| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| |
|
|
|
|
|
| |
Fixes #9778
ACME v1 has been fully decommissioned for existing installs on June 1st 2021(see https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27), so we can now safely remove it from Synapse.
|
|
|
| |
Fixes #8518 by telling the ResponseCache not to cache the /sync response if the next_batch param is the same as the since token.
|
|
|
| |
Instead of parsing the full response to `/send_join` into Python objects (which can be huge for large rooms) and *then* parsing that into events, we instead use ijson to stream parse the response directly into `EventBase` objects.
|
|\ |
|
| |
| |
| | |
c.f. #9936
|
|\| |
|
| |
| |
| | |
Fixes #9936
|
|/
|
|
|
| |
This will double count slightly in the presence of interned strings. It's off by default as it can consume a lot of resources.
|
|
|
| |
I went through and removed a bunch of cruft that was lying around for compatibility with old Python versions. This PR also will now prevent Synapse from starting unless you're running Python 3.6+.
|
|
|
|
|
|
|
|
|
|
|
| |
If you have the wrong version of `cryptography` installed, synapse suggests:
```
To install run:
pip install --upgrade --force 'cryptography>=3.4.7;python_version>='3.6''
```
However, the use of ' inside '...' doesn't work, so when you run this, you get
an error.
|
|
|
|
| |
cryptography (#9697)
|
|
|
|
| |
This confused me for a while.
|
|
|
|
| |
* Adds proper dependencies.
* Minor fixes in database layer.
|
|
|
| |
As we use `execute_values` with the `fetch` parameter.
|
|
|
| |
This pins pysaml2 to < 6.4.0 on Python 3.5, as the last known working version.
|
|
|
|
|
|
|
| |
This removes the version pin of the `prometheus_client` dependency, in direct response to #8831. If merged, this will close #8831
As far as I can tell, no other changes are needed, but as I'm no synapse expert, I'm relying heavily on CI and maintainer reviews for this. My very primitive test of synapse with prometheus_client v0.9.0 on my home server didn't bring up any issues, so we'll see what happens.
Signed-off-by: Jordan Bancino
|
|
|
| |
Short-term fix for https://github.com/matrix-org/synapse/issues/8766.
|
|
|
|
| |
Drop compatibility hacks for prometheus-client pre 0.4.0. Debian stretch and
Fedora 31 both have newer versions, so hopefully this will be ok.
|
|
|
| |
moves non-runtime dependencies out of synapse.python_dependencies (test and lint)
|
|
|
|
|
| |
Lint dependencies can now be installed with pip install -e ".[lint]"
This should help keep the version in sync between tox and documentation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The version 1.3.0 has a bug with unicode charecters:
```
>>> from canonicaljson import encode_pretty_printed_json
>>> encode_pretty_printed_json({'a': 'à'})
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/erdnaxeli/.pyenv/versions/3.6.7/lib/python3.6/site-packages/canonicaljson.py", line 96, in encode_pretty_printed_json
return _pretty_encoder.encode(json_object).encode("ascii")
UnicodeEncodeError: 'ascii' codec can't encode character '\xe0' in position 12: ordinal not in range(128)
```
Signed-off-by: Alexandre Morignot <erdnaxeli@cervoi.se>
Co-authored-by: Alexandre Morignot <erdnaxeli@cervoi.se>
|
| |
|
|
|
| |
This is due to compatibility issues with old Python versions.
|
|
|
|
|
|
| |
This fixes a bug where having multiple callers waiting on the same
stream and position will cause it to try and compare two deferreds,
which fails (due to the sorted list having an entry of `Tuple[int,
Deferred]`).
|
| |
|
|
|
| |
Fixes https://github.com/matrix-org/synapse/issues/6583
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has long been something I've wanted to do. Basically the `Daemonize` code
is both too flexible and not flexible enough, in that it offers a bunch of
features that we don't use (changing UID, closing FDs in the child, logging to
syslog) and doesn't offer a bunch that we could do with (redirecting stdout/err
to a file instead of /dev/null; having the parent not exit until the child is
running).
As a first step, I've lifted the Daemonize code and removed the bits we don't
use. This should be a non-functional change. Fixing everything else will come
later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes https://github.com/matrix-org/synapse/issues/7641
The package was pinned to <0.8.0 without an obvious reasoning with
7ad1d7635
in https://github.com/matrix-org/synapse/pull/5636
while the version selection looks to just try to exclude an arbitrary
next minor version number that might introduce API breaking changes.
Selecting the next minor number might be a good conservative selection.
Downstream distributions already reported success patching out the version
requirements.
This also fixes the integration of upgraded packages into openSUSE packages,
e.g. for openSUSE Tumbleweed which already ships prometheus_client >= 0.8 .
Signed-off-by: Oliver Kurz <okurz@suse.de>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
Older versions of `parameterized` package have no `parameterized_class` decorator. This decorator is used in tests.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This ended up being a bit more invasive than I'd hoped for (not helped by
generic_worker duplicating some of the code from homeserver), but hopefully
it's an improvement.
The idea is that, rather than storing unstructured `dict`s in the config for
the listener configurations, we instead parse it into a structured
`ListenerConfig` object.
|
| |
|
|
|
|
|
| |
For the record, the reason we need this is as follows:
each RDATA command comes down the redis pipe as a subscription message. txredisapi as written needs at least three reactor ticks to read each subscription message from the tcp buffer. Hence, once the process gets loaded, it starts getting behind, and eventually redis knifes the connection. it then takes ages for the master to work its way through the backlog, before it reconnects again, during which any commands from any workers are dropped.
|
|
|
| |
This is configured via the `redis` config options.
|
|
|
|
|
|
|
|
|
|
| |
* Bump signedjson to 1.1
... so that we can use the type definitions
* Fix breakage caused by upgrade to signedjson 1.1
Thanks, @illicitonion...
|
|
|
| |
* remove psutil and replace with resource
|
|
|
|
|
|
| |
* type checking fixes
* changelog
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
... to save OSes which don't use it from having to maintain a port.
Fixes #5865.
|
|
|
|
| |
Fixes #5676.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Configure and initialise tracer
Includes config options for the tracer and sets up JaegerClient.
* Scope manager using LogContexts
We piggy-back our tracer scopes by using log context.
The current log context gives us the current scope. If new scope is
created we create a stack of scopes in the context.
* jaeger is a dependency now
* Carrier inject and extraction for Twisted Headers
* Trace federation requests on the way in and out.
The span is created in _started_processing and closed in
_finished_processing because we need a meaningful log context.
* Create logcontext for new scope.
Instead of having a stack of scopes in a logcontext we create a new
context for a new scope if the current logcontext already has a scope.
* Remove scope from logcontext if logcontext is top level
* Disable tracer if not configured
* typo
* Remove dependence on jaeger internals
* bools
* Set service name
* :Explicitely state that the tracer is disabled
* Black is the new black
* Newsfile
* Code style
* Use the new config setup.
* Generate config.
* Copyright
* Rename config to opentracing
* Remove user whitelisting
* Empty whitelist by default
* User ConfigError instead of RuntimeError
* Use isinstance
* Use tag constants for opentracing.
* Remove debug comment and no need to explicitely record error
* Two errors a "s(c)entry"
* Docstrings!
* Remove debugging brainslip
* Homeserver Whitlisting
* Better opentracing config comment
* linting
* Inclue worker name in service_name
* Make opentracing an optional dependency
* Neater config retreival
* Clean up dummy tags
* Instantiate tracing as object instead of global class
* Inlcude opentracing as a homeserver member.
* Thread opentracing to the request level
* Reference opetnracing through hs
* Instantiate dummy opentracin g for tests.
* About to revert, just keeping the unfinished changes just in case
* Revert back to global state, commit number:
9ce4a3d9067bf9889b86c360c05ac88618b85c4f
* Use class level methods in tracerutils
* Start and stop requests spans in a place where we
have access to the authenticated entity
* Seen it, isort it
* Make sure to close the active span.
* I'm getting black and blue from this.
* Logger formatting
Co-Authored-By: Erik Johnston <erik@matrix.org>
* Outdated comment
* Import opentracing at the top
* Return a contextmanager
* Start tracing client requests from the servlet
* Return noop context manager if not tracing
* Explicitely say that these are federation requests
* Include servlet name in client requests
* Use context manager
* Move opentracing to logging/
* Seen it, isort it again!
* Ignore twisted return exceptions on context exit
* Escape the scope
* Scopes should be entered to make them useful.
* Nicer decorator names
* Just one init, init?
* Don't need to close something that isn't open
* Docs make you smarter
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix JWT login with register
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Add pyjwt conditional dependency
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Added changelog file
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Improved changelog description
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
|
|
|
|
|
|
|
| |
Fixes https://github.com/matrix-org/synapse/issues/5431
`jinja2` was being imported even when it wasn't strictly necessary. This made it required to run Synapse, even if the functionality that required it wasn't enabled. This was causing new Synapse installations to crash on startup.
Email modules are now required.
|
| |
|
|
|
|
|
|
|
|
| |
* remove 2.7 from CI and publishing
* fill out classifiers and also make it not be installed on 3.5
* some minor bumps so that the old deps work on python 3.5
|
| |
|
|
|
|
|
| |
turns out we need a shiny version of service_identity to enforce this
correctly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
identity server (#5377)
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
|
|
|
|
|
|
| |
requests 2.22.0 as been released supporting urllib3 1.25.2
Signed-off-by: Marcus Hoffmann <bubu@bubu1.eu>
|
|
|
|
|
|
|
|
|
|
| |
* Pin eliot to <1.8 on python 3.5.2
Fixes https://github.com/matrix-org/synapse/issues/5199
* Add support for 'markers' to python_dependencies
* tell xargs not to strip quotes
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Using systemd-python allows for logging to the systemd journal,
as is documented in: `synapse/contrib/systemd/log_config.yaml`.
Signed-off-by: Silke Hofstra <silke@slxh.eu>
|
|/ |
|
|\
| |
| | |
Add basic optional sentry.io integration
|
| | |
|
|\ \
| |/
|/| |
Fix error message for optional dependencies
|
| |
| |
| |
| | |
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
|
|\ \
| |/
|/| |
New listener resource for the federation API "openid/userinfo" endpoint
|
| |
| |
| |
| |
| |
| | |
Allows running parameterized tests. BSD license.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
|
|/ |
|
| |
|
|
|
|
|
|
|
| |
Since 0.13.0, pymacaroons works correctly with pynacl, so there
isn’t any more reason to depend on an outdated pynacl fork.
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
|
|
|
|
|
|
| |
The package msgpack-python has been deprecated.
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
* Raise a ConfigError if an invalid resource is specified
* Require Jinja 2.9 for the consent resource
* changelog
|
|
|
|
| |
optional dependencies to setuptools (#4298)
|
|\ |
|
| |
| |
| |
| | |
This is based on the work done by @krombel in #2601.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.
What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
* Rip out half-implemented m.login.saml2 support
This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
* drop undocumented dependency on dateutil
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
|
| |
|
|
|
|
|
|
|
|
| |
As of #4027, we require psutil to be installed, so it should be in our
dependency list. We can also remove some of the conditional import code
introduced by #992.
Fixes #4062.
|
|
|
| |
Thanks @Half-Shot !!!
|
| |
|
| |
|
| |
|
|
|
|
| |
Ref: https://github.com/matrix-org/synapse/issues/3945
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes https://github.com/matrix-org/synapse/issues/3741.
|
| |
|
|
|
|
|
| |
the dependencies file, causing failures on upgrade (and presumably for new
installs).
|
|
|
|
|
| |
We've rcently added a dep on `attr`. I don't know why the CI didn't pick this
up, but we should make it explicit anyway.
|
| |
|
| |
|
|
|
|
|
| |
fixes #3135
Signed-off-by: Will Hunt will@half-shot.uk
|
|
|
|
|
|
| |
* add some doc about wtf this thing does
* pin Twisted to < 18.4
* add explicit dep on six (fixes #3089)
|
|
|
|
| |
1.1.2 was a bit broken too :/
|
|
|
|
|
|
|
| |
1.1.0 and 1.1.1 were broken, so we're updating this to help people make sure
they don't end up on a broken version.
Also, 1.1.0 is speedier...
|
| |
|
|
|
|
|
|
|
|
| |
in bcrypt 3.1.0 checkpw got introduced (already 2 years ago)
This makes use of that with enhancements which might get introduced
by that
Signed-Off-by: Matthias Kesler <krombel@krombel.de>
|
|
|
|
| |
Signed-off-by: Pascal Bach <pascal.bach@nextrem.ch>
|
|
|
|
|
|
|
|
| |
The package was pinned to <4.0 with 07cf96eb because "from saml2 import
config" did not work. This seems to have been fixed in the mean time in the
saml2 package and therefore should not stop to use a more recent version.
Signed-off-by: Oliver Kurz <okurz@suse.de>
|
| |
|
|\
| |
| | |
python_dependencies: Use bcrypt module instead of py-bcrypt
|
| |
| |
| |
| |
| |
| |
| |
| | |
py-bcrypt has been unmaintained for a long while, while bcrypt is
actively maintained. And since ff8b87118dcfb153d972e29c2b77b195244d5ddc
we're compatible with the bcrypt anyway.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
|
|/
|
|
|
| |
Make it possible to set the CPU affinity in the config file, so that we don't
need to remember to do it manually every time.
|
|
|
|
| |
Signed-off-by: pik <alexander.maznev@gmail.com>
|
|
|
|
| |
Changes from https://github.com/matrix-org/synapse/pull/1971
|
| |
|
| |
|
|
|
|
|
|
| |
At least 16.0.0 is needed for wrapClientTLS support.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the pure-python ldap3 library, which eliminates the need for a
system dependency.
Offer both a `search` and `simple_bind` mode, for more sophisticated
ldap scenarios.
- `search` tries to find a matching DN within the `user_base` while
employing the `user_filter`, then tries the bind when a single
matching DN was found.
- `simple_bind` tries the bind against a specific DN by combining the
localpart and `user_base`
Offer support for STARTTLS on a plain connection.
The configuration was changed to reflect these new possibilities.
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
|
| |
| |
| |
| | |
Mostly WIP porting the room name calculation logic from the web client so our room names in the email mirror the clients.
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
| |
defaults to off.
Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered.
Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered.
Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist
Add commentary and generally address PR feedback
|
|\ |
|
| | |
|
|/ |
|
|
|
|
|
| |
This is due to the fact that `from saml2 import config` fails in version
4.x
|
| |
|
|\ |
|
| |
| |
| |
| |
| | |
Something has gone wrong in the packaging of 1.* which causes it not to
compile.
|
| | |
|
|/ |
|
|
|
|
| |
check packages after the packages they depend on
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
synapse/handlers/auth.py
synapse/python_dependencies.py
synapse/rest/client/v1/login.py
|
| |
| |
| |
| | |
matrix-angular-sdk
|
| |
| |
| |
| | |
requirement, but don't complain (when we do check_requirements) if we don't have it when we start synapse.
|
| | |
|
| | |
|
| | |
|
|\ \ |
|
| |/
| |
| |
| | |
0.0.3 was a typo
|
| | |
|
|\| |
|
| | |
|
| |\
| | |
| | |
| | |
| | | |
Conflicts:
synapse/http/matrixfederationclient.py
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
Conflicts:
synapse/python_dependencies.py
|
| | | |
| | | |
| | | |
| | | | |
own Agent
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This just replaces random bytes with macaroons. The macaroons are not
inspected by the client or server.
In particular, they claim to have an expiry time, but nothing verifies
that they have not expired.
Follow-up commits will actually enforce the expiration, and allow for
token refresh.
See https://bit.ly/matrix-auth for more information
|
|\ \ \ |
|
| | |/
| |/| |
|
|/ / |
|
| | |
|
|/
|
|
| |
ujson.loads
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
It existed but was hardcoded to True.
Give it an underscore for consistency.
Also don't pull in syweb unless we're actually using the web client.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
installed before syutil
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
installing with easy_install, use scripts rather than entry_points to install synctl
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Add a media/v1/identicon resource for generating identicons
|
| | |
|
|/ |
|
|
|
|
| |
removed in 15.
|
| |
|
|
log which modules are used
|