| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| | |
An experimental room version ("org.matrix.msc2176") contains
the new redaction rules for testing.
|
| |\| |
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
If we see stale extremities while persisting events, and notice that
they don't change the result of state resolution, we drop them.
|
| |\ \ \
| | |/
| |/| |
|
| | | | |
|
| |\ \ \
| | |/
| |/| |
|
| | | | |
|
| |\| | |
|
| | |/
| |
| |
| | |
Fixes #8846.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403
This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739
and does not include any public room directory changes.
While knocking hasn't merged yet on mainline due to waiting on getting Complement
into Synapse's CI, the code has been well-tested.
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
another user. (#8616)
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't).
A future PR will add an API for creating such a token.
When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
|
| |\| |
|
| | | |
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| | |
rather than have everything that instantiates an LruCache manage metrics
separately, have LruCache do it itself.
|
| |\| |
|
| | |
| |
| |
| | |
This fixes a bug where `m.ignored_user_list` was assumed to be a dict,
leading to odd behavior for users who set it to something else.
|
| | |
| |
| |
| | |
'Invalid Token' page (#74)
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '2983049a7':
Factor out `_send_dummy_event_for_room` (#8370)
Improve logging of state resolution (#8371)
Fix bug which caused failure on join with malformed membership events (#8385)
Use `async with` for ID gens (#8383)
Don't push if an user account has expired (#8353)
Do not check lint/test dependencies at runtime. (#8377)
Add note to reverse_proxy.md about disabling Apache's mod_security2 (#8375)
Changelog
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '4325be1a5':
Fix missing null character check on guest_access room state
Fixed a bug with reactivating users with the admin API (#8362)
Admin API for reported events (#8217)
Fix wording of deprecation notice in changelog
Deprecation warning for synapse admin api being accessible under /_matrix
Create function to check for long names in devices (#8364)
Add a comment re #1691
Fix a bad merge from release-v1.20.0. (#8354)
Admin API for querying rooms where a user is a member (#8306)
Catch-up after Federation Outage (bonus): Catch-up on Synapse Startup (#8322)
Simplify super() calls to Python 3 syntax. (#8344)
Allow appservice users to /login (#8320)
Update test logging to be able to accept braces (#8335)
Move lint dependencies to extras_require (#8330)
|
| | |
| |
| |
| |
| |
| |
| | |
This converts calls like super(Foo, self) -> super().
Generated with:
sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a3a90ee03':
Show a confirmation page during user password reset (#8004)
Do not error when thumbnailing invalid files (#8236)
Remove some unused distributor signals (#8216)
Fixup pusher pool notifications (#8287)
Revert "Fixup pusher pool notifications"
Fixup pusher pool notifications
|
| | |
| |
| |
| |
| | |
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.
This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'cca03dbec':
fix typo
s/fixes/fix/
Directly import json from the standard library. (#8259)
Allow for make_awaitable's return value to be re-used. (#8261)
Rename 'populate_stats_process_rooms_2' background job back to 'populate_stats_process_rooms' again (#8243)
|
| | |
| |
| |
| |
| | |
By importing from canonicaljson the simplejson module was still being used
in some situations. After this change the std lib json is consistenty used
throughout Synapse.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '17fa4c7ca':
Catch up after Federation Outage (split, 2): Track last successful stream ordering after transmission (#8247)
Catch-up after Federation Outage (split, 1) (#8230)
Fix type signature in simple_select_one_onecol and friends (#8241)
Stop sub-classing object (#8249)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '56efa9ec7': (22 commits)
Fix rate limiting unit tests. (#8167)
Add functions to `MultiWriterIdGen` used by events stream (#8164)
Do not allow send_nonmember_event to be called with shadow-banned users. (#8158)
Changelog fixes
Make StreamIdGen `get_next` and `get_next_mult` async (#8161)
Wording fixes to 'name' user admin api filter (#8163)
Fix missing double-backtick in RST document
Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)
Add type hints for state. (#8140)
Stop shadow-banned users from sending non-member events. (#8142)
Allow capping a room's retention policy (#8104)
Add healthcheck for default localhost 8008 port on /health endpoint. (#8147)
Fix flaky shadow-ban tests. (#8152)
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991)
Do not apply ratelimiting on joins to appservices (#8139)
Micro-optimisations to get_auth_chain_ids (#8132)
Allow denying or shadow banning registrations via the spam checker (#8034)
Stop shadow-banned users from sending invites. (#8095)
Be more tolerant of membership events in unknown rooms (#8110)
Improve the error code when trying to register using a name reserved for guests. (#8135)
...
|
| | |
| |
| |
| |
| |
| | |
Add new method ratelimiter.can_requester_do_action and ensure that appservices are exempt from being ratelimited.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Erik Johnston <erik@matrix.org>
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | | |
* commit '2df82ae45':
Do not apply ratelimiting on joins to appservices (#8139)
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Add new method ratelimiter.can_requester_do_action and ensure that appservices are exempt from being ratelimited.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Erik Johnston <erik@matrix.org>
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'c9c544cda':
Remove `ChainedIdGenerator`. (#8123)
Switch the JSON byte producer from a pull to a push producer. (#8116)
Updated docs: Added note about missing 308 redirect support. (#8120)
Be stricter about JSON that is accepted by Synapse (#8106)
Convert runWithConnection to async. (#8121)
Remove the unused inlineCallbacks code-paths in the caching code (#8119)
Separate `get_current_token` into two. (#8113)
Convert events worker database to async/await. (#8071)
Add a link to the matrix-synapse-rest-password-provider. (#8111)
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'e04e465b4':
Use the default templates when a custom template file cannot be found (#8037)
Changelog changes
Convert stream database to async/await. (#8074)
Add a shadow-banned flag to users. (#8092)
Convert pusher databases to async/await. (#8075)
Convert receipts and events databases to async/await. (#8076)
|
| | | | |
|
| | |/ |
|
| |\|
| |
| |
| |
| | |
* commit 'd4a7829b1':
Convert synapse.api to async/await (#8031)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '66f24449d':
Improve performance of the register endpoint (#8009)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3950ae51e':
Ensure that remove_pusher is always async (#7981)
Ensure the msg property of HttpResponseException is a string. (#7979)
Remove from the event_relations table when purging historical events. (#7978)
Add additional logging for SAML sessions. (#7971)
Add MSC reference to changelog for #7736
Re-implement unread counts (#7736)
Various improvements to the docs (#7899)
Convert storage layer to async/await. (#7963)
Add an option to disable purge in delete room admin API (#7964)
Move some log lines from default logger to sql/transaction loggers (#7952)
Use the JSON module from the std library instead of simplejson. (#7936)
Fix exit code for `check_line_terminators.sh` (#7970)
Option to allow server admins to join complex rooms (#7902)
Fix typo in metrics docs (#7966)
Add script for finding files with unix line terminators (#7965)
Convert the remaining media repo code to async / await. (#7947)
Convert a synapse.events to async/await. (#7949)
Convert groups and visibility code to async / await. (#7951)
Convert push to async/await. (#7948)
|
| | | |
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f88c48f3b':
1.18.0rc1
Fix error reporting when using `opentracing.trace` (#7961)
Fix typing replication not being handled on master (#7959)
Remove hacky error handling for inlineDeferreds. (#7950)
Convert tests/rest/admin/test_room.py to unix file endings (#7953)
Support oEmbed for media previews. (#7920)
Convert state resolution to async/await (#7942)
Fix up types and comments that refer to Deferreds. (#7945)
Do not convert async functions to Deferreds in the interactive_auth_handler (#7944)
Convert more of the media code to async/await (#7873)
Return an empty body for OPTIONS requests. (#7886)
Downgrade warning on client disconnect to INFO (#7928)
Convert presence handler helpers to async/await. (#7939)
Update the auth providers to be async. (#7935)
Put a cache on `/state_ids` (#7931)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a973bcb8a':
Add some tiny type annotations (#7870)
Remove obsolete comment.
Ensure that calls to `json.dumps` are compatible with the standard library json. (#7836)
Avoid brand new rooms in `delete_old_current_state_events` (#7854)
Allow accounts to be re-activated from the admin APIs. (#7847)
Fix tests
Fix typo
Newsfile
Use get_users_in_room rather than state handler in typing for speed
Fix client reader sharding tests (#7853)
Convert E2E key and room key handlers to async/await. (#7851)
Return the proper 403 Forbidden error during errors with JWT logins. (#7844)
remove `retry_on_integrity_error` wrapper for persist_events (#7848)
|
| | |
| |
| |
| | |
json. (#7836)
|
| |\|
| |
| |
| |
| | |
* commit '4db150951':
Improve the type hints of synapse.api.errors. (#7820)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '66a4af8d9':
Do not use canonicaljson to magically handle decoding bytes from JSON. (#7802)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '43726783e': (22 commits)
1.17.0rc1
Fix some spelling mistakes / typos. (#7811)
`update_membership` declaration: now always returns an event id. (#7809)
Improve stacktraces from exceptions in background processes (#7808)
Fix `can only concatenate list (not "tuple") to list` exception (#7810)
Pass original request headers from workers to the main process. (#7797)
Generate real events when we reject invites (#7804)
Add `HomeServer.signing_key` property (#7805)
Revert "Update the installation docs on apt-transport-https (#7801)"
Do not use simplejson in Synapse. (#7800)
Stop passing bytes when dumping JSON (#7799)
Update the installation docs on apt-transport-https (#7801)
shuffle changelog slightly
Change Caddy links (old is deprecated) (#7789)
Stop populating unused table `local_invites`. (#7793)
Refactor getting replication updates from database v2. (#7740)
Add libwebp dependency to Dockerfile (#7791)
Add documentation for JWT login type and improve sample config. (#7776)
Convert the appservice handler to async/await. (#7775)
Don't ignore `set_tweak` actions with no explicit `value`. (#7766)
...
|
| | | |
|
| | |
| |
| | |
The CI appears to use the latest version of isort, which is a problem when isort gets a major version bump. Rather than try to pin the version, I've done the necessary to make isort5 happy with synapse.
|
| |\|
| |
| |
| |
| | |
* commit 'a3f11567d':
Replace all remaining six usage with native Python 3 equivalents (#7704)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '03619324f':
Create a ListenerConfig object (#7681)
Fix changelog wording
1.15.1
Wrap register_device coroutine in an ensureDeferred (#7684)
Ensure the body is a string before comparing push rules. (#7701)
Ensure etag is a string for GET room_keys/version response (#7691)
Update m.id.phone to use 'phone' instead of 'number' (#7687)
Fix "There was no active span when trying to log." error (#7698)
Enable 3PID add/bind/unbind endpoints on r0 routes
Discard RDATA from already seen positions. (#7648)
Replace iteritems/itervalues/iterkeys with native versions. (#7692)
Fix warnings about losing log context during UI auth. (#7688)
Fix a typo when comparing the URI & method during UI Auth. (#7689)
Remove "user_id" from GET /presence. (#7606)
Increase the default SAML session expirary time to 15 minutes. (#7664)
fix typo in sample_config.yaml (#7652)
Take out a lock before modifying _CACHES (#7663)
Add option to enable encryption by default for new rooms (#7639)
Clean-up the fallback login code. (#7657)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/2431
Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used.
Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637
Based on #7637
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.15.x
* 'release-v1.15.0' of github.com:matrix-org/synapse: (55 commits)
1.15.0
Fix some attributions
Update CHANGES.md
1.15.0rc1
Revert "1.15.0rc1"
1.15.0rc1
Fix bug in account data replication stream. (#7656)
Convert the registration handler to async/await. (#7649)
Accept device information at the login fallback endpoint. (#7629)
Convert user directory handler and related classes to async/await. (#7640)
Add an option to disable autojoin for guest accounts (#6637)
Clarifications to the admin api documentation (#7647)
Update to the stable SSO prefix for UI Auth. (#7630)
Fix type information on `assert_*_is_admin` methods (#7645)
Remove some unused constants. (#7644)
Typo fixes.
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
Add device management to admin API (#7481)
Attempt to fix PhoneHomeStatsTestCase.test_performance_100 being flaky. (#7634)
Support CS API v0.6.0 (#6585)
...
|
| | | |
|
| | |
| |
| | |
These things don't return Deferreds.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:
* Rather undocumented, and
* causing a *lot* of config checks
This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation.
Best to be reviewed commit-by-commit.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.14.0' of github.com:matrix-org/synapse: (108 commits)
Fix typo in PR link
Update debian changelog
1.14.0
Improve changelog wording
1.14.0rc2
Fix sample config docs error (#7581)
Fix up comments
Fix specifying cache factors via env vars with * in name. (#7580)
Don't apply cache factor to event cache. (#7578)
Ensure ReplicationStreamer is always started when replication enabled. (#7579)
Remove the changes to the debian changelog
Not full release yet, this is rc1
Merge event persistence move changelog entries
More changelog fix
Changelog fixes
1.14.0
Replace device_27_unique_idx bg update with a fg one (#7562)
Fix incorrect exception handling in KeyUploadServlet.on_POST (#7563)
Fix recording of federation stream token (#7564)
Simplify reap_monthly_active_users (#7558)
...
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
In a new room version, the "notifications" key of power level events are
subject to restricted auth rules.
|
| | | |
|
| | |
| |
| |
| | |
variables (#6391)
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.13.0' of github.com:matrix-org/synapse: (257 commits)
Update changelog based on feedback.
Move warnings in the changelog and re-iterate changes to branches.
1.13.0
update dh-virtualenv (#7526)
1.13.0rc3
Hash passwords earlier in the registration process (#7523)
1.13.0rc2
1.13.0rc2
Stop `get_joined_users` corruption from custom statuses (#7376)
Do not validate that the client dict is stable during UI Auth. (#7483)
Fix new flake8 errors (#7489)
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
...
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication.
In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits.
Fixes (I hope) #7257.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Switch sytest-synapse to sytest-dinsic
* Be sure to invalidate our caches properly!
* Remove duplicate encryption state key definition
* Remove old config option name in comment
* Make dinsic the default in merge_base_branch
|
| |\|
| |
| |
| |
| |
| |
| | |
room ver. (#7037)
* commit '06eb5cae0':
Remove special auth and redaction rules for aliases events in experimental room ver. (#7037)
|
| | |
| |
| |
| | |
room ver. (#7037)
|
| |\|
| |
| |
| |
| | |
* commit '13892776e':
Allow deleting an alias if the user has sufficient power level (#6986)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '7dcbc33a1':
Validate the alt_aliases property of canonical alias events (#6971)
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
* commit 'fcf459948':
Stop returning aliases as part of the room list. (#6970)
Publishing/removing from the directory requires a power level greater than canonical aliases.
|
| | |
| |
| |
| | |
canonical aliases.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '2fb7794e6':
changelog
Make room alias lists peekable
Add `allow_departed_users` param to `check_in_room_or_world_readable`
Refactor the membership check methods in Auth
|
| | |
| |
| |
| |
| |
| |
| | |
... and set it everywhere it's called.
while we're here, rename it for consistency with `check_user_in_room` (and to
help check that I haven't missed any instances)
|
| | |
| |
| |
| |
| | |
these were getting a bit unwieldy, so let's combine `check_joined_room` and
`check_user_was_in_room` into a single `check_user_in_room`.
|
| |\|
| |
| |
| |
| | |
* commit '6475382d8':
Fix detecting unknown devices from remote encrypted events. (#6848)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We were looking at the wrong event type (`m.room.encryption` vs
`m.room.encrypted`).
Also fixup the duplicate `EvenTypes` entries.
Introduced in #6776.
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit '160522e32':
newsfile
Add `get_room_version` method
s/get_room_version/get_room_version_id/
|
| | |
| |
| |
| | |
So that we can start factoring out some of this boilerplatey boilerplate.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit 'cc109b79d':
fix bad variable ref
update changelog
changelog
Implement updated auth rules from MSC2260
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'a8ce7aeb4':
Pass room version object into event_auth.check and check_redaction (#6788)
|
| | |
| |
| |
| |
| |
| |
| | |
These are easier to work with than the strings and we normally have one around.
This fixes `FederationHander._persist_auth_tree` which was passing a
RoomVersion object into event_auth.check instead of a string.
|
| |\|
| |
| |
| |
| | |
* commit '0f6e525be':
Fixup synapse.api to pass mypy (#6733)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'd386f2f33':
Add StateMap type alias (#6715)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '8f5d7302a':
Implement RedirectException (#6687)
|
| | |
| |
| |
| |
| | |
Allow REST endpoint implemnentations to raise a RedirectException, which will
redirect the user's browser to a given location.
|
| |\|
| |
| |
| |
| | |
* commit '326c893d2':
Kill off RegistrationError (#6691)
|
| | |
| |
| | |
This is pretty pointless. Let's just use SynapseError.
|
| |\|
| |
| |
| |
| | |
* commit '98247c4a0':
Remove unused, undocumented "content repo" resource (#6628)
|
| | |
| |
| |
| |
| |
| | |
This looks like it got half-killed back in #888.
Fixes #6567.
|
| |\|
| |
| |
| |
| | |
* commit 'fa780e972':
Change EventContext to use the Storage class (#6564)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '3fbe5b7ec':
Add auth events as per spec. (#6556)
|
| | |
| |
| |
| |
| | |
Previously we tried to be clever and filter out some unnecessary event
IDs to keep the auth chain small, but that had some annoying
interactions with state res v2 so we stop doing that for now.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'c530f9af4':
Un-remove room purge test
Incorporate review
Format changelog
Update changelog since this isn't going to be featured in 1.6.0
Also filter state events
Only filter if a filter was provided
Update copyright
Lint
Update copyrights
Changelog
Add tests for /search
Merge labels tests for /context and /messages
Add test case
Filter events_before and events_after in /context requests
|
| | |\
| | |
| | | |
Filter state, events_before and events_after in /context requests
|
| | | |\ |
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '54dd5dc12':
Add ephemeral messages support (MSC2228) (#6409)
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are:
* the feature is hidden behind a configuration flag (`enable_ephemeral_messages`)
* self-destruction doesn't happen for state events
* only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one)
* doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
|
| | |\ \ |
|
| | | |/
| |/| |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* commit '6e1b40dc2':
sample config
Add changelog
A couple more instances
Replace instance variations of homeserver with correct case/spacing
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f496d2587':
Incorporate review
Factor out an _AsyncEventContextImpl (#6298)
Update synapse/storage/data_stores/main/schema/delta/56/event_labels.sql
Add more data to the event_labels table and fix the indexes
Add unstable feature flag
Lint
Incorporate review
Lint
Changelog
Add integration tests for /messages
Add more integration testing
Add integration tests for sync
Add unit tests
Add index on label
Implement filtering
Store labels for new events
Add database table for keeping track of labels on events
|
| | |\
| | |
| | | |
Implement MSC2326 (label based filtering)
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\| | |
|
| | |/
| |
| | |
Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
|
| |\|
| |
| |
| |
| | |
* commit '2794b7905':
Option to suppress resource exceeded alerting (#6173)
|
| | |
| |
| |
| | |
The expected use case is to suppress MAU limiting on small instances
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '93eaeec75':
Remove Auth.check method (#6217)
add note about database upgrade
use the right function for when we're already in runInteraction
add user signature stream change cache to slaved device store
black
use stream ID generator instead of timestamp
make isort happy
apply PR review suggestions
fix formatting
add changelog
make changes from PR review
don't need to return the hidden column any more
really fix queries to work with Postgres
PostgreSQL, Y U no like?
remove extra SQL query param
add changelog file
apply changes from PR review
allow uploading keys for cross-signing
allow devices to be marked as "hidden"
|
| | |
| |
| | |
This method was somewhat redundant, and confusing.
|
| | |\ |
|
| | | |\ |
|
| | | |\ \ |
|
| | | |\ \ \ |
|
| | | |\ \ \ \ |
|
| | | | | | | | |
|
| |\| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '47ada4dff':
changelog
rip out some unreachable code
Remove dead check_auth script
|
| | | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | | |
The only possible rejection reason is AUTH_ERROR, so all of this is unreachable.
|
| |\| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* type checking fixes
* changelog
|
| |\| | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We don't actually care about what happens in `get_user_by_req` and
having it as a separate span means that the entity tag isn't added to
the servlet spans, making it harder to search.
|
| |\| | | | | |
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This allows support users to be created even on MAU limits via
the admin API. Support users are excluded from MAU after creation,
so it makes sense to exclude them in creation - except if the
whole host is in disabled state.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |\| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove all the "double return" statements which were a result of us removing all the instances of
```
defer.returnValue(...)
return
```
statements when we switched to python3 fully.
|
| |\| | | | |
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | | |
Python will return a tuple whether there are parentheses around the returned values or not.
I'm just sick of my editor complaining about this all over the place :)
|
| |\| | | |
|
| | | | | |
|
| |\| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add authenticated_entity and servlet_names tags.
Functionally:
- Add a tag for authenticated_entity
- Add a tag for servlet_names
Stylistically:
Moved to importing methods directly from opentracing.
|
| |\| | | |
|
| | | |/
| |/|
| | |
| | |
| | | |
This is intended as an amendment to #5674 as using M_UNKNOWN as the errcode makes it hard for clients to differentiate between an invalid password and a deactivated user (the problem we were trying to solve in the first place).
M_UNKNOWN was originally chosen as it was presumed than an MSC would have to be carried out to add a new code, but as Synapse often is the testing bed for new MSC implementations, it makes sense to try it out first in the wild and then add it into the spec if it is successful. Thus this PR return a new M_USER_DEACTIVATED code when a deactivated user attempts to login.
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `expire_access_token` didn't do what it sounded like it should do. What it
actually did was make Synapse enforce the 'time' caveat on macaroons used as
access tokens, but since our access token macaroons never contained such a
caveat, it was always a no-op.
(The code to add 'time' caveats was removed back in v0.18.5, in #1656)
|
| |\| | |
|
| | |/ |
|
| |\| |
|
| | | |
|
| |\|
| |
| |
| | |
(#5674)
|
| | |
| |
| |
| |
| | |
(#5674)
Return `This account has been deactivated` instead of `Invalid password` when a user is deactivated.
|
| |\| |
|
| | |
| |
| |
| | |
Record how long an access token is valid for, and raise a soft-logout once it
expires.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we
did at one point when it was possible to return either a 403 or a 401 if the
creds were missing. We always return a 401 in these cases now (thankfully), so
it's not needed.
Let's also stop abusing `AuthError` for these cases. Honestly they have nothing
that relates them to the other places that `AuthError` is used, other than the
fact that they are loosely under the 'Auth' banner. It makes no sense for them
to share exception classes.
Instead, let's add a couple of new exception classes: `InvalidClientTokenError`
and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN`
cases respectively - and an `InvalidClientCredentialsError` base class for the
two of them.
|
| |\| |
|
| | | |
|
| | |\
| | |
| | |
| | |
| | | |
matrix-org/babolivier/account_validity_send_mail_auth
Don't check whether the user's account is expired on /send_mail requests
|
| | | | |
|
| | | | |
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
identity server (#5377)
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
|
| | | |
| | |
| | |
| | |
| | | |
Implements [MSC2077](https://github.com/matrix-org/matrix-doc/pull/2077) and
fixes #5247 and #4364.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
|
| | | | |
|
| |\| | |
|
| | | |
| | |
| | | |
Implements https://github.com/matrix-org/matrix-doc/pull/2002.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
If we remove support for a particular room version, we should behave more
gracefully. This should make client requests fail with a 400 rather than a 500,
and will ignore individiual PDUs in a federation transaction, rather than the
whole transaction.
|
| | | |
| | |
| | | |
Implements MSC1884
|
| | | | |
|
| | |\ \
| | | |
| | | | |
Land basic reaction and edit support.
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | | | |
|
| | | | | |
|
| | |/ / |
|
| |\ \ \
| | | |
| | | | |
Allow server admins to define and enforce a password policy (MSC2000)
|
| | | | | |
|
| | |/ / |
|
| |\| | |
|
| | |/ |
|
| |\| |
|
| | |
| |
| |
| |
| | |
Follow-up to #5124
Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
|
| | |
| |
| |
| | |
Rather than copying-and-pasting the same four lines hundreds of times
|
| | |\
| | |
| | |
| | | |
babolivier/account_expiration
|
| | | |\
| | | |
| | | | |
Send out emails with links to extend an account's validity period
|
| | | |/
| |/| |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/
| |/| |
|
| | | | |
|
| | |\|
| | |
| | | |
Add time-based account expiration
|
| | | | |
|
| | | |
| | |
| | | |
Transfers the m.room.related_groups state event on room upgrade.
|
| | |/
| |
| |
| | |
Collect all the things that make room-versions different to one another into
one place, so that it's easier to define new room versions.
|
| |\| |
|
| | |
| |
| |
| |
| | |
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
|
| |\| |
|
| | |
| |
| |
| |
| | |
Fixes a bug where hs_disabled_message was not enforced for 3pid-based requests
if there was no server_notices_mxid configured.
|
| | |
| |
| | |
Add two ratelimiters on login (per-IP address and per-userID).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
|
| | | |
|
| |\|
| |
| |
| | |
erikj/dinsic-merged-master
|
| | |\ |
|
| | | |
| | |
| | | |
remove trailing ,
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
* by default include m.room.encryption on invites
* fix constant
* changelog
|
| | |\ |
|
| | | | |
|
| | | |\
| | | |
| | | |
| | | | |
erikj/redactions_eiah
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
`.user_id` is proxed to `.sender` in FrozenEvent, so this has no
functional change
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | |/
| | |
| | |
| | |
| | |
| | | |
We add the constant, but don't add it to the known room versions. This
lets us start adding V3 logic, but the servers will never join or create
V3 rooms
|
| | | | |
|
