summary refs log tree commit diff
path: root/synapse/rest (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Unescape HTML entities in oEmbed titles. (#14781)Jeyachandran Rathnam2023-01-091-6/+9
| | | | | | | It doesn't seem valid that HTML entities should appear in the title field of oEmbed responses, but a popular WordPress plug-in seems to do it. There should not be harm in unescaping these.
* Disable sending confirmation email when 3pid is disabled #14682 (#14725)Jeyachandran Rathnam2023-01-091-0/+5
| | | | | | | | | | | * Fixes #12277 :Disable sending confirmation email when 3pid is disabled * Fix test_add_email_if_disabled test case to reflect changes to enable_3pid_changes flag * Add changelog file * Rename newsfragment. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Add experimental support for MSC3391: deleting account data (#14714)Andrew Morgan2023-01-011-0/+115
|
* Move `StateFilter` to `synapse.types` (#14668)David Robertson2022-12-122-2/+2
| | | | | * Move `StateFilter` to `synapse.types` * Changelog
* Respond with proper error responses on unknown paths. (#14621)Patrick Cloke2022-12-081-2/+2
| | | | Returns a proper 404 with an errcode of M_RECOGNIZED for unknown endpoints per MSC3743.
* Reject receipt requests with invalid room or event IDs. (#14632)Nick Mills-Barrett2022-12-071-1/+4
| | | | If the room or event IDs are empty or of an invalid form they should be rejected.
* Fix a long-standing bug where the user directory would return 1 more row ↵reivilibre2022-12-071-2/+2
| | | | than requested. (#14631)
* Improve logging and opentracing for to-device message handling (#14598)Richard van der Hoff2022-12-061-1/+0
| | | | | | | A batch of changes intended to make it easier to trace to-device messages through the system. The intention here is that a client can set a property org.matrix.msgid in any to-device message it sends. That ID is then included in any tracing or logging related to the message. (Suggestions as to where this field should be documented welcome. I'm not enthusiastic about speccing it - it's very much an optional extra to help with debugging.) I've also generally improved the data we send to opentracing for these messages.
* Suppress empty body warnings in room servelets (#14600)David Robertson2022-12-051-12/+2
| | | | | | | | | * Suppress empty body warnings in room servelets We've already decided to allow empty bodies for backwards compat. The change here stops us from emitting a misleading warning; see also https://github.com/matrix-org/synapse/issues/14478#issuecomment-1319157105 * Changelog
* Use ClientRestResource on both the main process and workers. (#14528)Patrick Cloke2022-12-026-47/+68
| | | | | | | Add logic to ClientRestResource to decide whether to mount servlets or not based on whether the current process is a worker. This is clearer to see what a worker runs than the completely separate / copy & pasted list of servlets being mounted for workers.
* Advertise support for Matrix v1.5. (#14576)Patrick Cloke2022-11-291-0/+1
| | | | All features of Matrix v1.5 were already supported: this was mostly a maintenance release.
* Move MSC3030 `/timestamp_to_event` endpoint to stable v1 location (#14471)Eric Eastwood2022-11-282-9/+3
| | | | | | | | Fix https://github.com/matrix-org/synapse/issues/14390 - Client API: `/_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` -> `/_matrix/client/v1/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` - Federation API: `/_matrix/federation/unstable/org.matrix.msc3030/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` -> `/_matrix/federation/v1/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` Complement test changes: https://github.com/matrix-org/complement/pull/559
* Add a type hint for `get_device_handler()` and fix incorrect types. (#14055)Patrick Cloke2022-11-224-20/+45
| | | | | This was the last untyped handler from the HomeServer object. Since it was being treated as Any (and thus unchecked) it was being used incorrectly in a few places.
* Remove need for `worker_main_http_uri` setting to use /keys/upload. (#14400)realtyem2022-11-161-18/+50
|
* Remove redundant types from comments. (#14412)Patrick Cloke2022-11-164-7/+8
| | | | | | | Remove type hints from comments which have been added as Python type hints. This helps avoid drift between comments and reality, as well as removing redundant information. Also adds some missing type hints which were simple to fill in.
* Add an Admin API endpoint for looking up users based on 3PID (#14405)Ashish Kumar2022-11-112-0/+27
|
* Fix /refresh endpoint version (#14364)Tulir Asokan2022-11-041-1/+1
|
* Implement MSC3912: Relation-based redactions (#14260)Brendan Abolivier2022-11-032-14/+45
| | | Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fix dehydrated device REST checks (#14336)David Robertson2022-10-311-3/+2
|
* Support OIDC backchannel logouts (#11414)Quentin Gliech2022-10-312-0/+39
| | | | | | | If configured an OIDC IdP can log a user's session out of Synapse when they log out of the identity provider. The IdP sends a request directly to Synapse (and must be configured with an endpoint) when a user logs out.
* Reject history insertion during partial joins (#14291)David Robertson2022-10-271-0/+7
|
* Save login tokens in database (#13844)Quentin Gliech2022-10-262-5/+3
| | | | | | | | | | | * Save login tokens in database Signed-off-by: Quentin Gliech <quenting@element.io> * Add upgrade notes * Track login token reuse in a Prometheus metric Signed-off-by: Quentin Gliech <quenting@element.io>
* Implementation for MSC3664: Pushrules for relations (#11804)DeepBlueV7.X2022-10-251-0/+5
|
* Return NOT_JSON if decode fails and defer set_timeline_upper_limit ca… ↵Ryan Miguel2022-10-241-4/+4
| | | | | | | (#14262) * Return NOT_JSON if decode fails and defer set_timeline_upper_limit call until after check_valid_filter. Fixes #13661. Signed-off-by: Ryan Miguel <miguel.ryanj@gmail.com>. * Reword changelog
* Use servlets for /key/ endpoints. (#14229)Patrick Cloke2022-10-203-50/+64
| | | | | To fix the response for unknown endpoints under that prefix. See MSC3743.
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-186-4/+85
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Support filtering the /messages API by relation type (MSC3874). (#14148)Patrick Cloke2022-10-171-0/+2
| | | Gated behind an experimental configuration flag.
* Use Pydantic when PUTting room aliases (#14179)David Robertson2022-10-171-23/+35
|
* Accept threaded receipts for events related to the root event. (#14174)Patrick Cloke2022-10-141-2/+42
| | | | | | | | | The root node of a thread (and events related to it) are considered "part of a thread" when validating receipts. This allows clients which show the root node in both the main timeline and the threaded timeline to easily send receipts in either. Note that threaded notifications are not created for these events, these events created notifications on the main timeline.
* Advertise support for Matrix 1.4. (#14184)Patrick Cloke2022-10-141-0/+1
| | | | All features / changes in Matrix 1.4 are now supported in Synapse.
* Do not allow a None-limit on PaginationConfig. (#14146)Patrick Cloke2022-10-143-3/+9
| | | | | | | The callers either set a default limit or manually handle a None-limit later on (by setting a default value). Update the callers to always instantiate PaginationConfig with a default limit and then assume the limit is non-None.
* Stabilize the threads API. (#14175)Patrick Cloke2022-10-141-7/+2
| | | | | | | Stabilize the threads API (MSC3856) by supporting (only) the v1 path for the endpoint. This also marks the API as safe for workers since it is a read-only API.
* Add an API for listing threads in a room. (#13394)Patrick Cloke2022-10-131-1/+49
| | | | | | | | | Implement the /threads endpoint from MSC3856. This is currently unstable and behind an experimental configuration flag. It includes a background update to backfill data, results from the /threads endpoint will be partial until that finishes.
* Remove support for the unstable dir flag on relations. (#14106)Patrick Cloke2022-10-071-35/+10
| | | | | | From MSC3715, this was unused by clients (and there was no way for clients to know it was supported). Matrix 1.4 defines the stable field.
* Be more lenient in the oEmbed response parsing. (#14089)Patrick Cloke2022-10-071-50/+57
| | | | | | Attempt to parse any valid information from an oEmbed response (instead of bailing at the first unexpected data). This should allow for more partial oEmbed data to be returned, resulting in better / more URL previews, even if those URL previews are only partial.
* Use stable identifiers for MSC3771 & MSC3773. (#14050)Patrick Cloke2022-10-073-29/+30
| | | | | These are both part of Matrix 1.4 which has now been released. For now, support both the unstable and stable identifiers.
* Use Pydantic to validate /devices endpoints (#14054)David Robertson2022-10-071-46/+52
|
* Recursively fetch the thread for receipts & notifications. (#13824)Patrick Cloke2022-10-041-2/+20
| | | | | | Consider an event to be part of a thread if you can follow a chain of relations up to a thread root. Part of MSC3773 & MSC3771.
* Advertise supporting version 1.3 of the Matrix spec. (#14032)Patrick Cloke2022-10-041-0/+1
| | | Now that all features / changes in 1.3 are supported in Synapse.
* Track notification counts per thread (implement MSC3773). (#13776)Patrick Cloke2022-10-042-1/+6
| | | | | | | | When retrieving counts of notifications segment the results based on the thread ID, but choose whether to return them as individual threads or as a single summed field by letting the client opt-in via a sync flag. The summarization code is also updated to be per thread, instead of per room.
* Do not return unspecced original_event field when using the stable ↵Patrick Cloke2022-10-031-0/+6
| | | | | | | | | | /relations endpoint. (#14025) Keep the old behavior (of including the original_event field) for any requests to the /unstable version of the endpoint, but do not include the field when the /v1 version is used. This should avoid new clients from depending on this field, but will not help with current dependencies.
* Add query parameter `ts` to allow appservices set the `origin_server_ts` for ↵lukasdenk2022-10-031-13/+21
| | | | | | | state events. (#11866) MSC3316 declares that both /rooms/{roomId}/send and /rooms/{roomId}/state should accept a ts parameter for appservices. This change expands support to /state and adds tests.
* Allow admins to require a manual approval process before new accounts can be ↵Brendan Abolivier2022-09-293-6/+96
| | | | used (using MSC3866) (#13556)
* Expose MSC3882 only be under an unstable endpoint. (#13868)Hugh Nimmo-Smith2022-09-291-1/+3
|
* Support the stable dir parameter for /relations. (#13920)Patrick Cloke2022-09-271-9/+15
| | | | | | | Since MSC3715 has passed FCP, the stable parameter can be used. This currently falls back to the unstable parameter if the stable parameter is not provided (and MSC3715 support is enabled in the configuration).
* Accept & store thread IDs for receipts (implement MSC3771). (#13782)Patrick Cloke2022-09-233-1/+17
| | | | Updates the `/receipts` endpoint and receipt EDU handler to parse a `thread_id` from the body and insert it in the database.
* Last batch of Pydantic for synapse/rest/client/account.py (#13832)David Robertson2022-09-211-6/+13
| | | | | | | * Validation for `/add_threepid/msisdn/submit_token` * Don't validate deprecated endpoint * Changelog
* Add version flag for MSC3881 (#13860)Brendan Abolivier2022-09-211-0/+2
|
* Track device IDs for pushers (#13831)Brendan Abolivier2022-09-211-0/+3
| | | Second half of the MSC3881 implementation
* Implementation of MSC3882 login token request (#13722)Hugh Nimmo-Smith2022-09-213-0/+98
|
* Support enabling/disabling pushers (from MSC3881) (#13799)Brendan Abolivier2022-09-212-5/+17
| | | Partial implementation of MSC3881
* Add an admin API endpoint to find a user based on its external ID in an auth ↵Quentin Gliech2022-09-162-0/+29
| | | | provider. (#13810)
* A third batch of Pydantic validation for rest/client/account.py (#13736)David Robertson2022-09-152-42/+51
|
* Add a `MXCUri` class to make working with mxc uri's easier. (#13162)Andrew Morgan2022-09-152-4/+8
|
* A second batch of Pydantic models for rest/client/account.py (#13687)David Robertson2022-09-072-32/+46
|
* Cancel the processing of key query requests when they time out. (#13680)reivilibre2022-09-071-2/+4
|
* Add Admin API to Fetch Messages Within a Particular Window (#13672)Connor Davis2022-09-072-0/+108
| | | This adds two new admin APIs that allow us to fetch messages from a room within a particular time.
* Return keys for unwhitelisted servers from `/_matrix/key/v2/query` (#13683)Richard van der Hoff2022-09-011-20/+21
|
* Remove support for unstable private read receipts (#13653)Šimon Brandner2022-09-014-6/+0
| | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Drop support for calling `/_matrix/client/v3/rooms/{roomId}/invite` without ↵Jacek Kuśnierz2022-08-312-9/+12
| | | | | | | an `id_access_token` (#13241) Fixes #13206 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
* Generalise the `@cancellable` annotation so it can be used on functions ↵reivilibre2022-08-311-1/+2
| | | | other than just servlet methods. (#13662)
* Fix bug where we wedge media plugins if clients disconnect early (#13660)Erik Johnston2022-08-301-19/+21
| | | | | | | | We incorrectly didn't use the returned `Responder` if the client had disconnected, which meant that the resource used by the Responder wasn't correctly released. In particular, this exhausted the thread pools so that *all* requests timed out.
* Do not wait for background updates to complete do expire URL cache. (#13657)Patrick Cloke2022-08-301-4/+0
| | | | | | | | | | | | | | Media downloaded as part of a URL preview is normally deleted after two days. However, while a background database migration is running, the process is stopped. A long-running database migration can therefore cause the media store to fill up with old preview files. This logic was added in #2697 to make sure that we didn't try to run the expiry without an index on `local_media_repository.created_ts`; the original logic that needs that index was added in #2478 (in `get_url_cache_media_before`, as amended by 93247a424a5068b088567fa98b6990e47608b7cb), and is still present. Given that the background update was added before Synapse v1.0.0, just drop this check and assume the index exists.
* Drop support for delegating email validation, round 2 (#13596)David Robertson2022-08-233-118/+57
|
* Fix Prometheus metrics being negative (mixed up start/end) (#13584)Eric Eastwood2022-08-231-1/+5
| | | | | | | Fix: - https://github.com/matrix-org/synapse/pull/13535#discussion_r949582508 - https://github.com/matrix-org/synapse/pull/13533#discussion_r949577244
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-227-35/+28
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Remove redundant opentracing spans for `/sendToDevice` and `/keys/upload` ↵Andrew Morgan2022-08-222-4/+2
| | | | (#13574)
* Implement MSC3852: Expose `last_seen_user_agent` to users for their own ↵Andrew Morgan2022-08-191-0/+27
| | | | devices; also expose to Admin API (#13549)
* Fix validation problem that occurs when a user tries to deactivate their ↵reivilibre2022-08-191-3/+3
| | | | account or change their password. (#13563)
* Add metrics to track `/messages` response time by room size (#13545)Eric Eastwood2022-08-181-2/+53
| | | | | Follow-up to https://github.com/matrix-org/synapse/pull/13533 Part of https://github.com/matrix-org/synapse/issues/13356
* Add forgotten status to Room Details API (#13503)Dirk Klimpel2022-08-171-0/+1
|
* Add specific metric to time long-running `/messages` requests (#13533)Eric Eastwood2022-08-171-0/+32
|
* Use Pydantic to systematically validate a first batch of endpoints in ↵David Robertson2022-08-153-85/+155
| | | | `synapse.rest.client.account`. (#13188)
* Support stable identifiers for MSC2285: private read receipts. (#13273)Šimon Brandner2022-08-054-7/+19
| | | | | This adds support for the stable identifiers of MSC2285 while continuing to support the unstable identifiers behind the configuration flag. These will be removed in a future version.
* Rename `RateLimitConfig` to `RatelimitSettings` (#13442)Dirk Klimpel2022-08-031-2/+2
|
* Merge tag 'v1.64.0rc2' into developRichard van der Hoff2022-07-293-56/+117
|\ | | | | | | | | | | | | Synapse 1.64.0rc2 (2022-07-29) ============================== This RC reintroduces support for `account_threepid_delegates.email`, which was removed in 1.64.0rc1. It remains deprecated and will be removed altogether in a future release. ([\#13406](https://github.com/matrix-org/synapse/issues/13406))
| * Revert "Drop support for delegating email validation (#13192)" (#13406)3nprob2022-07-293-56/+117
| | | | | | | | | | Reverts commit fa71bb18b527d1a3e2629b48640ea67fff2f8c59, and tweaks documentation. Signed-off-by: 3nprob <git@3n.anonaddy.com>
* | Use stable prefixes for MSC3827: filtering of `/publicRooms` by room type ↵Šimon Brandner2022-07-271-2/+2
|/ | | | | | (#13370) Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Add missing types to opentracing. (#13345)Patrick Cloke2022-07-211-1/+3
| | | After this change `synapse.logging` is fully typed.
* Add type annotations to `trace` decorator. (#13328)Patrick Cloke2022-07-194-15/+18
| | | | Functions that are decorated with `trace` are now properly typed and the type hints for them are fixed.
* Provide more info why we don't have any thumbnails to serve (#13038)Eric Eastwood2022-07-151-2/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix https://github.com/matrix-org/synapse/issues/13016 ## New error code and status ### Before Previously, we returned a `404` for `/thumbnail` which isn't even in the spec. ```json { "errcode": "M_NOT_FOUND", "error": "Not found [b'hs1', b'tefQeZhmVxoiBfuFQUKRzJxc']" } ``` ### After What does the spec say? > 400: The request does not make sense to the server, or the server cannot thumbnail the content. For example, the client requested non-integer dimensions or asked for negatively-sized images. > > *-- https://spec.matrix.org/v1.1/client-server-api/#get_matrixmediav3thumbnailservernamemediaid* Now with this PR, we respond with a `400` when we don't have thumbnails to serve and we explain why we might not have any thumbnails. ```json { "errcode": "M_UNKNOWN", "error": "Cannot find any thumbnails for the requested media ([b'example.com', b'12345']). This might mean the media is not a supported_media_format=(image/jpeg, image/jpg, image/webp, image/gif, image/png) or that thumbnailing failed for some other reason. (Dynamic thumbnails are disabled on this server.)", } ``` > Cannot find any thumbnails for the requested media ([b'example.com', b'12345']). This might mean the media is not a supported_media_format=(image/jpeg, image/jpg, image/webp, image/gif, image/png) or that thumbnailing failed for some other reason. (Dynamic thumbnails are disabled on this server.) --- We still respond with a 404 in many other places. But we can iterate on those later and maybe keep some in some specific places after spec updates/clarification: https://github.com/matrix-org/matrix-spec/issues/1122 We can also iterate on the bugs where Synapse doesn't thumbnail when it should in other issues/PRs.
* Reduce duplicate code in receipts servlets. (#13198)Patrick Cloke2022-07-132-44/+32
|
* Fix "add user" admin api error when request contains a "msisdn" threepid ↵Thomas Weston2022-07-131-0/+1
| | | | | | (#13263) Co-authored-by: Thomas Weston <thomas.weston@clearspancloud.com> Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* Inline URL preview documentation. (#13261)Patrick Cloke2022-07-121-4/+58
| | | Inline URL preview documentation near the implementation.
* Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an ↵Jacek Kuśnierz2022-07-121-2/+4
| | | | | | | `id_access_token` (#13239) Fixes #13201 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
* Drop support for delegating email validation (#13192)Richard van der Hoff2022-07-123-118/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop support for delegating email validation Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been deprecated. It will now cause a config error at startup. * Update unit test which checks for email verification Give it an `email` config instead of a threepid delegate * Remove unused method `requestEmailToken` * Simplify config handling for email verification Rather than an enum and a boolean, all we need here is a single bool, which says whether we are or are not doing email verification. * update docs * changelog * upgrade.md: fix typo * update version number this will be in 1.64, not 1.63 * update version number this one too
* Make the AS login method call `Auth.get_user_by_req` for checking the AS ↵Quentin Gliech2022-07-121-2/+8
| | | | | | | | token. (#13094) This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>
* Uniformize spam-checker API, part 5: expand other spam-checker callbacks to ↵David Teller2022-07-111-1/+3
| | | | | | return `Tuple[Codes, dict]` (#13044) Signed-off-by: David Teller <davidt@element.io> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Extra validation for rest/client/account_data (#13148)David Robertson2022-07-011-2/+17
| | | | | | | * Extra validation for rest/client/account_data This is a fairly simple endpoint and we did pretty well here. * Changelog
* Implement MSC3827: Filtering of `/publicRooms` by room type (#13031)Šimon Brandner2022-06-291-0/+2
| | | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* fix linting error from the 1.61.1 main -> develop mergeAndrew Morgan2022-06-281-1/+2
|
* Merge branch 'master' into developAndrew Morgan2022-06-281-24/+39
|\
| * Merge pull request from GHSA-22p3-qrh9-cx32reivilibre2022-06-281-24/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Make _iterate_over_text easier to read by using simple data structures * Prefer a set of tags to ignore In my tests, it's 4x faster to check for containment in a set of this size * Add a stack size limit to _iterate_over_text * Continue accepting the case where there is no body element * Use an early return instead for None Co-authored-by: Richard van der Hoff <richard@matrix.org>
* | Remove unspecced DELETE endpoint that modifies room visibility (#13123)santhoshivan232022-06-281-11/+0
| |
* | Add Cross-Origin-Resource-Policy header to thumbnail and download media ↵Robert Long2022-06-272-2/+12
| | | | | | | | endpoints (#12944)
* | validate room alias before interacting with the room directory (#13106)santhoshivan232022-06-221-0/+6
| |
* | Simplify the alias deletion logic as an application service. (#13093)Quentin Gliech2022-06-171-22/+13
| |
* | Allow MSC3030 'timestamp_to_event' calls from anyone on world-readable ↵Quentin Gliech2022-06-171-1/+3
| | | | | | | | | | rooms. (#13062) Signed-off-by: Quentin Gliech <quenting@element.io>
* | Improve URL previews for sites with only Twitter card information. (#13056)Patrick Cloke2022-06-161-17/+95
| | | | | | | | | | | | Pull out `twitter:` meta tags when generating a preview and use it to augment any `og:` meta tags. Prefers Open Graph information over Twitter card information.
* | Add custom well-known (#13035)Jacek Kuśnierz2022-06-161-1/+8
| | | | | | Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* | Replace pyjwt with authlib in `org.matrix.login.jwt` (#13011)Hannes Lerchl2022-06-151-8/+38
| |
* | Fix `destination_is` errors seen in sentry. (#13041)David Robertson2022-06-141-4/+16
| | | | | | | | | | | | * Rename test_fedclient to match its source file * Require at least one destination to be truthy * Explicitly validate user ID in profile endpoint GETs Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* | Move the "email unsubscribe" resource, refactor the macaroon generator & ↵Quentin Gliech2022-06-143-38/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the access token verification logic. (#12986) This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods.
* | Uniformize spam-checker API, part 4: port other spam-checker callbacks to ↵David Teller2022-06-131-3/+4
| | | | | | | | | | return `Union[Allow, Codes]`. (#12857) Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* | Move the (unstable) `dir` parameter for /relations behind an experimental ↵Patrick Cloke2022-06-081-3/+10
| | | | | | | | | | | | flag. (#12984) MSC3715 defines this parameter, but the unstable version of it should be behind an experimental flag.
* | Fix Synapse git info missing in version strings (#12973)David Robertson2022-06-071-3/+2
| |
* | Consolidate the logic of delete_device/delete_devices. (#12970)Patrick Cloke2022-06-073-4/+6
|/ | | | | | | | By always using delete_devices and sometimes passing a list with a single device ID. Previously these methods had gotten out of sync with each other and it seems there's little benefit to the single-device variant.
* Prevent local quarantined media from being claimed by media retention (#12972)Andrew Morgan2022-06-072-11/+19
|
* Do not break URL previews if an image is unreachable. (#12950)Patrick Cloke2022-06-061-6/+17
| | | | Avoid breaking a URL preview completely if the chosen image 404s or is unreachable for some other reason (e.g. DNS).
* Allow updating passwords using the admin api without logging out devices ↵Jan Christian Grünhage2022-06-061-1/+7
| | | | (#12952)
* Reduce the amount of state we pull from the DB (#12811)Erik Johnston2022-06-062-11/+30
|
* Improve URL previews for some pages (#12951)Patrick Cloke2022-06-031-17/+35
| | | | | * Skip `og` and `meta` tags where the value is empty. * Fallback to the favicon if there are no other images. * Ignore tags meant for navigation.
* Wait for lazy join to complete when getting current state (#12872)Erik Johnston2022-06-011-1/+2
|
* Fix potential thumbnail memory leaks. (#12932)Erik Johnston2022-06-012-135/+201
|
* Add config options for media retention (#12732)Andrew Morgan2022-05-311-1/+70
|
* Mutual rooms: Remove dependency on user directory (#12836)Jonathan de Jong2022-05-301-13/+2
|
* Additional constants for EDU types. (#12884)Patrick Cloke2022-05-271-2/+2
| | | Instead of hard-coding strings in many places.
* Merge tag 'v1.60.0rc2' into developSean Quah2022-05-271-1/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.60.0rc2 (2022-05-27) ============================== This release of Synapse adds a unique index to the `state_group_edges` table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. Additionally, the signature of the `check_event_for_spam` module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible. See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1600) for more details. Features -------- - Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. ([\#12883](https://github.com/matrix-org/synapse/issues/12883)) Bugfixes -------- - Explicitly close `ijson` coroutines once we are done with them, instead of leaving the garbage collector to close them. ([\#12875](https://github.com/matrix-org/synapse/issues/12875)) Internal Changes ---------------- - Improve URL previews by not including the content of media tags in the generated description. ([\#12887](https://github.com/matrix-org/synapse/issues/12887))
| * Improve URL previews by not including the content of media tags in the ↵reivilibre2022-05-261-1/+9
| | | | | | | | generated description. (#12887)
* | Remove unstable APIs for /hierarchy. (#12851)Patrick Cloke2022-05-261-6/+1
| | | | | | | | Removes the unstable endpoint as well as a duplicated field which was modified during stabilization.
* | Remove user-visible groups/communities code (#12553)Patrick Cloke2022-05-255-1026/+0
| | | | | | | | | | | | | | | | | | Makes it so that groups/communities no longer exist from a user-POV. E.g. we remove: * All API endpoints (including Client-Server, Server-Server, and admin). * Documented configuration options (and the experimental flag, which is now unused). * Special handling during room upgrades. * The `groups` section of the `/sync` response.
* | Correct annotation of `_iterate_over_text` (#12860)David Robertson2022-05-241-1/+1
|/
* Discard null-containing strings before updating the user directory (#12762)David Robertson2022-05-181-2/+2
|
* Add some type hints to datastore (#12717)Dirk Klimpel2022-05-171-2/+2
|
* URL preview cache expiry logs: INFO -> DEBUG, text clarifications (#12720)Andrew Morgan2022-05-121-9/+21
|
* Enable cancellation of `GET /members` and `GET /state` requests (#12708)Sean Quah2022-05-111-1/+5
| | | | | | | | Enable cancellation of `GET /rooms/$room_id/members`, `GET /rooms/$room_id/state` and `GET /rooms/$room_id/state/$state_key/*` requests. Signed-off-by: Sean Quah <seanq@element.io>
* No longer permit empty body when sending receipts (#12709)David Robertson2022-05-111-12/+1
|
* Fix mypy against latest pillow stubs (#12671)David Robertson2022-05-091-3/+3
|
* Use `ParamSpec` in a few places (#12667)David Robertson2022-05-092-10/+13
|
* Don't error on unknown receipt types (#12670)Erik Johnston2022-05-091-12/+15
| | | Fixes #12669
* Use `private` instead of `hidden` in MSC2285 related code. (#12635)Šimon Brandner2022-05-051-1/+1
|
* Fix typo in some instances of enable_registration_token_3pid_bypass. (#12639)Will Hunt2022-05-051-1/+1
|
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-043-10/+18
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Implement changes to MSC2285 (hidden read receipts) (#12168)Šimon Brandner2022-05-043-31/+54
| | | | | * Changes hidden read receipts to be a separate receipt type (instead of a field on `m.read`). * Updates the `/receipts` endpoint to accept `m.fully_read`.
* Remove unstable/unspecced login types. (#12597)Patrick Cloke2022-05-041-11/+4
| | | | | | * `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release.
* Remove unstable identifiers for MSC3069. (#12596)Patrick Cloke2022-05-031-2/+0
|
* Add a module API to allow modules to edit push rule actions (#12406)Brendan Abolivier2022-04-271-95/+17
| | | Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Add option to enable token registration without requiring 3pids (#12526)Will Hunt2022-04-271-1/+6
|
* Implement MSC2815: allow room moderators to view redacted event content (#12427)Tulir Asokan2022-04-202-1/+47
| | | | | | Implements matrix-org/matrix-spec-proposals#2815 Signed-off-by: Tulir Asokan <tulir@maunium.net>
* Fix `/room/.../event/...` to return the *original* event after any edits ↵Richard van der Hoff2022-04-191-1/+3
| | | | | | (#12476) This is what the MSC (now) requires. Fixes https://github.com/matrix-org/synapse/issues/10310.
* Limit `device_id` size to 512B (#12454)Shay2022-04-131-0/+9
| | | *
* Prevent a sync request from removing a user's busy presence status (#12213)David Baker2022-04-131-6/+3
| | | | | | | | | | In trying to use the MSC3026 busy presence status, the user's status would be set back to 'online' next time they synced. This change makes it so that syncing does not affect a user's presence status if it is currently set to 'busy': it must be removed through the presence API. The MSC defers to implementations on the behaviour of busy presence, so this ought to remain compatible with the MSC.
* Rename Mutual Rooms `unstable_features` flag to match MSC (#12445)Jonathan de Jong2022-04-131-1/+1
| | | Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>
* Remove references to unstable identifiers from MSC3440. (#12382)Patrick Cloke2022-04-121-1/+0
| | | | | Removes references to unstable thread relation, unstable identifiers for filtering parameters, and the experimental config flag.
* Do not add groups to sync results if disabled. (#12408)Patrick Cloke2022-04-071-8/+7
|
* Support the v1 endpoint for `/relations`. (#12403)Patrick Cloke2022-04-071-1/+1
| | | | Now that MSC2675 has passed FCP and the implementation is compliant with the final version.
* Refactor and convert `Linearizer` to async (#12357)Sean Quah2022-04-051-3/+3
| | | | | | | | | | | Refactor and convert `Linearizer` to async. This makes a `Linearizer` cancellation bug easier to fix. Also refactor to use an async context manager, which eliminates an unlikely footgun where code that doesn't immediately use the context manager could forget to release the lock. Signed-off-by: Sean Quah <seanq@element.io>
* Move MSC2654 support behind an experimental configuration flag. (#12295)Patrick Cloke2022-03-311-1/+3
| | | To match the current thinking on disabling experimental features by default.
* Ensure the type of URL attributes is always str when matching against ↵Brendan Abolivier2022-03-311-2/+7
| | | | preview blacklist (#12333)
* Remove the unused and unstable `/aggregations` endpoint. (#12293)Patrick Cloke2022-03-301-170/+0
| | | | | | | | | This endpoint was removed from MSC2675 before it was approved. It is currently unspecified (even in any MSCs) and therefore subject to removal. It is not implemented by any known clients. This also changes the bundled aggregation format for `m.annotation`, which previously included pagination tokens for the `/aggregations` endpoint, which are no longer useful.
* Fix typechecker problems exposed by signedjson 1.1.2 (#12326)David Robertson2022-03-292-10/+10
|
* Room batch: fix up handling of unknown prev_event_ids (#12316)Richard van der Hoff2022-03-291-8/+13
|
* Bump `black` and `click` versions (#12320)David Robertson2022-03-292-3/+3
|
* Refactor `create_new_client_event` to use a new parameter, ↵Eric Eastwood2022-03-251-9/+14
| | | | | | | `state_event_ids`, which accurately describes the usage with MSC2716 instead of abusing `auth_event_ids` (#12083) Spawned from https://github.com/matrix-org/synapse/pull/10975#discussion_r813183430 Part of [MSC2716](https://github.com/matrix-org/matrix-spec-proposals/pull/2716)
* Remove mutual_rooms `update_user_directory` check, and add extra ↵Jonathan de Jong2022-03-231-4/+6
| | | | | documentation (#12038) Resolves #10339
* Rename shared_rooms to mutual_rooms (#12036)Jonathan de Jong2022-03-232-7/+8
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Move get_bundled_aggregations to relations handler. (#12237)Patrick Cloke2022-03-181-1/+2
| | | | | The get_bundled_aggregations code is fairly high-level and uses a lot of store methods, we move it into the handler as that seems like a better fit.
* Correct `check_username_for_spam` annotations and docs (#12246)David Robertson2022-03-181-2/+2
| | | | | | | * Formally type the UserProfile in user searches * export UserProfile in synapse.module_api * Update docs Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Add a relations handler to avoid duplication. (#12227)Patrick Cloke2022-03-161-67/+8
| | | Adds a handler layer between the REST and datastore layers for relations.
* Clean-up logic for rebasing URLs during URL preview. (#12219)Patrick Cloke2022-03-162-48/+14
| | | | By using urljoin from the standard library and reducing the number of places URLs are rebased.
* Deprecate the groups/communities endpoints and add an experimental ↵Patrick Cloke2022-03-122-2/+4
| | | | configuration flag. (#12200)
* Update the SSO username picker template to comply with SIWA guidelines (#12210)Brendan Abolivier2022-03-111-0/+8
| | | Fixes https://github.com/matrix-org/synapse/issues/12205
* Remove unnecessary pass statements. (#12206)Patrick Cloke2022-03-111-1/+0
|
* Support stable identifiers for MSC3440: Threading (#12151)Patrick Cloke2022-03-101-0/+1
| | | | The unstable identifiers are still supported if the experimental configuration flag is enabled. The unstable identifiers will be removed in a future release.
* Allow retrieving the relations of a redacted event. (#12130)Patrick Cloke2022-03-101-44/+38
| | | | | | | | | This is allowed per MSC2675, although the original implementation did not allow for it and would return an empty chunk / not bundle aggregations. The main thing to improve is that the various caches get cleared properly when an event is redacted, and that edits must not leak if the original event is redacted (as that would presumably leak something similar to the original event content).
* Add third_party module callbacks to check if a user can delete a room and ↵Will Hunt2022-03-091-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | deactivate a user (#12028) * Add check_can_deactivate_user * Add check_can_shutdown_rooms * Documentation * callbacks, not functions * Various suggested tweaks * Add tests for test_check_can_shutdown_room and test_check_can_deactivate_user * Update check_can_deactivate_user to not take a Requester * Fix check_can_shutdown_room docs * Renegade and use `by_admin` instead of `admin_user_id` * fix lint * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Use `ParamSpec` in type hints for `synapse.logging.context` (#12150)Sean Quah2022-03-081-2/+7
| | | | Signed-off-by: Sean Quah <seanq@element.io>
* Remove backwards compatibility with RelationPaginationToken. (#12138)Patrick Cloke2022-03-041-41/+14
|
* Use the proper serialization format when bundling aggregations. (#12090)Patrick Cloke2022-03-032-96/+45
| | | | This ensures that the `latest_event` field of the bundled aggregation for threads uses the same format as the other events in the response.
* Remove the unstable `/spaces` endpoint. (#12073)Patrick Cloke2022-02-281-68/+0
| | | | | | | | ...and various code supporting it. The /spaces endpoint was from an old version of MSC2946 and included both a Client-Server and Server-Server API. Note that the unstable /hierarchy endpoint (from the final version of MSC2946) is not yet removed.
* Move experimental support for MSC3440 to /versions. (#12099)Patrick Cloke2022-02-282-3/+2
| | | | Instead of being part of /capabilities, this matches a change to MSC3440 to properly use these endpoints.
* Remove more references to `get_datastore` (#12067)Richard van der Hoff2022-02-231-3/+0
| | | | | These have snuck in since #12031 was started. Also a couple of other cleanups while we're in the area.
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-2337-98/+100
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Implement account status endpoints (MSC3720) (#12001)Brendan Abolivier2022-02-222-0/+38
| | | | | See matrix-org/matrix-doc#3720 Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fetch images when previewing Twitter URLs. (#11985)AndrewRyanChama2022-02-221-1/+9
| | | | By including "bot" in the User-Agent, which some sites use to decide whether to include additional Open Graph information.
* Use v3 endpoints for fallback auth (Matrix 1.1) (#12019)Travis Ralston2022-02-221-4/+4
|
* Advertise Matrix 1.2 in `/_matrix/client/versions` (#12022)Travis Ralston2022-02-211-0/+1
| | | Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Advertise Matrix 1.1 in `/_matrix/client/versions` (#12020)Travis Ralston2022-02-181-0/+1
|
* Use stable MSC3069 `is_guest` flag on `/whoami`. (#12021)Travis Ralston2022-02-181-0/+2
| | | Keeping backwards compatibility with the unstable flag for now.
* Remove unstable MSC3283 flags (#12018)Erik Johnston2022-02-171-14/+0
| | | Fixes #11962
* Allow modules to set a display name on registration (#12009)Brendan Abolivier2022-02-171-0/+7
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Use version string helper from matrix-common (#11979)David Robertson2022-02-141-3/+3
| | | | * Require latest matrix-common * Use the common function
* Support the MSC3715 for `/relations`. (#11941)Patrick Cloke2022-02-111-0/+4
| | | | This adds an unstable org.matrix.msc3715.dir parameter which acts like dir on /mesages.
* Support the stable API endpoint for MSC3283: new settings in `/capabilities` ↵Dirk Klimpel2022-02-111-1/+14
| | | | endpoint (#11933)
* Support pagination tokens from /sync and /messages in the relations API. ↵Patrick Cloke2022-02-101-18/+39
| | | | (#11952)
* Implement a content type allow list for URL previews (#11936)Denis Kasak2022-02-101-0/+8
| | | | | | | This implements an allow list for content types for which Synapse will attempt URL preview. If a URL resolves to a resource with a content type which isn't in the list, the download will terminate immediately. This makes sense given that Synapse would never successfully generate a URL preview for such files in the first place, and helps prevent issues with streaming media servers, such as #8302. Signed-off-by: Denis Kasak dkasak@termina.org.uk
* Add a callback to allow modules to deny 3PID (#11854)Brendan Abolivier2022-02-082-5/+7
| | | | | Part of the Tchap Synapse mainlining. This allows modules to implement extra logic to figure out whether a given 3PID can be added to the local homeserver. In the Tchap use case, this will allow a Synapse module to interface with the custom endpoint /internal_info.
* Fix historical messages backfilling in random order on remote homeservers ↵Eric Eastwood2022-02-071-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (MSC2716) (#11114) Fix https://github.com/matrix-org/synapse/issues/11091 Fix https://github.com/matrix-org/synapse/issues/10764 (side-stepping the issue because we no longer have to deal with `fake_prev_event_id`) 1. Made the `/backfill` response return messages in `(depth, stream_ordering)` order (previously only sorted by `depth`) - Technically, it shouldn't really matter how `/backfill` returns things but I'm just trying to make the `stream_ordering` a little more consistent from the origin to the remote homeservers in order to get the order of messages from `/messages` consistent ([sorted by `(topological_ordering, stream_ordering)`](https://github.com/matrix-org/synapse/blob/develop/docs/development/room-dag-concepts.md#depth-and-stream-ordering)). - Even now that we return backfilled messages in order, it still doesn't guarantee the same `stream_ordering` (and more importantly the [`/messages` order](https://github.com/matrix-org/synapse/blob/develop/docs/development/room-dag-concepts.md#depth-and-stream-ordering)) on the other server. For example, if a room has a bunch of history imported and someone visits a permalink to a historical message back in time, their homeserver will skip over the historical messages in between and insert the permalink as the next message in the `stream_order` and totally throw off the sort. - This will be even more the case when we add the [MSC3030 jump to date API endpoint](https://github.com/matrix-org/matrix-doc/pull/3030) so the static archives can navigate and jump to a certain date. - We're solving this in the future by switching to [online topological ordering](https://github.com/matrix-org/gomatrixserverlib/issues/187) and [chunking](https://github.com/matrix-org/synapse/issues/3785) which by its nature will apply retroactively to fix any inconsistencies introduced by people permalinking 2. As we're navigating `prev_events` to return in `/backfill`, we order by `depth` first (newest -> oldest) and now also tie-break based on the `stream_ordering` (newest -> oldest). This is technically important because MSC2716 inserts a bunch of historical messages at the same `depth` so it's best to be prescriptive about which ones we should process first. In reality, I think the code already looped over the historical messages as expected because the database is already in order. 3. Making the historical state chain and historical event chain float on their own by having no `prev_events` instead of a fake `prev_event` which caused backfill to get clogged with an unresolvable event. Fixes https://github.com/matrix-org/synapse/issues/11091 and https://github.com/matrix-org/synapse/issues/10764 4. We no longer find connected insertion events by finding a potential `prev_event` connection to the current event we're iterating over. We now solely rely on marker events which when processed, add the insertion event as an extremity and the federating homeserver can ask about it when time calls. - Related discussion, https://github.com/matrix-org/synapse/pull/11114#discussion_r741514793 Before | After --- | --- ![](https://user-images.githubusercontent.com/558581/139218681-b465c862-5c49-4702-a59e-466733b0cf45.png) | ![](https://user-images.githubusercontent.com/558581/146453159-a1609e0a-8324-439d-ae44-e4bce43ac6d1.png) #### Why aren't we sorting topologically when receiving backfill events? > The main reason we're going to opt to not sort topologically when receiving backfill events is because it's probably best to do whatever is easiest to make it just work. People will probably have opinions once they look at [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) which could change whatever implementation anyway. > > As mentioned, ideally we would do this but code necessary to make the fake edges but it gets confusing and gives an impression of “just whyyyy” (feels icky). This problem also dissolves with online topological ordering. > > -- https://github.com/matrix-org/synapse/pull/11114#discussion_r741517138 See https://github.com/matrix-org/synapse/pull/11114#discussion_r739610091 for the technical difficulties
* Pass the proper type when uploading files. (#11927)Patrick Cloke2022-02-071-4/+9
| | | | The Content-Length header should be treated as an int, not a string. This shouldn't have any user-facing change.
* Stabilise MSC3231 (Token Based Registration) (#11867)Jonathan de Jong2022-02-041-4/+3
|
* Revert experimental push rules from #7997. (#11884)Patrick Cloke2022-02-021-11/+2
| | | Manually reverts the merge from cdbb8e6d6e36e0b6bc36e676d8fe66c96986b399.
* Add a module callback to set username at registration (#11790)Brendan Abolivier2022-01-261-1/+11
| | | | | | This is in the context of mainlining the Tchap fork of Synapse. Currently in Tchap usernames are derived from the user's email address (extracted from the UIA results, more specifically the m.login.email.identity step). This change also exports the check_username method from the registration handler as part of the module API, so that a module can check if the username it's trying to generate is correct and doesn't conflict with an existing one, and fallback gracefully if not. Co-authored-by: David Robertson <davidr@element.io>
* Improvements to bundling aggregations. (#11815)Patrick Cloke2022-01-263-31/+50
| | | | | | | | | | | This is some odds and ends found during the review of #11791 and while continuing to work in this code: * Return attrs classes instead of dictionaries from some methods to improve type safety. * Call `get_bundled_aggregations` fewer times. * Adds a missing assertion in the tests. * Do not return empty bundled aggregations for an event (preferring to not include the bundle at all, as the docstring states).
* Add a config flag to inhibit `M_USER_IN_USE` during registration (#11743)Brendan Abolivier2022-01-261-0/+11
| | | | | | | This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work). This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (https://github.com/matrix-org/synapse/pull/11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique. More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
* Add admin API to get a list of federated rooms (#11658)Dirk Klimpel2022-01-252-0/+58
|
* Add admin API to reset connection timeouts for remote server (#11639)Dirk Klimpel2022-01-252-3/+47
| | | * Fix get federation status of destination if no error occured
* Support rendering previews with data: URLs in them (#11767)Patrick Cloke2022-01-242-64/+191
| | | | | Images which are data URLs will no longer break URL previews and will properly be "downloaded" and thumbnailed.
* Do not try to serialize raw aggregations dict. (#11791)Patrick Cloke2022-01-212-16/+8
|
* Make the `get_global_account_data_by_type_for_user` cache be a tree-cache ↵reivilibre2022-01-211-1/+1
| | | | whose key is prefixed with the user ID (#11788)
* Fix preview of imgur and Tenor URLs. (#11669)Philippe Daouadi2022-01-182-13/+32
| | | | | | By scraping Open Graph information from the HTML even when an autodiscovery endpoint is found. The results are then combined to capture as much information as possible from the page.
* Include whether the requesting user has participated in a thread. (#11577)Patrick Cloke2022-01-182-2/+6
| | | | | | Per updates to MSC3440. This is implement as a separate method since it needs to be cached on a per-user basis, instead of a per-thread basis.
* Remove the 'password_hash' from the Users Admin API endpoint response ↵Andrew Morgan2022-01-141-7/+6
| | | | dictionary (#11576)
* Replace uses of simple_insert_many with simple_insert_many_values. (#11742)Patrick Cloke2022-01-131-26/+18
| | | | This should be (slightly) more efficient and it is simpler to have a single method for inserting multiple values.
* Include bundled aggregations in the sync response cache. (#11659)Patrick Cloke2022-01-131-14/+3
|
* Use auto_attribs/native type hints for attrs classes. (#11692)Patrick Cloke2022-01-131-3/+3
|
* Merge branch 'release-v1.50' into developOlivier Wilkinson (reivilibre)2022-01-071-0/+3
|\
| * Include `io.element.thread` capability for MSC3440. (#11690)Patrick Cloke2022-01-051-0/+3
| |
* | Bundle aggregations outside of the serialization method. (#11612)Patrick Cloke2022-01-076-42/+56
| | | | | | | | | | | | | | | | This makes the serialization of events synchronous (and it no longer access the database), but we must manually calculate and provide the bundled aggregations. Overall this should cause no change in behavior, but is prep work for other improvements.
* | Remove the /send_relation endpoint. (#11682)Patrick Cloke2022-01-061-120/+5
| | | | | | | | This was removed from MSC2674 before that was approved and is not used by any known clients.
* | Fix get federation status of destination if no error occured (#11593)Dirk Klimpel2022-01-051-7/+19
| |
* | Run `pyupgrade --py37-plus --keep-percent-format` on Synapse (#11685)Shay2022-01-051-1/+1
|/ | | | | | | | | * newsfragment * fix newsfragment number * update changelog * remove extra space
* Add admin API to get users' account data (#11664)Dirk Klimpel2022-01-052-0/+32
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Convert all namedtuples to attrs. (#11665)Patrick Cloke2021-12-301-6/+13
| | | To improve type hints throughout the code.
* Add type hints to event_push_actions. (#11594)Patrick Cloke2021-12-211-10/+10
|
* Various opentracing enhancements (#11619)Richard van der Hoff2021-12-211-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | * Wrap `auth.get_user_by_req` in an opentracing span give `get_user_by_req` its own opentracing span, since it can result in a non-trivial number of sub-spans which it is useful to group together. This requires a bit of reorganisation because it also sets some tags (and may force tracing) on the servlet span. * Emit opentracing span for encoding json responses This can be a significant time sink. * Rename all sync spans with a prefix * Write an opentracing span for encoding sync response * opentracing span to group generate_room_entries * opentracing spans within sync.encode_response * changelog * Use the `trace` decorator instead of context managers
* Do not bundle aggregations for APIs which shouldn't include them. (#11592)Patrick Cloke2021-12-203-8/+18
| | | | | And make bundling aggregations opt-in, instead of opt-out to avoid having APIs to include extraneous data (and being much heavier than necessary).
* Merge remote-tracking branch 'origin/release-v1.49' into developRichard van der Hoff2021-12-201-1/+9
|\
| * Disable aggregation bundling on `/sync` responses (#11583)Richard van der Hoff2021-12-201-1/+9
| | | | | | | | | | | | | | | | | | | | | | * Disable aggregation bundling on `/sync` responses A partial revert of #11478. This turns out to have had a significant CPU impact on initial-sync handling. For now, let's disable it, until we find a more efficient way of achieving this. * Fix tests. Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* | Add MSC2716 and MSC3030 to `/versions` -> `unstable_features` (#11582)Eric Eastwood2021-12-161-0/+4
| | | | | | | | As suggested in https://github.com/matrix-org/matrix-react-sdk/pull/7372#discussion_r769523369
* | Add missing type hints to synapse.http. (#11571)Patrick Cloke2021-12-141-2/+2
| |
* | Move HTML parsing to a separate file for URL previews. (#11566)Patrick Cloke2021-12-133-378/+407
| | | | | | | | | | | | | | * Splits the logic for parsing HTML from the resource handling code. * Fix a circular import in the oEmbed code (which uses the HTML parsing code). * Renames some of the HTML parsing methods to: * Make it clear which methods are "internal" to the module. * Clarify what the methods do.
* | Make `get_device` return None if the device doesn't exist rather than ↵reivilibre2021-12-132-2/+6
| | | | | | | | | | raising an exception. (#11565) Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* | Do not allow cross-room relations, per MSC2674. (#11516)Patrick Cloke2021-12-091-1/+6
| |
* | Support unprefixed versions of fallback key property names. (#11541)Hubert Chathi2021-12-091-0/+3
| |
* | Allow guests to send state events (#11378)Robert Long2021-12-091-1/+1
| |
* | Add a constant for receipt types (m.read). (#11531)Patrick Cloke2021-12-083-6/+7
| | | | | | And expand some type hints in the receipts storage module.
* | Clean up `synapse.rest.admin` (#11535)Dirk Klimpel2021-12-0813-164/+94
|/
* Fix 'delete room' admin api to work on incomplete rooms (#11523)Richard van der Hoff2021-12-071-3/+0
| | | | | If, for some reason, we don't have the create event, we should still be able to purge a room.
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-062-29/+23
| | | | into the Matrix specification. (#11435)
* Save the OIDC session ID (sid) with the device on login (#11482)Quentin Gliech2021-12-061-2/+5
| | | As a step towards allowing back-channel logout for OIDC.
* Add admin API to get some information about federation status (#11407)Dirk Klimpel2021-12-062-0/+141
|
* Include bundled aggregations in /sync and related fixes (#11478)Patrick Cloke2021-12-064-23/+10
| | | | | | | | Due to updates to MSC2675 this includes a few fixes: * Include bundled aggregations for /sync. * Do not include bundled aggregations for /initialSync and /events. * Do not bundle aggregations for state events. * Clarifies comments and variable names.
* Fix media repository failing when media store path contains symlinks (#11446)Sean Quah2021-12-021-44/+71
|
* Add MSC3030 experimental client and federation API endpoints to get the ↵Eric Eastwood2021-12-021-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | closest event to a given timestamp (#9445) MSC3030: https://github.com/matrix-org/matrix-doc/pull/3030 Client API endpoint. This will also go and fetch from the federation API endpoint if unable to find an event locally or we found an extremity with possibly a closer event we don't know about. ``` GET /_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction> { "event_id": ... "origin_server_ts": ... } ``` Federation API endpoint: ``` GET /_matrix/federation/unstable/org.matrix.msc3030/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction> { "event_id": ... "origin_server_ts": ... } ``` Co-authored-by: Erik Johnston <erik@matrix.org>
* Register the login redirect endpoint for v3. (#11451)Patrick Cloke2021-12-012-3/+3
| | | As specified for Matrix v1.1.
* Bundle relations of relations into the `/relations` result. (#11284)Patrick Cloke2021-11-301-6/+3
| | | | | Per updates to MSC2675 which now states that bundled aggregations should be included from the `/relations` endpoint.
* Convert status codes to `HTTPStatus` in `synapse.rest.admin` (#11452)Dirk Klimpel2021-11-2911-171/+275
|
* Support the stable /hierarchy endpoint from MSC2946 (#11329)Patrick Cloke2021-11-291-4/+4
| | | | | | This also makes additional updates where the implementation had drifted from the approved MSC. Unstable endpoints will be removed at a later data.
* Update MSC2918 refresh token support to confirm with the latest revision: ↵reivilibre2021-11-262-8/+13
| | | | accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
* Support expiry of refresh tokens and expiry of the overall session when ↵reivilibre2021-11-261-15/+37
| | | | refresh tokens are in use. (#11425)
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-232-5/+13
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Merge branch 'master' into developSean Quah2021-11-232-43/+216
|\
| * Prevent the media store from writing outside of the configured directorySean Quah2021-11-192-43/+216
| | | | | | | | | | Also tighten validation of server names by forbidding invalid characters in IPv6 addresses and empty domain labels.
* | Refactor the code to inject bundled relations during serialization. (#11408)Patrick Cloke2021-11-234-7/+7
| |
* | Add config for customizing the claim used for JWT logins. (#11361)Kostas2021-11-221-1/+2
| | | | | | | | | | Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
* | Add an admin API to run background jobs. (#11352)Dirk Klimpel2021-11-192-27/+98
| | | | | | | | | | | | Instead of having admins poke into the database directly. Can currently run jobs to populate stats and to populate the user directory.
* | Add dedicated admin API for blocking a room (#11324)Dirk Klimpel2021-11-182-0/+65
| |
* | Rename `get_access_token_for_user_id` method to ↵reivilibre2021-11-171-1/+1
| | | | | | | | `create_access_token_for_user_id` (#11369)
* | Add support for `/_matrix/client/v3` APIs (#11318)Aaron R2021-11-162-3/+3
| | | | | | | | | | This is one of the changes required to support Matrix 1.1 Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Add ability to un-shadow-ban via the admin API. (#11347)Patrick Cloke2021-11-161-2/+22
| |