summary refs log tree commit diff
path: root/synapse/rest/client/register.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Describe which rate limiter was hit in logs (#16135)David Robertson2023-08-301-2/+1
|
* Stop accepting 'user' parameter for application service registration. (#15928)Patrick Cloke2023-07-131-8/+4
| | | This is unspecced, but has existed for a very long time.
* Make AS tokens work & allow ASes to /registerQuentin Gliech2023-05-301-0/+69
|
* Refactor config to be an experimental featureHugh Nimmo-Smith2023-05-301-1/+1
| | | | Also enforce you can't combine it with incompatible config options
* Disable account related endpoints when using OAuth delegationQuentin Gliech2023-05-301-0/+3
|
* Add a primitive helper script for listing worker endpoints. (#15243)reivilibre2023-03-231-0/+2
| | | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Load `/register/available` endpoint on workers (#15268)Jason Little2023-03-171-1/+1
|
* Bump black from 22.12.0 to 23.1.0 (#15103)dependabot[bot]2023-02-221-7/+11
|
* Remove unnecessary reactor reference from `_PerHostRatelimiter` (#14842)Sean Quah2023-01-161-1/+0
| | | | | Fix up #14812 to avoid introducing a reference to the reactor. Signed-off-by: Sean Quah <seanq@matrix.org>
* Fix stack overflow in `_PerHostRatelimiter` due to synchronous requests (#14812)Sean Quah2023-01-131-0/+1
| | | | | | | | | | | | | | | | | | When there are many synchronous requests waiting on a `_PerHostRatelimiter`, each request will be started recursively just after the previous request has completed. Under the right conditions, this leads to stack exhaustion. A common way for requests to become synchronous is when the remote client disconnects early, because the homeserver is overloaded and slow to respond. Avoid stack exhaustion under these conditions by deferring subsequent requests until the next reactor tick. Fixes #14480. Signed-off-by: Sean Quah <seanq@matrix.org>
* Use ClientRestResource on both the main process and workers. (#14528)Patrick Cloke2022-12-021-4/+5
| | | | | | | Add logic to ClientRestResource to decide whether to mount servlets or not based on whether the current process is a worker. This is clearer to see what a worker runs than the completely separate / copy & pasted list of servlets being mounted for workers.
* Allow admins to require a manual approval process before new accounts can be ↵Brendan Abolivier2022-09-291-2/+20
| | | | used (using MSC3866) (#13556)
* Drop support for delegating email validation, round 2 (#13596)David Robertson2022-08-231-39/+20
|
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-221-3/+0
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Rename `RateLimitConfig` to `RatelimitSettings` (#13442)Dirk Klimpel2022-08-031-2/+2
|
* Revert "Drop support for delegating email validation (#13192)" (#13406)3nprob2022-07-291-20/+39
| | | | | Reverts commit fa71bb18b527d1a3e2629b48640ea67fff2f8c59, and tweaks documentation. Signed-off-by: 3nprob <git@3n.anonaddy.com>
* Drop support for delegating email validation (#13192)Richard van der Hoff2022-07-121-39/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop support for delegating email validation Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been deprecated. It will now cause a config error at startup. * Update unit test which checks for email verification Give it an `email` config instead of a threepid delegate * Remove unused method `requestEmailToken` * Simplify config handling for email verification Rather than an enum and a boolean, all we need here is a single bool, which says whether we are or are not doing email verification. * update docs * changelog * upgrade.md: fix typo * update version number this will be in 1.64, not 1.63 * update version number this one too
* Fix typo in some instances of enable_registration_token_3pid_bypass. (#12639)Will Hunt2022-05-051-1/+1
|
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-041-3/+3
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Add option to enable token registration without requiring 3pids (#12526)Will Hunt2022-04-271-1/+6
|
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-5/+5
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Allow modules to set a display name on registration (#12009)Brendan Abolivier2022-02-171-0/+7
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Add a callback to allow modules to deny 3PID (#11854)Brendan Abolivier2022-02-081-3/+5
| | | | | Part of the Tchap Synapse mainlining. This allows modules to implement extra logic to figure out whether a given 3PID can be added to the local homeserver. In the Tchap use case, this will allow a Synapse module to interface with the custom endpoint /internal_info.
* Stabilise MSC3231 (Token Based Registration) (#11867)Jonathan de Jong2022-02-041-4/+3
|
* Add a module callback to set username at registration (#11790)Brendan Abolivier2022-01-261-1/+11
| | | | | | This is in the context of mainlining the Tchap fork of Synapse. Currently in Tchap usernames are derived from the user's email address (extracted from the UIA results, more specifically the m.login.email.identity step). This change also exports the check_username method from the registration handler as part of the module API, so that a module can check if the username it's trying to generate is correct and doesn't conflict with an existing one, and fallback gracefully if not. Co-authored-by: David Robertson <davidr@element.io>
* Add a config flag to inhibit `M_USER_IN_USE` during registration (#11743)Brendan Abolivier2022-01-261-0/+11
| | | | | | | This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work). This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (https://github.com/matrix-org/synapse/pull/11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique. More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-061-13/+10
| | | | into the Matrix specification. (#11435)
* Update MSC2918 refresh token support to confirm with the latest revision: ↵reivilibre2021-11-261-3/+6
| | | | accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-231-1/+3
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-041-13/+13
|
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-291-3/+3
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-231-14/+16
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Add types to synapse.util. (#10601)reivilibre2021-09-101-4/+7
|
* Additional type hints for client REST servlets (part 4) (#10728)Patrick Cloke2021-09-011-7/+7
|
* Additional type hints for the client REST servlets (part 3). (#10707)Patrick Cloke2021-08-311-48/+30
|
* Remove unused `compare_digest` function. (#10706)Patrick Cloke2021-08-271-13/+0
|
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-211-0/+72
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-171-0/+879