summary refs log tree commit diff
path: root/MAP.rst (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-07-28Add r0.1.0 to the "supported versions" listRichard van der Hoff1-0/+1
2016-07-28TypoDavid Baker1-1/+1
2016-07-28Add r0.2.0 to the "supported versions" listRichard van der Hoff1-1/+4
2016-07-27Bump CHANGES and versionErik Johnston2-1/+57
2016-07-27key upload tweaksRichard van der Hoff1-7/+5
1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token.
2016-07-27Clean up verify_json_objects_for_serverMark Haines1-68/+75
2016-07-27SQL syntax fixRichard van der Hoff1-1/+1
2016-07-27Delete e2e keys on device deleteRichard van der Hoff3-4/+28
2016-07-26Make the device id on e2e key upload optionalRichard van der Hoff2-12/+54
We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices.
2016-07-26Add a couple more checks to the keyringMark Haines1-2/+9
2016-07-26Fix a couple of bugs in the transaction and keyring codeMark Haines2-9/+11
2016-07-26Add `create_requester` functionRichard van der Hoff11-75/+101
Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout
2016-07-26Check if the user is banned when handling 3pid invitesMark Haines1-0/+4
2016-07-26Fix typoRichard van der Hoff1-1/+1
2016-07-26Fix flake8 violationRichard van der Hoff1-5/+3
Apparently flake8 v3 puts the error on a different line to v2. Easiest way to make sure that happens is by putting the whole statement on one line :)
2016-07-26Fix flake8 configurationRichard van der Hoff1-4/+2
Apparently flake8 v3 doesn't like trailing comments on config settings. Also remove the pep8 config, which didn't work (because it was missing W503) and duplicated the flake8 config. We don't use pep8 on its own, so the config was duplicative.
2016-07-26Delete refresh tokens when deleting devicesRichard van der Hoff3-15/+83
2016-07-26Fix how push_actions are redacted.Mark Haines1-8/+10
2016-07-26Don't add rejected events if we've seen them befrore. Add some comments to ↵Mark Haines1-5/+48
explain what the code is doing mechanically
2016-07-26federation doesn't work over ipv6 yet thanks to twistedMatthew Hodgson1-1/+1
2016-07-26typoMatthew Hodgson1-1/+1
2016-07-26Implement updating devicesRichard van der Hoff5-8/+119
You can update the displayname of devices now.
2016-07-26Implement deleting devicesRichard van der Hoff11-21/+176
2016-07-25Only update the events and event_json tables for rejected eventsMark Haines2-52/+63
2016-07-25Log when adding listenersRichard van der Hoff1-0/+1
2016-07-25Don't add the events to forward extremities if the event is rejectedMark Haines1-3/+6
2016-07-25Don't add rejections to the state_group, persist all rejectionsMark Haines2-5/+6
2016-07-25fix: defer.returnValue takes one argumentMark Haines1-1/+1
2016-07-25background updates: fix assert againRichard van der Hoff1-1/+1
2016-07-25background updates: Fix assertion to do somethingRichard van der Hoff1-2/+2
2016-07-25PEP8Richard van der Hoff1-1/+1
2016-07-25Slightly saner logging for unittestsRichard van der Hoff1-4/+7
1. Give the handler used for logging in unit tests a formatter, so that the output is slightly more meaningful 2. Log some synapse.storage stuff, because it's useful.
2016-07-25Fix background_update testsRichard van der Hoff2-13/+36
A bit of a cleanup for background_updates, and make sure that the real background updates have run before we start the unit tests, so that they don't interfere with the tests.
2016-07-22Use get to avoid KeyErrorsDavid Baker1-1/+1
2016-07-22Log the hostname the reCAPTCHA was completed onDavid Baker1-2/+11
This could be useful information to have in the logs. Also comment about how & why we don't verify the hostname.
2016-07-22PEP8Richard van der Hoff1-1/+0
2016-07-22Create index on user_ips in the backgroundRichard van der Hoff3-12/+80
user_ips is kinda big, so really we want to add the index in the background once we're running. Replace the schema delta with one which will do that. I've done this in a way that's reasonably easy to reuse as there a few other indexes I need, and I don't suppose they will be the last.
2016-07-21make /devices return a listRichard van der Hoff2-9/+12
Turns out I specced this to return a list of devices rather than a dict of them
2016-07-21Fix PEP8 errorsRichard van der Hoff2-1/+2
2016-07-21Implement GET /device/{deviceId}Richard van der Hoff3-19/+89
2016-07-21storage/client_ips: remove some dead codeRichard van der Hoff1-3/+0
2016-07-21Preserve device_id from first call to /registerRichard van der Hoff1-11/+10
device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call.
2016-07-20Fix PEP8 errorsRichard van der Hoff2-3/+1
2016-07-20Don't explode if we have no snapshots yetErik Johnston1-0/+3
2016-07-20GET /devices endpointRichard van der Hoff10-17/+397
implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table.
2016-07-20Record device_id in client_ipsRichard van der Hoff3-8/+34
Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.
2016-07-20More doc-commentsRichard van der Hoff2-10/+14
Fix some more comments on some things
2016-07-20Register a device_id in the /v2/register flow.Richard van der Hoff2-18/+49
This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit.
2016-07-20Make jenkins install deps on unit testsErik Johnston1-0/+4
2016-07-20Add metrics for psutil derived memory usageErik Johnston4-1/+50
2016-07-20Don't notify pusher pool for backfilled eventsErik Johnston1-5/+6
2016-07-20CommentErik Johnston1-0/+4
2016-07-19MANIFEST.in: Add *.pyiRichard van der Hoff1-0/+1
2016-07-19Type annotationsRichard van der Hoff6-0/+46
Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things.
2016-07-19Further registration refactoringRichard van der Hoff5-22/+57
* `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
2016-07-19Don't bind email unless threepid contains expected fieldsRichard van der Hoff1-28/+25
2016-07-19rest/client/v2_alpha/register.py: Refactor flow somewhat.Richard van der Hoff2-76/+104
This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful.
2016-07-19schema fixRichard van der Hoff1-1/+1
device_id should be text, not bigint.
2016-07-19Summary lineMark Haines1-2/+1
2016-07-19Update docstring on Handlers.Mark Haines1-3/+15
To indicate it is deprecated.
2016-07-18Add device_id support to /loginRichard van der Hoff12-31/+354
Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
2016-07-18Refactor login flowRichard van der Hoff2-65/+82
Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.
2016-07-18Fix a doc-commentRichard van der Hoff1-1/+1
The `store` in a handler is a generic DataStore, not just an events.StateStore.
2016-07-16Use body.get to check for 'user'Will Hunt1-2/+1
2016-07-16Fall back to 'username' if 'user' is not given for appservice reg.Will Hunt1-3/+5
2016-07-15Fix 500 ISE when sending alias event without a state_keyMark Haines1-0/+5
2016-07-15Fix /purge_history bugErik Johnston1-19/+15
This was caused by trying to insert duplicate backward extremeties
2016-07-15Pull out min stream_ordering from ex_outlier_streamErik Johnston1-1/+2
2016-07-15event_backwards_extremeties may not be emptyErik Johnston1-1/+11
2016-07-15CommentErik Johnston2-0/+6
2016-07-14Check sender signed eventErik Johnston3-6/+12
2016-07-14Add filter param to /messages APIErik Johnston4-11/+29
2016-07-14Add support for filters in paginate_room_eventsErik Johnston1-1/+51
2016-07-14Add 'contains_url' to filterErik Johnston1-3/+20
2016-07-14Add sender and contains_url field to events tableErik Johnston2-0/+142
2016-07-14Add hs objectErik Johnston1-0/+1
2016-07-14Only accept password authErik Johnston1-12/+0
2016-07-14Add an /account/deactivate endpointErik Johnston1-0/+55
2016-07-13Bug fix: expire invalid access tokensNegar Fazeli6-9/+42
2016-07-13Check if alias event's state_key matches sender's domainErik Johnston1-0/+11
2016-07-13Check creation event's room_id domain matches sender'sErik Johnston1-0/+7
2016-07-12be more pythonicDavid Baker1-1/+1
2016-07-12on_OPTIONS isn't neccessaryDavid Baker2-10/+1
2016-07-12Remove other debug loggingDavid Baker1-2/+0
2016-07-11Separate out requestTokens to separate handlersDavid Baker2-65/+93
2016-07-11Oops, remove debug loggingDavid Baker1-4/+0
2016-07-08Implement https://github.com/matrix-org/matrix-doc/pull/346/filesDavid Baker2-0/+60
2016-07-08Add a comment explaining allow_noneMark Haines1-0/+2
2016-07-08Ensure that the guest user is in the database when upgrading accountsMark Haines1-0/+13
2016-07-07Bump version and changelogErik Johnston2-1/+9
2016-07-07Fix bug where we did not correctly explode when multiple user_ids were set ↵Erik Johnston1-5/+10
in macaroon
2016-07-07CommentErik Johnston1-0/+3
2016-07-07Return 400 rather than 500Erik Johnston1-1/+4
2016-07-06Add rest servlet. Fix SQL.Erik Johnston2-5/+5
2016-07-06Check that there are no null bytes in user and passswordErik Johnston1-0/+6
2016-07-06Add null separator to hmacErik Johnston2-0/+4
2016-07-06Update password config commentKent Shikama1-1/+1
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06Update hash_password scriptKent Shikama1-1/+17
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05Remove spurious txnErik Johnston1-9/+0
2016-07-05Fix for postgresErik Johnston1-2/+2
2016-07-05Add an admin option to shared secret registrationErik Johnston4-27/+58
2016-07-05Protect password when registering using shared secretErik Johnston2-7/+15
2016-07-05Add ReadWriteLock for pagination and history pruneErik Johnston2-36/+38
2016-07-05Add ReadWriteLockErik Johnston2-0/+167
2016-07-05Fix typoMark Haines1-1/+1
2016-07-05Make get_events_around more efficient on sqlite3Mark Haines1-13/+49
2016-07-05Remove default password pepper stringKent Shikama1-2/+1
2016-07-05Fix password configKent Shikama2-3/+3
2016-07-05Fix pep8Kent Shikama2-2/+3
2016-07-05Add comment to prompt changing of pepperKent Shikama1-0/+1
2016-07-05Use true/false for boolean parameter inclusive to avoid potential for sqli, ↵Mark Haines2-5/+7
and possibly make the code clearer
2016-07-05Add purge_history APIErik Johnston4-1/+38
2016-07-04Use different SQL for postgres and sqlite3 for when using multicolumn indexesMark Haines2-59/+59
2016-07-05Add pepper to password hashingKent Shikama2-3/+8
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04Add storage function to purge history for a roomErik Johnston1-0/+140
2016-07-04Use a query that postgresql optimises better for get_events_aroundMark Haines1-12/+16
2016-07-04Fix style violationsKent Shikama2-2/+4
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04Use .get() instead of [] to access password_hashKent Shikama1-1/+1
2016-07-03Optionally include password hash in createUser endpointKent Shikama2-3/+5
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-01code_style.rst: add link to sphinx examplesRichard van der Hoff1-1/+3
2016-07-01code_style.rst: *fix* link to google styleRichard van der Hoff1-1/+1
2016-07-01code_style.rst: add link to google styleRichard van der Hoff1-2/+3
2016-06-30requestToken updateDavid Baker2-15/+29
Don't send requestToken request to untrusted ID servers Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.
2016-06-30Feature: Add deactivate account admin APIErik Johnston3-0/+40
Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>`
2016-06-29Remove raceErik Johnston1-11/+0
2016-06-29Implement purge_media_cache admin APIErik Johnston5-20/+130
2016-06-29Track approximate last access time for remote mediaErik Johnston4-1/+71
2016-06-28Update turn-howto.rst to use git clone (2)Rick Cogley1-1/+5
Not logical to use svn checkout against a github repo, so changed to git clone. Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28Update turn-howto.rst to use git cloneRick Cogley1-1/+1
svn checkout is not logical for a checkout from github, so changed the checkout to "git clone". thanks @dbkr Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28Remove double spacesRick Cogley1-12/+11
Reading the RST spec, I was trying to get breaks to appear by entering the double spaces after the lines in the code blocks. It does not work anyway, and, as pointed out, I've removed.
2016-06-27remove vector.im from default secondary DS listMatthew Hodgson1-1/+0
2016-06-26Update to reflect new location at github. Rick Cogley1-16/+18
Additionally it does not appear there is turnserver.conf.default, but rather, just /etc/turnserver.conf.
2016-06-24Fix the sytests to use a port-range rather than a port baseMark Haines3-4/+7
2016-06-24Remove room name & alias testDavid Baker1-41/+0
as get_room_name_and_alias is now gone
2016-06-24even more pep8David Baker1-0/+1
2016-06-24more pep8David Baker1-1/+0
2016-06-24pep8David Baker1-1/+0
2016-06-24Use similar naming we use in email notifs for pushDavid Baker6-79/+26
Fixes https://github.com/vector-im/vector-web/issues/1654
2016-06-22Actually we need to order these properlyDavid Baker1-2/+12
otherwise we'll end up returning the wrong 20
2016-06-22StyleDavid Baker1-1/+1
2016-06-22Put most recent 20 messages in notifDavid Baker1-3/+4
Fixes https://github.com/vector-im/vector-web/issues/1648
2016-06-22Rework ldap integration with ldap3Martin Weinelt4-60/+249
Use the pure-python ldap3 library, which eliminates the need for a system dependency. Offer both a `search` and `simple_bind` mode, for more sophisticated ldap scenarios. - `search` tries to find a matching DN within the `user_base` while employing the `user_filter`, then tries the bind when a single matching DN was found. - `simple_bind` tries the bind against a specific DN by combining the localpart and `user_base` Offer support for STARTTLS on a plain connection. The configuration was changed to reflect these new possibilities. Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-06-21Optionally start or stop workers in synctl.Mark Haines1-27/+151
Optionally start or stop an individual worker by passing -w with the path to the worker config. Optionally start or stop every worker and the main synapse by passing -a with a path to a directory containing worker configs. The "-w" is intended to be used to bounce individual workers proceses. THe "-a" is intended for when you want to restart all the workers simultaneuously, for example when performing database upgrades.
2016-06-21Remove the legacy v0 content upload API.Mark Haines3-132/+3
The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.
2016-06-21Fix substitution failure in mail templateDavid Baker1-1/+1
2016-06-20Optionally make committing to postgres asynchronous.Mark Haines3-3/+14
Useful when running tests when you don't care whether the server will lose data that it claims that it has committed.
2016-06-20Bump version and changelogErik Johnston2-1/+16
2016-06-17Add the create_profile method back since the tests use itMark Haines1-0/+6
2016-06-17Add a comment on why we don't create a profile for upgrading usersMark Haines1-0/+1
2016-06-17Remove registered_users from the distributor.Mark Haines5-33/+24
The only place that was observed was to set the profile. I've made it so that the profile is set within store.register in the same transaction that creates the user. This required some slight changes to the registration code for upgrading guest users, since it previously relied on the distributor swallowing errors if the profile already existed.
2016-06-17Linearize some federation endpoints based on (origin, room_id)Erik Johnston2-67/+78
2016-06-17Disable responding with canonical json for federationErik Johnston1-1/+1
2016-06-17Enable use_frozen_events in testsErik Johnston1-0/+1
2016-06-17Turn use_frozen_events off by defaultErik Johnston1-1/+1
2016-06-17Only re-sign our own eventsErik Johnston2-12/+18
2016-06-17Fix ``KeyError: 'msgtype'``. Use ``.get``Mark Haines1-14/+15
Fixes a key error where the mailer tried to get the ``msgtype`` of an event that was missing a ``msgtype``. ``` File "synapse/push/mailer.py", line 264, in get_notif_vars File "synapse/push/mailer.py", line 285, in get_message_vars File ".../frozendict/__init__.py", line 10, in __getitem__ return self.__dict[key] KeyError: 'msgtype' ```
2016-06-17Fix setting gc thresholds in the workersMark Haines2-2/+4
2016-06-16Use worker_ prefixes for worker config, use existing support for multiple ↵Mark Haines5-79/+33
config files
2016-06-16Access the event_cache_size directly from the server object.Mark Haines5-21/+10
This means that the workers can override the event_cache_size directly without clobbering the value in the main synapse config.
2016-06-16Access replication_url from the worker config directlyMark Haines3-8/+6
2016-06-16Comment on what's going on in clobber_with_worker_configMark Haines