diff --git a/CHANGES.md b/CHANGES.md
index 271e2271fb..59ff967633 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,19 @@
+Synapse 1.44.0rc2 (2021-09-30)
+==============================
+
+Bugfixes
+--------
+
+- Fix a bug introduced in v1.44.0rc1 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error. ([\#10938](https://github.com/matrix-org/synapse/issues/10938))
+- Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. ([\#10944](https://github.com/matrix-org/synapse/issues/10944))
+
+
+Improved Documentation
+----------------------
+
+- Minor updates to the installation instructions. ([\#10919](https://github.com/matrix-org/synapse/issues/10919))
+
+
Synapse 1.44.0rc1 (2021-09-29)
==============================
diff --git a/changelog.d/10919.doc b/changelog.d/10919.doc
deleted file mode 100644
index d0bddc3f1b..0000000000
--- a/changelog.d/10919.doc
+++ /dev/null
@@ -1 +0,0 @@
-Minor updates to the installation instructions.
diff --git a/changelog.d/10933.bugfix b/changelog.d/10933.bugfix
new file mode 100644
index 0000000000..e0694fea22
--- /dev/null
+++ b/changelog.d/10933.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error.
diff --git a/changelog.d/10938.bugfix b/changelog.d/10938.bugfix
deleted file mode 100644
index 9cf0ea8788..0000000000
--- a/changelog.d/10938.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix bug introduced in Synapse 1.44 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error.
diff --git a/changelog.d/10944.bugfix b/changelog.d/10944.bugfix
deleted file mode 100644
index 49baff7df1..0000000000
--- a/changelog.d/10944.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services.
diff --git a/changelog.d/10968.bugfix b/changelog.d/10968.bugfix
new file mode 100644
index 0000000000..76624ed73c
--- /dev/null
+++ b/changelog.d/10968.bugfix
@@ -0,0 +1 @@
+Fix `/admin/whois/{user_id}` endpoint, which was broken in v1.44.0rc1.
diff --git a/debian/changelog b/debian/changelog
index 191bb97c5e..b08a592780 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.44.0~rc2) stable; urgency=medium
+
+ * New synapse release 1.44.0~rc2.
+
+ -- Synapse Packaging team <packages@matrix.org> Thu, 30 Sep 2021 12:39:10 +0100
+
matrix-synapse-py3 (1.44.0~rc1) stable; urgency=medium
* New synapse release 1.44.0~rc1.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index a1fec8ad2b..8791c20e26 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -47,7 +47,7 @@ try:
except ImportError:
pass
-__version__ = "1.44.0rc1"
+__version__ = "1.44.0rc2"
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 39fd9954d5..a31f037748 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -217,6 +217,9 @@ class EventContentFields:
# For "marker" events
MSC2716_MARKER_INSERTION = "org.matrix.msc2716.marker.insertion"
+ # The authorising user for joining a restricted room.
+ AUTHORISING_USER = "join_authorised_via_users_server"
+
class RoomTypes:
"""Understood values of the room_type field of m.room.create events."""
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index fc50a0e71a..650402836c 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -115,11 +115,11 @@ def check(
is_invite_via_allow_rule = (
event.type == EventTypes.Member
and event.membership == Membership.JOIN
- and "join_authorised_via_users_server" in event.content
+ and EventContentFields.AUTHORISING_USER in event.content
)
if is_invite_via_allow_rule:
authoriser_domain = get_domain_from_id(
- event.content["join_authorised_via_users_server"]
+ event.content[EventContentFields.AUTHORISING_USER]
)
if not event.signatures.get(authoriser_domain):
raise AuthError(403, "Event not signed by authorising server")
@@ -381,7 +381,9 @@ def _is_membership_change_allowed(
# Note that if the caller is in the room or invited, then they do
# not need to meet the allow rules.
if not caller_in_room and not caller_invited:
- authorising_user = event.content.get("join_authorised_via_users_server")
+ authorising_user = event.content.get(
+ EventContentFields.AUTHORISING_USER
+ )
if authorising_user is None:
raise AuthError(403, "Join event is missing authorising user.")
@@ -836,10 +838,10 @@ def auth_types_for_event(
auth_types.add(key)
if room_version.msc3083_join_rules and membership == Membership.JOIN:
- if "join_authorised_via_users_server" in event.content:
+ if EventContentFields.AUTHORISING_USER in event.content:
key = (
EventTypes.Member,
- event.content["join_authorised_via_users_server"],
+ event.content[EventContentFields.AUTHORISING_USER],
)
auth_types.add(key)
diff --git a/synapse/events/utils.py b/synapse/events/utils.py
index f86113a448..38fccd1efc 100644
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@@ -105,7 +105,7 @@ def prune_event_dict(room_version: RoomVersion, event_dict: dict) -> dict:
if event_type == EventTypes.Member:
add_fields("membership")
if room_version.msc3375_redaction_rules:
- add_fields("join_authorised_via_users_server")
+ add_fields(EventContentFields.AUTHORISING_USER)
elif event_type == EventTypes.Create:
# MSC2176 rules state that create events cannot be redacted.
if room_version.msc2176_redaction_rules:
diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py
index 024e440ff4..0cd424e12a 100644
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -15,7 +15,7 @@
import logging
from collections import namedtuple
-from synapse.api.constants import MAX_DEPTH, EventTypes, Membership
+from synapse.api.constants import MAX_DEPTH, EventContentFields, EventTypes, Membership
from synapse.api.errors import Codes, SynapseError
from synapse.api.room_versions import EventFormatVersions, RoomVersion
from synapse.crypto.event_signing import check_event_content_hash
@@ -184,10 +184,10 @@ async def _check_sigs_on_pdu(
room_version.msc3083_join_rules
and pdu.type == EventTypes.Member
and pdu.membership == Membership.JOIN
- and "join_authorised_via_users_server" in pdu.content
+ and EventContentFields.AUTHORISING_USER in pdu.content
):
authorising_server = get_domain_from_id(
- pdu.content["join_authorised_via_users_server"]
+ pdu.content[EventContentFields.AUTHORISING_USER]
)
try:
await keyring.verify_event_for_server(
diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py
index 584836c04a..2ab4dec88f 100644
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -37,7 +37,7 @@ from typing import (
import attr
from prometheus_client import Counter
-from synapse.api.constants import EventTypes, Membership
+from synapse.api.constants import EventContentFields, EventTypes, Membership
from synapse.api.errors import (
CodeMessageException,
Codes,
@@ -875,9 +875,9 @@ class FederationClient(FederationBase):
# If the join is being authorised via allow rules, we need to send
# the /send_join back to the same server that was originally used
# with /make_join.
- if "join_authorised_via_users_server" in pdu.content:
+ if EventContentFields.AUTHORISING_USER in pdu.content:
destinations = [
- get_domain_from_id(pdu.content["join_authorised_via_users_server"])
+ get_domain_from_id(pdu.content[EventContentFields.AUTHORISING_USER])
]
return await self._try_destination_list(
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index 638959cbec..5f4383eebc 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -34,7 +34,7 @@ from twisted.internet import defer
from twisted.internet.abstract import isIPAddress
from twisted.python import failure
-from synapse.api.constants import EduTypes, EventTypes, Membership
+from synapse.api.constants import EduTypes, EventContentFields, EventTypes, Membership
from synapse.api.errors import (
AuthError,
Codes,
@@ -765,11 +765,11 @@ class FederationServer(FederationBase):
if (
room_version.msc3083_join_rules
and event.membership == Membership.JOIN
- and "join_authorised_via_users_server" in event.content
+ and EventContentFields.AUTHORISING_USER in event.content
):
# We can only authorise our own users.
authorising_server = get_domain_from_id(
- event.content["join_authorised_via_users_server"]
+ event.content[EventContentFields.AUTHORISING_USER]
)
if authorising_server != self.server_name:
raise SynapseError(
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index b17ef2a9a1..adbd150e46 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -27,7 +27,12 @@ from unpaddedbase64 import decode_base64
from twisted.internet import defer
from synapse import event_auth
-from synapse.api.constants import EventTypes, Membership, RejectedReason
+from synapse.api.constants import (
+ EventContentFields,
+ EventTypes,
+ Membership,
+ RejectedReason,
+)
from synapse.api.errors import (
AuthError,
CodeMessageException,
@@ -712,7 +717,7 @@ class FederationHandler(BaseHandler):
if include_auth_user_id:
event_content[
- "join_authorised_via_users_server"
+ EventContentFields.AUTHORISING_USER
] = await self._event_auth_handler.get_user_which_could_invite(
room_id,
state_ids,
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index 19b4e7c19c..dc1202f8d8 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -593,6 +593,14 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
errcode=Codes.BAD_JSON,
)
+ # The event content should *not* include the authorising user as
+ # it won't be properly signed. Strip it out since it might come
+ # back from a client updating a display name / avatar.
+ #
+ # This only applies to restricted rooms, but there should be no reason
+ # for a client to include it. Unconditionally remove it.
+ content.pop(EventContentFields.AUTHORISING_USER, None)
+
effective_membership_state = action
if action in ["kick", "unban"]:
effective_membership_state = "leave"
@@ -959,7 +967,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
# be included in the event content in order to efficiently validate
# the event.
content[
- "join_authorised_via_users_server"
+ EventContentFields.AUTHORISING_USER
] = await self.event_auth_handler.get_user_which_could_invite(
room_id,
current_state_ids,
diff --git a/synapse/storage/databases/main/client_ips.py b/synapse/storage/databases/main/client_ips.py
index dafba2b03f..5f611d7b09 100644
--- a/synapse/storage/databases/main/client_ips.py
+++ b/synapse/storage/databases/main/client_ips.py
@@ -591,8 +591,8 @@ class ClientIpStore(ClientIpWorkerStore):
)
results.update(
- ((row["access_token"], row["ip"]), (row["user_agent"], row["last_seen"]))
- for row in rows
+ ((access_token, ip), (user_agent, last_seen))
+ for access_token, ip, user_agent, last_seen in rows
)
return [
{
diff --git a/tests/events/test_utils.py b/tests/events/test_utils.py
index 5446fda5e7..1dea09e480 100644
--- a/tests/events/test_utils.py
+++ b/tests/events/test_utils.py
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from synapse.api.constants import EventContentFields
from synapse.api.room_versions import RoomVersions
from synapse.events import make_event_from_dict
from synapse.events.utils import (
@@ -352,7 +353,7 @@ class PruneEventTestCase(unittest.TestCase):
"event_id": "$test:domain",
"content": {
"membership": "join",
- "join_authorised_via_users_server": "@user:domain",
+ EventContentFields.AUTHORISING_USER: "@user:domain",
"other_key": "stripped",
},
},
@@ -372,7 +373,7 @@ class PruneEventTestCase(unittest.TestCase):
"type": "m.room.member",
"content": {
"membership": "join",
- "join_authorised_via_users_server": "@user:domain",
+ EventContentFields.AUTHORISING_USER: "@user:domain",
"other_key": "stripped",
},
},
@@ -380,7 +381,7 @@ class PruneEventTestCase(unittest.TestCase):
"type": "m.room.member",
"content": {
"membership": "join",
- "join_authorised_via_users_server": "@user:domain",
+ EventContentFields.AUTHORISING_USER: "@user:domain",
},
"signatures": {},
"unsigned": {},
diff --git a/tests/storage/test_client_ips.py b/tests/storage/test_client_ips.py
index 1c2df54ecc..3cc8038f1e 100644
--- a/tests/storage/test_client_ips.py
+++ b/tests/storage/test_client_ips.py
@@ -15,9 +15,12 @@
from unittest.mock import Mock
+from parameterized import parameterized
+
import synapse.rest.admin
from synapse.http.site import XForwardedForRequest
from synapse.rest.client import login
+from synapse.types import UserID
from tests import unittest
from tests.server import make_request
@@ -143,6 +146,37 @@ class ClientIpStoreTestCase(unittest.HomeserverTestCase):
],
)
+ @parameterized.expand([(False,), (True,)])
+ def test_get_user_ip_and_agents(self, after_persisting: bool):
+ """Test `get_user_ip_and_agents` for persisted and unpersisted data"""
+ self.reactor.advance(12345678)
+
+ user_id = "@user:id"
+ user = UserID.from_string(user_id)
+
+ # Insert a user IP
+ self.get_success(
+ self.store.insert_client_ip(
+ user_id, "access_token", "ip", "user_agent", "MY_DEVICE"
+ )
+ )
+
+ if after_persisting:
+ # Trigger the storage loop
+ self.reactor.advance(10)
+
+ self.assertEqual(
+ self.get_success(self.store.get_user_ip_and_agents(user)),
+ [
+ {
+ "access_token": "access_token",
+ "ip": "ip",
+ "user_agent": "user_agent",
+ "last_seen": 12345678000,
+ },
+ ],
+ )
+
@override_config({"limit_usage_by_mau": False, "max_mau_value": 50})
def test_disabled_monthly_active_user(self):
user_id = "@user:server"
diff --git a/tests/test_event_auth.py b/tests/test_event_auth.py
index 6ebd01bcbe..1a4d078780 100644
--- a/tests/test_event_auth.py
+++ b/tests/test_event_auth.py
@@ -16,6 +16,7 @@ import unittest
from typing import Optional
from synapse import event_auth
+from synapse.api.constants import EventContentFields
from synapse.api.errors import AuthError
from synapse.api.room_versions import RoomVersions
from synapse.events import EventBase, make_event_from_dict
@@ -380,7 +381,7 @@ class EventAuthTestCase(unittest.TestCase):
authorised_join_event = _join_event(
pleb,
additional_content={
- "join_authorised_via_users_server": "@creator:example.com"
+ EventContentFields.AUTHORISING_USER: "@creator:example.com"
},
)
event_auth.check(
@@ -404,7 +405,7 @@ class EventAuthTestCase(unittest.TestCase):
_join_event(
pleb,
additional_content={
- "join_authorised_via_users_server": "@inviter:foo.test"
+ EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
},
),
pl_auth_events,
@@ -431,7 +432,7 @@ class EventAuthTestCase(unittest.TestCase):
_join_event(
pleb,
additional_content={
- "join_authorised_via_users_server": "@other:example.com"
+ EventContentFields.AUTHORISING_USER: "@other:example.com"
},
),
auth_events,
@@ -448,7 +449,7 @@ class EventAuthTestCase(unittest.TestCase):
"join",
sender=creator,
additional_content={
- "join_authorised_via_users_server": "@inviter:foo.test"
+ EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
},
),
auth_events,
|
