| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Make `get_room_version` return a RoomVersion object
|
| | |
| |
| |
| |
| | |
... to make way for a forthcoming get_room_version which returns a RoomVersion
object.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
| |
Fixes a bug where the alias would be added, but `PUT /directory/room/<alias>`
would return a 403.
|
| | |
|
| |
|
|
| |
I'm going to need another copy (hah!) of this.
|
| |
|
|
| |
We ended up only returning a single device, rather than all of them.
|
| |
|
|
| |
We just mark the fact that the cache may be stale in the database for
now.
|
| |
|
|
|
|
|
| |
These are easier to work with than the strings and we normally have one around.
This fixes `FederationHander._persist_auth_tree` which was passing a
RoomVersion object into event_auth.check instead of a string.
|
| |
|
| |
This is so that we don't have to rely on pulling it out from `current_state_events` table.
|
| | |
|
| | |
|
| |
|
| |
So we can debug issues like #6683 more easily
|
| |\
| |
| | |
Fix instantiation of message retention purge jobs
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When figuring out which topological token to start a purge job at, we
need to do the following:
1. Figure out a timestamp before which events will be purged
2. Select the first stream ordering after that timestamp
3. Select info about the first event after that stream ordering
4. Build a topological token from that info
In some situations (e.g. quiet rooms with a short max_lifetime), there
might not be an event after the stream ordering at step 3, therefore we
abort the purge with the error `No event found`. To mitigate that, this
patch fetches the first event _before_ the stream ordering, instead of
after.
|
| |\ \
| | |
| | | |
Log saml assertions rather than the whole response
|
| | | |
| | |
| | |
| | |
| | |
| | | |
... since the whole response is huge.
We even need to break up the assertions, since kibana otherwise truncates them.
|
| |/ /
| |
| | |
Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Port synapse.replication.tcp to async/await
* Newsfile
* Correctly document type of on_<FOO> functions as async
* Don't be overenthusiastic with the asyncing....
|
| |/
|
|
|
|
|
| |
Currently we rely on `current_state_events` to figure out what rooms a
user was in and their last membership event in there. However, if the
server leaves the room then the table may be cleaned up and that
information is lost. So lets add a table that separately holds that
information.
|
| |
|
| |
This is pretty pointless. Let's just use SynapseError.
|
| |
|
|
| |
Fix a bug where we would assign a numeric userid if somebody tried registering
with an empty username
|
| | |
|
| |
|
|
|
| |
... for consistency with other modules, and because we'll need it sooner or
later and it will be a pain to introduce later.
|
| |
|
| |
Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
|
| |
|
|
|
| |
e.g. if remote returns a 404 then that shouldn't be treated as an error
but should be proxied through.
|
| |\
| |
| | |
Fix conditions failing if min_depth = 0
|
| | |
| |
| |
| | |
This could result in Synapse not fetching prev_events for new events in the room if it has missed some events.
|
| |\ \
| | |
| | | |
Remove a bunch of unused code from event creation
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
create_new_client_event
|
| | | |
| | |
| | |
| | | |
... to make way for a new method which just returns the event ids
|
| | | |
| | |
| | |
| | | |
Fixes #4026
|
| |/ /
| |
| |
| | |
(#6640)
|
| |/
|
|
|
|
| |
upgrade (#6633)
Modify a copy of an upgraded room's PL before sending to the new room
|
| |\ |
|
| | |
| |
| | |
Fixes #6575
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
This encapsulates config for a given database and is the way to get new
connections.
|
| |\| |
|
| | |\
| | |
| | | |
Use the filtered version of an event when responding to /context requests for that event
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
for that event
Sometimes the filtering function can return a pruned version of an event (on top of either the event itself or an empty list), if it thinks the user should be able to see that there's an event there but not the content of that event. Therefore, the previous logic of 'if filtered is empty then we can use the event we retrieved from the database' is flawed, and we should use the event returned by the filtering function.
|
| | | |
| | |
| | |
| | |
| | | |
(#6527)
This fixes a weird bug where, if you were determined enough, you could end up with a rejected event forming part of the state at a backwards-extremity. Authing that backwards extrem would then lead to us trying to pull the rejected event from the db (with allow_rejected=False), which would fail with a 404.
|
| | | |
| | |
| | |
| | | |
The main point here is to make sure that the state returned by _get_state_in_room has been authed before we try to use it as state in the room.
|
| | | |
| | |
| | |
| | |
| | | |
When we perform state resolution, check that all of the events involved are in
the right room.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we request the state/auth_events to populate a backwards extremity (on
backfill or in the case of missing events in a transaction push), we should
check that the returned events are in the right room rather than blindly using
them in the room state or auth chain.
Given that _get_events_from_store_or_dest takes a room_id, it seems clear that
it should be sanity-checking the room_id of the requested events, so let's do
it there.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Make it return the state *after* the requested event, rather than the one
before it. This is a bit easier and requires fewer calls to
get_events_from_store_or_dest.
|
| | |/
| |
| |
| |
| | |
This is a non-functional refactor as a precursor to some other work.
|
| | |
| |
| | |
Remove unused get_pagination_rows methods
|
| | | |
|
| | |
| |
| |
| |
| | |
(#6527)
This fixes a weird bug where, if you were determined enough, you could end up with a rejected event forming part of the state at a backwards-extremity. Authing that backwards extrem would then lead to us trying to pull the rejected event from the db (with allow_rejected=False), which would fail with a 404.
|
| | |
| |
| | |
The main point here is to make sure that the state returned by _get_state_in_room has been authed before we try to use it as state in the room.
|
| | |
| |
| |
| |
| |
| |
| | |
When we perform state resolution, check that all of the events involved are in
the right room.
|
| |\ \
| | |
| | | |
Port synapse.handlers.initial_sync to async/await
|
| | |\ \
| | | |
| | | |
| | | | |
erikj/initial_sync_asnyc
|
| | | | | |
|
| | | | | |
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we request the state/auth_events to populate a backwards extremity (on
backfill or in the case of missing events in a transaction push), we should
check that the returned events are in the right room rather than blindly using
them in the room state or auth chain.
Given that _get_events_from_store_or_dest takes a room_id, it seems clear that
it should be sanity-checking the room_id of the requested events, so let's do
it there.
|
| | | |
| | |
| | |
| | |
| | | |
Make it return the state *after* the requested event, rather than the one
before it. This is a bit easier and requires fewer calls to
get_events_from_store_or_dest.
|
| |\ \ \
| | | |
| | | | |
Port some of FederationHandler to async/await
|
| | | | |
| | | |
| | | |
| | | | |
also fix user_joined_room to consistently return deferreds
|
| | | | |
| | | |
| | | |
| | | | |
... and _get_events_from_store_or_dest
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
and associated functions:
* on_receive_pdu
* handle_queued_pdus
* get_missing_events_for_pdu
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PaginationHandler.get_messages is only called by RoomMessageListRestServlet,
which is async.
Chase the code path down from there:
- FederationHandler.maybe_backfill (and nested try_backfill)
- FederationHandler.backfill
|
| |\ \ \ \
| |/ / /
|/| | | |
Port handlers.account_validity to async/await.
|
| | | | | |
|
| | | |/
| |/| |
|
| | | |
| | |
| | |
| | | |
This just makes some of the logging easier to follow when things start going
wrong.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This is a non-functional refactor as a precursor to some other work.
|
| | | | |
|
| |\ \ \
| |/ /
|/| /
| |/ |
Remove SnapshotCache in favour of ResponseCache
|
| | | |
|
| |/
|
| |
Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression.
|
| |\
| |
| | |
Pull out room_invite_state_types config option once.
|
| | |
| |
| |
| | |
Pulling things out of config is currently surprisingly expensive.
|
| |\ \
| |/
|/| |
Port SyncHandler to async/await
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
replace the event_info dict with an attrs thing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
_update_auth_events_and_context_for_auth (#6468)
have_events was a map from event_id to rejection reason (or None) for events
which are in our local database. It was used as filter on the list of
event_ids being passed into get_events_as_list. However, since
get_events_as_list will ignore any event_ids that are unknown or rejected, we
can equivalently just leave it to get_events_as_list to do the filtering.
That means that we don't have to keep `have_events` up-to-date, and can use
`have_seen_events` instead of `get_seen_events_with_rejection` in the one place
we do need it.
|
| |\
| |
| | |
Fix issue #6406 parameter mismatch
|
| | |
| |
| |
| | |
Signed-off-by: Syam G Krishnan <syamgk01@gmail.com>
|
| |\ \
| | |
| | | |
Filter state, events_before and events_after in /context requests
|
| | |\ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
While the current version of the spec doesn't say much about how this endpoint uses filters (see https://github.com/matrix-org/matrix-doc/issues/2338), the current implementation is that some fields of an EventFilter apply (the ones that are used when running the SQL query) and others don't (the ones that are used by the filter itself) because we don't call event_filter.filter(...). This seems counter-intuitive and probably not what we want so this commit fixes it.
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are:
* the feature is hidden behind a configuration flag (`enable_ephemeral_messages`)
* self-destruction doesn't happen for state events
* only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one)
* doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
|
| | |/
|/| |
|
| |\ \
| | |
| | | |
Implement MSC 2367 - Membership Reasons
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Purge jobs don't delete the latest event in a room in order to keep the forward extremity and not break the room. On the other hand, get_state_events, when given an at_token argument calls filter_events_for_client to know if the user can see the event that matches that (sync) token. That function uses the retention policies of the events it's given to filter out those that are too old from a client's view.
Some clients, such as Riot, when loading a room, request the list of members for the latest sync token it knows about, and get confused to the point of refusing to send any message if the server tells it that it can't get that information. This can happen very easily with the message retention feature turned on and a room with low activity so that the last event sent becomes too old according to the room's retention policy.
An easy and clean fix for that issue is to discard the room's retention policies when retrieving state.
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Implement message retention policies (MSC1763)
|
| | |\ \ |
|
| | | | | |
|
| | | | | |
|
| | | |/
| |/| |
|
| |\ \ \
| |_|/
|/| | |
Refactor _update_auth_events_and_context_for_auth
|
| | | | |
|
| | |\ \ |
|
| | | | |
| | | |
| | | |
| | | | |
It's more efficient and clearer.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
move event_key calculation into _update_context_for_auth_events, since it's
only used there.
|
| |\ \ \ \
| | | | |
| | | | | |
Fix caching devices for remote servers in worker.
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When the `/keys/query` API is hit on client_reader worker Synapse may
decide that it needs to resync some remote deivces. Usually this happens
on master, and then gets cached. However, that fails on workers and so
it falls back to fetching devices from remotes directly, which may in
turn fail if the remote is down.
|
| | | | | |
|
| |\ \ \ \
| |_|_|/
|/| | | |
Only do `rc_login` ratelimiting on succesful login.
|
| | | | |
| | | |
| | | |
| | | | |
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-Authored-By: Brendan Abolivier <babolivier@matrix.org>
|
| | | | | |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were doing this in a number of places which meant that some login
code paths incremented the counter multiple times.
It was also applying ratelimiting to UIA endpoints, which was probably
not intentional.
In particular, some custom auth modules were calling
`check_user_exists`, which incremented the counters, meaning that people
would fail to login sometimes.
|
| | |/
|/| |
|
| |\ \
| | |
| | | |
Split purge API into events vs state and add PurgeEventsStorage
|
| | |\|
| | |
| | |
| | | |
erikj/split_purge_history
|
| | |\ \
| | | |
| | | |
| | | | |
erikj/split_purge_history
|
| | | | | |
|
| |\ \ \ \ |
|
| | | | | | |
|
| | | |_|/
| |/| | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
(#6320)
Fixes a bug where rejected events were persisted with the wrong state group.
Also fixes an occasional internal-server-error when receiving events over
federation which are rejected and (possibly because they are
backwards-extremities) have no prev_group.
Fixes #6289.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Raise an exception if accessing state for rejected events
Add some sanity checks on accessing state_group etc for
rejected events.
* Skip calculating push actions for rejected events
It didn't actually cause any bugs, because rejected events get filtered out at
various later points, but there's not point in trying to calculate the push
actions for a rejected event.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The intention here is to make it clearer which fields we can expect to be
populated when: notably, that the _event_type etc aren't used for the
synchronous impl of EventContext.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy.
The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`.
The proxy will then be used for
* push
* url previews
* phone-home stats
* recaptcha validation
* CAS auth validation
It will *not* be used for:
* Application Services
* Identity servers
* Outbound federation
* In worker configurations, connections from workers to masters
Fixes #4198.
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | |/
| |/|
| | | |
* update version of black and also fix the mypy config being overridden
|
| | |\ \
| | | |
| | | | |
Add StateGroupStorage interface
|
| | | |/ |
|
| | |/
| |
| | |
Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
|
| |\| |
|
| | |\
| | |
| | |
| | | |
erikj/split_out_persistence_store
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.
|
| | | |
| | |
| | |
| | |
| | | |
Turns out that fetching variables from the config object is expensive,
so doing it once at startup avoids unnecessary work.
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Cross-signing [3/4] -- uploading signatures edition
|
| | |\ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |\ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |_|/
|/| |
| | | |
This method was somewhat redundant, and confusing.
|
| |\ \ \ |
|
| | |\ \ \ |
|
| | |\ \ \ \
| | |_|/ /
| |/| | /
| | | |/
| | |/| |
|
| | |\ \ \ |
|
| | |\ \ \ \ |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | |\ \ \ \ \ |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | |_|_|_|_|/
| |/| | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* Fix presence timeouts when synchrotron restarts.
Handling timeouts would fail if there was an external process that had
timed out, e.g. a synchrotron restarting. This was due to a couple of
variable name typoes.
Fixes #3715.
|
| |\| | | | | | |
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
make storage layer in charge of interpreting the device key data
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
make version optional in body of e2e backup version update
|
| | | |/ / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | | |
to agree with latest version of the MSC
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
The only possible rejection reason is AUTH_ERROR, so all of this is unreachable.
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Hopefully this will fix the occasional failures we were seeing in the room directory.
The problem was that events are not necessarily persisted (and `current_state_delta_stream` updated) in the same order as their stream_id. So for instance current_state_delta 9 might be persisted *before* current_state_delta 8. Then, when the room stats saw stream_id 9, it assumed it had done everything up to 9, and never came back to do stream_id 8.
We can solve this easily by only processing up to the stream_id where we know all events have been persisted.
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It turns out that _local_membership_update doesn't run when you join a new, remote room. It only runs if you're joining a room that your server already knows about. This would explain #4703 and #5295 and why the transfer would work in testing and some rooms, but not others. This would especially hit single-user homeservers.
The check has been moved to right after the room has been joined, and works much more reliably. (Though it may still be a bit awkward of a place).
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Remove unused public room list timeout param
* Add changelog
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Don't regenerate numeric user ID if registration fails.
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This causes huge amounts of DB IO if registrations start to fail e.g.
because the DB is struggling with IO.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
test (#6167)
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Don't 500 when trying to exchange a revoked 3PID invite
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
While this is not documented in the spec (but should be), Riot (and other clients) revoke 3PID invites by sending a m.room.third_party_invite event with an empty ({}) content to the room's state.
When the invited 3PID gets associated with a MXID, the identity server (which doesn't know about revocations) sends down to the MXID's homeserver all of the undelivered invites it has for this 3PID. The homeserver then tries to talk to the inviting homeserver in order to exchange these invite for m.room.member events.
When one of the invite is revoked, the inviting homeserver responds with a 500 error because it tries to extract a 'display_name' property from the content, which is empty. This might cause the invited server to consider that the server is down and not try to exchange other, valid invites (or at least delay it).
This fix handles the case of revoked invites by avoiding trying to fetch a 'display_name' from the original invite's content, and letting the m.room.member event fail the auth rules (because, since the original invite's content is empty, it doesn't have public keys), which results in sending a 403 with the correct error message to the invited server.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We incorrectly used `room_id` as to bound the result set, even though we
order by `joined_members, room_id`, leading to incorrect results after
pagination.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Use room_stats and room_state for room directory search
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Copy push rules during a room upgrade from the old room to the new room, instead of deleting them from the old room.
For instance, we've defined upgrading of a room multiple times to be possible, and push rules won't be transferred on the second upgrade if they're deleted during the first.
Also fix some missing yields that probably broke things quite a bit.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | | |
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | |
| | | | | |
| | | | | | |
Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | | |
Just to have all the methods that make calls to identity services in one place.
|
| | | | | | |
| | | | | |
| | | | | | |
Fixes #5905
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
'threepid_behaviour_email'. (#6104)
Fixes #6103
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If email or msisdn verification aren't supported, let's stop advertising them
for registration.
Fixes #6100.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Pull the checkers out to their own classes, rather than having them lost in a
massive 1000-line class which does everything.
This is also preparation for some more intelligent advertising of flows, as per #6100
|
| |\ \ \ \ \ \ |
|
| | | | | | | | |
|
| |\| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Second part of solving #6076
Fixes #6076
We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.
Fixes #5935
|
| | | | | | | |
| | | | | | |
| | | | | | | |
First part of solving #6076
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away.
This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints.
Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| / / / / / /
| |/ / / / / / |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is.
These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens).
Requires: ~~#5976~~
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Broke in #5971
Basically the bug is that if get_current_state_deltas returns no new updates and we then take the max pos, its possible that we miss an update that happens in between the two calls. (e.g. get_current_state_deltas looks up to stream pos 5, then an event persists and so getting the max stream pos returns 6, meaning that next time we check for things with a stream pos bigger than 6)
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted.
Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140).
Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
|
| | |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Allow use of different ratelimits for admin redactions.
|
