summary refs log tree commit diff
path: root/synapse/rest (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove more references to `get_datastore` (#12067)Richard van der Hoff2022-02-231-3/+0
| | | | | These have snuck in since #12031 was started. Also a couple of other cleanups while we're in the area.
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-2337-98/+100
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Implement account status endpoints (MSC3720) (#12001)Brendan Abolivier2022-02-222-0/+38
| | | | | See matrix-org/matrix-doc#3720 Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fetch images when previewing Twitter URLs. (#11985)AndrewRyanChama2022-02-221-1/+9
| | | | By including "bot" in the User-Agent, which some sites use to decide whether to include additional Open Graph information.
* Use v3 endpoints for fallback auth (Matrix 1.1) (#12019)Travis Ralston2022-02-221-4/+4
|
* Advertise Matrix 1.2 in `/_matrix/client/versions` (#12022)Travis Ralston2022-02-211-0/+1
| | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Advertise Matrix 1.1 in `/_matrix/client/versions` (#12020)Travis Ralston2022-02-181-0/+1
|
* Use stable MSC3069 `is_guest` flag on `/whoami`. (#12021)Travis Ralston2022-02-181-0/+2
| | | Keeping backwards compatibility with the unstable flag for now.
* Remove unstable MSC3283 flags (#12018)Erik Johnston2022-02-171-14/+0
| | | Fixes #11962
* Allow modules to set a display name on registration (#12009)Brendan Abolivier2022-02-171-0/+7
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Use version string helper from matrix-common (#11979)David Robertson2022-02-141-3/+3
| | | | * Require latest matrix-common * Use the common function
* Support the MSC3715 for `/relations`. (#11941)Patrick Cloke2022-02-111-0/+4
| | | | This adds an unstable org.matrix.msc3715.dir parameter which acts like dir on /mesages.
* Support the stable API endpoint for MSC3283: new settings in `/capabilities` ↵Dirk Klimpel2022-02-111-1/+14
| | | | endpoint (#11933)
* Support pagination tokens from /sync and /messages in the relations API. ↵Patrick Cloke2022-02-101-18/+39
| | | | (#11952)
* Implement a content type allow list for URL previews (#11936)Denis Kasak2022-02-101-0/+8
| | | | | | | This implements an allow list for content types for which Synapse will attempt URL preview. If a URL resolves to a resource with a content type which isn't in the list, the download will terminate immediately. This makes sense given that Synapse would never successfully generate a URL preview for such files in the first place, and helps prevent issues with streaming media servers, such as #8302. Signed-off-by: Denis Kasak dkasak@termina.org.uk
* Add a callback to allow modules to deny 3PID (#11854)Brendan Abolivier2022-02-082-5/+7
| | | | | Part of the Tchap Synapse mainlining. This allows modules to implement extra logic to figure out whether a given 3PID can be added to the local homeserver. In the Tchap use case, this will allow a Synapse module to interface with the custom endpoint /internal_info.
* Fix historical messages backfilling in random order on remote homeservers ↵Eric Eastwood2022-02-071-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (MSC2716) (#11114) Fix https://github.com/matrix-org/synapse/issues/11091 Fix https://github.com/matrix-org/synapse/issues/10764 (side-stepping the issue because we no longer have to deal with `fake_prev_event_id`) 1. Made the `/backfill` response return messages in `(depth, stream_ordering)` order (previously only sorted by `depth`) - Technically, it shouldn't really matter how `/backfill` returns things but I'm just trying to make the `stream_ordering` a little more consistent from the origin to the remote homeservers in order to get the order of messages from `/messages` consistent ([sorted by `(topological_ordering, stream_ordering)`](https://github.com/matrix-org/synapse/blob/develop/docs/development/room-dag-concepts.md#depth-and-stream-ordering)). - Even now that we return backfilled messages in order, it still doesn't guarantee the same `stream_ordering` (and more importantly the [`/messages` order](https://github.com/matrix-org/synapse/blob/develop/docs/development/room-dag-concepts.md#depth-and-stream-ordering)) on the other server. For example, if a room has a bunch of history imported and someone visits a permalink to a historical message back in time, their homeserver will skip over the historical messages in between and insert the permalink as the next message in the `stream_order` and totally throw off the sort. - This will be even more the case when we add the [MSC3030 jump to date API endpoint](https://github.com/matrix-org/matrix-doc/pull/3030) so the static archives can navigate and jump to a certain date. - We're solving this in the future by switching to [online topological ordering](https://github.com/matrix-org/gomatrixserverlib/issues/187) and [chunking](https://github.com/matrix-org/synapse/issues/3785) which by its nature will apply retroactively to fix any inconsistencies introduced by people permalinking 2. As we're navigating `prev_events` to return in `/backfill`, we order by `depth` first (newest -> oldest) and now also tie-break based on the `stream_ordering` (newest -> oldest). This is technically important because MSC2716 inserts a bunch of historical messages at the same `depth` so it's best to be prescriptive about which ones we should process first. In reality, I think the code already looped over the historical messages as expected because the database is already in order. 3. Making the historical state chain and historical event chain float on their own by having no `prev_events` instead of a fake `prev_event` which caused backfill to get clogged with an unresolvable event. Fixes https://github.com/matrix-org/synapse/issues/11091 and https://github.com/matrix-org/synapse/issues/10764 4. We no longer find connected insertion events by finding a potential `prev_event` connection to the current event we're iterating over. We now solely rely on marker events which when processed, add the insertion event as an extremity and the federating homeserver can ask about it when time calls. - Related discussion, https://github.com/matrix-org/synapse/pull/11114#discussion_r741514793 Before | After --- | --- ![](https://user-images.githubusercontent.com/558581/139218681-b465c862-5c49-4702-a59e-466733b0cf45.png) | ![](https://user-images.githubusercontent.com/558581/146453159-a1609e0a-8324-439d-ae44-e4bce43ac6d1.png) #### Why aren't we sorting topologically when receiving backfill events? > The main reason we're going to opt to not sort topologically when receiving backfill events is because it's probably best to do whatever is easiest to make it just work. People will probably have opinions once they look at [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) which could change whatever implementation anyway. > > As mentioned, ideally we would do this but code necessary to make the fake edges but it gets confusing and gives an impression of “just whyyyy” (feels icky). This problem also dissolves with online topological ordering. > > -- https://github.com/matrix-org/synapse/pull/11114#discussion_r741517138 See https://github.com/matrix-org/synapse/pull/11114#discussion_r739610091 for the technical difficulties
* Pass the proper type when uploading files. (#11927)Patrick Cloke2022-02-071-4/+9
| | | | The Content-Length header should be treated as an int, not a string. This shouldn't have any user-facing change.
* Stabilise MSC3231 (Token Based Registration) (#11867)Jonathan de Jong2022-02-041-4/+3
|
* Revert experimental push rules from #7997. (#11884)Patrick Cloke2022-02-021-11/+2
| | | Manually reverts the merge from cdbb8e6d6e36e0b6bc36e676d8fe66c96986b399.
* Add a module callback to set username at registration (#11790)Brendan Abolivier2022-01-261-1/+11
| | | | | | This is in the context of mainlining the Tchap fork of Synapse. Currently in Tchap usernames are derived from the user's email address (extracted from the UIA results, more specifically the m.login.email.identity step). This change also exports the check_username method from the registration handler as part of the module API, so that a module can check if the username it's trying to generate is correct and doesn't conflict with an existing one, and fallback gracefully if not. Co-authored-by: David Robertson <davidr@element.io>
* Improvements to bundling aggregations. (#11815)Patrick Cloke2022-01-263-31/+50
| | | | | | | | | | | This is some odds and ends found during the review of #11791 and while continuing to work in this code: * Return attrs classes instead of dictionaries from some methods to improve type safety. * Call `get_bundled_aggregations` fewer times. * Adds a missing assertion in the tests. * Do not return empty bundled aggregations for an event (preferring to not include the bundle at all, as the docstring states).
* Add a config flag to inhibit `M_USER_IN_USE` during registration (#11743)Brendan Abolivier2022-01-261-0/+11
| | | | | | | This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work). This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (https://github.com/matrix-org/synapse/pull/11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique. More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
* Add admin API to get a list of federated rooms (#11658)Dirk Klimpel2022-01-252-0/+58
|
* Add admin API to reset connection timeouts for remote server (#11639)Dirk Klimpel2022-01-252-3/+47
| | | * Fix get federation status of destination if no error occured
* Support rendering previews with data: URLs in them (#11767)Patrick Cloke2022-01-242-64/+191
| | | | | Images which are data URLs will no longer break URL previews and will properly be "downloaded" and thumbnailed.
* Do not try to serialize raw aggregations dict. (#11791)Patrick Cloke2022-01-212-16/+8
|
* Make the `get_global_account_data_by_type_for_user` cache be a tree-cache ↵reivilibre2022-01-211-1/+1
| | | | whose key is prefixed with the user ID (#11788)
* Fix preview of imgur and Tenor URLs. (#11669)Philippe Daouadi2022-01-182-13/+32
| | | | | | By scraping Open Graph information from the HTML even when an autodiscovery endpoint is found. The results are then combined to capture as much information as possible from the page.
* Include whether the requesting user has participated in a thread. (#11577)Patrick Cloke2022-01-182-2/+6
| | | | | | Per updates to MSC3440. This is implement as a separate method since it needs to be cached on a per-user basis, instead of a per-thread basis.
* Remove the 'password_hash' from the Users Admin API endpoint response ↵Andrew Morgan2022-01-141-7/+6
| | | | dictionary (#11576)
* Replace uses of simple_insert_many with simple_insert_many_values. (#11742)Patrick Cloke2022-01-131-26/+18
| | | | This should be (slightly) more efficient and it is simpler to have a single method for inserting multiple values.
* Include bundled aggregations in the sync response cache. (#11659)Patrick Cloke2022-01-131-14/+3
|
* Use auto_attribs/native type hints for attrs classes. (#11692)Patrick Cloke2022-01-131-3/+3
|
* Merge branch 'release-v1.50' into developOlivier Wilkinson (reivilibre)2022-01-071-0/+3
|\
| * Include `io.element.thread` capability for MSC3440. (#11690)Patrick Cloke2022-01-051-0/+3
| |
* | Bundle aggregations outside of the serialization method. (#11612)Patrick Cloke2022-01-076-42/+56
| | | | | | | | | | | | | | | | This makes the serialization of events synchronous (and it no longer access the database), but we must manually calculate and provide the bundled aggregations. Overall this should cause no change in behavior, but is prep work for other improvements.
* | Remove the /send_relation endpoint. (#11682)Patrick Cloke2022-01-061-120/+5
| | | | | | | | This was removed from MSC2674 before that was approved and is not used by any known clients.
* | Fix get federation status of destination if no error occured (#11593)Dirk Klimpel2022-01-051-7/+19
| |
* | Run `pyupgrade --py37-plus --keep-percent-format` on Synapse (#11685)Shay2022-01-051-1/+1
|/ | | | | | | | | * newsfragment * fix newsfragment number * update changelog * remove extra space
* Add admin API to get users' account data (#11664)Dirk Klimpel2022-01-052-0/+32
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Convert all namedtuples to attrs. (#11665)Patrick Cloke2021-12-301-6/+13
| | | To improve type hints throughout the code.
* Add type hints to event_push_actions. (#11594)Patrick Cloke2021-12-211-10/+10
|
* Various opentracing enhancements (#11619)Richard van der Hoff2021-12-211-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | * Wrap `auth.get_user_by_req` in an opentracing span give `get_user_by_req` its own opentracing span, since it can result in a non-trivial number of sub-spans which it is useful to group together. This requires a bit of reorganisation because it also sets some tags (and may force tracing) on the servlet span. * Emit opentracing span for encoding json responses This can be a significant time sink. * Rename all sync spans with a prefix * Write an opentracing span for encoding sync response * opentracing span to group generate_room_entries * opentracing spans within sync.encode_response * changelog * Use the `trace` decorator instead of context managers
* Do not bundle aggregations for APIs which shouldn't include them. (#11592)Patrick Cloke2021-12-203-8/+18
| | | | | And make bundling aggregations opt-in, instead of opt-out to avoid having APIs to include extraneous data (and being much heavier than necessary).
* Merge remote-tracking branch 'origin/release-v1.49' into developRichard van der Hoff2021-12-201-1/+9
|\
| * Disable aggregation bundling on `/sync` responses (#11583)Richard van der Hoff2021-12-201-1/+9
| | | | | | | | | | | | | | | | | | | | | | * Disable aggregation bundling on `/sync` responses A partial revert of #11478. This turns out to have had a significant CPU impact on initial-sync handling. For now, let's disable it, until we find a more efficient way of achieving this. * Fix tests. Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* | Add MSC2716 and MSC3030 to `/versions` -> `unstable_features` (#11582)Eric Eastwood2021-12-161-0/+4
| | | | | | | | As suggested in https://github.com/matrix-org/matrix-react-sdk/pull/7372#discussion_r769523369
* | Add missing type hints to synapse.http. (#11571)Patrick Cloke2021-12-141-2/+2
| |
* | Move HTML parsing to a separate file for URL previews. (#11566)Patrick Cloke2021-12-133-378/+407
| | | | | | | | | | | | | | * Splits the logic for parsing HTML from the resource handling code. * Fix a circular import in the oEmbed code (which uses the HTML parsing code). * Renames some of the HTML parsing methods to: * Make it clear which methods are "internal" to the module. * Clarify what the methods do.
* | Make `get_device` return None if the device doesn't exist rather than ↵reivilibre2021-12-132-2/+6
| | | | | | | | | | raising an exception. (#11565) Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* | Do not allow cross-room relations, per MSC2674. (#11516)Patrick Cloke2021-12-091-1/+6
| |
* | Support unprefixed versions of fallback key property names. (#11541)Hubert Chathi2021-12-091-0/+3
| |
* | Allow guests to send state events (#11378)Robert Long2021-12-091-1/+1
| |
* | Add a constant for receipt types (m.read). (#11531)Patrick Cloke2021-12-083-6/+7
| | | | | | And expand some type hints in the receipts storage module.
* | Clean up `synapse.rest.admin` (#11535)Dirk Klimpel2021-12-0813-164/+94
|/
* Fix 'delete room' admin api to work on incomplete rooms (#11523)Richard van der Hoff2021-12-071-3/+0
| | | | | If, for some reason, we don't have the create event, we should still be able to purge a room.
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-062-29/+23
| | | | into the Matrix specification. (#11435)
* Save the OIDC session ID (sid) with the device on login (#11482)Quentin Gliech2021-12-061-2/+5
| | | As a step towards allowing back-channel logout for OIDC.
* Add admin API to get some information about federation status (#11407)Dirk Klimpel2021-12-062-0/+141
|
* Include bundled aggregations in /sync and related fixes (#11478)Patrick Cloke2021-12-064-23/+10
| | | | | | | | Due to updates to MSC2675 this includes a few fixes: * Include bundled aggregations for /sync. * Do not include bundled aggregations for /initialSync and /events. * Do not bundle aggregations for state events. * Clarifies comments and variable names.
* Fix media repository failing when media store path contains symlinks (#11446)Sean Quah2021-12-021-44/+71
|
* Add MSC3030 experimental client and federation API endpoints to get the ↵Eric Eastwood2021-12-021-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | closest event to a given timestamp (#9445) MSC3030: https://github.com/matrix-org/matrix-doc/pull/3030 Client API endpoint. This will also go and fetch from the federation API endpoint if unable to find an event locally or we found an extremity with possibly a closer event we don't know about. ``` GET /_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction> { "event_id": ... "origin_server_ts": ... } ``` Federation API endpoint: ``` GET /_matrix/federation/unstable/org.matrix.msc3030/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction> { "event_id": ... "origin_server_ts": ... } ``` Co-authored-by: Erik Johnston <erik@matrix.org>
* Register the login redirect endpoint for v3. (#11451)Patrick Cloke2021-12-012-3/+3
| | | As specified for Matrix v1.1.
* Bundle relations of relations into the `/relations` result. (#11284)Patrick Cloke2021-11-301-6/+3
| | | | | Per updates to MSC2675 which now states that bundled aggregations should be included from the `/relations` endpoint.
* Convert status codes to `HTTPStatus` in `synapse.rest.admin` (#11452)Dirk Klimpel2021-11-2911-171/+275
|
* Support the stable /hierarchy endpoint from MSC2946 (#11329)Patrick Cloke2021-11-291-4/+4
| | | | | | This also makes additional updates where the implementation had drifted from the approved MSC. Unstable endpoints will be removed at a later data.
* Update MSC2918 refresh token support to confirm with the latest revision: ↵reivilibre2021-11-262-8/+13
| | | | accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
* Support expiry of refresh tokens and expiry of the overall session when ↵reivilibre2021-11-261-15/+37
| | | | refresh tokens are in use. (#11425)
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-232-5/+13
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Merge branch 'master' into developSean Quah2021-11-232-43/+216
|\
| * Prevent the media store from writing outside of the configured directorySean Quah2021-11-192-43/+216
| | | | | | | | | | Also tighten validation of server names by forbidding invalid characters in IPv6 addresses and empty domain labels.
* | Refactor the code to inject bundled relations during serialization. (#11408)Patrick Cloke2021-11-234-7/+7
| |
* | Add config for customizing the claim used for JWT logins. (#11361)Kostas2021-11-221-1/+2
| | | | | | | | | | Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
* | Add an admin API to run background jobs. (#11352)Dirk Klimpel2021-11-192-27/+98
| | | | | | | | | | | | Instead of having admins poke into the database directly. Can currently run jobs to populate stats and to populate the user directory.
* | Add dedicated admin API for blocking a room (#11324)Dirk Klimpel2021-11-182-0/+65
| |
* | Rename `get_access_token_for_user_id` method to ↵reivilibre2021-11-171-1/+1
| | | | | | | | `create_access_token_for_user_id` (#11369)
* | Add support for `/_matrix/client/v3` APIs (#11318)Aaron R2021-11-162-3/+3
| | | | | | | | | | This is one of the changes required to support Matrix 1.1 Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Add ability to un-shadow-ban via the admin API. (#11347)Patrick Cloke2021-11-161-2/+22
| |
* | Add support for the stable version of MSC2778 (#11335)Tulir Asokan2021-11-151-2/+7
| | | | | | | | | | | | | | | | | | * Add support for the stable version of MSC2778 Signed-off-by: Tulir Asokan <tulir@maunium.net> * Expect m.login.application_service in login and password provider tests Signed-off-by: Tulir Asokan <tulir@maunium.net>
* | Add type hints to media repository storage module (#11311)Patrick Cloke2021-11-121-4/+4
| |
* | Misc typing fixes for `tests`, part 1 of N (#11323)David Robertson2021-11-121-1/+3
| | | | | | | | | | | | | | | | | | | | * Annotate HomeserverTestCase.servlets * Correct annotation of federation_auth_origin * Use AnyStr custom_headers instead of a Union This allows (str, str) and (bytes, bytes). This disallows (str, bytes) and (bytes, str) * DomainSpecificString.SIGIL is a ClassVar
* | Convert delete room admin API to async endpoint (#11223)Dirk Klimpel2021-11-122-1/+139
| | | | | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* | Fix error in thumbnail generation (#11288)Neeeflix2021-11-101-4/+4
| | | | | | Signed-off-by: Jonas Zeunert <jonas@zeunert.org>
* | Allow admins to proactively block rooms (#11228)David Robertson2021-11-091-4/+17
| | | | | | | | Co-authored-by: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Support filtering by relations per MSC3440 (#11236)Patrick Cloke2021-11-093-6/+15
| | | | | | | | Adds experimental support for `relation_types` and `relation_senders` fields for filters.
* | Fix typo in `RelationAggregationPaginationServlet` error response (#11278)Andrew Morgan2021-11-091-1/+3
|/
* Require body for read receipts with user-agent exceptions (#11157)rogersheu2021-11-091-1/+11
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Rename to more clear `get_insertion_event_id_by_batch_id` (MSC2716) (#11244)Eric Eastwood2021-11-081-1/+1
| | | | | `get_insertion_event_by_batch_id` -> `get_insertion_event_id_by_batch_id` Split out from https://github.com/matrix-org/synapse/pull/11114
* Add some background update admin APIs (#11263)Erik Johnston2021-11-082-0/+113
| | | Fixes #11259
* Default value for `public_baseurl` (#11210)Richard van der Hoff2021-11-081-2/+1
| | | | | We might as well use a default value for `public_baseurl` based on `server_name` - in many cases, it will be correct.
* Enable passing typing stream writers as a list. (#11237)Nick Barrett2021-11-031-1/+1
| | | | This makes the typing stream writer config match the other stream writers that only currently support a single worker.
* Support sending no `state_events_at_start` in the MSC2716 `/batch_send` ↵Eric Eastwood2021-11-031-12/+17
| | | | | | | | endpoint (#11188) As brought up by @tulir, https://matrix.to/#/!SBYNQlpqkwJzFIdzxI:nevarro.space/$Gwnb2ZvXHc3poYXuBhho0cmoYq4KJ11Jh3m5s8kjNOM?via=nevarro.space&via=beeper.com&via=matrix.org This use case only works if the user is already joined in the current room state at the given `?prev_event_id`
* Merge remote-tracking branch 'origin/master' into developErik Johnston2021-11-021-3/+6
|\
| * Fix URL preview errors when previewing XML documents. (#11196)Patrick Cloke2021-10-271-3/+6
| |
* | Add remaining type hints to `synapse.events`. (#11098)Patrick Cloke2021-11-021-1/+1
| |
* | Handle missing Content-Type header when accessing remote media (#11200)Shay2021-11-012-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add code to handle missing content-type header and a test to verify that it works * add handling for missing content-type in the /upload endpoint as well * slightly refactor test code to put private method in approriate place * handle possible null value for content-type when pulling from the local db * add changelog * refactor test and add code to handle missing content-type in cached remote media * requested changes * Update changelog.d/11200.bugfix Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com> Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* | Remove deprecated delete room admin API (#11213)Dirk Klimpel2021-11-012-90/+53
| | | | | | | | | | Remove deprecated delete room admin API, `POST /_synapse/admin/v1/rooms/<room_id>/delete`
* | Support for serving server well-known files (#11211)Richard van der Hoff2021-11-011-2/+45
| | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/8308
* | Support Client-Server API r0.6.1 (#11097)Aaron R2021-11-011-0/+1
|/ | | | | Fixes #11064 Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Enable changing user type via users admin API (#11174)Jason Robinson2021-10-261-0/+3
| | | | | | | | Users admin API can now also modify user type in addition to allowing it to be set on user creation. Signed-off-by: Jason Robinson <jasonr@matrix.org> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Add type hints for most `HomeServer` parameters (#11095)Sean Quah2021-10-221-1/+1
|
* Add a thread relation type per MSC3440. (#11088)Patrick Cloke2021-10-211-1/+2
| | | | Adds experimental support for MSC3440's `io.element.thread` relation type (and the aggregation for it).
* Fix setting a user's external_id via the admin API returns 500 and deletes ↵Dirk Klimpel2021-10-211-29/+18
| | | | | users existing external mappings if that external ID is already mapped (#11051) Fixes #10846
* Show error when timestamp in seconds is provided to the /purge_media_cache ↵Aaron R2021-10-201-6/+27
| | | | API (#11101)
* Ensure each charset is attempted only once during media preview. (#11089)Patrick Cloke2021-10-141-6/+28
| | | | There's no point in trying more than once since it is guaranteed to continually fail.
* Attempt different character encodings when previewing a URL. (#11077)Patrick Cloke2021-10-141-41/+39
| | | | This follows similar logic to BeautifulSoup where we attempt different character encodings until we find one which works.
* Resolve and share `state_groups` for all historical events in batch ↵Eric Eastwood2021-10-131-9/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (MSC2716) (#10975) Resolve and share `state_groups` for all historical events in batch. This also helps for showing the appropriate avatar/displayname in Element and will work whenever `/messages` has one of the historical messages as the first message in the batch. This does have the flaw where if you just insert a single historical event somewhere, it probably won't resolve the state correctly from `/messages` or `/context` since it will grab a non historical event above or below with resolved state which never included the historical state back then. For the same reasions, this also does not work in Element between the transition from actual messages to historical messages. In the Gitter case, this isn't really a problem since all of the historical messages are in one big lump at the beginning of the room. For a future iteration, might be good to look at `/messages` and `/context` to additionally add the `state` for any historical messages in that batch. --- How are the `state_groups` shared? To illustrate the `state_group` sharing, see this example: **Before** (new `state_group` for every event 😬, very inefficient): ``` # Tests from https://github.com/matrix-org/complement/pull/206 $ COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory/parallel/should_resolve_member_state_events_for_historical_events create_new_client_event m.room.member event=$_JXfwUDIWS6xKGG4SmZXjSFrizhARM7QblhATVWWUcA state_group=None create_new_client_event org.matrix.msc2716.insertion event=$1ZBfmBKEjg94d-vGYymKrVYeghwBOuGJ3wubU1-I9y0 state_group=9 create_new_client_event org.matrix.msc2716.insertion event=$Mq2JvRetTyclPuozRI682SAjYp3GqRuPc8_cH5-ezPY state_group=10 create_new_client_event m.room.message event=$MfmY4rBQkxrIp8jVwVMTJ4PKnxSigpG9E2cn7S0AtTo state_group=11 create_new_client_event m.room.message event=$uYOv6V8wiF7xHwOMt-60d1AoOIbqLgrDLz6ZIQDdWUI state_group=12 create_new_client_event m.room.message event=$PAbkJRMxb0bX4A6av463faiAhxkE3FEObM1xB4D0UG4 state_group=13 create_new_client_event org.matrix.msc2716.batch event=$Oy_S7AWN7rJQe_MYwGPEy6RtbYklrI-tAhmfiLrCaKI state_group=14 ``` **After** (all events in batch sharing `state_group=10`) (the base insertion event has `state_group=8` which matches the `prev_event` we're inserting next to): ``` # Tests from https://github.com/matrix-org/complement/pull/206 $ COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory/parallel/should_resolve_member_state_events_for_historical_events create_new_client_event m.room.member event=$PWomJ8PwENYEYuVNoG30gqtybuQQSZ55eldBUSs0i0U state_group=None create_new_client_event org.matrix.msc2716.insertion event=$e_mCU7Eah9ABF6nQU7lu4E1RxIWccNF05AKaTT5m3lw state_group=9 create_new_client_event org.matrix.msc2716.insertion event=$ui7A3_GdXIcJq0C8GpyrF8X7B3DTjMd_WGCjogax7xU state_group=10 create_new_client_event m.room.message event=$EnTIM5rEGVezQJiYl62uFBl6kJ7B-sMxWqe2D_4FX1I state_group=10 create_new_client_event m.room.message event=$LGx5jGONnBPuNhAuZqHeEoXChd9ryVkuTZatGisOPjk state_group=10 create_new_client_event m.room.message event=$wW0zwoN50lbLu1KoKbybVMxLbKUj7GV_olozIc5i3M0 state_group=10 create_new_client_event org.matrix.msc2716.batch event=$5ZB6dtzqFBCEuMRgpkU201Qhx3WtXZGTz_YgldL6JrQ state_group=10 ```
* Remove dead code from `MediaFilePaths` (#11056)Sean Quah2021-10-131-17/+0
|
* Add type hints to synapse.events.*. (#11066)Patrick Cloke2021-10-131-4/+4
| | | Except `synapse/events/__init__.py`, which will be done in a follow-up.
* Be more lenient when parsing the version for oEmbed responses. (#11065)Patrick Cloke2021-10-132-8/+7
|
* Merge remote-tracking branch 'origin/release-v1.45' into developPatrick Cloke2021-10-121-1/+1
|\
| * Fix formatting string when oEmbed errors occur. (#11061)Patrick Cloke2021-10-121-1/+1
| |
* | Update `_wrap_in_base_path` type hints to preserve function arguments (#11055)Sean Quah2021-10-121-3/+6
|/
* Refactor MSC2716 `/batch_send` endpoint into separate handler functions (#10974)Eric Eastwood2021-10-081-283/+56
|
* Autodiscover oEmbed endpoint from returned HTML (#10822)Patrick Cloke2021-10-082-38/+100
| | | | | Searches the returned HTML for an oEmbed endpoint using the autodiscovery mechanism (`<link rel=...>`), and will request it to generate the preview.
* Relax `ignore-missing-imports` for modules that have stubs now and update ↵David Robertson2021-10-082-29/+30
| | | | | | | | | | | | mypy (#11006) Updating mypy past version 0.9 means that third-party stubs are no-longer distributed with typeshed. See http://mypy-lang.blogspot.com/2021/06/mypy-0900-released.html for details. We therefore pull in stub packages in setup.py Additionally, some modules that we were previously ignoring import failures for now have stubs. So let's use them. The rest of this change consists of fixups to make the newer mypy + stubs pass CI. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Require direct references to configuration variables. (#10985)Patrick Cloke2021-10-062-2/+4
| | | | | | This removes the magic allowing accessing configurable variables directly from the config object. It is now required that a specific configuration class is used (e.g. `config.foo` must be replaced with `config.server.foo`).
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-047-36/+38
|
* Fix getTurnServer response: return an integer ttl (#10922)Lukas Lihotzki2021-09-301-1/+1
| | | | | | | | | `ttl` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/old_master/data/api/client-server/voip.yaml#L70 True division (`/`) returns a float instead (`"ttl": 7200.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-298-17/+17
|
* Implement MSC3069: Guest support on whoami (#9655)Travis Ralston2021-09-291-2/+6
|
* Fix empty `url_cache_thumbnails/yyyy-mm-dd/` directories being left behind ↵Sean Quah2021-09-291-31/+43
| | | | (#10924)
* Ensure `(room_id, next_batch_id)` is unique to avoid cross-talk/conflicts ↵Eric Eastwood2021-09-281-2/+4
| | | | | | | | between batches (MSC2716) (#10877) Part of [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) Part of https://github.com/matrix-org/synapse/issues/10737
* Avoid storing URL cache files in storage providers (#10911)Sean Quah2021-09-273-6/+16
| | | | | URL cache files are short-lived and it does not make sense to offload them (eg. to the cloud) or back them up.
* Fix race conditions when creating media store and config directories (#10913)Sean Quah2021-09-272-6/+3
|
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-2413-31/+35
|
* Add reactor to `SynapseRequest` and fix up types. (#10868)Erik Johnston2021-09-248-30/+27
|
* Allow `.` and `~` chars in registration tokens (#10887)Callum Brown2021-09-231-1/+1
| | | | Per updates to MSC3231 in order to use the same grammar as other identifiers.
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-236-17/+21
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-238-54/+57
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Remove unnecessary parentheses around tuples returned from methods (#10889)Andrew Morgan2021-09-233-6/+6
|
* Include more information in oEmbed previews. (#10819)Patrick Cloke2021-09-222-5/+46
| | | | | | | * Improved titles (fall back to the author name if there's not title) and include the site name. * Handle photo/video payloads. * Include the original URL in the Open Graph response. * Fix the expiration time (by properly converting from seconds to milliseconds).
* Rename MSC2716 things from `chunk` to `batch` to match `/batch_send` ↵Eric Eastwood2021-09-211-43/+43
| | | | | | | | endpoint (#10838) See https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684574497 Dropping support for older MSC2716 room versions so we don't have to worry about supporting both chunk and batch events.
* Refactor oEmbed previews (#10814)Patrick Cloke2021-09-212-199/+272
| | | | | | | | | | | | | The major change is moving the decision of whether to use oEmbed further up the call-stack. This reverts the _download_url method to being a "dumb" functionwhich takes a single URL and downloads it (as it was before #7920). This also makes more minor refactorings: * Renames internal variables for clarity. * Factors out shared code between the HTML and rich oEmbed previews. * Fixes tests to preview an oEmbed image.
* Allow Synapse Admin API's Room Search to accept non-ASCII characters (#10859)Hillery Shay2021-09-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add tests for checking if room search works with non-ascii char * change encoding on parse_string to UTF-8 * lints * properly encode search term * lints * add changelog file * update changelog number * set changelog entry filetype to .bugfix * Revert "set changelog entry filetype to .bugfix" This reverts commit be8e5a314251438ec4ec7dbc59ba32162c93e550. * update changelog message and file type * change parse_string default encoding back to ascii and update room search admin api calll to parse string * refactor tests * Update tests/rest/admin/test_room.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Rename `/batch_send` query parameter from `?prev_event` to more obvious ↵Eric Eastwood2021-09-211-7/+9
| | | | | | | usage with `?prev_event_id` (MSC2716) (#10839) As mentioned in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r705872887 and https://github.com/matrix-org/synapse/issues/10737
* Add missing type hints to non-client REST servlets. (#10817)Patrick Cloke2021-09-1524-94/+166
| | | | Including admin, consent, key, synapse, and media. All REST servlets (the synapse.rest module) now require typed method definitions.
* Verify `?chunk_id` actually corresponds to an insertion event that exists ↵Eric Eastwood2021-09-151-1/+12
| | | | (MSC2716) (#10776)
* Split out `/batch_send` meta events to their own fields (MSC2716) (#10777)Eric Eastwood2021-09-151-11/+18
|
* Convert media repo's FileInfo to attrs. (#10785)Patrick Cloke2021-09-144-108/+139
| | | | This is mostly an internal change, but improves type hints in the media code.
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-139-17/+22
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Add types to synapse.util. (#10601)reivilibre2021-09-103-6/+9
|
* Ask consent on SSO registration with default mxid (#10733)AndrewFerr2021-09-101-2/+2
| | | | | | Fixes #10732: consent flow skipped during SSO user registration if username is left at default Signed-off-by: Andrew Ferrazzutti fair@miscworks.net
* Remove unstable MSC2858 API, including `experimental.msc2858_enabled` config ↵Sean2021-09-091-46/+11
| | | | | option (#10693) Signed-off-by: Sean Quah <seanq@element.io>
* Request JSON for oEmbed requests (and ignore XML only providers). (#10759)Patrick Cloke2021-09-081-3/+23
| | | | | | | | This adds the format to the request arguments / URL to ensure that JSON data is returned (which is all that Synapse supports). This also adds additional error checking / filtering to the configuration file to ignore XML-only providers.
* Use attrs internally for the URL preview code & add documentation. (#10753)Patrick Cloke2021-09-071-42/+79
|
* Additional type hints for client REST servlets (part 5) (#10736)Patrick Cloke2021-09-035-68/+123
| | | | Additionally this enforce type hints on all function signatures inside of the synapse.rest.client package.
* Additional type hints for client REST servlets (part 4) (#10728)Patrick Cloke2021-09-018-100/+144
|
* Allow configuration of the oEmbed URLs. (#10714)Patrick Cloke2021-08-312-142/+140
| | | | | This adds configuration options (under an `oembed` section) to configure which URLs are matched to use oEmbed for URL previews.
* Additional type hints for the client REST servlets (part 3). (#10707)Patrick Cloke2021-08-316-150/+305
|
* Remove unused `compare_digest` function. (#10706)Patrick Cloke2021-08-271-13/+0
|
* Improve ServerNoticeServlet to avoid duplicate requests (#10679)Dirk Klimpel2021-08-272-8/+16
| | | Fixes: #9544
* Additional type hints for REST servlets (part 2). (#10674)Patrick Cloke2021-08-2615-138/+210
| | | Applies the changes from #10665 to additional modules.
* Fix error when selecting between thumbnails with the same quality (#10684)Sean2021-08-251-9/+17
| | | Fixes #10318
* Correctly initialise the `synapse_user_logins` metric. (#10677)Richard van der Hoff2021-08-241-6/+23
| | | | | Fix a bug where the prometheus metrics for SSO logins wouldn't be initialised until the first user logged in with a given auth provider.
* Additional type hints for the sync REST servlet. (#10666)Patrick Cloke2021-08-231-51/+81
|
* Addtional type hints for the REST servlets. (#10665)Patrick Cloke2021-08-2313-107/+203
|
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-214-0/+425
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Validate device_keys for C-S /keys/query requests (#10593)David Robertson2021-08-201-1/+15
| | | | | | | | * Validate device_keys for C-S /keys/query requests Closes #10354 A small, not particularly critical fix. I'm interested in seeing if we can find a more systematic approach though. #8445 is the place for any discussion.
* Support MSC3283: Expose `enable_set_displayname` in capabilities (#10452)Dirk Klimpel2021-08-191-0/+11
|
* Remove not needed database updates in modify user admin API (#10627)Dirk Klimpel2021-08-191-20/+35
|
* Merge branch 'release-v1.41' into developErik Johnston2021-08-186-165/+168
|\
| * Mount /_synapse/admin/v1/users/{userId}/media admin API on media workers ↵Andrew Morgan2021-08-183-164/+163
| | | | | | | | | | only (#10628) Co-authored-by: Patrick Cloke <patrickc@matrix.org>
| * Allow /createRoom to be run on workers (#10564)Andrew Morgan2021-08-171-1/+1
| | | | | | Fixes https://github.com/matrix-org/synapse/issues/7867
| * Centralise the custom template directory (#10596)Brendan Abolivier2021-08-172-0/+4
| | | | | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* | Display an error page during failure of fallback UIA. (#10561)Callum Brown2021-08-181-15/+24
| |
* | Remove deprecated Shutdown Room and Purge Room Admin API (#8830)Dirk Klimpel2021-08-173-97/+0
|/
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-1745-62/+31
|
* Always list fallback key types in /sync (#10623)Andrew Morgan2021-08-171-4/+5
|
* Allow to edit `external_ids` by Edit User admin API (#10598)Dirk Klimpel2021-08-171-48/+91
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add an admin API to check if a username is available (#10578)Will Hunt2021-08-172-0/+53
| | | This adds a new API GET /_synapse/admin/v1/username_available?username=foo to check if a username is available. It is the counterpart to https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-register-available, except that it works even if registration is disabled.
* Validate the max_rooms_per_space parameter to ensure it is non-negative. ↵Patrick Cloke2021-08-161-5/+20
| | | | (#10611)
* Experimental support for MSC3266 Room Summary API. (#10394)Michael Telatynski2021-08-162-76/+59
|
* Move /batch_send to /v2_alpha directory (MSC2716) (#10576)Eric Eastwood2021-08-133-409/+444
| | | | | | | * Move /batch_send to /v2_alpha directory As pointed out by @erikjohnston, https://github.com/matrix-org/synapse/pull/10552#discussion_r685836624
* Admin API to delete media for a specific user (#10558)Dirk Klimpel2021-08-113-9/+81
|
* Only return state events that the AS passed in via `state_events_at_start` ↵Eric Eastwood2021-08-101-1/+3
| | | | | | | | | | | | | | (MSC2716) (#10552) * Only return state events that the AS passed in via state_events_at_start As discovered by @Half-Shot in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684158448 Part of MSC2716 * Add changelog * Fix changelog extension
* Add local support for the new spaces summary endpoint (MSC2946) (#10549)Patrick Cloke2021-08-101-0/+41
| | | | | This adds support for the /hierarchy endpoint, which is an update to MSC2946. Currently this only supports rooms known locally to the homeserver.
* Fix exceptions in logs when failing to get remote room list (#10541)Erik Johnston2021-08-061-18/+12
|
* Mark all MSC2716 events as historical (#10537)Eric Eastwood2021-08-051-5/+10
| | | * Mark all MSC2716 events as historical
* Don't fail on empty bodies when sending out read receipts (#10531)Brendan Abolivier2021-08-041-1/+1
| | | | | Fixes a bug introduced in rc1 that would cause Synapse to 400 on read receipts requests with empty bodies. Broken in #10413
* Make historical events discoverable from backfill for servers without any ↵Eric Eastwood2021-07-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrollback history (MSC2716) (#10245) * Make historical messages available to federated servers Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 Follow-up to https://github.com/matrix-org/synapse/pull/9247 * Debug message not available on federation * Add base starting insertion point when no chunk ID is provided * Fix messages from multiple senders in historical chunk Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 --- Previously, Synapse would throw a 403, `Cannot force another user to join.`, because we were trying to use `?user_id` from a single virtual user which did not match with messages from other users in the chunk. * Remove debug lines * Messing with selecting insertion event extremeties * Move db schema change to new version * Add more better comments * Make a fake requester with just what we need See https://github.com/matrix-org/synapse/pull/10276#discussion_r660999080 * Store insertion events in table * Make base insertion event float off on its own See https://github.com/matrix-org/synapse/pull/10250#issuecomment-875711889 Conflicts: synapse/rest/client/v1/room.py * Validate that the app service can actually control the given user See https://github.com/matrix-org/synapse/pull/10276#issuecomment-876316455 Conflicts: synapse/rest/client/v1/room.py * Add some better comments on what we're trying to check for * Continue debugging * Share validation logic * Add inserted historical messages to /backfill response * Remove debug sql queries * Some marker event implemntation trials * Clean up PR * Rename insertion_event_id to just event_id * Add some better sql comments * More accurate description * Add changelog * Make it clear what MSC the change is part of * Add more detail on which insertion event came through * Address review and improve sql queries * Only use event_id as unique constraint * Fix test case where insertion event is already in the normal DAG * Remove debug changes * Switch to chunk events so we can auth via power_levels Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room. * Switch to chunk events for federation * Add unstable room version to support new historical PL * Fix federated events being rejected for no state_groups Add fix from https://github.com/matrix-org/synapse/pull/10439 until it merges. * Only connect base insertion event to prev_event_ids Per discussion with @erikjohnston, https://matrix.to/#/!UytJQHLQYfvYWsGrGY:jki.re/$12bTUiObDFdHLAYtT7E-BvYRp3k_xv8w0dUQHibasJk?via=jki.re&via=matrix.org * Make it possible to get the room_version with txn * Allow but ignore historical events in unsupported room version See https://github.com/matrix-org/synapse/pull/10245#discussion_r675592489 We can't reject historical events on unsupported room versions because homeservers without knowledge of MSC2716 or the new room version don't reject historical events either. Since we can't rely on the auth check here to stop historical events on unsupported room versions, I've added some additional checks in the processing/persisting code (`synapse/storage/databases/main/events.py` -> `_handle_insertion_event` and `_handle_chunk_event`). I've had to do some refactoring so there is method to fetch the room version by `txn`. * Move to unique index syntax See https://github.com/matrix-org/synapse/pull/10245#discussion_r675638509 * High-level document how the insertion->chunk lookup works * Remove create_event fallback for room_versions See https://github.com/matrix-org/synapse/pull/10245/files#r677641879 * Use updated method name
* Support for MSC2285 (hidden read receipts) (#10413)Šimon Brandner2021-07-283-4/+34
| | | Implementation of matrix-org/matrix-doc#2285
* Support underscores (in addition to hyphens) for charset detection. (#10410)sri-vidyut2021-07-271-2/+4
|
* Mitigate media repo XSSs on IE11. (#10468)Denis Kasak2021-07-271-0/+2
| | | | | | | | IE11 doesn't support Content-Security-Policy but it has support for a non-standard X-Content-Security-Policy header, which only supports the sandbox directive. This prevents script execution, so it at least offers some protection against media repo-based attacks. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* Support MSC2033: Device ID on whoami (#9918)Travis Ralston2021-07-271-1/+8
| | | | | | | | | | * Fix no-access-token bug in deactivation tests * Support MSC2033: Device ID on whoami * Test for appservices too MSC: https://github.com/matrix-org/matrix-doc/pull/2033 The MSC has passed FCP, which means stable endpoints can be used.
* Merge branch 'master' into developErik Johnston2021-07-231-4/+7
|\
| * Always send device_one_time_keys_count (#10457)David Baker2021-07-221-4/+7
| | | | | | | | | | | | | | As per comment Fixes https://github.com/matrix-org/synapse/issues/10456 See also https://github.com/vector-im/element-android/issues/3725
* | Add `creation_ts` to list users admin API (#10448)Dirk Klimpel2021-07-221-0/+2
| | | | | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* | Add type hints to additional servlet functions (#10437)Patrick Cloke2021-07-211-1/+1
| | | | | | | | | | | | | | | | | | Improves type hints for: * parse_{boolean,integer} * parse_{boolean,integer}_from_args * parse_json_{value,object}_from_request And fixes any incorrect calls that resulted from unknown types.
* | Add a return type to parse_string. (#10438)Patrick Cloke2021-07-217-34/+36
| | | | | | | | And set the required attribute in a few places which will error if a parameter is not provided.
* | Switch to `chunk` events so we can auth via power_levels (MSC2716) (#10432)Eric Eastwood2021-07-211-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room.
* | MSC3244 room capabilities implementation (#10283)Michael Telatynski2021-07-201-1/+7
| |
* | [pyupgrade] `synapse/` (#10348)Jonathan de Jong2021-07-192-18/+11
| | | | | | | | | | | | | | | | | | This PR is tantamount to running ``` pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"` ``` Part of #9744
* | Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-1613-39/+33
| |
* | Add a module type for account validity (#9884)Brendan Abolivier2021-07-162-14/+17
| | | | | | | | | | This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.
* | Fix messages from multiple senders in historical chunk (MSC2716) (#10276)Eric Eastwood2021-07-131-7/+42
| | | | | | | | | | | | | | Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716
* | Bugfix `make_room_admin` fails for users that have left a private room (#10367)Dirk Klimpel2021-07-131-1/+8
| | | | | | Fixes: #10338
* | Add base starting insertion event when no chunk ID is provided (MSC2716) ↵Eric Eastwood2021-07-081-23/+89
|/ | | | | | | | | (#10250) * Add base starting insertion point when no chunk ID is provided This is so we can have the marker event point to this initial insertion event and be able to traverse the events in the first chunk.
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-242-41/+218
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Re-introduce "Leave out optional keys from /sync" change (#10214)Andrew Morgan2021-06-231-23/+46
| | | Required some fixes due to merge conflicts with #6739, but nothing too hairy. The first commit is the same as the original (after merge conflict resolution) then two more for compatibility with the latest sync code.
* Add endpoints for backfilling history (MSC2716) (#9247)Eric Eastwood2021-06-221-1/+287
| | | Work on https://github.com/matrix-org/matrix-doc/pull/2716
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-162-0/+9
| | | | | | | Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
* Fix requestOpenIdToken response: integer expires_in (#10175)Lukas Lihotzki2021-06-161-1/+1
| | | | | | | | | | `expires_in` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/master/data/api/client-server/definitions/openid_token.yaml#L32 True division (`/`) returns a float instead (`"expires_in": 3600.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Remove the experimental flag for knocking and use stable prefixes / ↵Patrick Cloke2021-06-152-8/+3
| | | | | | | endpoints. (#10167) * Room version 7 for knocking. * Stable prefixes and endpoints (both client and federation) for knocking. * Removes the experimental configuration flag.
* Implement knock feature (#6739)Sorunome2021-06-094-21/+203
| | | | | | This PR aims to implement the knock feature as proposed in https://github.com/matrix-org/matrix-doc/pull/2403 Signed-off-by: Sorunome mail@sorunome.de Signed-off-by: Andrew Morgan andrewm@element.io
* Limit the number of in-flight /keys/query requests from a single device. ↵Patrick Cloke2021-06-091-1/+4
| | | | (#10144)
* Correct type hints for parse_string(s)_from_args. (#10137)Patrick Cloke2021-06-085-15/+19
|
* Add missing type hints to the admin API servlets (#10105)Dirk Klimpel2021-06-075-40/+47
|
* r0.6.1 support: /rooms/:roomId/aliases endpoint (#9224)Travis Ralston2021-06-031-1/+1
| | | | | | [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432) added this endpoint originally but it has since been included in the spec for nearly a year. This is progress towards https://github.com/matrix-org/synapse/issues/8334
* Add new admin APIs to remove media by media ID from quarantine. (#10044)Dirk Klimpel2021-06-021-0/+30
| | | | | Related to: #6681, #5956, #10040 Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Rewrite the KeyRing (#10035)Erik Johnston2021-06-021-1/+8
|
* Move some more endpoints off master (#10084)Erik Johnston2021-05-271-4/+4
|
* Make reason and score optional for report_event (#10077)Callum Brown2021-05-271-9/+4
| | | | | | Implements MSC2414: https://github.com/matrix-org/matrix-doc/pull/2414 See #8551 Signed-off-by: Callum Brown <callum@calcuode.com>
* Remove the experimental spaces enabled flag. (#10063)Patrick Cloke2021-05-261-3/+1
| | | | In lieu of just always enabling the unstable spaces endpoint and unstable room version.
* Add an admin API for unprotecting local media from quarantine (#10040)Dirk Klimpel2021-05-261-2/+26
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Remove tls_fingerprints option (#9280)Jerin J Titus2021-05-242-11/+0
| | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
* Fix /upload 500'ing when presented a very large image (#10029)Michael Telatynski2021-05-212-0/+11
| | | | | | | | | | | | * Fix /upload 500'ing when presented a very large image Catch DecompressionBombError and re-raise as ThumbnailErrors * Set PIL's MAX_IMAGE_PIXELS to match homeserver.yaml to get it to bomb out quicker, to load less into memory in the case of super large images * Add changelog entry for 10029
* Use a database table to hold the users that should have full presence sent ↵Andrew Morgan2021-05-181-3/+5
| | | | to them, instead of something in-memory (#9823)
* Support fetching the spaces summary via GET over federation. (#9947)Patrick Cloke2021-05-111-0/+1
| | | | | | | | | | | Per changes in MSC2946, the C-S and S-S APIs for spaces summary should use GET requests. Until this is stable, the POST endpoints still exist. This does not switch federation requests to use the GET version yet since it is newly added and already deployed servers might not support it. When switching to the stable endpoint we should switch to GET requests.
* Revert "Leave out optional keys from /sync (#9919)" (#9940)Erik Johnston2021-05-061-44/+18
| | | This reverts commit e9eb3549d32a6f93d07de8dbd5e1ebe54c8d8278.
* Leave out optional keys from /sync (#9919)DeepBlueV7.X2021-05-051-18/+44
| | | | | | This leaves out all optional keys from /sync. This should be fine for all clients tested against conduit already, but it may break some clients, as such we should check, that at least most of them don't break horribly and maybe back out some of the individual changes. (We can probably always leave out groups for example, while the others may cause more issues.) Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
* Delete room endpoint (#9889)ThibF2021-04-291-44/+90
| | | | | | Support the delete of a room through DELETE request and mark previous request as deprecated through documentation. Signed-off-by: Thibault Ferrante <thibault.ferrante@pm.me>
* Remove various bits of compatibility code for Python <3.6 (#9879)Andrew Morgan2021-04-273-11/+4
| | | I went through and removed a bunch of cruft that was lying around for compatibility with old Python versions. This PR also will now prevent Synapse from starting unless you're running Python 3.6+.
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-2/+0
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* Make DomainSpecificString an attrs class (#9875)Erik Johnston2021-04-231-0/+9
|
* Split presence out of master (#9820)Erik Johnston2021-04-231-1/+6
|
* Limit length of accepted email addresses (#9855)Erik Johnston2021-04-222-6/+10
|
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-201-1/+1
|
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-2/+2
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-7/+25
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* remove `HomeServer.get_config` (#9815)Richard van der Hoff2021-04-141-1/+1
| | | | Every single time I want to access the config object, I have to remember whether or not we use `get_config`. Let's just get rid of it.
* More robust handling of the Content-Type header for thumbnail generation (#9788)rkfg2021-04-141-0/+3
| | | | Signed-off-by: Sergey Shpikin <rkfg@rkfg.me>
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1485-85/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add an admin API to manage ratelimit for a specific user (#9648)Dirk Klimpel2021-04-132-0/+113
|
* Require AppserviceRegistrationType (#9548)Will Hunt2021-04-121-7/+16
| | | This change ensures that the appservice registration behaviour follows the spec. We decided to do this for Dendrite, so it made sense to also make a PR for synapse to correct the behaviour.
* Remove old admin API `GET /_synapse/admin/v1/users/<user_id>` (#9401)Dirk Klimpel2021-04-092-25/+0
| | | | | | | | | | | | | Related: #8334 Deprecated in: #9429 - Synapse 1.28.0 (2021-02-25) `GET /_synapse/admin/v1/users/<user_id>` has no - unit tests - documentation API in v2 is available (#5925 - 12/2019, v1.7.0). API is misleading. It expects `user_id` and returns a list of all users. Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add type hints to expiring cache. (#9730)Patrick Cloke2021-04-061-1/+1
|
* Add `order_by` to list user admin API (#9691)Dirk Klimpel2021-04-011-1/+20
|
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-303-11/+21
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-265-0/+14
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Add a type hints for service notices to the HomeServer object. (#9675)Patrick Cloke2021-03-241-3/+8
|
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-2311-11/+11
|
* Incorporate reviewBrendan Abolivier2021-03-191-1/+1
|
* Merge branch 'develop' into babolivier/msc3026Brendan Abolivier2021-03-192-4/+67
|\
| * fix mypyRichard van der Hoff2021-03-191-4/+7
| |
| * Fix type-hints from bad merge.Patrick Cloke2021-03-181-2/+2
| |
| * Initial spaces summary API (#9643)Richard van der Hoff2021-03-181-3/+63
| | | | | | This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
| * Consistently check whether a password may be set for a user. (#9636)Dirk Klimpel2021-03-181-1/+1
| |
* | Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-0/+2
|/