summary refs log tree commit diff
path: root/synapse/federation/federation_base.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Bump ruff from 0.0.277 to 0.0.286 (#16198)dependabot[bot]2023-08-291-1/+1
| | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Support room version 11 (#15912)Patrick Cloke2023-07-181-1/+1
| | | | | And fix a bug in the implementation of the updated redaction format (MSC2174) where the top-level redacts field was not properly added for backwards-compatibility.
* Factor out an `is_mine_server_name` method (#15542)Sean Quah2023-05-051-1/+1
| | | | | | | | | | | | Add an `is_mine_server_name` method, similar to `is_mine_id`. Ideally we would use this consistently, instead of sometimes comparing against `hs.hostname` and other times reaching into `hs.config.server.server_name`. Also fix a bug in the tests where `hs.hostname` would sometimes differ from `hs.config.server.server_name`. Signed-off-by: Sean Quah <seanq@matrix.org>
* Move Spam Checker callbacks to a dedicated file (#15453)Andrew Morgan2023-04-181-3/+3
|
* Reject boolean power levels (#14944)David Robertson2023-01-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Better test for bad values in power levels events The previous test only checked that Synapse didn't raise an exception, but didn't check that we had correctly interpreted the value of the dodgy power level. It also conflated two things: bad room notification levels, and bad user levels. There _is_ logic for converting the latter to integers, but we should test it separately. * Check we ignore types that don't convert to int * Handle `None` values in `notifications.room` * Changelog * Also test that bad values are rejected by event auth * Docstring * linter scripttttttttt * Test boolean values in PL content * Reject boolean power levels * Changelog
* Track when the pulled event signature fails (#13815)Eric Eastwood2022-10-031-3/+22
| | | | | | | | | Because we're doing the recording in `_check_sigs_and_hash_for_pulled_events_and_fetch` (previously named `_check_sigs_and_hash_and_fetch`), this means we will track signature failures for `backfill`, `get_room_state`, `get_event_auth`, and `get_missing_events` (all pulled event scenarios). And we also record signature failures from `get_pdu`. Part of https://github.com/matrix-org/synapse/issues/13700 Part of https://github.com/matrix-org/synapse/issues/13676 and https://github.com/matrix-org/synapse/issues/13356 This PR will be especially important for https://github.com/matrix-org/synapse/pull/13816 so we can avoid the costly `_get_state_ids_after_missing_prev_event` down the line when `/messages` calls backfill.
* Rename the `EventFormatVersions` enum values so that they line up with room ↵reivilibre2022-09-071-1/+1
| | | | version numbers. (#13706)
* Instrument `_check_sigs_and_hash_and_fetch` to trace time spent in child ↵Eric Eastwood2022-08-231-0/+22
| | | | | | | | | concurrent calls (#13588) Instrument `_check_sigs_and_hash_and_fetch` to trace time spent in child concurrent calls because I've see `_check_sigs_and_hash_and_fetch` take [10.41s to process 100 events](https://github.com/matrix-org/synapse/issues/13587) Fix https://github.com/matrix-org/synapse/issues/13587 Part of https://github.com/matrix-org/synapse/issues/13356
* Reduce the amount of state we pull from the DB (#12811)Erik Johnston2022-06-061-0/+1
|
* Improve logging when signature checks fail (#12925)Richard van der Hoff2022-05-311-47/+42
| | | | | | | | | | | | | * Raise a dedicated `InvalidEventSignatureError` from `_check_sigs_on_pdu` * Downgrade logging about redactions to DEBUG this can be very spammy during a room join, and it's not very useful. * Raise `InvalidEventSignatureError` from `_check_sigs_and_hash` ... and, more importantly, move the logging out to the callers. * changelog
* Fix import in module_api module and docs on the new check_event_for_spam ↵Brendan Abolivier2022-05-311-2/+1
| | | | | signature (#12918) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Uniformize spam-checker API, part 2: check_event_for_spam (#12808)David Teller2022-05-231-2/+3
| | | Signed-off-by: David Teller <davidt@element.io>
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-1/+1
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Faster joins: Support for calling `/federation/v1/state` (#12013)Richard van der Hoff2022-02-221-1/+9
| | | | This is an endpoint that we have server-side support for, but no client-side support. It's going to be useful for resyncing partial-stated rooms, so let's introduce it.
* Strip unauthorized fields from `unsigned` object in events received over ↵Shay2022-01-061-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | federation (#11530) * add some tests to verify we are stripping unauthorized fields out of unsigned * add function to strip unauthorized fields from the unsigned object of event * newsfragment * update newsfragment number * add check to on_send_membership_event * refactor tests * fix lint error * slightly refactor tests and add some comments * slight refactor * refactor tests * fix import error * slight refactor * remove unsigned filtration code from synapse/handlers/federation_event.py * lint * move unsigned filtering code to event base * refactor tests * update newsfragment * requested changes * remove unused retun values
* Refactor the way we set `outlier` (#11634)Richard van der Hoff2022-01-051-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `_auth_and_persist_outliers`: mark persisted events as outliers Mark any events that get persisted via `_auth_and_persist_outliers` as, well, outliers. Currently this will be a no-op as everything will already be flagged as an outlier, but I'm going to change that. * `process_remote_join`: stop flagging as outlier The events are now flagged as outliers later on, by `_auth_and_persist_outliers`. * `send_join`: remove `outlier=True` The events created here are returned in the result of `send_join` to `FederationHandler.do_invite_join`. From there they are passed into `FederationEventHandler.process_remote_join`, which passes them to `_auth_and_persist_outliers`... which sets the `outlier` flag. * `get_event_auth`: remove `outlier=True` stop flagging the events returned by `get_event_auth` as outliers. This method is only called by `_get_remote_auth_chain_for_event`, which passes the results into `_auth_and_persist_outliers`, which will flag them as outliers. * `_get_remote_auth_chain_for_event`: remove `outlier=True` we pass all the events into `_auth_and_persist_outliers`, which will now flag the events as outliers. * `_check_sigs_and_hash_and_fetch`: remove unused `outlier` parameter This param is now never set to True, so we can remove it. * `_check_sigs_and_hash_and_fetch_one`: remove unused `outlier` param This is no longer set anywhere, so we can remove it. * `get_pdu`: remove unused `outlier` parameter ... and chase it down into `get_pdu_from_destination_raw`. * `event_from_pdu_json`: remove redundant `outlier` param This is never set to `True`, so can be removed. * changelog * update docstring
* Convert all namedtuples to attrs. (#11665)Patrick Cloke2021-12-301-5/+0
| | | To improve type hints throughout the code.
* Add type hints for most `HomeServer` parameters (#11095)Sean Quah2021-10-221-1/+6
|
* Strip "join_authorised_via_users_server" from join events which do not need ↵Patrick Cloke2021-09-301-3/+3
| | | | | | | it. (#10933) This fixes a "Event not signed by authorising server" error when transition room member from join -> join, e.g. when updating a display name or avatar URL for restricted rooms.
* Update the MSC3083 support to verify if joins are from an authorized server. ↵Patrick Cloke2021-07-261-0/+28
| | | | (#10254)
* Soft-fail spammy events received over federation (#10263)Richard van der Hoff2021-06-291-6/+6
|
* When joining a remote room limit the number of events we concurrently check ↵Erik Johnston2021-06-081-163/+80
| | | | | signatures/hashes for (#10117) If we do hundreds of thousands at once the memory overhead can easily reach 500+ MB.
* Add `Keyring.verify_events_for_server` and reduce memory usage (#10018)Erik Johnston2021-05-201-12/+5
| | | | | | Also add support for giving a callback to generate the JSON object to verify. This should reduce memory usage, as we no longer have the event in memory in dict form (which has a large memory footprint) for extend periods of time.
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-1/+6
| | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-1/+1
|
* Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-161-3/+1
|
* Replace iteritems/itervalues/iterkeys with native versions. (#7692)Patrick Cloke2020-06-151-2/+2
|
* Strictly enforce canonicaljson requirements in a new room version (#7381)Patrick Cloke2020-05-141-1/+5
|
* Clean up some LoggingContext stuff (#7120)Richard van der Hoff2020-03-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * Pull Sentinel out of LoggingContext ... and drop a few unnecessary references to it * Factor out LoggingContext.current_context move `current_context` and `set_context` out to top-level functions. Mostly this means that I can more easily trace what's actually referring to LoggingContext, but I think it's generally neater. * move copy-to-parent into `stop` this really just makes `start` and `stop` more symetric. It also means that it behaves correctly if you manually `set_log_context` rather than using the context manager. * Replace `LoggingContext.alive` with `finished` Turn `alive` into `finished` and make it a bit better defined.
* Fix a bug in the federation API which could cause occasional "Failed to get ↵Patrick Cloke2020-03-191-15/+9
| | | | PDU" errors (#7089).
* Remove unused federation endpoint (`query_auth`) (#7026)Patrick Cloke2020-03-171-82/+0
|
* Add some type annotations to the federation base & client classes (#6995)Patrick Cloke2020-02-281-23/+37
|
* Cast a coroutine into a Deferred in the federation base (#6996)Patrick Cloke2020-02-261-6/+8
| | | | Properly convert a coroutine into a Deferred in federation_base to fix an error when joining a room.
* Add a `make_event_from_dict` method (#6858)Richard van der Hoff2020-02-071-3/+2
| | | | | | | ... and use it in places where it's trivial to do so. This will make it easier to pass room versions into the FrozenEvent constructors.
* Pass room_version into `event_from_pdu_json`Richard van der Hoff2020-02-061-12/+16
| | | | It's called from all over the shop, so this one's a bit messy.
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-3/+3
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Improve signature checking on some federation APIs (#6262)Richard van der Hoff2019-10-281-5/+2
| | | | | Make sure that we check that events sent over /send_join, /send_leave, and /invite, are correctly signed and come from the expected servers.
* Replace returnValue with return (#5736)Amber Brown2019-07-231-3/+3
|
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-9/+15
|
* Fix logging error when a tampered event is detected. (#5500)Richard van der Hoff2019-06-211-1/+0
|
* Run Black. (#5482)Amber Brown2019-06-201-46/+32
|
* Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-051-0/+2
| | | | | | | Also: * rename VerifyKeyRequest->VerifyJsonRequest * calculate key_ids on VerifyJsonRequest construction * refactor things to pass around VerifyJsonRequests instead of 4-tuples
* Add a test room version where we enforce key validity (#5348)Richard van der Hoff2019-06-051-15/+24
|
* Enforce validity period on server_keys for fed requests. (#5321)Richard van der Hoff2019-06-031-2/+2
| | | | | | | | When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures.
* more logging improvementsRichard van der Hoff2019-04-251-8/+11
|
* remove extraneous exception loggingRichard van der Hoff2019-04-251-2/+2
|
* Clarify logging when PDU signature checking failsRichard van der Hoff2019-04-251-0/+19
|
* Collect room-version variations into one place (#4969)Richard van der Hoff2019-04-011-8/+8
| | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions.
* No vdh tests!Erik Johnston2019-01-291-2/+1
|
* Enable room version v3Erik Johnston2019-01-291-2/+9
|
* Update commentErik Johnston2019-01-291-3/+3
|
* Only check event ID domain for signatures for V1 eventsErik Johnston2019-01-291-27/+37
| | | | | In future version events won't have an event ID, so we won't be able to do this check.
* Require event format version to parse or create eventsErik Johnston2019-01-251-4/+5
|
* Revert "Require event format version to parse or create events"Erik Johnston2019-01-251-5/+4
|
* Require event format version to parse or create eventsErik Johnston2019-01-231-4/+5
|
* Add room_version param to get_pduErik Johnston2019-01-231-3/+8
| | | | | When we add new event format we'll need to know the event format or room version when parsing events.
* Fix handling of redacted events from federationErik Johnston2018-09-131-1/+1
| | | | | | | | | | If we receive an event that doesn't pass their content hash check (e.g. due to already being redacted) then we hit a bug which causes an exception to be raised, which then promplty stops the event (and request) from being processed. This effects all sorts of federation APIs, including joining rooms with a redacted state event.
* clearer logging when things fail, tooRichard van der Hoff2018-09-061-7/+27
|
* Check that signatures on events are validRichard van der Hoff2018-09-051-16/+110
| | | | | | We should check that both the sender's server, and the server which created the event_id (which may be different from whatever the remote server has told us the origin is), have signed the event.
* rename assert_params_in_request to assert_params_in_dictKrombel2018-07-131-2/+2
| | | | | | the method "assert_params_in_request" does handle dicts and not requests. A request body has to be parsed to json before this method can be used
* run isortAmber Brown2018-07-091-3/+4
|
* Apply some limits to depth to counter abuseRichard van der Hoff2018-05-011-3/+18
| | | | | | | * When creating a new event, cap its depth to 2^63 - 1 * When receiving events, reject any without a sensible depth As per https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
* Move property setting from ReplicationLayer to FederationBaseErik Johnston2018-03-131-0/+6
|
* Check missing fields in event_from_pdu_jsonRichard van der Hoff2017-12-301-0/+7
| | | | Return a 400 rather than a 500 when somebody messes up their send_join
* Factor out `event_from_pdu_json`Richard van der Hoff2017-12-301-0/+20
| | | | | turns out we have two copies of this, and neither needs to be an instance method
* Make the spam checker a moduleDavid Baker2017-09-261-3/+2
|
* Fix logcontexts in _check_sigs_and_hashesRichard van der Hoff2017-09-201-56/+58
|
* Remove redundant `preserve_fn`Richard van der Hoff2017-09-201-2/+2
| | | | | | preserve_fn is a no-op unless the wrapped function returns a Deferred. verify_json_objects_for_server returns a list, so this is doing nothing.
* PoC for filtering spammy events (#2456)Richard van der Hoff2017-09-191-16/+24
| | | Demonstration of how you might add some hooks to filter out spammy events.
* Preserve some logcontextsErik Johnston2016-08-241-3/+4
|
* Linearize fetching of gaps on incoming eventsErik Johnston2016-06-151-0/+3
| | | | | This potentially stops the server from doing multiple requests for the same data.
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Implement bulk verify_signed_json APIErik Johnston2015-06-261-50/+75
|
* Rephrase log lineErik Johnston2015-06-021-1/+1
|
* Don't about JSON when warning about content tamperingErik Johnston2015-06-021-7/+4
|
* Add a timeout param to get_eventErik Johnston2015-05-191-0/+1
|
* Unwrap defer.gatherResults failuresErik Johnston2015-05-121-1/+3
|
* Fix loggingErik Johnston2015-02-121-1/+4
|
* Parrellize fetching of eventsErik Johnston2015-02-121-3/+11
|
* Correctly handle all the places that can throw exceptionsErik Johnston2015-02-121-10/+14
|
* New lineErik Johnston2015-02-031-1/+1
|
* Actually, the old prune_event function was non-deterministic, so no point ↵Erik Johnston2015-02-031-12/+4
| | | | keeping it around :(
* Add new FederationBaseErik Johnston2015-02-031-0/+126