summary refs log tree commit diff
path: root/synapse/config/registration.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove code generating comments in configuration file (#12941)Shay2022-06-141-277/+2
|
* Fix typo in some instances of enable_registration_token_3pid_bypass. (#12639)Will Hunt2022-05-051-2/+2
|
* Add option to enable token registration without requiring 3pids (#12526)Will Hunt2022-04-271-0/+9
|
* Add missing type hints to config classes. (#12402)Patrick Cloke2022-04-111-4/+6
|
* Add restrictions by default to open registration in Synapse (#12091)Shay2022-03-251-1/+13
|
* Add a config flag to inhibit `M_USER_IN_USE` during registration (#11743)Brendan Abolivier2022-01-261-0/+12
| | | | | | | This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work). This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (https://github.com/matrix-org/synapse/pull/11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique. More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-061-0/+38
| | | | into the Matrix specification. (#11435)
* Support configuring the lifetime of non-refreshable access tokens separately ↵reivilibre2021-12-031-0/+49
| | | | to refreshable access tokens. (#11445)
* Additional type hints for config module. (#11465)Patrick Cloke2021-12-011-2/+4
| | | | This adds some misc. type hints to helper methods used in the `synapse.config` module.
* Add type annotations to some of the configuration surrounding refresh ↵reivilibre2021-11-291-2/+5
| | | | tokens. (#11428)
* Support expiry of refresh tokens and expiry of the overall session when ↵reivilibre2021-11-261-17/+7
| | | | refresh tokens are in use. (#11425)
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-231-8/+15
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Remove legacy code related to deprecated ↵Shay2021-11-181-3/+1
| | | | | | | | | | | | | | | | | | | | | `trust_identity_server_for_password_resets` config flag (#11333) * remove code legacy code related to deprecated config flag "trust_identity_server_for_password_resets" from synapse/config/emailconfig.py * remove legacy code supporting depreciated config flag "trust_identity_server_for_password_resets" from synapse/config/registration.py * remove legacy code supporting depreciated config flag "trust_identity_server_for_password_resets" from synapse/handlers/identity.py * add tests to ensure config error is thrown and synapse refuses to start when depreciated config flag is found * add changelog * slightly change behavior to only check for deprecated flag if set to 'true' * Update changelog.d/11333.misc Co-authored-by: reivilibre <oliverw@matrix.org> Co-authored-by: reivilibre <oliverw@matrix.org>
* Default value for `public_baseurl` (#11210)Richard van der Hoff2021-11-081-14/+1
| | | | | We might as well use a default value for `public_baseurl` based on `server_name` - in many cases, it will be correct.
* Require direct references to configuration variables. (#10985)Patrick Cloke2021-10-061-2/+5
| | | | | | This removes the magic allowing accessing configurable variables directly from the config object. It is now required that a specific configuration class is used (e.g. `config.foo` must be replaced with `config.server.foo`).
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-211-0/+15
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-241-0/+21
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Remove superfluous call to bool() (#9986)Dan Callahan2021-05-141-1/+1
| | | | | Our strtobool already returns a bool, so no need to re-cast here Signed-off-by: Dan Callahan <danc@element.io>
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-129/+0
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Make sample config allowed_local_3pids regex stricter. (#9719)Denis Kasak2021-03-311-2/+2
| | | | | | | The regex should be terminated so that subdomain matches of another domain are not accepted. Just ensuring that someone doesn't shoot themselves in the foot by copying our example. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-4/+17
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-4/+17
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | config: Add detail to auto_join_rooms comment (#9291)dykstranet2021-02-031-0/+2
|/ | | | | config: Add detail to auto_join_rooms comment Signed-off-by: Gary Dykstra <gary@dykstranet.com>
* Clean-up the template loading code. (#9200)Patrick Cloke2021-01-271-3/+1
| | | | | * Enables autoescape by default for HTML files. * Adds a new read_template method for reading a single template. * Some logic clean-up.
* Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-17/+4
|
* Remote dependency on distutils (#9125)Richard van der Hoff2021-01-151-6/+5
| | | | | | | | | `distutils` is pretty much deprecated these days, and replaced with `setuptools`. It's also annoying because it's you can't `pip install` it, and it's hard to figure out which debian package we should depend on to make sure it's there. Since we only use it for a tiny function anyway, let's just vendor said function into our codebase.
* Clarify the usecase for an msisdn delegate (#8734)Adrian Wannenmacher2020-11-141-2/+3
| | | Signed-off-by: Adrian Wannenmacher <tfld@tfld.dev>
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-1/+1
|
* Convert additional templates to Jinja (#8444)Patrick Cloke2020-10-021-0/+5
| | | This converts a few more of our inline HTML templates to Jinja. This is somewhat part of #7280 and should make it a bit easier to customize these in the future.
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-181-1/+1
| | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
* Various improvements to the docs (#7899)Aaron Raimist2020-07-291-18/+0
|
* Additional configuration options for auto-join rooms (#7763)Patrick Cloke2020-06-301-3/+103
|
* Add an option to disable autojoin for guest accounts (#6637)Travis Ralston2020-06-051-0/+8
| | | | Fixes https://github.com/matrix-org/synapse/issues/3177
* Fix some DETECTED VIOLATIONS in the config file (#7550)Richard van der Hoff2020-05-221-3/+1
| | | consistency ftw
* Add options to prevent users from changing their profile. (#7096)Dirk Klimpel2020-03-271-0/+27
|
* Revert "Add options to disable setting profile info for prevent changes. ↵Richard van der Hoff2020-03-171-17/+0
| | | | | | | (#7053)" This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
* Update synapse/config/registration.pyDirk Klimpel2020-03-101-1/+1
| | | Co-Authored-By: Brendan Abolivier <github@brendanabolivier.com>
* updates after reviewdklimpel2020-03-091-8/+8
|
* add disable_3pid_changesdklimpel2020-03-081-0/+6
|
* lint2dklimpel2020-03-081-2/+2
|
* changelogdklimpel2020-03-081-2/+2
|
* Add options to disable setting profile info for prevent changes.dklimpel2020-03-081-0/+11
|
* Fix empty account_validity config blockAndrew Morgan2020-01-201-1/+2
|
* Clarify the `account_validity` and `email` sections of the sample ↵Richard van der Hoff2020-01-171-32/+51
| | | | | | | | | | | configuration. (#6685) Generally try to make this more comprehensible, and make it match the conventions. I've removed the documentation for all the settings which allow you to change the names of the template files, because I can't really see why they are useful.
* Remove assertion and provide a clear warning on startup for missing ↵Andrew Morgan2019-11-261-0/+7
| | | | public_baseurl (#6379)
* Fix typo in domain name in account_threepid_delegates config option (#6273)Andrew Morgan2019-10-301-1/+1
|
* Add config linting script that checks for bool casing (#6203)Andrew Morgan2019-10-231-1/+1
| | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it.
* Refactor HomeserverConfig so it can be typechecked (#6137)Amber Brown2019-10-101-0/+4
|
* Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-231-0/+2
| | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
* Fix typo in account_threepid_delegates config (#6028)Jorik Schellekens2019-09-181-1/+1
|
* Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-061-0/+36
| | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* LintBrendan Abolivier2019-08-011-12/+7
|
* Allow defining HTML templates to serve the user on account renewalBrendan Abolivier2019-08-011-2/+48
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_api_cmdErik Johnston2019-07-151-3/+18
|\
| * Implement access token expiry (#5660)Richard van der Hoff2019-07-121-0/+16
| | | | | | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
| * Remove support for invite_3pid_guest. (#5625)Richard van der Hoff2019-07-051-3/+2
| | | | | | | | | | | | | | | | | | This has never been documented, and I'm not sure it's ever been used outside sytest. It's quite a lot of poorly-maintained code, so I'd like to get rid of it. For now I haven't removed the database table; I suggest we leave that for a future clearout.
* | Change add_arguments to be a static methodErik Johnston2019-07-151-1/+2
|/
* Don't load the generated config as the default.Richard van der Hoff2019-06-241-1/+1
| | | | It's too confusing.
* Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-241-1/+1
| | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
* Run Black. (#5482)Amber Brown2019-06-201-19/+22
|
* Move delta from +10% to -10%Brendan Abolivier2019-05-311-1/+1
|
* Gah pythonBrendan Abolivier2019-05-311-1/+1
|
* Make max_delta equal to period * 10%Brendan Abolivier2019-05-311-11/+4
|
* Allow configuring a range for the account validity startup jobBrendan Abolivier2019-05-281-0/+11
| | | | | When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal. In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch.
* DocBrendan Abolivier2019-05-211-0/+8
|
* Merge pull request #5047 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-171-8/+44
|\ | | | | Send out emails with links to extend an account's validity period
| * Send out emails with links to extend an account's validity periodBrendan Abolivier2019-04-171-8/+44
| |
* | Merge pull request #5027 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-091-0/+17
|\| | | | | Add time-based account expiration
| * Add account expiration featureBrendan Abolivier2019-04-091-0/+17
| |
* | Add config option to block users from looking up 3PIDs (#5010)Brendan Abolivier2019-04-041-0/+5
|/
* Comment out most options in the generated config. (#4863)Richard van der Hoff2019-03-191-10/+15
| | | | | | | | | | | | | | | | | | | | Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand.
* Clarify what registration_shared_secret allows for (#2885) (#4844)Aaron Raimist2019-03-111-2/+2
| | | | | | | | | | * Clarify what registration_shared_secret allows for (#2885) Signed-off-by: Aaron Raimist <aaron@raim.ist> * Add changelog Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Move settings from registration to ratelimiting in config fileBrendan Abolivier2019-03-051-18/+2
|
* Add rate-limiting on registration (#4735)Brendan Abolivier2019-03-051-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test
* Attempt to make default config more consistentRichard van der Hoff2019-02-191-15/+21
| | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
* Fix quoting for allowed_local_3pids example config (#4476)Richard van der Hoff2019-01-251-3/+3
| | | | | | | If you use double-quotes here, you have to escape your backslashes. It's much easier with single-quotes. (Note that the existing double-backslashes are already interpreted by python's """ parsing.)
* fix line lengthNeil Johnson2019-01-211-1/+3
|
* Config option to disable requesting MSISDN on registrationNeil Johnson2019-01-211-0/+7
|
* Add a script to generate a clean config file (#4315)Richard van der Hoff2018-12-221-3/+8
|
* Implement .well-known handling (#4262)Richard van der Hoff2018-12-051-0/+9
| | | | Sometimes it's useful for synapse to generate its own .well-known file.
* Remove riot.im from the list of trusted Identity Servers in the default ↵Neil Johnson2018-11-201-1/+3
| | | | configuration (#4207)
* isortNeil Johnson2018-10-241-2/+1
|
* remove errant exception and styleNeil Johnson2018-10-231-1/+1
|
* clean up config error logic and importsNeil Johnson2018-10-171-5/+4
|
* improve auto room join logic, comments and testsNeil Johnson2018-10-121-1/+10
|
* fix UTsMatthew Hodgson2018-09-281-1/+1
|
* untested stab at autocreating autojoin roomsMatthew Hodgson2018-09-281-0/+4
|
* run isortAmber Brown2018-07-091-2/+2
|
* spell out not to massively increase bcrypt roundsMatthew Hodgson2018-03-191-1/+3
|
* rewrite based on PR feedback:Matthew Hodgson2018-01-191-3/+9
| | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
* add registrations_require_3pidMatthew Hodgson2018-01-191-0/+13
| | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
* pep8David Baker2017-10-171-1/+2
|
* Add config option to auto-join new users to roomsDavid Baker2017-10-161-0/+6
| | | | | New users who register on the server will be dumped into all rooms in auto_join_rooms in the config.
* trust a hypothetical future riot.im ISMatthew Hodgson2017-04-101-0/+1
|
* Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-6/+0
| | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats.
* Create user with expiryNegi Fazeli2016-05-131-0/+6
| | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
* Add config to create guest account on 3pid inviteErik Johnston2016-03-141-0/+4
| | | | | | | | | | | | | Currently, when a 3pid invite request is sent to an identity server, it includes a provisioned guest access token. This allows the link in the, say, invite email to include the guest access token ensuring that the same account is used each time the link is clicked. This flow has a number of flaws, including when using different servers or servers that have guest access disabled. For now, we keep this implementation but hide it behind a config option until a better flow is implemented.
* Derive macaroon_secret_key from signing key.Erik Johnston2016-02-081-15/+3
| | | | | | Unfortunately, there are people that are running synapse without a `macaroon_sercret_key` set. Mandating they set one is a good solution, except that breaking auto upgrades is annoying.
* Error if macaroon key is missing from configDaniel Wagner-Hall2016-02-051-4/+14
| | | | | | | | | | | | | Currently we store all access tokens in the DB, and fall back to that check if we can't validate the macaroon, so our fallback works here, but for guests, their macaroons don't get persisted, so we don't get to find them in the database. Each restart, we generate a new ephemeral key, so guests lose access after each server restart. I tried to fix up the config stuff to be less insane, but gave up, so instead I bolt on yet another piece of custom one-off insanity. Also, add some basic tests for config generation and loading.
* Rename config field to reflect yaml nameDaniel Wagner-Hall2016-02-031-3/+3
|
* Add config option for setting the trusted id servers, disabling checking the ↵Mark Haines2016-01-291-0/+7
| | | | ID server in integration tests
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-0/+6
| | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.
* Add config for how many bcrypt rounds to use for password hashesMark Haines2015-10-161-0/+6
| | | | | By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests.
* Implement configurable stats reportingDaniel Wagner-Hall2015-09-221-1/+1
| | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.
* Issue macaroons as opaque auth tokensDaniel Wagner-Hall2015-08-181-0/+4
| | | | | | | | | | | | | This just replaces random bytes with macaroons. The macaroons are not inspected by the client or server. In particular, they claim to have an expiry time, but nothing verifies that they have not expired. Follow-up commits will actually enforce the expiration, and allow for token refresh. See https://bit.ly/matrix-auth for more information
* Registration should be disabled by defaultErik Johnston2015-05-281-1/+1
|
* Allow generate-config to run against an existing config file to generate ↵Mark Haines2015-05-011-1/+1
| | | | default keys
* Allow --enable-registration to be passed on the commandlineMark Haines2015-04-301-3/+16
|
* Use disable_registration keys if they are presentMark Haines2015-04-301-0/+5
|
* Manually generate the default config yaml, remove most of the commandline ↵Mark Haines2015-04-301-33/+14
| | | | arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
* Fix spellingMark Haines2015-04-241-1/+1
|
* Call the super classes when generating configMark Haines2015-04-241-0/+1
|
* Fix --enable-registration flag to work if you don't give a valueErik Johnston2015-04-071-1/+1
|
* turn --disable-registration into --enable-registration, given the default is ↵Matthew Hodgson2015-03-301-11/+11
| | | | for registration to be disabled by default now. this is backwards incompatible by removing the old --disable-registration arg, but makes for a much more intuitive arg
* Comment.Erik Johnston2015-03-161-0/+3
|
* Allow enabling of registration with --disable-registration falseErik Johnston2015-03-131-2/+8
|
* PEP8Erik Johnston2015-03-131-1/+1
|
* Implement registering with shared secret.Erik Johnston2015-03-131-3/+17
|
* Disable registration by defaultErik Johnston2015-03-131-0/+4
|
* Add config option to disable registration.Erik Johnston2015-02-191-0/+33