summary refs log tree commit diff
path: root/docs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Support enabling opentracing by user (#9978)Richard van der Hoff2021-05-142-11/+19
| | | | | Add a config option which allows enabling opentracing by user id, eg for debugging requests made by a test user.
* Update minimum supported version in postgres.md (#9988)Andrew Morgan2021-05-141-1/+1
|
* Update SSO mapping providers documentation about unique IDs. (#9980)Patrick Cloke2021-05-131-7/+11
|
* Send the `m.room.create` stripped event with invites (support MSC1772). (#9966)Patrick Cloke2021-05-111-0/+1
| | | | | MSC1772 specifies the m.room.create event should be sent as part of the invite_state. This was done optionally behind an experimental flag, but is now done by default due to MSC1772 being approved.
* Add config option to hide device names over federation (#9945)Aaron Raimist2021-05-111-0/+6
| | | | | Now that cross signing exists there is much less of a need for other people to look at devices and verify them individually. This PR adds a config option to allow you to prevent device display names from being shared with other servers. Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Limit how often GC happens by time. (#9902)Erik Johnston2021-05-051-0/+10
| | | | | | | | | | | | | | | Synapse can be quite memory intensive, and unless care is taken to tune the GC thresholds it can end up thrashing, causing noticable performance problems for large servers. We fix this by limiting how often we GC a given generation, regardless of current counts/thresholds. This does not help with the reverse problem where the thresholds are set too high, but that should only happen in situations where they've been manually configured. Adds a `gc_min_seconds_between` config option to override the defaults. Fixes #9890.
* Add port parameter to the sample config for psycopg2 args (#9911)Andrew Morgan2021-05-041-0/+1
| | | Adds the `port` option with the default value to the sample config file.
* Delete room endpoint (#9889)ThibF2021-04-291-1/+10
| | | | | | Support the delete of a room through DELETE request and mark previous request as deprecated through documentation. Signed-off-by: Thibault Ferrante <thibault.ferrante@pm.me>
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-202-3/+3
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-63/+85
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* Add an admin API to manage ratelimit for a specific user (#9648)Dirk Klimpel2021-04-131-1/+116
|
* Add a Synapse Module for configuring presence update routing (#9491)Andrew Morgan2021-04-062-2/+256
| | | | | | | | | | | | At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though. This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around. A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync. The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being: * Sending state for a specific set or all known users to a defined set of local and remote users. * The ability to trigger an initial sync for specific users, so they receive all current state.
* Merge branch 'master' into developErik Johnston2021-04-061-0/+33
|\
| * Add deprecation policy doc (#9723)Erik Johnston2021-04-061-0/+33
| | | | | | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* | Add `order_by` to list user admin API (#9691)Dirk Klimpel2021-04-011-22/+63
| |
* | Make sample config allowed_local_3pids regex stricter. (#9719)Denis Kasak2021-03-311-2/+2
| | | | | | | | | | | | | | The regex should be terminated so that subdomain matches of another domain are not accepted. Just ensuring that someone doesn't shoot themselves in the foot by copying our example. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* | Replace `room_invite_state_types` with `room_prejoin_state` (#9700)Richard van der Hoff2021-03-302-8/+28
|/ | | | | | | `room_invite_state_types` was inconvenient as a configuration setting, because anyone that ever set it would not receive any new types that were added to the defaults. Here, we deprecate the old setting, and replace it with a couple of new settings under `room_prejoin_state`.
* Update the OIDC sample config (#9695)Richard van der Hoff2021-03-291-31/+3
| | | | | | | I've reiterated the advice about using `oidc` to migrate, since I've seen a few people caught by this. I've also removed a couple of the examples as they are duplicating the OIDC documentation, and I think they might be leading people astray.
* Preserve host in example apache config (#9696)Paul Tötterman2021-03-261-2/+5
| | | | | Fixes redirect loop Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
* docs: fallback/web endpoint does not appear to be mounted on workers (#9679)Ben Banfield-Zanin2021-03-241-2/+1
|
* Increase default join burst ratelimiting (#9674)Erik Johnston2021-03-231-2/+2
| | | It's legitimate behaviour to try and join a bunch of rooms at once.
* Add SSO attribute requirements for OIDC providers (#9609)Hubbe2021-03-161-0/+24
| | | | Allows limiting who can login using OIDC via the claims made from the IdP.
* Pass SSO IdP information to spam checker's registration function (#9626)Andrew Morgan2021-03-161-1/+7
| | | | | | | Fixes https://github.com/matrix-org/synapse/issues/9572 When a SSO user logs in for the first time, we create a local Matrix user for them. This goes through the register_user flow, which ends up triggering the spam checker. Spam checker modules don't currently have any way to differentiate between a user trying to sign up initially, versus an SSO user (whom has presumably already been approved elsewhere) trying to log in for the first time. This PR passes `auth_provider_id` as an argument to the `check_registration_for_spam` function. This argument will contain an ID of an SSO provider (`"saml"`, `"cas"`, etc.) if one was used, else `None`.
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-162-5/+5
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Clean up config settings for stats (#9604)Richard van der Hoff2021-03-161-12/+13
| | | ... and complain if people try to turn it off.
* Fix spam checker modules documentation example (#9580)Jason Robinson2021-03-101-0/+10
| | | | Mention that parse_config must exist and note the check_media_file_for_spam method.
* Link to the List user's media admin API from media Admin API docs (#9571)Andrew Morgan2021-03-091-2/+14
| | | | | Earlier [I was convinced](https://github.com/matrix-org/synapse/issues/9565) that we didn't have an Admin API for listing media uploaded by a user. Foolishly I was looking under the Media Admin API documentation, instead of the User Admin API documentation. I thought it'd be helpful to link to the latter so others don't hit the same dead end :)
* JWT OIDC secrets for Sign in with Apple (#9549)Richard van der Hoff2021-03-092-4/+59
| | | | | Apple had to be special. They want a client secret which is generated from an EC key. Fixes #9220. Also fixes #9212 while I'm here.
* Fixup sample configErik Johnston2021-03-091-2/+1
| | | | After 0764d0c6e575793ca506cf021aff3c4b9e0a5972
* Update reverse proxy to add OpenBSD relayd example configuration. (#9508)Leo Bärring2021-03-061-2/+49
| | | | | Update reverse proxy to add OpenBSD relayd example configuration. Signed-off-by: Leo Bärring <leo.barring@protonmail.com>
* Update nginx reverse-proxy docs (#9512)Richard van der Hoff2021-03-031-0/+2
| | | Turns out nginx overwrites the Host header by default.
* Add support for X-Forwarded-Proto (#9472)Richard van der Hoff2021-02-241-13/+23
| | | | | rewrite XForwardedForRequest to set `isSecure()` based on `X-Forwarded-Proto`. Also implement `getClientAddress()` while we're here.
* Fix typo in spam checker documentationAndrew Morgan2021-02-241-1/+1
|
* Fix deleting pushers when using sharded pushers. (#9465)Erik Johnston2021-02-221-4/+0
|
* Add an `order_by` field to list users' media admin API. (#8978)Dirk Klimpel2021-02-221-4/+34
|
* example systemd config: propagate reloads to units (#9463)Richard van der Hoff2021-02-222-0/+2
| | | | | It should be possible to reload `synapse.target` to have the reload propagate to all the synapse units.
* Clean up the user directory sample config section (#9385)Andrew Morgan2021-02-221-18/+29
| | | | | The user directory sample config section was a little messy, and didn't adhere to our [recommended config format guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format). This PR cleans that up a bit.
* Add a config option to prioritise local users in user directory search ↵Andrew Morgan2021-02-191-0/+5
| | | | | | | | | results (#9383) This PR adds a homeserver config option, `user_directory.prefer_local_users`, that when enabled will show local users higher in user directory search results than remote users. This option is off by default. Note that turning this on doesn't necessarily mean that remote users will always be put below local users, but they should be assuming all other ranking factors (search query match, profile information present etc) are identical. This is useful for, say, University networks that are openly federating, but want to prioritise local students and staff in the user directory over other random users.
* Add configs to make profile data more private (#9203)AndrewFerr2021-02-191-0/+14
| | | | | | | Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
* Parse ui_auth.session_timeout as a duration (instead of treating it as ms) ↵Rishabh Arya2021-02-181-3/+3
| | | | (#9426)
* Add http2 to the nginx example config (#9390)David Vo2021-02-181-4/+4
|
* Revert "Update workers.md"Richard van der Hoff2021-02-181-1/+1
| | | | This reverts commit a8878960c0139f80bbb6f84bd0f0cb7352429c5b.
* Add the shadow-banning status to the display user admin API. (#9400)Dirk Klimpel2021-02-171-3/+6
|
* Update workers.mdRichard van der Hoff2021-02-171-1/+2
|
* Update workers.mdRichard van der Hoff2021-02-171-1/+1
| | | tiny typo in sso paths
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-12/+4
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Fix OIDC gitiea redirect URL. (#9404)Marcus2021-02-161-1/+1
| | | | Fixes a "conflict" from 846b9d3df033be1043710e49e89bcba68722071e and d1f13c7485768b45bfc1a2a674830c681c52e2a1.
* Document that pusher instances are shardable (#9407)Erik Johnston2021-02-161-1/+9
|
* Fix sample configAndrew Morgan2021-02-121-1/+1
| | | | Just a small change missed in 7950aa8a27c3f45184c96fda210c62d068dd2591.
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-11/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-11/+9
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Add XWiki OIDC provider example. (#9324)Thomas Mortagne2021-02-091-0/+22
| |
* | Merge pull request #9150 from Yoric/develop-contextDavid Teller2021-02-081-0/+119
|\ \ | | | | | | New API /_synapse/admin/rooms/{roomId}/context/{eventId}
| * | FIXUP: Documenting /_synapse/admin/v1/rooms/<room_id>/context/<event_id>David Teller2021-01-281-0/+119
| | |
* | | Merge branch 'erikj/media_spam_checker' into developErik Johnston2021-02-041-0/+3
|\ \ \
| * | | Add check_media_file_for_spam spam checker hookErik Johnston2021-02-041-0/+3
| | |/ | |/|
* | | Correct `matrix-synapse.service` reference in TURN howto docs. (#9308)dykstranet2021-02-041-1/+1
| | |
* | | Fix escaping of braces in OIDC sample config. (#9317)Patrick Cloke2021-02-041-5/+5
| | | | | | | | | This fixes the Jinja2 templates for the mapping provider.
* | | Merge branch 'social_login_hotfixes' into developRichard van der Hoff2021-02-031-10/+4
|\| |
| * | Clarify documentation about escaping URLs in templates. (#9310)Patrick Cloke2021-02-031-10/+4
| | |
* | | config: Add detail to auto_join_rooms comment (#9291)dykstranet2021-02-031-0/+2
| | | | | | | | | | | | | | | config: Add detail to auto_join_rooms comment Signed-off-by: Gary Dykstra <gary@dykstranet.com>
* | | Convert blacklisted IPv4 addresses to compatible IPv6 addresses. (#9240)Patrick Cloke2021-02-031-0/+8
|/ / | | | | Also add a few more IP ranges to the default blacklist.
* | Add an admin API to get the current room state (#9168)Travis Ralston2021-02-021-0/+30
| | | | | | | | | | This could arguably replace the existing admin API for `/members`, however that is out of scope of this change. This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database.
* | Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-022-3/+3
| |
* | Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-012-10/+11
| |
* | Add an OpenID example config for Gitea. (#9134)Oliver Hanikel2021-02-011-0/+34
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-012-0/+38
|\ \
| * | Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+23
| | |
| * | Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-0/+15
| | | | | | | | | fixes #9171
* | | Merge branch 'social_login' into developRichard van der Hoff2021-02-012-10/+54
|\| |
| * | Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-1/+31
| | | | | | | | | | | | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
| * | Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-011-1/+13
| | |
| * | Fix SSO on workers (#9271)Richard van der Hoff2021-02-011-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
* | | Ratelimit invites by room and target user (#9258)Erik Johnston2021-01-291-0/+10
| | |
* | | Merge branch 'social_login' into developRichard van der Hoff2021-01-282-7/+24
|\| |
| * | Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-272-4/+12
| | | | | | | | | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
| * | Support for scraping email addresses from OIDC providers (#9245)Richard van der Hoff2021-01-271-3/+12
| | |
* | | Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-281-1/+5
| |/ |/|
* | Add notes on integrating with Facebook for SSO login. (#9244)Richard van der Hoff2021-01-271-5/+48
| |
* | Add a note to changelog about redis usage (#9227)Erik Johnston2021-01-271-1/+4
| |
* | Do not require the CAS service URL setting (use public_baseurl instead). (#9199)Patrick Cloke2021-01-261-4/+0
| | | | | | | | The current configuration is handled for backwards compatibility, but is considered deprecated.
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-261-0/+30
|\ \ | | | | | | | | | | | | # Conflicts: # synapse/rest/admin/__init__.py
| * | Add an admin API for shadow-banning users. (#9209)Patrick Cloke2021-01-251-0/+30
| |/ | | | | | | | | | | | | | | | | | | This expands the current shadow-banning feature to be usable via the admin API and adds documentation for it. A shadow-banned users receives successful responses to their client-server API requests, but the events are not propagated into rooms. Shadow-banning a user should be used as a tool of last resort and may lead to confusing or broken behaviour for the client.
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-2310-246/+480
|\|
| * Merge remote-tracking branch 'origin/release-v1.26.0' into developRichard van der Hoff2021-01-211-4/+9
| |\
| | * Prefix idp_id with "oidc-" (#9189)Richard van der Hoff2021-01-211-4/+9
| | | | | | | | | ... to avoid clashes with other SSO mechanisms
| * | Merge tag 'v1.26.0rc1' into developPatrick Cloke2021-01-201-0/+4
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.26.0rc1 (2021-01-20) ============================== This release brings a new schema version for Synapse and rolling back to a previous verious is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes and for general upgrade guidance. Features -------- - Add support for multiple SSO Identity Providers. ([\#9015](https://github.com/matrix-org/synapse/issues/9015), [\#9017](https://github.com/matrix-org/synapse/issues/9017), [\#9036](https://github.com/matrix-org/synapse/issues/9036), [\#9067](https://github.com/matrix-org/synapse/issues/9067), [\#9081](https://github.com/matrix-org/synapse/issues/9081), [\#9082](https://github.com/matrix-org/synapse/issues/9082), [\#9105](https://github.com/matrix-org/synapse/issues/9105), [\#9107](https://github.com/matrix-org/synapse/issues/9107), [\#9109](https://github.com/matrix-org/synapse/issues/9109), [\#9110](https://github.com/matrix-org/synapse/issues/9110), [\#9127](https://github.com/matrix-org/synapse/issues/9127), [\#9153](https://github.com/matrix-org/synapse/issues/9153), [\#9154](https://github.com/matrix-org/synapse/issues/9154), [\#9177](https://github.com/matrix-org/synapse/issues/9177)) - During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](https://github.com/matrix-org/synapse/issues/9091)) - Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](https://github.com/matrix-org/synapse/issues/9159)) - Improve performance when calculating ignored users in large rooms. ([\#9024](https://github.com/matrix-org/synapse/issues/9024)) - Implement [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176) in an experimental room version. ([\#8984](https://github.com/matrix-org/synapse/issues/8984)) - Add an admin API for protecting local media from quarantine. ([\#9086](https://github.com/matrix-org/synapse/issues/9086)) - Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](https://github.com/matrix-org/synapse/issues/8932)) - Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](https://github.com/matrix-org/synapse/issues/8948)) - Add experimental support for handling to-device messages on worker processes. ([\#9042](https://github.com/matrix-org/synapse/issues/9042), [\#9043](https://github.com/matrix-org/synapse/issues/9043), [\#9044](https://github.com/matrix-org/synapse/issues/9044), [\#9130](https://github.com/matrix-org/synapse/issues/9130)) - Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](https://github.com/matrix-org/synapse/issues/9068)) - Add experimental support for handling `/devices` API on worker processes. ([\#9092](https://github.com/matrix-org/synapse/issues/9092)) - Add experimental support for moving off receipts and account data persistence off master. ([\#9104](https://github.com/matrix-org/synapse/issues/9104), [\#9166](https://github.com/matrix-org/synapse/issues/9166)) Bugfixes -------- - Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](https://github.com/matrix-org/synapse/issues/9023)) - Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](https://github.com/matrix-org/synapse/issues/9028)) - Fix error handling during insertion of client IPs into the database. ([\#9051](https://github.com/matrix-org/synapse/issues/9051)) - Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](https://github.com/matrix-org/synapse/issues/9053)) - Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](https://github.com/matrix-org/synapse/issues/9054)) - Fix incorrect exit code when there is an error at startup. ([\#9059](https://github.com/matrix-org/synapse/issues/9059)) - Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](https://github.com/matrix-org/synapse/issues/9070)) - Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](https://github.com/matrix-org/synapse/issues/9071)) - Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](https://github.com/matrix-org/synapse/issues/9114), [\#9116](https://github.com/matrix-org/synapse/issues/9116)) - Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](https://github.com/matrix-org/synapse/issues/9117)) - Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](https://github.com/matrix-org/synapse/issues/9128)) - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](https://github.com/matrix-org/synapse/issues/9108)) - Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](https://github.com/matrix-org/synapse/issues/9145)) - Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](https://github.com/matrix-org/synapse/issues/9161)) Improved Documentation ---------------------- - Add some extra docs for getting Synapse running on macOS. ([\#8997](https://github.com/matrix-org/synapse/issues/8997)) - Correct a typo in the `systemd-with-workers` documentation. ([\#9035](https://github.com/matrix-org/synapse/issues/9035)) - Correct a typo in `INSTALL.md`. ([\#9040](https://github.com/matrix-org/synapse/issues/9040)) - Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](https://github.com/matrix-org/synapse/issues/9057)) - Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](https://github.com/matrix-org/synapse/issues/9151)) Deprecations and Removals ------------------------- - Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](https://github.com/matrix-org/synapse/issues/9039)) Internal Changes ---------------- - Improve efficiency of large state resolutions. ([\#8868](https://github.com/matrix-org/synapse/issues/8868), [\#9029](https://github.com/matrix-org/synapse/issues/9029), [\#9115](https://github.com/matrix-org/synapse/issues/9115), [\#9118](https://github.com/matrix-org/synapse/issues/9118), [\#9124](https://github.com/matrix-org/synapse/issues/9124)) - Various clean-ups to the structured logging and logging context code. ([\#8939](https://github.com/matrix-org/synapse/issues/8939)) - Ensure rejected events get added to some metadata tables. ([\#9016](https://github.com/matrix-org/synapse/issues/9016)) - Ignore date-rotated homeserver logs saved to disk. ([\#9018](https://github.com/matrix-org/synapse/issues/9018)) - Remove an unused column from `access_tokens` table. ([\#9025](https://github.com/matrix-org/synapse/issues/9025)) - Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](https://github.com/matrix-org/synapse/issues/9030)) - Fix running unit tests when optional dependencies are not installed. ([\#9031](https://github.com/matrix-org/synapse/issues/9031)) - Allow bumping schema version when using split out state database. ([\#9033](https://github.com/matrix-org/synapse/issues/9033)) - Configure the linters to run on a consistent set of files. ([\#9038](https://github.com/matrix-org/synapse/issues/9038)) - Various cleanups to device inbox store. ([\#9041](https://github.com/matrix-org/synapse/issues/9041)) - Drop unused database tables. ([\#9055](https://github.com/matrix-org/synapse/issues/9055)) - Remove unused `SynapseService` class. ([\#9058](https://github.com/matrix-org/synapse/issues/9058)) - Remove unnecessary declarations in the tests for the admin API. ([\#9063](https://github.com/matrix-org/synapse/issues/9063)) - Remove `SynapseRequest.get_user_agent`. ([\#9069](https://github.com/matrix-org/synapse/issues/9069)) - Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](https://github.com/matrix-org/synapse/issues/9080)) - Add type hints to media repository. ([\#9093](https://github.com/matrix-org/synapse/issues/9093)) - Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](https://github.com/matrix-org/synapse/issues/9098)) - Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](https://github.com/matrix-org/synapse/issues/9106)) - Improve `UsernamePickerTestCase`. ([\#9112](https://github.com/matrix-org/synapse/issues/9112)) - Remove dependency on `distutils`. ([\#9125](https://github.com/matrix-org/synapse/issues/9125)) - Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](https://github.com/matrix-org/synapse/issues/9144)) - Fix the Python 3.5 / old dependencies build in CI. ([\#9146](https://github.com/matrix-org/synapse/issues/9146)) - Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](https://github.com/matrix-org/synapse/issues/9157))
| | * Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-0/+4
| | |
| * | docs: Add link to Matrix VoIP tester for turn-howto (#9135)rht2021-01-201-0/+6
| |/ | | | | Signed-off-by: rht <rhtbot@protonmail.com>
| * Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-14/+17
| |
| * Quote pip install with brackets to avoid shell interpretation. (#9151)Patrick Cloke2021-01-182-2/+2
| |
| * link to the scalability blog post from workers.mdMatthew Hodgson2021-01-181-0/+3
| |
| * Land support for multiple OIDC providers (#9110)Richard van der Hoff2021-01-152-230/+245
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the final step for supporting multiple OIDC providers concurrently. First of all, we reorganise the config so that you can specify a list of OIDC providers, instead of a single one. Before: oidc_config: enabled: true issuer: "https://oidc_provider" # etc After: oidc_providers: - idp_id: prov1 issuer: "https://oidc_provider" - idp_id: prov2 issuer: "https://another_oidc_provider" The old format is still grandfathered in. With that done, it's then simply a matter of having OidcHandler instantiate a new OidcProvider for each configured provider.
| * Add an admin API endpoint to protect media. (#9086)Patrick Cloke2021-01-151-0/+24
| | | | | | | | | | | | Protecting media stops it from being quarantined when e.g. all media in a room is quarantined. This is useful for sticker packs and other media that is uploaded by server administrators, but used by many people.
| * Give the user a better error when they present bad SSO credsRichard van der Hoff2021-01-131-0/+8
| | | | | | | | | | | | | | | | | | If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
| * Register the /devices endpoint on workers. (#9092)Patrick Cloke2021-01-131-0/+1
| |
| * Remove user's avatar URL and displayname when deactivated. (#8932)Dirk Klimpel2021-01-121-0/+21
| | | | | | This only applies if the user's data is to be erased.
| * Also support remote users on the joined_rooms admin API. (#8948)David Teller2021-01-111-0/+4
| | | | | | | | For remote users, only the rooms which the server knows about are returned. Local users have all of their joined rooms returned.
| * Use a chain cover index to efficiently calculate auth chain difference (#8868)Erik Johnston2021-01-113-0/+140
| |
* | Add depth and received_ts to forward_extremities admin API responseJason Robinson2021-01-231-1/+7
| | | | | | | | | | | | Also add a warning on the admin API documentation. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Address pr feedbackJason Robinson2021-01-111-9/+3
| | | | | | | | | | | | | | | | | | | | * docs updates * prettify SQL * add missing copyright * cursor_to_dict * update touched files copyright years Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Clarify rooms.mdJason Robinson2021-01-111-1/+1
| | | | | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* | Add changelog and admin API docsJason Robinson2021-01-091-0/+53
|/ | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Keycloak mapping_provider example (#9037) (#9057)Christopher Rücker2021-01-081-0/+4
| | | | | This PR adds the missing user_mapping_provider section in oidc.md Signed-off-by: Christopher Rücker chris-ruecker@protonmail.com
* Fix typo in docs/systemd-with-workers/README.md (#9035)Emelie2021-01-071-1/+1
| | | Signed-off-by: Emelie em@nao.sh
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+25
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Update the value of group_creation_prefix in sample config. (#8992)Jerin J Titus2020-12-291-1/+1
| | | Removes the trailing slash with causes issues with matrix.to/Element.
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-0/+1
| | | Adds the redacts endpoint to workers that have the client listener.
* Refactor the CAS handler in prep for using the abstracted SSO code. (#8958)Patrick Cloke2020-12-181-3/+3
| | | | | | This makes the CAS handler look more like the SAML/OIDC handlers: * Render errors to users instead of throwing JSON errors. * Internal reorganization.
* Send the location of the web client to the IS when inviting via 3PIDs. (#8930)Patrick Cloke2020-12-181-0/+6
| | | | Adds a new setting `email.invite_client_location` which, if defined, is passed to the identity server during invites.
* Allow server admin to get admin bit in rooms where local user is an admin ↵Erik Johnston2020-12-181-1/+19
| | | | | | | (#8756) This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power. Co-authored-by: Matthew Hodgson <matthew@matrix.org>
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-182-12/+21
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-0/+15
|
* Make search statement in List Room and User Admin API case-insensitive (#8931)Dirk Klimpel2020-12-171-3/+6
|
* Fix the sample config location for the ip_range_whitelist setting. (#8954)Patrick Cloke2020-12-161-12/+12
| | | | Move it from the federation section to the server section to match ip_range_blacklist.
* Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-6/+13
| | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner.
* Add number of local devices to Room Details Admin API (#8886)Dirk Klimpel2020-12-111-11/+13
|
* Deprecate Shutdown Room and Purge Room Admin API (#8829)Dirk Klimpel2020-12-103-9/+47
| | | | | Deprecate both APIs in favour of the Delete Room API. Related: #8663 and #8810
* Default to blacklisting reserved IP ranges and add a whitelist. (#8870)Patrick Cloke2020-12-091-21/+45
| | | | This defaults `ip_range_blacklist` to reserved IP ranges and also adds an `ip_range_whitelist` setting to override it.
* Combine related media admin API docs (#8839)Dirk Klimpel2020-12-092-50/+86
| | | | | | Related: #8810 Also a few small improvements. Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Clarify config template comments (#8891)Richard van der Hoff2020-12-081-8/+4
|
* Add authentication to replication endpoints. (#8853)Patrick Cloke2020-12-042-1/+12
| | | | Authentication is done by checking a shared secret provided in the Synapse configuration file.
* Merge tag 'v1.24.0rc2' into developPatrick Cloke2020-12-041-0/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.24.0rc2 (2020-12-04) ============================== Bugfixes -------- - Fix a regression in v1.24.0rc1 which failed to allow SAML mapping providers which were unable to redirect users to an additional page. ([\#8878](https://github.com/matrix-org/synapse/issues/8878)) Internal Changes ---------------- - Add support for the `prometheus_client` newer than 0.9.0. Contributed by Jordan Bancino. ([\#8875](https://github.com/matrix-org/synapse/issues/8875))
| * Fix a regression that mapping providers should be able to redirect users. ↵Patrick Cloke2020-12-041-0/+7
| | | | | | | | | | (#8878) This was broken in #8801.
* | Fix a buglet in the SAML username mapping provider doc (#8873)Richard van der Hoff2020-12-041-1/+3
| | | | | | the constructor is called with a `module_api`.
* | Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-6/+8
|/ | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* Fix typo in password_auth_providers docAndrew Morgan2020-12-011-0/+1
| | | | A word got removed accidentally in 83434df3812650f53c60e91fb23c2079db0fb5b8.
* Add a config option to change whether unread push notification counts are ↵Andrew Morgan2020-11-301-0/+10
| | | | | | | | per-message or per-room (#8820) This PR adds a new config option to the `push` section of the homeserver config, `group_unread_count_by_room`. By default Synapse will group push notifications by room (so if you have 1000 unread messages, if they lie in 55 rooms, you'll see an unread count on your phone of 55). However, it is also useful to be able to send out the true count of unread messages if desired. If `group_unread_count_by_room` is set to `false`, then with the above example, one would see an unread count of 1000 (email anyone?).
* Add `force_purge` option to delete-room admin api. (#8843)Richard van der Hoff2020-11-301-1/+5
|
* Improve documentation how to configure prometheus for workers (#8822)Dirk Klimpel2020-11-261-17/+57
|
* Remove deprecated `/_matrix/client/*/admin` endpoints (#8785)Dirk Klimpel2020-11-251-0/+7
| | | These are now only available via `/_synapse/admin/v1`.
* Fix the formatting of push config section (#8818)Andrew Morgan2020-11-251-14/+19
| | | This PR updates the push config's formatting to better align with our [code style guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format).
* Support trying multiple localparts for OpenID Connect. (#8801)Patrick Cloke2020-11-251-1/+10
| | | | Abstracts the SAML and OpenID Connect code which attempts to regenerate the localpart of a matrix ID if it is already in use.
* Clarify documentation of the admin list media API (#8795)Dirk Klimpel2020-11-241-0/+1
| | | Clarify that the list media API only shows media from unencrypted events.
* Update turn-howto (#8779)Richard van der Hoff2020-11-241-8/+123
| | | Some hopefully-useful notes on setting up a turnserver.
* Improve error checking for OIDC/SAML mapping providers (#8774)Patrick Cloke2020-11-191-1/+8
| | | | | | Checks that the localpart returned by mapping providers for SAML and OIDC are valid before registering new users. Extends the OIDC tests for existing users and invalid data.
* SAML: Allow specifying the IdP entityid to use. (#8630)Ben Banfield-Zanin2020-11-191-0/+8
| | | | If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication.
* SAML: Document allowing a clock/time difference from IdP (#8731)Marcus Schopen2020-11-181-0/+6
| | | | Updates the sample configuration with the pysaml2 configuration for accepting clock skew/drift between the homeserver and IdP.
* a comma too much (#8771)chagai952020-11-171-1/+1
| | | Signed-off-by: Chagai Friedlander chagai95@gmail.com
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-171-0/+35
|
* Clarify the usecase for an msisdn delegate (#8734)Adrian Wannenmacher2020-11-141-2/+3
| | | Signed-off-by: Adrian Wannenmacher <tfld@tfld.dev>
* Migrate documentation `docs/admin_api/event_reports` to markdown (#8742)Dirk Klimpel2020-11-132-165/+172
| | | Related to #8714. `event_reports.rst` was introduced in Synapse 1.21.0.
* SAML: add <mdui:UIInfo> element examples (#8718)Marcus Schopen2020-11-131-0/+22
| | | add some mdui:UIInfo element examples for saml2_config in homeserver.yaml
* Notes on SSO logins and media_repository worker (#8701)Marcus Schopen2020-11-061-0/+5
| | | | | | | If SSO login is used (e.g. SAML) in a multi worker setup, it should be mentioned that currently all SAML logins must run on the same worker, see https://github.com/matrix-org/synapse/issues/7530 Also, if you are using different ports (for example 443 and 8448) in a reverse proxy for client and federation, the path `/_matrix/media` on the client and federation port must point to the listener of the `media_repository` worker, otherwise you'll get a 404 on the federation port for the path `/_matrix/media`, if a remote server is trying to get the media object on federation port, see https://github.com/matrix-org/synapse/issues/8695
* Add an admin API for users' media statistics (#8700)Dirk Klimpel2020-11-051-0/+83
| | | | | | | | Add `GET /_synapse/admin/v1/statistics/users/media` to get statisics about local media usage by users. Related to #6094 It is the first API for statistics. Goal is to avoid/reduce usage of sql queries like [Wiki analyzing Synapse](https://github.com/matrix-org/synapse/wiki/SQL-for-analyzing-Synapse-PostgreSQL-database-stats) Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add `displayname` to Shared-Secret Registration for admins (#8722)Dirk Klimpel2020-11-051-1/+3
| | | Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
* Remove the "draft" status of the Room Details Admin API (#8702)Dirk Klimpel2020-11-031-3/+1
| | | Fixes #8550
* Document how to set up multiple event persisters (#8706)Erik Johnston2020-11-031-0/+12
|
* grammarMatthew Hodgson2020-11-021-1/+1
|
* typoMatthew Hodgson2020-11-021-1/+1
|
* Fix typos in systemd-with-workers docAndrew Morgan2020-11-021-2/+2
|
* Fix typo in workers docAndrew Morgan2020-11-021-1/+1
|
* Improve the sample config for SSO (OIDC, SAML, and CAS). (#8635)Patrick Cloke2020-10-301-50/+76
|
* Support generating structured logs in addition to standard logs. (#8607)Patrick Cloke2020-10-292-43/+125
| | | | | | | This modifies the configuration of structured logging to be usable from the standard Python logging configuration. This also separates the formatting of logs from the transport allowing JSON logs to files or standard logs to sockets.
* Add an admin APIs to allow server admins to list users' pushers (#8610)Dirk Klimpel2020-10-281-0/+79
| | | Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
* Cross-link documentation to the prometheus recording rules. (#8667)Michael Kaye2020-10-271-0/+2
|
* Add admin API to list users' local media (#8647)Dirk Klimpel2020-10-271-0/+83
| | | Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
* Split admin API for reported events into a detail and a list view (#8539)Dirk Klimpel2020-10-261-54/+90
| | | | | | | | | | | | Split admin API for reported events in detail und list view. API was introduced with #8217 in synapse v.1.21.0. It makes the list (`GET /_synapse/admin/v1/event_reports`) less complex and provides a better overview. The details can be queried with: `GET /_synapse/admin/v1/event_reports/<report_id>`. It is similar to room and users API. It is a kind of regression in `GET /_synapse/admin/v1/event_reports`. `event_json` was removed. But the api was introduced one version before and it is an admin API (not under spec). Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Added basic instructions for Azure AD to OpenId documentation (#8582)Peter Krantz2020-10-261-0/+26
| | | Signed-off-by: Peter Krantz peter.krantz@gmail.com
* Add an admin api to delete local media. (#8519)Dirk Klimpel2020-10-261-0/+79
| | | | | | Related to: #6459, #3479 Add `DELETE /_synapse/admin/v1/media/<server_name>/<media_id>` to delete a single file from server.
* Fix filepath of Dex example config (#8657)Andrew Morgan2020-10-261-3/+2
|
* Correct the package name in OpenID Connect install instructions (#8634)Andrew Morgan2020-10-261-1/+1
|\ | | | | The OpenID Connect install instructions suggested installing `synapse[oidc]`, but our PyPI package is called `matrix-synapse`.
| * Correct the package name in authlib install instructionsAndrew Morgan2020-10-221-1/+1
| |
* | Add field `total` to device list in admin API (#8644)Dirk Klimpel2020-10-261-1/+4
| |
* | Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-232-4/+4
|/
* Add note to manhole.md about bind_address when using with docker (#8526)Christopher May-Townsend2020-10-141-7/+39
| | | | Signed-off-by: Christopher May-Townsend <chris@maytownsend.co.uk>
* Update documentation on retention policies limits (#8529)Brendan Abolivier2020-10-141-12/+22
| | | | | * Update documentation on retention policies limits Document the changes from https://github.com/matrix-org/synapse/pull/8104
* Make event persisters periodically announce position over replication. (#8499)Erik Johnston2020-10-121-4/+9
| | | | | Currently background proccesses stream the events stream use the "minimum persisted position" (i.e. `get_current_token()`) rather than the vector clock style tokens. This is broadly fine as it doesn't matter if the background processes lag a small amount. However, in extreme cases (i.e. SyTests) where we only write to one event persister the background processes will never make progress. This PR changes it so that the `MultiWriterIDGenerator` keeps the current position of a given instance as up to date as possible (i.e using the latest token it sees if its not in the process of persisting anything), and then periodically announces that over replication. This then allows the "minimum persisted position" to advance, albeit with a small lag.
* Increase default max_upload_size from 10M to 50M (#8502)Mateusz Przybyłowicz2020-10-092-2/+2
| | | Signed-off-by: Mateusz Przybyłowicz <uamfhq@gmail.com>
* Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464)Richard van der Hoff2020-10-071-6/+3
| | | | | Lots of different module apis is not easy to maintain. Rather than adding yet another ModuleApi(hs, hs.get_auth_handler()) incantation, first add an hs.get_module_api() method and use it where possible.
* Remove docs/sphinx and related references (#8480)Andrew Morgan2020-10-0758-820/+0
| | | https://github.com/matrix-org/synapse/tree/develop/docs/sphinx doesn't seem to really be utilised or changed recently since the initial commit. I like the idea of exportable documentation of the codebase, but at the moment after running through the build instructions the generated website wasn't very useful...
* Update default room version to 6 (#8461)Richard van der Hoff2020-10-051-1/+1
| | | | Per https://github.com/matrix-org/matrix-doc/pull/2788
* Update manhole documentation for async/await. (#8462)Patrick Cloke2020-10-051-2/+5
|
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-022-0/+22
|
* Add config option for always using "userinfo endpoint" for OIDC (#7658)BBBSnowball2020-10-012-9/+40
| | | This allows for connecting to certain IdPs, e.g. GitLab.
* Add prometheus metrics to track federation delays (#8430)Richard van der Hoff2020-10-011-0/+12
| | | | | Add a pair of federation metrics to track the delays in sending PDUs to/from particular servers.
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-303-1/+37
|
* Update description of server_name config option (#8415)Aaron Raimist2020-09-291-4/+17
|
* Add checks for postgres sequence consistency (#8402)Erik Johnston2020-09-281-0/+11
|
* Allow existing users to login via OpenID Connect. (#8345)Tdxdxoz2020-09-251-0/+5
| | | | | | | Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com> This adds configuration flags that will match a user to pre-existing users when logging in via OpenID Connect. This is useful when switching to an existing SSO system.
* Add note to reverse_proxy.md about disabling Apache's mod_security2 (#8375)Julian Fietkau2020-09-231-0/+8
| | | This change adds a note and a few lines of configuration settings for Apache users to disable ModSecurity for Synapse's virtual hosts. With ModSecurity enabled and running with its default settings, Matrix clients are unable to send chat messages through the Synapse installation. With this change, ModSecurity can be disabled only for the Synapse virtual hosts.
* Admin API for reported events (#8217)Dirk Klimpel2020-09-221-0/+129
| | | Add an admin API to read entries of table `event_reports`. API: `GET /_synapse/admin/v1/event_reports`
* Admin API for querying rooms where a user is a member (#8306)Dirk Klimpel2020-09-181-0/+37
| | | | Add a new admin API `GET /_synapse/admin/v1/users/<user_id>/joined_rooms` to list all rooms where a user is a member.
* Add the topic and avatar to the room details admin API (#8305)Tulir Asokan2020-09-141-0/+4
|
* Improve SAML error messages (#8248)Patrick Cloke2020-09-141-26/+4
|
* Merge tag 'v1.20.0rc3' into developPatrick Cloke2020-09-111-1/+0
|\ | | | | | | | | | | | | | | | | | | Synapse 1.20.0rc3 (2020-09-11) ============================== Bugfixes -------- - Fix a bug introduced in v1.20.0rc1 where the wrong exception was raised when invalid JSON data is encountered. ([\#8291](https://github.com/matrix-org/synapse/issues/8291))
| * Remove shared rooms info from upgrade/workers doc as it's still experimental ↵Andrew Morgan2020-09-101-1/+0
| | | | | | | | (#8290)
* | Add /_synapse/client to the reverse proxy docs (#8227)Andrew Morgan2020-09-102-2/+22
| | | | | | This PR adds a information about forwarding `/_synapse/client` endpoints through your reverse proxy. The first of these endpoints are introduced in https://github.com/matrix-org/synapse/pull/8004.
* | Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-101-3/+7
| | | | | | | | | | This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
* | Add a config option for validating 'next_link' parameters against a domain ↵Andrew Morgan2020-09-081-0/+18
|/ | | | | | | | | | | whitelist (#8275) This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
* Systemd docs: configure workers to start after main process. (#8276)Richard van der Hoff2020-09-081-0/+5
|
* Add /user/{user_id}/shared_rooms/ api (#7785)Will Hunt2020-09-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add shared_rooms api * Add changelog * Add . * Wrap response in {"rooms": } * linting * Add unstable_features key * Remove options from isort that aren't part of 5.x `-y` and `-rc` are now default behaviour and no longer exist. `dont-skip` is no longer required https://timothycrosley.github.io/isort/CHANGELOG/#500-penny-july-4-2020 * Update imports to make isort happy * Add changelog * Update tox.ini file with correct invocation * fix linting again for isort * Vendor prefix unstable API * Fix to match spec * import Codes * import Codes * Use FORBIDDEN * Update changelog.d/7785.feature Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Implement get_shared_rooms_for_users * a comma * trailing whitespace * Handle the easy feedback * Switch to using runInteraction * Add tests * Feedback * Seperate unstable endpoint from v2 * Add upgrade node * a line * Fix style by adding a blank line at EOF. * Update synapse/storage/databases/main/user_directory.py Co-authored-by: Tulir Asokan <tulir@maunium.net> * Update synapse/storage/databases/main/user_directory.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Update UPGRADE.rst Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Fix UPGRADE/CHANGELOG unstable paths unstable unstable unstable Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Tulir Asokan <tulir@maunium.net> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Tulir Asokan <tulir@maunium.net>
* Explain better what GDPR-erased means (#8189)Brendan Abolivier2020-09-011-3/+5
| | | Fixes https://github.com/matrix-org/synapse/issues/8185
* Wording fixes to 'name' user admin api filter (#8163)Andrew Morgan2020-08-251-3/+4
| | | Some fixes to wording I noticed after merging #7377.
* Fix missing double-backtick in RST documentAndrew Morgan2020-08-251-1/+1
|
* Search in columns 'name' and 'displayname' in the admin users endpoint (#7377)Manuel Stahl2020-08-251-2/+4
| | | | | * Search in columns 'name' and 'displayname' in the admin users endpoint Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
* Allow capping a room's retention policy (#8104)Brendan Abolivier2020-08-241-8/+14
|
* Updated docs: Added note about missing 308 redirect support. (#8120)Ryan Cole2020-08-191-0/+12
| | | | | * Updated docs: Added note about missing 308 redirect support. * Added changelog
* Add a link to the matrix-synapse-rest-password-provider. (#8111)Patrick Cloke2020-08-181-0/+1
|
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-171-3/+1
| | | Fixes https://github.com/matrix-org/synapse/issues/6583
* Move setting of Filter into code.Erik Johnston2020-08-111-7/+0
| | | | | | | | | | | | | | We do this to prevent foot guns. The default config uses a MemoryFilter, but users are free to change to logging to files directly. If they do then they have to ensure to set the `filters: [context]` on the right handler, otherwise records get written with the wrong context. Instead we move the logic to happen when we generate a record, which is when we *log* rather than *handle*. (It's possible to add filters to loggers in the config, however they don't apply to descendant loggers and so they have to be manually set on *every* logger used in the code base)
* Change the default log config to reduce disk I/O and storage (#8040)Erik Johnston2020-08-111-5/+36
| | | | | | | | | | | | | | | | | | | | * Change default log config to buffer by default. This batches up writes to the filesystem, which is more efficient for disk I/O. This means that it can take some time for logs to get written to disk. Note that ERROR logs (and above) immediately flush the buffer. This only effects new installs, as we only write the log config if started with `--generate-config` (in the same way we do for generating signing keys). * Default to keeping last 4 days of logs. This hopefully reduces the amount of logs kept for new servers. Keeping the last 1GB of logs is likely overkill for new servers, but equally may not be enough for busy ones. Instead, we keep the last four days worth of logs, enough so that admins can investigate any problems that happened over e.g. a long weekend.
* Implement login blocking based on SAML attributes (#8052)Richard van der Hoff2020-08-111-0/+11
| | | | | | | Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the error handling. Fixes #8047
* Clarify that undoing a shutdown might not be possible (#8010)Travis Ralston2020-08-071-3/+10
|
* Add health check endpoint (#8048)Erik Johnston2020-08-071-0/+7
|
* Fixup worker doc (again) (#8000)Erik Johnston2020-08-062-14/+42
|
* Rename database classes to make some sense (#8033)Erik Johnston2020-08-051-1/+1
|
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2020-07-317-50/+95
|\ | | | | | | erikj/add_rate_limiting_to_joins
| * Add docs for undoing room shutdowns (#7998)Travis Ralston2020-07-311-1/+21
| | | | | | These docs were tested successfully in production by a customer, so it's probably fine.
| * Update workers docs (#7990)Stuart Mumford2020-07-301-25/+34
| |
| * Fix typo in docs/workers.md (#7992)Erik Johnston2020-07-301-1/+1
| |
| * Merge branch 'master' into developOlivier Wilkinson (reivilibre)2020-07-303-213/+332
| |\
| * | Various improvements to the docs (#7899)Aaron Raimist2020-07-293-18/+25
| | |
| * | Add an option to disable purge in delete room admin API (#7964)Dirk Klimpel2020-07-281-4/+9
| | | | | | | | | | | | | | | | | | Add option ```purge``` to ```POST /_synapse/admin/v1/rooms/<room_id>/delete``` Fixes: #3761 Signed-off-by: Dirk Klimpel dirk@klimpel.org
| * | Option to allow server admins to join complex rooms (#7902)lugino-emeritus2020-07-281-0/+4
| | | | | | | | | | | | | | | Fixes #7901. Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
| * | Fix typo in metrics docs (#7966)Erik Johnston2020-07-281-1/+1
| | |
* | | Add ratelimiting on joinsErik Johnston2020-07-311-0/+12
| |/ |/|
* | Update worker docs with recent enhancements (#7969)Erik Johnston2020-07-293-213/+332
|/
* Update the auth providers to be async. (#7935)Patrick Cloke2020-07-231-93/+94
|
* Update the dates for ACME v1 EOLBrendan Abolivier2020-07-221-2/+3
| | | | As per https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
* Fix a typo in the sample config. (#7890)Adrian2020-07-201-1/+1
|
* Change sample config's postgres user to synapse_user (#7889)Andrew Morgan2020-07-201-1/+1
| | | | | | | The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`. However, uncommenting the postgres defaults in the sample config leave you with user `synapse`. This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.
* Add a default limit (of 100) to get/sync operations. (#7858)Patrick Cloke2020-07-171-1/+3
|
* Add admin endpoint to get members in a room. (#7842)Michael Albert2020-07-161-1/+33
|
* Combine nginx federation server blocks (#7823)Luke Faraone2020-07-161-11/+5
| | | | | | I'm pretty sure there's no technical reason these have to be distinct server blocks, so collapse into one and go with the more terse location block. Signed-off-by: Luke W Faraone <luke@faraone.cc>
* Allow accounts to be re-activated from the admin APIs. (#7847)Patrick Cloke2020-07-151-1/+5
|
* Return the proper 403 Forbidden error during errors with JWT logins. (#7844)Patrick Cloke2020-07-151-4/+1
|
* Allow email subjects to be customised through Synapse's configuration (#7846)Brendan Abolivier2020-07-141-2/+69
|
* Add delete room admin endpoint (#7613)Dirk Klimpel2020-07-143-0/+98
| | | | | | | | | | | | | | | | | | The Delete Room admin API allows server admins to remove rooms from server and block these rooms. `DELETE /_synapse/admin/v1/rooms/<room_id>` It is a combination and improvement of "[Shutdown room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/shutdown_room.md)" and "[Purge room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/purge_room.md)" API. Fixes: #6425 It also fixes a bug in [synapse/storage/data_stores/main/room.py](synapse/storage/data_stores/main/room.py) in ` get_room_with_stats`. It should return `None` if the room is unknown. But it returns an `IndexError`. https://github.com/matrix-org/synapse/blob/901b1fa561e3cc661d78aa96d59802cf2078cb0d/synapse/storage/data_stores/main/room.py#L99-L105 Related to: - #5575 - https://github.com/Awesome-Technologies/synapse-admin/issues/17 Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)Patrick Cloke2020-07-142-3/+34
|
* Add ability to shard the federation sender (#7798)Erik Johnston2020-07-101-32/+33
|
* Change Caddy links (old is deprecated) (#7789)Nicolai Søborg2020-07-081-1/+1
| | | | | | | * Change Caddy links Current links points to Caddy v1 which is deprecated. Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
* Add documentation for JWT login type and improve sample config. (#7776)Patrick Cloke2020-07-062-4/+121
|
* Additional configuration options for auto-join rooms (#7763)Patrick Cloke2020-06-301-2/+58
|
* Support running multiple media repos. (#7706)Erik Johnston2020-06-171-1/+6
| | | | | This requires a new config option to specify which media repo should be responsible for running background jobs to e.g. clear out expired URL preview caches.
* fix broken link in sample config (#7712)Richard van der Hoff2020-06-161-1/+1
|
* Add instructions for authing with Keycloak via OpenID (#7659)hungrymonkey2020-06-161-0/+44
|
* Increase the default SAML session expirary time to 15 minutes. (#7664)Patrick Cloke2020-06-111-1/+1
|
* fix typo in sample_config.yaml (#7652)wondratsch2020-06-111-1/+1
| | | | | Just a simple typo fix. Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
* Add option to enable encryption by default for new rooms (#7639)Andrew Morgan2020-06-101-0/+20
| | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/2431 Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used. Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637 Based on #7637
* Add an option to disable autojoin for guest accounts (#6637)Travis Ralston2020-06-051-0/+7
| | | | Fixes https://github.com/matrix-org/synapse/issues/3177
* Clarifications to the admin api documentation (#7647)Richard van der Hoff2020-06-057-89/+125
| | | | | | * Clarify how to authenticate * path params are not the same thing as query params * Fix documentation for `/_synapse/admin/v2/users/<user_id>`
* Add device management to admin API (#7481)Dirk Klimpel2020-06-051-0/+209
| | | | | | | | | | - Admin is able to - change displaynames - delete devices - list devices - get device informations Fixes #7330
* Cleanups to the OpenID Connect integration (#7628)Richard van der Hoff2020-06-033-241/+302
| | | | docs, default configs, comments. Nothing very significant.
* Clean up exception handling in SAML2ResponseResource (#7614)Richard van der Hoff2020-06-031-1/+7
| | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions.
* allow emails to be passed through SAML (#7385)Christopher Cooper2020-05-271-0/+2
| | | Signed-off-by: Christopher Cooper <cooperc@ocf.berkeley.edu>
* Fix sample config docs error (#7581)Jason Robinson2020-05-271-1/+1
| | | | | | 'client_auth_method' commented out value was erronously 'client_auth_basic', when code and docstring says it should be 'client_secret_basic'. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Fix up commentsErik Johnston2020-05-271-1/+1
|
* Fix specifying cache factors via env vars with * in name. (#7580)Erik Johnston2020-05-271-0/+6
| | | | | This mostly applise to `*stateGroupCache*` and co. Broke in #6391.
* Fix some DETECTED VIOLATIONS in the config file (#7550)Richard van der Hoff2020-05-221-26/+35
| | | consistency ftw