summary refs log tree commit diff
path: root/synapse/rest/key (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Validate input to POST /key/v2/query endpoint. (#16183)Patrick Cloke2023-08-251-10/+29
| | | To avoid 500 internal server errors with garbage input.
* Add cache to `get_server_keys_json_for_remote` (#16123)Erik Johnston2023-08-181-19/+25
|
* Declare support for Matrix 1.6 (#15559)Patrick Cloke2023-05-122-1/+21
| | | | | | | Adds logging for key server requests which include a key ID. This is technically in violation of the 1.6 spec, but is the only way to remain backwards compatibly with earlier versions of Synapse (and possibly other homeservers) which *did* include the key ID.
* Modify StoreKeyFetcher to read from server_keys_json. (#15417)Patrick Cloke2023-04-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change: * `PerspectivesKeyFetcher` and `ServerKeyFetcher` write to `server_keys_json`. * `PerspectivesKeyFetcher` also writes to `server_signature_keys`. * `StoreKeyFetcher` reads from `server_signature_keys`. After this change: * `PerspectivesKeyFetcher` and `ServerKeyFetcher` write to `server_keys_json`. * `PerspectivesKeyFetcher` also writes to `server_signature_keys`. * `StoreKeyFetcher` reads from `server_keys_json`. This results in `StoreKeyFetcher` now using the results from `ServerKeyFetcher` in addition to those from `PerspectivesKeyFetcher`, i.e. keys which are directly fetched from a server will now be pulled from the database instead of refetched. An additional minor change is included to avoid creating a `PerspectivesKeyFetcher` (and checking it) if no `trusted_key_servers` are configured. The overall impact of this should be better usage of cached results: * If a server has no trusted key servers configured then it should reduce how often keys are fetched. * if a server's trusted key server does not have a requested server's keys cached then it should reduce how often keys are directly fetched.
* Add a primitive helper script for listing worker endpoints. (#15243)reivilibre2023-03-231-0/+2
| | | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Use servlets for /key/ endpoints. (#14229)Patrick Cloke2022-10-203-50/+64
| | | | | To fix the response for unknown endpoints under that prefix. See MSC3743.
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-181-2/+2
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Return keys for unwhitelisted servers from `/_matrix/key/v2/query` (#13683)Richard van der Hoff2022-09-011-20/+21
|
* Fix typechecker problems exposed by signedjson 1.1.2 (#12326)David Robertson2022-03-292-10/+10
|
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-1/+1
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Add missing type hints to synapse.http. (#11571)Patrick Cloke2021-12-141-2/+2
|
* Add reactor to `SynapseRequest` and fix up types. (#10868)Erik Johnston2021-09-241-5/+4
|
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-232-7/+9
|
* Add missing type hints to non-client REST servlets. (#10817)Patrick Cloke2021-09-153-15/+37
| | | | Including admin, consent, key, synapse, and media. All REST servlets (the synapse.rest module) now require typed method definitions.
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-132-3/+5
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-161-2/+2
|
* Rewrite the KeyRing (#10035)Erik Johnston2021-06-021-1/+8
|
* Remove tls_fingerprints option (#9280)Jerin J Titus2021-05-242-11/+0
| | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-2/+2
|
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-143-3/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add type hints to the crypto module. (#8999)Patrick Cloke2021-01-041-4/+5
|
* Simplify the way the `HomeServer` object caches its internal attributes. ↵Jonathan de Jong2020-11-301-1/+1
| | | | | (#8565) Changes `@cache_in_self` to use underscore-prefixed attributes.
* Fix typos in comments.Patrick Cloke2020-09-141-1/+1
|
* Be stricter about JSON that is accepted by Synapse (#8106)Patrick Cloke2020-08-191-3/+5
|
* Iteratively encode JSON responses to avoid blocking the reactor. (#8013)Patrick Cloke2020-08-181-3/+3
|
* Ensure that calls to `json.dumps` are compatible with the standard library ↵Patrick Cloke2020-07-151-1/+3
| | | | json. (#7836)
* Merge different Resource implementation classes (#7732)Erik Johnston2020-07-031-8/+4
|
* Convert remote key resource REST layer to async/await. (#7020)Patrick Cloke2020-03-051-7/+4
|
* Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-211-1/+1
| | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Fixup synapse.rest to pass mypy (#6732)Erik Johnston2020-01-201-2/+3
|
* Back out ill-advised notary server hackery (#6657)Richard van der Hoff2020-01-081-22/+8
| | | | | | | | | | | This was ill-advised. We can't modify verify_keys here, because the response object has already been signed by the requested key. Furthermore, it's somewhat unnecessary because existing versions of Synapse (which get upset that the notary key isn't present in verify_keys) will fall back to a direct fetch via `/key/v2/server`. Also: more tests for fetching keys via perspectives: it would be nice if we actually tested when our fetcher can't talk to our notary impl.
* Workaround for error when fetching notary's own key (#6620)Richard van der Hoff2020-01-061-8/+22
| | | | | | | | | | | | | | * Kill off redundant SynapseRequestFactory We already get the Site via the Channel, so there's no need for a dedicated RequestFactory: we can just use the right constructor. * Workaround for error when fetching notary's own key As a notary server, when we return our own keys, include all of our signing keys in verify_keys. This is a workaround for #6596.
* Update black to 19.10b0 (#6304)Amber Brown2019-11-011-1/+1
| | | * update version of black and also fix the mypy config being overridden
* Fixup review commentsErik Johnston2019-08-231-2/+2
|
* Only sign when we respond to remote key requestsErik Johnston2019-08-211-13/+15
|
* Make the http server handle coroutine-making REST servlets (#5475)Amber Brown2019-06-291-18/+10
|
* Run Black. (#5482)Amber Brown2019-06-202-46/+38
|
* Notary server: make requests to origins in parallelRichard van der Hoff2019-06-041-10/+2
| | | | ... else we're guaranteed to time out.
* Fix remote_key_resourceRichard van der Hoff2019-05-231-3/+3
|
* Remove deprecated v1 key exchange endpoint (#4119)Amber Brown2018-10-312-106/+0
|
* Port rest/ to Python 3 (#3823)Amber Brown2018-09-123-5/+7
|
* run isortAmber Brown2018-07-094-17/+20
|
* Set Server header in SynapseRequestRichard van der Hoff2018-05-103-6/+0
| | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really.
* Remove redundant request_handler decoratorRichard van der Hoff2018-05-101-3/+5
| | | | | | This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler.
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-0/+8
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Fix code for reporting old verify keys in synapseMark Haines2017-04-241-3/+2
|
* Improve comment formattingMark Haines2016-10-121-3/+6
|
* Add config option for adding additional TLS fingerprintsMark Haines2016-10-111-12/+4
|
* Don't print stack traces when failing to get remote keysErik Johnston2016-08-101-1/+3
|
* Report per request metrics for all of the things using request_handlerMark Haines2016-04-282-3/+2
|
* Use parse_json_object_from_request to parse JSON out of request bodiesMark Haines2016-03-111-10/+2
|
* copyrightsMatthew Hodgson2016-01-076-6/+6
|
* Remove syutil dependency in favour of smaller single-purpose librariesMark Haines2015-08-242-6/+6
|
* Implement minimum_valid_until_ts in the remote key resourceMark Haines2015-04-291-4/+55
|
* Copyright noticeMark Haines2015-04-241-0/+14
|
* Update to match the specification for key/v2Mark Haines2015-04-232-19/+24
|
* Implement remote key lookup apiMark Haines2015-04-223-8/+185
|
* Implement v2 key lookupMark Haines2015-04-201-1/+3
|
* Return a sha256 fingerprint rather than the entire tls certificateMark Haines2015-04-141-2/+8
|
* Add a version 2 of the key server apiMark Haines2015-04-142-0/+137
|
* Move server key api into rest/key/v1Mark Haines2015-04-143-0/+121