Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Lowercase all email addresses before querying db | David Baker | 2017-01-18 | 2 | -1/+12 |
| | | | | | Since we store all emails in the DB in lowercase (https://github.com/matrix-org/synapse/pull/1170) | ||||
* | Fix spurious Unhandled Error log lines | Erik Johnston | 2017-01-12 | 1 | -1/+5 |
| | |||||
* | Linearize updates to membership via PUT /state/ | Erik Johnston | 2017-01-09 | 1 | -11/+17 |
| | |||||
* | Add /account/3pid/delete endpoint | David Baker | 2016-12-20 | 1 | -1/+35 |
| | | | | Also fix a typo in a comment | ||||
* | Merge pull request #1676 from matrix-org/erikj/room_list | Erik Johnston | 2016-12-12 | 2 | -1/+52 |
|\ | | | | | Add new API appservice specific public room list | ||||
| * | Add new API appservice specific public room list | Erik Johnston | 2016-12-06 | 2 | -1/+52 |
| | | |||||
* | | Remove unspecced GET endpoints for e2e keys | Richard van der Hoff | 2016-12-12 | 1 | -39/+4 |
| | | | | | | | | | | | | | | | | GET /keys/claim is a terrible idea, since it isn't idempotent; also it throws 500 errors if you call it without all the right params. GET /keys/query is arguable, but it's unspecced, so let's get rid of it too to stop people relying on unspecced APIs. | ||||
* | | Add /room/<room_id>/joined_members API | Erik Johnston | 2016-12-08 | 1 | -0/+19 |
| | | | | | | | | | | | | This returns the currently joined members in the room with their display names and avatar urls. This is more efficient than /members for large rooms where you don't need the full events. | ||||
* | | Add joined_rooms servlet | Erik Johnston | 2016-12-08 | 1 | -0/+17 |
|/ | |||||
* | Fix doc-string | Richard van der Hoff | 2016-12-01 | 1 | -2/+1 |
| | | | | Remove refresh_token reference | ||||
* | Rip out more refresh_token code | Richard van der Hoff | 2016-11-30 | 2 | -25/+3 |
| | | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema. | ||||
* | Merge branch 'develop' into rav/no_more_refresh_tokens | Richard van der Hoff | 2016-11-30 | 5 | -25/+24 |
|\ | |||||
| * | Merge pull request #1656 from matrix-org/rav/remove_time_caveat | Richard van der Hoff | 2016-11-30 | 1 | -12/+0 |
| |\ | | | | | | | Stop putting a time caveat on access tokens | ||||
| | * | Stop putting a time caveat on access tokens | Richard van der Hoff | 2016-11-29 | 1 | -12/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats. | ||||
| * | | Merge pull request #1653 from matrix-org/rav/guest_e2e | Richard van der Hoff | 2016-11-29 | 4 | -13/+24 |
| |\ \ | | |/ | |/| | Implement E2E for guests | ||||
| | * | Allow guest access to endpoints for E2E | Richard van der Hoff | 2016-11-25 | 3 | -9/+9 |
| | | | | | | | | | | | | | | | Expose /devices, /keys, and /sendToDevice to guest users, so that they can use E2E. | ||||
| | * | Give guest users a device_id | Richard van der Hoff | 2016-11-25 | 1 | -4/+15 |
| | | | | | | | | | | | | | | | We need to create devices for guests so that they can use e2e, but we don't have anywhere to store it, so just use a fixed one. | ||||
* | | | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 2 | -21/+12 |
|/ / | | | | | | | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins. | ||||
* / | Shuffle receipt handler around so that worker apps don't need to load it | Erik Johnston | 2016-11-23 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #1638 from matrix-org/kegan/sync-event-fields | Kegsay | 2016-11-22 | 1 | -10/+13 |
|\ | | | | | Implement "event_fields" in filters | ||||
| * | Glue only_event_fields into the sync rest servlet | Kegan Dougal | 2016-11-22 | 1 | -10/+13 |
| | | |||||
* | | Fix flake8 | Mark Haines | 2016-11-18 | 1 | -1/+0 |
| | | |||||
* | | Work around client replacing reg params | David Baker | 2016-11-18 | 1 | -0/+12 |
|/ | | | | | Works around https://github.com/vector-im/vector-android/issues/715 and equivalent for iOS | ||||
* | Clean transactions based on time. Add HttpTransactionCache tests. | Kegan Dougal | 2016-11-14 | 3 | -7/+21 |
| | |||||
* | Move .observe() up to the cache to make things neater | Kegan Dougal | 2016-11-14 | 3 | -33/+11 |
| | |||||
* | Review comments | Kegan Dougal | 2016-11-11 | 5 | -158/+119 |
| | |||||
* | More flake8 | Kegan Dougal | 2016-11-11 | 1 | -1/+3 |
| | |||||
* | Flake8 and fix whoopsie | Kegan Dougal | 2016-11-11 | 1 | -4/+8 |
| | |||||
* | Use ObservableDeferreds instead of Deferreds as they behave as intended | Kegan Dougal | 2016-11-11 | 2 | -30/+31 |
| | |||||
* | Use observable deferreds because they are sane | Kegan Dougal | 2016-11-11 | 1 | -3/+4 |
| | |||||
* | Flake8 | Kegan Dougal | 2016-11-10 | 2 | -4/+4 |
| | |||||
* | Store Promise<Response> instead of Response for HTTP API transactions | Kegan Dougal | 2016-11-10 | 4 | -88/+68 |
| | | | | | | | | | | | | | | | | | | This fixes a race whereby: - User hits an endpoint. - No cached transaction so executes main code. - User hits same endpoint. - No cache transaction so executes main code. - Main code finishes executing and caches response and returns. - Main code finishes executing and caches response and returns. This race is common in the wild when Synapse is struggling under load. This commit fixes the race by: - User hits an endpoint. - Caches the promise to execute the main code and executes main code. - User hits same endpoint. - Yields on the same promise as the first request. - Main code finishes executing and returns, unblocking both requests. | ||||
* | Merge pull request #1164 from pik/error-codes | Erik Johnston | 2016-10-19 | 1 | -6/+6 |
|\ | | | | | Clarify Error codes for GET /filter/ | ||||
| * | Refactor test_filter to use real DataStore | pik | 2016-10-18 | 1 | -2/+2 |
| | | | | | | | | * add tests for filter api errors | ||||
| * | Error codes for filters | Alexander Maznev | 2016-10-14 | 1 | -4/+4 |
| | | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com> | ||||
* | | Handle delete device requests with no body | Richard van der Hoff | 2016-10-12 | 1 | -2/+11 |
| | | | | | | | | | | We should probably return a 401 rather than a 400 for existing clients that don't know they have to do the UIA dance to delete a device. | ||||
* | | User-interactive auth on delete device | Richard van der Hoff | 2016-10-12 | 1 | -5/+11 |
| | | |||||
* | | Merge pull request #1157 from Rugvip/nolimit | Erik Johnston | 2016-10-11 | 1 | -4/+7 |
|\ \ | |/ |/| | Remove rate limiting from app service senders and fix get_or_create_user requester | ||||
| * | rest/client/v1/register: use the correct requester in createUser | Patrik Oldsberg | 2016-10-06 | 1 | -3/+6 |
| | | | | | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
| * | storage/appservice: make appservice methods only relying on the cache ↵ | Patrik Oldsberg | 2016-10-06 | 1 | -1/+1 |
| | | | | | | | | synchronous | ||||
* | | window.postmessage for Interactive Auth fallback | Richard van der Hoff | 2016-10-06 | 1 | -1/+3 |
|/ | | | | | If you're a webapp running the fallback in an iframe, you can't set set a window.onAuthDone function. Let's post a message back to window.opener instead. | ||||
* | Time out typing over federation | Erik Johnston | 2016-09-23 | 1 | -1/+4 |
| | |||||
* | Support /initialSync in synchrotron worker | Erik Johnston | 2016-09-21 | 2 | -5/+4 |
| | |||||
* | Enable guest access to POST /publicRooms | Erik Johnston | 2016-09-17 | 1 | -2/+2 |
| | |||||
* | Make POST /publicRooms require auth | Erik Johnston | 2016-09-16 | 1 | -2/+1 |
| | |||||
* | Change the way we calculate new_limit in /publicRooms and add POST API | Erik Johnston | 2016-09-15 | 1 | -0/+29 |
| | |||||
* | Remove default public rooms limit | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | By default limit /publicRooms to 100 entries | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Pass since/from parameters over federation | Erik Johnston | 2016-09-15 | 1 | -3/+3 |
| | |||||
* | Allow paginating both forwards and backwards | Erik Johnston | 2016-09-15 | 1 | -3/+15 |
| | |||||
* | Remove support for aggregate room lists | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Move the E2E key handling into the e2e handler | Mark Haines | 2016-09-13 | 1 | -112/+16 |
| | |||||
* | Add a timeout parameter for end2end key queries. | Mark Haines | 2016-09-12 | 1 | -26/+51 |
| | | | | | | | | | | Add a timeout parameter for controlling how long synapse will wait for responses from remote servers. For servers that fail include how they failed to make it easier to debug. Fetch keys from different servers in parallel rather than in series. Set the default timeout to 10s. | ||||
* | Conform better to the CAS protocol specification | Shell Turner | 2016-09-09 | 1 | -5/+2 |
| | | | | | | | Redirect to CAS's /login endpoint properly, and don't require an <attributes> element. Signed-off-by: Shell Turner <cam.turn@gmail.com> | ||||
* | Merge pull request #1096 from matrix-org/markjh/get_access_token | Mark Haines | 2016-09-09 | 5 | -20/+16 |
|\ | | | | | Add helper function for getting access_tokens from requests | ||||
| * | Add helper function for getting access_tokens from requests | Mark Haines | 2016-09-09 | 5 | -20/+16 |
| | | | | | | | | | | | | Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers. | ||||
* | | Merge pull request #1091 from matrix-org/paul/third-party-lookup | Paul Evans | 2016-09-09 | 1 | -0/+24 |
|\ \ | | | | | | | Improvements to 3PE lookup API | ||||
| * | | appease pep8 | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+2 |
| | | | |||||
| * | | Python isn't JavaScript; have to quote dict keys | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+1 |
| | | | |||||
| * | | Efficiency fix for lookups of a single protocol | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+3 |
| | | | |||||
| * | | Allow lookup of a single 3PE protocol query metadata | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -0/+21 |
| | | | |||||
* | | | Filter returned events for client-facing format | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -2/+3 |
| | | | |||||
* | | | Allow clients to specify the format a room state event is returned in | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+7 |
| |/ |/| | |||||
* | | Merge pull request #1081 from matrix-org/dbkr/notifications_only_highlight | Matthew Hodgson | 2016-09-09 | 1 | -1/+2 |
|\ \ | |/ |/| | Implement `only=highlight` on `/notifications` | ||||
| * | Implement `only=highlight` on `/notifications` | David Baker | 2016-09-08 | 1 | -1/+2 |
| | | |||||
* | | Merge pull request #1082 from matrix-org/erikj/remote_public_rooms | Erik Johnston | 2016-09-08 | 1 | -6/+17 |
|\ \ | | | | | | | Add server param to /publicRooms | ||||
| * | | Use parse_string | Erik Johnston | 2016-09-08 | 1 | -2/+2 |
| | | | |||||
| * | | Add server param to /publicRooms | Erik Johnston | 2016-09-08 | 1 | -5/+16 |
| |/ | |||||
* / | Send device messages over federation | Mark Haines | 2016-09-06 | 1 | -26/+7 |
|/ | |||||
* | Fix up the calls to the notifier for device messages | Mark Haines | 2016-09-01 | 1 | -1/+1 |
| | |||||
* | Add a replication stream for direct to device messages | Mark Haines | 2016-08-31 | 1 | -2/+8 |
| | |||||
* | Merge remote-tracking branch 'origin/develop' into markjh/direct_to_device | Mark Haines | 2016-08-26 | 1 | -1/+1 |
|\ | |||||
| * | Move ThirdPartyEntityKind into api.constants so the expectation becomes that ↵ | Paul "LeoNerd" Evans | 2016-08-25 | 1 | -1/+1 |
| | | | | | | | | the value is significant | ||||
* | | Merge branch 'develop' into markjh/direct_to_device | Mark Haines | 2016-08-25 | 2 | -4/+21 |
|\| | |||||
| * | Merge pull request #1041 from matrix-org/paul/third-party-lookup | Paul Evans | 2016-08-25 | 1 | -2/+20 |
| |\ | | | | | | | Extend 3PE lookup APIs for metadata query | ||||
| | * | Move static knowledge of protocol metadata into AS handler; cache the result | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -20/+1 |
| | | | |||||
| | * | Declare 'gitter' known protocol, with user lookup | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -0/+3 |
| | | | |||||
| | * | Initial hack at the 3PN protocols metadata lookup API | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -0/+34 |
| | | | |||||
| | * | Move 3PU/3PL lookup APIs into /thirdparty containing entity | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -2/+2 |
| | | | |||||
| * | | Preserve some logcontexts | Erik Johnston | 2016-08-24 | 1 | -2/+1 |
| |/ | |||||
* | | Add some TODOs | Mark Haines | 2016-08-25 | 1 | -0/+4 |
| | | |||||
* | | Fix the deduplication of incoming direct-to-device messages | Mark Haines | 2016-08-25 | 1 | -1/+12 |
| | | |||||
* | | Add store-and-forward direct-to-device messaging | Mark Haines | 2016-08-25 | 2 | -3/+75 |
|/ | |||||
* | Pass through user-supplied content in /join/$room_id | Kegan Dougal | 2016-08-23 | 1 | -0/+1 |
| | | | | | | | It was always intended to allow custom keys on the join event, but this has at some point been lost. Restore it. If the user specifies keys like "avatar_url" then they will be clobbered. | ||||
* | Merge branch 'develop' into dbkr/notifications_api | Matthew Hodgson | 2016-08-20 | 1 | -0/+78 |
|\ | |||||
| * | Avoid so much copypasta between 3PU and 3PL query by unifying around a ↵ | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -2/+7 |
| | | | | | | | | ThirdPartyEntityKind enumeration | ||||
| * | Authenticate 3PE lookup requests | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -0/+6 |
| | | |||||
| * | Copypasta the 3PU support code to also do 3PL | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -0/+20 |
| | | |||||
| * | Remove TODO note about request fields being strings - they're always strings | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -2/+0 |
| | | |||||
| * | Merge remote-tracking branch 'origin/develop' into paul/thirdpartylookup | Paul "LeoNerd" Evans | 2016-08-18 | 9 | -5/+89 |
| |\ | |||||
| * | | Ensure that 3PU lookup request fields actually get passed in | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -1/+5 |
| | | | |||||
| * | | Thread 3PU lookup through as far as the AS API object; which currently noöps it | Paul "LeoNerd" Evans | 2016-08-17 | 1 | -2/+9 |
| | | | |||||
| * | | Initial empty implementation that just registers an API endpoint handler | Paul "LeoNerd" Evans | 2016-08-17 | 1 | -0/+38 |
| | | | |||||
* | | | Use tuple comparison | David Baker | 2016-08-18 | 1 | -4/+3 |
| | | | | | | | | | | | | Hopefully easier to read | ||||
* | | | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_api | David Baker | 2016-08-18 | 10 | -6/+90 |
|\ \ \ | | |/ | |/| | |||||
| * | | Make synchrotron accept /events | Erik Johnston | 2016-08-12 | 1 | -5/+4 |
| | | | |||||
| * | | Dont invoke get_handlers fromClientV1RestServlet | Erik Johnston | 2016-08-12 | 9 | -1/+86 |
| |/ | | | | | | | | | | | hs.get_handlers() can not be invoked from split out processes. Moving the invocations down a level means that we can slowly split out individual servlets. | ||||
| * | Don't change status_msg on /sync | Will Hunt | 2016-08-10 | 1 | -1/+1 |
| | | |||||
* | | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_api | David Baker | 2016-08-11 | 16 | -380/+800 |
|\| | |||||
| * | Merge pull request #995 from matrix-org/rav/clean_up_cas_login | David Baker | 2016-08-09 | 1 | -125/+33 |
| |\ | | | | | | | Clean up CAS login code | ||||
| | * | Clean up CAS login code | Richard van der Hoff | 2016-08-08 | 1 | -125/+33 |
| | | | | | | | | | | | | | | | | | | | | | Remove some apparently unused code. Clean up parse_cas_response, mostly to catch the exception if the CAS response isn't valid XML. | ||||
| * | | Fix CAS login | Richard van der Hoff | 2016-08-08 | 1 | -0/+1 |
| |/ | | | | | | | Attempting to log in with CAS was giving a 500 error. | ||||
| * | Merge branch 'rav/null_default_device_displayname' into develop | Richard van der Hoff | 2016-08-03 | 1 | -3/+1 |
| |\ | |||||
| | * | Default device_display_name to null | Richard van der Hoff | 2016-08-03 | 1 | -3/+1 |
| | | | | | | | | | | | | | | | | | | It turns out that it's more useful to return a null device display name (and let clients decide how to handle it: eg, falling back to device_id) than using a constant string like "unknown device". | ||||
| * | | Merge branch 'develop' into rav/refactor_device_query | Mark Haines | 2016-08-03 | 1 | -9/+7 |
| |\| | |||||
| | * | Fix adding emails on registration | David Baker | 2016-07-29 | 1 | -9/+7 |
| | | | | | | | | | | | | Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing. | ||||
| * | | Move e2e query logic into a handler | Richard van der Hoff | 2016-08-01 | 1 | -39/+7 |
| |/ | |||||
| * | Add r0.1.0 to the "supported versions" list | Richard van der Hoff | 2016-07-28 | 1 | -0/+1 |
| | | |||||
| * | Add r0.2.0 to the "supported versions" list | Richard van der Hoff | 2016-07-28 | 1 | -1/+4 |
| | | |||||
| * | key upload tweaks | Richard van der Hoff | 2016-07-27 | 1 | -7/+5 |
| | | | | | | | | | | | | | | 1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token. | ||||
| * | Delete e2e keys on device delete | Richard van der Hoff | 2016-07-27 | 1 | -4/+9 |
| | | |||||
| * | Make the device id on e2e key upload optional | Richard van der Hoff | 2016-07-26 | 1 | -12/+35 |
| | | | | | | | | | | | | | | | | | | | | | | | | We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices. | ||||
| * | Add `create_requester` function | Richard van der Hoff | 2016-07-26 | 1 | -6/+4 |
| | | | | | | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout | ||||
| * | Implement updating devices | Richard van der Hoff | 2016-07-26 | 1 | -7/+17 |
| | | | | | | | | You can update the displayname of devices now. | ||||
| * | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 3 | -8/+29 |
| | | |||||
| * | Merge pull request #943 from matrix-org/rav/get_device_api | David Baker | 2016-07-21 | 1 | -0/+25 |
| |\ | | | | | | | Implement GET /device/{deviceId} | ||||
| | * | Implement GET /device/{deviceId} | Richard van der Hoff | 2016-07-21 | 1 | -0/+25 |
| | | | |||||
| * | | Merge pull request #942 from matrix-org/rav/fix_register_deviceid | David Baker | 2016-07-21 | 1 | -11/+10 |
| |\ \ | | |/ | |/| | Preserve device_id from first call to /register | ||||
| | * | Preserve device_id from first call to /register | Richard van der Hoff | 2016-07-21 | 1 | -11/+10 |
| | | | | | | | | | | | | | | | device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call. | ||||
| * | | Merge branch 'develop' into rav/get_devices_api | Richard van der Hoff | 2016-07-20 | 1 | -15/+39 |
| |\| | | | | | | | | | | (pick up PR #938 in the hope of fixing the UTs) | ||||
| | * | Register a device_id in the /v2/register flow. | Richard van der Hoff | 2016-07-20 | 1 | -15/+39 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit. | ||||
| * | | GET /devices endpoint | Richard van der Hoff | 2016-07-20 | 2 | -4/+60 |
| |/ | | | | | | | | | | | | | implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table. | ||||
| * | Merge pull request #933 from matrix-org/rav/type_annotations | Richard van der Hoff | 2016-07-20 | 3 | -0/+17 |
| |\ | | | | | | | Type annotations | ||||
| | * | Type annotations | Richard van der Hoff | 2016-07-19 | 3 | -0/+17 |
| | | | | | | | | | | | | | | | Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things. | ||||
| * | | Merge pull request #932 from matrix-org/rav/register_refactor | David Baker | 2016-07-20 | 2 | -14/+40 |
| |\ \ | | | | | | | | | Further registration refactoring | ||||
| | * | | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 2 | -14/+40 |
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
| * | | Merge pull request #922 from matrix-org/erikj/file_api2 | Erik Johnston | 2016-07-20 | 1 | -1/+10 |
| |\ \ | | |/ | |/| | Feature: Add filter to /messages. Add 'contains_url' to filter. | ||||
| | * | Add filter param to /messages API | Erik Johnston | 2016-07-14 | 1 | -1/+10 |
| | | | |||||
| * | | Merge pull request #931 from matrix-org/rav/refactor_register | David Baker | 2016-07-19 | 1 | -78/+102 |
| |\ \ | | | | | | | | | rest/client/v2_alpha/register.py: Refactor flow somewhat. | ||||
| | * | | Don't bind email unless threepid contains expected fields | Richard van der Hoff | 2016-07-19 | 1 | -28/+25 |
| | | | | |||||
| | * | | rest/client/v2_alpha/register.py: Refactor flow somewhat. | Richard van der Hoff | 2016-07-19 | 1 | -75/+102 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful. | ||||
| * | | | Add device_id support to /login | Richard van der Hoff | 2016-07-18 | 2 | -6/+43 |
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed. | ||||
| * | | Merge pull request #928 from matrix-org/rav/refactor_login | Richard van der Hoff | 2016-07-18 | 1 | -18/+23 |
| |\ \ | | | | | | | | | Refactor login flow | ||||
| | * | | Refactor login flow | Richard van der Hoff | 2016-07-18 | 1 | -18/+23 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary. | ||||
| * | | | Use body.get to check for 'user' | Will Hunt | 2016-07-16 | 1 | -2/+1 |
| | | | | |||||
| * | | | Fall back to 'username' if 'user' is not given for appservice reg. | Will Hunt | 2016-07-16 | 1 | -3/+5 |
| |/ / | |||||
| * | | Merge pull request #921 from matrix-org/erikj/account_deactivate | Erik Johnston | 2016-07-14 | 1 | -0/+44 |
| |\ \ | | | | | | | | | Feature: Add an /account/deactivate endpoint | ||||
| | * | | Add hs object | Erik Johnston | 2016-07-14 | 1 | -0/+1 |
| | | | | |||||
| | * | | Only accept password auth | Erik Johnston | 2016-07-14 | 1 | -12/+0 |
| | | | | |||||
| | * | | Add an /account/deactivate endpoint | Erik Johnston | 2016-07-14 | 1 | -0/+55 |
| | |/ | |||||
| * | | Merge pull request #918 from negzi/bugfix_for_token_expiry | Erik Johnston | 2016-07-14 | 1 | -1/+1 |
| |\ \ | | |/ | |/| | Bug fix: expire invalid access tokens | ||||
| | * | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -1/+1 |
| | | | |||||
| * | | be more pythonic | David Baker | 2016-07-12 | 1 | -1/+1 |
| | | | |||||
| * | | on_OPTIONS isn't neccessary | David Baker | 2016-07-12 | 2 | -10/+1 |
| | | | |||||
| * | | Remove other debug logging | David Baker | 2016-07-12 | 1 | -2/+0 |
| | | | |||||
| * | | Separate out requestTokens to separate handlers | David Baker | 2016-07-11 | 2 | -65/+93 |
| | | | |||||
| * | | Oops, remove debug logging | David Baker | 2016-07-11 | 1 | -4/+0 |
| | | | |||||
| * | | Implement https://github.com/matrix-org/matrix-doc/pull/346/files | David Baker | 2016-07-08 | 1 | -0/+59 |
| |/ | |||||
| * | Add rest servlet. Fix SQL. | Erik Johnston | 2016-07-06 | 1 | -0/+1 |
| | | |||||
| * | Merge branch 'erikj/shared_secret' into erikj/test2 | Erik Johnston | 2016-07-06 | 1 | -4/+16 |
| |\ | |||||
| | * | Check that there are no null bytes in user and passsword | Erik Johnston | 2016-07-06 | 1 | -0/+6 |
| | | | |||||
| | * | Add null separator to hmac | Erik Johnston | 2016-07-06 | 1 | -0/+2 |
| | | | |||||
| | * | Add an admin option to shared secret registration | Erik Johnston | 2016-07-05 | 1 | -0/+1 |
| | | | |||||
| | * | Protect password when registering using shared secret | Erik Johnston | 2016-07-05 | 1 | -4/+7 |
| | | | |||||
| * | | Add purge_history API | Erik Johnston | 2016-07-05 | 1 | -0/+18 |
| |/ | |||||
| * | Fix style violations | Kent Shikama | 2016-07-04 | 1 | -1/+2 |
| | | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
| * | Use .get() instead of [] to access password_hash | Kent Shikama | 2016-07-04 | 1 | -1/+1 |
| | | |||||
| * | Optionally include password hash in createUser endpoint | Kent Shikama | 2016-07-03 | 1 | -1/+3 |
| | | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
| * | Feature: Add deactivate account admin API | Erik Johnston | 2016-06-30 | 1 | -0/+26 |
| | | | | | | | | | | | | | | | | | | | | Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>` | ||||
| * | Implement purge_media_cache admin API | Erik Johnston | 2016-06-29 | 1 | -0/+32 |
| | | |||||
| * | Remove redundant exception log in /events | Erik Johnston | 2016-06-09 | 1 | -24/+21 |
| | | |||||
| * | Don't make rooms visibile by default | Erik Johnston | 2016-06-08 | 1 | -2/+0 |
| | | |||||
| * | Log user that is making /publicRooms calls | Erik Johnston | 2016-06-08 | 1 | -0/+7 |
| | | |||||
| * | Load push rules in storage layer, so that they get cached | Erik Johnston | 2016-06-03 | 1 | -4/+2 |
| | | |||||
| * | Working unsubscribe links going straight to the HS | David Baker | 2016-06-02 | 1 | -1/+3 |
| | | | | | | | | and authed by macaroons that let you delete pushers and nothing else | ||||
| * | Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribe | David Baker | 2016-06-02 | 5 | -10/+11 |
| |\ | |||||
| | * | Split out the auth handler | David Baker | 2016-06-02 | 5 | -10/+11 |
| | | | |||||
| * | | WIP on unsubscribing email notifs without logging in | David Baker | 2016-06-01 | 1 | -1/+54 |
| |/ | |||||
| * | Basic, un-cached support for secondary_directory_servers | David Baker | 2016-05-31 | 1 | -1/+2 |
| | | |||||
| * | Split out the room list handler | David Baker | 2016-05-31 | 1 | -1/+1 |
| | | | | | | | | So I can use it from federation bits without pulling in all the handlers. | ||||
* | | Include the ts the notif was received at | David Baker | 2016-05-24 | 1 | -0/+1 |
| | | |||||
* | | Actually make the 'read' flag correct | David Baker | 2016-05-23 | 1 | -4/+3 |
| | | |||||
* | | Add GET /notifications API | David Baker | 2016-05-23 | 1 | -0/+100 |
|/ | |||||
* | Allow clients to specify a server_name to avoid 'No known servers' | Kegan Dougal | 2016-05-19 | 1 | -1/+4 |
| | | | | Multiple server_names are supported via ?server_name=foo&server_name=bar | ||||
* | Move typing handler out of the Handlers object | Mark Haines | 2016-05-17 | 1 | -4/+3 |
| | |||||
* | Move SyncHandler out of the Handlers object | Mark Haines | 2016-05-16 | 1 | -2/+1 |
| | |||||
* | Move the presence handler out of the Handlers object | Mark Haines | 2016-05-16 | 4 | -9/+17 |
| | |||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -0/+71 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs | David Baker | 2016-05-10 | 2 | -0/+155 |
|\ | |||||
| * | Rename openid/token to openid/request_token | Mark Haines | 2016-05-05 | 1 | -2/+2 |
| | | |||||
| * | Add an openidish mechanism for proving to third parties that you own a given ↵ | Mark Haines | 2016-05-05 | 1 | -0/+96 |
| | | | | | | | | user_id | ||||
| * | Add timestamp and auto incrementing ID | Erik Johnston | 2016-05-04 | 1 | -0/+2 |
| | | |||||
| * | Move event_id to path | Erik Johnston | 2016-05-04 | 1 | -4/+2 |
| | | |||||
| * | Add /report endpoint | Erik Johnston | 2016-05-04 | 1 | -0/+59 |
| | | |||||
* | | More consistent config naming | David Baker | 2016-05-10 | 1 | -1/+1 |
| | | |||||
* | | Add config option to not send email notifs for new users | David Baker | 2016-05-10 | 1 | -1/+4 |
| | | |||||
* | | Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs | David Baker | 2016-04-29 | 1 | -0/+1 |
|\| | |||||
| * | Fix password reset | David Baker | 2016-04-29 | 1 | -0/+1 |
| | | | | | | | | Default requester to None, otherwise it isn't defined when resetting using email auth | ||||
* | | Add an email pusher for new users | David Baker | 2016-04-29 | 1 | -0/+26 |
|/ | | | | If they registered with an email address and email notifs are enabled on the HS | ||||
* | Make pyjwt dependency optional | Erik Johnston | 2016-04-25 | 1 | -5/+7 |
| | |||||
* | Merge pull request #687 from nikriek/jwt-fix | Erik Johnston | 2016-04-21 | 1 | -3/+6 |
|\ | | | | | Fix issues with JWT login | ||||
| * | Fix issues with JWT login | Niklas Riekenbrauck | 2016-04-21 | 1 | -3/+6 |
| | | |||||
* | | Make v2_alpha reg follow the AS API specification | Kegan Dougal | 2016-04-14 | 1 | -0/+5 |
| | | | | | | | | | | | | The spec is clear the key should be 'user' not 'username' and this is indeed the case for v1. This is not true for v2_alpha though, which is what this commit is fixing. | ||||
* | | Make the /set part mandatory | David Baker | 2016-04-12 | 1 | -1/+1 |
| | | |||||
* | | Mis-named function | David Baker | 2016-04-12 | 1 | -1/+1 |
| | | |||||
* | | Split into separate servlet classes | David Baker | 2016-04-12 | 1 | -11/+16 |
| | | |||||
* | | Add get endpoint for pushers | David Baker | 2016-04-11 | 1 | -1/+34 |
|/ | | | | As per https://github.com/matrix-org/matrix-doc/pull/308 | ||||
* | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -36/+43 |
| | | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. | ||||
* | Remove spurious comment | Erik Johnston | 2016-03-30 | 1 | -1/+0 |
| | |||||
* | Require user to have left room to forget room | Erik Johnston | 2016-03-30 | 1 | -0/+38 |
| | | | | | This dramatically simplifies the forget API code - in particular it no longer generates a leave event. | ||||
* | Add JWT support | Niklas Riekenbrauck | 2016-03-29 | 1 | -0/+53 |
| | |||||
* | Deduplicate identical /sync requests | Mark Haines | 2016-03-24 | 1 | -0/+3 |
| | |||||
* | Add published room list edit API | Erik Johnston | 2016-03-21 | 1 | -0/+42 |
| | |||||
* | Merge pull request #652 from matrix-org/erikj/delete_alias | Erik Johnston | 2016-03-18 | 1 | -1/+2 |
|\ | | | | | Update aliases event after deletion | ||||
| * | Update aliases event after deletion | Erik Johnston | 2016-03-17 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | Attempt to update the appropriate `m.room.aliases` event after deleting an alias. This may fail due to the deleter not being in the room. Will also check if the canonical alias of the event is set to the deleted alias, and if so will attempt to delete it. | ||||
* | | remove debug logging | David Baker | 2016-03-16 | 1 | -3/+0 |
| | | |||||
* | | Unused import | David Baker | 2016-03-16 | 1 | -1/+0 |
| | | |||||
* | | Make registration idempotent, part 2: be idempotent if the client specifies ↵ | David Baker | 2016-03-16 | 1 | -5/+17 |
|/ | | | | a username. | ||||
* | take extra return val from check_auth in account too | David Baker | 2016-03-16 | 1 | -1/+1 |
| | |||||
* | pep8 & remove debug logging | David Baker | 2016-03-16 | 1 | -4/+5 |
| | |||||
* | Make registration idempotent: if you specify the same session, make it give ↵ | David Baker | 2016-03-16 | 1 | -1/+26 |
| | | | | you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions. | ||||
* | Hook up adding a pusher to the notifier for replication. | Mark Haines | 2016-03-15 | 1 | -0/+6 |
| | |||||
* | Fix regression where synapse checked whether push rules were valid JSON ↵ | Mark Haines | 2016-03-14 | 1 | -2/+2 |
| | | | | before the compatibility hack that handled clients sending invalid JSON | ||||
* | Merge pull request #642 from matrix-org/erikj/logout | Erik Johnston | 2016-03-11 | 1 | -0/+72 |
|\ | | | | | Implement logout | ||||
| * | Implement logout | Erik Johnston | 2016-03-11 | 1 | -0/+72 |
| | | |||||
* | | Use parse_json_object_from_request to parse JSON out of request bodies | Mark Haines | 2016-03-11 | 7 | -71/+29 |
|/ | |||||
* | Fix cache invalidation so deleting access tokens (which we did when changing ↵ | David Baker | 2016-03-11 | 1 | -1/+1 |
| | | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54 | ||||
* | Register endpoint returns refresh_token | blide | 2016-03-10 | 1 | -5/+8 |
| | | | | Guest registration still doesn't return refresh_token | ||||
* | Add a parse_json_object function | Mark Haines | 2016-03-09 | 10 | -116/+32 |
| | | | | | to deduplicate all the copy+pasted _parse_json functions. Also document the parse_.* functions. | ||||
* | Fix relative imports so they work in both py3 and py27 | Mark Haines | 2016-03-08 | 6 | -6/+6 |
| | |||||
* | Use syntax that works on both py2.7 and py3 | Mark Haines | 2016-03-07 | 1 | -1/+1 |
| | |||||
* | Merge branch 'develop' into markjh/pushrule_stream | Mark Haines | 2016-03-04 | 3 | -10/+11 |
|\ | |||||
| * | Merge pull request #614 from matrix-org/erikj/alias_delete | Erik Johnston | 2016-03-04 | 1 | -3/+0 |
| |\ | | | | | | | Allow alias creators to delete aliases | ||||
| | * | Allow alias creators to delete aliases | Erik Johnston | 2016-03-01 | 1 | -3/+0 |
| | | | |||||
| * | | Pass whole requester to ratelimiting | Daniel Wagner-Hall | 2016-03-03 | 3 | -7/+11 |
| |/ | | | | | | | This will enable more detailed decisions | ||||
* | | Hook up the push rules stream to account_data in /sync | Mark Haines | 2016-03-04 | 1 | -1/+1 |
| | | |||||
* | | Move the code for formatting push rules into a separate function | Mark Haines | 2016-03-03 | 1 | -86/+4 |
| | | |||||
* | | Hook up the push rules to the notifier | Mark Haines | 2016-03-03 | 1 | -15/+29 |
|/ | |||||
* | Add support for changing the actions for default rules | Mark Haines | 2016-02-26 | 1 | -4/+27 |
| | | | | | | See matrix-org/matrix-doc#283 Works by adding dummy rules to the push rules table with a negative priority class and then using those rules to clobber the default rule actions when adding the default rules in ``list_with_base_rules`` | ||||
* | Fix to appease the PEP8 dragon | Gergely Polonkai | 2016-02-26 | 1 | -1/+3 |
| | |||||
* | Add error codes for malformed/bad JSON in /login | Gergely Polonkai | 2016-02-26 | 1 | -2/+2 |
| | | | | Signed-off-by: Gergely Polonkai <gergely@polonkaieu> | ||||
* | Make sure we return a JSON object when returning the values of specif… | Mark Haines | 2016-02-25 | 1 | -1/+3 |
| | | | | …ic keys from a push rule | ||||
* | Remove unused get_rule_attr method | Mark Haines | 2016-02-24 | 1 | -8/+0 |
| | |||||
* | Ignore invalid POST bodies when joining rooms | Daniel Wagner-Hall | 2016-02-24 | 1 | -2/+12 |
| | |||||
* | Allow third_party_signed to be specified on /join | Daniel Wagner-Hall | 2016-02-23 | 1 | -0/+4 |
| | |||||
* | Merge pull request #582 from matrix-org/erikj/presence | Erik Johnston | 2016-02-19 | 4 | -28/+35 |
|\ | | | | | Rewrite presence for performance. | ||||
| * | "You are not..." | Erik Johnston | 2016-02-18 | 1 | -1/+1 |
| | | |||||
| * | Initial cut | Erik Johnston | 2016-02-17 | 4 | -28/+35 |
| | | |||||
* | | Remove dead code for setting device specific rules. | Mark Haines | 2016-02-18 | 2 | -88/+8 |
| | | | | | | | | | | | | It wasn't possible to hit the code from the API because of a typo in parsing the request path. Since no-one was using the feature we might as well remove the dead code. | ||||
* | | Merge branch 'develop' into daniel/roomcleanupincremental | Daniel Wagner-Hall | 2016-02-17 | 2 | -2/+2 |
|\| | | | | | | | | | Conflicts: synapse/rest/client/v1/room.py | ||||
| * | client/v1/room: include event_id in response to state event PUT, in ↵ | Patrik Oldsberg | 2016-02-17 | 1 | -2/+2 |
| | | | | | | | | | | | | accordance with the spec Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
| * | Fix typo in request validation for adding push rules. | Mark Haines | 2016-02-16 | 1 | -1/+1 |
| | | |||||
| * | Simplify room creation code | Daniel Wagner-Hall | 2016-02-15 | 1 | -15/+3 |
| | | |||||
* | | Some cleanup | Daniel Wagner-Hall | 2016-02-17 | 1 | -3/+3 |
| | | | | | | | | | | I'm not particularly happy with the "action" switching, but there's no convenient way to defer the work that needs to happen after it, so... :( | ||||
* | | Branch off member and non member sends | Daniel Wagner-Hall | 2016-02-15 | 1 | -5/+16 |
| | | | | | | | | Unclean, needs tidy-up, but works | ||||
* | | Simplify room creation code | Daniel Wagner-Hall | 2016-02-15 | 1 | -15/+3 |
| | | |||||
* | | Reuse update_membership from /join | Daniel Wagner-Hall | 2016-02-15 | 1 | -16/+5 |
| | | |||||
* | | Merge implementation of /join by alias or ID | Daniel Wagner-Hall | 2016-02-15 | 1 | -37/+31 |
| | | | | | | | | | | This code is kind of rough (passing the remote servers down a long chain), but is a step towards improvement. | ||||
* | | Merge some room joining codepaths | Daniel Wagner-Hall | 2016-02-15 | 1 | -1/+1 |
|/ | | | | | | Force joining by alias to go through the send_membership_event checks, rather than bypassing them straight into _do_join. This is the first of many stages of cleanup. | ||||
* | Revert "Merge two of the room join codepaths" | Daniel Wagner-Hall | 2016-02-12 | 1 | -13/+55 |
| | | | | | | This reverts commit cf81375b94c4763766440471e632fc4b103450ab. It subtly violates a guest joining auth check |