| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
| |
Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
|
| |
|
|
|
| |
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(superseding `update_user_directory`) to allow a generic worker to be designated as the worker to update the user directory. (#12654)
Co-authored-by: Shay <hillerys@element.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add mau_appservice_trial_days
* Add a test
* Tweaks
* changelog
* Ensure we sync after the delay
* Fix types
* Add config statement
* Fix test
* Reinstate logging that got removed
* Fix feature name
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Over time we've begun to use newer versions of mypy, typeshed, stub
packages---and of course we've improved our own annotations. This makes
some type ignore comments no longer necessary. I have removed them.
There was one exception: a module that imports `select.epoll`. The
ignore is redundant on Linux, but I've kept it ignored for those of us
who work on the source tree using not-Linux. (#11771)
I'm more interested in the config line which enforces this. I want
unused ignores to be reported, because I think it's useful feedback when
annotating to know when you've fixed a problem you had to previously
ignore.
* Installing extras before typechecking
Lacking an easy way to install all extras generically, let's bite the bullet and
make install the hand-maintained `all` extra before typechecking.
Now that https://github.com/matrix-org/backend-meta/pull/6 is merged to
the release/v1 branch.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a first step in dealing with #7721.
The idea is basically that rather than calculating the full set of users a device list update needs to be sent to up front, we instead simply record the rooms the user was in at the time of the change. This will allow a few things:
1. we can defer calculating the set of remote servers that need to be poked about the change; and
2. during `/sync` and `/keys/changes` we can avoid also avoid calculating users who share rooms with other users, and instead just look at the rooms that have changed.
However, care needs to be taken to correctly handle server downgrades. As such this PR writes to both `device_lists_changes_in_room` and the `device_lists_outbound_pokes` table synchronously. In a future release we can then bump the database schema compat version to `69` and then we can assume that the new `device_lists_changes_in_room` exists and is handled.
There is a temporary option to disable writing to `device_lists_outbound_pokes` synchronously, allowing us to test the new code path does work (and by implication upgrading to a future release and downgrading to this one will work correctly).
Note: Ideally we'd do the calculation of room to servers on a worker (e.g. the background worker), but currently only master can write to the `device_list_outbound_pokes` table.
|
| |
|
| |
|
| |
|
|
|
| |
Also remove support for non-HTTP(S) web_client_location.
|
|
|
| |
Manually reverts the merge from cdbb8e6d6e36e0b6bc36e676d8fe66c96986b399.
|
|
|
|
|
|
| |
Only allow files which file size and content types match configured
limits to be set as avatar.
Most of the inspiration from the non-test code comes from matrix-org/synapse-dinsic#19
|
|
|
|
|
|
|
| |
`web_client_location`. (#11774)
This changes the behaviour of the root endpoint to redirect
directly to the configuration of `web_client_location` if it is
given an HTTP(S) URL.
|
|
|
|
|
|
|
| |
* change spec url in config files
* Create 11739.txt
* .txt -> .doc
|
| |
|
| |
|
|
|
|
| |
This adds some misc. type hints to helper methods used
in the `synapse.config` module.
|
| |
|
|
|
|
|
| |
We might as well use a default value for `public_baseurl` based on
`server_name` - in many cases, it will be correct.
|
|
|
|
| |
Fixes https://github.com/matrix-org/synapse/issues/8308
|
| |
|
| |
|
|
|
|
|
|
| |
By using attrs instead of dicts to store configuration.
Also updates some of the attrs classes to use proper type
hints and auto_attribs.
|
| |
|
| |
|
|\ |
|
| |
| |
| | |
Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
|
|/
|
| |
Port the PresenceRouter module interface to the new generic interface introduced in v1.37.0
|
|
|
|
|
|
|
|
| |
Per issue #9812 using `url_preview_ip_range_blacklist` with a proxy via `HTTPS_PROXY` or `HTTP_PROXY` environment variables has some inconsistent bahavior than mentioned. This PR changes the following:
- Changes the Sample Config file to include a note mentioning that `url_preview_ip_range_blacklist` and `ip_range_blacklist` is ignored when using a proxy
- Changes some logic in synapse/config/repository.py to send a warning when both `*ip_range_blacklist` configs and a proxy environment variable are set and but no longer throws an error.
Signed-off-by: Kento Okamoto <kentokamoto@protonmail.com>
|
| |
|
|
|
| |
Signed-off-by: Dirk Klimpel dirk@klimpel.org
|
|
|
|
|
| |
Add 'federation_ip_range_whitelist'. This allows backwards-compatibility, If 'federation_ip_range_blacklist' is set. Otherwise 'ip_range_whitelist' will be used for federation servers.
Signed-off-by: Michael Kutzner 1mikure@gmail.com
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synapse can be quite memory intensive, and unless care is taken to tune
the GC thresholds it can end up thrashing, causing noticable performance
problems for large servers. We fix this by limiting how often we GC a
given generation, regardless of current counts/thresholds.
This does not help with the reverse problem where the thresholds are set
too high, but that should only happen in situations where they've been
manually configured.
Adds a `gc_min_seconds_between` config option to override the defaults.
Fixes #9890.
|
|
|
|
|
| |
Applied a (slightly modified) patch from https://github.com/matrix-org/synapse/issues/9574.
As far as I understand this would allow the cookie set during the OIDC flow to work on deployments using public baseurls that do not sit at the URL path root.
|
|
|
|
|
|
|
| |
Part of #9744
Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now.
`Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though.
This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around.
A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync.
The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being:
* Sending state for a specific set or all known users to a defined set of local and remote users.
* The ability to trigger an initial sync for specific users, so they receive all current state.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Split ShardedWorkerHandlingConfig
This is so that we have a type level understanding of when it is safe to
call `get_instance(..)` (as opposed to `should_handle(..)`).
* Remove special cases in ShardedWorkerHandlingConfig.
`ShardedWorkerHandlingConfig` tried to handle the various different ways
it was possible to configure federation senders and pushers. This led to
special cases that weren't hit during testing.
To fix this the handling of the different cases is moved from there and
`generic_worker` into the worker config class. This allows us to have
the logic in one place and allows the rest of the code to ignore the
different cases.
|
|
|
|
|
|
|
| |
Add off-by-default configuration settings to:
- disable putting an invitee's profile info in invite events
- disable profile lookup via federation
Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
|
|
|
|
|
|
|
| |
- Update black version to the latest
- Run black auto formatting over the codebase
- Run autoformatting according to [`docs/code_style.md
`](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md)
- Update `code_style.md` docs around installing black to use the correct version
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Synapse 1.27.0rc2 (2021-02-11)
==============================
Features
--------
- Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297))
Bugfixes
--------
- Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302))
- Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313))
Improved Documentation
----------------------
- Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
|
| |
| |
| |
| | |
This breaks some people's configurations (if their Client-Server API
is not accessed via port 443).
|
|/
|
| |
Also add a few more IP ranges to the default blacklist.
|
| |
|
| |
|
|
|
|
| |
Move it from the federation section to the server section to match
ip_range_blacklist.
|
|
|
|
| |
This defaults `ip_range_blacklist` to reserved IP ranges and also adds an
`ip_range_whitelist` setting to override it.
|
|
|
|
| |
Per https://github.com/matrix-org/matrix-doc/pull/2788
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
whitelist (#8275)
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285
They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.
This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.
This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
|
| |
|
| |
|
|
|
| |
Turns out that part of the codebase (synapse.config.server) checks for this key explicitly. Remove that check.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Fixes #7901.
Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This ended up being a bit more invasive than I'd hoped for (not helped by
generic_worker duplicating some of the code from homeserver), but hopefully
it's an improvement.
The idea is that, rather than storing unstructured `dict`s in the config for
the listener configurations, we instead parse it into a structured
`ListenerConfig` object.
|
|
|
|
|
| |
Just a simple typo fix.
Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
|
|
|
| |
consistency ftw
|
| |
|
|
|
| |
Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
|
|
|
|
|
|
| |
matrix-org/babolivier/request_token""
This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
|
|
|
|
|
| |
Log warning when filesystem path is used.
Signed-off-by: Martin Milata <martin@martinmilata.cz>
|
|
|
|
| |
Ensure good comprehension hygiene using flake8-comprehensions.
|
|
|
| |
So we can debug issues like #6683 more easily
|
| |
|
|
|
|
| |
Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
|
| |
|
| |
|
| |
|
|
|
|
| |
Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
|
|
|
|
|
|
|
|
| |
Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are:
* the feature is hidden behind a configuration flag (`enable_ephemeral_messages`)
* self-destruction doesn't happen for state events
* only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one)
* doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
|
|\ |
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
anoa/homeserver_copy
* 'develop' of github.com:matrix-org/synapse:
Blacklist PurgeRoomTestCase (#6361)
Set room version default to 5
|
| | |\
| | | |
| | | | |
Set room version default to 5
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
| |
| |
| |
| | |
The expected use case is to suppress MAU limiting on small instances
|
|/
|
|
|
| |
Add a linting script that enforces all boolean values in the default config be lowercase.
This has annoyed me for a while so I decided to fix it.
|
| |
|
|
|
|
|
|
| |
* type checking fixes
* changelog
|
| |
|
|
|
|
| |
configured (#6090)
|
|\
| |
| |
| | |
erikj/cleanup_user_ips_2
|
| |
| |
| |
| | |
build up of forward extremities. (#5884)
|
| |
| |
| |
| |
| | |
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.
Fixes #5935
|
| | |
|
|/
|
|
| |
Defaults to pruning everything older than 28d.
|
|
|
|
|
| |
Converting some of the rst documentation to markdown. Attempted to
preserve whitespace and line breaks to minimize cosmetic change.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Template config files
* Imagine a system composed entirely of x, y, z etc and the basic operations..
Wait George, why XOR? Why not just neq?
George: Eh, I didn't think of that..
Co-Authored-By: Erik Johnston <erik@matrix.org>
|
| |
|
| |
|
| |
|
|\
| |
| | |
Add --data-dir and --open-private-ports options.
|
| |
| |
| |
| | |
This is helpful when generating a config file for running synapse under docker.
|
|\|
| |
| | |
Stop conflating generated config and default config
|
| |
| |
| |
| | |
It's too confusing.
|
|/ |
|
|
|
|
|
|
| |
* Pull config_dir_path and data_dir_path calculation out of read_config_files
* Pass config_dir_path and data_dir_path into read_config
|
|
|
| |
This has no useful purpose on python3, and is generally a source of confusion.
|
| |
|
|
|
|
|
|
|
| |
Adds new config option `cleanup_extremities_with_dummy_events` which
periodically sends dummy events to rooms with more than 10 extremities.
THIS IS REALLY EXPERIMENTAL.
|
|
|
|
| |
Set default room version to v4.
|
|
|
|
| |
Improve documentation of monthly active user blocking and mau_trial_days
|
| |
|
|
|
|
|
| |
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
|
|\
| |
| | |
Land basic reaction and edit support.
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CS API (#5083)
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
|
|\
| |
| | |
Add some limitations to alias creation
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
add context to phonehome stats
|
|
|
| |
Setting this to 50 or so makes a bunch of sytests fail in worker mode.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
|
| |
|
|
|
|
|
|
| |
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
|
|
|
|
|
| |
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
|
| |
|
|
|
|
|
| |
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
|
|
|
|
| |
... otherwise we would fail with a mysterious KeyError or something later.
|
|
|
|
|
|
|
|
|
|
| |
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
|
|\
| |
| | |
New listener resource for the federation API "openid/userinfo" endpoint
|
| |
| |
| |
| | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |
| |
| |
| |
| |
| | |
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | |
|
|\ \
| | |
| | | |
Neilj/fix threepid auth check
|
| | | |
|
| |/ |
|
|/
|
|
|
|
| |
This is leading to problems with people upgrading to clients that
support MSC1730 because people have this misconfigured, so try
to make the docs completely unambiguous.
|
|
|
|
|
|
|
|
| |
* Raise a ConfigError if an invalid resource is specified
* Require Jinja 2.9 for the consent resource
* changelog
|
| |
|
|
|
| |
These settings are not supposed to be under 'listeners'.
|
|
|
|
| |
This is based on the work done by @krombel in #2601.
|
|
|
|
|
|
| |
in it (#4230)
This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
AuthError in all cases
|
|
|
|
|
|
| |
return AuthError in all cases"
This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
|
|
|
|
| |
AuthError in all cases
|
|\ |
|
| | |
|
| | |
|
|/ |
|
| |
|
|\ |
|
| |\
| | |
| | | |
document that the affinity package is required for the cpu_affinity setting
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
|/
|
|
|
|
|
|
| |
We need to do a bit more validation when we get a server name, but don't want
to be re-doing it all over the shop, so factor out a separate
parse_and_validate_server_name, and do the extra validation.
Also, use it to verify the server name in the config file.
|
| |
|
|
|
|
|
|
| |
Add federation_domain_whitelist
gives a way to restrict which domains your HS is allowed to federate with.
useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
|
|
|
|
|
|
|
|
|
|
| |
Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed.
This causes a warning explaining the behaviour.
Configuration changed to match.
See #2232
Signed-off-by: Silke Hofstra <silke@slxh.eu>
|
|
|
|
|
|
|
|
|
| |
Most deployments are on Linux (or Mac OS), so this would actually bind
on both IPv4 and IPv6.
Resolves #1886.
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
|
|
|
|
| |
... to stop us doing the cache cleanup jobs on the master.
|
|
|
|
|
| |
Let the user specify custom modules which can be used for implementing extra
endpoints.
|
|
|
|
| |
what could possibly go wrong
|
|
|
|
|
| |
- allows sysadmins the ability to lock down their servers so that people can't
send their users room invites.
|
|
|
|
| |
escape the % that got added in 92168cb so that the process starts up ok.
|
| |
|
|
|
|
|
| |
Make it possible to set the CPU affinity in the config file, so that we don't
need to remember to do it manually every time.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the limit on the returned events in the timeline in the get and sync
operations. The default value is -1, means no upper limit.
For example, using `filter_timeline_limit: 5000`:
POST /_matrix/client/r0/user/user:id/filter
{
room: {
timeline: {
limit: 1000000000000000000
}
}
}
GET /_matrix/client/r0/user/user:id/filter/filter:id
{
room: {
timeline: {
limit: 5000
}
}
}
The server cuts down the room.timeline.limit.
|
|
|
|
| |
Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
|
|
|
|
| |
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
The existing content can still be downloaded. The last upload to the
matrix.org server was in January 2015, so it is probably safe to remove
the upload API.
|
| |
|
| |
|
| |
|
|
|
|
| |
explaining it's not a permanent solution
|
| |
|
| |
|
|\ |
|
| | |
|
|/
|
|
| |
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
|
|\
| |
| | |
Change manhole to use ssh
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
| |
This will allow me to write tests which verify which server made HTTP
requests in a federation context.
|
|
|
|
|
|
|
|
|
|
| |
SYN-287
This requires that HS owners either opt in or out of stats reporting.
When --generate-config is passed, --report-stats must be specified
If an already-generated config is used, and doesn't have the
report_stats key, it is requested to be set.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ujson.loads
|
| |
|
| |
|
| |
|
|
|
|
| |
arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
It existed but was hardcoded to True.
Give it an underscore for consistency.
Also don't pull in syweb unless we're actually using the web client.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ssl load balancer
|
| |
|