diff --git a/synapse/rest/client/auth_issuer.py b/synapse/rest/client/auth_issuer.py
new file mode 100644
index 0000000000..77b9720956
--- /dev/null
+++ b/synapse/rest/client/auth_issuer.py
@@ -0,0 +1,63 @@
+# Copyright 2023 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import logging
+import typing
+from typing import Tuple
+
+from synapse.api.errors import Codes, SynapseError
+from synapse.http.server import HttpServer
+from synapse.http.servlet import RestServlet
+from synapse.http.site import SynapseRequest
+from synapse.rest.client._base import client_patterns
+from synapse.types import JsonDict
+
+if typing.TYPE_CHECKING:
+ from synapse.server import HomeServer
+
+
+logger = logging.getLogger(__name__)
+
+
+class AuthIssuerServlet(RestServlet):
+ """
+ Advertises what OpenID Connect issuer clients should use to authorise users.
+ """
+
+ PATTERNS = client_patterns(
+ "/org.matrix.msc2965/auth_issuer$",
+ unstable=True,
+ releases=(),
+ )
+
+ def __init__(self, hs: "HomeServer"):
+ super().__init__()
+ self._config = hs.config
+
+ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
+ if self._config.experimental.msc3861.enabled:
+ return 200, {"issuer": self._config.experimental.msc3861.issuer}
+ else:
+ # Wouldn't expect this to be reached: the servelet shouldn't have been
+ # registered. Still, fail gracefully if we are registered for some reason.
+ raise SynapseError(
+ 404,
+ "OIDC discovery has not been configured on this homeserver",
+ Codes.NOT_FOUND,
+ )
+
+
+def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
+ # We use the MSC3861 values as they are used by multiple MSCs
+ if hs.config.experimental.msc3861.enabled:
+ AuthIssuerServlet(hs).register(http_server)
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index b8441b8eb7..00d511bc5b 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -121,6 +121,7 @@ class LoginRestServlet(RestServlet):
self.registration_handler = hs.get_registration_handler()
self._sso_handler = hs.get_sso_handler()
self._spam_checker = hs.get_module_api_callbacks().spam_checker
+ self._account_validity_handler = hs.get_account_validity_handler()
self._well_known_builder = WellKnownBuilder(hs)
self._address_ratelimiter = Ratelimiter(
@@ -476,6 +477,13 @@ class LoginRestServlet(RestServlet):
device_id=device_id,
)
+ # execute the callback
+ await self._account_validity_handler.on_user_login(
+ user_id,
+ auth_provider_type=login_submission.get("type"),
+ auth_provider_id=auth_provider_id,
+ )
+
if valid_until_ms is not None:
expires_in_ms = valid_until_ms - self.clock.time_msec()
result["expires_in_ms"] = expires_in_ms
diff --git a/synapse/rest/client/profile.py b/synapse/rest/client/profile.py
index 59f11357b0..f99a119904 100644
--- a/synapse/rest/client/profile.py
+++ b/synapse/rest/client/profile.py
@@ -19,12 +19,17 @@
#
""" This module contains REST servlets to do with profile: /profile/<paths> """
+
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import Codes, SynapseError
from synapse.http.server import HttpServer
-from synapse.http.servlet import RestServlet, parse_json_object_from_request
+from synapse.http.servlet import (
+ RestServlet,
+ parse_boolean,
+ parse_json_object_from_request,
+)
from synapse.http.site import SynapseRequest
from synapse.rest.client._base import client_patterns
from synapse.types import JsonDict, UserID
@@ -33,6 +38,20 @@ if TYPE_CHECKING:
from synapse.server import HomeServer
+def _read_propagate(hs: "HomeServer", request: SynapseRequest) -> bool:
+ # This will always be set by the time Twisted calls us.
+ assert request.args is not None
+
+ propagate = True
+ if hs.config.experimental.msc4069_profile_inhibit_propagation:
+ do_propagate = request.args.get(b"org.matrix.msc4069.propagate")
+ if do_propagate is not None:
+ propagate = parse_boolean(
+ request, "org.matrix.msc4069.propagate", default=False
+ )
+ return propagate
+
+
class ProfileDisplaynameRestServlet(RestServlet):
PATTERNS = client_patterns("/profile/(?P<user_id>[^/]*)/displayname", v1=True)
CATEGORY = "Event sending requests"
@@ -86,7 +105,11 @@ class ProfileDisplaynameRestServlet(RestServlet):
errcode=Codes.BAD_JSON,
)
- await self.profile_handler.set_displayname(user, requester, new_name, is_admin)
+ propagate = _read_propagate(self.hs, request)
+
+ await self.profile_handler.set_displayname(
+ user, requester, new_name, is_admin, propagate=propagate
+ )
return 200, {}
@@ -141,8 +164,10 @@ class ProfileAvatarURLRestServlet(RestServlet):
400, "Missing key 'avatar_url'", errcode=Codes.MISSING_PARAM
)
+ propagate = _read_propagate(self.hs, request)
+
await self.profile_handler.set_avatar_url(
- user, requester, new_avatar_url, is_admin
+ user, requester, new_avatar_url, is_admin, propagate=propagate
)
return 200, {}
diff --git a/synapse/rest/client/versions.py b/synapse/rest/client/versions.py
index 5da6b2e873..4c5d3dba66 100644
--- a/synapse/rest/client/versions.py
+++ b/synapse/rest/client/versions.py
@@ -83,6 +83,9 @@ class VersionsRestServlet(RestServlet):
"v1.4",
"v1.5",
"v1.6",
+ "v1.7",
+ "v1.8",
+ "v1.9",
],
# as per MSC1497:
"unstable_features": {
@@ -129,6 +132,8 @@ class VersionsRestServlet(RestServlet):
"org.matrix.msc3981": self.config.experimental.msc3981_recurse_relations,
# Adds support for deleting account data.
"org.matrix.msc3391": self.config.experimental.msc3391_enabled,
+ # Allows clients to inhibit profile update propagation.
+ "org.matrix.msc4069": self.config.experimental.msc4069_profile_inhibit_propagation,
},
},
)
|
