summary refs log tree commit diff
path: root/synapse/rest/client (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make kick & ban reasons workDavid Baker2017-02-141-0/+5
| | | | | | We somehow specced APIs with reason strings, preserve the content in the events and even have the clients display them, but failed to actually pass the parameter through to the event content.
* Merge pull request #1784 from morteza-araby/user-adminErik Johnston2017-02-062-2/+224
|\ | | | | Administration functionalities
| * admin,storage: added more administrator functionalitiesMorteza Araby2017-02-022-2/+224
| | | | | | | | | | | | | | | | | | | | | | | | | | | | administrators can now: - Set displayname of users - Update user avatars - Search for users by user_id - Browse all users in a paginated API - Reset user passwords - Deactivate users Helpers for doing paginated queries has also been added to storage Signed-off-by: Morteza Araby <morteza.araby@ericsson.com>
* | sets aren't JSON serializableErik Johnston2017-02-021-1/+1
|/
* Fix email push in pusher workerErik Johnston2017-02-022-2/+6
| | | | | | This was broken when device list updates were implemented, as Mailer could no longer instantiate an AuthHandler due to a dependency on federation sending.
* Include newly joined users in /keys/changes APIErik Johnston2017-02-011-1/+1
|
* CommentErik Johnston2017-02-011-1/+1
|
* CommentErik Johnston2017-02-011-1/+12
|
* Implement /keys/changesErik Johnston2017-02-011-0/+38
|
* Add basic implementation of local device list changesErik Johnston2017-01-251-1/+5
|
* Added username and password for turn serverMarvin Steadfast2017-01-191-9/+17
| | | | | It makes it possible to use a turn server that needs a username and password instead of a token.
* Lowercase all email addresses before querying dbDavid Baker2017-01-182-1/+12
| | | | | Since we store all emails in the DB in lowercase (https://github.com/matrix-org/synapse/pull/1170)
* Fix spurious Unhandled Error log linesErik Johnston2017-01-121-1/+5
|
* Linearize updates to membership via PUT /state/Erik Johnston2017-01-091-11/+17
|
* Add /account/3pid/delete endpointDavid Baker2016-12-201-1/+35
| | | | Also fix a typo in a comment
* Merge pull request #1676 from matrix-org/erikj/room_listErik Johnston2016-12-122-1/+52
|\ | | | | Add new API appservice specific public room list
| * Add new API appservice specific public room listErik Johnston2016-12-062-1/+52
| |
* | Remove unspecced GET endpoints for e2e keysRichard van der Hoff2016-12-121-39/+4
| | | | | | | | | | | | | | | | GET /keys/claim is a terrible idea, since it isn't idempotent; also it throws 500 errors if you call it without all the right params. GET /keys/query is arguable, but it's unspecced, so let's get rid of it too to stop people relying on unspecced APIs.
* | Add /room/<room_id>/joined_members APIErik Johnston2016-12-081-0/+19
| | | | | | | | | | | | This returns the currently joined members in the room with their display names and avatar urls. This is more efficient than /members for large rooms where you don't need the full events.
* | Add joined_rooms servletErik Johnston2016-12-081-0/+17
|/
* Fix doc-stringRichard van der Hoff2016-12-011-2/+1
| | | | Remove refresh_token reference
* Rip out more refresh_token codeRichard van der Hoff2016-11-302-25/+3
| | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema.
* Merge branch 'develop' into rav/no_more_refresh_tokensRichard van der Hoff2016-11-305-25/+24
|\
| * Merge pull request #1656 from matrix-org/rav/remove_time_caveatRichard van der Hoff2016-11-301-12/+0
| |\ | | | | | | Stop putting a time caveat on access tokens
| | * Stop putting a time caveat on access tokensRichard van der Hoff2016-11-291-12/+0
| | | | | | | | | | | | | | | | | | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats.
| * | Merge pull request #1653 from matrix-org/rav/guest_e2eRichard van der Hoff2016-11-294-13/+24
| |\ \ | | |/ | |/| Implement E2E for guests
| | * Allow guest access to endpoints for E2ERichard van der Hoff2016-11-253-9/+9
| | | | | | | | | | | | | | | Expose /devices, /keys, and /sendToDevice to guest users, so that they can use E2E.
| | * Give guest users a device_idRichard van der Hoff2016-11-251-4/+15
| | | | | | | | | | | | | | | We need to create devices for guests so that they can use e2e, but we don't have anywhere to store it, so just use a fixed one.
* | | Stop generating refresh tokensRichard van der Hoff2016-11-282-21/+12
|/ / | | | | | | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins.
* / Shuffle receipt handler around so that worker apps don't need to load itErik Johnston2016-11-231-1/+1
|/
* Merge pull request #1638 from matrix-org/kegan/sync-event-fieldsKegsay2016-11-221-10/+13
|\ | | | | Implement "event_fields" in filters
| * Glue only_event_fields into the sync rest servletKegan Dougal2016-11-221-10/+13
| |
* | Fix flake8Mark Haines2016-11-181-1/+0
| |
* | Work around client replacing reg paramsDavid Baker2016-11-181-0/+12
|/ | | | | Works around https://github.com/vector-im/vector-android/issues/715 and equivalent for iOS
* Clean transactions based on time. Add HttpTransactionCache tests.Kegan Dougal2016-11-143-7/+21
|
* Move .observe() up to the cache to make things neaterKegan Dougal2016-11-143-33/+11
|
* Review commentsKegan Dougal2016-11-115-158/+119
|
* More flake8Kegan Dougal2016-11-111-1/+3
|
* Flake8 and fix whoopsieKegan Dougal2016-11-111-4/+8
|
* Use ObservableDeferreds instead of Deferreds as they behave as intendedKegan Dougal2016-11-112-30/+31
|
* Use observable deferreds because they are saneKegan Dougal2016-11-111-3/+4
|
* Flake8Kegan Dougal2016-11-102-4/+4
|
* Store Promise<Response> instead of Response for HTTP API transactionsKegan Dougal2016-11-104-88/+68
| | | | | | | | | | | | | | | | | | This fixes a race whereby: - User hits an endpoint. - No cached transaction so executes main code. - User hits same endpoint. - No cache transaction so executes main code. - Main code finishes executing and caches response and returns. - Main code finishes executing and caches response and returns. This race is common in the wild when Synapse is struggling under load. This commit fixes the race by: - User hits an endpoint. - Caches the promise to execute the main code and executes main code. - User hits same endpoint. - Yields on the same promise as the first request. - Main code finishes executing and returns, unblocking both requests.
* Merge pull request #1164 from pik/error-codesErik Johnston2016-10-191-6/+6
|\ | | | | Clarify Error codes for GET /filter/
| * Refactor test_filter to use real DataStorepik2016-10-181-2/+2
| | | | | | | | * add tests for filter api errors
| * Error codes for filtersAlexander Maznev2016-10-141-4/+4
| | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com>
* | Handle delete device requests with no bodyRichard van der Hoff2016-10-121-2/+11
| | | | | | | | | | We should probably return a 401 rather than a 400 for existing clients that don't know they have to do the UIA dance to delete a device.
* | User-interactive auth on delete deviceRichard van der Hoff2016-10-121-5/+11
| |
* | Merge pull request #1157 from Rugvip/nolimitErik Johnston2016-10-111-4/+7
|\ \ | |/ |/| Remove rate limiting from app service senders and fix get_or_create_user requester
| * rest/client/v1/register: use the correct requester in createUserPatrik Oldsberg2016-10-061-3/+6
| | | | | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
| * storage/appservice: make appservice methods only relying on the cache ↵Patrik Oldsberg2016-10-061-1/+1
| | | | | | | | synchronous
* | window.postmessage for Interactive Auth fallbackRichard van der Hoff2016-10-061-1/+3
|/ | | | | If you're a webapp running the fallback in an iframe, you can't set set a window.onAuthDone function. Let's post a message back to window.opener instead.
* Time out typing over federationErik Johnston2016-09-231-1/+4
|
* Support /initialSync in synchrotron workerErik Johnston2016-09-212-5/+4
|
* Enable guest access to POST /publicRoomsErik Johnston2016-09-171-2/+2
|
* Make POST /publicRooms require authErik Johnston2016-09-161-2/+1
|
* Change the way we calculate new_limit in /publicRooms and add POST APIErik Johnston2016-09-151-0/+29
|
* Remove default public rooms limitErik Johnston2016-09-151-1/+1
|
* By default limit /publicRooms to 100 entriesErik Johnston2016-09-151-1/+1
|
* Pass since/from parameters over federationErik Johnston2016-09-151-3/+3
|
* Allow paginating both forwards and backwardsErik Johnston2016-09-151-3/+15
|
* Remove support for aggregate room listsErik Johnston2016-09-151-1/+1
|
* Move the E2E key handling into the e2e handlerMark Haines2016-09-131-112/+16
|
* Add a timeout parameter for end2end key queries.Mark Haines2016-09-121-26/+51
| | | | | | | | | | Add a timeout parameter for controlling how long synapse will wait for responses from remote servers. For servers that fail include how they failed to make it easier to debug. Fetch keys from different servers in parallel rather than in series. Set the default timeout to 10s.
* Conform better to the CAS protocol specificationShell Turner2016-09-091-5/+2
| | | | | | | Redirect to CAS's /login endpoint properly, and don't require an <attributes> element. Signed-off-by: Shell Turner <cam.turn@gmail.com>
* Merge pull request #1096 from matrix-org/markjh/get_access_tokenMark Haines2016-09-095-20/+16
|\ | | | | Add helper function for getting access_tokens from requests
| * Add helper function for getting access_tokens from requestsMark Haines2016-09-095-20/+16
| | | | | | | | | | | | Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers.
* | Merge pull request #1091 from matrix-org/paul/third-party-lookupPaul Evans2016-09-091-0/+24
|\ \ | | | | | | Improvements to 3PE lookup API
| * | appease pep8Paul "LeoNerd" Evans2016-09-091-1/+2
| | |
| * | Python isn't JavaScript; have to quote dict keysPaul "LeoNerd" Evans2016-09-091-1/+1
| | |
| * | Efficiency fix for lookups of a single protocolPaul "LeoNerd" Evans2016-09-091-1/+3
| | |
| * | Allow lookup of a single 3PE protocol query metadataPaul "LeoNerd" Evans2016-09-091-0/+21
| | |
* | | Filter returned events for client-facing formatPaul "LeoNerd" Evans2016-09-091-2/+3
| | |
* | | Allow clients to specify the format a room state event is returned inPaul "LeoNerd" Evans2016-09-091-1/+7
| |/ |/|
* | Merge pull request #1081 from matrix-org/dbkr/notifications_only_highlightMatthew Hodgson2016-09-091-1/+2
|\ \ | |/ |/| Implement `only=highlight` on `/notifications`
| * Implement `only=highlight` on `/notifications`David Baker2016-09-081-1/+2
| |
* | Merge pull request #1082 from matrix-org/erikj/remote_public_roomsErik Johnston2016-09-081-6/+17
|\ \ | | | | | | Add server param to /publicRooms
| * | Use parse_stringErik Johnston2016-09-081-2/+2
| | |
| * | Add server param to /publicRoomsErik Johnston2016-09-081-5/+16
| |/
* / Send device messages over federationMark Haines2016-09-061-26/+7
|/
* Fix up the calls to the notifier for device messagesMark Haines2016-09-011-1/+1
|
* Add a replication stream for direct to device messagesMark Haines2016-08-311-2/+8
|
* Merge remote-tracking branch 'origin/develop' into markjh/direct_to_deviceMark Haines2016-08-261-1/+1
|\
| * Move ThirdPartyEntityKind into api.constants so the expectation becomes that ↵Paul "LeoNerd" Evans2016-08-251-1/+1
| | | | | | | | the value is significant
* | Merge branch 'develop' into markjh/direct_to_deviceMark Haines2016-08-252-4/+21
|\|
| * Merge pull request #1041 from matrix-org/paul/third-party-lookupPaul Evans2016-08-251-2/+20
| |\ | | | | | | Extend 3PE lookup APIs for metadata query
| | * Move static knowledge of protocol metadata into AS handler; cache the resultPaul "LeoNerd" Evans2016-08-241-20/+1
| | |
| | * Declare 'gitter' known protocol, with user lookupPaul "LeoNerd" Evans2016-08-241-0/+3
| | |
| | * Initial hack at the 3PN protocols metadata lookup APIPaul "LeoNerd" Evans2016-08-241-0/+34
| | |
| | * Move 3PU/3PL lookup APIs into /thirdparty containing entityPaul "LeoNerd" Evans2016-08-241-2/+2
| | |
| * | Preserve some logcontextsErik Johnston2016-08-241-2/+1
| |/
* | Add some TODOsMark Haines2016-08-251-0/+4
| |
* | Fix the deduplication of incoming direct-to-device messagesMark Haines2016-08-251-1/+12
| |
* | Add store-and-forward direct-to-device messagingMark Haines2016-08-252-3/+75
|/
* Pass through user-supplied content in /join/$room_idKegan Dougal2016-08-231-0/+1
| | | | | | | It was always intended to allow custom keys on the join event, but this has at some point been lost. Restore it. If the user specifies keys like "avatar_url" then they will be clobbered.
* Merge branch 'develop' into dbkr/notifications_apiMatthew Hodgson2016-08-201-0/+78
|\
| * Avoid so much copypasta between 3PU and 3PL query by unifying around a ↵Paul "LeoNerd" Evans2016-08-181-2/+7
| | | | | | | | ThirdPartyEntityKind enumeration
| * Authenticate 3PE lookup requestsPaul "LeoNerd" Evans2016-08-181-0/+6
| |
| * Copypasta the 3PU support code to also do 3PLPaul "LeoNerd" Evans2016-08-181-0/+20
| |
| * Remove TODO note about request fields being strings - they're always stringsPaul "LeoNerd" Evans2016-08-181-2/+0
| |
| * Merge remote-tracking branch 'origin/develop' into paul/thirdpartylookupPaul "LeoNerd" Evans2016-08-189-5/+89
| |\
| * | Ensure that 3PU lookup request fields actually get passed inPaul "LeoNerd" Evans2016-08-181-1/+5
| | |
| * | Thread 3PU lookup through as far as the AS API object; which currently noöps itPaul "LeoNerd" Evans2016-08-171-2/+9
| | |
| * | Initial empty implementation that just registers an API endpoint handlerPaul "LeoNerd" Evans2016-08-171-0/+38
| | |
* | | Use tuple comparisonDavid Baker2016-08-181-4/+3
| | | | | | | | | | | | Hopefully easier to read
* | | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_apiDavid Baker2016-08-1810-6/+90
|\ \ \ | | |/ | |/|
| * | Make synchrotron accept /eventsErik Johnston2016-08-121-5/+4
| | |
| * | Dont invoke get_handlers fromClientV1RestServletErik Johnston2016-08-129-1/+86
| |/ | | | | | | | | | | hs.get_handlers() can not be invoked from split out processes. Moving the invocations down a level means that we can slowly split out individual servlets.
| * Don't change status_msg on /syncWill Hunt2016-08-101-1/+1
| |
* | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_apiDavid Baker2016-08-1116-380/+800
|\|
| * Merge pull request #995 from matrix-org/rav/clean_up_cas_loginDavid Baker2016-08-091-125/+33
| |\ | | | | | | Clean up CAS login code
| | * Clean up CAS login codeRichard van der Hoff2016-08-081-125/+33
| | | | | | | | | | | | | | | | | | | | | Remove some apparently unused code. Clean up parse_cas_response, mostly to catch the exception if the CAS response isn't valid XML.
| * | Fix CAS loginRichard van der Hoff2016-08-081-0/+1
| |/ | | | | | | Attempting to log in with CAS was giving a 500 error.
| * Merge branch 'rav/null_default_device_displayname' into developRichard van der Hoff2016-08-031-3/+1
| |\
| | * Default device_display_name to nullRichard van der Hoff2016-08-031-3/+1
| | | | | | | | | | | | | | | | | | It turns out that it's more useful to return a null device display name (and let clients decide how to handle it: eg, falling back to device_id) than using a constant string like "unknown device".
| * | Merge branch 'develop' into rav/refactor_device_queryMark Haines2016-08-031-9/+7
| |\|
| | * Fix adding emails on registrationDavid Baker2016-07-291-9/+7
| | | | | | | | | | | | Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing.
| * | Move e2e query logic into a handlerRichard van der Hoff2016-08-011-39/+7
| |/
| * Add r0.1.0 to the "supported versions" listRichard van der Hoff2016-07-281-0/+1
| |
| * Add r0.2.0 to the "supported versions" listRichard van der Hoff2016-07-281-1/+4
| |
| * key upload tweaksRichard van der Hoff2016-07-271-7/+5
| | | | | | | | | | | | | | 1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token.
| * Delete e2e keys on device deleteRichard van der Hoff2016-07-271-4/+9
| |
| * Make the device id on e2e key upload optionalRichard van der Hoff2016-07-261-12/+35
| | | | | | | | | | | | | | | | | | | | | | | | We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices.
| * Add `create_requester` functionRichard van der Hoff2016-07-261-6/+4
| | | | | | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout
| * Implement updating devicesRichard van der Hoff2016-07-261-7/+17
| | | | | | | | You can update the displayname of devices now.
| * Implement deleting devicesRichard van der Hoff2016-07-263-8/+29
| |
| * Merge pull request #943 from matrix-org/rav/get_device_apiDavid Baker2016-07-211-0/+25
| |\ | | | | | | Implement GET /device/{deviceId}
| | * Implement GET /device/{deviceId}Richard van der Hoff2016-07-211-0/+25
| | |
| * | Merge pull request #942 from matrix-org/rav/fix_register_deviceidDavid Baker2016-07-211-11/+10
| |\ \ | | |/ | |/| Preserve device_id from first call to /register
| | * Preserve device_id from first call to /registerRichard van der Hoff2016-07-211-11/+10
| | | | | | | | | | | | | | | device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call.
| * | Merge branch 'develop' into rav/get_devices_apiRichard van der Hoff2016-07-201-15/+39
| |\| | | | | | | | | | (pick up PR #938 in the hope of fixing the UTs)
| | * Register a device_id in the /v2/register flow.Richard van der Hoff2016-07-201-15/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit.
| * | GET /devices endpointRichard van der Hoff2016-07-202-4/+60
| |/ | | | | | | | | | | | | implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table.
| * Merge pull request #933 from matrix-org/rav/type_annotationsRichard van der Hoff2016-07-203-0/+17
| |\ | | | | | | Type annotations
| | * Type annotationsRichard van der Hoff2016-07-193-0/+17
| | | | | | | | | | | | | | | Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things.
| * | Merge pull request #932 from matrix-org/rav/register_refactorDavid Baker2016-07-202-14/+40
| |\ \ | | | | | | | | Further registration refactoring
| | * | Further registration refactoringRichard van der Hoff2016-07-192-14/+40
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
| * | Merge pull request #922 from matrix-org/erikj/file_api2Erik Johnston2016-07-201-1/+10
| |\ \ | | |/ | |/| Feature: Add filter to /messages. Add 'contains_url' to filter.
| | * Add filter param to /messages APIErik Johnston2016-07-141-1/+10
| | |
| * | Merge pull request #931 from matrix-org/rav/refactor_registerDavid Baker2016-07-191-78/+102
| |\ \ | | | | | | | | rest/client/v2_alpha/register.py: Refactor flow somewhat.
| | * | Don't bind email unless threepid contains expected fieldsRichard van der Hoff2016-07-191-28/+25
| | | |
| | * | rest/client/v2_alpha/register.py: Refactor flow somewhat.Richard van der Hoff2016-07-191-75/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful.
| * | | Add device_id support to /loginRichard van der Hoff2016-07-182-6/+43
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
| * | Merge pull request #928 from matrix-org/rav/refactor_loginRichard van der Hoff2016-07-181-18/+23
| |\ \ | | | | | | | | Refactor login flow
| | * | Refactor login flowRichard van der Hoff2016-07-181-18/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.
| * | | Use body.get to check for 'user'Will Hunt2016-07-161-2/+1
| | | |
| * | | Fall back to 'username' if 'user' is not given for appservice reg.Will Hunt2016-07-161-3/+5
| |/ /
| * | Merge pull request #921 from matrix-org/erikj/account_deactivateErik Johnston2016-07-141-0/+44
| |\ \ | | | | | | | | Feature: Add an /account/deactivate endpoint
| | * | Add hs objectErik Johnston2016-07-141-0/+1
| | | |
| | * | Only accept password authErik Johnston2016-07-141-12/+0
| | | |
| | * | Add an /account/deactivate endpointErik Johnston2016-07-141-0/+55
| | |/
| * | Merge pull request #918 from negzi/bugfix_for_token_expiryErik Johnston2016-07-141-1/+1
| |\ \ | | |/ | |/| Bug fix: expire invalid access tokens
| | * Bug fix: expire invalid access tokensNegar Fazeli2016-07-131-1/+1
| | |
| * | be more pythonicDavid Baker2016-07-121-1/+1
| | |
| * | on_OPTIONS isn't neccessaryDavid Baker2016-07-122-10/+1
| | |
| * | Remove other debug loggingDavid Baker2016-07-121-2/+0
| | |
| * | Separate out requestTokens to separate handlersDavid Baker2016-07-112-65/+93
| | |
| * | Oops, remove debug loggingDavid Baker2016-07-111-4/+0
| | |
| * | Implement https://github.com/matrix-org/matrix-doc/pull/346/filesDavid Baker2016-07-081-0/+59
| |/
| * Add rest servlet. Fix SQL.Erik Johnston2016-07-061-0/+1
| |
| * Merge branch 'erikj/shared_secret' into erikj/test2Erik Johnston2016-07-061-4/+16
| |\
| | * Check that there are no null bytes in user and passswordErik Johnston2016-07-061-0/+6
| | |
| | * Add null separator to hmacErik Johnston2016-07-061-0/+2
| | |
| | * Add an admin option to shared secret registrationErik Johnston2016-07-051-0/+1
| | |
| | * Protect password when registering using shared secretErik Johnston2016-07-051-4/+7
| | |
| * | Add purge_history APIErik Johnston2016-07-051-0/+18
| |/
| * Fix style violationsKent Shikama2016-07-041-1/+2
| | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com>
| * Use .get() instead of [] to access password_hashKent Shikama2016-07-041-1/+1
| |
| * Optionally include password hash in createUser endpointKent Shikama2016-07-031-1/+3
| | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com>
| * Feature: Add deactivate account admin APIErik Johnston2016-06-301-0/+26
| | | | | | | | | | | | | | | | | | | | Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>`
| * Implement purge_media_cache admin APIErik Johnston2016-06-291-0/+32
| |
| * Remove redundant exception log in /eventsErik Johnston2016-06-091-24/+21
| |
| * Don't make rooms visibile by defaultErik Johnston2016-06-081-2/+0
| |
| * Log user that is making /publicRooms callsErik Johnston2016-06-081-0/+7
| |
| * Load push rules in storage layer, so that they get cachedErik Johnston2016-06-031-4/+2
| |
| * Working unsubscribe links going straight to the HSDavid Baker2016-06-021-1/+3
| | | | | | | | and authed by macaroons that let you delete pushers and nothing else
| * Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribeDavid Baker2016-06-025-10/+11
| |\
| | * Split out the auth handlerDavid Baker2016-06-025-10/+11
| | |
| * | WIP on unsubscribing email notifs without logging inDavid Baker2016-06-011-1/+54
| |/
| * Basic, un-cached support for secondary_directory_serversDavid Baker2016-05-311-1/+2
| |
| * Split out the room list handlerDavid Baker2016-05-311-1/+1
| | | | | | | | So I can use it from federation bits without pulling in all the handlers.
* | Include the ts the notif was received atDavid Baker2016-05-241-0/+1
| |
* | Actually make the 'read' flag correctDavid Baker2016-05-231-4/+3
| |
* | Add GET /notifications APIDavid Baker2016-05-231-0/+100
|/
* Allow clients to specify a server_name to avoid 'No known servers'Kegan Dougal2016-05-191-1/+4
| | | | Multiple server_names are supported via ?server_name=foo&server_name=bar
* Move typing handler out of the Handlers objectMark Haines2016-05-171-4/+3
|
* Move SyncHandler out of the Handlers objectMark Haines2016-05-161-2/+1
|
* Move the presence handler out of the Handlers objectMark Haines2016-05-164-9/+17
|
* Create user with expiryNegi Fazeli2016-05-131-0/+71
| | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
* Merge remote-tracking branch 'origin/develop' into dbkr/email_notifsDavid Baker2016-05-102-0/+155
|\
| * Rename openid/token to openid/request_tokenMark Haines2016-05-051-2/+2
| |
| * Add an openidish mechanism for proving to third parties that you own a given ↵Mark Haines2016-05-051-0/+96
| | | | | | | | user_id
| * Add timestamp and auto incrementing IDErik Johnston2016-05-041-0/+2
| |
| * Move event_id to pathErik Johnston2016-05-041-4/+2
| |
| * Add /report endpointErik Johnston2016-05-041-0/+59
| |
* | More consistent config namingDavid Baker2016-05-101-1/+1
| |
* | Add config option to not send email notifs for new usersDavid Baker2016-05-101-1/+4
| |
* | Merge remote-tracking branch 'origin/develop' into dbkr/email_notifsDavid Baker2016-04-291-0/+1
|\|
| * Fix password resetDavid Baker2016-04-291-0/+1
| | | | | | | | Default requester to None, otherwise it isn't defined when resetting using email auth
* | Add an email pusher for new usersDavid Baker2016-04-291-0/+26
|/ | | | If they registered with an email address and email notifs are enabled on the HS
* Make pyjwt dependency optionalErik Johnston2016-04-251-5/+7
|
* Merge pull request #687 from nikriek/jwt-fixErik Johnston2016-04-211-3/+6
|\ | | | | Fix issues with JWT login
| * Fix issues with JWT loginNiklas Riekenbrauck2016-04-211-3/+6
| |
* | Make v2_alpha reg follow the AS API specificationKegan Dougal2016-04-141-0/+5
| | | | | | | | | | | | The spec is clear the key should be 'user' not 'username' and this is indeed the case for v1. This is not true for v2_alpha though, which is what this commit is fixing.
* | Make the /set part mandatoryDavid Baker2016-04-121-1/+1
| |
* | Mis-named functionDavid Baker2016-04-121-1/+1
| |
* | Split into separate servlet classesDavid Baker2016-04-121-11/+16
| |
* | Add get endpoint for pushersDavid Baker2016-04-111-1/+34
|/ | | | As per https://github.com/matrix-org/matrix-doc/pull/308
* Use google style doc strings.Mark Haines2016-04-011-36/+43
| | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format.
* Remove spurious commentErik Johnston2016-03-301-1/+0
|
* Require user to have left room to forget roomErik Johnston2016-03-301-0/+38
| | | | | This dramatically simplifies the forget API code - in particular it no longer generates a leave event.
* Add JWT supportNiklas Riekenbrauck2016-03-291-0/+53
|
* Deduplicate identical /sync requestsMark Haines2016-03-241-0/+3
|
* Add published room list edit APIErik Johnston2016-03-211-0/+42
|
* Merge pull request #652 from matrix-org/erikj/delete_aliasErik Johnston2016-03-181-1/+2
|\ | | | | Update aliases event after deletion
| * Update aliases event after deletionErik Johnston2016-03-171-1/+2
| | | | | | | | | | | | | | | | Attempt to update the appropriate `m.room.aliases` event after deleting an alias. This may fail due to the deleter not being in the room. Will also check if the canonical alias of the event is set to the deleted alias, and if so will attempt to delete it.
* | remove debug loggingDavid Baker2016-03-161-3/+0
| |
* | Unused importDavid Baker2016-03-161-1/+0
| |
* | Make registration idempotent, part 2: be idempotent if the client specifies ↵David Baker2016-03-161-5/+17
|/ | | | a username.
* take extra return val from check_auth in account tooDavid Baker2016-03-161-1/+1
|
* pep8 & remove debug loggingDavid Baker2016-03-161-4/+5
|
* Make registration idempotent: if you specify the same session, make it give ↵David Baker2016-03-161-1/+26
| | | | you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.
* Hook up adding a pusher to the notifier for replication.Mark Haines2016-03-151-0/+6
|
* Fix regression where synapse checked whether push rules were valid JSON ↵Mark Haines2016-03-141-2/+2
| | | | before the compatibility hack that handled clients sending invalid JSON
* Merge pull request #642 from matrix-org/erikj/logoutErik Johnston2016-03-111-0/+72
|\ | | | | Implement logout
| * Implement logoutErik Johnston2016-03-111-0/+72
| |
* | Use parse_json_object_from_request to parse JSON out of request bodiesMark Haines2016-03-117-71/+29
|/
* Fix cache invalidation so deleting access tokens (which we did when changing ↵David Baker2016-03-111-1/+1
| | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54
* Register endpoint returns refresh_tokenblide2016-03-101-5/+8
| | | | Guest registration still doesn't return refresh_token
* Add a parse_json_object functionMark Haines2016-03-0910-116/+32
| | | | | to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions.
* Fix relative imports so they work in both py3 and py27Mark Haines2016-03-086-6/+6
|
* Use syntax that works on both py2.7 and py3Mark Haines2016-03-071-1/+1
|
* Merge branch 'develop' into markjh/pushrule_streamMark Haines2016-03-043-10/+11
|\
| * Merge pull request #614 from matrix-org/erikj/alias_deleteErik Johnston2016-03-041-3/+0
| |\ | | | | | | Allow alias creators to delete aliases
| | * Allow alias creators to delete aliasesErik Johnston2016-03-011-3/+0
| | |
| * | Pass whole requester to ratelimitingDaniel Wagner-Hall2016-03-033-7/+11
| |/ | | | | | | This will enable more detailed decisions
* | Hook up the push rules stream to account_data in /syncMark Haines2016-03-041-1/+1
| |
* | Move the code for formatting push rules into a separate functionMark Haines2016-03-031-86/+4
| |
* | Hook up the push rules to the notifierMark Haines2016-03-031-15/+29
|/
* Add support for changing the actions for default rulesMark Haines2016-02-261-4/+27
| | | | | | See matrix-org/matrix-doc#283 Works by adding dummy rules to the push rules table with a negative priority class and then using those rules to clobber the default rule actions when adding the default rules in ``list_with_base_rules``
* Fix to appease the PEP8 dragonGergely Polonkai2016-02-261-1/+3
|
* Add error codes for malformed/bad JSON in /loginGergely Polonkai2016-02-261-2/+2
| | | | Signed-off-by: Gergely Polonkai <gergely@polonkaieu>
* Make sure we return a JSON object when returning the values of specif…Mark Haines2016-02-251-1/+3
| | | | …ic keys from a push rule
* Remove unused get_rule_attr methodMark Haines2016-02-241-8/+0
|
* Ignore invalid POST bodies when joining roomsDaniel Wagner-Hall2016-02-241-2/+12
|
* Allow third_party_signed to be specified on /joinDaniel Wagner-Hall2016-02-231-0/+4
|
* Merge pull request #582 from matrix-org/erikj/presenceErik Johnston2016-02-194-28/+35
|\ | | | | Rewrite presence for performance.
| * "You are not..."Erik Johnston2016-02-181-1/+1
| |
| * Initial cutErik Johnston2016-02-174-28/+35
| |
* | Remove dead code for setting device specific rules.Mark Haines2016-02-182-88/+8
| | | | | | | | | | | | It wasn't possible to hit the code from the API because of a typo in parsing the request path. Since no-one was using the feature we might as well remove the dead code.