summary refs log tree commit diff
path: root/synapse/rest (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Enable changing user type via users admin API (#11174)Jason Robinson2021-10-261-0/+3
| | | | | | | | Users admin API can now also modify user type in addition to allowing it to be set on user creation. Signed-off-by: Jason Robinson <jasonr@matrix.org> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Add type hints for most `HomeServer` parameters (#11095)Sean Quah2021-10-221-1/+1
|
* Add a thread relation type per MSC3440. (#11088)Patrick Cloke2021-10-211-1/+2
| | | | Adds experimental support for MSC3440's `io.element.thread` relation type (and the aggregation for it).
* Fix setting a user's external_id via the admin API returns 500 and deletes ↵Dirk Klimpel2021-10-211-29/+18
| | | | | users existing external mappings if that external ID is already mapped (#11051) Fixes #10846
* Show error when timestamp in seconds is provided to the /purge_media_cache ↵Aaron R2021-10-201-6/+27
| | | | API (#11101)
* Ensure each charset is attempted only once during media preview. (#11089)Patrick Cloke2021-10-141-6/+28
| | | | There's no point in trying more than once since it is guaranteed to continually fail.
* Attempt different character encodings when previewing a URL. (#11077)Patrick Cloke2021-10-141-41/+39
| | | | This follows similar logic to BeautifulSoup where we attempt different character encodings until we find one which works.
* Resolve and share `state_groups` for all historical events in batch ↵Eric Eastwood2021-10-131-9/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (MSC2716) (#10975) Resolve and share `state_groups` for all historical events in batch. This also helps for showing the appropriate avatar/displayname in Element and will work whenever `/messages` has one of the historical messages as the first message in the batch. This does have the flaw where if you just insert a single historical event somewhere, it probably won't resolve the state correctly from `/messages` or `/context` since it will grab a non historical event above or below with resolved state which never included the historical state back then. For the same reasions, this also does not work in Element between the transition from actual messages to historical messages. In the Gitter case, this isn't really a problem since all of the historical messages are in one big lump at the beginning of the room. For a future iteration, might be good to look at `/messages` and `/context` to additionally add the `state` for any historical messages in that batch. --- How are the `state_groups` shared? To illustrate the `state_group` sharing, see this example: **Before** (new `state_group` for every event 😬, very inefficient): ``` # Tests from https://github.com/matrix-org/complement/pull/206 $ COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory/parallel/should_resolve_member_state_events_for_historical_events create_new_client_event m.room.member event=$_JXfwUDIWS6xKGG4SmZXjSFrizhARM7QblhATVWWUcA state_group=None create_new_client_event org.matrix.msc2716.insertion event=$1ZBfmBKEjg94d-vGYymKrVYeghwBOuGJ3wubU1-I9y0 state_group=9 create_new_client_event org.matrix.msc2716.insertion event=$Mq2JvRetTyclPuozRI682SAjYp3GqRuPc8_cH5-ezPY state_group=10 create_new_client_event m.room.message event=$MfmY4rBQkxrIp8jVwVMTJ4PKnxSigpG9E2cn7S0AtTo state_group=11 create_new_client_event m.room.message event=$uYOv6V8wiF7xHwOMt-60d1AoOIbqLgrDLz6ZIQDdWUI state_group=12 create_new_client_event m.room.message event=$PAbkJRMxb0bX4A6av463faiAhxkE3FEObM1xB4D0UG4 state_group=13 create_new_client_event org.matrix.msc2716.batch event=$Oy_S7AWN7rJQe_MYwGPEy6RtbYklrI-tAhmfiLrCaKI state_group=14 ``` **After** (all events in batch sharing `state_group=10`) (the base insertion event has `state_group=8` which matches the `prev_event` we're inserting next to): ``` # Tests from https://github.com/matrix-org/complement/pull/206 $ COMPLEMENT_ALWAYS_PRINT_SERVER_LOGS=1 COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory/parallel/should_resolve_member_state_events_for_historical_events create_new_client_event m.room.member event=$PWomJ8PwENYEYuVNoG30gqtybuQQSZ55eldBUSs0i0U state_group=None create_new_client_event org.matrix.msc2716.insertion event=$e_mCU7Eah9ABF6nQU7lu4E1RxIWccNF05AKaTT5m3lw state_group=9 create_new_client_event org.matrix.msc2716.insertion event=$ui7A3_GdXIcJq0C8GpyrF8X7B3DTjMd_WGCjogax7xU state_group=10 create_new_client_event m.room.message event=$EnTIM5rEGVezQJiYl62uFBl6kJ7B-sMxWqe2D_4FX1I state_group=10 create_new_client_event m.room.message event=$LGx5jGONnBPuNhAuZqHeEoXChd9ryVkuTZatGisOPjk state_group=10 create_new_client_event m.room.message event=$wW0zwoN50lbLu1KoKbybVMxLbKUj7GV_olozIc5i3M0 state_group=10 create_new_client_event org.matrix.msc2716.batch event=$5ZB6dtzqFBCEuMRgpkU201Qhx3WtXZGTz_YgldL6JrQ state_group=10 ```
* Remove dead code from `MediaFilePaths` (#11056)Sean Quah2021-10-131-17/+0
|
* Add type hints to synapse.events.*. (#11066)Patrick Cloke2021-10-131-4/+4
| | | Except `synapse/events/__init__.py`, which will be done in a follow-up.
* Be more lenient when parsing the version for oEmbed responses. (#11065)Patrick Cloke2021-10-132-8/+7
|
* Merge remote-tracking branch 'origin/release-v1.45' into developPatrick Cloke2021-10-121-1/+1
|\
| * Fix formatting string when oEmbed errors occur. (#11061)Patrick Cloke2021-10-121-1/+1
| |
* | Update `_wrap_in_base_path` type hints to preserve function arguments (#11055)Sean Quah2021-10-121-3/+6
|/
* Refactor MSC2716 `/batch_send` endpoint into separate handler functions (#10974)Eric Eastwood2021-10-081-283/+56
|
* Autodiscover oEmbed endpoint from returned HTML (#10822)Patrick Cloke2021-10-082-38/+100
| | | | | Searches the returned HTML for an oEmbed endpoint using the autodiscovery mechanism (`<link rel=...>`), and will request it to generate the preview.
* Relax `ignore-missing-imports` for modules that have stubs now and update ↵David Robertson2021-10-082-29/+30
| | | | | | | | | | | | mypy (#11006) Updating mypy past version 0.9 means that third-party stubs are no-longer distributed with typeshed. See http://mypy-lang.blogspot.com/2021/06/mypy-0900-released.html for details. We therefore pull in stub packages in setup.py Additionally, some modules that we were previously ignoring import failures for now have stubs. So let's use them. The rest of this change consists of fixups to make the newer mypy + stubs pass CI. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Require direct references to configuration variables. (#10985)Patrick Cloke2021-10-062-2/+4
| | | | | | This removes the magic allowing accessing configurable variables directly from the config object. It is now required that a specific configuration class is used (e.g. `config.foo` must be replaced with `config.server.foo`).
* Use direct references for configuration variables (part 7). (#10959)Patrick Cloke2021-10-047-36/+38
|
* Fix getTurnServer response: return an integer ttl (#10922)Lukas Lihotzki2021-09-301-1/+1
| | | | | | | | | `ttl` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/old_master/data/api/client-server/voip.yaml#L70 True division (`/`) returns a float instead (`"ttl": 7200.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-298-17/+17
|
* Implement MSC3069: Guest support on whoami (#9655)Travis Ralston2021-09-291-2/+6
|
* Fix empty `url_cache_thumbnails/yyyy-mm-dd/` directories being left behind ↵Sean Quah2021-09-291-31/+43
| | | | (#10924)
* Ensure `(room_id, next_batch_id)` is unique to avoid cross-talk/conflicts ↵Eric Eastwood2021-09-281-2/+4
| | | | | | | | between batches (MSC2716) (#10877) Part of [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) Part of https://github.com/matrix-org/synapse/issues/10737
* Avoid storing URL cache files in storage providers (#10911)Sean Quah2021-09-273-6/+16
| | | | | URL cache files are short-lived and it does not make sense to offload them (eg. to the cloud) or back them up.
* Fix race conditions when creating media store and config directories (#10913)Sean Quah2021-09-272-6/+3
|
* Use direct references for configuration variables (part 5). (#10897)Patrick Cloke2021-09-2413-31/+35
|
* Add reactor to `SynapseRequest` and fix up types. (#10868)Erik Johnston2021-09-248-30/+27
|
* Allow `.` and `~` chars in registration tokens (#10887)Callum Brown2021-09-231-1/+1
| | | | Per updates to MSC3231 in order to use the same grammar as other identifiers.
* Use direct references for configuration variables (part 4). (#10893)Patrick Cloke2021-09-236-17/+21
|
* Use direct references for some configuration variables (part 3) (#10885)Patrick Cloke2021-09-238-54/+57
| | | | | | | | This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
* Remove unnecessary parentheses around tuples returned from methods (#10889)Andrew Morgan2021-09-233-6/+6
|
* Include more information in oEmbed previews. (#10819)Patrick Cloke2021-09-222-5/+46
| | | | | | | * Improved titles (fall back to the author name if there's not title) and include the site name. * Handle photo/video payloads. * Include the original URL in the Open Graph response. * Fix the expiration time (by properly converting from seconds to milliseconds).
* Rename MSC2716 things from `chunk` to `batch` to match `/batch_send` ↵Eric Eastwood2021-09-211-43/+43
| | | | | | | | endpoint (#10838) See https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684574497 Dropping support for older MSC2716 room versions so we don't have to worry about supporting both chunk and batch events.
* Refactor oEmbed previews (#10814)Patrick Cloke2021-09-212-199/+272
| | | | | | | | | | | | | The major change is moving the decision of whether to use oEmbed further up the call-stack. This reverts the _download_url method to being a "dumb" functionwhich takes a single URL and downloads it (as it was before #7920). This also makes more minor refactorings: * Renames internal variables for clarity. * Factors out shared code between the HTML and rich oEmbed previews. * Fixes tests to preview an oEmbed image.
* Allow Synapse Admin API's Room Search to accept non-ASCII characters (#10859)Hillery Shay2021-09-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add tests for checking if room search works with non-ascii char * change encoding on parse_string to UTF-8 * lints * properly encode search term * lints * add changelog file * update changelog number * set changelog entry filetype to .bugfix * Revert "set changelog entry filetype to .bugfix" This reverts commit be8e5a314251438ec4ec7dbc59ba32162c93e550. * update changelog message and file type * change parse_string default encoding back to ascii and update room search admin api calll to parse string * refactor tests * Update tests/rest/admin/test_room.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Rename `/batch_send` query parameter from `?prev_event` to more obvious ↵Eric Eastwood2021-09-211-7/+9
| | | | | | | usage with `?prev_event_id` (MSC2716) (#10839) As mentioned in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r705872887 and https://github.com/matrix-org/synapse/issues/10737
* Add missing type hints to non-client REST servlets. (#10817)Patrick Cloke2021-09-1524-94/+166
| | | | Including admin, consent, key, synapse, and media. All REST servlets (the synapse.rest module) now require typed method definitions.
* Verify `?chunk_id` actually corresponds to an insertion event that exists ↵Eric Eastwood2021-09-151-1/+12
| | | | (MSC2716) (#10776)
* Split out `/batch_send` meta events to their own fields (MSC2716) (#10777)Eric Eastwood2021-09-151-11/+18
|
* Convert media repo's FileInfo to attrs. (#10785)Patrick Cloke2021-09-144-108/+139
| | | | This is mostly an internal change, but improves type hints in the media code.
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-139-17/+22
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Add types to synapse.util. (#10601)reivilibre2021-09-103-6/+9
|
* Ask consent on SSO registration with default mxid (#10733)AndrewFerr2021-09-101-2/+2
| | | | | | Fixes #10732: consent flow skipped during SSO user registration if username is left at default Signed-off-by: Andrew Ferrazzutti fair@miscworks.net
* Remove unstable MSC2858 API, including `experimental.msc2858_enabled` config ↵Sean2021-09-091-46/+11
| | | | | option (#10693) Signed-off-by: Sean Quah <seanq@element.io>
* Request JSON for oEmbed requests (and ignore XML only providers). (#10759)Patrick Cloke2021-09-081-3/+23
| | | | | | | | This adds the format to the request arguments / URL to ensure that JSON data is returned (which is all that Synapse supports). This also adds additional error checking / filtering to the configuration file to ignore XML-only providers.
* Use attrs internally for the URL preview code & add documentation. (#10753)Patrick Cloke2021-09-071-42/+79
|
* Additional type hints for client REST servlets (part 5) (#10736)Patrick Cloke2021-09-035-68/+123
| | | | Additionally this enforce type hints on all function signatures inside of the synapse.rest.client package.
* Additional type hints for client REST servlets (part 4) (#10728)Patrick Cloke2021-09-018-100/+144
|
* Allow configuration of the oEmbed URLs. (#10714)Patrick Cloke2021-08-312-142/+140
| | | | | This adds configuration options (under an `oembed` section) to configure which URLs are matched to use oEmbed for URL previews.
* Additional type hints for the client REST servlets (part 3). (#10707)Patrick Cloke2021-08-316-150/+305
|
* Remove unused `compare_digest` function. (#10706)Patrick Cloke2021-08-271-13/+0
|
* Improve ServerNoticeServlet to avoid duplicate requests (#10679)Dirk Klimpel2021-08-272-8/+16
| | | Fixes: #9544
* Additional type hints for REST servlets (part 2). (#10674)Patrick Cloke2021-08-2615-138/+210
| | | Applies the changes from #10665 to additional modules.
* Fix error when selecting between thumbnails with the same quality (#10684)Sean2021-08-251-9/+17
| | | Fixes #10318
* Correctly initialise the `synapse_user_logins` metric. (#10677)Richard van der Hoff2021-08-241-6/+23
| | | | | Fix a bug where the prometheus metrics for SSO logins wouldn't be initialised until the first user logged in with a given auth provider.
* Additional type hints for the sync REST servlet. (#10666)Patrick Cloke2021-08-231-51/+81
|
* Addtional type hints for the REST servlets. (#10665)Patrick Cloke2021-08-2313-107/+203
|
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-214-0/+425
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Validate device_keys for C-S /keys/query requests (#10593)David Robertson2021-08-201-1/+15
| | | | | | | | * Validate device_keys for C-S /keys/query requests Closes #10354 A small, not particularly critical fix. I'm interested in seeing if we can find a more systematic approach though. #8445 is the place for any discussion.
* Support MSC3283: Expose `enable_set_displayname` in capabilities (#10452)Dirk Klimpel2021-08-191-0/+11
|
* Remove not needed database updates in modify user admin API (#10627)Dirk Klimpel2021-08-191-20/+35
|
* Merge branch 'release-v1.41' into developErik Johnston2021-08-186-165/+168
|\
| * Mount /_synapse/admin/v1/users/{userId}/media admin API on media workers ↵Andrew Morgan2021-08-183-164/+163
| | | | | | | | | | only (#10628) Co-authored-by: Patrick Cloke <patrickc@matrix.org>
| * Allow /createRoom to be run on workers (#10564)Andrew Morgan2021-08-171-1/+1
| | | | | | Fixes https://github.com/matrix-org/synapse/issues/7867
| * Centralise the custom template directory (#10596)Brendan Abolivier2021-08-172-0/+4
| | | | | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* | Display an error page during failure of fallback UIA. (#10561)Callum Brown2021-08-181-15/+24
| |
* | Remove deprecated Shutdown Room and Purge Room Admin API (#8830)Dirk Klimpel2021-08-173-97/+0
|/
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-1745-62/+31
|
* Always list fallback key types in /sync (#10623)Andrew Morgan2021-08-171-4/+5
|
* Allow to edit `external_ids` by Edit User admin API (#10598)Dirk Klimpel2021-08-171-48/+91
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add an admin API to check if a username is available (#10578)Will Hunt2021-08-172-0/+53
| | | This adds a new API GET /_synapse/admin/v1/username_available?username=foo to check if a username is available. It is the counterpart to https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-register-available, except that it works even if registration is disabled.
* Validate the max_rooms_per_space parameter to ensure it is non-negative. ↵Patrick Cloke2021-08-161-5/+20
| | | | (#10611)
* Experimental support for MSC3266 Room Summary API. (#10394)Michael Telatynski2021-08-162-76/+59
|
* Move /batch_send to /v2_alpha directory (MSC2716) (#10576)Eric Eastwood2021-08-133-409/+444
| | | | | | | * Move /batch_send to /v2_alpha directory As pointed out by @erikjohnston, https://github.com/matrix-org/synapse/pull/10552#discussion_r685836624
* Admin API to delete media for a specific user (#10558)Dirk Klimpel2021-08-113-9/+81
|
* Only return state events that the AS passed in via `state_events_at_start` ↵Eric Eastwood2021-08-101-1/+3
| | | | | | | | | | | | | | (MSC2716) (#10552) * Only return state events that the AS passed in via state_events_at_start As discovered by @Half-Shot in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684158448 Part of MSC2716 * Add changelog * Fix changelog extension
* Add local support for the new spaces summary endpoint (MSC2946) (#10549)Patrick Cloke2021-08-101-0/+41
| | | | | This adds support for the /hierarchy endpoint, which is an update to MSC2946. Currently this only supports rooms known locally to the homeserver.
* Fix exceptions in logs when failing to get remote room list (#10541)Erik Johnston2021-08-061-18/+12
|
* Mark all MSC2716 events as historical (#10537)Eric Eastwood2021-08-051-5/+10
| | | * Mark all MSC2716 events as historical
* Don't fail on empty bodies when sending out read receipts (#10531)Brendan Abolivier2021-08-041-1/+1
| | | | | Fixes a bug introduced in rc1 that would cause Synapse to 400 on read receipts requests with empty bodies. Broken in #10413
* Make historical events discoverable from backfill for servers without any ↵Eric Eastwood2021-07-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrollback history (MSC2716) (#10245) * Make historical messages available to federated servers Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 Follow-up to https://github.com/matrix-org/synapse/pull/9247 * Debug message not available on federation * Add base starting insertion point when no chunk ID is provided * Fix messages from multiple senders in historical chunk Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 --- Previously, Synapse would throw a 403, `Cannot force another user to join.`, because we were trying to use `?user_id` from a single virtual user which did not match with messages from other users in the chunk. * Remove debug lines * Messing with selecting insertion event extremeties * Move db schema change to new version * Add more better comments * Make a fake requester with just what we need See https://github.com/matrix-org/synapse/pull/10276#discussion_r660999080 * Store insertion events in table * Make base insertion event float off on its own See https://github.com/matrix-org/synapse/pull/10250#issuecomment-875711889 Conflicts: synapse/rest/client/v1/room.py * Validate that the app service can actually control the given user See https://github.com/matrix-org/synapse/pull/10276#issuecomment-876316455 Conflicts: synapse/rest/client/v1/room.py * Add some better comments on what we're trying to check for * Continue debugging * Share validation logic * Add inserted historical messages to /backfill response * Remove debug sql queries * Some marker event implemntation trials * Clean up PR * Rename insertion_event_id to just event_id * Add some better sql comments * More accurate description * Add changelog * Make it clear what MSC the change is part of * Add more detail on which insertion event came through * Address review and improve sql queries * Only use event_id as unique constraint * Fix test case where insertion event is already in the normal DAG * Remove debug changes * Switch to chunk events so we can auth via power_levels Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room. * Switch to chunk events for federation * Add unstable room version to support new historical PL * Fix federated events being rejected for no state_groups Add fix from https://github.com/matrix-org/synapse/pull/10439 until it merges. * Only connect base insertion event to prev_event_ids Per discussion with @erikjohnston, https://matrix.to/#/!UytJQHLQYfvYWsGrGY:jki.re/$12bTUiObDFdHLAYtT7E-BvYRp3k_xv8w0dUQHibasJk?via=jki.re&via=matrix.org * Make it possible to get the room_version with txn * Allow but ignore historical events in unsupported room version See https://github.com/matrix-org/synapse/pull/10245#discussion_r675592489 We can't reject historical events on unsupported room versions because homeservers without knowledge of MSC2716 or the new room version don't reject historical events either. Since we can't rely on the auth check here to stop historical events on unsupported room versions, I've added some additional checks in the processing/persisting code (`synapse/storage/databases/main/events.py` -> `_handle_insertion_event` and `_handle_chunk_event`). I've had to do some refactoring so there is method to fetch the room version by `txn`. * Move to unique index syntax See https://github.com/matrix-org/synapse/pull/10245#discussion_r675638509 * High-level document how the insertion->chunk lookup works * Remove create_event fallback for room_versions See https://github.com/matrix-org/synapse/pull/10245/files#r677641879 * Use updated method name
* Support for MSC2285 (hidden read receipts) (#10413)Šimon Brandner2021-07-283-4/+34
| | | Implementation of matrix-org/matrix-doc#2285
* Support underscores (in addition to hyphens) for charset detection. (#10410)sri-vidyut2021-07-271-2/+4
|
* Mitigate media repo XSSs on IE11. (#10468)Denis Kasak2021-07-271-0/+2
| | | | | | | | IE11 doesn't support Content-Security-Policy but it has support for a non-standard X-Content-Security-Policy header, which only supports the sandbox directive. This prevents script execution, so it at least offers some protection against media repo-based attacks. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* Support MSC2033: Device ID on whoami (#9918)Travis Ralston2021-07-271-1/+8
| | | | | | | | | | * Fix no-access-token bug in deactivation tests * Support MSC2033: Device ID on whoami * Test for appservices too MSC: https://github.com/matrix-org/matrix-doc/pull/2033 The MSC has passed FCP, which means stable endpoints can be used.
* Merge branch 'master' into developErik Johnston2021-07-231-4/+7
|\
| * Always send device_one_time_keys_count (#10457)David Baker2021-07-221-4/+7
| | | | | | | | | | | | | | As per comment Fixes https://github.com/matrix-org/synapse/issues/10456 See also https://github.com/vector-im/element-android/issues/3725
* | Add `creation_ts` to list users admin API (#10448)Dirk Klimpel2021-07-221-0/+2
| | | | | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* | Add type hints to additional servlet functions (#10437)Patrick Cloke2021-07-211-1/+1
| | | | | | | | | | | | | | | | | | Improves type hints for: * parse_{boolean,integer} * parse_{boolean,integer}_from_args * parse_json_{value,object}_from_request And fixes any incorrect calls that resulted from unknown types.
* | Add a return type to parse_string. (#10438)Patrick Cloke2021-07-217-34/+36
| | | | | | | | And set the required attribute in a few places which will error if a parameter is not provided.
* | Switch to `chunk` events so we can auth via power_levels (MSC2716) (#10432)Eric Eastwood2021-07-211-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room.
* | MSC3244 room capabilities implementation (#10283)Michael Telatynski2021-07-201-1/+7
| |
* | [pyupgrade] `synapse/` (#10348)Jonathan de Jong2021-07-192-18/+11
| | | | | | | | | | | | | | | | | | This PR is tantamount to running ``` pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"` ``` Part of #9744
* | Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-1613-39/+33
| |
* | Add a module type for account validity (#9884)Brendan Abolivier2021-07-162-14/+17
| | | | | | | | | | This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.
* | Fix messages from multiple senders in historical chunk (MSC2716) (#10276)Eric Eastwood2021-07-131-7/+42
| | | | | | | | | | | | | | Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716
* | Bugfix `make_room_admin` fails for users that have left a private room (#10367)Dirk Klimpel2021-07-131-1/+8
| | | | | | Fixes: #10338
* | Add base starting insertion event when no chunk ID is provided (MSC2716) ↵Eric Eastwood2021-07-081-23/+89
|/ | | | | | | | | (#10250) * Add base starting insertion point when no chunk ID is provided This is so we can have the marker event point to this initial insertion event and be able to traverse the events in the first chunk.
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-242-41/+218
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Re-introduce "Leave out optional keys from /sync" change (#10214)Andrew Morgan2021-06-231-23/+46
| | | Required some fixes due to merge conflicts with #6739, but nothing too hairy. The first commit is the same as the original (after merge conflict resolution) then two more for compatibility with the latest sync code.
* Add endpoints for backfilling history (MSC2716) (#9247)Eric Eastwood2021-06-221-1/+287
| | | Work on https://github.com/matrix-org/matrix-doc/pull/2716
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-162-0/+9
| | | | | | | Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
* Fix requestOpenIdToken response: integer expires_in (#10175)Lukas Lihotzki2021-06-161-1/+1
| | | | | | | | | | `expires_in` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/master/data/api/client-server/definitions/openid_token.yaml#L32 True division (`/`) returns a float instead (`"expires_in": 3600.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Remove the experimental flag for knocking and use stable prefixes / ↵Patrick Cloke2021-06-152-8/+3
| | | | | | | endpoints. (#10167) * Room version 7 for knocking. * Stable prefixes and endpoints (both client and federation) for knocking. * Removes the experimental configuration flag.
* Implement knock feature (#6739)Sorunome2021-06-094-21/+203
| | | | | | This PR aims to implement the knock feature as proposed in https://github.com/matrix-org/matrix-doc/pull/2403 Signed-off-by: Sorunome mail@sorunome.de Signed-off-by: Andrew Morgan andrewm@element.io
* Limit the number of in-flight /keys/query requests from a single device. ↵Patrick Cloke2021-06-091-1/+4
| | | | (#10144)
* Correct type hints for parse_string(s)_from_args. (#10137)Patrick Cloke2021-06-085-15/+19
|
* Add missing type hints to the admin API servlets (#10105)Dirk Klimpel2021-06-075-40/+47
|
* r0.6.1 support: /rooms/:roomId/aliases endpoint (#9224)Travis Ralston2021-06-031-1/+1
| | | | | | [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432) added this endpoint originally but it has since been included in the spec for nearly a year. This is progress towards https://github.com/matrix-org/synapse/issues/8334
* Add new admin APIs to remove media by media ID from quarantine. (#10044)Dirk Klimpel2021-06-021-0/+30
| | | | | Related to: #6681, #5956, #10040 Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Rewrite the KeyRing (#10035)Erik Johnston2021-06-021-1/+8
|
* Move some more endpoints off master (#10084)Erik Johnston2021-05-271-4/+4
|
* Make reason and score optional for report_event (#10077)Callum Brown2021-05-271-9/+4
| | | | | | Implements MSC2414: https://github.com/matrix-org/matrix-doc/pull/2414 See #8551 Signed-off-by: Callum Brown <callum@calcuode.com>
* Remove the experimental spaces enabled flag. (#10063)Patrick Cloke2021-05-261-3/+1
| | | | In lieu of just always enabling the unstable spaces endpoint and unstable room version.
* Add an admin API for unprotecting local media from quarantine (#10040)Dirk Klimpel2021-05-261-2/+26
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Remove tls_fingerprints option (#9280)Jerin J Titus2021-05-242-11/+0
| | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
* Fix /upload 500'ing when presented a very large image (#10029)Michael Telatynski2021-05-212-0/+11
| | | | | | | | | | | | * Fix /upload 500'ing when presented a very large image Catch DecompressionBombError and re-raise as ThumbnailErrors * Set PIL's MAX_IMAGE_PIXELS to match homeserver.yaml to get it to bomb out quicker, to load less into memory in the case of super large images * Add changelog entry for 10029
* Use a database table to hold the users that should have full presence sent ↵Andrew Morgan2021-05-181-3/+5
| | | | to them, instead of something in-memory (#9823)
* Support fetching the spaces summary via GET over federation. (#9947)Patrick Cloke2021-05-111-0/+1
| | | | | | | | | | | Per changes in MSC2946, the C-S and S-S APIs for spaces summary should use GET requests. Until this is stable, the POST endpoints still exist. This does not switch federation requests to use the GET version yet since it is newly added and already deployed servers might not support it. When switching to the stable endpoint we should switch to GET requests.
* Revert "Leave out optional keys from /sync (#9919)" (#9940)Erik Johnston2021-05-061-44/+18
| | | This reverts commit e9eb3549d32a6f93d07de8dbd5e1ebe54c8d8278.
* Leave out optional keys from /sync (#9919)DeepBlueV7.X2021-05-051-18/+44
| | | | | | This leaves out all optional keys from /sync. This should be fine for all clients tested against conduit already, but it may break some clients, as such we should check, that at least most of them don't break horribly and maybe back out some of the individual changes. (We can probably always leave out groups for example, while the others may cause more issues.) Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
* Delete room endpoint (#9889)ThibF2021-04-291-44/+90
| | | | | | Support the delete of a room through DELETE request and mark previous request as deprecated through documentation. Signed-off-by: Thibault Ferrante <thibault.ferrante@pm.me>
* Remove various bits of compatibility code for Python <3.6 (#9879)Andrew Morgan2021-04-273-11/+4
| | | I went through and removed a bunch of cruft that was lying around for compatibility with old Python versions. This PR also will now prevent Synapse from starting unless you're running Python 3.6+.
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-2/+0
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* Make DomainSpecificString an attrs class (#9875)Erik Johnston2021-04-231-0/+9
|
* Split presence out of master (#9820)Erik Johnston2021-04-231-1/+6
|
* Limit length of accepted email addresses (#9855)Erik Johnston2021-04-222-6/+10
|
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-201-1/+1
|
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-2/+2
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-7/+25
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* remove `HomeServer.get_config` (#9815)Richard van der Hoff2021-04-141-1/+1
| | | | Every single time I want to access the config object, I have to remember whether or not we use `get_config`. Let's just get rid of it.
* More robust handling of the Content-Type header for thumbnail generation (#9788)rkfg2021-04-141-0/+3
| | | | Signed-off-by: Sergey Shpikin <rkfg@rkfg.me>
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1485-85/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add an admin API to manage ratelimit for a specific user (#9648)Dirk Klimpel2021-04-132-0/+113
|
* Require AppserviceRegistrationType (#9548)Will Hunt2021-04-121-7/+16
| | | This change ensures that the appservice registration behaviour follows the spec. We decided to do this for Dendrite, so it made sense to also make a PR for synapse to correct the behaviour.
* Remove old admin API `GET /_synapse/admin/v1/users/<user_id>` (#9401)Dirk Klimpel2021-04-092-25/+0
| | | | | | | | | | | | | Related: #8334 Deprecated in: #9429 - Synapse 1.28.0 (2021-02-25) `GET /_synapse/admin/v1/users/<user_id>` has no - unit tests - documentation API in v2 is available (#5925 - 12/2019, v1.7.0). API is misleading. It expects `user_id` and returns a list of all users. Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add type hints to expiring cache. (#9730)Patrick Cloke2021-04-061-1/+1
|
* Add `order_by` to list user admin API (#9691)Dirk Klimpel2021-04-011-1/+20
|
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-303-11/+21
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-265-0/+14
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Add a type hints for service notices to the HomeServer object. (#9675)Patrick Cloke2021-03-241-3/+8
|
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-2311-11/+11
|
* Incorporate reviewBrendan Abolivier2021-03-191-1/+1
|
* Merge branch 'develop' into babolivier/msc3026Brendan Abolivier2021-03-192-4/+67
|\
| * fix mypyRichard van der Hoff2021-03-191-4/+7
| |
| * Fix type-hints from bad merge.Patrick Cloke2021-03-181-2/+2
| |
| * Initial spaces summary API (#9643)Richard van der Hoff2021-03-181-3/+63
| | | | | | This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
| * Consistently check whether a password may be set for a user. (#9636)Dirk Klimpel2021-03-181-1/+1
| |
* | Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-0/+2
|/
* Fix up types for the typing handler. (#9638)Patrick Cloke2021-03-171-6/+9
| | | | By splitting this to two separate methods the callers know what methods they can expect on the handler.
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-11/+12
| | | | | Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-161-5/+34
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Prevent bundling aggregations for state events (#9619)Andrew Morgan2021-03-162-2/+8
| | | There's no need to do aggregation bundling for state events. Doing so can cause performance issues.
* Fix Internal Server Error on `GET /saml2/authn_response` (#9623)Richard van der Hoff2021-03-161-2/+8
| | | | | | | * Fix Internal Server Error on `GET /saml2/authn_response` Seems to have been introduced in #8765 (Synapse 1.24.0) * Fix newsfile
* Fix additional type hints from Twisted 21.2.0. (#9591)Patrick Cloke2021-03-126-54/+104
|
* Re-Activating account when local passwords are disabled (#9587)Dirk Klimpel2021-03-111-1/+4
| | | Fixes: #8393
* Convert Requester to attrs (#9586)Richard van der Hoff2021-03-101-1/+2
| | | | | | ... because namedtuples suck Fix up a couple of other annotations to keep mypy happy.
* Handle image transparency better when thumbnailing. (#9473)Patrick Cloke2021-03-091-3/+8
| | | | Properly uses RGBA mode for 1- and 8-bit images with transparency (instead of RBG mode).
* Add type hints to purge room and server notice admin API. (#9520)Dirk Klimpel2021-03-082-15/+23
|
* Prometheus metrics for logins and registrations (#9511)Richard van der Hoff2021-03-041-2/+8
| | | Add prom metrics for number of users successfully registering and logging in, by SSO provider.
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-041-4/+2
| | | This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)
* Add type hints to user admin API. (#9521)Dirk Klimpel2021-03-031-29/+56
|
* Add type hints to device and event report admin API (#9519)Dirk Klimpel2021-03-022-16/+39
|
* Fix a bug when a room alias is given to the admin join endpoint (#9506)Patrick Cloke2021-03-011-58/+74
|
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-0113-23/+28
| | | | This also pins the Twisted version in the mypy job for CI until proper type hints are fixed throughout Synapse.
* Add support for no_proxy and case insensitive env variables (#9372)Tim Leung2021-02-261-2/+1
| | | | | | | | | | | | | | | ### Changes proposed in this PR - Add support for the `no_proxy` and `NO_PROXY` environment variables - Internally rely on urllib's [`proxy_bypass_environment`](https://github.com/python/cpython/blob/bdb941be423bde8b02a5695ccf51c303d6204bed/Lib/urllib/request.py#L2519) - Extract env variables using urllib's `getproxies`/[`getproxies_environment`](https://github.com/python/cpython/blob/bdb941be423bde8b02a5695ccf51c303d6204bed/Lib/urllib/request.py#L2488) which supports lowercase + uppercase, preferring lowercase, except for `HTTP_PROXY` in a CGI environment This does contain behaviour changes for consumers so making sure these are called out: - `no_proxy`/`NO_PROXY` is now respected - lowercase `https_proxy` is now allowed and taken over `HTTPS_PROXY` Related to #9306 which also uses `ProxyAgent` Signed-off-by: Timothy Leung tim95@hotmail.co.uk
* SSO: redirect to public URL before setting cookies (#9436)Richard van der Hoff2021-02-261-0/+28
| | | ... otherwise, we don't get the cookie back.
* Merge branch 'master' into developErik Johnston2021-02-251-1/+6
|\
| * Add back the deprecated SAML endpoint. (#9474)Patrick Cloke2021-02-231-1/+6
| |
* | Add an `order_by` field to list users' media admin API. (#8978)Dirk Klimpel2021-02-221-1/+27
| |
* | Ratelimit cross-user key sharing requests. (#8957)Patrick Cloke2021-02-191-3/+1
| |
* | Regenerate exact thumbnails if missing (#9438)Erik Johnston2021-02-193-3/+57
|\ \ | |/ |/|
| * Return a 404 if we don't have the original fileErik Johnston2021-02-192-1/+8
| |
| * Regenerate exact thumbnails if missingErik Johnston2021-02-182-2/+49
| |
* | Remove deprecated SAML2 callback URL since it does not work. (#9434)Patrick Cloke2021-02-181-5/+1
|/ | | | Updates documentation from #9289 and removes a deprecated endpoint which didn't work as expected.
* Add type hints to groups code. (#9393)Patrick Cloke2021-02-171-23/+120
|
* Support for form_post in OIDC responses (#9376)Richard van der Hoff2021-02-171-1/+12
| | | Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-1618-87/+123
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Fix some typos.Patrick Cloke2021-02-124-7/+7
|
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-0/+4
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Type hints and validation improvements. (#9321)Patrick Cloke2021-02-082-60/+121
| | | | | | | | | | * Adds type hints to the groups servlet and stringutils code. * Assert the maximum length of some input values for spec compliance.
* | Handle additional errors when previewing URLs. (#9333)Patrick Cloke2021-02-081-19/+52
| | | | | | | | * Handle the case of lxml not finding a document tree. * Parse the document encoding from the XML tag.
* | Merge pull request #9150 from Yoric/develop-contextDavid Teller2021-02-083-1/+68
|\ \ | | | | | | New API /_synapse/admin/rooms/{roomId}/context/{eventId}
| * | FIXUP: linterDavid Teller2021-01-281-0/+5
| | |
| * | FIXUP: Making get_event_context a bit more paranoidDavid Teller2021-01-282-2/+2
| | |
| * | FIXUP: DocDavid Teller2021-01-281-0/+6
| | |
| * | FIXUP: Now testing that the user is admin!David Teller2021-01-281-1/+2
| | |
| * | New API /_synapse/admin/rooms/{roomId}/context/{eventId}David Teller2021-01-282-0/+55
| | | | | | | | | | | | Signed-off-by: David Teller <davidt@element.io>
* | | Add check_media_file_for_spam spam checker hookErik Johnston2021-02-042-6/+65
| |/ |/|
* | Add an admin API to get the current room state (#9168)Travis Ralston2021-02-022-0/+41
| | | | | | | | | | This could arguably replace the existing admin API for `/members`, however that is out of scope of this change. This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database.
* | Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-024-5/+12
| |
* | Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-013-3/+7
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-013-3/+110
|\ \
| * | Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+99
| | |
| * | Make importing display name and email optional (#9277)Richard van der Hoff2021-02-011-3/+11
| | |
* | | Merge branch 'social_login' into developRichard van der Hoff2021-02-014-29/+162
|\| |
| * | Replace username picker with a template (#9275)Richard van der Hoff2021-02-012-20/+60
| | | | | | | | | | | | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
| * | Fix SSO on workers (#9271)Richard van der Hoff2021-02-011-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
| * | Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-012-10/+56
| | | | | | | | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* | | Merge branch 'social_login' into developRichard van der Hoff2021-01-281-0/+2
|\| |
| * | Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-271-0/+2
| | | | | | | | | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
* | | Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-282-2/+16
| |/ |/|
* | Check if a user is in the room before sending a PowerLevel event on their ↵Pankaj Yadav2021-01-271-1/+11
| | | | | | | | behalf (#9235)
* | Merge branch 'social_login' into developRichard van der Hoff2021-01-271-6/+49
|\|
| * Implement MSC2858 support (#9183)Richard van der Hoff2021-01-271-6/+49
| | | | | | Fixes #8928.
* | Try to recover from unknown encodings when previewing media. (#9164)Patrick Cloke2021-01-261-10/+34
| | | | | | | | | | | | Treat unknown encodings (according to lxml) as UTF-8 when generating a preview for HTML documents. This isn't fully accurate, but will hopefully give a reasonable title and summary.
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-262-0/+38
|\ \ | | | | | | | | | | | | # Conflicts: # synapse/rest/admin/__init__.py
| * | Add an admin API for shadow-banning users. (#9209)Patrick Cloke2021-01-252-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This expands the current shadow-banning feature to be usable via the admin API and adds documentation for it. A shadow-banned users receives successful responses to their client-server API requests, but the events are not propagated into rooms. Shadow-banning a user should be used as a tool of last resort and may lead to confusing or broken behaviour for the client.
* | | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-2323-392/+585
|\| |
| * | Return a 404 if no valid thumbnail is found. (#9163)Patrick Cloke2021-01-212-81/+158
| | | | | | | | | | | | | | | | | | If no thumbnail of the requested type exists, return a 404 instead of erroring. This doesn't quite match the spec (which does not define what happens if no thumbnail can be found), but is consistent with what Synapse already does.
| * | Add tests for List Users Admin API (#9045)Dirk Klimpel2021-01-211-3/+18
| |/
| * Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-2/+1
| |
| * Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-4/+0
| |
| * Validate the server name for the /publicRooms endpoint. (#9161)Patrick Cloke2021-01-191-2/+17
| | | | | | | | If a remote server name is provided, ensure it is something reasonable before making remote connections to it.
| * Allow moving account data and receipts streams off master (#9104)Erik Johnston2021-01-182-26/+7
| |
| * Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Factor out a common TestHtmlParser Looks like I'm doing this in a few different places. * Improve OIDC login test Complete the OIDC login flow, rather than giving up halfway through. * Ensure that OIDC login works with multiple OIDC providers * Fix bugs in handling clientRedirectUrl - don't drop duplicate query-params, or params with no value - allow utf-8 in query-params
| * Add an admin API endpoint to protect media. (#9086)Patrick Cloke2021-01-151-15/+49
| | | | | | | | | | | | Protecting media stops it from being quarantined when e.g. all media in a room is quarantined. This is useful for sticker packs and other media that is uploaded by server administrators, but used by many people.
| * Add type hints to media rest resources. (#9093)Patrick Cloke2021-01-1511-164/+283
| |
| * Remove user's avatar URL and displayname when deactivated. (#8932)Dirk Klimpel2021-01-122-9/+20
| | | | | | This only applies if the user's data is to be erased.
| * UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-123-42/+22
| | | | | | | | | | | | | | If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one. There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated. Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
| * Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-125-39/+10
| | | | | | Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
| * Also support remote users on the joined_rooms admin API. (#8948)David Teller2021-01-111-7/+0
| | | | | | | | For remote users, only the rooms which the server knows about are returned. Local users have all of their joined rooms returned.
* | Address pr feedbackJason Robinson2021-01-112-1/+3
| | | | | | | | | | | | | | | | | | | | * docs updates * prettify SQL * add missing copyright * cursor_to_dict * update touched files copyright years Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-091-2/+2
|\|
| * Add some tests for the IDP picker flowRichard van der Hoff2021-01-071-2/+2
| |
* | Implement clearing cache after deleting forward extremitiesJason Robinson2021-01-091-12/+9
| | | | | | | | | | | | Also run linter. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Add Rooms admin forward extremities DELETE endpointJason Robinson2021-01-081-0/+5
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Move unknown room ID error into resolve_room_idJason Robinson2021-01-071-7/+9
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Add forward extremities endpoint to rooms admin APIJason Robinson2021-01-072-0/+55
|/ | | | | | GET /_synapse/admin/v1/rooms/<identifier>/forward_extremities now gets forward extremities for a room, returning count and the list of extremities. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+82
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Combine the SSO Redirect Servlets (#9015)Richard van der Hoff2021-01-042-89/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement CasHandler.handle_redirect_request ... to make it match OidcHandler and SamlHandler * Clean up interface for OidcHandler.handle_redirect_request Make it accept `client_redirect_url=None`. * Clean up interface for `SamlHandler.handle_redirect_request` ... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`. * Define a common protocol for SSO auth provider impls * Give SsoIdentityProvider an ID and register them * Combine the SSO Redirect servlets Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP. * changelog
* Add type hints to the crypto module. (#8999)Patrick Cloke2021-01-041-4/+5
|
* Check if group IDs are valid before using them. (#8977)Patrick Cloke2020-12-301-3/+45
|
* Validate input parameters for the sendToDevice API. (#8975)Patrick Cloke2020-12-291-1/+2
| | | | This makes the "messages" key in the content required. This is currently optional in the spec, but that seems to be an error.
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-7/+10
| | | Adds the redacts endpoint to workers that have the client listener.
* Allow server admin to get admin bit in rooms where local user is an admin ↵Erik Johnston2020-12-182-2/+136
| | | | | | | (#8756) This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power. Co-authored-by: Matthew Hodgson <matthew@matrix.org>
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-0/+88
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-3/+7
|
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-181-3/+11
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-171-3/+11
| |
* | Convert internal pusher dicts to attrs classes. (#8940)Patrick Cloke2020-12-162-29/+2
| | | | | | This improves type hinting and should use less memory.
* | Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-10/+6
| | | | | | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner.
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-6/+19
| | | | | | | | Fixes #8846.
* | Add number of local devices to Room Details Admin API (#8886)Dirk Klimpel2020-12-111-16/+32
| |
* | Add X-Robots-Tag header to stop crawlers from indexing media (#8887)Aaron Raimist2020-12-081-0/+5
| | | | | | | | | | | | | | Fixes / related to: https://github.com/matrix-org/synapse/issues/6533 This should do essentially the same thing as a robots.txt file telling robots to not index the media repo. https://developers.google.com/search/reference/robots_meta_tag Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Call set_avatar_url with target_user, not user_id (#8872)Will Hunt2020-12-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Do not raise a 500 exception when previewing empty media. (#8883)Patrick Cloke2020-12-071-1/+5
| |
* | Do not 500 if the content-length is not provided when uploading media. (#8862)Patrick Cloke2020-12-041-1/+1
| | | | | | Instead return the proper 400 error.