| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
| |
Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
|
|
|
|
| |
Use room_stats and room_state for room directory search
|
| |
|
|
|
|
| |
This will make it easier to search for sending event requests.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted.
Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140).
Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove all the "double return" statements which were a result of us removing all the instances of
```
defer.returnValue(...)
return
```
statements when we switched to python3 fully.
|
| |
| |
| |
| |
| | |
Python will return a tuple whether there are parentheses around the returned values or not.
I'm just sick of my editor complaining about this all over the place :)
|
|/
|
|
|
|
| |
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
|
|
|
|
|
| |
Part of fixing matrix-org/sytest#652
Sytest PR: matrix-org/sytest#667
|
|\
| |
| |
| |
| |
| |
| | |
Bugfixes
--------
- Fix a regression introduced in v1.2.0rc1 which led to incorrect labels on some prometheus metrics. ([\#5734](https://github.com/matrix-org/synapse/issues/5734))
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix servlet metric names
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Remove redundant check
* Cover all return paths
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we
did at one point when it was possible to return either a 403 or a 401 if the
creds were missing. We always return a 401 in these cases now (thankfully), so
it's not needed.
Let's also stop abusing `AuthError` for these cases. Honestly they have nothing
that relates them to the other places that `AuthError` is used, other than the
fact that they are loosely under the 'Auth' banner. It makes no sense for them
to share exception classes.
Instead, let's add a couple of new exception classes: `InvalidClientTokenError`
and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN`
cases respectively - and an `InvalidClientCredentialsError` base class for the
two of them.
|
|
|
|
|
|
|
|
| |
Nothing uses this now, so we can remove the dead code, and clean up the
API.
Since we're changing the shape of the return value anyway, we take the
opportunity to give the method a better name.
|
|
|
|
|
|
|
|
| |
* Factor out some redundant code in the login impl
Also fixes a redundant access_token which was generated during jwt login.
* changelog
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* SAML2 Improvements and redirect stuff
Signed-off-by: Alexander Trost <galexrt@googlemail.com>
* Code cleanups and simplifications.
Also: share the saml client between redirect and response handlers.
* changelog
* Revert redundant changes to static js
* Move all the saml stuff out to a centralised handler
* Add support for tracking SAML2 sessions.
This allows us to correctly handle `allow_unsolicited: False`.
* update sample config
* cleanups
* update sample config
* rename BaseSSORedirectServlet for consistency
* Address review comments
|
| |\ |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | | |
Also: share the saml client between redirect and response handlers.
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Alexander Trost <galexrt@googlemail.com>
|
| |_|_|/
|/| | |
| | | |
| | | | |
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Fix JWT login with register
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Add pyjwt conditional dependency
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Added changelog file
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* Improved changelog description
Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
|
| | | |
|
| |/
|/| |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
This fixes a bug which were causing the "event_format" field to be
ignored in the filter of requests to the `/messages` endpoint of the
CS API.
Signed-off-by: Eisha Chen-yen-su <chenyensu0@gmail.com>
|
|\
| |
| | |
Show correct error when logging out and access token is missing
|
| |
| |
| |
| | |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| |
| |
| |
| | |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
| |
| |
| |
| | |
Signed-off-by: Aaron Raimist <aaron@raim.ist>
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CS API (#5083)
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
|
|
|
|
| |
It doesn't really belong under rest/client/v1 any more.
|
| |
|
| |
|
|\
| |
| |
| | |
babolivier/account_expiration
|
| |
| |
| |
| |
| |
| |
| | |
This is an undocumented variable in twisted, and relies on the servlet
being mounted in the right way.
This also breaks getting push rules on workers.
|
| | |
|
| | |
|
| | |
|
| |
| |
| | |
Remove presence list support as per MSC 1819
|
| |
| |
| |
| | |
Remove log line for password.
|
|/ |
|
|
|
|
|
| |
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
|
| |
|
| |
|
| |
|
|
|
| |
Add two ratelimiters on login (per-IP address and per-userID).
|
|
|
|
|
|
|
|
| |
Currently the explanation message is sent to the abuse room before any
users are forced joined, which means it tends to get lost in the backlog
of joins.
So instead we send the message *after* we've forced joined everyone.
|
|
|
|
|
| |
This is required because the 'Server' HTTP header is not always
passed through proxies.
|
|
|
|
|
|
|
|
|
|
| |
* Move RegistrationHandler init to HomeServer
* Move post registration actions to RegistrationHandler
* Add post regisration replication endpoint
* Newsfile
|
| |
|
| |
|
|
|
|
| |
... as per MSC1730.
|
|
|
|
|
|
| |
Allow for the creation of a support user.
A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
|
|
|
|
|
| |
When we register a new user from SAML2 data, initialise their displayname
correctly.
|
|
|
|
| |
This is mostly factoring out the post-CAS-login code to somewhere we can reuse
it for other SSO flows, but it also fixes the userid mapping while we're at it.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Rip out half-implemented m.login.saml2 support
This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
* drop undocumented dependency on dateutil
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up the CSS for the fallback login form
I was finding this hard to work with, so simplify a bunch of things. Each
flow is now a form inside a div of class login_flow.
The login_flow class now has a fixed width, as that looks much better than each
flow having a differnt width.
* Support m.login.sso
MSC1721 renames m.login.cas to m.login.sso. This implements the change
(retaining support for m.login.cas for older clients).
* changelog
|
|
|
|
|
|
|
|
| |
Currently when fetching state groups from the data store we make two
hits two the database: once for members and once for non-members (unless
request is filtered to one or the other). This adds needless load to the
datbase, so this PR refactors the lookup to make only a single database
hit.
|
| |
|
|\
| |
| | |
fix VOIP crashes under Python 3
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Older identity servers may not support the unbind 3pid request, so we
shouldn't fail the requests if we received one of 400/404/501. The
request still fails if we receive e.g. 500 responses, allowing clients
to retry requests on transient identity server errors that otherwise do
support the API.
Fixes #3661
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that the user has permission to view the requeseted event for
/event/{eventId} and /room/{roomId}/event/{eventId} requests.
Also check that the event is in the given room for
/room/{roomId}/event/{eventId}, for sanity.
|
|\ \
| | |
| | | |
return 404 if room not found
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Per the Client-Server API[0] we should return
`M_NOT_FOUND` if the room isn't found instead
of generic SynapseError.
This ensures that /directory/list API returns
404 for room not found instead of 400.
[0]: https://matrix.org/docs/spec/client_server/unstable.html#get-matrix-client-r0-directory-list-room-roomid
Signed-off-by: Serban Constantin <serban.constantin@gmail.com>
|
|/ / |
|
| |
| |
| | |
make /context lazyload & filter aware.
|
|\ \
| | |
| | |
| | | |
erikj/client_apis_move
|
| | | |
|
| |/ |
|
| |
| |
| |
| | |
This is in preparation for moving GET /context/ to a worker
|
|/
|
|
|
| |
This will let us call the read only parts from workers, and so be able
to move some APIs off of master, e.g. the `/state` API.
|
| |
|
| |
|
|\
| |
| | |
Use parse and asserts from http.servlet
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
the method "assert_params_in_request" does handle dicts and not
requests. A request body has to be parsed to json before this method
can be used
|
| |
| |
| |
| |
| |
| |
| | |
parse_integer and parse_string can take a request and raise errors
in case we have wrong or missing params.
This PR tries to use them more to deduplicate some code and make it
better readable
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
matrix-org/rav/erasure_visibility""
This reverts commit 1d009013b3c3e814177afc59f066e02a202b21cd.
|
|
|
|
|
| |
This reverts commit ce0d911156b355c5bf452120bfb08653dad96497, reversing
changes made to b4a5d767a94f1680d07edfd583aae54ce422573e.
|
|\
| |
| | |
Support hiding events from deleted users
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
| |
This got completely broken in 0.30.
Fixes #3300.
|
|
|
|
|
|
| |
plus a bonus b"" string I missed last time
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|\
| |
| | |
Make purge_history operate on tokens
|
| |
| |
| |
| | |
As we're soon going to change how topological_ordering works
|
|/
|
|
|
|
|
| |
Handlers is deprecated nowadays, so let's move this out before I add a new
dependency on it.
Also fix the docstrings on create_room.
|
|
|
|
|
|
|
|
|
|
|
|
| |
(instead of everywhere that writes a response. Or rather, the subset of places
which write responses where we haven't forgotten it).
This also means that we don't have to have the mysterious version_string
attribute in anything with a request handler.
Unfortunately it does mean that we have to pass the version string wherever we
instantiate a SynapseSite, which has been c&ped 150 times, but that is code
that ought to be cleaned up anyway really.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This closes #2602
v1auth was created to account for the differences in status code between
the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid
tokens). However since those protocols were merged, this makes the r0
version/endpoint internally inconsistent, and violates the
specification for the r0 endpoint.
This might break clients that rely on this inconsistency with the
specification. This is said to affect the legacy angular reference
client. However, I feel that restoring parity with the spec is more
important. Either way, it is critical to inform developers about this
change, in case they rely on the illegal behaviour.
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
| |
|
|\
| |
| | |
Construct HMAC as bytes on py3
|
| |
| |
| |
| | |
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|/
|
|
|
|
| |
The imports were shuffled around a bunch in py3
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|\
| |
| | |
Limit concurrent event sends for a room
|
| | |
|
|\ \
| | |
| | | |
Add b prefixes to some strings that are bytes in py3
|
| | |
| | |
| | |
| | |
| | |
| | | |
This has no effect on python2
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|\ \ \
| |_|/
|/| | |
Return 401 for invalid access_token on logout
|
| | |
| | |
| | |
| | | |
Signed-off-by: Duncan Klug <dklug@ucmerced.edu>
|
|\ \ \
| |_|/
|/| | |
Add room_id to the response of `rooms/{roomId}/join`
|
| | |
| | |
| | |
| | | |
Fixes #2349
|
|\ \ \
| |/ /
|/| | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Due to the order we register the REST handlers `/forget` was handled by
the correct handler.
|
| | |
| | |
| | |
| | | |
Make the purge request return quickly, and allow scripts to poll for updates.
|
| |/
|/| |
|
| | |
|
|\ \
| | |
| | | |
Create a worker for event creation
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
* It's supposed to be purge_local_events, not ..._history
* Fix the doc to have valid json
|
|\ \ \
| |/ /
|/| | |
delete_local_events for purge_room_history
|
| | |
| | |
| | |
| | | |
Add a flag which makes the purger delete local events
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | | |
blindly implement ?ts for AS. untested
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
|
| |/ / |
|
|/ /
| |
| |
| |
| | |
This is intended to be used by administrators to monitor the media that is passing through their server, if they wish.
Signed-off-by: Travis Ralston <travpc@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Turns out that there is a valid usecase for retrieving event by id (notably
having received a push), but event ids should be scoped to room, so /event/{id}
is wrong.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that we delete devices whenever a user is logged out due to any of
the following situations:
* /logout
* /logout_all
* change password
* deactivate account (by the user or by an admin)
* invalidate access token from a dynamic module
Fixes #2672.
|
|
|
|
|
|
| |
Non-functional refactoring to move set_password. This means that we'll be able
to properly deactivate devices and access tokens without introducing a
dependency loop.
|
|
|
|
|
|
| |
Non-functional refactoring to move deactivate_account. This means that we'll be
able to properly deactivate devices and access tokens without introducing a
dependency loop.
|
| |
|
|
|
|
| |
... so that they have a way to record access tokens.
|
|\
| |
| |
| | |
rav/refactor_accesstoken_delete
|
| |\
| | |
| | | |
Break dependency of auth_handler on device_handler
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.
It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
|
| | | |
|
| |/
| |
| |
| | |
Carefully though, to avoid logging passwords
|
|/
|
|
|
|
|
| |
Also move duplicated deactivation code into the auth handler.
I want to add some hooks when we deactivate an access token, so let's bring it
all in here so that there's somewhere to put it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm going to need some more flexibility in handling login types in password
auth providers, so as a first step, move some stuff from LoginRestServlet into
AuthHandler.
In particular, we pass everything other than SAML, JWT and token logins down to
the AuthHandler, which now has responsibility for checking the login type and
fishing the password out of the login dictionary, as well as qualifying the
user_id if need be. Ideally SAML, JWT and token would go that way too, but
there's no real need for it right now and I'm trying to minimise impact.
This commit *should* be non-functional.
|
|
|
|
| |
what could possibly go wrong
|
|
|
|
|
| |
It just calls the constructor, so we may as well kill it rather than having
random codepaths.
|
|\ |
|
| | |
|
| | |
|
|\| |
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
| |
Since we didn't instansiate the PusherPool at start time it could fail
at run time, which it did for some users.
This may or may not fix things for those users, but it should happen at
start time and stop the server from starting.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Check that requested room_id exists
|
| | |
|
|/
|
|
|
|
|
|
| |
The _get_joined_users_from_context cache stores a mapping from user_id
to avatar_url and display_name. Instead of storing those in a dict,
store them in a namedtuple as that uses much less memory.
We also try converting the string to ascii to further reduce the size.
|
|\
| |
| | |
add setting (on by default) to support TURN for guests
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Handle PartialDownloadError in CAS login
|
| | |
|
|/
|
|
| |
Changes from https://github.com/matrix-org/synapse/pull/1971
|
| |
|
| |
|
| |
|
|
|
|
| |
Plus a couple of other minor fixes
|
| |
|
|
|
|
| |
https://docs.google.com/document/d/1-6ZSSW5YvCGhVFDyD2QExAUAdpCWjccvJT5xiyTTG2Y/edit#
|
| |
|
|
|
|
|
|
| |
We somehow specced APIs with reason strings, preserve the content
in the events and even have the clients display them, but failed
to actually pass the parameter through to the event content.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
administrators can now:
- Set displayname of users
- Update user avatars
- Search for users by user_id
- Browse all users in a paginated API
- Reset user passwords
- Deactivate users
Helpers for doing paginated queries has also been added to storage
Signed-off-by: Morteza Araby <morteza.araby@ericsson.com>
|
|
|
|
|
|
| |
This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.
|
|
|
|
|
| |
It makes it possible to use a turn server that needs a username and
password instead of a token.
|
|
|
|
|
| |
Since we store all emails in the DB in lowercase
(https://github.com/matrix-org/synapse/pull/1170)
|
| |
|
|\
| |
| | |
Add new API appservice specific public room list
|
| | |
|
| |
| |
| |
| |
| |
| | |
This returns the currently joined members in the room with their display
names and avatar urls. This is more efficient than /members for large
rooms where you don't need the full events.
|
|/ |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.
Let's move in the right direction by not lying in our caveats.
|
|/
|
|
|
|
|
| |
Since we're not doing refresh tokens any more, we should start killing off the
dead code paths. /tokenrefresh itself is a bit of a thornier subject, since
there might be apps out there using it, but we can at least not generate
refresh tokens on new logins.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a race whereby:
- User hits an endpoint.
- No cached transaction so executes main code.
- User hits same endpoint.
- No cache transaction so executes main code.
- Main code finishes executing and caches response and returns.
- Main code finishes executing and caches response and returns.
This race is common in the wild when Synapse is struggling under load.
This commit fixes the race by:
- User hits an endpoint.
- Caches the promise to execute the main code and executes main code.
- User hits same endpoint.
- Yields on the same promise as the first request.
- Main code finishes executing and returns, unblocking both requests.
|
|
|
|
| |
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
|
|
|
|
| |
synchronous
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Redirect to CAS's /login endpoint properly, and
don't require an <attributes> element.
Signed-off-by: Shell Turner <cam.turn@gmail.com>
|
|\
| |
| | |
Add helper function for getting access_tokens from requests
|
| |
| |
| |
| |
| |
| | |
Rather than reimplementing the token parsing in the various places.
This will make it easier to change the token parsing to allow access_tokens
in HTTP headers.
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
| |
It was always intended to allow custom keys on the join event, but this has
at some point been lost. Restore it.
If the user specifies keys like "avatar_url" then they will be clobbered.
|
| |
|
|
|
|
|
|
| |
hs.get_handlers() can not be invoked from split out processes. Moving
the invocations down a level means that we can slowly split out
individual servlets.
|
|\
| |
| | |
Clean up CAS login code
|
| |
| |
| |
| |
| |
| |
| | |
Remove some apparently unused code.
Clean up parse_cas_response, mostly to catch the exception if the CAS response
isn't valid XML.
|
|/
|
|
| |
Attempting to log in with CAS was giving a 500 error.
|
| |
|
|\
| |
| | |
Type annotations
|
| |
| |
| |
| |
| | |
Add some type annotations to help PyCharm (in particular) to figure out the
types of a bunch of things.
|
|\ \
| | |
| | | |
Further registration refactoring
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* `RegistrationHandler.appservice_register` no longer issues an access token:
instead it is left for the caller to do it. (There are two of these, one in
`synapse/rest/client/v1/register.py`, which now simply calls
`AuthHandler.issue_access_token`, and the other in
`synapse/rest/client/v2_alpha/register.py`, which is covered below).
* In `synapse/rest/client/v2_alpha/register.py`, move the generation of
access_tokens into `_create_registration_details`. This means that the normal
flow no longer needs to call `AuthHandler.issue_access_token`; the
shared-secret flow can tell `RegistrationHandler.register` not to generate a
token; and the appservice flow continues to work despite the above change.
|
|\ \
| |/
|/| |
Feature: Add filter to /messages. Add 'contains_url' to filter.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a 'devices' table to the storage, as well as a 'device_id' column to
refresh_tokens.
Allow the client to pass a device_id, and initial_device_display_name, to
/login. If login is successful, then register the device in the devices table
if it wasn't known already. If no device_id was supplied, make one up.
Associate the device_id with the access token and refresh token, so that we can
get at it again later. Ensure that the device_id is copied from the refresh
token to the access_token when the token is refreshed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that we have the canonical user_id *before* calling
get_login_tuple_for_user_id.
Replace login_with_password with a method which just validates the password,
and have the caller call get_login_tuple_for_user_id. This brings the password
flow into line with the other flows, and will give us a place to register the
device_id if necessary.
|
|/ |
|
| |
|
|\ |
|
| | |
|
| | |
|