| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Allow providing credentials to HTTPS_PROXY (#9657)
Addresses https://github.com/matrix-org/synapse-dinsic/issues/70
This PR causes `ProxyAgent` to attempt to extract credentials from an `HTTPS_PROXY` env var. If credentials are found, a `Proxy-Authorization` header ([details](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization)) is sent to the proxy server to authenticate against it. The headers are *not* passed to the remote server.
Also added some type hints.
* lint
|
|
|
|
mainline to dinsic (#93)
This PR is simply porting https://github.com/matrix-org/synapse/pull/9372 to dinsic.
I also had to bring in https://github.com/matrix-org/synapse/pull/8821 and https://github.com/matrix-org/synapse/pull/9084 for this code to work properly - a sign that we should merge mainline into dinsic again soon.
|
|
|
|
|
|
|
|
|
|
Small change to the event auth rules that allows transitioning from knock->knock (in case you want to update your knock reason, or change profile information etc).
Coincides with the same commit in [the mainline PR](https://github.com/matrix-org/synapse/pull/6739) and [this update on MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403/commits/49a72862a93d814219968cff814ff63926181645).
|
|
|
|
results (#84)
* Add a config option to prioritise local users in user directory search results (#9383)
This PR adds a homeserver config option, `user_directory.prefer_local_users`, that when enabled will show local users higher in user directory search results than remote users. This option is off by default.
Note that turning this on doesn't necessarily mean that remote users will always be put below local users, but they should be assuming all other ranking factors (search query match, profile information present etc) are identical.
This is useful for, say, University networks that are openly federating, but want to prioritise local students and staff in the user directory over other random users.
* Don't mix simple and english psql query types
|
|
This informs the remote server of the room versions we support. If the room we're trying to
knock on has a version that is not one of our supported room versions, the remote server
will return an unsupported room version error.
Noticed in https://github.com/matrix-org/matrix-doc/pull/2403#discussion_r577042144
Ported from https://github.com/matrix-org/synapse/pull/6739
|
|
knocked on (#82)
This PR implements the ["Changes regarding the Public Rooms Directory"](https://github.com/Sorunome/matrix-doc/blob/soru/knock/proposals/2403-knock.md#changes-regarding-the-public-rooms-directory) section of knocking MSC2403.
Specifically, it:
* Allows rooms with `join_rule` "knock" to be returned by the query behind the public rooms directory
* Adds the field `join_rule` to each room entry returned by a public rooms directory query, so clients can know whether to attempt a join or knock on a room
This PR is a clone of [the mainline PR](https://github.com/matrix-org/synapse/pull/9359). Complement tests for this change: https://github.com/matrix-org/complement/pull/72.
|
|
Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403
This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739
and does not include any public room directory changes.
While knocking hasn't merged yet on mainline due to waiting on getting Complement
into Synapse's CI, the code has been well-tested.
|
|
|
|
* Fix the Python 3.5 old-deps build. (#9146)
setuptools 51.0.0 dropped support for Python 3.5.
* Fix Python 3.5 old deps build by using a compatible pip version. (#9217)
Co-authored-by: Dan Callahan <danc@element.io>
pip 21.0 stopped supporting Python 3.5.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
|
This was causing a LoginError to be propagated up to the registration servlet, which was
expecting a InteractiveAuthIncompleteError in order to store a password_hash from the
client for the session. DINUM relies on this happening.
More info here: https://github.com/matrix-org/synapse/issues/9263
|
|
|
|
provided (#77)
|
|
|
|
|
|
Signed-off-by: Emelie em@nao.sh
|
|
This allows for efficiently finding which users ignore a particular
user.
Co-authored-by: Erik Johnston <erik@matrix.org>
|
|
... for running the tests with no optional deps.
|
|
If we are lacking an optional dependency, skip the tests that rely on it.
|
|
This can happen when using a split out state database and we've upgraded
the schema version without there being any changes in the state schema.
|
|
|
|
|
|
|
|
These may be omitted if not set, but Synapse assumed they would
be in the response.
|
|
|
|
|
|
The last stream token is always known and we do not need to handle none.
|
|
Ex.
- homeserver.log.2020-12-29
- homeserver.log.2020-12-31
|
|
|
|
An experimental room version ("org.matrix.msc2176") contains
the new redaction rules for testing.
|
|
During login, if there are multiple IdPs enabled, offer the user a choice of
IdPs.
|
|
* Implement CasHandler.handle_redirect_request
... to make it match OidcHandler and SamlHandler
* Clean up interface for OidcHandler.handle_redirect_request
Make it accept `client_redirect_url=None`.
* Clean up interface for `SamlHandler.handle_redirect_request`
... bring it into line with CAS and OIDC by making it take a Request parameter,
move the magic for `client_redirect_url` for UIA into the handler, and fix the
return type to be a `str` rather than a `bytes`.
* Define a common protocol for SSO auth provider impls
* Give SsoIdentityProvider an ID and register them
* Combine the SSO Redirect servlets
Now that the SsoHandler knows about the identity providers, we can combine the
various *RedirectServlets into a single implementation which delegates to the
right IdP.
* changelog
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The `RoomDirectoryFederationTests` tests were not being run unless explicitly called as an `__init__.py` file was not present in `tests/federation/transport/`. Thus the folder was not a python module, and `trial` did not look inside for any test cases to run. This was found while working on #6739.
This PR adds a `__init__.py` and also fixes the test in a couple ways:
- Switch to subclassing `unittest.FederatingHomeserverTestCase` instead, which sets up federation endpoints for us.
- Supply a `federation_auth_origin` to `make_request` in order to more act like the request is coming from another server, instead of just an unauthenicated client requesting a federation endpoint.
I found that the second point makes no difference to the test passing, but felt like the right thing to do if we're testing over federation.
|
|
'Invalid Token' page (#74)
|
|
|
|
|
|
|
|
|
|
Tests were broken due to an API changing. The code used in Synapse
proper should be compatible with both versions already.
|
|
This makes the "messages" key in the content required. This is currently
optional in the spec, but that seems to be an error.
|
|
Removes the trailing slash with causes issues with matrix.to/Element.
|
|
Adds the redacts endpoint to workers that have the client listener.
|
|
This table has been unused since Synapse v1.17.0.
|
|
Tests were broken due to an API changing. The code used in Synapse
proper should be compatible with both versions already.
|
|
This makes the CAS handler look more like the SAML/OIDC handlers:
* Render errors to users instead of throwing JSON errors.
* Internal reorganization.
|
|
Adds a new setting `email.invite_client_location` which, if defined, is
passed to the identity server during invites.
|
|
(#8756)
This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power.
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
|
|
This had two effects 1) it'd give the wrong answer and b) would iterate
*all* power levels in the auth chain of each event. The latter of which
can be *very* expensive for certain types of IRC bridge rooms that have
large numbers of power level changes.
|
|
The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow
`UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser
back to the client, we redirect to a username-picker resource, which allows the user to enter a username.
We *then* complete the SSO flow (including doing the client permission checks).
The static resources for the username picker itself (in
https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker)
are essentially lifted wholesale from
https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res.
As the comment says, we might want to think about making them customisable, but that can be a follow-up.
Fixes #8876.
|
|
|
|
This fixes an KeyError exception, after this PR the content
is just considered unknown.
|
|
If we see stale extremities while persisting events, and notice that
they don't change the result of state resolution, we drop them.
|
|
... and disable coverage tracking for mypy and friends.
|
|
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
|
|
|
* Use the simple dictionary in fts for the user directory
* Clarify naming
|
