Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Convert http.HTTPStatus objects to their int equivalent (#7188) | Andrew Morgan | 2020-04-03 | 1 | -1/+8 |
| | |||||
* | Allow server admins to define and enforce a password policy (MSC2000). (#7118) | Dirk Klimpel | 2020-03-26 | 1 | -0/+21 |
| | |||||
* | Validate the alt_aliases property of canonical alias events (#6971) | Patrick Cloke | 2020-03-03 | 1 | -0/+1 |
| | |||||
* | Add `get_room_version` method | Richard van der Hoff | 2020-01-31 | 1 | -4/+2 |
| | | | | So that we can start factoring out some of this boilerplatey boilerplate. | ||||
* | Implement RedirectException (#6687) | Richard van der Hoff | 2020-01-15 | 1 | -1/+26 |
| | | | | | Allow REST endpoint implemnentations to raise a RedirectException, which will redirect the user's browser to a given location. | ||||
* | Kill off RegistrationError (#6691) | Richard van der Hoff | 2020-01-13 | 1 | -6/+0 |
| | | | This is pretty pointless. Let's just use SynapseError. | ||||
* | Replace instance variations of homeserver with correct case/spacing | Andrew Morgan | 2019-11-12 | 1 | -1/+1 |
| | |||||
* | Merge branch 'develop' into uhoreg/e2e_cross-signing_merged | Hubert Chathi | 2019-10-18 | 1 | -1/+2 |
|\ | |||||
| * | Fix up some typechecking (#6150) | Amber Brown | 2019-10-02 | 1 | -1/+2 |
| | | | | | | | | | | | | * type checking fixes * changelog | ||||
* | | Merge branch 'uhoreg/e2e_cross-signing_merged' into cross-signing_keys | Hubert Chathi | 2019-08-28 | 1 | -1/+2 |
|\| | |||||
| * | Change user deactivated errcode to USER_DEACTIVATED and use it (#5686) | Andrew Morgan | 2019-07-31 | 1 | -1/+2 |
| | | | | | | | | | | This is intended as an amendment to #5674 as using M_UNKNOWN as the errcode makes it hard for clients to differentiate between an invalid password and a deactivated user (the problem we were trying to solve in the first place). M_UNKNOWN was originally chosen as it was presumed than an MSC would have to be carried out to add a new code, but as Synapse often is the testing bed for new MSC implementations, it makes sense to try it out first in the wild and then add it into the spec if it is successful. Thus this PR return a new M_USER_DEACTIVATED code when a deactivated user attempts to login. | ||||
* | | allow uploading keys for cross-signing | Hubert Chathi | 2019-07-25 | 1 | -0/+1 |
|/ | |||||
* | Return a different error from Invalid Password when a user is deactivated ↵ | Andrew Morgan | 2019-07-15 | 1 | -0/+16 |
| | | | | | (#5674) Return `This account has been deactivated` instead of `Invalid password` when a user is deactivated. | ||||
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -1/+7 |
| | | | | Record how long an access token is valid for, and raise a soft-logout once it expires. | ||||
* | Clean up exception handling for access_tokens (#5656) | Richard van der Hoff | 2019-07-11 | 1 | -1/+32 |
| | | | | | | | | | | | | | | | | First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them. | ||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 1 | -59/+53 |
| | |||||
* | Add ability to perform password reset via email without trusting the ↵ | Andrew Morgan | 2019-06-06 | 1 | -0/+9 |
| | | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368 | ||||
* | Fix error handling for rooms whose versions are unknown. (#5219) | Richard van der Hoff | 2019-05-21 | 1 | -1/+15 |
| | | | | | | | If we remove support for a particular room version, we should behave more gracefully. This should make client requests fail with a 400 rather than a 500, and will ignore individiual PDUs in a federation transaction, rather than the whole transaction. | ||||
* | Remove periods from copyright headers (#5046) | Andrew Morgan | 2019-04-11 | 1 | -1/+1 |
| | |||||
* | Add account expiration feature | Brendan Abolivier | 2019-04-09 | 1 | -0/+1 |
| | |||||
* | Refactor request sending to have better excpetions (#4358) | Erik Johnston | 2019-01-08 | 1 | -0/+18 |
| | | | | | | | | | | | | | | * Correctly retry and back off if we get a HTTPerror response * Refactor request sending to have better excpetions MatrixFederationHttpClient blindly reraised exceptions to the caller without differentiating "expected" failures (e.g. connection timeouts etc) versus more severe problems (e.g. programming errors). This commit adds a RequestSendFailed exception that is raised when "expected" failures happen, allowing the TransactionQueue to log them as warnings while allowing us to log other exceptions as actual exceptions. | ||||
* | PR feedback pt. 1 | David Baker | 2018-10-12 | 1 | -8/+0 |
| | |||||
* | Fix mergefail | David Baker | 2018-10-09 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'origin/develop' into dbkr/e2e_backups | David Baker | 2018-10-09 | 1 | -3/+3 |
|\ | |||||
| * | Change admin_uri to admin_contact in config and errors | Erik Johnston | 2018-08-24 | 1 | -3/+3 |
| | | |||||
* | | try to make flake8 and isort happy | Hubert Chathi | 2018-09-06 | 1 | -0/+1 |
| | | |||||
* | | Merge branch 'develop' into e2e_backups | Hubert Chathi | 2018-08-24 | 1 | -2/+42 |
|\| | |||||
| * | rename error code | Neil Johnson | 2018-08-18 | 1 | -2/+2 |
| | | |||||
| * | add new error type ResourceLimit | Neil Johnson | 2018-08-16 | 1 | -2/+21 |
| | | |||||
| * | clean up AuthError | Neil Johnson | 2018-08-15 | 1 | -7/+3 |
| | | |||||
| * | update error codes for resource limiting | Neil Johnson | 2018-08-15 | 1 | -2/+1 |
| | | |||||
| * | replace admin_email with admin_uri for greater flexibility | Neil Johnson | 2018-08-15 | 1 | -2/+2 |
| | | |||||
| * | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -2/+11 |
| | | | | | | | | AuthError in all cases | ||||
| * | Revert "support admin_email config and pass through into blocking errors, ↵ | Neil Johnson | 2018-08-13 | 1 | -11/+2 |
| | | | | | | | | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6. | ||||
| * | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -2/+11 |
| | | | | | | | | AuthError in all cases | ||||
| * | fix pep8 too many lines | Neil Johnson | 2018-08-08 | 1 | -1/+0 |
| | | |||||
| * | Merge branch 'develop' into neilj/disable_hs | Neil Johnson | 2018-08-08 | 1 | -0/+25 |
| |\ | |||||
| | * | Enforce compatibility when processing make_join requests | Richard van der Hoff | 2018-08-03 | 1 | -0/+22 |
| | | | | | | | | | | | | | | | | | | Reject make_join requests from servers which do not support the room version. Also include the room version in the response. | ||||
| | * | Basic support for room versioning | Richard van der Hoff | 2018-08-03 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | This is the first tranche of support for room versioning. It includes: * setting the default room version in the config file * new room_version param on the createRoom API * storing the version of newly-created rooms in the m.room.create event * fishing the version of existing rooms out of the m.room.create event | ||||
| * | | disable HS from config | Neil Johnson | 2018-08-04 | 1 | -0/+1 |
| |/ | |||||
* | | blindly incorporate PR review - needs testing & fixing | Matthew Hodgson | 2018-08-12 | 1 | -3/+8 |
| | | |||||
* | | implement /room_keys/version too (untested) | Matthew Hodgson | 2018-08-12 | 1 | -0/+25 |
|/ | |||||
* | Merge pull request #3639 from matrix-org/rav/refactor_error_handling | Richard van der Hoff | 2018-08-02 | 1 | -53/+53 |
|\ | | | | | Clean up handling of errors from outbound requests | ||||
| * | Kill off MatrixCodeMessageException | Richard van der Hoff | 2018-08-01 | 1 | -11/+0 |
| | | | | | | | | | | | | | | | | | | | | | | This code brings the SimpleHttpClient into line with the MatrixFederationHttpClient by having it raise HttpResponseExceptions when a request fails (rather than trying to parse for matrix errors and maybe raising MatrixCodeMessageException). Then, whenever we were checking for MatrixCodeMessageException and turning them into SynapseErrors, we now need to check for HttpResponseExceptions and call to_synapse_error. | ||||
| * | Refactor code for turning HttpResponseException into SynapseError | Richard van der Hoff | 2018-08-01 | 1 | -31/+53 |
| | | | | | | | | | | | | | | | | This commit replaces SynapseError.from_http_response_exception with HttpResponseException.to_synapse_error. The new method actually returns a ProxiedRequestError, which allows us to pass through additional metadata from the API call. | ||||
| * | Be more careful which errors we send back over the C-S API | Richard van der Hoff | 2018-08-01 | 1 | -11/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | We really shouldn't be sending all CodeMessageExceptions back over the C-S API; it will include things like 401s which we shouldn't proxy. That means that we need to explicitly turn a few HttpResponseExceptions into SynapseErrors in the federation layer. The effect of the latter is that the matrix errcode will get passed through correctly to calling clients, which might help with some of the random M_UNKNOWN errors when trying to join rooms. | ||||
* | | limit register and sign in on number of monthly users | Neil Johnson | 2018-07-30 | 1 | -0/+1 |
|/ | |||||
* | run isort | Amber Brown | 2018-07-09 | 1 | -2/+2 |
| | |||||
* | Attempt to be more performant on PyPy (#3462) | Amber Brown | 2018-06-28 | 1 | -1/+2 |
| | |||||
* | custom error code for not leaving server notices room | Richard van der Hoff | 2018-05-22 | 1 | -0/+1 |
| | |||||
* | Reject attempts to send event before privacy consent is given | Richard van der Hoff | 2018-05-22 | 1 | -1/+29 |
| | | | | | | Returns an M_CONSENT_NOT_GIVEN error (cf https://github.com/matrix-org/matrix-doc/issues/1252) if consent is not yet given. | ||||
* | Use six.itervalues in some places | Adrian Tschira | 2018-04-15 | 1 | -1/+2 |
| | | | | | | There's more where that came from Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | Use simplejson throughout | Richard van der Hoff | 2018-03-29 | 1 | -1/+2 |
| | | | | Let's use simplejson rather than json, for consistency. | ||||
* | Add federation_domain_whitelist option (#2820) | Matthew Hodgson | 2018-01-22 | 1 | -0/+26 |
| | | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network | ||||
* | add registrations_require_3pid | Matthew Hodgson | 2018-01-19 | 1 | -0/+1 |
| | | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails | ||||
* | Refactor UI auth implementation | Richard van der Hoff | 2017-12-05 | 1 | -0/+16 |
| | | | | | Instead of returning False when auth is incomplete, throw an exception which can be caught with a wrapper. | ||||
* | Use CodeMessageException subclass instead | David Baker | 2017-04-25 | 1 | -0/+11 |
| | | | | | Parse json errors from get_json client methods and throw special errors. | ||||
* | Address review comments | Richard van der Hoff | 2017-03-14 | 1 | -5/+14 |
| | | | | | | | - don't blindly proxy all HTTPRequestExceptions - log unexpected exceptions at error - avoid `isinstance` - improve docs on `from_http_response_exception` | ||||
* | re-refactor exception heirarchy | Richard van der Hoff | 2017-03-14 | 1 | -16/+14 |
| | | | | | Give CodeMessageException back its `msg` attribute, and use that to hold the HTTP status message for HttpResponseException. | ||||
* | Fix routing loop when fetching remote media | Richard van der Hoff | 2017-03-13 | 1 | -7/+52 |
| | | | | | | | | | | | When we proxy a media request to a remote server, add a query-param, which will tell the remote server to 404 if it doesn't recognise the server_name. This should fix a routing loop where the server keeps forwarding back to itself. Also improves the error handling on remote media fetches, so that we don't always return a rather obscure 502. | ||||
* | Fail with a coherent error message if `/sync?filter=` is invalid | Kegan Dougal | 2016-11-21 | 1 | -0/+1 |
| | |||||
* | Implement https://github.com/matrix-org/matrix-doc/pull/346/files | David Baker | 2016-07-08 | 1 | -0/+1 |
| | |||||
* | requestToken update | David Baker | 2016-06-30 | 1 | -1/+2 |
| | | | | | | Don't send requestToken request to untrusted ID servers Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now. | ||||
* | Revert "Merge two of the room join codepaths" | Daniel Wagner-Hall | 2016-02-12 | 1 | -5/+0 |
| | | | | | | This reverts commit cf81375b94c4763766440471e632fc4b103450ab. It subtly violates a guest joining auth check | ||||
* | Merge two of the room join codepaths | Daniel Wagner-Hall | 2016-02-12 | 1 | -0/+5 |
| | | | | | | | | | | | | | There's at least one more to merge in. Side-effects: * Stop reporting None as displayname and avatar_url in some cases * Joining a room by alias populates guest-ness in join event * Remove unspec'd PUT version of /join/<room_id_or_alias> which has not been called on matrix.org according to logs * Stop recording access_token_id on /join/room_id - currently we don't record it on /join/room_alias; I can try to thread it through at some point. | ||||
* | Require unbanning before other membership changes | Daniel Wagner-Hall | 2016-01-15 | 1 | -0/+1 |
| | |||||
* | M_INVALID_USERNAME to be consistent with the parameter name | David Baker | 2016-01-15 | 1 | -1/+1 |
| | |||||
* | Add specific error code for invalid user names. | David Baker | 2016-01-14 | 1 | -0/+1 |
| | |||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Guest users must be joined to a room to see it in /sync | Mark Haines | 2016-01-06 | 1 | -16/+0 |
| | |||||
* | Include the list of bad room ids in the error | Mark Haines | 2015-12-22 | 1 | -0/+16 |
| | |||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -0/+1 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Reject events which are too large | Daniel Wagner-Hall | 2015-10-22 | 1 | -0/+9 |
| | | | | SPEC-222 | ||||
* | Remove log line that was generated whenever an error was created. We are now ↵ | Mark Haines | 2015-10-06 | 1 | -1/+0 |
| | | | | creating error objects that aren't raised so it's probably a bit too confusing to keep | ||||
* | synapse/api/errors.py:RoomError was unused | Mark Haines | 2015-09-22 | 1 | -5/+0 |
| | |||||
* | Add endpoint that proxies ID server request token and errors if the given ↵ | David Baker | 2015-08-04 | 1 | -0/+1 |
| | | | | email is in use on this Home Server. | ||||
* | Merge branch 'develop' into csauth | David Baker | 2015-04-24 | 1 | -2/+2 |
|\ | | | | | | | | | Conflicts: synapse/http/server.py | ||||
| * | No commas here, otherwise our error string constants become tuples. | David Baker | 2015-04-24 | 1 | -2/+2 |
| | | |||||
* | | Dedicated error code for failed 3pid auth verification | David Baker | 2015-04-23 | 1 | -0/+1 |
| | | |||||
* | | Add an error code to 'missing token' response. | David Baker | 2015-04-23 | 1 | -0/+1 |
|/ | |||||
* | Grant ASes the ability to create alias in their own namespace. | Kegan Dougal | 2015-02-06 | 1 | -1/+2 |
| | | | | | | Add a new errcode type M_EXCLUSIVE when users try to create aliases inside AS namespaces, and when ASes try to create aliases outside their own namespace. | ||||
* | Apply sanity to the transport client interface. Convert 'make_join' and ↵ | Erik Johnston | 2015-02-04 | 1 | -1/+7 |
| | | | | 'send_join' to accept iterables of destinations | ||||
* | Code style fixes. | Mark Haines | 2015-01-29 | 1 | -0/+1 |
| | |||||
* | Add slightly pedantic trailing slash error. | David Baker | 2015-01-23 | 1 | -1/+6 |
| | |||||
* | right super() param | David Baker | 2015-01-23 | 1 | -1/+1 |
| | |||||
* | As yet fairly untested GET API for push rules | David Baker | 2015-01-22 | 1 | -1/+13 |
| | |||||
* | Oops: second part of commit dc938606 | David Baker | 2015-01-22 | 1 | -0/+12 |
| | |||||
* | Merge branch 'develop' into pushers | David Baker | 2015-01-13 | 1 | -1/+1 |
|\ | |||||
| * | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | | |||||
* | | Merge branch 'develop' into pushers | David Baker | 2014-12-18 | 1 | -1/+2 |
|\| | | | | | | | | | | | | | Conflicts: synapse/api/errors.py synapse/server.py synapse/storage/__init__.py | ||||
| * | Limit the size of images that are thumbnailed serverside. Limit the size of ↵ | Mark Haines | 2014-12-11 | 1 | -0/+1 |
| | | | | | | | | file that a server will download from a remote server | ||||
* | | Merge branch 'develop' into pushers | David Baker | 2014-11-20 | 1 | -2/+5 |
|\| | |||||
| * | Use module loggers rather than the root logger. Exceptions caused by bad ↵ | Mark Haines | 2014-11-20 | 1 | -2/+5 |
| | | | | | | | | clients shouldn't cause ERROR level logging. Fix sql logging to use 'repr' rather than 'str' | ||||
* | | Start creating a module to do generic notifications (just prints them to ↵ | David Baker | 2014-11-19 | 1 | -0/+1 |
|/ | | | | stdout currently!) | ||||
* | Move FederationError to synapse.api.errors | Erik Johnston | 2014-11-04 | 1 | -0/+34 |
| | |||||
* | Fix pep8 warnings | Mark Haines | 2014-10-30 | 1 | -1/+3 |
| | |||||
* | Respond with more helpful error messages for unsigned requests | Mark Haines | 2014-10-13 | 1 | -0/+1 |
| | |||||
* | Captchas now work on registration. Missing x-forwarded-for config arg ↵ | Kegan Dougal | 2014-09-05 | 1 | -1/+15 |
| | | | | support. Missing reloading a new captcha on the web client / displaying a sensible error message. | ||||
* | Added a captcha config to the HS, to enable registration captcha checking ↵ | Kegan Dougal | 2014-09-05 | 1 | -0/+1 |
| | | | | and for the recaptcha private key. | ||||
* | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 1 | -1/+1 |
| | | | | hasn't been incorporated in time for launch. | ||||
* | Set status message for ratelimit error responses | Mark Haines | 2014-09-03 | 1 | -0/+2 |
| | |||||
* | Raise LimitExceedError when the ratelimiting is throttling requests | Mark Haines | 2014-09-03 | 1 | -7/+27 |
| | |||||
* | Add ratelimiting function to basehandler | Mark Haines | 2014-09-02 | 1 | -0/+1 |
| | |||||
* | Added M_UNKNOWN_TOKEN error code and send it when there is an unrecognised ↵ | Kegan Dougal | 2014-08-14 | 1 | -0/+1 |
| | | | | access_token | ||||
* | Default error code BAD_PAGINATION for EventStreamErrors | Kegan Dougal | 2014-08-14 | 1 | -1/+4 |
| | |||||
* | add in whitespace after copyright statements to improve legibility | Matthew Hodgson | 2014-08-13 | 1 | -0/+1 |
| | |||||
* | Reference Matrix Home Server | matrix.org | 2014-08-12 | 1 | -0/+114 |