| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
| |
Just to have all the methods that make calls to identity services in one place.
|
|
|
| |
Fixes #5905
|
|
|
|
|
|
| |
'threepid_behaviour_email'. (#6104)
Fixes #6103
|
|
|
|
|
|
|
| |
If email or msisdn verification aren't supported, let's stop advertising them
for registration.
Fixes #6100.
|
|
|
|
|
|
|
| |
Pull the checkers out to their own classes, rather than having them lost in a
massive 1000-line class which does everything.
This is also preparation for some more intelligent advertising of flows, as per #6100
|
|\ |
|
| | |
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Second part of solving #6076
Fixes #6076
We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
|
| |
| |
| |
| |
| | |
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.
Fixes #5935
|
| |
| |
| | |
First part of solving #6076
|
| |
| |
| |
| |
| |
| |
| | |
Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away.
This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints.
Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
|
| | |
|
| | |
|
|\ \ |
|
| | | |
|
|\ \ \
| |/ /
|/| /
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is.
These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens).
Requires: ~~#5976~~
|
| |
| |
| |
| |
| | |
Broke in #5971
Basically the bug is that if get_current_state_deltas returns no new updates and we then take the max pos, its possible that we miss an update that happens in between the two calls. (e.g. get_current_state_deltas looks up to stream pos 5, then an event persists and so getting the max stream pos returns 6, meaning that next time we check for things with a stream pos bigger than 6)
|
| |
| |
| |
| |
| |
| |
| | |
This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted.
Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140).
Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
|
| |\
| | |
| | | |
Allow use of different ratelimits for admin redactions.
|
| | |
| | |
| | | |
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This is useful to allow room admins to quickly deal with a large number
of abusive messages.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
remote_reject_invite (#6009)
Some small fixes to `room_member.py` found while doing other PRs.
1. Add requester to the base `_remote_reject_invite` method.
2. `send_membership_event`'s docstring was out of date and took in a `remote_room_hosts` arg that was not used and no calling function provided.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Two things I missed while implementing [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R80).
1. Access tokens should be provided to the identity server as `access_token`, not `id_access_token`, even though the homeserver may accept the tokens as `id_access_token`.
2. Access tokens must be sent to the identity server in a query parameter, the JSON body is not allowed.
We now send the access token as part of an `Authorization: ...` header, which fixes both things.
The breaking code was added in https://github.com/matrix-org/synapse/pull/5892
Sytest PR: https://github.com/matrix-org/sytest/pull/697
|
| |/
| |
| |
| |
| |
| |
| | |
params to docstring (#6010)
Another small fixup noticed during work on a larger PR. The `origin` field of `add_display_name_to_third_party_invite` is not used and likely was just carried over from the `on_PUT` method of `FederationThirdPartyInviteExchangeServlet` which, like all other servlets, provides an `origin` argument.
Since it's not used anywhere in the handler function though, we should remove it from the function arguments.
|
| |\
| | |
| | | |
Use account_threepid_delegate for 3pid validation
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously if the first registered user was a "support" or "bot" user,
when the first real user registers, the auto-join rooms were not
created.
Fix to exclude non-real (ie users with a special user type) users
when counting how many users there are to determine whether we should
auto-create a room.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
| | |
| | |
| | | |
`sid` is required to be part of `three_pid_creds`. We were 500'ing if it wasn't provided instead of returning `M_MISSING_PARAM`.
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
server to handle 3pid validation (#5987)
This is a combination of a few different PRs, finally all being merged into `develop`:
* #5875
* #5876
* #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future)
* #5835
* #5969
* #5940
Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged.
UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
|
| |\
| | |
| | |
| | |
| | | |
matrix-org/joriks/opentracing_link_send_to_edu_contexts
Link the send loop with the edus contexts
|
| | |
| | |
| | |
| | |
| | |
| | | |
The contexts were being filtered too early so the send loop wasn't
being linked to them unless the destination
was whitelisted.
|
| | | |
|
| |/
| |
| | |
Implements `POST /_matrix/client/r0/account/3pid/unbind` from [MSC2140](https://github.com/matrix-org/matrix-doc/blob/dbkr/tos_2/proposals/2140-terms-of-service-2.md#post-_matrixclientr0account3pidunbind).
|
| |
| |
| | |
Removes the `bind_email` and `bind_msisdn` parameters from the `/register` C/S API endpoint as per [MSC2140: Terms of Service for ISes and IMs](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R107).
|
| |
| |
| | |
Previously the stats were not being correctly populated.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove all the "double return" statements which were a result of us removing all the instances of
```
defer.returnValue(...)
return
```
statements when we switched to python3 fully.
|
| |
| |
| | |
Trace device list changes.
|
| |
| |
| | |
These methods were part of the v1 C/S API. Remove them as they are no longer used by any code paths.
|
| |
| |
| |
| |
| | |
Python will return a tuple whether there are parentheses around the returned values or not.
I'm just sick of my editor complaining about this all over the place :)
|
| |
| |
| |
| |
| | |
This reverts commit 71fc04069a5770a204c3514e0237d7374df257a8.
This broke 3PID invites as #5892 was required for it to work correctly.
|
| |\
| | |
| | | |
Exempt support users from consent
|
| | |
| | |
| | | |
Co-Authored-By: Erik Johnston <erik@matrix.org>
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes https://github.com/matrix-org/synapse/issues/5861
Adds support for the v2 lookup API as defined in [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134). Currently this is only used for 3PID invites.
Sytest PR: https://github.com/matrix-org/sytest/pull/679
|
| | | |
|
| |\ \
| | | |
| | | | |
Add GET method to admin API /users/@user:dom/admin
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
|
| |\ \ \
| | | | |
| | | | | |
MSC2197 Search Filters over Federation
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
|
| |\ \ \ \
| | |_|/ /
| |/| | | |
Increase profile display name limit
|
| | | |/
| | |/| |
|
| |/ /
| | |
| | | |
Admin API: Set adminship of a user
|
| | |
| | |
| | |
| | |
| | | |
Propagate opentracing contexts through EDUs
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
|
| | |
| | |
| | |
| | | |
This reverts commit 3320aaab3a9bba3f5872371aba7053b41af9d0a0.
|
| | | |
|
| | |
| | |
| | | |
Add opentracing tags and logs for e2e keys
|
| | | |
|
| |\ \
| | | |
| | | | |
Remove logging for #5407 and update comments
|
| | |/ |
|
| |/
| |
| |
| | |
contain creator_id. (#5633)
|
| | |
|
|/
|
|
|
|
| |
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
|
|
|
|
|
|
| |
This hopefully addresses #5407 by gracefully handling an empty but
limited TimelineBatch. We also add some logging to figure out how this
is happening.
|
|\
| |
| | |
Account validity: allow defining HTML templates to serve the user on account renewal attempt
|
| | |
|
|\ \
| | |
| | | |
Deny redaction of events in a different room.
|
| | |
| | |
| | |
| | |
| | | |
We already correctly filter out such redactions, but we should also deny
them over the CS API.
|
|\ \ \
| |/ /
|/| | |
Handle RequestSendFailed exception correctly in more places.
|
| | | |
|
| | | |
|
| |/
|/| |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The `expire_access_token` didn't do what it sounded like it should do. What it
actually did was make Synapse enforce the 'time' caveat on macaroons used as
access tokens, but since our access token macaroons never contained such a
caveat, it was always a no-op.
(The code to add 'time' caveats was removed back in v0.18.5, in #1656)
|
|/ |
|
| |
|
| |
|
|\
| |
| | |
Log when we receive a /make_* request from a different origin
|
| | |
|
|\ \
| | |
| | | |
Log when we receive receipt from a different origin
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| | |
`None` is not a valid event id, so queuing up a database fetch for it seems
like a silly thing to do.
I considered making `get_event` return `None` if `event_id is None`, but then
its interaction with `allow_none` seemed uninituitive, and strong typing ftw.
|
|/ |
|
| |
|
|
|
|
|
| |
(#5674)
Return `This account has been deactivated` instead of `Invalid password` when a user is deactivated.
|
|\
| |
| | |
Add basic function to get all data for a user out of synapse
|
| | |
|
| | |
|
| |\
| | |
| | |
| | | |
erikj/admin_exfiltrate_data
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
|
| | | |
|
| | |
| | |
| | |
| | | |
Record how long an access token is valid for, and raise a soft-logout once it
expires.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
this is only used in one place, so it's clearer if we inline it and reduce the
API surface.
Also, fixes a buglet where we would create an access token even if we were
about to block the user (we would never return the AT, so the user could never
use it, but it was still created and added to the db.)
|
|\ \ \
| | | |
| | | | |
Send 3PID bind requests as JSON data
|
| | | | |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | | |
The 'token' param is no longer used anywhere except the tests, so let's kill
that off too.
|
|\ \ \
| | | |
| | | | |
Use JSON when querying the IS's /store-invite endpoint
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
FederationDeniedError is a subclass of SynapseError, which is a subclass of
CodeMessageException, so if e is a FederationDeniedError, then this check for
FederationDeniedError will never be reached since it will be caught by the
check for CodeMessageException above. The check for CodeMessageException does
almost the same thing as this check (since FederationDeniedError initialises
with code=403 and msg="Federation denied with %s."), so may as well just keep
allowing it to handle this case.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allow newly-registered users to lookup their own profiles
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
When a user creates an account and the 'require_auth_for_profile_requests' config flag is set, and a client that performed the registration wants to lookup the newly-created profile, the request will be denied because the user doesn't share a room with themselves yet.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Nothing uses this now, so we can remove the dead code, and clean up the
API.
Since we're changing the shape of the return value anyway, we take the
opportunity to give the method a better name.
|
|/ / / /
| | | |
| | | | |
It was pretty unclear what was going on, so I've added a couple of log lines.
|
| | | |
| | | |
| | | | |
This is only used in tests, so...
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This has never been documented, and I'm not sure it's ever been used outside
sytest.
It's quite a lot of poorly-maintained code, so I'd like to get rid of it.
For now I haven't removed the database table; I suggest we leave that for a
future clearout.
|
| | | |
|
| | |
| | |
| | |
| | | |
Fixes #5602, #5603
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* SAML2 Improvements and redirect stuff
Signed-off-by: Alexander Trost <galexrt@googlemail.com>
* Code cleanups and simplifications.
Also: share the saml client between redirect and response handlers.
* changelog
* Revert redundant changes to static js
* Move all the saml stuff out to a centralised handler
* Add support for tracking SAML2 sessions.
This allows us to correctly handle `allow_unsolicited: False`.
* update sample config
* cleanups
* update sample config
* rename BaseSSORedirectServlet for consistency
* Address review comments
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
This allows us to correctly handle `allow_unsolicited: False`.
|
| | |/
| |/| |
|
|\ \ \
| |_|/
|/| | |
Fix sync tightloop bug.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If, for some reason, presence updates take a while to persist then it
can trigger clients to tightloop calling `/sync` due to the presence
handler returning updates but not advancing the stream token.
Fixes #5503.
|
|\ \ \
| | | |
| | | | |
Don't update the ratelimiter before sending a 3PID invite
|
| | | |
| | | |
| | | |
| | | | |
If we do the opposite, an event can arrive after or while sending the email and the 3PID invite event will get ratelimited.
|
| | |/
| |/|
| | |
| | | |
This would cause emails being sent, but Synapse responding with a 429 when creating the event. The client would then retry, and with bad timing the same scenario would happen again. Some testing I did ended up sending me 10 emails for one single invite because of this.
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel Hoffend <dh@dotlan.net>
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a client asks for users whose devices have changed since a token we
used to pull *all* users from the database since the token, which could
easily be thousands of rows for old tokens.
This PR changes this to only check for changes for users the client is
actually interested in.
Fixes #5553
|
| |
| |
| |
| |
| |
| |
| | |
Closes #4583
Does slightly less than #5045, which prevented a room from being upgraded multiple times, one after another. This PR still allows that, but just prevents two from happening at the same time.
Mostly just to mitigate the fact that servers are slow and it can take a moment for the room upgrade to actually complete. We don't want people sending another request to upgrade the room when really they just thought the first didn't go through.
|
|\ \
| | |
| | | |
Fix /messages on workers when no from param specified.
|
| |/
| |
| |
| |
| |
| |
| | |
If no `from` param is specified we calculate and use the "current
token" that inlcuded typing, presence, etc. These are unused during
pagination and are not available on workers, so we simply don't
calculate them.
|
| |
| |
| |
| |
| | |
Because sticking it in the same place as the config isn't necessarily the right
thing to do.
|
|/
|
| |
This makes some of the conditional-import hoop-jumping easier.
|
| |
|
|\
| |
| | |
Handle the case of `get_missing_events` failing
|
| | |
|
| |\
| | |
| | |
| | | |
erikj/fix_get_missing_events_error
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently if a call to `/get_missing_events` fails we log an exception
and stop processing the top level event we received over federation.
Instead let's try and handle it sensibly given it is a somewhat expected
failure mode.
|
|\ \ \
| | | |
| | | | |
Add experimental option to reduce extremities.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds new config option `cleanup_extremities_with_dummy_events` which
periodically sends dummy events to rooms with more than 10 extremities.
THIS IS REALLY EXPERIMENTAL.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I had to add quite a lot of logging to diagnose a problem with 3pid
invites - we only logged the one failure which isn't all that
informative.
NB. I'm not convinced the logic of this loop is right: I think it
should just accept a single valid signature from a trusted source
rather than fail if *any* signature is invalid. Also it should
probably not skip the rest of middle loop if a check fails? However,
I'm deliberately not changing the logic here.
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
Handle HttpResponseException when using federation client.
|
| | |
| | |
| | |
| | | |
Otherwise we just log exceptions everywhere.
|
|\ \ \
| | | |
| | | | |
Fix 3PID invite room state over federation.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes that when a user exchanges a 3PID invite for a proper invite over
federation it does not include the `invite_room_state` key.
This was due to synapse incorrectly sending out two invite requests.
|
|\ \ \ \
| | | | |
| | | | | |
Allow server admins to define implementations of extra rules for allowing or denying incoming events
|
| |/ / / |
|
| | | | |
|
|/ / / |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
identity server (#5377)
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
|
| |
| |
| |
| | |
Fixes some warnings, and a scary-looking stacktrace when sytest kills the
process.
|
|\ \
| | |
| | | |
Make /sync return heroes if room name or canonical alias are empty
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I probably should've just run autopep8 in the first place...
Signed-off-by: Katie Wolfe <katie@dnaf.moe>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Katie Wolfe <katie@dnaf.moe>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #4194
Signed-off-by: Katie Wolfe <katie@dnaf.moe>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #4194
Signed-off-by: Katie Wolfe <katie@dnaf.moe>
|
|\ \ \ \
| | | | |
| | | | | |
Include left members in room summaries' heroes
|
| | |/ /
| |/| |
| | | |
| | | | |
the joined members or the parted ones
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Fix background updates to handle redactions/rejections
In background updates based on current state delta stream we need to
handle that we may not have all the events (or at least that
`get_events` may raise an exception).
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When processing an incoming event over federation, we may try and
resolve any unexpected differences in auth events. This is a
non-essential process and so should not stop the processing of the event
if it fails (e.g. due to the remote disappearing or not implementing the
necessary endpoints).
Fixes #3330
|
|\ \ \
| | | |
| | | | |
Limit displaynames and avatar URLs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These end up in join events everywhere, so let's limit them.
Fixes #5079
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #4414.
|
|\ \ \ \
| | | | |
| | | | | |
Don't bundle aggregations with events in /sync or /events or state queries
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As we'll send down the annotations too anyway, so this just ends up
confusing clients.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I was staring at this function trying to figure out wtf it was actually
doing. This is (hopefully) a non-functional refactor which makes it a bit
clearer.
|
| |/ / /
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
Block attempts to annotate the same event twice
|
| | | | | |
|
| |/ / / |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When considering the candidates to be forward-extremities, we must exclude soft
failures.
Hopefully fixes #5090.
|
| | | |
|
| | |
| | |
| | | |
* fix mapping of return values for get_or_register_3pid_guest
|
| | | |
|
| | |
| | |
| | |
| | | |
users (#3484)
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CS API (#5083)
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
|
| | |
| | |
| | |
| | |
| | | |
Follow-up to #5124
Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
|
|\ \ \
| | | |
| | | | |
Ratelimit 3pid invites
|
| | | | |
|
| |\ \ \
| | | | |
| | | | |
| | | | | |
erikj/ratelimit_3pid_invite
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We do ratelimit sending the 3PID invite events, but that happens after
spamming the identity server.
|
| |/ / /
|/| | | |
|
| |/ /
|/| |
| | |
| | | |
Fixes #5102
|
|\ \ \
| | | |
| | | |
| | | | |
babolivier/account_expiration
|
| |\ \ \
| | |_|/
| |/| | |
Send out emails with links to extend an account's validity period
|
| | |/
| |/| |
|
| | |
| | |
| | | |
Prevent kick events from succeeding if the user is not currently in the room.
|
| | | |
|
| | |
| | |
| | | |
Remove presence list support as per MSC 1819
|
| |\ \
| | | |
| | | | |
Implement MSC1915 - 3PID unbind APIs
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
By default the homeserver will use the identity server used during the
binding of the 3PID to unbind the 3PID. However, we need to allow
clients to explicitly ask the homeserver to unbind via a particular
identity server, for the case where the 3PID was bound out of band from
the homeserver.
Implements MSC915.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This changes the behaviour from using the server specified trusted
identity server to using the IS that used during the binding of the
3PID, if known.
This is the behaviour specified by MSC1915.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
This will then be used to know which IS to default to when unbinding the
threepid.
|
| | | |
| | | |
| | | | |
Transfers the m.room.related_groups state event on room upgrade.
|
| |/ /
| | |
| | |
| | | |
Collect all the things that make room-versions different to one another into
one place, so that it's easier to define new room versions.
|
| | |
| | |
| | | |
This PR allows password provider modules to bind email addresses when a user is registering and is motivated by matrix-org/matrix-synapse-ldap3#58
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Primarily this fixes a bug in the handling of remote users joining a
room where the server sent out the presence for all local users in the
room to all servers in the room.
We also change to using the state delta stream, rather than the
distributor, as it will make it easier to split processing out of the
master process (as well as being more flexible).
Finally, when sending presence states to newly joined servers we filter
out old presence states to reduce the number sent. Initially we filter
out states that are offline and have a last active more than a week ago,
though this can be changed down the line.
Fixes #3962
|
| |/
|/| |
|
|/ |
|
|
|
|
|
| |
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
|
| |
|
|\
| |
| | |
Deny peeking into rooms that have been blocked
|
| | |
|
|\|
| |
| | |
Fixup shutdown room API
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are a number of instances where a server or admin may puppet a
user to join/leave rooms, which we don't want to fail if the user has
not consented to the privacy policy. We fix this by adding a check to
test if the requester has an associated access_token, which is used as a
proxy to answer the question of whether the action is being done on
behalf of a real request from the user.
|
|\ \
| |/
|/| |
Add option to disable search room lists
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
This disables both local and remote room list searching.
|
|/
|
|
| |
Rate-limit outgoing read-receipts as per #4730.
|
| |
|
| |
|
| |
|
|
|
| |
Add two ratelimiters on login (per-IP address and per-userID).
|
|\
| |
| | |
Move client receipt processing to federation sender worker.
|
| |
| |
| |
| |
| | |
This is mostly a prerequisite for #4730, but also fits with the general theme
of "move everything off the master that we possibly can".
|
| |
| |
| |
| |
| | |
I'm going to use this in queues and things, so it'll be useful to give it more
of a structure.
|
|\ \
| |/
|/| |
Improve searching in the userdir
|