summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2021-02-19 10:06:01 +0000
committerErik Johnston <erik@matrix.org>2021-02-19 10:06:01 +0000
commit5054eb291e540d669da5d9939cad88f06eef8422 (patch)
tree5cfbe022208927233e9e73676e09e75ed7a83c3a
parentmore login hacking (diff)
parentUpdate the CHANGES document. (diff)
downloadsynapse-5054eb291e540d669da5d9939cad88f06eef8422.tar.xz
Merge remote-tracking branch 'origin/release-v1.28.0' into matrix-org-hotfixes
Diffstat
-rw-r--r--.circleci/config.yml4


-rw-r--r--CHANGES.md91


-rw-r--r--UPGRADE.rst23


-rw-r--r--changelog.d/9003.misc1


-rw-r--r--changelog.d/9123.misc1


-rw-r--r--changelog.d/9150.feature1


-rw-r--r--changelog.d/9240.misc1


-rw-r--r--changelog.d/9257.bugfix1


-rw-r--r--changelog.d/9281.doc1


-rw-r--r--changelog.d/9291.doc1


-rw-r--r--changelog.d/9296.bugfix1


-rw-r--r--changelog.d/9299.misc1


-rw-r--r--changelog.d/9300.feature1


-rw-r--r--changelog.d/9301.feature1


-rw-r--r--changelog.d/9305.misc1


-rw-r--r--changelog.d/9307.misc1


-rw-r--r--changelog.d/9308.doc1


-rw-r--r--changelog.d/9311.feature1


-rw-r--r--changelog.d/9317.doc1


-rw-r--r--changelog.d/9321.bugfix1


-rw-r--r--changelog.d/9322.doc1


-rw-r--r--changelog.d/9326.misc1


-rw-r--r--changelog.d/9333.bugfix1


-rw-r--r--changelog.d/9361.bugfix1


-rw-r--r--changelog.d/9362.misc1


-rw-r--r--changelog.d/9376.feature1


-rw-r--r--changelog.d/9377.misc1


-rw-r--r--changelog.d/9381.misc1


-rw-r--r--changelog.d/9384.misc1


-rw-r--r--changelog.d/9391.bugfix1


-rw-r--r--changelog.d/9393.bugfix1


-rw-r--r--changelog.d/9394.misc1


-rw-r--r--changelog.d/9395.bugfix1


-rw-r--r--changelog.d/9396.misc1


-rw-r--r--changelog.d/9400.feature1


-rw-r--r--changelog.d/9404.doc1


-rw-r--r--changelog.d/9407.doc1


-rw-r--r--changelog.d/9408.misc1


-rw-r--r--changelog.d/9425.bugfix1


-rw-r--r--docs/reverse_proxy.md8


-rw-r--r--docs/sample_config.yaml6


-rw-r--r--synapse/__init__.py2


-rw-r--r--synapse/config/auth.py10


-rw-r--r--synapse/handlers/user_directory.py4


-rw-r--r--synapse/http/client.py26


-rw-r--r--synapse/rest/synapse/client/__init__.py6


-rw-r--r--synapse/storage/databases/main/user_directory.py8


-rw-r--r--tests/http/test_client.py9


-rw-r--r--tests/rest/client/v2_alpha/test_auth.py2


49 files changed, 148 insertions, 87 deletions
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 375a7f7b04..1ac48a71ba 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -14,7 +14,7 @@ jobs:
           platforms: linux/amd64
       - docker_build:
           tag: -t matrixdotorg/synapse:${CIRCLE_TAG}
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          platforms: linux/amd64,linux/arm64
 
   dockerhubuploadlatest:
     docker:
@@ -27,7 +27,7 @@ jobs:
       # until all of the platforms are built.
       - docker_build:
           tag: -t matrixdotorg/synapse:latest
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          platforms: linux/amd64,linux/arm64
 
 workflows:
   build:
diff --git a/CHANGES.md b/CHANGES.md
index d9afcaa52b..67ebf86d6d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,9 +1,98 @@
+Synapse 1.28.0rc1 (2021-02-18)
+==============================
+
+Note that this release drops support for ARMv7 in the official Docker images, due to repeated problems building for ARMv7 (and the associated maintenance burden this entails).
+
+This release also fixes the documentation included in v1.27.0 around the callback URI for SAML2 identity providers. If your server is configured to use single sign-on via a SAML2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
+
+Removal warning
+---------------
+
+The v1 list accounts API is deprecated and will be removed in a future release.
+This API was undocumented and misleading. It can be replaced by the
+[v2 list accounts API](https://github.com/matrix-org/synapse/blob/release-v1.28.0/docs/admin_api/user_admin_api.rst#list-accounts),
+which has been available since Synapse 1.7.0 (2019-12-13).
+
+Please check if you're using any scripts which use the admin API and replace
+`GET /_synapse/admin/v1/users/<user_id>` with `GET /_synapse/admin/v2/users`.
+
+
+Features
+--------
+
+- New admin API to get the context of an event: `/_synapse/admin/rooms/{roomId}/context/{eventId}`. ([\#9150](https://github.com/matrix-org/synapse/issues/9150))
+- Further improvements to the user experience of registration via single sign-on. ([\#9300](https://github.com/matrix-org/synapse/issues/9300), [\#9301](https://github.com/matrix-org/synapse/issues/9301))
+- Add hook to spam checker modules that allow checking file uploads and remote downloads. ([\#9311](https://github.com/matrix-org/synapse/issues/9311))
+- Add support for receiving OpenID Connect authentication responses via form `POST`s rather than `GET`s. ([\#9376](https://github.com/matrix-org/synapse/issues/9376))
+- Add the shadow-banning status to the admin API for user info. ([\#9400](https://github.com/matrix-org/synapse/issues/9400))
+
+
+Bugfixes
+--------
+
+- Fix long-standing bug where sending email notifications would fail for rooms that the server had since left. ([\#9257](https://github.com/matrix-org/synapse/issues/9257))
+- Fix bug in Synapse 1.27.0rc1 which meant the "session expired" error page during SSO registration was badly formatted. ([\#9296](https://github.com/matrix-org/synapse/issues/9296))
+- Assert a maximum length for some parameters for spec compliance. ([\#9321](https://github.com/matrix-org/synapse/issues/9321), [\#9393](https://github.com/matrix-org/synapse/issues/9393))
+- Fix additional errors when previewing URLs: "AttributeError 'NoneType' object has no attribute 'xpath'" and "ValueError: Unicode strings with encoding declaration are not supported. Please use bytes input or XML fragments without declaration.". ([\#9333](https://github.com/matrix-org/synapse/issues/9333))
+- Fix a bug causing Synapse to impose the wrong type constraints on fields when processing responses from appservices to `/_matrix/app/v1/thirdparty/user/{protocol}`. ([\#9361](https://github.com/matrix-org/synapse/issues/9361))
+- Fix bug where Synapse would occasionally stop reconnecting to Redis after the connection was lost. ([\#9391](https://github.com/matrix-org/synapse/issues/9391))
+- Fix a long-standing bug when upgrading a room: "TypeError: '>' not supported between instances of 'NoneType' and 'int'". ([\#9395](https://github.com/matrix-org/synapse/issues/9395))
+- Reduce the amount of memory used when generating the URL preview of a file that is larger than the `max_spider_size`. ([\#9421](https://github.com/matrix-org/synapse/issues/9421))
+- Fix a long-standing bug in the deduplication of old presence, resulting in no deduplication. ([\#9425](https://github.com/matrix-org/synapse/issues/9425))
+- The `ui_auth.session_timeout` config option can now be specified in terms of number of seconds/minutes/etc/. Contributed by Rishabh Arya. ([\#9426](https://github.com/matrix-org/synapse/issues/9426))
+- Fix a bug introduced in v1.27.0: "TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType." related to the user directory. ([\#9428](https://github.com/matrix-org/synapse/issues/9428))
+
+
+Updates to the Docker image
+---------------------------
+
+- Drop support for ARMv7 in Docker images. ([\#9433](https://github.com/matrix-org/synapse/issues/9433))
+
+
+Improved Documentation
+----------------------
+
+- Reorganize CHANGELOG.md. ([\#9281](https://github.com/matrix-org/synapse/issues/9281))
+- Add note to `auto_join_rooms` config option explaining existing rooms must be publicly joinable. ([\#9291](https://github.com/matrix-org/synapse/issues/9291))
+- Correct name of Synapse's service file in TURN howto. ([\#9308](https://github.com/matrix-org/synapse/issues/9308))
+- Fix the braces in the `oidc_providers` section of the sample config. ([\#9317](https://github.com/matrix-org/synapse/issues/9317))
+- Update installation instructions on Fedora. ([\#9322](https://github.com/matrix-org/synapse/issues/9322))
+- Add HTTP/2 support to the nginx example configuration. Contributed by David Vo. ([\#9390](https://github.com/matrix-org/synapse/issues/9390))
+- Update docs for using Gitea as OpenID provider. ([\#9404](https://github.com/matrix-org/synapse/issues/9404))
+- Document that pusher instances are shardable. ([\#9407](https://github.com/matrix-org/synapse/issues/9407))
+- Fix erroneous documentation from v1.27.0 about updating the SAML2 callback URL. ([\#9434](https://github.com/matrix-org/synapse/issues/9434))
+
+
+Deprecations and Removals
+-------------------------
+
+- Deprecate old admin API `GET /_synapse/admin/v1/users/<user_id>`. ([\#9429](https://github.com/matrix-org/synapse/issues/9429))
+
+
+Internal Changes
+----------------
+
+- Fix 'object name reserved for internal use' errors with recent versions of SQLite. ([\#9003](https://github.com/matrix-org/synapse/issues/9003))
+- Add experimental support for running Synapse with PyPy. ([\#9123](https://github.com/matrix-org/synapse/issues/9123))
+- Deny access to additional IP addresses by default. ([\#9240](https://github.com/matrix-org/synapse/issues/9240))
+- Update the `Cursor` type hints to better match PEP 249. ([\#9299](https://github.com/matrix-org/synapse/issues/9299))
+- Add debug logging for SRV lookups. Contributed by @Bubu. ([\#9305](https://github.com/matrix-org/synapse/issues/9305))
+- Improve logging for OIDC login flow. ([\#9307](https://github.com/matrix-org/synapse/issues/9307))
+- Share the code for handling required attributes between the CAS and SAML handlers. ([\#9326](https://github.com/matrix-org/synapse/issues/9326))
+- Clean up the code to load the metadata for OpenID Connect identity providers. ([\#9362](https://github.com/matrix-org/synapse/issues/9362))
+- Convert tests to use `HomeserverTestCase`. ([\#9377](https://github.com/matrix-org/synapse/issues/9377), [\#9396](https://github.com/matrix-org/synapse/issues/9396))
+- Update the version of black used to 20.8b1. ([\#9381](https://github.com/matrix-org/synapse/issues/9381))
+- Allow OIDC config to override discovered values. ([\#9384](https://github.com/matrix-org/synapse/issues/9384))
+- Remove some dead code from the acceptance of room invites path. ([\#9394](https://github.com/matrix-org/synapse/issues/9394))
+- Clean up an unused method in the presence handler code. ([\#9408](https://github.com/matrix-org/synapse/issues/9408))
+
+
 Synapse 1.27.0 (2021-02-16)
 ===========================
 
 Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically.
 
-This release also changes the callback URI for OpenID Connect (OIDC) identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
+This release also changes the callback URI for OpenID Connect (OIDC) and SAML2 identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 or SAML2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
 
 This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
 
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 22edfe0d60..6f628a6947 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -88,20 +88,21 @@ for example:
 Upgrading to v1.27.0
 ====================
 
-Changes to callback URI for OAuth2 / OpenID Connect
----------------------------------------------------
+Changes to callback URI for OAuth2 / OpenID Connect and SAML2
+-------------------------------------------------------------
 
-This version changes the URI used for callbacks from OAuth2 identity providers. If
-your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
-provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
-to the list of permitted "redirect URIs" at the identity provider.
+This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers:
 
-See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
-Connect.
+* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
+  provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
+  to the list of permitted "redirect URIs" at the identity provider.
 
-(Note: a similar change is being made for SAML2; in this case the old URI
-``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
-work, so no immediate changes are required for existing installations.)
+  See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
+  Connect.
+
+* If your server is configured for single sign-on via a SAML2 identity provider, you will
+  need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
+  "ACS location" (also known as "allowed callback URLs") at the identity provider.
 
 Changes to HTML templates
 -------------------------
diff --git a/changelog.d/9003.misc b/changelog.d/9003.misc
deleted file mode 100644
index 557c8b2353..0000000000
--- a/changelog.d/9003.misc
+++ /dev/null
@@ -1 +0,0 @@
-Fix 'object name reserved for internal use' errors with recent versions of SQLite.
diff --git a/changelog.d/9123.misc b/changelog.d/9123.misc
deleted file mode 100644
index 329600c40c..0000000000
--- a/changelog.d/9123.misc
+++ /dev/null
@@ -1 +0,0 @@
-Add experimental support for running Synapse with PyPy.
diff --git a/changelog.d/9150.feature b/changelog.d/9150.feature
deleted file mode 100644
index 48a8148dee..0000000000
--- a/changelog.d/9150.feature
+++ /dev/null
@@ -1 +0,0 @@
-New API /_synapse/admin/rooms/{roomId}/context/{eventId}.
diff --git a/changelog.d/9240.misc b/changelog.d/9240.misc
deleted file mode 100644
index 850201f6cd..0000000000
--- a/changelog.d/9240.misc
+++ /dev/null
@@ -1 +0,0 @@
-Deny access to additional IP addresses by default.
diff --git a/changelog.d/9257.bugfix b/changelog.d/9257.bugfix
deleted file mode 100644
index 5d0bd88dce..0000000000
--- a/changelog.d/9257.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix long-standing bug where sending email push would fail for rooms that the server had since left.
diff --git a/changelog.d/9281.doc b/changelog.d/9281.doc
deleted file mode 100644
index 4dea375f80..0000000000
--- a/changelog.d/9281.doc
+++ /dev/null
@@ -1 +0,0 @@
-Reorganizing CHANGELOG.md.
\ No newline at end of file
diff --git a/changelog.d/9291.doc b/changelog.d/9291.doc
deleted file mode 100644
index 422acd3891..0000000000
--- a/changelog.d/9291.doc
+++ /dev/null
@@ -1 +0,0 @@
-Add note to `auto_join_rooms` config option explaining existing rooms must be publicly joinable.
diff --git a/changelog.d/9296.bugfix b/changelog.d/9296.bugfix
deleted file mode 100644
index d723f8c5bd..0000000000
--- a/changelog.d/9296.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix bug in Synapse 1.27.0rc1 which meant the "session expired" error page during SSO registration was badly formatted.
diff --git a/changelog.d/9299.misc b/changelog.d/9299.misc
deleted file mode 100644
index c883a677ed..0000000000
--- a/changelog.d/9299.misc
+++ /dev/null
@@ -1 +0,0 @@
-Update the `Cursor` type hints to better match PEP 249.
diff --git a/changelog.d/9300.feature b/changelog.d/9300.feature
deleted file mode 100644
index a2d0b27da4..0000000000
--- a/changelog.d/9300.feature
+++ /dev/null
@@ -1 +0,0 @@
-Further improvements to the user experience of registration via single sign-on.
diff --git a/changelog.d/9301.feature b/changelog.d/9301.feature
deleted file mode 100644
index a2d0b27da4..0000000000
--- a/changelog.d/9301.feature
+++ /dev/null
@@ -1 +0,0 @@
-Further improvements to the user experience of registration via single sign-on.
diff --git a/changelog.d/9305.misc b/changelog.d/9305.misc
deleted file mode 100644
index 456bfbfdd7..0000000000
--- a/changelog.d/9305.misc
+++ /dev/null
@@ -1 +0,0 @@
-Add debug logging for SRV lookups. Contributed by @Bubu.
diff --git a/changelog.d/9307.misc b/changelog.d/9307.misc
deleted file mode 100644
index 2f54d1ad07..0000000000
--- a/changelog.d/9307.misc
+++ /dev/null
@@ -1 +0,0 @@
-Improve logging for OIDC login flow.
diff --git a/changelog.d/9308.doc b/changelog.d/9308.doc
deleted file mode 100644
index 847f2908af..0000000000
--- a/changelog.d/9308.doc
+++ /dev/null
@@ -1 +0,0 @@
-Correct name of Synapse's service file in TURN howto.
diff --git a/changelog.d/9311.feature b/changelog.d/9311.feature
deleted file mode 100644
index 293f2118e5..0000000000
--- a/changelog.d/9311.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add hook to spam checker modules that allow checking file uploads and remote downloads.
diff --git a/changelog.d/9317.doc b/changelog.d/9317.doc
deleted file mode 100644
index f4d508e090..0000000000
--- a/changelog.d/9317.doc
+++ /dev/null
@@ -1 +0,0 @@
-Fix the braces in the `oidc_providers` section of the sample config.
diff --git a/changelog.d/9321.bugfix b/changelog.d/9321.bugfix
deleted file mode 100644
index f1c882b13c..0000000000
--- a/changelog.d/9321.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Assert a maximum length for some parameters for spec compliance.
diff --git a/changelog.d/9322.doc b/changelog.d/9322.doc
deleted file mode 100644
index c393a3a299..0000000000
--- a/changelog.d/9322.doc
+++ /dev/null
@@ -1 +0,0 @@
-Update installation instructions on Fedora.
diff --git a/changelog.d/9326.misc b/changelog.d/9326.misc
deleted file mode 100644
index 768c18d27e..0000000000
--- a/changelog.d/9326.misc
+++ /dev/null
@@ -1 +0,0 @@
-Share the code for handling required attributes between the CAS and SAML handlers.
diff --git a/changelog.d/9333.bugfix b/changelog.d/9333.bugfix
deleted file mode 100644
index c34ba378c5..0000000000
--- a/changelog.d/9333.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix additional errors when previewing URLs: "AttributeError 'NoneType' object has no attribute 'xpath'" and "ValueError: Unicode strings with encoding declaration are not supported. Please use bytes input or XML fragments without declaration.".
diff --git a/changelog.d/9361.bugfix b/changelog.d/9361.bugfix
deleted file mode 100644
index 4d0477f033..0000000000
--- a/changelog.d/9361.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix a bug causing Synapse to impose the wrong type constraints on fields when processing responses from appservices to `/_matrix/app/v1/thirdparty/user/{protocol}`.
diff --git a/changelog.d/9362.misc b/changelog.d/9362.misc
deleted file mode 100644
index c75cfeb2a4..0000000000
--- a/changelog.d/9362.misc
+++ /dev/null
@@ -1 +0,0 @@
-Clean up the code to load the metadata for OpenID Connect identity providers.
diff --git a/changelog.d/9376.feature b/changelog.d/9376.feature
deleted file mode 100644
index 68ea21dbdd..0000000000
--- a/changelog.d/9376.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add support for receiving OpenID Connect authentication responses via form `POST`s rather than `GET`s.
diff --git a/changelog.d/9377.misc b/changelog.d/9377.misc
deleted file mode 100644
index df1348ec42..0000000000
--- a/changelog.d/9377.misc
+++ /dev/null
@@ -1 +0,0 @@
-Convert tests to use `HomeserverTestCase`.
diff --git a/changelog.d/9381.misc b/changelog.d/9381.misc
deleted file mode 100644
index 5688166120..0000000000
--- a/changelog.d/9381.misc
+++ /dev/null
@@ -1 +0,0 @@
-Update the version of black used to 20.8b1.
diff --git a/changelog.d/9384.misc b/changelog.d/9384.misc
deleted file mode 100644
index 9db61f44db..0000000000
--- a/changelog.d/9384.misc
+++ /dev/null
@@ -1 +0,0 @@
-Allow OIDC config to override discovered values.
diff --git a/changelog.d/9391.bugfix b/changelog.d/9391.bugfix
deleted file mode 100644
index b5e68e2ac7..0000000000
--- a/changelog.d/9391.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix bug where Synapse would occaisonally stop reconnecting after the connection was lost.
diff --git a/changelog.d/9393.bugfix b/changelog.d/9393.bugfix
deleted file mode 100644
index f1c882b13c..0000000000
--- a/changelog.d/9393.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Assert a maximum length for some parameters for spec compliance.
diff --git a/changelog.d/9394.misc b/changelog.d/9394.misc
deleted file mode 100644
index b3e90143cc..0000000000
--- a/changelog.d/9394.misc
+++ /dev/null
@@ -1 +0,0 @@
-Remove some dead code from the acceptance of room invites path.
\ No newline at end of file
diff --git a/changelog.d/9395.bugfix b/changelog.d/9395.bugfix
deleted file mode 100644
index d45cc4ffb9..0000000000
--- a/changelog.d/9395.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix a long-standing bug when upgrading a room: "TypeError: '>' not supported between instances of 'NoneType' and 'int'".
diff --git a/changelog.d/9396.misc b/changelog.d/9396.misc
deleted file mode 100644
index df1348ec42..0000000000
--- a/changelog.d/9396.misc
+++ /dev/null
@@ -1 +0,0 @@
-Convert tests to use `HomeserverTestCase`.
diff --git a/changelog.d/9400.feature b/changelog.d/9400.feature
deleted file mode 100644
index 3067c3907b..0000000000
--- a/changelog.d/9400.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add the shadow-banning status to the display user admin API.
\ No newline at end of file
diff --git a/changelog.d/9404.doc b/changelog.d/9404.doc
deleted file mode 100644
index aa2e63f2f6..0000000000
--- a/changelog.d/9404.doc
+++ /dev/null
@@ -1 +0,0 @@
-Update docs for using Gitea as OpenID provider.
diff --git a/changelog.d/9407.doc b/changelog.d/9407.doc
deleted file mode 100644
index 36979bc0d8..0000000000
--- a/changelog.d/9407.doc
+++ /dev/null
@@ -1 +0,0 @@
-Document that pusher instances are shardable.
diff --git a/changelog.d/9408.misc b/changelog.d/9408.misc
deleted file mode 100644
index 600bacbfe7..0000000000
--- a/changelog.d/9408.misc
+++ /dev/null
@@ -1 +0,0 @@
-Clean up an unused method in the presence handler code.
\ No newline at end of file
diff --git a/changelog.d/9425.bugfix b/changelog.d/9425.bugfix
deleted file mode 100644
index f5b8857cdb..0000000000
--- a/changelog.d/9425.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix a long-standing bug in the deduplication of old presence, resulting in no deduplication.
\ No newline at end of file
diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md
index c7020f2df3..04b6e24124 100644
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -40,12 +40,12 @@ the reverse proxy and the homeserver.
 
 ```
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
 
     # For the federation port
-    listen 8448 ssl default_server;
-    listen [::]:8448 ssl default_server;
+    listen 8448 ssl http2 default_server;
+    listen [::]:8448 ssl http2 default_server;
 
     server_name matrix.example.com;
 
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 13a6f045f9..52380dfb04 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -2228,8 +2228,8 @@ password_config:
       #require_uppercase: true
 
 ui_auth:
-    # The number of milliseconds to allow a user-interactive authentication
-    # session to be active.
+    # The amount of time to allow a user-interactive authentication session
+    # to be active.
     #
     # This defaults to 0, meaning the user is queried for their credentials
     # before every action, but this can be overridden to allow a single
@@ -2240,7 +2240,7 @@ ui_auth:
     # Uncomment below to allow for credential validation to last for 15
     # seconds.
     #
-    #session_timeout: 15000
+    #session_timeout: "15s"
 
 
 # Configuration for sending emails from Synapse.
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 359276427f..2e70f46186 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -48,7 +48,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.27.0"
+__version__ = "1.28.0rc1"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when
diff --git a/synapse/config/auth.py b/synapse/config/auth.py
index 7fa64b821a..9aabaadf9e 100644
--- a/synapse/config/auth.py
+++ b/synapse/config/auth.py
@@ -37,7 +37,9 @@ class AuthConfig(Config):
 
         # User-interactive authentication
         ui_auth = config.get("ui_auth") or {}
-        self.ui_auth_session_timeout = ui_auth.get("session_timeout", 0)
+        self.ui_auth_session_timeout = self.parse_duration(
+            ui_auth.get("session_timeout", 0)
+        )
 
     def generate_config_section(self, config_dir_path, server_name, **kwargs):
         return """\
@@ -93,8 +95,8 @@ class AuthConfig(Config):
               #require_uppercase: true
 
         ui_auth:
-            # The number of milliseconds to allow a user-interactive authentication
-            # session to be active.
+            # The amount of time to allow a user-interactive authentication session
+            # to be active.
             #
             # This defaults to 0, meaning the user is queried for their credentials
             # before every action, but this can be overridden to allow a single
@@ -105,5 +107,5 @@ class AuthConfig(Config):
             # Uncomment below to allow for credential validation to last for 15
             # seconds.
             #
-            #session_timeout: 15000
+            #session_timeout: "15s"
         """
diff --git a/synapse/handlers/user_directory.py b/synapse/handlers/user_directory.py
index 3dfb0a26c2..1a8340000a 100644
--- a/synapse/handlers/user_directory.py
+++ b/synapse/handlers/user_directory.py
@@ -143,6 +143,10 @@ class UserDirectoryHandler(StateDeltasHandler):
         if self.pos is None:
             self.pos = await self.store.get_user_directory_stream_pos()
 
+        # If still None then the initial background update hasn't happened yet.
+        if self.pos is None:
+            return None
+
         # Loop round handling deltas until we're up to date
         while True:
             with Measure(self.clock, "user_dir_delta"):
diff --git a/synapse/http/client.py b/synapse/http/client.py
index 73b414ccff..e54d9bd213 100644
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -56,7 +56,7 @@ from twisted.web.client import (
 )
 from twisted.web.http import PotentialDataLoss
 from twisted.web.http_headers import Headers
-from twisted.web.iweb import IAgent, IBodyProducer, IResponse
+from twisted.web.iweb import UNKNOWN_LENGTH, IAgent, IBodyProducer, IResponse
 
 from synapse.api.errors import Codes, HttpResponseException, SynapseError
 from synapse.http import QuieterFileBodyProducer, RequestTimedOutError, redact_uri
@@ -408,6 +408,9 @@ class SimpleHttpClient:
                     agent=self.agent,
                     data=body_producer,
                     headers=headers,
+                    # Avoid buffering the body in treq since we do not reuse
+                    # response bodies.
+                    unbuffered=True,
                     **self._extra_treq_args,
                 )  # type: defer.Deferred
 
@@ -702,18 +705,6 @@ class SimpleHttpClient:
 
         resp_headers = dict(response.headers.getAllRawHeaders())
 
-        if (
-            b"Content-Length" in resp_headers
-            and max_size
-            and int(resp_headers[b"Content-Length"][0]) > max_size
-        ):
-            logger.warning("Requested URL is too large > %r bytes" % (max_size,))
-            raise SynapseError(
-                502,
-                "Requested file is too large > %r bytes" % (max_size,),
-                Codes.TOO_LARGE,
-            )
-
         if response.code > 299:
             logger.warning("Got %d when downloading %s" % (response.code, url))
             raise SynapseError(502, "Got error %d" % (response.code,), Codes.UNKNOWN)
@@ -780,7 +771,9 @@ class _ReadBodyWithMaxSizeProtocol(protocol.Protocol):
         # in the meantime.
         if self.max_size is not None and self.length >= self.max_size:
             self.deferred.errback(BodyExceededMaxSize())
-            self.transport.loseConnection()
+            # Close the connection (forcefully) since all the data will get
+            # discarded anyway.
+            self.transport.abortConnection()
 
     def connectionLost(self, reason: Failure) -> None:
         # If the maximum size was already exceeded, there's nothing to do.
@@ -814,6 +807,11 @@ def read_body_with_max_size(
     Returns:
         A Deferred which resolves to the length of the read body.
     """
+    # If the Content-Length header gives a size larger than the maximum allowed
+    # size, do not bother downloading the body.
+    if max_size is not None and response.length != UNKNOWN_LENGTH:
+        if response.length > max_size:
+            return defer.fail(BodyExceededMaxSize())
 
     d = defer.Deferred()
     response.deliverBody(_ReadBodyWithMaxSizeProtocol(stream, d, max_size))
diff --git a/synapse/rest/synapse/client/__init__.py b/synapse/rest/synapse/client/__init__.py
index e5ef515090..8588b6d271 100644
--- a/synapse/rest/synapse/client/__init__.py
+++ b/synapse/rest/synapse/client/__init__.py
@@ -54,11 +54,7 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc
     if hs.config.saml2_enabled:
         from synapse.rest.synapse.client.saml2 import SAML2Resource
 
-        res = SAML2Resource(hs)
-        resources["/_synapse/client/saml2"] = res
-
-        # This is also mounted under '/_matrix' for backwards-compatibility.
-        resources["/_matrix/saml2"] = res
+        resources["/_synapse/client/saml2"] = SAML2Resource(hs)
 
     return resources
 
diff --git a/synapse/storage/databases/main/user_directory.py b/synapse/storage/databases/main/user_directory.py
index 3a1fe3ed52..63f88eac51 100644
--- a/synapse/storage/databases/main/user_directory.py
+++ b/synapse/storage/databases/main/user_directory.py
@@ -707,7 +707,13 @@ class UserDirectoryStore(UserDirectoryBackgroundUpdateStore):
 
         return {row["room_id"] for row in rows}
 
-    async def get_user_directory_stream_pos(self) -> int:
+    async def get_user_directory_stream_pos(self) -> Optional[int]:
+        """
+        Get the stream ID of the user directory stream.
+
+        Returns:
+            The stream token or None if the initial background update hasn't happened yet.
+        """
         return await self.db_pool.simple_select_one_onecol(
             table="user_directory_stream_pos",
             keyvalues={},
diff --git a/tests/http/test_client.py b/tests/http/test_client.py
index f17c122e93..2d9b733be0 100644
--- a/tests/http/test_client.py
+++ b/tests/http/test_client.py
@@ -18,6 +18,7 @@ from mock import Mock
 
 from twisted.python.failure import Failure
 from twisted.web.client import ResponseDone
+from twisted.web.iweb import UNKNOWN_LENGTH
 
 from synapse.http.client import BodyExceededMaxSize, read_body_with_max_size
 
@@ -27,12 +28,12 @@ from tests.unittest import TestCase
 class ReadBodyWithMaxSizeTests(TestCase):
     def setUp(self):
         """Start reading the body, returns the response, result and proto"""
-        self.response = Mock()
+        response = Mock(length=UNKNOWN_LENGTH)
         self.result = BytesIO()
-        self.deferred = read_body_with_max_size(self.response, self.result, 6)
+        self.deferred = read_body_with_max_size(response, self.result, 6)
 
         # Fish the protocol out of the response.
-        self.protocol = self.response.deliverBody.call_args[0][0]
+        self.protocol = response.deliverBody.call_args[0][0]
         self.protocol.transport = Mock()
 
     def _cleanup_error(self):
@@ -88,7 +89,7 @@ class ReadBodyWithMaxSizeTests(TestCase):
         self.protocol.dataReceived(b"1234567890")
         self.assertIsInstance(self.deferred.result, Failure)
         self.assertIsInstance(self.deferred.result.value, BodyExceededMaxSize)
-        self.protocol.transport.loseConnection.assert_called_once()
+        self.protocol.transport.abortConnection.assert_called_once()
 
         # More data might have come in.
         self.protocol.dataReceived(b"1234567890")
diff --git a/tests/rest/client/v2_alpha/test_auth.py b/tests/rest/client/v2_alpha/test_auth.py
index 501f09203f..c26ad824f7 100644
--- a/tests/rest/client/v2_alpha/test_auth.py
+++ b/tests/rest/client/v2_alpha/test_auth.py
@@ -343,7 +343,7 @@ class UIAuthTests(unittest.HomeserverTestCase):
             },
         )
 
-    @unittest.override_config({"ui_auth": {"session_timeout": 5 * 1000}})
+    @unittest.override_config({"ui_auth": {"session_timeout": "5s"}})
     def test_can_reuse_session(self):
         """
         The session can be reused if configured.

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 10:40:05 +0000