summary refs log tree commit diff
path: root/synapse/rest/client (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Sliding Sync: Add E2EE extension (MSC3884) (#17454)Eric Eastwood2024-07-222-5/+37
| | | | | Spec: [MSC3884](https://github.com/matrix-org/matrix-spec-proposals/pull/3884) Based on [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575): Sliding Sync
* Add `heroes` and room summary fields to Sliding Sync `/sync` (#17419)Eric Eastwood2024-07-111-5/+27
| | | | | | | Additional room summary fields: `joined_count`, `invited_count` Based on [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575): Sliding Sync
* Handle to-device extensions to Sliding Sync (#17416)Erik Johnston2024-07-101-1/+16
| | | | | | | Implements MSC3885 --------- Co-authored-by: Eric Eastwood <eric.eastwood@beta.gouv.fr>
* Fix `/versions` requests (#17410)Erik Johnston2024-07-091-1/+6
| | | | | We need it to work on workers and allow guest access. Broke by #17392
* Add `rooms.bump_stamp` to Sliding Sync `/sync` for easier client-side ↵Eric Eastwood2024-07-081-0/+1
| | | | | | | | | | | | | | | sorting (#17395) `bump_stamp` corresponds to the `stream_ordering` of the latest `DEFAULT_BUMP_EVENT_TYPES` in the room. This helps clients sort more readily without them needing to pull in a bunch of the timeline to determine the last activity. `bump_event_types` is a thing because for example, we don't want display name changes to mark the room as unread and bump it to the top. For encrypted rooms, we just have to consider any activity as a bump because we can't see the content and the client has to figure it out for themselves. Outside of Synapse, `bump_stamp` is just a free-form counter so other implementations could use `received_ts`or `origin_server_ts` (see the [*Security considerations* section in MSC3575 about the potential pitfalls of using `origin_server_ts`](https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md#security-considerations)). It doesn't have any guarantee about always going up. In the Synapse case, it could go down if an event was redacted/removed (or purged in cases of retention policies). In the future, we could add `bump_event_types` as [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) mentions if people need to customize the event types. --- In the Sliding Sync proxy, a similar [`timestamp` field was added](https://github.com/matrix-org/sliding-sync/pull/247) for the same purpose but the name is not obvious what it pertains to or what it's for. The `timestamp` field was also added to Ruma in https://github.com/ruma/ruma/pull/1622
* Declare support for Matrix 1.11 (#17403)Travis Ralston2024-07-081-0/+1
| | | | | | | | Previous: https://github.com/element-hq/synapse/pull/17082 Fixes https://github.com/element-hq/synapse/issues/17402 See https://github.com/element-hq/synapse/issues/17402 for context **Blocked on https://github.com/element-hq/synapse/pull/17388** (required for spec compliance)
* Support MSC3916 by adding a federation /thumbnail endpoint and authenticated ↵Shay2024-07-081-17/+26
| | | | | | | | | | | | | | `_matrix/client/v1/media/thumbnail` endpoint (#17388) [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916) added the endpoints `_matrix/federation/v1/media/thumbnail` and the authenticated `_matrix/client/v1/media/thumbnail`. This PR implements those endpoints, along with stabilizing `_matrix/client/v1/media/config` and `_matrix/client/v1/media/preview_url`. Complement tests are at https://github.com/matrix-org/complement/pull/728
* Allow enabling sliding sync per-user (#17393)Erik Johnston2024-07-051-5/+10
| | | Based on #17392
* Finish up work to allow per-user feature flags (#17392)Erik Johnston2024-07-052-15/+34
| | | | | | | Follows on from @H-Shay's great work at https://github.com/matrix-org/synapse/pull/15344 and MSC4026. Also enables its use for MSC3881, mainly as an easy but concrete example of how to use it.
* Add `rooms.required_state` to Sliding Sync `/sync` (#17342)Eric Eastwood2024-07-041-5/+5
| | | Also handles excluding rooms with partial state when people are asking for room membership events unless it's `$LAZY` room membership.
* Return some room data in Sliding Sync `/sync` (#17320)Eric Eastwood2024-07-021-13/+99
| | | | | | - Timeline events - Stripped `invite_state` Based on [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575): Sliding Sync
* Support MSC3916 by adding `_matrix/client/v1/media/download` endpoint (#17365)Shay2024-07-021-8/+71
|
* Add support for MSC3823 - Account Suspension Part 2 (#17255)Shay2024-06-242-0/+40
|
* Tidy up integer parsing (#17339)Denis Kasak2024-06-241-10/+1
| | | | | | | | | | The parse_integer function was previously made to reject negative values by default in https://github.com/element-hq/synapse/pull/16920, but the documentation stated otherwise. This fixes the documentation and also: - Removes explicit negative=False parameters from call sites. - Brings the negative default of parse_integer_from_args in alignment with parse_integer.
* Register sliding sync under a different path (#17331)Erik Johnston2024-06-191-1/+1
| | | As the API is slightly incompatible.
* Require the 'from' parameter for `/notifications` be an integer (#17283)Andrew Morgan2024-06-191-1/+17
| | | | Co-authored-by: Erik Johnston <erikj@element.io>
* Add support for via query parameter from MSC4156 (#17322)Johannes Marbach2024-06-182-0/+16
| | | | This adds support for the `via` query parameter from https://github.com/matrix-org/matrix-spec-proposals/pull/4156.
* Enable cross-signing key upload without UIA (#17284)Richard van der Hoff2024-06-141-50/+29
| | | | | | Per MSC3967, which is now stable, we should not require UIA when uploading cross-signing keys for the first time. Fixes: #17227
* Clarify that MSC4151 is enabled on matrix.org (#17296)Quentin Gliech2024-06-131-1/+9
| | | | | This clarifies in the comments that the MSC is being used in matrix.org See #17270
* Add report room API (MSC4151) (#17270)Travis Ralston2024-06-122-1/+58
| | | | | | | | https://github.com/matrix-org/matrix-spec-proposals/pull/4151 This is intended to be enabled by default for immediate use. When FCP is complete, the unstable endpoint will be dropped and stable endpoint supported instead - no backwards compatibility is expected for the unstable endpoint.
* Reorganize Pydantic models and types used in handlers (#17279)Eric Eastwood2024-06-105-291/+7
| | | | | | Spawning from https://github.com/element-hq/synapse/pull/17187#discussion_r1619492779 around wanting to put `SlidingSyncBody` (parse the request in the rest layer), `SlidingSyncConfig` (from the rest layer, pass to the handler), `SlidingSyncResponse` (pass the response from the handler back to the rest layer to respond) somewhere that doesn't contaminate the imports and cause circular import issues. - Moved Pydantic parsing models to `synapse/types/rest` - Moved handler types to `synapse/types/handlers`
* Add Sliding Sync `/sync` endpoint (initial implementation) (#17187)Eric Eastwood2024-06-063-4/+420
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575): Sliding Sync This iteration only focuses on returning the list of room IDs in the sliding window API (without sorting/filtering). Rooms appear in the Sliding sync response based on: - `invite`, `join`, `knock`, `ban` membership events - Kicks (`leave` membership events where `sender` is different from the `user_id`/`state_key`) - `newly_left` (rooms that were left during the given token range, > `from_token` and <= `to_token`) - In order for bans/kicks to not show up, you need to `/forget` those rooms. This doesn't modify the event itself though and only adds the `forgotten` flag to `room_memberships` in Synapse. There isn't a way to tell when a room was forgotten at the moment so we can't factor it into the from/to range. ### Example request `POST http://localhost:8008/_matrix/client/unstable/org.matrix.msc3575/sync` ```json { "lists": { "foo-list": { "ranges": [ [0, 99] ], "sort": [ "by_notification_level", "by_recency", "by_name" ], "required_state": [ ["m.room.join_rules", ""], ["m.room.history_visibility", ""], ["m.space.child", "*"] ], "timeline_limit": 100 } } } ``` Response: ```json { "next_pos": "s58_224_0_13_10_1_1_16_0_1", "lists": { "foo-list": { "count": 1, "ops": [ { "op": "SYNC", "range": [0, 99], "room_ids": [ "!MmgikIyFzsuvtnbvVG:my.synapse.linux.server" ] } ] } }, "rooms": {}, "extensions": {} } ```
* Handle OTK uploads off master (#17271)Erik Johnston2024-06-061-9/+4
| | | And fallback keys uploads. Only device keys need handling on master
* Ratelimiting of remote media downloads (#17256)Shay2024-06-051-0/+2
|
* Support MSC3916 by adding unstable media endpoints to `_matrix/client` (#17213)Shay2024-05-241-0/+205
| | | | | | | | | | [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/blob/rav/authentication-for-media/proposals/3916-authentication-for-media.md) adds new media endpoints under `_matrix/client`. This PR adds the `/preview_url`, `/config`, and `/thumbnail` endpoints. `/download` will be added in a follow-up PR once the work for the federation `/download` endpoint is complete (see https://github.com/element-hq/synapse/pull/17172). Should be reviewable commit-by-commit.
* Add Sliding Sync `/sync/e2ee` endpoint for To-Device messages (#17167)Eric Eastwood2024-05-231-0/+171
| | | | | | | | | | | This is being introduced as part of Sliding Sync but doesn't have any sliding window component. It's just a way to get E2EE events without having to sit through a big initial sync (`/sync` v2). And we can avoid encryption events being backed up by the main sync response or vice-versa. Part of some Sliding Sync simplification/experimentation. See [this discussion](https://github.com/element-hq/synapse/pull/17167#discussion_r1610495866) for why it may not be as useful as we thought. Based on: - https://github.com/matrix-org/matrix-spec-proposals/pull/3575 - https://github.com/matrix-org/matrix-spec-proposals/pull/3885 - https://github.com/matrix-org/matrix-spec-proposals/pull/3884
* Removed `request_key` from the `SyncConfig` (moved outside as its own ↵Eric Eastwood2024-05-161-1/+1
| | | | | | | | | function parameter) (#17201) Removed `request_key` from the `SyncConfig` (moved outside as its own function parameter) so it doesn't have to flow into `_generate_sync_entry_for_xxx` methods. This way we can separate the concerns of caching from generating the response and reuse the `_generate_sync_entry_for_xxx` functions as we see fit. Plus caching doesn't really have anything to do with the config of sync. Split from https://github.com/element-hq/synapse/pull/17167 Spawning from https://github.com/element-hq/synapse/pull/17167#discussion_r1601497279
* Refactor Sync handler to be able to return different sync responses ↵Eric Eastwood2024-05-161-0/+2
| | | | | | | | | | | | | | (`SyncVersion`) (#17200) Refactor Sync handler to be able to be able to return different sync responses (`SyncVersion`). Preparation to be able support sync v2 and a new Sliding Sync `/sync/e2ee` endpoint which returns a subset of sync v2. Split upon request: https://github.com/element-hq/synapse/pull/17167#discussion_r1601497279 Split from https://github.com/element-hq/synapse/pull/17167 where we will add `SyncVersion.E2EE_SYNC` and a new type of sync response.
* Cache literal sync filter validation (#17186)Erik Johnston2024-05-141-1/+13
| | | | The sliding sync proxy (amongst other things) use literal json blobs as filters, and repeatedly validating them takes a bunch of CPU.
* Add note about MSC3886 being closed (#17151)Hugh Nimmo-Smith2024-05-081-0/+3
|
* Declare support for Matrix v1.10. (#17082)Patrick Cloke2024-04-291-0/+1
| | | | | Pretty straightforward. 😄 Fixes #17021
* Improve error message for cross signing reset with MSC3861 enabled (#17121)Michael Telatynski2024-04-261-5/+8
|
* Use recommended endpoint for MSC3266 requests (#17078)Andrew Ferrazzutti2024-04-261-0/+6
| | | | | Keep the existing endpoint for backwards compatibility Signed-off-by: Andrew Ferrazzutti <andrewf@element.io>
* MSC4108 implementation (#17056)Quentin Gliech2024-04-252-2/+23
| | | | | | Co-authored-by: Hugh Nimmo-Smith <hughns@element.io> Co-authored-by: Hugh Nimmo-Smith <hughns@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Send an email if the address is already bound to an user account (#16819)mcalinghee2024-04-231-2/+10
| | | | Co-authored-by: Mathieu Velten <mathieu.velten@beta.gouv.fr> Co-authored-by: Olivier D <odelcroi@gmail.com>
* Parse json validation (#16923)Gordan Trevis2024-04-181-23/+12
| | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Support for MSC4108 via delegation (#17086)Quentin Gliech2024-04-172-3/+30
| | | | | | | This adds support for MSC4108 via delegation, similar to what has been done for MSC3886 --------- Co-authored-by: Hugh Nimmo-Smith <hughns@element.io>
* Parse Integer negative value validation (#16920)Gordan Trevis2024-04-161-1/+1
|
* bugfix: make msc3967 idempotent (#16943)Kegan Dougal2024-04-151-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MSC3967 was updated recently to make it more robust to network failures: > there is an existing cross-signing master key and it exactly matches the cross-signing master key provided in the request body. If there are any additional keys provided in the request (self signing key, user signing key) they MUST also match the existing keys stored on the server. In other words, the request contains no new keys. If there are new keys, UIA MUST be performed. https://github.com/matrix-org/matrix-spec-proposals/blob/hughns/device-signing-upload-uia/proposals/3967-device-signing-upload-uia.md#proposal This covers the case where the 200 OK is lost in transit so the client retries the upload, only to then get UIA'd. Complement tests: https://github.com/matrix-org/complement/pull/713 - passing example https://github.com/element-hq/synapse/actions/runs/7976948122/job/21778795094?pr=16943#step:7:8820 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: reivilibre <oliverw@matrix.org>
* Stabilize support for MSC4010: push rules & account data. (#17022)Patrick Cloke2024-04-091-23/+6
| | | | | | | See [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010), but this is pretty much just removing an experimental flag. Part of #17021
* Stabliize support for MSC3981: recurse /relations (#17023)Patrick Cloke2024-04-092-8/+5
| | | | | | | See [MSC3981](https://github.com/matrix-org/matrix-spec-proposals/pull/3981), this pretty much just removes flags though. Part of #17021
* Fixups to new push stream (#17038)Erik Johnston2024-03-281-1/+3
| | | Follow on from #17037
* Add support for moving `/push_rules` off of main process (#17037)Erik Johnston2024-03-281-3/+3
|
* Bump black from 23.10.1 to 24.2.0 (#16936)dependabot[bot]2024-03-132-12/+12
|
* Accept unprefixed form of MSC3981 recurse parameter (#16842)David Baker2024-02-061-1/+1
| | | Now that the MSC3981 has passed FCP
* Correctly mention previous copyright (#16820)Erik Johnston2024-01-2341-0/+49
| | | | | During the migration the automated script to update the copyright headers accidentally got rid of some of the existing copyright lines. Reinstate them.
* feat: add msc4028 to versions api (#16787)Hanadi2024-01-161-0/+2
| | | | Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Merge remote-tracking branch 'gitlab/clokep/license-license' into new_developErik Johnston2023-12-1345-462/+720
|\
| * Update license headersPatrick Cloke2023-11-2145-462/+720
| |
* | Expose OIDC discovery information under the CSAPI (#16726)David Robertson2023-12-061-0/+63
| | | | | | | | Co-authored-by: Quentin Gliech <quenting@element.io>
* | Implement MSC4069: Inhibit profile propagation (#16636)Travis Ralston2023-12-042-3/+30
| | | | | | MSC: https://github.com/matrix-org/matrix-spec-proposals/pull/4069
* | ModuleAPI SSO auth callbacks (#15207)Andrew Yasinishyn2023-12-011-0/+8
| | | | | | Signed-off-by: Andrii Yasynyshyn yasinishyn.a.n@gmail.com
* | Declare support for Matrix v1.7, v1.8, and v1.9. (#16707)Patrick Cloke2023-11-291-0/+3
|/
* Add an Admin API to temporarily grant the ability to update an existing ↵David Robertson2023-11-151-5/+11
| | | | cross-signing key without UIA (#16634)
* Fix a long-standing bug where Synapse would not unbind third-party ↵reivilibre2023-11-091-11/+8
| | | | | | | | | | | | | | | identifiers for Application Service users when deactivated and would not emit a compliant response. (#16617) * Don't skip unbinding 3PIDs and returning success status when deactivating AS user Fixes #16608 * Newsfile Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org> --------- Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
* Convert simple_select_one_txn and simple_select_one to return tuples. (#16612)Patrick Cloke2023-11-091-1/+1
|
* Add new module API for adding custom fields to events `unsigned` section ↵Erik Johnston2023-10-274-11/+11
| | | | (#16549)
* Add a new module API to update user presence state. (#16544)Patrick Cloke2023-10-261-4/+2
| | | | | | | | | | This adds a module API which allows a module to update a user's presence state/status message. This is useful for controlling presence from an external system. To fully control presence from the module the presence.enabled config parameter gains a new state of "untracked" which disables internal tracking of presence changes via user actions, etc. Only updates from the module will be persisted and sent down sync properly).
* Convert user_get_threepids response to attrs. (#16468)Patrick Cloke2023-10-111-1/+3
| | | This improves type annotations by not having a dictionary of Any values.
* Add support for pydantic v2 via pydantic.v1 compat module (#16332)Maxwell G2023-09-254-4/+25
| | | While maintaining support with pydantic v1.
* Convert more cached return values to immutable types (#16356)Patrick Cloke2023-09-201-2/+2
|
* Make cached account data/tags/admin types immutable (#16325)Patrick Cloke2023-09-181-5/+5
|
* Additional validation of receipts (#16327)Patrick Cloke2023-09-182-2/+2
| | | | Reject invalid receipts with a reasonable error message & expands tests for receipts.
* Use StrCollection in additional places. (#16301)Patrick Cloke2023-09-131-2/+2
|
* Avoid temporary storage of sensitive information. (#16272)Patrick Cloke2023-09-081-2/+2
| | | | During the UI auth process, avoid storing sensitive information into the database.
* Reduce CPU overhead of change password endpoint (#16264)Erik Johnston2023-09-081-58/+54
|
* Add `/notifications` endpoint to workers (#16265)Erik Johnston2023-09-071-0/+2
|
* Describe which rate limiter was hit in logs (#16135)David Robertson2023-08-303-9/+10
|
* Bump ruff from 0.0.277 to 0.0.286 (#16198)dependabot[bot]2023-08-291-1/+1
| | | | Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Pass the device ID around in the presence handler (#16171)Patrick Cloke2023-08-285-4/+11
| | | | | | Refactoring to pass the device ID (in addition to the user ID) through the presence handler (specifically the `user_syncing`, `set_state`, and `bump_presence_active_time` methods and their replication versions).
* Rename pagination&purge locks and add comments explaining them (#16112)Mathieu Velten2023-08-161-2/+2
|
* Add linearizer on user ID to push rule PUT/DELETE requests (#16052)Nick Mills-Barrett2023-08-111-6/+22
| | | | | See: #16053 Signed off by Nick @ Beeper (@Fizzadar)
* Implements admin API to lock an user (MSC3939) (#15870)Mathieu Velten2023-08-101-2/+6
|
* Support MSC3814: Dehydrated Devices Part 2 (#16010)Shay2023-08-081-15/+1
|
* Fix endpoint improperly declaring support for MSC3814 (#16068)Shay2023-08-071-10/+8
|
* Fix deletion for Dehydrated Devices (#16046)Shay2023-08-041-4/+10
|
* Stabilize support for MSC3970: updated transaction semantics (scope to ↵Patrick Cloke2023-08-041-6/+6
| | | | | | | `device_id`) (#15629) For now this maintains compatible with old Synapses by falling back to using transaction semantics on a per-access token. A future version of Synapse will drop support for this.
* Add ability to wait for locks and add locks to purge history / room deletion ↵Erik Johnston2023-07-311-3/+8
| | | | | (#15791) c.f. #13476
* Support MSC3814: Dehydrated Devices (#15929)Shay2023-07-241-6/+226
| | | | | | Signed-off-by: Nicolas Werner <n.werner@famedly.com> Co-authored-by: Nicolas Werner <n.werner@famedly.com> Co-authored-by: Nicolas Werner <89468146+nico-famedly@users.noreply.github.com> Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Support room version 11 (#15912)Patrick Cloke2023-07-181-2/+2
| | | | | And fix a bug in the implementation of the updated redaction format (MSC2174) where the top-level redacts field was not properly added for backwards-compatibility.
* Stop accepting 'user' parameter for application service registration. (#15928)Patrick Cloke2023-07-131-8/+4
| | | This is unspecced, but has existed for a very long time.
* Add login spam checker API (#15838)Erik Johnston2023-06-261-4/+48
|
* Remove experimental MSC2716 implementation to incrementally import history ↵Eric Eastwood2023-06-162-256/+0
| | | | | | | | | | | | into existing rooms (#15748) Context for why we're removing the implementation: - https://github.com/matrix-org/matrix-spec-proposals/pull/2716#issuecomment-1487441010 - https://github.com/matrix-org/matrix-spec-proposals/pull/2716#issuecomment-1504262734 Anyone wanting to continue MSC2716, should also address these leftover tasks: https://github.com/matrix-org/synapse/issues/10737 Closes https://github.com/matrix-org/synapse/issues/10737 in the fact that it is not longer necessary to track those things.
* Stabilize support for MSC3952: Intentional mentions. (#15520)Patrick Cloke2023-06-061-2/+0
|
* `N + 3`: Read from column `full_user_id` rather than `user_id` of tables ↵Shay2023-06-022-2/+2
| | | | `profiles` and `user_filters` (#15649)
* Implement stable support for MSC3882 to allow an existing device/session to ↵Hugh Nimmo-Smith2023-06-014-23/+62
| | | | | | | | generate a login token for use on a new device/session (#15388) Implements stable support for MSC3882; this involves updating Synapse's support to match the MSC / the spec says. Continue to support the unstable version to allow clients to transition.
* Make AS tokens work & allow ASes to /registerQuentin Gliech2023-05-301-0/+69
|
* Refactor config to be an experimental featureHugh Nimmo-Smith2023-05-306-10/+10
| | | | Also enforce you can't combine it with incompatible config options
* Disable account related endpoints when using OAuth delegationQuentin Gliech2023-05-306-15/+59
|
* Add requesting user id parameter to key claim methods in ↵Shay2023-05-241-4/+4
| | | | `TransportLayerClient` (#15663)
* Consolidate logic to check for deactivated users. (#15634)Patrick Cloke2023-05-231-3/+20
| | | | | | | This moves the deactivated user check to the method which all login types call. Additionally updates the application service tests to be more realistic by removing invalid tests and fixing server names.
* Do not allow deactivated users to login with JWT. (#15624)Patrick Cloke2023-05-191-65/+12
| | | | | To improve the organization of this code it moves the JWT login checks to a separate handler and then fixes the bug (and a deprecation warning).
* Update Mutual Rooms (MSC2666) implementation (#15621)Jonathan de Jong2023-05-182-13/+32
| | | | | | | | To track changes in MSC2666: - The change from `/mutual_rooms/{user_id}` to `/mutual_rooms?user_id={user_id}`. - The addition of `next_batch_token` (and logic). - Unstable flag now being `uk.half-shot.msc2666.query_mutual_rooms`. - The error code when your own user is requested.
* Add an unstable feature flag for MSC3981 to the /versions endpoint (#15558)Michael Weimann2023-05-151-0/+2
| | | | Signed-off-by: Michael Weimann <michaelw@matrix.org> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Declare support for Matrix 1.6 (#15559)Patrick Cloke2023-05-121-0/+1
| | | | | | | Adds logging for key server requests which include a key ID. This is technically in violation of the 1.6 spec, but is the only way to remain backwards compatibly with earlier versions of Synapse (and possibly other homeservers) which *did* include the key ID.
* Add an unstable feature flag for MSC3391 to the /versions endpoint (#15562)Andrew Morgan2023-05-111-0/+2
|
* Stabilize MSC2659 support for AS ping endpoint. (#15528)Tulir Asokan2023-05-092-7/+5
|
* Error if attempting to set m.push_rules account data, per MSC4010. (#15555)Patrick Cloke2023-05-092-22/+70
| | | | | m.push_rules, like m.fully_read, is a special account data type that cannot be set using the normal /account_data endpoint. Return an error instead of allowing data that will not be used to be stored.
* Use account data constants in more places. (#15554)Patrick Cloke2023-05-091-1/+2
|
* Factor out an `is_mine_server_name` method (#15542)Sean Quah2023-05-051-2/+2
| | | | | | | | | | | | Add an `is_mine_server_name` method, similar to `is_mine_id`. Ideally we would use this consistently, instead of sometimes comparing against `hs.hostname` and other times reaching into `hs.config.server.server_name`. Also fix a bug in the tests where `hs.hostname` would sometimes differ from `hs.config.server.server_name`. Signed-off-by: Sean Quah <seanq@matrix.org>
* Initial implementation of MSC3981: recursive relations API (#15315)Patrick Cloke2023-05-021-1/+9
| | | | | | | | | | | Adds an optional keyword argument to the /relations API which will recurse a limited number of event relationships. This will cause the API to return not just the events related to the parent event, but also events related to those related to the parent event, etc. This is disabled by default behind an experimental configuration flag and is currently implemented using prefixed parameters.
* Add support for claiming multiple OTKs at once. (#15468)Patrick Cloke2023-04-271-5/+37
| | | | | | | MSC3983 provides a way to request multiple OTKs at once from appservices, this extends this concept to the Client-Server API. Note that this will likely be spit out into a separate MSC, but is currently part of MSC3983.
* Add column `full_user_id` to tables `profiles` and `user_filters`. (#15458)Shay2023-04-261-1/+1
|
* Add unstable /keys/claim endpoint which always returns fallback keys. (#15462)Patrick Cloke2023-04-251-1/+30
| | | | | | | | | | | | | It can be useful to always return the fallback key when attempting to claim keys. This adds an unstable endpoint for `/keys/claim` which always returns fallback keys in addition to one-time-keys. The fallback key(s) are not marked as "used" unless there are no corresponding OTKs. This is currently defined in MSC3983 (although likely to be split out to a separate MSC). The endpoint shape may change or be requested differently (i.e. a keyword parameter on the current endpoint), but the core logic should be reasonable.
* Experimental support for MSC3970: per-device transaction IDs (#15318)Quentin Gliech2023-04-251-0/+13
|
* Load `/capabilities` endpoint on workers (#15436)Dirk Klimpel2023-04-141-0/+1
|
* Load `/directory/room/{roomAlias}` endpoint on workers (#15333)Dirk Klimpel2023-04-141-2/+4
| | | | | | | | | * Enable `directory` * move to worker store * newsfile * disable `ClientDirectoryListServer` and `ClientAppserviceDirectoryListServer` for workers
* Implement MSC2174: move redacts to a content property. (#15395)Patrick Cloke2023-04-131-9/+26
| | | | | | | This moves `redacts` from being a top-level property to a `content` property in a new room version. MSC2176 (which was previously implemented) states to not `redact` this property.
* Only load the SSO redirect servlet if SSO is enabled. (#15421)Dirk Klimpel2023-04-131-1/+6
|
* Disable loading `RefreshTokenServlet` on workers (#15428)Dirk Klimpel2023-04-131-1/+4
|
* Load `/password_policy` endpoint on workers. (#15331)Dirk Klimpel2023-03-271-0/+1
|
* Make cleaning up pushers depend on the device_id instead of the token_id ↵Quentin Gliech2023-03-241-1/+0
| | | | | | | | | | | | | | (#15280) This makes it so that we rely on the `device_id` to delete pushers on logout, instead of relying on the `access_token_id`. This ensures we're not removing pushers on token refresh, and prepares for a world without access token IDs (also known as the OIDC). This actually runs the `set_device_id_for_pushers` background update, which was forgotten in #13831. Note that for backwards compatibility it still deletes pushers based on the `access_token` until the background update finishes.
* Add a primitive helper script for listing worker endpoints. (#15243)reivilibre2023-03-2326-12/+90
| | | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Make `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}` endpoint ↵Andrew Morgan2023-03-211-5/+11
| | | | return 404 if event exists, but the user lacks access (#15300)
* Add /versions flag for MSC3952. (#15293)Patrick Cloke2023-03-201-0/+2
|
* Load `/register/available` endpoint on workers (#15268)Jason Little2023-03-171-1/+1
|
* Implement MSC2659: application service ping endpoint (#15249)Tulir Asokan2023-03-162-0/+117
| | | Signed-off-by: Tulir Asokan <tulir@maunium.net>
* Pass the Requester down to the HttpTransactionCache. (#15200)Quentin Gliech2023-03-073-105/+149
|
* Pass the requester during event serialization. (#15174)Quentin Gliech2023-03-064-21/+35
| | | | This allows Synapse to properly include the transaction ID in the unsigned data of events.
* Stop applying edits to event contents (MSC3925). (#15193)Patrick Cloke2023-03-061-1/+1
| | | | | | | | | | | Enables MSC3925 support by default, which: * Includes the full edit event in the bundled aggregations of an edited event. * Stops modifying the original event's content to return the new content from the edit event. This is a backwards-incompatible change that is considered to be "correct" by the spec.
* Remove unspecced and buggy `PUT` method on the unstable ↵Quentin Gliech2023-03-031-15/+1
| | | | `/rooms/<room_id>/batch_send` endpoint. (#15199)
* Add support for knocking to workers. (#15133)Dirk Klimpel2023-03-022-2/+1
|
* Remove the unspecced and bugged PUT /knock/{roomIdOrAlias} endpoint (#15189)Quentin Gliech2023-03-021-15/+1
|
* Fix conflicting URLs for dehydrated devices. (#15180)Patrick Cloke2023-03-021-1/+1
|
* Implementation of MSC3967: Don't require UIA for initial upload of cross ↵Hugh Nimmo-Smith2023-03-021-9/+23
| | | | signing keys (#15077)
* Fix a long-standing bug where an initial sync would not respond to changes ↵reivilibre2023-02-281-2/+23
| | | | to the list of ignored users if there was an initial sync cached. (#15163)
* Add module API callbacks for adding and deleting local 3PID associations (#15044Andrew Morgan2023-02-271-1/+8
|
* Bump black from 22.12.0 to 23.1.0 (#15103)dependabot[bot]2023-02-223-9/+11
|
* Remove unused `room_alias` field from `/createRoom` response (#15093)David Robertson2023-02-221-2/+2
| | | | | | | | | | | | | | * Change `create_room` return type * Don't return room alias from /createRoom * Update other callsites * Fix up mypy complaints It looks like new_room_user_id is None iff new_room_id is None. It's a shame we haven't expressed this in a way that mypy can understand. * Changelog
* Prevent clients from reporting nonexistent events. (#13779)reivilibre2023-02-141-1/+10
|
* Refactor arguments of `try_unbind_threepid(_with_id_server)` from dict to ↵Andrew Morgan2023-02-131-6/+1
| | | | separate args (#15053)
* Apply logging from hotfixes branch to develop (#15054)David Robertson2023-02-131-0/+3
| | | | | | | | | * Apply logging from hotfixes branch to develop Part of #4826. Originally added in #11882. * Changelog
* Respond correctly to unknown methods on known endpoints (#14605)Patrick Cloke2023-02-092-17/+35
| | | | Respond with a 405 error if a request is received on a known endpoint, but to an unknown method, per MSC3743.
* Add helper to parse an enum from query args & use it. (#14956)Patrick Cloke2023-02-012-3/+5
| | | | | | | | The `parse_enum` helper pulls an enum value from the query string (by delegating down to the parse_string helper with values generated from the enum). This is used to pull out "f" and "b" in most places and then we thread the resulting Direction enum throughout more code.
* Prefer `type(x) is int` to `isinstance(x, int)` (#14945)David Robertson2023-01-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Perfer `type(x) is int` to `isinstance(x, int)` This covered all additional instances I could see where `x` was user-controlled. The remaining cases are ``` $ rg -s 'isinstance.*[^_]int' tests/replication/_base.py 576: if isinstance(obj, int): synapse/util/caches/stream_change_cache.py 136: assert isinstance(stream_pos, int) 214: assert isinstance(stream_pos, int) 246: assert isinstance(stream_pos, int) 267: assert isinstance(stream_pos, int) synapse/replication/tcp/external_cache.py 133: if isinstance(result, int): synapse/metrics/__init__.py 100: if isinstance(calls, (int, float)): synapse/handlers/appservice.py 262: assert isinstance(new_token, int) synapse/config/_util.py 62: if isinstance(p, int): ``` which cover metrics, logic related to `jsonschema`, and replication and data streams. AFAICS these are all internal to Synapse * Changelog
* Add missing type hints in tests (#14879)Patrick Cloke2023-01-261-1/+2
| | | | * FIx-up type hints in tests.logging. * Add missing type hints to test_transactions.
* Use StrCollection in place of Collection[str] in (most) handlers code. (#14922)Patrick Cloke2023-01-261-2/+2
| | | | Due to the increased safety of StrCollection over Collection[str] and Sequence[str].
* Remove unnecessary reactor reference from `_PerHostRatelimiter` (#14842)Sean Quah2023-01-161-1/+0
| | | | | Fix up #14812 to avoid introducing a reference to the reactor. Signed-off-by: Sean Quah <seanq@matrix.org>
* Fix stack overflow in `_PerHostRatelimiter` due to synchronous requests (#14812)Sean Quah2023-01-131-0/+1
| | | | | | | | | | | | | | | | | | When there are many synchronous requests waiting on a `_PerHostRatelimiter`, each request will be started recursively just after the previous request has completed. Under the right conditions, this leads to stack exhaustion. A common way for requests to become synchronous is when the remote client disconnects early, because the homeserver is overloaded and slow to respond. Avoid stack exhaustion under these conditions by deferring subsequent requests until the next reactor tick. Fixes #14480. Signed-off-by: Sean Quah <seanq@matrix.org>
* Disable sending confirmation email when 3pid is disabled #14682 (#14725)Jeyachandran Rathnam2023-01-091-0/+5
| | | | | | | | | | | * Fixes #12277 :Disable sending confirmation email when 3pid is disabled * Fix test_add_email_if_disabled test case to reflect changes to enable_3pid_changes flag * Add changelog file * Rename newsfragment. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Add experimental support for MSC3391: deleting account data (#14714)Andrew Morgan2023-01-011-0/+115
|
* Move `StateFilter` to `synapse.types` (#14668)David Robertson2022-12-121-1/+1
| | | | | * Move `StateFilter` to `synapse.types` * Changelog
* Reject receipt requests with invalid room or event IDs. (#14632)Nick Mills-Barrett2022-12-071-1/+4
| | | | If the room or event IDs are empty or of an invalid form they should be rejected.
* Fix a long-standing bug where the user directory would return 1 more row ↵reivilibre2022-12-071-2/+2
| | | | than requested. (#14631)
* Improve logging and opentracing for to-device message handling (#14598)Richard van der Hoff2022-12-061-1/+0
| | | | | | | A batch of changes intended to make it easier to trace to-device messages through the system. The intention here is that a client can set a property org.matrix.msgid in any to-device message it sends. That ID is then included in any tracing or logging related to the message. (Suggestions as to where this field should be documented welcome. I'm not enthusiastic about speccing it - it's very much an optional extra to help with debugging.) I've also generally improved the data we send to opentracing for these messages.
* Suppress empty body warnings in room servelets (#14600)David Robertson2022-12-051-12/+2
| | | | | | | | | * Suppress empty body warnings in room servelets We've already decided to allow empty bodies for backwards compat. The change here stops us from emitting a misleading warning; see also https://github.com/matrix-org/synapse/issues/14478#issuecomment-1319157105 * Changelog
* Use ClientRestResource on both the main process and workers. (#14528)Patrick Cloke2022-12-025-26/+30
| | | | | | | Add logic to ClientRestResource to decide whether to mount servlets or not based on whether the current process is a worker. This is clearer to see what a worker runs than the completely separate / copy & pasted list of servlets being mounted for workers.
* Advertise support for Matrix v1.5. (#14576)Patrick Cloke2022-11-291-0/+1
| | | | All features of Matrix v1.5 were already supported: this was mostly a maintenance release.
* Move MSC3030 `/timestamp_to_event` endpoint to stable v1 location (#14471)Eric Eastwood2022-11-282-9/+3
| | | | | | | | Fix https://github.com/matrix-org/synapse/issues/14390 - Client API: `/_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` -> `/_matrix/client/v1/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` - Federation API: `/_matrix/federation/unstable/org.matrix.msc3030/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` -> `/_matrix/federation/v1/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` Complement test changes: https://github.com/matrix-org/complement/pull/559
* Add a type hint for `get_device_handler()` and fix incorrect types. (#14055)Patrick Cloke2022-11-222-6/+20
| | | | | This was the last untyped handler from the HomeServer object. Since it was being treated as Any (and thus unchecked) it was being used incorrectly in a few places.
* Remove need for `worker_main_http_uri` setting to use /keys/upload. (#14400)realtyem2022-11-161-18/+50
|
* Remove redundant types from comments. (#14412)Patrick Cloke2022-11-161-1/+1
| | | | | | | Remove type hints from comments which have been added as Python type hints. This helps avoid drift between comments and reality, as well as removing redundant information. Also adds some missing type hints which were simple to fill in.
* Fix /refresh endpoint version (#14364)Tulir Asokan2022-11-041-1/+1
|
* Implement MSC3912: Relation-based redactions (#14260)Brendan Abolivier2022-11-032-14/+45
| | | Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fix dehydrated device REST checks (#14336)David Robertson2022-10-311-3/+2
|
* Reject history insertion during partial joins (#14291)David Robertson2022-10-271-0/+7
|
* Save login tokens in database (#13844)Quentin Gliech2022-10-262-5/+3
| | | | | | | | | | | * Save login tokens in database Signed-off-by: Quentin Gliech <quenting@element.io> * Add upgrade notes * Track login token reuse in a Prometheus metric Signed-off-by: Quentin Gliech <quenting@element.io>
* Implementation for MSC3664: Pushrules for relations (#11804)DeepBlueV7.X2022-10-251-0/+5
|
* Return NOT_JSON if decode fails and defer set_timeline_upper_limit ca… ↵Ryan Miguel2022-10-241-4/+4
| | | | | | | (#14262) * Return NOT_JSON if decode fails and defer set_timeline_upper_limit call until after check_valid_filter. Fixes #13661. Signed-off-by: Ryan Miguel <miguel.ryanj@gmail.com>. * Reword changelog
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-182-0/+77
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Support filtering the /messages API by relation type (MSC3874). (#14148)Patrick Cloke2022-10-171-0/+2
| | | Gated behind an experimental configuration flag.
* Use Pydantic when PUTting room aliases (#14179)David Robertson2022-10-171-23/+35
|
* Accept threaded receipts for events related to the root event. (#14174)Patrick Cloke2022-10-141-2/+42
| | | | | | | | | The root node of a thread (and events related to it) are considered "part of a thread" when validating receipts. This allows clients which show the root node in both the main timeline and the threaded timeline to easily send receipts in either. Note that threaded notifications are not created for these events, these events created notifications on the main timeline.
* Advertise support for Matrix 1.4. (#14184)Patrick Cloke2022-10-141-0/+1
| | | | All features / changes in Matrix 1.4 are now supported in Synapse.
* Do not allow a None-limit on PaginationConfig. (#14146)Patrick Cloke2022-10-143-3/+9
| | | | | | | The callers either set a default limit or manually handle a None-limit later on (by setting a default value). Update the callers to always instantiate PaginationConfig with a default limit and then assume the limit is non-None.
* Stabilize the threads API. (#14175)Patrick Cloke2022-10-141-7/+2
| | | | | | | Stabilize the threads API (MSC3856) by supporting (only) the v1 path for the endpoint. This also marks the API as safe for workers since it is a read-only API.
* Add an API for listing threads in a room. (#13394)Patrick Cloke2022-10-131-1/+49
| | | | | | | | | Implement the /threads endpoint from MSC3856. This is currently unstable and behind an experimental configuration flag. It includes a background update to backfill data, results from the /threads endpoint will be partial until that finishes.
* Remove support for the unstable dir flag on relations. (#14106)Patrick Cloke2022-10-071-35/+10
| | | | | | From MSC3715, this was unused by clients (and there was no way for clients to know it was supported). Matrix 1.4 defines the stable field.
* Use stable identifiers for MSC3771 & MSC3773. (#14050)Patrick Cloke2022-10-073-29/+30
| | | | | These are both part of Matrix 1.4 which has now been released. For now, support both the unstable and stable identifiers.
* Use Pydantic to validate /devices endpoints (#14054)David Robertson2022-10-071-46/+52
|
* Recursively fetch the thread for receipts & notifications. (#13824)Patrick Cloke2022-10-041-2/+20
| | | | | | Consider an event to be part of a thread if you can follow a chain of relations up to a thread root. Part of MSC3773 & MSC3771.
* Advertise supporting version 1.3 of the Matrix spec. (#14032)Patrick Cloke2022-10-041-0/+1
| | | Now that all features / changes in 1.3 are supported in Synapse.
* Track notification counts per thread (implement MSC3773). (#13776)Patrick Cloke2022-10-042-1/+6
| | | | | | | | When retrieving counts of notifications segment the results based on the thread ID, but choose whether to return them as individual threads or as a single summed field by letting the client opt-in via a sync flag. The summarization code is also updated to be per thread, instead of per room.
* Do not return unspecced original_event field when using the stable ↵Patrick Cloke2022-10-031-0/+6
| | | | | | | | | | /relations endpoint. (#14025) Keep the old behavior (of including the original_event field) for any requests to the /unstable version of the endpoint, but do not include the field when the /v1 version is used. This should avoid new clients from depending on this field, but will not help with current dependencies.
* Add query parameter `ts` to allow appservices set the `origin_server_ts` for ↵lukasdenk2022-10-031-13/+21
| | | | | | | state events. (#11866) MSC3316 declares that both /rooms/{roomId}/send and /rooms/{roomId}/state should accept a ts parameter for appservices. This change expands support to /state and adds tests.
* Allow admins to require a manual approval process before new accounts can be ↵Brendan Abolivier2022-09-292-5/+54
| | | | used (using MSC3866) (#13556)
* Expose MSC3882 only be under an unstable endpoint. (#13868)Hugh Nimmo-Smith2022-09-291-1/+3
|
* Support the stable dir parameter for /relations. (#13920)Patrick Cloke2022-09-271-9/+15
| | | | | | | Since MSC3715 has passed FCP, the stable parameter can be used. This currently falls back to the unstable parameter if the stable parameter is not provided (and MSC3715 support is enabled in the configuration).
* Accept & store thread IDs for receipts (implement MSC3771). (#13782)Patrick Cloke2022-09-233-1/+17
| | | | Updates the `/receipts` endpoint and receipt EDU handler to parse a `thread_id` from the body and insert it in the database.
* Last batch of Pydantic for synapse/rest/client/account.py (#13832)David Robertson2022-09-211-6/+13
| | | | | | | * Validation for `/add_threepid/msisdn/submit_token` * Don't validate deprecated endpoint * Changelog
* Add version flag for MSC3881 (#13860)Brendan Abolivier2022-09-211-0/+2
|
* Track device IDs for pushers (#13831)Brendan Abolivier2022-09-211-0/+3
| | | Second half of the MSC3881 implementation
* Implementation of MSC3882 login token request (#13722)Hugh Nimmo-Smith2022-09-212-0/+96
|
* Support enabling/disabling pushers (from MSC3881) (#13799)Brendan Abolivier2022-09-211-3/+15
| | | Partial implementation of MSC3881
* A third batch of Pydantic validation for rest/client/account.py (#13736)David Robertson2022-09-152-42/+51
|
* A second batch of Pydantic models for rest/client/account.py (#13687)David Robertson2022-09-072-32/+46
|
* Cancel the processing of key query requests when they time out. (#13680)reivilibre2022-09-071-2/+4
|
* Remove support for unstable private read receipts (#13653)Šimon Brandner2022-09-014-6/+0
| | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Drop support for calling `/_matrix/client/v3/rooms/{roomId}/invite` without ↵Jacek Kuśnierz2022-08-311-8/+12
| | | | | | | an `id_access_token` (#13241) Fixes #13206 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
* Generalise the `@cancellable` annotation so it can be used on functions ↵reivilibre2022-08-311-1/+2
| | | | other than just servlet methods. (#13662)
* Drop support for delegating email validation, round 2 (#13596)David Robertson2022-08-232-112/+55
|
* Fix Prometheus metrics being negative (mixed up start/end) (#13584)Eric Eastwood2022-08-231-1/+5
| | | | | | | Fix: - https://github.com/matrix-org/synapse/pull/13535#discussion_r949582508 - https://github.com/matrix-org/synapse/pull/13533#discussion_r949577244
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-223-13/+7
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Remove redundant opentracing spans for `/sendToDevice` and `/keys/upload` ↵Andrew Morgan2022-08-222-4/+2
| | | | (#13574)
* Implement MSC3852: Expose `last_seen_user_agent` to users for their own ↵Andrew Morgan2022-08-191-0/+27
| | | | devices; also expose to Admin API (#13549)
* Fix validation problem that occurs when a user tries to deactivate their ↵reivilibre2022-08-191-3/+3
| | | | account or change their password. (#13563)
* Add metrics to track `/messages` response time by room size (#13545)Eric Eastwood2022-08-181-2/+53
| | | | | Follow-up to https://github.com/matrix-org/synapse/pull/13533 Part of https://github.com/matrix-org/synapse/issues/13356
* Add specific metric to time long-running `/messages` requests (#13533)Eric Eastwood2022-08-171-0/+32
|
* Use Pydantic to systematically validate a first batch of endpoints in ↵David Robertson2022-08-152-85/+132
| | | | `synapse.rest.client.account`. (#13188)
* Support stable identifiers for MSC2285: private read receipts. (#13273)Šimon Brandner2022-08-054-7/+19
| | | | | This adds support for the stable identifiers of MSC2285 while continuing to support the unstable identifiers behind the configuration flag. These will be removed in a future version.
* Rename `RateLimitConfig` to `RatelimitSettings` (#13442)Dirk Klimpel2022-08-031-2/+2
|
* Merge tag 'v1.64.0rc2' into developRichard van der Hoff2022-07-292-54/+111
|\ | | | | | | | | | | | | Synapse 1.64.0rc2 (2022-07-29) ============================== This RC reintroduces support for `account_threepid_delegates.email`, which was removed in 1.64.0rc1. It remains deprecated and will be removed altogether in a future release. ([\#13406](https://github.com/matrix-org/synapse/issues/13406))
| * Revert "Drop support for delegating email validation (#13192)" (#13406)3nprob2022-07-292-54/+111
| | | | | | | | | | Reverts commit fa71bb18b527d1a3e2629b48640ea67fff2f8c59, and tweaks documentation. Signed-off-by: 3nprob <git@3n.anonaddy.com>
* | Use stable prefixes for MSC3827: filtering of `/publicRooms` by room type ↵Šimon Brandner2022-07-271-2/+2
|/ | | | | | (#13370) Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Add missing types to opentracing. (#13345)Patrick Cloke2022-07-211-1/+3
| | | After this change `synapse.logging` is fully typed.
* Add type annotations to `trace` decorator. (#13328)Patrick Cloke2022-07-194-15/+18
| | | | Functions that are decorated with `trace` are now properly typed and the type hints for them are fixed.
* Reduce duplicate code in receipts servlets. (#13198)Patrick Cloke2022-07-132-44/+32
|
* Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an ↵Jacek Kuśnierz2022-07-121-2/+4
| | | | | | | `id_access_token` (#13239) Fixes #13201 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
* Drop support for delegating email validation (#13192)Richard van der Hoff2022-07-122-112/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop support for delegating email validation Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been deprecated. It will now cause a config error at startup. * Update unit test which checks for email verification Give it an `email` config instead of a threepid delegate * Remove unused method `requestEmailToken` * Simplify config handling for email verification Rather than an enum and a boolean, all we need here is a single bool, which says whether we are or are not doing email verification. * update docs * changelog * upgrade.md: fix typo * update version number this will be in 1.64, not 1.63 * update version number this one too
* Make the AS login method call `Auth.get_user_by_req` for checking the AS ↵Quentin Gliech2022-07-121-2/+8
| | | | | | | | token. (#13094) This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>
* Extra validation for rest/client/account_data (#13148)David Robertson2022-07-011-2/+17
| | | | | | | * Extra validation for rest/client/account_data This is a fairly simple endpoint and we did pretty well here. * Changelog
* Implement MSC3827: Filtering of `/publicRooms` by room type (#13031)Šimon Brandner2022-06-291-0/+2
| | | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Remove unspecced DELETE endpoint that modifies room visibility (#13123)santhoshivan232022-06-281-11/+0
|
* validate room alias before interacting with the room directory (#13106)santhoshivan232022-06-221-0/+6
|
* Simplify the alias deletion logic as an application service. (#13093)Quentin Gliech2022-06-171-22/+13
|
* Allow MSC3030 'timestamp_to_event' calls from anyone on world-readable ↵Quentin Gliech2022-06-171-1/+3
| | | | | rooms. (#13062) Signed-off-by: Quentin Gliech <quenting@element.io>
* Replace pyjwt with authlib in `org.matrix.login.jwt` (#13011)Hannes Lerchl2022-06-151-8/+38
|
* Fix `destination_is` errors seen in sentry. (#13041)David Robertson2022-06-141-4/+16
| | | | | | * Rename test_fedclient to match its source file * Require at least one destination to be truthy * Explicitly validate user ID in profile endpoint GETs Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Move the "email unsubscribe" resource, refactor the macaroon generator & ↵Quentin Gliech2022-06-141-38/+12
| | | | | | | | | | | | | | | | | | | | | simplify the access token verification logic. (#12986) This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods.
* Move the (unstable) `dir` parameter for /relations behind an experimental ↵Patrick Cloke2022-06-081-3/+10
| | | | | | flag. (#12984) MSC3715 defines this parameter, but the unstable version of it should be behind an experimental flag.
* Consolidate the logic of delete_device/delete_devices. (#12970)Patrick Cloke2022-06-072-3/+5
| | | | | | | | By always using delete_devices and sometimes passing a list with a single device ID. Previously these methods had gotten out of sync with each other and it seems there's little benefit to the single-device variant.
* Reduce the amount of state we pull from the DB (#12811)Erik Johnston2022-06-061-2/+5
|
* Mutual rooms: Remove dependency on user directory (#12836)Jonathan de Jong2022-05-301-13/+2
|
* Additional constants for EDU types. (#12884)Patrick Cloke2022-05-271-2/+2
| | | Instead of hard-coding strings in many places.
* Remove unstable APIs for /hierarchy. (#12851)Patrick Cloke2022-05-261-6/+1
| | | | Removes the unstable endpoint as well as a duplicated field which was modified during stabilization.
* Remove user-visible groups/communities code (#12553)Patrick Cloke2022-05-252-970/+0
| | | | | | | | | Makes it so that groups/communities no longer exist from a user-POV. E.g. we remove: * All API endpoints (including Client-Server, Server-Server, and admin). * Documented configuration options (and the experimental flag, which is now unused). * Special handling during room upgrades. * The `groups` section of the `/sync` response.
* Discard null-containing strings before updating the user directory (#12762)David Robertson2022-05-181-2/+2
|
* Add some type hints to datastore (#12717)Dirk Klimpel2022-05-171-2/+2
|
* Enable cancellation of `GET /members` and `GET /state` requests (#12708)Sean Quah2022-05-111-1/+5
| | | | | | | | Enable cancellation of `GET /rooms/$room_id/members`, `GET /rooms/$room_id/state` and `GET /rooms/$room_id/state/$state_key/*` requests. Signed-off-by: Sean Quah <seanq@element.io>
* No longer permit empty body when sending receipts (#12709)David Robertson2022-05-111-12/+1
|
* Use `ParamSpec` in a few places (#12667)David Robertson2022-05-092-10/+13
|
* Don't error on unknown receipt types (#12670)Erik Johnston2022-05-091-12/+15
| | | Fixes #12669
* Use `private` instead of `hidden` in MSC2285 related code. (#12635)Šimon Brandner2022-05-051-1/+1
|
* Fix typo in some instances of enable_registration_token_3pid_bypass. (#12639)Will Hunt2022-05-051-1/+1
|
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-043-10/+18
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Implement changes to MSC2285 (hidden read receipts) (#12168)Šimon Brandner2022-05-043-31/+54
| | | | | * Changes hidden read receipts to be a separate receipt type (instead of a field on `m.read`). * Updates the `/receipts` endpoint to accept `m.fully_read`.
* Remove unstable/unspecced login types. (#12597)Patrick Cloke2022-05-041-11/+4
| | | | | | * `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release.
* Remove unstable identifiers for MSC3069. (#12596)Patrick Cloke2022-05-031-2/+0
|
* Add a module API to allow modules to edit push rule actions (#12406)Brendan Abolivier2022-04-271-95/+17
| | | Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add option to enable token registration without requiring 3pids (#12526)Will Hunt2022-04-271-1/+6
|
* Implement MSC2815: allow room moderators to view redacted event content (#12427)Tulir Asokan2022-04-202-1/+47
| | | | | | Implements matrix-org/matrix-spec-proposals#2815 Signed-off-by: Tulir Asokan <tulir@maunium.net>
* Fix `/room/.../event/...` to return the *original* event after any edits ↵Richard van der Hoff2022-04-191-1/+3
| | | | | | (#12476) This is what the MSC (now) requires. Fixes https://github.com/matrix-org/synapse/issues/10310.
* Limit `device_id` size to 512B (#12454)Shay2022-04-131-0/+9
| | | *
* Prevent a sync request from removing a user's busy presence status (#12213)David Baker2022-04-131-6/+3
| | | | | | | | | | In trying to use the MSC3026 busy presence status, the user's status would be set back to 'online' next time they synced. This change makes it so that syncing does not affect a user's presence status if it is currently set to 'busy': it must be removed through the presence API. The MSC defers to implementations on the behaviour of busy presence, so this ought to remain compatible with the MSC.
* Rename Mutual Rooms `unstable_features` flag to match MSC (#12445)Jonathan de Jong2022-04-131-1/+1
| | | Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>
* Remove references to unstable identifiers from MSC3440. (#12382)Patrick Cloke2022-04-121-1/+0
| | | | | Removes references to unstable thread relation, unstable identifiers for filtering parameters, and the experimental config flag.
* Do not add groups to sync results if disabled. (#12408)Patrick Cloke2022-04-071-8/+7
|
* Support the v1 endpoint for `/relations`. (#12403)Patrick Cloke2022-04-071-1/+1
| | | | Now that MSC2675 has passed FCP and the implementation is compliant with the final version.
* Move MSC2654 support behind an experimental configuration flag. (#12295)Patrick Cloke2022-03-311-1/+3
| | | To match the current thinking on disabling experimental features by default.
* Remove the unused and unstable `/aggregations` endpoint. (#12293)Patrick Cloke2022-03-301-170/+0
| | | | | | | | | This endpoint was removed from MSC2675 before it was approved. It is currently unspecified (even in any MSCs) and therefore subject to removal. It is not implemented by any known clients. This also changes the bundled aggregation format for `m.annotation`, which previously included pagination tokens for the `/aggregations` endpoint, which are no longer useful.