summary refs log tree commit diff
path: root/synapse/handlers (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add typing to SyncHandler (#6821)Erik Johnston2020-02-031-341/+364
| | | | Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* pass room_version into compute_event_signature (#6807)Richard van der Hoff2020-01-311-1/+4
|
* Merge pull request #6820 from matrix-org/rav/get_room_version_idRichard van der Hoff2020-01-314-14/+16
|\ | | | | Make `get_room_version` return a RoomVersion object
| * s/get_room_version/get_room_version_id/Richard van der Hoff2020-01-314-14/+16
| | | | | | | | | | ... to make way for a forthcoming get_room_version which returns a RoomVersion object.
* | Fix bug with getting missing auth event during join 500'ed (#6810)Erik Johnston2020-01-311-1/+5
|/
* pass room version into FederationHandler.on_invite_request (#6805)Richard van der Hoff2020-01-301-3/+3
|
* Resync remote device list when detected as stale. (#6786)Erik Johnston2020-01-302-4/+24
|
* Make /directory/room/<alias> handle restrictive power levelsRichard van der Hoff2020-01-291-1/+6
| | | | | Fixes a bug where the alias would be added, but `PUT /directory/room/<alias>` would return a 403.
* Set the PL for aliases events to 0.Richard van der Hoff2020-01-291-2/+15
|
* Factor out a `copy_power_levels_contents` methodRichard van der Hoff2020-01-291-12/+11
| | | | I'm going to need another copy (hah!) of this.
* Fix bug when querying remote user keys that require a resync. (#6796)Erik Johnston2020-01-291-1/+2
| | | | We ended up only returning a single device, rather than all of them.
* Detect unknown remote devices and mark cache as stale (#6776)Erik Johnston2020-01-282-2/+75
| | | | We just mark the fact that the cache may be stale in the database for now.
* Pass room version object into event_auth.check and check_redaction (#6788)Richard van der Hoff2020-01-282-9/+17
| | | | | | | These are easier to work with than the strings and we normally have one around. This fixes `FederationHander._persist_auth_tree` which was passing a RoomVersion object into event_auth.check instead of a string.
* Add `rooms.room_version` column (#6729)Erik Johnston2020-01-272-35/+82
| | | This is so that we don't have to rely on pulling it out from `current_state_events` table.
* Validate client_secret parameter (#6767)Andrew Morgan2020-01-241-1/+3
|
* Remove unnecessary abstractions in admin handler (#6751)Andrew Morgan2020-01-221-62/+0
|
* Add more logging around message retention policies support (#6717)Brendan Abolivier2020-01-171-0/+13
| | | So we can debug issues like #6683 more easily
* Merge pull request #6714 from matrix-org/babolivier/retention_select_eventBrendan Abolivier2020-01-171-1/+1
|\ | | | | Fix instantiation of message retention purge jobs
| * Fix instantiation of message retention purge jobsBrendan Abolivier2020-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When figuring out which topological token to start a purge job at, we need to do the following: 1. Figure out a timestamp before which events will be purged 2. Select the first stream ordering after that timestamp 3. Select info about the first event after that stream ordering 4. Build a topological token from that info In some situations (e.g. quiet rooms with a short max_lifetime), there might not be an event after the stream ordering at step 3, therefore we abort the purge with the error `No event found`. To mitigate that, this patch fetches the first event _before_ the stream ordering, instead of after.
* | Merge pull request #6724 from matrix-org/rav/log_saml_attributesRichard van der Hoff2020-01-171-1/+12
|\ \ | | | | | | Log saml assertions rather than the whole response
| * | Log saml assertions rather than the whole responseRichard van der Hoff2020-01-161-1/+12
| | | | | | | | | | | | | | | | | | ... since the whole response is huge. We even need to break up the assertions, since kibana otherwise truncates them.
* | | Delegate remote_user_id mapping to the saml mapping provider (#6723)Richard van der Hoff2020-01-171-6/+21
|/ / | | | | Turns out that figuring out a remote user id for the SAML user isn't quite as obvious as it seems. Factor it out to the SamlMappingProvider so that it's easy to control.
* | Add StateMap type alias (#6715)Erik Johnston2020-01-163-28/+31
| |
* | Port synapse.replication.tcp to async/await (#6666)Erik Johnston2020-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | * Port synapse.replication.tcp to async/await * Newsfile * Correctly document type of on_<FOO> functions as async * Don't be overenthusiastic with the asyncing....
* | Add `local_current_membership` table (#6655)Erik Johnston2020-01-156-6/+6
|/ | | | | | | Currently we rely on `current_state_events` to figure out what rooms a user was in and their last membership event in there. However, if the server leaves the room then the table may be cleaned up and that information is lost. So lets add a table that separately holds that information.
* Kill off RegistrationError (#6691)Richard van der Hoff2020-01-131-9/+3
| | | This is pretty pointless. Let's just use SynapseError.
* Don't assign numeric IDs for empty usernames (#6690)Richard van der Hoff2020-01-131-1/+1
| | | | Fix a bug where we would assign a numeric userid if somebody tried registering with an empty username
* Pass client redirect URL into SAML mapping providersRichard van der Hoff2020-01-121-4/+11
|
* Pass the module_api into the SamlMappingProviderRichard van der Hoff2020-01-121-2/+5
| | | | | ... for consistency with other modules, and because we'll need it sooner or later and it will be a pain to introduce later.
* Allow admin users to create or modify users without a shared secret (#6495)Manuel Stahl2020-01-091-0/+9
| | | Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de>
* Correctly proxy remote group HTTP errors. (#6654)Erik Johnston2020-01-071-0/+16
| | | | | e.g. if remote returns a 404 then that shouldn't be treated as an error but should be proxied through.
* Merge pull request #6652 from matrix-org/babolivier/depth_missing_eventsBrendan Abolivier2020-01-071-2/+2
|\ | | | | Fix conditions failing if min_depth = 0
| * Fix conditions failing if min_depth = 0Brendan Abolivier2020-01-071-2/+2
| | | | | | | | This could result in Synapse not fetching prev_events for new events in the room if it has missed some events.
* | Merge pull request #6629 from matrix-org/rav/kill_event_reference_hashesRichard van der Hoff2020-01-062-34/+20
|\ \ | | | | | | Remove a bunch of unused code from event creation
| * | Remove unused hashes and depths from _update_membership paramsRichard van der Hoff2020-01-061-13/+4
| | |
| * | Remove unused hashes and depths from create_event paramsRichard van der Hoff2020-01-062-17/+12
| | |
| * | Remove unused hashes and depths from create_new_client_event paramsRichard van der Hoff2020-01-061-12/+14
| | |
| * | replace get_prev_events_and_hashes_for_room with get_prev_events_for_room in ↵Richard van der Hoff2020-01-061-9/+3
| | | | | | | | | | | | create_new_client_event
| * | rename get_prev_events_for_room to get_prev_events_and_hashes_for_roomRichard van der Hoff2020-01-062-3/+7
| | | | | | | | | | | | ... to make way for a new method which just returns the event ids
* | | Fix some test failures when frozen_dicts are enabled (#6642)Richard van der Hoff2020-01-062-6/+11
| | | | | | | | | | | | Fixes #4026
* | | Fix an error which was thrown by the PresenceHandler _on_shutdown handler. ↵Richard van der Hoff2020-01-061-7/+2
|/ / | | | | | | (#6640)
* / Fix power levels being incorrectly set in old and new rooms after a room ↵Andrew Morgan2020-01-061-7/+10
|/ | | | | | upgrade (#6633) Modify a copy of an upgraded room's PL before sending to the new room
* Merge branch 'master' into developRichard van der Hoff2019-12-201-1/+4
|\
| * Fix exceptions when attempting to backfill (#6576)Richard van der Hoff2019-12-201-1/+4
| | | | | | Fixes #6575
* | Change EventContext to use the Storage class (#6564)Erik Johnston2019-12-205-16/+16
| |
* | Port some admin handlers to async/await (#6559)Erik Johnston2019-12-192-54/+41
| |
* | Add database config class (#6513)Erik Johnston2019-12-181-1/+1
| | | | | | | | | | This encapsulates config for a given database and is the way to get new connections.
* | Merge release-v1.7.1 into developRichard van der Hoff2019-12-182-2/+6
|\|
| * Merge pull request #6553 from matrix-org/babolivier/fix-context-filterBrendan Abolivier2019-12-161-2/+5
| |\ | | | | | | Use the filtered version of an event when responding to /context requests for that event
| | * Incorporate reviewBrendan Abolivier2019-12-161-1/+1
| | |
| | * Use the filtered version of an event when responding to /context requests ↵Brendan Abolivier2019-12-161-1/+4
| | | | | | | | | | | | | | | | | | for that event Sometimes the filtering function can return a pruned version of an event (on top of either the event itself or an empty list), if it thinks the user should be able to see that there's an event there but not the content of that event. Therefore, the previous logic of 'if filtered is empty then we can use the event we retrieved from the database' is flawed, and we should use the event returned by the filtering function.
| * | Exclude rejected state events when calculating state at backwards extrems ↵Richard van der Hoff2019-12-161-1/+1
| | | | | | | | | | | | | | | (#6527) This fixes a weird bug where, if you were determined enough, you could end up with a rejected event forming part of the state at a backwards-extremity. Authing that backwards extrem would then lead to us trying to pull the rejected event from the db (with allow_rejected=False), which would fail with a 404.
| * | Persist auth/state events at backwards extremities when we fetch them (#6526)Richard van der Hoff2019-12-161-163/+80
| | | | | | | | | | | | The main point here is to make sure that the state returned by _get_state_in_room has been authed before we try to use it as state in the room.
| * | sanity-checking for events used in state res (#6531)Richard van der Hoff2019-12-161-0/+1
| | | | | | | | | | | | | | | When we perform state resolution, check that all of the events involved are in the right room.
| * | Check the room_id of events when fetching room state/auth (#6524)Richard van der Hoff2019-12-161-24/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we request the state/auth_events to populate a backwards extremity (on backfill or in the case of missing events in a transaction push), we should check that the returned events are in the right room rather than blindly using them in the room state or auth chain. Given that _get_events_from_store_or_dest takes a room_id, it seems clear that it should be sanity-checking the room_id of the requested events, so let's do it there.
| * | Add `include_event_in_state` to _get_state_for_room (#6521)Richard van der Hoff2019-12-161-18/+21
| | | | | | | | | | | | | | | | | | Make it return the state *after* the requested event, rather than the one before it. This is a bit easier and requires fewer calls to get_events_from_store_or_dest.
| * | Move get_state methods into FederationHandler (#6503)Richard van der Hoff2019-12-161-6/+95
| |/ | | | | | | | | This is a non-functional refactor as a precursor to some other work.
* | Remove unused `get_pagination_rows` methods. (#6557)Erik Johnston2019-12-173-18/+0
| | | | | | Remove unused get_pagination_rows methods
* | Add option to allow profile queries without sharing a room (#6523)Will Hunt2019-12-161-1/+5
| |
* | Exclude rejected state events when calculating state at backwards extrems ↵Richard van der Hoff2019-12-161-1/+1
| | | | | | | | | | (#6527) This fixes a weird bug where, if you were determined enough, you could end up with a rejected event forming part of the state at a backwards-extremity. Authing that backwards extrem would then lead to us trying to pull the rejected event from the db (with allow_rejected=False), which would fail with a 404.
* | Persist auth/state events at backwards extremities when we fetch them (#6526)Richard van der Hoff2019-12-161-167/+80
| | | | | | The main point here is to make sure that the state returned by _get_state_in_room has been authed before we try to use it as state in the room.
* | sanity-checking for events used in state res (#6531)Richard van der Hoff2019-12-131-0/+1
| | | | | | | | | | | | | | When we perform state resolution, check that all of the events involved are in the right room.
* | Merge pull request #6496 from matrix-org/erikj/initial_sync_asnycErik Johnston2019-12-131-52/+44
|\ \ | | | | | | Port synapse.handlers.initial_sync to async/await
| * \ Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-12-118-236/+452
| |\ \ | | | | | | | | | | | | erikj/initial_sync_asnyc
| * | | Port synapse.handlers.initial_sync to async/awaitErik Johnston2019-12-091-52/+44
| | | |
* | | | look up cross-signing keys from the DB in bulk (#6486)Hubert Chathi2019-12-121-8/+27
| | | |
* | | | Check the room_id of events when fetching room state/auth (#6524)Richard van der Hoff2019-12-121-23/+51
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | When we request the state/auth_events to populate a backwards extremity (on backfill or in the case of missing events in a transaction push), we should check that the returned events are in the right room rather than blindly using them in the room state or auth chain. Given that _get_events_from_store_or_dest takes a room_id, it seems clear that it should be sanity-checking the room_id of the requested events, so let's do it there.
* | | Add `include_event_in_state` to _get_state_for_room (#6521)Richard van der Hoff2019-12-111-22/+28
| | | | | | | | | | | | | | | Make it return the state *after* the requested event, rather than the one before it. This is a bit easier and requires fewer calls to get_events_from_store_or_dest.
* | | Merge pull request #6517 from matrix-org/rav/event_auth/13Richard van der Hoff2019-12-112-98/+88
|\ \ \ | | | | | | | | Port some of FederationHandler to async/await
| * | | convert to async: FederationHandler._process_received_pduRichard van der Hoff2019-12-111-11/+10
| | | | | | | | | | | | | | | | also fix user_joined_room to consistently return deferreds
| * | | convert to async: FederationHandler._get_state_for_roomRichard van der Hoff2019-12-111-21/+21
| | | | | | | | | | | | | | | | ... and _get_events_from_store_or_dest
| * | | convert to async: FederationHandler.on_receive_pduRichard van der Hoff2019-12-111-27/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | and associated functions: * on_receive_pdu * handle_queued_pdus * get_missing_events_for_pdu
| * | | Convert federation backfill to asyncRichard van der Hoff2019-12-112-39/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PaginationHandler.get_messages is only called by RoomMessageListRestServlet, which is async. Chase the code path down from there: - FederationHandler.maybe_backfill (and nested try_backfill) - FederationHandler.backfill
* | | | Merge pull request #6504 from matrix-org/erikj/account_validity_async_awaitErik Johnston2019-12-112-55/+45
|\ \ \ \ | |/ / / |/| | | Port handlers.account_validity to async/await.
| * | | Port handlers.account_validity to async/await.Erik Johnston2019-12-102-47/+41
| | | |
| * | | Port handlers.account_data to async/await.Erik Johnston2019-12-101-9/+5
| | |/ | |/|
* | | Clean up some logging (#6515)Richard van der Hoff2019-12-111-18/+19
| | | | | | | | | | | | This just makes some of the logging easier to follow when things start going wrong.
* | | Prevent redacted events from appearing in message search (#6377)Andrew Morgan2019-12-112-4/+8
| | |
* | | Prevent message search in upgraded rooms we're not in (#6385)Andrew Morgan2019-12-112-11/+27
| | |
* | | Move get_state methods into FederationHandler (#6503)Richard van der Hoff2019-12-101-6/+95
| | | | | | | | | | | | | | | This is a non-functional refactor as a precursor to some other work.
* | | Allow SAML username provider plugins (#6411)Andrew Morgan2019-12-101-28/+170
| | |
* | | Merge pull request #6506 from matrix-org/erikj/remove_snapshot_cacheErik Johnston2019-12-101-11/+8
|\ \ \ | |/ / |/| / | |/ Remove SnapshotCache in favour of ResponseCache
| * Remove SnapshotCache in favour of ResponseCacheErik Johnston2019-12-091-11/+8
| |
* | Back out perf regression from get_cross_signing_keys_from_cache. (#6494)Neil Johnson2019-12-091-30/+8
|/ | | Back out cross-signing code added in Synapse 1.5.0, which caused a performance regression.
* Merge pull request #6493 from matrix-org/erikj/invite_state_configErik Johnston2019-12-091-1/+3
|\ | | | | Pull out room_invite_state_types config option once.
| * Pull out room_invite_state_types config option once.Erik Johnston2019-12-091-1/+3
| | | | | | | | Pulling things out of config is currently surprisingly expensive.
* | Merge pull request #6484 from matrix-org/erikj/port_sync_handlerErik Johnston2019-12-093-152/+131
|\ \ | |/ |/| Port SyncHandler to async/await
| * Fixup functions to consistently return deferredsErik Johnston2019-12-062-4/+4
| |
| * Port SyncHandler to async/awaitErik Johnston2019-12-052-151/+130
| |
* | Replace /admin/v1/users_paginate endpoint with /admin/v2/users (#5925)Manuel Stahl2019-12-051-9/+12
|/
* Stronger typing in the federation handler (#6480)Richard van der Hoff2019-12-051-24/+57
| | | | | replace the event_info dict with an attrs thing
* Sanity-check the rooms of auth events before pulling them in. (#6472)Richard van der Hoff2019-12-051-9/+25
|
* get rid of (most of) have_events from ↵Richard van der Hoff2019-12-041-38/+24
| | | | | | | | | | | | | _update_auth_events_and_context_for_auth (#6468) have_events was a map from event_id to rejection reason (or None) for events which are in our local database. It was used as filter on the list of event_ids being passed into get_events_as_list. However, since get_events_as_list will ignore any event_ids that are unknown or rejected, we can equivalently just leave it to get_events_as_list to do the filtering. That means that we don't have to keep `have_events` up-to-date, and can use `have_seen_events` instead of `get_seen_events_with_rejection` in the one place we do need it.
* Merge pull request #6441 from syamgk/fix-parameter-mismatchErik Johnston2019-12-041-1/+1
|\ | | | | Fix issue #6406 parameter mismatch
| * Issue #6406 Fix parameter mismatchSyam G Krishnan2019-12-041-1/+1
| | | | | | | | Signed-off-by: Syam G Krishnan <syamgk01@gmail.com>
* | Merge pull request #6329 from matrix-org/babolivier/context_filtersBrendan Abolivier2019-12-041-2/+12
|\ \ | | | | | | Filter state, events_before and events_after in /context requests
| * \ Merge branch 'develop' into babolivier/context_filtersBrendan Abolivier2019-12-0414-192/+395
| |\ \
| * | | Incorporate reviewBrendan Abolivier2019-12-041-2/+1
| | | |
| * | | Also filter state eventsBrendan Abolivier2019-11-061-1/+7
| | | |
| * | | Only filter if a filter was providedBrendan Abolivier2019-11-051-4/+6
| | | |
| * | | Update copyrightBrendan Abolivier2019-11-051-1/+2
| | | |
| * | | Filter events_before and events_after in /context requestsBrendan Abolivier2019-11-051-2/+4
| | | | | | | | | | | | | | | | While the current version of the spec doesn't say much about how this endpoint uses filters (see https://github.com/matrix-org/matrix-doc/issues/2338), the current implementation is that some fields of an EventFilter apply (the ones that are used when running the SQL query) and others don't (the ones that are used by the filter itself) because we don't call event_filter.filter(...). This seems counter-intuitive and probably not what we want so this commit fixes it.
* | | | Add ephemeral messages support (MSC2228) (#6409)Brendan Abolivier2019-12-032-1/+130
| |/ / |/| | | | | | | | | | | | | | | | | | | | Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are: * the feature is hidden behind a configuration flag (`enable_ephemeral_messages`) * self-destruction doesn't happen for state events * only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one) * doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
* | | Transfer power level state events on room upgrade (#6237)Andrew Morgan2019-12-021-5/+31
| |/ |/|
* | Merge pull request #6434 from matrix-org/erikj/msc2367_membership_reasonsErik Johnston2019-11-293-7/+15
|\ \ | | | | | | Implement MSC 2367 - Membership Reasons
| * | Propagate reason in remotely rejected invitesErik Johnston2019-11-283-7/+15
| | |
* | | Discard retention policies when retrieving stateBrendan Abolivier2019-11-281-1/+1
|/ / | | | | | | | | | | | | | | Purge jobs don't delete the latest event in a room in order to keep the forward extremity and not break the room. On the other hand, get_state_events, when given an at_token argument calls filter_events_for_client to know if the user can see the event that matches that (sync) token. That function uses the retention policies of the events it's given to filter out those that are too old from a client's view. Some clients, such as Riot, when loading a room, request the list of members for the latest sync token it knows about, and get confused to the point of refusing to send any message if the server tells it that it can't get that information. This can happen very easily with the message retention feature turned on and a room with low activity so that the last event sent becomes too old according to the room's retention policy. An easy and clean fix for that issue is to discard the room's retention policies when retrieving state.
* | Remove local threepids on account deactivation (#6426)Andrew Morgan2019-11-281-0/+3
| |
* | add etag and count to key backup endpoints (#5858)Hubert Chathi2019-11-271-50/+80
| |
* | Merge pull request #6358 from matrix-org/babolivier/message_retentionBrendan Abolivier2019-11-273-4/+110
|\ \ | | | | | | Implement message retention policies (MSC1763)
| * \ Merge branch 'develop' into babolivier/message_retentionBrendan Abolivier2019-11-269-88/+111
| |\ \
| * | | Fix 3PID invite exchangeBrendan Abolivier2019-11-191-1/+1
| | | |
| * | | LintBrendan Abolivier2019-11-191-11/+6
| | | |
| * | | Implement per-room message retention policiesBrendan Abolivier2019-11-043-3/+114
| | |/ | |/|
* | | Merge pull request #6343 from matrix-org/rav/event_auth/4Richard van der Hoff2019-11-261-37/+44
|\ \ \ | |_|/ |/| | Refactor _update_auth_events_and_context_for_auth
| * | remove confusing fixmeRichard van der Hoff2019-11-261-6/+0
| | |
| * | Merge remote-tracking branch 'origin/develop' into rav/event_auth/4Richard van der Hoff2019-11-186-11/+11
| |\ \
| * | | Use get_events_as_list rather than lots of calls to get_eventRichard van der Hoff2019-11-081-16/+8
| | | | | | | | | | | | | | | | It's more efficient and clearer.
| * | | Update some docstrings and commentsRichard van der Hoff2019-11-081-8/+31
| | | |
| * | | Simplify _update_auth_events_and_context_for_authRichard van der Hoff2019-11-081-11/+9
| | | | | | | | | | | | | | | | | | | | move event_key calculation into _update_context_for_auth_events, since it's only used there.
* | | | Merge pull request #6332 from matrix-org/erikj/query_devices_fixErik Johnston2019-11-261-3/+16
|\ \ \ \ | | | | | | | | | | Fix caching devices for remote servers in worker.
| * | | | Fix caching devices for remote servers in worker.Erik Johnston2019-11-051-3/+16
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | When the `/keys/query` API is hit on client_reader worker Synapse may decide that it needs to resync some remote deivces. Usually this happens on master, and then gets cached. However, that fails on workers and so it falls back to fetching devices from remotes directly, which may in turn fail if the remote is down.
* | | | Clean up newline quote marks around the codebase (#6362)Andrew Morgan2019-11-211-1/+1
| | | |
* | | | Merge pull request #6335 from matrix-org/erikj/rc_login_cleanupsBrendan Abolivier2019-11-201-53/+31
|\ \ \ \ | |_|_|/ |/| | | Only do `rc_login` ratelimiting on succesful login.
| * | | Apply suggestions from code reviewErik Johnston2019-11-181-2/+2
| | | | | | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-Authored-By: Brendan Abolivier <babolivier@matrix.org>
| * | | Add failed auth ratelimiting to UIAErik Johnston2019-11-061-1/+32
| | | |
| * | | Only do `rc_login` ratelimiting on succesful login.Erik Johnston2019-11-061-54/+1
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were doing this in a number of places which meant that some login code paths incremented the counter multiple times. It was also applying ratelimiting to UIA endpoints, which was probably not intentional. In particular, some custom auth modules were calling `check_user_exists`, which incremented the counters, meaning that people would fail to login sometimes.
* | / Replace instance variations of homeserver with correct case/spacingAndrew Morgan2019-11-126-11/+11
| |/ |/|
* | Merge pull request #6295 from matrix-org/erikj/split_purge_historyErik Johnston2019-11-081-2/+4
|\ \ | | | | | | Split purge API into events vs state and add PurgeEventsStorage
| * | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-11-0416-144/+357
| |\| | | | | | | | | | erikj/split_purge_history
| * | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-10-3115-69/+95
| |\ \ | | | | | | | | | | | | erikj/split_purge_history
| * | | Split purge API into events vs stateErik Johnston2019-10-301-2/+5
| | | |
* | | | Merge pull request #6235 from matrix-org/anoa/room_upgrade_groupsAndrew Morgan2019-11-071-0/+9
|\ \ \ \
| * | | | Re-add docstring, with caveats detailedAndrew Morgan2019-11-041-1/+1
| | | | |
| * | | | Transfer upgraded rooms on groupsAndrew Morgan2019-11-041-0/+9
| | |_|/ | |/| |
* | | | raise exception after multiple failuresAndrew Morgan2019-11-061-3/+10
| | | |
* | | | Address review commentsAndrew Morgan2019-11-061-12/+12
| | | |
* | | | Don't forget to ratelimit calls outside of RegistrationHandlerAndrew Morgan2019-11-061-2/+2
| | | |
* | | | Numeric ID checker now checks @0, don't ratelimit on checkingAndrew Morgan2019-11-061-16/+25
| | | |
* | | | Fix bug which caused rejected events to be stored with the wrong room state ↵Richard van der Hoff2019-11-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#6320) Fixes a bug where rejected events were persisted with the wrong state group. Also fixes an occasional internal-server-error when receiving events over federation which are rejected and (possibly because they are backwards-extremities) have no prev_group. Fixes #6289.
* | | | Add some checks that we aren't using state from rejected events (#6330)Richard van der Hoff2019-11-051-1/+5
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Raise an exception if accessing state for rejected events Add some sanity checks on accessing state_group etc for rejected events. * Skip calculating push actions for rejected events It didn't actually cause any bugs, because rejected events get filtered out at various later points, but there's not point in trying to calculate the push actions for a rejected event.
* | | Factor out an _AsyncEventContextImpl (#6298)Richard van der Hoff2019-11-011-19/+19
| | | | | | | | | | | | | | | | | | The intention here is to make it clearer which fields we can expect to be populated when: notably, that the _event_type etc aren't used for the synchronous impl of EventContext.
* | | Support for routing outbound HTTP requests via a proxy (#6239)Richard van der Hoff2019-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
* | | Remove last usages of deprecated logging.warn method (#6314)Andrew Morgan2019-11-011-1/+1
| | |
* | | Depublish a room from the public rooms list when it is upgraded (#6232)Andrew Morgan2019-11-013-29/+90
| | |
* | | Merge branch 'develop' into cross-signing_federationHubert Chathi2019-10-3121-153/+202
|\ \ \
| * | | Update black to 19.10b0 (#6304)Amber Brown2019-11-0113-84/+106
| | |/ | |/| | | | * update version of black and also fix the mypy config being overridden
| * | Merge pull request #6294 from matrix-org/erikj/add_state_storageErik Johnston2019-10-3110-40/+63
| |\ \ | | | | | | | | Add StateGroupStorage interface
| | * | Port to use state storageErik Johnston2019-10-3010-40/+63
| | |/
| * / Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-319-29/+33
| |/ | | | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* | Merge branch 'develop' into cross-signing_federationHubert Chathi2019-10-305-39/+43
|\|
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-10-304-37/+39
| |\ | | | | | | | | | erikj/split_out_persistence_store
| | * Fix log line that was printing undefined value (#6278)Andrew Morgan2019-10-301-1/+1
| | |
| | * Port receipt and read markers to async/waitErik Johnston2019-10-292-33/+17
| | |
| | * Improve signature checking on some federation APIs (#6262)Richard van der Hoff2019-10-281-2/+18
| | | | | | | | | | | | | | | Make sure that we check that events sent over /send_join, /send_leave, and /invite, are correctly signed and come from the expected servers.
| | * Remove repeated calls to config.stats_enabled.Erik Johnston2019-10-251-1/+3
| | | | | | | | | | | | | | | Turns out that fetching variables from the config object is expensive, so doing it once at startup avoids unnecessary work.
| * | Use new EventPersistenceStoreErik Johnston2019-10-232-2/+4
| |/
* | blackHubert Chathi2019-10-301-1/+3
| |
* | apply changes as a result of PR reviewHubert Chathi2019-10-301-12/+10
| |
* | don't error if federation query doesn't have cross-signing keysHubert Chathi2019-10-241-7/+9
| |
* | blackHubert Chathi2019-10-221-1/+2
| |
* | vendor-prefix the EDU name until MSC1756 is merged into the specHubert Chathi2019-10-221-1/+2
| |
* | update to work with newer code, and fix formattingHubert Chathi2019-10-222-5/+6
| |
* | add missing paramHubert Chathi2019-10-221-1/+1
| |
* | make black happyHubert Chathi2019-10-221-5/+7
| |
* | implement federation parts of cross-signingHubert Chathi2019-10-222-3/+126
|/
* Merge pull request #5726 from matrix-org/uhoreg/e2e_cross-signing2-part2Hubert Chathi2019-10-221-1/+390
|\ | | | | Cross-signing [3/4] -- uploading signatures edition
| * Merge branch 'develop' into cross-signing_sig_uploadHubert Chathi2019-10-1818-851/+1390
| |\
| * | fix doc stringsHubert Chathi2019-10-181-9/+13
| | |
| * | make isort happyHubert Chathi2019-09-241-1/+0
| | |
| * | add some commentsHubert Chathi2019-09-241-2/+10
| | |
| * | drop some logger lines to debugHubert Chathi2019-09-241-3/+3
| | |
| * | make changes based on PR feedbackHubert Chathi2019-09-241-107/+159
| | |
| * | add function docsHubert Chathi2019-09-071-2/+24
| | |
| * | Merge branch 'develop' into cross-signing_sig_uploadHubert Chathi2019-09-075-114/+280
| |\ \
| * | | run blackHubert Chathi2019-09-061-24/+10
| | | |
| * | | split out signature processing into separate functionsHubert Chathi2019-09-061-195/+204
| | | |
| * | | avoid modifying input parameterHubert Chathi2019-09-051-7/+7
| | | |
| * | | update with newer coding styleHubert Chathi2019-09-041-1/+1
| | | |
| * | | make black happyHubert Chathi2019-09-041-78/+69
| | | |
| * | | allow uploading signatures of master key signed by devicesHubert Chathi2019-09-041-82/+150
| | | |
| * | | implement device signature uploading/fetchingHubert Chathi2019-09-041-0/+250
| | | |
* | | | Remove Auth.check method (#6217)Richard van der Hoff2019-10-181-3/+4
| |_|/ |/| | | | | This method was somewhat redundant, and confusing.
* | | Merge branch 'uhoreg/e2e_cross-signing_merged' into developHubert Chathi2019-10-183-6/+216
|\ \ \
| * \ \ Merge branch 'develop' into uhoreg/e2e_cross-signing_mergedHubert Chathi2019-10-1818-746/+1387
| |\ \ \
| * \ \ \ Merge branch 'develop' into uhoreg/e2e_cross-signing_mergedHubert Chathi2019-09-075-114/+280
| |\ \ \ \ | | |_|/ / | |/| | / | | | |/ | | |/|
| * | | Merge branch 'develop' into cross-signing_keysHubert Chathi2019-09-0417-485/+228
| |\ \ \
| * \ \ \ Merge branch 'uhoreg/e2e_cross-signing_merged' into cross-signing_keysHubert Chathi2019-08-2816-65/+412
| |\ \ \ \
| * | | | | blackHubert Chathi2019-08-281-3/+1
| | | | | |
| * | | | | use stream ID generator instead of timestampHubert Chathi2019-08-281-4/+3
| | | | | |
| * | | | | make isort happyHubert Chathi2019-08-211-1/+0
| | | | | |
| * | | | | apply PR review suggestionsHubert Chathi2019-08-211-42/+34
| | | | | |
| * | | | | make changes from PR reviewHubert Chathi2019-08-011-6/+18
| | | | | |
| * | | | | Merge branch 'cross-signing_hidden' into cross-signing_keysHubert Chathi2019-08-0132-462/+638
| |\ \ \ \ \
| * | | | | | allow uploading keys for cross-signingHubert Chathi2019-07-253-6/+216
| | | | | | |
* | | | | | | Merge remote-tracking branch 'origin/develop' into rav/event_auth/1Richard van der Hoff2019-10-181-4/+9
|\ \ \ \ \ \ \ | | |_|_|_|_|/ | |/| | | | |
| * | | | | | Fix presence timeouts when synchrotron restarts. (#6212)Erik Johnston2019-10-181-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix presence timeouts when synchrotron restarts. Handling timeouts would fail if there was an external process that had timed out, e.g. a synchrotron restarting. This was due to a couple of variable name typoes. Fixes #3715.
* | | | | | | Merge remote-tracking branch 'origin/develop' into rav/event_auth/1Richard van der Hoff2019-10-182-10/+4
|\| | | | | |
| * | | | | | Merge pull request #6193 from matrix-org/uhoreg/interpret_device_key_in_storageHubert Chathi2019-10-111-8/+2
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | make storage layer in charge of interpreting the device key data
| | * | | | | | make sure we actually return somethingHubert Chathi2019-10-101-0/+5
| | | | | | | |
| | * | | | | | make storage layer in charge of interpreting the device key dataHubert Chathi2019-10-101-11/+0
| | | | | | | |
| * | | | | | | Merge pull request #6189 from matrix-org/uhoreg/e2e_backup_optional_versionHubert Chathi2019-10-111-2/+2
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | make version optional in body of e2e backup version update
| | * | | | | | | make version optional in body of e2e backup version updateHubert Chathi2019-10-091-2/+2
| | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | to agree with latest version of the MSC
* | / / / / / / rip out some unreachable codeRichard van der Hoff2019-10-171-102/+0
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | The only possible rejection reason is AUTH_ERROR, so all of this is unreachable.
* | | | | | | Add domain validation when creating room with list of invitees (#6121)werner2912019-10-101-1/+3
| | | | | | |
* | | | | | | Fix races in room stats (and other) updates. (#6187)Richard van der Hoff2019-10-103-14/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hopefully this will fix the occasional failures we were seeing in the room directory. The problem was that events are not necessarily persisted (and `current_state_delta_stream` updated) in the same order as their stream_id. So for instance current_state_delta 9 might be persisted *before* current_state_delta 8. Then, when the room stats saw stream_id 9, it assumed it had done everything up to 9, and never came back to do stream_id 8. We can solve this easily by only processing up to the stream_id where we know all events have been persisted.
* | | | | | | Move tag/push rules room upgrade checking ealier (#6155)Andrew Morgan2019-10-101-18/+44
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | It turns out that _local_membership_update doesn't run when you join a new, remote room. It only runs if you're joining a room that your server already knows about. This would explain #4703 and #5295 and why the transfer would work in testing and some rooms, but not others. This would especially hit single-user homeservers. The check has been moved to right after the room has been joined, and works much more reliably. (Though it may still be a bit awkward of a place).
* | | | | | Remove unused public room list timeout param (#6179)Andrew Morgan2019-10-081-12/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove unused public room list timeout param * Add changelog
* | | | | | Merge pull request #6161 from matrix-org/erikj/dont_regen_user_id_on_failureErik Johnston2019-10-071-6/+4
|\ \ \ \ \ \ | | | | | | | | | | | | | | Don't regenerate numeric user ID if registration fails.
| * | | | | | Remove unused variableErik Johnston2019-10-031-2/+0
| | | | | | |
| * | | | | | Don't regenerate numeric user ID if registration fails.Erik Johnston2019-10-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This causes huge amounts of DB IO if registrations start to fail e.g. because the DB is struggling with IO.
* | | | | | | add some logging to the rooms stats updates, to try to track down a flaky ↵Richard van der Hoff2019-10-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | test (#6167)
* | | | | | | Merge pull request #6147 from matrix-org/babolivier/3pid-invite-revokedBrendan Abolivier2019-10-041-2/+7
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Don't 500 when trying to exchange a revoked 3PID invite
| * | | | | | TypoBrendan Abolivier2019-10-041-1/+1
| | | | | | |
| * | | | | | LintBrendan Abolivier2019-10-041-3/+1
| | | | | | |
| * | | | | | Incorporate reviewBrendan Abolivier2019-10-041-14/+8
| | | | | | |
| * | | | | | Add test caseBrendan Abolivier2019-10-031-1/+1
| | | | | | |
| * | | | | | LintBrendan Abolivier2019-10-021-1/+3
| | | | | | |
| * | | | | | Don't 500 code when trying to exchange a revoked 3PID inviteBrendan Abolivier2019-10-021-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While this is not documented in the spec (but should be), Riot (and other clients) revoke 3PID invites by sending a m.room.third_party_invite event with an empty ({}) content to the room's state. When the invited 3PID gets associated with a MXID, the identity server (which doesn't know about revocations) sends down to the MXID's homeserver all of the undelivered invites it has for this 3PID. The homeserver then tries to talk to the inviting homeserver in order to exchange these invite for m.room.member events. When one of the invite is revoked, the inviting homeserver responds with a 500 error because it tries to extract a 'display_name' property from the content, which is empty. This might cause the invited server to consider that the server is down and not try to exchange other, valid invites (or at least delay it). This fix handles the case of revoked invites by avoiding trying to fetch a 'display_name' from the original invite's content, and letting the m.room.member event fail the auth rules (because, since the original invite's content is empty, it doesn't have public keys), which results in sending a 403 with the correct error message to the invited server.
* | | | | | | Fix public room list pagination.Erik Johnston2019-10-021-10/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We incorrectly used `room_id` as to bound the result set, even though we order by `joined_members, room_id`, leading to incorrect results after pagination.
* | | | | | | Land improved room list based on room stats (#6019)Erik Johnston2019-10-021-234/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use room_stats and room_state for room directory search
* | | | | | | Fix yields and copy instead of move push rules on room upgrade (#6144)Andrew Morgan2019-10-021-2/+2
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy push rules during a room upgrade from the old room to the new room, instead of deleting them from the old room. For instance, we've defined upgrading of a room multiple times to be possible, and push rules won't be transferred on the second upgrade if they're deleted during the first. Also fix some missing yields that probably broke things quite a bit.
* | | | | | Incorporate reviewBrendan Abolivier2019-09-271-4/+2
| | | | | |
* | | | | | Update synapse/handlers/deactivate_account.pyBrendan Abolivier2019-09-271-1/+3
| | | | | | | | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | | | Update synapse/handlers/deactivate_account.pyBrendan Abolivier2019-09-271-1/+1
| | | | | | | | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | | | | | LintBrendan Abolivier2019-09-271-3/+1
| | | | | |
* | | | | | Fixup and add some loggingBrendan Abolivier2019-09-271-1/+9
| | | | | |
* | | | | | Reject pending invites on deactivationBrendan Abolivier2019-09-271-0/+31
| | | | | |
* | | | | | Move lookup-related functions from RoomMemberHandler to IdentityHandler (#5978)Andrew Morgan2019-09-272-364/+359
| | | | | | | | | | | | | | | | | | Just to have all the methods that make calls to identity services in one place.
* | | | | | Fix dummy event insertion consent bug (#6053)Neil Johnson2019-09-261-27/+72
| | | | | | | | | | | | | | | | | | Fixes #5905
* | | | | | Threepid validity checks on msisdns should not be dependent on ↵Neil Johnson2019-09-251-29/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'threepid_behaviour_email'. (#6104) Fixes #6103
* | | | | | Stop advertising unsupported flows for registration (#6107)Richard van der Hoff2019-09-252-1/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If email or msisdn verification aren't supported, let's stop advertising them for registration. Fixes #6100.
* | | | | | Refactor the user-interactive auth handling (#6105)Richard van der Hoff2019-09-253-131/+248
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull the checkers out to their own classes, rather than having them lost in a massive 1000-line class which does everything. This is also preparation for some more intelligent advertising of flows, as per #6100
* | | | | | Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-241-0/+10
|\ \ \ \ \ \
| * | | | | | Add sid to next_link for email validation (#6097)J. Ryan Stinnett2019-09-241-0/+10
| | | | | | |
* | | | | | | Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_workRichard van der Hoff2019-09-243-82/+192
|\| | | | | |
| * | | | | | Add submit_url response parameter to msisdn /requestToken (#6079)Andrew Morgan2019-09-231-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Second part of solving #6076 Fixes #6076 We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
| * | | | | | Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-232-4/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
| * | | | | | Add POST submit_token endpoint for MSISDN (#6078)Andrew Morgan2019-09-231-0/+34
| | | | | | | | | | | | | | | | | | | | | First part of solving #6076
| * | | | | | Implement MSC2290 (#6043)Andrew Morgan2019-09-232-52/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away. This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints. Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
| * | | | | | Return timeout error to user for identity server calls (#6073)Andrew Morgan2019-09-232-11/+37
| | | | | | |
| * | | | | | Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-201-14/+3
| | | | | | |
* | | | | | | Merge commit '33757bad1' into rav/saml_mapping_workRichard van der Hoff2019-09-201-1/+2
|\ \ \ \ \ \ \
| * | | | | | | More better loggingRichard van der Hoff2019-09-201-1/+2
| | | | | | | |
* | | | | | | | Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-1926-571/+1051
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| / / / / / / | |/ / / / / /
| * | | | | | v2 3PID Invites (part of MSC2140) (#5979)Andrew Morgan2019-09-171-23/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is. These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens). Requires: ~~#5976~~
| * | | | | | Fix race condition in room stats. (#6029)Erik Johnston2019-09-171-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Broke in #5971 Basically the bug is that if get_current_state_deltas returns no new updates and we then take the max pos, its possible that we miss an update that happens in between the two calls. (e.g. get_current_state_deltas looks up to stream pos 5, then an event persists and so getting the max stream pos returns 6, meaning that next time we check for things with a stream pos bigger than 6)
| * | | | | | Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) (#5976)Andrew Morgan2019-09-113-35/+203
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted. Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
| * | | | | | Merge pull request #6015 from matrix-org/erikj/ratelimit_admin_redactionErik Johnston2019-09-112-12/+53
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | Allow use of different ratelimits for admin redactions.
| | * | | | | | Fix commentsErik Johnston2019-09-112-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>