summary refs log tree commit diff
path: root/synapse/rest/client/v2_alpha (follow)
Commit message (Collapse)AuthorAgeFilesLines
* initial cut at a room summary API (#3574)Matthew Hodgson2018-08-161-0/+1
|
* Don't fail requests to unbind 3pids for non supporting ID serversErik Johnston2018-08-081-4/+18
| | | | | | | | | | Older identity servers may not support the unbind 3pid request, so we shouldn't fail the requests if we received one of 400/404/501. The request still fails if we receive e.g. 500 responses, allowing clients to retry requests on transient identity server errors that otherwise do support the API. Fixes #3661
* Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-6/+6
|
* Refactor REST API tests to use explicit reactors (#3351)Amber Brown2018-07-171-1/+1
|
* check isort by travisKrombel2018-07-161-1/+1
|
* Merge pull request #3534 from krombel/use_parse_and_asserts_from_servletAmber Brown2018-07-144-59/+40
|\ | | | | Use parse and asserts from http.servlet
| * rename assert_params_in_request to assert_params_in_dictKrombel2018-07-134-16/+16
| | | | | | | | | | | | the method "assert_params_in_request" does handle dicts and not requests. A request body has to be parsed to json before this method can be used
| * Use parse_{int,str} and assert from http.servletKrombel2018-07-133-51/+32
| | | | | | | | | | | | | | parse_integer and parse_string can take a request and raise errors in case we have wrong or missing params. This PR tries to use them more to deduplicate some code and make it better readable
* | Make auth & transactions more testable (#3499)Amber Brown2018-07-143-6/+4
|/
* Merge branch 'develop' into rav/enforce_report_apiRichard van der Hoff2018-07-1217-85/+98
|\
| * run isortAmber Brown2018-07-0917-68/+74
| |
| * Attempt to be more performant on PyPy (#3462)Amber Brown2018-06-281-1/+1
| |
| * Revert "Revert "Merge pull request #3431 from ↵Erik Johnston2018-06-251-2/+11
| | | | | | | | | | | | matrix-org/rav/erasure_visibility"" This reverts commit 1d009013b3c3e814177afc59f066e02a202b21cd.
| * Revert "Merge pull request #3431 from matrix-org/rav/erasure_visibility"Richard van der Hoff2018-06-221-11/+2
| | | | | | | | | | This reverts commit ce0d911156b355c5bf452120bfb08653dad96497, reversing changes made to b4a5d767a94f1680d07edfd583aae54ce422573e.
| * Merge pull request #3431 from matrix-org/rav/erasure_visibilityErik Johnston2018-06-221-2/+11
| |\ | | | | | | Support hiding events from deleted users
| | * mark accounts as erased when requestedRichard van der Hoff2018-06-121-2/+11
| | |
| * | Remove run_on_reactor (#3395)Amber Brown2018-06-142-10/+0
| |/
| * pep8David Baker2018-05-241-1/+1
| |
| * Unbind 3pids when they're deleted tooDavid Baker2018-05-241-3/+10
| |
* | Enforce the specified API for report_eventRichard van der Hoff2018-05-311-2/+23
|/ | | | | as per https://matrix.org/docs/spec/client_server/unstable.html#post-matrix-client-r0-rooms-roomid-report-eventid
* Stub out ServerNoticesSender on the workersRichard van der Hoff2018-05-221-0/+4
| | | | | ... and have the sync endpoints call it directly rather than obsure indirection via PresenceHandler
* Set Server header in SynapseRequestRichard van der Hoff2018-05-101-2/+0
| | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really.
* notifications: Convert next_token to string according to the specKonstantinos Sideris2018-05-051-1/+1
| | | | | | Currently the parameter is serialized as an integer. Signed-off-by: Konstantinos Sideris <sideris.konstantin@gmail.com>
* Construct HMAC as bytes on py3Adrian Tschira2018-04-291-4/+6
| | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* Merge pull request #2996 from krombel/allow_auto_join_roomsRichard van der Hoff2018-04-101-32/+0
|\ | | | | move handling of auto_join_rooms to RegisterHandler
| * Merge branch 'develop' of into allow_auto_join_roomsKrombel2018-03-281-1/+1
| |\
| * | move handling of auto_join_rooms to RegisterHandlerKrombel2018-03-141-32/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the handling of auto_join_rooms only works when a user registers itself via public register api. Registrations via registration_shared_secret and ModuleApi do not work This auto_joins the users in the registration handler which enables the auto join feature for all 3 registration paths. This is related to issue #2725 Signed-Off-by: Matthias Kesler <krombel@krombel.de>
* | | Use "/settings/" (plural)Luke Barnard2018-04-051-1/+1
| | |
* | | Use join_policy API instead of joinableLuke Barnard2018-04-031-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The API is now under /groups/$group_id/setting/m.join_policy and expects a JSON blob of the shape ```json { "m.join_policy": { "type": "invite" } } ``` where "invite" could alternatively be "open".
* | | This should probably be a PUTDavid Baker2018-03-281-1/+1
| | |
* | | Add joinability for groupsDavid Baker2018-03-281-0/+28
| |/ |/| | | | | | | Adds API to set the 'joinable' flag, and corresponding flag in the table.
* | Replace some ujson with simplejson to make it workErik Johnston2018-03-161-1/+1
|/
* Move RoomMemberHandler out of HandlersErik Johnston2018-03-011-1/+1
|
* fix thinko on 3pid whitelistingMatthew Hodgson2018-01-241-2/+2
|
* fix typo (thanks sytest)Matthew Hodgson2018-01-191-1/+1
|
* oops, check all login typesMatthew Hodgson2018-01-191-14/+11
|
* trailing commasMatthew Hodgson2018-01-192-7/+7
|
* rewrite based on PR feedback:Matthew Hodgson2018-01-193-63/+36
| | | | | | | | | * [ ] split config options into allowed_local_3pids and registrations_require_3pid * [ ] simplify and comment logic for picking registration flows * [ ] fix docstring and move check_3pid_allowed into a new util module * [ ] use check_3pid_allowed everywhere @erikjohnston PTAL
* fix up v1, and improve errorsMatthew Hodgson2018-01-192-8/+24
|
* fix pep8Matthew Hodgson2018-01-191-2/+1
|
* add registrations_require_3pidMatthew Hodgson2018-01-193-13/+96
| | | | | lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
* Fix error when deleting devicesRichard van der Hoff2017-12-051-1/+1
| | | | This was introduced in d7ea8c4 / PR #2728
* Factor out a validate_user_via_ui_auth methodRichard van der Hoff2017-12-052-74/+59
| | | | Collect together all the places that validate a logged-in user via UI auth.
* Refactor UI auth implementationRichard van der Hoff2017-12-054-27/+51
| | | | | Instead of returning False when auth is incomplete, throw an exception which can be caught with a wrapper.
* Move set_password into its own handlerRichard van der Hoff2017-11-291-1/+2
| | | | | | Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Move deactivate_account into its own handlerRichard van der Hoff2017-11-291-3/+4
| | | | | | Non-functional refactoring to move deactivate_account. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop.
* Allow guest access to group APIs for readingLuke Barnard2017-11-281-11/+11
|
* Remove redundent callTravis Ralston2017-11-131-2/+0
| | | Signed-off-by: Travis Ralston <travpc@gmail.com>
* Add a route for determining who you areTravis Ralston2017-11-121-0/+17
| | | | | Useful for applications which may have an access token, but no idea as to who owns it. Signed-off-by: Travis Ralston <travpc@gmail.com>
* Add some more comments appservice user registrationRichard van der Hoff2017-11-101-1/+4
| | | | Explain why we don't validate userids registered via app services
* Downcase userids for shared-secret registrationRichard van der Hoff2017-11-101-2/+20
|
* Downcase userid on registrationRichard van der Hoff2017-11-091-1/+7
| | | | | | Force username to lowercase before attempting to register https://github.com/matrix-org/synapse/issues/2660
* Register group servletErik Johnston2017-11-091-0/+1
|
* Have an explicit API to update room configErik Johnston2017-11-081-0/+27
|
* Revert "Modify group room association API to allow modification of is_public"Erik Johnston2017-11-081-2/+2
|
* support inhibit_login in /registerRichard van der Hoff2017-11-021-12/+16
| | | | Allow things to pass inhibit_login when registering to ... inhibit logins.
* Merge remote-tracking branch 'origin/develop' into ↵David Baker2017-11-012-3/+2
|\ | | | | | | rav/refactor_accesstoken_delete
| * Merge pull request #2615 from matrix-org/rav/break_auth_device_depDavid Baker2017-11-011-1/+0
| |\ | | | | | | Break dependency of auth_handler on device_handler
| | * Break dependency of auth_handler on device_handlerRichard van der Hoff2017-11-011-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | I'm going to need to make the device_handler depend on the auth_handler, so I need to break this dependency to avoid a cycle. It turns out that the auth_handler was only using the device_handler in one place which was an edge case which we can more elegantly handle by throwing an error rather than fixing it up.
| * | Modify group room association API to allow modification of is_publicLuke Barnard2017-10-311-2/+2
| |/ | | | | | | also includes renamings to make things more consistent.
* / Move access token deletion into auth handlerRichard van der Hoff2017-11-011-11/+4
|/ | | | | | | Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it.
* Merge pull request #2591 from matrix-org/rav/device_delete_authRichard van der Hoff2017-10-271-5/+8
|\ | | | | Device deletion: check UI auth matches access token
| * Device deletion: check UI auth matches access tokenRichard van der Hoff2017-10-271-5/+8
| | | | | | | | (otherwise there's no point in the UI auth)
* | Merge pull request #2589 from matrix-org/rav/as_deactivate_accountRichard van der Hoff2017-10-271-16/+32
|\ \ | | | | | | Allow ASes to deactivate their own users
| * | Allow ASes to deactivate their own usersRichard van der Hoff2017-10-271-16/+32
| | |
* | | Merge pull request #2582 from matrix-org/luke/group-is-publicLuke Barnard2017-10-271-40/+53
|\ \ \ | |_|/ |/| | Add is_public to groups table to allow for private groups
| * | delintLuke Barnard2017-10-261-4/+17
| | |
| * | Add is_public to groups table to allow for private groupsLuke Barnard2017-10-261-40/+40
| |/ | | | | | | | | | | Prevent group API access to non-members for private groups Also make all the group code paths consistent with `requester_user_id` always being the User ID of the requesting user.
* | add release endpoints for /thirdpartyKrombel2017-10-261-7/+4
| |
* | register some /unstable endpoints in /r0 as wellKrombel2017-10-264-20/+9
|/
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-233-3/+3
| | | | what could possibly go wrong
* Remove pointless create() methodRichard van der Hoff2017-10-201-1/+1
| | | | | It just calls the constructor, so we may as well kill it rather than having random codepaths.
* Merge pull request #2545 from matrix-org/dbkr/auto_join_roomsDavid Baker2017-10-171-0/+34
|\ | | | | Add config option to auto-join new users to rooms
| * Add config option to auto-join new users to roomsDavid Baker2017-10-161-0/+34
| | | | | | | | | | New users who register on the server will be dumped into all rooms in auto_join_rooms in the config.
* | DelintLuke Barnard2017-10-161-0/+1
| |
* | Implement GET /groups/$groupId/invited_usersLuke Barnard2017-10-161-0/+21
|/
* Add remove room APIErik Johnston2017-09-261-0/+11
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/groups_mergedErik Johnston2017-09-192-6/+5
|\
| * Add left section to /keys/changesErik Johnston2017-09-081-4/+2
| |
| * Send down device list change notif when member leaves/rejoins roomErik Johnston2017-09-071-1/+2
| |
| * Reduce spammy log line in synchrotronsErik Johnston2017-08-021-1/+1
| |
* | FixupErik Johnston2017-08-111-0/+1
| |
* | Add bulk group publicised lookup APIErik Johnston2017-08-091-0/+54
| |
* | Allow update group publicityErik Johnston2017-08-081-0/+28
| |
* | Merge pull request #2378 from matrix-org/erikj/group_sync_supportErik Johnston2017-07-211-0/+5
|\ \ | | | | | | Add groups to sync stream
| * | Add groups to sync streamErik Johnston2017-07-201-0/+5
| | |
* | | Remove spurious content paramErik Johnston2017-07-201-1/+1
| | |
* | | Add update group profile APIErik Johnston2017-07-201-0/+12
|/ /
* | CommentsErik Johnston2017-07-181-1/+3
| |
* | CommentsErik Johnston2017-07-181-103/+48
| |
* | Add local group server supportErik Johnston2017-07-171-0/+642
|/
* split out reducing stuff; just make encode_* staticKrombel2017-07-111-35/+27
|
* fix testKrombel2017-07-101-1/+3
|
* encode sync-response statically; omit empty objects from sync-responseKrombel2017-07-101-33/+48
|
* Include users who share room with requester in user directoryErik Johnston2017-06-151-2/+6
|
* Add commentsErik Johnston2017-05-311-0/+16
|
* Use POSTErik Johnston2017-05-311-1/+1
|
* Add REST APIErik Johnston2017-05-311-0/+59
|
* Add count of one time keys to sync streamErik Johnston2017-05-191-0/+1
|
* Fixed syntax nitsPablo Saavedra2017-05-152-5/+6
|
* Fixed implementation errorsPablo Saavedra2017-05-152-3/+7
| | | | | * Added HS as property in SyncRestServlet * Fixed set_timeline_upper_limit function implementat¡ion
* Configurable maximum number of events requested by /sync and /messages (#2220)Pablo Saavedra2017-05-133-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit. For example, using `filter_timeline_limit: 5000`: POST /_matrix/client/r0/user/user:id/filter { room: { timeline: { limit: 1000000000000000000 } } } GET /_matrix/client/r0/user/user:id/filter/filter:id { room: { timeline: { limit: 5000 } } } The server cuts down the room.timeline.limit.
* Modify register/available to be GET with query paramLuke Barnard2017-05-101-5/+4
| | | | | | | - GET is now the method for register/available - a query parameter "username" is now used Also, empty usernames are now handled with an error message on registration or via register/available: `User ID cannot be empty`
* Change register/available to POST (from GET)Luke Barnard2017-05-101-1/+1
|
* Appease the flake8 godsLuke Barnard2017-05-031-5/+10
|
* Implement username availability checkerLuke Barnard2017-05-031-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Outlined here: https://github.com/vector-im/riot-web/issues/3605#issuecomment-298679388 ```HTTP GET /_matrix/.../register/available { "username": "desiredlocalpart123" } ``` If available, the response looks like ```HTTP HTTP/1.1 200 OK { "available": true } ``` Otherwise, ```HTTP HTTP/1.1 429 { "errcode": "M_LIMIT_EXCEEDED", "error": "Too Many Requests", "retry_after_ms": 2000 } ``` or ```HTTP HTTP/1.1 400 { "errcode": "M_USER_IN_USE", "error": "User ID already taken." } ``` or ```HTTP HTTP/1.1 400 { "errcode": "M_INVALID_USERNAME", "error": "Some reason for username being invalid" } ```
* Comment and remove spurious loggingErik Johnston2017-04-271-1/+0
|
* Fix invite state to always include all eventsErik Johnston2017-04-261-0/+2
|
* m.read_marker -> m.fully_read (#2128)Luke Barnard2017-04-182-5/+5
| | | | | | Also: - change the REST endpoint to have a "S" on the end (so it's now /read_markers) - change the content of the m.read_up_to event to have the key "event_id" instead of "marker".
* More null-guard changesLuke Barnard2017-04-121-4/+4
|
* Remove Unused ref to hsLuke Barnard2017-04-121-1/+0
|
* Move a spaceLuke Barnard2017-04-121-2/+2
|
* flake8Luke Barnard2017-04-112-3/+3
|
* Finish implementing RM endpointLuke Barnard2017-04-112-9/+12
| | | | | - This change causes a 405 to be sent if "m.read_marker" is set via /account_data - This also fixes-up the RM endpoint so that it actually Works.
* Initial commit of RM server-side impllukebarnard2017-04-111-0/+71
| | | | (See https://docs.google.com/document/d/1UWqdS-e1sdwkLDUY0wA4gZyIkRp-ekjsLZ8k6g_Zvso/edit#heading=h.lndohpg8at5u)
* Merge pull request #1986 from matrix-org/matthew/enable_guest_3pErik Johnston2017-03-311-4/+4
|\ | | | | enable guest access for the 3pl/3pid APIs
| * switch to allow_guest=True for authing 3Ps as per PR feedbackMatthew Hodgson2017-03-311-0/+8
| |
| * enable guest access for the 3pl/3pid APIsMatthew Hodgson2017-03-121-8/+0
| |
* | Merge pull request #2057 from matrix-org/rav/missing_yield_2Richard van der Hoff2017-03-241-1/+1
|\ \ | | | | | | Add another missing yield on check_device_registered
| * | Add another missing yield on check_device_registeredRichard van der Hoff2017-03-231-1/+1
| | |
* | | Fix token request for addition of phone numbersDavid Baker2017-03-231-1/+1
|/ /
* | Remove unused importErik Johnston2017-03-151-1/+0
| |
* | Format presence events on the edges instead of reformatting them multiple timesErik Johnston2017-03-151-6/+13
| |
* | Merge pull request #1994 from matrix-org/dbkr/msisdn_signin_2Erik Johnston2017-03-152-36/+215
|\ \ | | | | | | Phone number registration / login support v2
| * | Use extend instead of +=David Baker2017-03-141-4/+4
| | |
| * | Oops, remove printDavid Baker2017-03-141-1/+0
| | |
| * | Fix registration for broken clientsDavid Baker2017-03-131-4/+22
| | | | | | | | | | | | Only offer msisdn flows if the x_show_msisdn option is given.
| * | Support registration / login with phone numberDavid Baker2017-03-132-36/+198
| | | | | | | | | | | | Changes from https://github.com/matrix-org/synapse/pull/1971
* | | Implement _simple_delete_many_txn, use it to delete devicesLuke Barnard2017-03-131-11/+9
| | | | | | | | | | | | | | | | | | (But this doesn't implement the same for deleting access tokens or e2e keys. Also respond to code review.
* | | FlakeLuke Barnard2017-03-131-0/+2
| | |
* | | Implement delete_devices APILuke Barnard2017-03-131-0/+47
|/ / | | | | | | This implements the proposal here https://docs.google.com/document/d/1C-25Gqz3TXy2jIAoeOKxpNtmme0jI4g3yFGqv5GlAAk for deleting multiple devices at once in a single request.
* / Revert "Support registration & login with phone number"Erik Johnston2017-03-132-198/+36
|/
* Comment when our 3pids would be incompleteDavid Baker2017-03-081-0/+2
|
* Better error messageDavid Baker2017-03-081-1/+3
|
* pep8David Baker2017-03-081-1/+1
|
* Pull out datastore in initialiserDavid Baker2017-03-081-5/+10
|
* Minor fixes from PR feedbackDavid Baker2017-03-081-4/+2
|
* TyposDavid Baker2017-03-081-2/+2
|
* Refector out assert_params_in_requestDavid Baker2017-03-082-37/+17
| | | | and replace requestEmailToken where we meant requestMsisdnToken
* Factor out msisdn canonicalisationDavid Baker2017-03-082-27/+5
| | | | Plus a couple of other minor fixes
* Fix pep8David Baker2017-03-082-3/+3
|
* Add msisdns as 3pids during registrationDavid Baker2017-03-031-0/+47
| | | | and support binding them with the bind_msisdn param
* WIP support for msisdn 3pid proxy methodsDavid Baker2017-02-142-13/+163
|
* sets aren't JSON serializableErik Johnston2017-02-021-1/+1
|
* Fix email push in pusher workerErik Johnston2017-02-021-1/+2
| | | | | | This was broken when device list updates were implemented, as Mailer could no longer instantiate an AuthHandler due to a dependency on federation sending.
* Include newly joined users in /keys/changes APIErik Johnston2017-02-011-1/+1
|
* CommentErik Johnston2017-02-011-1/+1
|
* CommentErik Johnston2017-02-011-1/+12
|
* Implement /keys/changesErik Johnston2017-02-011-0/+38
|
* Add basic implementation of local device list changesErik Johnston2017-01-251-1/+5
|
* Lowercase all email addresses before querying dbDavid Baker2017-01-181-0/+5
| | | | | Since we store all emails in the DB in lowercase (https://github.com/matrix-org/synapse/pull/1170)
* Add /account/3pid/delete endpointDavid Baker2016-12-201-1/+35
| | | | Also fix a typo in a comment
* Remove unspecced GET endpoints for e2e keysRichard van der Hoff2016-12-121-39/+4
| | | | | | | | GET /keys/claim is a terrible idea, since it isn't idempotent; also it throws 500 errors if you call it without all the right params. GET /keys/query is arguable, but it's unspecced, so let's get rid of it too to stop people relying on unspecced APIs.
* Fix doc-stringRichard van der Hoff2016-12-011-2/+1
| | | | Remove refresh_token reference
* Rip out more refresh_token codeRichard van der Hoff2016-11-302-25/+3
| | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema.
* Merge branch 'develop' into rav/no_more_refresh_tokensRichard van der Hoff2016-11-304-13/+24
|\
| * Merge pull request #1653 from matrix-org/rav/guest_e2eRichard van der Hoff2016-11-294-13/+24
| |\ | | | | | | Implement E2E for guests
| | * Allow guest access to endpoints for E2ERichard van der Hoff2016-11-253-9/+9
| | | | | | | | | | | | | | | Expose /devices, /keys, and /sendToDevice to guest users, so that they can use E2E.
| | * Give guest users a device_idRichard van der Hoff2016-11-251-4/+15
| | | | | | | | | | | | | | | We need to create devices for guests so that they can use e2e, but we don't have anywhere to store it, so just use a fixed one.
* | | Stop generating refresh tokensRichard van der Hoff2016-11-281-3/+2
|/ / | | | | | | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins.
* / Shuffle receipt handler around so that worker apps don't need to load itErik Johnston2016-11-231-1/+1
|/
* Merge pull request #1638 from matrix-org/kegan/sync-event-fieldsKegsay2016-11-221-10/+13
|\ | | | | Implement "event_fields" in filters
| * Glue only_event_fields into the sync rest servletKegan Dougal2016-11-221-10/+13
| |
* | Fix flake8Mark Haines2016-11-181-1/+0
| |
* | Work around client replacing reg paramsDavid Baker2016-11-181-0/+12
|/ | | | | Works around https://github.com/vector-im/vector-android/issues/715 and equivalent for iOS
* Clean transactions based on time. Add HttpTransactionCache tests.Kegan Dougal2016-11-141-1/+1
|
* Move .observe() up to the cache to make things neaterKegan Dougal2016-11-141-4/+1
|
* Review commentsKegan Dougal2016-11-111-12/+5
|
* Use observable deferreds because they are saneKegan Dougal2016-11-111-3/+4
|
* Flake8Kegan Dougal2016-11-101-1/+1
|
* Store Promise<Response> instead of Response for HTTP API transactionsKegan Dougal2016-11-101-6/+12
| | | | | | | | | | | | | | | | | | This fixes a race whereby: - User hits an endpoint. - No cached transaction so executes main code. - User hits same endpoint. - No cache transaction so executes main code. - Main code finishes executing and caches response and returns. - Main code finishes executing and caches response and returns. This race is common in the wild when Synapse is struggling under load. This commit fixes the race by: - User hits an endpoint. - Caches the promise to execute the main code and executes main code. - User hits same endpoint. - Yields on the same promise as the first request. - Main code finishes executing and returns, unblocking both requests.
* Merge pull request #1164 from pik/error-codesErik Johnston2016-10-191-6/+6
|\ | | | | Clarify Error codes for GET /filter/
| * Refactor test_filter to use real DataStorepik2016-10-181-2/+2
| | | | | | | | * add tests for filter api errors
| * Error codes for filtersAlexander Maznev2016-10-141-4/+4
| | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com>
* | Handle delete device requests with no bodyRichard van der Hoff2016-10-121-2/+11
| | | | | | | | | | We should probably return a 401 rather than a 400 for existing clients that don't know they have to do the UIA dance to delete a device.
* | User-interactive auth on delete deviceRichard van der Hoff2016-10-121-5/+11
|/
* window.postmessage for Interactive Auth fallbackRichard van der Hoff2016-10-061-1/+3
| | | | | If you're a webapp running the fallback in an iframe, you can't set set a window.onAuthDone function. Let's post a message back to window.opener instead.
* Move the E2E key handling into the e2e handlerMark Haines2016-09-131-112/+16
|
* Add a timeout parameter for end2end key queries.Mark Haines2016-09-121-26/+51
| | | | | | | | | | Add a timeout parameter for controlling how long synapse will wait for responses from remote servers. For servers that fail include how they failed to make it easier to debug. Fetch keys from different servers in parallel rather than in series. Set the default timeout to 10s.
* Merge pull request #1096 from matrix-org/markjh/get_access_tokenMark Haines2016-09-092-4/+6
|\ | | | | Add helper function for getting access_tokens from requests
| * Add helper function for getting access_tokens from requestsMark Haines2016-09-092-4/+6
| | | | | | | | | | | | Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers.
* | Merge pull request #1091 from matrix-org/paul/third-party-lookupPaul Evans2016-09-091-0/+24
|\ \ | |/ |/| Improvements to 3PE lookup API
| * appease pep8Paul "LeoNerd" Evans2016-09-091-1/+2
| |
| * Python isn't JavaScript; have to quote dict keysPaul "LeoNerd" Evans2016-09-091-1/+1
| |
| * Efficiency fix for lookups of a single protocolPaul "LeoNerd" Evans2016-09-091-1/+3
| |
| * Allow lookup of a single 3PE protocol query metadataPaul "LeoNerd" Evans2016-09-091-0/+21
| |
* | Merge pull request #1081 from matrix-org/dbkr/notifications_only_highlightMatthew Hodgson2016-09-091-1/+2
|\ \ | |/ |/| Implement `only=highlight` on `/notifications`
| * Implement `only=highlight` on `/notifications`David Baker2016-09-081-1/+2
| |
* | Send device messages over federationMark Haines2016-09-061-26/+7
|/
* Fix up the calls to the notifier for device messagesMark Haines2016-09-011-1/+1
|
* Add a replication stream for direct to device messagesMark Haines2016-08-311-2/+8
|
* Merge remote-tracking branch 'origin/develop' into markjh/direct_to_deviceMark Haines2016-08-261-1/+1
|\
| * Move ThirdPartyEntityKind into api.constants so the expectation becomes that ↵Paul "LeoNerd" Evans2016-08-251-1/+1
| | | | | | | | the value is significant
* | Merge branch 'develop' into markjh/direct_to_deviceMark Haines2016-08-252-4/+21
|\|
| * Merge pull request #1041 from matrix-org/paul/third-party-lookupPaul Evans2016-08-251-2/+20
| |\ | | | | | | Extend 3PE lookup APIs for metadata query
| | * Move static knowledge of protocol metadata into AS handler; cache the resultPaul "LeoNerd" Evans2016-08-241-20/+1
| | |
| | * Declare 'gitter' known protocol, with user lookupPaul "LeoNerd" Evans2016-08-241-0/+3
| | |
| | * Initial hack at the 3PN protocols metadata lookup APIPaul "LeoNerd" Evans2016-08-241-0/+34
| | |
| | * Move 3PU/3PL lookup APIs into /thirdparty containing entityPaul "LeoNerd" Evans2016-08-241-2/+2
| | |
| * | Preserve some logcontextsErik Johnston2016-08-241-2/+1
| |/
* | Add some TODOsMark Haines2016-08-251-0/+4
| |
* | Fix the deduplication of incoming direct-to-device messagesMark Haines2016-08-251-1/+12
| |
* | Add store-and-forward direct-to-device messagingMark Haines2016-08-252-3/+75
|/
* Merge branch 'develop' into dbkr/notifications_apiMatthew Hodgson2016-08-201-0/+78
|\
| * Avoid so much copypasta between 3PU and 3PL query by unifying around a ↵Paul "LeoNerd" Evans2016-08-181-2/+7
| | | | | | | | ThirdPartyEntityKind enumeration
| * Authenticate 3PE lookup requestsPaul "LeoNerd" Evans2016-08-181-0/+6
| |
| * Copypasta the 3PU support code to also do 3PLPaul "LeoNerd" Evans2016-08-181-0/+20
| |
| * Remove TODO note about request fields being strings - they're always stringsPaul "LeoNerd" Evans2016-08-181-2/+0
| |
| * Ensure that 3PU lookup request fields actually get passed inPaul "LeoNerd" Evans2016-08-181-1/+5
| |
| * Thread 3PU lookup through as far as the AS API object; which currently noöps itPaul "LeoNerd" Evans2016-08-171-2/+9
| |
| * Initial empty implementation that just registers an API endpoint handlerPaul "LeoNerd" Evans2016-08-171-0/+38
| |
* | Use tuple comparisonDavid Baker2016-08-181-4/+3
| | | | | | | | Hopefully easier to read
* | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_apiDavid Baker2016-08-181-1/+1
|\|
| * Don't change status_msg on /syncWill Hunt2016-08-101-1/+1
| |
* | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_apiDavid Baker2016-08-117-199/+493
|\|
| * Merge branch 'rav/null_default_device_displayname' into developRichard van der Hoff2016-08-031-3/+1
| |\
| | * Default device_display_name to nullRichard van der Hoff2016-08-031-3/+1
| | | | | | | | | | | | | | | | | | It turns out that it's more useful to return a null device display name (and let clients decide how to handle it: eg, falling back to device_id) than using a constant string like "unknown device".
| * | Merge branch 'develop' into rav/refactor_device_queryMark Haines2016-08-031-9/+7
| |\|
| | * Fix adding emails on registrationDavid Baker2016-07-291-9/+7
| | | | | | | | | | | | Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing.
| * | Move e2e query logic into a handlerRichard van der Hoff2016-08-011-39/+7
| |/
| * key upload tweaksRichard van der Hoff2016-07-271-7/+5
| | | | | | | | | | | | | | 1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token.
| * Delete e2e keys on device deleteRichard van der Hoff2016-07-271-4/+9
| |
| * Make the device id on e2e key upload optionalRichard van der Hoff2016-07-261-12/+35
| | | | | | | | | | | | | | | | | | | | | | | | We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices.
| * Add `create_requester` functionRichard van der Hoff2016-07-261-6/+4
| | | | | | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout
| * Implement updating devicesRichard van der Hoff2016-07-261-7/+17
| | | | | | | | You can update the displayname of devices now.
| * Implement deleting devicesRichard van der Hoff2016-07-262-5/+19
| |
| * Merge pull request #943 from matrix-org/rav/get_device_apiDavid Baker2016-07-211-0/+25
| |\ | | | | | | Implement GET /device/{deviceId}
| | * Implement GET /device/{deviceId}Richard van der Hoff2016-07-211-0/+25
| | |
| * | Merge pull request #942 from matrix-org/rav/fix_register_deviceidDavid Baker2016-07-211-11/+10
| |\ \ | | |/ | |/| Preserve device_id from first call to /register
| | * Preserve device_id from first call to /registerRichard van der Hoff2016-07-211-11/+10
| | | | | | | | | | | | | | | device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call.
| * | Merge branch 'develop' into rav/get_devices_apiRichard van der Hoff2016-07-201-15/+39
| |\| | | | | | | | | | (pick up PR #938 in the hope of fixing the UTs)
| | * Register a device_id in the /v2/register flow.Richard van der Hoff2016-07-201-15/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit.
| * | GET /devices endpointRichard van der Hoff2016-07-202-4/+60
| |/ | | | | | | | | | | | | implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table.
| * Merge pull request #933 from matrix-org/rav/type_annotationsRichard van der Hoff2016-07-201-0/+9
| |\ | | | | | | Type annotations
| | * Type annotationsRichard van der Hoff2016-07-191-0/+9
| | | | | | | | | | | | | | | Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things.
| * | Further registration refactoringRichard van der Hoff2016-07-191-13/+37
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
| * Merge pull request #931 from matrix-org/rav/refactor_registerDavid Baker2016-07-191-78/+102
| |\ | | | | | | rest/client/v2_alpha/register.py: Refactor flow somewhat.
| | * Don't bind email unless threepid contains expected fieldsRichard van der Hoff2016-07-191-28/+25
| | |
| | * rest/client/v2_alpha/register.py: Refactor flow somewhat.Richard van der Hoff2016-07-191-75/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful.
| * | Add device_id support to /loginRichard van der Hoff2016-07-181-3/+7
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
| * Use body.get to check for 'user'Will Hunt2016-07-161-2/+1
| |
| * Fall back to 'username' if 'user' is not given for appservice reg.Will Hunt2016-07-161-3/+5
| |
| * Add hs objectErik Johnston2016-07-141-0/+1
| |
| * Only accept password authErik Johnston2016-07-141-12/+0
| |
| * Add an /account/deactivate endpointErik Johnston2016-07-141-0/+55
| |
| * be more pythonicDavid Baker2016-07-121-1/+1
| |
| * on_OPTIONS isn't neccessaryDavid Baker2016-07-122-10/+1
| |
| * Remove other debug loggingDavid Baker2016-07-121-2/+0
| |
| * Separate out requestTokens to separate handlersDavid Baker2016-07-112-65/+93
| |
| * Oops, remove debug loggingDavid Baker2016-07-111-4/+0
| |