summary refs log tree commit diff
path: root/synapse/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Clarify what registration_shared_secret allows for (#2885) (#4844)Aaron Raimist2019-03-111-2/+2
| | | | | | | | | | * Clarify what registration_shared_secret allows for (#2885) Signed-off-by: Aaron Raimist <aaron@raim.ist> * Add changelog Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Move settings from registration to ratelimiting in config fileBrendan Abolivier2019-03-052-18/+20
|
* Add rate-limiting on registration (#4735)Brendan Abolivier2019-03-051-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test
* Include a default configuration file in the 'docs' directory. (#4791)Richard van der Hoff2019-03-044-13/+25
|
* Fix ACME config for python 2. (#4717)Richard van der Hoff2019-02-251-3/+7
| | | Fixes #4675.
* switch from google.com to recaptcha.net for reCAPTCHA (#4731)Matthew Hodgson2019-02-251-1/+1
| | | | | | | | * add trivial clarification about jemalloc * switch from google.com to recaptcha.net because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
* Merge pull request #4694 from matrix-org/erikj/fix_sentry_config_formatErik Johnston2019-02-201-0/+2
|\ | | | | Fixup generated metrics config
| * Fixup generated metrics configErik Johnston2019-02-201-0/+2
| |
* | Attempt to make default config more consistentRichard van der Hoff2019-02-1924-196/+248
|/ | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
* Merge pull request #4652 from matrix-org/babolivier/acme-delegatedBrendan Abolivier2019-02-191-0/+15
|\ | | | | Support .well-known delegation when issuing certificates through ACME
| * Improve config documentationBrendan Abolivier2019-02-191-3/+11
| |
| * Use a configuration parameter to give the domain to generate a certificate forBrendan Abolivier2019-02-181-0/+7
| |
* | Merge pull request #4632 from matrix-org/erikj/basic_sentryErik Johnston2019-02-181-1/+29
|\ \ | |/ |/| Add basic optional sentry.io integration
| * Fixup error handling and messageErik Johnston2019-02-181-5/+6
| |
| * FixupErik Johnston2019-02-181-1/+1
| |
| * Fixup comments and add warningErik Johnston2019-02-131-2/+7
| |
| * Raise an appropriate error message if sentry_sdk missingErik Johnston2019-02-121-1/+15
| |
| * Basic sentry integrationErik Johnston2019-02-121-0/+8
| |
* | config: Remove a repeated word from a logger warningJuuso "Linda" Lapinlampi2019-02-151-1/+1
| | | | | | | | The warning for missing macaroon_secret_key was "missing missing".
* | Merge pull request #4647 from matrix-org/erikj/add_room_publishing_rulesErik Johnston2019-02-151-26/+144
|\ \ | | | | | | Add configurable room list publishing rules
| * | Move defaults up into codeErik Johnston2019-02-151-22/+44
| | |
| * | Hoist up checks to reduce overall workErik Johnston2019-02-151-17/+15
| | |
| * | Fixup commentsErik Johnston2019-02-151-8/+27
| | |
| * | Clarify commentsErik Johnston2019-02-141-3/+3
| | |
| * | Clarify and fix behaviour when there are multiple aliasesErik Johnston2019-02-141-6/+18
| | |
| * | Fixup commentsErik Johnston2019-02-141-8/+15
| | |
| * | Add configurable room list publishing rulesErik Johnston2019-02-141-17/+77
| | | | | | | | | | | | | | | This allows specifying who and what is allowed to be published onto the public room list
* | | Fix errors in acme provisioning (#4648)Richard van der Hoff2019-02-141-0/+2
|/ / | | | | | | | | | | | | | | | | * Better logging for errors on startup * Fix "TypeError: '>' not supported" when starting without an existing certificate * Fix a bug where an existing certificate would be reprovisoned every day
* / Special-case the default bind_addresses for metrics listenerRichard van der Hoff2019-02-131-1/+5
|/ | | | | turns out it doesn't really support ipv6, so let's hack around that by only listening on ipv4 by default.
* Merge pull request #4625 from matrix-org/rav/fix_generate_config_warningsErik Johnston2019-02-121-7/+2
|\ | | | | fix self-signed cert notice from generate-config
| * fix self-signed cert notice from generate-configRichard van der Hoff2019-02-121-7/+2
| | | | | | | | fixes #4620
* | Disable TLS by default (#4614)Richard van der Hoff2019-02-122-27/+27
| |
* | Fix error when loading cert if tls is disabled (#4618)Richard van der Hoff2019-02-121-15/+42
|/ | | | | | If TLS is disabled, it should not be an error if no cert is given. Fixes #4554.
* fix testsRichard van der Hoff2019-02-111-1/+1
|
* Infer no_tls from presence of TLS listenersRichard van der Hoff2019-02-113-12/+23
| | | | | Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
* Merge branch 'rav/tls_config_logging_fixes' into rav/tls_cert/workRichard van der Hoff2019-02-111-18/+36
|\
| * Logging improvements around TLS certsRichard van der Hoff2019-02-111-18/+36
| | | | | | | | | | Log which file we're reading keys and certs from, and refactor the code a bit in preparation for other work
* | Fail cleanly if listener config lacks a 'port'Richard van der Hoff2019-02-111-0/+5
|/ | | | ... otherwise we would fail with a mysterious KeyError or something later.
* Clean up default listener configuration (#4586)Richard van der Hoff2019-02-111-48/+81
| | | | | | | | | | Rearrange the comments to try to clarify them, and expand on what some of it means. Use a sensible default 'bind_addresses' setting. For the insecure port, only bind to localhost, and enable x_forwarded, since apparently it's for use behind a load-balancer.
* ACME Reprovisioning (#4522)Amber Brown2019-02-111-1/+11
|
* Be tolerant of blank TLS fingerprints config (#4589)Amber Brown2019-02-111-1/+5
|
* Merge pull request #4420 from matrix-org/jaywink/openid-listenerErik Johnston2019-02-111-0/+10
|\ | | | | New listener resource for the federation API "openid/userinfo" endpoint
| * Fix flake8 issuesJason Robinson2019-01-231-1/+1
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Remove openid resource from default configJason Robinson2019-01-231-4/+13
| | | | | | | | | | | | Instead document it commented out. Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Split federation OpenID userinfo endpoint out of the federation resourceJason Robinson2019-01-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the OpenID userinfo endpoint to be active even if the federation resource is not active. The OpenID userinfo endpoint is called by integration managers to verify user actions using the client API OpenID access token. Without this verification, the integration manager cannot know that the access token is valid. The OpenID userinfo endpoint will be loaded in the case that either "federation" or "openid" resource is defined. The new "openid" resource is defaulted to active in default configuration. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Deduplicate some code in synapse.app (#4567)Amber Brown2019-02-081-11/+5
| |
* | Merge branch 'master' into developRichard van der Hoff2019-02-051-3/+3
|\ \
| * | Fix default ACME config for py2 (#4564)Richard van der Hoff2019-02-051-1/+1
| | | | | | | | | Fixes #4559
| * | fix typo in config comments (#4557)Richard van der Hoff2019-02-051-2/+2
| | |
* | | by default include m.room.encryption on invites (#3902)Matthew Hodgson2019-01-301-0/+2
|/ / | | | | | | | | | | | | | | * by default include m.room.encryption on invites * fix constant * changelog
* | ACME config cleanups (#4525)Richard van der Hoff2019-01-301-26/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile
* | SIGHUP for TLS cert reloading (#4495)Amber Brown2019-01-301-8/+11
| |
* | Merge pull request #4512 from matrix-org/anoa/consent_dirAndrew Morgan2019-01-291-1/+13
|\ \ | | | | | | Check consent dir path on startup
| * | Check consent dir path on startupAndrew Morgan2019-01-291-1/+13
| | |
* | | Merge pull request #4498 from matrix-org/travis/fix-docs-public_baseurlTravis Ralston2019-01-291-1/+1
|\ \ \ | |/ / |/| | Don't recommend :8448 to people on public_baseurl
| * | Don't recommend :8448 to people on public_baseurlTravis Ralston2019-01-281-1/+1
| | |
* | | Do not generate self-signed TLS certificates by default. (#4509)Amber Brown2019-01-291-43/+18
|/ /
* | Fix quoting for allowed_local_3pids example config (#4476)Richard van der Hoff2019-01-251-3/+3
| | | | | | | | | | | | | | If you use double-quotes here, you have to escape your backslashes. It's much easier with single-quotes. (Note that the existing double-backslashes are already interpreted by python's """ parsing.)
* | Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_checkNeil Johnson2019-01-241-5/+4
|\ \ | | | | | | Neilj/fix threepid auth check
| * | move guard out of is_threepid_reserved and into register.pyNeil Johnson2019-01-221-2/+0
| | |
| * | Fix None guard in config.server.is_threepid_reservedNeil Johnson2019-01-221-5/+6
| |/
* | Clarify docs for public_baseurlDavid Baker2019-01-241-1/+5
| | | | | | | | | | | | This is leading to problems with people upgrading to clients that support MSC1730 because people have this misconfigured, so try to make the docs completely unambiguous.
* | Support ACME for certificate provisioning (#4384)Amber Brown2019-01-232-26/+93
|/
* Merge pull request #4423 from matrix-org/neilj/disable_msisdn_on_registrationNeil Johnson2019-01-221-0/+9
|\ | | | | Config option to disable requesting MSISDN on registration
| * fix line lengthNeil Johnson2019-01-211-1/+3
| |
| * Config option to disable requesting MSISDN on registrationNeil Johnson2019-01-211-0/+7
| |
* | Require ECDH key exchange & remove dh_params (#4429)Amber Brown2019-01-221-40/+0
|/ | | * remove dh_params and set better cipher string
* Changing macaroon_secret_key no longer logs you out (#4387)Richard van der Hoff2019-01-161-3/+0
|
* Merge branch rav/macaroon_key_fix_0.34 into rav/macaroon_key_fix_0.34.1Richard van der Hoff2019-01-101-2/+2
|\ | | | | | | Fixes #4371
| * Revert "Fix macaroon_secret_key fallback logic"Richard van der Hoff2019-01-101-3/+3
| | | | | | | | | | | | This is already fixed in 0.34.1, by 59f93bb This reverts commit efc522c55e996e420271de2d9094835dda52ade4.
| * Merge branch 'rav/macaroon_key_fix' into rav/macaroon_key_fix_0.34Richard van der Hoff2019-01-101-5/+5
| |\
| | * Fix macaroon_secret_key fallback logicRichard van der Hoff2019-01-101-3/+3
| | |
| | * Fix fallback to signing key for macaroon-secret-keyRichard van der Hoff2019-01-101-2/+2
| | |
* | | Fix synapse.config.__main__ on python 3 (#4356)Amber Brown2019-01-081-1/+1
| | |
* | | Check jinja version for consent resource (#4327)Richard van der Hoff2019-01-071-1/+37
| | | | | | | | | | | | | | | | | | | | | | | | * Raise a ConfigError if an invalid resource is specified * Require Jinja 2.9 for the consent resource * changelog
* | | Add a script to generate a clean config file (#4315)Richard van der Hoff2018-12-229-46/+89
| | |
* | | Fix indentation in default config (#4313)Richard van der Hoff2018-12-221-35/+35
| | | | | | | | | These settings are not supposed to be under 'listeners'.
* | | Merge branch 'release-v0.34.0' into developRichard van der Hoff2018-12-111-15/+27
|\| |
| * | Stop installing Matrix Console by defaultRichard van der Hoff2018-12-111-15/+27
| | | | | | | | | | | | This is based on the work done by @krombel in #2601.
* | | Implement SAML2 authentication (#4267)Richard van der Hoff2018-12-072-1/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements both a SAML2 metadata endpoint (at `/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at `/_matrix/saml2/authn_response`). If the SAML2 response matches what's been configured, we complete the SSO login flow by redirecting to the client url (aka `RelayState` in SAML2 jargon) with a login token. What we don't yet have is anything to build a SAML2 request and redirect the user to the identity provider. That is left as an exercise for the reader.
* | | Rip out half-implemented m.login.saml2 support (#4265)Richard van der Hoff2018-12-062-57/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rip out half-implemented m.login.saml2 support This was implemented in an odd way that left most of the work to the client, in a way that I really didn't understand. It's going to be a pain to maintain, so let's start by ripping it out. * drop undocumented dependency on dateutil It turns out we were relying on dateutil being pulled in transitively by pysaml2. There's no need for that bloat.
* | | Implement .well-known handling (#4262)Richard van der Hoff2018-12-051-0/+9
|/ / | | | | | | Sometimes it's useful for synapse to generate its own .well-known file.
* | Add an option to enable recording IPs for appservice users (#3831)Travis Ralston2018-12-041-0/+5
| |
* | Add an option to disable search for homeservers which may not be interested ↵Travis Ralston2018-12-041-1/+11
| | | | | | | | | | | | in it (#4230) This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
* | Remove riot.im from the list of trusted Identity Servers in the default ↵Neil Johnson2018-11-201-1/+3
| | | | | | | | configuration (#4207)
* | Add option to track MAU stats (but not limit people) (#3830)Travis Ralston2018-11-151-0/+6
| |
* | Add config variables for enabling terms auth and the policy name (#4142)Travis Ralston2018-11-061-0/+18
| | | | | | | | So people can still collect consent the old way if they want to.
* | Set the encoding to UTF8 in the default logconfig (#4138)Amber Brown2018-11-031-0/+1
| |
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2018-10-255-88/+92
|\ \ | | | | | | | | | erikj/alias_disallow_list
| * \ Merge branch 'develop' of github.com:matrix-org/synapse into ↵Neil Johnson2018-10-254-68/+91
| |\ \ | | | | | | | | | | | | matthew/autocreate_autojoin
| | * | Fix a number of flake8 errorsRichard van der Hoff2018-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Broadly three things here: * disable W504 which seems a bit whacko * remove a bunch of `as e` expressions from exception handlers that don't use them * use `r""` for strings which include backslashes Also, we don't use pep8 any more, so we can get rid of the duplicate config there.
| | * | Make scripts/ and scripts-dev/ pass pyflakes (and the rest of the codebase ↵Amber Brown2018-10-202-63/+60
| | | | | | | | | | | | | | | | on py3) (#4068)
| | * | Calculate absolute path for email templatesRichard van der Hoff2018-10-191-22/+18
| | | |
| * | | isortNeil Johnson2018-10-241-2/+1
| | | |
| * | | remove errant exception and styleNeil Johnson2018-10-231-1/+1
| | | |
| * | | clean up config error logic and importsNeil Johnson2018-10-171-5/+4
| | | |
| * | | improve auto room join logic, comments and testsNeil Johnson2018-10-121-1/+10
| | | |
| * | | fix UTsMatthew Hodgson2018-09-281-1/+1
| | | |
| * | | untested stab at autocreating autojoin roomsMatthew Hodgson2018-09-281-0/+4
| | | |
* | | | Use allow/denyErik Johnston2018-10-251-6/+6
| | | |
* | | | Use match rather than searchErik Johnston2018-10-241-2/+3
| | | |
* | | | Add config option to control alias creationErik Johnston2018-10-192-1/+103
| |/ / |/| |
* | | Put the warning blob at the top of the fileRichard van der Hoff2018-10-171-6/+9
| | |
* | | Ship the email templates as package_dataRichard van der Hoff2018-10-171-3/+30
|/ / | | | | | | | | | | | | | | | | | | move the example email templates into the synapse package so that they can be used as package data, which should mean that all of the packaging mechanisms (pip, docker, debian, arch, etc) should now come with the example templates. In order to grandfather in people who relied on the templates being in the old place, check for that situation and fall back to using the defaults if the templates directory does not exist.
* | Replaced all occurences of e.message with str(e)Schnuffle2018-09-271-1/+1
| | | | | | | | Signed-off-by: Schnuffle <schnuffle@github.com>
* | Remove some superfluous logging (#3855)Amber Brown2018-09-131-1/+16
| |
* | Fix jwt import checkRichard van der Hoff2018-09-072-1/+1
| | | | | | | | | | | | | | This handy code attempted to check that we could import jwt, but utterly failed to check it was the right jwt. Fixes https://github.com/matrix-org/synapse/issues/3793
* | move threepid checker to config, add missing yieldsNeil Johnson2018-08-311-0/+17
| |
* | Change admin_uri to admin_contact in config and errorsErik Johnston2018-08-241-2/+2
| |
* | Implement trail usersErik Johnston2018-08-231-0/+6
| |
* | Port over enough to get some sytests running on Python 3 (#3668)Amber Brown2018-08-201-1/+2
| |
* | Integrate presence from hotfixes (#3694)Amber Brown2018-08-181-0/+6
| |
* | server limits config docsNeil Johnson2018-08-171-0/+26
| |
* | add new error type ResourceLimitNeil Johnson2018-08-161-0/+1
| |
* | update admin email to uriNeil Johnson2018-08-151-1/+1
| |
* | replace admin_email with admin_uri for greater flexibilityNeil Johnson2018-08-151-1/+1
| |
* | support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | | | | | AuthError in all cases
* | Revert "support admin_email config and pass through into blocking errors, ↵Neil Johnson2018-08-131-4/+0
| | | | | | | | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
* | support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | | | | | AuthError in all cases
* | log *after* reloading log configRichard van der Hoff2018-08-101-2/+1
| | | | | | | | ... because logging *before* reloading means the log message gets lost in the old MemoryLogger
* | Merge branch 'develop' into neilj/disable_hsNeil Johnson2018-08-081-0/+3
|\ \
| * | implement reserved users for mau limitsNeil Johnson2018-08-071-1/+1
| | |
| * | load mau limit threepidsNeil Johnson2018-08-061-0/+3
| | |
* | | disable HS from configNeil Johnson2018-08-041-0/+4
|/ /
* / fix (lots of) py3 test failuresNeil Johnson2018-08-031-2/+2
|/
* Merge branch 'master' into developRichard van der Hoff2018-08-021-0/+2
|\
| * Merge pull request #3377 from Valodim/note-affinityRichard van der Hoff2018-07-191-0/+2
| |\ | | | | | | document that the affinity package is required for the cpu_affinity setting
| | * add note that the affinity package is required for the cpu_affinity settingVincent Breitmoser2018-06-091-0/+2
| | |
| | * Merge tag 'v0.31.0'Neil Johnson2018-06-063-1/+20
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes in synapse v0.31.0 (2018-06-06) ====================================== Most notable change from v0.30.0 is to switch to python prometheus library to improve system stats reporting. WARNING this changes a number of prometheus metrics in a backwards-incompatible manner. For more details, see `docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_. Bug Fixes: * Fix metric documentation tables (PR #3341) * Fix LaterGuage error handling (694968f) * Fix replication metrics (b7e7fd2) Changes in synapse v0.31.0-rc1 (2018-06-04) ========================================== Features: * Switch to the Python Prometheus library (PR #3256, #3274) * Let users leave the server notice room after joining (PR #3287) Changes: * daily user type phone home stats (PR #3264) * Use iter* methods for _filter_events_for_server (PR #3267) * Docs on consent bits (PR #3268) * Remove users from user directory on deactivate (PR #3277) * Avoid sending consent notice to guest users (PR #3288) * disable CPUMetrics if no /proc/self/stat (PR #3299) * Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat! * Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307) * Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat! * Reduce stuck read-receipts: ignore depth when updating (PR #3318) * Put python's logs into Trial when running unit tests (PR #3319) Changes, python 3 migration: * Replace some more comparisons with six (PR #3243) Thanks to @NotAFile! * replace some iteritems with six (PR #3244) Thanks to @NotAFile! * Add batch_iter to utils (PR #3245) Thanks to @NotAFile! * use repr, not str (PR #3246) Thanks to @NotAFile! * Misc Python3 fixes (PR #3247) Thanks to @NotAFile! * Py3 storage/_base.py (PR #3278) Thanks to @NotAFile! * more six iteritems (PR #3279) Thanks to @NotAFile! * More Misc. py3 fixes (PR #3280) Thanks to @NotAFile! * remaining isintance fixes (PR #3281) Thanks to @NotAFile! * py3-ize state.py (PR #3283) Thanks to @NotAFile! * extend tox testing for py3 to avoid regressions (PR #3302) Thanks to @krombel! * use memoryview in py3 (PR #3303) Thanks to @NotAFile! Bugs: * Fix federation backfill bugs (PR #3261) * federation: fix LaterGauge usage (PR #3328) Thanks to @intelfx!
* | | | remove need to plot limit_usage_by_mauNeil Johnson2018-08-011-3/+6
| | | |
* | | | coding styleNeil Johnson2018-07-311-1/+1
| | | |
* | | | limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+5
| | | |
* | | | Comment dummy TURN parameters in default configDavid Baker2018-07-111-2/+2
|/ / / | | | | | | | | | | | | | | | | | | This default config is parsed and used a base before the actual config is overlaid, so with these values not commented out, the code to detect when no turn params were set and refuse to generate credentials was never firing because the dummy default was always set.
* | | run isortAmber Brown2018-07-0913-51/+59
| | |
* | | More server_name validationRichard van der Hoff2018-07-041-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | We need to do a bit more validation when we get a server name, but don't want to be re-doing it all over the shop, so factor out a separate parse_and_validate_server_name, and do the extra validation. Also, use it to verify the server name in the config file.
* | | fix testsMatthew Hodgson2018-06-281-0/+1
| | |
* | | add ip_range_whitelist parameter to limit where ASes can connect fromMatthew Hodgson2018-06-281-1/+10
| | |
* | | Write a clear restart indicator in logsRichard van der Hoff2018-06-201-6/+18
| | | | | | | | | | | | | | | I'm fed up with never being able to find the point a server restarted in the logs.
* | | Merge remote-tracking branch 'origin/master' into developRichard van der Hoff2018-06-051-0/+3
|\| | | |/ |/|
| * remove trailing whitespaceRichard van der Hoff2018-05-301-2/+2
| |
| * fix english and wrap commentRichard van der Hoff2018-05-301-1/+2
| |
| * add link to thorough instruction how to configure consentRuben Barkow2018-05-251-0/+2
| |
* | Add private IPv6 addresses to preview blacklist #3312Felix Schäfer2018-06-011-0/+3
| | | | | | | | | | | | | | The added addresses are expected to be local or loopback addresses and shouldn't be spidered for previews. Signed-off-by: Felix Schäfer <felix@thegcat.net>
* | Run Prometheus on a different port, optionally. (#3274)Amber Brown2018-05-311-0/+10
| |
* | Fix default for send_server_notice_to_guestsRichard van der Hoff2018-05-251-1/+1
| | | | | | | | bool("False") == True...
* | Avoid sending consent notice to guest usersRichard van der Hoff2018-05-251-1/+7
|/ | | | we think it makes sense not to send the notices to guest users.
* Allow overriding the server_notices user's avatarRichard van der Hoff2018-05-231-3/+12
| | | | probably should have done this in the first place, like @turt2live suggested.
* Support for putting %(consent_uri)s in messagesRichard van der Hoff2018-05-231-4/+7
| | | | | Make it possible to put the URI in the error message and the server notice that get sent by the server
* Reject attempts to send event before privacy consent is givenRichard van der Hoff2018-05-221-0/+10
| | | | | | Returns an M_CONSENT_NOT_GIVEN error (cf https://github.com/matrix-org/matrix-doc/issues/1252) if consent is not yet given.
* Move consent config parsing into ConsentConfigRichard van der Hoff2018-05-221-1/+15
| | | | turns out we need to reuse this, so it's better in the config class.
* Send users a server notice about consentRichard van der Hoff2018-05-221-0/+8
| | | | | When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so.
* Rename 'version' param on user consent configRichard van der Hoff2018-05-221-4/+6
| | | | we're going to use it for the version we require too.
* Replace inline docstrings with "Attributes" in class docstringRichard van der Hoff2018-05-181-23/+15
|
* Infrastructure for a server notices roomRichard van der Hoff2018-05-172-1/+89
| | | | | | | Server Notices use a special room which the user can't dismiss. They are created on demand when some other bit of the code calls send_notice. (This doesn't actually do much yet becuse we don't call send_notice anywhere)
* ConsentResource to gather policy consent from usersRichard van der Hoff2018-05-154-3/+63
| | | | | Hopefully there are enough comments and docs in this that it makes sense on its own.
* Merge pull request #3085 from NotAFile/py3-config-text-modeRichard van der Hoff2018-04-302-4/+4
|\ | | | | Open config file in non-bytes mode
| * open log_config in text mode tooAdrian Tschira2018-04-281-1/+1
| | | | | | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
| * Open config file in non-bytes modeAdrian Tschira2018-04-101-3/+3
| | | | | | | | | | | | | | | | | | Nothing written into it is encoded, so it makes little sense, but it does break in python3 the way it was before. The variable names were adjusted to be less misleading. Signed-off-by: Adrian Tschira <nota@notafile.com>
* | Merge pull request #3084 from NotAFile/py3-certs-byte-modeRichard van der Hoff2018-04-301-2/+2
|\ \ | | | | | | Open certificate files as bytes
| * | Open certificate files as bytesAdrian Tschira2018-04-101-2/+2
| |/ | | | | | | | | | | That's what pyOpenSSL expects on python3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* / Use six.moves.urlparseAdrian Tschira2018-04-151-2/+2
|/ | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge pull request #3074 from NotAFile/fix-py3-printsRichard van der Hoff2018-04-091-5/+5
|\ | | | | use python3-compatible prints
| * use python3-compatible printsAdrian Tschira2018-04-061-5/+5
| |
* | Replace some type checks with six type checksAdrian Tschira2018-04-072-5/+9
|/ | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* spell out not to massively increase bcrypt roundsMatthew Hodgson2018-03-191-1/+3
|
* Add replication http endpoint for event sendingErik Johnston2018-02-071-0/+8
|
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-0/+22
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* Merge pull request #2813 from matrix-org/matthew/registrations_require_3pidMatthew Hodgson2018-01-221-0/+19
|\ | | | | add registrations_require_3pid and allow_local_3pids
| * rewrite based on PR feedback:Matthew Hodgson2018-01-191-3/+9
| | | | | | | | | | | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
| * add registrations_require_3pidMatthew Hodgson2018-01-191-0/+13
| | | | | | | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
* | Fix passing wrong config to provider constructorErik Johnston2018-01-181-1/+1
| |
* | Remove duplicate directory testErik Johnston2018-01-181-4/+0
| |
* | Fixup commentsErik Johnston2018-01-181-1/+5
| |
* | Make storage providers more configurableErik Johnston2018-01-181-11/+72
|/
* fix typoMatthew Hodgson2018-01-161-1/+1
|
* Actually make it workErik Johnston2018-01-121-0/+5
|
* Merge pull request #2763 from matrix-org/rav/fix_config_utsRichard van der Hoff2018-01-091-2/+2
|\ | | | | Fix broken config UTs
| * Fix broken config UTsRichard van der Hoff2018-01-091-2/+2
| | | | | | | | | | https://github.com/matrix-org/synapse/pull/2755 broke log-config generation, which in turn broke the unit tests.
* | Make indentation of generated log config consistentRichard van der Hoff2018-01-091-17/+17
|/ | | | (we had a mix of 2- and 4-space indents)
* Remove 'verbosity'/'log_file' from generated cfgRichard van der Hoff2018-01-051-8/+4
| | | | | | ... because these only really exist to confuse people nowadays. Also bring log config more into line with the generated log config, by making `level_for_storage` apply to the `synapse.storage.SQL` logger rather than `synapse.storage`.
* Merge pull request #2683 from seckrv/fix_pwd_auth_prov_typoRichard van der Hoff2017-12-181-2/+2
|\ | | | | synapse/config/password_auth_providers: Fixed bracket typo
| * synapse/config/password_auth_providers: Fixed bracket typoRichard von Seck2017-11-161-2/+2
| | | | | | | | Signed-off-by: Richard von Seck <richard.von-seck@gmx.net>
* | Allow binds to both :: and 0.0.0.0Silke Hofstra2017-12-171-5/+3
| | | | | | | | | | | | | | | | | | | | Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed. This causes a warning explaining the behaviour. Configuration changed to match. See #2232 Signed-off-by: Silke Hofstra <silke@slxh.eu>
* | Adapt the default config to bind on IPv6.Willem Mulder2017-12-171-8/+9
| | | | | | | | | | | | | | | | | | Most deployments are on Linux (or Mac OS), so this would actually bind on both IPv4 and IPv6. Resolves #1886. Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
* | better docMatthew Hodgson2017-12-041-1/+4
| |
* | switch to a simpler 'search_all_users' button as per review feedbackMatthew Hodgson2017-12-041-7/+8
| |
* | Merge branch 'develop' into matthew/search-all-local-usersMatthew Hodgson2017-11-301-0/+6
|\ \
| * | Add config option to disable media_repo on main synapseRichard van der Hoff2017-11-221-0/+6
| | | | | | | | | | | | ... to stop us doing the cache cleanup jobs on the master.
* | | specify default user_directory_include_patternMatthew Hodgson2017-11-301-0/+1
| | |
* | | untested WIP but might actually workMatthew Hodgson2017-11-291-3/+2
| | |
* | | Add user_directory_include_pattern config param to expand search results to ↵Matthew Hodgson2017-11-292-1/+42
|/ / | | | | | | | | | | | | | | | | | | additional users Initial commit; this doesn't work yet - the LIKE filtering seems too aggressive. It also needs _do_initial_spam to be aware of prepopulating the whole user_directory_search table with all users... ...and it needs a handle_user_signup() or something to be added so that new signups get incrementally added to the table too. Committing it here as a WIP
* / Check group_id belongs to this domainLuke Barnard2017-11-161-0/+1
|/
* Print instead of loggingDavid Baker2017-11-131-11/+4
| | | | because we had to wait until the logger was set up
* Make the commented config have the defaultDavid Baker2017-11-091-1/+1
|
* better commentsDavid Baker2017-11-081-2/+5
|
* Log if any of the old config flags are setDavid Baker2017-11-081-2/+24
|
* Rename redact_content option to include_contentDavid Baker2017-11-081-15/+13
| | | | | | | | | | | | | | | | | | The redact_content option never worked because it read the wrong config section. The PR introducing it (https://github.com/matrix-org/synapse/pull/2301) had feedback suggesting the name be changed to not re-use the term 'redact' but this wasn't incorporated. This reanmes the option to give it a less confusing name, and also means that people who've set the redact_content option won't suddenly see a behaviour change when upgrading synapse, but instead can set include_content if they want to. This PR also updates the wording of the config comment to clarify that this has no effect on event_id_only push. Includes https://github.com/matrix-org/synapse/pull/2422
* Add a hook for custom rest endpointsRichard van der Hoff2017-11-021-0/+7
| | | | | Let the user specify custom modules which can be used for implementing extra endpoints.
* Clean up backwards-compat hacks for ldapRichard van der Hoff2017-10-311-20/+19
| | | | | | | try to make the backwards-compat flows follow the same code paths as the modern impl. This commit should be non-functional.
* fix typoMatthew Hodgson2017-10-291-1/+1
|
* Fix error when running synapse with no logfileRichard van der Hoff2017-10-261-1/+5
| | | | Fixes 'UnboundLocalError: local variable 'sighup' referenced before assignment'
* tip for generating tls_fingerprintsMatthew Hodgson2017-10-241-0/+6
|
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Flake8Erik Johnston2017-10-191-4/+0
|
* Add missing file...Erik Johnston2017-10-191-0/+36
|
* Add config to enable group creationErik Johnston2017-10-191-1/+2
|
* Improve error handling for missing files (#2551)Richard van der Hoff2017-10-173-17/+33
| | | | | | | | | | | `os.path.exists` doesn't allow us to distinguish between permissions errors and the path actually not existing, which repeatedly confuses people. It also means that we try to overwrite existing key files, which is super-confusing. (cf issues #2455, #2379). Use os.stat instead. Also, don't recomemnd the the use of --generate-config, which screws everything up if you're using debian (cf #2455).
* pep8David Baker2017-10-171-1/+2
|
* Add config option to auto-join new users to roomsDavid Baker2017-10-161-0/+6
| | | | | New users who register on the server will be dumped into all rooms in auto_join_rooms in the config.
* Copy everything to backupErik Johnston2017-10-121-1/+3
|
* Basic implementation of backup media storeErik Johnston2017-10-121-0/+18
|
* Forgot the new file again :(David Baker2017-09-271-0/+35
|
* Make the spam checker a moduleDavid Baker2017-09-261-1/+3
|
* Factor out module loading to a separate placeDavid Baker2017-09-261-12/+10
| | | | So it can be reused
* Add a config option to block all room invites (#2457)Richard van der Hoff2017-09-191-0/+10
| | | | | - allows sysadmins the ability to lock down their servers so that people can't send their users room invites.
* Fix process startupRichard van der Hoff2017-08-161-10/+13
| | | | escape the % that got added in 92168cb so that the process starts up ok.
* explain why CPU affinity is a good ideaMatthew Hodgson2017-08-151-0/+8
|
* Allow configuration of CPU affinityRichard van der Hoff2017-08-152-0/+13
| | | | | Make it possible to set the CPU affinity in the config file, so that we don't need to remember to do it manually every time.
* Add a frontend proxyErik Johnston2017-07-071-0/+2
|
* Change the config file generator to more descriptive explanation of ↵Caleb James DeLisle2017-06-241-3/+11
| | | | push.redact_content
* Fix TravisCI tests for PR #2301 - Fat finger mistakeCaleb James DeLisle2017-06-231-0/+37
|
* Fix TravisCI tests for PR #2301Caleb James DeLisle2017-06-232-41/+1
|
* Add configuration parameter to allow redaction of content from push messages ↵Caleb James DeLisle2017-06-232-1/+42
| | | | for google/apple devices
* Initial worker implErik Johnston2017-06-161-0/+4
|
* Configurable maximum number of events requested by /sync and /messages (#2220)Pablo Saavedra2017-05-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit. For example, using `filter_timeline_limit: 5000`: POST /_matrix/client/r0/user/user:id/filter { room: { timeline: { limit: 1000000000000000000 } } } GET /_matrix/client/r0/user/user:id/filter/filter:id { room: { timeline: { limit: 5000 } } } The server cuts down the room.timeline.limit.
* web_server_root documentation fixMatthew Wolff2017-04-171-0/+6
| | | | Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
* trust a hypothetical future riot.im ISMatthew Hodgson2017-04-101-0/+1
|
* Merge pull request #2102 from DanielDent/add-auth-emailDavid Baker2017-04-101-0/+16
|\ | | | | Support authenticated SMTP
| * Support authenticated SMTPDaniel Dent2017-04-051-0/+16
| | | | | | | | | | | | Closes (SYN-714) #1385 Signed-off-by: Daniel Dent <matrixcontrib@contactdaniel.net>
* | Merge pull request #2097 from matrix-org/erikj/repl_tcp_clientErik Johnston2017-04-051-1/+3
|\ \ | |/ |/| Move to using TCP replication
| * Remove unused worker config optionErik Johnston2017-04-041-1/+0
| |
| * Update all the workers and master to use TCP replicationErik Johnston2017-04-031-0/+3
| |
* | typoMatthew Hodgson2017-03-151-1/+1
| |
* | set default for turn_allow_guests correctlyMatthew Hodgson2017-03-151-1/+1
| |
* | add setting (on by default) to support TURN for guestsMatthew Hodgson2017-03-151-0/+8
|/
* Add helpful texts to logger config optionsRichard van der Hoff2017-03-131-5/+7
|
* Merge pull request #1983 from matrix-org/rav/no_redirect_stdioRichard van der Hoff2017-03-131-6/+28
|\ | | | | Add an option to disable stdio redirect
| * Add an option to disable stdio redirectRichard van der Hoff2017-03-101-1/+12
| | | | | | | | This makes it tractable to run synapse under pdb.
| * Refactor logger config for workersRichard van der Hoff2017-03-101-5/+16
| | | | | | | | - to make it easier to add more config options.
* | Reread log config on SIGHUPRichard van der Hoff2017-03-101-10/+19
|/ | | | When we are using a log_config file, reread it on SIGHUP.
* Fix typo in config comments.Tyler Smith2017-02-111-1/+1
| | | | Signed-off-by: Tyler Smith <tylersmith.me@gmail.com>
* Merge pull request #1835 from matrix-org/erikj/fix_workersErik Johnston2017-01-201-0/+10
|\ | | | | Make worker listener config backwards compat
| * Make worker listener config backwards compatErik Johnston2017-01-201-0/+10
| |
* | Added default config for turn username and passwordMarvin Steadfast2017-01-191-0/+5
| |
* | Added username and password for turn serverMarvin Steadfast2017-01-191-1/+3
|/ | | | | It makes it possible to use a turn server that needs a username and password instead of a token.
* Allow configuring the Riot URL used in notification emailsAdrian Perez de Castro2017-01-131-0/+7
| | | | | | | | | | The URLs used for notification emails were hardcoded to use either matrix.to or vector.im; but for self-hosted setups where Riot is also self-hosted it may be desirable to allow configuring an alternative Riot URL. Fixes #1809. Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
* Merge pull request #1795 from matrix-org/erikj/port_defaultsErik Johnston2017-01-131-4/+13
|\ | | | | Restore default bind address
| * Pop bind_addressErik Johnston2017-01-101-1/+1
| |
| * Restore default bind addressErik Johnston2017-01-101-4/+13
| |
* | Remove full_twisted_stacktraces optionErik Johnston2017-01-121-8/+0
|/ | | | | | | | | | | | | | | | | The debug 'full_twisted_stacktraces' flag caused synapse to rewrite twisted deferreds to always fire the callback on the next reactor tick. This was to force the deferred to always store the stacktraces on exceptions, and thus be more likely to have a full stacktrace when it reaches the final error handlers and gets printed to the logs. Dynamically rewriting things is generally bad, and in particular this change violates assumptions of various bits of Twisted. This wouldn't necessarily be so bad, but it turns out this option has been turned on on some production servers. Turning the option can cause e.g. #1778. For now, lets just entirely nuke this option.