summary refs log tree commit diff
path: root/synapse/handlers/e2e_keys.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* e2e: ensure we have both master and self-signing key (#8455)Jonas Jelten2020-10-261-5/+22
| | | | | | | it seems to be possible that only one of them ends up to be cached. when this was the case, the missing one was not fetched via federation, and clients then failed to validate cross-signed devices. Signed-off-by: Jonas Jelten <jj@sft.lol>
* Add support for MSC2732: olm fallback keys (#8312)Hubert Chathi2020-10-061-0/+16
|
* Use slots in attrs classes where possible (#8296)Patrick Cloke2020-09-141-1/+1
| | | | | slots use less memory (and attribute access is faster) while slightly limiting the flexibility of the class attributes. This focuses on objects which are instantiated "often" and for short periods of time.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-2/+2
|
* Rename `get_e2e_device_keys` to better reflect its purpose (#8205)Richard van der Hoff2020-08-291-2/+2
| | | | | | | | | | | ... and to show that it does something slightly different to `_get_e2e_device_keys_txn`. `include_all_devices` and `include_deleted_devices` were never used (and `include_deleted_devices` was broken, since that would cause `None`s in the result which were not handled in the loop below. Add some typing too.
* Be stricter about JSON that is accepted by Synapse (#8106)Patrick Cloke2020-08-191-4/+4
|
* Fix up types and comments that refer to Deferreds. (#7945)Patrick Cloke2020-07-241-11/+13
|
* Convert E2E key and room key handlers to async/await. (#7851)Patrick Cloke2020-07-151-82/+65
|
* Replace iteritems/itervalues/iterkeys with native versions. (#7692)Patrick Cloke2020-06-151-8/+6
|
* Process cross-signing keys when resyncing device lists (#7594)Brendan Abolivier2020-06-011-17/+5
| | | It looks like `user_device_resync` was ignoring cross-signing keys from the results received from the remote server. This patch fixes this, by processing these keys using the same process `_handle_signing_key_updates` does (and effectively factor that part out of that function).
* Query missing cross-signing keys on local sig upload (#7289)Andrew Morgan2020-04-221-9/+139
|
* Revert "Query missing cross-signing keys on local sig upload"Richard van der Hoff2020-04-201-129/+9
| | | | | | This was incorrectly merged to the release branch before it was ready. This reverts commit 72fe2affb6ac86d433b80b6452da57052365aa26.
* Query missing cross-signing keys on local sig uploadAndrew Morgan2020-04-171-9/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add changelog Save retrieved keys to the db lint Fix and de-brittle remote result dict processing Use query_user_devices instead, assume only master, self_signing key types Make changelog more useful Remove very specific exception handling Wrap get_verify_key_from_cross_signing_key in a try/except Note that _get_e2e_cross_signing_verify_key can raise a SynapseError lint Add comment explaining why this is useful Only fetch master and self_signing key types Fix log statements, docstrings Remove extraneous items from remote query try/except lint Factor key retrieval out into a separate function Send device updates, modeled after SigningKeyEduUpdater._handle_signing_key_updates Update method docstring
* Only register devices edu handler on the master process (#7255)Andrew Morgan2020-04-141-7/+11
|
* Fix bug when querying remote user keys that require a resync. (#6796)Erik Johnston2020-01-291-1/+2
| | | | We ended up only returning a single device, rather than all of them.
* look up cross-signing keys from the DB in bulk (#6486)Hubert Chathi2019-12-121-8/+27
|
* Back out perf regression from get_cross_signing_keys_from_cache. (#6494)Neil Johnson2019-12-091-30/+8
| | | Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression.
* Fix caching devices for remote servers in worker.Erik Johnston2019-11-051-3/+16
| | | | | | | | When the `/keys/query` API is hit on client_reader worker Synapse may decide that it needs to resync some remote deivces. Usually this happens on master, and then gets cached. However, that fails on workers and so it falls back to fetching devices from remotes directly, which may in turn fail if the remote is down.
* Merge branch 'develop' into cross-signing_federationHubert Chathi2019-10-311-13/+24
|\
| * Update black to 19.10b0 (#6304)Amber Brown2019-11-011-13/+24
| | | | | | * update version of black and also fix the mypy config being overridden
* | blackHubert Chathi2019-10-301-1/+3
| |
* | apply changes as a result of PR reviewHubert Chathi2019-10-301-12/+10
| |
* | don't error if federation query doesn't have cross-signing keysHubert Chathi2019-10-241-7/+9
| |
* | blackHubert Chathi2019-10-221-1/+2
| |
* | vendor-prefix the EDU name until MSC1756 is merged into the specHubert Chathi2019-10-221-1/+2
| |
* | update to work with newer code, and fix formattingHubert Chathi2019-10-221-4/+5
| |
* | add missing paramHubert Chathi2019-10-221-1/+1
| |
* | make black happyHubert Chathi2019-10-221-5/+7
| |
* | implement federation parts of cross-signingHubert Chathi2019-10-221-2/+114
|/
* Merge branch 'develop' into cross-signing_sig_uploadHubert Chathi2019-10-181-11/+5
|\
| * Merge branch 'develop' into uhoreg/e2e_cross-signing_mergedHubert Chathi2019-10-181-8/+2
| |\
| | * make sure we actually return somethingHubert Chathi2019-10-101-0/+5
| | |
| | * make storage layer in charge of interpreting the device key dataHubert Chathi2019-10-101-11/+0
| | |
* | | fix doc stringsHubert Chathi2019-10-181-9/+13
| | |
* | | make isort happyHubert Chathi2019-09-241-1/+0
| | |
* | | add some commentsHubert Chathi2019-09-241-2/+10
| | |
* | | drop some logger lines to debugHubert Chathi2019-09-241-3/+3
| | |
* | | make changes based on PR feedbackHubert Chathi2019-09-241-107/+159
| | |
* | | add function docsHubert Chathi2019-09-071-2/+24
| | |
* | | run blackHubert Chathi2019-09-061-24/+10
| | |
* | | split out signature processing into separate functionsHubert Chathi2019-09-061-195/+204
| | |
* | | avoid modifying input parameterHubert Chathi2019-09-051-7/+7
| | |
* | | update with newer coding styleHubert Chathi2019-09-041-1/+1
| | |
* | | make black happyHubert Chathi2019-09-041-78/+69
| | |
* | | allow uploading signatures of master key signed by devicesHubert Chathi2019-09-041-82/+150
| | |
* | | implement device signature uploading/fetchingHubert Chathi2019-09-041-0/+250
|/ /
* | Merge branch 'uhoreg/e2e_cross-signing_merged' into cross-signing_keysHubert Chathi2019-08-281-1/+51
|\|
| * Opentrace e2e keys (#5855)Jorik Schellekens2019-08-221-1/+51
| | | | | | Add opentracing tags and logs for e2e keys
* | blackHubert Chathi2019-08-281-3/+1
| |
* | use stream ID generator instead of timestampHubert Chathi2019-08-281-4/+3
| |
* | make isort happyHubert Chathi2019-08-211-1/+0
| |
* | apply PR review suggestionsHubert Chathi2019-08-211-42/+34
| |
* | make changes from PR reviewHubert Chathi2019-08-011-6/+18
| |
* | Merge branch 'cross-signing_hidden' into cross-signing_keysHubert Chathi2019-08-011-8/+63
|\|
| * Unwrap errorErik Johnston2019-07-301-1/+2
| |
| * Fix error handling when fetching remote device keysErik Johnston2019-07-301-3/+1
| |
| * Update the device list cache when keys/query is called (#5693)Jorik Schellekens2019-07-291-2/+58
| |
| * Replace returnValue with return (#5736)Amber Brown2019-07-231-5/+5
| |
* | allow uploading keys for cross-signingHubert Chathi2019-07-251-5/+193
|/
* remove unused and unnecessary check for FederationDeniedError (#5645)Hubert Chathi2019-07-091-4/+1
| | | | | | | | | | FederationDeniedError is a subclass of SynapseError, which is a subclass of CodeMessageException, so if e is a FederationDeniedError, then this check for FederationDeniedError will never be reached since it will be caught by the check for CodeMessageException above. The check for CodeMessageException does almost the same thing as this check (since FederationDeniedError initialises with code=403 and msg="Federation denied with %s."), so may as well just keep allowing it to handle this case.
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-1/+1
|
* Run Black. (#5482)Amber Brown2019-06-201-61/+58
|
* Replaced all occurences of e.message with str(e)Schnuffle2018-09-271-1/+1
| | | | Signed-off-by: Schnuffle <schnuffle@github.com>
* Port handlers/ to Python 3 (#3803)Amber Brown2018-09-071-2/+3
|
* run isortAmber Brown2018-07-091-5/+5
|
* Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-3/+2
|
* typosMatthew Hodgson2018-06-251-1/+1
|
* replace some iteritems with sixAdrian Tschira2018-05-191-6/+7
| | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge remote-tracking branch 'origin/develop' into rav/use_run_in_backgroundRichard van der Hoff2018-04-271-2/+2
|\
| * Add missing consumeErrorsRichard van der Hoff2018-04-271-2/+2
| | | | | | | | | | In general we want defer.gatherResults to consumeErrors, rather than having exceptions hanging around and getting logged as CRITICAL unhandled errors.
* | Use run_in_background in preference to preserve_fnRichard van der Hoff2018-04-271-3/+3
|/ | | | | | While I was going through uses of preserve_fn for other PRs, I converted places which only use the wrapped function once to use run_in_background, to avoid creating the function object.
* Stringify exceptions for keys/{query,claim}Richard van der Hoff2018-03-271-1/+4
| | | | | | | Make sure we stringify any exceptions we return from keys/query and keys/claim, to avoid a 'not JSON serializable' error later Fixes #3010
* factor out exception handling for keys/claim and keys/queryRichard van der Hoff2018-03-271-28/+25
| | | | this stuff is badly c&p'ed
* Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2018-03-191-1/+1
|\
| * Replace ujson with simplejsonErik Johnston2018-03-151-1/+1
| |
* | s/replication_client/federation_client/Erik Johnston2018-03-131-1/+1
| |
* | Split replication layer into twoErik Johnston2018-03-131-1/+1
| |
* | Split out edu/query registration to a separate classErik Johnston2018-03-131-1/+1
| |
* | Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-1/+7
| | | | | | | | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* | Sanity checking for user idsRichard van der Hoff2018-01-171-5/+8
|/ | | | | | | | Check the user_id passed to a couple of APIs for validity, to avoid "IndexError: list index out of range" exception which looks scary and results in a 500 rather than a more useful error. Fixes #1432, among other things
* Replace some instances of preserve_context_over_deferredRichard van der Hoff2017-05-091-3/+3
|
* Do some logging when one-time-keys get claimedRichard van der Hoff2017-05-091-0/+10
| | | | | might help us figure out if https://github.com/vector-im/riot-web/issues/3868 has happened.
* Allow clients to upload one-time-keys with new sigsRichard van der Hoff2017-05-091-13/+57
| | | | | | | When a client retries a key upload, don't give an error if the signature has changed (but the key is the same). Fixes https://github.com/vector-im/riot-android/issues/1208, hopefully.
* Merge pull request #2050 from matrix-org/rav/federation_backoffRichard van der Hoff2017-03-231-20/+12
|\ | | | | push federation retry limiter down to matrixfederationclient
| * push federation retry limiter down to matrixfederationclientRichard van der Hoff2017-03-231-20/+12
| | | | | | | | | | rather than having to instrument everywhere we make a federation call, make the MatrixFederationHttpClient manage the retry limiter.
* | Add a missing yield in device key uploadRichard van der Hoff2017-03-231-1/+1
|/ | | | | (this would only very very rarely actually be a useful thing, so the main problem was the logcontext leak...)
* Fix unit testsErik Johnston2017-01-301-1/+1
|
* Noop device key changes if they're the sameErik Johnston2017-01-301-4/+5
|
* Add commentsErik Johnston2017-01-261-1/+3
|
* Implement device key caching over federationErik Johnston2017-01-261-5/+35
|
* Add basic implementation of local device list changesErik Johnston2017-01-251-0/+1
|
* Remove unused importRichard van der Hoff2016-12-121-1/+0
|
* E2E key query: handle federation failsRichard van der Hoff2016-12-091-0/+11
| | | | Don't fail the whole request if we can't connect to a particular server.
* Limit how often we ask for keys from dead serversMark Haines2016-09-131-11/+30
|
* Move the E2E key handling into the e2e handlerMark Haines2016-09-131-3/+102
|
* Add a timeout parameter for end2end key queries.Mark Haines2016-09-121-21/+43
| | | | | | | | | | Add a timeout parameter for controlling how long synapse will wait for responses from remote servers. For servers that fail include how they failed to make it easier to debug. Fetch keys from different servers in parallel rather than in series. Set the default timeout to 10s.
* keys/query: Omit device displayname if nullRichard van der Hoff2016-08-041-3/+4
| | | | ... which makes it more consistent with user displaynames.
* Include device name in /keys/query responseRichard van der Hoff2016-08-031-3/+8
| | | | Add an 'unsigned' section which includes the device display name.
* keys/query: return all users which were asked forRichard van der Hoff2016-08-031-3/+6
| | | | | | In the situation where all of a user's devices get deleted, we want to indicate this to a client, so we want to return an empty dictionary, rather than nothing at all.
* E2eKeysHandler: minor tweaksRichard van der Hoff2016-08-031-5/+3
| | | | PR feedback
* E2E keys: Make federation query share code with client queryRichard van der Hoff2016-08-021-25/+90
| | | | | Refactor the e2e query handler to separate out the local query, and then make the federation handler use it.
* Move e2e query logic into a handlerRichard van der Hoff2016-08-011-0/+67