summary refs log tree commit diff
path: root/synapse/handlers (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Bugbear: Add Mutable Parameter fixes (#9682)Jonathan de Jong2021-04-085-11/+18
| | | | | | | Part of #9366 Adds in fixes for B006 and B008, both relating to mutable parameter lint errors. Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>
* MSC3083: Check for space membership during a local join of restricted rooms. ↵Patrick Cloke2021-04-081-1/+74
| | | | | | | | (#9735) When joining a room with join rules set to 'restricted', check if the user is a member of the spaces defined in the 'allow' key of the join rules. This only applies to an experimental room version, as defined in MSC3083.
* Add a Synapse Module for configuring presence update routing (#9491)Andrew Morgan2021-04-061-43/+235
| | | | | | | | | | | | At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though. This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around. A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync. The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being: * Sending state for a specific set or all known users to a defined set of local and remote users. * The ability to trigger an initial sync for specific users, so they receive all current state.
* Add type hints to expiring cache. (#9730)Patrick Cloke2021-04-063-18/+8
|
* Add type hints to the federation handler and server. (#9743)Patrick Cloke2021-04-061-80/+81
|
* Update mypy configuration: `no_implicit_optional = True` (#9742)Jonathan de Jong2021-04-052-3/+6
|
* Improve tracing for to device messages (#9686)Erik Johnston2021-04-013-17/+42
|
* Replace `room_invite_state_types` with `room_prejoin_state` (#9700)Richard van der Hoff2021-03-301-1/+1
| | | | | | | `room_invite_state_types` was inconvenient as a configuration setting, because anyone that ever set it would not receive any new types that were added to the defaults. Here, we deprecate the old setting, and replace it with a couple of new settings under `room_prejoin_state`.
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-307-36/+50
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-261-0/+3
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Spaces summary: call out to other servers (#9653)Richard van der Hoff2021-03-241-16/+119
| | | | | When we hit an unknown room in the space tree, see if there are other servers that we might be able to poll to get the data. Fixes: #9447
* Add a type hints for service notices to the HomeServer object. (#9675)Patrick Cloke2021-03-241-2/+4
|
* Federation API for Space summary (#9652)Richard van der Hoff2021-03-231-45/+138
| | | | | Builds on the work done in #9643 to add a federation API for space summaries. There's a bit of refactoring of the existing client-server code first, to avoid too much duplication.
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-2326-26/+26
|
* Incorporate reviewBrendan Abolivier2021-03-191-1/+1
|
* Merge branch 'develop' into babolivier/msc3026Brendan Abolivier2021-03-192-1/+200
|\
| * Initial spaces summary API (#9643)Richard van der Hoff2021-03-181-0/+199
| | | | | | This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
| * Consistently check whether a password may be set for a user. (#9636)Dirk Klimpel2021-03-181-1/+1
| |
* | Fix lintBrendan Abolivier2021-03-191-7/+6
| |
* | Move support for MSC3026 behind an experimental flagBrendan Abolivier2021-03-181-2/+10
| |
* | Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-1/+2
|/
* only save remote cross-signing keys if they're different from the current ↵Hubert Chathi2021-03-171-4/+18
| | | | | ones (#9634) Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Fix bad naming of storage function (#9637)Erik Johnston2021-03-172-3/+5
| | | | | | We had two functions named `get_forward_extremities_for_room` and `get_forward_extremeties_for_room` that took different paramters. We rename one of them to avoid confusion.
* Add type hints to the room member handler. (#9631)Patrick Cloke2021-03-173-4/+14
|
* Add SSO attribute requirements for OIDC providers (#9609)Hubbe2021-03-161-0/+13
| | | | Allows limiting who can login using OIDC via the claims made from the IdP.
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-0/+13
| | | | | Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
* Pass SSO IdP information to spam checker's registration function (#9626)Andrew Morgan2021-03-161-2/+2
| | | | | | | Fixes https://github.com/matrix-org/synapse/issues/9572 When a SSO user logs in for the first time, we create a local Matrix user for them. This goes through the register_user flow, which ends up triggering the spam checker. Spam checker modules don't currently have any way to differentiate between a user trying to sign up initially, versus an SSO user (whom has presumably already been approved elsewhere) trying to log in for the first time. This PR passes `auth_provider_id` as an argument to the `check_registration_for_spam` function. This argument will contain an ID of an SSO provider (`"saml"`, `"cas"`, etc.) if one was used, else `None`.
* Handle an empty cookie as an invalid macaroon. (#9620)Patrick Cloke2021-03-161-1/+2
| | | | | * Handle an empty cookie as an invalid macaroon. * Newsfragment
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-164-0/+10
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Optimise missing prev_event handling (#9601)Richard van der Hoff2021-03-151-21/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | Background: When we receive incoming federation traffic, and notice that we are missing prev_events from the incoming traffic, first we do a `/get_missing_events` request, and then if we still have missing prev_events, we set up new backwards-extremities. To do that, we need to make a `/state_ids` request to ask the remote server for the state at those prev_events, and then we may need to then ask the remote server for any events in that state which we don't already have, as well as the auth events for those missing state events, so that we can auth them. This PR attempts to optimise the processing of that state request. The `state_ids` API returns a list of the state events, as well as a list of all the auth events for *all* of those state events. The optimisation comes from the observation that we are currently loading all of those auth events into memory at the start of the operation, but we almost certainly aren't going to need *all* of the auth events. Rather, we can check that we have them, and leave the actual load into memory for later. (Ideally the federation API would tell us which auth events we're actually going to need, but it doesn't.) The effect of this is to reduce the number of events that I need to load for an event in Matrix HQ from about 60000 to about 22000, which means it can stay in my in-memory cache, whereas previously the sheer number of events meant that all 60K events had to be loaded from db for each request, due to the amount of cache churn. (NB I've already tripled the size of the cache from its default of 10K). Unfortunately I've ended up basically C&Ping `_get_state_for_room` and `_get_events_from_store_or_dest` into a new method, because `_get_state_for_room` is also called during backfill, which expects the auth events to be returned, so the same tricks don't work. That said, I don't really know why that codepath is completely different (ultimately we're doing the same thing in setting up a new backwards extremity) so I've left a TODO suggesting that we clean it up.
* Fix additional type hints from Twisted 21.2.0. (#9591)Patrick Cloke2021-03-121-4/+5
|
* Improve logging when processing incoming transactions (#9596)Richard van der Hoff2021-03-121-46/+16
| | | Put the room id in the logcontext, to make it easier to understand what's going on.
* Convert Requester to attrs (#9586)Richard van der Hoff2021-03-101-2/+3
| | | | | | ... because namedtuples suck Fix up a couple of other annotations to keep mypy happy.
* Fix the auth provider on the logins metric (#9573)Richard van der Hoff2021-03-101-16/+30
| | | | | We either need to pass the auth provider over the replication api, or make sure we report the auth provider on the worker that received the request. I've gone with the latter.
* Use the chain cover index in get_auth_chain_ids. (#9576)Patrick Cloke2021-03-101-3/+3
| | | | This uses a simplified version of get_chain_cover_difference to calculate auth chain of events.
* JWT OIDC secrets for Sign in with Apple (#9549)Richard van der Hoff2021-03-091-5/+96
| | | | | Apple had to be special. They want a client secret which is generated from an EC key. Fixes #9220. Also fixes #9212 while I'm here.
* Fix additional type hints. (#9543)Patrick Cloke2021-03-091-1/+1
| | | Type hint fixes due to Twisted 21.2.0 adding type hints.
* Add ResponseCache tests. (#9458)Jonathan de Jong2021-03-084-5/+5
|
* Create a SynapseReactor type which incorporates the necessary reactor ↵Patrick Cloke2021-03-081-1/+3
| | | | | interfaces. (#9528) This helps fix some type hints when running with Twisted 21.2.0.
* Prometheus metrics for logins and registrations (#9511)Richard van der Hoff2021-03-042-2/+34
| | | Add prom metrics for number of users successfully registering and logging in, by SSO provider.
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-043-61/+74
| | | This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)
* Prevent presence background jobs from running when presence is disabled (#9530)Aaron Raimist2021-03-031-14/+17
| | | | | Prevent presence background jobs from running when presence is disabled Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Revert "Fix #8518 (sync requests being cached wrongly on timeout) (#9358)"Patrick Cloke2021-03-021-2/+1
| | | | | | | This reverts commit f5c93fc9931e4029bbd8000f398b6f39d67a8c46. This is being backed out due to a regression (#9507) and additional review feedback being provided.
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-012-3/+3
| | | | This also pins the Twisted version in the mypy job for CI until proper type hints are fixed throughout Synapse.
* Ensure pushers are deleted for deactivated accounts (#9285)Erik Johnston2021-02-251-0/+5
|
* Fix #8518 (sync requests being cached wrongly on timeout) (#9358)Jonathan de Jong2021-02-241-1/+2
| | | | | | | This fixes #8518 by adding a conditional check on `SyncResult` in a function when `prev_stream_token == current_stream_token`, as a sanity check. In `CachedResponse.set.<remove>()`, the result is immediately popped from the cache if the conditional function returns "false". This prevents the caching of a timed-out `SyncResult` (that has `next_key` as the stream key that produced that `SyncResult`). The cache is prevented from returning a `SyncResult` that makes the client request the same stream key over and over again, effectively making it stuck in a loop of requesting and getting a response immediately for as long as the cache keeps those values. Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>
* Ratelimit cross-user key sharing requests. (#8957)Patrick Cloke2021-02-193-6/+26
|
* Fix style checking due to updated black.Patrick Cloke2021-02-191-2/+1
|
* Be smarter about which hosts to send presence to when processing room joins ↵Andrew Morgan2021-02-191-14/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | (#9402) This PR attempts to eliminate unnecessary presence sending work when your local server joins a room, or when a remote server joins a room your server is participating in by processing state deltas in chunks rather than individually. --- When your server joins a room for the first time, it requests the historical state as well. This chunk of new state is passed to the presence handler which, after filtering that state down to only membership joins, will send presence updates to homeservers for each join processed. It turns out that we were being a bit naive and processing each event individually, and sending out presence updates for every one of those joins. Even if many different joins were users on the same server (hello IRC bridges), we'd send presence to that same homeserver for every remote user join we saw. This PR attempts to deduplicate all of that by processing the entire batch of state deltas at once, instead of only doing each join individually. We process the joins and note down which servers need which presence: * If it was a local user join, send that user's latest presence to all servers in the room * If it was a remote user join, send the presence for all local users in the room to that homeserver We deduplicate by inserting all of those pending updates into a dictionary of the form: ``` { server_name1: {presence_update1, ...}, server_name2: {presence_update1, presence_update2, ...} } ``` Only after building this dict do we then start sending out presence updates.
* Add configs to make profile data more private (#9203)AndrewFerr2021-02-192-1/+17
| | | | | | | Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
* Add back the guard against the user directory stream position not existing. ↵Patrick Cloke2021-02-181-0/+4
| | | | | | (#9428) As the comment says, this guard was there for when the initial user directory update has yet to happen.
* Remove dead notify_for_states presence method (#9408)Andrew Morgan2021-02-171-11/+0
|
* Fix only handling the last presence state for each user (#9425)Andrew Morgan2021-02-171-2/+5
| | | | | | | | | | | | | | This is a small bug that I noticed while working on #8956. We have a for-loop which attempts to strip all presence changes for each user except for the final one, as we don't really care about older presence: https://github.com/matrix-org/synapse/blob/9e19c6aab4b5a99039f2ddc7d3120dd3b26c274b/synapse/handlers/presence.py#L368-L371 `new_states_dict` stores this stripped copy of latest presence state for each user, before it is... put into a new variable `new_state`, which is just overridden by the subsequent for loop. I believe this was instead meant to override `new_states`. Without doing so, it effectively meant: 1. The for loop had no effect. 2. We were still processing old presence state for users.
* Support for form_post in OIDC responses (#9376)Richard van der Hoff2021-02-171-22/+52
| | | Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
* Allow OIDC config to override discovered values (#9384)Richard van der Hoff2021-02-161-9/+18
| | | Fixes #9347
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-1629-212/+331
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Clean up caching/locking of OIDC metadata load (#9362)Richard van der Hoff2021-02-161-36/+53
| | | | Ensure that we lock correctly to prevent multiple concurrent metadata load requests, and generally clean up the way we construct the metadata cache.
* Handle missing data in power levels events during room upgrade. (#9395)Patrick Cloke2021-02-161-5/+8
|
* Remove dead handled_events set in invite_join (#9394)Andrew Morgan2021-02-121-6/+0
| | | | | This PR removes a set that was created and [initially used](https://github.com/matrix-org/synapse/commit/1d2a0040cff8d04cdc7d7d09d8f04a5d628fa9dd#diff-0bc92da3d703202f5b9be2d3f845e375f5b1a6bc6ba61705a8af9be1121f5e42R435-R436), but is no longer today. May help cut down a bit on the time it takes to accept invites.
* Fix some typos.Patrick Cloke2021-02-121-1/+1
|
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-0/+4
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Combine the CAS & SAML implementations for required attributes. (#9326)Patrick Cloke2021-02-113-51/+86
| |
* | Merge pull request #9150 from Yoric/develop-contextDavid Teller2021-02-081-5/+16
|\ \ | | | | | | New API /_synapse/admin/rooms/{roomId}/context/{eventId}
| * | FIXUP: linterDavid Teller2021-01-281-1/+1
| | |
| * | FIXUP: Making get_event_context a bit more paranoidDavid Teller2021-01-281-2/+8
| | |
| * | FIXUP: Removing awaitableDavid Teller2021-01-281-3/+3
| | |
| * | FIXUP: Don't filter events at all for admin/v1/rooms/.../context/...David Teller2021-01-281-6/+4
| | |
| * | New API /_synapse/admin/rooms/{roomId}/context/{eventId}David Teller2021-01-281-2/+9
| | | | | | | | | | | | Signed-off-by: David Teller <davidt@element.io>
* | | Merge remote-tracking branch 'origin/release-v1.27.0' into social_login_hotfixesRichard van der Hoff2021-02-032-4/+12
|\ \ \ | | |/ | |/|
| * | Honour ratelimit flag for application services for invite ratelimiting (#9302)Erik Johnston2021-02-032-4/+12
| | |
* | | Social login UI polish (#9301)Richard van der Hoff2021-02-031-2/+14
| | |
* | | Add debug for OIDC flow (#9307)Richard van der Hoff2021-02-031-15/+25
| | |
* | | Fix formatting for "bad session" error during sso registration flow (#9296)Richard van der Hoff2021-02-031-3/+16
|/ /
* | Add an admin API to get the current room state (#9168)Travis Ralston2021-02-021-1/+1
| | | | | | | | | | This could arguably replace the existing admin API for `/members`, however that is out of scope of this change. This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database.
* | Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-021-1/+1
| |
* | Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-011-4/+4
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-013-11/+96
|\ \
| * | Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+46
| | |
| * | Improve styling and wording of SSO UIA templates (#9286)Richard van der Hoff2021-02-011-1/+3
| | | | | | | | | fixes #9171
| * | Make importing display name and email optional (#9277)Richard van der Hoff2021-02-012-10/+47
| | |
* | | Merge branch 'social_login' into developRichard van der Hoff2021-02-012-18/+99
|\| |
| * | Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-1/+1
| | | | | | | | | | | | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
| * | Improve styling and wording of SSO redirect confirm template (#9272)Richard van der Hoff2021-02-012-2/+32
| | |
| * | Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-011-15/+66
| | | | | | | | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* | | Prevent email UIA failures from raising a LoginError (#9265)Andrew Morgan2021-02-011-10/+0
| | | | | | | | | | | | | | | | | | | | | Context, Fixes: https://github.com/matrix-org/synapse/issues/9263 In the past to fix an issue with old Riots re-requesting threepid validation tokens, we raised a `LoginError` during UIA instead of `InteractiveAuthIncompleteError`. This is now breaking the way Tchap logs in - which isn't standard, but also isn't disallowed by the spec. An easy fix is just to remove the 4 year old workaround.
* | | Ratelimit invites by room and target user (#9258)Erik Johnston2021-01-293-2/+34
| | |
* | | Merge branch 'social_login' into developRichard van der Hoff2021-01-284-26/+40
|\| |
| * | Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-274-2/+12
| | | | | | | | | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
| * | Support for scraping email addresses from OIDC providers (#9245)Richard van der Hoff2021-01-271-24/+28
| | |
* | | Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-281-0/+28
| | |
* | | Add type hints to E2E handler. (#9232)Patrick Cloke2021-01-283-133/+193
| |/ |/| | | This finishes adding type hints to the `synapse.handlers` module.
* | Merge branch 'social_login' into developRichard van der Hoff2021-01-271-5/+18
|\|
| * Implement MSC2858 support (#9183)Richard van der Hoff2021-01-271-5/+18
| | | | | | Fixes #8928.
* | Add type hints to various handlers. (#9223)Patrick Cloke2021-01-269-127/+174
| | | | | | | | With this change all handlers except the e2e_* ones have type hints enabled.
* | Do not require the CAS service URL setting (use public_baseurl instead). (#9199)Patrick Cloke2021-01-261-5/+1
| | | | | | | | The current configuration is handled for backwards compatibility, but is considered deprecated.
* | Precompute joined hosts and store in Redis (#9198)Erik Johnston2021-01-262-0/+47
|/
* Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-205-1/+17
|
* Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-2/+0
|
* Allow moving account data and receipts streams off master (#9104)Erik Johnston2021-01-184-10/+173
|
* Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-182-3/+3
| | | | | | | | | | | | | | | | * Factor out a common TestHtmlParser Looks like I'm doing this in a few different places. * Improve OIDC login test Complete the OIDC login flow, rather than giving up halfway through. * Ensure that OIDC login works with multiple OIDC providers * Fix bugs in handling clientRedirectUrl - don't drop duplicate query-params, or params with no value - allow utf-8 in query-params
* Ensure the user ID is serialized in the payload instead of used as an ↵Patrick Cloke2021-01-181-1/+1
| | | | instance name. (#9130)
* Land support for multiple OIDC providers (#9110)Richard van der Hoff2021-01-151-7/+20
| | | | | | | | | | | | | | | | | | | | | | | This is the final step for supporting multiple OIDC providers concurrently. First of all, we reorganise the config so that you can specify a list of OIDC providers, instead of a single one. Before: oidc_config: enabled: true issuer: "https://oidc_provider" # etc After: oidc_providers: - idp_id: prov1 issuer: "https://oidc_provider" - idp_id: prov2 issuer: "https://another_oidc_provider" The old format is still grandfathered in. With that done, it's then simply a matter of having OidcHandler instantiate a new OidcProvider for each configured provider.
* Store an IdP ID in the OIDC session (#9109)Richard van der Hoff2021-01-151-6/+16
| | | | | Again in preparation for handling more than one OIDC provider, add a new caveat to the macaroon used as an OIDC session cookie, which remembers which OIDC provider we are talking to. In future, when we get a callback, we'll need it to make sure we talk to the right IdP. As part of this, I'm adding an idp_id and idp_name field to the OIDC configuration object. They aren't yet documented, and we'll just use the old values by default.
* Merge pull request #9091 from matrix-org/rav/error_on_bad_ssoRichard van der Hoff2021-01-152-31/+39
|\ | | | | Give the user a better error when they present bad SSO creds
| * Move `complete_sso_ui_auth` into SSOHandlerRichard van der Hoff2021-01-132-28/+13
| | | | | | | | | | since we're hacking on this code anyway, may as well move it out of the cluttered AuthHandler.
| * Give the user a better error when they present bad SSO credsRichard van der Hoff2021-01-131-5/+28
| | | | | | | | | | | | | | | | | | If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO IdP, try to give them a better error. Previously, the UIA would claim to be successful, but then the operation in question would simply fail with "auth fail". Instead, serve up an error page which explains the failure.
* | Split OidcProvider out of OidcHandler (#9107)Richard van der Hoff2021-01-141-98/+148
|/ | | | | | | The idea here is that we will have an instance of OidcProvider for each configured IdP, with OidcHandler just doing the marshalling of them. For now it's still hardcoded with a single provider.
* Extract OIDCProviderConfig objectRichard van der Hoff2021-01-131-17/+20
| | | | | Collect all the config options which related to an OIDC provider into a single object.
* Preparatory refactors of OidcHandler (#9067)Richard van der Hoff2021-01-131-141/+163
| | | | | | | | Some light refactoring of OidcHandler, in preparation for bigger things: * remove inheritance from deprecated BaseHandler * add an object to hold the things that go into a session cookie * factor out a separate class for manipulating said cookies
* Remove user's avatar URL and displayname when deactivated. (#8932)Dirk Klimpel2021-01-122-3/+23
| | | This only applies if the user's data is to be erased.
* UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-123-18/+110
| | | | | | | If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one. There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated. Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
* Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-121-7/+2
| | | Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
* Remove SynapseRequest.get_user_agent (#9069)Richard van der Hoff2021-01-122-5/+6
| | | | | | | | | | | SynapseRequest is in danger of becoming a bit of a dumping-ground for "useful stuff relating to Requests", which isn't really its intention (its purpose is to override render, finished and connectionLost to set up the LoggingContext and write the right entries to the request log). Putting utility functions inside SynapseRequest means that lots of our code ends up requiring a SynapseRequest when there is nothing synapse-specific about the Request at all, and any old twisted.web.iweb.IRequest will do. This increases code coupling and makes testing more difficult. In short: move get_user_agent out to a utility function.
* Allow running sendToDevice on workers (#9044)Erik Johnston2021-01-071-8/+23
|
* Ensure that remote users' device list resyncing always happens on master (#9043)Erik Johnston2021-01-071-4/+13
| | | Currently `DeviceMessageHandler` only ever exists on master, but that is about to change.
* Handle a display name / avatar URL not included in a federation request. (#9023)Patrick Cloke2021-01-061-2/+2
| | | | These may be omitted if not set, but Synapse assumed they would be in the response.
* Implement MSC2176: Updated redaction rules (#8984)Patrick Cloke2021-01-051-1/+1
| | | | An experimental room version ("org.matrix.msc2176") contains the new redaction rules for testing.
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-054-3/+24
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Combine the SSO Redirect Servlets (#9015)Richard van der Hoff2021-01-044-23/+138
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement CasHandler.handle_redirect_request ... to make it match OidcHandler and SamlHandler * Clean up interface for OidcHandler.handle_redirect_request Make it accept `client_redirect_url=None`. * Clean up interface for `SamlHandler.handle_redirect_request` ... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`. * Define a common protocol for SSO auth provider impls * Give SsoIdentityProvider an ID and register them * Combine the SSO Redirect servlets Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP. * changelog
* Add type hints to the receipts and user directory handlers. (#8976)Patrick Cloke2021-01-042-32/+61
|
* Use the SSO handler helpers for CAS registration/login. (#8856)Patrick Cloke2021-01-032-39/+77
|
* Check if group IDs are valid before using them. (#8977)Patrick Cloke2020-12-301-1/+1
|
* Add additional type hints to the storage module. (#8980)Patrick Cloke2020-12-302-4/+2
|
* Add type hints to admin and room list handlers. (#8973)Patrick Cloke2020-12-292-68/+89
|
* Refactor the CAS handler in prep for using the abstracted SSO code. (#8958)Patrick Cloke2020-12-182-66/+158
| | | | | | This makes the CAS handler look more like the SAML/OIDC handlers: * Render errors to users instead of throwing JSON errors. * Internal reorganization.
* Send the location of the web client to the IS when inviting via 3PIDs. (#8930)Patrick Cloke2020-12-181-0/+5
| | | | Adds a new setting `email.invite_client_location` which, if defined, is passed to the identity server during invites.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-182-40/+273
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-8/+24
|
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-182-2/+13
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-172-2/+13
| |
* | Try and drop stale extremities. (#8929)Erik Johnston2020-12-181-1/+1
| | | | | | | | If we see stale extremities while persisting events, and notice that they don't change the result of state resolution, we drop them.
* | Fix a bug that deactivated users appear in the directory (#8933)Dirk Klimpel2020-12-171-2/+6
| | | | | | | | | | | | | | | | | | | | Fixes a bug that deactivated users appear in the directory when their profile information was updated. To change profile information of deactivated users is neccesary for example you will remove displayname or avatar. But they should not appear in directory. They are deactivated. Co-authored-by: Erik Johnston <erikj@jki.re>
* | Push login completion down into SsoHandler (#8941)Richard van der Hoff2020-12-163-82/+75
| | | | | | This is another part of my work towards fixing #8876. It moves some of the logic currently in the SAML and OIDC handlers - in particular the call to `AuthHandler.complete_sso_login` down into the `SsoHandler`.
* | Do not assume that the contents dictionary includes history_visibility. (#8945)Patrick Cloke2020-12-163-8/+10
| |
* | Preparatory refactoring of the SamlHandlerTestCase (#8938)Richard van der Hoff2020-12-151-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | * move simple_async_mock to test_utils ... so that it can be re-used * Remove references to `SamlHandler._map_saml_response_to_user` from tests This method is going away, so we can no longer use it as a test point. Instead, factor out a higher-level method which takes a SAML object, and verify correct behaviour by mocking out `AuthHandler.complete_sso_login`. * changelog
* | Fix startup failure with localdb_enabled: False (#8937)Richard van der Hoff2020-12-141-14/+12
| |
* | Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-119-22/+21
| | | | | | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner.
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-3/+4
| | | | | | | | Fixes #8846.
* | Don't ratelimit autojoining of rooms (#8921)Erik Johnston2020-12-112-11/+17
| | | | | | Fixes #8866
* | Refactor `SsoHandler.get_mxid_from_sso` (#8900)Richard van der Hoff2020-12-102-28/+50
| | | | | | | | | | | | | | * Factor out _call_attribute_mapper and _register_mapped_user This is mostly an attempt to simplify `get_mxid_from_sso`. * Move mapping_lock down into SsoHandler.
* | Simplify the flow for SSO UIA (#8881)Richard van der Hoff2020-12-085-40/+142
| | | | | | | | | | | | | | | | | | * SsoHandler: remove inheritance from BaseHandler * Simplify the flow for SSO UIA We don't need to do all the magic for mapping users when we are doing UIA, so let's factor that out.
* | Merge tag 'v1.24.0rc2' into developPatrick Cloke2020-12-042-6/+23
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.24.0rc2 (2020-12-04) ============================== Bugfixes -------- - Fix a regression in v1.24.0rc1 which failed to allow SAML mapping providers which were unable to redirect users to an additional page. ([\#8878](https://github.com/matrix-org/synapse/issues/8878)) Internal Changes ---------------- - Add support for the `prometheus_client` newer than 0.9.0. Contributed by Jordan Bancino. ([\#8875](https://github.com/matrix-org/synapse/issues/8875))
| * Fix a regression that mapping providers should be able to redirect users. ↵Patrick Cloke2020-12-042-6/+23
| | | | | | | | | | (#8878) This was broken in #8801.
* | Merge pull request #8858 from matrix-org/rav/sso_uiaRichard van der Hoff2020-12-021-15/+43
|\ \ | | | | | | UIA: offer only available auth flows
| * | UIA: offer only available auth flowsRichard van der Hoff2020-12-021-15/+43
| |/ | | | | | | | | | | | | During user-interactive auth, do not offer password auth to users with no password, nor SSO auth to users with no SSO. Fixes #7559.
* / Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-022-4/+4
|/ | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* Fix a regression when grandfathering SAML users. (#8855)Patrick Cloke2020-12-023-47/+52
| | | | | | This was broken in #8801 when abstracting code shared with OIDC. After this change both SAML and OIDC have a concept of grandfathering users, but with different implementations.
* Add basic SAML tests for mapping users. (#8800)Patrick Cloke2020-12-021-1/+1
|
* Create a `PasswordProvider` wrapper object (#8849)Richard van der Hoff2020-12-021-55/+148
| | | | The idea here is to abstract out all the conditional code which tests which methods a given password provider has, to provide a consistent interface.
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-24/+161
| | | | | | | | | | The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
* Don't offer password login when it is disabled (#8835)Richard van der Hoff2020-12-011-1/+9
| | | Fix a minor bug where we would offer "m.login.password" login if a custom auth provider supported it, even if password login was disabled.
* Allow per-room profile to be used for server notice user (#8799)Mathieu Velten2020-11-301-1/+9
| | | | This applies even if the feature is disabled at the server level with `allow_per_room_profiles`. The server notice not being a real user it doesn't have an user profile.
* Simplify the way the `HomeServer` object caches its internal attributes. ↵Jonathan de Jong2020-11-301-1/+2
| | | | | (#8565) Changes `@cache_in_self` to use underscore-prefixed attributes.
* Add `force_purge` option to delete-room admin api. (#8843)Richard van der Hoff2020-11-301-6/+11
|
* Speed up remote invite rejection database call (#8815)Andrew Morgan2020-11-251-5/+11
| | | | | | | | | | | | | This is another PR that grew out of #6739. The existing code for checking whether a user is currently invited to a room when they want to leave the room looks like the following: https://github.com/matrix-org/synapse/blob/f737368a26bb9eea401fcc3a5bdd7e0b59e91f09/synapse/handlers/room_member.py#L518-L540 It calls `get_invite_for_local_user_in_room`, which will actually query *all* rooms the user has been invited to, before iterating over them and matching via the room ID. It will then return a tuple of a lot of information which we pull the event ID out of. I need to do a similar check for knocking, but this code wasn't very efficient. I then tried to write a different implementation using `StateHandler.get_current_state` but this actually didn't work as we haven't *joined* the room yet - we've only been invited to it. That means that only certain tables in Synapse have our desired `invite` membership state. One of those tables is `local_current_membership`. So I wrote a store method that just queries that table instead
* Support trying multiple localparts for OpenID Connect. (#8801)Patrick Cloke2020-11-253-134/+232
| | | | Abstracts the SAML and OpenID Connect code which attempts to regenerate the localpart of a matrix ID if it is already in use.
* Properly report user-agent/IP during registration of SSO users. (#8784)Patrick Cloke2020-11-234-122/+171
| | | | | This also expands type-hints to the SSO and registration code. Refactors the CAS code to more closely match OIDC/SAML.
* Improve logging of the mapping from SSO IDs to Matrix IDs. (#8773)Andrew Morgan2020-11-232-5/+12
|
* Improve error checking for OIDC/SAML mapping providers (#8774)Patrick Cloke2020-11-192-5/+26
| | | | | | Checks that the localpart returned by mapping providers for SAML and OIDC are valid before registering new users. Extends the OIDC tests for existing users and invalid data.
* SAML: Allow specifying the IdP entityid to use. (#8630)Ben Banfield-Zanin2020-11-191-1/+2
| | | | If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication.
* Consistently use room_id from federation request body (#8776)Richard van der Hoff2020-11-191-5/+5
| | | | | | | | | | | | | * Consistently use room_id from federation request body Some federation APIs have a redundant `room_id` path param (see https://github.com/matrix-org/matrix-doc/issues/2330). We should make sure we consistently use either the path param or the body param, and the body param is easier. * Kill off some references to "context" Once upon a time, "rooms" were known as "contexts". I think this kills of the last references to "contexts".
* Improve appservice handler to send only the most recent read receipts when ↵Will Hunt2020-11-182-2/+3
| | | | | | | | | | | | | | | | | | | no stream_id is stored. (#8744) * Make this line debug (it's noisy) * Don't include from_key for presence if we are at 0 * Limit read receipts for all rooms to 100 * changelog.d/8744.bugfix * Allow from_key to be None * Update 8744.bugfix * The from_key is superflous * Update comment
* Abstract shared SSO code. (#8765)Patrick Cloke2020-11-173-113/+146
| | | De-duplicates code between the SAML and OIDC implementations.
* Use TYPE_CHECKING instead of magic MYPY variable. (#8770)Patrick Cloke2020-11-171-3/+2
|
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-179-35/+70
|
* Generalise _locally_reject_invite (#8751)Andrew Morgan2020-11-161-17/+19
| | | | | | | | | `_locally_reject_invite` generates an out-of-band membership event which can be passed to clients, but not other homeservers. This is used when we fail to reject an invite over federation. If this happens, we instead just generate a leave event locally and send it down /sync, allowing clients to reject invites even if we can't reach the remote homeserver. A similar flow needs to be put in place for rescinding knocks. If we're unable to contact any remote server from the room we've tried to knock on, we'd still like to generate and store the leave event locally. Hence the need to reuse, and thus generalise, this method. Separated from #6739.
* Generalise _maybe_store_room_on_invite (#8754)Andrew Morgan2020-11-131-4/+6
| | | | | | | | | There's a handy function called maybe_store_room_on_invite which allows us to create an entry in the rooms table for a room and its version for which we aren't joined to yet, but we can reference when ingesting events about. This is currently used for invites where we receive some stripped state about the room and pass it down via /sync to the client, without us being in the room yet. There is a similar requirement for knocking, where we will eventually do the same thing, and need an entry in the rooms table as well. Thus, reusing this function works, however its name needs to be generalised a bit. Separated out from #6739.
* Catch exceptions in password_providers (#8636)Nicolai Søborg2020-11-111-4/+9
| | | Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
* Block clients from sending server ACLs that lock the local server out. (#8708)Erik Johnston2020-11-031-0/+3
| | | Fixes #4042
* Improve error messages of non-str displayname/avatar_url (#8705)Andrew Morgan2020-11-021-2/+6
| | | | | | | | This PR fixes two things: * Corrects the copy/paste error of telling the client their displayname is wrong when they are submitting an `avatar_url`. * Returns a `M_INVALID_PARAM` instead of `M_UNKNOWN` for non-str type parameters. Reported by @t3chguy.
* Add ability for access tokens to belong to one user but grant access to ↵Erik Johnston2020-10-292-6/+9
| | | | | | | | | | another user. (#8616) We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
* Fix cache call signature to accept `on_invalidate`. (#8684)Erik Johnston2020-10-291-5/+7
| | | Cached functions accept an `on_invalidate` function, which we failed to add to the type signature. It's rarely used in the files that we have typed, which is why we haven't noticed it before.
* Optimise createRoom with multiple invites (#8559)Richard van der Hoff2020-10-292-13/+24
| | | | | By not dropping the membership lock between invites, we can stop joins from grabbing the lock when we're half-done and slowing the whole thing down.
* Merge pull request #8678 from matrix-org/rav/fix_frozen_eventsRichard van der Hoff2020-10-281-3/+2
|\ | | | | Fix serialisation errors when using third-party event rules.
| * Remove frozendict_json_encoder and support frozendicts everywhereRichard van der Hoff2020-10-281-3/+2
| | | | | | | | | | | | Not being able to serialise `frozendicts` is fragile, and it's annoying to have to think about which serialiser you want. There's no real downside to supporting frozendicts, so let's just have one json encoder.
* | Add type hints to application services. (#8655)Patrick Cloke2020-10-282-41/+57
| |
* | Abstract code for stripping room state into a separate method (#8671)Andrew Morgan2020-10-271-28/+7
| | | | | | | | | | | | | | | | | | | | | | This is a requirement for [knocking](https://github.com/matrix-org/synapse/pull/6739), and is abstracting some code that was originally used by the invite flow. I'm separating it out into this PR as it's a fairly contained change. For a bit of context: when you invite a user to a room, you send them [stripped state events](https://matrix.org/docs/spec/server_server/unstable#put-matrix-federation-v2-invite-roomid-eventid) as part of `invite_room_state`. This is so that their client can display useful information such as the room name and avatar. The same requirement applies to knocking, as it would be nice for clients to be able to display a list of rooms you've knocked on - room name and avatar included. The reason we're sending membership events down as well is in the case that you are invited to a room that does not have an avatar or name set. In that case, the client should use the displayname/avatar of the inviter. That information is located in the inviter's membership event. This is optional as knocks don't really have any user in the room to link up to. When you knock on a room, your knock is sent by you and inserted into the room. It wouldn't *really* make sense to show the avatar of a random user - plus it'd be a data leak. So I've opted not to send membership events to the client here. The UX on the client for when you knock on a room without a name/avatar is a separate problem. In essence this is just moving some inline code to a reusable store method.
* | Don't unnecessarily start bg process while handling typing. (#8668)Erik Johnston2020-10-271-8/+13
| | | | | | There's no point starting a background process when all its going to do is bail if federation isn't enabled.
* | e2e: ensure we have both master and self-signing key (#8455)Jonas Jelten2020-10-261-5/+22
| | | | | | | | | | | | | | it seems to be possible that only one of them ends up to be cached. when this was the case, the missing one was not fetched via federation, and clients then failed to validate cross-signed devices. Signed-off-by: Jonas Jelten <jj@sft.lol>
* | Add type hints for account validity handler (#8620)Patrick Cloke2020-10-262-8/+25
| | | | | | This also fixes a bug by fixing handling of an account which doesn't expire.
* | Merge branch 'release-v1.22.0' into developErik Johnston2020-10-261-3/+4
|\|
| * Fix get|set_type_stream_id_for_appservice store functions (#8648)Will Hunt2020-10-261-6/+6
| |
| * Properly handle presence events for application services. (#8656)Patrick Cloke2020-10-261-4/+5
| |
* | Fix get|set_type_stream_id_for_appservice store functions (#8648)Will Hunt2020-10-261-6/+6
| |
* | Check status codes that profile handler returns (#8580)LEdoian2020-10-261-0/+7
| | | | | | | | | | | | | | Fixes #8520 Signed-off-by: Pavel Turinsky <pavel.turinsky@matfyz.cz> Co-authored-by: Erik Johnston <erikj@jki.re>
* | Start fewer opentracing spans (#8640)Erik Johnston2020-10-261-7/+43
| | | | | | | | | | | | | | #8567 started a span for every background process. This is good as it means all Synapse code that gets run should be in a span (unless in the sentinel logging context), but it means we generate about 15x the number of spans as we did previously. This PR attempts to reduce that number by a) not starting one for send commands to Redis, and b) deferring starting background processes until after we're sure they're necessary. I don't really know how much this will help.
* | Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-2314-26/+26
| |
* | Fix handling of User-Agent headers with bad utf-8. (#8632)Erik Johnston2020-10-234-12/+4
| |
* | Don't 500 for invalid group IDs (#8628)Erik Johnston2020-10-221-1/+4
|/
* Add type hints to profile and base handlers. (#8609)Patrick Cloke2020-10-213-37/+65
|
* Consistently use wrap_as_background_task in more places (#8599)Patrick Cloke2020-10-202-16/+6
|
* Fix mypy error: auth handler "checkpw" internal function type mismatch (#8569)Jonathan de Jong2020-10-191-3/+5
|
* Fix modifying events in `ThirdPartyRules` modules (#8564)Richard van der Hoff2020-10-161-1/+6
| | | EventBuilder.build wants auth events these days
* Merge pull request #8535 from matrix-org/rav/third_party_events_updatesRichard van der Hoff2020-10-152-71/+74
|\ | | | | Support modifying event content from ThirdPartyRules modules
| * Allow ThirdPartyRules modules to replace event contentRichard van der Hoff2020-10-131-2/+62
| | | | | | | | Support returning a new event dict from `check_event_allowed`.
| * Move third_party_rules check to event creation timeRichard van der Hoff2020-10-132-52/+13
| | | | | | | | | | Rather than waiting until we handle the event, call the ThirdPartyRules check when we fist create the event.
| * Remove redundant calls to third_party_rules in `on_send_{join,leave}`Richard van der Hoff2020-10-131-19/+1
| | | | | | | | | | There's not much point in calling these *after* we have decided to accept them into the DAG.
* | Send some ephemeral events to appservices (#8437)Will Hunt2020-10-154-7/+169
| | | | | | Optionally sends typing, presence, and read receipt information to appservices.
* | Merge pull request #8537 from matrix-org/rav/simplify_locally_reject_inviteRichard van der Hoff2020-10-153-52/+38
|\ \ | | | | | | Simplify `_locally_reject_invite`
| * | Simplify `_locally_reject_invite`Richard van der Hoff2020-10-132-45/+35
| | | | | | | | | | | | | | | Update `EventCreationHandler.create_event` to accept an auth_events param, and use it in `_locally_reject_invite` instead of reinventing the wheel.
| * | Remove redundant `token_id` parameter to create_eventRichard van der Hoff2020-10-133-7/+3
| |/ | | | | | | this is always the same as requester.access_token_id.
* / Fix not sending events over federation when using sharded event persisters ↵Erik Johnston2020-10-141-4/+7
|/ | | | | | | | | | | | | | | | | (#8536) * Fix outbound federaion with multiple event persisters. We incorrectly notified federation senders that the minimum persisted stream position had advanced when we got an `RDATA` from an event persister. Notifying of federation senders already correctly happens in the notifier, so we just delete the offending line. * Change some interfaces to use RoomStreamToken. By enforcing use of `RoomStreamTokens` we make it less likely that people pass in random ints that they got from somewhere random.
* Move additional tasks to the background worker, part 4 (#8513)Patrick Cloke2020-10-135-30/+24
|
* Fix message duplication if something goes wrong after persisting the event ↵Erik Johnston2020-10-133-12/+58
| | | | | (#8476) Should fix #3365.
* Add type hints to response cache. (#8507)Patrick Cloke2020-10-093-6/+10
|
* Allow modules to create and send events into rooms (#8479)Andrew Morgan2020-10-091-6/+5
| | | | | This PR allows Synapse modules making use of the `ModuleApi` to create and send non-membership events into a room. This can useful to have modules send messages, or change power levels in a room etc. Note that they must send event through a user that's already in the room. The non-membership event limitation is currently arbitrary, as it's another chunk of work and not necessary at the moment.
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-099-44/+11
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Add type hints to some handlers (#8505)Patrick Cloke2020-10-095-19/+49
|
* Add typing information to the device handler. (#8407)Patrick Cloke2020-10-071-35/+54
|
* Fix returning incorrect prev_batch token in incremental sync (#8486)Erik Johnston2020-10-071-1/+6
|
* Add support for MSC2697: Dehydrated devices (#8380)Hubert Chathi2020-10-071-2/+82
| | | | This allows a user to store an offline device on the server and then restore it at a subsequent login.
* Merge pull request #8463 from matrix-org/rav/clean_up_event_handlingRichard van der Hoff2020-10-073-90/+78
|\ | | | | Reduce inconsistencies between codepaths for membership and non-membership events.
| * update wordingRichard van der Hoff2020-10-071-2/+3
| |
| * kill off `send_nonmember_event`Richard van der Hoff2020-10-052-51/+27
| | | | | | | | This is now redundant, and we can just call `handle_new_client_event` directly.
| * pull up event.sender assertionRichard van der Hoff2020-10-052-4/+5
| |
| * Move shadow-ban check down into `handle_new_client_event`.Richard van der Hoff2020-10-051-8/+24
| |
| * De-duplicate duplicate handlingRichard van der Hoff2020-10-052-38/+32
| | | | | | | | | | move the "duplicate state event" handling down into `handle_new_client_event` where it can be shared between multiple call paths.
* | Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464)Richard van der Hoff2020-10-071-0/+7
| | | | | | | | | | Lots of different module apis is not easy to maintain. Rather than adding yet another ModuleApi(hs, hs.get_auth_handler()) incantation, first add an hs.get_module_api() method and use it where possible.
* | Add support for MSC2732: olm fallback keys (#8312)Hubert Chathi2020-10-062-0/+24
|/
* Allow ThirdPartyEventRules modules to manipulate public room state (#8292)Andrew Morgan2020-10-052-0/+19
| | | | | This PR allows `ThirdPartyEventRules` modules to view, manipulate and block changes to the state of whether a room is published in the public rooms directory. While the idea of whether a room is in the public rooms list is not kept within an event in the room, `ThirdPartyEventRules` generally deal with controlling which modifications can happen to a room. Public rooms fits within that idea, even if its toggle state isn't controlled through a state event.
* Remove stream ordering from Metadata dict (#8452)Richard van der Hoff2020-10-053-7/+13
| | | | | | | | There's no need for it to be in the dict as well as the events table. Instead, we store it in a separate attribute in the EventInternalMetadata object, and populate that on load. This means that we can rely on it being correctly populated for any event which has been persited to the database.
* Do not assume that account data is of the correct form. (#8454)Patrick Cloke2020-10-052-11/+14
| | | | This fixes a bug where `m.ignored_user_list` was assumed to be a dict, leading to odd behavior for users who set it to something else.
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-022-2/+2
|
* Add config option for always using "userinfo endpoint" for OIDC (#7658)BBBSnowball2020-10-011-4/+7
| | | This allows for connecting to certain IdPs, e.g. GitLab.
* Enable mypy checking for unreachable code and fix instances. (#8432)Patrick Cloke2020-10-014-5/+3
|
* Make token serializing/deserializing async (#8427)Erik Johnston2020-09-305-20/+22
| | | The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-302-4/+112
|
* Merge pull request #8420 from matrix-org/rav/state_res_statsRichard van der Hoff2020-09-301-5/+8
|\ | | | | Report metrics on expensive rooms for state res
| * Move `resolve_events_with_store` into StateResolutionHandlerRichard van der Hoff2020-09-291-5/+8
| |
* | Various clean ups to room stream tokens. (#8423)Erik Johnston2020-09-296-16/+22
|/
* Mypy fixes for `synapse.handlers.federation` (#8422)Richard van der Hoff2020-09-291-4/+9
| | | For some reason, an apparently unrelated PR upset mypy about this module. Here are a number of little fixes.
* Fix handling of connection timeouts in outgoing http requests (#8400)Richard van der Hoff2020-09-291-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove `on_timeout_cancel` from `timeout_deferred` The `on_timeout_cancel` param to `timeout_deferred` wasn't always called on a timeout (in particular if the canceller raised an exception), so it was unreliable. It was also only used in one place, and to be honest it's easier to do what it does a different way. * Fix handling of connection timeouts in outgoing http requests Turns out that if we get a timeout during connection, then a different exception is raised, which wasn't always handled correctly. To fix it, catch the exception in SimpleHttpClient and turn it into a RequestTimedOutError (which is already a documented exception). Also add a description to RequestTimedOutError so that we can see which stage it failed at. * Fix incorrect handling of timeouts reading federation responses This was trapping the wrong sort of TimeoutError, so was never being hit. The effect was relatively minor, but we should fix this so that it does the expected thing. * Fix inconsistent handling of `timeout` param between methods `get_json`, `put_json` and `delete_json` were applying a different timeout to the response body to `post_json`; bring them in line and test. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Erik Johnston <erik@matrix.org>
* A pair of tiny cleanups in the federation request code. (#8401)Richard van der Hoff2020-09-281-1/+1
|
* Allow existing users to login via OpenID Connect. (#8345)Tdxdxoz2020-09-251-15/+27
| | | | | | | Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com> This adds configuration flags that will match a user to pre-existing users when logging in via OpenID Connect. This is useful when switching to an existing SSO system.
* Add EventStreamPosition type (#8388)Erik Johnston2020-09-243-14/+18
| | | | | | | | | | | | | | The idea is to remove some of the places we pass around `int`, where it can represent one of two things: 1. the position of an event in the stream; or 2. a token that partitions the stream, used as part of the stream tokens. The valid operations are then: 1. did a position happen before or after a token; 2. get all events that happened before or after a token; and 3. get all events between two tokens. (Note that we don't want to allow other operations as we want to change the tokens to be vector clocks rather than simple ints)
* Factor out `_send_dummy_event_for_room` (#8370)Richard van der Hoff2020-09-231-48/+54
| | | this makes it possible to use from the manhole, and seems cleaner anyway.
* Create function to check for long names in devices (#8364)Dionysis Grigoropoulos2020-09-221-6/+24
| | | | | | | | | * Create a new function to verify that the length of a device name is under a certain threshold. * Refactor old code and tests to use said function. * Verify device name length during registration of device * Add a test for the above Signed-off-by: Dionysis Grigoropoulos <dgrig@erethon.com>
* Fix a bad merge from release-v1.20.0. (#8354)Patrick Cloke2020-09-181-1/+1
|
* Merge tag 'v1.20.0rc5' into developPatrick Cloke2020-09-182-12/+61
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.20.0rc5 (2020-09-18) ============================== In addition to the below, Synapse 1.20.0rc5 also includes the bug fix that was included in 1.19.3. Features -------- - Add flags to the `/versions` endpoint for whether new rooms default to using E2EE. ([\#8343](https://github.com/matrix-org/synapse/issues/8343)) Bugfixes -------- - Fix rate limiting of federation `/send` requests. ([\#8342](https://github.com/matrix-org/synapse/issues/8342)) - Fix a longstanding bug where back pagination over federation could get stuck if it failed to handle a received event. ([\#8349](https://github.com/matrix-org/synapse/issues/8349)) Internal Changes ---------------- - Blacklist [MSC2753](https://github.com/matrix-org/matrix-doc/pull/2753) SyTests until it is implemented. ([\#8285](https://github.com/matrix-org/synapse/issues/8285))
| * Intelligently select extremities used in backfill. (#8349)Erik Johnston2020-09-182-12/+61
| | | | | | | | | | | | | | | | | | Instead of just using the most recent extremities let's pick the ones that will give us results that the pagination request cares about, i.e. pick extremities only if they have a smaller depth than the pagination token. This is useful when we fail to backfill an extremity, as we no longer get stuck requesting that same extremity repeatedly.
* | Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-1820-23/+23
| | | | | | | | | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
* | Switch metaclass initialization to python 3-compatible syntax (#8326)Jonathan de Jong2020-09-161-3/+1
| |
* | Use slots in attrs classes where possible (#8296)Patrick Cloke2020-09-146-29/+15
| | | | | | | | | | slots use less memory (and attribute access is faster) while slightly limiting the flexibility of the class attributes. This focuses on objects which are instantiated "often" and for short periods of time.
* | Improve SAML error messages (#8248)Patrick Cloke2020-09-142-61/+112
| |
* | Add experimental support for sharding event persister. Again. (#8294)Erik Johnston2020-09-144-32/+47
| | | | | | | | | | | | This is *not* ready for production yet. Caveats: 1. We should write some tests... 2. The stream token that we use for events can get stalled at the minimum position of all writers. This means that new events may not be processed and e.g. sent down sync streams if a writer isn't writing or is slow.
* | Make `StreamToken.room_key` be a `RoomStreamToken` instance. (#8281)Erik Johnston2020-09-117-27/+26
| |
* | Clean up `Notifier.on_new_room_event` code path (#8288)Erik Johnston2020-09-102-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | The idea here is that we pass the `max_stream_id` to everything, and only use the stream ID of the particular event to figure out *when* the max stream position has caught up to the event and we can notify people about it. This is to maintain the distinction between the position of an item in the stream (i.e. event A has stream ID 513) and a token that can be used to partition the stream (i.e. give me all events after stream ID 352). This distinction becomes important when the tokens are more complicated than a single number, which they will be once we start tracking the position of multiple writers in the tokens. The valid operations here are: 1. Is a position before or after a token 2. Fetching all events between two tokens 3. Merging multiple tokens to get the "max", i.e. `C = max(A, B)` means that for all positions P where P is before A *or* before B, then P is before C. Future PR will change the token type to a dedicated type.
* | Remove some unused distributor signals (#8216)Patrick Cloke2020-09-094-93/+5
| | | | | | | | | | Removes the `user_joined_room` and stops calling it since there are no observers. Also cleans-up some other unused signals and related code.
* | Fixup pusher pool notifications (#8287)Erik Johnston2020-09-092-2/+2
| | | | | | | | | | `pusher_pool.on_new_notifications` expected a min and max stream ID, however that was not what we were passing in. Instead, let's just pass it the current max stream ID and have it track the last stream ID it got passed. I believe that it mostly worked as we called the function for every event. However, it would break for events that got persisted out of order, i.e, that were persisted but the max stream ID wasn't incremented as not all preceding events had finished persisting, and push for that event would be delayed until another event got pushed to the effected users.