summary refs log tree commit diff
path: root/docs/sample_config.yaml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add an admin API to run background jobs. (#11352)Dirk Klimpel2021-11-191-2/+2
| | | | | | Instead of having admins poke into the database directly. Can currently run jobs to populate stats and to populate the user directory.
* Docs: Quote wildcard `federation_certificate_verification_whitelist` (#11381)Nicolai Søborg2021-11-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise I get this beautiful stacktrace: ``` python3 -m synapse.app.homeserver --config-path /etc/matrix/homeserver.yaml Traceback (most recent call last): File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main return _run_code(code, main_globals, None, File "/usr/lib/python3.8/runpy.py", line 87, in _run_code exec(code, run_globals) File "/root/synapse/synapse/app/homeserver.py", line 455, in <module> main() File "/root/synapse/synapse/app/homeserver.py", line 445, in main hs = setup(sys.argv[1:]) File "/root/synapse/synapse/app/homeserver.py", line 345, in setup config = HomeServerConfig.load_or_generate_config( File "/root/synapse/synapse/config/_base.py", line 671, in load_or_generate_config config_dict = read_config_files(config_files) File "/root/synapse/synapse/config/_base.py", line 717, in read_config_files yaml_config = yaml.safe_load(file_stream) File "/root/synapse/env/lib/python3.8/site-packages/yaml/__init__.py", line 125, in safe_load return load(stream, SafeLoader) File "/root/synapse/env/lib/python3.8/site-packages/yaml/__init__.py", line 81, in load return loader.get_single_data() File "/root/synapse/env/lib/python3.8/site-packages/yaml/constructor.py", line 49, in get_single_data node = self.get_single_node() File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 36, in get_single_node document = self.compose_document() File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 55, in compose_document node = self.compose_node(None, None) File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 82, in compose_node node = self.compose_sequence_node(anchor) File "/root/synapse/env/lib/python3.8/site-packages/yaml/composer.py", line 110, in compose_sequence_node while not self.check_event(SequenceEndEvent): File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 98, in check_event self.current_event = self.state() File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 379, in parse_block_sequence_first_entry return self.parse_block_sequence_entry() File "/root/synapse/env/lib/python3.8/site-packages/yaml/parser.py", line 384, in parse_block_sequence_entry if not self.check_token(BlockEntryToken, BlockEndToken): File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 116, in check_token self.fetch_more_tokens() File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 227, in fetch_more_tokens return self.fetch_alias() File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 610, in fetch_alias self.tokens.append(self.scan_anchor(AliasToken)) File "/root/synapse/env/lib/python3.8/site-packages/yaml/scanner.py", line 922, in scan_anchor raise ScannerError("while scanning an %s" % name, start_mark, yaml.scanner.ScannerError: while scanning an alias in "/etc/matrix/homeserver.yaml", line 614, column 5 expected alphabetic or numeric character, but found '.' in "/etc/matrix/homeserver.yaml", line 614, column 6 ``` Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
* Default value for `public_baseurl` (#11210)Richard van der Hoff2021-11-081-7/+6
| | | | | We might as well use a default value for `public_baseurl` based on `server_name` - in many cases, it will be correct.
* Support for serving server well-known files (#11211)Richard van der Hoff2021-11-011-0/+18
| | | | Fixes https://github.com/matrix-org/synapse/issues/8308
* Move experimental & retention config out of the server module. (#11070)Patrick Cloke2021-10-151-41/+42
|
* Port the Password Auth Providers module interface to the new generic ↵Azrenbeth2021-10-131-28/+0
| | | | | | interface (#10548) Co-authored-by: Azrenbeth <7782548+Azrenbeth@users.noreply.github.com> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Always add local users to the user directory (#10796)David Robertson2021-09-211-5/+9
| | | | | | | | | | | | | | | | | | | | | | | It's a simplification, but one that'll help make the user directory logic easier to follow with the other changes upcoming. It's not strictly required for those changes, but this will help simplify the resulting logic that listens for `m.room.member` events and generally make the logic easier to follow. This means the config option `search_all_users` ends up controlling the search query only, and not the data we store. The cost of doing so is an extra row in the `user_directory` and `user_directory_search` tables for each local user which - belongs to no public rooms - belongs to no private rooms of size ≥ 2 I think the cost of this will be marginal (since they'll already have entries in `users` and `profiles` anyway). As a small upside, a homeserver whose directory was built with this change can toggle `search_all_users` without having to rebuild their directory. Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Fix copy-paste error in the password section of the sample-config. (#10804)BramvdnHeuvel2021-09-131-1/+1
|
* Add config option to use non-default manhole password and keys (#10643)Azrenbeth2021-09-061-0/+18
|
* Allow configuration of the oEmbed URLs. (#10714)Patrick Cloke2021-08-311-0/+21
| | | | | This adds configuration options (under an `oembed` section) to configure which URLs are matched to use oEmbed for URL previews.
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-211-0/+15
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Merge branch 'release-v1.41' into developErik Johnston2021-08-181-206/+19
|\
| * Centralise the custom template directory (#10596)Brendan Abolivier2021-08-171-206/+19
| | | | | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* | Port the PresenceRouter module interface to the new generic interface (#10524)Azrenbeth2021-08-171-14/+0
|/ | | Port the PresenceRouter module interface to the new generic interface introduced in v1.37.0
* Add a setting to disable TLS for sending email (#10546)Richard van der Hoff2021-08-061-0/+8
| | | This is mostly useful in case the server offers TLS, but doesn't present a valid certificate.
* Add warnings to ip_range_blacklist usage with proxies (#10129)Kento Okamoto2021-08-031-0/+4
| | | | | | | | Per issue #9812 using `url_preview_ip_range_blacklist` with a proxy via `HTTPS_PROXY` or `HTTP_PROXY` environment variables has some inconsistent bahavior than mentioned. This PR changes the following: - Changes the Sample Config file to include a note mentioning that `url_preview_ip_range_blacklist` and `ip_range_blacklist` is ignored when using a proxy - Changes some logic in synapse/config/repository.py to send a warning when both `*ip_range_blacklist` configs and a proxy environment variable are set and but no longer throws an error. Signed-off-by: Kento Okamoto <kentokamoto@protonmail.com>
* Make sync response cache time configurable. (#10513)Richard van der Hoff2021-08-031-0/+9
|
* Allow setting transaction limit for db connections (#10440)Toni Spets2021-08-021-0/+4
| | | | | | | Setting the value will help PostgreSQL free up memory by recycling the connections in the connection pool. Signed-off-by: Toni Spets <toni.spets@iki.fi>
* Port the ThirdPartyEventRules module interface to the new generic interface ↵Brendan Abolivier2021-07-201-13/+0
| | | | | (#10386) Port the third-party event rules interface to the generic module interface introduced in v1.37.0
* Add a module type for account validity (#9884)Brendan Abolivier2021-07-161-85/+0
| | | | | This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.
* Merge tag 'v1.38.0rc2' into developErik Johnston2021-07-091-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.38.0rc2 (2021-07-09) ============================== Bugfixes -------- - Fix bug where inbound federation in a room could be delayed due to not correctly dropping a lock. Introduced in v1.37.1. ([\#10336](https://github.com/matrix-org/synapse/issues/10336)) Improved Documentation ---------------------- - Update links to documentation in the sample config. Contributed by @dklimpel. ([\#10287](https://github.com/matrix-org/synapse/issues/10287)) - Fix broken links in [INSTALL.md](INSTALL.md). Contributed by @dklimpel. ([\#10331](https://github.com/matrix-org/synapse/issues/10331))
| * Fix broken links in INSTALL.md (#10331)Dirk Klimpel2021-07-081-1/+2
| | | | | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* | Remove functionality associated with unused historical stats tables (#9721)Cristina2021-07-081-5/+0
|/ | | Fixes #9602
* Update links to documentation in sample config (#10287)Dirk Klimpel2021-07-071-21/+23
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add support for evicting cache entries based on last access time. (#10205)Erik Johnston2021-07-051-28/+34
|
* Implement config option `sso.update_profile_information` (#10108)jkanefendt2021-06-211-0/+11
| | | | | | Implemented config option sso.update_profile_information to keep user's display name in sync with the SSO displayname. Signed-off-by: Johannes Kanefendt <johannes.kanefendt@krzn.de>
* Standardise the module interface (#10062)Brendan Abolivier2021-06-181-13/+16
| | | This PR adds a common configuration section for all modules (see docs). These modules are then loaded at startup by the homeserver. Modules register their hooks and web resources using the new `register_[...]_callbacks` and `register_web_resource` methods of the module API.
* Remove support for ACME v1 (#10194)Brendan Abolivier2021-06-171-81/+3
| | | | | Fixes #9778 ACME v1 has been fully decommissioned for existing installs on June 1st 2021(see https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27), so we can now safely remove it from Synapse.
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-161-0/+4
| | | | | | | Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
* Mention that you need to configure max upload size in reverse proxy as well ↵Aaron Raimist2021-06-101-0/+4
| | | | | (#10122) Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Remove the experimental spaces enabled flag. (#10063)Patrick Cloke2021-05-261-15/+0
| | | | In lieu of just always enabling the unstable spaces endpoint and unstable room version.
* Remove tls_fingerprints option (#9280)Jerin J Titus2021-05-241-27/+0
| | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
* Enable experimental spaces by default. (#10011)Patrick Cloke2021-05-241-0/+15
| | | | The previous spaces_enabled flag now defaults to true and is exposed in the sample config.
* Support enabling opentracing by user (#9978)Richard van der Hoff2021-05-141-6/+14
| | | | | Add a config option which allows enabling opentracing by user id, eg for debugging requests made by a test user.
* Send the `m.room.create` stripped event with invites (support MSC1772). (#9966)Patrick Cloke2021-05-111-0/+1
| | | | | MSC1772 specifies the m.room.create event should be sent as part of the invite_state. This was done optionally behind an experimental flag, but is now done by default due to MSC1772 being approved.
* Add config option to hide device names over federation (#9945)Aaron Raimist2021-05-111-0/+6
| | | | | Now that cross signing exists there is much less of a need for other people to look at devices and verify them individually. This PR adds a config option to allow you to prevent device display names from being shared with other servers. Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Limit how often GC happens by time. (#9902)Erik Johnston2021-05-051-0/+10
| | | | | | | | | | | | | | | Synapse can be quite memory intensive, and unless care is taken to tune the GC thresholds it can end up thrashing, causing noticable performance problems for large servers. We fix this by limiting how often we GC a given generation, regardless of current counts/thresholds. This does not help with the reverse problem where the thresholds are set too high, but that should only happen in situations where they've been manually configured. Adds a `gc_min_seconds_between` config option to override the defaults. Fixes #9890.
* Add port parameter to the sample config for psycopg2 args (#9911)Andrew Morgan2021-05-041-0/+1
| | | Adds the `port` option with the default value to the sample config file.
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-201-1/+1
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-63/+85
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* Add a Synapse Module for configuring presence update routing (#9491)Andrew Morgan2021-04-061-2/+21
| | | | | | | | | | | | At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though. This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around. A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync. The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being: * Sending state for a specific set or all known users to a defined set of local and remote users. * The ability to trigger an initial sync for specific users, so they receive all current state.
* Make sample config allowed_local_3pids regex stricter. (#9719)Denis Kasak2021-03-311-2/+2
| | | | | | | The regex should be terminated so that subdomain matches of another domain are not accepted. Just ensuring that someone doesn't shoot themselves in the foot by copying our example. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* Replace `room_invite_state_types` with `room_prejoin_state` (#9700)Richard van der Hoff2021-03-301-8/+25
| | | | | | | `room_invite_state_types` was inconvenient as a configuration setting, because anyone that ever set it would not receive any new types that were added to the defaults. Here, we deprecate the old setting, and replace it with a couple of new settings under `room_prejoin_state`.
* Update the OIDC sample config (#9695)Richard van der Hoff2021-03-291-31/+3
| | | | | | | I've reiterated the advice about using `oidc` to migrate, since I've seen a few people caught by this. I've also removed a couple of the examples as they are duplicating the OIDC documentation, and I think they might be leading people astray.
* Increase default join burst ratelimiting (#9674)Erik Johnston2021-03-231-2/+2
| | | It's legitimate behaviour to try and join a bunch of rooms at once.
* Add SSO attribute requirements for OIDC providers (#9609)Hubbe2021-03-161-0/+24
| | | | Allows limiting who can login using OIDC via the claims made from the IdP.
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-161-1/+1
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Clean up config settings for stats (#9604)Richard van der Hoff2021-03-161-12/+13
| | | ... and complain if people try to turn it off.
* JWT OIDC secrets for Sign in with Apple (#9549)Richard van der Hoff2021-03-091-1/+20
| | | | | Apple had to be special. They want a client secret which is generated from an EC key. Fixes #9220. Also fixes #9212 while I'm here.
* Fixup sample configErik Johnston2021-03-091-2/+1
| | | | After 0764d0c6e575793ca506cf021aff3c4b9e0a5972
* Clean up the user directory sample config section (#9385)Andrew Morgan2021-02-221-18/+29
| | | | | The user directory sample config section was a little messy, and didn't adhere to our [recommended config format guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format). This PR cleans that up a bit.
* Add a config option to prioritise local users in user directory search ↵Andrew Morgan2021-02-191-0/+5
| | | | | | | | | results (#9383) This PR adds a homeserver config option, `user_directory.prefer_local_users`, that when enabled will show local users higher in user directory search results than remote users. This option is off by default. Note that turning this on doesn't necessarily mean that remote users will always be put below local users, but they should be assuming all other ranking factors (search query match, profile information present etc) are identical. This is useful for, say, University networks that are openly federating, but want to prioritise local students and staff in the user directory over other random users.
* Add configs to make profile data more private (#9203)AndrewFerr2021-02-191-0/+14
| | | | | | | Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
* Parse ui_auth.session_timeout as a duration (instead of treating it as ms) ↵Rishabh Arya2021-02-181-3/+3
| | | | (#9426)
* Fix sample configAndrew Morgan2021-02-121-1/+1
| | | | Just a small change missed in 7950aa8a27c3f45184c96fda210c62d068dd2591.
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-11/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-11/+9
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Fix escaping of braces in OIDC sample config. (#9317)Patrick Cloke2021-02-041-5/+5
| | | | | | This fixes the Jinja2 templates for the mapping provider.
* | Merge branch 'social_login_hotfixes' into developRichard van der Hoff2021-02-031-10/+4
|\|
| * Clarify documentation about escaping URLs in templates. (#9310)Patrick Cloke2021-02-031-10/+4
| |
* | config: Add detail to auto_join_rooms comment (#9291)dykstranet2021-02-031-0/+2
| | | | | | | | | | config: Add detail to auto_join_rooms comment Signed-off-by: Gary Dykstra <gary@dykstranet.com>
* | Convert blacklisted IPv4 addresses to compatible IPv6 addresses. (#9240)Patrick Cloke2021-02-031-0/+8
|/ | | Also add a few more IP ranges to the default blacklist.
* Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-021-2/+2
|
* Merge branch 'social_login' into developRichard van der Hoff2021-02-011-0/+37
|\
| * Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-011-0/+22
| |
| * Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-0/+15
| | | | | | fixes #9171
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-011-2/+44
|\|
| * Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-1/+31
| | | | | | | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
| * Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-011-1/+13
| |
* | Ratelimit invites by room and target user (#9258)Erik Johnston2021-01-291-0/+10
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-01-281-7/+21
|\|
| * Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-271-4/+9
| | | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
| * Support for scraping email addresses from OIDC providers (#9245)Richard van der Hoff2021-01-271-3/+12
| |
* | Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-281-1/+5
| |
* | Do not require the CAS service URL setting (use public_baseurl instead). (#9199)Patrick Cloke2021-01-261-4/+0
|/ | | | The current configuration is handled for backwards compatibility, but is considered deprecated.
* Prefix idp_id with "oidc-" (#9189)Richard van der Hoff2021-01-211-4/+9
| | | ... to avoid clashes with other SSO mechanisms
* Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-0/+4
|
* Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-14/+17
|
* Land support for multiple OIDC providers (#9110)Richard van der Hoff2021-01-151-133/+141
| | | | | | | | | | | | | | | | | | | | | | | This is the final step for supporting multiple OIDC providers concurrently. First of all, we reorganise the config so that you can specify a list of OIDC providers, instead of a single one. Before: oidc_config: enabled: true issuer: "https://oidc_provider" # etc After: oidc_providers: - idp_id: prov1 issuer: "https://oidc_provider" - idp_id: prov2 issuer: "https://another_oidc_provider" The old format is still grandfathered in. With that done, it's then simply a matter of having OidcHandler instantiate a new OidcProvider for each configured provider.
* Give the user a better error when they present bad SSO credsRichard van der Hoff2021-01-131-0/+8
| | | | | | | | | If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+25
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Update the value of group_creation_prefix in sample config. (#8992)Jerin J Titus2020-12-291-1/+1
| | | Removes the trailing slash with causes issues with matrix.to/Element.
* Send the location of the web client to the IS when inviting via 3PIDs. (#8930)Patrick Cloke2020-12-181-0/+6
| | | | Adds a new setting `email.invite_client_location` which, if defined, is passed to the identity server during invites.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-2/+3
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-0/+15
|
* Fix the sample config location for the ip_range_whitelist setting. (#8954)Patrick Cloke2020-12-161-12/+12
| | | | Move it from the federation section to the server section to match ip_range_blacklist.
* Default to blacklisting reserved IP ranges and add a whitelist. (#8870)Patrick Cloke2020-12-091-21/+45
| | | | This defaults `ip_range_blacklist` to reserved IP ranges and also adds an `ip_range_whitelist` setting to override it.
* Clarify config template comments (#8891)Richard van der Hoff2020-12-081-8/+4
|
* Add authentication to replication endpoints. (#8853)Patrick Cloke2020-12-041-0/+7
| | | | Authentication is done by checking a shared secret provided in the Synapse configuration file.
* Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-6/+8
| | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* Add a config option to change whether unread push notification counts are ↵Andrew Morgan2020-11-301-0/+10
| | | | | | | | per-message or per-room (#8820) This PR adds a new config option to the `push` section of the homeserver config, `group_unread_count_by_room`. By default Synapse will group push notifications by room (so if you have 1000 unread messages, if they lie in 55 rooms, you'll see an unread count on your phone of 55). However, it is also useful to be able to send out the true count of unread messages if desired. If `group_unread_count_by_room` is set to `false`, then with the above example, one would see an unread count of 1000 (email anyone?).
* Fix the formatting of push config section (#8818)Andrew Morgan2020-11-251-14/+19
| | | This PR updates the push config's formatting to better align with our [code style guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format).
* SAML: Allow specifying the IdP entityid to use. (#8630)Ben Banfield-Zanin2020-11-191-0/+8
| | | | If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication.
* SAML: Document allowing a clock/time difference from IdP (#8731)Marcus Schopen2020-11-181-0/+6
| | | | Updates the sample configuration with the pysaml2 configuration for accepting clock skew/drift between the homeserver and IdP.
* Clarify the usecase for an msisdn delegate (#8734)Adrian Wannenmacher2020-11-141-2/+3
| | | Signed-off-by: Adrian Wannenmacher <tfld@tfld.dev>
* SAML: add <mdui:UIInfo> element examples (#8718)Marcus Schopen2020-11-131-0/+22
| | | add some mdui:UIInfo element examples for saml2_config in homeserver.yaml
* Improve the sample config for SSO (OIDC, SAML, and CAS). (#8635)Patrick Cloke2020-10-301-50/+76
|
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-3/+3
|
* Increase default max_upload_size from 10M to 50M (#8502)Mateusz Przybyłowicz2020-10-091-1/+1
| | | Signed-off-by: Mateusz Przybyłowicz <uamfhq@gmail.com>
* Update default room version to 6 (#8461)Richard van der Hoff2020-10-051-1/+1
| | | | Per https://github.com/matrix-org/matrix-doc/pull/2788
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-021-0/+5
|
* Add config option for always using "userinfo endpoint" for OIDC (#7658)BBBSnowball2020-10-011-0/+8
| | | This allows for connecting to certain IdPs, e.g. GitLab.
* Add prometheus metrics to track federation delays (#8430)Richard van der Hoff2020-10-011-0/+12
| | | | | Add a pair of federation metrics to track the delays in sending PDUs to/from particular servers.
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-0/+8
|
* Update description of server_name config option (#8415)Aaron Raimist2020-09-291-4/+17
|
* Allow existing users to login via OpenID Connect. (#8345)Tdxdxoz2020-09-251-0/+5
| | | | | | | Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com> This adds configuration flags that will match a user to pre-existing users when logging in via OpenID Connect. This is useful when switching to an existing SSO system.
* Improve SAML error messages (#8248)Patrick Cloke2020-09-141-26/+4
|
* Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-101-3/+7
| | | | | This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
* Add a config option for validating 'next_link' parameters against a domain ↵Andrew Morgan2020-09-081-0/+18
| | | | | | | | | | | whitelist (#8275) This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
* Allow capping a room's retention policy (#8104)Brendan Abolivier2020-08-241-8/+14
|
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-171-3/+1
| | | Fixes https://github.com/matrix-org/synapse/issues/6583
* Implement login blocking based on SAML attributes (#8052)Richard van der Hoff2020-08-111-0/+11
| | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2020-07-311-18/+15
|\ | | | | | | erikj/add_rate_limiting_to_joins
| * Merge branch 'master' into developOlivier Wilkinson (reivilibre)2020-07-301-0/+54
| |\
| * | Various improvements to the docs (#7899)Aaron Raimist2020-07-291-18/+11
| | |
| * | Option to allow server admins to join complex rooms (#7902)lugino-emeritus2020-07-281-0/+4
| | | | | | | | | | | | | | | Fixes #7901. Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
* | | Add ratelimiting on joinsErik Johnston2020-07-311-0/+12
| |/ |/|
* | Update worker docs with recent enhancements (#7969)Erik Johnston2020-07-291-0/+54
|/
* Fix a typo in the sample config. (#7890)Adrian2020-07-201-1/+1
|
* Change sample config's postgres user to synapse_user (#7889)Andrew Morgan2020-07-201-1/+1
| | | | | | | The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`. However, uncommenting the postgres defaults in the sample config leave you with user `synapse`. This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.
* Add a default limit (of 100) to get/sync operations. (#7858)Patrick Cloke2020-07-171-1/+3
|
* Allow email subjects to be customised through Synapse's configuration (#7846)Brendan Abolivier2020-07-141-2/+69
|
* Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)Patrick Cloke2020-07-141-0/+21
|
* Add ability to shard the federation sender (#7798)Erik Johnston2020-07-101-32/+33
|
* Add documentation for JWT login type and improve sample config. (#7776)Patrick Cloke2020-07-061-4/+31
|
* Additional configuration options for auto-join rooms (#7763)Patrick Cloke2020-06-301-2/+58
|
* fix broken link in sample config (#7712)Richard van der Hoff2020-06-161-1/+1
|
* Increase the default SAML session expirary time to 15 minutes. (#7664)Patrick Cloke2020-06-111-1/+1
|
* fix typo in sample_config.yaml (#7652)wondratsch2020-06-111-1/+1
| | | | | Just a simple typo fix. Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
* Add option to enable encryption by default for new rooms (#7639)Andrew Morgan2020-06-101-0/+20
| | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/2431 Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used. Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637 Based on #7637
* Add an option to disable autojoin for guest accounts (#6637)Travis Ralston2020-06-051-0/+7
| | | | Fixes https://github.com/matrix-org/synapse/issues/3177
* Cleanups to the OpenID Connect integration (#7628)Richard van der Hoff2020-06-031-66/+96
| | | | docs, default configs, comments. Nothing very significant.
* Clean up exception handling in SAML2ResponseResource (#7614)Richard van der Hoff2020-06-031-1/+7
| | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions.
* Fix sample config docs error (#7581)Jason Robinson2020-05-271-1/+1
| | | | | | 'client_auth_method' commented out value was erronously 'client_auth_basic', when code and docstring says it should be 'client_secret_basic'. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Fix up commentsErik Johnston2020-05-271-1/+1
|
* Fix specifying cache factors via env vars with * in name. (#7580)Erik Johnston2020-05-271-0/+6
| | | | | This mostly applise to `*stateGroupCache*` and co. Broke in #6391.
* Fix some DETECTED VIOLATIONS in the config file (#7550)Richard van der Hoff2020-05-221-26/+35
| | | consistency ftw
* Allow configuration of Synapse's cache without using synctl or environment ↵Amber Brown2020-05-111-4/+39
| | | | variables (#6391)
* Extend spam checker to allow for multiple modules (#7435)Andrew Morgan2020-05-081-4/+11
|
* Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-0/+95
|
* Add a configuration setting for the dummy event threshold (#7422)Brendan Abolivier2020-05-071-0/+12
| | | Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
* Add documentation to the sample config about the templates for SSO. (#7343)Patrick Cloke2020-04-241-0/+24
|
* Revert "Revert "Merge pull request #7315 from ↵Brendan Abolivier2020-04-231-0/+10
| | | | | | matrix-org/babolivier/request_token"" This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
* Fix indention in generated config file (#7300)Lars Franke2020-04-201-26/+26
| | | | | | Also adjust sample_config.yaml Signed-off-by: Lars Franke <frcl@mailbox.org>
* Clarify the comments for media_storage_providers options (#7272)Tristan Lins2020-04-171-4/+3
|
* Allow specifying the value of Accept-Language header for URL previews (#7265)Andrew Morgan2020-04-151-0/+25
|
* Add documentation to password_providers config option (#7238)Andrew Morgan2020-04-081-1/+13
|
* Extend web_client_location to handle absolute URLs (#7006)Martin Milata2020-04-031-3/+8
| | | | | Log warning when filesystem path is used. Signed-off-by: Martin Milata <martin@martinmilata.cz>
* Fix a small typo in the `metrics_flags` config option. (#7171)Andrew Morgan2020-03-301-1/+1
|
* Always whitelist the login fallback for SSO (#7153)Richard van der Hoff2020-03-271-0/+4
| | | | | | | That fallback sets the redirect URL to itself (so it can process the login token then return gracefully to the client). This would make it pointless to ask the user for confirmation, since the URL the confirmation page would be showing wouldn't be the client's.
* Add options to prevent users from changing their profile. (#7096)Dirk Klimpel2020-03-271-0/+23
|
* Allow server admins to define and enforce a password policy (MSC2000). (#7118)Dirk Klimpel2020-03-261-0/+35
|
* Remove unused captcha_bypass_secret option (#7137)Aaron Raimist2020-03-251-4/+0
| | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Improve database configuration docs (#6988)Richard van der Hoff2020-03-201-5/+38
| | | | | Attempts to clarify the sample config for databases, and add some stuff about tcp keepalives to `postgres.md`.
* Revert "Add options to disable setting profile info for prevent changes. ↵Richard van der Hoff2020-03-171-13/+0
| | | | | | | (#7053)" This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
* Put the file in the templates directoryBrendan Abolivier2020-03-111-7/+16
|
* Update wording and configBrendan Abolivier2020-03-111-0/+3
|
* Add options to disable setting profile info for prevent changes. (#7053)Brendan Abolivier2020-03-101-0/+13
|\
| * Update sample_config.yamlDirk Klimpel2020-03-101-1/+1
| |
| * updates after reviewdklimpel2020-03-091-5/+5
| |
| * add disable_3pid_changesdklimpel2020-03-081-0/+5
| |
| * lint2dklimpel2020-03-081-2/+2
| |
| * changelogdklimpel2020-03-081-0/+8
| |
* | Update sample configBrendan Abolivier2020-03-101-0/+7
| |
* | Merge branch 'master' into developBrendan Abolivier2020-03-031-0/+50
|\ \ | |/ |/|
| * Add a whitelist for the SSO confirmation step.Richard van der Hoff2020-03-021-3/+19
| |
| * Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-021-0/+34
| |
* | Fix minor issues with email config (#6962)Richard van der Hoff2020-02-241-4/+5
|/ | | | | | * Give `notif_template_html`, `notif_template_text` default values (fixes #6960) * Don't complain if `smtp_host` and `smtp_port` are unset, since they have sensible defaults (fixes #6961) * Set the example for `enable_notifs` to `True`, for consistency and because it's more useful * Raise errors as ConfigError rather than RuntimeError for nicer formatting
* Merge pull request #6907 from matrix-org/babolivier/acme-configBrendan Abolivier2020-02-181-0/+5
|\ | | | | Add mention and warning about ACME v1 deprecation to the TLS config
| * Add mention and warning about ACME v1 deprecation to the Synapse configBrendan Abolivier2020-02-131-0/+5
| |
* | Add a warning about indentation to generated config (#6920)Richard van der Hoff2020-02-141-1/+11
|/ | | Fixes #6916.
* Clarify the `account_validity` and `email` sections of the sample ↵Richard van der Hoff2020-01-171-132/+152
| | | | | | | | | | | configuration. (#6685) Generally try to make this more comprehensible, and make it match the conventions. I've removed the documentation for all the settings which allow you to change the names of the template files, because I can't really see why they are useful.
* Merge pull request #6621 from matrix-org/babolivier/purge_job_config_typoBrendan Abolivier2020-01-071-5/+5
|\ | | | | Fix a typo in the purge jobs configuration example
| * RewordBrendan Abolivier2020-01-071-3/+3
| |
| * Change the example from 5min to 12hBrendan Abolivier2020-01-071-4/+4
| | | | | | | | Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
| * Update sample configBrendan Abolivier2020-01-031-1/+1
| |
* | Remove unused, undocumented "content repo" resource (#6628)Richard van der Hoff2020-01-031-4/+0
|/ | | | | | This looks like it got half-killed back in #888. Fixes #6567.
* Add an export_signing_key script (#6546)Richard van der Hoff2019-12-191-8/+13
| | | | | I want to do some key rotation, and it is silly that we don't have a way to do this.
* Add option to allow profile queries without sharing a room (#6523)Will Hunt2019-12-161-0/+7
|
* Allow SAML username provider plugins (#6411)Andrew Morgan2019-12-101-18/+43
|
* privacy by default for room dir (#6355)Neil Johnson2019-12-041-6/+7
| | | | Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
* Clarifications for the email configuration settings. (#6423)Richard van der Hoff2019-11-281-1/+16
| | | Cf #6422
* Merge branch 'develop' into babolivier/message_retentionBrendan Abolivier2019-11-261-5/+5
|\
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2019-11-141-1/+1
| |\ | | | | | | | | | | | | | | | | | | | | | anoa/homeserver_copy * 'develop' of github.com:matrix-org/synapse: Blacklist PurgeRoomTestCase (#6361) Set room version default to 5
| | * Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5Brendan Abolivier2019-11-141-1/+1
| | |\ | | | | | | | | Set room version default to 5
| | | * Set room version default to 5Neil Johnson2019-10-191-1/+1
| | | |
| * | | sample configAndrew Morgan2019-11-121-4/+4
| |/ /
* / / Implement per-room message retention policiesBrendan Abolivier2019-11-041-0/+63
|/ /
* | Fix typo in domain name in account_threepid_delegates config option (#6273)Andrew Morgan2019-10-301-1/+1
| |
* | Option to suppress resource exceeded alerting (#6173)Neil Johnson2019-10-241-1/+7
| | | | | | | | The expected use case is to suppress MAU limiting on small instances
* | Add config linting script that checks for bool casing (#6203)Andrew Morgan2019-10-231-15/+15
|/ | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it.
* cas: support setting display name (#6114)Valérian Rousset2019-10-111-0/+1
| | | Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
* Fix 'redaction_retention_period' sampel config to match guidelinesErik Johnston2019-09-261-1/+1
|
* Explicitly log when a homeserver does not have a trusted key server ↵Neil Johnson2019-09-261-4/+10
| | | | configured (#6090)
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-251-51/+90
|\ | | | | | | erikj/cleanup_user_ips_2
| * Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-241-1/+18
| |\
| | * Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-231-0/+2
| | | | | | | | | | | | | | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
| | * Merge pull request #6064 from matrix-org/rav/saml_config_cleanupRichard van der Hoff2019-09-231-51/+59
| | |\ | | | | | | | | Make the sample saml config closer to our standards
| | | * Merge branch 'develop' into rav/saml_config_cleanupRichard van der Hoff2019-09-191-27/+95
| | | |\
| | * | | Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
| * | | | Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-191-27/+95
| |\ \ \ \ | | | |_|/ | | |/| |
| * | | | Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-0/+26
| | |_|/ | |/| | | | | | | | | | | | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
| * | | Make the sample saml config closer to our standardsRichard van der Hoff2019-09-131-51/+59
| | | | | | | | | | | | | | | | It' still not great, thanks to the nested dictionaries, but it's better.
* | | | Review commentsErik Johnston2019-09-251-1/+1
| | | |
* | | | Prune rows in user_ips older than configured periodErik Johnston2019-09-241-0/+6
| |_|/ |/| | | | | | | | Defaults to pruning everything older than 28d.
* | | Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-201-0/+12
| | |
* | | Fix typo in account_threepid_delegates config (#6028)Jorik Schellekens2019-09-181-1/+1
| |/ |/|
* | fix sample configRichard van der Hoff2019-09-181-1/+1
| | | | | | | | this was apparently broken by #6040.
* | (#5849) Convert rst to markdown (#6040)dstipp2019-09-171-6/+6
| | | | | | | | | | Converting some of the rst documentation to markdown. Attempted to preserve whitespace and line breaks to minimize cosmetic change.
* | add report_stats_endpoint config option (#6012)Sorunome2019-09-121-0/+5
| | | | | | This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
* | Update sample configErik Johnston2019-09-111-1/+1
| |
* | Update sample configErik Johnston2019-09-111-0/+7
| |
* | Merge pull request #5934 from matrix-org/erikj/censor_redactionsErik Johnston2019-09-091-0/+7
|\ \ | | | | | | Censor redactions in DB after a month
| * | Default to censoring redactions after seven daysErik Johnston2019-09-091-3/+5
| | |
| * | Make redaction retention period configurableErik Johnston2019-09-051-0/+5
| | |
* | | Servers-known-about statistic (#5981)Amber Brown2019-09-071-0/+10
| | |
* | | Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-061-13/+43
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* | Add a link to python's logging config schema (#5926)Jorik Schellekens2019-08-281-1/+2
| |
* | Config templating (#5900)Jorik Schellekens2019-08-281-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org>
* | Fixup review commentsErik Johnston2019-08-231-2/+2
| |
* | Add config option for keys to use to sign keysErik Johnston2019-08-211-0/+8
|/ | | | | This allows servers to separate keys that are used to sign remote keys when acting as a notary server.
* Don't load the media repo when configured to use an external media repo (#5754)Amber Brown2019-08-131-0/+7
|
* LintBrendan Abolivier2019-08-011-1/+1
|
* Sample configBrendan Abolivier2019-08-011-0/+10
|
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-4/+0
| | | | | | | | The `expire_access_token` didn't do what it sounded like it should do. What it actually did was make Synapse enforce the 'time' caveat on macaroons used as access tokens, but since our access token macaroons never contained such a caveat, it was always a no-op. (The code to add 'time' caveats was removed back in v0.18.5, in #1656)
* Room Complexity Client Implementation (#5783)Amber Brown2019-07-301-0/+17
|
* Make Jaeger fully configurable (#5694)Jorik Schellekens2019-07-231-0/+16
| | | | | | * Allow Jaeger to be configured * Update sample config
* Opentracing Documentation (#5703)Jorik Schellekens2019-07-221-12/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Opentracing survival guide * Update decorator names in doc * Doc cleanup These are all alterations as a result of comments in #5703, it includes mostly typos and clarifications. The most interesting changes are: - Split developer and user docs into two sections - Add a high level description of OpenTracing * newsfile * Move contributer specific info to docstring. * Sample config. * Trailing whitespace. * Update 5703.misc * Apply suggestions from code review Mostly just rewording parts of the docs for clarity. Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Clean up opentracing configuration options (#5712)Richard van der Hoff2019-07-181-14/+31
| | | | | | | | | | | | | | | | | Clean up config settings and dead code. This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular: * There should be a blank line after `## Section ##' headings * There should be a blank line between each config setting * There should be a `#`-only line between a comment and the setting it describes * We don't really do the `# #` style commenting-out of whole sections if we can help it * rename `tracer_enabled` to `enabled` While we're here, do more config parsing upfront, which makes it easier to use later on. Also removes redundant code from LogContextScopeManager. Also changes the changelog fragment to a `feature` - it's exciting!
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-0/+11
| | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
* Add basic opentracing support (#5544)Jorik Schellekens2019-07-111-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
* Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-011-1/+24
|\
| * Update the TLS cipher string and provide configurability for TLS on outgoing ↵Amber Brown2019-06-281-0/+9
| | | | | | | | federation (#5550)
| * Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-271-0/+6
| | | | | | | | | | Signed-off-by: Daniel Hoffend <dh@dotlan.net>
| * Make it clearer that the template dir is relative to synapse's root dir (#5543)Andrew Morgan2019-06-271-1/+9
| | | | | | Helps address #5444
* | update sample configRichard van der Hoff2019-06-271-6/+13
| |
* | update sample configRichard van der Hoff2019-06-261-0/+13
|/
* Merge pull request #5524 from matrix-org/rav/new_cmdline_optionsRichard van der Hoff2019-06-241-1/+1
|\ | | | | Add --data-dir and --open-private-ports options.
| * Add "--open-private-ports" cmdline optionRichard van der Hoff2019-06-241-1/+1
| | | | | | | | This is helpful when generating a config file for running synapse under docker.
* | Merge pull request #5534 from matrix-org/babolivier/federation-publicroomsBrendan Abolivier2019-06-241-4/+8
|\ \ | |/ |/| Split public rooms directory auth config in two
| * Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-4/+8
| |
* | Allow configuration of the path used for ACME account keys.Richard van der Hoff2019-06-241-0/+7
|/ | | | | Because sticking it in the same place as the config isn't necessarily the right thing to do.
* Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-221-23/+0
| | | This has no useful purpose on python3, and is generally a source of confusion.
* Add plugin APIs for implementations of custom event rules.Brendan Abolivier2019-06-141-0/+13
|
* Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | Set default room version to v4.
* Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-10/+50
| | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-6/+37
| | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verificationRichard van der Hoff2019-06-051-0/+16
|\
| * Neilj/mau tracking config explainer (#5284)Neil Johnson2019-06-051-0/+16
| | | | | | | | Improve documentation of monthly active user blocking and mau_trial_days
* | Update sample configRichard van der Hoff2019-06-051-4/+4
|/