From 90cd11d8506828c5fe10c524973d9429ca0d12c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 22 May 2021 18:49:30 +0200
Subject: [PATCH 1/3] fix: Forbidden instead of InvalidParam when joining

---
 src/client_server/membership.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client_server/membership.rs b/src/client_server/membership.rs
index 75d7258c..206ea9d6 100644
--- a/src/client_server/membership.rs
+++ b/src/client_server/membership.rs
@@ -839,7 +839,7 @@ pub async fn invite_helper(
 
         if !auth_check {
             return Err(Error::BadRequest(
-                ErrorKind::InvalidParam,
+                ErrorKind::Forbidden,
                 "Event is not authorized.",
             ));
         }

From c1b2b468b8ccb486b9c9ae7426db1064e8c89a49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 22 May 2021 21:33:31 +0200
Subject: [PATCH 2/3] fix: bad except in ruma wrapper

---
 src/ruma_wrapper.rs | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/ruma_wrapper.rs b/src/ruma_wrapper.rs
index d0f7303a..f2b9b9f0 100644
--- a/src/ruma_wrapper.rs
+++ b/src/ruma_wrapper.rs
@@ -59,7 +59,7 @@ where
         let token = request
             .headers()
             .get_one("Authorization")
-            .map(|s| s[7..].to_owned()) // Split off "Bearer "
+            .and_then(|s| s.get(7..)) // Split off "Bearer "
             .or_else(|| request.query_value("access_token").and_then(|r| r.ok()));
 
         let limit = db.globals.max_request_size();
@@ -134,16 +134,20 @@ where
                 }
                 AuthScheme::ServerSignatures => {
                     // Get origin from header
-                    let x_matrix = match request.headers().get_one("Authorization").map(|s| {
+                    let x_matrix = match request
+                        .headers()
+                        .get_one("Authorization")
+                        .and_then(|s|
                         // Split off "X-Matrix " and parse the rest
-                        s[9..]
-                            .split_terminator(',')
-                            .map(|field| {
-                                let mut splits = field.splitn(2, '=');
-                                (splits.next(), splits.next().map(|s| s.trim_matches('"')))
-                            })
-                            .collect::<BTreeMap<_, _>>()
-                    }) {
+                        s.get(9..))
+                        .map(|s| {
+                            s.split_terminator(',')
+                                .map(|field| {
+                                    let mut splits = field.splitn(2, '=');
+                                    (splits.next(), splits.next().map(|s| s.trim_matches('"')))
+                                })
+                                .collect::<BTreeMap<_, _>>()
+                        }) {
                         Some(t) => t,
                         None => {
                             warn!("No Authorization header");

From fd69ac621c2ff5b19dfaadbff70d9484a220e925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 22 May 2021 21:41:08 +0200
Subject: [PATCH 3/3] fix: run ci with docker

---
 .gitlab-ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b3dcd5e2..e80d27ed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,8 @@
 image: "rust:latest"
 
+default:
+    tags: [docker]
+
 cache:
   paths:
     - target