7.287A.968.968 0 0 1 12 7c.283 0 .52.096.713.287.191.192.287.43.287.713s-.096.52-.287.713A.968.968 0 0 1 12 9a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 8c0-.283.096-.52.287-.713Zm0 4A.968.968 0 0 1 12 11c.283 0 .52.096.713.287.191.192.287.43.287.713v4a.97.97 0 0 1-.287.712A.968.968 0 0 1 12 17a.968.968 0 0 1-.713-.288A.968.968 0 0 1 11 16v-4c0-.283.096-.52.287-.713Z"
-            />
-            <path
-              clip-rule="evenodd"
-              d="M22 12c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2s10 4.477 10 10Zm-2 0a8 8 0 1 1-16 0 8 8 0 0 1 16 0Z"
-              fill-rule="evenodd"
-            />
-          </svg>
-          You will lose any message history that’s stored only on the server
-        </li>
-        <li
-          class="_visual-list-item_bqeu7_17"
-        >
-          <svg
-            aria-hidden="true"
-            class="_visual-list-item-icon_bqeu7_26"
-            fill="currentColor"
-            height="24px"
-            viewBox="0 0 24 24"
-            width="24px"
-            xmlns="http://www.w3.org/2000/svg"
-          >
-            <path
-              d="M11.287 7.287A.968.968 0 0 1 12 7c.283 0 .52.096.713.287.191.192.287.43.287.713s-.096.52-.287.713A.968.968 0 0 1 12 9a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 8c0-.283.096-.52.287-.713Zm0 4A.968.968 0 0 1 12 11c.283 0 .52.096.713.287.191.192.287.43.287.713v4a.97.97 0 0 1-.287.712A.968.968 0 0 1 12 17a.968.968 0 0 1-.713-.288A.968.968 0 0 1 11 16v-4c0-.283.096-.52.287-.713Z"
-            />
-            <path
-              clip-rule="evenodd"
-              d="M22 12c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2s10 4.477 10 10Zm-2 0a8 8 0 1 1-16 0 8 8 0 0 1 16 0Z"
-              fill-rule="evenodd"
-            />
-          </svg>
-          You will need to verify all your existing devices and contacts again
-        </li>
-      </ul>
-      <span>
-        Only do this if you believe your account has been compromised.
-      </span>
-    </div>
-    <div
-      class="mx_ResetIdentityPanel_footer"
-    >
-      <button
-        class="_button_i91xf_17 _destructive_i91xf_116"
-        data-kind="primary"
-        data-size="lg"
-        role="button"
-        tabindex="0"
-      >
-        Continue
-      </button>
-      <button
-        class="_button_i91xf_17"
-        data-kind="tertiary"
-        data-size="lg"
-        role="button"
-        tabindex="0"
-      >
-        Cancel
-      </button>
-    </div>
-  </div>
-</DocumentFragment>
-`;

test/unit-tests/components/views/settings/tabs/user/EncryptionUserSettingsTab-test.tsx

@@ -94,19 +94,4 @@ describe("<EncryptionUserSettingsTab />", () => {
         await waitFor(() => expect(screen.getByText("Set up recovery")).toBeInTheDocument());
         expect(asFragment()).toMatchSnapshot();
     });
-
-    it("should display the reset identity panel when the user clicks on the reset cryptographic identity panel", async () => {
-        const user = userEvent.setup();
-
-        const { asFragment } = renderComponent();
-        await waitFor(() => {
-            const button = screen.getByRole("button", { name: "Reset cryptographic identity" });
-            expect(button).toBeInTheDocument();
-            user.click(button);
-        });
-        await waitFor(() =>
-            expect(screen.getByText("Are you sure you want to reset your identity?")).toBeInTheDocument(),
-        );
-        expect(asFragment()).toMatchSnapshot();
-    });
 });

test/unit-tests/components/views/settings/tabs/user/SessionManagerTab-test.tsx

@@ -57,7 +57,7 @@ import SettingsStore from "../../../../../../../src/settings/SettingsStore";
 import { getClientInformationEventType } from "../../../../../../../src/utils/device/clientInformation";
 import { SDKContext, SdkContextClass } from "../../../../../../../src/contexts/SDKContext";
 import { OidcClientStore } from "../../../../../../../src/stores/oidc/OidcClientStore";
-import { makeDelegatedAuthConfig } from "../../../../../../test-utils/oidc";
+import { mockOpenIdConfiguration } from "../../../../../../test-utils/oidc";
 import MatrixClientContext from "../../../../../../../src/contexts/MatrixClientContext";
 
 mockPlatformPeg();
@@ -215,7 +215,7 @@ describe("<SessionManagerTab />", () => {
             getPushers: jest.fn(),
             setPusher: jest.fn(),
             setLocalNotificationSettings: jest.fn(),
-            getAuthMetadata: jest.fn().mockRejectedValue(new MatrixError({ errcode: "M_UNRECOGNIZED" }, 404)),
+            getAuthIssuer: jest.fn().mockReturnValue(new Promise(() => {})),
         });
         jest.clearAllMocks();
         jest.spyOn(logger, "error").mockRestore();
@@ -1615,6 +1615,7 @@ describe("<SessionManagerTab />", () => {
     describe("MSC4108 QR code login", () => {
         const settingsValueSpy = jest.spyOn(SettingsStore, "getValue");
         const issuer = "https://issuer.org";
+        const openIdConfiguration = mockOpenIdConfiguration(issuer);
 
         beforeEach(() => {
             settingsValueSpy.mockClear().mockReturnValue(true);
@@ -1630,16 +1631,16 @@ describe("<SessionManagerTab />", () => {
                     enabled: true,
                 },
             });
-            const delegatedAuthConfig = makeDelegatedAuthConfig(issuer);
-            mockClient.getAuthMetadata.mockResolvedValue({
-                ...delegatedAuthConfig,
+            mockClient.getAuthIssuer.mockResolvedValue({ issuer });
+            mockCrypto.exportSecretsBundle = jest.fn();
+            fetchMock.mock(`${issuer}/.well-known/openid-configuration`, {
+                ...openIdConfiguration,
                 grant_types_supported: [
-                    ...delegatedAuthConfig.grant_types_supported,
+                    ...openIdConfiguration.grant_types_supported,
                     "urn:ietf:params:oauth:grant-type:device_code",
                 ],
             });
-            mockCrypto.exportSecretsBundle = jest.fn();
-            fetchMock.mock(delegatedAuthConfig.jwks_uri!, {
+            fetchMock.mock(openIdConfiguration.jwks_uri!, {
                 status: 200,
                 headers: {
                     "Content-Type": "application/json",

test/unit-tests/components/views/settings/tabs/user/__snapshots__/EncryptionUserSettingsTab-test.tsx.snap

@@ -81,198 +81,6 @@ exports[`<EncryptionUserSettingsTab /> should display the change recovery key pa
 </DocumentFragment>
 `;
 
-exports[`<EncryptionUserSettingsTab /> should display the reset identity panel when the user clicks on the reset cryptographic identity panel 1`] = `
-<DocumentFragment>
-  <div
-    class="mx_SettingsTab mx_EncryptionUserSettingsTab"
-    data-testid="encryptionTab"
-  >
-    <div
-      class="mx_SettingsTab_sections"
-    >
-      <nav
-        class="_breadcrumb_ikpbb_17"
-      >
-        <button
-          aria-label="Back"
-          class="_icon-button_bh2qc_17 _subtle-bg_bh2qc_38"
-          role="button"
-          style="--cpd-icon-button-size: 28px;"
-          tabindex="0"
-        >
-          <div
-            class="_indicator-icon_133tf_26"
-            style="--cpd-icon-button-size: 100%;"
-          >
-            <svg
-              fill="currentColor"
-              height="1em"
-              viewBox="0 0 24 24"
-              width="1em"
-              xmlns="http://www.w3.org/2000/svg"
-            >
-              <path
-                d="m13.3 17.3-4.6-4.6a.877.877 0 0 1-.213-.325A1.106 1.106 0 0 1 8.425 12c0-.133.02-.258.062-.375A.878.878 0 0 1 8.7 11.3l4.6-4.6a.948.948 0 0 1 .7-.275.95.95 0 0 1 .7.275.948.948 0 0 1 .275.7.948.948 0 0 1-.275.7L10.8 12l3.9 3.9a.949.949 0 0 1 .275.7.948.948 0 0 1-.275.7.948.948 0 0 1-.7.275.948.948 0 0 1-.7-.275Z"
-              />
-            </svg>
-          </div>
-        </button>
-        <ol
-          class="_pages_ikpbb_26"
-        >
-          <li>
-            <a
-              class="_link_ue21z_17"
-              data-kind="primary"
-              data-size="small"
-              rel="noreferrer noopener"
-              role="button"
-              tabindex="0"
-            >
-              Encryption
-            </a>
-          </li>
-          <li>
-            <span
-              aria-current="page"
-              class="_last-page_ikpbb_39"
-            >
-              Reset encryption
-            </span>
-          </li>
-        </ol>
-      </nav>
-      <div
-        class="mx_EncryptionCard mx_ResetIdentityPanel"
-      >
-        <div
-          class="mx_EncryptionCard_header"
-        >
-          <div
-            class="_content_md016_17 _destructive_md016_43"
-            data-size="large"
-          >
-            <svg
-              fill="currentColor"
-              height="1em"
-              viewBox="0 0 24 24"
-              width="1em"
-              xmlns="http://www.w3.org/2000/svg"
-            >
-              <path
-                d="M12 17a.97.97 0 0 0 .713-.288A.968.968 0 0 0 13 16a.968.968 0 0 0-.287-.713A.968.968 0 0 0 12 15a.968.968 0 0 0-.713.287A.968.968 0 0 0 11 16c0 .283.096.52.287.712.192.192.43.288.713.288Zm0-4c.283 0 .52-.096.713-.287A.968.968 0 0 0 13 12V8a.967.967 0 0 0-.287-.713A.968.968 0 0 0 12 7a.968.968 0 0 0-.713.287A.967.967 0 0 0 11 8v4c0 .283.096.52.287.713.192.191.43.287.713.287Zm0 9a9.738 9.738 0 0 1-3.9-.788 10.099 10.099 0 0 1-3.175-2.137c-.9-.9-1.612-1.958-2.137-3.175A9.738 9.738 0 0 1 2 12a9.74 9.74 0 0 1 .788-3.9 10.099 10.099 0 0 1 2.137-3.175c.9-.9 1.958-1.612 3.175-2.137A9.738 9.738 0 0 1 12 2a9.74 9.74 0 0 1 3.9.788 10.098 10.098 0 0 1 3.175 2.137c.9.9 1.613 1.958 2.137 3.175A9.738 9.738 0 0 1 22 12a9.738 9.738 0 0 1-.788 3.9 10.098 10.098 0 0 1-2.137 3.175c-.9.9-1.958 1.613-3.175 2.137A9.738 9.738 0 0 1 12 22Z"
-              />
-            </svg>
-          </div>
-          <h2
-            class="_typography_yh5dq_162 _font-heading-sm-semibold_yh5dq_102"
-          >
-            Are you sure you want to reset your identity?
-          </h2>
-        </div>
-        <div
-          class="mx_ResetIdentityPanel_content"
-        >
-          <ul
-            class="_visual-list_4dcf8_17"
-          >
-            <li
-              class="_visual-list-item_bqeu7_17"
-            >
-              <svg
-                aria-hidden="true"
-                class="_visual-list-item-icon_bqeu7_26 _visual-list-item-icon-success_bqeu7_31"
-                fill="currentColor"
-                height="24px"
-                viewBox="0 0 24 24"
-                width="24px"
-                xmlns="http://www.w3.org/2000/svg"
-              >
-                <path
-                  d="M9.55 17.575c-.133 0-.258-.02-.375-.063a.876.876 0 0 1-.325-.212L4.55 13c-.183-.183-.27-.42-.263-.713.009-.291.105-.529.288-.712a.948.948 0 0 1 .7-.275.95.95 0 0 1 .7.275L9.55 15.15l8.475-8.475c.183-.183.42-.275.713-.275.291 0 .529.092.712.275.183.183.275.42.275.713 0 .291-.092.529-.275.712l-9.2 9.2c-.1.1-.208.17-.325.212a1.106 1.106 0 0 1-.375.063Z"
-                />
-              </svg>
-              Your account details, contacts, preferences, and chat list will be kept
-            </li>
-            <li
-              class="_visual-list-item_bqeu7_17"
-            >
-              <svg
-                aria-hidden="true"
-                class="_visual-list-item-icon_bqeu7_26"
-                fill="currentColor"
-                height="24px"
-                viewBox="0 0 24 24"
-                width="24px"
-                xmlns="http://www.w3.org/2000/svg"
-              >
-                <path
-                  d="M11.287 7.287A.968.968 0 0 1 12 7c.283 0 .52.096.713.287.191.192.287.43.287.713s-.096.52-.287.713A.968.968 0 0 1 12 9a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 8c0-.283.096-.52.287-.713Zm0 4A.968.968 0 0 1 12 11c.283 0 .52.096.713.287.191.192.287.43.287.713v4a.97.97 0 0 1-.287.712A.968.968 0 0 1 12 17a.968.968 0 0 1-.713-.288A.968.968 0 0 1 11 16v-4c0-.283.096-.52.287-.713Z"
-                />
-                <path
-                  clip-rule="evenodd"
-                  d="M22 12c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2s10 4.477 10 10Zm-2 0a8 8 0 1 1-16 0 8 8 0 0 1 16 0Z"
-                  fill-rule="evenodd"
-                />
-              </svg>
-              You will lose any message history that’s stored only on the server
-            </li>
-            <li
-              class="_visual-list-item_bqeu7_17"
-            >
-              <svg
-                aria-hidden="true"
-                class="_visual-list-item-icon_bqeu7_26"
-                fill="currentColor"
-                height="24px"
-                viewBox="0 0 24 24"
-                width="24px"
-                xmlns="http://www.w3.org/2000/svg"
-              >
-                <path
-                  d="M11.287 7.287A.968.968 0 0 1 12 7c.283 0 .52.096.713.287.191.192.287.43.287.713s-.096.52-.287.713A.968.968 0 0 1 12 9a.968.968 0 0 1-.713-.287A.967.967 0 0 1 11 8c0-.283.096-.52.287-.713Zm0 4A.968.968 0 0 1 12 11c.283 0 .52.096.713.287.191.192.287.43.287.713v4a.97.97 0 0 1-.287.712A.968.968 0 0 1 12 17a.968.968 0 0 1-.713-.288A.968.968 0 0 1 11 16v-4c0-.283.096-.52.287-.713Z"
-                />
-                <path
-                  clip-rule="evenodd"
-                  d="M22 12c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2s10 4.477 10 10Zm-2 0a8 8 0 1 1-16 0 8 8 0 0 1 16 0Z"
-                  fill-rule="evenodd"
-                />
-              </svg>
-              You will need to verify all your existing devices and contacts again
-            </li>
-          </ul>
-          <span>
-            Only do this if you believe your account has been compromised.
-          </span>
-        </div>
-        <div
-          class="mx_ResetIdentityPanel_footer"
-        >
-          <button
-            class="_button_i91xf_17 _destructive_i91xf_116"
-            data-kind="primary"
-            data-size="lg"
-            role="button"
-            tabindex="0"
-          >
-            Continue
-          </button>
-          <button
-            class="_button_i91xf_17"
-            data-kind="tertiary"
-            data-size="lg"
-            role="button"
-            tabindex="0"
-          >
-            Cancel
-          </button>
-        </div>
-      </div>
-    </div>
-  </div>
-</DocumentFragment>
-`;
-
 exports[`<EncryptionUserSettingsTab /> should display the set up recovery key when the user clicks on the set up recovery key button 1`] = `
 <DocumentFragment>
   <div

test/unit-tests/components/views/settings/tabs/user/__snapshots__/SecurityUserSettingsTab-test.tsx.snap

@@ -390,89 +390,6 @@ exports[`<SecurityUserSettingsTab /> renders security section 1`] = `
           </div>
         </div>
       </div>
-      <div
-        class="mx_SettingsSection"
-      >
-        <h2
-          class="mx_Heading_h3"
-        >
-          Privacy
-        </h2>
-        <div
-          class="mx_SettingsSection_subSections"
-        >
-          <div
-            class="mx_SettingsSubsection"
-            data-testid="discoverySection"
-          >
-            <div
-              class="mx_SettingsSubsectionHeading"
-            >
-              <h3
-                class="mx_Heading_h4 mx_SettingsSubsectionHeading_heading"
-              >
-                How to find you
-              </h3>
-            </div>
-            <div
-              class="mx_SettingsSubsection_content mx_SettingsSubsection_contentStretch"
-            >
-              <fieldset
-                class="mx_SettingsFieldset"
-              >
-                <legend
-                  class="mx_SettingsFieldset_legend"
-                >
-                  Identity server
-                </legend>
-                <div
-                  class="mx_SettingsFieldset_description"
-                >
-                  <div
-                    class="mx_SettingsSubsection_text"
-                  >
-                    You are not currently using an identity server. To discover and be discoverable by existing contacts you know, add one below.
-                  </div>
-                </div>
-                <div
-                  class="mx_SettingsFieldset_content"
-                >
-                  <form
-                    class="mx_SetIdServer"
-                  >
-                    <div
-                      class="mx_Field mx_Field_input"
-                    >
-                      <input
-                        autocomplete="off"
-                        id="mx_Field_1"
-                        label="Enter a new identity server"
-                        placeholder=""
-                        type="text"
-                        value=""
-                      />
-                      <label
-                        for="mx_Field_1"
-                      >
-                        Enter a new identity server
-                      </label>
-                    </div>
-                    <div
-                      aria-disabled="true"
-                      class="mx_AccessibleButton mx_AccessibleButton_hasKind mx_AccessibleButton_kind_primary_sm mx_AccessibleButton_disabled"
-                      disabled=""
-                      role="button"
-                      tabindex="0"
-                    >
-                      Change
-                    </div>
-                  </form>
-                </div>
-              </fieldset>
-            </div>
-          </div>
-        </div>
-      </div>
       <div
         class="mx_SettingsSection"
       >

test/unit-tests/stores/oidc/OidcClientStore-test.ts

@@ -15,7 +15,7 @@ import { OidcError } from "matrix-js-sdk/src/oidc/error";
 
 import { OidcClientStore } from "../../../../src/stores/oidc/OidcClientStore";
 import { flushPromises, getMockClientWithEventEmitter, mockPlatformPeg } from "../../../test-utils";
-import { makeDelegatedAuthConfig } from "../../../test-utils/oidc";
+import { mockOpenIdConfiguration } from "../../../test-utils/oidc";
 
 jest.mock("matrix-js-sdk/src/matrix", () => ({
     ...jest.requireActual("matrix-js-sdk/src/matrix"),
@@ -24,30 +24,28 @@ jest.mock("matrix-js-sdk/src/matrix", () => ({
 
 describe("OidcClientStore", () => {
     const clientId = "test-client-id";
-    const authConfig = makeDelegatedAuthConfig();
-    const account = authConfig.issuer + "account";
+    const metadata = mockOpenIdConfiguration();
+    const account = metadata.issuer + "account";
 
     const mockClient = getMockClientWithEventEmitter({
-        getAuthMetadata: jest.fn(),
+        getAuthIssuer: jest.fn(),
     });
 
     beforeEach(() => {
         localStorage.clear();
         localStorage.setItem("mx_oidc_client_id", clientId);
-        localStorage.setItem("mx_oidc_token_issuer", authConfig.issuer);
+        localStorage.setItem("mx_oidc_token_issuer", metadata.issuer);
 
-        mocked(discoverAndValidateOIDCIssuerWellKnown)
-            .mockClear()
-            .mockResolvedValue({
-                ...authConfig,
-                account_management_uri: account,
-                authorization_endpoint: "authorization-endpoint",
-                token_endpoint: "token-endpoint",
-            });
+        mocked(discoverAndValidateOIDCIssuerWellKnown).mockClear().mockResolvedValue({
+            metadata,
+            accountManagementEndpoint: account,
+            authorizationEndpoint: "authorization-endpoint",
+            tokenEndpoint: "token-endpoint",
+        });
         jest.spyOn(logger, "error").mockClear();
 
-        fetchMock.get(`${authConfig.issuer}.well-known/openid-configuration`, authConfig);
-        fetchMock.get(`${authConfig.issuer}jwks`, { keys: [] });
+        fetchMock.get(`${metadata.issuer}.well-known/openid-configuration`, metadata);
+        fetchMock.get(`${metadata.issuer}jwks`, { keys: [] });
         mockPlatformPeg();
     });
 
@@ -118,7 +116,7 @@ describe("OidcClientStore", () => {
             const client = await store.getOidcClient();
 
             expect(client?.settings.client_id).toEqual(clientId);
-            expect(client?.settings.authority).toEqual(authConfig.issuer);
+            expect(client?.settings.authority).toEqual(metadata.issuer);
         });
 
         it("should set account management endpoint when configured", async () => {
@@ -131,19 +129,17 @@ describe("OidcClientStore", () => {
         });
 
         it("should set account management endpoint to issuer when not configured", async () => {
-            mocked(discoverAndValidateOIDCIssuerWellKnown)
-                .mockClear()
-                .mockResolvedValue({
-                    ...authConfig,
-                    account_management_uri: undefined,
-                    authorization_endpoint: "authorization-endpoint",
-                    token_endpoint: "token-endpoint",
-                });
+            mocked(discoverAndValidateOIDCIssuerWellKnown).mockClear().mockResolvedValue({
+                metadata,
+                accountManagementEndpoint: undefined,
+                authorizationEndpoint: "authorization-endpoint",
+                tokenEndpoint: "token-endpoint",
+            });
             const store = new OidcClientStore(mockClient);
 
             await store.readyPromise;
 
-            expect(store.accountManagementEndpoint).toEqual(authConfig.issuer);
+            expect(store.accountManagementEndpoint).toEqual(metadata.issuer);
         });
 
         it("should reuse initialised oidc client", async () => {
@@ -179,7 +175,7 @@ describe("OidcClientStore", () => {
 
             fetchMock.resetHistory();
             fetchMock.post(
-                authConfig.revocation_endpoint,
+                metadata.revocation_endpoint,
                 {
                     status: 200,
                 },
@@ -201,7 +197,7 @@ describe("OidcClientStore", () => {
 
             await store.revokeTokens(accessToken, refreshToken);
 
-            expect(fetchMock).toHaveFetchedTimes(2, authConfig.revocation_endpoint);
+            expect(fetchMock).toHaveFetchedTimes(2, metadata.revocation_endpoint);
             expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(accessToken, "access_token");
             expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(refreshToken, "refresh_token");
         });
@@ -210,14 +206,14 @@ describe("OidcClientStore", () => {
             // fail once, then succeed
             fetchMock
                 .postOnce(
-                    authConfig.revocation_endpoint,
+                    metadata.revocation_endpoint,
                     {
                         status: 404,
                     },
                     { overwriteRoutes: true, sendAsJson: true },
                 )
                 .post(
-                    authConfig.revocation_endpoint,
+                    metadata.revocation_endpoint,
                     {
                         status: 200,
                     },
@@ -230,7 +226,7 @@ describe("OidcClientStore", () => {
                 "Failed to revoke tokens",
             );
 
-            expect(fetchMock).toHaveFetchedTimes(2, authConfig.revocation_endpoint);
+            expect(fetchMock).toHaveFetchedTimes(2, metadata.revocation_endpoint);
             expect(OidcClient.prototype.revokeToken).toHaveBeenCalledWith(accessToken, "access_token");
         });
     });
@@ -241,10 +237,7 @@ describe("OidcClientStore", () => {
         });
 
         it("should resolve account management endpoint", async () => {
-            mockClient.getAuthMetadata.mockResolvedValue({
-                ...authConfig,
-                account_management_uri: account,
-            });
+            mockClient.getAuthIssuer.mockResolvedValue({ issuer: metadata.issuer });
             const store = new OidcClientStore(mockClient);
             await store.readyPromise;
             expect(store.accountManagementEndpoint).toBe(account);

test/unit-tests/stores/widgets/StopGapWidget-test.ts

@@ -6,7 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only OR LicenseRef-Element-Com
 Please see LICENSE files in the repository root for full details.
 */
 
-import { mocked, MockedFunction, MockedObject } from "jest-mock";
+import { mocked, MockedObject } from "jest-mock";
 import { last } from "lodash";
 import {
     MatrixEvent,
@@ -15,20 +15,15 @@ import {
     EventTimeline,
     EventType,
     MatrixEventEvent,
-    RoomStateEvent,
-    RoomState,
 } from "matrix-js-sdk/src/matrix";
 import { ClientWidgetApi, WidgetApiFromWidgetAction } from "matrix-widget-api";
 import { waitFor } from "jest-matrix-react";
-import { Optional } from "matrix-events-sdk";
 
 import { stubClient, mkRoom, mkEvent } from "../../../test-utils";
 import { MatrixClientPeg } from "../../../../src/MatrixClientPeg";
 import { StopGapWidget } from "../../../../src/stores/widgets/StopGapWidget";
 import ActiveWidgetStore from "../../../../src/stores/ActiveWidgetStore";
 import SettingsStore from "../../../../src/settings/SettingsStore";
-import { SdkContextClass } from "../../../../src/contexts/SDKContext";
-import { UPDATE_EVENT } from "../../../../src/stores/AsyncStore";
 
 jest.mock("matrix-widget-api/lib/ClientWidgetApi");
 
@@ -58,7 +53,6 @@ describe("StopGapWidget", () => {
         // Start messaging without an iframe, since ClientWidgetApi is mocked
         widget.startMessaging(null as unknown as HTMLIFrameElement);
         messaging = mocked(last(mocked(ClientWidgetApi).mock.instances)!);
-        messaging.feedStateUpdate.mockResolvedValue();
     });
 
     afterEach(() => {
@@ -90,20 +84,6 @@ describe("StopGapWidget", () => {
         expect(messaging.feedToDevice).toHaveBeenCalledWith(event.getEffectiveEvent(), false);
     });
 
-    it("feeds incoming state updates to the widget", () => {
-        const event = mkEvent({
-            event: true,
-            type: "org.example.foo",
-            skey: "",
-            user: "@alice:example.org",
-            content: { hello: "world" },
-            room: "!1:example.org",
-        });
-
-        client.emit(RoomStateEvent.Events, event, {} as unknown as RoomState, null);
-        expect(messaging.feedStateUpdate).toHaveBeenCalledWith(event.getEffectiveEvent());
-    });
-
     describe("feed event", () => {
         let event1: MatrixEvent;
         let event2: MatrixEvent;
@@ -138,24 +118,24 @@ describe("StopGapWidget", () => {
 
         it("feeds incoming event to the widget", async () => {
             client.emit(ClientEvent.Event, event1);
-            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent(), "!1:example.org");
 
             client.emit(ClientEvent.Event, event2);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent(), "!1:example.org");
         });
 
         it("should not feed incoming event to the widget if seen already", async () => {
             client.emit(ClientEvent.Event, event1);
-            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent(), "!1:example.org");
 
             client.emit(ClientEvent.Event, event2);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent(), "!1:example.org");
 
             client.emit(ClientEvent.Event, event1);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2.getEffectiveEvent(), "!1:example.org");
         });
 
         it("feeds decrypted events asynchronously", async () => {
@@ -185,7 +165,7 @@ describe("StopGapWidget", () => {
             decryptingSpy2.mockReturnValue(false);
             client.emit(MatrixEventEvent.Decrypted, event2Encrypted);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(1);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2Encrypted.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event2Encrypted.getEffectiveEvent(), "!1:example.org");
             // …then event 1
             event1Encrypted.event.type = event1.getType();
             event1Encrypted.event.content = event1.getContent();
@@ -195,7 +175,7 @@ describe("StopGapWidget", () => {
             // doesn't have to be blocked on the decryption of event 1 (or
             // worse, dropped)
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event1Encrypted.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event1Encrypted.getEffectiveEvent(), "!1:example.org");
         });
 
         it("should not feed incoming event if not in timeline", () => {
@@ -211,7 +191,7 @@ describe("StopGapWidget", () => {
             });
 
             client.emit(ClientEvent.Event, event);
-            expect(messaging.feedEvent).toHaveBeenCalledWith(event.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenCalledWith(event.getEffectiveEvent(), "!1:example.org");
         });
 
         it("feeds incoming event that is not in timeline but relates to unknown parent to the widget", async () => {
@@ -231,19 +211,18 @@ describe("StopGapWidget", () => {
             });
 
             client.emit(ClientEvent.Event, event1);
-            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenCalledWith(event1.getEffectiveEvent(), "!1:example.org");
 
             client.emit(ClientEvent.Event, event);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event.getEffectiveEvent(), "!1:example.org");
 
             client.emit(ClientEvent.Event, event1);
             expect(messaging.feedEvent).toHaveBeenCalledTimes(2);
-            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event.getEffectiveEvent());
+            expect(messaging.feedEvent).toHaveBeenLastCalledWith(event.getEffectiveEvent(), "!1:example.org");
         });
     });
 });
-
 describe("StopGapWidget with stickyPromise", () => {
     let client: MockedObject<MatrixClient>;
     let widget: StopGapWidget;
@@ -309,49 +288,3 @@ describe("StopGapWidget with stickyPromise", () => {
         waitFor(() => expect(setPersistenceSpy).toHaveBeenCalled(), { interval: 5 });
     });
 });
-
-describe("StopGapWidget as an account widget", () => {
-    let widget: StopGapWidget;
-    let messaging: MockedObject<ClientWidgetApi>;
-    let getRoomId: MockedFunction<() => Optional<string>>;
-
-    beforeEach(() => {
-        stubClient();
-        // I give up, getting the return type of spyOn right is hopeless
-        getRoomId = jest.spyOn(SdkContextClass.instance.roomViewStore, "getRoomId") as unknown as MockedFunction<
-            () => Optional<string>
-        >;
-        getRoomId.mockReturnValue("!1:example.org");
-
-        widget = new StopGapWidget({
-            app: {
-                id: "test",
-                creatorUserId: "@alice:example.org",
-                type: "example",
-                url: "https://example.org?user-id=$matrix_user_id&device-id=$org.matrix.msc3819.matrix_device_id&base-url=$org.matrix.msc4039.matrix_base_url&theme=$org.matrix.msc2873.client_theme",
-                roomId: "!1:example.org",
-            },
-            userId: "@alice:example.org",
-            creatorUserId: "@alice:example.org",
-            waitForIframeLoad: true,
-            userWidget: false,
-        });
-        // Start messaging without an iframe, since ClientWidgetApi is mocked
-        widget.startMessaging(null as unknown as HTMLIFrameElement);
-        messaging = mocked(last(mocked(ClientWidgetApi).mock.instances)!);
-    });
-
-    afterEach(() => {
-        widget.stopMessaging();
-        getRoomId.mockRestore();
-    });
-
-    it("updates viewed room", () => {
-        expect(messaging.setViewedRoomId).toHaveBeenCalledTimes(1);
-        expect(messaging.setViewedRoomId).toHaveBeenLastCalledWith("!1:example.org");
-        getRoomId.mockReturnValue("!2:example.org");
-        SdkContextClass.instance.roomViewStore.emit(UPDATE_EVENT);
-        expect(messaging.setViewedRoomId).toHaveBeenCalledTimes(2);
-        expect(messaging.setViewedRoomId).toHaveBeenLastCalledWith("!2:example.org");
-    });
-});

test/unit-tests/stores/widgets/StopGapWidgetDriver-test.ts

@@ -17,7 +17,6 @@ import {
     MatrixEvent,
     MsgType,
     RelationType,
-    Room,
 } from "matrix-js-sdk/src/matrix";
 import {
     Widget,
@@ -39,7 +38,7 @@ import {
 import { SdkContextClass } from "../../../../src/contexts/SDKContext";
 import { MatrixClientPeg } from "../../../../src/MatrixClientPeg";
 import { StopGapWidgetDriver } from "../../../../src/stores/widgets/StopGapWidgetDriver";
-import { mkEvent, stubClient } from "../../../test-utils";
+import { stubClient } from "../../../test-utils";
 import { ModuleRunner } from "../../../../src/modules/ModuleRunner";
 import dis from "../../../../src/dispatcher/dispatcher";
 import Modal from "../../../../src/Modal";
@@ -570,7 +569,7 @@ describe("StopGapWidgetDriver", () => {
 
         it("passes the flag through to getVisibleRooms", () => {
             const driver = mkDefaultDriver();
-            driver.getKnownRooms();
+            driver.readRoomEvents(EventType.CallAnswer, "", 0, ["*"]);
             expect(client.getVisibleRooms).toHaveBeenCalledWith(false);
         });
     });
@@ -585,7 +584,7 @@ describe("StopGapWidgetDriver", () => {
 
         it("passes the flag through to getVisibleRooms", () => {
             const driver = mkDefaultDriver();
-            driver.getKnownRooms();
+            driver.readRoomEvents(EventType.CallAnswer, "", 0, ["*"]);
             expect(client.getVisibleRooms).toHaveBeenCalledWith(true);
         });
     });
@@ -693,107 +692,4 @@ describe("StopGapWidgetDriver", () => {
             await expect(file.text()).resolves.toEqual("test contents");
         });
     });
-
-    describe("readRoomTimeline", () => {
-        const event1 = mkEvent({
-            event: true,
-            id: "$event-id1",
-            type: "org.example.foo",
-            user: "@alice:example.org",
-            content: { hello: "world" },
-            room: "!1:example.org",
-        });
-        const event2 = mkEvent({
-            event: true,
-            id: "$event-id2",
-            type: "org.example.foo",
-            user: "@alice:example.org",
-            content: { hello: "world" },
-            room: "!1:example.org",
-        });
-        let driver: WidgetDriver;
-
-        beforeEach(() => {
-            driver = mkDefaultDriver();
-            client.getRoom.mockReturnValue({
-                getLiveTimeline: () => ({ getEvents: () => [event1, event2] }),
-            } as unknown as Room);
-        });
-
-        it("reads all events", async () => {
-            expect(
-                await driver.readRoomTimeline("!1:example.org", "org.example.foo", undefined, undefined, 10, undefined),
-            ).toEqual([event2, event1].map((e) => e.getEffectiveEvent()));
-        });
-
-        it("reads up to a limit", async () => {
-            expect(
-                await driver.readRoomTimeline("!1:example.org", "org.example.foo", undefined, undefined, 1, undefined),
-            ).toEqual([event2.getEffectiveEvent()]);
-        });
-
-        it("reads up to a specific event", async () => {
-            expect(
-                await driver.readRoomTimeline(
-                    "!1:example.org",
-                    "org.example.foo",
-                    undefined,
-                    undefined,
-                    10,
-                    event1.getId(),
-                ),
-            ).toEqual([event2.getEffectiveEvent()]);
-        });
-    });
-
-    describe("readRoomState", () => {
-        const event1 = mkEvent({
-            event: true,
-            id: "$event-id1",
-            type: "org.example.foo",
-            user: "@alice:example.org",
-            content: { hello: "world" },
-            skey: "1",
-            room: "!1:example.org",
-        });
-        const event2 = mkEvent({
-            event: true,
-            id: "$event-id2",
-            type: "org.example.foo",
-            user: "@alice:example.org",
-            content: { hello: "world" },
-            skey: "2",
-            room: "!1:example.org",
-        });
-        let driver: WidgetDriver;
-        let getStateEvents: jest.Mock;
-
-        beforeEach(() => {
-            driver = mkDefaultDriver();
-            getStateEvents = jest.fn();
-            client.getRoom.mockReturnValue({
-                getLiveTimeline: () => ({ getState: () => ({ getStateEvents }) }),
-            } as unknown as Room);
-        });
-
-        it("reads a specific state key", async () => {
-            getStateEvents.mockImplementation((eventType, stateKey) => {
-                if (eventType === "org.example.foo" && stateKey === "1") return event1;
-                return undefined;
-            });
-            expect(await driver.readRoomState("!1:example.org", "org.example.foo", "1")).toEqual([
-                event1.getEffectiveEvent(),
-            ]);
-        });
-
-        it("reads all state keys", async () => {
-            getStateEvents.mockImplementation((eventType, stateKey) => {
-                if (eventType === "org.example.foo" && stateKey === undefined) return [event1, event2];
-                return [];
-            });
-            expect(await driver.readRoomState("!1:example.org", "org.example.foo", undefined)).toEqual(
-                [event1, event2].map((e) => e.getEffectiveEvent()),
-            );
-        });
-    });
 });

test/unit-tests/utils/AutoDiscoveryUtils-test.tsx

@@ -355,19 +355,21 @@ describe("AutoDiscoveryUtils", () => {
                 hsNameIsDifferent: true,
                 hsName: serverName,
                 delegatedAuthentication: expect.objectContaining({
-                    issuer,
-                    account_management_actions_supported: [
+                    accountManagementActionsSupported: [
                         "org.matrix.profile",
                         "org.matrix.sessions_list",
                         "org.matrix.session_view",
                         "org.matrix.session_end",
                         "org.matrix.cross_signing_reset",
                     ],
-                    account_management_uri: "https://auth.matrix.org/account/",
-                    authorization_endpoint: "https://auth.matrix.org/auth",
-                    registration_endpoint: "https://auth.matrix.org/registration",
+                    accountManagementEndpoint: "https://auth.matrix.org/account/",
+                    authorizationEndpoint: "https://auth.matrix.org/auth",
+                    metadata: expect.objectContaining({
+                        issuer,
+                    }),
+                    registrationEndpoint: "https://auth.matrix.org/registration",
                     signingKeys: [],
-                    token_endpoint: "https://auth.matrix.org/token",
+                    tokenEndpoint: "https://auth.matrix.org/token",
                 }),
                 warning: null,
             });

test/unit-tests/utils/oidc/TokenRefresher-test.ts

@@ -38,7 +38,7 @@ describe("TokenRefresher", () => {
     };
 
     beforeEach(() => {
-        fetchMock.get(`${issuer}.well-known/openid-configuration`, authConfig);
+        fetchMock.get(`${issuer}.well-known/openid-configuration`, authConfig.metadata);
         fetchMock.get(`${issuer}jwks`, {
             status: 200,
             headers: {

test/unit-tests/utils/oidc/authorize-test.ts

@@ -61,7 +61,10 @@ describe("OIDC authorization", () => {
     });
 
     beforeAll(() => {
-        fetchMock.get(`${delegatedAuthConfig.issuer}.well-known/openid-configuration`, delegatedAuthConfig);
+        fetchMock.get(
+            `${delegatedAuthConfig.metadata.issuer}.well-known/openid-configuration`,
+            delegatedAuthConfig.metadata,
+        );
     });
 
     afterAll(() => {

test/unit-tests/utils/oidc/registerClient-test.ts

@@ -58,7 +58,7 @@ describe("getOidcClientId()", () => {
         const authConfigWithoutRegistration: OidcClientConfig = makeDelegatedAuthConfig(
             "https://issuerWithoutStaticClientId.org/",
         );
-        authConfigWithoutRegistration.registration_endpoint = undefined;
+        authConfigWithoutRegistration.registrationEndpoint = undefined;
         await expect(getOidcClientId(authConfigWithoutRegistration, staticOidcClients)).rejects.toThrow(
             OidcError.DynamicRegistrationNotSupported,
         );
@@ -69,7 +69,7 @@ describe("getOidcClientId()", () => {
     it("should handle when staticOidcClients object is falsy", async () => {
         const authConfigWithoutRegistration: OidcClientConfig = {
             ...delegatedAuthConfig,
-            registration_endpoint: undefined,
+            registrationEndpoint: undefined,
         };
         await expect(getOidcClientId(authConfigWithoutRegistration)).rejects.toThrow(
             OidcError.DynamicRegistrationNotSupported,
@@ -79,14 +79,14 @@ describe("getOidcClientId()", () => {
     });
 
     it("should make correct request to register client", async () => {
-        fetchMockJest.post(delegatedAuthConfig.registration_endpoint!, {
+        fetchMockJest.post(delegatedAuthConfig.registrationEndpoint!, {
             status: 200,
             body: JSON.stringify({ client_id: dynamicClientId }),
         });
         expect(await getOidcClientId(delegatedAuthConfig)).toEqual(dynamicClientId);
         // didn't try to register
         expect(fetchMockJest).toHaveBeenCalledWith(
-            delegatedAuthConfig.registration_endpoint!,
+            delegatedAuthConfig.registrationEndpoint!,
             expect.objectContaining({
                 headers: {
                     "Accept": "application/json",
@@ -111,14 +111,14 @@ describe("getOidcClientId()", () => {
     });
 
     it("should throw when registration request fails", async () => {
-        fetchMockJest.post(delegatedAuthConfig.registration_endpoint!, {
+        fetchMockJest.post(delegatedAuthConfig.registrationEndpoint!, {
             status: 500,
         });
         await expect(getOidcClientId(delegatedAuthConfig)).rejects.toThrow(OidcError.DynamicRegistrationFailed);
     });
 
     it("should throw when registration response is invalid", async () => {
-        fetchMockJest.post(delegatedAuthConfig.registration_endpoint!, {
+        fetchMockJest.post(delegatedAuthConfig.registrationEndpoint!, {
             status: 200,
             // no clientId in response
             body: "{}",

yarn.lock

@@ -2731,11 +2731,11 @@
     "@svgr/plugin-svgo" "8.1.0"
 
 "@testcontainers/postgresql@^10.16.0":
-  version "10.17.1"
-  resolved "https://registry.yarnpkg.com/@testcontainers/postgresql/-/postgresql-10.17.1.tgz#a0482b3eef094bcda885c3b96eeae7c737fa58bc"
-  integrity sha512-TXFU7ptv8pTVscA7sd5NtSuxO3IP/d8I/plOliVyH+w8IRb1LdXxe/BEgJrwhKgVefarYvgHeBPgqjG3Jef+3A==
+  version "10.16.0"
+  resolved "https://registry.yarnpkg.com/@testcontainers/postgresql/-/postgresql-10.16.0.tgz#0437a9b426d64ea958e745a0e2ae19462b786f81"
+  integrity sha512-zWFQI+3QxlEELRvVv27i6zlVEPNUz9zKaSh7iWmFlCdfhcyr78daS0FG8FIfdQ79VK7YXA4jv+dTYXa2SwXu/w==
   dependencies:
-    testcontainers "^10.17.1"
+    testcontainers "^10.16.0"
 
 "@testing-library/dom@^10.4.0":
   version "10.4.0"
@@ -2903,9 +2903,9 @@
     "@types/ssh2" "*"
 
 "@types/dockerode@^3.3.29":
-  version "3.3.34"
-  resolved "https://registry.yarnpkg.com/@types/dockerode/-/dockerode-3.3.34.tgz#1cef62f1b98f80bd4460961dd8aac99b95a0fb6e"
-  integrity sha512-mH9SuIb8NuTDsMus5epcbTzSbEo52fKLBMo0zapzYIAIyfDqoIFn7L3trekHLKC8qmxGV++pPUP4YqQ9n5v2Zg==
+  version "3.3.33"
+  resolved "https://registry.yarnpkg.com/@types/dockerode/-/dockerode-3.3.33.tgz#67d9b4223caf41a0735695abe89c292e05d305c9"
+  integrity sha512-7av8lVOhkW7Xd11aZTSq5zhdpyNraldXwQR0pxUCiSNTvIzsP86KrFrmrZgxtrXD2Zrtzwt4H6OYLbATONWzWg==
   dependencies:
     "@types/docker-modem" "*"
     "@types/node" "*"
@@ -3153,13 +3153,20 @@
   dependencies:
     undici-types "~6.20.0"
 
-"@types/node@18", "@types/node@^18.11.18":
+"@types/node@18":
   version "18.19.71"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-18.19.71.tgz#96d4f0a0be735ead6c8998c62a4b2c0012a5d09a"
   integrity sha512-evXpcgtZm8FY4jqBSN8+DmOTcVkkvTmAayeo4Wf3m1xAruyVGzGuDh/Fb/WWX2yLItUiho42ozyJjB0dw//Tkw==
   dependencies:
     undici-types "~5.26.4"
 
+"@types/node@^18.11.18":
+  version "18.19.69"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.19.69.tgz#748d301818ba4b238854c53d290257a70aae7d01"
+  integrity sha512-ECPdY1nlaiO/Y6GUnwgtAAhLNaQ53AyIVz+eILxpEo5OvuqE6yWkqWBIb5dU0DqhKQtMeny+FBD3PK6lm7L5xQ==
+  dependencies:
+    undici-types "~5.26.4"
+
 "@types/normalize-package-data@^2.4.0":
   version "2.4.4"
   resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz#56e2cc26c397c038fab0e3a917a12d5c5909e901"
@@ -3311,9 +3318,9 @@
     "@types/node" "*"
 
 "@types/ssh2@*":
-  version "1.15.4"
-  resolved "https://registry.yarnpkg.com/@types/ssh2/-/ssh2-1.15.4.tgz#2347d2ff079e205b077c02407d822803bfd23c45"
-  integrity sha512-9JTQgVBWSgq6mAen6PVnrAmty1lqgCMvpfN+1Ck5WRUsyMYPa6qd50/vMJ0y1zkGpOEgLzm8m8Dx/Y5vRouLaA==
+  version "1.15.1"
+  resolved "https://registry.yarnpkg.com/@types/ssh2/-/ssh2-1.15.1.tgz#4db4b6864abca09eb299fe5354fa591add412223"
+  integrity sha512-ZIbEqKAsi5gj35y4P4vkJYly642wIbY6PqoN0xiyQGshKUGXR9WQjF/iF9mXBQ8uBKy3ezfsCkcoHKhd0BzuDA==
   dependencies:
     "@types/node" "^18.11.18"
 
@@ -3467,10 +3474,10 @@
   resolved "https://registry.yarnpkg.com/@vector-im/compound-design-tokens/-/compound-design-tokens-2.1.3.tgz#8205ffb455a09d71a02d838f3dbb8503c4e6ec27"
   integrity sha512-U4UF7MVguENf0lQnkU2a9p/3llTsLXzbzmFFOxi0h6ny2igNxZj/kROP/jXTxxV9xD4TNn3z098Bos4J/qJpBA==
 
-"@vector-im/compound-web@^7.6.1":
-  version "7.6.1"
-  resolved "https://registry.yarnpkg.com/@vector-im/compound-web/-/compound-web-7.6.1.tgz#c41fc8b2e4c5938041e1f0ff9792f8fbadd9ab87"
-  integrity sha512-LdHGFslkyky2aNPZwIOY9GgWn1VOUa2EBKHln8HBvpxnYPcs3/A2nb1+6SsJ7+Y0TzKc2HA0rZ3qPDhQ3hjZYQ==
+"@vector-im/compound-web@^7.5.0":
+  version "7.5.0"
+  resolved "https://registry.yarnpkg.com/@vector-im/compound-web/-/compound-web-7.5.0.tgz#1547af5f0ee27b94f79ab11eee006059f3d09707"
+  integrity sha512-Xhef8H5WrRmPuanzRBs8rnl+hwbcQnC7nKSCupUczAQ5hjlieBx4vcQYQ/nMkrs4rMGjgfFtR3E18wT5LlML/A==
   dependencies:
     "@floating-ui/react" "^0.27.0"
     "@radix-ui/react-context-menu" "^2.2.1"
@@ -4076,15 +4083,6 @@ axe-core@^4.10.0, axe-core@~4.10.2:
   resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.10.2.tgz#85228e3e1d8b8532a27659b332e39b7fa0e022df"
   integrity sha512-RE3mdQ7P3FRSe7eqCWoeQ/Z9QXrtniSjp1wUjt5nRC3WIpz5rSCve6o3fsZ2aCpJtrZjSZgjwXAoTO5k4tEI0w==
 
-axios@^1.7.8:
-  version "1.7.9"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.9.tgz#d7d071380c132a24accda1b2cfc1535b79ec650a"
-  integrity sha512-LhLcE7Hbiryz8oMDdDptSrWowmB4Bl6RCt6sIJKpRB4XtVf0iEgewX3au/pJqm+Py1kCASkb/FFKjxQaLtxJvw==
-  dependencies:
-    follow-redirects "^1.15.6"
-    form-data "^4.0.0"
-    proxy-from-env "^1.1.0"
-
 axobject-query@^4.1.0:
   version "4.1.0"
   resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-4.1.0.tgz#28768c76d0e3cff21bc62a9e2d0b6ac30042a1ee"
@@ -4206,35 +4204,35 @@ balanced-match@^2.0.0:
   integrity sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==
 
 bare-events@^2.0.0, bare-events@^2.2.0:
-  version "2.5.4"
-  resolved "https://registry.yarnpkg.com/bare-events/-/bare-events-2.5.4.tgz#16143d435e1ed9eafd1ab85f12b89b3357a41745"
-  integrity sha512-+gFfDkR8pj4/TrWCGUGWmJIkBwuxPS5F+a5yWjOHQt2hHvNZd5YLzadjmDUtFmMM4y429bnKLa8bYBMHcYdnQA==
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/bare-events/-/bare-events-2.5.0.tgz#305b511e262ffd8b9d5616b056464f8e1b3329cc"
+  integrity sha512-/E8dDe9dsbLyh2qrZ64PEPadOQ0F4gbl1sUJOrmph7xOiIxfY8vwab/4bFLh4Y88/Hk/ujKcrQKc+ps0mv873A==
 
-bare-fs@^4.0.1:
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/bare-fs/-/bare-fs-4.0.1.tgz#85844f34da819c76754d545323a8b23ed3617c76"
-  integrity sha512-ilQs4fm/l9eMfWY2dY0WCIUplSUp7U0CT1vrqMg1MUdeZl4fypu5UP0XcDBK5WBQPJAKP1b7XEodISmekH/CEg==
+bare-fs@^2.1.1:
+  version "2.3.5"
+  resolved "https://registry.yarnpkg.com/bare-fs/-/bare-fs-2.3.5.tgz#05daa8e8206aeb46d13c2fe25a2cd3797b0d284a"
+  integrity sha512-SlE9eTxifPDJrT6YgemQ1WGFleevzwY+XAP1Xqgl56HtcrisC2CHCZ2tq6dBpcH2TnNxwUEUGhweo+lrQtYuiw==
   dependencies:
     bare-events "^2.0.0"
-    bare-path "^3.0.0"
+    bare-path "^2.0.0"
     bare-stream "^2.0.0"
 
-bare-os@^3.0.1:
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/bare-os/-/bare-os-3.4.0.tgz#97be31503f3095beb232a6871f0118859832eb0c"
-  integrity sha512-9Ous7UlnKbe3fMi7Y+qh0DwAup6A1JkYgPnjvMDNOlmnxNRQvQ/7Nst+OnUQKzk0iAT0m9BisbDVp9gCv8+ETA==
+bare-os@^2.1.0:
+  version "2.4.4"
+  resolved "https://registry.yarnpkg.com/bare-os/-/bare-os-2.4.4.tgz#01243392eb0a6e947177bb7c8a45123d45c9b1a9"
+  integrity sha512-z3UiI2yi1mK0sXeRdc4O1Kk8aOa/e+FNWZcTiPB/dfTWyLypuE99LibgRaQki914Jq//yAWylcAt+mknKdixRQ==
 
-bare-path@^3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/bare-path/-/bare-path-3.0.0.tgz#b59d18130ba52a6af9276db3e96a2e3d3ea52178"
-  integrity sha512-tyfW2cQcB5NN8Saijrhqn0Zh7AnFNsnczRcuWODH0eYAXBsJ5gVxAUuNr7tsHSC6IZ77cA0SitzT+s47kot8Mw==
+bare-path@^2.0.0, bare-path@^2.1.0:
+  version "2.1.3"
+  resolved "https://registry.yarnpkg.com/bare-path/-/bare-path-2.1.3.tgz#594104c829ef660e43b5589ec8daef7df6cedb3e"
+  integrity sha512-lh/eITfU8hrj9Ru5quUp0Io1kJWIk1bTjzo7JH1P5dWmQ2EL4hFUlfI8FonAhSlgIfhn63p84CDY/x+PisgcXA==
   dependencies:
-    bare-os "^3.0.1"
+    bare-os "^2.1.0"
 
 bare-stream@^2.0.0:
-  version "2.6.4"
-  resolved "https://registry.yarnpkg.com/bare-stream/-/bare-stream-2.6.4.tgz#4226bc8ec7b3ff2c17087385326909978747b149"
-  integrity sha512-G6i3A74FjNq4nVrrSTUz5h3vgXzBJnjmWAVlBWaZETkgu+LgKd7AiyOml3EDJY1AHlIbBHKDXE+TUT53Ff8OaA==
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/bare-stream/-/bare-stream-2.6.1.tgz#b3b9874fab05b662c9aea2706a12fb0698c46836"
+  integrity sha512-eVZbtKM+4uehzrsj49KtCy3Pbg7kO1pJ3SKZ1SFrIH/0pnj9scuGGgUlNDf/7qS8WKtGdiJY5Kyhs/ivYPTB/g==
   dependencies:
     streamx "^2.21.0"
 
@@ -5252,7 +5250,7 @@ debug@2.6.9:
   dependencies:
     ms "2.0.0"
 
-debug@4, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.4, debug@^4.3.5, debug@^4.3.7, debug@~4.4.0:
+debug@4, debug@^4.1.0, debug@^4.3.1, debug@^4.3.4, debug@^4.3.5, debug@^4.3.7, debug@~4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.0.tgz#2b3f2aea2ffeb776477460267377dc8710faba8a"
   integrity sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==
@@ -5266,7 +5264,7 @@ debug@^3.2.7:
   dependencies:
     ms "^2.1.1"
 
-debug@^4.3.2:
+debug@^4.1.1, debug@^4.3.2:
   version "4.3.7"
   resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.7.tgz#87945b4151a011d76d95a198d7111c865c360a52"
   integrity sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==
@@ -6523,7 +6521,7 @@ focus-lock@^1.3.5:
   dependencies:
     tslib "^2.0.3"
 
-follow-redirects@^1.0.0, follow-redirects@^1.15.6:
+follow-redirects@^1.0.0:
   version "1.15.9"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1"
   integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==
@@ -7136,7 +7134,7 @@ iconv-lite@0.4.24:
   dependencies:
     safer-buffer ">= 2.1.2 < 3"
 
-iconv-lite@0.6.3, iconv-lite@^0.6.3:
+iconv-lite@0.6.3, iconv-lite@^0.6, iconv-lite@^0.6.3:
   version "0.6.3"
   resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.6.3.tgz#a52f80bf38da1952eb5c681790719871a1a72501"
   integrity sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==
@@ -8575,12 +8573,12 @@ magic-string@0.30.8:
   dependencies:
     "@jridgewell/sourcemap-codec" "^1.4.15"
 
-mailpit-api@^1.0.5:
-  version "1.0.5"
-  resolved "https://registry.yarnpkg.com/mailpit-api/-/mailpit-api-1.0.5.tgz#3383593707a7bc502af0ae6bf1296160daf8c730"
-  integrity sha512-55OjUjNv4hwrQKIzN8DqWywuW7UIyzN1FrEd3A87sJ9Ni07LZC/f7hgeW7dp36YYxrmV8voGzUmCY3dWJ3D6Og==
-  dependencies:
-    axios "^1.7.8"
+mailhog@^4.16.0:
+  version "4.16.0"
+  resolved "https://registry.yarnpkg.com/mailhog/-/mailhog-4.16.0.tgz#1ad4dda104505399f3f17824737a962696e7d240"
+  integrity sha512-wXrGik+0MaAy4dbYTImxa8niX9a4aRpZTzC/b1GzCvQs09khhs0aKZgHjgScakI4Y18WInDvvF48hhEz9ifN4g==
+  optionalDependencies:
+    iconv-lite "^0.6"
 
 make-dir@^4.0.0:
   version "4.0.0"
@@ -10581,9 +10579,9 @@ readable-stream@^3.0.6, readable-stream@^3.1.1, readable-stream@^3.4.0, readable
     util-deprecate "^1.0.1"
 
 readable-stream@^4.0.0:
-  version "4.7.0"
-  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-4.7.0.tgz#cedbd8a1146c13dfff8dab14068028d58c15ac91"
-  integrity sha512-oIGGmcpTLwPga8Bn6/Z75SVaH1z5dUut2ibSyAMVhmUggWpmDn2dapB0n7f8nwaSiRtepAsfJyfXIO5DCVAODg==
+  version "4.6.0"
+  resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-4.6.0.tgz#ce412dfb19c04efde1c5936d99c27f37a1ff94c9"
+  integrity sha512-cbAdYt0VcnpN2Bekq7PU+k363ZRsPwJoEEJOEtSJQlJXzwaxt3FIo/uL+KeDSGIjJqtkwyge4KQgD2S2kd+CQw==
   dependencies:
     abort-controller "^3.0.0"
     buffer "^6.0.3"
@@ -11782,15 +11780,15 @@ tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0, tapable@^2.2.1:
   integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==
 
 tar-fs@^3.0.6:
-  version "3.0.8"
-  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.0.8.tgz#8f62012537d5ff89252d01e48690dc4ebed33ab7"
-  integrity sha512-ZoROL70jptorGAlgAYiLoBLItEKw/fUxg9BSYK/dF/GAGYFJOJJJMvjPAKDJraCXFwadD456FCuvLWgfhMsPwg==
+  version "3.0.6"
+  resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.0.6.tgz#eaccd3a67d5672f09ca8e8f9c3d2b89fa173f217"
+  integrity sha512-iokBDQQkUyeXhgPYaZxmczGPhnhXZ0CmrqI+MOb/WFGS9DW5wnfrLgtjUJBvz50vQ3qfRwJ62QVoCFu8mPVu5w==
   dependencies:
     pump "^3.0.0"
     tar-stream "^3.1.5"
   optionalDependencies:
-    bare-fs "^4.0.1"
-    bare-path "^3.0.0"
+    bare-fs "^2.1.1"
+    bare-path "^2.1.0"
 
 tar-fs@~2.0.1:
   version "2.0.1"
@@ -11879,10 +11877,10 @@ test-exclude@^6.0.0:
     glob "^7.1.4"
     minimatch "^3.0.4"
 
-testcontainers@^10.16.0, testcontainers@^10.17.1:
-  version "10.17.1"
-  resolved "https://registry.yarnpkg.com/testcontainers/-/testcontainers-10.17.1.tgz#075ff24cec1fb550dc9990e33cd8c24e1cb67b82"
-  integrity sha512-pYwpm6iH1UtZFVoSWjfUol4JCMyX4UksA5fwDotlTp2GgMqoHud+A+PY60kYUBVdSJJ/5AsSqhhFRvoK4ijISg==
+testcontainers@^10.16.0:
+  version "10.16.0"
+  resolved "https://registry.yarnpkg.com/testcontainers/-/testcontainers-10.16.0.tgz#8a7e69ada5cd2c6cce1c6db72b3a3e8e412fcaf6"
+  integrity sha512-oxPLuOtrRWS11A+Yn0+zXB7GkmNarflWqmy6CQJk8KJ75LZs2/zlUXDpizTbPpCGtk4kE2EQYwFZjrE967F8Wg==
   dependencies:
     "@balena/dockerignore" "^1.0.2"
     "@types/dockerode" "^3.3.29"
@@ -12198,9 +12196,9 @@ undici-types@~6.20.0:
   integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==
 
 undici@^5.28.4:
-  version "5.28.5"
-  resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.5.tgz#b2b94b6bf8f1d919bc5a6f31f2c01deb02e54d4b"
-  integrity sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==
+  version "5.28.4"
+  resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068"
+  integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==
   dependencies:
     "@fastify/busboy" "^2.0.0"