| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
It's too confusing.
|
|
|
|
|
| |
This will enable us to skip the unintuitive behaviour where the generated
config and default config are the same thing.
|
|
|
|
| |
This is no longer used and only serves to confuse.
|
|
|
|
|
| |
Because sticking it in the same place as the config isn't necessarily the right
thing to do.
|
|
|
|
|
|
| |
* Pull config_dir_path and data_dir_path calculation out of read_config_files
* Pass config_dir_path and data_dir_path into read_config
|
|
|
| |
This has no useful purpose on python3, and is generally a source of confusion.
|
|
|
|
|
|
|
| |
* group the arguments together into a group
* add new names "--generate-missing-config" and "--config-directory" for
existing cmdline options "--generate-keys" and "--keys-dir", which better
reflect their purposes.
|
|
|
|
| |
Add some comments, and simplify `read_config_files`.
|
|
|
| |
Make it a bit clearer what's going on.
|
| |
|
|
|
|
|
|
|
| |
Adds new config option `cleanup_extremities_with_dummy_events` which
periodically sends dummy events to rooms with more than 10 extremities.
THIS IS REALLY EXPERIMENTAL.
|
|\
| |
| | |
Allow server admins to define implementations of extra rules for allowing or denying incoming events
|
| | |
|
|/
|
|
|
|
|
| |
Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen?
Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense.
Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not really a problem to trust notary responses signed by the old key so
long as we are also doing TLS validation.
This commit adds a check to the config parsing code at startup to check that
we do not have the insecure matrix.org key without tls validation, and refuses
to start without it.
This allows us to remove the rather alarming-looking warning which happens at
runtime.
|
|
|
|
| |
Set default room version to v4.
|
|
|
|
|
|
|
|
|
|
|
|
| |
identity server (#5377)
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few changes going on here:
* We make checking the signature on a key server response optional: if no
verify_keys are specified, we trust to TLS to validate the connection.
* We change the default config so that it does not require responses to be
signed by the old key.
* We replace the old 'perspectives' config with 'trusted_key_servers', which
is also formatted slightly differently.
* We emit a warning to the logs every time we trust a key server response
signed by the old key.
|
|\ |
|
| |
| |
| |
| | |
Previously, setting this option would cause an exception at startup.
|
| |
| |
| |
| | |
Improve documentation of monthly active user blocking and mau_trial_days
|
|/ |
|
|\
| |
| | |
Make account validity renewal emails work when email notifs are disabled
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Allow configuring a range for the account validity startup job
|
| | | |
|
| | | |
|
| | | |
|
| |/
| |
| |
| |
| | |
When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal.
In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch.
|
| |
| |
| |
| | |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| | |
|
| |
| |
| |
| |
| | |
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
|
| | |
|
|\|
| |
| |
| |
| | |
matrix-org/babolivier/account_validity_expiration_date
Add startup background job for account validity
|
| | |
|
|\ \
| |/
|/| |
Land basic reaction and edit support.
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CS API (#5083)
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
|
|\ |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Add some limitations to alias creation
|
| | | |
|
|/ / |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Send out emails with links to extend an account's validity period
|
| | | |
|
| | | |
|
|\| |
| | |
| | | |
Add time-based account expiration
|
| |/ |
|
| |
| |
| |
| | |
add context to phonehome stats
|
| | |
|
|/
|
|
|
|
| |
As requested by @andrewshadura
|
| |
|
|\
| |
| | |
Add option to disable search room lists
|
| | |
|
| |
| |
| |
| | |
This disables both local and remote room list searching.
|
|\ \
| | |
| | | |
Add option to disable searching in the user dir
|
| | | |
|
| | |
| | |
| | | |
Co-Authored-By: erikjohnston <erikj@jki.re>
|
| |/
| |
| |
| | |
We still populate it, as it can still be accessed via the admin API.
|
| |
| |
| | |
Setting this to 50 or so makes a bunch of sytests fail in worker mode.
|
|/
|
|
| |
Rate-limit outgoing read-receipts as per #4730.
|
|
|
|
|
|
|
| |
Rather than using a Mock for the homeserver config, use a genuine
HomeServerConfig object. This makes for a more realistic test, and means that
we don't have to keep remembering to add things to the mock config every time
we add a new config setting.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
|
| |
|
|
|
| |
Add two ratelimiters on login (per-IP address and per-userID).
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Clarify what registration_shared_secret allows for (#2885)
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
|
| |
|
|
|
| |
Fixes #4675.
|
|
|
|
|
|
|
|
| |
* add trivial clarification about jemalloc
* switch from google.com to recaptcha.net
because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
|
|\
| |
| | |
Fixup generated metrics config
|
| | |
|
|/
|
|
|
|
| |
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
|
|\
| |
| | |
Support .well-known delegation when issuing certificates through ACME
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Add basic optional sentry.io integration
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
The warning for missing macaroon_secret_key was "missing missing".
|
|\ \
| | |
| | | |
Add configurable room list publishing rules
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This allows specifying who and what is allowed to be published onto the
public room list
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
* Better logging for errors on startup
* Fix "TypeError: '>' not supported" when starting without an existing
certificate
* Fix a bug where an existing certificate would be reprovisoned every day
|
|/
|
|
|
| |
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
|
|\
| |
| | |
fix self-signed cert notice from generate-config
|
| |
| |
| |
| | |
fixes #4620
|
| | |
|
|/
|
|
|
|
| |
If TLS is disabled, it should not be an error if no cert is given.
Fixes #4554.
|
| |
|
|
|
|
|
| |
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
|
|\ |
|
| |
| |
| |
| |
| | |
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
|
|/
|
|
| |
... otherwise we would fail with a mysterious KeyError or something later.
|
|
|
|
|
|
|
|
|
|
| |
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
|
| |
|
| |
|
|\
| |
| | |
New listener resource for the federation API "openid/userinfo" endpoint
|
| |
| |
| |
| | |
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |
| |
| |
| |
| |
| | |
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | |
|
|\ \ |
|
| | |
| | |
| | | |
Fixes #4559
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
* by default include m.room.encryption on invites
* fix constant
* changelog
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Handle listening for ACME requests on IPv6 addresses
the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses
without extra quoting. Building a string which you are about to parse again
seems like a weird choice. Let's just use listenTCP, which is consistent with
what we do elsewhere.
* Clean up the default ACME config
make it look a bit more consistent with everything else, and tweak the defaults
to listen on port 80.
* newsfile
|
| | |
|
|\ \
| | |
| | | |
Check consent dir path on startup
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Don't recommend :8448 to people on public_baseurl
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| | |
If you use double-quotes here, you have to escape your backslashes. It's much
easier with single-quotes.
(Note that the existing double-backslashes are already interpreted by python's
""" parsing.)
|
|\ \
| | |
| | | |
Neilj/fix threepid auth check
|
| | | |
|
| |/ |
|
| |
| |
| |
| |
| |
| | |
This is leading to problems with people upgrading to clients that
support MSC1730 because people have this misconfigured, so try
to make the docs completely unambiguous.
|
|/ |
|
|\
| |
| | |
Config option to disable requesting MSISDN on registration
|
| | |
|
| | |
|
|/
|
| |
* remove dh_params and set better cipher string
|
| |
|
|\
| |
| |
| | |
Fixes #4371
|
| |
| |
| |
| |
| |
| | |
This is already fixed in 0.34.1, by 59f93bb
This reverts commit efc522c55e996e420271de2d9094835dda52ade4.
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Raise a ConfigError if an invalid resource is specified
* Require Jinja 2.9 for the consent resource
* changelog
|
| | | |
|
| | |
| | |
| | | |
These settings are not supposed to be under 'listeners'.
|
|\| | |
|
| | |
| | |
| | |
| | | |
This is based on the work done by @krombel in #2601.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.
What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Rip out half-implemented m.login.saml2 support
This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
* drop undocumented dependency on dateutil
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
|
|/ /
| |
| |
| | |
Sometimes it's useful for synapse to generate its own .well-known file.
|
| | |
|
| |
| |
| |
| |
| |
| | |
in it (#4230)
This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
|
| |
| |
| |
| | |
configuration (#4207)
|
| | |
|
| |
| |
| |
| | |
So people can still collect consent the old way if they want to.
|
| | |
|
|\ \
| | |
| | |
| | | |
erikj/alias_disallow_list
|
| |\ \
| | | |
| | | |
| | | | |
matthew/autocreate_autojoin
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Broadly three things here:
* disable W504 which seems a bit whacko
* remove a bunch of `as e` expressions from exception handlers that don't use
them
* use `r""` for strings which include backslashes
Also, we don't use pep8 any more, so we can get rid of the duplicate config
there.
|
| | | |
| | | |
| | | |
| | | | |
on py3) (#4068)
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
move the example email templates into the synapse package so that they can be
used as package data, which should mean that all of the packaging mechanisms
(pip, docker, debian, arch, etc) should now come with the example templates.
In order to grandfather in people who relied on the templates being in the old
place, check for that situation and fall back to using the defaults if the
templates directory does not exist.
|
| |
| |
| |
| | |
Signed-off-by: Schnuffle <schnuffle@github.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This handy code attempted to check that we could import jwt, but utterly failed
to check it was the right jwt.
Fixes https://github.com/matrix-org/synapse/issues/3793
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
AuthError in all cases
|
| |
| |
| |
| |
| |
| | |
return AuthError in all cases"
This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
|
| |
| |
| |
| | |
AuthError in all cases
|
| |
| |
| |
| | |
... because logging *before* reloading means the log message gets lost in the old MemoryLogger
|
|\ \ |
|
| | | |
|
| | | |
|
|/ / |
|
|/ |
|
|\ |
|
| |\
| | |
| | | |
document that the affinity package is required for the cpu_affinity setting
|
| | | |
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in synapse v0.31.0 (2018-06-06)
======================================
Most notable change from v0.30.0 is to switch to python prometheus library to improve system
stats reporting. WARNING this changes a number of prometheus metrics in a
backwards-incompatible manner. For more details, see
`docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_.
Bug Fixes:
* Fix metric documentation tables (PR #3341)
* Fix LaterGuage error handling (694968f)
* Fix replication metrics (b7e7fd2)
Changes in synapse v0.31.0-rc1 (2018-06-04)
==========================================
Features:
* Switch to the Python Prometheus library (PR #3256, #3274)
* Let users leave the server notice room after joining (PR #3287)
Changes:
* daily user type phone home stats (PR #3264)
* Use iter* methods for _filter_events_for_server (PR #3267)
* Docs on consent bits (PR #3268)
* Remove users from user directory on deactivate (PR #3277)
* Avoid sending consent notice to guest users (PR #3288)
* disable CPUMetrics if no /proc/self/stat (PR #3299)
* Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat!
* Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307)
* Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat!
* Reduce stuck read-receipts: ignore depth when updating (PR #3318)
* Put python's logs into Trial when running unit tests (PR #3319)
Changes, python 3 migration:
* Replace some more comparisons with six (PR #3243) Thanks to @NotAFile!
* replace some iteritems with six (PR #3244) Thanks to @NotAFile!
* Add batch_iter to utils (PR #3245) Thanks to @NotAFile!
* use repr, not str (PR #3246) Thanks to @NotAFile!
* Misc Python3 fixes (PR #3247) Thanks to @NotAFile!
* Py3 storage/_base.py (PR #3278) Thanks to @NotAFile!
* more six iteritems (PR #3279) Thanks to @NotAFile!
* More Misc. py3 fixes (PR #3280) Thanks to @NotAFile!
* remaining isintance fixes (PR #3281) Thanks to @NotAFile!
* py3-ize state.py (PR #3283) Thanks to @NotAFile!
* extend tox testing for py3 to avoid regressions (PR #3302) Thanks to @krombel!
* use memoryview in py3 (PR #3303) Thanks to @NotAFile!
Bugs:
* Fix federation backfill bugs (PR #3261)
* federation: fix LaterGauge usage (PR #3328) Thanks to @intelfx!
|
| | | | |
|
| | | | |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This default config is parsed and used a base before the actual
config is overlaid, so with these values not commented out, the
code to detect when no turn params were set and refuse to generate
credentials was never firing because the dummy default was always set.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to do a bit more validation when we get a server name, but don't want
to be re-doing it all over the shop, so factor out a separate
parse_and_validate_server_name, and do the extra validation.
Also, use it to verify the server name in the config file.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
I'm fed up with never being able to find the point a server restarted in the
logs.
|
|\| |
| |/
|/| |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The added addresses are expected to be local or loopback addresses and
shouldn't be spidered for previews.
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
| | |
|
| |
| |
| |
| | |
bool("False") == True...
|
|/
|
|
| |
we think it makes sense not to send the notices to guest users.
|
|
|
|
| |
probably should have done this in the first place, like @turt2live suggested.
|
|
|
|
|
| |
Make it possible to put the URI in the error message and the server notice that
get sent by the server
|
|
|
|
|
|
| |
Returns an M_CONSENT_NOT_GIVEN error (cf
https://github.com/matrix-org/matrix-doc/issues/1252) if consent is not yet
given.
|
|
|
|
| |
turns out we need to reuse this, so it's better in the config class.
|
|
|
|
|
| |
When a user first syncs, we will send them a server notice asking them to
consent to the privacy policy if they have not already done so.
|
|
|
|
| |
we're going to use it for the version we require too.
|
| |
|
|
|
|
|
|
|
| |
Server Notices use a special room which the user can't dismiss. They are
created on demand when some other bit of the code calls send_notice.
(This doesn't actually do much yet becuse we don't call send_notice anywhere)
|
|
|
|
|
| |
Hopefully there are enough comments and docs in this that it makes sense on its
own.
|
|\
| |
| | |
Open config file in non-bytes mode
|
| |
| |
| |
| | |
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Nothing written into it is encoded, so it makes little sense, but it
does break in python3 the way it was before.
The variable names were adjusted to be less misleading.
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|\ \
| | |
| | | |
Open certificate files as bytes
|
| |/
| |
| |
| |
| |
| | |
That's what pyOpenSSL expects on python3
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|/
|
|
|
|
| |
The imports were shuffled around a bunch in py3
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|\
| |
| | |
use python3-compatible prints
|
| | |
|
|/
|
|
| |
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
| |
|
| |
|
|
|
|
|
|
| |
Add federation_domain_whitelist
gives a way to restrict which domains your HS is allowed to federate with.
useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
|
|\
| |
| | |
add registrations_require_3pid and allow_local_3pids
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
|
| |
| |
| |
| |
| | |
lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with.
Typically useful for stopping people from registering with non-work emails
|
| | |
|
| | |
|
| | |
|
|/ |
|