diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 67ecbd32ff..dbf3799d2e 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -79,7 +79,7 @@ class Auth:
self._auth_blocking = AuthBlocking(self.hs)
- self._account_validity = hs.config.account_validity
+ self._account_validity_enabled = hs.config.account_validity_enabled
self._track_appservice_user_ips = hs.config.track_appservice_user_ips
self._macaroon_secret_key = hs.config.macaroon_secret_key
@@ -168,7 +168,7 @@ class Auth:
rights: str = "access",
allow_expired: bool = False,
) -> synapse.types.Requester:
- """ Get a registered user's ID.
+ """Get a registered user's ID.
Args:
request: An HTTP request with an access_token query parameter.
@@ -192,7 +192,7 @@ class Auth:
access_token = self.get_access_token_from_request(request)
- user_id, app_service = await self._get_appservice_user_id(request)
+ user_id, app_service = self._get_appservice_user_id(request)
if user_id:
if ip_addr and self._track_appservice_user_ips:
await self.store.insert_client_ip(
@@ -222,7 +222,7 @@ class Auth:
shadow_banned = user_info.shadow_banned
# Deny the request if the user account has expired.
- if self._account_validity.enabled and not allow_expired:
+ if self._account_validity_enabled and not allow_expired:
if await self.store.is_account_expired(
user_info.user_id, self.clock.time_msec()
):
@@ -268,10 +268,11 @@ class Auth:
except KeyError:
raise MissingClientTokenError()
- async def _get_appservice_user_id(self, request):
+ def _get_appservice_user_id(self, request):
app_service = self.store.get_app_service_by_token(
self.get_access_token_from_request(request)
)
+
if app_service is None:
return None, None
@@ -289,14 +290,21 @@ class Auth:
if not app_service.is_interested_in_user(user_id):
raise AuthError(403, "Application service cannot masquerade as this user.")
- if not (await self.store.get_user_by_id(user_id)):
- raise AuthError(403, "Application service has not registered this user")
+ # Let ASes manipulate nonexistent users (e.g. to shadow-register them)
+ # if not (yield self.store.get_user_by_id(user_id)):
+ # raise AuthError(
+ # 403,
+ # "Application service has not registered this user"
+ # )
return user_id, app_service
async def get_user_by_access_token(
- self, token: str, rights: str = "access", allow_expired: bool = False,
+ self,
+ token: str,
+ rights: str = "access",
+ allow_expired: bool = False,
) -> TokenLookupResult:
- """ Validate access token and get user_id from it
+ """Validate access token and get user_id from it
Args:
token: The access token to get the user by
@@ -489,7 +497,7 @@ class Auth:
return service
async def is_server_admin(self, user: UserID) -> bool:
- """ Check if the given user is a local server admin.
+ """Check if the given user is a local server admin.
Args:
user: user to check
@@ -500,7 +508,10 @@ class Auth:
return await self.store.is_server_admin(user)
def compute_auth_events(
- self, event, current_state_ids: StateMap[str], for_verification: bool = False,
+ self,
+ event,
+ current_state_ids: StateMap[str],
+ for_verification: bool = False,
) -> List[str]:
"""Given an event and current state return the list of event IDs used
to auth an event.
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 565a8cd76a..af8d59cf87 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -27,6 +27,11 @@ MAX_ALIAS_LENGTH = 255
# the maximum length for a user id is 255 characters
MAX_USERID_LENGTH = 255
+# The maximum length for a group id is 255 characters
+MAX_GROUPID_LENGTH = 255
+MAX_GROUP_CATEGORYID_LENGTH = 255
+MAX_GROUP_ROLEID_LENGTH = 255
+
class Membership:
@@ -128,8 +133,7 @@ class UserTypes:
class RelationTypes:
- """The types of relations known to this server.
- """
+ """The types of relations known to this server."""
ANNOTATION = "m.annotation"
REPLACE = "m.replace"
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index cd6670d0a2..a71e518f90 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
# Copyright 2014-2016 OpenMarket Ltd
-# Copyright 2018 New Vector Ltd
+# Copyright 2017-2018 New Vector Ltd
+# Copyright 2019 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -390,8 +391,7 @@ class InvalidCaptchaError(SynapseError):
class LimitExceededError(SynapseError):
- """A client has sent too many requests and is being throttled.
- """
+ """A client has sent too many requests and is being throttled."""
def __init__(
self,
@@ -408,8 +408,7 @@ class LimitExceededError(SynapseError):
class RoomKeysVersionError(SynapseError):
- """A client has tried to upload to a non-current version of the room_keys store
- """
+ """A client has tried to upload to a non-current version of the room_keys store"""
def __init__(self, current_version: str):
"""
@@ -426,7 +425,9 @@ class UnsupportedRoomVersionError(SynapseError):
def __init__(self, msg: str = "Homeserver does not support this room version"):
super().__init__(
- code=400, msg=msg, errcode=Codes.UNSUPPORTED_ROOM_VERSION,
+ code=400,
+ msg=msg,
+ errcode=Codes.UNSUPPORTED_ROOM_VERSION,
)
@@ -461,8 +462,7 @@ class IncompatibleRoomVersionError(SynapseError):
class PasswordRefusedError(SynapseError):
- """A password has been refused, either during password reset/change or registration.
- """
+ """A password has been refused, either during password reset/change or registration."""
def __init__(
self,
@@ -470,7 +470,9 @@ class PasswordRefusedError(SynapseError):
errcode: str = Codes.WEAK_PASSWORD,
):
super().__init__(
- code=400, msg=msg, errcode=errcode,
+ code=400,
+ msg=msg,
+ errcode=errcode,
)
@@ -493,7 +495,7 @@ class RequestSendFailed(RuntimeError):
def cs_error(msg: str, code: str = Codes.UNKNOWN, **kwargs):
- """ Utility method for constructing an error response for client-server
+ """Utility method for constructing an error response for client-server
interactions.
Args:
@@ -510,7 +512,7 @@ def cs_error(msg: str, code: str = Codes.UNKNOWN, **kwargs):
class FederationError(RuntimeError):
- """ This class is used to inform remote homeservers about erroneous
+ """This class is used to inform remote homeservers about erroneous
PDUs they sent us.
FATAL: The remote server could not interpret the source event.
diff --git a/synapse/api/presence.py b/synapse/api/presence.py
index 18a462f0ee..b9a8e29460 100644
--- a/synapse/api/presence.py
+++ b/synapse/api/presence.py
@@ -56,8 +56,7 @@ class UserPresenceState(
@classmethod
def default(cls, user_id):
- """Returns a default presence state.
- """
+ """Returns a default presence state."""
return cls(
user_id=user_id,
state=PresenceState.OFFLINE,
diff --git a/synapse/api/room_versions.py b/synapse/api/room_versions.py
index de2cc15d33..139fbf5524 100644
--- a/synapse/api/room_versions.py
+++ b/synapse/api/room_versions.py
@@ -57,7 +57,7 @@ class RoomVersion:
state_res = attr.ib(type=int) # one of the StateResolutionVersions
enforce_key_validity = attr.ib(type=bool)
- # bool: before MSC2261/MSC2432, m.room.aliases had special auth rules and redaction rules
+ # Before MSC2432, m.room.aliases had special auth rules and redaction rules
special_case_aliases_auth = attr.ib(type=bool)
# Strictly enforce canonicaljson, do not allow:
# * Integers outside the range of [-2 ^ 53 + 1, 2 ^ 53 - 1]
@@ -69,6 +69,11 @@ class RoomVersion:
limit_notifications_power_levels = attr.ib(type=bool)
# MSC2174/MSC2176: Apply updated redaction rules algorithm.
msc2176_redaction_rules = attr.ib(type=bool)
+ # MSC2174/MSC2176: Apply updated redaction rules algorithm.
+ msc2176_redaction_rules = attr.ib(type=bool)
+ # MSC2403: Allows join_rules to be set to 'knock', changes auth rules to allow sending
+ # m.room.membership event with membership 'knock'.
+ allow_knocking = attr.ib(type=bool)
class RoomVersions:
@@ -82,6 +87,7 @@ class RoomVersions:
strict_canonicaljson=False,
limit_notifications_power_levels=False,
msc2176_redaction_rules=False,
+ allow_knocking=False,
)
V2 = RoomVersion(
"2",
@@ -93,6 +99,7 @@ class RoomVersions:
strict_canonicaljson=False,
limit_notifications_power_levels=False,
msc2176_redaction_rules=False,
+ allow_knocking=False,
)
V3 = RoomVersion(
"3",
@@ -104,6 +111,7 @@ class RoomVersions:
strict_canonicaljson=False,
limit_notifications_power_levels=False,
msc2176_redaction_rules=False,
+ allow_knocking=False,
)
V4 = RoomVersion(
"4",
@@ -115,6 +123,7 @@ class RoomVersions:
strict_canonicaljson=False,
limit_notifications_power_levels=False,
msc2176_redaction_rules=False,
+ allow_knocking=False,
)
V5 = RoomVersion(
"5",
@@ -126,6 +135,7 @@ class RoomVersions:
strict_canonicaljson=False,
limit_notifications_power_levels=False,
msc2176_redaction_rules=False,
+ allow_knocking=False,
)
V6 = RoomVersion(
"6",
@@ -137,6 +147,19 @@ class RoomVersions:
strict_canonicaljson=True,
limit_notifications_power_levels=True,
msc2176_redaction_rules=False,
+ allow_knocking=False,
+ )
+ V7 = RoomVersion(
+ "7",
+ RoomDisposition.UNSTABLE,
+ EventFormatVersions.V3,
+ StateResolutionVersions.V2,
+ enforce_key_validity=True,
+ special_case_aliases_auth=False,
+ strict_canonicaljson=True,
+ limit_notifications_power_levels=True,
+ msc2176_redaction_rules=False,
+ allow_knocking=True,
)
MSC2176 = RoomVersion(
"org.matrix.msc2176",
@@ -148,6 +171,7 @@ class RoomVersions:
strict_canonicaljson=True,
limit_notifications_power_levels=True,
msc2176_redaction_rules=True,
+ allow_knocking=False,
)
@@ -160,6 +184,7 @@ KNOWN_ROOM_VERSIONS = {
RoomVersions.V4,
RoomVersions.V5,
RoomVersions.V6,
+ RoomVersions.V7,
RoomVersions.MSC2176,
)
} # type: Dict[str, RoomVersion]
|
