summary refs log tree commit diff
path: root/synapse/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update worker docs with recent enhancements (#7969)Erik Johnston2020-07-295-15/+73
|
* Fix a typo in the sample config. (#7890)Adrian2020-07-201-1/+1
|
* Change sample config's postgres user to synapse_user (#7889)Andrew Morgan2020-07-201-1/+1
| | | | | | | The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`. However, uncommenting the postgres defaults in the sample config leave you with user `synapse`. This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.
* Add a default limit (of 100) to get/sync operations. (#7858)Patrick Cloke2020-07-171-2/+4
|
* Allow moving typing off master (#7869)Erik Johnston2020-07-161-9/+10
|
* Add ability to run multiple pusher instances (#7855)Erik Johnston2020-07-164-37/+48
| | | This reuses the same scheme as federation sender sharding
* Allow email subjects to be customised through Synapse's configuration (#7846)Brendan Abolivier2020-07-141-6/+112
|
* Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)Patrick Cloke2020-07-141-0/+28
|
* Fix handling of "off" in encryption_enabled_by_default_for_room_type (#7822)Brendan Abolivier2020-07-131-1/+6
| | | | | | | | | | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/7821, introduced in https://github.com/matrix-org/synapse/pull/7639 Turns out PyYAML translates `off` into a `False` boolean if it's unquoted (see https://stackoverflow.com/questions/36463531/pyyaml-automatically-converting-certain-keys-to-boolean-values), which seems to be a liberal interpretation of this bit of the YAML spec: https://yaml.org/spec/1.1/current.html#id864510 An alternative fix would be to implement the solution mentioned in the SO post linked above, but I'm aware it might break existing setups (which might use these values in the configuration file) so it's probably better just to add an extra check for this one. We should be aware that this is a thing for the next times we do that though. I didn't find any other occurrence of this bug elsewhere in the codebase.
* Add ability to shard the federation sender (#7798)Erik Johnston2020-07-103-66/+132
|
* Fix some spelling mistakes / typos. (#7811)Patrick Cloke2020-07-091-1/+1
|
* Add documentation for JWT login type and improve sample config. (#7776)Patrick Cloke2020-07-061-4/+31
|
* isort 5 compatibility (#7786)Will Hunt2020-07-052-2/+2
| | | The CI appears to use the latest version of isort, which is a problem when isort gets a major version bump. Rather than try to pin the version, I've done the necessary to make isort5 happy with synapse.
* Additional configuration options for auto-join rooms (#7763)Patrick Cloke2020-06-301-3/+103
|
* Support running multiple media repos. (#7706)Erik Johnston2020-06-171-0/+6
| | | | | This requires a new config option to specify which media repo should be responsible for running background jobs to e.g. clear out expired URL preview caches.
* fix broken link in sample config (#7712)Richard van der Hoff2020-06-161-1/+1
|
* Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-163-16/+7
|
* Create a ListenerConfig object (#7681)Richard van der Hoff2020-06-162-102/+157
| | | | | | | | | | This ended up being a bit more invasive than I'd hoped for (not helped by generic_worker duplicating some of the code from homeserver), but hopefully it's an improvement. The idea is that, rather than storing unstructured `dict`s in the config for the listener configurations, we instead parse it into a structured `ListenerConfig` object.
* Increase the default SAML session expirary time to 15 minutes. (#7664)Patrick Cloke2020-06-111-2/+2
|
* fix typo in sample_config.yaml (#7652)wondratsch2020-06-111-1/+1
| | | | | Just a simple typo fix. Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
* Take out a lock before modifying _CACHES (#7663)Richard van der Hoff2020-06-101-5/+15
| | | | This should fix #7610.
* Add option to enable encryption by default for new rooms (#7639)Andrew Morgan2020-06-102-0/+82
| | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/2431 Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used. Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637 Based on #7637
* Add an option to disable autojoin for guest accounts (#6637)Travis Ralston2020-06-051-0/+8
| | | | Fixes https://github.com/matrix-org/synapse/issues/3177
* Add support for webp thumbnailing (#7586)WGH2020-06-051-0/+1
| | | | | Closes #4382 Signed-off-by: Maxim Plotnikov <wgh@torlan.ru>
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-051-1/+7
| | | | | | | | | | While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
* Cleanups to the OpenID Connect integration (#7628)Richard van der Hoff2020-06-033-76/+105
| | | | docs, default configs, comments. Nothing very significant.
* Clean up exception handling in SAML2ResponseResource (#7614)Richard van der Hoff2020-06-031-5/+13
| | | | | | | | | | | | | * Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string * Clean up exception handling in SAML2ResponseResource * use the existing code in `return_html_error` instead of re-implementing it (giving it a jinja2 template rather than inventing a new form of template) * do the exception-catching in the REST layer rather than in the handler layer, to make sure we catch all exceptions.
* Fix sample config docs error (#7581)Jason Robinson2020-05-271-1/+1
| | | | | | 'client_auth_method' commented out value was erronously 'client_auth_basic', when code and docstring says it should be 'client_secret_basic'. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Fix up commentsErik Johnston2020-05-271-2/+2
|
* Fix specifying cache factors via env vars with * in name. (#7580)Erik Johnston2020-05-271-5/+39
| | | | | This mostly applise to `*stateGroupCache*` and co. Broke in #6391.
* Add option to move event persistence off master (#7517)Erik Johnston2020-05-222-2/+29
|
* Fix some DETECTED VIOLATIONS in the config file (#7550)Richard van der Hoff2020-05-226-29/+36
| | | consistency ftw
* Add `instance_map` config and route replication calls (#7495)Erik Johnston2020-05-141-0/+17
|
* Fix copypasted comment (#7477)Paul Tötterman2020-05-131-1/+1
| | | Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
* Fix new flake8 errors (#7470)Erik Johnston2020-05-121-1/+1
|
* Allow configuration of Synapse's cache without using synctl or environment ↵Amber Brown2020-05-113-6/+166
| | | | variables (#6391)
* Merge branch 'release-v1.13.0' into developAndrew Morgan2020-05-111-1/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * release-v1.13.0: Don't UPGRADE database rows RST indenting Put rollback instructions in upgrade notes Fix changelog typo Oh yeah, RST Absolute URL it is then Fix upgrade notes link Provide summary of upgrade issues in changelog. Fix ) Move next version notes from changelog to upgrade notes Changelog fixes 1.13.0rc1 Documentation on setting up redis (#7446) Rework UI Auth session validation for registration (#7455) Fix errors from malformed log line (#7454) Drop support for redis.dbid (#7450)
| * Drop support for redis.dbid (#7450)Richard van der Hoff2020-05-071-1/+0
| | | | | | Since we only use pubsub, the dbid is irrelevant.
* | Extend spam checker to allow for multiple modules (#7435)Andrew Morgan2020-05-081-8/+30
| |
* | Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-084-7/+191
|/
* Add a configuration setting for the dummy event threshold (#7422)Brendan Abolivier2020-05-071-0/+15
| | | Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
* Fix fallback value for account_threepid_delegates.email (#7316)Andrew Morgan2020-04-291-3/+8
|
* Fix typo 'datbases' in ConfigErrorAndrew Morgan2020-04-281-1/+1
|
* Don't crash when one of the configuration files is empty (#7341)Brendan Abolivier2020-04-271-0/+6
| | | | | If the admin adds a `.yaml` file that's either empty or doesn't parse into a dict to a config directory (e.g. `conf.d` for debs installs), stuff like https://github.com/matrix-org/synapse/issues/7322 would happen. This PR checks that the file is correctly parsed into a dict, or ignores it with a warning if it parses into any other type (including `None` for empty files). Fixes https://github.com/matrix-org/synapse/issues/7322
* Add documentation to the sample config about the templates for SSO. (#7343)Patrick Cloke2020-04-241-0/+24
|
* Revert "Revert "Merge pull request #7315 from ↵Brendan Abolivier2020-04-231-0/+21
| | | | | | matrix-org/babolivier/request_token"" This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
* Add ability to run replication protocol over redis. (#7040)Erik Johnston2020-04-222-0/+37
| | | This is configured via the `redis` config options.
* Fix indention in generated config file (#7300)Lars Franke2020-04-201-22/+22
| | | | | | Also adjust sample_config.yaml Signed-off-by: Lars Franke <frcl@mailbox.org>
* Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-0/+6
|
* Clarify the comments for media_storage_providers options (#7272)Tristan Lins2020-04-171-4/+3
|
* Allow specifying the value of Accept-Language header for URL previews (#7265)Andrew Morgan2020-04-151-0/+29
|
* Do not allow a deactivated user to login via SSO. (#7240)Patrick Cloke2020-04-091-0/+7
|
* Fix --help commandline argument (#7249)Richard van der Hoff2020-04-091-16/+8
| | | | | | | | I don't really remember why this was so complicated; I think it dates back to the time when we had to instantiate the Config classes before we could call `add_arguments` - ie before #5597. In any case, I don't think there's a good reason for it any more, and the impact of it being complicated is that `--help` doesn't work correctly.
* Add documentation to password_providers config option (#7238)Andrew Morgan2020-04-081-2/+14
|
* Extend web_client_location to handle absolute URLs (#7006)Martin Milata2020-04-031-3/+8
| | | | | Log warning when filesystem path is used. Signed-off-by: Martin Milata <martin@martinmilata.cz>
* Fix a small typo in the `metrics_flags` config option. (#7171)Andrew Morgan2020-03-301-1/+1
|
* Always whitelist the login fallback for SSO (#7153)Richard van der Hoff2020-03-271-0/+15
| | | | | | | That fallback sets the redirect URL to itself (so it can process the login token then return gracefully to the client). This would make it pointless to ask the user for confirmation, since the URL the confirmation page would be showing wouldn't be the client's.
* Add options to prevent users from changing their profile. (#7096)Dirk Klimpel2020-03-271-0/+27
|
* Don't default to an invalid sqlite config if no database configuration is ↵Nektarios Katakis2020-03-261-22/+47
| | | | provided (#6573)
* Allow server admins to define and enforce a password policy (MSC2000). (#7118)Dirk Klimpel2020-03-261-0/+39
|
* Remove unused captcha_bypass_secret option (#7137)Aaron Raimist2020-03-251-5/+0
| | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Improve database configuration docs (#6988)Richard van der Hoff2020-03-202-36/+59
| | | | | Attempts to clarify the sample config for databases, and add some stuff about tcp keepalives to `postgres.md`.
* Revert "Add options to disable setting profile info for prevent changes. ↵Richard van der Hoff2020-03-171-17/+0
| | | | | | | (#7053)" This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
* LintBrendan Abolivier2020-03-111-2/+1
|
* Put the file in the templates directoryBrendan Abolivier2020-03-111-12/+21
|
* Update wording and configBrendan Abolivier2020-03-111-0/+3
|
* Move the default SAML2 error HTML to a dedicated fileBrendan Abolivier2020-03-111-18/+11
| | | | | Also add some JS to it to process any error we might have in the URI (see #6893).
* Add options to disable setting profile info for prevent changes. (#7053)Brendan Abolivier2020-03-101-0/+17
|\
| * Update synapse/config/registration.pyDirk Klimpel2020-03-101-1/+1
| | | | | | Co-Authored-By: Brendan Abolivier <github@brendanabolivier.com>
| * updates after reviewdklimpel2020-03-091-8/+8
| |
| * add disable_3pid_changesdklimpel2020-03-081-0/+6
| |
| * lint2dklimpel2020-03-081-2/+2
| |
| * changelogdklimpel2020-03-081-2/+2
| |
| * Add options to disable setting profile info for prevent changes.dklimpel2020-03-081-0/+11
| |
* | Rephrase default messageBrendan Abolivier2020-03-101-2/+2
| |
* | LintBrendan Abolivier2020-03-101-1/+1
| |
* | SAML2: render a comprehensible error page if something goes wrongBrendan Abolivier2020-03-101-0/+26
| | | | | | | | | | | | If an error happened while processing a SAML AuthN response, or a client ends up doing a `GET` request to `/authn_response`, then render a customisable error page rather than a confusing error.
* | Merge branch 'master' into developBrendan Abolivier2020-03-033-0/+96
|\ \ | |/ |/|
| * Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-1/+1
| |
| * Add a whitelist for the SSO confirmation step.Richard van der Hoff2020-03-021-0/+18
| |
| * Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-023-0/+78
| |
* | Fix minor issues with email config (#6962)Richard van der Hoff2020-02-241-36/+30
| | | | | | | | | | | | * Give `notif_template_html`, `notif_template_text` default values (fixes #6960) * Don't complain if `smtp_host` and `smtp_port` are unset, since they have sensible defaults (fixes #6961) * Set the example for `enable_notifs` to `True`, for consistency and because it's more useful * Raise errors as ConfigError rather than RuntimeError for nicer formatting
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-212-3/+3
|/ | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Merge pull request #6907 from matrix-org/babolivier/acme-configBrendan Abolivier2020-02-181-0/+19
|\ | | | | Add mention and warning about ACME v1 deprecation to the TLS config
| * Linters are hard but in they end they just want what's best for usBrendan Abolivier2020-02-131-1/+1
| |
| * Add a separator for the config warningBrendan Abolivier2020-02-131-1/+1
| |
| * Add mention and warning about ACME v1 deprecation to the Synapse configBrendan Abolivier2020-02-131-0/+19
| |
* | Add a warning about indentation to generated config (#6920)Richard van der Hoff2020-02-141-2/+14
|/ | | Fixes #6916.
* Allow empty federation_certificate_verification_whitelist (#6849)timfi2020-02-061-0/+2
|
* Fix empty account_validity config blockAndrew Morgan2020-01-201-1/+2
|
* Add more logging around message retention policies support (#6717)Brendan Abolivier2020-01-171-0/+8
| | | So we can debug issues like #6683 more easily
* Delegate remote_user_id mapping to the saml mapping provider (#6723)Richard van der Hoff2020-01-171-0/+1
| | | Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
* Clarify the `account_validity` and `email` sections of the sample ↵Richard van der Hoff2020-01-173-140/+167
| | | | | | | | | | | configuration. (#6685) Generally try to make this more comprehensible, and make it match the conventions. I've removed the documentation for all the settings which allow you to change the names of the template files, because I can't really see why they are useful.
* Merge pull request #6621 from matrix-org/babolivier/purge_job_config_typoBrendan Abolivier2020-01-071-5/+5
|\ | | | | Fix a typo in the purge jobs configuration example
| * RewordBrendan Abolivier2020-01-071-3/+3
| |
| * Change the example from 5min to 12hBrendan Abolivier2020-01-071-4/+4
| | | | | | | | Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
| * Fix a typo in the purge jobs configuration exampleBrendan Abolivier2020-01-031-1/+1
| |
* | Add experimental 'databases' config (#6580)Erik Johnston2020-01-061-13/+42
| |
* | Automate generation of the sample and debian log configs (#6627)Richard van der Hoff2020-01-031-1/+8
| |
* | Raise an error if someone tries to use the log_file config option (#6626)Richard van der Hoff2020-01-031-2/+15
| | | | | | | | This has caused some confusion for people who didn't notice it going away.
* | Remove unused, undocumented "content repo" resource (#6628)Richard van der Hoff2020-01-031-5/+0
|/ | | | | | This looks like it got half-killed back in #888. Fixes #6567.
* Split state groups into a separate data store (#6296)Erik Johnston2019-12-201-5/+5
|
* Add an export_signing_key script (#6546)Richard van der Hoff2019-12-191-8/+15
| | | | | I want to do some key rotation, and it is silly that we don't have a way to do this.
* Add database config class (#6513)Erik Johnston2019-12-181-16/+62
| | | | | This encapsulates config for a given database and is the way to get new connections.
* Add option to allow profile queries without sharing a room (#6523)Will Hunt2019-12-161-0/+13
|
* Bump version of mypyErik Johnston2019-12-123-4/+4
|
* Allow SAML username provider plugins (#6411)Andrew Morgan2019-12-101-60/+126
|
* privacy by default for room dir (#6355)Neil Johnson2019-12-041-12/+14
| | | | Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
* Add ephemeral messages support (MSC2228) (#6409)Brendan Abolivier2019-12-031-0/+2
| | | | | | | | Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are: * the feature is hidden behind a configuration flag (`enable_ephemeral_messages`) * self-destruction doesn't happen for state events * only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one) * doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
* Clarifications for the email configuration settings. (#6423)Richard van der Hoff2019-11-281-1/+16
| | | Cf #6422
* Merge pull request #6358 from matrix-org/babolivier/message_retentionBrendan Abolivier2019-11-271-1/+182
|\ | | | | Implement message retention policies (MSC1763)
| * Merge branch 'develop' into babolivier/message_retentionBrendan Abolivier2019-11-265-11/+11
| |\
| * | Lint againBrendan Abolivier2019-11-191-1/+1
| | |
| * | Lint againBrendan Abolivier2019-11-191-1/+1
| | |
| * | LintBrendan Abolivier2019-11-191-15/+24
| | |
| * | Implement per-room message retention policiesBrendan Abolivier2019-11-041-0/+172
| | |
* | | Remove assertion and provide a clear warning on startup for missing ↵Andrew Morgan2019-11-262-0/+9
| |/ |/| | | | | public_baseurl (#6379)
* | Clean up newline quote marks around the codebase (#6362)Andrew Morgan2019-11-213-5/+5
| |
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2019-11-141-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | anoa/homeserver_copy * 'develop' of github.com:matrix-org/synapse: Blacklist PurgeRoomTestCase (#6361) Set room version default to 5
| * \ Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5Brendan Abolivier2019-11-141-1/+1
| |\ \ | | |/ | |/| Set room version default to 5
| | * Set room version default to 5Neil Johnson2019-10-191-1/+1
| | |
* | | A couple more instancesAndrew Morgan2019-11-121-1/+1
| | |
* | | Replace instance variations of homeserver with correct case/spacingAndrew Morgan2019-11-123-4/+4
|/ /
* | Remove last usages of deprecated logging.warn method (#6314)Andrew Morgan2019-11-011-2/+2
| |
* | Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-312-3/+3
| | | | | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* | Fix typo in domain name in account_threepid_delegates config option (#6273)Andrew Morgan2019-10-301-1/+1
| |
* | Option to suppress resource exceeded alerting (#6173)Neil Johnson2019-10-241-2/+8
| | | | | | | | The expected use case is to suppress MAU limiting on small instances
* | Add config linting script that checks for bool casing (#6203)Andrew Morgan2019-10-239-15/+22
|/ | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it.
* Fix logging config for the docker image (#6197)Richard van der Hoff2019-10-181-3/+2
| | | | | | | | Turns out that loggers that are instantiated before the config is loaded get turned off. Also bring the logging config that is generated by --generate-config into line. Fixes #6194.
* cas: support setting display name (#6114)Valérian Rousset2019-10-111-0/+3
| | | Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
* Refactor HomeserverConfig so it can be typechecked (#6137)Amber Brown2019-10-1033-79/+385
|
* Fix up some typechecking (#6150)Amber Brown2019-10-026-12/+20
| | | | | | * type checking fixes * changelog
* Fix 'redaction_retention_period' sampel config to match guidelinesErik Johnston2019-09-261-1/+1
|
* Explicitly log when a homeserver does not have a trusted key server ↵Neil Johnson2019-09-262-12/+52
| | | | configured (#6090)
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-253-61/+185
|\ | | | | | | erikj/cleanup_user_ips_2
| * Enable cleaning up extremities with dummy events by default to prevent undue ↵Neil Johnson2019-09-251-3/+1
| | | | | | | | build up of forward extremities. (#5884)
| * Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-241-6/+42
| |\
| | * Merge pull request #6069 from matrix-org/rav/fix_attribute_mappingRichard van der Hoff2019-09-241-6/+42
| | |\ | | | | | | | | Fix a bug with saml attribute maps.
| | | * docstrings and commentsRichard van der Hoff2019-09-241-7/+21
| | | |
| | | * Merge branch 'develop' into rav/fix_attribute_mappingRichard van der Hoff2019-09-1914-168/+524
| | | |\
| | | * | Fix a bug with saml attribute maps.Richard van der Hoff2019-09-191-6/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a bug where the default attribute maps were prioritised over user-specified ones, resulting in incorrect mappings. The problem is that if you call SPConfig.load() multiple times, it adds new attribute mappers to a list. So by calling it with the default config first, and then the user-specified config, we would always get the default mappers before the user-specified mappers. To solve this, let's merge the config dicts first, and then pass them to SPConfig.
| * | | | Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-245-3/+44
| |\| | |
| | * | | Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
| | * | | Merge pull request #6064 from matrix-org/rav/saml_config_cleanupRichard van der Hoff2019-09-231-51/+62
| | |\ \ \ | | | | | | | | | | | | Make the sample saml config closer to our standards
| | | * \ \ Merge branch 'develop' into rav/saml_config_cleanupRichard van der Hoff2019-09-1914-168/+524
| | | |\ \ \ | | | | | |/ | | | | |/|
| | * | | | Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
| * | | | | Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-1914-168/+524
| |\ \ \ \ \ | | | |_|/ / | | |/| | |
| * | | | | Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-2/+76
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
| * | | | Make the sample saml config closer to our standardsRichard van der Hoff2019-09-131-51/+62
| | |_|/ | |/| | | | | | | | | | It' still not great, thanks to the nested dictionaries, but it's better.
* | | | Review commentsErik Johnston2019-09-251-1/+1
| | | |
* | | | Prune rows in user_ips older than configured periodErik Johnston2019-09-241-0/+13
| |_|/ |/| | | | | | | | Defaults to pruning everything older than 28d.
* | | fix broken copyrightsMatthew Hodgson2019-09-232-2/+2
| | |
* | | Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-201-0/+36
| | |
* | | Fix typo in account_threepid_delegates config (#6028)Jorik Schellekens2019-09-181-1/+1
| |/ |/|
* | (#5849) Convert rst to markdown (#6040)dstipp2019-09-171-6/+6
| | | | | | | | | | Converting some of the rst documentation to markdown. Attempted to preserve whitespace and line breaks to minimize cosmetic change.
* | Fix well-known lookups with the federation certificate whitelist (#5997)Amber Brown2019-09-141-1/+8
| |
* | Fix for structured logging tests stomping on logs (#6023)Amber Brown2019-09-131-8/+25
| |
* | add report_stats_endpoint config option (#6012)Sorunome2019-09-121-0/+9
| | | | | | This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
* | Blow up config if opentracing is missing (#5985)Jorik Schellekens2019-09-121-0/+7
| | | | | | | | * Blow up config if opentracing is missing
* | Merge pull request #6015 from matrix-org/erikj/ratelimit_admin_redactionErik Johnston2019-09-111-0/+13
|\ \ | | | | | | Allow use of different ratelimits for admin redactions.
| * | Fix commentsErik Johnston2019-09-111-1/+1
| | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
| * | Allow use of different ratelimits for admin redactions.Erik Johnston2019-09-111-0/+13
| | | | | | | | | | | | | | | This is useful to allow room admins to quickly deal with a large number of abusive messages.
* | | Check dependencies on setup in the nicer way. (#5989)Jorik Schellekens2019-09-112-27/+12
|/ /
* | Merge pull request #5934 from matrix-org/erikj/censor_redactionsErik Johnston2019-09-091-0/+17
|\ \ | | | | | | Censor redactions in DB after a month
| * | Default to censoring redactions after seven daysErik Johnston2019-09-091-4/+6
| | |
| * | Handle setting retention period to 0Erik Johnston2019-09-091-1/+1
| | |
| * | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-051-8/+5
| |\ \ | | | | | | | | | | | | erikj/censor_redactions
| * | | Make redaction retention period configurableErik Johnston2019-09-051-0/+15
| | | |
* | | | Servers-known-about statistic (#5981)Amber Brown2019-09-071-0/+31
| | | |
* | | | Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-062-28/+130
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* | | Fix and refactor room and user stats (#5971)Erik Johnston2019-09-041-8/+5
|/ / | | | | Previously the stats were not being correctly populated.
* | Add a link to python's logging config schema (#5926)Jorik Schellekens2019-08-281-1/+2
| |
* | Let synctl use a config directory. (#5904)Jorik Schellekens2019-08-281-3/+4
| | | | | | * Let synctl use a config directory.
* | Config templating (#5900)Jorik Schellekens2019-08-284-37/+161
| | | | | | | | | | | | | | | | | | | | | | | | Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org>
* | Implement a structured logging output system. (#5680)Amber Brown2019-08-281-42/+61
| |
* | Merge pull request #5895 from matrix-org/erikj/notary_keyErik Johnston2019-08-271-4/+30
|\ \ | | | | | | Add config option to sign remote key query responses with a separate key.
| * | Don't implicitly include server signing keyErik Johnston2019-08-231-7/+6
| | |
| * | Add config option for keys to use to sign keysErik Johnston2019-08-211-4/+31
| | | | | | | | | | | | | | | This allows servers to separate keys that are used to sign remote keys when acting as a notary server.
* | | public_base_url is actually public_baseurlAaron Raimist2019-08-261-1/+1
|/ / | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* / Fix up password reset template config names (#5863)Andrew Morgan2019-08-151-8/+8
|/ | | | | Fixes #5833 The emailconfig code was attempting to pull incorrect config file names. This corrects that, while also marking a difference between a config file variable that's a filepath versus a str containing HTML.
* fix config being a dict, actuallyAmber H. Brown2019-08-141-1/+1
|
* Don't load the media repo when configured to use an external media repo (#5754)Amber Brown2019-08-131-0/+20
|
* LintBrendan Abolivier2019-08-011-12/+7
|
* Allow defining HTML templates to serve the user on account renewalBrendan Abolivier2019-08-011-2/+48
|
* Remove non-functional 'expire_access_token' setting (#5782)Richard van der Hoff2019-07-301-6/+0
| | | | | | | | The `expire_access_token` didn't do what it sounded like it should do. What it actually did was make Synapse enforce the 'time' caveat on macaroons used as access tokens, but since our access token macaroons never contained such a caveat, it was always a no-op. (The code to add 'time' caveats was removed back in v0.18.5, in #1656)
* Room Complexity Client Implementation (#5783)Amber Brown2019-07-301-0/+41
|
* Make Jaeger fully configurable (#5694)Jorik Schellekens2019-07-231-0/+22
| | | | | | * Allow Jaeger to be configured * Update sample config
* Fix logging in workers (#5729)Amber Brown2019-07-221-0/+1
| | | This also adds a worker blacklist.
* Merge branch 'release-v1.2.0' into developJorik Schellekens2019-07-221-12/+2
|\
| * Opentracing Documentation (#5703)Jorik Schellekens2019-07-221-12/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Opentracing survival guide * Update decorator names in doc * Doc cleanup These are all alterations as a result of comments in #5703, it includes mostly typos and clarifications. The most interesting changes are: - Split developer and user docs into two sections - Add a high level description of OpenTracing * newsfile * Move contributer specific info to docstring. * Sample config. * Trailing whitespace. * Update 5703.misc * Apply suggestions from code review Mostly just rewording parts of the docs for clarity. Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* | Remove non-dedicated logging options and command line arguments (#5678)Amber Brown2019-07-192-75/+12
|/
* enable aggregations support by defaultNeil Johnson2019-07-181-1/+1
|
* Clean up opentracing configuration options (#5712)Richard van der Hoff2019-07-181-22/+41
| | | | | | | | | | | | | | | | | Clean up config settings and dead code. This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular: * There should be a blank line after `## Section ##' headings * There should be a blank line between each config setting * There should be a `#`-only line between a comment and the setting it describes * We don't really do the `# #` style commenting-out of whole sections if we can help it * rename `tracer_enabled` to `enabled` While we're here, do more config parsing upfront, which makes it easier to use later on. Also removes redundant code from LogContextScopeManager. Also changes the changelog fragment to a `feature` - it's exciting!
* Clean up arg name and remove lying commentErik Johnston2019-07-161-7/+5
|
* Fix invoking add_argument from homeserver.pyErik Johnston2019-07-151-1/+1
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_api_cmdErik Johnston2019-07-157-19/+114
|\
| * Implement access token expiry (#5660)Richard van der Hoff2019-07-121-0/+16
| | | | | | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
| * Add basic opentracing support (#5544)Jorik Schellekens2019-07-112-0/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
| * Remove support for invite_3pid_guest. (#5625)Richard van der Hoff2019-07-051-3/+2
| | | | | | | | | | | | | | | | | | This has never been documented, and I'm not sure it's ever been used outside sytest. It's quite a lot of poorly-maintained code, so I'd like to get rid of it. For now I haven't removed the database table; I suggest we leave that for a future clearout.
| * Fixes to the federation rate limiter (#5621)Richard van der Hoff2019-07-051-2/+2
| | | | | | | | | | | | | | - Put the default window_size back to 1000ms (broken by #5181) - Make the `rc_federation` config actually do something - fix an off-by-one error in the 'concurrent' limit - Avoid creating an unused `_PerHostRatelimiter` object for every single incoming request
| * Make errors about email password resets much clearer (#5616)Andrew Morgan2019-07-051-11/+8
| | | | | | The runtime errors that dealt with local email password resets talked about config options that users may not even have in their config file yet (if upgrading). Instead, the cryptic errors are now replaced with hopefully much more helpful ones.
| * Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-2/+2
| |
| * Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-013-2/+47
| |\
| * | cleanupsRichard van der Hoff2019-06-271-6/+13
| | |
| * | Add support for tracking SAML2 sessions.Richard van der Hoff2019-06-261-1/+19
| | | | | | | | | | | | This allows us to correctly handle `allow_unsolicited: False`.
| * | Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-06-2631-620/+704
| |\ \
| * | | Code cleanups and simplifications.Richard van der Hoff2019-06-111-1/+6
| | | | | | | | | | | | | | | | Also: share the saml client between redirect and response handlers.
| * | | Merge remote-tracking branch 'origin/develop' into rav/saml2_clientRichard van der Hoff2019-06-104-99/+422
| |\ \ \
| * | | | SAML2 Improvements and redirect stuffAlexander Trost2019-06-021-0/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexander Trost <galexrt@googlemail.com>
* | | | | Move creation of ArgumentParser to callerErik Johnston2019-07-151-10/+5
| | | | |
* | | | | Fix up commentsErik Johnston2019-07-151-1/+1
| | | | |
* | | | | Change add_arguments to be a static methodErik Johnston2019-07-155-5/+39
| | | | |
* | | | | Add basic admin cmd appErik Johnston2019-07-021-3/+45
| |_|_|/ |/| | |
* | | | Update the TLS cipher string and provide configurability for TLS on outgoing ↵Amber Brown2019-06-281-1/+31
| | | | | | | | | | | | | | | | federation (#5550)
* | | | Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-271-0/+7
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel Hoffend <dh@dotlan.net>
* | | | Make it clearer that the template dir is relative to synapse's root dir (#5543)Andrew Morgan2019-06-271-1/+9
| |_|/ |/| | | | | Helps address #5444
* | | Merge pull request #5524 from matrix-org/rav/new_cmdline_optionsRichard van der Hoff2019-06-242-5/+41
|\ \ \ | | | | | | | | Add --data-dir and --open-private-ports options.
| * | | Add "--open-private-ports" cmdline optionRichard van der Hoff2019-06-242-5/+26
| | | | | | | | | | | | | | | | This is helpful when generating a config file for running synapse under docker.
| * | | Add --data-directory commandline argumentRichard van der Hoff2019-06-241-0/+15
| | | | | | | | | | | | | | | | We don't necessarily want to put the data in the cwd.
* | | | Merge pull request #5523 from matrix-org/rav/arg_defaultsRichard van der Hoff2019-06-2429-107/+87
|\| | | | | | | | | | | Stop conflating generated config and default config
| * | | Don't load the generated config as the default.Richard van der Hoff2019-06-2429-94/+60
| | | | | | | | | | | | | | | | It's too confusing.
| * | | Ensure that all config options have sensible defaultsRichard van der Hoff2019-06-244-13/+27
| | | | | | | | | | | | | | | | | | | | This will enable us to skip the unintuitive behaviour where the generated config and default config are the same thing.
* | | | Merge pull request #5534 from matrix-org/babolivier/federation-publicroomsBrendan Abolivier2019-06-241-10/+34
|\ \ \ \ | |/ / / |/| | | Split public rooms directory auth config in two
| * | | Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-10/+34
| | | |
* | | | Remove unused Config.config_dir_path attributeRichard van der Hoff2019-06-241-3/+0
| | | | | | | | | | | | | | | | This is no longer used and only serves to confuse.
* | | | Allow configuration of the path used for ACME account keys.Richard van der Hoff2019-06-241-2/+14
|/ / / | | | | | | | | | | | | Because sticking it in the same place as the config isn't necessarily the right thing to do.
* | | Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-2430-63/+99
| | | | | | | | | | | | | | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
* | | Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-222-25/+0
| | | | | | | | | This has no useful purpose on python3, and is generally a source of confusion.
* | | Improve help and cmdline option names for --generate-config options (#5512)Richard van der Hoff2019-06-211-22/+28
| | | | | | | | | | | | | | | | | | | | | * group the arguments together into a group * add new names "--generate-missing-config" and "--config-directory" for existing cmdline options "--generate-keys" and "--keys-dir", which better reflect their purposes.
* | | Refactor Config parser and add some comments. (#5511)Richard van der Hoff2019-06-211-14/+35
| | | | | | | | | | | | Add some comments, and simplify `read_config_files`.
* | | Improve logging when generating config files (#5510)Richard van der Hoff2019-06-213-1/+7
| | | | | | | | | Make it a bit clearer what's going on.
* | | Run Black. (#5482)Amber Brown2019-06-2022-427/+369
| | |
* | | Add experimental option to reduce extremities.Erik Johnston2019-06-181-0/+6
| | | | | | | | | | | | | | | | | | | | | Adds new config option `cleanup_extremities_with_dummy_events` which periodically sends dummy events to rooms with more than 10 extremities. THIS IS REALLY EXPERIMENTAL.
* | | Merge pull request #5440 from matrix-org/babolivier/third_party_event_rulesBrendan Abolivier2019-06-142-0/+44
|\ \ \ | | | | | | | | Allow server admins to define implementations of extra rules for allowing or denying incoming events
| * | | Add plugin APIs for implementations of custom event rules.Brendan Abolivier2019-06-142-0/+44
| | |/ | |/|
* / | Don't warn user about password reset disabling through config code (#5387)Andrew Morgan2019-06-111-6/+5
|/ / | | | | | | | | | | | | Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen? Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense. Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
* | Improve startup checks for insecure notary configs (#5392)Richard van der Hoff2019-06-101-4/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | It's not really a problem to trust notary responses signed by the old key so long as we are also doing TLS validation. This commit adds a check to the config parsing code at startup to check that we do not have the insecure matrix.org key without tls validation, and refuses to start without it. This allows us to remove the rather alarming-looking warning which happens at runtime.
* | Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | | | | | Set default room version to v4.
* | Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-15/+138
| | | | | | | | | | | | | | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* | Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-061-39/+189
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* | Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verificationRichard van der Hoff2019-06-052-1/+17
|\ \
| * | Fix `federation_custom_ca_list` configuration option.Richard van der Hoff2019-06-051-1/+1
| | | | | | | | | | | | Previously, setting this option would cause an exception at startup.
| * | Neilj/mau tracking config explainer (#5284)Neil Johnson2019-06-051-0/+16
| | | | | | | | | | | | Improve documentation of monthly active user blocking and mau_trial_days
* | | Validate federation server TLS certificates by default.Richard van der Hoff2019-06-051-5/+5
|/ /
* | Merge pull request #5341 from matrix-org/babolivier/email_configBrendan Abolivier2019-06-041-42/+57
|\ \ | |/ |/| Make account validity renewal emails work when email notifs are disabled
| * Only parse from email if providedBrendan Abolivier2019-06-041-4/+5
| |
| * LintBrendan Abolivier2019-06-041-1/+0
| |
| * Make account validity renewal emails work when email notifs are disabledBrendan Abolivier2019-06-041-42/+57
| |
* | Merge pull request #5276 from matrix-org/babolivier/account_validity_job_deltaErik Johnston2019-05-311-1/+5
|\ \ | | | | | | Allow configuring a range for the account validity startup job
| * | Move delta from +10% to -10%Brendan Abolivier2019-05-311-1/+1
| | |