Clean up leftovers in the database schema, part 1 (#5405)

crates/storage-pg/migrations/20260108111542_remove_apalis.sql

@@ -0,0 +1,14 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- We replaced apalis a while back but did not clean the database. This removes
+-- everything related to apalis
+DROP TRIGGER IF EXISTS notify_workers ON apalis.jobs;
+DROP FUNCTION IF EXISTS apalis.notify_new_jobs();
+DROP FUNCTION IF EXISTS apalis.get_jobs(text, text, integer);
+DROP FUNCTION IF EXISTS apalis.push_job(text, json, text, timestamp with time zone, integer);
+DROP TABLE IF EXISTS apalis.jobs;
+DROP TABLE IF EXISTS apalis.workers;
+DROP SCHEMA IF EXISTS apalis;

crates/storage-pg/migrations/20260108120030_remove_user_emails_old_confirmation.sql

@@ -0,0 +1,18 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- We reworked how email verification works in
+-- https://github.com/element-hq/matrix-authentication-service/pull/3784
+-- but kept some old schema around to allow rolling back. We're safe to drop
+-- those now
+
+-- Users don't have a 'primary email' anymore
+ALTER TABLE users DROP COLUMN primary_user_email_id;
+
+-- Replaced by user_email_authentications
+DROP TABLE user_email_confirmation_codes;
+
+-- User emails are always confirmed when they are in this table now
+ALTER TABLE user_emails DROP COLUMN confirmed_at;

crates/storage-pg/migrations/20260108121127_cleanup_oauth2_consents.sql

@@ -0,0 +1,18 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- We've removed the idea of conditional consent (just go through the login if
+-- we already consented in the past) but didn't do the cleanup in
+-- https://github.com/element-hq/matrix-authentication-service/pull/4386
+
+-- In this version we completely stopped writing to this table, so that it's
+-- safe to completely drop in the next version
+TRUNCATE TABLE oauth2_consents;
+
+-- We stopped reading and writing in those columns a long time ago, so it's fine
+-- to drop them now
+ALTER TABLE oauth2_authorization_grants
+  DROP COLUMN max_age,
+  DROP COLUMN requires_consent;

crates/storage-pg/migrations/20260108121952_cleanup_id_token_claims_trigger.sql

@@ -0,0 +1,11 @@
+-- Copyright 2026 Element Creations Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+-- Please see LICENSE in the repository root for full details.
+
+-- When we introduced an id_token_claims column on upstream OAuth 2.0 logins, we
+-- added a trigger to make sure that when rolling back the new columns gets
+-- automatically filled correctly. It's been a while, it's safe to remove them.
+-- https://github.com/element-hq/matrix-authentication-service/pull/4743
+DROP TRIGGER IF EXISTS trg_fill_id_token_claims ON upstream_oauth_authorization_sessions;
+DROP FUNCTION IF EXISTS fill_id_token_claims();

crates/storage-pg/src/oauth2/client.rs

@@ -725,26 +725,6 @@ impl OAuth2ClientRepository for PgOAuth2ClientRepository<'_> {
             .await?;
         }
 
-        // Delete the user consents
-        {
-            let span = info_span!(
-                "db.oauth2_client.delete_by_id.consents",
-                { DB_QUERY_TEXT } = tracing::field::Empty,
-            );
-
-            sqlx::query!(
-                r#"
-                    DELETE FROM oauth2_consents
-                    WHERE oauth2_client_id = $1
-                "#,
-                Uuid::from(id),
-            )
-            .record(&span)
-            .execute(&mut *self.conn)
-            .instrument(span)
-            .await?;
-        }
-
         // Delete the OAuth 2 sessions related data
         {
             let span = info_span!(

crates/syn2mas/.sqlx/query-08ad2855f0baaaed9d6af23c8bf035e9a087ff27b06e804464a432d93e5a25f1.json

@@ -1,17 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n            INSERT INTO syn2mas__user_emails\n            (user_email_id, user_id, email, created_at, confirmed_at)\n            SELECT * FROM UNNEST($1::UUID[], $2::UUID[], $3::TEXT[], $4::TIMESTAMP WITH TIME ZONE[], $4::TIMESTAMP WITH TIME ZONE[])\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Left": [
-        "UuidArray",
-        "UuidArray",
-        "TextArray",
-        "TimestamptzArray"
-      ]
-    },
-    "nullable": []
-  },
-  "hash": "08ad2855f0baaaed9d6af23c8bf035e9a087ff27b06e804464a432d93e5a25f1"
-}

crates/syn2mas/.sqlx/query-ebf68b70b3e22a04b57b5587b4b099255155193dafbbd185cd8f26d93ff423a7.json

@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                INSERT INTO syn2mas__user_emails\n                (user_email_id, user_id, email, created_at)\n                SELECT * FROM UNNEST($1::UUID[], $2::UUID[], $3::TEXT[], $4::TIMESTAMP WITH TIME ZONE[])\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "UuidArray",
+        "UuidArray",
+        "TextArray",
+        "TimestamptzArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "ebf68b70b3e22a04b57b5587b4b099255155193dafbbd185cd8f26d93ff423a7"
+}

crates/syn2mas/src/mas_writer/mod.rs

@@ -406,19 +406,20 @@ impl WriteBatch for MasNewEmailThreepid {
             created_ats.push(created_at);
         }
 
-        // `confirmed_at` is going to get removed in a future MAS release,
-        // so just populate with `created_at`
         sqlx::query!(
             r#"
-            INSERT INTO syn2mas__user_emails
-            (user_email_id, user_id, email, created_at, confirmed_at)
-            SELECT * FROM UNNEST($1::UUID[], $2::UUID[], $3::TEXT[], $4::TIMESTAMP WITH TIME ZONE[], $4::TIMESTAMP WITH TIME ZONE[])
+                INSERT INTO syn2mas__user_emails
+                (user_email_id, user_id, email, created_at)
+                SELECT * FROM UNNEST($1::UUID[], $2::UUID[], $3::TEXT[], $4::TIMESTAMP WITH TIME ZONE[])
             "#,
             &user_email_ids[..],
             &user_ids[..],
             &emails[..],
             &created_ats[..],
-        ).execute(&mut *conn).await.into_database("writing emails to MAS")?;
+        )
+        .execute(&mut *conn)
+        .await
+        .into_database("writing emails to MAS")?;
 
         Ok(())
     }

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user.snap

@@ -8,6 +8,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_access_token.snap

@@ -26,6 +26,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_device.snap

@@ -20,6 +20,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_email.snap

@@ -3,8 +3,7 @@ source: crates/syn2mas/src/mas_writer/mod.rs
 expression: db_snapshot
 ---
 user_emails:
-  - confirmed_at: "1970-01-01 00:00:00+00"
-    created_at: "1970-01-01 00:00:00+00"
+  - created_at: "1970-01-01 00:00:00+00"
     email: alice@example.org
     user_email_id: 00000000-0000-0000-0000-000000000002
     user_id: 00000000-0000-0000-0000-000000000001
@@ -14,6 +13,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_password.snap

@@ -15,6 +15,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_refresh_token.snap

@@ -33,6 +33,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_unsupported_threepid.snap

@@ -13,6 +13,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice

crates/syn2mas/src/mas_writer/snapshots/syn2mas__mas_writer__test__write_user_with_upstream_provider_link.snap

@@ -42,6 +42,5 @@ users:
     deactivated_at: ~
     is_guest: "false"
     locked_at: ~
-    primary_user_email_id: ~
     user_id: 00000000-0000-0000-0000-000000000001
     username: alice