| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| | |
* make the OIDC bits of the test work at a higher level - via the REST api instead of poking the OIDCHandler directly.
* Move it to test_login.py, where I think it fits better.
|
| |\| |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| | |
* Add complete test for UI-Auth-via-SSO.
* review comments
|
| |\| |
|
| | |
| |
| | |
This only applies if the user's data is to be erased.
|
| |\| |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
black seems to want to reformat this, despite `black --check` being happy with
it :/
|
| |\| |
|
| | |
| |
| | |
If we are lacking an optional dependency, skip the tests that rely on it.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Implement CasHandler.handle_redirect_request
... to make it match OidcHandler and SamlHandler
* Clean up interface for OidcHandler.handle_redirect_request
Make it accept `client_redirect_url=None`.
* Clean up interface for `SamlHandler.handle_redirect_request`
... bring it into line with CAS and OIDC by making it take a Request parameter,
move the magic for `client_redirect_url` for UIA into the handler, and fix the
return type to be a `str` rather than a `bytes`.
* Define a common protocol for SSO auth provider impls
* Give SsoIdentityProvider an ID and register them
* Combine the SSO Redirect servlets
Now that the SsoHandler knows about the identity providers, we can combine the
various *RedirectServlets into a single implementation which delegates to the
right IdP.
* changelog
|
| | |
| |
| |
| | |
Tests were broken due to an API changing. The code used in Synapse
proper should be compatible with both versions already.
|
| |\| |
|
| | | |
|
| | | |
|
| |\| |
|
| | |\
| | |
| | | |
More preparatory refactoring of the OidcHandler tests
|
| | | | |
|
| | | |
| | |
| | |
| | | |
This was never used, so let's get rid of it.
|
| | | |
| | |
| | |
| | | |
this didn't seem to be doing a lot, so remove it.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The two are equivalent, but really we want to check the HTTP result that got
returned to the channel, not the code that the Request object *intended* to
return to the channel.
|
| |\ \ \
| | |/
| |/| |
|
| | |/
| |
| |
| |
| | |
despite the warnings saying "don't implement get_extra_attributes", we had
implemented it, so the tests weren't doing what we thought they were.
|
| |\| |
|
| | |
| |
| | |
Fixes #8866
|
| |\| |
|
| | |
| |
| |
| | |
The spec says we should return `M_FORBIDDEN` when someone tries to register and
registration is disabled.
|
| | |\
| | |
| | | |
UIA: offer only available auth flows
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
During user-interactive auth, do not offer password auth to users with no
password, nor SSO auth to users with no SSO.
Fixes #7559.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replaces the `federation_ip_range_blacklist` configuration setting with an
`ip_range_blacklist` setting with wider scope. It now applies to:
* Federation
* Identity servers
* Push notifications
* Checking key validitity for third-party invite events
The old `federation_ip_range_blacklist` setting is still honored if present, but
with reduced scope (it only applies to federation and identity servers).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
mainline to dinsic (#93)
This PR is simply porting https://github.com/matrix-org/synapse/pull/9372 to dinsic.
I also had to bring in https://github.com/matrix-org/synapse/pull/8821 and https://github.com/matrix-org/synapse/pull/9084 for this code to work properly - a sign that we should merge mainline into dinsic again soon.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement knocking as defined by https://github.com/matrix-org/matrix-doc/pull/2403
This is the base knocking stuff, taken from https://github.com/matrix-org/synapse/pull/6739
and does not include any public room directory changes.
While knocking hasn't merged yet on mainline due to waiting on getting Complement
into Synapse's CI, the code has been well-tested.
|
| | | |
|
| | |
| |
| |
| | |
provided (#77)
|
| |\| |
|
| | |
| |
| |
| |
| | |
(#8854)
This PR adds a `room_version` argument to the `RestHelper`'s `create_room_as` function for tests. I plan to use this for testing knocking, which currently uses an unstable room version.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The spec requires synapse to support `identifier` dicts for `m.login.password`
user-interactive auth, which it did not (instead, it required an undocumented
`user` parameter.)
To fix this properly, we need to pull the code that interprets `identifier`
into `AuthHandler.validate_login` so that it can be called from the UIA code.
Fixes #5665.
|
| |\| |
|
| | |
| |
| |
| |
| | |
(#8565)
Changes `@cache_in_self` to use underscore-prefixed attributes.
|
| |\| |
|
| | |
| |
| | |
These are now only available via `/_synapse/admin/v1`.
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
remove the stubbing out of `request.process`, so that `requestReceived` also renders the request via the appropriate resource.
Replace render() with a stub for now.
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Where we want to render a request against a specific Resource, call the global
make_request() function rather than the one in HomeserverTestCase, allowing us
to pass in an appropriate `Site`.
|
| |\ \ \
| | |/
| |/| |
|
| | | |
| | |
| | |
| | | |
Some tests want to set some custom HTTP request headers, so provide a way to do
that before calling requestReceived().
|
| |\ \ \
| | |/
| |/| |
|
| | | | |
|
| | |/ |
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
another user. (#8616)
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't).
A future PR will add an API for creating such a token.
When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
|
| |\| |
|
| | | |
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
Support returning a new event dict from `check_event_allowed`.
|
| |\| |
|
| | |
| |
| |
| |
| | |
(#8476)
Should fix #3365.
|
| | |
| |
| |
| |
| | |
This PR allows Synapse modules making use of the `ModuleApi` to create and send non-membership events into a room. This can useful to have modules send messages, or change power levels in a room etc. Note that they must send event through a user that's already in the room.
The non-membership event limitation is currently arbitrary, as it's another chunk of work and not necessary at the moment.
|
| | |
| |
| | |
All handlers now available via get_*_handler() methods on the HomeServer.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* Optimise and test state fetching for 3p event rules
Getting all the events at once is much more efficient than getting them
individually
* Test that 3p event rules can modify events
|
| | |\
| | |
| | | |
Fix third-party event modules for `check_visibility_can_be_modified` check
|
| | | |
| | |
| | |
| | |
| | |
| | | |
PR #8292 tried to maintain backwards compat with modules which don't provide a
`check_visibility_can_be_modified` method, but the tests weren't being run,
and the check didn't work.
|
| | |/
| |
| |
| | |
Per https://github.com/matrix-org/matrix-doc/pull/2788
|
| | |
| |
| |
| |
| | |
This PR allows `ThirdPartyEventRules` modules to view, manipulate and block changes to the state of whether a room is published in the public rooms directory.
While the idea of whether a room is in the public rooms list is not kept within an event in the room, `ThirdPartyEventRules` generally deal with controlling which modifications can happen to a room. Public rooms fits within that idea, even if its toggle state isn't controlled through a state event.
|
| | |
| |
| |
| | |
'Invalid Token' page (#74)
|
| | |
| |
| |
| | |
Tests were broken due to an API changing. The code used in Synapse
proper should be compatible with both versions already.
|
| | |
| |
| |
| |
| |
| |
| | |
creating a room (#68)
The createRoom flow in DINUM's Synapse (through the AccessRules module which has hooks for all of this) already rejects a power levels content dict if it doesn't have high enough power levels to satisfy DINUM's [requirements](https://github.com/matrix-org/synapse-dinsic/blob/ac50ed353b5fdbdf9f853be0d94b6fccaf33973e/synapse/third_party_rules/access_rules.py#L233-L252).
This PR ensures that any keys that aren't provided are replaced with the defaults, instead of just assuming the whole dict was correct (and thus those keys were set to mainline Synapse's default instead).
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'cc40a59b4':
1.21.0
Add prometheus metrics to track federation delays (#8430)
Make token serializing/deserializing async (#8427)
Allow additional SSO properties to be passed to the client (#8413)
changelog
Add an improved "forward extremities" metric
Rewrite BucketCollector
Fix _exposition.py to stop stripping samples
Drop support for ancient prometheus_client (#8426)
Various clean ups to room stream tokens. (#8423)
changelog
Report state res metrics to Prometheus and log
Move Measure calls into `resolve_events_with_store`
Expose a `get_resource_usage` method in `Measure`
Move `resolve_events_with_store` into StateResolutionHandler
|
| | |
| |
| | |
The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f43c66d23':
Add support for running Complement against the local checkout (#8317)
Filter out appservices from mau count (#8404)
Only assert valid next_link params when provided (#8417)
Add metrics to track success/otherwise of replication requests (#8406)
Fix handling of connection timeouts in outgoing http requests (#8400)
Changelog
Don't check whether a 3pid is allowed to register during password reset
Add checks for postgres sequence consistency (#8402)
Create a mechanism for marking tests "logcontext clean" (#8399)
Add `ui_auth_sessions_ips` table to `synapse_port_db` ignore list (#8410)
A pair of tiny cleanups in the federation request code. (#8401)
typo
|
| | |
| |
| |
| |
| |
| |
| | |
Broken in https://github.com/matrix-org/synapse/pull/8275 and has yet to be put in a release. Fixes https://github.com/matrix-org/synapse/issues/8418.
`next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL.
This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '4325be1a5':
Fix missing null character check on guest_access room state
Fixed a bug with reactivating users with the admin API (#8362)
Admin API for reported events (#8217)
Fix wording of deprecation notice in changelog
Deprecation warning for synapse admin api being accessible under /_matrix
Create function to check for long names in devices (#8364)
Add a comment re #1691
Fix a bad merge from release-v1.20.0. (#8354)
Admin API for querying rooms where a user is a member (#8306)
Catch-up after Federation Outage (bonus): Catch-up on Synapse Startup (#8322)
Simplify super() calls to Python 3 syntax. (#8344)
Allow appservice users to /login (#8320)
Update test logging to be able to accept braces (#8335)
Move lint dependencies to extras_require (#8330)
|
| | |
| |
| |
| |
| | |
Add ability for ASes to /login using the `uk.half-shot.msc2778.login.application_service` login `type`.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a3a90ee03':
Show a confirmation page during user password reset (#8004)
Do not error when thumbnailing invalid files (#8236)
Remove some unused distributor signals (#8216)
Fixup pusher pool notifications (#8287)
Revert "Fixup pusher pool notifications"
Fixup pusher pool notifications
|
| | |
| |
| |
| |
| | |
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.
This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
|
| |\|
| |
| |
| |
| |
| | |
* commit '453dfe210':
blacklist MSC2753 sytests until it's implemented in synapse (#8285)
Don't remember `enabled` of deleted push rules and properly return 404 for missing push rules in `.../actions` and `.../enabled` (#7796)
|
| | |
| |
| |
| |
| |
| |
| | |
missing push rules in `.../actions` and `.../enabled` (#7796)
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '17fa4c7ca':
Catch up after Federation Outage (split, 2): Track last successful stream ordering after transmission (#8247)
Catch-up after Federation Outage (split, 1) (#8230)
Fix type signature in simple_select_one_onecol and friends (#8241)
Stop sub-classing object (#8249)
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
* commit '112266eaf':
Add StreamStore to mypy (#8232)
Re-implement unread counts (again) (#8059)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '0d4f614fd':
Refactor `_get_e2e_device_keys_for_federation_query_txn` (#8225)
Add experimental support for sharding event persister. (#8170)
Add /user/{user_id}/shared_rooms/ api (#7785)
Do not try to store invalid data in the stats table (#8226)
Convert the main methods run by the reactor to async. (#8213)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add shared_rooms api
* Add changelog
* Add .
* Wrap response in {"rooms": }
* linting
* Add unstable_features key
* Remove options from isort that aren't part of 5.x
`-y` and `-rc` are now default behaviour and no longer exist.
`dont-skip` is no longer required
https://timothycrosley.github.io/isort/CHANGELOG/#500-penny-july-4-2020
* Update imports to make isort happy
* Add changelog
* Update tox.ini file with correct invocation
* fix linting again for isort
* Vendor prefix unstable API
* Fix to match spec
* import Codes
* import Codes
* Use FORBIDDEN
* Update changelog.d/7785.feature
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Implement get_shared_rooms_for_users
* a comma
* trailing whitespace
* Handle the easy feedback
* Switch to using runInteraction
* Add tests
* Feedback
* Seperate unstable endpoint from v2
* Add upgrade node
* a line
* Fix style by adding a blank line at EOF.
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Tulir Asokan <tulir@maunium.net>
* Update synapse/storage/databases/main/user_directory.py
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Update UPGRADE.rst
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fix UPGRADE/CHANGELOG unstable paths
unstable unstable unstable
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
|
| |\|
| |
| |
| |
| | |
* commit 'e00816ad9':
Do not yield on awaitables in tests. (#8193)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a466b6797':
Reduce run-times of tests by advancing the reactor less (#7757)
Update debian systemd service to use Type=notify (#8169)
Remove remaining is_guest argument uses from get_room_data calls (#8181)
Do not propagate typing notifications from shadow-banned users. (#8176)
Remove unused parameter from, and add safeguard in, get_room_data (#8174)
Add required Debian dependencies to allow docker builds on the arm platform (#8144)
Allow running mypy directly. (#8175)
Update the test federation client to handle streaming responses (#8130)
Do not propagate profile changes of shadow-banned users into rooms. (#8157)
Make SlavedIdTracker.advance have same interface as MultiWriterIDGenerator (#8171)
Convert simple_select_one and simple_select_one_onecol to async (#8162)
|
| | |
| |
| |
| |
| |
| |
| | |
#8174 removed the `is_guest` parameter from `get_room_data`, at the same time that #8157 was merged using it, colliding together to break unit tests on develop.
This PR removes the `is_guest` parameter from the call in the broken test.
Uses the same changelog as #8174.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Small cleanup PR.
* Removed the unused `is_guest` argument
* Added a safeguard to a (currently) impossible code path, fixing static checking at the same time.
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '56efa9ec7': (22 commits)
Fix rate limiting unit tests. (#8167)
Add functions to `MultiWriterIdGen` used by events stream (#8164)
Do not allow send_nonmember_event to be called with shadow-banned users. (#8158)
Changelog fixes
Make StreamIdGen `get_next` and `get_next_mult` async (#8161)
Wording fixes to 'name' user admin api filter (#8163)
Fix missing double-backtick in RST document
Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)
Add type hints for state. (#8140)
Stop shadow-banned users from sending non-member events. (#8142)
Allow capping a room's retention policy (#8104)
Add healthcheck for default localhost 8008 port on /health endpoint. (#8147)
Fix flaky shadow-ban tests. (#8152)
Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on (#7991)
Do not apply ratelimiting on joins to appservices (#8139)
Micro-optimisations to get_auth_chain_ids (#8132)
Allow denying or shadow banning registrations via the spam checker (#8034)
Stop shadow-banned users from sending invites. (#8095)
Be more tolerant of membership events in unknown rooms (#8110)
Improve the error code when trying to register using a name reserved for guests. (#8135)
...
|
| | |
| |
| |
| | |
These were passing on the release-v1.19.1 branch but started failing once merged
to develop.
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Synapse 1.19.1rc1 (2020-08-25)
==============================
Bugfixes
--------
- Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. ([\#8139](https://github.com/matrix-org/synapse/issues/8139))
- Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. ([\#8153](https://github.com/matrix-org/synapse/issues/8153))
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | | |
* commit 'b79d69796':
1.19.1rc1
Fix join ratelimiter breaking profile updates and idempotency (#8153)
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit 'c9c544cda':
Remove `ChainedIdGenerator`. (#8123)
Switch the JSON byte producer from a pull to a push producer. (#8116)
Updated docs: Added note about missing 308 redirect support. (#8120)
Be stricter about JSON that is accepted by Synapse (#8106)
Convert runWithConnection to async. (#8121)
Remove the unused inlineCallbacks code-paths in the caching code (#8119)
Separate `get_current_token` into two. (#8113)
Convert events worker database to async/await. (#8071)
Add a link to the matrix-synapse-rest-password-provider. (#8111)
|
| | |/ |
|
| |\|
| |
| |
| |
| | |
* commit '5dd73d029':
Add type hints to handlers.message and events.builder (#8067)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '2ffd6783c':
Revert #7736 (#8039)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'd4a7829b1':
Convert synapse.api to async/await (#8031)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '66f24449d':
Improve performance of the register endpoint (#8009)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '5d92a1428':
Prevent join->join membership transitions changing member count (#7977)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`StatsHandler` handles updates to the `current_state_delta_stream`, and updates room stats such as the amount of state events, joined users, etc.
However, it counts every new join membership as a new user entering a room (and that user being in another room), whereas it's possible for a user's membership status to go from join -> join, for instance when they change their per-room profile information.
This PR adds a check for join->join membership transitions, and bails out early, as none of the further checks are necessary at that point.
Due to this bug, membership stats in many rooms have ended up being wildly larger than their true values. I am not sure if we also want to include a migration step which recalculates these statistics (possibly using the `_populate_stats_process_rooms` bg update).
Bug introduced in the initial implementation https://github.com/matrix-org/synapse/pull/4338.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3950ae51e':
Ensure that remove_pusher is always async (#7981)
Ensure the msg property of HttpResponseException is a string. (#7979)
Remove from the event_relations table when purging historical events. (#7978)
Add additional logging for SAML sessions. (#7971)
Add MSC reference to changelog for #7736
Re-implement unread counts (#7736)
Various improvements to the docs (#7899)
Convert storage layer to async/await. (#7963)
Add an option to disable purge in delete room admin API (#7964)
Move some log lines from default logger to sql/transaction loggers (#7952)
Use the JSON module from the std library instead of simplejson. (#7936)
Fix exit code for `check_line_terminators.sh` (#7970)
Option to allow server admins to join complex rooms (#7902)
Fix typo in metrics docs (#7966)
Add script for finding files with unix line terminators (#7965)
Convert the remaining media repo code to async / await. (#7947)
Convert a synapse.events to async/await. (#7949)
Convert groups and visibility code to async / await. (#7951)
Convert push to async/await. (#7948)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If the last admin of a room departs, and thus the room no longer has any admins within it, we "freeze" the room. Freezing a room means that the power level required to do anything in the room (sending messages, inviting others etc) will require power level 100.
At the moment, an admin can come back and unfreeze the room manually. The plan is to eventually make unfreezing of the room automatic on admin rejoin, though that will be in a separate PR.
This *could* work in mainline, however if the admin who leaves is on a homeserver without this functionality, then the room isn't frozen. I imagine this would probably be pretty confusing to people. Part of this feature was allowing Synapse modules to send events, which has been implemented in mainline at https://github.com/matrix-org/synapse/pull/8479, and cherry-picked to the `dinsic` fork in 62c7b10. The actual freezing logic has been implemented here in the RoomAccessRules module.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This PR allows Synapse modules making use of the `ModuleApi` to create and send non-membership events into a room. This can useful to have modules send messages, or change power levels in a room etc. Note that they must send event through a user that's already in the room.
The non-membership event limitation is currently arbitrary, as it's another chunk of work and not necessary at the moment.
This commit has been cherry-picked from mainline.
|
| | |
| |
| |
| |
| | |
Swap these calls around, as the check for changing `restricted` to `unrestricted` will actually change `self.restricted_room` to an unrestricted room.
Do that last, instead of first. Additionally add a comment with a warning.
|
| | |
| |
| |
| |
| |
| |
| | |
join rules on rule change (#63)
This PR switches several conditions regarding room access rules to check against the status of the room's inclusion in the public room list instead of its join rules.
The code includes a snapshot of https://github.com/matrix-org/synapse/pull/8292, which will likely change in time and need merging in again.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
admin requirements for unknown state events (#61)
This PR modifies the `RoomAccessRules` module, an implementation of `ThirdPartyEventRules`, to both:
* Modify the default power levels when creating a room to set:
- `invite` to be minimum PL50
- `state_default` to be minimum PL100
* Enforce this when creating the room.
|
| | |
| |
| |
| |
| |
| |
| | |
Various cleanups of the DINUM-specific `RoomAccessRules` module, including:
* Type hints
* Docstring cleanups
* Some code cleanups
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'a973bcb8a':
Add some tiny type annotations (#7870)
Remove obsolete comment.
Ensure that calls to `json.dumps` are compatible with the standard library json. (#7836)
Avoid brand new rooms in `delete_old_current_state_events` (#7854)
Allow accounts to be re-activated from the admin APIs. (#7847)
Fix tests
Fix typo
Newsfile
Use get_users_in_room rather than state handler in typing for speed
Fix client reader sharding tests (#7853)
Convert E2E key and room key handlers to async/await. (#7851)
Return the proper 403 Forbidden error during errors with JWT logins. (#7844)
remove `retry_on_integrity_error` wrapper for persist_events (#7848)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '77d2c0541':
Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '66a4af8d9':
Do not use canonicaljson to magically handle decoding bytes from JSON. (#7802)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '43726783e': (22 commits)
1.17.0rc1
Fix some spelling mistakes / typos. (#7811)
`update_membership` declaration: now always returns an event id. (#7809)
Improve stacktraces from exceptions in background processes (#7808)
Fix `can only concatenate list (not "tuple") to list` exception (#7810)
Pass original request headers from workers to the main process. (#7797)
Generate real events when we reject invites (#7804)
Add `HomeServer.signing_key` property (#7805)
Revert "Update the installation docs on apt-transport-https (#7801)"
Do not use simplejson in Synapse. (#7800)
Stop passing bytes when dumping JSON (#7799)
Update the installation docs on apt-transport-https (#7801)
shuffle changelog slightly
Change Caddy links (old is deprecated) (#7789)
Stop populating unused table `local_invites`. (#7793)
Refactor getting replication updates from database v2. (#7740)
Add libwebp dependency to Dockerfile (#7791)
Add documentation for JWT login type and improve sample config. (#7776)
Convert the appservice handler to async/await. (#7775)
Don't ignore `set_tweak` actions with no explicit `value`. (#7766)
...
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '5cdca53aa':
Merge different Resource implementation classes (#7732)
Fix inconsistent handling of upper and lower cases of email addresses. (#7021)
Allow YAML config file to contain None (#7779)
Fix a typo.
Move 1.15.2 after 1.16.0rc2.
1.16.0rc2
Remove an extraneous space.
Add links to the fixes.
Fix tense in the release notes.
Hack to add push priority to push notifications (#7765)
Add early returns to `_check_for_soft_fail` (#7769)
Use symbolic names for replication stream names (#7768)
Type checking for `FederationHandler` (#7770)
Fix new metric where we used ms instead of seconds (#7771)
Fix incorrect error message when database CTYPE was set incorrectly. (#7760)
Pin link in CHANGES.md
Fixes to CHANGES.md
|
| | |
| |
| | |
fixes #7016
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'dc80a0762':
1.16.0rc1
Back out MSC2625 implementation (#7761)
Additional configuration options for auto-join rooms (#7763)
Add some metrics for inbound and outbound federation processing times (#7755)
Explain the purpose of the "tests" conditional dependency requirement (#7751)
Add another yield point to state res v2 (#7746)
Move flake8 to end. Don't exit script on failure (#7738)
Make tox actions work on Debian 10 (#7703)
Yield during large v2 state res. (#7735)
add org.matrix.login.jwt so that m.login.jwt can be deprecated (#7675)
Set Content-Length for Metrics requests (#7730)
Sync ignored table names in synapse_port_db to current database schema (#7717)
Allow local media to be marked as safe from being quarantined. (#7718)
Convert directory handler to async/await (#7727)
Speed up state res v2 across large state differences. (#7725)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit 'a3f11567d':
Replace all remaining six usage with native Python 3 equivalents (#7704)
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.15.x
* 'release-v1.15.0' of github.com:matrix-org/synapse: (55 commits)
1.15.0
Fix some attributions
Update CHANGES.md
1.15.0rc1
Revert "1.15.0rc1"
1.15.0rc1
Fix bug in account data replication stream. (#7656)
Convert the registration handler to async/await. (#7649)
Accept device information at the login fallback endpoint. (#7629)
Convert user directory handler and related classes to async/await. (#7640)
Add an option to disable autojoin for guest accounts (#6637)
Clarifications to the admin api documentation (#7647)
Update to the stable SSO prefix for UI Auth. (#7630)
Fix type information on `assert_*_is_admin` methods (#7645)
Remove some unused constants. (#7644)
Typo fixes.
Allow new users to be registered via the admin API even if the monthly active user limit has been reached (#7263)
Add device management to admin API (#7481)
Attempt to fix PhoneHomeStatsTestCase.test_performance_100 being flaky. (#7634)
Support CS API v0.6.0 (#6585)
...
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:
* Rather undocumented, and
* causing a *lot* of config checks
This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation.
Best to be reviewed commit-by-commit.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
email has been verified (#48)
* Just ignore the `username` parameter on registration as it's not used by DINUM
* Have `/register/available` always return `true`
|
| | |
| |
| | |
This is a performance-related improvement to #13, which queried and hid active *and* already inactive users, one-by-one. This PR updates the code to query only **active**, expired users, all at once, and then mark them as inactive, all at once.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.14.0' of github.com:matrix-org/synapse: (108 commits)
Fix typo in PR link
Update debian changelog
1.14.0
Improve changelog wording
1.14.0rc2
Fix sample config docs error (#7581)
Fix up comments
Fix specifying cache factors via env vars with * in name. (#7580)
Don't apply cache factor to event cache. (#7578)
Ensure ReplicationStreamer is always started when replication enabled. (#7579)
Remove the changes to the debian changelog
Not full release yet, this is rc1
Merge event persistence move changelog entries
More changelog fix
Changelog fixes
1.14.0
Replace device_27_unique_idx bg update with a fg one (#7562)
Fix incorrect exception handling in KeyUploadServlet.on_POST (#7563)
Fix recording of federation stream token (#7564)
Simplify reap_monthly_active_users (#7558)
...
|
| | |
| |
| |
| | |
Mainly because sometimes the email push code raises exceptions where the
stack traces have gotten lost, which is hopefully fixed by this.
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dinsic-release-v1.14.x
* 'release-v1.13.0' of github.com:matrix-org/synapse: (257 commits)
Update changelog based on feedback.
Move warnings in the changelog and re-iterate changes to branches.
1.13.0
update dh-virtualenv (#7526)
1.13.0rc3
Hash passwords earlier in the registration process (#7523)
1.13.0rc2
1.13.0rc2
Stop `get_joined_users` corruption from custom statuses (#7376)
Do not validate that the client dict is stable during UI Auth. (#7483)
Fix new flake8 errors (#7489)
Don't UPGRADE database rows
RST indenting
Put rollback instructions in upgrade notes
Fix changelog typo
Oh yeah, RST
Absolute URL it is then
Fix upgrade notes link
Provide summary of upgrade issues in changelog. Fix )
Move next version notes from changelog to upgrade notes
...
|
| | |
| |
| |
| | |
This backs out some of the validation for the client dictionary and logs if
this changes during a user interactive authentication session instead.
|
| | |
| |
| |
| | |
Be less strict about validation of UI authentication sessions during
registration to match client expecations.
|
| | |
| |
| |
| |
| | |
By persisting the user interactive authentication sessions to the database, this fixes
situations where a user hits different works throughout their auth session and also
allows sessions to persist through restarts of Synapse.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Factor out functions for injecting events into database
I want to add some more flexibility to the tools for injecting events into the
database, and I don't want to clutter up HomeserverTestCase with them, so let's
factor them out to a new file.
* Rework TestReplicationDataHandler
This wasn't very easy to work with: the mock wrapping was largely superfluous,
and it's useful to be able to inspect the received rows, and clear out the
received list.
* Fix AssertionErrors being thrown by EventsStream
Part of the problem was that there was an off-by-one error in the assertion,
but also the limit logic was too simple. Fix it all up and add some tests.
|
| | |
| |
| |
| |
| |
| | |
matrix-org/babolivier/request_token""
This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
|
| | | |
|
| | | |
|
| | | |
|
| | |\
| | |
| | | |
Add tests for outbound device pokes
|
| | | |
| | |
| | |
| | |
| | | |
this is never set to anything other than "test", and is a source of unnecessary
boilerplate.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
That fallback sets the redirect URL to itself (so it can process the login
token then return gracefully to the client). This would make it pointless to
ask the user for confirmation, since the URL the confirmation page would be
showing wouldn't be the client's.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Pull Sentinel out of LoggingContext
... and drop a few unnecessary references to it
* Factor out LoggingContext.current_context
move `current_context` and `set_context` out to top-level functions.
Mostly this means that I can more easily trace what's actually referring to
LoggingContext, but I think it's generally neater.
* move copy-to-parent into `stop`
this really just makes `start` and `stop` more symetric. It also means that it
behaves correctly if you manually `set_log_context` rather than using the
context manager.
* Replace `LoggingContext.alive` with `finished`
Turn `alive` into `finished` and make it a bit better defined.
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '60724c46b':
Remove special casing of `m.room.aliases` events (#7034)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
(#7053)"
This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing
changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* commit 'fd983fad9':
v1.11.1
Fix wrong handler being used in SAML handler
Factor out complete_sso_login and expose it to the Module API
Add a whitelist for the SSO confirmation step.
Add a confirmation step to the SSO login flow
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | | |
* commit '7dcbc33a1':
Validate the alt_aliases property of canonical alias events (#6971)
|
| | | |/
| |/| |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '509e381af':
Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)
changelog
Increase MAX_EVENTS_BEHIND for replication clients
|
| | |/
| |
| |
| | |
Ensure good comprehension hygiene using flake8-comprehensions.
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* commit '2fb7794e6':
changelog
Make room alias lists peekable
Add `allow_departed_users` param to `check_in_room_or_world_readable`
Refactor the membership check methods in Auth
|
| | |\
| | |
| | | |
Make room alias lists peekable
|
| | | |
| | |
| | |
| | |
| | |
| | | |
As per
https://github.com/matrix-org/matrix-doc/pull/2432#pullrequestreview-360566830,
make room alias lists accessible to users outside world_readable rooms.
|
| |\| |
| | |
| | |
| | |
| | | |
* commit '880aaac1d':
Move MSC2432 stuff onto unstable prefix (#6948)
|
| | |/
| |
| | |
it's not in the spec yet, so needs to be unstable. Also add a feature flag for it. Also add a test for admin users.
|
| |\|
| |
| |
| |
| | |
* commit 'adfaea8c6':
Implement GET /_matrix/client/r0/rooms/{roomId}/aliases (#6939)
|
| | |
| |
| |
| |
| | |
per matrix-org/matrix-doc#2432
|
| |\|
| |
| |
| |
| | |
* commit '3404ad289':
Raise the default power levels for invites, tombstones and server acls (#6834)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '184303b86':
MSC2260: Block direct sends of m.room.aliases events (#6794)
|
| | |
| |
| |
| |
| | |
as per MSC2260
|
| |\|
| |
| |
| |
| | |
* commit '74b74462f':
Fix `/events/:event_id` deprecated API. (#6731)
|
| | | |
|
| |\|
| |
| |
| |
| | |
* commit '28c98e51f':
Add `local_current_membership` table (#6655)
|
| | |
| |
| |
| |
| |
| |
| | |
Currently we rely on `current_state_events` to figure out what rooms a
user was in and their last membership event in there. However, if the
server leaves the room then the table may be cleaned up and that
information is lost. So lets add a table that separately holds that
information.
|
| |\|
| |
| |
| |
| | |
* commit '1177d3f3a':
Quarantine media by ID or user ID (#6681)
|
| | | |
|
| | |\ |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '631653036':
Incorporate review
Update changelog.d/6553.bugfix
Lint
Add test case
Changelog
Update the documentation of the filtering function
Use the filtered version of an event when responding to /context requests for that event
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | | |
* commit 'bfb95654c':
Add option to allow profile queries without sharing a room (#6523)
|
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '31905a518':
Newsfile
Port handlers.account_validity to async/await.
Port handlers.account_data to async/await.
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit 'a9b393340':
Fixup functions to consistently return deferreds
Newsfile
Port SyncHandler to async/await
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| | |
* commit 'af5d0ebc7':
Newsfile
Fixup tests
Port rest/v1 to async/await
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'c530f9af4':
Un-remove room purge test
Incorporate review
Format changelog
Update changelog since this isn't going to be featured in 1.6.0
Also filter state events
Only filter if a filter was provided
Update copyright
Lint
Update copyrights
Changelog
Add tests for /search
Merge labels tests for /context and /messages
Add test case
Filter events_before and events_after in /context requests
|
| | |\
| | |
| | | |
Filter state, events_before and events_after in /context requests
|
| | | | |
|
| | | |\
| | | |
| | | |
| | | | |
into babolivier/context_filters
|
| | | | |\ |
|
| | | |\ \ \
| | | |/ /
| | |/| | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '54dd5dc12':
Add ephemeral messages support (MSC2228) (#6409)
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are:
* the feature is hidden behind a configuration flag (`enable_ephemeral_messages`)
* self-destruction doesn't happen for state events
* only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one)
* doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* commit '81731c6e7':
Fix: Pillow error when uploading RGBA image (#3325) (#6241)
Add User-Interactive Auth to /account/3pid/add (#6119)
Lint
Changelog
Discard retention policies when retrieving state
blacklist more tests
Newsfile
Add tests
Propagate reason in remotely rejected invites
MSC2367 Allow reason field on all member events
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* commit 'd31f69afa':
clean up buildkite output
Don't restrict the tests to v1 rooms
Fix worker mode
Fix 3PID invite exchange
Lint again
Lint again
Lint
Don't apply retention policy based filtering on state events
Implement per-room message retention policies
|
| | |\ \ \
| | | | |
| | | | | |
Implement message retention policies (MSC1763)
|
| | | |\ \ \
| | | | |/
| | | |/| |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
As per MSC1763, 'Retention is only considered for non-state events.', so don't filter out state events based on the room's retention policy.
|
| | | | |/
| | |/| |
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
public_baseurl (#6379)
* commit 'ce578031f':
Remove assertion and provide a clear warning on startup for missing public_baseurl (#6379)
|
| | | |/
| |/|
| | |
| | | |
public_baseurl (#6379)
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | | |
* commit '78cfc05fc':
Lint
Changelog
Test if a purge can make /messages return 500 responses
|
| | | | |
|
| | |/ |
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f496d2587':
Incorporate review
Factor out an _AsyncEventContextImpl (#6298)
Update synapse/storage/data_stores/main/schema/delta/56/event_labels.sql
Add more data to the event_labels table and fix the indexes
Add unstable feature flag
Lint
Incorporate review
Lint
Changelog
Add integration tests for /messages
Add more integration testing
Add integration tests for sync
Add unit tests
Add index on label
Implement filtering
Store labels for new events
Add database table for keeping track of labels on events
|
