backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 15:51:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

upgrade all cargo dependencies

Browse source 
Unfortunately we need to pull tracing-opentelemetry from git because
there hasn't been a release including the dependency bump on the other
opentelemetry crates.
This commit is contained in:
Charles Hall 2024-05-22 17:42:05 -07:00
parent d5da913c79
commit 8f0fdfb2f2
No known key found for this signature in database
GPG key ID: 7B8E0645816E07CF
26 changed files with 993 additions and 762 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/api/client_server/account.rs
View file

@ -93,7 +93,7 @@ pub(crate) async fn register_route(
&& body.appservice_info.is_none()
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Registration has been disabled.",
));
}

2
src/api/client_server/context.rs
View file

@ -53,7 +53,7 @@ pub(crate) async fn get_context_route(
&body.event_id,
)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this event.",
));
}

6
src/api/client_server/membership.rs
View file

@ -450,7 +450,7 @@ pub(crate) async fn get_member_events_route(
.user_can_see_state_events(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this room.",
));
}
@ -485,7 +485,7 @@ pub(crate) async fn joined_members_route(
.user_can_see_state_events(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this room.",
));
}
@ -1399,7 +1399,7 @@ pub(crate) async fn invite_helper(
if !services().rooms.state_cache.is_joined(sender_user, room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this room.",
));
}

2
src/api/client_server/message.rs
View file

@ -48,7 +48,7 @@ pub(crate) async fn send_message_event_route(
&& !services().globals.allow_encryption()
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Encryption has been disabled",
));
}

4
src/api/client_server/relations.rs
View file

@ -49,6 +49,8 @@ pub(crate) async fn get_relating_events_with_rel_type_and_event_type_route(
chunk: res.chunk,
next_batch: res.next_batch,
prev_batch: res.prev_batch,
// TODO
recursion_depth: None,
}))
}
@ -92,6 +94,8 @@ pub(crate) async fn get_relating_events_with_rel_type_route(
chunk: res.chunk,
next_batch: res.next_batch,
prev_batch: res.prev_batch,
// TODO
recursion_depth: None,
}))
}

6
src/api/client_server/room.rs
View file

@ -78,7 +78,7 @@ pub(crate) async fn create_room_route(
&& !services().users.is_admin(sender_user)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Room creation has been disabled.",
));
}
@ -565,7 +565,7 @@ pub(crate) async fn get_room_event_route(
&body.event_id,
)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this event.",
));
}
@ -591,7 +591,7 @@ pub(crate) async fn get_room_aliases_route(
if !services().rooms.state_cache.is_joined(sender_user, &body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this room.",
));
}

2
src/api/client_server/search.rs
View file

@ -53,7 +53,7 @@ pub(crate) async fn search_events_route(
for room_id in room_ids {
if !services().rooms.state_cache.is_joined(sender_user, &room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view this room.",
));
}

8
src/api/client_server/session.rs
View file

@ -81,7 +81,7 @@ pub(crate) async fn login_route(
} else {
warn!("Bad login type: {:?}", &body.login_info);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Bad login type.",
));
}
@ -101,7 +101,7 @@ pub(crate) async fn login_route(
let hash = services().users.password_hash(&user_id)?.ok_or(
Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Wrong username or password.",
),
)?;
@ -119,7 +119,7 @@ pub(crate) async fn login_route(
if !hash_matches {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Wrong username or password.",
));
}
@ -190,7 +190,7 @@ pub(crate) async fn login_route(
} else {
warn!("Bad login type: {:?}", &body.login_info);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Bad login type.",
));
}

10
src/api/client_server/state.rs
View file

@ -63,7 +63,7 @@ pub(crate) async fn send_state_event_for_empty_key_route(
&& !services().globals.allow_encryption()
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Encryption has been disabled",
));
}
@ -101,7 +101,7 @@ pub(crate) async fn get_state_events_route(
.user_can_see_state_events(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view the room state.",
));
}
@ -135,7 +135,7 @@ pub(crate) async fn get_state_events_for_key_route(
.user_can_see_state_events(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view the room state.",
));
}
@ -176,7 +176,7 @@ pub(crate) async fn get_state_events_for_empty_key_route(
.user_can_see_state_events(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You don't have permission to view the room state.",
));
}
@ -232,7 +232,7 @@ async fn send_state_event_for_key_helper(
.is_none()
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You are only allowed to send canonical_alias events when \
it's aliases already exists",
));

6
src/api/client_server/sync.rs
View file

@ -605,7 +605,9 @@ async fn load_joined_room(
.state_cache
.is_invited(&user_id, room_id)?)
{
Ok::<_, Error>(Some(state_key.clone()))
Ok::<_, Error>(Some(state_key.parse().expect(
"`state_key` should be a valid user ID",
)))
} else {
Ok(None)
}
@ -1686,6 +1688,8 @@ pub(crate) async fn sync_events_v4_route(
// Count events in timeline greater than global sync counter
num_live: None,
timestamp: None,
// TODO
heroes: None,
},
);
}

2
src/api/client_server/typing.rs
View file

@ -14,7 +14,7 @@ pub(crate) async fn create_typing_event_route(
if !services().rooms.state_cache.is_joined(sender_user, &body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"You are not in this room.",
));
}

114
src/api/ruma_wrapper/axum.rs
View file

@ -2,19 +2,22 @@ use std::{collections::BTreeMap, iter::FromIterator, str};
use axum::{
async_trait,
body::{Full, HttpBody},
extract::{
rejection::TypedHeaderRejectionReason, FromRequest, Path, TypedHeader,
},
body::Body,
extract::{FromRequest, Path},
response::{IntoResponse, Response},
RequestExt, RequestPartsExt,
};
use axum_extra::{
headers::{
authorization::{Bearer, Credentials},
Authorization,
},
response::{IntoResponse, Response},
BoxError, RequestExt, RequestPartsExt,
typed_header::TypedHeaderRejectionReason,
TypedHeader,
};
use bytes::{Buf, BufMut, Bytes, BytesMut};
use bytes::{BufMut, BytesMut};
use http::{Request, StatusCode};
use http_body_util::BodyExt;
use ruma::{
api::{
client::error::ErrorKind, AuthScheme, IncomingRequest, OutgoingResponse,
@ -35,18 +38,15 @@ enum Token {
}
#[async_trait]
impl<T, S, B> FromRequest<S, B> for Ar<T>
impl<T, S> FromRequest<S> for Ar<T>
where
T: IncomingRequest,
B: HttpBody + Send + 'static,
B::Data: Send,
B::Error: Into<BoxError>,
{
type Rejection = Error;
#[allow(clippy::too_many_lines)]
async fn from_request(
req: Request<B>,
req: axum::extract::Request,
_state: &S,
) -> Result<Self, Self::Rejection> {
#[derive(Deserialize)]
@ -55,21 +55,17 @@ where
user_id: Option<String>,
}
let (mut parts, mut body) = match req.with_limited_body() {
Ok(limited_req) => {
let (parts, body) = limited_req.into_parts();
let body = to_bytes(body).await.map_err(|_| {
let (mut parts, mut body) = {
let limited_req = req.with_limited_body();
let (parts, body) = limited_req.into_parts();
let body = body
.collect()
.await
.map_err(|_| {
Error::BadRequest(ErrorKind::MissingToken, "Missing token.")
})?;
(parts, body)
}
Err(original_req) => {
let (parts, body) = original_req.into_parts();
let body = to_bytes(body).await.map_err(|_| {
Error::BadRequest(ErrorKind::MissingToken, "Missing token.")
})?;
(parts, body)
}
})?
.to_bytes();
(parts, body)
};
let metadata = T::METADATA;
@ -151,7 +147,7 @@ where
if !services().users.exists(&user_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"User does not exist.",
));
}
@ -196,7 +192,7 @@ where
_ => "Unknown header-related error",
};
Error::BadRequest(ErrorKind::Forbidden, msg)
Error::BadRequest(ErrorKind::forbidden(), msg)
})?;
let origin_signatures = BTreeMap::from_iter([(
@ -261,7 +257,7 @@ where
Err(e) => {
warn!("Failed to fetch signing keys: {}", e);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Failed to fetch signing keys.",
));
}
@ -294,7 +290,7 @@ where
}
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Failed to verify X-Matrix signatures.",
));
}
@ -453,62 +449,10 @@ impl Credentials for XMatrix {
impl<T: OutgoingResponse> IntoResponse for Ra<T> {
fn into_response(self) -> Response {
match self.0.try_into_http_response::<BytesMut>() {
Ok(res) => res.map(BytesMut::freeze).map(Full::new).into_response(),
Ok(res) => {
res.map(BytesMut::freeze).map(Body::from).into_response()
}
Err(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(),
}
}
}
// copied from hyper under the following license:
// Copyright (c) 2014-2021 Sean McArthur
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
pub(crate) async fn to_bytes<T>(body: T) -> Result<Bytes, T::Error>
where
T: HttpBody,
{
futures_util::pin_mut!(body);
// If there's only 1 chunk, we can just return Buf::to_bytes()
let mut first = if let Some(buf) = body.data().await {
buf?
} else {
return Ok(Bytes::new());
};
let second = if let Some(buf) = body.data().await {
buf?
} else {
return Ok(first.copy_to_bytes(first.remaining()));
};
// With more than 1 buf, we gotta flatten into a Vec first.
let cap = first.remaining()
+ second.remaining()
+ body.size_hint().lower().try_into().unwrap_or(usize::MAX);
let mut vec = Vec::with_capacity(cap);
vec.put(first);
vec.put(second);
while let Some(buf) = body.data().await {
vec.put(buf?);
}
Ok(vec.into())
}

14
src/api/server_server.rs
View file

@ -1023,7 +1023,7 @@ pub(crate) async fn get_event_route(
.server_in_room(sender_servername, room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room",
));
}
@ -1034,7 +1034,7 @@ pub(crate) async fn get_event_route(
&body.event_id,
)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not allowed to see event.",
));
}
@ -1064,7 +1064,7 @@ pub(crate) async fn get_backfill_route(
.server_in_room(sender_servername, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room.",
));
}
@ -1132,7 +1132,7 @@ pub(crate) async fn get_missing_events_route(
.server_in_room(sender_servername, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room",
));
}
@ -1234,7 +1234,7 @@ pub(crate) async fn get_event_authorization_route(
.server_in_room(sender_servername, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room.",
));
}
@ -1292,7 +1292,7 @@ pub(crate) async fn get_room_state_route(
.server_in_room(sender_servername, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room.",
));
}
@ -1362,7 +1362,7 @@ pub(crate) async fn get_room_state_ids_route(
.server_in_room(sender_servername, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server is not in room.",
));
}

2
src/database/key_value/uiaa.rs
View file

@ -81,7 +81,7 @@ impl service::uiaa::Data for KeyValueDatabase {
.userdevicesessionid_uiaainfo
.get(&userdevicesessionid)?
.ok_or(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"UIAA session does not exist.",
))?,
)

32
src/main.rs
View file

@ -24,6 +24,8 @@ use http::{
header::{self, HeaderName},
Method, StatusCode, Uri,
};
use opentelemetry::KeyValue;
use opentelemetry_sdk::Resource;
use ruma::api::{
client::{
error::{Error as RumaError, ErrorBody, ErrorKind},
@ -127,12 +129,20 @@ async fn try_main() -> Result<(), error::Main> {
if config.allow_jaeger {
opentelemetry::global::set_text_map_propagator(
opentelemetry_jaeger::Propagator::new(),
opentelemetry_jaeger_propagator::Propagator::new(),
);
let tracer = opentelemetry_jaeger::new_agent_pipeline()
.with_auto_split_batch(true)
.with_service_name("grapevine")
.install_batch(opentelemetry::runtime::Tokio)?;
let tracer = opentelemetry_otlp::new_pipeline()
.tracing()
.with_trace_config(
opentelemetry_sdk::trace::config().with_resource(
Resource::new(vec![KeyValue::new(
"service.name",
env!("CARGO_PKG_NAME"),
)]),
),
)
.with_exporter(opentelemetry_otlp::new_exporter().tonic())
.install_batch(opentelemetry_sdk::runtime::Tokio)?;
let telemetry = tracing_opentelemetry::layer().with_tracer(tracer);
let filter_layer = EnvFilter::try_new(&config.log)?;
@ -271,9 +281,9 @@ async fn run_server() -> io::Result<()> {
///
/// The axum request handler task gets cancelled if the connection is shut down;
/// by spawning our own task, processing continue after the client disconnects.
async fn spawn_task<B: Send + 'static>(
req: http::Request<B>,
next: axum::middleware::Next<B>,
async fn spawn_task(
req: axum::extract::Request,
next: axum::middleware::Next,
) -> std::result::Result<axum::response::Response, StatusCode> {
if services().globals.shutdown.load(atomic::Ordering::Relaxed) {
return Err(StatusCode::SERVICE_UNAVAILABLE);
@ -283,9 +293,9 @@ async fn spawn_task<B: Send + 'static>(
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)
}
async fn unrecognized_method<B: Send>(
req: http::Request<B>,
next: axum::middleware::Next<B>,
async fn unrecognized_method(
req: axum::extract::Request,
next: axum::middleware::Next,
) -> std::result::Result<axum::response::Response, StatusCode> {
let method = req.method().clone();
let uri = req.uri().clone();

16
src/service/globals.rs
View file

@ -17,11 +17,11 @@ use std::{
use base64::{engine::general_purpose, Engine as _};
pub(crate) use data::Data;
use futures_util::FutureExt;
use hyper::{
client::connect::dns::{GaiResolver, Name},
service::Service as HyperService,
use hyper::service::Service as _;
use hyper_util::{
client::legacy::connect::dns::GaiResolver, service::TowerToHyperService,
};
use reqwest::dns::{Addrs, Resolve, Resolving};
use reqwest::dns::{Addrs, Name, Resolve, Resolving};
use ruma::{
api::federation::discovery::{ServerSigningKeys, VerifyKey},
serde::Base64,
@ -147,9 +147,13 @@ impl Resolve for Resolver {
})
})
.unwrap_or_else(|| {
let this = &mut self.inner.clone();
// This should never fail because reqwest's type is a wrapper
// around hyper-utils' type
let name = name.as_str().parse().expect("name should be valid");
Box::pin(
HyperService::<Name>::call(this, name)
TowerToHyperService::new(self.inner.clone())
.call(name)
.map(|result| {
result
.map(|addrs| -> Addrs { Box::new(addrs) })

2
src/service/media.rs
View file

@ -229,7 +229,7 @@ impl Service {
let mut thumbnail_bytes = Vec::new();
thumbnail.write_to(
&mut Cursor::new(&mut thumbnail_bytes),
image::ImageOutputFormat::Png,
image::ImageFormat::Png,
)?;
// Save thumbnail in database so we don't have to generate it

2
src/service/rooms/auth_chain.rs
View file

@ -155,7 +155,7 @@ impl Service {
Ok(Some(pdu)) => {
if pdu.room_id != room_id {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Evil event in db",
));
}

6
src/service/rooms/event_handler.rs
View file

@ -96,7 +96,7 @@ impl Service {
if services().rooms.metadata.is_disabled(room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Federation of this room is currently disabled on this server.",
));
}
@ -170,7 +170,7 @@ impl Service {
// Check for disabled again because it might have changed
if services().rooms.metadata.is_disabled(room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Federation of this room is currently disabled on this \
server.",
));
@ -1836,7 +1836,7 @@ impl Service {
server_name, room_id
);
Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Server was denied by room ACL",
))
}

4
src/service/rooms/pdu_metadata.rs
View file

@ -121,6 +121,8 @@ impl Service {
chunk: events_after,
next_batch: next_token.map(|t| t.stringify()),
prev_batch: Some(from.stringify()),
// TODO
recursion_depth: None,
})
}
ruma::api::Direction::Backward => {
@ -174,6 +176,8 @@ impl Service {
chunk: events_before,
next_batch: next_token.map(|t| t.stringify()),
prev_batch: Some(from.stringify()),
// TODO
recursion_depth: None,
})
}
}

2
src/service/rooms/spaces.rs
View file

@ -463,7 +463,7 @@ impl Service {
debug!("User is not allowed to see room {room_id}");
// This error will be caught later
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"User is not allowed to see the room",
));
}

16
src/service/rooms/timeline.rs
View file

@ -794,7 +794,7 @@ impl Service {
if !auth_check {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Event is not authorized.",
));
}
@ -878,7 +878,7 @@ impl Service {
TimelineEventType::RoomEncryption => {
warn!("Encryption is not allowed in the admins room");
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Encryption is not allowed in the admins room.",
));
}
@ -916,7 +916,7 @@ impl Service {
room"
);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Grapevine user cannot leave from admins \
room.",
));
@ -935,7 +935,7 @@ impl Service {
"Last admin cannot leave from admins room"
);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Last admin cannot leave from admins room.",
));
}
@ -950,7 +950,7 @@ impl Service {
admins room"
);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Grapevine user cannot be banned in \
admins room.",
));
@ -970,7 +970,7 @@ impl Service {
room"
);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"Last admin cannot be banned in admins \
room.",
));
@ -1004,7 +1004,7 @@ impl Service {
false,
)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"User cannot redact this event.",
));
}
@ -1026,7 +1026,7 @@ impl Service {
false,
)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
ErrorKind::forbidden(),
"User cannot redact this event.",
));
}

4
src/service/uiaa.rs
View file

@ -94,7 +94,7 @@ impl Service {
if !hash_matches {
uiaainfo.auth_error =
Some(ruma::api::client::error::StandardErrorBody {
kind: ErrorKind::Forbidden,
kind: ErrorKind::forbidden(),
message: "Invalid username or password."
.to_owned(),
});
@ -113,7 +113,7 @@ impl Service {
} else {
uiaainfo.auth_error =
Some(ruma::api::client::error::StandardErrorBody {
kind: ErrorKind::Forbidden,
kind: ErrorKind::forbidden(),
message: "Invalid registration token.".to_owned(),
});
return Ok((false, uiaainfo));

4
src/utils/error.rs
View file

@ -125,7 +125,9 @@ impl Error {
WrongRoomKeysVersion {
..
}
| Forbidden
| Forbidden {
..
}
| GuestAccessForbidden
| ThreepidAuthFailed
| UserDeactivated