summary refs log tree commit diff
path: root/synapse/api/auth.py (follow)
Commit message (Expand)AuthorAgeFilesLines
* Allow configuration of Synapse's cache without using synctl or environment va...Amber Brown2020-05-111-2/+2
* Stop Auth methods from polling the config on every req. (#7420)Andrew Morgan2020-05-061-73/+10
* async/await is_server_admin (#7363)Andrew Morgan2020-05-011-5/+4
* Allow deleting an alias if the user has sufficient power level (#6986)Patrick Cloke2020-03-041-7/+2
* Publishing/removing from the directory requires a power level greater than ca...Patrick Cloke2020-02-211-5/+5
* Add `allow_departed_users` param to `check_in_room_or_world_readable`Richard van der Hoff2020-02-191-3/+13
* Refactor the membership check methods in AuthRichard van der Hoff2020-02-181-43/+37
* Pass room version object into event_auth.check and check_redaction (#6788)Richard van der Hoff2020-01-281-2/+5
* Add StateMap type alias (#6715)Erik Johnston2020-01-161-6/+2
* Change EventContext to use the Storage class (#6564)Erik Johnston2019-12-201-1/+1
* Add auth events as per spec. (#6556)Erik Johnston2019-12-161-67/+34
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-1/+1
* Option to suppress resource exceeded alerting (#6173)Neil Johnson2019-10-241-3/+9
* Remove Auth.check method (#6217)Richard van der Hoff2019-10-181-18/+1
* Add device and appservice tagsErik Johnston2019-09-251-0/+3
* Don't create new span for get_user_by_reqErik Johnston2019-09-251-1/+0
* Ensure support users can be registered even if MAU limit is reachedJason Robinson2019-09-111-2/+9
* Remove double return statements (#5962)Andrew Morgan2019-09-031-1/+0
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-7/+7
* Opentracing misc (#5856)Jorik Schellekens2019-08-161-0/+4
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-23/+5
* Replace returnValue with return (#5736)Amber Brown2019-07-231-24/+20
* Ignore redactions of m.room.create events (#5701)Richard van der Hoff2019-07-171-15/+0
* Implement access token expiry (#5660)Richard van der Hoff2019-07-121-0/+12
* Clean up exception handling for access_tokens (#5656)Richard van der Hoff2019-07-111-88/+39
* Run Black. (#5482)Amber Brown2019-06-201-86/+73
* Better wordingBrendan Abolivier2019-06-101-1/+1
* DocBrendan Abolivier2019-06-101-0/+5
* Don't check whether the user's account is expired on /send_mail requestsBrendan Abolivier2019-06-051-2/+8
* Factor out an "assert_requester_is_admin" function (#5120)Richard van der Hoff2019-05-021-1/+1
* Add management endpoints for account validityBrendan Abolivier2019-04-171-1/+1
* Send out emails with links to extend an account's validity periodBrendan Abolivier2019-04-171-2/+3
* Add account expiration featureBrendan Abolivier2019-04-091-0/+12
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-11/+11
* Enforce hs_disabled_message correctlyRichard van der Hoff2019-03-191-3/+5
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/redactions...Erik Johnston2019-01-291-12/+1
|\
| * Remove dead functionErik Johnston2019-01-291-11/+0
| * Replace usage of builder.user_id with builder.senderErik Johnston2019-01-291-1/+1
* | Implement rechecking of redactionsErik Johnston2019-01-291-2/+2
|/
* Pass through room version to event authErik Johnston2019-01-251-4/+10
* Fix None guard in config.server.is_threepid_reservedNeil Johnson2019-01-221-1/+3
* Merge branch rav/macaroon_key_fix_0.34 into rav/macaroon_key_fix_0.34.1Richard van der Hoff2019-01-101-38/+27
|\
| * Merge branch 'rav/macaroon_key_fix' into rav/macaroon_key_fix_0.34Richard van der Hoff2019-01-101-38/+27
| |\
| | * Skip macaroon check for access tokens in the dbRichard van der Hoff2019-01-101-38/+27
* | | create support user (#4141)Neil Johnson2018-12-141-2/+3
|/ /
* | Add an option to enable recording IPs for appservice users (#3831)Travis Ralston2018-12-041-9/+20
* | assert rather than warn hhs-4Neil Johnson2018-08-311-3/+2
* | move threepid checker to config, add missing yieldsNeil Johnson2018-08-311-2/+11
* | fix reference to is_threepid_reservedNeil Johnson2018-08-311-1/+1
* | ensure post registration auth checks do not fail erroneouslyNeil Johnson2018-08-311-5/+2
* | fix bug where preserved threepid user comes to sign up and server is mau blockedNeil Johnson2018-08-311-1/+9
* | Change admin_uri to admin_contact in config and errorsErik Johnston2018-08-241-2/+2
* | Implement trail usersErik Johnston2018-08-231-1/+5
* | Merge branch 'develop' of github.com:matrix-org/synapse into neilj/server_not...Erik Johnston2018-08-221-7/+7
|\ \
| * | Port over enough to get some sytests running on Python 3 (#3668)Amber Brown2018-08-201-7/+7
* | | rename error codeNeil Johnson2018-08-181-2/+2
* | | special case server_notices_mxidNeil Johnson2018-08-181-0/+6
|/ /
* | Merge branch 'develop' into neilj/limit_exceeded_errorNeil Johnson2018-08-171-1/+2
|\ \
| * | call reap on start up and fix under reaping bugNeil Johnson2018-08-161-1/+1
* | | add new error type ResourceLimitNeil Johnson2018-08-161-4/+6
|/ /
* | replace admin_email with admin_uri for greater flexibilityNeil Johnson2018-08-151-5/+5
* | Merge branch 'develop' of github.com:matrix-org/synapse into neilj/admin_emailNeil Johnson2018-08-141-1/+11
|\ \
| * | make comments clearerNeil Johnson2018-08-141-1/+2
| * | rename _user_last_seen_monthly_activeNeil Johnson2018-08-091-1/+1
| * | fix errant parenthesisNeil Johnson2018-08-091-1/+1
| * | only block on sync where user is not part of the mau cohortNeil Johnson2018-08-091-2/+11
* | | support admin_email config and pass through into blocking errors, return Auth...Neil Johnson2018-08-131-2/+6
* | | Revert "support admin_email config and pass through into blocking errors, ret...Neil Johnson2018-08-131-6/+2
* | | support admin_email config and pass through into blocking errors, return Auth...Neil Johnson2018-08-131-2/+6
|/ /
* | Merge branch 'neilj/mau_tracker' of github.com:matrix-org/synapse into neilj/...Neil Johnson2018-08-061-4/+1
|\ \
| * | update comments to reflect new sigNeil Johnson2018-08-061-4/+1
* | | disable HS from configNeil Johnson2018-08-041-0/+4
|/ /
* | wip commit - tests failingNeil Johnson2018-08-031-2/+4
* | do mau checks based on monthly_active_users tableNeil Johnson2018-08-021-0/+13
* | insertion into monthly_active_usersNeil Johnson2018-08-021-1/+1
|/
* Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-2/+2
* Merge branch 'develop' into erikj/client_apis_moveErik Johnston2018-07-241-2/+4
|\
| * Use new gettersErik Johnston2018-07-231-2/+4
* | Move check_in_room_or_world_readable to AuthErik Johnston2018-07-201-0/+34
|/
* Make auth & transactions more testable (#3499)Amber Brown2018-07-141-62/+62
* run isortAmber Brown2018-07-091-3/+4
* add ip_range_whitelist parameter to limit where ASes can connect fromMatthew Hodgson2018-06-281-0/+6
* Don't print invalid access tokens in the logsTravis Ralston2018-06-241-2/+2
* Refactor get_send_level to take a power_levels eventRichard van der Hoff2018-06-141-1/+1
* Consistently use six's iteritems and wrap lazy keys/values in list() if they'...Amber Brown2018-05-311-1/+3
* replacing portionsAmber Brown2018-05-211-1/+1
* Add b prefixes to some strings that are bytes in py3Adrian Tschira2018-04-041-5/+5
* Improve comments on get_user_by_access_tokenRichard van der Hoff2017-11-291-1/+5
* Add a config option to block all room invites (#2457)Richard van der Hoff2017-09-191-0/+8
* Merge pull request #2309 from matrix-org/erikj/user_ip_replErik Johnston2017-07-061-1/+1
|\
| * Fix upErik Johnston2017-06-271-1/+1
* | Cache macaroon parse and validationErik Johnston2017-06-291-13/+60
|/
* Batch upsert user ipsErik Johnston2017-06-271-2/+1
* Change is_host_joined to use current_state tableErik Johnston2017-06-091-11/+2
* Fix a couple of logcontext leaksRichard van der Hoff2017-03-231-3/+2
* Change resolve_state_groups call site logging to DEBUGErik Johnston2017-01-171-1/+1
* Remove unused functionErik Johnston2017-01-131-3/+0
* Split event auth code into seperate moduleErik Johnston2017-01-131-645/+9
* Split out static auth methods from Auth objectErik Johnston2017-01-101-419/+495
* Fix flake8 and update changelog v0.18.6-rc3Mark Haines2017-01-051-1/+1
* add logging for all the places we call resolve_state_groups. my kingdom for a...Matthew Hodgson2017-01-051-0/+1
* Prevent user tokens being used as guest tokens (#1675)Richard van der Hoff2016-12-061-15/+36
* Rip out more refresh_token codeRichard van der Hoff2016-11-301-3/+2
* Merge pull request #1656 from matrix-org/rav/remove_time_caveatRichard van der Hoff2016-11-301-3/+13
|\
| * CommentsRichard van der Hoff2016-11-301-3/+9
| * Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-0/+4
* | Merge pull request #1653 from matrix-org/rav/guest_e2eRichard van der Hoff2016-11-291-1/+5
|\ \ | |/ |/|
| * Give guest users a device_idRichard van der Hoff2016-11-251-1/+5
* | Remove redundant list of known caveat prefixesRichard van der Hoff2016-11-241-26/+8
|/
* Merge pull request #1098 from matrix-org/markjh/bearer_tokenMark Haines2016-10-251-9/+37
|\
| * Fix unit testsMark Haines2016-09-121-1/+1
| * Allow clients to supply access_tokens as headersMark Haines2016-09-091-9/+37
* | Closing brace on following lineLuke Barnard2016-10-201-1/+2
* | as_user->app_service, less redundant comments, better positioned commentsLuke Barnard2016-10-201-3/+3
* | flake8Luke Barnard2016-10-201-1/+3
* | Use real AS object by passing it through the requesterLuke Barnard2016-10-201-7/+7
* | Merge pull request #1157 from Rugvip/nolimitErik Johnston2016-10-111-4/+3
|\ \
| * | storage/appservice: make appservice methods only relying on the cache synchro...Patrik Oldsberg2016-10-061-4/+3
* | | api/auth: fix for not being allowed to set your own state_keyPatrik Oldsberg2016-09-301-10/+0
|/ /
* | Update commentsErik Johnston2016-09-221-2/+3
* | Add commentsErik Johnston2016-09-221-0/+3
* | Shuffle things around to make unit tests workErik Johnston2016-09-221-14/+15
* | Allow invites via 3pid to bypass sender sig checkErik Johnston2016-09-221-1/+16
|/
* Add helper function for getting access_tokens from requestsMark Haines2016-09-091-7/+51
* Handle the fact that workers can't generate state groupsErik Johnston2016-08-311-2/+4
* Correctly handle the difference between prev and current stateErik Johnston2016-08-311-2/+2
* Cache check_host_in_roomErik Johnston2016-08-261-14/+6
* Add measure on check_host_in_roomErik Johnston2016-08-261-11/+12
* Pull out full state lessErik Johnston2016-08-251-6/+7
* Replace context.current_state with context.current_state_idsErik Johnston2016-08-251-24/+44
* Fix login with m.login.tokenRichard van der Hoff2016-08-081-15/+30
* Merge pull request #952 from matrix-org/markjh/more_fixesMark Haines2016-07-261-0/+4
|\
| * Check if the user is banned when handling 3pid invitesMark Haines2016-07-261-0/+4
* | Add `create_requester` functionRichard van der Hoff2016-07-261-13/+11
|/
* Record device_id in client_ipsRichard van der Hoff2016-07-201-6/+23
* More doc-commentsRichard van der Hoff2016-07-201-3/+2
* Fix 500 ISE when sending alias event without a state_keyMark Haines2016-07-151-0/+5
* Merge pull request #919 from matrix-org/erikj/auth_fixErik Johnston2016-07-151-1/+25
|\
| * Check sender signed eventErik Johnston2016-07-141-2/+8
| * Check if alias event's state_key matches sender's domainErik Johnston2016-07-131-0/+11
| * Check creation event's room_id domain matches sender'sErik Johnston2016-07-131-0/+7
* | Bug fix: expire invalid access tokensNegar Fazeli2016-07-131-0/+3
|/
* Fix bug where we did not correctly explode when multiple user_ids were set in...Erik Johnston2016-07-071-5/+10
* Working unsubscribe links going straight to the HSDavid Baker2016-06-021-0/+7
* Merge remote-tracking branch 'origin/develop' into dbkr/email_unsubscribeDavid Baker2016-06-021-0/+18
|\
| * special case m.room.third_party_invite event auth to match invites, otherwise...Matthew Hodgson2016-06-011-0/+18
* | WIP on unsubscribing email notifs without logging inDavid Baker2016-06-011-9/+16
|/
* Spell "domain" correctlyMark Haines2016-05-161-8/+8
* Create user with expiryNegi Fazeli2016-05-131-1/+2
* Add and use get_domian_from_idErik Johnston2016-05-091-8/+8
* Measure Auth.checkErik Johnston2016-04-131-47/+50
* Don't auto log failed auth checksErik Johnston2016-04-131-53/+45
* Add published room list edit APIErik Johnston2016-03-211-4/+50
* Send the user ID matching the guest access token, since there is no Matrix AP...David Baker2016-03-071-2/+2
* Allow third_party_signed to be specified on /joinDaniel Wagner-Hall2016-02-231-21/+36
* Fix up logcontextsErik Johnston2016-02-081-1/+3
* Log more diagnostics for unrecognised access tokensDaniel Wagner-Hall2016-02-021-0/+2
* Fix flake8 warnings for new flake8Daniel Wagner-Hall2016-02-021-1/+1
* Don't error on AS non-ghost user useDaniel Wagner-Hall2016-01-181-0/+2
* Pull out app service user lookupDaniel Wagner-Hall2016-01-181-31/+28
* Require AS users to be registered before useDaniel Wagner-Hall2016-01-131-0/+5
* Introduce a Requester objectDaniel Wagner-Hall2016-01-111-3/+5
* Allow guests to upgrade their accountsDaniel Wagner-Hall2016-01-051-3/+3
* Strip address and such out of 3pid invitesDaniel Wagner-Hall2015-12-171-1/+1
* Allow user to redact with an equal powerErik Johnston2015-11-261-1/+1
* Merge branch 'develop' into daniel/forgetroomsPaul "LeoNerd" Evans2015-11-191-8/+17
|\
| * Take a boolean not a list of lambdasDaniel Wagner-Hall2015-11-191-8/+17
* | Allow users to forget roomsDaniel Wagner-Hall2015-11-171-0/+7
|/
* Always check guest = true in macaroonsSteven Hammerton2015-11-171-1/+2
* Share more code between macaroon validationSteven Hammerton2015-11-111-9/+10
* Exchange 3pid invites for m.room.member invitesDaniel Wagner-Hall2015-11-051-35/+38
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-41/+54
* Reject events which are too largeDaniel Wagner-Hall2015-10-221-1/+21
* Allow rejecting invitesDaniel Wagner-Hall2015-10-201-1/+5
* Stuff signed data in a standalone objectDaniel Wagner-Hall2015-10-161-7/+14
* Add signing host and keyname to signaturesDaniel Wagner-Hall2015-10-161-5/+9
* Verify third party ID server certificatesDaniel Wagner-Hall2015-10-161-0/+11
* Remove unnecessary class-wrappingDaniel Wagner-Hall2015-10-131-3/+3
* Add some docstringDaniel Wagner-Hall2015-10-131-0/+15
* Move event contents into third_party_layout fieldDaniel Wagner-Hall2015-10-131-9/+12
* Add third party invites to auth_events for joinsDaniel Wagner-Hall2015-10-061-0/+5
* Merge branch 'develop' into daniel/3pidinvitesDaniel Wagner-Hall2015-10-051-1/+24
|\
| * Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatableErik Johnston2015-10-021-3/+140
| |\
| * \ Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatableErik Johnston2015-09-141-8/+27
| |\ \
| * | | Also check the domains for membership state_keysErik Johnston2015-09-011-0/+9
| * | | Merge branch 'erikj/check_room_exists' into erikj/unfederatableErik Johnston2015-09-011-0/+8
| |\ \ \
| * | | | Check against sender rather than event_idErik Johnston2015-09-011-3/+3
| * | | | Add flag which disables federation of the roomErik Johnston2015-09-011-1/+15
* | | | | Implement third party identifier invitesDaniel Wagner-Hall2015-10-011-1/+32
| |_|_|/ |/| | |
* | | | Merge pull request #276 from matrix-org/markjh/history_for_rooms_that_have_be...Mark Haines2015-09-211-0/+51
|\ \ \ \
| * | | | Clarify which event is returned by check_user_was_in_roomMark Haines2015-09-211-2/+3
| * | | | Allow rooms/{roomId}/state for a room that has been leftMark Haines2015-09-091-1/+2
| * | | | Allow room initialSync for users that have left the room, returning a snapsho...Mark Haines2015-09-091-0/+49
* | | | | Merge pull request #256 from matrix-org/authDaniel Wagner-Hall2015-09-141-3/+89
|\ \ \ \ \ | |_|_|_|/ |/| | | |
| * | | | s/user_id/user/g for consistencyDaniel Wagner-Hall2015-09-011-10/+10
| * | | | Attempt to validate macaroonsDaniel Wagner-Hall2015-08-261-9/+95
| | |/ / | |/| |
* | | | Merge pull request #265 from matrix-org/erikj/check_room_existsErik Johnston2015-09-141-0/+8
|\ \ \ \ | |_|/ / |/| | / | | |/ | |/|
| * | Fix testsErik Johnston2015-09-011-1/+1
| * | Check room exists when authenticating an event, by asserting they reference a...Erik Johnston2015-09-011-0/+8
| |/
* | Check domain of events properlyDaniel Wagner-Hall2015-09-011-1/+3
* | Allow users to redact their own eventsDaniel Wagner-Hall2015-08-281-8/+25
|/
* Stop looking up "admin", which we never readDaniel Wagner-Hall2015-08-251-3/+1
* Re-wrap lineDaniel Wagner-Hall2015-08-251-3/+1
* Remove completely unused concepts from codebaseDaniel Wagner-Hall2015-08-251-10/+7
* s/by_token/by_access_token/gDaniel Wagner-Hall2015-08-201-3/+3
* Set request.authenticated_entity for application servicesErik Johnston2015-08-181-0/+3
* Add missing space because linterDaniel Wagner-Hall2015-08-111-1/+1
* Minor docs cleanupDaniel Wagner-Hall2015-08-111-2/+7
* Remove redundant if-guardDaniel Wagner-Hall2015-08-111-13/+12
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/power_leve...Erik Johnston2015-07-131-1/+2
|\
| * Add m.room.history_visibility to newly created rooms' m.room.power_levelsErik Johnston2015-07-061-0/+1
| * Add m.room.history_visibility to list of auth eventsErik Johnston2015-07-031-1/+1
* | Sanitize power level checksErik Johnston2015-07-101-15/+21
* | You shouldn't be able to ban/kick users with higher power levelsErik Johnston2015-07-101-2/+5
|/
* Log more when we have processed the requestErik Johnston2015-06-151-0/+2
* TypoErik Johnston2015-05-011-1/+1
* Remove some run_on_reactorsErik Johnston2015-05-011-3/+0
* Don't log all auth events every time we call auth.checkErik Johnston2015-05-011-1/+4
* Don't wait for storage of access_tokenErik Johnston2015-05-011-1/+1
* Merge pull request #126 from matrix-org/csauthMark Haines2015-04-281-19/+27
|\
| * Merge branch 'develop' into csauthDavid Baker2015-04-241-58/+30
| |\
| * | Add an error code to 'missing token' response.David Baker2015-04-231-1/+2
| * | Merge branch 'develop' into csauthDavid Baker2015-04-171-14/+11
| |\ \
| * | | unused importDavid Baker2015-03-241-1/+1
| * | | 1) Pushers are now associated with an access tokenDavid Baker2015-03-241-18/+25
* | | | Merge branch 'develop' into invite_power_levelPaul "LeoNerd" Evans2015-04-271-36/+12
|\ \ \ \ | | |_|/ | |/| |
| * | | Neater fetching of user's auth level in a room - squash to int() at access ti...Paul "LeoNerd" Evans2015-04-221-35/+12
| * | | Appease pep8Paul "LeoNerd" Evans2015-04-221-1/+0
* | | | Also remember to check 'invite' level for changesPaul "LeoNerd" Evans2015-04-211-0/+1
* | | | Initial implementation of an 'invite' power_levelPaul "LeoNerd" Evans2015-04-211-0/+7
|/ / /
* | | Much neater fetching of defined powerlevels from m.room.power_levels state eventPaul "LeoNerd" Evans2015-04-211-31/+21
* | | Remove debugging print statement accidentally committedPaul "LeoNerd" Evans2015-04-211-1/+0
* | | Sanitise a user's powerlevel to an int() before numerical comparison, because...Paul "LeoNerd" Evans2015-04-211-0/+7
| |/ |/|
* | Neater implementation of membership change auth checks, ensuring we can't for...Paul "LeoNerd" Evans2015-04-151-18/+10
* | Ensure that non-room-members cannot ban others, even if they do have enough p...Paul "LeoNerd" Evans2015-04-151-0/+5
* | Fix a bug which causes a send event level of 0 to not be honoured.Kegan Dougal2015-04-071-1/+1
|/
* @cached() annotate get_user_by_token() - achieves a minor DB performance impr...Paul "LeoNerd" Evans2015-03-171-1/+1
* Remove concept of context.auth_events, instead use context.current_stateErik Johnston2015-03-161-6/+0
* Make context.auth_events grap auth events from current state. Otherwise auth ...Erik Johnston2015-03-161-1/+7
* Respect ban membershipErik Johnston2015-03-161-5/+17
* Merge branch 'develop' into application-servicesKegan Dougal2015-02-111-7/+14
|\
| * During room intial sync, only calculate current state once.Erik Johnston2015-02-091-7/+14
* | Modify auth.get_user_by_req for authing appservices directly.Kegan Dougal2015-02-091-18/+16
* | Grant ASes the ability to create alias in their own namespace.Kegan Dougal2015-02-061-0/+12
* | Fix unit tests.Kegan Dougal2015-02-051-0/+6
* | Add CS extension for masquerading as users within the namespaces specified by...Kegan Dougal2015-02-051-0/+23
|/
* Change context.auth_events to what the auth_events would be bases on context....Erik Johnston2015-02-041-6/+6
* Keep around the old (buggy) version of the prune_event function so that we ca...Erik Johnston2015-02-031-2/+0
* Fix bug where we superfluously asked for current state. Change API of /query_...Erik Johnston2015-01-301-0/+2
* Merge branch 'develop' of github.com:matrix-org/synapse into rejectionsErik Johnston2015-01-301-3/+8
|\