Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Import HomeServer from the proper module. (#9665) | Patrick Cloke | 2021-03-23 | 1 | -1/+1 |
| | |||||
* | Add type hints to the room member handler. (#9631) | Patrick Cloke | 2021-03-17 | 1 | -2/+2 |
| | |||||
* | Pass SSO IdP information to spam checker's registration function (#9626) | Andrew Morgan | 2021-03-16 | 1 | -2/+2 |
| | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/9572 When a SSO user logs in for the first time, we create a local Matrix user for them. This goes through the register_user flow, which ends up triggering the spam checker. Spam checker modules don't currently have any way to differentiate between a user trying to sign up initially, versus an SSO user (whom has presumably already been approved elsewhere) trying to log in for the first time. This PR passes `auth_provider_id` as an argument to the `check_registration_for_spam` function. This argument will contain an ID of an SSO provider (`"saml"`, `"cas"`, etc.) if one was used, else `None`. | ||||
* | Fix the auth provider on the logins metric (#9573) | Richard van der Hoff | 2021-03-10 | 1 | -16/+30 |
| | | | | | We either need to pass the auth provider over the replication api, or make sure we report the auth provider on the worker that received the request. I've gone with the latter. | ||||
* | Prometheus metrics for logins and registrations (#9511) | Richard van der Hoff | 2021-03-04 | 1 | -2/+33 |
| | | | Add prom metrics for number of users successfully registering and logging in, by SSO provider. | ||||
* | Update black, and run auto formatting over the codebase (#9381) | Eric Eastwood | 2021-02-16 | 1 | -8/+20 |
| | | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version | ||||
* | Collect terms consent from the user during SSO registration (#9276) | Richard van der Hoff | 2021-02-01 | 1 | -0/+2 |
| | |||||
* | Make importing display name and email optional (#9277) | Richard van der Hoff | 2021-02-01 | 1 | -2/+3 |
| | |||||
* | Merge remote-tracking branch 'origin/erikj/as_mau_block' into develop | Erik Johnston | 2020-12-18 | 1 | -1/+6 |
|\ | |||||
| * | Correctly handle AS registerations and add test | Erik Johnston | 2020-12-17 | 1 | -1/+6 |
| | | |||||
* | | Allow spam-checker modules to be provide async methods. (#8890) | David Teller | 2020-12-11 | 1 | -1/+1 |
|/ | | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner. | ||||
* | Properly report user-agent/IP during registration of SSO users. (#8784) | Patrick Cloke | 2020-11-23 | 1 | -99/+115 |
| | | | | | This also expands type-hints to the SSO and registration code. Refactors the CAS code to more closely match OIDC/SAML. | ||||
* | Add admin API for logging in as a user (#8617) | Erik Johnston | 2020-11-17 | 1 | -10/+14 |
| | |||||
* | Add ability for access tokens to belong to one user but grant access to ↵ | Erik Johnston | 2020-10-29 | 1 | -2/+5 |
| | | | | | | | | | | another user. (#8616) We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome. | ||||
* | Remove the deprecated Handlers object (#8494) | Patrick Cloke | 2020-10-09 | 1 | -1/+1 |
| | | | All handlers now available via get_*_handler() methods on the HomeServer. | ||||
* | Simplify super() calls to Python 3 syntax. (#8344) | Patrick Cloke | 2020-09-18 | 1 | -1/+1 |
| | | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py | ||||
* | Allow denying or shadow banning registrations via the spam checker (#8034) | Patrick Cloke | 2020-08-20 | 1 | -2/+24 |
| | |||||
* | Improve the error code when trying to register using a name reserved for ↵ | Patrick Cloke | 2020-08-20 | 1 | -1/+3 |
| | | | | guests. (#8135) | ||||
* | Add a shadow-banned flag to users. (#8092) | Patrick Cloke | 2020-08-14 | 1 | -0/+8 |
| | |||||
* | Convert replication code to async/await. (#7987) | Patrick Cloke | 2020-08-03 | 1 | -1/+1 |
| | |||||
* | Use a postgres sequence to generate guest user IDs | Richard van der Hoff | 2020-07-16 | 1 | -21/+1 |
| | |||||
* | Additional configuration options for auto-join rooms (#7763) | Patrick Cloke | 2020-06-30 | 1 | -62/+168 |
| | |||||
* | Convert the registration handler to async/await. (#7649) | Patrick Cloke | 2020-06-08 | 1 | -66/+41 |
| | |||||
* | Convert user directory handler and related classes to async/await. (#7640) | Patrick Cloke | 2020-06-05 | 1 | -2/+4 |
| | |||||
* | Add an option to disable autojoin for guest accounts (#6637) | Travis Ralston | 2020-06-05 | 1 | -1/+7 |
| | | | | Fixes https://github.com/matrix-org/synapse/issues/3177 | ||||
* | Allow new users to be registered via the admin API even if the monthly ↵ | Dirk Klimpel | 2020-06-05 | 1 | -1/+6 |
| | | | | active user limit has been reached (#7263) | ||||
* | Performance improvements and refactor of Ratelimiter (#7595) | Andrew Morgan | 2020-06-05 | 1 | -8/+1 |
| | | | | | | | | | | While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit. | ||||
* | Check if the localpart is reserved for guests earlier in the registration ↵ | Brendan Abolivier | 2020-06-03 | 1 | -9/+9 |
| | | | | | flow (#7625) This is so the user is warned about the username not being valid as soon as possible, rather than only once they've finished UIA. | ||||
* | Hash passwords earlier in the registration process (#7523) | Patrick Cloke | 2020-05-18 | 1 | -7/+2 |
| | |||||
* | async/await is_server_admin (#7363) | Andrew Morgan | 2020-05-01 | 1 | -27/+22 |
| | |||||
* | Convert auth handler to async/await (#7261) | Patrick Cloke | 2020-04-15 | 1 | -7/+21 |
| | |||||
* | Kill off RegistrationError (#6691) | Richard van der Hoff | 2020-01-13 | 1 | -9/+3 |
| | | | This is pretty pointless. Let's just use SynapseError. | ||||
* | Don't assign numeric IDs for empty usernames (#6690) | Richard van der Hoff | 2020-01-13 | 1 | -1/+1 |
| | | | | Fix a bug where we would assign a numeric userid if somebody tried registering with an empty username | ||||
* | Issue #6406 Fix parameter mismatch | Syam G Krishnan | 2019-12-04 | 1 | -1/+1 |
| | | | | Signed-off-by: Syam G Krishnan <syamgk01@gmail.com> | ||||
* | Replace instance variations of homeserver with correct case/spacing | Andrew Morgan | 2019-11-12 | 1 | -1/+1 |
| | |||||
* | raise exception after multiple failures | Andrew Morgan | 2019-11-06 | 1 | -3/+10 |
| | |||||
* | Address review comments | Andrew Morgan | 2019-11-06 | 1 | -12/+12 |
| | |||||
* | Don't forget to ratelimit calls outside of RegistrationHandler | Andrew Morgan | 2019-11-06 | 1 | -2/+2 |
| | |||||
* | Numeric ID checker now checks @0, don't ratelimit on checking | Andrew Morgan | 2019-11-06 | 1 | -16/+25 |
| | |||||
* | Update black to 19.10b0 (#6304) | Amber Brown | 2019-11-01 | 1 | -2/+2 |
| | | | * update version of black and also fix the mypy config being overridden | ||||
* | Remove unused variable | Erik Johnston | 2019-10-03 | 1 | -2/+0 |
| | |||||
* | Don't regenerate numeric user ID if registration fails. | Erik Johnston | 2019-10-03 | 1 | -4/+4 |
| | | | | | This causes huge amounts of DB IO if registrations start to fail e.g. because the DB is struggling with IO. | ||||
* | Only count real users when checking for auto-creation of auto-join room | Jason Robinson | 2019-09-09 | 1 | -8/+4 |
| | | | | | | | | | | | | Previously if the first registered user was a "support" or "bot" user, when the first real user registers, the auto-join rooms were not created. Fix to exclude non-real (ie users with a special user type) users when counting how many users there are to determine whether we should auto-create a room. Signed-off-by: Jason Robinson <jasonr@matrix.org> | ||||
* | Remove bind_email and bind_msisdn (#5964) | Andrew Morgan | 2019-09-04 | 1 | -44/+6 |
| | | | Removes the `bind_email` and `bind_msisdn` parameters from the `/register` C/S API endpoint as per [MSC2140: Terms of Service for ISes and IMs](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R107). | ||||
* | Fix docstring | Andrew Morgan | 2019-09-03 | 1 | -2/+1 |
| | |||||
* | Remove unnecessary variable declaration | Andrew Morgan | 2019-09-03 | 1 | -1/+0 |
| | |||||
* | Remove unused methods from c/s api v1 in register.py (#5963) | Andrew Morgan | 2019-09-02 | 1 | -104/+0 |
| | | | These methods were part of the v1 C/S API. Remove them as they are no longer used by any code paths. | ||||
* | Remove unnecessary parentheses around return statements (#5931) | Andrew Morgan | 2019-08-30 | 1 | -1/+1 |
| | | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :) | ||||
* | Revert "Add "require_consent" parameter for registration" | Brendan Abolivier | 2019-08-22 | 1 | -12/+2 |
| | | | | This reverts commit 3320aaab3a9bba3f5872371aba7053b41af9d0a0. | ||||
* | Add "require_consent" parameter for registration | Half-Shot | 2019-08-22 | 1 | -2/+12 |
| | |||||
* | Replace returnValue with return (#5736) | Amber Brown | 2019-07-23 | 1 | -8/+8 |
| | |||||
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -11/+24 |
| | | | | Record how long an access token is valid for, and raise a soft-logout once it expires. | ||||
* | Remove access-token support from RegistrationStore.register (#5642) | Richard van der Hoff | 2019-07-10 | 1 | -1/+1 |
| | | | | | The 'token' param is no longer used anywhere except the tests, so let's kill that off too. | ||||
* | Remove access-token support from RegistrationHandler.register (#5641) | Richard van der Hoff | 2019-07-08 | 1 | -24/+3 |
| | | | | | | | | Nothing uses this now, so we can remove the dead code, and clean up the API. Since we're changing the shape of the return value anyway, we take the opportunity to give the method a better name. | ||||
* | Better logging for auto-join. (#5643) | Richard van der Hoff | 2019-07-08 | 1 | -0/+7 |
| | | | It was pretty unclear what was going on, so I've added a couple of log lines. | ||||
* | Move get_or_create_user to test code (#5628) | Richard van der Hoff | 2019-07-08 | 1 | -51/+0 |
| | | | This is only used in tests, so... | ||||
* | Remove support for invite_3pid_guest. (#5625) | Richard van der Hoff | 2019-07-05 | 1 | -30/+0 |
| | | | | | | | | | This has never been documented, and I'm not sure it's ever been used outside sytest. It's quite a lot of poorly-maintained code, so I'd like to get rid of it. For now I haven't removed the database table; I suggest we leave that for a future clearout. | ||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 1 | -123/+101 |
| | |||||
* | Limit displaynames and avatar URLs | Richard van der Hoff | 2019-06-01 | 1 | -0/+2 |
| | | | | | | These end up in join events everywhere, so let's limit them. Fixes #5079 | ||||
* | Limit UserIds to a length that fits in a state key (#5198) | ReidAnderson | 2019-05-20 | 1 | -1/+10 |
| | |||||
* | Allow password providers to bind emails (#4947) | Andrew Morgan | 2019-03-28 | 1 | -0/+17 |
| | | | This PR allows password provider modules to bind email addresses when a user is registering and is motivated by matrix-org/matrix-synapse-ldap3#58 | ||||
* | Support 3PID login in password providers (#4931) | Andrew Morgan | 2019-03-26 | 1 | -5/+5 |
| | | | | | Adds a new method, check_3pid_auth, which gives password providers the chance to allow authentication with third-party identifiers such as email or msisdn. | ||||
* | fix test_auto_create_auto_join_where_no_consent (#4886) | Neil Johnson | 2019-03-19 | 1 | -0/+5 |
| | |||||
* | Add ratelimiting on login (#4821) | Brendan Abolivier | 2019-03-15 | 1 | -2/+2 |
| | | | Add two ratelimiters on login (per-IP address and per-userID). | ||||
* | Make registration ratelimiter separate from the main events one | Brendan Abolivier | 2019-03-06 | 1 | -1/+1 |
| | |||||
* | Revert "Split ratelimiters in two (one for events, one for registration)" | Brendan Abolivier | 2019-03-06 | 1 | -1/+1 |
| | | | | This reverts commit d7dbad3526136cfc9fdbd568635be5016fb637db. | ||||
* | Split ratelimiters in two (one for events, one for registration) | Brendan Abolivier | 2019-03-05 | 1 | -1/+1 |
| | |||||
* | Add rate-limiting on registration (#4735) | Brendan Abolivier | 2019-03-05 | 1 | -8/+31 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test | ||||
* | switch from google.com to recaptcha.net for reCAPTCHA (#4731) | Matthew Hodgson | 2019-02-25 | 1 | -2/+2 |
| | | | | | | | | * add trivial clarification about jemalloc * switch from google.com to recaptcha.net because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally | ||||
* | Fix registration on workers (#4682) | Erik Johnston | 2019-02-20 | 1 | -5/+195 |
| | | | | | | | | | | * Move RegistrationHandler init to HomeServer * Move post registration actions to RegistrationHandler * Add post regisration replication endpoint * Newsfile | ||||
* | Move register_device into handler | Erik Johnston | 2019-02-18 | 1 | -4/+47 |
| | |||||
* | Split out registration to worker | Erik Johnston | 2019-02-18 | 1 | -4/+59 |
| | | | | | | | | This allows registration to be handled by a worker, though the actual write to the database still happens on master. Note: due to the in-memory session map all registration requests must be handled by the same worker. | ||||
* | create support user (#4141) | Neil Johnson | 2018-12-14 | 1 | -2/+13 |
| | | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. | ||||
* | Initialise user displayname from SAML2 data (#4272) | Richard van der Hoff | 2018-12-07 | 1 | -7/+16 |
| | | | | | When we register a new user from SAML2 data, initialise their displayname correctly. | ||||
* | Rip out half-implemented m.login.saml2 support (#4265) | Richard van der Hoff | 2018-12-06 | 1 | -29/+0 |
| | | | | | | | | | | | | | * Rip out half-implemented m.login.saml2 support This was implemented in an odd way that left most of the work to the client, in a way that I really didn't understand. It's going to be a pain to maintain, so let's start by ripping it out. * drop undocumented dependency on dateutil It turns out we were relying on dateutil being pulled in transitively by pysaml2. There's no need for that bloat. | ||||
* | Neilj/fix autojoin (#4223) | Neil Johnson | 2018-11-28 | 1 | -2/+21 |
| | | | | | | * Fix auto join failures for servers that require user consent * Fix auto join failures for servers that require user consent | ||||
* | Delete the disused & unspecced identicon functionality (#4106) | Amber Brown | 2018-10-29 | 1 | -3/+0 |
| | |||||
* | Make room_member_handler a member of RoomCreationHandler | Richard van der Hoff | 2018-10-25 | 1 | -2/+4 |
| | | | | ... to save passing it into `_send_events_for_new_room` | ||||
* | remove trailing whiter space | Neil Johnson | 2018-10-24 | 1 | -1/+1 |
| | |||||
* | fix tuple | Richard van der Hoff | 2018-10-24 | 1 | -1/+2 |
| | | | Co-Authored-By: neilisfragile <neil@matrix.org> | ||||
* | remove errant exception and style | Neil Johnson | 2018-10-23 | 1 | -5/+5 |
| | |||||
* | clean up config error logic and imports | Neil Johnson | 2018-10-17 | 1 | -14/+16 |
| | |||||
* | no need to join room if creator | Neil Johnson | 2018-10-13 | 1 | -1/+2 |
| | |||||
* | improve auto room join logic, comments and tests | Neil Johnson | 2018-10-12 | 1 | -3/+8 |
| | |||||
* | move logic into register, fix room alias localpart bug, tests | Neil Johnson | 2018-10-04 | 1 | -27/+18 |
| | |||||
* | emit room aliases event | Matthew Hodgson | 2018-09-29 | 1 | -3/+8 |
| | |||||
* | fix thinkos | Matthew Hodgson | 2018-09-29 | 1 | -6/+6 |
| | |||||
* | fix UTs | Matthew Hodgson | 2018-09-28 | 1 | -4/+9 |
| | |||||
* | untested stab at autocreating autojoin rooms | Matthew Hodgson | 2018-09-28 | 1 | -0/+18 |
| | |||||
* | don't ratelimit autojoins | Matthew Hodgson | 2018-09-15 | 1 | -0/+1 |
| | |||||
* | fix bug where preserved threepid user comes to sign up and server is mau blocked | Neil Johnson | 2018-08-31 | 1 | -1/+2 |
| | |||||
* | remove blank line | Neil Johnson | 2018-08-14 | 1 | -1/+0 |
| | |||||
* | Update register.py | Neil Johnson | 2018-08-14 | 1 | -10/+0 |
| | | | remove comments | ||||
* | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -13/+14 |
| | | | | AuthError in all cases | ||||
* | Revert "support admin_email config and pass through into blocking errors, ↵ | Neil Johnson | 2018-08-13 | 1 | -14/+13 |
| | | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6. | ||||
* | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -13/+14 |
| | | | | AuthError in all cases | ||||
* | Rename async to async_helpers because `async` is a keyword on Python 3.7 (#3678) | Amber Brown | 2018-08-10 | 1 | -1/+1 |
| | |||||
* | py3 fix | Neil Johnson | 2018-08-03 | 1 | -1/+1 |
| | |||||
* | bug fixes | Neil Johnson | 2018-08-03 | 1 | -4/+4 |
| | |||||
* | do mau checks based on monthly_active_users table | Neil Johnson | 2018-08-02 | 1 | -6/+4 |
| | |||||
* | Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limits | Neil Johnson | 2018-08-01 | 1 | -2/+17 |
|\ | | | | | Initial impl of capping MAU | ||||
| * | make count_monthly_users async synapse/handlers/auth.py | Neil Johnson | 2018-08-01 | 1 | -4/+5 |
| | | |||||
| * | limit register and sign in on number of monthly users | Neil Johnson | 2018-07-30 | 1 | -2/+16 |
| | | |||||
* | | Python 3: Convert some unicode/bytes uses (#3569) | Amber Brown | 2018-08-02 | 1 | -1/+1 |
|/ | |||||
* | run isort | Amber Brown | 2018-07-09 | 1 | -3/+8 |
| | |||||
* | Remove run_on_reactor (#3395) | Amber Brown | 2018-06-14 | 1 | -4/+1 |
| | |||||
* | Infrastructure for a server notices room | Richard van der Hoff | 2018-05-17 | 1 | -0/+14 |
| | | | | | | | Server Notices use a special room which the user can't dismiss. They are created on demand when some other bit of the code calls send_notice. (This doesn't actually do much yet becuse we don't call send_notice anywhere) | ||||
* | Merge branch 'develop' of into allow_auto_join_rooms | Krombel | 2018-03-28 | 1 | -4/+10 |
|\ | |||||
| * | Also do check inside linearizer | Erik Johnston | 2018-03-27 | 1 | -3/+4 |
| | | |||||
| * | PEP8 | Erik Johnston | 2018-03-26 | 1 | -1/+3 |
| | | |||||
| * | Linearize calls to _generate_user_id | Erik Johnston | 2018-03-26 | 1 | -4/+7 |
| | | |||||
* | | move handling of auto_join_rooms to RegisterHandler | Krombel | 2018-03-14 | 1 | -2/+34 |
|/ | | | | | | | | | | | | | Currently the handling of auto_join_rooms only works when a user registers itself via public register api. Registrations via registration_shared_secret and ModuleApi do not work This auto_joins the users in the registration handler which enables the auto join feature for all 3 registration paths. This is related to issue #2725 Signed-Off-by: Matthias Kesler <krombel@krombel.de> | ||||
* | Refactor get_or_register_3pid_guest | Erik Johnston | 2018-03-13 | 1 | -4/+22 |
| | |||||
* | rewrite based on PR feedback: | Matthew Hodgson | 2018-01-19 | 1 | -10/+5 |
| | | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL | ||||
* | fix up v1, and improve errors | Matthew Hodgson | 2018-01-19 | 1 | -1/+12 |
| | |||||
* | Merge pull request #2773 from matrix-org/erikj/hash_bg | Erik Johnston | 2018-01-10 | 1 | -1/+1 |
|\ | | | | | Do bcrypt hashing in a background thread | ||||
| * | Do bcrypt hashing in a background thread | Erik Johnston | 2018-01-10 | 1 | -1/+1 |
| | | |||||
* | | switch to a simpler 'search_all_users' button as per review feedback | Matthew Hodgson | 2017-12-04 | 1 | -1/+1 |
| | | |||||
* | | kick the user_directory index when new users register | Matthew Hodgson | 2017-11-29 | 1 | -0/+8 |
|/ | |||||
* | Revert "Allow upper-case characters in mxids" | Richard van der Hoff | 2017-11-09 | 1 | -3/+3 |
| | | | | This reverts commit b70b64690330c25cbd04c1b2cacf8276b566efc8. | ||||
* | Allow upper-case characters in mxids | Richard van der Hoff | 2017-11-09 | 1 | -3/+3 |
| | | | | Because we're never going to be able to fix this :'( | ||||
* | Move access token deletion into auth handler | Richard van der Hoff | 2017-11-01 | 1 | -1/+2 |
| | | | | | | | Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it. | ||||
* | replace 'except:' with 'except Exception:' | Richard van der Hoff | 2017-10-23 | 1 | -1/+1 |
| | | | | what could possibly go wrong | ||||
* | Allow = in mxids and groupids | Richard van der Hoff | 2017-10-20 | 1 | -3/+2 |
| | | | | ... because the spec says we should. | ||||
* | Disallow capital letters in userids | Richard van der Hoff | 2017-10-20 | 1 | -6/+4 |
| | | | | | Factor out a common function for checking user ids and group ids, which forbids capitals. | ||||
* | Split out profile handler to fix tests | Erik Johnston | 2017-08-25 | 1 | -2/+2 |
| | |||||
* | Modify condition on empty localpart | Luke Barnard | 2017-05-10 | 1 | -1/+1 |
| | |||||
* | Modify register/available to be GET with query param | Luke Barnard | 2017-05-10 | 1 | -0/+7 |
| | | | | | | | - GET is now the method for register/available - a query parameter "username" is now used Also, empty usernames are now handled with an error message on registration or via register/available: `User ID cannot be empty` | ||||
* | Fix email push in pusher worker | Erik Johnston | 2017-02-02 | 1 | -4/+6 |
| | | | | | | This was broken when device list updates were implemented, as Mailer could no longer instantiate an AuthHandler due to a dependency on federation sending. | ||||
* | Prevent user tokens being used as guest tokens (#1675) | Richard van der Hoff | 2016-12-06 | 1 | -1/+1 |
| | | | | | Make sure that a user cannot pretend to be a guest by adding 'guest = True' caveats. | ||||
* | Stop putting a time caveat on access tokens | Richard van der Hoff | 2016-11-29 | 1 | -3/+2 |
| | | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats. | ||||
* | rest/client/v1/register: use the correct requester in createUser | Patrik Oldsberg | 2016-10-06 | 1 | -4/+2 |
| | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
* | storage/appservice: make appservice methods only relying on the cache ↵ | Patrik Oldsberg | 2016-10-06 | 1 | -3/+2 |
| | | | | synchronous | ||||
* | Forbid non-ASes from registering users whose names begin with '_' (SYN-738) | Paul "LeoNerd" Evans | 2016-07-27 | 1 | -0/+7 |
| | |||||
* | Add `create_requester` function | Richard van der Hoff | 2016-07-26 | 1 | -7/+9 |
| | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout | ||||
* | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 1 | -5/+8 |
| | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
* | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -3/+3 |
| | |||||
* | Add an admin option to shared secret registration | Erik Johnston | 2016-07-05 | 1 | -1/+3 |
| | |||||
* | Fix style violations | Kent Shikama | 2016-07-04 | 1 | -1/+2 |
| | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
* | Optionally include password hash in createUser endpoint | Kent Shikama | 2016-07-03 | 1 | -2/+2 |
| | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
* | Add a comment on why we don't create a profile for upgrading users | Mark Haines | 2016-06-17 | 1 | -0/+1 |
| | |||||
* | Remove registered_users from the distributor. | Mark Haines | 2016-06-17 | 1 | -13/+10 |
| | | | | | | | | | | The only place that was observed was to set the profile. I've made it so that the profile is set within store.register in the same transaction that creates the user. This required some slight changes to the registration code for upgrading guest users, since it previously relied on the distributor swallowing errors if the profile already existed. | ||||
* | Fix a bug caused by a change in auth_handler function | Negar Fazeli | 2016-06-08 | 1 | -2/+2 |
| | | | | Fix the relevant unit test cases | ||||
* | Split out the auth handler | David Baker | 2016-06-02 | 1 | -1/+1 |
| | |||||
* | Fix set profile error with Requester. | Negi Fazeli | 2016-05-23 | 1 | -4/+5 |
| | | | | | Replace flush_user with delete access token due to function removal Add a new test case for if the user is already registered | ||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -0/+53 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Move all the wrapper functions for distributor.fire | Mark Haines | 2016-04-08 | 1 | -4/+1 |
| | | | | | | | Move the functions inside the distributor and import them where needed. This reduces duplication and makes it possible for flake8 to detect when the functions aren't used in a given file. | ||||
* | Make registration idempotent, part 2: be idempotent if the client specifies ↵ | David Baker | 2016-03-16 | 1 | -1/+11 |
| | | | | a username. | ||||
* | Store appservice ID on register | Daniel Wagner-Hall | 2016-03-10 | 1 | -1/+4 |
| | |||||
* | Use syntax that works on both py2.7 and py3 | Mark Haines | 2016-03-07 | 1 | -1/+1 |
| | |||||
* | handlers/register: make sure another user id is generated when a collision ↵ | Patrik Oldsberg | 2016-02-29 | 1 | -0/+1 |
| | | | | | | occurs Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
* | Generate guest access token on 3pid invites | Daniel Wagner-Hall | 2016-02-24 | 1 | -0/+15 |
| | | | | | | | | | This means that following the same link across multiple sessions or devices can re-use the same guest account. Note that this is somewhat of an abuse vector; we can't throw up captchas on this flow, so this is a way of registering ephemeral accounts for spam, whose sign-up we don't rate limit. | ||||
* | Enforce user_id exclusivity for AS registrations | Daniel Wagner-Hall | 2016-02-11 | 1 | -5/+12 |
| | | | | | This whole set of checks is kind of an ugly mess, which I may clean up at some point, but for now let's be correct. | ||||
* | Fix up logcontexts | Erik Johnston | 2016-02-08 | 1 | -1/+1 |
| | |||||
* | Allocate guest user IDs numericcally | Daniel Wagner-Hall | 2016-02-05 | 1 | -19/+36 |
| | | | | | | | | | The current random IDs are ugly and confusing when presented in UIs. This makes them prettier and easier to read. Also, disable non-automated registration of numeric IDs so that we don't need to worry so much about people carving out our automated address space and us needing to keep retrying ID registration. | ||||
* | Fix flake8 warnings for new flake8 | Daniel Wagner-Hall | 2016-02-02 | 1 | -1/+1 |
| | |||||
* | Pass make_guest whne we autogen a user ID | David Baker | 2016-02-02 | 1 | -1/+3 |
| | |||||
* | Underscores are allowed in user ids | Erik Johnston | 2016-01-22 | 1 | -1/+1 |
| | |||||
* | Don't explode when given a unicode username in /register/ | Erik Johnston | 2016-01-20 | 1 | -3/+2 |
| | |||||
* | M_INVALID_USERNAME to be consistent with the parameter name | David Baker | 2016-01-15 | 1 | -1/+1 |
| | |||||
* | Add specific error code for invalid user names. | David Baker | 2016-01-14 | 1 | -1/+2 |
| | |||||
* | comma style | David Baker | 2016-01-06 | 1 | -1/+1 |
| | |||||
* | Add is_guest flag to users db to track whether a user is a guest user or ↵ | David Baker | 2016-01-06 | 1 | -1/+3 |
| | | | | not. Use this so we can run _filter_events_for_client when calculating event_push_actions. | ||||
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -10/+27 |
| | |||||
* | Merge pull request #450 from matrix-org/matthew/no-identicons | Matthew Hodgson | 2015-12-18 | 1 | -19/+3 |
|\ | | | | | Matthew/no identicons | ||||
| * | fix indentation level | Matthew Hodgson | 2015-12-17 | 1 | -3/+3 |
| | | |||||
| * | stop generating default identicons. reverts most of ↵ | Matthew Hodgson | 2015-12-17 | 1 | -19/+3 |
| | | | | | | | | 582019f870adbc4a8a8a9ef97b527e0fead77761 and solves vector-web/vector-im#346 | ||||
* | | Fix typo that broke registration on the mobile clients | David Baker | 2015-12-18 | 1 | -1/+1 |
|/ | |||||
* | Reuse the captcha client rather than creating a new one for each request | Mark Haines | 2015-12-03 | 1 | -4/+2 |
| | |||||
* | Wrap calls to distributor.fire in appropriately named functions so that ↵ | Mark Haines | 2015-12-01 | 1 | -4/+8 |
| | | | | static analysis can work out want is calling what | ||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -5/+7 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Remove unused import | Daniel Wagner-Hall | 2015-08-26 | 1 | -1/+0 |
| | |||||
* | Swap out bcrypt for md5 in tests | Daniel Wagner-Hall | 2015-08-26 | 1 | -1/+1 |
| | | | | This reduces our ~8 second sequential test time down to ~7 seconds | ||||
* | Merge erikj/user_dedup to develop | Daniel Wagner-Hall | 2015-08-26 | 1 | -2/+2 |
| | |||||
* | Move token generation to auth handler | Daniel Wagner-Hall | 2015-08-20 | 1 | -19/+7 |
| | | | | | I prefer the auth handler to worry about all auth, and register to call into it as needed, than to smatter auth logic between the two. | ||||
* | Re-add whitespace around caveat operators | Daniel Wagner-Hall | 2015-08-19 | 1 | -4/+4 |
| | |||||
* | Remove padding space around caveat operators | Daniel Wagner-Hall | 2015-08-18 | 1 | -4/+4 |
| | |||||
* | Fix some formatting to use tuples | Daniel Wagner-Hall | 2015-08-18 | 1 | -4/+4 |
| | |||||
* | Issue macaroons as opaque auth tokens | Daniel Wagner-Hall | 2015-08-18 | 1 | -6/+13 |
| | | | | | | | | | | | | | This just replaces random bytes with macaroons. The macaroons are not inspected by the client or server. In particular, they claim to have an expiry time, but nothing verifies that they have not expired. Follow-up commits will actually enforce the expiration, and allow for token refresh. See https://bit.ly/matrix-auth for more information | ||||
* | Simplify LoginHander and AuthHandler | Daniel Wagner-Hall | 2015-08-12 | 1 | -5/+5 |
| | | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly | ||||
* | Fix v2_alpha registration. Add unit tests. | Kegan Dougal | 2015-07-28 | 1 | -1/+2 |
| | | | | | | | | V2 Registration forced everyone (including ASes) to create a password for a user, when ASes should be able to omit passwords. Also unbreak AS registration in general which checked too early if the given username was claimed by an AS; it was checked before knowing if the AS was the one doing the registration! Add unit tests for AS reg, user reg and disabled_registration flag. | ||||
* | code beautify | Muthu Subramanian | 2015-07-08 | 1 | -1/+0 |
| | |||||
* | Integrate SAML2 basic authentication - uses pysaml2 | Muthu Subramanian | 2015-07-08 | 1 | -0/+30 |
| | |||||
* | revert accidental bcrypt gensalt round reduction from loadtesting | Mark Haines | 2015-05-07 | 1 | -1/+1 |
| | |||||
* | pynacl-0.3.0 was released so we can finally start using it directly from pypi | Mark Haines | 2015-05-07 | 1 | -1/+1 |
| | |||||
* | pep8 | David Baker | 2015-04-17 | 1 | -4/+1 |
| | |||||
* | Need to yield the username check, otherwise very very weird things happen. | David Baker | 2015-04-17 | 1 | -1/+1 |
| | |||||
* | Oops, left debugging in. | David Baker | 2015-04-16 | 1 | -6/+0 |
| | |||||
* | Return user ID in use error straight away | David Baker | 2015-04-16 | 1 | -63/+39 |
| | |||||
* | Regstration with email in v2 | David Baker | 2015-04-15 | 1 | -1/+5 |
| | |||||
* | New registration for C/S API v2. Only ReCAPTCHA working currently. | David Baker | 2015-03-30 | 1 | -1/+10 |
| | |||||
* | Factor out user id validation checks | Erik Johnston | 2015-03-18 | 1 | -0/+8 |
| | |||||
* | Implement exclusive namespace checks. | Kegan Dougal | 2015-02-27 | 1 | -5/+6 |
| | |||||
* | Merge branch 'develop' into application-services | Kegan Dougal | 2015-02-11 | 1 | -5/+8 |
|\ | |||||
| * | Code-style fixes | Mark Haines | 2015-02-10 | 1 | -5/+8 |
| | | |||||
* | | Merge branch 'develop' into application-services | Kegan Dougal | 2015-02-09 | 1 | -0/+17 |
|\| | |||||
| * | don't give up if we can't create default avatars during tests | Matthew Hodgson | 2015-02-07 | 1 | -9/+12 |
| | | |||||
| * | ...and here's the actual impl. git fail. | Matthew Hodgson | 2015-02-07 | 1 | -0/+14 |
| | | |||||
* | | Add errcodes for appservice registrations. | Kegan Dougal | 2015-02-06 | 1 | -4/+7 |
| | | |||||
* | | Add m.login.application_service registration procedure. | Kegan Dougal | 2015-02-05 | 1 | -0/+20 |
| | | | | | | | | | | This allows known application services to register any user ID under their own user namespace(s). | ||||
* | | Prevent user IDs in AS namespaces being created/deleted by humans. | Kegan Dougal | 2015-02-05 | 1 | -0/+16 |
| | | |||||
* | | Modify API for SimpleHttpClient.get_json and update usages. | Kegan Dougal | 2015-02-04 | 1 | -23/+33 |
|/ | | | | | | | | | | Previously, this would only return the HTTP body as JSON, and discard other response information (e.g. the HTTP response code). This has now been changed to throw a CodeMessageException on a non-2xx response, with the response code and body, which can then be parsed as JSON. Affected modules include: - Registration/Login (when using an email for IS auth) | ||||
* | Add matrix.org as a trusted ID server because it's now passed through on ↵ | David Baker | 2015-01-28 | 1 | -1/+1 |
| | | | | ports 80/443 and the web client defaults to that now. Fixes email validation (including signing up with an email address). | ||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Fix registration | Erik Johnston | 2014-12-08 | 1 | -2/+4 |
| | |||||
* | Fix pep8 and pyflakes warnings | Mark Haines | 2014-11-20 | 1 | -2/+7 |
| | |||||
* | Merge branch 'develop' into http_client_refactor | David Baker | 2014-11-20 | 1 | -1/+1 |
|\ | |||||
| * | Add a few missing yields, Move deferred lists inside PreserveLoggingContext ↵ | Mark Haines | 2014-11-20 | 1 | -1/+1 |
| | | | | | | | | because they don't interact well with the logging contexts | ||||
* | | Separate out the matrix http client completely because just about all of its ↵ | David Baker | 2014-11-20 | 1 | -7/+9 |
| | | | | | | | | code it now separate from the simple case we need for standard HTTP(S) | ||||
* | | Oops, I removed this param. | David Baker | 2014-11-20 | 1 | -2/+0 |
| | | |||||
* | | Refactor the HTTP clients a little. | David Baker | 2014-11-20 | 1 | -3/+3 |
|/ | |||||
* | Use python logger, not the twisted logger | Erik Johnston | 2014-11-03 | 1 | -2/+1 |
| | |||||
* | Fix pep8 warnings | Mark Haines | 2014-10-30 | 1 | -6/+9 |
| | |||||
* | Add get_json method to 3pid http client. Better logging for errors in 3pid ↵ | Mark Haines | 2014-10-20 | 1 | -1/+2 |
| | | | | requests | ||||
* | Fix pyflakes errors | Mark Haines | 2014-10-02 | 1 | -1/+1 |
| | |||||
* | Split PlainHttpClient into separate clients for talking to Identity servers ↵ | Mark Haines | 2014-10-02 | 1 | -3/+8 |
| | | | | and talking to Capatcha servers | ||||
* | Split out password/captcha/email logic. | Kegan Dougal | 2014-09-15 | 1 | -56/+64 |
| | |||||
* | Reload captchas when they fail. Cleanup on success. | Kegan Dougal | 2014-09-05 | 1 | -2/+2 |
| | |||||
* | 80 chars please | Kegan Dougal | 2014-09-05 | 1 | -9/+19 |
| | |||||
* | Add config opion for XFF headers when performing ReCaptcha auth. | Kegan Dougal | 2014-09-05 | 1 | -0/+1 |
| | |||||
* | Captchas now work on registration. Missing x-forwarded-for config arg ↵ | Kegan Dougal | 2014-09-05 | 1 | -2/+47 |
| | | | | support. Missing reloading a new captcha on the web client / displaying a sensible error message. | ||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into develop | David Baker | 2014-09-03 | 1 | -1/+1 |
|\ | | | | | | | | | Conflicts: synapse/http/client.py | ||||
| * | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 1 | -1/+1 |
| | | | | | | | | hasn't been incorporated in time for launch. | ||||
* | | Add support for registering with a threepid to the HS (get credentials from ↵ | David Baker | 2014-09-03 | 1 | -3/+59 |
|/ | | | | the client and check them against an ID server). | ||||
* | add in whitespace after copyright statements to improve legibility | Matthew Hodgson | 2014-08-13 | 1 | -0/+1 |
| | |||||
* | Reference Matrix Home Server | matrix.org | 2014-08-12 | 1 | -0/+100 |