summary refs log tree commit diff
path: root/scripts-dev/check_auth.py (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-07-21Fix PEP8 errorsRichard van der Hoff2-1/+2
2016-07-21Implement GET /device/{deviceId}Richard van der Hoff3-19/+89
2016-07-21storage/client_ips: remove some dead codeRichard van der Hoff1-3/+0
2016-07-21Preserve device_id from first call to /registerRichard van der Hoff1-11/+10
device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call.
2016-07-20Fix PEP8 errorsRichard van der Hoff2-3/+1
2016-07-20Don't explode if we have no snapshots yetErik Johnston1-0/+3
2016-07-20GET /devices endpointRichard van der Hoff10-17/+397
implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table.
2016-07-20Record device_id in client_ipsRichard van der Hoff3-8/+34
Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.
2016-07-20More doc-commentsRichard van der Hoff2-10/+14
Fix some more comments on some things
2016-07-20Register a device_id in the /v2/register flow.Richard van der Hoff2-18/+49
This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit.
2016-07-20Make jenkins install deps on unit testsErik Johnston1-0/+4
2016-07-20Add metrics for psutil derived memory usageErik Johnston4-1/+50
2016-07-20Don't notify pusher pool for backfilled eventsErik Johnston1-5/+6
2016-07-20CommentErik Johnston1-0/+4
2016-07-19MANIFEST.in: Add *.pyiRichard van der Hoff1-0/+1
2016-07-19Type annotationsRichard van der Hoff6-0/+46
Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things.
2016-07-19Further registration refactoringRichard van der Hoff5-22/+57
* `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
2016-07-19Don't bind email unless threepid contains expected fieldsRichard van der Hoff1-28/+25
2016-07-19rest/client/v2_alpha/register.py: Refactor flow somewhat.Richard van der Hoff2-76/+104
This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful.
2016-07-19schema fixRichard van der Hoff1-1/+1
device_id should be text, not bigint.
2016-07-19Summary lineMark Haines1-2/+1
2016-07-19Update docstring on Handlers.Mark Haines1-3/+15
To indicate it is deprecated.
2016-07-18Add device_id support to /loginRichard van der Hoff12-31/+354
Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
2016-07-18Refactor login flowRichard van der Hoff2-65/+82
Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.
2016-07-18Fix a doc-commentRichard van der Hoff1-1/+1
The `store` in a handler is a generic DataStore, not just an events.StateStore.
2016-07-16Use body.get to check for 'user'Will Hunt1-2/+1
2016-07-16Fall back to 'username' if 'user' is not given for appservice reg.Will Hunt1-3/+5
2016-07-15Fix 500 ISE when sending alias event without a state_keyMark Haines1-0/+5
2016-07-15Fix /purge_history bugErik Johnston1-19/+15
This was caused by trying to insert duplicate backward extremeties
2016-07-15Pull out min stream_ordering from ex_outlier_streamErik Johnston1-1/+2
2016-07-15event_backwards_extremeties may not be emptyErik Johnston1-1/+11
2016-07-15CommentErik Johnston2-0/+6
2016-07-14Check sender signed eventErik Johnston3-6/+12
2016-07-14Add filter param to /messages APIErik Johnston4-11/+29
2016-07-14Add support for filters in paginate_room_eventsErik Johnston1-1/+51
2016-07-14Add 'contains_url' to filterErik Johnston1-3/+20
2016-07-14Add sender and contains_url field to events tableErik Johnston2-0/+142
2016-07-14Add hs objectErik Johnston1-0/+1
2016-07-14Only accept password authErik Johnston1-12/+0
2016-07-14Add an /account/deactivate endpointErik Johnston1-0/+55
2016-07-13Bug fix: expire invalid access tokensNegar Fazeli6-9/+42
2016-07-13Check if alias event's state_key matches sender's domainErik Johnston1-0/+11
2016-07-13Check creation event's room_id domain matches sender'sErik Johnston1-0/+7
2016-07-12be more pythonicDavid Baker1-1/+1
2016-07-12on_OPTIONS isn't neccessaryDavid Baker2-10/+1
2016-07-12Remove other debug loggingDavid Baker1-2/+0
2016-07-11Separate out requestTokens to separate handlersDavid Baker2-65/+93
2016-07-11Oops, remove debug loggingDavid Baker1-4/+0
2016-07-08Implement https://github.com/matrix-org/matrix-doc/pull/346/filesDavid Baker2-0/+60
2016-07-08Add a comment explaining allow_noneMark Haines1-0/+2
2016-07-08Ensure that the guest user is in the database when upgrading accountsMark Haines1-0/+13
2016-07-07Bump version and changelogErik Johnston2-1/+9
2016-07-07Fix bug where we did not correctly explode when multiple user_ids were set ↵Erik Johnston1-5/+10
in macaroon
2016-07-07CommentErik Johnston1-0/+3
2016-07-07Return 400 rather than 500Erik Johnston1-1/+4
2016-07-06Add rest servlet. Fix SQL.Erik Johnston2-5/+5
2016-07-06Check that there are no null bytes in user and passswordErik Johnston1-0/+6
2016-07-06Add null separator to hmacErik Johnston2-0/+4
2016-07-06Update password config commentKent Shikama1-1/+1
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06Update hash_password scriptKent Shikama1-1/+17
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05Remove spurious txnErik Johnston1-9/+0
2016-07-05Fix for postgresErik Johnston1-2/+2
2016-07-05Add an admin option to shared secret registrationErik Johnston4-27/+58
2016-07-05Protect password when registering using shared secretErik Johnston2-7/+15
2016-07-05Add ReadWriteLock for pagination and history pruneErik Johnston2-36/+38
2016-07-05Add ReadWriteLockErik Johnston2-0/+167
2016-07-05Fix typoMark Haines1-1/+1
2016-07-05Make get_events_around more efficient on sqlite3Mark Haines1-13/+49
2016-07-05Remove default password pepper stringKent Shikama1-2/+1
2016-07-05Fix password configKent Shikama2-3/+3
2016-07-05Fix pep8Kent Shikama2-2/+3
2016-07-05Add comment to prompt changing of pepperKent Shikama1-0/+1
2016-07-05Use true/false for boolean parameter inclusive to avoid potential for sqli, ↵Mark Haines2-5/+7
and possibly make the code clearer
2016-07-05Add purge_history APIErik Johnston4-1/+38
2016-07-04Use different SQL for postgres and sqlite3 for when using multicolumn indexesMark Haines2-59/+59
2016-07-05Add pepper to password hashingKent Shikama2-3/+8
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04Add storage function to purge history for a roomErik Johnston1-0/+140
2016-07-04Use a query that postgresql optimises better for get_events_aroundMark Haines1-12/+16
2016-07-04Fix style violationsKent Shikama2-2/+4
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04Use .get() instead of [] to access password_hashKent Shikama1-1/+1
2016-07-03Optionally include password hash in createUser endpointKent Shikama2-3/+5
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-01code_style.rst: add link to sphinx examplesRichard van der Hoff1-1/+3
2016-07-01code_style.rst: *fix* link to google styleRichard van der Hoff1-1/+1
2016-07-01code_style.rst: add link to google styleRichard van der Hoff1-2/+3
2016-06-30requestToken updateDavid Baker2-15/+29
Don't send requestToken request to untrusted ID servers Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.
2016-06-30Feature: Add deactivate account admin APIErik Johnston3-0/+40
Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>`
2016-06-29Remove raceErik Johnston1-11/+0
2016-06-29Implement purge_media_cache admin APIErik Johnston5-20/+130
2016-06-29Track approximate last access time for remote mediaErik Johnston4-1/+71
2016-06-28Update turn-howto.rst to use git clone (2)Rick Cogley1-1/+5
Not logical to use svn checkout against a github repo, so changed to git clone. Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28Update turn-howto.rst to use git cloneRick Cogley1-1/+1
svn checkout is not logical for a checkout from github, so changed the checkout to "git clone". thanks @dbkr Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28Remove double spacesRick Cogley1-12/+11
Reading the RST spec, I was trying to get breaks to appear by entering the double spaces after the lines in the code blocks. It does not work anyway, and, as pointed out, I've removed.
2016-06-27remove vector.im from default secondary DS listMatthew Hodgson1-1/+0
2016-06-26Update to reflect new location at github. Rick Cogley1-16/+18
Additionally it does not appear there is turnserver.conf.default, but rather, just /etc/turnserver.conf.
2016-06-24Fix the sytests to use a port-range rather than a port baseMark Haines3-4/+7
2016-06-24Remove room name & alias testDavid Baker1-41/+0
as get_room_name_and_alias is now gone
2016-06-24even more pep8David Baker1-0/+1
2016-06-24more pep8David Baker1-1/+0
2016-06-24pep8David Baker1-1/+0
2016-06-24Use similar naming we use in email notifs for pushDavid Baker6-79/+26
Fixes https://github.com/vector-im/vector-web/issues/1654
2016-06-22Actually we need to order these properlyDavid Baker1-2/+12
otherwise we'll end up returning the wrong 20
2016-06-22StyleDavid Baker1-1/+1
2016-06-22Put most recent 20 messages in notifDavid Baker1-3/+4
Fixes https://github.com/vector-im/vector-web/issues/1648
2016-06-22Rework ldap integration with ldap3Martin Weinelt4-60/+249
Use the pure-python ldap3 library, which eliminates the need for a system dependency. Offer both a `search` and `simple_bind` mode, for more sophisticated ldap scenarios. - `search` tries to find a matching DN within the `user_base` while employing the `user_filter`, then tries the bind when a single matching DN was found. - `simple_bind` tries the bind against a specific DN by combining the localpart and `user_base` Offer support for STARTTLS on a plain connection. The configuration was changed to reflect these new possibilities. Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-06-21Optionally start or stop workers in synctl.Mark Haines1-27/+151
Optionally start or stop an individual worker by passing -w with the path to the worker config. Optionally start or stop every worker and the main synapse by passing -a with a path to a directory containing worker configs. The "-w" is intended to be used to bounce individual workers proceses. THe "-a" is intended for when you want to restart all the workers simultaneuously, for example when performing database upgrades.
2016-06-21Remove the legacy v0 content upload API.Mark Haines3-132/+3
The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.
2016-06-21Fix substitution failure in mail templateDavid Baker1-1/+1
2016-06-20Optionally make committing to postgres asynchronous.Mark Haines3-3/+14
Useful when running tests when you don't care whether the server will lose data that it claims that it has committed.
2016-06-20Bump version and changelogErik Johnston2-1/+16
2016-06-17Add the create_profile method back since the tests use itMark Haines1-0/+6
2016-06-17Add a comment on why we don't create a profile for upgrading usersMark Haines1-0/+1
2016-06-17Remove registered_users from the distributor.Mark Haines5-33/+24
The only place that was observed was to set the profile. I've made it so that the profile is set within store.register in the same transaction that creates the user. This required some slight changes to the registration code for upgrading guest users, since it previously relied on the distributor swallowing errors if the profile already existed.
2016-06-17Linearize some federation endpoints based on (origin, room_id)Erik Johnston2-67/+78
2016-06-17Disable responding with canonical json for federationErik Johnston1-1/+1
2016-06-17Enable use_frozen_events in testsErik Johnston1-0/+1
2016-06-17Turn use_frozen_events off by defaultErik Johnston1-1/