| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '56efa9ec7': (22 commits)
Fix rate limiting unit tests. (#8167)
Add functions to `MultiWriterIdGen` used by events stream (#8164)
Do not allow send_nonmember_event to be called with shadow-banned users. (#8158)
Changelog fixes
Make StreamIdGen `get_next` and `get_next_mult` async (#8161)
Wording fixes to 'name' user admin api filter (#8163)
Fix missing double-backtick in RST document
Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)
Add type hints for state. (#8140)
Stop shadow-banned users from sending non-member events. (#8142)
Allow capping a room's retention policy (#8104)
Add healthcheck for default localhost 8008 port on /health endpoint. (#8147)
Fix flaky shadow-ban tests. (#8152)
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991)
Do not apply ratelimiting on joins to appservices (#8139)
Micro-optimisations to get_auth_chain_ids (#8132)
Allow denying or shadow banning registrations via the spam checker (#8034)
Stop shadow-banned users from sending invites. (#8095)
Be more tolerant of membership events in unknown rooms (#8110)
Improve the error code when trying to register using a name reserved for guests. (#8135)
...
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
request_token_inhibit_3pid_errors is turned on (#7991)
* Don't raise session_id errors on submit_token if request_token_inhibit_3pid_errors is set
* Changelog
* Also wait some time before responding to /requestToken
* Incorporate review
* Update synapse/storage/databases/main/registration.py
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Incorporate review
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'e04e465b4':
Use the default templates when a custom template file cannot be found (#8037)
Changelog changes
Convert stream database to async/await. (#8074)
Add a shadow-banned flag to users. (#8092)
Convert pusher databases to async/await. (#8075)
Convert receipts and events databases to async/await. (#8076)
|
| | |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/6583
|
| |\|
| |
| |
| |
| | |
* commit '4e874ed59':
Remove unnecessary maybeDeferred calls (#8044)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'd4a7829b1':
Convert synapse.api to async/await (#8031)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '66f24449d':
Improve performance of the register endpoint (#8009)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '5cdca53aa':
Merge different Resource implementation classes (#7732)
Fix inconsistent handling of upper and lower cases of email addresses. (#7021)
Allow YAML config file to contain None (#7779)
Fix a typo.
Move 1.15.2 after 1.16.0rc2.
1.16.0rc2
Remove an extraneous space.
Add links to the fixes.
Fix tense in the release notes.
Hack to add push priority to push notifications (#7765)
Add early returns to `_check_for_soft_fail` (#7769)
Use symbolic names for replication stream names (#7768)
Type checking for `FederationHandler` (#7770)
Fix new metric where we used ms instead of seconds (#7771)
Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
Pin link in CHANGES.md
Fixes to CHANGES.md
|
| | |
| |
| | |
fixes #7016
|
| | |\ |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | | |
* commit 'e8c36e527':
1.15.2
Correctly handle outliers as prev events over federation
Ensure that HTML pages served from Synapse include headers to avoid embedding.
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | | |
* commit 'a3f11567d':
Replace all remaining six usage with native Python 3 equivalents (#7704)
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.15.x
* 'release-v1.15.0' of github.com:matrix-org/synapse: (55 commits)
1.15.0
Fix some attributions
Update CHANGES.md
1.15.0rc1
Revert "1.15.0rc1"
1.15.0rc1
Fix bug in account data replication stream. (#7656)
Convert the registration handler to async/await. (#7649)
Accept device information at the login fallback endpoint. (#7629)
Convert user directory handler and related classes to async/await. (#7640)
Add an option to disable autojoin for guest accounts (#6637)
Clarifications to the admin api documentation (#7647)
Update to the stable SSO prefix for UI Auth. (#7630)
Fix type information on `assert_*_is_admin` methods (#7645)
Remove some unused constants. (#7644)
Typo fixes.
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
Add device management to admin API (#7481)
Attempt to fix PhoneHomeStatsTestCase.test_performance_100 being flaky. (#7634)
Support CS API v0.6.0 (#6585)
...
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:
* Rather undocumented, and
* causing a *lot* of config checks
This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation.
Best to be reviewed commit-by-commit.
|
| | |
| |
| |
| |
| |
| | |
email has been verified (#48)
* Just ignore the `username` parameter on registration as it's not used by DINUM
* Have `/register/available` always return `true`
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.14.0' of github.com:matrix-org/synapse: (108 commits)
Fix typo in PR link
Update debian changelog
1.14.0
Improve changelog wording
1.14.0rc2
Fix sample config docs error (#7581)
Fix up comments
Fix specifying cache factors via env vars with * in name. (#7580)
Don't apply cache factor to event cache. (#7578)
Ensure ReplicationStreamer is always started when replication enabled. (#7579)
Remove the changes to the debian changelog
Not full release yet, this is rc1
Merge event persistence move changelog entries
More changelog fix
Changelog fixes
1.14.0
Replace device_27_unique_idx bg update with a fg one (#7562)
Fix incorrect exception handling in KeyUploadServlet.on_POST (#7563)
Fix recording of federation stream token (#7564)
Simplify reap_monthly_active_users (#7558)
...
|
| | |
| |
| |
| | |
This now matches the logic of the registration process as modified in
56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.13.0' of github.com:matrix-org/synapse: (257 commits)
Update changelog based on feedback.
Move warnings in the changelog and re-iterate changes to branches.
1.13.0
update dh-virtualenv (#7526)
1.13.0rc3
Hash passwords earlier in the registration process (#7523)
1.13.0rc2
1.13.0rc2
Stop `get_joined_users` corruption from custom statuses (#7376)
Do not validate that the client dict is stable during UI Auth. (#7483)
Fix new flake8 errors (#7489)
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
...
|
| | | |
|
| | |
| |
| |
| | |
This backs out some of the validation for the client dictionary and logs if
this changes during a user interactive authentication session instead.
|
| | |
| |
| |
| | |
Be less strict about validation of UI authentication sessions during
registration to match client expecations.
|
| | |
| |
| |
| |
| | |
By persisting the user interactive authentication sessions to the database, this fixes
situations where a user hits different works throughout their auth session and also
allows sessions to persist through restarts of Synapse.
|
| | |
| |
| |
| |
| |
| | |
matrix-org/babolivier/request_token""
This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '9f7aaf90b':
Validate client_secret parameter (#6767)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'b0a66ab83':
Fixup synapse.rest to pass mypy (#6732)
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
* commit 'd085a8a0a':
Newsfile
Port rest.client.v2
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '020add509':
Update black to 19.10b0 (#6304)
|
| | |
| |
| | |
* update version of black and also fix the mypy config being overridden
|
| |\| |
|
| | |
| |
| | |
Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
If email or msisdn verification aren't supported, let's stop advertising them
for registration.
Fixes #6100.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
because, frankly, it looked like it was written by an axe-murderer.
This should be a non-functional change, except that where `m.login.dummy` was
previously advertised *before* `m.login.terms`, it will now be advertised
afterwards. AFAICT that should have no effect, and will be more consistent with
the flows that involve passing a 3pid.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away.
This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints.
Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #6066
This register endpoint should be disabled if registration is disabled, otherwise we're giving anyone the ability to check if a username exists on a server when we don't need to be.
Error code is 403 (Forbidden) as that's the same returned by /register when registration is disabled.
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| | |
Co-Authored-By: Erik Johnston <erik@matrix.org>
|
| | | |
|
| |\|
| |
| |
| | |
server to handle 3pid validation (#5987)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
server to handle 3pid validation (#5987)
This is a combination of a few different PRs, finally all being merged into `develop`:
* #5875
* #5876
* #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future)
* #5835
* #5969
* #5940
Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged.
UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
|
| |\| |
|
| | |
| |
| | |
Removes the `bind_email` and `bind_msisdn` parameters from the `/register` C/S API endpoint as per [MSC2140: Terms of Service for ISes and IMs](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R107).
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove all the "double return" statements which were a result of us removing all the instances of
```
defer.returnValue(...)
return
```
statements when we switched to python3 fully.
|
| |\| |
|
| | |
| |
| |
| |
| | |
Python will return a tuple whether there are parentheses around the returned values or not.
I'm just sick of my editor complaining about this all over the place :)
|
| |\|
| |
| |
| | |
Awesome-Technologies/remove_shared_secret_registration
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This type of registration was probably never used. It only includes the
user name in the HMAC but not the password.
Shared secret registration is still available via
client/r0/admin/register.
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Nothing uses this now, so we can remove the dead code, and clean up the
API.
Since we're changing the shape of the return value anyway, we take the
opportunity to give the method a better name.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | | |
|
| |\| |
|
| | |\
| | |
| | | |
Re-order registration stages to do msisdn & email auth last
|
| | | |
| | |
| | |
| | |
| | |
| | | |
It's more natural for the user if the bit that takes them away
from the registration flow comes last. Adding the dummy stage allows
us to do the stages in this order without the ambiguity.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.
Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.
vector-im/riot-web#9586
|
| |\ \ \
| | | |
| | | | |
Allow server admins to define and enforce a password policy (MSC2000)
|
| | |/ / |
|
| |\| | |
|
| | |\ \
| | | |
| | | |
| | | |
| | | | |
matrix-org/dbkr/only_check_threepid_not_in_use_if_actually_registering
Only check 3pids not in use when registering
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We checked that 3pids were not already in use before we checked if
we were going to return the account previously registered in the
same UI auth session, in which case the 3pids will definitely
be in use.
https://github.com/vector-im/riot-web/issues/9586
|
| | |/ |
|
| |\| |
|
| | |
| |
| |
| | |
Accidentally went straight to develop
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.
Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.
https://github.com/vector-im/riot-web/issues/9586
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| | |
Add two ratelimiters on login (per-IP address and per-userID).
|
| | | |
|
| | |
| |
| |
| | |
This reverts commit d7dbad3526136cfc9fdbd568635be5016fb637db.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
|
| |\|
| |
| |
| | |
erikj/dinsic-merged-master
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Move RegistrationHandler init to HomeServer
* Move post registration actions to RegistrationHandler
* Add post regisration replication endpoint
* Newsfile
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows registration to be handled by a worker, though the actual
write to the database still happens on master.
Note: due to the in-memory session map all registration requests must be
handled by the same worker.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
* Fix auto join failures for servers that require user consent
* Fix auto join failures for servers that require user consent
|
| | |
| |
| |
| | |
So people can still collect consent the old way if they want to.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| | |
As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
|
| | | |
|
| | |
| |
| |
| |
| | |
* implement shadow registration via AS (untested)
* shadow support for 3pid binding/unbinding (untested)
|
| |\| |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| |\| |
|
| | | |
|
| | |\
| | |
| | | |
Use parse and asserts from http.servlet
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the method "assert_params_in_request" does handle dicts and not
requests. A request body has to be parsed to json before this method
can be used
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
parse_integer and parse_string can take a request and raise errors
in case we have wrong or missing params.
This PR tries to use them more to deduplicate some code and make it
better readable
|
| | |/ |
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* [x] strip invalid characters from generated mxid
* [x] append numbers to disambiguate clashing mxids
* [x] generate displayanames from 3pids using a dodgy heuristic
* [x] get rid of the create_profile_with_localpart and instead
explicitly set displaynames so they propagate correctly
|
| |\ \ |
|
| | |\| |
|
| | |\ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |_|/
|/| | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the handling of auto_join_rooms only works when a user
registers itself via public register api. Registrations via
registration_shared_secret and ModuleApi do not work
This auto_joins the users in the registration handler which enables
the auto join feature for all 3 registration paths.
This is related to issue #2725
Signed-Off-by: Matthias Kesler <krombel@krombel.de>
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
|
| | |
|
| |
|
|
|
| |
lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with.
Typically useful for stopping people from registering with non-work emails
|
| |
|
|
|
| |
Instead of returning False when auth is incomplete, throw an exception which
can be caught with a wrapper.
|
| |
|
|
| |
Explain why we don't validate userids registered via app services
|
| | |
|
| |
|
|
|
|
| |
Force username to lowercase before attempting to register
https://github.com/matrix-org/synapse/issues/2660
|
| |
|
|
| |
Allow things to pass inhibit_login when registering to ... inhibit logins.
|
| |
|
|
|
|
|
|
|
| |
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.
It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
|
| |
|
|
|
| |
New users who register on the server will be dumped into all rooms in
auto_join_rooms in the config.
|
| |
|
|
|
|
|
| |
- GET is now the method for register/available
- a query parameter "username" is now used
Also, empty usernames are now handled with an error message on registration or via register/available: `User ID cannot be empty`
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Outlined here: https://github.com/vector-im/riot-web/issues/3605#issuecomment-298679388
```HTTP
GET /_matrix/.../register/available
{
"username": "desiredlocalpart123"
}
```
If available, the response looks like
```HTTP
HTTP/1.1 200 OK
{
"available": true
}
```
Otherwise,
```HTTP
HTTP/1.1 429
{
"errcode": "M_LIMIT_EXCEEDED",
"error": "Too Many Requests",
"retry_after_ms": 2000
}
```
or
```HTTP
HTTP/1.1 400
{
"errcode": "M_USER_IN_USE",
"error": "User ID already taken."
}
```
or
```HTTP
HTTP/1.1 400
{
"errcode": "M_INVALID_USERNAME",
"error": "Some reason for username being invalid"
}
```
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Only offer msisdn flows if the x_show_msisdn option is given.
|
| |
|
|
| |
Changes from https://github.com/matrix-org/synapse/pull/1971
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
and replace requestEmailToken where we meant requestMsisdnToken
|
| |
|
|
| |
Plus a couple of other minor fixes
|
| | |
|
| |
|
|
| |
and support binding them with the bind_msisdn param
|
| | |
|
| |
|
|
|
|
| |
This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.
|
| |
|
|
| |
Remove refresh_token reference
|
| |
|
|
|
|
|
|
| |
We might as well treat all refresh_tokens as invalid. Just return a 403 from
/tokenrefresh, so that we don't have a load of dead, untestable code hanging
around.
Still TODO: removing the table from the schema.
|
| |\ |
|
| | |
| |
| |
| |
| | |
We need to create devices for guests so that they can use e2e, but we don't
have anywhere to store it, so just use a fixed one.
|
| |/
|
|
|
|
|
| |
Since we're not doing refresh tokens any more, we should start killing off the
dead code paths. /tokenrefresh itself is a bit of a thornier subject, since
there might be apps out there using it, but we can at least not generate
refresh tokens on new logins.
|
| | |
|
| |
|
|
|
| |
Works around https://github.com/vector-im/vector-android/issues/715
and equivalent for iOS
|
| |
|
|
|
|
| |
Rather than reimplementing the token parsing in the various places.
This will make it easier to change the token parsing to allow access_tokens
in HTTP headers.
|
| | |
|
| |
|
|
| |
Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing.
|
| | |
|
| |
|
|
|
| |
device_id may only be passed in the first call to /register, so make sure we
fish it out of the register `params` rather than the body of the final call.
|
| |
|
|
|
|
|
|
|
|
| |
This doesn't cover *all* of the registration flows, but it does cover the most
common ones: in particular: shared_secret registration, appservice
registration, and normal user/pass registration.
Pull device_id from the registration parameters. Register the device in the
devices table. Associate the device with the returned access and refresh
tokens. Profit.
|
| |\
| |
| | |
Type annotations
|
| | |
| |
| |
| |
| | |
Add some type annotations to help PyCharm (in particular) to figure out the
types of a bunch of things.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
* `RegistrationHandler.appservice_register` no longer issues an access token:
instead it is left for the caller to do it. (There are two of these, one in
`synapse/rest/client/v1/register.py`, which now simply calls
`AuthHandler.issue_access_token`, and the other in
`synapse/rest/client/v2_alpha/register.py`, which is covered below).
* In `synapse/rest/client/v2_alpha/register.py`, move the generation of
access_tokens into `_create_registration_details`. This means that the normal
flow no longer needs to call `AuthHandler.issue_access_token`; the
shared-secret flow can tell `RegistrationHandler.register` not to generate a
token; and the appservice flow continues to work despite the above change.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This is meant to be an *almost* non-functional change, with the exception that
it fixes what looks a lot like a bug in that it only calls
`auth_handler.add_threepid` and `add_pusher` once instead of three times.
The idea is to move the generation of the `access_token` out of
`registration_handler.register`, because `access_token`s now require a
device_id, and we only want to generate a device_id once registration has been
successful.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
If they registered with an email address and email notifs are enabled on the HS
|
| |
|
|
|
|
| |
The spec is clear the key should be 'user' not 'username' and this is indeed
the case for v1. This is not true for v2_alpha though, which is what this
commit is fixing.
|
| | |
|
| | |
|
| |
|
|
| |
a username.
|
| | |
|
| |
|
|
| |
you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.
|
| |
|
|
| |
Guest registration still doesn't return refresh_token
|
| |
|
|
|
| |
to deduplicate all the copy+pasted _parse_json functions. Also document
the parse_.* functions.
|
| | |
|
| | |
|
| |
|
|
| |
break if you open the email on a different device.
|
| |
|
|
| |
not. Use this so we can run _filter_events_for_client when calculating event_push_actions.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
|
| |\
| |
| | |
Changes for unique emails
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
email is in use on this Home Server.
|
| |/
|
|
|
|
|
|
|
| |
* Merge LoginHandler -> AuthHandler
* Add a bunch of documentation
* Improve some naming
* Remove unused branches
I will start merging the actual logic of the two handlers shortly
|
| |
|
|
| |
been saved in the auth layer)
|
| |
|
|
| |
Namely this means using registration_handler.appservice_register.
|
| |
|
|
|
|
|
|
| |
V2 Registration forced everyone (including ASes) to create a password for a
user, when ASes should be able to omit passwords. Also unbreak AS registration
in general which checked too early if the given username was claimed by an AS;
it was checked before knowing if the AS was the one doing the registration! Add
unit tests for AS reg, user reg and disabled_registration flag.
|
| | |
|
| |
|
|
| |
user-interactive auth call.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
it just succeeding
|
| | |
|
