summary refs log tree commit diff
path: root/synapse/config (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Revert "support admin_email config and pass through into blocking errors, ↵Neil Johnson2018-08-131-4/+0
| | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
* support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | AuthError in all cases
* log *after* reloading log configRichard van der Hoff2018-08-101-2/+1
| | | | ... because logging *before* reloading means the log message gets lost in the old MemoryLogger
* Merge branch 'develop' into neilj/disable_hsNeil Johnson2018-08-081-0/+3
|\
| * implement reserved users for mau limitsNeil Johnson2018-08-071-1/+1
| |
| * load mau limit threepidsNeil Johnson2018-08-061-0/+3
| |
* | disable HS from configNeil Johnson2018-08-041-0/+4
|/
* fix (lots of) py3 test failuresNeil Johnson2018-08-031-2/+2
|
* Merge branch 'master' into developRichard van der Hoff2018-08-021-0/+2
|\
| * Merge pull request #3377 from Valodim/note-affinityRichard van der Hoff2018-07-191-0/+2
| |\ | | | | | | document that the affinity package is required for the cpu_affinity setting
| | * add note that the affinity package is required for the cpu_affinity settingVincent Breitmoser2018-06-091-0/+2
| | |
| | * Merge tag 'v0.31.0'Neil Johnson2018-06-063-1/+20
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes in synapse v0.31.0 (2018-06-06) ====================================== Most notable change from v0.30.0 is to switch to python prometheus library to improve system stats reporting. WARNING this changes a number of prometheus metrics in a backwards-incompatible manner. For more details, see `docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_. Bug Fixes: * Fix metric documentation tables (PR #3341) * Fix LaterGuage error handling (694968f) * Fix replication metrics (b7e7fd2) Changes in synapse v0.31.0-rc1 (2018-06-04) ========================================== Features: * Switch to the Python Prometheus library (PR #3256, #3274) * Let users leave the server notice room after joining (PR #3287) Changes: * daily user type phone home stats (PR #3264) * Use iter* methods for _filter_events_for_server (PR #3267) * Docs on consent bits (PR #3268) * Remove users from user directory on deactivate (PR #3277) * Avoid sending consent notice to guest users (PR #3288) * disable CPUMetrics if no /proc/self/stat (PR #3299) * Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312) Thanks to @thegcat! * Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307) * Add private IPv6 addresses to example config for url preview blacklist (PR #3317) Thanks to @thegcat! * Reduce stuck read-receipts: ignore depth when updating (PR #3318) * Put python's logs into Trial when running unit tests (PR #3319) Changes, python 3 migration: * Replace some more comparisons with six (PR #3243) Thanks to @NotAFile! * replace some iteritems with six (PR #3244) Thanks to @NotAFile! * Add batch_iter to utils (PR #3245) Thanks to @NotAFile! * use repr, not str (PR #3246) Thanks to @NotAFile! * Misc Python3 fixes (PR #3247) Thanks to @NotAFile! * Py3 storage/_base.py (PR #3278) Thanks to @NotAFile! * more six iteritems (PR #3279) Thanks to @NotAFile! * More Misc. py3 fixes (PR #3280) Thanks to @NotAFile! * remaining isintance fixes (PR #3281) Thanks to @NotAFile! * py3-ize state.py (PR #3283) Thanks to @NotAFile! * extend tox testing for py3 to avoid regressions (PR #3302) Thanks to @krombel! * use memoryview in py3 (PR #3303) Thanks to @NotAFile! Bugs: * Fix federation backfill bugs (PR #3261) * federation: fix LaterGauge usage (PR #3328) Thanks to @intelfx!
* | | | remove need to plot limit_usage_by_mauNeil Johnson2018-08-011-3/+6
| | | |
* | | | coding styleNeil Johnson2018-07-311-1/+1
| | | |
* | | | limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+5
| | | |
* | | | Comment dummy TURN parameters in default configDavid Baker2018-07-111-2/+2
|/ / / | | | | | | | | | | | | | | | | | | This default config is parsed and used a base before the actual config is overlaid, so with these values not commented out, the code to detect when no turn params were set and refuse to generate credentials was never firing because the dummy default was always set.
* | | run isortAmber Brown2018-07-0913-51/+59
| | |
* | | More server_name validationRichard van der Hoff2018-07-041-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | We need to do a bit more validation when we get a server name, but don't want to be re-doing it all over the shop, so factor out a separate parse_and_validate_server_name, and do the extra validation. Also, use it to verify the server name in the config file.
* | | fix testsMatthew Hodgson2018-06-281-0/+1
| | |
* | | add ip_range_whitelist parameter to limit where ASes can connect fromMatthew Hodgson2018-06-281-1/+10
| | |
* | | Write a clear restart indicator in logsRichard van der Hoff2018-06-201-6/+18
| | | | | | | | | | | | | | | I'm fed up with never being able to find the point a server restarted in the logs.
* | | Merge remote-tracking branch 'origin/master' into developRichard van der Hoff2018-06-051-0/+3
|\| | | |/ |/|
| * remove trailing whitespaceRichard van der Hoff2018-05-301-2/+2
| |
| * fix english and wrap commentRichard van der Hoff2018-05-301-1/+2
| |
| * add link to thorough instruction how to configure consentRuben Barkow2018-05-251-0/+2
| |
* | Add private IPv6 addresses to preview blacklist #3312Felix Schäfer2018-06-011-0/+3
| | | | | | | | | | | | | | The added addresses are expected to be local or loopback addresses and shouldn't be spidered for previews. Signed-off-by: Felix Schäfer <felix@thegcat.net>
* | Run Prometheus on a different port, optionally. (#3274)Amber Brown2018-05-311-0/+10
| |
* | Fix default for send_server_notice_to_guestsRichard van der Hoff2018-05-251-1/+1
| | | | | | | | bool("False") == True...
* | Avoid sending consent notice to guest usersRichard van der Hoff2018-05-251-1/+7
|/ | | | we think it makes sense not to send the notices to guest users.
* Allow overriding the server_notices user's avatarRichard van der Hoff2018-05-231-3/+12
| | | | probably should have done this in the first place, like @turt2live suggested.
* Support for putting %(consent_uri)s in messagesRichard van der Hoff2018-05-231-4/+7
| | | | | Make it possible to put the URI in the error message and the server notice that get sent by the server
* Reject attempts to send event before privacy consent is givenRichard van der Hoff2018-05-221-0/+10
| | | | | | Returns an M_CONSENT_NOT_GIVEN error (cf https://github.com/matrix-org/matrix-doc/issues/1252) if consent is not yet given.
* Move consent config parsing into ConsentConfigRichard van der Hoff2018-05-221-1/+15
| | | | turns out we need to reuse this, so it's better in the config class.
* Send users a server notice about consentRichard van der Hoff2018-05-221-0/+8
| | | | | When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so.
* Rename 'version' param on user consent configRichard van der Hoff2018-05-221-4/+6
| | | | we're going to use it for the version we require too.
* Replace inline docstrings with "Attributes" in class docstringRichard van der Hoff2018-05-181-23/+15
|
* Infrastructure for a server notices roomRichard van der Hoff2018-05-172-1/+89
| | | | | | | Server Notices use a special room which the user can't dismiss. They are created on demand when some other bit of the code calls send_notice. (This doesn't actually do much yet becuse we don't call send_notice anywhere)
* ConsentResource to gather policy consent from usersRichard van der Hoff2018-05-154-3/+63
| | | | | Hopefully there are enough comments and docs in this that it makes sense on its own.
* Merge pull request #3085 from NotAFile/py3-config-text-modeRichard van der Hoff2018-04-302-4/+4
|\ | | | | Open config file in non-bytes mode
| * open log_config in text mode tooAdrian Tschira2018-04-281-1/+1
| | | | | | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
| * Open config file in non-bytes modeAdrian Tschira2018-04-101-3/+3
| | | | | | | | | | | | | | | | | | Nothing written into it is encoded, so it makes little sense, but it does break in python3 the way it was before. The variable names were adjusted to be less misleading. Signed-off-by: Adrian Tschira <nota@notafile.com>
* | Merge pull request #3084 from NotAFile/py3-certs-byte-modeRichard van der Hoff2018-04-301-2/+2
|\ \ | | | | | | Open certificate files as bytes
| * | Open certificate files as bytesAdrian Tschira2018-04-101-2/+2
| |/ | | | | | | | | | | That's what pyOpenSSL expects on python3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* / Use six.moves.urlparseAdrian Tschira2018-04-151-2/+2
|/ | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge pull request #3074 from NotAFile/fix-py3-printsRichard van der Hoff2018-04-091-5/+5
|\ | | | | use python3-compatible prints
| * use python3-compatible printsAdrian Tschira2018-04-061-5/+5
| |
* | Replace some type checks with six type checksAdrian Tschira2018-04-072-5/+9
|/ | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* spell out not to massively increase bcrypt roundsMatthew Hodgson2018-03-191-1/+3
|
* Add replication http endpoint for event sendingErik Johnston2018-02-071-0/+8
|
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-0/+22
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* Merge pull request #2813 from matrix-org/matthew/registrations_require_3pidMatthew Hodgson2018-01-221-0/+19
|\ | | | | add registrations_require_3pid and allow_local_3pids
| * rewrite based on PR feedback:Matthew Hodgson2018-01-191-3/+9
| | | | | | | | | | | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
| * add registrations_require_3pidMatthew Hodgson2018-01-191-0/+13
| | | | | | | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
* | Fix passing wrong config to provider constructorErik Johnston2018-01-181-1/+1
| |
* | Remove duplicate directory testErik Johnston2018-01-181-4/+0
| |
* | Fixup commentsErik Johnston2018-01-181-1/+5
| |
* | Make storage providers more configurableErik Johnston2018-01-181-11/+72
|/
* fix typoMatthew Hodgson2018-01-161-1/+1
|
* Actually make it workErik Johnston2018-01-121-0/+5
|
* Merge pull request #2763 from matrix-org/rav/fix_config_utsRichard van der Hoff2018-01-091-2/+2
|\ | | | | Fix broken config UTs
| * Fix broken config UTsRichard van der Hoff2018-01-091-2/+2
| | | | | | | | | | https://github.com/matrix-org/synapse/pull/2755 broke log-config generation, which in turn broke the unit tests.
* | Make indentation of generated log config consistentRichard van der Hoff2018-01-091-17/+17
|/ | | | (we had a mix of 2- and 4-space indents)
* Remove 'verbosity'/'log_file' from generated cfgRichard van der Hoff2018-01-051-8/+4
| | | | | | ... because these only really exist to confuse people nowadays. Also bring log config more into line with the generated log config, by making `level_for_storage` apply to the `synapse.storage.SQL` logger rather than `synapse.storage`.
* Merge pull request #2683 from seckrv/fix_pwd_auth_prov_typoRichard van der Hoff2017-12-181-2/+2
|\ | | | | synapse/config/password_auth_providers: Fixed bracket typo
| * synapse/config/password_auth_providers: Fixed bracket typoRichard von Seck2017-11-161-2/+2
| | | | | | | | Signed-off-by: Richard von Seck <richard.von-seck@gmx.net>
* | Allow binds to both :: and 0.0.0.0Silke Hofstra2017-12-171-5/+3
| | | | | | | | | | | | | | | | | | | | Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed. This causes a warning explaining the behaviour. Configuration changed to match. See #2232 Signed-off-by: Silke Hofstra <silke@slxh.eu>
* | Adapt the default config to bind on IPv6.Willem Mulder2017-12-171-8/+9
| | | | | | | | | | | | | | | | | | Most deployments are on Linux (or Mac OS), so this would actually bind on both IPv4 and IPv6. Resolves #1886. Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
* | better docMatthew Hodgson2017-12-041-1/+4
| |
* | switch to a simpler 'search_all_users' button as per review feedbackMatthew Hodgson2017-12-041-7/+8
| |
* | Merge branch 'develop' into matthew/search-all-local-usersMatthew Hodgson2017-11-301-0/+6
|\ \
| * | Add config option to disable media_repo on main synapseRichard van der Hoff2017-11-221-0/+6
| | | | | | | | | | | | ... to stop us doing the cache cleanup jobs on the master.
* | | specify default user_directory_include_patternMatthew Hodgson2017-11-301-0/+1
| | |
* | | untested WIP but might actually workMatthew Hodgson2017-11-291-3/+2
| | |
* | | Add user_directory_include_pattern config param to expand search results to ↵Matthew Hodgson2017-11-292-1/+42
|/ / | | | | | | | | | | | | | | | | | | additional users Initial commit; this doesn't work yet - the LIKE filtering seems too aggressive. It also needs _do_initial_spam to be aware of prepopulating the whole user_directory_search table with all users... ...and it needs a handle_user_signup() or something to be added so that new signups get incrementally added to the table too. Committing it here as a WIP
* / Check group_id belongs to this domainLuke Barnard2017-11-161-0/+1
|/
* Print instead of loggingDavid Baker2017-11-131-11/+4
| | | | because we had to wait until the logger was set up
* Make the commented config have the defaultDavid Baker2017-11-091-1/+1
|
* better commentsDavid Baker2017-11-081-2/+5
|
* Log if any of the old config flags are setDavid Baker2017-11-081-2/+24
|
* Rename redact_content option to include_contentDavid Baker2017-11-081-15/+13
| | | | | | | | | | | | | | | | | | The redact_content option never worked because it read the wrong config section. The PR introducing it (https://github.com/matrix-org/synapse/pull/2301) had feedback suggesting the name be changed to not re-use the term 'redact' but this wasn't incorporated. This reanmes the option to give it a less confusing name, and also means that people who've set the redact_content option won't suddenly see a behaviour change when upgrading synapse, but instead can set include_content if they want to. This PR also updates the wording of the config comment to clarify that this has no effect on event_id_only push. Includes https://github.com/matrix-org/synapse/pull/2422
* Add a hook for custom rest endpointsRichard van der Hoff2017-11-021-0/+7
| | | | | Let the user specify custom modules which can be used for implementing extra endpoints.
* Clean up backwards-compat hacks for ldapRichard van der Hoff2017-10-311-20/+19
| | | | | | | try to make the backwards-compat flows follow the same code paths as the modern impl. This commit should be non-functional.
* fix typoMatthew Hodgson2017-10-291-1/+1
|
* Fix error when running synapse with no logfileRichard van der Hoff2017-10-261-1/+5
| | | | Fixes 'UnboundLocalError: local variable 'sighup' referenced before assignment'
* tip for generating tls_fingerprintsMatthew Hodgson2017-10-241-0/+6
|
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Flake8Erik Johnston2017-10-191-4/+0
|
* Add missing file...Erik Johnston2017-10-191-0/+36
|
* Add config to enable group creationErik Johnston2017-10-191-1/+2
|
* Improve error handling for missing files (#2551)Richard van der Hoff2017-10-173-17/+33
| | | | | | | | | | | `os.path.exists` doesn't allow us to distinguish between permissions errors and the path actually not existing, which repeatedly confuses people. It also means that we try to overwrite existing key files, which is super-confusing. (cf issues #2455, #2379). Use os.stat instead. Also, don't recomemnd the the use of --generate-config, which screws everything up if you're using debian (cf #2455).
* pep8David Baker2017-10-171-1/+2
|
* Add config option to auto-join new users to roomsDavid Baker2017-10-161-0/+6
| | | | | New users who register on the server will be dumped into all rooms in auto_join_rooms in the config.
* Copy everything to backupErik Johnston2017-10-121-1/+3
|
* Basic implementation of backup media storeErik Johnston2017-10-121-0/+18
|
* Forgot the new file again :(David Baker2017-09-271-0/+35
|
* Make the spam checker a moduleDavid Baker2017-09-261-1/+3
|
* Factor out module loading to a separate placeDavid Baker2017-09-261-12/+10
| | | | So it can be reused
* Add a config option to block all room invites (#2457)Richard van der Hoff2017-09-191-0/+10
| | | | | - allows sysadmins the ability to lock down their servers so that people can't send their users room invites.
* Fix process startupRichard van der Hoff2017-08-161-10/+13
| | | | escape the % that got added in 92168cb so that the process starts up ok.
* explain why CPU affinity is a good ideaMatthew Hodgson2017-08-151-0/+8
|
* Allow configuration of CPU affinityRichard van der Hoff2017-08-152-0/+13
| | | | | Make it possible to set the CPU affinity in the config file, so that we don't need to remember to do it manually every time.
* Add a frontend proxyErik Johnston2017-07-071-0/+2
|
* Change the config file generator to more descriptive explanation of ↵Caleb James DeLisle2017-06-241-3/+11
| | | | push.redact_content
* Fix TravisCI tests for PR #2301 - Fat finger mistakeCaleb James DeLisle2017-06-231-0/+37
|
* Fix TravisCI tests for PR #2301Caleb James DeLisle2017-06-232-41/+1
|
* Add configuration parameter to allow redaction of content from push messages ↵Caleb James DeLisle2017-06-232-1/+42
| | | | for google/apple devices
* Initial worker implErik Johnston2017-06-161-0/+4
|
* Configurable maximum number of events requested by /sync and /messages (#2220)Pablo Saavedra2017-05-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit. For example, using `filter_timeline_limit: 5000`: POST /_matrix/client/r0/user/user:id/filter { room: { timeline: { limit: 1000000000000000000 } } } GET /_matrix/client/r0/user/user:id/filter/filter:id { room: { timeline: { limit: 5000 } } } The server cuts down the room.timeline.limit.
* web_server_root documentation fixMatthew Wolff2017-04-171-0/+6
| | | | Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
* trust a hypothetical future riot.im ISMatthew Hodgson2017-04-101-0/+1
|
* Merge pull request #2102 from DanielDent/add-auth-emailDavid Baker2017-04-101-0/+16
|\ | | | | Support authenticated SMTP
| * Support authenticated SMTPDaniel Dent2017-04-051-0/+16
| | | | | | | | | | | | Closes (SYN-714) #1385 Signed-off-by: Daniel Dent <matrixcontrib@contactdaniel.net>
* | Merge pull request #2097 from matrix-org/erikj/repl_tcp_clientErik Johnston2017-04-051-1/+3
|\ \ | |/ |/| Move to using TCP replication
| * Remove unused worker config optionErik Johnston2017-04-041-1/+0
| |
| * Update all the workers and master to use TCP replicationErik Johnston2017-04-031-0/+3
| |
* | typoMatthew Hodgson2017-03-151-1/+1
| |
* | set default for turn_allow_guests correctlyMatthew Hodgson2017-03-151-1/+1
| |
* | add setting (on by default) to support TURN for guestsMatthew Hodgson2017-03-151-0/+8
|/
* Add helpful texts to logger config optionsRichard van der Hoff2017-03-131-5/+7
|
* Merge pull request #1983 from matrix-org/rav/no_redirect_stdioRichard van der Hoff2017-03-131-6/+28
|\ | | | | Add an option to disable stdio redirect
| * Add an option to disable stdio redirectRichard van der Hoff2017-03-101-1/+12
| | | | | | | | This makes it tractable to run synapse under pdb.
| * Refactor logger config for workersRichard van der Hoff2017-03-101-5/+16
| | | | | | | | - to make it easier to add more config options.
* | Reread log config on SIGHUPRichard van der Hoff2017-03-101-10/+19
|/ | | | When we are using a log_config file, reread it on SIGHUP.
* Fix typo in config comments.Tyler Smith2017-02-111-1/+1
| | | | Signed-off-by: Tyler Smith <tylersmith.me@gmail.com>
* Merge pull request #1835 from matrix-org/erikj/fix_workersErik Johnston2017-01-201-0/+10
|\ | | | | Make worker listener config backwards compat
| * Make worker listener config backwards compatErik Johnston2017-01-201-0/+10
| |
* | Added default config for turn username and passwordMarvin Steadfast2017-01-191-0/+5
| |
* | Added username and password for turn serverMarvin Steadfast2017-01-191-1/+3
|/ | | | | It makes it possible to use a turn server that needs a username and password instead of a token.
* Allow configuring the Riot URL used in notification emailsAdrian Perez de Castro2017-01-131-0/+7
| | | | | | | | | | The URLs used for notification emails were hardcoded to use either matrix.to or vector.im; but for self-hosted setups where Riot is also self-hosted it may be desirable to allow configuring an alternative Riot URL. Fixes #1809. Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
* Merge pull request #1795 from matrix-org/erikj/port_defaultsErik Johnston2017-01-131-4/+13
|\ | | | | Restore default bind address
| * Pop bind_addressErik Johnston2017-01-101-1/+1
| |
| * Restore default bind addressErik Johnston2017-01-101-4/+13
| |
* | Remove full_twisted_stacktraces optionErik Johnston2017-01-121-8/+0
|/ | | | | | | | | | | | | | | | | The debug 'full_twisted_stacktraces' flag caused synapse to rewrite twisted deferreds to always fire the callback on the next reactor tick. This was to force the deferred to always store the stacktraces on exceptions, and thus be more likely to have a full stacktrace when it reaches the final error handlers and gets printed to the logs. Dynamically rewriting things is generally bad, and in particular this change violates assumptions of various bits of Twisted. This wouldn't necessarily be so bad, but it turns out this option has been turned on on some production servers. Turning the option can cause e.g. #1778. For now, lets just entirely nuke this option.
* Merge remote-tracking branch 'origin/release-v0.18.6' into developMark Haines2016-12-301-3/+13
|\
| * Use the new twisted logging framework.Mark Haines2016-12-301-3/+13
| | | | | | | | | | Hopefully adding an observer to the new framework will avoid a memory leak https://twistedmatrix.com/trac/ticket/8164
* | Add IPv6 comment to default configJohannes Löthberg2016-12-181-0/+4
| | | | | | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* | Make default homeserver config use bind_addressesJohannes Löthberg2016-12-181-4/+5
|/ | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* Bugfix: Console logging handler missing default filterpik2016-12-031-0/+1
|
* Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-6/+0
| | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats.
* Hook up the send queue and create a federation sender workerErik Johnston2016-11-161-0/+5
|
* Use external ldap auth pacakgeErik Johnston2016-11-151-7/+13
|
* Merge pull request #1625 from DanielDent/patch-1Erik Johnston2016-11-121-2/+3
|\ | | | | Add support for durations in minutes
| * Add support for durations in minutesDaniel Dent2016-11-121-2/+3
| |
* | Don't assume providers raise ConfigError'sErik Johnston2016-11-081-2/+7
| |
* | default config: blacklist more internal ipsEuan Kemp2016-11-061-0/+2
|/
* Allow Configurable Rate Limiting Per ASLuke Barnard2016-10-181-0/+6
| | | | This adds a flag loaded from the registration file of an AS that will determine whether or not its users are rate limited (by ratelimit in _base.py). Needed for IRC bridge reasons - see https://github.com/matrix-org/matrix-appservice-irc/issues/240.
* Merge pull request #1167 from matrix-org/markjh/fingerprintsMark Haines2016-10-121-0/+38
|\ | | | | Add config option for adding additional TLS fingerprints
| * Explain how long the servers can cache the TLS fingerprints forMark Haines2016-10-121-3/+4
| |
| * Improve comment formattingMark Haines2016-10-121-1/+1
| |
| * Add config option for adding additional TLS fingerprintsMark Haines2016-10-111-0/+37
| |
* | Implement pluggable password authErik Johnston2016-10-033-103/+64
|/ | | | | | Allows delegating the password auth to an external module. This also moves the LDAP auth to using this system, allowing it to be removed from the synapse tree entirely in the future.
* Remove support for aggregate room listsErik Johnston2016-09-151-9/+0
|
* flake8Kegan Dougal2016-08-301-2/+3
|
* Use None instead of the empty stringKegan Dougal2016-08-301-4/+11
| | | | Change how we validate the 'url' field as a result.
* Flake8Kegan Dougal2016-08-301-1/+2
|
* Allow application services to have an optional 'url'Kegan Dougal2016-08-301-0/+6
| | | | | | If 'url' is not specified, they will not be pushed for events or queries. This is useful for bots who simply wish to reserve large chunks of user/alias namespace, and don't care about being pushed for events.
* Merge pull request #1026 from matrix-org/paul/thirdpartylookupPaul Evans2016-08-181-0/+10
|\ | | | | 3rd party entity lookup
| * Filter 3PU lookups by only ASes that declare knowledge of that protocolPaul "LeoNerd" Evans2016-08-181-0/+10
| |
* | Add appservice workerErik Johnston2016-08-181-0/+1
|/
* Update password config commentKent Shikama2016-07-061-1/+1
| | | | Signed-off-by: Kent Shikama <kent@kentshikama.com>
* Remove default password pepper stringKent Shikama2016-07-051-2/+1
|
* Fix password configKent Shikama2016-07-051-1/+1
|
* Fix pep8Kent Shikama2016-07-051-1/+1
|
* Add comment to prompt changing of pepperKent Shikama2016-07-051-0/+1
|
* Add pepper to password hashingKent Shikama2016-07-051-1/+5
| | | | Signed-off-by: Kent Shikama <kent@kentshikama.com>
* remove vector.im from default secondary DS listMatthew Hodgson2016-06-271-1/+0
|
* Merge branch 'master' into developMark Haines2016-06-231-0/+1
|\
| * Merge branch 'release-v0.16.1' of github.com:matrix-org/synapse v0.16.1Erik Johnston2016-06-205-107/+210
| |\
| * | point to the CAPTCHA docsMatthew Hodgson2016-06-121-0/+1
| | |
* | | Rework ldap integration with ldap3Martin Weinelt2016-06-221-27/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the pure-python ldap3 library, which eliminates the need for a system dependency. Offer both a `search` and `simple_bind` mode, for more sophisticated ldap scenarios. - `search` tries to find a matching DN within the `user_base` while employing the `user_filter`, then tries the bind when a single matching DN was found. - `simple_bind` tries the bind against a specific DN by combining the localpart and `user_base` Offer support for STARTTLS on a plain connection. The configuration was changed to reflect these new possibilities. Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
* | | Remove the legacy v0 content upload API.Mark Haines2016-06-211-20/+0
| |/ |/| | | | | | | | | The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.
* | Turn use_frozen_events off by defaultErik Johnston2016-06-171-1/+1
| |
* | Use worker_ prefixes for worker config, use existing support for multiple ↵Mark Haines2016-06-161-41/+8
| | | | | | | | config files
* | Access the event_cache_size directly from the server object.Mark Haines2016-06-161-14/+0
| | | | | | | | | | This means that the workers can override the event_cache_size directly without clobbering the value in the main synapse config.
* | Access replication_url from the worker config directlyMark Haines2016-06-161-4/+0
| |
* | Comment on what's going on in clobber_with_worker_configMark Haines2016-06-161-1/+12
| |
* | Add worker config moduleMark Haines2016-06-161-0/+71
| |
* | Inline the synchrotron and pusher configs into the main configMark Haines2016-06-163-63/+74
| |
* | Add function to load config without generating itMark Haines2016-06-091-43/+104
|/ | | | | | | | | | | | | | | | Renames ``load_config`` to ``load_or_generate_config`` Adds a method called ``load_config`` that just loads the config. The main synapse.app.homeserver will continue to use ``load_or_generate_config`` to retain backwards compat. However new worker processes can use ``load_config`` to load the config avoiding some of the cruft needed to generate the config. As the new ``load_config`` method is expected to be used by new configs it removes support for the legacy commandline overrides that ``load_or_generate_config`` supports
* Allow setting of gc.set_thresholdsErik Johnston2016-06-071-1/+18
|
* brand the email from headerMatthew Hodgson2016-06-021-1/+1
|
* Add vector.im to default secondary_directory_servers and add comment ↵David Baker2016-05-311-0/+4
| | | | explaining it's not a permanent solution
* Add federation room list servletDavid Baker2016-05-311-0/+6
|
* Move the functions for parsing app service configMark Haines2016-05-171-1/+106
|
* Clean up the blacklist/whitelist handling.Mark Haines2016-05-161-6/+6
| | | | | | | Always set the config key with an empty list, even if a list isn't specified. This means that the codepaths are the same for both the empty list and for a missing key. Since the behaviour is the same for both cases this makes the code somewhat easier to reason about.
* Merge branch 'develop' into matthew/preview_url_ip_whitelistMark Haines2016-05-165-1/+119
|\
| * Create user with expiryNegi Fazeli2016-05-132-0/+11
| | | | | | | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
| * More consistent config namingDavid Baker2016-05-101-1/+1
| |
| * Add config option to not send email notifs for new usersDavid Baker2016-05-101-0/+4
| |
| * fix layout; handle app naming in synapse, not jinjaMatthew Hodgson2016-05-051-0/+5
| |
| * fix assorted typos in default configMatthew Hodgson2016-05-041-3/+3
| |
| * Try imports in configDavid Baker2016-04-291-0/+7
| |
| * Default enable email notifs to FalseDavid Baker2016-04-291-1/+1
| |
| * Correct public_baseurl defaultDavid Baker2016-04-291-2/+2
| |
| * Nicer get() shorthandDavid Baker2016-04-291-3/+2
| |
| * Remove redundant docstringDavid Baker2016-04-291-4/+0
| |
| * Correct default template and add text templateDavid Baker2016-04-291-1/+2
| |
| * Send mail notifs with a plaintext part tooDavid Baker2016-04-291-0/+2
| |
| * Merge remote-tracking branch 'origin/develop' into dbkr/email_notifsDavid Baker2016-04-292-1/+19
| |\
| * | pep8David Baker2016-04-281-1/+1
| | |
| * | Hopefully all remaining bits for email notifsDavid Baker2016-04-272-1/+16
| | | | | | | | | | | | Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
| * | Generate mails from a templateDavid Baker2016-04-201-10/+25
| | |
| * | Send a rather basic email notifDavid Baker2016-04-202-1/+64
| | | | | | | | | | | | Also pep8 fixes
* | | add a url_preview_ip_range_whitelist config param so we can whitelist the ↵Matthew Hodgson2016-05-011-0/+14
| |/ |/| | | | | matrix.org IP space
* | Make pyjwt dependency optionalErik Johnston2016-04-251-1/+16
| |
* | Merge pull request #746 from matrix-org/markjh/split_out_pusherMark Haines2016-04-221-0/+1
|\ \ | | | | | | Optionally split out the pushers into a separate process
| * | Optionally split out the pushers into a separate processMark Haines2016-04-211-0/+1
| |/
* | Merge pull request #687 from nikriek/jwt-fixErik Johnston2016-04-211-0/+2
|\ \ | |/ |/| Fix issues with JWT login
| * Fix issues with JWT loginNiklas Riekenbrauck2016-04-211-0/+2
| |
* | Give install requirementsErik Johnston2016-04-131-1/+7
| |
* | Add back in helpful description for missing url_preview_ip_range_blacklistErik Johnston2016-04-131-1/+5
| |
* | Sanitize the optional dependencies for spider APIErik Johnston2016-04-131-10/+28
| |
* | Merge pull request #688 from matrix-org/matthew/preview_urlsMatthew Hodgson2016-04-111-2/+75
|\ \ | | | | | | URL previewing support
| * | fix typoMatthew Hodgson2016-04-081-1/+1
| | |
| * | Add url_preview_enabled config option to turn on/off preview_url endpoint. ↵Matthew Hodgson2016-04-081-4/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | defaults to off. Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered. Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered. Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist Add commentary and generally address PR feedback
| * | Merge branch 'develop' into matthew/preview_urlsMatthew Hodgson2016-04-042-1/+39
| |\|
| * | Merge branch 'develop' into matthew/preview_urlsMatthew Hodgson2016-03-277-25/+118
| |\ \
| * | | initial WIP of a tentative preview_url endpoint - incomplete, untested, ↵Matthew Hodgson2016-01-241-1/+5
| | | | | | | | | | | | | | | | experimental, etc. just putting it here for safekeeping for now
* | | | add tls propertyChristoph Witzany2016-04-061-6/+10
| | | |
* | | | Introduce LDAP authenticationChristoph Witzany2016-04-062-1/+50
| |_|/ |/| |
* | | Add JWT supportNiklas Riekenbrauck2016-03-292-1/+39
| |/ |/|
* | Add config to create guest account on 3pid inviteErik Johnston2016-03-141-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently, when a 3pid invite request is sent to an identity server, it includes a provisioned guest access token. This allows the link in the, say, invite email to include the guest access token ensuring that the same account is used each time the link is clicked. This flow has a number of flaws, including when using different servers or servers that have guest access disabled. For now, we keep this implementation but hide it behind a config option until a better flow is implemented.
* | Use syntax that works on both py2.7 and py3Mark Haines2016-03-072-2/+2
| |
* | config,handlers/_base: added homeserver config for what state is included in ↵Patrik Oldsberg2016-03-042-1/+42
| | | | | | | | | | | | a room invite Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
* | add 800x600 thumbnails to make vector look prettier (and anyone else who ↵Matthew Hodgson2016-03-021-0/+3
| | | | | | | | likes big thumbnails)
* | Derive macaroon_secret_key from signing key.Erik Johnston2016-02-082-16/+30
| | | | | | | | | | | | Unfortunately, there are people that are running synapse without a `macaroon_sercret_key` set. Mandating they set one is a good solution, except that breaking auto upgrades is annoying.
* | Error if macaroon key is missing from configDaniel Wagner-Hall2016-02-053-18/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we store all access tokens in the DB, and fall back to that check if we can't validate the macaroon, so our fallback works here, but for guests, their macaroons don't get persisted, so we don't get to find them in the database. Each restart, we generate a new ephemeral key, so guests lose access after each server restart. I tried to fix up the config stuff to be less insane, but gave up, so instead I bolt on yet another piece of custom one-off insanity. Also, add some basic tests for config generation and loading.
* | Rename config field to reflect yaml nameDaniel Wagner-Hall2016-02-031-3/+3
| |
* | Add config option for setting the trusted id servers, disabling checking the ↵Mark Haines2016-01-291-0/+7
|/ | | | ID server in integration tests
* Merge pull request #473 from matrix-org/erikj/ssh_manholeErik Johnston2016-01-071-1/+1
|\ | | | | Change manhole to use ssh
| * s/telnet/ssh/Erik Johnston2016-01-071-1/+1
| |
* | copyrightsMatthew Hodgson2016-01-0717-17/+17
| |
* | Config Comment mixup in captcha public/private keyRobin Lambertz2016-01-061-2/+2
|/
* Added a single line to explain what the server_name is used forMads R. Christensen2015-12-021-0/+1
|
* CommentErik Johnston2015-11-191-0/+2
|
* Split out text for missing config options.Erik Johnston2015-11-181-16/+26
| | | | | This allows packages to more easily override the default messages to include package specific options.
* Merge branch 'develop' into sh-cas-auth-via-homeserverSteven Hammerton2015-11-171-1/+5
|\
| * Fix race creating directoriesDaniel Wagner-Hall2015-11-121-1/+5
| |
* | Allow hs to do CAS login completely and issue the client with a login token ↵Steven Hammerton2015-11-051-1/+1
| | | | | | | | that can be redeemed for the usual successful login response
* | Add service URL to CAS configSteven Hammerton2015-11-041-0/+3
|/
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-0/+6
| | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.
* Merge branch 'release-v0.10.1' of github.com:matrix-org/synapse into developErik Johnston2015-10-234-3/+39
|\
| * Add config option to disable password loginErik Johnston2015-10-224-3/+39
| |
* | Add config for how many bcrypt rounds to use for password hashesMark Haines2015-10-161-0/+6
|/ | | | | By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests.
* Only turn on the twisted deferred debugging if full_twisted_stacktraces is ↵Mark Haines2015-10-131-0/+8
| | | | set in the config
* Default cas_required_attributes to empty dictionarySteven Hammerton2015-10-121-1/+1
|
* Support multiple required attributes in CAS response, and in a nicer config ↵Steven Hammerton2015-10-121-15/+4
| | | | format too
* Allow optional config params for a required attribute and it's value, if ↵Steven Hammerton2015-10-121-0/+15
| | | | specified any CAS user must have the given attribute and the value must equal
* Provide ability to login using CASSteven Hammerton2015-10-102-1/+41
|
* Preserve version string in user agentDaniel Wagner-Hall2015-10-051-1/+1
|