summary refs log tree commit diff
path: root/synapse/event_auth.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'v1.33.0' into babolivier/dinsic_1.41.0Brendan Abolivier2021-08-311-6/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.33.0 (2021-05-05) =========================== Features -------- - Build Debian packages for Ubuntu 21.04 (Hirsute Hippo). ([\#9909](https://github.com/matrix-org/synapse/issues/9909)) Synapse 1.33.0rc2 (2021-04-29) ============================== Bugfixes -------- - Fix tight loop when handling presence replication when using workers. Introduced in v1.33.0rc1. ([\#9900](https://github.com/matrix-org/synapse/issues/9900)) Synapse 1.33.0rc1 (2021-04-28) ============================== Features -------- - Update experimental support for [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083): restricting room access via group membership. ([\#9800](https://github.com/matrix-org/synapse/issues/9800), [\#9814](https://github.com/matrix-org/synapse/issues/9814)) - Add experimental support for handling presence on a worker. ([\#9819](https://github.com/matrix-org/synapse/issues/9819), [\#9820](https://github.com/matrix-org/synapse/issues/9820), [\#9828](https://github.com/matrix-org/synapse/issues/9828), [\#9850](https://github.com/matrix-org/synapse/issues/9850)) - Return a new template when an user attempts to renew their account multiple times with the same token, stating that their account is set to expire. This replaces the invalid token template that would previously be shown in this case. This change concerns the optional account validity feature. ([\#9832](https://github.com/matrix-org/synapse/issues/9832)) Bugfixes -------- - Fixes the OIDC SSO flow when using a `public_baseurl` value including a non-root URL path. ([\#9726](https://github.com/matrix-org/synapse/issues/9726)) - Fix thumbnail generation for some sites with non-standard content types. Contributed by @rkfg. ([\#9788](https://github.com/matrix-org/synapse/issues/9788)) - Add some sanity checks to identity server passed to 3PID bind/unbind endpoints. ([\#9802](https://github.com/matrix-org/synapse/issues/9802)) - Limit the size of HTTP responses read over federation. ([\#9833](https://github.com/matrix-org/synapse/issues/9833)) - Fix a bug which could cause Synapse to get stuck in a loop of resyncing device lists. ([\#9867](https://github.com/matrix-org/synapse/issues/9867)) - Fix a long-standing bug where errors from federation did not propagate to the client. ([\#9868](https://github.com/matrix-org/synapse/issues/9868)) Improved Documentation ---------------------- - Add a note to the docker docs mentioning that we mirror upstream's supported Docker platforms. ([\#9801](https://github.com/matrix-org/synapse/issues/9801)) Internal Changes ---------------- - Add a dockerfile for running Synapse in worker-mode under Complement. ([\#9162](https://github.com/matrix-org/synapse/issues/9162)) - Apply `pyupgrade` across the codebase. ([\#9786](https://github.com/matrix-org/synapse/issues/9786)) - Move some replication processing out of `generic_worker`. ([\#9796](https://github.com/matrix-org/synapse/issues/9796)) - Replace `HomeServer.get_config()` with inline references. ([\#9815](https://github.com/matrix-org/synapse/issues/9815)) - Rename some handlers and config modules to not duplicate the top-level module. ([\#9816](https://github.com/matrix-org/synapse/issues/9816)) - Fix a long-standing bug which caused `max_upload_size` to not be correctly enforced. ([\#9817](https://github.com/matrix-org/synapse/issues/9817)) - Reduce CPU usage of the user directory by reusing existing calculated room membership. ([\#9821](https://github.com/matrix-org/synapse/issues/9821)) - Small speed up for joining large remote rooms. ([\#9825](https://github.com/matrix-org/synapse/issues/9825)) - Introduce flake8-bugbear to the test suite and fix some of its lint violations. ([\#9838](https://github.com/matrix-org/synapse/issues/9838)) - Only store the raw data in the in-memory caches, rather than objects that include references to e.g. the data stores. ([\#9845](https://github.com/matrix-org/synapse/issues/9845)) - Limit length of accepted email addresses. ([\#9855](https://github.com/matrix-org/synapse/issues/9855)) - Remove redundant `synapse.types.Collection` type definition. ([\#9856](https://github.com/matrix-org/synapse/issues/9856)) - Handle recently added rate limits correctly when using `--no-rate-limit` with the demo scripts. ([\#9858](https://github.com/matrix-org/synapse/issues/9858)) - Disable invite rate-limiting by default when running the unit tests. ([\#9871](https://github.com/matrix-org/synapse/issues/9871)) - Pass a reactor into `SynapseSite` to make testing easier. ([\#9874](https://github.com/matrix-org/synapse/issues/9874)) - Make `DomainSpecificString` an `attrs` class. ([\#9875](https://github.com/matrix-org/synapse/issues/9875)) - Add type hints to `synapse.api.auth` and `synapse.api.auth_blocking` modules. ([\#9876](https://github.com/matrix-org/synapse/issues/9876)) - Remove redundant `_PushHTTPChannel` test class. ([\#9878](https://github.com/matrix-org/synapse/issues/9878)) - Remove backwards-compatibility code for Python versions < 3.6. ([\#9879](https://github.com/matrix-org/synapse/issues/9879)) - Small performance improvement around handling new local presence updates. ([\#9887](https://github.com/matrix-org/synapse/issues/9887))
| * Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-2/+2
| | | | | | | | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
| * Add type hints to auth and auth_blocking. (#9876)Patrick Cloke2021-04-231-2/+2
| |
| * Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-1/+1
| |
| * Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | | | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* | Merge tag 'v1.32.0' into babolivier/dinsic_1.41.0Brendan Abolivier2021-08-311-6/+22
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.32.0 (2021-04-20) =========================== **Note:** This release requires Python 3.6+ and Postgres 9.6+ or SQLite 3.22+. This release removes the deprecated `GET /_synapse/admin/v1/users/<user_id>` admin API. Please use the [v2 API](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/user_admin_api.rst#query-user-account) instead, which has improved capabilities. This release requires Application Services to use type `m.login.application_service` when registering users via the `/_matrix/client/r0/register` endpoint to comply with the spec. Please ensure your Application Services are up to date. Bugfixes -------- - Fix the log lines of nested logging contexts. Broke in 1.32.0rc1. ([\#9829](https://github.com/matrix-org/synapse/issues/9829)) Synapse 1.32.0rc1 (2021-04-13) ============================== Features -------- - Add a Synapse module for routing presence updates between users. ([\#9491](https://github.com/matrix-org/synapse/issues/9491)) - Add an admin API to manage ratelimit for a specific user. ([\#9648](https://github.com/matrix-org/synapse/issues/9648)) - Include request information in structured logging output. ([\#9654](https://github.com/matrix-org/synapse/issues/9654)) - Add `order_by` to the admin API `GET /_synapse/admin/v2/users`. Contributed by @dklimpel. ([\#9691](https://github.com/matrix-org/synapse/issues/9691)) - Replace the `room_invite_state_types` configuration setting with `room_prejoin_state`. ([\#9700](https://github.com/matrix-org/synapse/issues/9700)) - Add experimental support for [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083): restricting room access via group membership. ([\#9717](https://github.com/matrix-org/synapse/issues/9717), [\#9735](https://github.com/matrix-org/synapse/issues/9735)) - Update experimental support for Spaces: include `m.room.create` in the room state sent with room-invites. ([\#9710](https://github.com/matrix-org/synapse/issues/9710)) - Synapse now requires Python 3.6 or later. It also requires Postgres 9.6 or later or SQLite 3.22 or later. ([\#9766](https://github.com/matrix-org/synapse/issues/9766)) Bugfixes -------- - Prevent `synapse_forward_extremities` and `synapse_excess_extremity_events` Prometheus metrics from initially reporting zero-values after startup. ([\#8926](https://github.com/matrix-org/synapse/issues/8926)) - Fix recently added ratelimits to correctly honour the application service `rate_limited` flag. ([\#9711](https://github.com/matrix-org/synapse/issues/9711)) - Fix longstanding bug which caused `duplicate key value violates unique constraint "remote_media_cache_thumbnails_media_origin_media_id_thumbna_key"` errors. ([\#9725](https://github.com/matrix-org/synapse/issues/9725)) - Fix bug where sharded federation senders could get stuck repeatedly querying the DB in a loop, using lots of CPU. ([\#9770](https://github.com/matrix-org/synapse/issues/9770)) - Fix duplicate logging of exceptions thrown during federation transaction processing. ([\#9780](https://github.com/matrix-org/synapse/issues/9780)) Updates to the Docker image --------------------------- - Move opencontainers labels to the final Docker image such that users can inspect them. ([\#9765](https://github.com/matrix-org/synapse/issues/9765)) Improved Documentation ---------------------- - Make the `allowed_local_3pids` regex example in the sample config stricter. ([\#9719](https://github.com/matrix-org/synapse/issues/9719)) Deprecations and Removals ------------------------- - Remove old admin API `GET /_synapse/admin/v1/users/<user_id>`. ([\#9401](https://github.com/matrix-org/synapse/issues/9401)) - Make `/_matrix/client/r0/register` expect a type of `m.login.application_service` when an Application Service registers a user, to align with [the relevant spec](https://spec.matrix.org/unstable/application-service-api/#server-admin-style-permissions). ([\#9548](https://github.com/matrix-org/synapse/issues/9548)) Internal Changes ---------------- - Replace deprecated `imp` module with successor `importlib`. Contributed by Cristina Muñoz. ([\#9718](https://github.com/matrix-org/synapse/issues/9718)) - Experiment with GitHub Actions for CI. ([\#9661](https://github.com/matrix-org/synapse/issues/9661)) - Introduce flake8-bugbear to the test suite and fix some of its lint violations. ([\#9682](https://github.com/matrix-org/synapse/issues/9682)) - Update `scripts-dev/complement.sh` to use a local checkout of Complement, allow running a subset of tests and have it use Synapse's Complement test blacklist. ([\#9685](https://github.com/matrix-org/synapse/issues/9685)) - Improve Jaeger tracing for `to_device` messages. ([\#9686](https://github.com/matrix-org/synapse/issues/9686)) - Add release helper script for automating part of the Synapse release process. ([\#9713](https://github.com/matrix-org/synapse/issues/9713)) - Add type hints to expiring cache. ([\#9730](https://github.com/matrix-org/synapse/issues/9730)) - Convert various testcases to `HomeserverTestCase`. ([\#9736](https://github.com/matrix-org/synapse/issues/9736)) - Start linting mypy with `no_implicit_optional`. ([\#9742](https://github.com/matrix-org/synapse/issues/9742)) - Add missing type hints to federation handler and server. ([\#9743](https://github.com/matrix-org/synapse/issues/9743)) - Check that a `ConfigError` is raised, rather than simply `Exception`, when appropriate in homeserver config file generation tests. ([\#9753](https://github.com/matrix-org/synapse/issues/9753)) - Fix incompatibility with `tox` 2.5. ([\#9769](https://github.com/matrix-org/synapse/issues/9769)) - Enable Complement tests for [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946): Spaces Summary API. ([\#9771](https://github.com/matrix-org/synapse/issues/9771)) - Use mock from the standard library instead of a separate package. ([\#9772](https://github.com/matrix-org/synapse/issues/9772)) - Update Black configuration to target Python 3.6. ([\#9781](https://github.com/matrix-org/synapse/issues/9781)) - Add option to skip unit tests when building Debian packages. ([\#9793](https://github.com/matrix-org/synapse/issues/9793))
| * Add an experimental room version to support restricted join rules. (#9717)Patrick Cloke2021-03-311-6/+22
| | | | | | Per MSC3083.
* | Merge commit 'd2f0ec12d' into anoa/dinsic_release_1_31_0Andrew Morgan2021-04-231-3/+7
|\|
| * Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-3/+7
| | | | | | | | | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* | Allow knock->knock transitions (#86)Andrew Morgan2021-03-021-2/+0
| | | | | | | | | | Small change to the event auth rules that allows transitioning from knock->knock (in case you want to update your knock reason, or change profile information etc). Coincides with the same commit in [the mainline PR](https://github.com/matrix-org/synapse/pull/6739) and [this update on MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403/commits/49a72862a93d814219968cff814ff63926181645).
* | Add knocking support (#81)Andrew Morgan2021-02-091-4/+22
|/ | | | | | | | | Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403 This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739 and does not include any public room directory changes. While knocking hasn't merged yet on mainline due to waiting on getting Complement into Synapse's CI, the code has been well-tested.
* Ensure that event.redacts is the proper type before handling it (#8457)Patrick Cloke2020-10-051-0/+2
| | | This fixes a bug when backfilling invalid events.
* Convert events worker database to async/await. (#8071)Patrick Cloke2020-08-181-1/+1
|
* Fix recursion error when fetching auth chain over federation (#7817)Erik Johnston2020-07-101-4/+6
| | | | | | | | | | | | | | | When fetching the state of a room over federation we receive the event IDs of the state and auth chain. We then fetch those events that we don't already have. However, we used a function that recursively fetched any missing auth events for the fetched events, which can lead to a lot of recursion if the server is missing most of the auth chain. This work is entirely pointless because would have queued up the missing events in the auth chain to be fetched already. Let's just diable the recursion, since it only gets called from one place anyway.
* Add type hints to event_auth code. (#7505)Patrick Cloke2020-05-151-32/+46
|
* Enforce MSC2209: auth rules for notifications in power level event (#7502)Patrick Cloke2020-05-141-2/+10
| | | | In a new room version, the "notifications" key of power level events are subject to restricted auth rules.
* Remove special auth and redaction rules for aliases events in experimental ↵Patrick Cloke2020-03-091-5/+3
| | | | room ver. (#7037)
* fix bad variable refRichard van der Hoff2020-01-281-1/+1
|
* Implement updated auth rules from MSC2260Richard van der Hoff2020-01-281-5/+19
|
* Pass room version object into event_auth.check and check_redaction (#6788)Richard van der Hoff2020-01-281-13/+21
| | | | | | | These are easier to work with than the strings and we normally have one around. This fixes `FederationHander._persist_auth_tree` which was passing a RoomVersion object into event_auth.check instead of a string.
* Fixup synapse.api to pass mypy (#6733)Erik Johnston2020-01-201-1/+1
|
* Merge release-v1.7.1 into developRichard van der Hoff2019-12-181-7/+8
|\
| * Fix bug where we added duplicate event IDs as auth_events (#6560)Erik Johnston2019-12-171-7/+8
| |
| * Sanity-check room ids in event auth (#6530)Richard van der Hoff2019-12-161-0/+12
| | | | | | | | When we do an event auth operation, check that all of the events involved are in the right room.
* | Sanity-check room ids in event auth (#6530)Richard van der Hoff2019-12-131-0/+12
| | | | | | | | When we do an event auth operation, check that all of the events involved are in the right room.
* | Remove redundant code from event authorisation implementation. (#6502)Richard van der Hoff2019-12-101-6/+2
|/
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-1/+1
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Cleanup extra quotes from IDEs (#6236)Andrew Morgan2019-10-231-2/+1
|
* Cleanup event auth type initialisation (#5975)Andrew Morgan2019-09-041-5/+5
| | | Very small code cleanup.
* Run Black. (#5482)Amber Brown2019-06-201-120/+57
|
* Collect room-version variations into one place (#4969)Richard van der Hoff2019-04-011-12/+8
| | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions.
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-01-291-4/+8
|\ | | | | | | erikj/redactions_eiah
| * check event format version not room versionErik Johnston2019-01-291-2/+2
| |
| * Only check event IDs domain signed event for V1 and V2Erik Johnston2019-01-291-5/+14
| | | | | | | | Since newer versions of events don't have the same format for event ID.
* | Drop vdh supportErik Johnston2019-01-291-1/+1
| |
* | Implement rechecking of redactionsErik Johnston2019-01-291-6/+18
|/
* Pass through room version to event authErik Johnston2019-01-251-1/+2
|
* Add helpers for getting prev and auth events (#4139)Erik Johnston2018-11-061-2/+2
| | | | | | | * Add helpers for getting prev and auth events This is in preparation for allowing the event format to change between room versions.
* User event.sender rather than alias event.user_idErik Johnston2018-10-161-1/+1
|
* Sanitise error messages when user doesn't have permission to inviteErik Johnston2018-10-031-5/+2
|
* Fix handling of rejected threepid invitesErik Johnston2018-10-031-1/+1
|
* Fix error handling for missing auth_eventRichard van der Hoff2018-09-261-2/+2
| | | | | | | | | | When we were authorizing an event, if there was no `m.room.create` in its auth_events, we would raise a SynapseError with a cryptic message, which then meant that we would bail out of processing any incoming events, rather than storing a rejection for the faulty event and moving on. We should treat the absent event the same as any other auth failure, by raising an AuthError, so that the event is marked as rejected.
* Check m.room.create for sane room_versionsRichard van der Hoff2018-08-061-1/+9
|
* run isortAmber Brown2018-07-091-3/+3
|
* Avoid relying on int vs None comparisonErik Johnston2018-07-021-1/+5
| | | | Python 3 doesn't support comparing None to ints
* Ensure that we define sender_domainErik Johnston2018-07-021-0/+1
|
* Make default state_default 50Richard van der Hoff2018-06-141-20/+14
| | | | | | | Make it so that, before there is a power-levels event in the room, you need a power level of at least 50 to send state. Partially addresses https://github.com/matrix-org/matrix-doc/issues/1192
* Clarify interface for event_authRichard van der Hoff2018-06-141-18/+16
| | | | | stop pretending that it returns a boolean, which just almost gave me a heart attack.
* Refactor get_send_level to take a power_levels eventRichard van der Hoff2018-06-141-7/+38
| | | | it makes it easier for me to reason about
* Consistently use six's iteritems and wrap lazy keys/values in list() if ↵Amber Brown2018-05-311-2/+2
| | | | they're not meant to be lazy (#3307)
* Fix templating error with unban permission messageTravis Ralston2018-01-071-1/+1
| | | | | Fixes https://github.com/matrix-org/synapse/issues/2759 Signed-off-by: Travis Ralston <travpc@gmail.com>
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-2/+2
| | | | what could possibly go wrong
* Fix 500 error when fields missing from power_levels eventRichard van der Hoff2017-10-171-3/+3
| | | | | If the users or events keys were missing from a power_levels event, then we would throw 500s when trying to auth them.
* Use better variable nameErik Johnston2017-01-171-3/+3
|
* Optimise state resolutionErik Johnston2017-01-171-6/+43
|
* Split event auth code into seperate moduleErik Johnston2017-01-131-0/+641
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-15 10:44:54 +0000