summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* Rewrite the user_filter migration again (#6184)Richard van der Hoff2019-10-102-26/+33
| | | | | you can't plausibly ALTER TABLE in sqlite, so we create the new table with the right schema to start with.
* Move tag/push rules room upgrade checking ealier (#6155)Andrew Morgan2019-10-102-18/+45
| | | | | It turns out that _local_membership_update doesn't run when you join a new, remote room. It only runs if you're joining a room that your server already knows about. This would explain #4703 and #5295 and why the transfer would work in testing and some rooms, but not others. This would especially hit single-user homeservers. The check has been moved to right after the room has been joined, and works much more reliably. (Though it may still be a bit awkward of a place).
* Refactor HomeserverConfig so it can be typechecked (#6137)Amber Brown2019-10-1037-94/+415
|
* Merge pull request #6185 from matrix-org/erikj/fix_censored_evnetsErik Johnston2019-10-093-4/+29
|\ | | | | Fix inserting bytes as text in `censor_redactions`
| * Update changelog.d/6185.bugfixErik Johnston2019-10-091-1/+1
| | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * Fix existing hex encoded json values in DBErik Johnston2019-10-081-0/+26
| |
| * NewsfileErik Johnston2019-10-081-0/+1
| |
| * Fix inserting bytes as textErik Johnston2019-10-081-4/+2
| |
* | Merge pull request #6178 from matrix-org/babolivier/factor_out_bg_updatesBrendan Abolivier2019-10-0910-605/+671
|\ \ | | | | | | Factor out backgroung updates
| * | Fix RegistrationStoreBrendan Abolivier2019-10-081-1/+1
| | |
| * | Cleanup client_ipsBrendan Abolivier2019-10-081-7/+0
| | |
| * | Don't end up with 4 classes in registrationBrendan Abolivier2019-10-081-52/+50
| | |
| * | ChangelogBrendan Abolivier2019-10-071-0/+1
| | |
| * | LintBrendan Abolivier2019-10-073-3/+3
| | |
| * | Move roommember's bg updates to a dedicated storeBrendan Abolivier2019-10-071-108/+114
| | |
| * | Move user_directory's bg updates to a dedicated storeBrendan Abolivier2019-10-071-84/+94
| | |
| * | Move state's bg updates to a dedicated storeBrendan Abolivier2019-10-071-190/+204
| | |
| * | Move search's bg updates to a dedicated storeBrendan Abolivier2019-10-071-25/+31
| | |
| * | Move registration's bg updates to a dedicated storeBrendan Abolivier2019-10-071-95/+103
| | |
| * | Move media_repository's bg updates to a dedicated storeBrendan Abolivier2019-10-071-3/+9
| | |
| * | Move devices's bg updates to a dedicated storeBrendan Abolivier2019-10-071-22/+27
| | |
| * | Move deviceinbox's bg updates to a dedicated storeBrendan Abolivier2019-10-071-15/+22
| | |
| * | Move client_ips's bg updates to a dedicated storeBrendan Abolivier2019-10-071-94/+106
| | |
* | | add M_TOO_LARGE error code for uploading a too large file (#6151)Anshul Angaria2019-10-082-2/+7
| | | | | | | | | Fixes #6109
* | | Remove unused public room list timeout param (#6179)Andrew Morgan2019-10-082-12/+2
| | | | | | | | | | | | | | | | | | * Remove unused public room list timeout param * Add changelog
* | | Fix /federation/v1/state for recent room versions (#6170)Richard van der Hoff2019-10-082-13/+1
| | | | | | | | | | | | | | | | | | | | | * Fix /federation/v1/state for recent room versions Turns out this endpoint was completely broken for v3 rooms. Hopefully this re-signing code is irrelevant nowadays anyway.
* | | fix changelogRichard van der Hoff2019-10-071-1/+1
| | |
* | | Merge pull request #6161 from matrix-org/erikj/dont_regen_user_id_on_failureErik Johnston2019-10-072-6/+5
|\ \ \ | | | | | | | | Don't regenerate numeric user ID if registration fails.
| * | | Fixup newsfileErik Johnston2019-10-032-1/+1
| | | |
| * | | Remove unused variableErik Johnston2019-10-031-2/+0
| | | |
| * | | NewsfileErik Johnston2019-10-031-0/+1
| | | |
| * | | Don't regenerate numeric user ID if registration fails.Erik Johnston2019-10-031-4/+4
| | | | | | | | | | | | | | | | | | | | This causes huge amounts of DB IO if registrations start to fail e.g. because the DB is struggling with IO.
* | | | Log responder we are using. (#6139)Michael Kaye2019-10-072-1/+2
| |/ / |/| | | | | This prevents us logging "Responding to media request with responder %s".
* | | Fix changelog for PR #6175Brendan Abolivier2019-10-072-1/+1
| | |
* | | add some logging to the rooms stats updates, to try to track down a flaky ↵Richard van der Hoff2019-10-073-0/+5
| | | | | | | | | | | | test (#6167)
* | | Merge pull request #6175 from matrix-org/babolivier/fix_unique_user_filter_indexBrendan Abolivier2019-10-072-2/+3
|\ \ \ | | | | | | | | Fix unique_user_filter_index schema update
| * | | ChangelogBrendan Abolivier2019-10-071-0/+1
| | | |
| * | | Fix unique_user_filter_index schema updateBrendan Abolivier2019-10-071-2/+2
| | | |
* | | | Merge pull request #6159 from matrix-org/erikj/cache_membershipsErik Johnston2019-10-072-19/+46
|\ \ \ \ | |/ / / |/| | | Cache room membership lookups in _get_joined_users_from_context
| * | | Fix bug where we didn't pull out event IDErik Johnston2019-10-071-1/+1
| | | |
| * | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-10-035-19/+44
| |\ \ \ | | | | | | | | | | | | | | | erikj/cache_memberships
| * | | | Use the right error....Erik Johnston2019-10-031-1/+1
| | | | |
| * | | | pep8Erik Johnston2019-10-031-1/+0
| | | | |
| * | | | Fixup names and commentsErik Johnston2019-10-031-6/+7
| | | | |
| * | | | cachedList descriptor doesn't like typingErik Johnston2019-10-031-2/+2
| | | | |
| * | | | NewsfileErik Johnston2019-10-031-0/+1
| | | | |
| * | | | Cache room membership lookups in _get_joined_users_from_contextErik Johnston2019-10-031-19/+45
| | |/ / | |/| |
* | | | Merge pull request #6147 from matrix-org/babolivier/3pid-invite-revokedBrendan Abolivier2019-10-043-2/+89
|\ \ \ \ | | | | | | | | | | Don't 500 when trying to exchange a revoked 3PID invite
| * | | | TypoBrendan Abolivier2019-10-041-1/+1
| | | | |
| * | | | LintBrendan Abolivier2019-10-041-3/+1
| | | | |
| * | | | Incorporate reviewBrendan Abolivier2019-10-041-14/+8
| | | | |
| * | | | Lint (again)Brendan Abolivier2019-10-031-3/+1
| | | | |
| * | | | LintBrendan Abolivier2019-10-031-5/+5
| | | | |
| * | | | Add test caseBrendan Abolivier2019-10-032-1/+84
| | | | |
| * | | | ChangelogBrendan Abolivier2019-10-021-0/+1
| | | | |
| * | | | LintBrendan Abolivier2019-10-021-1/+3
| | | | |
| * | | | Don't 500 code when trying to exchange a revoked 3PID inviteBrendan Abolivier2019-10-021-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While this is not documented in the spec (but should be), Riot (and other clients) revoke 3PID invites by sending a m.room.third_party_invite event with an empty ({}) content to the room's state. When the invited 3PID gets associated with a MXID, the identity server (which doesn't know about revocations) sends down to the MXID's homeserver all of the undelivered invites it has for this 3PID. The homeserver then tries to talk to the inviting homeserver in order to exchange these invite for m.room.member events. When one of the invite is revoked, the inviting homeserver responds with a 500 error because it tries to extract a 'display_name' property from the content, which is empty. This might cause the invited server to consider that the server is down and not try to exchange other, valid invites (or at least delay it). This fix handles the case of revoked invites by avoiding trying to fetch a 'display_name' from the original invite's content, and letting the m.room.member event fail the auth rules (because, since the original invite's content is empty, it doesn't have public keys), which results in sending a 403 with the correct error message to the invited server.
* | | | | Update `user_filters` table to have a unique index, and non-null columns (#1172)Alexander Maznev2019-10-042-0/+47
| | | | |
* | | | | media/thumbnailer: Better quality for 1-bit / 8-bit color palette images (#2142)Robert Swain2019-10-042-3/+12
| |_|/ / |/| | | | | | | | | | | | | | | | | | | Pillow will use nearest neighbour as the resampling algorithm if the source image is either 1-bit or a color palette using 8 bits. If we convert to RGB before scaling, we'll probably get a better result.
* | | | add some metrics on the federation sender (#6160)Richard van der Hoff2019-10-035-19/+44
| |/ / |/| |
* | | Merge branch 'master' into developAndrew Morgan2019-10-039-8/+38
|\ \ \ | | |/ | |/|
| * | Merge tag 'v1.4.0'Andrew Morgan2019-10-03303-5895/+13375
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.4.0 (2019-10-03) ========================== Bugfixes -------- - Redact `client_secret` in server logs. ([\#6158](https://github.com/matrix-org/synapse/issues/6158)) Synapse 1.4.0rc2 (2019-10-02) ============================= Bugfixes -------- - Fix bug in background update that adds last seen information to the `devices` table, and improve its performance on Postgres. ([\#6135](https://github.com/matrix-org/synapse/issues/6135)) - Fix bad performance of censoring redactions background task. ([\#6141](https://github.com/matrix-org/synapse/issues/6141)) - Fix fetching censored redactions from DB, which caused APIs like initial sync to fail if it tried to include the censored redaction. ([\#6145](https://github.com/matrix-org/synapse/issues/6145)) - Fix exceptions when storing large retry intervals for down remote servers. ([\#6146](https://github.com/matrix-org/synapse/issues/6146)) Internal Changes ---------------- - Fix up sample config entry for `redaction_retention_period` option. ([\#6117](https://github.com/matrix-org/synapse/issues/6117)) Synapse 1.4.0rc1 (2019-09-26) ============================= Note that this release includes significant changes around 3pid verification. Administrators are reminded to review the [upgrade notes](UPGRADE.rst#upgrading-to-v140). Features -------- - Changes to 3pid verification: - Add the ability to send registration emails from the homeserver rather than delegating to an identity server. ([\#5835](https://github.com/matrix-org/synapse/issues/5835), [\#5940](https://github.com/matrix-org/synapse/issues/5940), [\#5993](https://github.com/matrix-org/synapse/issues/5993), [\#5994](https://github.com/matrix-org/synapse/issues/5994), [\#5868](https://github.com/matrix-org/synapse/issues/5868)) - Replace `trust_identity_server_for_password_resets` config option with `account_threepid_delegates`, and make the `id_server` parameteter optional on `*/requestToken` endpoints, as per [MSC2263](https://github.com/matrix-org/matrix-doc/pull/2263). ([\#5876](https://github.com/matrix-org/synapse/issues/5876), [\#5969](https://github.com/matrix-org/synapse/issues/5969), [\#6028](https://github.com/matrix-org/synapse/issues/6028)) - Switch to using the v2 Identity Service `/lookup` API where available, with fallback to v1. (Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus `id_access_token authentication` for v2 Identity Service APIs from [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140)). ([\#5897](https://github.com/matrix-org/synapse/issues/5897)) - Remove `bind_email` and `bind_msisdn` parameters from `/register` ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). ([\#5964](https://github.com/matrix-org/synapse/issues/5964)) - Add `m.id_access_token` to `unstable_features` in `/versions` as per [MSC2264](https://github.com/matrix-org/matrix-doc/pull/2264). ([\#5974](https://github.com/matrix-org/synapse/issues/5974)) - Use the v2 Identity Service API for 3PID invites. ([\#5979](https://github.com/matrix-org/synapse/issues/5979)) - Add `POST /_matrix/client/unstable/account/3pid/unbind` endpoint from [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140) for unbinding a 3PID from an identity server without removing it from the homeserver user account. ([\#5980](https://github.com/matrix-org/synapse/issues/5980), [\#6062](https://github.com/matrix-org/synapse/issues/6062)) - Use `account_threepid_delegate.email` and `account_threepid_delegate.msisdn` for validating threepid sessions. ([\#6011](https://github.com/matrix-org/synapse/issues/6011)) - Allow homeserver to handle or delegate email validation when adding an email to a user's account. ([\#6042](https://github.com/matrix-org/synapse/issues/6042)) - Implement new Client Server API endpoints `/account/3pid/add` and `/account/3pid/bind` as per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290). ([\#6043](https://github.com/matrix-org/synapse/issues/6043)) - Add an unstable feature flag for separate add/bind 3pid APIs. ([\#6044](https://github.com/matrix-org/synapse/issues/6044)) - Remove `bind` parameter from Client Server POST `/account` endpoint as per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290/). ([\#6067](https://github.com/matrix-org/synapse/issues/6067)) - Add `POST /add_threepid/msisdn/submit_token` endpoint for proxying submitToken on an `account_threepid_handler`. ([\#6078](https://github.com/matrix-org/synapse/issues/6078)) - Add `submit_url` response parameter to `*/msisdn/requestToken` endpoints. ([\#6079](https://github.com/matrix-org/synapse/issues/6079)) - Add `m.require_identity_server` flag to /version's unstable_features. ([\#5972](https://github.com/matrix-org/synapse/issues/5972)) - Enhancements to OpenTracing support: - Make OpenTracing work in worker mode. ([\#5771](https://github.com/matrix-org/synapse/issues/5771)) - Pass OpenTracing contexts between servers when transmitting EDUs. ([\#5852](https://github.com/matrix-org/synapse/issues/5852)) - OpenTracing for device list updates. ([\#5853](https://github.com/matrix-org/synapse/issues/5853)) - Add a tag recording a request's authenticated entity and corresponding servlet in OpenTracing. ([\#5856](https://github.com/matrix-org/synapse/issues/5856)) - Add minimum OpenTracing for client servlets. ([\#5983](https://github.com/matrix-org/synapse/issues/5983)) - Check at setup that OpenTracing is installed if it's enabled in the config. ([\#5985](https://github.com/matrix-org/synapse/issues/5985)) - Trace replication send times. ([\#5986](https://github.com/matrix-org/synapse/issues/5986)) - Include missing OpenTracing contexts in outbout replication requests. ([\#5982](https://github.com/matrix-org/synapse/issues/5982)) - Fix sending of EDUs when OpenTracing is enabled with an empty whitelist. ([\#5984](https://github.com/matrix-org/synapse/issues/5984)) - Fix invalid references to None while OpenTracing if the log context slips. ([\#5988](https://github.com/matrix-org/synapse/issues/5988), [\#5991](https://github.com/matrix-org/synapse/issues/5991)) - OpenTracing for room and e2e keys. ([\#5855](https://github.com/matrix-org/synapse/issues/5855)) - Add OpenTracing span over HTTP push processing. ([\#6003](https://github.com/matrix-org/synapse/issues/6003)) - Add an admin API to purge old rooms from the database. ([\#5845](https://github.com/matrix-org/synapse/issues/5845)) - Retry well-known lookups if we have recently seen a valid well-known record for the server. ([\#5850](https://github.com/matrix-org/synapse/issues/5850)) - Add support for filtered room-directory search requests over federation ([MSC2197](https://github.com/matrix-org/matrix-doc/pull/2197), in order to allow upcoming room directory query performance improvements. ([\#5859](https://github.com/matrix-org/synapse/issues/5859)) - Correctly retry all hosts returned from SRV when we fail to connect. ([\#5864](https://github.com/matrix-org/synapse/issues/5864)) - Add admin API endpoint for setting whether or not a user is a server administrator. ([\#5878](https://github.com/matrix-org/synapse/issues/5878)) - Enable cleaning up extremities with dummy events by default to prevent undue build up of forward extremities. ([\#5884](https://github.com/matrix-org/synapse/issues/5884)) - Add config option to sign remote key query responses with a separate key. ([\#5895](https://github.com/matrix-org/synapse/issues/5895)) - Add support for config templating. ([\#5900](https://github.com/matrix-org/synapse/issues/5900)) - Users with the type of "support" or "bot" are no longer required to consent. ([\#5902](https://github.com/matrix-org/synapse/issues/5902)) - Let synctl accept a directory of config files. ([\#5904](https://github.com/matrix-org/synapse/issues/5904)) - Increase max display name size to 256. ([\#5906](https://github.com/matrix-org/synapse/issues/5906)) - Add admin API endpoint for getting whether or not a user is a server administrator. ([\#5914](https://github.com/matrix-org/synapse/issues/5914)) - Redact events in the database that have been redacted for a week. ([\#5934](https://github.com/matrix-org/synapse/issues/5934)) - New prometheus metrics: - `synapse_federation_known_servers`: represents the total number of servers your server knows about (i.e. is in rooms with), including itself. Enable by setting `metrics_flags.known_servers` to True in the configuration.([\#5981](https://github.com/matrix-org/synapse/issues/5981)) - `synapse_build_info`: exposes the Python version, OS version, and Synapse version of the running server. ([\#6005](https://github.com/matrix-org/synapse/issues/6005)) - Give appropriate exit codes when synctl fails. ([\#5992](https://github.com/matrix-org/synapse/issues/5992)) - Apply the federation blacklist to requests to identity servers. ([\#6000](https://github.com/matrix-org/synapse/issues/6000)) - Add `report_stats_endpoint` option to configure where stats are reported to, if enabled. Contributed by @Sorunome. ([\#6012](https://github.com/matrix-org/synapse/issues/6012)) - Add config option to increase ratelimits for room admins redacting messages. ([\#6015](https://github.com/matrix-org/synapse/issues/6015)) - Stop sending federation transactions to servers which have been down for a long time. ([\#6026](https://github.com/matrix-org/synapse/issues/6026)) - Make the process for mapping SAML2 users to matrix IDs more flexible. ([\#6037](https://github.com/matrix-org/synapse/issues/6037)) - Return a clearer error message when a timeout occurs when attempting to contact an identity server. ([\#6073](https://github.com/matrix-org/synapse/issues/6073)) - Prevent password reset's submit_token endpoint from accepting trailing slashes. ([\#6074](https://github.com/matrix-org/synapse/issues/6074)) - Return 403 on `/register/available` if registration has been disabled. ([\#6082](https://github.com/matrix-org/synapse/issues/6082)) - Explicitly log when a homeserver does not have the `trusted_key_servers` config field configured. ([\#6090](https://github.com/matrix-org/synapse/issues/6090)) - Add support for pruning old rows in `user_ips` table. ([\#6098](https://github.com/matrix-org/synapse/issues/6098)) Bugfixes -------- - Don't create broken room when `power_level_content_override.users` does not contain `creator_id`. ([\#5633](https://github.com/matrix-org/synapse/issues/5633)) - Fix database index so that different backup versions can have the same sessions. ([\#5857](https://github.com/matrix-org/synapse/issues/5857)) - Fix Synapse looking for config options `password_reset_failure_template` and `password_reset_success_template`, when they are actually `password_reset_template_failure_html`, `password_reset_template_success_html`. ([\#5863](https://github.com/matrix-org/synapse/issues/5863)) - Fix stack overflow when recovering an appservice which had an outage. ([\#5885](https://github.com/matrix-org/synapse/issues/5885)) - Fix error message which referred to `public_base_url` instead of `public_baseurl`. Thanks to @aaronraimist for the fix! ([\#5909](https://github.com/matrix-org/synapse/issues/5909)) - Fix 404 for thumbnail download when `dynamic_thumbnails` is `false` and the thumbnail was dynamically generated. Fix reported by rkfg. ([\#5915](https://github.com/matrix-org/synapse/issues/5915)) - Fix a cache-invalidation bug for worker-based deployments. ([\#5920](https://github.com/matrix-org/synapse/issues/5920)) - Fix admin API for listing media in a room not being available with an external media repo. ([\#5966](https://github.com/matrix-org/synapse/issues/5966)) - Fix list media admin API always returning an error. ([\#5967](https://github.com/matrix-org/synapse/issues/5967)) - Fix room and user stats tracking. ([\#5971](https://github.com/matrix-org/synapse/issues/5971), [\#5998](https://github.com/matrix-org/synapse/issues/5998), [\#6029](https://github.com/matrix-org/synapse/issues/6029)) - Return a `M_MISSING_PARAM` if `sid` is not provided to `/account/3pid`. ([\#5995](https://github.com/matrix-org/synapse/issues/5995)) - `federation_certificate_verification_whitelist` now will not cause `TypeErrors` to be raised (a regression in 1.3). Additionally, it now supports internationalised domain names in their non-canonical representation. ([\#5996](https://github.com/matrix-org/synapse/issues/5996)) - Only count real users when checking for auto-creation of auto-join room. ([\#6004](https://github.com/matrix-org/synapse/issues/6004)) - Ensure support users can be registered even if MAU limit is reached. ([\#6020](https://github.com/matrix-org/synapse/issues/6020)) - Fix bug where login error was shown incorrectly on SSO fallback login. ([\#6024](https://github.com/matrix-org/synapse/issues/6024)) - Fix bug in calculating the federation retry backoff period. ([\#6025](https://github.com/matrix-org/synapse/issues/6025)) - Prevent exceptions being logged when extremity-cleanup events fail due to lack of user consent to the terms of service. ([\#6053](https://github.com/matrix-org/synapse/issues/6053)) - Remove POST method from password-reset `submit_token` endpoint until we implement `submit_url` functionality. ([\#6056](https://github.com/matrix-org/synapse/issues/6056)) - Fix logcontext spam on non-Linux platforms. ([\#6059](https://github.com/matrix-org/synapse/issues/6059)) - Ensure query parameters in email validation links are URL-encoded. ([\#6063](https://github.com/matrix-org/synapse/issues/6063)) - Fix a bug which caused SAML attribute maps to be overridden by defaults. ([\#6069](https://github.com/matrix-org/synapse/issues/6069)) - Fix the logged number of updated items for the `users_set_deactivated_flag` background update. ([\#6092](https://github.com/matrix-org/synapse/issues/6092)) - Add `sid` to `next_link` for email validation. ([\#6097](https://github.com/matrix-org/synapse/issues/6097)) - Threepid validity checks on msisdns should not be dependent on `threepid_behaviour_email`. ([\#6104](https://github.com/matrix-org/synapse/issues/6104)) - Ensure that servers which are not configured to support email address verification do not offer it in the registration flows. ([\#6107](https://github.com/matrix-org/synapse/issues/6107)) Updates to the Docker image --------------------------- - Avoid changing `UID/GID` if they are already correct. ([\#5970](https://github.com/matrix-org/synapse/issues/5970)) - Provide `SYNAPSE_WORKER` envvar to specify python module. ([\#6058](https://github.com/matrix-org/synapse/issues/6058)) Improved Documentation ---------------------- - Convert documentation to markdown (from rst) ([\#5849](https://github.com/matrix-org/synapse/issues/5849)) - Update `INSTALL.md` to say that Python 2 is no longer supported. ([\#5953](https://github.com/matrix-org/synapse/issues/5953)) - Add developer documentation for using SAML2. ([\#6032](https://github.com/matrix-org/synapse/issues/6032)) - Add some notes on rolling back to v1.3.1. ([\#6049](https://github.com/matrix-org/synapse/issues/6049)) - Update the upgrade notes. ([\#6050](https://github.com/matrix-org/synapse/issues/6050)) Deprecations and Removals ------------------------- - Remove shared-secret registration from `/_matrix/client/r0/register` endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5877](https://github.com/matrix-org/synapse/issues/5877)) - Deprecate the `trusted_third_party_id_servers` option. ([\#5875](https://github.com/matrix-org/synapse/issues/5875)) Internal Changes ---------------- - Lay the groundwork for structured logging output. ([\#5680](https://github.com/matrix-org/synapse/issues/5680)) - Retry well-known lookup before the cache expires, giving a grace period where the remote well-known can be down but we still use the old result. ([\#5844](https://github.com/matrix-org/synapse/issues/5844)) - Remove log line for debugging issue #5407. ([\#5860](https://github.com/matrix-org/synapse/issues/5860)) - Refactor the Appservice scheduler code. ([\#5886](https://github.com/matrix-org/synapse/issues/5886)) - Compatibility with v2 Identity Service APIs other than /lookup. ([\#5892](https://github.com/matrix-org/synapse/issues/5892), [\#6013](https://github.com/matrix-org/synapse/issues/6013)) - Stop populating some unused tables. ([\#5893](https://github.com/matrix-org/synapse/issues/5893), [\#6047](https://github.com/matrix-org/synapse/issues/6047)) - Add missing index on `users_in_public_rooms` to improve the performance of directory queries. ([\#5894](https://github.com/matrix-org/synapse/issues/5894)) - Improve the logging when we have an error when fetching signing keys. ([\#5896](https://github.com/matrix-org/synapse/issues/5896)) - Add support for database engine-specific schema deltas, based on file extension. ([\#5911](https://github.com/matrix-org/synapse/issues/5911)) - Update Buildkite pipeline to use plugins instead of buildkite-agent commands. ([\#5922](https://github.com/matrix-org/synapse/issues/5922)) - Add link in sample config to the logging config schema. ([\#5926](https://github.com/matrix-org/synapse/issues/5926)) - Remove unnecessary parentheses in return statements. ([\#5931](https://github.com/matrix-org/synapse/issues/5931)) - Remove unused `jenkins/prepare_sytest.sh` file. ([\#5938](https://github.com/matrix-org/synapse/issues/5938)) - Move Buildkite pipeline config to the pipelines repo. ([\#5943](https://github.com/matrix-org/synapse/issues/5943)) - Remove unnecessary return statements in the codebase which were the result of a regex run. ([\#5962](https://github.com/matrix-org/synapse/issues/5962)) - Remove left-over methods from v1 registration API. ([\#5963](https://github.com/matrix-org/synapse/issues/5963)) - Cleanup event auth type initialisation. ([\#5975](https://github.com/matrix-org/synapse/issues/5975)) - Clean up dependency checking at setup. ([\#5989](https://github.com/matrix-org/synapse/issues/5989)) - Update OpenTracing docs to use the unified `trace` method. ([\#5776](https://github.com/matrix-org/synapse/issues/5776)) - Small refactor of function arguments and docstrings in` RoomMemberHandler`. ([\#6009](https://github.com/matrix-org/synapse/issues/6009)) - Remove unused `origin` argument on `FederationHandler.add_display_name_to_third_party_invite`. ([\#6010](https://github.com/matrix-org/synapse/issues/6010)) - Add a `failure_ts` column to the `destinations` database table. ([\#6016](https://github.com/matrix-org/synapse/issues/6016), [\#6072](https://github.com/matrix-org/synapse/issues/6072)) - Clean up some code in the retry logic. ([\#6017](https://github.com/matrix-org/synapse/issues/6017)) - Fix the structured logging tests stomping on the global log configuration for subsequent tests. ([\#6023](https://github.com/matrix-org/synapse/issues/6023)) - Clean up the sample config for SAML authentication. ([\#6064](https://github.com/matrix-org/synapse/issues/6064)) - Change mailer logging to reflect Synapse doesn't just do chat notifications by email now. ([\#6075](https://github.com/matrix-org/synapse/issues/6075)) - Move last-seen info into devices table. ([\#6089](https://github.com/matrix-org/synapse/issues/6089)) - Remove unused parameter to `get_user_id_by_threepid`. ([\#6099](https://github.com/matrix-org/synapse/issues/6099)) - Refactor the user-interactive auth handling. ([\#6105](https://github.com/matrix-org/synapse/issues/6105)) - Refactor code for calculating registration flows. ([\#6106](https://github.com/matrix-org/synapse/issues/6106))
| | * | 1.4.0 v1.4.0 github/release-v1.4.0 release-v1.4.0Andrew Morgan2019-10-034-2/+16
| | | |
| | * | Replace client_secret with <redacted> in server logs (#6158)Andrew Morgan2019-10-032-2/+5
| | | | | | | | | | | | Replace `client_secret` query parameter values with `<redacted>` in the logs. Prevents a scenario where a MITM of server traffic can horde 3pids on their account.
| | * | 1.4.0rc2 v1.4.0rc2Andrew Morgan2019-10-027-6/+19
| | | |
* | | | Merge pull request #6154 from matrix-org/erikj/fix_appservice_paginationErik Johnston2019-10-022-18/+19
|\ \ \ \ | | | | | | | | | | Fix appservice room list pagination
| * | | | NewsfileErik Johnston2019-10-021-0/+1
| | | | |
| * | | | Fix appservice room list paginationErik Johnston2019-10-021-18/+18
| | | | |
* | | | | Merge pull request #6153 from matrix-org/erikj/fix_room_list_non_federatableErik Johnston2019-10-022-0/+4
|\ \ \ \ \ | | | | | | | | | | | | Fix not showing non-federatable rooms to remote room list queries
| * | | | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-10-020-0/+0
| |\| | | | | | | | | | | | | | | | | | | | | | erikj/fix_room_list_non_federatable
| * | | | | NewsfileErik Johnston2019-10-021-0/+1
| | | | | |
| * | | | | Fix not showing non-federatable rooms to remote room list queriesErik Johnston2019-10-021-0/+3
| | | | | |
* | | | | | Merge pull request #6148 from matrix-org/erikj/find_next_generatedErik Johnston2019-10-022-1/+4
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Bound find_next_generated_user_id DB query.
| * | | | | NewsfileErik Johnston2019-10-021-0/+1
| | | | | |
| * | | | | Bound find_next_generated_user_id DB query.Erik Johnston2019-10-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can easily bound the set of user IDs we pull out of the DB, so lets do that.
* | | | | | Merge pull request #6152 from matrix-org/erikj/fix_room_listErik Johnston2019-10-023-27/+60
|\ \ \ \ \ \ | | |/ / / / | |/| | | | Fix public room list pagination.
| * | | | | NewsfileErik Johnston2019-10-021-0/+1
| | | | | |
| * | | | | Fix public room list pagination.Erik Johnston2019-10-022-27/+59
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | We incorrectly used `room_id` as to bound the result set, even though we order by `joined_members, room_id`, leading to incorrect results after pagination.
* | | | | Merge branch 'master' into developBrendan Abolivier2019-10-024-9/+45
|\ \ \ \ \ | | |/ / / | |/| | |
| * | | | Update the issue template for new way of getting server version (#6051)Richard van der Hoff2019-09-191-9/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cf #4878
| * | | | Update INSTALL.md with void-linux (#5873)Pete2019-09-191-0/+7
| | | | |
| * | | | add explanations on how to actually include an access_token (#6031)axel simon2019-09-131-0/+12
| | | | |
| * | | | README: link to reverse_proxy.rst (#6027)Richard van der Hoff2019-09-121-0/+13
| | | | |
* | | | | Land improved room list based on room stats (#6019)Erik Johnston2019-10-027-350/+273
| | | | | | | | | | | | | | | | | | | | Use room_stats and room_state for room directory search
* | | | | Fix up some typechecking (#6150)Amber Brown2019-10-0222-40/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * type checking fixes * changelog
* | | | | Fix yields and copy instead of move push rules on room upgrade (#6144)Andrew Morgan2019-10-023-12/+9
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | Copy push rules during a room upgrade from the old room to the new room, instead of deleting them from the old room. For instance, we've defined upgrading of a room multiple times to be possible, and push rules won't be transferred on the second upgrade if they're deleted during the first. Also fix some missing yields that probably broke things quite a bit.
* | | | Merge branch 'release-v1.4.0' of github.com:matrix-org/synapse into developErik Johnston2019-10-0211-19/+193
|\ \ \ \ | | |/ / | |/| / | |_|/ |/| |
| * | Merge pull request #6146 from matrix-org/erikj/fix_destination_retry_timingsErik Johnston2019-10-024-1/+31
| |\ \ | | | | | | | | Fix errors storing large retry intervals.
| | * | NewsfileErik Johnston2019-10-021-0/+1
| | | |
| | * | Fix errors storing large retry intervals.Erik Johnston2019-10-023-1/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have set the max retry interval to a value larger than a postgres or sqlite int can hold, which caused exceptions when updating the destinations table. To fix postgres we need to change the column to a bigint, and for sqlite we lower the max interval to 2**62 (which is still incredibly long).
| * | | Merge pull request #6145 from matrix-org/erikj/fix_censored_redactionsErik Johnston2019-10-023-0/+51
| |\ \ \ | | |/ / | |/| | Fix fetching censored redactions from DB
| | * | NewsfileErik Johnston2019-10-021-0/+1
| | | |
| | * | Fix fetching censored redactions from DBErik Johnston2019-10-022-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | Fetching a censored redactions caused an exception due to the code expecting redactions to have a `redact` key, which redacted redactions don't have.
| * | | Merge pull request #6141 from matrix-org/erikj/censor_redactions_fixErik Johnston2019-10-024-18/+111
| |\ \ \ | | |/ / | |/| | Fix censoring redactions performance
| | * | NewsfileErik Johnston2019-10-011-0/+1
| | | |
| | * | Use `received_ts` to find uncensored redacted eventsErik Johnston2019-10-011-14/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Joining against `events` and ordering by `stream_ordering` is inefficient as it forced scanning the entirety of the redactions table. This isn't the case if we use `redactions.received_ts` column as we can then use an index.
| | * | Add received_ts column to redactions.Erik Johnston2019-10-013-9/+92
| | | | | | | | | | | | | | | | | | | | This will allow us to efficiently search for uncensored redactions in the DB before a given time.
| | * | Don't repeatedly attempt to censor events we don't have.Erik Johnston2019-10-011-1/+17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Currently we don't set `have_censored` column if we don't have the target event of a redaction, which means we repeatedly attempt to censor the same non-existant event. When we persist non-redacted events we unset the `have_censored` column for any redactions that target said event.
| * | Merge pull request #6135 from matrix-org/erikj/fixup_devices_last_seen_queryErik Johnston2019-10-014-7/+55
| |\ \ | | | | | | | | Fix `devices_last_seen` background update.
* | \ \ Merge branch 'erikj/fixup_devices_last_seen_query' of ↵Erik Johnston2019-10-018-11/+60
|\ \ \ \ | | |/ / | |/| | | | | | github.com:matrix-org/synapse into develop
| * | | NewsfileErik Johnston2019-09-301-0/+1
| | | |
| * | | Fix `devices_last_seen` background update.Erik Johnston2019-09-303-7/+54
| |/ / | | | | | | | | | Fixes #6134.
| * | Merge pull request #6117 from matrix-org/erikj/fix_sample_configErik Johnston2019-09-263-2/+3
| |\ \ | | | | | | | | Fix 'redaction_retention_period' sampel config to match guidelines
| | * | NewsfileErik Johnston2019-09-261-0/+1
| | | |
| | * | Fix 'redaction_retention_period' sampel config to match guidelinesErik Johnston2019-09-262-2/+2
| |/ /
| * | s/month/week/ to match configNeil Johnson2019-09-261-1/+1
| | |
| * | Update CHANGES.mdRichard van der Hoff2019-09-261-1/+1
| | | | | | | | | formatting tweak
* | | Drop unused tables (#6115)Richard van der Hoff2019-09-302-0/+21
| | | | | | | | | | | | | | | | | | These tables are unused since #5893 (as amended by #6047), so we can now drop them. Fixes #6048.
* | | Edit SimpleHttpClient to reference that header keys can be passed as str or ↵Andrew Morgan2019-09-272-6/+7
| | | | | | | | | | | | bytes (#6077)
* | | Merge pull request #6125 from matrix-org/babolivier/deactivation-inviteBrendan Abolivier2019-09-273-14/+92
|\ \ \ | | | | | | | | Reject pending invites on deactivation
| * | | Incorporate reviewBrendan Abolivier2019-09-271-4/+2
| | | |
| * | | Update synapse/handlers/deactivate_account.pyBrendan Abolivier2019-09-271-1/+3
| | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * | | Update synapse/handlers/deactivate_account.pyBrendan Abolivier2019-09-271-1/+1
| | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * | | Update changelog.d/6125.featureBrendan Abolivier2019-09-271-1/+1
| | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * | | okBrendan Abolivier2019-09-271-1/+3
| | | |
| * | | LintBrendan Abolivier2019-09-272-10/+2
| | | |
| * | | ChangelogBrendan Abolivier2019-09-271-0/+1
| | | |
| * | | Add test to validate the changeBrendan Abolivier2019-09-271-13/+57
| | | |
| * | | Fixup and add some loggingBrendan Abolivier2019-09-271-1/+9
| | | |
| * | | Reject pending invites on deactivationBrendan Abolivier2019-09-271-0/+31
|/ / /
* | | Move lookup-related functions from RoomMemberHandler to IdentityHandler (#5978)Andrew Morgan2019-09-273-364/+360
| | | | | | | | | Just to have all the methods that make calls to identity services in one place.
* | | Merge pull request #6108 from matrix-org/erikj/remove_get_user_by_req-spanErik Johnston2019-09-273-1/+22
|\ \ \ | | | | | | | | Add some helpful opentracing tags and remove get_user_by_req span
| * | | isortErik Johnston2019-09-251-1/+1
| | | |
| * | | Add device and appservice tagsErik Johnston2019-09-251-0/+3
| | | |
| * | | NewsfileErik Johnston2019-09-251-0/+1
| | | |
| * | | Add tags for event_id and txn_id in event sendingErik Johnston2019-09-251-0/+18
| | | | | | | | | | | | | | | | This will make it easier to search for sending event requests.
| * | | Don't create new span for get_user_by_reqErik Johnston2019-09-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | We don't actually care about what happens in `get_user_by_req` and having it as a separate span means that the entity tag isn't added to the servlet spans, making it harder to search.
* | | | Kill off half-implemented password-reset via sms (#6101)Richard van der Hoff2019-09-262-64/+2
| |/ / |/| | | | | | | | | | | | | | | | | Doing a password reset via SMS has never worked, and in any case is a silly idea because msisdn recycling is a thing. See also matrix-org/matrix-doc#2303.
* | | more changelog updates v1.4.0rc1Richard van der Hoff2019-09-261-7/+7
| | |
* | | Changelog formattingRichard van der Hoff2019-09-261-2/+1
| | |
* | | changelogRichard van der Hoff2019-09-26132-132/+156
| | |
* | | Explicitly log when a homeserver does not have a trusted key server ↵Neil Johnson2019-09-264-16/+63
| | | | | | | | | | | | configured (#6090)
* | | Merge commit '1b23f991a' into release-v1.4.0Richard van der Hoff2019-09-262-42/+152
|\ \ \
| * | | Clarify upgrade notes ahead of 1.4.0 releaseNeil Johnson2019-09-262-42/+152
| | | |
* | | | bump versionRichard van der Hoff2019-09-261-1/+1
|/ / /
* | | Fix dummy event insertion consent bug (#6053)Neil Johnson2019-09-265-39/+266
| | | | | | | | | Fixes #5905
* | | Merge pull request #6098 from matrix-org/erikj/cleanup_user_ips_2Erik Johnston2019-09-267-11/+197
|\ \ \ | | | | | | | | Prune old rows in user_ips tables.
| * | | Update comments and docstringRichard van der Hoff2019-09-251-4/+6
| | | |
| * | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-2542-495/+1317
| |\ \ \ | |/ / / |/| | | | | | | erikj/cleanup_user_ips_2
* | | | Merge pull request #6089 from matrix-org/erikj/cleanup_user_ipsErik Johnston2019-09-254-50/+179
|\ \ \ \ | | | | | | | | | | Move last seen info into devices table
| * \ \ \ Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-2540-491/+1314
| |\ \ \ \ | | | | | | | | | | | | | | | | | | erikj/cleanup_user_ips
| * | | | | Use if `is not None`Erik Johnston2019-09-251-1/+1
| | | | | | | | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* | | | | | Enable cleaning up extremities with dummy events by default to prevent undue ↵Neil Johnson2019-09-252-3/+2
| |/ / / / |/| | | | | | | | | | | | | | build up of forward extremities. (#5884)
* | | | | Threepid validity checks on msisdns should not be dependent on ↵Neil Johnson2019-09-252-29/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'threepid_behaviour_email'. (#6104) Fixes #6103
* | | | | Stop advertising unsupported flows for registration (#6107)Richard van der Hoff2019-09-255-16/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If email or msisdn verification aren't supported, let's stop advertising them for registration. Fixes #6100.
* | | | | Refactor the user-interactive auth handling (#6105)Richard van der Hoff2019-09-255-141/+265
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull the checkers out to their own classes, rather than having them lost in a massive 1000-line class which does everything. This is also preparation for some more intelligent advertising of flows, as per #6100
* | | | | Refactor code for calculating registration flows (#6106)Richard van der Hoff2019-09-254-83/+145
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | because, frankly, it looked like it was written by an axe-murderer. This should be a non-functional change, except that where `m.login.dummy` was previously advertised *before* `m.login.terms`, it will now be advertised afterwards. AFAICT that should have no effect, and will be more consistent with the flows that involve passing a 3pid.
* | | | Merge pull request #6092 from ↵Brendan Abolivier2019-09-243-6/+7
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | matrix-org/babolivier/background_update_deactivated_return Fix the return value in the users_set_deactivated_flag background job
| * | | | Incorporate reviewBrendan Abolivier2019-09-241-3/+3
| | | | |
| * | | | Fix loggingBrendan Abolivier2019-09-241-1/+1
| | | | |
| * | | | TypoBrendan Abolivier2019-09-231-1/+1
| | | | |
| * | | | ChangelogBrendan Abolivier2019-09-231-0/+1
| | | | |
| * | | | Fix the return value in the users_set_deactivated_flag background jobBrendan Abolivier2019-09-231-4/+4
| | | | |
* | | | | Merge pull request #6037 from matrix-org/rav/saml_mapping_workRichard van der Hoff2019-09-247-10/+280
|\ \ \ \ \ | | | | | | | | | | | | Update the process for mapping SAML2 users to matrix IDs
| * \ \ \ \ Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-247-8/+75
| |\ \ \ \ \ | |/ / / / / |/| | | | |
* | | | | | remove unused parameter to get_user_id_by_threepid (#6099)Richard van der Hoff2019-09-242-1/+2
| | | | | | | | | | | | | | | | | | Added in #5377, apparently in error
* | | | | | Merge pull request #6069 from matrix-org/rav/fix_attribute_mappingRichard van der Hoff2019-09-243-7/+62
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix a bug with saml attribute maps.
| * | | | | | docstrings and commentsRichard van der Hoff2019-09-241-7/+21
| | | | | | |
| * | | | | | Merge branch 'develop' into rav/fix_attribute_mappingRichard van der Hoff2019-09-19363-5354/+10634
| |\ \ \ \ \ \
| * | | | | | | Fix a bug with saml attribute maps.Richard van der Hoff2019-09-193-7/+48
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a bug where the default attribute maps were prioritised over user-specified ones, resulting in incorrect mappings. The problem is that if you call SPConfig.load() multiple times, it adds new attribute mappers to a list. So by calling it with the default config first, and then the user-specified config, we would always get the default mappers before the user-specified mappers. To solve this, let's merge the config dicts first, and then pass them to SPConfig.
* | | | | | | Add sid to next_link for email validation (#6097)J. Ryan Stinnett2019-09-242-0/+11
| | | | | | |
| | | * | | | Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-2451-231/+840
| | | |\ \ \ \ | |_|_|/ / / / |/| | | | | |
* | | | | | | Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-234-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
* | | | | | | Add an unstable feature flag for separate add/bind 3pid APIs (#6044)Andrew Morgan2019-09-232-0/+3
| | | | | | | | | | | | | | | | | | | | | Add a m.separate_add_and_bind flag set to True. See MSC2290's Backward Compatibility section for details.
* | | | | | | Merge pull request #6064 from matrix-org/rav/saml_config_cleanupRichard van der Hoff2019-09-233-102/+122
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Make the sample saml config closer to our standards
* | | | | | | | Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-235-4/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
* | | | | | | | Add m.id_access_token to /versions unstable_features (MSC2264) (#5974)Andrew Morgan2019-09-232-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a flag to /versions' unstable_features section indicating that this Synapse understands what an id_access_token is, as per MSC2264. Fixes #5927
* | | | | | | | Add m.require_identity_server to /versions unstable_flags (#5972)Andrew Morgan2019-09-232-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As MSC2263 states, m.require_identity_server must be set to false when it does not require an identity server to be provided by the client for the purposes of email registration or password reset. Adds an m.require_identity_server flag to /versionss unstable_flags section. This will advertise that Synapse no longer needs id_server as a parameter.
* | | | | | | | Add POST submit_token endpoint for MSISDN (#6078)Andrew Morgan2019-09-233-2/+80
| |_|_|_|/ / / |/| | | | | | | | | | | | | First part of solving #6076
* | | | | | | Implement MSC2290 (#6043)Andrew Morgan2019-09-237-134/+203
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away. This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints. Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
| | | | * | | Merge commit '33757bad1' into rav/saml_mapping_workRichard van der Hoff2019-09-201-1/+2
| | | | |\ \ \
| | | | | * | | More better loggingRichard van der Hoff2019-09-201-1/+2
| | | | | | | |
| | | | * | | | Update 6037.featureRichard van der Hoff2019-09-191-1/+1
| | | | | | | |
| | | | * | | | Merge branch 'rav/saml_config_cleanup' into rav/saml_mapping_workRichard van der Hoff2019-09-191-0/+1
| | | | |\ \ \ \ | | |_|_|/ / / / | |/| | | | | |
| * | | | | | | Merge branch 'develop' into rav/saml_config_cleanupRichard van der Hoff2019-09-19363-5354/+10634
| |\ \ \ \ \ \ \ | | | |/ / / / / | | |/| | | | |
| * | | | | | | Add changelogRichard van der Hoff2019-09-191-0/+1
| | | | | | | |
| | | | * | | | Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-19363-5354/+10634
| | | | |\ \ \ \ | | | |_|/ / / / | | |/| | / / / | | | | |/ / /
| | | | * | | better loggingRichard van der Hoff2019-09-191-0/+2
| | | | | | |
| | | | * | | changelogRichard van der Hoff2019-09-131-0/+1
| | | | | | |
| | | | * | | Record mappings from saml users in an external tableRichard van der Hoff2019-09-136-10/+276
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
| * | | | | Make the sample saml config closer to our standardsRichard van der Hoff2019-09-132-102/+121
| | |/ / / | |/| | | | | | | | | | | | | It' still not great, thanks to the nested dictionaries, but it's better.
| | | | * Review commentsErik Johnston2019-09-254-7/+4
| | | | |
| | | | * NewsfileErik Johnston2019-09-241-0/+1
| | | | |
| | | | * Test that pruning of old user IPs worksErik Johnston2019-09-241-0/+71
| | | | |
| | | | * Prune rows in user_ips older than configured periodErik Johnston2019-09-243-8/+73
| | | | | | | | | | | | | | | | | | | | Defaults to pruning everything older than 28d.
| | | | * Add has_completed_background_updateErik Johnston2019-09-241-1/+24
| | | | | | | | | | | | | | | | | | | | This allows checking if a specific background update has completed.
| | | | * Add wrap_as_background_process decorator.Erik Johnston2019-09-241-1/+28
| | | |/ | | | | | | | | | | | | | | | | This does the same thing as `run_as_background_process` but means we don't need to create superfluous functions.
| | | * Test background updateErik Johnston2019-09-231-0/+79
| | | |
| | | * NewsfileErik Johnston2019-09-231-0/+1
| | | |
| | | * Query devices table for last seen info.Erik Johnston2019-09-232-50/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a) simpler than querying user_ips directly and b) means we can purge older entries from user_ips without losing the required info. The storage functions now no longer return the access_token, since it was unused.
| | | * Add BG update to populate devices last seen infoErik Johnston2019-09-232-0/+55
| | | |
| | | * Add last seen info to devices table.Erik Johnston2019-09-232-0/+36
| |_|/ |/| | | | | | | | | | | This allows us to purge old user_ips entries without having to preserve the latest last seen info for active devices.
* | | Disable /register/available if registration is disabled (#6082)Andrew Morgan2019-09-232-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #6066 This register endpoint should be disabled if registration is disabled, otherwise we're giving anyone the ability to check if a username exists on a server when we don't need to be. Error code is 403 (Forbidden) as that's the same returned by /register when registration is disabled.
* | | Generalize email sending logging (#6075)Andrew Morgan2019-09-232-1/+2
| | | | | | | | | | | | | | | | | | | | | In ancient times Synapse would only send emails when it was notifying a user about a message they received... Now it can do all sorts of neat things! Change the logging so it's not just about notifications.
* | | Return timeout error to user for identity server calls (#6073)Andrew Morgan2019-09-233-11/+38
| | |
* | | Merge pull request #6072 from matrix-org/rav/fix_retry_resetRichard van der Hoff2019-09-232-1/+2
|\ \ \ | | | | | | | | Fix exception when resetting retry timings
| * | | Fix exception when resetting retry timingsRichard van der Hoff2019-09-202-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: > TypeError: set_destination_retry_timings() missing 1 required positional argument: 'retry_interval' Introduced in #6016.
* | | | fix broken copyrightsMatthew Hodgson2019-09-232-2/+2
| | | |
* | | | Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-2012-72/+359
| | | |
* | | | Remove trailing slash ability from password reset's submit_token endpoint ↵Andrew Morgan2019-09-202-1/+2
|/ / / | | | | | | | | | | | | (#6074) Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
* | | Ensure email validation link parameters are URL-encoded (#6063)Andrew Morgan2019-09-202-4/+7
| | | | | | | | | The validation links sent via email had their query parameters inserted without any URL-encoding. Surprisingly this didn't seem to cause any issues, but if a user were to put a `/` in their client_secret it could lead to problems.
* | | Drop support for bind param on POST /account/3pid (MSC2290) (#6067)Andrew Morgan2019-09-203-4/+10
| | | | | | | | | As per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290/files#diff-05cde9463e9209b701312b3baf2fb2ebR151), we're dropping the bind parameter from `/account/3pid`. This endpoint can now only be used for adding threepid's to the user's account on the homeserver.
* | | Docker: support SYNAPSE_WORKER envvar (#6058)Michael Kaye2019-09-193-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow passing SYNAPSE_WORKER envvar * changelog.d * Document SYNAPSE_WORKER. Attempting to imply that you don't need to change this default unless you're in worker mode. Also aware that there's a bigger problem of attempting to document a complete working configuration of workers using docker, as we currently only document to use `synctl` for worker mode, and synctl doesn't work that way in docker.
* | | Use unstable prefix for 3PID unbind API (#6062)J. Ryan Stinnett2019-09-193-2/+3
| | |
* | | Update the upgrade notes (#6050)Richard van der Hoff2019-09-192-27/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make it clear that if you installed from a package manager, you should use that to upgrade * Document the new way of getting the server version (cf #4878) * Write some words about downgrading.
* | | Add some notes on rolling back to v1.3.1. (#6049)Richard van der Hoff2019-09-192-0/+26
| | |
* | | Undo the deletion of some tables (#6047)Richard van der Hoff2019-09-193-21/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a partial revert of #5893. The problem is that if we drop these tables in the same release as removing the code that writes to them, it prevents users users from being able to roll back to a previous release. So let's leave the tables in place for now, and remember to drop them in a subsequent release. (Note that these tables haven't been *read* for *years*, so any missing rows resulting from a temporary upgrade to vNext won't cause a problem.)
* | | Remove POST method from password reset submit_token endpoint (#6056)Andrew Morgan2019-09-192-17/+1
| | | | | | | | | Removes the POST method from `/password_reset/<medium>/submit_token/` as it's only used by phone number verification which Synapse does not support yet.
* | | Fix typo in account_threepid_delegates config (#6028)Jorik Schellekens2019-09-183-2/+3
| | |
* | | Give appropriate exit codes when synctl fails (#5992)Jorik Schellekens2019-09-182-4/+40
| | |
* | | Fix logcontext spam on non-Linux platforms (#6059)J. Ryan Stinnett2019-09-182-2/+12
| |/ |/| | | | | | | | | | | This checks whether the current platform supports thread resource usage tracking before logging a warning to avoid log spam. Fixes https://github.com/matrix-org/synapse/issues/6055
* | fix sample configRichard van der Hoff2019-09-181-1/+1
| | | | | | | | this was apparently broken by #6040.
* | v2 3PID Invites (part of MSC2140) (#5979)Andrew Morgan2019-09-172-23/+82
| | | | | | | | | | | | | | 3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is. These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens). Requires: ~~#5976~~
* | (#5849) Convert rst to markdown (#6040)dstipp2019-09-1741-2192/+2088
| | | | | | | | | | Converting some of the rst documentation to markdown. Attempted to preserve whitespace and line breaks to minimize cosmetic change.
* | Fix race condition in room stats. (#6029)Erik Johnston2019-09-172-4/+11
| | | | | | | | | | Broke in #5971 Basically the bug is that if get_current_state_deltas returns no new updates and we then take the max pos, its possible that we miss an update that happens in between the two calls. (e.g. get_current_state_deltas looks up to stream pos 5, then an event persists and so getting the max stream pos returns 6, meaning that next time we check for things with a stream pos bigger than 6)
* | Add 'failure_ts' column to 'destinations' table (#6016)Richard van der Hoff2019-09-177-12/+195
| | | | | | | | Track the time that a server started failing at, for general analysis purposes.
* | Fix well-known lookups with the federation certificate whitelist (#5997)Amber Brown2019-09-145-15/+63
| |
* | Add developer docs for using SAML without a server (#6032)Travis Ralston2019-09-132-0/+38
| |
* | Fix for structured logging tests stomping on logs (#6023)Amber Brown2019-09-1313-41/+154
| |
* | Remove the cap on federation retry interval. (#6026)Richard van der Hoff2019-09-122-2/+3
| | | | | | | | | | | | Essentially the intention here is to end up blacklisting servers which never respond to federation requests. Fixes https://github.com/matrix-org/synapse/issues/5113.
* | Fix bug in calculating the federation retry backoff period (#6025)Richard van der Hoff2019-09-122-2/+4
| | | | | | | | This was intended to introduce an element of jitter; instead it gave you a 30/60 chance of resetting to zero.
* | Merge pull request #6024 from matrix-org/dbkr/fix_sso_fallback_loginDavid Baker2019-09-122-1/+2
|\ \ | | | | | | Fix SSO fallback login
| * | changelogDavid Baker2019-09-121-0/+1
| | |
| * | Fix SSO fallback loginDavid Baker2019-09-121-1/+1
|/ / | | | | | | | | Well, it worked, but forgot to remove the thing saying login was unavailable.
* | add report_stats_endpoint config option (#6012)Sorunome2019-09-124-2/+19
| | | | | | This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
* | Blow up config if opentracing is missing (#5985)Jorik Schellekens2019-09-122-0/+8
| | | | | | | | * Blow up config if opentracing is missing
* | Merge pull request #6020 from matrix-org/jaywink/allow-support-users-to-registerJason Robinson2019-09-123-2/+28
|\ \ | | | | | | Ensure support users can be registered even if MAU limit is reached
| * | Ensure support users can be registered even if MAU limit is reachedJason Robinson2019-09-113-2/+28
|/ / | | | | | | | | | | | | | | | | This allows support users to be created even on MAU limits via the admin API. Support users are excluded from MAU after creation, so it makes sense to exclude them in creation - except if the whole host is in disabled state. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) (#5976)Andrew Morgan2019-09-116-35/+238
| | | | | | | | | | | | | | This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted. Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
* | Merge pull request #6015 from matrix-org/erikj/ratelimit_admin_redactionErik Johnston2019-09-117-12/+103
|\ \ | | | | | | Allow use of different ratelimits for admin redactions.
| * | Update sample configErik Johnston2019-09-111-1/+1
| | |
| * | Fix commentsErik Johnston2019-09-114-5/+5
| | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * | Add test for admin redaction ratelimiting.Erik Johnston2019-09-111-0/+25
| | |
| * | Fix how we check for self redactionErik Johnston2019-09-111-4/+18
| | |
| * | Update sample configErik Johnston2019-09-111-0/+7
| | |
| * | NewsfileErik Johnston2019-09-111-0/+1
| | |
| * | Allow use of different ratelimits for admin redactions.Erik Johnston2019-09-114-12/+56
| | | | | | | | | | | | | | | This is useful to allow room admins to quickly deal with a large number of abusive messages.
* | | Clean up some code in the retry logic (#6017)Richard van der Hoff2019-09-113-36/+14
| | | | | | | | | | | | * remove some unused code * make things which were constants into constants for efficiency and clarity
* | | Add note about extra arg to send_membership_event, remove arg in ↵Andrew Morgan2019-09-112-10/+3
| | | | | | | | | | | | | | | | | | | | | | | | remote_reject_invite (#6009) Some small fixes to `room_member.py` found while doing other PRs. 1. Add requester to the base `_remote_reject_invite` method. 2. `send_membership_event`'s docstring was out of date and took in a `remote_room_hosts` arg that was not used and no calling function provided.
* | | Check dependencies on setup in the nicer way. (#5989)Jorik Schellekens2019-09-114-28/+20
| | |
* | | Fix existing v2 identity server calls (MSC2140) (#6013)Andrew Morgan2019-09-112-2/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Two things I missed while implementing [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R80). 1. Access tokens should be provided to the identity server as `access_token`, not `id_access_token`, even though the homeserver may accept the tokens as `id_access_token`. 2. Access tokens must be sent to the identity server in a query parameter, the JSON body is not allowed. We now send the access token as part of an `Authorization: ...` header, which fixes both things. The breaking code was added in https://github.com/matrix-org/synapse/pull/5892 Sytest PR: https://github.com/matrix-org/sytest/pull/697
* | | Remove origin parameter from add_display_name_to_third_party_invite and add ↵Andrew Morgan2019-09-114-4/+10
|/ / | | | | | | | | | | | | params to docstring (#6010) Another small fixup noticed during work on a larger PR. The `origin` field of `add_display_name_to_third_party_invite` is not used and likely was just carried over from the `on_PUT` method of `FederationThirdPartyInviteExchangeServlet` which, like all other servlets, provides an `origin` argument. Since it's not used anywhere in the handler function though, we should remove it from the function arguments.
* | Merge pull request #6011 from matrix-org/anoa/fix_3pid_validationErik Johnston2019-09-104-42/+46
|\ \ | | | | | | Use account_threepid_delegate for 3pid validation
| * | Add changelogAndrew Morgan2019-09-103-4/+5
| | |
| * | Use account_threepid_delegate for 3pid validationAndrew Morgan2019-09-103-42/+45
| | |
* | | Merge pull request #6004 from matrix-org/jaywink/autojoin-create-real-usersJason Robinson2019-09-094-10/+69
|\ \ \ | | | | | | | | Only count real users when checking for auto-creation of auto-join room
| * | | Fix code style, againJason Robinson2019-09-091-3/+1
| | | | | | | | | | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * | | Simplify count_real_users SQL to only count user_type is null rowsJason Robinson2019-09-091-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * | | Simplify is_real_user_txn check to trust user_type is null if real userJason Robinson2019-09-091-1/+1
| | | | | | | | | | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * | | Auto-fix a few code style issuesJason Robinson2019-09-091-4/+4
| | | | | | | | | | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>