| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
* Allow providing credentials to HTTPS_PROXY (#9657)
Addresses https://github.com/matrix-org/synapse-dinsic/issues/70
This PR causes `ProxyAgent` to attempt to extract credentials from an `HTTPS_PROXY` env var. If credentials are found, a `Proxy-Authorization` header ([details](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization)) is sent to the proxy server to authenticate against it. The headers are *not* passed to the remote server.
Also added some type hints.
* lint
|
|
|
|
mainline to dinsic (#93)
This PR is simply porting https://github.com/matrix-org/synapse/pull/9372 to dinsic.
I also had to bring in https://github.com/matrix-org/synapse/pull/8821 and https://github.com/matrix-org/synapse/pull/9084 for this code to work properly - a sign that we should merge mainline into dinsic again soon.
|
|
|
|
|
|
|
|
|
|
Small change to the event auth rules that allows transitioning from knock->knock (in case you want to update your knock reason, or change profile information etc).
Coincides with the same commit in [the mainline PR](https://github.com/matrix-org/synapse/pull/6739) and [this update on MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403/commits/49a72862a93d814219968cff814ff63926181645).
|
|
|
|
results (#84)
* Add a config option to prioritise local users in user directory search results (#9383)
This PR adds a homeserver config option, `user_directory.prefer_local_users`, that when enabled will show local users higher in user directory search results than remote users. This option is off by default.
Note that turning this on doesn't necessarily mean that remote users will always be put below local users, but they should be assuming all other ranking factors (search query match, profile information present etc) are identical.
This is useful for, say, University networks that are openly federating, but want to prioritise local students and staff in the user directory over other random users.
* Don't mix simple and english psql query types
|
|
This informs the remote server of the room versions we support. If the room we're trying to
knock on has a version that is not one of our supported room versions, the remote server
will return an unsupported room version error.
Noticed in https://github.com/matrix-org/matrix-doc/pull/2403#discussion_r577042144
Ported from https://github.com/matrix-org/synapse/pull/6739
|
|
knocked on (#82)
This PR implements the ["Changes regarding the Public Rooms Directory"](https://github.com/Sorunome/matrix-doc/blob/soru/knock/proposals/2403-knock.md#changes-regarding-the-public-rooms-directory) section of knocking MSC2403.
Specifically, it:
* Allows rooms with `join_rule` "knock" to be returned by the query behind the public rooms directory
* Adds the field `join_rule` to each room entry returned by a public rooms directory query, so clients can know whether to attempt a join or knock on a room
This PR is a clone of [the mainline PR](https://github.com/matrix-org/synapse/pull/9359). Complement tests for this change: https://github.com/matrix-org/complement/pull/72.
|
|
Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403
This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739
and does not include any public room directory changes.
While knocking hasn't merged yet on mainline due to waiting on getting Complement
into Synapse's CI, the code has been well-tested.
|
|
|
|
* Fix the Python 3.5 old-deps build. (#9146)
setuptools 51.0.0 dropped support for Python 3.5.
* Fix Python 3.5 old deps build by using a compatible pip version. (#9217)
Co-authored-by: Dan Callahan <danc@element.io>
pip 21.0 stopped supporting Python 3.5.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
|
This was causing a LoginError to be propagated up to the registration servlet, which was
expecting a InteractiveAuthIncompleteError in order to store a password_hash from the
client for the session. DINUM relies on this happening.
More info here: https://github.com/matrix-org/synapse/issues/9263
|
|
|
|
provided (#77)
|
|
|
|
|
|
Collect all the config options which related to an OIDC provider into a single
object.
|
|
This checks that the domain given to `DomainSpecificString.is_valid` (e.g.
`UserID`, `RoomAlias`, etc.) is of a valid form. Previously some validation
was done on the localpart (e.g. the sigil), but not the domain portion.
|
|
|
|
|
|
|
|
Some light refactoring of OidcHandler, in preparation for bigger things:
* remove inheritance from deprecated BaseHandler
* add an object to hold the things that go into a session cookie
* factor out a separate class for manipulating said cookies
|
|
|
|
|
|
This only applies if the user's data is to be erased.
|
|
Fixes #8782
|
|
If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one.
There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated.
Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
|
|
It is expected that the proxy would be on a private IP address so the
configured proxy should be connected to regardless of the IP range
blacklist.
|
|
|
|
Debian package builds were failing for two reasons:
1. Python versions prior to 3.7 throw exceptions when attempting to print
Unicode characters under a "C" locale. (#9076)
2. We depended on `dh-systemd` which no longer exists in Debian Bullseye, but
is necessary in Ubuntu Xenial. (#9073)
Setting `LANG="C.UTF-8"` in the build environment fixes the first issue.
See also: https://bugs.python.org/issue19846
The second issue is a bit trickier. The dh-systemd package was merged into
debhelper version 9.20160709 and a transitional package left in its wake.
The transitional dh-systemd package was removed in Debian Bullseye.
However, Ubuntu Xenial ships an older debhelper, and still needs dh-systemd.
Thus, builds were failing on Bullseye since we depended on a package which had
ceased existing, but we couldn't remove it from the debian/control file and our
build scripts because we still needed it for Ubuntu Xenial.
We can fix the debian/control issue by listing dh-systemd as an alternative to
the newer versions of debhelper. Since dh-systemd declares that it depends on
debhelper, Ubuntu Xenial will select its older dh-systemd which will in turn
pull in its older debhelper, resulting in no change from the status quo. All
other supported releases will satisfy the debhelper dependency constraint and
skip the dh-systemd alternative.
Build scripts were fixed by unconditionally attempting to install dh-systemd on
all releases and suppressing failures.
Once we drop support for Ubuntu Xenial, we can revert most of this commit and
rely on the version constraint on debhelper in debian/control.
Fixes #9076
Fixes #9073
Signed-off-by: Dan Callahan <danc@element.io>
|
|
Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
|
|
SynapseRequest is in danger of becoming a bit of a dumping-ground for "useful stuff relating to Requests",
which isn't really its intention (its purpose is to override render, finished and connectionLost to set up the
LoggingContext and write the right entries to the request log).
Putting utility functions inside SynapseRequest means that lots of our code ends up requiring a
SynapseRequest when there is nothing synapse-specific about the Request at all, and any old
twisted.web.iweb.IRequest will do. This increases code coupling and makes testing more difficult.
In short: move get_user_agent out to a utility function.
|
|
For remote users, only the rooms which the server knows about are returned.
Local users have all of their joined rooms returned.
|
|
|
|
|
|
|
|
Factor out the exception handling in the startup code to a utility function,
and fix the some logging and exit code stuff.
|
|
These tables are unused, and can be dropped now the schema version has been bumped.
|
|
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
|
|
|
|
|
* Dropped last_used column from access_tokens
Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
|
|
|
|
This PR adds the missing user_mapping_provider section in oidc.md
Signed-off-by: Christopher Rücker chris-ruecker@protonmail.com
|
|
|
|
|
|
You can't continue using a transaction once an exception has been
raised, so catching and dropping the error here is pointless and just
causes more errors.
|
|
I'm not even sure what this was supposed to do, but the fact it has python2isms
and nobody has noticed suggests it's not terribly important.
It doesn't seem to have been used since ff23e5ba3764506c99d9c1c640e202fe262b65ce.
|
|
We were running some linters on some files and some on others. Extract a common
setting and use it everywhere.
|
|
|
