summary refs log tree commit diff
path: root/synapse/rest/client (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add type hints to synapse.events.*. (#11066)Patrick Cloke2021-10-131-4/+4
| | | Except `synapse/events/__init__.py`, which will be done in a follow-up.
* Refactor MSC2716 `/batch_send` endpoint into separate handler functions (#10974)Eric Eastwood2021-10-081-283/+56
|
* Require direct references to configuration variables. (#10985)Patrick Cloke2021-10-062-2/+4
| | | | | | This removes the magic allowing accessing configurable variables directly from the config object. It is now required that a specific configuration class is used (e.g. `config.foo` must be replaced with `config.server.foo`).
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-045-32/+34
|
* Fix getTurnServer response: return an integer ttl (#10922)Lukas Lihotzki2021-09-301-1/+1
| | | | | | | | | `ttl` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/old_master/data/api/client-server/voip.yaml#L70 True division (`/`) returns a float instead (`"ttl": 7200.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-298-17/+17
|
* Implement MSC3069: Guest support on whoami (#9655)Travis Ralston2021-09-291-2/+6
|
* Ensure `(room_id, next_batch_id)` is unique to avoid cross-talk/conflicts ↵Eric Eastwood2021-09-281-2/+4
| | | | | | | | between batches (MSC2716) (#10877) Part of [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) Part of https://github.com/matrix-org/synapse/issues/10737
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-244-11/+11
|
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-231-6/+6
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-235-43/+45
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Remove unnecessary parentheses around tuples returned from methods (#10889)Andrew Morgan2021-09-232-4/+4
|
* Rename MSC2716 things from `chunk` to `batch` to match `/batch_send` ↵Eric Eastwood2021-09-211-43/+43
| | | | | | | | endpoint (#10838) See https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684574497 Dropping support for older MSC2716 room versions so we don't have to worry about supporting both chunk and batch events.
* Rename `/batch_send` query parameter from `?prev_event` to more obvious ↵Eric Eastwood2021-09-211-7/+9
| | | | | | | usage with `?prev_event_id` (MSC2716) (#10839) As mentioned in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r705872887 and https://github.com/matrix-org/synapse/issues/10737
* Verify `?chunk_id` actually corresponds to an insertion event that exists ↵Eric Eastwood2021-09-151-1/+12
| | | | (MSC2716) (#10776)
* Split out `/batch_send` meta events to their own fields (MSC2716) (#10777)Eric Eastwood2021-09-151-11/+18
|
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-135-11/+14
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Add types to synapse.util. (#10601)reivilibre2021-09-101-4/+7
|
* Remove unstable MSC2858 API, including `experimental.msc2858_enabled` config ↵Sean2021-09-091-46/+11
| | | | | option (#10693) Signed-off-by: Sean Quah <seanq@element.io>
* Additional type hints for client REST servlets (part 5) (#10736)Patrick Cloke2021-09-034-66/+119
| | | | Additionally this enforce type hints on all function signatures inside of the synapse.rest.client package.
* Additional type hints for client REST servlets (part 4) (#10728)Patrick Cloke2021-09-018-100/+144
|
* Additional type hints for the client REST servlets (part 3). (#10707)Patrick Cloke2021-08-316-150/+305
|
* Remove unused `compare_digest` function. (#10706)Patrick Cloke2021-08-271-13/+0
|
* Additional type hints for REST servlets (part 2). (#10674)Patrick Cloke2021-08-2615-138/+210
| | | Applies the changes from #10665 to additional modules.
* Correctly initialise the `synapse_user_logins` metric. (#10677)Richard van der Hoff2021-08-241-6/+23
| | | | | Fix a bug where the prometheus metrics for SSO logins wouldn't be initialised until the first user logged in with a given auth provider.
* Additional type hints for the sync REST servlet. (#10666)Patrick Cloke2021-08-231-51/+81
|
* Addtional type hints for the REST servlets. (#10665)Patrick Cloke2021-08-2313-107/+203
|
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-212-0/+96
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Validate device_keys for C-S /keys/query requests (#10593)David Robertson2021-08-201-1/+15
| | | | | | | | * Validate device_keys for C-S /keys/query requests Closes #10354 A small, not particularly critical fix. I'm interested in seeing if we can find a more systematic approach though. #8445 is the place for any discussion.
* Support MSC3283: Expose `enable_set_displayname` in capabilities (#10452)Dirk Klimpel2021-08-191-0/+11
|
* Merge branch 'release-v1.41' into developErik Johnston2021-08-181-1/+1
|\
| * Allow /createRoom to be run on workers (#10564)Andrew Morgan2021-08-171-1/+1
| | | | | | Fixes https://github.com/matrix-org/synapse/issues/7867
* | Display an error page during failure of fallback UIA. (#10561)Callum Brown2021-08-181-15/+24
|/
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-1743-40/+14
|
* Always list fallback key types in /sync (#10623)Andrew Morgan2021-08-171-4/+5
|
* Validate the max_rooms_per_space parameter to ensure it is non-negative. ↵Patrick Cloke2021-08-161-5/+20
| | | | (#10611)
* Experimental support for MSC3266 Room Summary API. (#10394)Michael Telatynski2021-08-161-33/+57
|
* Move /batch_send to /v2_alpha directory (MSC2716) (#10576)Eric Eastwood2021-08-132-409/+442
| | | | | | | * Move /batch_send to /v2_alpha directory As pointed out by @erikjohnston, https://github.com/matrix-org/synapse/pull/10552#discussion_r685836624
* Only return state events that the AS passed in via `state_events_at_start` ↵Eric Eastwood2021-08-101-1/+3
| | | | | | | | | | | | | | (MSC2716) (#10552) * Only return state events that the AS passed in via state_events_at_start As discovered by @Half-Shot in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684158448 Part of MSC2716 * Add changelog * Fix changelog extension
* Add local support for the new spaces summary endpoint (MSC2946) (#10549)Patrick Cloke2021-08-101-0/+41
| | | | | This adds support for the /hierarchy endpoint, which is an update to MSC2946. Currently this only supports rooms known locally to the homeserver.
* Fix exceptions in logs when failing to get remote room list (#10541)Erik Johnston2021-08-061-18/+12
|
* Mark all MSC2716 events as historical (#10537)Eric Eastwood2021-08-051-5/+10
| | | * Mark all MSC2716 events as historical
* Don't fail on empty bodies when sending out read receipts (#10531)Brendan Abolivier2021-08-041-1/+1
| | | | | Fixes a bug introduced in rc1 that would cause Synapse to 400 on read receipts requests with empty bodies. Broken in #10413
* Make historical events discoverable from backfill for servers without any ↵Eric Eastwood2021-07-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrollback history (MSC2716) (#10245) * Make historical messages available to federated servers Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 Follow-up to https://github.com/matrix-org/synapse/pull/9247 * Debug message not available on federation * Add base starting insertion point when no chunk ID is provided * Fix messages from multiple senders in historical chunk Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 --- Previously, Synapse would throw a 403, `Cannot force another user to join.`, because we were trying to use `?user_id` from a single virtual user which did not match with messages from other users in the chunk. * Remove debug lines * Messing with selecting insertion event extremeties * Move db schema change to new version * Add more better comments * Make a fake requester with just what we need See https://github.com/matrix-org/synapse/pull/10276#discussion_r660999080 * Store insertion events in table * Make base insertion event float off on its own See https://github.com/matrix-org/synapse/pull/10250#issuecomment-875711889 Conflicts: synapse/rest/client/v1/room.py * Validate that the app service can actually control the given user See https://github.com/matrix-org/synapse/pull/10276#issuecomment-876316455 Conflicts: synapse/rest/client/v1/room.py * Add some better comments on what we're trying to check for * Continue debugging * Share validation logic * Add inserted historical messages to /backfill response * Remove debug sql queries * Some marker event implemntation trials * Clean up PR * Rename insertion_event_id to just event_id * Add some better sql comments * More accurate description * Add changelog * Make it clear what MSC the change is part of * Add more detail on which insertion event came through * Address review and improve sql queries * Only use event_id as unique constraint * Fix test case where insertion event is already in the normal DAG * Remove debug changes * Switch to chunk events so we can auth via power_levels Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room. * Switch to chunk events for federation * Add unstable room version to support new historical PL * Fix federated events being rejected for no state_groups Add fix from https://github.com/matrix-org/synapse/pull/10439 until it merges. * Only connect base insertion event to prev_event_ids Per discussion with @erikjohnston, https://matrix.to/#/!UytJQHLQYfvYWsGrGY:jki.re/$12bTUiObDFdHLAYtT7E-BvYRp3k_xv8w0dUQHibasJk?via=jki.re&via=matrix.org * Make it possible to get the room_version with txn * Allow but ignore historical events in unsupported room version See https://github.com/matrix-org/synapse/pull/10245#discussion_r675592489 We can't reject historical events on unsupported room versions because homeservers without knowledge of MSC2716 or the new room version don't reject historical events either. Since we can't rely on the auth check here to stop historical events on unsupported room versions, I've added some additional checks in the processing/persisting code (`synapse/storage/databases/main/events.py` -> `_handle_insertion_event` and `_handle_chunk_event`). I've had to do some refactoring so there is method to fetch the room version by `txn`. * Move to unique index syntax See https://github.com/matrix-org/synapse/pull/10245#discussion_r675638509 * High-level document how the insertion->chunk lookup works * Remove create_event fallback for room_versions See https://github.com/matrix-org/synapse/pull/10245/files#r677641879 * Use updated method name
* Support for MSC2285 (hidden read receipts) (#10413)Šimon Brandner2021-07-283-4/+34
| | | Implementation of matrix-org/matrix-doc#2285
* Support MSC2033: Device ID on whoami (#9918)Travis Ralston2021-07-271-1/+8
| | | | | | | | | | * Fix no-access-token bug in deactivation tests * Support MSC2033: Device ID on whoami * Test for appservices too MSC: https://github.com/matrix-org/matrix-doc/pull/2033 The MSC has passed FCP, which means stable endpoints can be used.
* Merge branch 'master' into developErik Johnston2021-07-231-4/+7
|\
| * Always send device_one_time_keys_count (#10457)David Baker2021-07-221-4/+7
| | | | | | | | | | | | | | As per comment Fixes https://github.com/matrix-org/synapse/issues/10456 See also https://github.com/vector-im/element-android/issues/3725
* | Add type hints to additional servlet functions (#10437)Patrick Cloke2021-07-211-1/+1
| | | | | | | | | | | | | | | | | | Improves type hints for: * parse_{boolean,integer} * parse_{boolean,integer}_from_args * parse_json_{value,object}_from_request And fixes any incorrect calls that resulted from unknown types.
* | Add a return type to parse_string. (#10438)Patrick Cloke2021-07-214-24/+30
| | | | | | | | And set the required attribute in a few places which will error if a parameter is not provided.
* | Switch to `chunk` events so we can auth via power_levels (MSC2716) (#10432)Eric Eastwood2021-07-211-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room.
* | MSC3244 room capabilities implementation (#10283)Michael Telatynski2021-07-201-1/+7
| |
* | [pyupgrade] `synapse/` (#10348)Jonathan de Jong2021-07-191-16/+9
| | | | | | | | | | | | | | | | | | This PR is tantamount to running ``` pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"` ``` Part of #9744
* | Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-163-12/+8
| |
* | Add a module type for account validity (#9884)Brendan Abolivier2021-07-161-6/+1
| | | | | | | | | | This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.
* | Fix messages from multiple senders in historical chunk (MSC2716) (#10276)Eric Eastwood2021-07-131-7/+42
| | | | | | | | | | | | | | Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716
* | Add base starting insertion event when no chunk ID is provided (MSC2716) ↵Eric Eastwood2021-07-081-23/+89
|/ | | | | | | | | (#10250) * Add base starting insertion point when no chunk ID is provided This is so we can have the marker event point to this initial insertion event and be able to traverse the events in the first chunk.
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-242-41/+218
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Re-introduce "Leave out optional keys from /sync" change (#10214)Andrew Morgan2021-06-231-23/+46
| | | Required some fixes due to merge conflicts with #6739, but nothing too hairy. The first commit is the same as the original (after merge conflict resolution) then two more for compatibility with the latest sync code.
* Add endpoints for backfilling history (MSC2716) (#9247)Eric Eastwood2021-06-221-1/+287
| | | Work on https://github.com/matrix-org/matrix-doc/pull/2716
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-162-0/+9
| | | | | | | Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
* Fix requestOpenIdToken response: integer expires_in (#10175)Lukas Lihotzki2021-06-161-1/+1
| | | | | | | | | | `expires_in` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/master/data/api/client-server/definitions/openid_token.yaml#L32 True division (`/`) returns a float instead (`"expires_in": 3600.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Remove the experimental flag for knocking and use stable prefixes / ↵Patrick Cloke2021-06-151-4/+2
| | | | | | | endpoints. (#10167) * Room version 7 for knocking. * Stable prefixes and endpoints (both client and federation) for knocking. * Removes the experimental configuration flag.
* Implement knock feature (#6739)Sorunome2021-06-093-21/+198
| | | | | | This PR aims to implement the knock feature as proposed in https://github.com/matrix-org/matrix-doc/pull/2403 Signed-off-by: Sorunome mail@sorunome.de Signed-off-by: Andrew Morgan andrewm@element.io
* Limit the number of in-flight /keys/query requests from a single device. ↵Patrick Cloke2021-06-091-1/+4
| | | | (#10144)
* Correct type hints for parse_string(s)_from_args. (#10137)Patrick Cloke2021-06-082-6/+6
|
* r0.6.1 support: /rooms/:roomId/aliases endpoint (#9224)Travis Ralston2021-06-031-1/+1
| | | | | | [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432) added this endpoint originally but it has since been included in the spec for nearly a year. This is progress towards https://github.com/matrix-org/synapse/issues/8334
* Move some more endpoints off master (#10084)Erik Johnston2021-05-271-4/+4
|
* Make reason and score optional for report_event (#10077)Callum Brown2021-05-271-9/+4
| | | | | | Implements MSC2414: https://github.com/matrix-org/matrix-doc/pull/2414 See #8551 Signed-off-by: Callum Brown <callum@calcuode.com>
* Remove the experimental spaces enabled flag. (#10063)Patrick Cloke2021-05-261-3/+1
| | | | In lieu of just always enabling the unstable spaces endpoint and unstable room version.
* Support fetching the spaces summary via GET over federation. (#9947)Patrick Cloke2021-05-111-0/+1
| | | | | | | | | | | Per changes in MSC2946, the C-S and S-S APIs for spaces summary should use GET requests. Until this is stable, the POST endpoints still exist. This does not switch federation requests to use the GET version yet since it is newly added and already deployed servers might not support it. When switching to the stable endpoint we should switch to GET requests.
* Revert "Leave out optional keys from /sync (#9919)" (#9940)Erik Johnston2021-05-061-44/+18
| | | This reverts commit e9eb3549d32a6f93d07de8dbd5e1ebe54c8d8278.
* Leave out optional keys from /sync (#9919)DeepBlueV7.X2021-05-051-18/+44
| | | | | | This leaves out all optional keys from /sync. This should be fine for all clients tested against conduit already, but it may break some clients, as such we should check, that at least most of them don't break horribly and maybe back out some of the individual changes. (We can probably always leave out groups for example, while the others may cause more issues.) Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
* Split presence out of master (#9820)Erik Johnston2021-04-231-1/+6
|
* Limit length of accepted email addresses (#9855)Erik Johnston2021-04-222-6/+10
|
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-201-1/+1
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-7/+25
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1443-43/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Require AppserviceRegistrationType (#9548)Will Hunt2021-04-121-7/+16
| | | This change ensures that the appservice registration behaviour follows the spec. We decided to do this for Dendrite, so it made sense to also make a PR for synapse to correct the behaviour.
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-303-11/+21
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-261-0/+3
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Add a type hints for service notices to the HomeServer object. (#9675)Patrick Cloke2021-03-241-3/+8
|
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-233-3/+3
|
* Incorporate reviewBrendan Abolivier2021-03-191-1/+1
|
* Merge branch 'develop' into babolivier/msc3026Brendan Abolivier2021-03-191-3/+66
|\
| * fix mypyRichard van der Hoff2021-03-191-4/+7
| |
| * Fix type-hints from bad merge.Patrick Cloke2021-03-181-2/+2
| |
| * Initial spaces summary API (#9643)Richard van der Hoff2021-03-181-3/+63
| | | | | | This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
* | Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-0/+2
|/
* Fix up types for the typing handler. (#9638)Patrick Cloke2021-03-171-6/+9
| | | | By splitting this to two separate methods the callers know what methods they can expect on the handler.
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-11/+12
| | | | | Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-161-5/+34
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Prevent bundling aggregations for state events (#9619)Andrew Morgan2021-03-161-1/+4
| | | There's no need to do aggregation bundling for state events. Doing so can cause performance issues.
* Fix additional type hints from Twisted 21.2.0. (#9591)Patrick Cloke2021-03-121-32/+73
|
* Prometheus metrics for logins and registrations (#9511)Richard van der Hoff2021-03-041-2/+8
| | | Add prom metrics for number of users successfully registering and logging in, by SSO provider.
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-041-4/+2
| | | This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-011-1/+1
| | | | This also pins the Twisted version in the mypy job for CI until proper type hints are fixed throughout Synapse.
* SSO: redirect to public URL before setting cookies (#9436)Richard van der Hoff2021-02-261-0/+28
| | | ... otherwise, we don't get the cookie back.
* Ratelimit cross-user key sharing requests. (#8957)Patrick Cloke2021-02-191-3/+1
|
* Add type hints to groups code. (#9393)Patrick Cloke2021-02-171-23/+120
|
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-1610-63/+86
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Fix some typos.Patrick Cloke2021-02-121-1/+1
|
* Type hints and validation improvements. (#9321)Patrick Cloke2021-02-082-60/+121
| | | | | * Adds type hints to the groups servlet and stringutils code. * Assert the maximum length of some input values for spec compliance.
* Merge pull request #9150 from Yoric/develop-contextDavid Teller2021-02-081-1/+1
|\ | | | | New API /_synapse/admin/rooms/{roomId}/context/{eventId}
| * FIXUP: Making get_event_context a bit more paranoidDavid Teller2021-01-281-1/+1
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-01-281-0/+2
|\ \
| * | Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-271-0/+2
| |/ | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
* / Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-282-2/+16
|/
* Implement MSC2858 support (#9183)Richard van der Hoff2021-01-271-6/+49
| | | Fixes #8928.
* Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-2/+1
|
* Validate the server name for the /publicRooms endpoint. (#9161)Patrick Cloke2021-01-191-2/+17
| | | | If a remote server name is provided, ensure it is something reasonable before making remote connections to it.
* Allow moving account data and receipts streams off master (#9104)Erik Johnston2021-01-182-26/+7
|
* Remove user's avatar URL and displayname when deactivated. (#8932)Dirk Klimpel2021-01-121-2/+5
| | | This only applies if the user's data is to be erased.
* UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-123-42/+22
| | | | | | | If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one. There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated. Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
* Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-125-39/+10
| | | Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
* Add some tests for the IDP picker flowRichard van der Hoff2021-01-071-2/+2
|
* Combine the SSO Redirect Servlets (#9015)Richard van der Hoff2021-01-042-89/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement CasHandler.handle_redirect_request ... to make it match OidcHandler and SamlHandler * Clean up interface for OidcHandler.handle_redirect_request Make it accept `client_redirect_url=None`. * Clean up interface for `SamlHandler.handle_redirect_request` ... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`. * Define a common protocol for SSO auth provider impls * Give SsoIdentityProvider an ID and register them * Combine the SSO Redirect servlets Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP. * changelog
* Check if group IDs are valid before using them. (#8977)Patrick Cloke2020-12-301-3/+45
|
* Validate input parameters for the sendToDevice API. (#8975)Patrick Cloke2020-12-291-1/+2
| | | | This makes the "messages" key in the content required. This is currently optional in the spec, but that seems to be an error.
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-7/+10
| | | Adds the redacts endpoint to workers that have the client listener.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-3/+7
|
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-181-3/+11
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-171-3/+11
| |
* | Convert internal pusher dicts to attrs classes. (#8940)Patrick Cloke2020-12-161-14/+1
| | | | | | This improves type hinting and should use less memory.
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-6/+19
| | | | | | | | Fixes #8846.
* | Fix errorcode for disabled registration (#8867)Richard van der Hoff2020-12-031-1/+1
|/ | | | The spec says we should return `M_FORBIDDEN` when someone tries to register and registration is disabled.
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-105/+2
| | | | | | | | | | The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
* Simplify appservice login code (#8847)Richard van der Hoff2020-11-301-6/+21
| | | we don't need to support legacy login dictionaries here.
* Simplify the way the `HomeServer` object caches its internal attributes. ↵Jonathan de Jong2020-11-302-5/+5
| | | | | (#8565) Changes `@cache_in_self` to use underscore-prefixed attributes.
* Use TYPE_CHECKING instead of magic MYPY variable. (#8770)Patrick Cloke2020-11-171-3/+2
|
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-171-0/+1
|
* Add metrics for tracking 3PID /requestToken requests. (#8712)Erik Johnston2020-11-132-0/+22
| | | | | | The main use case is to see how many requests are being made, and how many are second/third/etc attempts. If there are large number of retries then that likely indicates a delivery problem.
* Remove unused OPTIONS handlers. (#8621)Patrick Cloke2020-10-2212-62/+0
| | | | The handling of OPTIONS requests was consolidated in #7534, but the endpoint specific handlers were not removed.
* Expose the experimental appservice login flow to clients. (#8504)Patrick Cloke2020-10-191-0/+2
|
* Add correct M_BAD_JSON error code to /profile/{userId}/displayname (#8517)Aaron Raimist2020-10-141-1/+3
| | | Fixes #8029
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-095-32/+26
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Add support for MSC2697: Dehydrated devices (#8380)Hubert Chathi2020-10-072-15/+156
| | | | This allows a user to store an offline device on the server and then restore it at a subsequent login.
* Add support for MSC2732: olm fallback keys (#8312)Hubert Chathi2020-10-061-0/+1
|
* Convert additional templates to Jinja (#8444)Patrick Cloke2020-10-021-110/+26
| | | This converts a few more of our inline HTML templates to Jinja. This is somewhat part of #7280 and should make it a bit easier to customize these in the future.
* Do not expose the experimental appservice login flow to clients. (#8440)Patrick Cloke2020-10-011-2/+0
|
* Make token serializing/deserializing async (#8427)Erik Johnston2020-09-305-11/+19
| | | The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-7/+15
|
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2020-09-291-6/+9
|\ | | | | | | anoa/info-mainline-no-check-password-reset
| * Only assert valid next_link params when provided (#8417)Andrew Morgan2020-09-291-6/+9
| | | | | | | | | | | | | | Broken in https://github.com/matrix-org/synapse/pull/8275 and has yet to be put in a release. Fixes https://github.com/matrix-org/synapse/issues/8418. `next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL. This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
* | Don't check whether a 3pid is allowed to register during password resetAndrew Morgan2020-09-281-7/+0
|/ | | | | This endpoint should only deal with emails that have already been approved, and are attached with user's account. There's no need to re-check them here.
* Merge tag 'v1.20.0rc5' into developPatrick Cloke2020-09-181-0/+19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.20.0rc5 (2020-09-18) ============================== In addition to the below, Synapse 1.20.0rc5 also includes the bug fix that was included in 1.19.3. Features -------- - Add flags to the `/versions` endpoint for whether new rooms default to using E2EE. ([\#8343](https://github.com/matrix-org/synapse/issues/8343)) Bugfixes -------- - Fix rate limiting of federation `/send` requests. ([\#8342](https://github.com/matrix-org/synapse/issues/8342)) - Fix a longstanding bug where back pagination over federation could get stuck if it failed to handle a received event. ([\#8349](https://github.com/matrix-org/synapse/issues/8349)) Internal Changes ---------------- - Blacklist [MSC2753](https://github.com/matrix-org/matrix-doc/pull/2753) SyTests until it is implemented. ([\#8285](https://github.com/matrix-org/synapse/issues/8285))
| * Add flags to /versions about whether new rooms are encrypted by default. (#8343)Patrick Cloke2020-09-181-0/+19
| |
* | Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-1838-121/+121
| | | | | | | | | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
* | Allow appservice users to /login (#8320)Will Hunt2020-09-181-10/+39
| | | | | | | | | | Add ability for ASes to /login using the `uk.half-shot.msc2778.login.application_service` login `type`. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* | Fix a potential bug of UnboundLocalError (#8329)Jonathan de Jong2020-09-171-5/+8
| | | | | | Replaced with less buggier control flow
* | Fix typos in comments.Patrick Cloke2020-09-141-1/+1
| |
* | Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-101-76/+0
| | | | | | | | | | This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
* | Don't remember `enabled` of deleted push rules and properly return 404 for ↵reivilibre2020-09-091-2/+13
| | | | | | | | | | | | | | missing push rules in `.../actions` and `.../enabled` (#7796) Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net> Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* | Add a config option for validating 'next_link' parameters against a domain ↵Andrew Morgan2020-09-081-9/+57
|/ | | | | | | | | | | whitelist (#8275) This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-042-2/+2
|
* Re-implement unread counts (again) (#8059)Brendan Abolivier2020-09-021-0/+1
|
* Add /user/{user_id}/shared_rooms/ api (#7785)Will Hunt2020-09-022-0/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add shared_rooms api * Add changelog * Add . * Wrap response in {"rooms": } * linting * Add unstable_features key * Remove options from isort that aren't part of 5.x `-y` and `-rc` are now default behaviour and no longer exist. `dont-skip` is no longer required https://timothycrosley.github.io/isort/CHANGELOG/#500-penny-july-4-2020 * Update imports to make isort happy * Add changelog * Update tox.ini file with correct invocation * fix linting again for isort * Vendor prefix unstable API * Fix to match spec * import Codes * import Codes * Use FORBIDDEN * Update changelog.d/7785.feature Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Implement get_shared_rooms_for_users * a comma * trailing whitespace * Handle the easy feedback * Switch to using runInteraction * Add tests * Feedback * Seperate unstable endpoint from v2 * Add upgrade node * a line * Fix style by adding a blank line at EOF. * Update synapse/storage/databases/main/user_directory.py Co-authored-by: Tulir Asokan <tulir@maunium.net> * Update synapse/storage/databases/main/user_directory.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Update UPGRADE.rst Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Fix UPGRADE/CHANGELOG unstable paths unstable unstable unstable Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Tulir Asokan <tulir@maunium.net> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Tulir Asokan <tulir@maunium.net>
* Move and refactor LoginRestServlet helper methods (#8182)Andrew Morgan2020-08-281-54/+6
| | | | | | | This is split out from https://github.com/matrix-org/synapse/pull/7438, which had gotten rather large. `LoginRestServlet` has a couple helper methods, `login_submission_legacy_convert` and `login_id_thirdparty_from_phone`. They're primarily used for converting legacy user login submissions to "identifier" dicts ([see spec](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-login)). Identifying information such as usernames or 3PID information used to be top-level in the login body. They're now supposed to be put inside an [identifier](https://matrix.org/docs/spec/client_server/r0.6.1#identifier-types) parameter instead. #7438's purpose is to allow using the new identifier parameter during User-Interactive Authentication, which is currently handled in AuthHandler. That's why I've moved these helper methods there. I also moved the refactoring of these method from #7438 as they're relevant.
* Do not propagate typing notifications from shadow-banned users. (#8176)Patrick Cloke2020-08-261-11/+15
|
* Remove unused parameter from, and add safeguard in, get_room_data (#8174)Andrew Morgan2020-08-261-1/+0
| | | | | | Small cleanup PR. * Removed the unused `is_guest` argument * Added a safeguard to a (currently) impossible code path, fixing static checking at the same time.
* Stop shadow-banned users from sending non-member events. (#8142)Patrick Cloke2020-08-243-40/+66
|
* Don't fail /submit_token requests on incorrect session ID if ↵Brendan Abolivier2020-08-242-0/+17
| | | | | | | | | | | | | | | | | | | request_token_inhibit_3pid_errors is turned on (#7991) * Don't raise session_id errors on submit_token if request_token_inhibit_3pid_errors is set * Changelog * Also wait some time before responding to /requestToken * Incorporate review * Update synapse/storage/databases/main/registration.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> * Incorporate review Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Allow denying or shadow banning registrations via the spam checker (#8034)Patrick Cloke2020-08-201-0/+5
|
* Stop shadow-banned users from sending invites. (#8095)Patrick Cloke2020-08-201-27/+40
|
* Ensure a group ID is valid before trying to get rooms for it. (#8129)Patrick Cloke2020-08-201-0/+4
|
* Remove `ChainedIdGenerator`. (#8123)Erik Johnston2020-08-191-1/+1
| | | | | It's just a thin wrapper around two ID gens to make `get_current_token` and `get_next` return tuples. This can easily be replaced by calling the appropriate methods on the underlying ID gens directly.
* Be stricter about JSON that is accepted by Synapse (#8106)Patrick Cloke2020-08-192-7/+9
|
* Use the default templates when a custom template file cannot be found (#8037)Andrew Morgan2020-08-172-57/+18
| | | Fixes https://github.com/matrix-org/synapse/issues/6583
* Convert pusher databases to async/await. (#8075)Patrick Cloke2020-08-141-4/+5
|
* Implement new experimental push rules (#7997)Brendan Abolivier2020-08-101-2/+9
|\ | | | | With an undocumented configuration setting to enable them for specific users.
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Brendan Abolivier2020-08-061-1/+1
| |\ | | | | | | | | | babolivier/new_push_rules
| * | Incorporate reviewBrendan Abolivier2020-08-061-2/+2
| | |
| * | Fix PUT /pushrules to use the right rule IDsBrendan Abolivier2020-08-031-2/+9
| | |
* | | Remove unnecessary maybeDeferred calls (#8044)Patrick Cloke2020-08-071-1/+1
| | |
* | | Revert #7736 (#8039)Brendan Abolivier2020-08-061-1/+0
| | |
* | | Convert synapse.api to async/await (#8031)Patrick Cloke2020-08-062-2/+2
| | |
* | | Improve performance of the register endpoint (#8009)Patrick Cloke2020-08-062-65/+129
| |/ |/|
* | Allow guests to operate in encrypted rooms (#7314)Michael Albert2020-08-031-1/+1
|/ | | Signed-off-by: Michael Albert <michael.albert@awesome-technologies.de>
* Re-implement unread counts (#7736)Brendan Abolivier2020-07-291-0/+1
|
* Do not convert async functions to Deferreds in the interactive_auth_handler ↵Patrick Cloke2020-07-241-26/+21
| | | | (#7944)
* Skip serializing /sync response if client has disconnected (#7927)Richard van der Hoff2020-07-221-0/+6
| | | ... it's a load of work which may be entirely redundant.
* Add debugging to sync response generation (#7929)Richard van der Hoff2020-07-221-0/+3
|
* Add a default limit (of 100) to get/sync operations. (#7858)Patrick Cloke2020-07-171-1/+10
|
* Allow moving typing off master (#7869)Erik Johnston2020-07-161-0/+9
|
* Ensure that calls to `json.dumps` are compatible with the standard library ↵Patrick Cloke2020-07-151-6/+7
| | | | json. (#7836)
* Return the proper 403 Forbidden error during errors with JWT logins. (#7844)Patrick Cloke2020-07-151-5/+3
|
* Add the option to validate the `iss` and `aud` claims for JWT logins. (#7827)Patrick Cloke2020-07-141-6/+19
|
* `update_membership` declaration: now always returns an event id. (#7809)Richard van der Hoff2020-07-091-4/+2
|
* Stop passing bytes when dumping JSON (#7799)Patrick Cloke2020-07-081-1/+1
|
* Add documentation for JWT login type and improve sample config. (#7776)Patrick Cloke2020-07-061-21/+27
|
* Fix inconsistent handling of upper and lower cases of email addresses. (#7021)Dirk Klimpel2020-07-033-16/+58
| | | fixes #7016
* Merge branch 'master' into developPatrick Cloke2020-07-025-46/+19
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-025-46/+19
| |
* | Back out MSC2625 implementation (#7761)Brendan Abolivier2020-07-011-2/+2
| |
* | add org.matrix.login.jwt so that m.login.jwt can be deprecated (#7675)Sorunome2020-06-241-1/+4
| |
* | Implement unread counter (MSC2625) (#7673)Brendan Abolivier2020-06-171-2/+2
|\ \ | | | | | | Implementation of https://github.com/matrix-org/matrix-doc/pull/2625
| * \ Merge branch 'develop' into babolivier/mark_unreadBrendan Abolivier2020-06-151-1/+3
| |\ \
| * | | Use temporary prefixes as per the MSCBrendan Abolivier2020-06-101-1/+1
| | | |
| * | | Rename dont_push into mark_unreadBrendan Abolivier2020-06-101-2/+2
| | | |
* | | | Replace all remaining six usage with native Python 3 equivalents (#7704)Dagfinn Ilmari Mannsåker2020-06-165-22/+11
| | | |
* | | | Merge branch 'master' into developBrendan Abolivier2020-06-161-3/+3
|\ \ \ \ | | |_|/ | |/| |
| * | | Enable 3PID add/bind/unbind endpoints on r0 routesBrendan Abolivier2020-06-151-3/+3
| |/ /
* | / Update m.id.phone to use 'phone' instead of 'number' (#7687)Andrew Morgan2020-06-151-2/+10
| |/ |/| | | | | | | | | | | | | | | The spec [states](https://matrix.org/docs/spec/client_server/r0.6.1#phone-number) that `m.id.phone` requires the field `country` and `phone`. In Synapse, we've been enforcing `country` and `number`. I am not currently sure whether this affects any client implementations. This issue was introduced in #1994.
* | Remove "user_id" from GET /presence. (#7606)Will Hunt2020-06-111-1/+3
|/
* Support CS API v0.6.0 (#6585)Andrew Morgan2020-06-051-15/+1
|
* Performance improvements and refactor of Ratelimiter (#7595)Andrew Morgan2020-06-052-59/+22
| | | | | | | | | | While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
* Fix encryption algorithm typos in tests/comments (#7637)Andrew Morgan2020-06-041-4/+4
| | | | | | | | @uhoreg has confirmed these were both typos. They are only in comments and tests though, rather than anything critical. Introduced in: * https://github.com/matrix-org/synapse/pull/7157 * https://github.com/matrix-org/synapse/pull/5726
* Advertise the token login type when OpenID Connect is enabled. (#7631)Patrick Cloke2020-06-041-8/+3
|
* Fix a bug in automatic user creation with m.login.jwt. (#7585)Olof Johansson2020-06-011-7/+8
|
* Add ability to wait for replication streams (#7542)Erik Johnston2020-05-222-9/+13
| | | | | | | The idea here is that if an instance persists an event via the replication HTTP API it can return before we receive that event over replication, which can lead to races where code assumes that persisting an event immediately updates various caches (e.g. current state of the room). Most of Synapse doesn't hit such races, so we don't do the waiting automagically, instead we do so where necessary to avoid unnecessary delays. We may decide to change our minds here if it turns out there are a lot of subtle races going on. People probably want to look at this commit by commit.
* Use a non-empty RelayState for user interactive auth with SAML. (#7552)Patrick Cloke2020-05-221-1/+4
|
* Hash passwords earlier in the password reset process (#7538)Patrick Cloke2020-05-202-5/+20
| | | | This now matches the logic of the registration process as modified in 56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
* Merge tag 'v1.13.0rc3' into developPatrick Cloke2020-05-181-9/+13
|\ | | | | | | | | | | | | | | Synapse 1.13.0rc3 (2020-05-18) Bugfixes: - Hash passwords as early as possible during registration. #7523
| * Hash passwords earlier in the registration process (#7523)Patrick Cloke2020-05-181-9/+13
| |
* | Support UI Authentication for OpenID Connect accounts (#7457)Patrick Cloke2020-05-152-16/+34
| |
* | Allow expired accounts to logout (#7443)Andrew Morgan2020-05-141-3/+3
| |
* | Merge tag 'v1.13.0rc2' into developRichard van der Hoff2020-05-141-1/+0
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.13.0rc2 (2020-05-14) ============================== Bugfixes -------- - Fix a long-standing bug which could cause messages not to be sent over federation, when state events with state keys matching user IDs (such as custom user statuses) were received. ([\#7376](https://github.com/matrix-org/synapse/issues/7376)) - Restore compatibility with non-compliant clients during the user interactive authentication process, fixing a problem introduced in v1.13.0rc1. ([\#7483](https://github.com/matrix-org/synapse/issues/7483)) Internal Changes ---------------- - Fix linting errors in new version of Flake8. ([\#7470](https://github.com/matrix-org/synapse/issues/7470))
| * Do not validate that the client dict is stable during UI Auth. (#7483)Patrick Cloke2020-05-131-1/+0
| | | | | | | | This backs out some of the validation for the client dictionary and logs if this changes during a user interactive authentication session instead.
* | Merge branch 'release-v1.13.0' into developAndrew Morgan2020-05-111-0/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * release-v1.13.0: Don't UPGRADE database rows RST indenting Put rollback instructions in upgrade notes Fix changelog typo Oh yeah, RST Absolute URL it is then Fix upgrade notes link Provide summary of upgrade issues in changelog. Fix ) Move next version notes from changelog to upgrade notes Changelog fixes 1.13.0rc1 Documentation on setting up redis (#7446) Rework UI Auth session validation for registration (#7455) Fix errors from malformed log line (#7454) Drop support for redis.dbid (#7450)
| * Rework UI Auth session validation for registration (#7455)Patrick Cloke2020-05-081-0/+1
| | | | | | | | Be less strict about validation of UI authentication sessions during registration to match client expecations.
* | Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-3/+25
|/
* Persist user interactive authentication sessions (#7302)Patrick Cloke2020-04-302-4/+4
| | | | | By persisting the user interactive authentication sessions to the database, this fixes situations where a user hits different works throughout their auth session and also allows sessions to persist through restarts of Synapse.
* Revert "Revert "Merge pull request #7315 from ↵Brendan Abolivier2020-04-232-2/+27
| | | | | | matrix-org/babolivier/request_token"" This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
* Merge branch 'release-v1.12.4' into developRichard van der Hoff2020-04-221-0/+8
|\
| * Support GET account_data requests on a worker (#7311)Richard van der Hoff2020-04-211-0/+8
| |
* | Use a template for the SSO success page to allow for customization. (#7279)Patrick Cloke2020-04-171-1/+24
| |
* | Improve error responses when a remote server doesn't allow you to access its ↵Andrew Morgan2020-04-061-13/+20
| | | | | | | | public rooms list (#6899)
* | Support CAS in UI Auth flows. (#7186)Patrick Cloke2020-04-032-9/+39
| |
* | Support SAML in the user interactive authentication workflow. (#7102)Patrick Cloke2020-04-015-30/+50
| |
* | Add options to prevent users from changing their profile. (#7096)Dirk Klimpel2020-03-271-0/+16
| |
* | Ensure is_verified on /_matrix/client/r0/room_keys/keys is a boolean (#7150)Andrew Morgan2020-03-271-1/+1
| |
* | Refactor the CAS code (move the logic out of the REST layer to a handler) ↵Patrick Cloke2020-03-261-155/+16
| | | | | | | | (#7136)
* | Allow server admins to define and enforce a password policy (MSC2000). (#7118)Dirk Klimpel2020-03-262-0/+60
| |
* | Validate that the session is not modified during UI-Auth (#7068)Patrick Cloke2020-03-264-8/+14
| |
* | Fix CAS redirect url (#6634)Naugrimm2020-03-241-11/+16
| | | | | | Build the same service URL when requesting the CAS ticket and when calling the proxyValidate URL.
* | Clean-up some auth/login REST code (#7115)Patrick Cloke2020-03-202-41/+20
|/
* Add an option to the set password API to choose whether to logout other ↵Patrick Cloke2020-03-181-1/+4
| | | | devices. (#7085)
* Remove special casing of `m.room.aliases` events (#7034)Patrick Cloke2020-03-171-12/+0
|
* Revert "Add options to disable setting profile info for prevent changes. ↵Richard van der Hoff2020-03-171-16/+0
| | | | | | | (#7053)" This reverts commit 54dd28621b070ca67de9f773fe9a89e1f4dc19da, reversing changes made to 6640460d054e8f4444046a34bdf638921b31c01e.
* Add options to disable setting profile info for prevent changes. (#7053)Brendan Abolivier2020-03-101-0/+16
|\
| * updates after reviewdklimpel2020-03-091-6/+12
| |
| * add disable_3pid_changesdklimpel2020-03-081-0/+10
| |
* | Merge branch 'master' into developBrendan Abolivier2020-03-031-30/+13
|\ \ | |/ |/|
| * Factor out complete_sso_login and expose it to the Module APIBrendan Abolivier2020-03-031-56/+2
| |
| * Add a whitelist for the SSO confirmation step.Richard van der Hoff2020-03-021-8/+18
| |
| * Add a confirmation step to the SSO login flowBrendan Abolivier2020-03-021-6/+34
| |
* | Ensure 'deactivated' parameter is a boolean on user admin API, Fix error ↵Andrew Morgan2020-02-261-0/+1
| | | | | | | | handling of call to deactivate user (#6990)
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-213-6/+6
|/ | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Merge pull request #6949 from matrix-org/rav/list_room_aliases_peekableRichard van der Hoff2020-02-191-6/+6
|\ | | | | Make room alias lists peekable
| * Add `allow_departed_users` param to `check_in_room_or_world_readable`Richard van der Hoff2020-02-191-6/+6
| | | | | | | | | | | | | | ... and set it everywhere it's called. while we're here, rename it for consistency with `check_user_in_room` (and to help check that I haven't missed any instances)