summary refs log tree commit diff
path: root/synapse/rest/client/v1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-271-0/+2
| | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
* Implement MSC2858 support (#9183)Richard van der Hoff2021-01-271-6/+49
| | | Fixes #8928.
* Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-2/+1
|
* Validate the server name for the /publicRooms endpoint. (#9161)Patrick Cloke2021-01-191-2/+17
| | | | If a remote server name is provided, ensure it is something reasonable before making remote connections to it.
* Add some tests for the IDP picker flowRichard van der Hoff2021-01-071-2/+2
|
* Combine the SSO Redirect Servlets (#9015)Richard van der Hoff2021-01-041-69/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement CasHandler.handle_redirect_request ... to make it match OidcHandler and SamlHandler * Clean up interface for OidcHandler.handle_redirect_request Make it accept `client_redirect_url=None`. * Clean up interface for `SamlHandler.handle_redirect_request` ... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`. * Define a common protocol for SSO auth provider impls * Give SsoIdentityProvider an ID and register them * Combine the SSO Redirect servlets Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP. * changelog
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-7/+10
| | | Adds the redacts endpoint to workers that have the client listener.
* Convert internal pusher dicts to attrs classes. (#8940)Patrick Cloke2020-12-161-14/+1
| | | This improves type hinting and should use less memory.
* Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-6/+19
| | | | Fixes #8846.
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-105/+2
| | | | | | | | | | The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
* Simplify appservice login code (#8847)Richard van der Hoff2020-11-301-6/+21
| | | we don't need to support legacy login dictionaries here.
* Use TYPE_CHECKING instead of magic MYPY variable. (#8770)Patrick Cloke2020-11-171-3/+2
|
* Remove unused OPTIONS handlers. (#8621)Patrick Cloke2020-10-229-53/+0
| | | | The handling of OPTIONS requests was consolidated in #7534, but the endpoint specific handlers were not removed.
* Expose the experimental appservice login flow to clients. (#8504)Patrick Cloke2020-10-191-0/+2
|
* Add correct M_BAD_JSON error code to /profile/{userId}/displayname (#8517)Aaron Raimist2020-10-141-1/+3
| | | Fixes #8029
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-093-21/+15
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Do not expose the experimental appservice login flow to clients. (#8440)Patrick Cloke2020-10-011-2/+0
|
* Make token serializing/deserializing async (#8427)Erik Johnston2020-09-303-5/+12
| | | The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-7/+15
|
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-1811-38/+38
| | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
* Allow appservice users to /login (#8320)Will Hunt2020-09-181-10/+39
| | | | | Add ability for ASes to /login using the `uk.half-shot.msc2778.login.application_service` login `type`. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Don't remember `enabled` of deleted push rules and properly return 404 for ↵reivilibre2020-09-091-2/+13
| | | | | | | missing push rules in `.../actions` and `.../enabled` (#7796) Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Move and refactor LoginRestServlet helper methods (#8182)Andrew Morgan2020-08-281-54/+6
| | | | | | | This is split out from https://github.com/matrix-org/synapse/pull/7438, which had gotten rather large. `LoginRestServlet` has a couple helper methods, `login_submission_legacy_convert` and `login_id_thirdparty_from_phone`. They're primarily used for converting legacy user login submissions to "identifier" dicts ([see spec](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-login)). Identifying information such as usernames or 3PID information used to be top-level in the login body. They're now supposed to be put inside an [identifier](https://matrix.org/docs/spec/client_server/r0.6.1#identifier-types) parameter instead. #7438's purpose is to allow using the new identifier parameter during User-Interactive Authentication, which is currently handled in AuthHandler. That's why I've moved these helper methods there. I also moved the refactoring of these method from #7438 as they're relevant.
* Do not propagate typing notifications from shadow-banned users. (#8176)Patrick Cloke2020-08-261-11/+15
|
* Remove unused parameter from, and add safeguard in, get_room_data (#8174)Andrew Morgan2020-08-261-1/+0
| | | | | | Small cleanup PR. * Removed the unused `is_guest` argument * Added a safeguard to a (currently) impossible code path, fixing static checking at the same time.
* Stop shadow-banned users from sending non-member events. (#8142)Patrick Cloke2020-08-241-30/+44
|
* Stop shadow-banned users from sending invites. (#8095)Patrick Cloke2020-08-201-27/+40
|
* Remove `ChainedIdGenerator`. (#8123)Erik Johnston2020-08-191-1/+1
| | | | | It's just a thin wrapper around two ID gens to make `get_current_token` and `get_next` return tuples. This can easily be replaced by calling the appropriate methods on the underlying ID gens directly.
* Be stricter about JSON that is accepted by Synapse (#8106)Patrick Cloke2020-08-191-4/+7
|
* Convert pusher databases to async/await. (#8075)Patrick Cloke2020-08-141-4/+5
|
* Implement new experimental push rules (#7997)Brendan Abolivier2020-08-101-2/+9
|\ | | | | With an undocumented configuration setting to enable them for specific users.
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Brendan Abolivier2020-08-061-1/+1
| |\ | | | | | | | | | babolivier/new_push_rules
| * | Incorporate reviewBrendan Abolivier2020-08-061-2/+2
| | |
| * | Fix PUT /pushrules to use the right rule IDsBrendan Abolivier2020-08-031-2/+9
| | |
* | | Convert synapse.api to async/await (#8031)Patrick Cloke2020-08-061-1/+1
| |/ |/|
* | Allow guests to operate in encrypted rooms (#7314)Michael Albert2020-08-031-1/+1
|/ | | Signed-off-by: Michael Albert <michael.albert@awesome-technologies.de>
* Allow moving typing off master (#7869)Erik Johnston2020-07-161-0/+9
|
* Ensure that calls to `json.dumps` are compatible with the standard library ↵Patrick Cloke2020-07-151-6/+7
| | | | json. (#7836)
* Return the proper 403 Forbidden error during errors with JWT logins. (#7844)Patrick Cloke2020-07-151-5/+3
|
* Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)Patrick Cloke2020-07-141-6/+19
|
* `update_membership` declaration: now always returns an event id. (#7809)Richard van der Hoff2020-07-091-4/+2
|
* Stop passing bytes when dumping JSON (#7799)Patrick Cloke2020-07-081-1/+1
|
* Add documentation for JWT login type and improve sample config. (#7776)Patrick Cloke2020-07-061-21/+27
|
* Fix inconsistent handling of upper and lower cases of email addresses. (#7021)Dirk Klimpel2020-07-031-4/+8
| | | fixes #7016
* Merge branch 'master' into developPatrick Cloke2020-07-021-7/+3
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-021-7/+3
| |
* | Back out MSC2625 implementation (#7761)Brendan Abolivier2020-07-011-2/+2
| |
* | add org.matrix.login.jwt so that m.login.jwt can be deprecated (#7675)Sorunome2020-06-241-1/+4
| |
* | Implement unread counter (MSC2625) (#7673)Brendan Abolivier2020-06-171-2/+2
|\ \ | | | | | | Implementation of https://github.com/matrix-org/matrix-doc/pull/2625
| * \ Merge branch 'develop' into babolivier/mark_unreadBrendan Abolivier2020-06-151-1/+3
| |\ \
| * | | Use temporary prefixes as per the MSCBrendan Abolivier2020-06-101-1/+1
| | | |
| * | | Rename dont_push into mark_unreadBrendan Abolivier2020-06-101-2/+2
| | |/ | |/|
* | | Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-162-5/+2
| | |
* | | Update m.id.phone to use 'phone' instead of 'number' (#7687)Andrew Morgan2020-06-151-2/+10
| |/ |/| | | | | | | | | | | | | | | The spec [states](https://matrix.org/docs/spec/client_server/r0.6.1#phone-number) that `m.id.phone` requires the field `country` and `phone`. In Synapse, we've been enforcing `country` and `number`. I am not currently sure whether this affects any client implementations. This issue was introduced in #1994.
* | Remove "user_id" from GET /presence. (#7606)Will Hunt2020-06-111-1/+3
|/
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-051-44/+21
| | | | | | | | | | While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
* Advertise the token login type when OpenID Connect is enabled. (#7631)Patrick Cloke2020-06-041-8/+3
|
* Fix a bug in automatic user creation with m.login.jwt. (#7585)Olof Johansson2020-06-011-7/+8
|
* Add ability to wait for replication streams (#7542)Erik Johnston2020-05-221-8/+12
| | | | | | | The idea here is that if an instance persists an event via the replication HTTP API it can return before we receive that event over replication, which can lead to races where code assumes that persisting an event immediately updates various caches (e.g. current state of the room). Most of Synapse doesn't hit such races, so we don't do the waiting automagically, instead we do so where necessary to avoid unnecessary delays. We may decide to change our minds here if it turns out there are a lot of subtle races going on. People probably want to look at this commit by commit.
* Support UI Authentication for OpenID Connect accounts (#7457)Patrick Cloke2020-05-151-12/+19
|
* Allow expired accounts to logout (#7443)Andrew Morgan2020-05-141-3/+3
|
* Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-3/+25
|
* Improve error responses when a remote server doesn't allow you to access its ↵Andrew Morgan2020-04-061-13/+20
| | | | public rooms list (#6899)
* Support CAS in UI Auth flows. (#7186)Patrick Cloke2020-04-031-4/+16
|
* Refactor the CAS code (move the logic out of the REST layer to a handler) ↵Patrick Cloke2020-03-261-155/+16
| | | | (#7136)
* Fix CAS redirect url (#6634)Naugrimm2020-03-241-11/+16
| | | Build the same service URL when requesting the CAS ticket and when calling the proxyValidate URL.
* Clean-up some auth/login REST code (#7115)Patrick Cloke2020-03-201-8/+0
|
* Remove special casing of `m.room.aliases` events (#7034)Patrick Cloke2020-03-171-12/+0
|
* Merge branch 'master' into developBrendan Abolivier2020-03-031-30/+13
|\
| * Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-56/+2
| |
| * Add a whitelist for the SSO confirmation step.Richard van der Hoff2020-03-021-8/+18
| |
| * Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-021-6/+34
| |
* | Ensure 'deactivated' parameter is a boolean on user admin API, Fix error ↵Andrew Morgan2020-02-261-0/+1
| | | | | | | | handling of call to deactivate user (#6990)
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-212-5/+5
|/ | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Move MSC2432 stuff onto unstable prefix (#6948)Richard van der Hoff2020-02-191-1/+7
| | | it's not in the spec yet, so needs to be unstable. Also add a feature flag for it. Also add a test for admin users.
* Implement GET /_matrix/client/r0/rooms/{roomId}/aliases (#6939)Richard van der Hoff2020-02-181-0/+23
| | | | | per matrix-org/matrix-doc#2432
* MSC2260: Block direct sends of m.room.aliases events (#6794)Richard van der Hoff2020-01-301-0/+12
| | | | | as per MSC2260
* Fixup synapse.rest to pass mypy (#6732)Erik Johnston2020-01-202-7/+13
|
* Fix `/events/:event_id` deprecated API. (#6731)Erik Johnston2020-01-201-1/+1
|
* Clean up startup for the pusher (#6558)Richard van der Hoff2019-12-181-17/+16
| | | | | | | | | | | | | | | | | | | | | | | * Remove redundant python2 support code `str.decode()` doesn't exist on python3, so presumably this code was doing nothing * Filter out pushers with corrupt data When we get a row with unparsable json, drop the row, rather than returning a row with null `data`, which will then cause an explosion later on. * Improve logging when we can't start a pusher Log the ID to help us understand the problem * Make email pusher setup more robust We know we'll have a `data` member, since that comes from the database. What we *don't* know is if that is a dict, and if that has a `brand` member, and if that member is a string.
* Back out change preventing setting null avatar URLsErik Johnston2019-12-111-6/+6
|
* Better errors regarding changing avatar_url (#6497)Andrew Morgan2019-12-091-3/+8
|
* Port rest/v1 to async/awaitErik Johnston2019-12-0510-166/+117
|
* MSC2367 Allow reason field on all member eventsErik Johnston2019-11-281-1/+1
|
* LintBrendan Abolivier2019-11-201-1/+3
|
* Apply suggestions from code reviewErik Johnston2019-11-181-1/+1
| | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-Authored-By: Brendan Abolivier <babolivier@matrix.org>
* Only do `rc_login` ratelimiting on succesful login.Erik Johnston2019-11-061-18/+93
| | | | | | | | | | | | We were doing this in a number of places which meant that some login code paths incremented the counter multiple times. It was also applying ratelimiting to UIA endpoints, which was probably not intentional. In particular, some custom auth modules were calling `check_user_exists`, which incremented the counters, meaning that people would fail to login sometimes.
* Support for routing outbound HTTP requests via a proxy (#6239)Richard van der Hoff2019-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
* Update black to 19.10b0 (#6304)Amber Brown2019-11-011-6/+7
| | | * update version of black and also fix the mypy config being overridden
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-1/+1
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Port room rest handlers to async/awaitErik Johnston2019-10-291-94/+72
|
* cas: support setting display name (#6114)Valérian Rousset2019-10-111-1/+3
| | | Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
* Land improved room list based on room stats (#6019)Erik Johnston2019-10-021-0/+8
| | | | Use room_stats and room_state for room directory search
* isortErik Johnston2019-09-251-1/+1
|
* Add tags for event_id and txn_id in event sendingErik Johnston2019-09-251-0/+18
| | | | This will make it easier to search for sending event requests.
* Merge branch 'develop' into rav/saml_mapping_workRichard van der Hoff2019-09-1911-67/+67
|\
| * Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) (#5976)Andrew Morgan2019-09-111-0/+1
| | | | | | | | | | | | | | This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted. Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
| * Remove double return statements (#5962)Andrew Morgan2019-09-031-1/+0
| | | | | | | | | | | | | | | | | | | | Remove all the "double return" statements which were a result of us removing all the instances of ``` defer.returnValue(...) return ``` statements when we switched to python3 fully.
| * Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-3011-66/+66
| | | | | | | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :)
* | Record mappings from saml users in an external tableRichard van der Hoff2019-09-131-0/+14
|/ | | | | | We want to assign unique mxids to saml users based on an incrementing suffix. For that to work, we need to record the allocated mxid in a separate table.
* Return 404 instead of 403 when retrieving an event without perms (#5798)Andrew Morgan2019-08-061-3/+11
| | | | | Part of fixing matrix-org/sytest#652 Sytest PR: matrix-org/sytest#667
* Merge tag 'v1.2.0rc2' into developAndrew Morgan2019-07-241-7/+30
|\ | | | | | | | | | | | | Bugfixes -------- - Fix a regression introduced in v1.2.0rc1 which led to incorrect labels on some prometheus metrics. ([\#5734](https://github.com/matrix-org/synapse/issues/5734))
| * Fix servlet metric names (#5734)Jorik Schellekens2019-07-241-7/+30
| | | | | | | | | | | | | | | | | | | | * Fix servlet metric names Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Remove redundant check * Cover all return paths
* | Replace returnValue with return (#5736)Amber Brown2019-07-2311-76/+72
|/
* Clean up exception handling for access_tokens (#5656)Richard van der Hoff2019-07-112-4/+15
| | | | | | | | | | | | | | | | First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them.
* Remove access-token support from RegistrationHandler.register (#5641)Richard van der Hoff2019-07-081-10/+4
| | | | | | | | Nothing uses this now, so we can remove the dead code, and clean up the API. Since we're changing the shape of the return value anyway, we take the opportunity to give the method a better name.
* Factor out some redundant code in the login impl (#5639)Richard van der Hoff2019-07-081-39/+10
| | | | | | | | * Factor out some redundant code in the login impl Also fixes a redundant access_token which was generated during jwt login. * changelog
* Complete the SAML2 implementation (#5422)Richard van der Hoff2019-07-021-8/+46
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SAML2 Improvements and redirect stuff Signed-off-by: Alexander Trost <galexrt@googlemail.com> * Code cleanups and simplifications. Also: share the saml client between redirect and response handlers. * changelog * Revert redundant changes to static js * Move all the saml stuff out to a centralised handler * Add support for tracking SAML2 sessions. This allows us to correctly handle `allow_unsolicited: False`. * update sample config * cleanups * update sample config * rename BaseSSORedirectServlet for consistency * Address review comments
| * Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-011-1/+1
| |\
| * | rename BaseSSORedirectServlet for consistencyRichard van der Hoff2019-06-271-3/+3
| | |
| * | Move all the saml stuff out to a centralised handlerRichard van der Hoff2019-06-261-11/+2
| | |
| * | Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-06-2610-327/+252
| |\ \
| * | | Code cleanups and simplifications.Richard van der Hoff2019-06-111-42/+41
| | | | | | | | | | | | | | | | Also: share the saml client between redirect and response handlers.
| * | | Merge remote-tracking branch 'origin/develop' into rav/saml2_clientRichard van der Hoff2019-06-1012-203/+185
| |\ \ \
| * | | | SAML2 Improvements and redirect stuffAlexander Trost2019-06-021-0/+46
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexander Trost <galexrt@googlemail.com>
* | | | | Fix JWT login with new users (#5586)PauRE2019-07-021-6/+3
| |_|_|/ |/| | | | | | | | | | | Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* | | | Fix JWT login (#5555)PauRE2019-06-271-1/+1
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix JWT login with register Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Add pyjwt conditional dependency Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Added changelog file Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Improved changelog description Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* | | Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-1/+1
| | |
* | | Run Black. (#5482)Amber Brown2019-06-2010-322/+246
| |/ |/|
* | Hawkowl/fix missing auth (#5328)Amber Brown2019-06-041-0/+1
| |
* | Unify v1 and v2 REST client APIs (#5226)Amber Brown2019-06-0312-203/+183
|/
* Fix ignored filter field in `/messages` endpointEisha Chen-yen-su2019-05-301-0/+2
| | | | | | | | This fixes a bug which were causing the "event_format" field to be ignored in the filter of requests to the `/messages` endpoint of the CS API. Signed-off-by: Eisha Chen-yen-su <chenyensu0@gmail.com>
* Merge pull request #5256 from aaronraimist/logout-correct-errorErik Johnston2019-05-301-18/+9
|\ | | | | Show correct error when logging out and access token is missing
| * LintAaron Raimist2019-05-291-2/+0
| | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
| * Get rid of try exceptAaron Raimist2019-05-271-16/+9
| | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
| * Show correct error when logging out and access token is missingAaron Raimist2019-05-241-4/+4
| | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Serve CAS login over r0 (#5286)Amber Brown2019-05-301-2/+2
|/
* Drop support for v2_alpha API prefix (#5190)Richard van der Hoff2019-05-151-4/+4
|
* Allow client event serialization to be asyncErik Johnston2019-05-142-14/+20
|
* add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-082-12/+34
| | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* Move admin api impl to its own packageRichard van der Hoff2019-05-011-896/+0
| | | | It doesn't really belong under rest/client/v1 any more.
* Move admin API to a new prefixRichard van der Hoff2019-05-011-20/+50
|
* Move admin API away from ClientV1RestServletRichard van der Hoff2019-05-011-33/+33
|
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-04-173-78/+42
|\ | | | | | | babolivier/account_expiration
| * Remove usage of request.postpathErik Johnston2019-04-161-8/+8
| | | | | | | | | | | | | | This is an undocumented variable in twisted, and relies on the servlet being mounted in the right way. This also breaks getting push rules on workers.
| * Only handle GET requests for /push_rulesErik Johnston2019-04-151-0/+7
| |
| * Add admin API for group deletionErik Johnston2019-04-031-0/+26
| |
| * Fix grammar and document get_current_users_in_room (#4998)Andrew Morgan2019-04-031-1/+1
| |
| * Remove presence lists (#4989)Neil Johnson2019-04-031-67/+0
| | | | | | Remove presence list support as per MSC 1819
| * remove log line for password (#4965)Neil Johnson2019-03-281-2/+0
| | | | | | | | Remove log line for password.
* | Add management endpoints for account validityBrendan Abolivier2019-04-171-0/+39
|/
* Support 3PID login in password providers (#4931)Andrew Morgan2019-03-261-4/+45
| | | | | Adds a new method, check_3pid_auth, which gives password providers the chance to allow authentication with third-party identifiers such as email or msisdn.
* Use flagsErik Johnston2019-03-201-2/+4
|
* Gracefully handle failing to kick userErik Johnston2019-03-201-19/+27
|
* Log new room IDErik Johnston2019-03-201-1/+6
|
* Add ratelimiting on login (#4821)Brendan Abolivier2019-03-151-0/+10
| | | Add two ratelimiters on login (per-IP address and per-userID).
* Send message after room has been shutdownErik Johnston2019-03-061-11/+11
| | | | | | | | Currently the explanation message is sent to the abuse room before any users are forced joined, which means it tends to get lost in the backlog of joins. So instead we send the message *after* we've forced joined everyone.
* Add 'server_version' endpoint to admin APIJoseph Weston2019-03-011-0/+23
| | | | | This is required because the 'Server' HTTP header is not always passed through proxies.
* Fix registration on workers (#4682)Erik Johnston2019-02-201-2/+2
| | | | | | | | | | * Move RegistrationHandler init to HomeServer * Move post registration actions to RegistrationHandler * Add post regisration replication endpoint * Newsfile
* Move register_device into handlerErik Johnston2019-02-181-37/+22
|
* Fix typosAndrew Morgan2019-01-221-4/+4
|
* Return well_known in /login response (#4319)Richard van der Hoff2018-12-241-7/+11
| | | | ... as per MSC1730.
* create support user (#4141)Neil Johnson2018-12-141-1/+10
| | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
* Initialise user displayname from SAML2 data (#4272)Richard van der Hoff2018-12-071-0/+5
| | | | | When we register a new user from SAML2 data, initialise their displayname correctly.
* Factor SSO success handling out of CAS login (#4264)Richard van der Hoff2018-12-071-29/+76
| | | | This is mostly factoring out the post-CAS-login code to somewhere we can reuse it for other SSO flows, but it also fixes the userid mapping while we're at it.
* Rip out half-implemented m.login.saml2 support (#4265)Richard van der Hoff2018-12-061-67/+2
| | | | | | | | | | | | | * Rip out half-implemented m.login.saml2 support This was implemented in an odd way that left most of the work to the client, in a way that I really didn't understand. It's going to be a pain to maintain, so let's start by ripping it out. * drop undocumented dependency on dateutil It turns out we were relying on dateutil being pulled in transitively by pysaml2. There's no need for that bloat.
* Fix non-ASCII pushrules (#4248)Amber Brown2018-12-041-12/+23
|
* fix type errorAmber Brown2018-12-031-1/+1
|
* Support m.login.sso (#4220)Richard van der Hoff2018-11-271-4/+9
| | | | | | | | | | | | | | | | | * Clean up the CSS for the fallback login form I was finding this hard to work with, so simplify a bunch of things. Each flow is now a form inside a div of class login_flow. The login_flow class now has a fixed width, as that looks much better than each flow having a differnt width. * Support m.login.sso MSC1721 renames m.login.cas to m.login.sso. This implements the change (retaining support for m.login.cas for older clients). * changelog
* Refactor state group lookup to reduce DB hits (#4011)Erik Johnston2018-10-251-1/+2
| | | | | | | | Currently when fetching state groups from the data store we make two hits two the database: once for members and once for non-members (unless request is filtered to one or the other). This adds needless load to the datbase, so this PR refactors the lookup to make only a single database hit.
* Clean up room alias creationErik Johnston2018-10-191-32/+5
|
* Merge pull request #3835 from krombel/fix_3821Amber Brown2018-09-121-1/+5
|\ | | | | fix VOIP crashes under Python 3
| * fix VOIP crashes under Python 3 (#3821)Krombel2018-09-101-1/+5
| |
* | Port rest/ to Python 3 (#3823)Amber Brown2018-09-127-52/+57
|/
* Allow guests to access /rooms/:roomId/event/:eventIdWill Hunt2018-08-201-1/+1
|
* Integrate presence from hotfixes (#3694)Amber Brown2018-08-181-1/+2
|
* speed up /members and add at= and membership params (#3568)Matthew Hodgson2018-08-151-3/+29
|
* Don't fail requests to unbind 3pids for non supporting ID serversErik Johnston2018-08-081-2/+9
| | | | | | | | | | Older identity servers may not support the unbind 3pid request, so we shouldn't fail the requests if we received one of 400/404/501. The request still fails if we receive e.g. 500 responses, allowing clients to retry requests on transient identity server errors that otherwise do support the API. Fixes #3661
* Merge branch 'master' into developRichard van der Hoff2018-08-022-2/+2
|\
| * Check room visibility for /event/ requestsRichard van der Hoff2018-08-022-2/+2
| | | | | | | | | | | | | | | | Make sure that the user has permission to view the requeseted event for /event/{eventId} and /room/{roomId}/event/{eventId} requests. Also check that the event is in the given room for /room/{roomId}/event/{eventId}, for sanity.
* | Merge pull request #3620 from fuzzmz/return-404-room-not-foundRichard van der Hoff2018-08-011-2/+2
|\ \ | | | | | | return 404 if room not found
| * | return NotFoundError if room not foundSerban Constantin2018-07-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per the Client-Server API[0] we should return `M_NOT_FOUND` if the room isn't found instead of generic SynapseError. This ensures that /directory/list API returns 404 for room not found instead of 400. [0]: https://matrix.org/docs/spec/client_server/unstable.html#get-matrix-client-r0-directory-list-room-roomid Signed-off-by: Serban Constantin <serban.constantin@gmail.com>
* | | Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-7/+15
|/ /
* | make /context lazyload & filter aware (#3567)Matthew Hodgson2018-07-271-0/+9
| | | | | | make /context lazyload & filter aware.
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2018-07-233-437/+126
|\ \ | | | | | | | | | erikj/client_apis_move
| * | Admin API for creating new users (#3415)Amber Brown2018-07-201-0/+122
| | |
| * | Move v1-only APIs into their own module & isolate deprecated ones (#3460)Amber Brown2018-07-192-437/+4
| |/
* | Move RoomContextHandler out of HandlersErik Johnston2018-07-181-2/+2
| | | | | | | | This is in preparation for moving GET /context/ to a worker
* | Split MessageHandler into read only and writersErik Johnston2018-07-182-15/+13
|/ | | | | This will let us call the read only parts from workers, and so be able to move some APIs off of master, e.g. the `/state` API.
* check isort by travisKrombel2018-07-162-3/+3
|
* Fix develop because I broke it :( (#3535)Amber Brown2018-07-141-2/+2
|
* Merge pull request #3534 from krombel/use_parse_and_asserts_from_servletAmber Brown2018-07-147-74/+42
|\ | | | | Use parse and asserts from http.servlet
| * fix sytestsAmber Brown2018-07-141-1/+1
| |
| * add changelogKrombel2018-07-131-1/+1
| |
| * rename assert_params_in_request to assert_params_in_dictKrombel2018-07-135-14/+14
| | | | | | | | | | | | the method "assert_params_in_request" does handle dicts and not requests. A request body has to be parsed to json before this method can be used
| * Use parse_{int,str} and assert from http.servletKrombel2018-07-137-75/+43
| | | | | | | | | | | | | | parse_integer and parse_string can take a request and raise errors in case we have wrong or missing params. This PR tries to use them more to deduplicate some code and make it better readable
* | Make auth & transactions more testable (#3499)Amber Brown2018-07-143-6/+5
|/
* run isortAmber Brown2018-07-0914-86/+88
|
* Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-282-2/+3
|
* update doc for deactivate APIMatthew Hodgson2018-06-261-1/+1
|
* add GDPR erase param to deactivate APIMatthew Hodgson2018-06-261-1/+12
|
* Revert "Revert "Merge pull request #3431 from ↵Erik Johnston2018-06-251-1/+3
| | | | | | matrix-org/rav/erasure_visibility"" This reverts commit 1d009013b3c3e814177afc59f066e02a202b21cd.
* Revert "Merge pull request #3431 from matrix-org/rav/erasure_visibility"Richard van der Hoff2018-06-221-3/+1
| | | | | This reverts commit ce0d911156b355c5bf452120bfb08653dad96497, reversing changes made to b4a5d767a94f1680d07edfd583aae54ce422573e.
* Merge pull request #3431 from matrix-org/rav/erasure_visibilityErik Johnston2018-06-221-1/+3
|\ | | | | Support hiding events from deleted users
| * mark accounts as erased when requestedRichard van der Hoff2018-06-121-1/+3
| |
* | Remove run_on_reactor (#3395)Amber Brown2018-06-141-7/+0
|/
* fix logRichard van der Hoff2018-06-071-1/+1
|
* Fix event-purge-by-ts admin APIRichard van der Hoff2018-06-071-6/+4
| | | | | | This got completely broken in 0.30. Fixes #3300.
* Replace some more comparisons with sixAdrian Tschira2018-05-191-3/+5
| | | | | | plus a bonus b"" string I missed last time Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge pull request #3221 from matrix-org/erikj/purge_tokenErik Johnston2018-05-181-7/+10
|\ | | | | Make purge_history operate on tokens
| * Make purge_history operate on tokensErik Johnston2018-05-151-7/+10
| | | | | | | | As we're soon going to change how topological_ordering works
* | Move RoomCreationHandler out of synapse.handlers.HandlersRichard van der Hoff2018-05-172-5/+4
|/ | | | | | | Handlers is deprecated nowadays, so let's move this out before I add a new dependency on it. Also fix the docstrings on create_room.
* Set Server header in SynapseRequestRichard van der Hoff2018-05-101-1/+0
| | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really.
* Burminate v1authAdrian Tschira2018-04-302-2/+6
| | | | | | | | | | | | | | | | | | This closes #2602 v1auth was created to account for the differences in status code between the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid tokens). However since those protocols were merged, this makes the r0 version/endpoint internally inconsistent, and violates the specification for the r0 endpoint. This might break clients that rely on this inconsistency with the specification. This is said to affect the legacy angular reference client. However, I feel that restoring parity with the spec is more important. Either way, it is critical to inform developers about this change, in case they rely on the illegal behaviour. Signed-off-by: Adrian Tschira <nota@notafile.com>
* add guard for None on purge_history apiKrombel2018-04-301-1/+14
|
* Merge pull request #3156 from NotAFile/py3-hmac-bytesRichard van der Hoff2018-04-301-7/+9
|\ | | | | Construct HMAC as bytes on py3
| * Construct HMAC as bytes on py3Adrian Tschira2018-04-291-7/+9
| | | | | | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* | Use six.moves.urlparseAdrian Tschira2018-04-152-5/+6
|/ | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge pull request #3079 from matrix-org/erikj/limit_concurrent_sendsErik Johnston2018-04-101-6/+1
|\ | | | | Limit concurrent event sends for a room
| * Use create_and_send_nonmember_event everywhereErik Johnston2018-04-091-6/+1
| |
* | Merge pull request #3061 from NotAFile/add-some-byte-stringsRichard van der Hoff2018-04-091-2/+2
|\ \ | | | | | | Add b prefixes to some strings that are bytes in py3
| * | Add b prefixes to some strings that are bytes in py3Adrian Tschira2018-04-041-2/+2
| | | | | | | | | | | | | | | | | | This has no effect on python2 Signed-off-by: Adrian Tschira <nota@notafile.com>
* | | Merge pull request #2938 from dklug/developRichard van der Hoff2018-04-091-1/+4
|\ \ \ | |_|/ |/| | Return 401 for invalid access_token on logout
| * | Return 401 for invalid access_token on logoutdklug2018-03-021-1/+4
| | | | | | | | | | | | Signed-off-by: Duncan Klug <dklug@ucmerced.edu>
* | | Merge pull request #2986 from jplatte/join_reponse_room_idRichard van der Hoff2018-04-051-1/+6
|\ \ \ | |_|/ |/| | Add room_id to the response of `rooms/{roomId}/join`
| * | Add room_id to the response of `rooms/{roomId}/join`Jonas Platte2018-03-131-1/+6
| | | | | | | | | | | | Fixes #2349
* | | Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2018-03-191-1/+1
|\ \ \ | |/ / |/| |
| * | Replace ujson with simplejsonErik Johnston2018-03-151-1/+1
| | |
* | | RoomMembershipRestServlet doesn't handle /forgetErik Johnston2018-03-131-1/+1
| | | | | | | | | | | | | | | Due to the order we register the REST handlers `/forget` was handled by the correct handler.
* | | Add transactional API to history purgeRichard van der Hoff2018-03-121-3/+35
| | | | | | | | | | | | Make the purge request return quickly, and allow scripts to poll for updates.
* | | Provide a means to pass a timestamp to purge_historyRichard van der Hoff2018-03-051-3/+55
| |/ |/|
* | Move RoomMemberHandler out of HandlersErik Johnston2018-03-012-12/+14
| |
* | Merge pull request #2854 from matrix-org/erikj/event_create_workerErik Johnston2018-02-131-1/+0
|\ \ | | | | | | Create a worker for event creation
| * | Add event_creator workerErik Johnston2018-02-071-1/+0
| | |
* | | Fix typos in purge api & docRichard van der Hoff2018-02-131-3/+1
| | | | | | | | | | | | | | | * It's supposed to be purge_local_events, not ..._history * Fix the doc to have valid json
* | | Merge pull request #2858 from matrix-org/rav/purge_updatesRichard van der Hoff2018-02-091-1/+10
|\ \ \ | |/ / |/| | delete_local_events for purge_room_history
| * | delete_local_events for purge_historyRichard van der Hoff2018-02-091-1/+10
| | | | | | | | | | | | Add a flag which makes the purger delete local events
* | | Update copyrightErik Johnston2018-02-062-0/+2
| | |
* | | Update places where we create eventsErik Johnston2018-02-052-9/+11
| | |
* | | Merge branch 'develop' into travis/admin-list-mediaTravis Ralston2018-02-012-17/+34
|\ \ \
| * | | add ?ts massaging for ASes (#2754)Matthew Hodgson2018-01-231-6/+11
| | | | | | | | | | | | blindly implement ?ts for AS. untested
| * | | rewrite based on PR feedback:Matthew Hodgson2018-01-191-13/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
| * | | fix up v1, and improve errorsMatthew Hodgson2018-01-191-11/+29
| |/ /
* / / Add an admin route to get all the media in a roomTravis Ralston2018-01-201-0/+22
|/ / | | | | | | | | This is intended to be used by administrators to monitor the media that is passing through their server, if they wish. Signed-off-by: Travis Ralston <travpc@gmail.com>
* | Add /room/{id}/event/{id} to synapseRichard van der Hoff2018-01-091-3/+26
| | | | | | | | | | | | Turns out that there is a valid usecase for retrieving event by id (notably having received a push), but event ids should be scoped to room, so /event/{id} is wrong.
* | Better logging when login can't find a 3pidRichard van der Hoff2017-12-201-4/+10
|/
* Delete devices in various logout situationsRichard van der Hoff2017-11-291-2/+25
| | | | | | | | | | | | | Make sure that we delete devices whenever a user is logged out due to any of the following situations: * /logout * /logout_all * change password * deactivate account (by the user or by an admin) * invalidate access token from a dynamic module Fixes #2672.
* Move set_password into its own handlerRichard van der Hoff2017-11-291-2/+2
| | | | | | Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Move deactivate_account into its own handlerRichard van der Hoff2017-11-291-2/+2
| | | | | | Non-functional refactoring to move deactivate_account. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Downcase userids for shared-secret registrationRichard van der Hoff2017-11-101-1/+1
|
* Allow password_auth_providers to return a callbackRichard van der Hoff2017-11-011-1/+4
| | | | ... so that they have a way to record access tokens.
* Merge remote-tracking branch 'origin/develop' into ↵David Baker2017-11-011-3/+10
|\ | | | | | | rav/refactor_accesstoken_delete
| * Merge pull request #2615 from matrix-org/rav/break_auth_device_depDavid Baker2017-11-011-3/+0
| |\ | | | | | | Break dependency of auth_handler on device_handler
| | * Break dependency of auth_handler on device_handlerRichard van der Hoff2017-11-011-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | I'm going to need to make the device_handler depend on the auth_handler, so I need to break this dependency to avoid a cycle. It turns out that the auth_handler was only using the device_handler in one place which was an edge case which we can more elegantly handle by throwing an error rather than fixing it up.
| * | Apparently this is pythonDavid Baker2017-11-011-1/+1
| | |
| * | Log login requestsDavid Baker2017-11-011-0/+10
| |/ | | | | | | Carefully though, to avoid logging passwords
* / Move access token deletion into auth handlerRichard van der Hoff2017-11-012-11/+6
|/ | | | | | | Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it.
* Refactor some logic from LoginRestServlet into AuthHandlerRichard van der Hoff2017-10-311-29/+26
| | | | | | | | | | | | | | I'm going to need some more flexibility in handling login types in password auth providers, so as a first step, move some stuff from LoginRestServlet into AuthHandler. In particular, we pass everything other than SAML, JWT and token logins down to the AuthHandler, which now has responsibility for checking the login type and fishing the password out of the login dictionary, as well as qualifying the user_id if need be. Ideally SAML, JWT and token would go that way too, but there's no real need for it right now and I'm trying to minimise impact. This commit *should* be non-functional.
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-234-7/+7
| | | | what could possibly go wrong
* Remove pointless create() methodRichard van der Hoff2017-10-201-3/+3
| | | | | It just calls the constructor, so we may as well kill it rather than having random codepaths.