summary refs log tree commit diff
path: root/docs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'v1.4.0'Andrew Morgan2019-10-0340-2231/+2519
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.4.0 (2019-10-03) ========================== Bugfixes -------- - Redact `client_secret` in server logs. ([\#6158](https://github.com/matrix-org/synapse/issues/6158)) Synapse 1.4.0rc2 (2019-10-02) ============================= Bugfixes -------- - Fix bug in background update that adds last seen information to the `devices` table, and improve its performance on Postgres. ([\#6135](https://github.com/matrix-org/synapse/issues/6135)) - Fix bad performance of censoring redactions background task. ([\#6141](https://github.com/matrix-org/synapse/issues/6141)) - Fix fetching censored redactions from DB, which caused APIs like initial sync to fail if it tried to include the censored redaction. ([\#6145](https://github.com/matrix-org/synapse/issues/6145)) - Fix exceptions when storing large retry intervals for down remote servers. ([\#6146](https://github.com/matrix-org/synapse/issues/6146)) Internal Changes ---------------- - Fix up sample config entry for `redaction_retention_period` option. ([\#6117](https://github.com/matrix-org/synapse/issues/6117)) Synapse 1.4.0rc1 (2019-09-26) ============================= Note that this release includes significant changes around 3pid verification. Administrators are reminded to review the [upgrade notes](UPGRADE.rst#upgrading-to-v140). Features -------- - Changes to 3pid verification: - Add the ability to send registration emails from the homeserver rather than delegating to an identity server. ([\#5835](https://github.com/matrix-org/synapse/issues/5835), [\#5940](https://github.com/matrix-org/synapse/issues/5940), [\#5993](https://github.com/matrix-org/synapse/issues/5993), [\#5994](https://github.com/matrix-org/synapse/issues/5994), [\#5868](https://github.com/matrix-org/synapse/issues/5868)) - Replace `trust_identity_server_for_password_resets` config option with `account_threepid_delegates`, and make the `id_server` parameteter optional on `*/requestToken` endpoints, as per [MSC2263](https://github.com/matrix-org/matrix-doc/pull/2263). ([\#5876](https://github.com/matrix-org/synapse/issues/5876), [\#5969](https://github.com/matrix-org/synapse/issues/5969), [\#6028](https://github.com/matrix-org/synapse/issues/6028)) - Switch to using the v2 Identity Service `/lookup` API where available, with fallback to v1. (Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus `id_access_token authentication` for v2 Identity Service APIs from [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140)). ([\#5897](https://github.com/matrix-org/synapse/issues/5897)) - Remove `bind_email` and `bind_msisdn` parameters from `/register` ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). ([\#5964](https://github.com/matrix-org/synapse/issues/5964)) - Add `m.id_access_token` to `unstable_features` in `/versions` as per [MSC2264](https://github.com/matrix-org/matrix-doc/pull/2264). ([\#5974](https://github.com/matrix-org/synapse/issues/5974)) - Use the v2 Identity Service API for 3PID invites. ([\#5979](https://github.com/matrix-org/synapse/issues/5979)) - Add `POST /_matrix/client/unstable/account/3pid/unbind` endpoint from [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140) for unbinding a 3PID from an identity server without removing it from the homeserver user account. ([\#5980](https://github.com/matrix-org/synapse/issues/5980), [\#6062](https://github.com/matrix-org/synapse/issues/6062)) - Use `account_threepid_delegate.email` and `account_threepid_delegate.msisdn` for validating threepid sessions. ([\#6011](https://github.com/matrix-org/synapse/issues/6011)) - Allow homeserver to handle or delegate email validation when adding an email to a user's account. ([\#6042](https://github.com/matrix-org/synapse/issues/6042)) - Implement new Client Server API endpoints `/account/3pid/add` and `/account/3pid/bind` as per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290). ([\#6043](https://github.com/matrix-org/synapse/issues/6043)) - Add an unstable feature flag for separate add/bind 3pid APIs. ([\#6044](https://github.com/matrix-org/synapse/issues/6044)) - Remove `bind` parameter from Client Server POST `/account` endpoint as per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290/). ([\#6067](https://github.com/matrix-org/synapse/issues/6067)) - Add `POST /add_threepid/msisdn/submit_token` endpoint for proxying submitToken on an `account_threepid_handler`. ([\#6078](https://github.com/matrix-org/synapse/issues/6078)) - Add `submit_url` response parameter to `*/msisdn/requestToken` endpoints. ([\#6079](https://github.com/matrix-org/synapse/issues/6079)) - Add `m.require_identity_server` flag to /version's unstable_features. ([\#5972](https://github.com/matrix-org/synapse/issues/5972)) - Enhancements to OpenTracing support: - Make OpenTracing work in worker mode. ([\#5771](https://github.com/matrix-org/synapse/issues/5771)) - Pass OpenTracing contexts between servers when transmitting EDUs. ([\#5852](https://github.com/matrix-org/synapse/issues/5852)) - OpenTracing for device list updates. ([\#5853](https://github.com/matrix-org/synapse/issues/5853)) - Add a tag recording a request's authenticated entity and corresponding servlet in OpenTracing. ([\#5856](https://github.com/matrix-org/synapse/issues/5856)) - Add minimum OpenTracing for client servlets. ([\#5983](https://github.com/matrix-org/synapse/issues/5983)) - Check at setup that OpenTracing is installed if it's enabled in the config. ([\#5985](https://github.com/matrix-org/synapse/issues/5985)) - Trace replication send times. ([\#5986](https://github.com/matrix-org/synapse/issues/5986)) - Include missing OpenTracing contexts in outbout replication requests. ([\#5982](https://github.com/matrix-org/synapse/issues/5982)) - Fix sending of EDUs when OpenTracing is enabled with an empty whitelist. ([\#5984](https://github.com/matrix-org/synapse/issues/5984)) - Fix invalid references to None while OpenTracing if the log context slips. ([\#5988](https://github.com/matrix-org/synapse/issues/5988), [\#5991](https://github.com/matrix-org/synapse/issues/5991)) - OpenTracing for room and e2e keys. ([\#5855](https://github.com/matrix-org/synapse/issues/5855)) - Add OpenTracing span over HTTP push processing. ([\#6003](https://github.com/matrix-org/synapse/issues/6003)) - Add an admin API to purge old rooms from the database. ([\#5845](https://github.com/matrix-org/synapse/issues/5845)) - Retry well-known lookups if we have recently seen a valid well-known record for the server. ([\#5850](https://github.com/matrix-org/synapse/issues/5850)) - Add support for filtered room-directory search requests over federation ([MSC2197](https://github.com/matrix-org/matrix-doc/pull/2197), in order to allow upcoming room directory query performance improvements. ([\#5859](https://github.com/matrix-org/synapse/issues/5859)) - Correctly retry all hosts returned from SRV when we fail to connect. ([\#5864](https://github.com/matrix-org/synapse/issues/5864)) - Add admin API endpoint for setting whether or not a user is a server administrator. ([\#5878](https://github.com/matrix-org/synapse/issues/5878)) - Enable cleaning up extremities with dummy events by default to prevent undue build up of forward extremities. ([\#5884](https://github.com/matrix-org/synapse/issues/5884)) - Add config option to sign remote key query responses with a separate key. ([\#5895](https://github.com/matrix-org/synapse/issues/5895)) - Add support for config templating. ([\#5900](https://github.com/matrix-org/synapse/issues/5900)) - Users with the type of "support" or "bot" are no longer required to consent. ([\#5902](https://github.com/matrix-org/synapse/issues/5902)) - Let synctl accept a directory of config files. ([\#5904](https://github.com/matrix-org/synapse/issues/5904)) - Increase max display name size to 256. ([\#5906](https://github.com/matrix-org/synapse/issues/5906)) - Add admin API endpoint for getting whether or not a user is a server administrator. ([\#5914](https://github.com/matrix-org/synapse/issues/5914)) - Redact events in the database that have been redacted for a week. ([\#5934](https://github.com/matrix-org/synapse/issues/5934)) - New prometheus metrics: - `synapse_federation_known_servers`: represents the total number of servers your server knows about (i.e. is in rooms with), including itself. Enable by setting `metrics_flags.known_servers` to True in the configuration.([\#5981](https://github.com/matrix-org/synapse/issues/5981)) - `synapse_build_info`: exposes the Python version, OS version, and Synapse version of the running server. ([\#6005](https://github.com/matrix-org/synapse/issues/6005)) - Give appropriate exit codes when synctl fails. ([\#5992](https://github.com/matrix-org/synapse/issues/5992)) - Apply the federation blacklist to requests to identity servers. ([\#6000](https://github.com/matrix-org/synapse/issues/6000)) - Add `report_stats_endpoint` option to configure where stats are reported to, if enabled. Contributed by @Sorunome. ([\#6012](https://github.com/matrix-org/synapse/issues/6012)) - Add config option to increase ratelimits for room admins redacting messages. ([\#6015](https://github.com/matrix-org/synapse/issues/6015)) - Stop sending federation transactions to servers which have been down for a long time. ([\#6026](https://github.com/matrix-org/synapse/issues/6026)) - Make the process for mapping SAML2 users to matrix IDs more flexible. ([\#6037](https://github.com/matrix-org/synapse/issues/6037)) - Return a clearer error message when a timeout occurs when attempting to contact an identity server. ([\#6073](https://github.com/matrix-org/synapse/issues/6073)) - Prevent password reset's submit_token endpoint from accepting trailing slashes. ([\#6074](https://github.com/matrix-org/synapse/issues/6074)) - Return 403 on `/register/available` if registration has been disabled. ([\#6082](https://github.com/matrix-org/synapse/issues/6082)) - Explicitly log when a homeserver does not have the `trusted_key_servers` config field configured. ([\#6090](https://github.com/matrix-org/synapse/issues/6090)) - Add support for pruning old rows in `user_ips` table. ([\#6098](https://github.com/matrix-org/synapse/issues/6098)) Bugfixes -------- - Don't create broken room when `power_level_content_override.users` does not contain `creator_id`. ([\#5633](https://github.com/matrix-org/synapse/issues/5633)) - Fix database index so that different backup versions can have the same sessions. ([\#5857](https://github.com/matrix-org/synapse/issues/5857)) - Fix Synapse looking for config options `password_reset_failure_template` and `password_reset_success_template`, when they are actually `password_reset_template_failure_html`, `password_reset_template_success_html`. ([\#5863](https://github.com/matrix-org/synapse/issues/5863)) - Fix stack overflow when recovering an appservice which had an outage. ([\#5885](https://github.com/matrix-org/synapse/issues/5885)) - Fix error message which referred to `public_base_url` instead of `public_baseurl`. Thanks to @aaronraimist for the fix! ([\#5909](https://github.com/matrix-org/synapse/issues/5909)) - Fix 404 for thumbnail download when `dynamic_thumbnails` is `false` and the thumbnail was dynamically generated. Fix reported by rkfg. ([\#5915](https://github.com/matrix-org/synapse/issues/5915)) - Fix a cache-invalidation bug for worker-based deployments. ([\#5920](https://github.com/matrix-org/synapse/issues/5920)) - Fix admin API for listing media in a room not being available with an external media repo. ([\#5966](https://github.com/matrix-org/synapse/issues/5966)) - Fix list media admin API always returning an error. ([\#5967](https://github.com/matrix-org/synapse/issues/5967)) - Fix room and user stats tracking. ([\#5971](https://github.com/matrix-org/synapse/issues/5971), [\#5998](https://github.com/matrix-org/synapse/issues/5998), [\#6029](https://github.com/matrix-org/synapse/issues/6029)) - Return a `M_MISSING_PARAM` if `sid` is not provided to `/account/3pid`. ([\#5995](https://github.com/matrix-org/synapse/issues/5995)) - `federation_certificate_verification_whitelist` now will not cause `TypeErrors` to be raised (a regression in 1.3). Additionally, it now supports internationalised domain names in their non-canonical representation. ([\#5996](https://github.com/matrix-org/synapse/issues/5996)) - Only count real users when checking for auto-creation of auto-join room. ([\#6004](https://github.com/matrix-org/synapse/issues/6004)) - Ensure support users can be registered even if MAU limit is reached. ([\#6020](https://github.com/matrix-org/synapse/issues/6020)) - Fix bug where login error was shown incorrectly on SSO fallback login. ([\#6024](https://github.com/matrix-org/synapse/issues/6024)) - Fix bug in calculating the federation retry backoff period. ([\#6025](https://github.com/matrix-org/synapse/issues/6025)) - Prevent exceptions being logged when extremity-cleanup events fail due to lack of user consent to the terms of service. ([\#6053](https://github.com/matrix-org/synapse/issues/6053)) - Remove POST method from password-reset `submit_token` endpoint until we implement `submit_url` functionality. ([\#6056](https://github.com/matrix-org/synapse/issues/6056)) - Fix logcontext spam on non-Linux platforms. ([\#6059](https://github.com/matrix-org/synapse/issues/6059)) - Ensure query parameters in email validation links are URL-encoded. ([\#6063](https://github.com/matrix-org/synapse/issues/6063)) - Fix a bug which caused SAML attribute maps to be overridden by defaults. ([\#6069](https://github.com/matrix-org/synapse/issues/6069)) - Fix the logged number of updated items for the `users_set_deactivated_flag` background update. ([\#6092](https://github.com/matrix-org/synapse/issues/6092)) - Add `sid` to `next_link` for email validation. ([\#6097](https://github.com/matrix-org/synapse/issues/6097)) - Threepid validity checks on msisdns should not be dependent on `threepid_behaviour_email`. ([\#6104](https://github.com/matrix-org/synapse/issues/6104)) - Ensure that servers which are not configured to support email address verification do not offer it in the registration flows. ([\#6107](https://github.com/matrix-org/synapse/issues/6107)) Updates to the Docker image --------------------------- - Avoid changing `UID/GID` if they are already correct. ([\#5970](https://github.com/matrix-org/synapse/issues/5970)) - Provide `SYNAPSE_WORKER` envvar to specify python module. ([\#6058](https://github.com/matrix-org/synapse/issues/6058)) Improved Documentation ---------------------- - Convert documentation to markdown (from rst) ([\#5849](https://github.com/matrix-org/synapse/issues/5849)) - Update `INSTALL.md` to say that Python 2 is no longer supported. ([\#5953](https://github.com/matrix-org/synapse/issues/5953)) - Add developer documentation for using SAML2. ([\#6032](https://github.com/matrix-org/synapse/issues/6032)) - Add some notes on rolling back to v1.3.1. ([\#6049](https://github.com/matrix-org/synapse/issues/6049)) - Update the upgrade notes. ([\#6050](https://github.com/matrix-org/synapse/issues/6050)) Deprecations and Removals ------------------------- - Remove shared-secret registration from `/_matrix/client/r0/register` endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5877](https://github.com/matrix-org/synapse/issues/5877)) - Deprecate the `trusted_third_party_id_servers` option. ([\#5875](https://github.com/matrix-org/synapse/issues/5875)) Internal Changes ---------------- - Lay the groundwork for structured logging output. ([\#5680](https://github.com/matrix-org/synapse/issues/5680)) - Retry well-known lookup before the cache expires, giving a grace period where the remote well-known can be down but we still use the old result. ([\#5844](https://github.com/matrix-org/synapse/issues/5844)) - Remove log line for debugging issue #5407. ([\#5860](https://github.com/matrix-org/synapse/issues/5860)) - Refactor the Appservice scheduler code. ([\#5886](https://github.com/matrix-org/synapse/issues/5886)) - Compatibility with v2 Identity Service APIs other than /lookup. ([\#5892](https://github.com/matrix-org/synapse/issues/5892), [\#6013](https://github.com/matrix-org/synapse/issues/6013)) - Stop populating some unused tables. ([\#5893](https://github.com/matrix-org/synapse/issues/5893), [\#6047](https://github.com/matrix-org/synapse/issues/6047)) - Add missing index on `users_in_public_rooms` to improve the performance of directory queries. ([\#5894](https://github.com/matrix-org/synapse/issues/5894)) - Improve the logging when we have an error when fetching signing keys. ([\#5896](https://github.com/matrix-org/synapse/issues/5896)) - Add support for database engine-specific schema deltas, based on file extension. ([\#5911](https://github.com/matrix-org/synapse/issues/5911)) - Update Buildkite pipeline to use plugins instead of buildkite-agent commands. ([\#5922](https://github.com/matrix-org/synapse/issues/5922)) - Add link in sample config to the logging config schema. ([\#5926](https://github.com/matrix-org/synapse/issues/5926)) - Remove unnecessary parentheses in return statements. ([\#5931](https://github.com/matrix-org/synapse/issues/5931)) - Remove unused `jenkins/prepare_sytest.sh` file. ([\#5938](https://github.com/matrix-org/synapse/issues/5938)) - Move Buildkite pipeline config to the pipelines repo. ([\#5943](https://github.com/matrix-org/synapse/issues/5943)) - Remove unnecessary return statements in the codebase which were the result of a regex run. ([\#5962](https://github.com/matrix-org/synapse/issues/5962)) - Remove left-over methods from v1 registration API. ([\#5963](https://github.com/matrix-org/synapse/issues/5963)) - Cleanup event auth type initialisation. ([\#5975](https://github.com/matrix-org/synapse/issues/5975)) - Clean up dependency checking at setup. ([\#5989](https://github.com/matrix-org/synapse/issues/5989)) - Update OpenTracing docs to use the unified `trace` method. ([\#5776](https://github.com/matrix-org/synapse/issues/5776)) - Small refactor of function arguments and docstrings in` RoomMemberHandler`. ([\#6009](https://github.com/matrix-org/synapse/issues/6009)) - Remove unused `origin` argument on `FederationHandler.add_display_name_to_third_party_invite`. ([\#6010](https://github.com/matrix-org/synapse/issues/6010)) - Add a `failure_ts` column to the `destinations` database table. ([\#6016](https://github.com/matrix-org/synapse/issues/6016), [\#6072](https://github.com/matrix-org/synapse/issues/6072)) - Clean up some code in the retry logic. ([\#6017](https://github.com/matrix-org/synapse/issues/6017)) - Fix the structured logging tests stomping on the global log configuration for subsequent tests. ([\#6023](https://github.com/matrix-org/synapse/issues/6023)) - Clean up the sample config for SAML authentication. ([\#6064](https://github.com/matrix-org/synapse/issues/6064)) - Change mailer logging to reflect Synapse doesn't just do chat notifications by email now. ([\#6075](https://github.com/matrix-org/synapse/issues/6075)) - Move last-seen info into devices table. ([\#6089](https://github.com/matrix-org/synapse/issues/6089)) - Remove unused parameter to `get_user_id_by_threepid`. ([\#6099](https://github.com/matrix-org/synapse/issues/6099)) - Refactor the user-interactive auth handling. ([\#6105](https://github.com/matrix-org/synapse/issues/6105)) - Refactor code for calculating registration flows. ([\#6106](https://github.com/matrix-org/synapse/issues/6106))
| * Fix 'redaction_retention_period' sampel config to match guidelinesErik Johnston2019-09-261-1/+1
| |
| * Explicitly log when a homeserver does not have a trusted key server ↵Neil Johnson2019-09-261-4/+10
| | | | | | | | configured (#6090)
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-251-51/+90
| |\ | | | | | | | | | erikj/cleanup_user_ips_2
| | * Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-241-1/+18
| | |\
| | | * Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
| | | * Merge pull request #6064 from matrix-org/rav/saml_config_cleanupRichard van der Hoff2019-09-231-51/+59
| | | |\ | | | | | | | | | | Make the sample saml config closer to our standards
| | | | * Merge branch 'develop' into rav/saml_config_cleanupRichard van der Hoff2019-09-1940-2177/+2402
| | | | |\
| | | * | | Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
| | * | | | Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-1940-2177/+2402
| | |\ \ \ \ | | | | |_|/ | | | |/| |
| | * | | | Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-0/+26
| | | |_|/ | | |/| | | | | | | | | | | | | | | | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
| | * | | Make the sample saml config closer to our standardsRichard van der Hoff2019-09-131-51/+59
| | | | | | | | | | | | | | | | | | | | It' still not great, thanks to the nested dictionaries, but it's better.
| * | | | Review commentsErik Johnston2019-09-251-1/+1
| | | | |
| * | | | Prune rows in user_ips older than configured periodErik Johnston2019-09-241-0/+6
| | |_|/ | |/| | | | | | | | | | Defaults to pruning everything older than 28d.
| * | | Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-201-0/+12
| | | |
| * | | Fix typo in account_threepid_delegates config (#6028)Jorik Schellekens2019-09-181-1/+1
| | |/ | |/|
| * | fix sample configRichard van der Hoff2019-09-181-1/+1
| | | | | | | | | | | | this was apparently broken by #6040.
| * | (#5849) Convert rst to markdown (#6040)dstipp2019-09-1735-2179/+2074
| | | | | | | | | | | | | | | Converting some of the rst documentation to markdown. Attempted to preserve whitespace and line breaks to minimize cosmetic change.
| * | Add developer docs for using SAML without a server (#6032)Travis Ralston2019-09-131-0/+37
| | |
| * | add report_stats_endpoint config option (#6012)Sorunome2019-09-121-0/+5
| | | | | | | | | This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
| * | Update sample configErik Johnston2019-09-111-1/+1
| | |
| * | Update sample configErik Johnston2019-09-111-0/+7
| | |
| * | Merge pull request #5934 from matrix-org/erikj/censor_redactionsErik Johnston2019-09-091-0/+7
| |\ \ | | | | | | | | Censor redactions in DB after a month
| | * | Default to censoring redactions after seven daysErik Johnston2019-09-091-3/+5
| | | |
| | * | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-051-0/+62
| | |\ \ | | | | | | | | | | | | | | | erikj/censor_redactions
| | * | | Make redaction retention period configurableErik Johnston2019-09-051-0/+5
| | | | |
| * | | | Servers-known-about statistic (#5981)Amber Brown2019-09-071-0/+10
| | | | |
| * | | | Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-061-13/+43
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
| * | | Fix and refactor room and user stats (#5971)Erik Johnston2019-09-041-0/+62
| |/ / | | | | | | Previously the stats were not being correctly populated.
| * | Add a link to python's logging config schema (#5926)Jorik Schellekens2019-08-281-1/+2
| | |
| * | Config templating (#5900)Jorik Schellekens2019-08-281-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org>
| * | Implement a structured logging output system. (#5680)Amber Brown2019-08-281-0/+83
| | |
| * | Merge pull request #5914 from matrix-org/rei/admin_getadminreivilibre2019-08-281-0/+19
| |\ \ | | | | | | | | Add GET method to admin API /users/@user:dom/admin
| | * | Document GET method for retrieving admin bit of user in admin APIOlivier Wilkinson (reivilibre)2019-08-271-0/+19
| | | | | | | | | | | | | | | | Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
| * | | Merge pull request #5895 from matrix-org/erikj/notary_keyErik Johnston2019-08-271-0/+8
| |\ \ \ | | |/ / | |/| | Add config option to sign remote key query responses with a separate key.
| | * | Fixup review commentsErik Johnston2019-08-231-2/+2
| | | |
| | * | Add config option for keys to use to sign keysErik Johnston2019-08-211-0/+8
| | |/ | | | | | | | | | | | | This allows servers to separate keys that are used to sign remote keys when acting as a notary server.
| * | Add Admin API capability to set adminship of a user (#5878)reivilibre2019-08-271-0/+20
| | | | | | | | | Admin API: Set adminship of a user
| * | Propagate opentracing contexts through EDUs (#5852)Jorik Schellekens2019-08-221-2/+25
| | | | | | | | | | | | | | | Propagate opentracing contexts through EDUs Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | Servlet to purge old rooms (#5845)Richard van der Hoff2019-08-221-0/+18
| |/
* / add explanations on how to actually include an access_token (#6031)axel simon2019-09-131-0/+12
|/
* Don't load the media repo when configured to use an external media repo (#5754)Amber Brown2019-08-132-0/+14
|
* LintBrendan Abolivier2019-08-011-1/+1
|
* Sample configBrendan Abolivier2019-08-011-0/+10
|
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-4/+0
| | | | | | | | The `expire_access_token` didn't do what it sounded like it should do. What it actually did was make Synapse enforce the 'time' caveat on macaroons used as access tokens, but since our access token macaroons never contained such a caveat, it was always a no-op. (The code to add 'time' caveats was removed back in v0.18.5, in #1656)
* Room Complexity Client Implementation (#5783)Amber Brown2019-07-301-0/+17
|
* Make Jaeger fully configurable (#5694)Jorik Schellekens2019-07-231-0/+16
| | | | | | * Allow Jaeger to be configured * Update sample config
* Replace returnValue with return (#5736)Amber Brown2019-07-231-1/+1
|
* Merge branch 'release-v1.2.0' into developJorik Schellekens2019-07-222-12/+102
|\
| * Opentracing Documentation (#5703)Jorik Schellekens2019-07-222-12/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Opentracing survival guide * Update decorator names in doc * Doc cleanup These are all alterations as a result of comments in #5703, it includes mostly typos and clarifications. The most interesting changes are: - Split developer and user docs into two sections - Add a high level description of OpenTracing * newsfile * Move contributer specific info to docstring. * Sample config. * Trailing whitespace. * Update 5703.misc * Apply suggestions from code review Mostly just rewording parts of the docs for clarity. Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* | Update the coding style doc (#5719)Richard van der Hoff2019-07-191-30/+94
|/ | | | | A few fixes and removal of duplicated stuff, but mostly a bunch of the words on the config file.
* Clean up opentracing configuration options (#5712)Richard van der Hoff2019-07-181-14/+31
| | | | | | | | | | | | | | | | | Clean up config settings and dead code. This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular: * There should be a blank line after `## Section ##' headings * There should be a blank line between each config setting * There should be a `#`-only line between a comment and the setting it describes * We don't really do the `# #` style commenting-out of whole sections if we can help it * rename `tracer_enabled` to `enabled` While we're here, do more config parsing upfront, which makes it easier to use later on. Also removes redundant code from LogContextScopeManager. Also changes the changelog fragment to a `feature` - it's exciting!
* Support Prometheus_client 0.4.0+ (#5636)Amber Brown2019-07-181-0/+102
|
* Improve `Depends` specs in debian package. (#5675)Richard van der Hoff2019-07-171-3/+5
| | | | | | | | | | | | | | | | | | | This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653. The way this is supposed to happen in debhelper is to run `dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out into `debian/<package>.substvars` whence they can later be included by `control`. Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps` gets confused about PIL's interdependent objects, but that's not really the right thing to do and there is another way to work around that. Since we don't always use postgres, we don't necessarily want a hard Depends on libpq5, so I've actually ended up adding an explicit invocation of `dpkg-shlibdeps` for `psycopg2`. I've also updated the build-depends list for the package, which was missing a couple of entries.
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-0/+11
| | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
* Update reverse_proxy.rst (#5397)Ulrik Günther2019-07-121-0/+2
| | | | | Updates reverse_proxy.rst with information about nginx' URI normalisation.
* Improved docs on setting up Postgresql (#5661)Lrizika2019-07-111-4/+15
| | | | | Added that synapse_user needs a database to access before it can auth Noted you'll need to enable password auth, linked to pg_hba.conf docs
* Add basic opentracing support (#5544)Jorik Schellekens2019-07-111-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-19/+19
|
* Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-012-3/+28
|\
| * Update the TLS cipher string and provide configurability for TLS on outgoing ↵Amber Brown2019-06-281-0/+9
| | | | | | | | federation (#5550)
| * Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-271-0/+6
| | | | | | | | | | Signed-off-by: Daniel Hoffend <dh@dotlan.net>
| * Make it clearer that the template dir is relative to synapse's root dir (#5543)Andrew Morgan2019-06-271-1/+9
| | | | | | Helps address #5444
| * Merge pull request #5313 from twrist/patch-1Richard van der Hoff2019-06-271-2/+4
| |\ | | | | | | Update HAProxy example rules
| | * Update HAProxy example rulesIke Johnson2019-06-021-2/+4
| | | | | | | | | These new rules allow a user to instead route only matrix traffic, allowing them to run matrix on the domain without affecting their existing websites
* | | update sample configRichard van der Hoff2019-06-271-6/+13
| | |
* | | update sample configRichard van der Hoff2019-06-261-0/+13
|/ /
* | Merge branch 'master' into developAndrew Morgan2019-06-251-1/+1
|\ \ | | | | | | | | | | | | | | | * master: Fix broken link in MSC1711 FAQ Update changelog to better expain password reset change (#5545)
| * | Fix broken link in MSC1711 FAQRichard van der Hoff2019-06-251-1/+1
| | |
* | | Add info about black to code_style.rst (#5537)Andrew Morgan2019-06-241-45/+42
| | | | | | | | | | | | | | | Fixes #5533 Adds information about how to install and run black on the codebase.
* | | Merge pull request #5524 from matrix-org/rav/new_cmdline_optionsRichard van der Hoff2019-06-241-1/+1
|\ \ \ | | | | | | | | Add --data-dir and --open-private-ports options.
| * | | Add "--open-private-ports" cmdline optionRichard van der Hoff2019-06-241-1/+1
| | | | | | | | | | | | | | | | This is helpful when generating a config file for running synapse under docker.
* | | | Merge pull request #5534 from matrix-org/babolivier/federation-publicroomsBrendan Abolivier2019-06-241-4/+8
|\ \ \ \ | |/ / / |/| | | Split public rooms directory auth config in two
| * | | Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-4/+8
| | | |
* | | | Allow configuration of the path used for ACME account keys.Richard van der Hoff2019-06-241-0/+7
|/ / / | | | | | | | | | | | | Because sticking it in the same place as the config isn't necessarily the right thing to do.
* | | Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-221-23/+0
| | | | | | | | | This has no useful purpose on python3, and is generally a source of confusion.
* | | Update docs/workers.rst Erik Johnston2019-06-211-1/+1
| | | | | | | | | | | | | | | E_TOO_MANY_NEGATIVES Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* | | Support pagination API in client_reader workerErik Johnston2019-06-211-0/+7
| | |
* | | Run Black. (#5482)Amber Brown2019-06-201-79/+79
| | |
* | | Remove Postgres 9.4 support (#5448)Amber Brown2019-06-181-2/+2
| | |
* | | Merge pull request #5440 from matrix-org/babolivier/third_party_event_rulesBrendan Abolivier2019-06-141-0/+13
|\ \ \ | |/ / |/| | Allow server admins to define implementations of extra rules for allowing or denying incoming events
| * | Add plugin APIs for implementations of custom event rules.Brendan Abolivier2019-06-141-0/+13
| | |
* | | Neilj/improve federation docs (#5419)Neil Johnson2019-06-112-3/+91
|/ / | | | | | | Add FAQ questions to federate.md. Add a health warning making it clear that the 1711 upgrade FAQ is now out of date.
* | Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | | | | | Set default room version to v4.
* | Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-10/+50
| | | | | | | | | | | | | | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* | Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-6/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* | Neilj/1.0 upgrade notes (#5371)Neil Johnson2019-06-061-7/+5
| | | | | | | | 1.0 upgrade/install notes
* | Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verificationRichard van der Hoff2019-06-052-6/+21
|\ \
| * | Fix notes about well-known and acme (#5357)Richard van der Hoff2019-06-051-6/+5
| | | | | | | | | | | | fixes #4951
| * | Neilj/mau tracking config explainer (#5284)Neil Johnson2019-06-051-0/+16
| | | | | | | | | | | | Improve documentation of monthly active user blocking and mau_trial_days
* | | Update sample configRichard van der Hoff2019-06-051-4/+4
|/ /
* | Merge pull request #5276 from matrix-org/babolivier/account_validity_job_deltaErik Johnston2019-05-311-1/+3
|\ \ | | | | | | Allow configuring a range for the account validity startup job
| * | Sample configBrendan Abolivier2019-05-311-1/+1
| | |
| * | Sample configBrendan Abolivier2019-05-311-8/+3
| | |
| * | Config and changelogBrendan Abolivier2019-05-281-0/+7
| | |
* | | Clarify that the admin change password endpoint logs them out (#5303)Travis Ralston2019-05-311-1/+1
| | |
* | | Merge pull request #5283 from aaronraimist/captcha-docsErik Johnston2019-05-291-0/+1
|\ \ \ | | | | | | | | Specify the type of reCAPTCHA key to use (#5013)
| * | | Specify the type of reCAPTCHA key to use (#5013)Aaron Raimist2019-05-281-0/+1
| | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | | | regenerate sample configAmber Brown2019-05-291-3/+3
| | | |
* | | | Fix docs on resetting the user directory (#5036)Aaron Raimist2019-05-281-7/+3
|/ / / | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | | Add missing blank line in config (#5249)Richard van der Hoff2019-05-241-0/+1
| | |
* | | Add config option for setting homeserver's default room version (#5223)Andrew Morgan2019-05-231-0/+9
| | | | | | | | | | | | | | | Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present. That hardcoded value is now located in the server.py config file.
* | | Room Statistics (#4338)Amber Brown2019-05-211-0/+16
| |/ |/|
* | Merge pull request #5204 from ↵Brendan Abolivier2019-05-211-0/+8
|\| | | | | | | | | matrix-org/babolivier/account_validity_expiration_date Add startup background job for account validity
| * DocBrendan Abolivier2019-05-211-0/+8
| |
* | Merge remote-tracking branch 'origin/master' into developRichard van der Hoff2019-05-171-23/+22
|\ \ | |/ |/|
| * Stop telling people to install the optional dependencies. (#5197)Richard van der Hoff2019-05-171-23/+22
| | | | | | | | | | | | | | | | | | * Stop telling people to install the optional dependencies. They're optional. Also update the postgres docs a bit for clarity(?)
* | Changelog + sample configBrendan Abolivier2019-05-161-0/+6
| |
* | Make all the rate limiting options more consistent (#5181)Amber Brown2019-05-151-28/+25
| |
* | Add ability to blacklist ip ranges for federation traffic (#5043)Andrew Morgan2019-05-131-0/+18
|/
* Make Prometheus snippet less confusing on the metrics collection doc (#4288)Gergely Polonkai2019-05-101-1/+4
| | | Signed-off-by: Gergely Polonkai <gergely@polonkai.eu>
* Add AllowEncodedSlashes to apache (#5068)colonelkrud2019-05-091-0/+2
| | | | | | | | * Add AllowEncodedSlashes to apache Add `AllowEncodedSlashes On` to apache config to support encoding for v3 rooms. "The AllowEncodedSlashes setting is not inherited by virtual hosts, and virtual hosts are used in many default Apache configurations, such as the one in Ubuntu. The workaround is to add the AllowEncodedSlashes setting inside a <VirtualHost> container (/etc/apache2/sites-available/default in Ubuntu)." Source: https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache * change allowencodedslashes to nodecode
* add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-081-0/+14
| | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* Remove the requirement to authenticate for /admin/server_version. (#5122)Richard van der Hoff2019-05-071-2/+0
| | | | | | | | | This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently.
* Fix spelling in server notices admin API docs (#5142)Travis Ralston2019-05-061-1/+1
|
* Fix sample configRichard van der Hoff2019-05-061-1/+1
| | | | ... after it got broken in 1565ebec2c.
* Merge branch 'master' into developRichard van der Hoff2019-05-031-5/+12
|\
| * more config comment updatesRichard van der Hoff2019-05-031-2/+5
| |
| * Blacklist 0.0.0.0 and :: by default for URL previewsRichard van der Hoff2019-05-031-5/+9
| |
* | Add admin api for sending server_notices (#5121)Richard van der Hoff2019-05-022-19/+54
| |
* | Merge pull request #5124 from matrix-org/babolivier/aliasesBrendan Abolivier2019-05-021-0/+5
|\ \ | | | | | | Add some limitations to alias creation
| * | Add some limitations to alias creationBrendan Abolivier2019-05-021-0/+5
| | |
* | | Fix sample configRichard van der Hoff2019-05-011-2/+2
| | |
* | | Move admin API to a new prefixRichard van der Hoff2019-05-018-12/+12
|/ /
* | Merge pull request #5116 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-05-011-1/+1
|\ \ | | | | | | Fix path in account validity admin route's doc
| * | Fix whole path for admin routeBrendan Abolivier2019-05-011-1/+1
| | |
| * | Fix typo in account validity admin routeBrendan Abolivier2019-05-011-1/+1
| | |
* | | Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-252-1/+34
|/ /
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-04-173-0/+27
|\ \ | | | | | | | | | babolivier/account_expiration
| * \ Merge pull request #5047 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-171-3/+26
| |\ \ | | | | | | | | Send out emails with links to extend an account's validity period
| * \ \ Merge pull request #5063 from matrix-org/erikj/move_endpointsErik Johnston2019-04-151-0/+6
| |\ \ \ | | | | | | | | | | Move some rest endpoints to client reader
| | * | | Only handle GET requests for /push_rulesErik Johnston2019-04-151-0/+3
| | | | |
| | * | | Move some rest endpoints to client readerErik Johnston2019-04-151-0/+3
| | | | |
| * | | | Merge pull request #5027 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-091-0/+6
| |\ \ \ \ | | | | | | | | | | | | Add time-based account expiration
| * | | | | add context to phonehome stats (#5020)Neil Johnson2019-04-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | add context to phonehome stats
| * | | | | Add config option to block users from looking up 3PIDs (#5010)Brendan Abolivier2019-04-041-0/+4
| | |/ / / | |/| | |
| * | | | Add admin API for group deletionErik Johnston2019-04-031-0/+14
| | |_|/ | |/| |
* | | | Add management endpoints for account validityBrendan Abolivier2019-04-171-0/+42
| |_|/ |/| |
* | | Send out emails with links to extend an account's validity periodBrendan Abolivier2019-04-171-3/+26
| |/ |/|
* | Add account expiration featureBrendan Abolivier2019-04-091-0/+6
|/
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-0/+14
| | | | | Adds a new method, check_3pid_auth, which gives password providers the chance to allow authentication with third-party identifiers such as email or msisdn.
* Fix nginx example in ACME doc. (#4923)Richard van der Hoff2019-03-251-1/+1
|
* Update Apache Setup To Remove Location Syntax (#4870)Colin W2019-03-211-9/+5
| | | | | This one should close #4841. Many thanks to @dev4223 for bringing it up and finding a solution. Signed-off-by: Colin White
* Merge pull request #4896 from matrix-org/erikj/disable_room_directoryErik Johnston2019-03-211-0/+6
|\ | | | | Add option to disable search room lists
| * Fix up config commentsErik Johnston2019-03-201-3/+4
| |
| * Add option to disable search room listsErik Johnston2019-03-191-0/+5
| | | | | | | | This disables both local and remote room list searching.
* | Merge pull request #4895 from matrix-org/erikj/disable_user_searchErik Johnston2019-03-201-0/+5
|\ \ | | | | | | Add option to disable searching in the user dir
| * | Fix up sample configErik Johnston2019-03-201-2/+4
| | |
| * | Update sample configErik Johnston2019-03-191-0/+3
| |/
* / Batch up outgoing read-receipts to reduce federation traffic. (#4890)Richard van der Hoff2019-03-201-0/+8
|/ | | | Rate-limit outgoing read-receipts as per #4730.
* Add note on tuning postgresErik Johnston2019-03-191-2/+20
|
* Merge remote-tracking branch 'origin/master' into developRichard van der Hoff2019-03-192-5/+3
|\
| * Repoint docs for federation (#4881)Michael Kaye2019-03-191-1/+1
| |
| * fix some typos in federate.mdRichard van der Hoff2019-03-151-4/+2
| |
* | Comment out most options in the generated config. (#4863)Richard van der Hoff2019-03-191-73/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand.
* | Add ratelimiting on failed login attempts (#4865)Brendan Abolivier2019-03-181-0/+6
| |
* | Add ratelimiting on login (#4821)Brendan Abolivier2019-03-151-11/+28
| | | | | | Add two ratelimiters on login (per-IP address and per-userID).
* | Document using a certificate with a full chain (#4849)Andrew Morgan2019-03-131-0/+5
| |
* | Merge branch 'master' of github.com:matrix-org/synapse into developNeil Johnson2019-03-121-0/+125
|\|
| * fix orphaned sentenceNeil Johnson2019-03-121-1/+0
| |
| * Neilj/improved delegation doc 2 (#4832)Neil Johnson2019-03-121-0/+126
| | | | | | | | | | Improved federation configuration docs. Specifically detailing .well-known and SRV based delegation methods. Inspiration Valentin Lab <valentin.lab@kalysto.org> for https://github.com/matrix-org/synapse/pull/4781
* | Clarify what registration_shared_secret allows for (#2885) (#4844)Aaron Raimist2019-03-111-2/+2
| | | | | | | | | | | | | | | | | | | | * Clarify what registration_shared_secret allows for (#2885) Signed-off-by: Aaron Raimist <aaron@raim.ist> * Add changelog Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Reword the sample config header to be less scary (#4801)Matthew Hodgson2019-03-072-10/+20
| |
* | Update sample configBrendan Abolivier2019-03-051-11/+13
| |
* | Merge pull request #4772 from jbweston/jbweston/server-version-apiErik Johnston2019-03-051-0/+22
|\ \ | | | | | | Add 'server_version' endpoint to admin API
| * | add API documentationJoseph Weston2019-03-021-0/+22
| | | | | | | | | | | | Signed-off-by: Joseph Weston <joseph@weston.cloud>
* | | Add rate-limiting on registration (#4735)Brendan Abolivier2019-03-051-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test
* | | Merge pull request #4796 from matrix-org/erikj/factor_out_e2e_keysErik Johnston2019-03-051-0/+2
|\ \ \ | | | | | | | | Allow /keys/{changes,query} API to run on worker
| * | | Allow /keys/{changes,query} API to run on workerErik Johnston2019-03-041-0/+2
| | | |
* | | | Include a default configuration file in the 'docs' directory. (#4791)Richard van der Hoff2019-03-042-0/+1048
|/ / /
* / / Fix v4v6 option in HAProxy example config (#4790)Seebi2019-03-041-7/+5
|/ / | | | | | | | | The v4v6 option only has a usage one ipv6 socket: https://serverfault.com/q/747895 Signed-off-by: Flakebi <flakebi@t-online.de>
* | Merge pull request #4759 from matrix-org/erikj/3pid_client_readerErik Johnston2019-02-271-0/+1
|\ \ | | | | | | Move /account/3pid to client_reader
| * | Move /account/3pid to client_readerErik Johnston2019-02-271-0/+1
| | |
* | | Move server key queries to federation readerErik Johnston2019-02-271-0/+1
|/ /
* | Merge pull request #4749 from matrix-org/erikj/replication_connection_backoffErik Johnston2019-02-271-1/+3
|\ \ | |/ |/| Fix tightloop over connecting to replication server
| * Fix tightloop over connecting to replication serverErik Johnston2019-02-261-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the client failed to process incoming commands during the initial set up of the replication connection it would immediately disconnect and reconnect, resulting in a tightloop. This can happen, for example, when subscribing to a stream that has a row that is too long in the backlog. The fix here is to not consider the connection successfully set up until the client has succesfully subscribed and caught up with the streams. This ensures that the retry logic timers aren't reset until then, meaning that if an error does happen during start up the client will continue backing off before retrying again.
* | Fix apache reverse proxy example (#4742)Paul Tötterman2019-02-261-1/+1
|/ | | | | So that it actually works. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
* Minor tweaks to acme docs (#4689)Richard van der Hoff2019-02-221-10/+9
|
* Added HAProxy example (#4660)Benoît S2019-02-211-0/+18
| | | | | | | | | | * Added HAProxy example Proposal of an example with HAProxy. Asked by #4541. Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr> * Following suggestions of @richvdh
* Merge pull request #4671 from matrix-org/erikj/state_cache_invalidationErik Johnston2019-02-191-1/+25
|\ | | | | Batch cache invalidation over replication
| * DocsErik Johnston2019-02-191-0/+5
| |
| * DocumentationErik Johnston2019-02-191-1/+20
| |
* | Update worker docsErik Johnston2019-02-181-1/+2
|/
* Update docsErik Johnston2019-02-181-0/+6
|
* Merge tag 'v0.99.1'Richard van der Hoff2019-02-143-11/+110
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 0.99.1 (2019-02-14) =========================== Features -------- - Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902)) - Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420)) - Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522)) - Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580)) - Allow the "unavailable" presence status for /sync. This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592)) - There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613), [\#4615](https://github.com/matrix-org/synapse/issues/4615), [\#4617](https://github.com/matrix-org/synapse/issues/4617), [\#4636](https://github.com/matrix-org/synapse/issues/4636)) - The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614)) Bugfixes -------- - Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530)) - Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546)) - Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589)) - Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591)) - Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608)) - Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618)) - Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625)) - Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626), [\#4627](https://github.com/matrix-org/synapse/issues/4627)) Internal Changes ---------------- - Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462)) - Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513)) - Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567)) - Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576)) - Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578)) - Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584)) - Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586)) - Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607)) - Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611)) - Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616)) - Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619)) - README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621))
| * Clarifications for reverse proxy docs (#4607)Richard van der Hoff2019-02-113-11/+110
| | | | | | | | | | | | | | Factor out the reverse proxy info to a separate file, add some more info on reverse-proxying the federation port.
| * Update MSC1711 FAQ to be explicit about well-known (#4584)Erik Johnston2019-02-071-13/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | A surprising number of people are using the well-known method, and are simply copying the example configuration. This is problematic as the example includes an explicit port, which causes inbound federation requests to have the HTTP Host header include the port, upsetting some reverse proxies. Given that, we update the well-known example to be more explicit about the various ways you can set it up, and the consequence of using an explict port.
* | Update MSC1711_certificates_FAQ.mdErik Johnston2019-02-081-1/+1
| | | | | | Fix incorrect heading level
* | cleanupsRichard van der Hoff2019-02-071-4/+2
| |
* | Merge branch 'master' into erikj/msc1711_faqRichard van der Hoff2019-02-072-12/+16
|\|
| * Merge remote-tracking branch 'origin/release-v0.99.0'Richard van der Hoff2019-02-071-11/+15
| |\
| | * Update ACME docs to include port instructions (#4578) github/release-v0.99.0 release-v0.99.0Andrew Morgan2019-02-071-11/+15
| | |
| * | clarify option 1Richard van der Hoff2019-02-071-1/+1
| | |
* | | Update MSC1711 FAQ to be explicit about well-knownErik Johnston2019-02-071-11/+27
|/ / | | | | | | | | | | | | | | | | | | | | | | A surprising number of people are using the well-known method, and are simply copying the example configuration. This is problematic as the example includes an explicit port, which causes inbound federation requests to have the HTTP Host header include the port, upsetting some reverse proxies. Given that, we update the well-known example to be more explicit about the various ways you can set it up, and the consequence of using an explict port.
* / faq cleanupsRichard van der Hoff2019-02-051-36/+18
|/
* Add notes on SRV and .well-known (#4573)Richard van der Hoff2019-02-051-41/+117
|
* Merge pull request #4570 from matrix-org/anoa/self_signed_upgradeAndrew Morgan2019-02-051-0/+126
|\ | | | | Add ACME docs and link to it from README and INSTALL
| * Add TL;DR and final step details to ACMEAndrew Morgan2019-02-051-4/+20
| |
| * Merge branch 'anoa/self_signed_upgrade' of github.com:matrix-org/synapse ↵Andrew Morgan2019-02-051-1/+1
| |\ | | | | | | | | | into anoa/self_signed_upgrade
| | * Update docs/ACME.mdRichard van der Hoff2019-02-051-2/+2
| | | | | | | | | Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
| * | Update ACMEAndrew Morgan2019-02-051-14/+17
| |/
| * Actually add ACME docsAndrew Morgan2019-02-051-0/+107
| |
| * Convert ACME docs to mdAndrew Morgan2019-02-051-98/+0
| |
| * Move ACME docs to docs/ACME.rst and link from UPGRADE.Andrew Morgan2019-02-051-0/+98
| |
* | Neilj/1711faq (#4572)Neil Johnson2019-02-051-0/+260
|/ | | | | MSC1711 certificates FAQ
* Remove mention of lt-cred-mech in the sample coturn config. (#4333)Krithin Sitaram2018-12-281-3/+2
| | | | | | | | | | | * Remove mention of lt-cred-mech in the sample coturn config. See https://github.com/coturn/coturn/pull/262 for more context. Also clean up some minor formatting issues while I'm here. * Add changelog. Signed-off-by: Krithin Sitaram <krithin@gmail.com>
* create support user (#4141)Neil Johnson2018-12-141-4/+7
| | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
* Do a GC after each test to fix logcontext leaks (#4227)Richard van der Hoff2018-11-271-1/+57
| | | | | | | | | | * Some words about garbage collections and logcontexts * Do a GC after each test to fix logcontext leaks This feels like an awful hack, but... * changelog
* Add a note saying you need to manually reclaim disk spaceAaron Raimist2018-11-181-0/+8
| | | | | | People keep asking why their database hasn't gotten smaller after using this API. Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add config variables for enabling terms auth and the policy name (#4142)Travis Ralston2018-11-061-4/+36
| | | | So people can still collect consent the old way if they want to.
* Update documentation and templates for new consentTravis Ralston2018-10-122-10/+18
|
* Merge pull request #3734 from matrix-org/travis/worker-docsTravis Ralston2018-08-231-1/+1
|\ | | | | Reference that the federation_reader needs the HTTP replication port set
| * Reference that the federation_reader needs the HTTP replication port setTravis Ralston2018-08-211-1/+1
| |
* | Merge pull request #3659 from matrix-org/erikj/split_profilesErik Johnston2018-08-221-0/+1
|\ \ | |/ |/| Allow profile updates to happen on workers
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2018-08-172-1/+14
| |\ | | | | | | | | | erikj/split_profiles
| * | Update workers.rst with new pathsErik Johnston2018-08-071-0/+1
| | |
* | | Integrate presence from hotfixes (#3694)Amber Brown2018-08-181-0/+8
| |/ |/|
* | Update the admin register documentation to return a real user IDTravis Ralston2018-08-171-1/+1
| | | | | | Presumably this is the intention anyways. I've also updated the domain part to be something more along the lines of what people might expect.
* | Update docs/workers.rstErik Johnston2018-08-091-0/+13
|/
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2018-07-231-0/+63
|\ | | | | | | erikj/client_apis_move
| * Admin API for creating new users (#3415)Amber Brown2018-07-201-0/+63
| |
* | Update docs/workers.rstErik Johnston2018-07-231-0/+4
|/
* update doc for deactivate APIMatthew Hodgson2018-06-261-2/+15
|
* Fix metric documentation tables (#3341)Amber Brown2018-06-061-20/+30
|
* Merge pull request #3340 from ArchangeGabriel/patch-1Richard van der Hoff2018-06-051-9/+9
|\ | | | | doc/postgres.rst: fix display of the last command block
| * doc/postgres.rest: fix displaying of the last command blockBruno Pagani2018-06-041-9/+9
| | | | | | Also indent all of them with 4 spaces.
* | code_style.rst: formattingRichard van der Hoff2018-05-311-1/+1
| |
* | Run Prometheus on a different port, optionally. (#3274)Amber Brown2018-05-311-11/+66
| |
* | Let users leave the server notice room after joiningRichard van der Hoff2018-05-251-2/+5
|/ | | | They still can't reject invites, but we let them leave it.
* Allow overriding the server_notices user's avatarRichard van der Hoff2018-05-231-3/+6
| | | | probably should have done this in the first place, like @turt2live suggested.
* consent_tracking.md: clarify linkRichard van der Hoff2018-05-231-1/+1
|
* minor post-review tweaksRichard van der Hoff2018-05-232-5/+5
|
* mention public_baseurlRichard van der Hoff2018-05-231-0/+9
|
* fix wrappingRichard van der Hoff2018-05-231-1/+3
|
* Using the manhole to send server noticesRichard van der Hoff2018-05-231-0/+13
|
* Notes on the manholeRichard van der Hoff2018-05-231-0/+43
|
* consent_tracking: formatting etcRichard van der Hoff2018-05-231-8/+7
|
* server_notices.md: fix linkRichard van der Hoff2018-05-231-2/+2
|
* consent tracking docsRichard van der Hoff2018-05-233-25/+154
|
* Some docs about server noticesRichard van der Hoff2018-05-231-0/+53
|
* Add a 'has_consented' template var to consent formsRichard van der Hoff2018-05-222-1/+7
| | | | fixes #3260
* Merge branch 'master' into developNeil Johnson2018-05-181-9/+23
|\
| * postgres.rst: Add instructions how to setup the postgres user and clarify ↵rubo772018-05-171-9/+23
| | | | | | | | the final step
* | ConsentResource to gather policy consent from usersRichard van der Hoff2018-05-153-0/+51
|/ | | | | Hopefully there are enough comments and docs in this that it makes sense on its own.
* Revert "Merge pull request #3066 from matrix-org/rav/remove_redundant_metrics"Richard van der Hoff2018-04-091-11/+0
| | | | | | | We aren't ready to release this yet, so I'm reverting it for now. This reverts commit d1679a4ed7947b0814e0f2af9b888a16c588f1a1, reversing changes made to e089100c6231541c446e37e157dec8feed02d283.
* Merge pull request #2886 from turt2live/travis/new-worker-docsRichard van der Hoff2018-04-051-2/+9
|\ | | | | Add a blurb explaining the main synapse worker
| * Merge remote-tracking branch 'matrix-org/develop' into travis/new-worker-docsTravis Ralston2018-04-043-9/+45
| |\
| * | Document the additional routes for the event_creator workerTravis Ralston2018-04-041-1/+3
| | | | | | | | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/3018 Signed-off-by: Travis Ralston <travpc@gmail.com>
| * | Move the mention of the main synapse worker higher upTravis Ralston2018-04-041-13/+6
| | | | | | | | | Signed-off-by: Travis Ralston <travpc@gmail.com>
| * | Add a blurb explaining the main synapse workerTravis Ralston2018-02-171-0/+12
| | | | | | | | | Signed-off-by: Travis Ralston <travpc@gmail.com>