| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | | |
|
| | |
| |
| | |
Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
|
| | |
| |
| |
| |
| |
| |
| | |
- Update black version to the latest
- Run black auto formatting over the codebase
- Run autoformatting according to [`docs/code_style.md
`](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md)
- Update `code_style.md` docs around installing black to use the correct version
|
| | | |
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Synapse 1.27.0rc2 (2021-02-11)
==============================
Features
--------
- Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297))
Bugfixes
--------
- Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302))
- Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313))
Improved Documentation
----------------------
- Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
|
| |\ \ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | | |
This breaks some people's configurations (if their Client-Server API
is not accessed via port 443).
|
| |\ \ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | |
| | | |
* Adds type hints to the groups servlet and stringutils code.
* Assert the maximum length of some input values for spec compliance.
|
| | | |
| | |
| | |
| | | |
* Handle the case of lxml not finding a document tree.
* Parse the document encoding from the XML tag.
|
| | |\ \
| | | |
| | | | |
New API /_synapse/admin/rooms/{roomId}/context/{eventId}
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: David Teller <davidt@element.io>
|
| |\| | | |
|
| | | |/
| |/| |
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | | |
This could arguably replace the existing admin API for `/members`, however that is out of scope of this change.
This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database.
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | |\| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
There's some prelimiary work here to pull out the construction of a jinja environment to a separate function.
I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #8966.
* Factor out build_synapse_client_resource_tree
Start a function which will mount resources common to all workers.
* Move sso init into build_synapse_client_resource_tree
... so that we don't have to do it for each worker
* Fix SSO-login-via-a-worker
Expose the SSO login endpoints on workers, like the documentation says.
* Update workers config for new endpoints
Add documentation for endpoints recently added (#8942, #9017, #9262)
* remove submit_token from workers endpoints list
this *doesn't* work on workers (yet).
* changelog
* Add a comment about the odd path for SAML2Resource
|
| | | | |
| | | |
| | | | |
There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | |\| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We've decided to add a 'brand' field to help clients decide how to style the
buttons.
Also, fix up the allowed characters for idp_id, while I'm in the area.
|
| | | |/
| |/| |
|
| |\| | |
|
| | | |
| | |
| | |
| | | |
behalf (#9235)
|
| | |\| |
|
| | | |
| | |
| | | |
Fixes #8928.
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Treat unknown encodings (according to lxml) as UTF-8
when generating a preview for HTML documents. This
isn't fully accurate, but will hopefully give a reasonable
title and summary.
|
| |\| | |
|
| | |\ \
| | | |
| | | |
| | | |
| | | | |
# Conflicts:
# synapse/rest/admin/__init__.py
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This expands the current shadow-banning feature to be usable via
the admin API and adds documentation for it.
A shadow-banned users receives successful responses to their
client-server API requests, but the events are not propagated into rooms.
Shadow-banning a user should be used as a tool of last resort and may lead
to confusing or broken behaviour for the client.
|
| |\| | | |
|
| | |\| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If no thumbnail of the requested type exists, return a 404 instead
of erroring. This doesn't quite match the spec (which does not define
what happens if no thumbnail can be found), but is consistent with
what Synapse already does.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* docs updates
* prettify SQL
* add missing copyright
* cursor_to_dict
* update touched files copyright years
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also run linter.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
GET /_synapse/admin/v1/rooms/<identifier>/forward_extremities now gets forward extremities for a room, returning count and the list of extremities.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |\ \ \ \ \
| | |_|/ /
| |/| | | |
|
| | | |_|/
| |/| | |
|
| |\| | | |
|
| | | | | |
|
| |\| | | |
|
| | | | | |
|
| |\| | | |
|
| | | | |
| | | |
| | | |
| | | | |
If a remote server name is provided, ensure it is something reasonable
before making remote connections to it.
|
| |\| | | |
|
| | | | | |
|
| |\| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Factor out a common TestHtmlParser
Looks like I'm doing this in a few different places.
* Improve OIDC login test
Complete the OIDC login flow, rather than giving up halfway through.
* Ensure that OIDC login works with multiple OIDC providers
* Fix bugs in handling clientRedirectUrl
- don't drop duplicate query-params, or params with no value
- allow utf-8 in query-params
|
| |\| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Protecting media stops it from being quarantined when
e.g. all media in a room is quarantined. This is useful
for sticker packs and other media that is uploaded by
server administrators, but used by many people.
|
| |\| | | |
|
| | | | | |
|
| |\| | | |
|
| | | | |
| | | |
| | | | |
This only applies if the user's data is to be erased.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one.
There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated.
Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
|
| | | | |
| | | |
| | | | |
Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
|
| | | |/
| |/|
| | |
| | | |
For remote users, only the rooms which the server knows about are returned.
Local users have all of their joined rooms returned.
|
| |\| | |
|
| | |/ |
|
| |\| |
|
| | |
| |
| |
| |
| | |
During login, if there are multiple IdPs enabled, offer the user a choice of
IdPs.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Implement CasHandler.handle_redirect_request
... to make it match OidcHandler and SamlHandler
* Clean up interface for OidcHandler.handle_redirect_request
Make it accept `client_redirect_url=None`.
* Clean up interface for `SamlHandler.handle_redirect_request`
... bring it into line with CAS and OIDC by making it take a Request parameter,
move the magic for `client_redirect_url` for UIA into the handler, and fix the
return type to be a `str` rather than a `bytes`.
* Define a common protocol for SSO auth provider impls
* Give SsoIdentityProvider an ID and register them
* Combine the SSO Redirect servlets
Now that the SsoHandler knows about the identity providers, we can combine the
various *RedirectServlets into a single implementation which delegates to the
right IdP.
* changelog
|
| |\| |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
This makes the "messages" key in the content required. This is currently
optional in the spec, but that seems to be an error.
|
| | |
| |
| | |
Adds the redacts endpoint to workers that have the client listener.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
(#8756)
This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power.
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow
`UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser
back to the client, we redirect to a username-picker resource, which allows the user to enter a username.
We *then* complete the SSO flow (including doing the client permission checks).
The static resources for the username picker itself (in
https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker)
are essentially lifted wholesale from
https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res.
As the comment says, we might want to think about making them customisable, but that can be a follow-up.
Fixes #8876.
|
| | | |
|
| |\| |
|
| | |\ |
|
| | | | |
|
| |\| | |
|
| | | |
| | |
| | | |
This improves type hinting and should use less memory.
|
| |\| | |
|
| | | |
| | |
| | |
| | | |
Spam checker modules can now provide async methods. This is implemented
in a backwards-compatible manner.
|
| | | |
| | |
| | |
| | | |
Fixes #8846.
|
| | | | |
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes / related to: https://github.com/matrix-org/synapse/issues/6533
This should do essentially the same thing as a robots.txt file telling robots to not index the media repo. https://developers.google.com/search/reference/robots_meta_tag
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Call set_avatar_url with target_user, not user_id
Fixes https://github.com/matrix-org/synapse/issues/8871
* Create 8872.bugfix
* Update synapse/rest/admin/users.py
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Testing
* Update changelog.d/8872.bugfix
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | | |
|
| | | |
| | |
| | | |
Instead return the proper 400 error.
|
| | | |
| | |
| | |
| | | |
The spec says we should return `M_FORBIDDEN` when someone tries to register and
registration is disabled.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replaces the `federation_ip_range_blacklist` configuration setting with an
`ip_range_blacklist` setting with wider scope. It now applies to:
* Federation
* Identity servers
* Push notifications
* Checking key validitity for third-party invite events
The old `federation_ip_range_blacklist` setting is still honored if present, but
with reduced scope (it only applies to federation and identity servers).
|
| | |/
| |
| | |
Raise a proper 400 error if the `mac` field is missing.
|
| | |
| |
| |
| |
| |
| |
| | |
mainline to dinsic (#93)
This PR is simply porting https://github.com/matrix-org/synapse/pull/9372 to dinsic.
I also had to bring in https://github.com/matrix-org/synapse/pull/8821 and https://github.com/matrix-org/synapse/pull/9084 for this code to work properly - a sign that we should merge mainline into dinsic again soon.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403
This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739
and does not include any public room directory changes.
While knocking hasn't merged yet on mainline due to waiting on getting Complement
into Synapse's CI, the code has been well-tested.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The spec requires synapse to support `identifier` dicts for `m.login.password`
user-interactive auth, which it did not (instead, it required an undocumented
`user` parameter.)
To fix this properly, we need to pull the code that interprets `identifier`
into `AuthHandler.validate_login` so that it can be called from the UIA code.
Fixes #5665.
|
| |\| |
|
| | |
| |
| | |
we don't need to support legacy login dictionaries here.
|
| | |
| |
| |
| |
| | |
(#8565)
Changes `@cache_in_self` to use underscore-prefixed attributes.
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| | |
These are now only available via `/_synapse/admin/v1`.
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
The main use case is to see how many requests are being made, and how
many are second/third/etc attempts. If there are large number of retries
then that likely indicates a delivery problem.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add `GET /_synapse/admin/v1/statistics/users/media` to get statisics about local media usage by users.
Related to #6094
It is the first API for statistics.
Goal is to avoid/reduce usage of sql queries like [Wiki analyzing Synapse](https://github.com/matrix-org/synapse/wiki/SQL-for-analyzing-Synapse-PostgreSQL-database-stats)
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
| | |
| |
| | |
Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
|
| |\| |
|
| | |
| |
| | |
Fixes #6755
|
| |\| |
|
| | |
| |
| | |
Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
|
| |\| |
|
| | |
| |
| | |
Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Split admin API for reported events in detail und list view.
API was introduced with #8217 in synapse v.1.21.0.
It makes the list (`GET /_synapse/admin/v1/event_reports`) less complex and provides a better overview.
The details can be queried with: `GET /_synapse/admin/v1/event_reports/<report_id>`.
It is similar to room and users API.
It is a kind of regression in `GET /_synapse/admin/v1/event_reports`. `event_json` was removed. But the api was introduced one version before and it is an admin API (not under spec).
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
| | |
| |
| |
| |
| |
| | |
Related to: #6459, #3479
Add `DELETE /_synapse/admin/v1/media/<server_name>/<media_id>` to delete
a single file from server.
|
| | |
| |
| |
| | |
If the user was not in any rooms then the API returned the same error
as if the user did not exist.
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
The handling of OPTIONS requests was consolidated in #7534, but the endpoint
specific handlers were not removed.
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| | |
Fixes #8029
|
| | |
| |
| | |
All handlers now available via get_*_handler() methods on the HomeServer.
|
| | |
| |
| |
| | |
This allows a user to store an offline device on the server and
then restore it at a subsequent login.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(#8465)
This PR ports the quick fix from https://github.com/matrix-org/synapse/pull/2796 to further methods which handle media, URL preview and `/key/v2/server` requests. This prevents a harmless `ERROR` that comes up in the logs when we were unable to respond to a client request when the client had already disconnected. In this case we simply bail out if the client has already done so.
This is the 'simple fix' as suggested by https://github.com/matrix-org/synapse/issues/5304#issuecomment-574740003.
Fixes https://github.com/matrix-org/synapse/issues/6700
Fixes https://github.com/matrix-org/synapse/issues/5304
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There's no need for it to be in the dict as well as the events table. Instead,
we store it in a separate attribute in the EventInternalMetadata object, and
populate that on load.
This means that we can rely on it being correctly populated for any event which
has been persited to the database.
|
| | |
| |
| |
| | |
'Invalid Token' page (#74)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '6a8fd03ac':
1.21.0rc2
1.21.0rc2
Fix bug in remote thumbnail search (#8438)
Fix DB query on startup for negative streams. (#8447)
Convert additional templates to Jinja (#8444)
Fix malformed log line in new federation "catch up" logic (#8442)
Do not expose the experimental appservice login flow to clients. (#8440)
update changelog
fix a logging error in thumbnailer (#8435)
changelog fixes
fix version number
|
| | |
| |
| |
| |
| | |
#7124 changed the behaviour of remote thumbnails so that the thumbnailing method was included in the filename of the thumbnail. To support existing files, it included a fallback so that we would check the old filename if the new filename didn't exist.
Unfortunately, it didn't apply this logic to storage providers, so any thumbnails stored on such a storage provider was broken.
|
| | |
| |
| | |
This converts a few more of our inline HTML templates to Jinja. This is somewhat part of #7280 and should make it a bit easier to customize these in the future.
|
| | | |
|
| | |
| |
| | |
Introduced in #8236
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'cc40a59b4':
1.21.0
Add prometheus metrics to track federation delays (#8430)
Make token serializing/deserializing async (#8427)
Allow additional SSO properties to be passed to the client (#8413)
changelog
Add an improved "forward extremities" metric
Rewrite BucketCollector
Fix _exposition.py to stop stripping samples
Drop support for ancient prometheus_client (#8426)
Various clean ups to room stream tokens. (#8423)
changelog
Report state res metrics to Prometheus and log
Move Measure calls into `resolve_events_with_store`
Expose a `get_resource_usage` method in `Measure`
Move `resolve_events_with_store` into StateResolutionHandler
|
| | |
| |
| | |
The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '8238b55e0':
Update description of server_name config option (#8415)
Discard an empty upload_name before persisting an uploaded file (#7905)
Don't table scan events on worker startup (#8419)
Mypy fixes for `synapse.handlers.federation` (#8422)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f43c66d23':
Add support for running Complement against the local checkout (#8317)
Filter out appservices from mau count (#8404)
Only assert valid next_link params when provided (#8417)
Add metrics to track success/otherwise of replication requests (#8406)
Fix handling of connection timeouts in outgoing http requests (#8400)
Changelog
Don't check whether a 3pid is allowed to register during password reset
Add checks for postgres sequence consistency (#8402)
Create a mechanism for marking tests "logcontext clean" (#8399)
Add `ui_auth_sessions_ips` table to `synapse_port_db` ignore list (#8410)
A pair of tiny cleanups in the federation request code. (#8401)
typo
|
| | |\
| | |
| | |
| | | |
anoa/info-mainline-no-check-password-reset
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Broken in https://github.com/matrix-org/synapse/pull/8275 and has yet to be put in a release. Fixes https://github.com/matrix-org/synapse/issues/8418.
`next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL.
This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
|
| | |/
| |
| |
| |
| | |
This endpoint should only deal with emails that have already been approved, and
are attached with user's account. There's no need to re-check them here.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '31acc5c30':
Escape the error description on the sso_error template. (#8405)
Fix occasional "Re-starting finished log context" from keyring (#8398)
Allow existing users to login via OpenID Connect. (#8345)
Fix schema delta for servers that have not backfilled (#8396)
Fix MultiWriteIdGenerator's handling of restarts. (#8374)
s/URLs/variables in changelog
s/accidentally/incorrectly in changelog
Update changelog wording
Add type annotations to SimpleHttpClient (#8372)
Add new sequences to port DB script (#8387)
Add EventStreamPosition type (#8388)
Mark the shadow_banned column as boolean in synapse_port_db. (#8386)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '4325be1a5':
Fix missing null character check on guest_access room state
Fixed a bug with reactivating users with the admin API (#8362)
Admin API for reported events (#8217)
Fix wording of deprecation notice in changelog
Deprecation warning for synapse admin api being accessible under /_matrix
Create function to check for long names in devices (#8364)
Add a comment re #1691
Fix a bad merge from release-v1.20.0. (#8354)
Admin API for querying rooms where a user is a member (#8306)
Catch-up after Federation Outage (bonus): Catch-up on Synapse Startup (#8322)
Simplify super() calls to Python 3 syntax. (#8344)
Allow appservice users to /login (#8320)
Update test logging to be able to accept braces (#8335)
Move lint dependencies to extras_require (#8330)
|
| | |
| |
| | |
Add an admin API to read entries of table `event_reports`. API: `GET /_synapse/admin/v1/event_reports`
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Synapse 1.20.0rc5 (2020-09-18)
==============================
In addition to the below, Synapse 1.20.0rc5 also includes the bug fix that was included in 1.19.3.
Features
--------
- Add flags to the `/versions` endpoint for whether new rooms default to using E2EE. ([\#8343](https://github.com/matrix-org/synapse/issues/8343))
Bugfixes
--------
- Fix rate limiting of federation `/send` requests. ([\#8342](https://github.com/matrix-org/synapse/issues/8342))
- Fix a longstanding bug where back pagination over federation could get stuck if it failed to handle a received event. ([\#8349](https://github.com/matrix-org/synapse/issues/8349))
Internal Changes
----------------
- Blacklist [MSC2753](https://github.com/matrix-org/matrix-doc/pull/2753) SyTests until it is implemented. ([\#8285](https://github.com/matrix-org/synapse/issues/8285))
|
| | | |
| | |
| | |
| | | |
Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to
list all rooms where a user is a member.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This converts calls like super(Foo, self) -> super().
Generated with:
sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
|
| | | |
| | |
| | |
| | |
| | | |
Add ability for ASes to /login using the `uk.half-shot.msc2778.login.application_service` login `type`.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* commit '43f2b67e4':
Intelligently select extremities used in backfill. (#8349)
Add flags to /versions about whether new rooms are encrypted by default. (#8343)
Fix ratelimiting for federation `/send` requests. (#8342)
blacklist MSC2753 sytests until it's implemented in synapse (#8285)
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '837293c31':
Remove obsolete __future__ imports (#8337)
Use admin_patterns for all admin APIs. (#8331)
Fix a potential bug of UnboundLocalError (#8329)
Switch metaclass initialization to python 3-compatible syntax (#8326)
Catch-up after Federation Outage (split, 4): catch-up loop (#8272)
Use slots in attrs classes where possible (#8296)
Fix typos in comments.
Add the topic and avatar to the room details admin API (#8305)
Improve SAML error messages (#8248)
Add experimental support for sharding event persister. Again. (#8294)
Make `StreamToken.room_key` be a `RoomStreamToken` instance. (#8281)
Use TLSv1.2 for fake servers in tests (#8208)
Add /_synapse/client to the reverse proxy docs (#8227)
Clean up `Notifier.on_new_room_event` code path (#8288)
|
| | | |
| | |
| | | |
This reduces duplication of the admin prefix in regular expressions.
|
| | | |
| | |
| | | |
Replaced with less buggier control flow
|
| | | |
| | |
| | |
| | |
| | | |
slots use less memory (and attribute access is faster) while slightly
limiting the flexibility of the class attributes. This focuses on objects
which are instantiated "often" and for short periods of time.
|
| | | | |
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'a3a90ee03':
Show a confirmation page during user password reset (#8004)
Do not error when thumbnailing invalid files (#8236)
Remove some unused distributor signals (#8216)
Fixup pusher pool notifications (#8287)
Revert "Fixup pusher pool notifications"
Fixup pusher pool notifications
|
| | | |
| | |
| | |
| | |
| | | |
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.
This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
|
| | | |
| | |
| | |
| | | |
If a file cannot be thumbnailed for some reason (e.g. the file is empty), then
catch the exception and convert it to a reasonable error message for the client.
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
* commit '453dfe210':
blacklist MSC2753 sytests until it's implemented in synapse (#8285)
Don't remember `enabled` of deleted push rules and properly return 404 for missing push rules in `.../actions` and `.../enabled` (#7796)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
missing push rules in `.../actions` and `.../enabled` (#7796)
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'e45b83411':
Add types to async_helpers (#8260)
Fix mypy error on develop (#8282)
Include method in thumbnail media name (#7124)
Add types to StreamToken and RoomStreamToken (#8279)
Add a config option for validating 'next_link' parameters against a domain whitelist (#8275)
Clean up types for PaginationConfig (#8250)
Use the right constructor for log records (#8278)
Fix `MultiWriterIdGenerator.current_position`. (#8257)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes an issue where different methods (crop/scale) overwrite each other.
This first tries the new path. If that fails and we are looking for a
remote thumbnail, it tries the old path. If that still isn't found, it
continues as normal.
This should probably be removed in the future, after some of the newer
thumbnails were generated with the new path on most deployments. Then
the overhead should be minimal if the other thumbnails need to be
regenerated.
Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '17fa4c7ca':
Catch up after Federation Outage (split, 2): Track last successful stream ordering after transmission (#8247)
Catch-up after Federation Outage (split, 1) (#8230)
Fix type signature in simple_select_one_onecol and friends (#8241)
Stop sub-classing object (#8249)
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
* commit '112266eaf':
Add StreamStore to mypy (#8232)
Re-implement unread counts (again) (#8059)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '0d4f614fd':
Refactor `_get_e2e_device_keys_for_federation_query_txn` (#8225)
Add experimental support for sharding event persister. (#8170)
Add /user/{user_id}/shared_rooms/ api (#7785)
Do not try to store invalid data in the stats table (#8226)
Convert the main methods run by the reactor to async. (#8213)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add shared_rooms api
* Add changelog
* Add .
* Wrap response in {"rooms": }
* linting
* Add unstable_features key
* Remove options from isort that aren't part of 5.x
`-y` and `-rc` are now default behaviour and no longer exist.
`dont-skip` is no longer required
https://timothycrosley.github.io/isort/CHANGELOG/#500-penny-july-4-2020
* Update imports to make isort happy
* Add changelog
* Update tox.ini file with correct invocation
* fix linting again for isort
* Vendor prefix unstable API
* Fix to match spec
* import Codes
* import Codes
* Use FORBIDDEN
* Update changelog.d/7785.feature
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Implement get_shared_rooms_for_users
* a comma
* trailing whitespace
* Handle the easy feedback
* Switch to using runInteraction
* Add tests
* Feedback
* Seperate unstable endpoint from v2
* Add upgrade node
* a line
* Fix style by adding a blank line at EOF.
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Tulir Asokan <tulir@maunium.net>
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Update UPGRADE.rst
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fix UPGRADE/CHANGELOG unstable paths
unstable unstable unstable
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit '5c03134d0':
Convert additional database code to async/await. (#8195)
Define StateMap as immutable and add a MutableStateMap type. (#8183)
Move and refactor LoginRestServlet helper methods (#8182)
|
| | |
| |
| |
| |
| |
| |
| | |
This is split out from https://github.com/matrix-org/synapse/pull/7438, which had gotten rather large.
`LoginRestServlet` has a couple helper methods, `login_submission_legacy_convert` and `login_id_thirdparty_from_phone`. They're primarily used for converting legacy user login submissions to "identifier" dicts ([see spec](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-login)). Identifying information such as usernames or 3PID information used to be top-level in the login body. They're now supposed to be put inside an [identifier](https://matrix.org/docs/spec/client_server/r0.6.1#identifier-types) parameter instead.
#7438's purpose is to allow using the new identifier parameter during User-Interactive Authentication, which is currently handled in AuthHandler. That's why I've moved these helper methods there. I also moved the refactoring of these method from #7438 as they're relevant.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a466b6797':
Reduce run-times of tests by advancing the reactor less (#7757)
Update debian systemd service to use Type=notify (#8169)
Remove remaining is_guest argument uses from get_room_data calls (#8181)
Do not propagate typing notifications from shadow-banned users. (#8176)
Remove unused parameter from, and add safeguard in, get_room_data (#8174)
Add required Debian dependencies to allow docker builds on the arm platform (#8144)
Allow running mypy directly. (#8175)
Update the test federation client to handle streaming responses (#8130)
Do not propagate profile changes of shadow-banned users into rooms. (#8157)
Make SlavedIdTracker.advance have same interface as MultiWriterIDGenerator (#8171)
Convert simple_select_one and simple_select_one_onecol to async (#8162)
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Small cleanup PR.
* Removed the unused `is_guest` argument
* Added a safeguard to a (currently) impossible code path, fixing static checking at the same time.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '56efa9ec7': (22 commits)
Fix rate limiting unit tests. (#8167)
Add functions to `MultiWriterIdGen` used by events stream (#8164)
Do not allow send_nonmember_event to be called with shadow-banned users. (#8158)
Changelog fixes
Make StreamIdGen `get_next` and `get_next_mult` async (#8161)
Wording fixes to 'name' user admin api filter (#8163)
Fix missing double-backtick in RST document
Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)
Add type hints for state. (#8140)
Stop shadow-banned users from sending non-member events. (#8142)
Allow capping a room's retention policy (#8104)
Add healthcheck for default localhost 8008 port on /health endpoint. (#8147)
Fix flaky shadow-ban tests. (#8152)
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991)
Do not apply ratelimiting on joins to appservices (#8139)
Micro-optimisations to get_auth_chain_ids (#8132)
Allow denying or shadow banning registrations via the spam checker (#8034)
Stop shadow-banned users from sending invites. (#8095)
Be more tolerant of membership events in unknown rooms (#8110)
Improve the error code when trying to register using a name reserved for guests. (#8135)
...
|
| | |
| |
| |
| |
| | |
* Search in columns 'name' and 'displayname' in the admin users endpoint
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
request_token_inhibit_3pid_errors is turned on (#7991)
* Don't raise session_id errors on submit_token if request_token_inhibit_3pid_errors is set
* Changelog
* Also wait some time before responding to /requestToken
* Incorporate review
* Update synapse/storage/databases/main/registration.py
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Incorporate review
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | |
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '731dfff34':
Ensure a group ID is valid before trying to get rooms for it. (#8129)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'c9c544cda':
Remove `ChainedIdGenerator`. (#8123)
Switch the JSON byte producer from a pull to a push producer. (#8116)
Updated docs: Added note about missing 308 redirect support. (#8120)
Be stricter about JSON that is accepted by Synapse (#8106)
Convert runWithConnection to async. (#8121)
Remove the unused inlineCallbacks code-paths in the caching code (#8119)
Separate `get_current_token` into two. (#8113)
Convert events worker database to async/await. (#8071)
Add a link to the matrix-synapse-rest-password-provider. (#8111)
|
| | |
| |
| |
| |
| | |
It's just a thin wrapper around two ID gens to make `get_current_token`
and `get_next` return tuples. This can easily be replaced by calling the
appropriate methods on the underlying ID gens directly.
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3c01724b3':
Fix the return type of send_nonmember_events. (#8112)
Remove : from allowed client_secret chars (#8101)
Rename changelog from bugfix to misc.
Iteratively encode JSON responses to avoid blocking the reactor. (#8013)
Return the previous stream token if a non-member event is a duplicate. (#8093)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'e04e465b4':
Use the default templates when a custom template file cannot be found (#8037)
Changelog changes
Convert stream database to async/await. (#8074)
Add a shadow-banned flag to users. (#8092)
Convert pusher databases to async/await. (#8075)
Convert receipts and events databases to async/await. (#8076)
|
| | |
| |
| | |
Fixes https://github.com/matrix-org/synapse/issues/6583
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'db131b6b2':
Change the default log config to reduce disk I/O and storage (#8040)
Implement login blocking based on SAML attributes (#8052)
Add an assertion on prev_events in create_new_client_event (#8041)
Typo
Lint
why mypy why
Lint
Incorporate review
Incorporate review
Fix PUT /pushrules to use the right rule IDs
Back out the database hack and replace it with a temporary config setting
Fix cache name
Fix cache invalidation calls
Lint
Changelog
Implement new experimental push rules with a database hack to enable them
|
| | |\
| | |
| | | |
With an undocumented configuration setting to enable them for specific users.
|
| | | |\
| | | |
| | | |
| | | | |
babolivier/new_push_rules
|
| | | | | |
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '4e874ed59':
Remove unnecessary maybeDeferred calls (#8044)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '7620912d8':
Add health check endpoint (#8048)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '4dd27e6d1':
Reduce unnecessary whitespace in JSON. (#7372)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '2ffd6783c':
Revert #7736 (#8039)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit 'd4a7829b1':
Convert synapse.api to async/await (#8031)
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '66f24449d':
Improve performance of the register endpoint (#8009)
|
| | | |/
| |/| |
|
| |\| |
| | |
| | |
| | |
| | | |
* commit 'a7bdf98d0':
Rename database classes to make some sense (#8033)
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | | |
* commit '8ff2deda7':
Fix async/await calls for broken media providers. (#8027)
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | | |
* commit 'b6c6fb795':
Allow guests to operate in encrypted rooms (#7314)
|
| | |/
| |
| | |
Signed-off-by: Michael Albert <michael.albert@awesome-technologies.de>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3950ae51e':
Ensure that remove_pusher is always async (#7981)
Ensure the msg property of HttpResponseException is a string. (#7979)
Remove from the event_relations table when purging historical events. (#7978)
Add additional logging for SAML sessions. (#7971)
Add MSC reference to changelog for #7736
Re-implement unread counts (#7736)
Various improvements to the docs (#7899)
Convert storage layer to async/await. (#7963)
Add an option to disable purge in delete room admin API (#7964)
Move some log lines from default logger to sql/transaction loggers (#7952)
Use the JSON module from the std library instead of simplejson. (#7936)
Fix exit code for `check_line_terminators.sh` (#7970)
Option to allow server admins to join complex rooms (#7902)
Fix typo in metrics docs (#7966)
Add script for finding files with unix line terminators (#7965)
Convert the remaining media repo code to async / await. (#7947)
Convert a synapse.events to async/await. (#7949)
Convert groups and visibility code to async / await. (#7951)
Convert push to async/await. (#7948)
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Add option ```purge``` to ```POST /_synapse/admin/v1/rooms/<room_id>/delete```
Fixes: #3761
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Bug introduced in https://github.com/matrix-org/synapse-dinsic/commit/ff91a451b
We were checking whether the `nextLink` param was valid, even if it wasn't provided. In that case, `nextLink` was `None`, which would clearly not be a valid URL.
This would prevent password reset and other operations if `nextLink` was not provided and the `next_link_domain_whitelist` config option was in use.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| | |
| |
| |
| | |
This reverts commit a3fbc23c39c0366392fd51faf0b1696f1f1d21c7.
|
