summary refs log tree commit diff
path: root/synapse/rest/client/v2_alpha/account.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Improve performance of the register endpoint (#8009)Patrick Cloke2020-08-061-26/+60
|
* Fix inconsistent handling of upper and lower cases of email addresses. (#7021)Dirk Klimpel2020-07-031-9/+31
| | | fixes #7016
* Merge branch 'master' into developPatrick Cloke2020-07-021-9/+7
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-021-9/+7
| |
* | Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-161-3/+2
|/
* Enable 3PID add/bind/unbind endpoints on r0 routesBrendan Abolivier2020-06-151-3/+3
|
* Hash passwords earlier in the password reset process (#7538)Patrick Cloke2020-05-201-3/+18
| | | | This now matches the logic of the registration process as modified in 56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
* Revert "Revert "Merge pull request #7315 from ↵Brendan Abolivier2020-04-231-1/+16
| | | | | | matrix-org/babolivier/request_token"" This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
* Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-011-3/+16
|
* Add options to prevent users from changing their profile. (#7096)Dirk Klimpel2020-03-271-0/+16
|
* Validate that the session is not modified during UI-Auth (#7068)Patrick Cloke2020-03-261-4/+7
|
* Add an option to the set password API to choose whether to logout other ↵Patrick Cloke2020-03-181-1/+4
| | | | devices. (#7085)
* Revert "Add options to disable setting profile info for prevent changes. ↵Richard van der Hoff2020-03-171-16/+0
| | | | | | | (#7053)" This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
* updates after reviewdklimpel2020-03-091-6/+12
|
* add disable_3pid_changesdklimpel2020-03-081-0/+10
|
* Validate client_secret parameter (#6767)Andrew Morgan2020-01-241-5/+18
|
* Port rest.client.v2Erik Johnston2019-12-051-68/+51
|
* Add User-Interactive Auth to /account/3pid/add (#6119)Andrew Morgan2019-11-291-0/+5
|
* Update black to 19.10b0 (#6304)Amber Brown2019-11-011-2/+2
| | | * update version of black and also fix the mypy config being overridden
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-7/+7
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Kill off half-implemented password-reset via sms (#6101)Richard van der Hoff2019-09-261-64/+1
| | | | | | | Doing a password reset via SMS has never worked, and in any case is a silly idea because msisdn recycling is a thing. See also matrix-org/matrix-doc#2303.
* Add POST submit_token endpoint for MSISDN (#6078)Andrew Morgan2019-09-231-2/+45
| | | First part of solving #6076
* Implement MSC2290 (#6043)Andrew Morgan2019-09-231-72/+89
| | | | | | | Implements MSC2290. This PR adds two new endpoints, /unstable/account/3pid/add and /unstable/account/3pid/bind. Depending on the progress of that MSC the unstable prefix may go away. This PR also removes the blacklist on some 3PID tests which occurs in #6042, as the corresponding Sytest PR changes them to use the new endpoints. Finally, it also modifies the account deactivation code such that it doesn't just try to deactivate 3PIDs that were bound to the user's account, but any 3PIDs that were bound through the homeserver on that user's account.
* Allow HS to send emails when adding an email to the HS (#6042)Andrew Morgan2019-09-201-36/+216
|
* Remove trailing slash ability from password reset's submit_token endpoint ↵Andrew Morgan2019-09-201-1/+1
| | | | | (#6074) Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
* Drop support for bind param on POST /account/3pid (MSC2290) (#6067)Andrew Morgan2019-09-201-4/+0
| | | As per [MSC2290](https://github.com/matrix-org/matrix-doc/pull/2290/files#diff-05cde9463e9209b701312b3baf2fb2ebR151), we're dropping the bind parameter from `/account/3pid`. This endpoint can now only be used for adding threepid's to the user's account on the homeserver.
* Use unstable prefix for 3PID unbind API (#6062)J. Ryan Stinnett2019-09-191-1/+1
|
* Remove POST method from password reset submit_token endpoint (#6056)Andrew Morgan2019-09-191-17/+0
| | | Removes the POST method from `/password_reset/<medium>/submit_token/` as it's only used by phone number verification which Synapse does not support yet.
* Add changelogAndrew Morgan2019-09-101-1/+1
|
* Use account_threepid_delegate for 3pid validationAndrew Morgan2019-09-101-1/+2
|
* Apply suggestions from code reviewAndrew Morgan2019-09-061-1/+1
| | | Co-Authored-By: Erik Johnston <erik@matrix.org>
* Fix destructuring assumption bugAndrew Morgan2019-09-061-1/+1
|
* Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-061-144/+116
| | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* Switch to using v2 Identity Service APIs other than lookup (MSC 2140) (#5892)Andrew Morgan2019-09-051-6/+7
|
* Add POST /_matrix/client/r0/account/3pid/unbind (MSC2140) (#5980)Andrew Morgan2019-09-051-0/+33
| | | Implements `POST /_matrix/client/r0/account/3pid/unbind` from [MSC2140](https://github.com/matrix-org/matrix-doc/blob/dbkr/tos_2/proposals/2140-terms-of-service-2.md#post-_matrixclientr0account3pidunbind).
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-12/+12
| | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :)
* Fix up password reset template config names (#5863)Andrew Morgan2019-08-151-2/+2
| | | | | Fixes #5833 The emailconfig code was attempting to pull incorrect config file names. This corrects that, while also marking a difference between a config file variable that's a filepath versus a str containing HTML.
* Replace returnValue with return (#5736)Amber Brown2019-07-231-16/+16
|
* Run Black. (#5482)Amber Brown2019-06-201-114/+76
|
* Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2019-06-111-4/+5
|\
| * Change password reset links to /_matrix.Erik Johnston2019-06-111-4/+5
| |
* | Don't warn user about password reset disabling through config code (#5387)Andrew Morgan2019-06-111-4/+15
|/ | | | | | | Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen? Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense. Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
* Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-5/+238
| | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* Unify v1 and v2 REST client APIs (#5226)Amber Brown2019-06-031-10/+10
|
* Add unbind API to /r0 as it is now stabalisedErik Johnston2019-04-011-1/+1
|
* Allowing specifying IS to use in unbind API.Erik Johnston2019-04-011-1/+2
| | | | | | | | | | By default the homeserver will use the identity server used during the binding of the 3PID to unbind the 3PID. However, we need to allow clients to explicitly ask the homeserver to unbind via a particular identity server, for the case where the 3PID was bound out of band from the homeserver. Implements MSC915.
* improve human readable error messagesNeil Johnson2018-09-041-4/+12
|
* Don't fail requests to unbind 3pids for non supporting ID serversErik Johnston2018-08-081-4/+18
| | | | | | | | | | Older identity servers may not support the unbind 3pid request, so we shouldn't fail the requests if we received one of 400/404/501. The request still fails if we receive e.g. 500 responses, allowing clients to retry requests on transient identity server errors that otherwise do support the API. Fixes #3661
* Merge pull request #3534 from krombel/use_parse_and_asserts_from_servletAmber Brown2018-07-141-34/+12
|\ | | | | Use parse and asserts from http.servlet
| * rename assert_params_in_request to assert_params_in_dictKrombel2018-07-131-7/+7
| | | | | | | | | | | | the method "assert_params_in_request" does handle dicts and not requests. A request body has to be parsed to json before this method can be used
| * Use parse_{int,str} and assert from http.servletKrombel2018-07-131-31/+9
| | | | | | | | | | | | | | parse_integer and parse_string can take a request and raise errors in case we have wrong or missing params. This PR tries to use them more to deduplicate some code and make it better readable
* | Make auth & transactions more testable (#3499)Amber Brown2018-07-141-2/+1
|/
* run isortAmber Brown2018-07-091-1/+4
|
* Revert "Revert "Merge pull request #3431 from ↵Erik Johnston2018-06-251-2/+11
| | | | | | matrix-org/rav/erasure_visibility"" This reverts commit 1d009013b3c3e814177afc59f066e02a202b21cd.
* Revert "Merge pull request #3431 from matrix-org/rav/erasure_visibility"Richard van der Hoff2018-06-221-11/+2
| | | | | This reverts commit ce0d911156b355c5bf452120bfb08653dad96497, reversing changes made to b4a5d767a94f1680d07edfd583aae54ce422573e.
* Merge pull request #3431 from matrix-org/rav/erasure_visibilityErik Johnston2018-06-221-2/+11
|\ | | | | Support hiding events from deleted users
| * mark accounts as erased when requestedRichard van der Hoff2018-06-121-2/+11
| |
* | Remove run_on_reactor (#3395)Amber Brown2018-06-141-7/+0
|/
* pep8David Baker2018-05-241-1/+1
|
* Unbind 3pids when they're deleted tooDavid Baker2018-05-241-3/+10
|
* trailing commasMatthew Hodgson2018-01-191-4/+4
|
* rewrite based on PR feedback:Matthew Hodgson2018-01-191-1/+2
| | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
* fix up v1, and improve errorsMatthew Hodgson2018-01-191-4/+12
|
* add registrations_require_3pidMatthew Hodgson2018-01-191-1/+13
| | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
* Factor out a validate_user_via_ui_auth methodRichard van der Hoff2017-12-051-60/+47
| | | | Collect together all the places that validate a logged-in user via UI auth.
* Refactor UI auth implementationRichard van der Hoff2017-12-051-9/+5
| | | | | Instead of returning False when auth is incomplete, throw an exception which can be caught with a wrapper.
* Move set_password into its own handlerRichard van der Hoff2017-11-291-1/+2
| | | | | | Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Move deactivate_account into its own handlerRichard van der Hoff2017-11-291-3/+4
| | | | | | Non-functional refactoring to move deactivate_account. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Remove redundent callTravis Ralston2017-11-131-2/+0
| | | Signed-off-by: Travis Ralston <travpc@gmail.com>
* Add a route for determining who you areTravis Ralston2017-11-121-0/+17
| | | | | Useful for applications which may have an access token, but no idea as to who owns it. Signed-off-by: Travis Ralston <travpc@gmail.com>
* Move access token deletion into auth handlerRichard van der Hoff2017-11-011-11/+4
| | | | | | | Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it.
* Allow ASes to deactivate their own usersRichard van der Hoff2017-10-271-16/+32
|
* Fix token request for addition of phone numbersDavid Baker2017-03-231-1/+1
|
* Support registration / login with phone numberDavid Baker2017-03-131-20/+94
| | | | Changes from https://github.com/matrix-org/synapse/pull/1971
* Revert "Support registration & login with phone number"Erik Johnston2017-03-131-94/+20
|
* pep8David Baker2017-03-081-1/+1
|
* Pull out datastore in initialiserDavid Baker2017-03-081-5/+10
|
* Refector out assert_params_in_requestDavid Baker2017-03-081-19/+9
| | | | and replace requestEmailToken where we meant requestMsisdnToken
* Factor out msisdn canonicalisationDavid Baker2017-03-081-18/+3
| | | | Plus a couple of other minor fixes
* Fix pep8David Baker2017-03-081-2/+2
|
* WIP support for msisdn 3pid proxy methodsDavid Baker2017-02-141-8/+102
|
* Lowercase all email addresses before querying dbDavid Baker2017-01-181-0/+5
| | | | | Since we store all emails in the DB in lowercase (https://github.com/matrix-org/synapse/pull/1170)
* Add /account/3pid/delete endpointDavid Baker2016-12-201-1/+35
| | | | Also fix a typo in a comment
* Add hs objectErik Johnston2016-07-141-0/+1
|
* Only accept password authErik Johnston2016-07-141-12/+0
|
* Add an /account/deactivate endpointErik Johnston2016-07-141-0/+55
|
* be more pythonicDavid Baker2016-07-121-1/+1
|
* on_OPTIONS isn't neccessaryDavid Baker2016-07-121-7/+1
|
* Remove other debug loggingDavid Baker2016-07-121-2/+0
|
* Separate out requestTokens to separate handlersDavid Baker2016-07-111-37/+56
|
* Oops, remove debug loggingDavid Baker2016-07-111-4/+0
|
* Implement https://github.com/matrix-org/matrix-doc/pull/346/filesDavid Baker2016-07-081-0/+59
|
* Split out the auth handlerDavid Baker2016-06-021-2/+2
|
* Fix password resetDavid Baker2016-04-291-0/+1
| | | | Default requester to None, otherwise it isn't defined when resetting using email auth
* take extra return val from check_auth in account tooDavid Baker2016-03-161-1/+1
|
* Fix cache invalidation so deleting access tokens (which we did when changing ↵David Baker2016-03-111-1/+1
| | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54
* Add a parse_json_object functionMark Haines2016-03-091-4/+4
| | | | | to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions.
* Allow three_pid_creds as well as threePidCreds in /account/3pidMark Haines2016-01-291-2/+3
|
* Fix change_passwordErik Johnston2016-01-201-3/+2
|
* Introduce a Requester objectDaniel Wagner-Hall2016-01-111-9/+11
| | | | | | | | | This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up.
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Update endpoints to reflect current specDaniel Wagner-Hall2015-12-021-2/+2
|
* Host /unstable and /r0 versions of r0 APIsDaniel Wagner-Hall2015-12-011-3/+3
|
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-3/+3
| | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.
* Merge pull request #274 from matrix-org/add_threepid_fixDavid Baker2015-09-101-0/+1
|\ | | | | Fix adding threepids to an existing account
| * Fix adding threepids to an existing accountDavid Baker2015-09-101-0/+1
| |
* | Remove completely unused concepts from codebaseDaniel Wagner-Hall2015-08-251-2/+2
|/ | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly.
* Remove spurious extra arg to set_passwordDavid Baker2015-08-201-1/+1
|
* Simplify LoginHander and AuthHandlerDaniel Wagner-Hall2015-08-121-5/+3
| | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly
* user_id now in user_threepidsDavid Baker2015-05-011-3/+3
|
* pep8David Baker2015-04-271-1/+2
|
* logging argsDavid Baker2015-04-271-2/+2
|
* More underscoresDavid Baker2015-04-241-2/+2
|
* Dedicated error code for failed 3pid auth verificationDavid Baker2015-04-231-1/+3
|
* Password reset, finally.David Baker2015-04-171-5/+16
|
* Add endpoint to get threepids from serverDavid Baker2015-04-171-0/+12
|
* make add3pid servlet workDavid Baker2015-04-171-0/+38
|
* just the once would probably be fineDavid Baker2015-04-171-1/+0
|
* Register the 3pid servletDavid Baker2015-04-171-1/+3
|
* password -> account servlet and add start of an 'add 3pid' endpointDavid Baker2015-04-171-0/+94
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-02 02:49:08 +0000