| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This pins pysaml2 to < 6.4.0 on Python 3.5, as the last known working version.
|
|
|
|
|
|
(#8878)
This was broken in #8801.
|
|
This removes the version pin of the `prometheus_client` dependency, in direct response to #8831. If merged, this will close #8831
As far as I can tell, no other changes are needed, but as I'm no synapse expert, I'm relying heavily on CI and maintainer reviews for this. My very primitive test of synapse with prometheus_client v0.9.0 on my home server didn't bring up any issues, so we'll see what happens.
Signed-off-by: Jordan Bancino
|
|
|
|
|
|
|
|
This was broken in #8801 when abstracting code shared with OIDC.
After this change both SAML and OIDC have a concept of
grandfathering users, but with different implementations.
|
|
|
|
The idea here is to abstract out all the conditional code which tests which
methods a given password provider has, to provide a consistent interface.
|
|
(#8854)
This PR adds a `room_version` argument to the `RestHelper`'s `create_room_as` function for tests. I plan to use this for testing knocking, which currently uses an unstable room version.
|
|
The spec requires synapse to support `identifier` dicts for `m.login.password`
user-interactive auth, which it did not (instead, it required an undocumented
`user` parameter.)
To fix this properly, we need to pull the code that interprets `identifier`
into `AuthHandler.validate_login` so that it can be called from the UIA code.
Fixes #5665.
|
|
It's important that we make sure our background updates happen in a defined
order, to avoid disasters like #6923.
Add an ordering to all of the background updates that have landed since #7190.
|
|
|
|
Fix a minor bug where we would offer "m.login.password" login if a custom auth provider supported it, even if password login was disabled.
|
|
These things seemed to be completely untested, so I added a load of tests for
them.
|
|
This test was broken by #8565. It doesn't need to set set `self.clock`
here anyway - that is done by `setUp`.
|
|
A word got removed accidentally in 83434df3812650f53c60e91fb23c2079db0fb5b8.
|
|
we don't need to support legacy login dictionaries here.
|
|
This applies even if the feature is disabled at the server level with `allow_per_room_profiles`.
The server notice not being a real user it doesn't have an user profile.
|
|
|
|
per-message or per-room (#8820)
This PR adds a new config option to the `push` section of the homeserver config, `group_unread_count_by_room`. By default Synapse will group push notifications by room (so if you have 1000 unread messages, if they lie in 55 rooms, you'll see an unread count on your phone of 55).
However, it is also useful to be able to send out the true count of unread messages if desired. If `group_unread_count_by_room` is set to `false`, then with the above example, one would see an unread count of 1000 (email anyone?).
|
|
(#8565)
Changes `@cache_in_self` to use underscore-prefixed attributes.
|
|
|
|
* Remove special case of pretty printing JSON responses for curl
Signed-off-by: Tulir Asokan <tulir@maunium.net>
|
|
This PR grew out of #6739, and adds typing to some method arguments
You'll notice that there are a lot of `# type: ignores` in here. This is due to the base methods not matching the overloads here. This is necessary to stop mypy complaining, but a better solution is #8828.
|
|
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
|
We can get a SIGHUP at any point, including times where we are not in a
sane state. By deferring calling the handlers until the next reactor
tick we ensure that we don't get unexpected conflicts, e.g. trying to
flush logs from the signal handler while the code was in the process of
writing a log entry.
Fixes #8769.
|
|
When server URL provided to register_new_matrix_user includes path
component (e.g. "http://localhost:8008/"), the command fails with
"ERROR! Received 400 Bad Request". Stripping trailing slash from the
server_url command argument makes sure combined endpoint URL remains
valid.
Signed-off-by: Dmitry Borodaenko angdraug@debian.org
|
|
|
|
These are now only available via `/_synapse/admin/v1`.
|
|
This PR updates the push config's formatting to better align with our [code style guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format).
|
|
This is another PR that grew out of #6739.
The existing code for checking whether a user is currently invited to a room when they want to leave the room looks like the following:
https://github.com/matrix-org/synapse/blob/f737368a26bb9eea401fcc3a5bdd7e0b59e91f09/synapse/handlers/room_member.py#L518-L540
It calls `get_invite_for_local_user_in_room`, which will actually query *all* rooms the user has been invited to, before iterating over them and matching via the room ID. It will then return a tuple of a lot of information which we pull the event ID out of.
I need to do a similar check for knocking, but this code wasn't very efficient. I then tried to write a different implementation using `StateHandler.get_current_state` but this actually didn't work as we haven't *joined* the room yet - we've only been invited to it. That means that only certain tables in Synapse have our desired `invite` membership state. One of those tables is `local_current_membership`.
So I wrote a store method that just queries that table instead
|
|
This also removes some duplicated code between the simple
HTTP client and matrix federation client.
|
|
Abstracts the SAML and OpenID Connect code which attempts to regenerate
the localpart of a matrix ID if it is already in use.
|
|
|
|
Clarify that the list media API only shows media from unencrypted events.
|
|
|
|
Some hopefully-useful notes on setting up a turnserver.
|
|
This also expands type-hints to the SSO and registration code.
Refactors the CAS code to more closely match OIDC/SAML.
|
|
Synctl did not check if a worker thread was already running when using
`synctl start` and would naively start a fresh copy. This would
sometimes lead to cases where many duplicate copies of a single worker
would run.
This fix adds a pid check when starting worker threads and synctl will
now refuse to start individual workers if they're already running.
|
|
|
|
When using `add_header` nginx will literally add a header. If a
`content-type` header is already configured (for example through a
server wide default), this means we end up with 2 content-type headers,
like so:
```
content-type: text/html
content-type: application/json
access-control-allow-origin: *
```
That doesn't make sense. Instead, we want the content type of that
block to only be `application/json` which we can achieve using
`default_type` instead.
Signed-off-by: Daniele Sluijters <daenney@users.noreply.github.com>
|
|
|
|
|
|
Checks that the localpart returned by mapping providers for SAML and
OIDC are valid before registering new users.
Extends the OIDC tests for existing users and invalid data.
|
|
If the SAML metadata includes multiple IdPs it is necessary to
specify which IdP to redirect users to for authentication.
|
|
* Consistently use room_id from federation request body
Some federation APIs have a redundant `room_id` path param (see
https://github.com/matrix-org/matrix-doc/issues/2330). We should make sure we
consistently use either the path param or the body param, and the body param is
easier.
* Kill off some references to "context"
Once upon a time, "rooms" were known as "contexts". I think this kills of the
last references to "contexts".
|
|
no stream_id is stored. (#8744)
* Make this line debug (it's noisy)
* Don't include from_key for presence if we are at 0
* Limit read receipts for all rooms to 100
* changelog.d/8744.bugfix
* Allow from_key to be None
* Update 8744.bugfix
* The from_key is superflous
* Update comment
|
|
This was broken due to #8617 and #8761.
|
|
Updates the sample configuration with the pysaml2 configuration for
accepting clock skew/drift between the homeserver and IdP.
|
|
|
|
|
|
|
|
|
