summary refs log tree commit diff
path: root/synapse/rest/synapse (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update the SSO username picker template to comply with SIWA guidelines (#12210)Brendan Abolivier2022-03-111-0/+8
| | | Fixes https://github.com/matrix-org/synapse/issues/12205
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-1/+1
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-242-2/+2
|
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-231-1/+1
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-231-5/+5
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Add missing type hints to non-client REST servlets. (#10817)Patrick Cloke2021-09-157-15/+33
| | | | Including admin, consent, key, synapse, and media. All REST servlets (the synapse.rest module) now require typed method definitions.
* Add types to synapse.util. (#10601)reivilibre2021-09-102-2/+2
|
* Ask consent on SSO registration with default mxid (#10733)AndrewFerr2021-09-101-2/+2
| | | | | | Fixes #10732: consent flow skipped during SSO user registration if username is left at default Signed-off-by: Andrew Ferrazzutti fair@miscworks.net
* Centralise the custom template directory (#10596)Brendan Abolivier2021-08-172-0/+4
| | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-161-2/+2
|
* Make DomainSpecificString an attrs class (#9875)Erik Johnston2021-04-231-0/+9
|
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1412-12/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-261-0/+3
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Fix Internal Server Error on `GET /saml2/authn_response` (#9623)Richard van der Hoff2021-03-161-2/+8
| | | | | | | * Fix Internal Server Error on `GET /saml2/authn_response` Seems to have been introduced in #8765 (Synapse 1.24.0) * Fix newsfile
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-014-4/+4
| | | | This also pins the Twisted version in the mypy job for CI until proper type hints are fixed throughout Synapse.
* Add back the deprecated SAML endpoint. (#9474)Patrick Cloke2021-02-231-1/+6
|
* Remove deprecated SAML2 callback URL since it does not work. (#9434)Patrick Cloke2021-02-181-5/+1
| | | | Updates documentation from #9289 and removes a deprecated endpoint which didn't work as expected.
* Support for form_post in OIDC responses (#9376)Richard van der Hoff2021-02-171-1/+12
| | | Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
* Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-024-3/+114
|
* Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-013-2/+63
|
* Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+99
|
* Make importing display name and email optional (#9277)Richard van der Hoff2021-02-011-3/+11
|
* Replace username picker with a template (#9275)Richard van der Hoff2021-02-011-20/+59
| | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
* Fix SSO on workers (#9271)Richard van der Hoff2021-02-011-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
* Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-012-10/+56
| | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-1/+3
| | | | | | | | | | | | | | | | * Factor out a common TestHtmlParser Looks like I'm doing this in a few different places. * Improve OIDC login test Complete the OIDC login flow, rather than giving up halfway through. * Ensure that OIDC login works with multiple OIDC providers * Fix bugs in handling clientRedirectUrl - don't drop duplicate query-params, or params with no value - allow utf-8 in query-params
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+82
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-0/+88
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-103-0/+155
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.