Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | preview_url_resource: Ellipsis must be in unicode string | Johannes Löthberg | 2016-12-01 | 1 | -1/+1 |
| | | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> | ||||
* | Fix doc-string | Richard van der Hoff | 2016-12-01 | 1 | -2/+1 |
| | | | | Remove refresh_token reference | ||||
* | Rip out more refresh_token code | Richard van der Hoff | 2016-11-30 | 2 | -25/+3 |
| | | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema. | ||||
* | Merge branch 'develop' into rav/no_more_refresh_tokens | Richard van der Hoff | 2016-11-30 | 5 | -25/+24 |
|\ | |||||
| * | Merge pull request #1656 from matrix-org/rav/remove_time_caveat | Richard van der Hoff | 2016-11-30 | 1 | -12/+0 |
| |\ | | | | | | | Stop putting a time caveat on access tokens | ||||
| | * | Stop putting a time caveat on access tokens | Richard van der Hoff | 2016-11-29 | 1 | -12/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats. | ||||
| * | | Merge pull request #1653 from matrix-org/rav/guest_e2e | Richard van der Hoff | 2016-11-29 | 4 | -13/+24 |
| |\ \ | | |/ | |/| | Implement E2E for guests | ||||
| | * | Allow guest access to endpoints for E2E | Richard van der Hoff | 2016-11-25 | 3 | -9/+9 |
| | | | | | | | | | | | | | | | Expose /devices, /keys, and /sendToDevice to guest users, so that they can use E2E. | ||||
| | * | Give guest users a device_id | Richard van der Hoff | 2016-11-25 | 1 | -4/+15 |
| | | | | | | | | | | | | | | | We need to create devices for guests so that they can use e2e, but we don't have anywhere to store it, so just use a fixed one. | ||||
* | | | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 2 | -21/+12 |
|/ / | | | | | | | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins. | ||||
* / | Shuffle receipt handler around so that worker apps don't need to load it | Erik Johnston | 2016-11-23 | 1 | -1/+1 |
|/ | |||||
* | Merge pull request #1638 from matrix-org/kegan/sync-event-fields | Kegsay | 2016-11-22 | 1 | -10/+13 |
|\ | | | | | Implement "event_fields" in filters | ||||
| * | Glue only_event_fields into the sync rest servlet | Kegan Dougal | 2016-11-22 | 1 | -10/+13 |
| | | |||||
* | | Fix flake8 | Mark Haines | 2016-11-18 | 1 | -1/+0 |
| | | |||||
* | | Work around client replacing reg params | David Baker | 2016-11-18 | 1 | -0/+12 |
|/ | | | | | Works around https://github.com/vector-im/vector-android/issues/715 and equivalent for iOS | ||||
* | Clean transactions based on time. Add HttpTransactionCache tests. | Kegan Dougal | 2016-11-14 | 3 | -7/+21 |
| | |||||
* | Move .observe() up to the cache to make things neater | Kegan Dougal | 2016-11-14 | 3 | -33/+11 |
| | |||||
* | Review comments | Kegan Dougal | 2016-11-11 | 5 | -158/+119 |
| | |||||
* | More flake8 | Kegan Dougal | 2016-11-11 | 1 | -1/+3 |
| | |||||
* | Flake8 and fix whoopsie | Kegan Dougal | 2016-11-11 | 1 | -4/+8 |
| | |||||
* | Use ObservableDeferreds instead of Deferreds as they behave as intended | Kegan Dougal | 2016-11-11 | 2 | -30/+31 |
| | |||||
* | Use observable deferreds because they are sane | Kegan Dougal | 2016-11-11 | 1 | -3/+4 |
| | |||||
* | Flake8 | Kegan Dougal | 2016-11-10 | 2 | -4/+4 |
| | |||||
* | Store Promise<Response> instead of Response for HTTP API transactions | Kegan Dougal | 2016-11-10 | 4 | -88/+68 |
| | | | | | | | | | | | | | | | | | | This fixes a race whereby: - User hits an endpoint. - No cached transaction so executes main code. - User hits same endpoint. - No cache transaction so executes main code. - Main code finishes executing and caches response and returns. - Main code finishes executing and caches response and returns. This race is common in the wild when Synapse is struggling under load. This commit fixes the race by: - User hits an endpoint. - Caches the promise to execute the main code and executes main code. - User hits same endpoint. - Yields on the same promise as the first request. - Main code finishes executing and returns, unblocking both requests. | ||||
* | Set CORs headers on responses from the media repo | Mark Haines | 2016-11-02 | 2 | -2/+4 |
| | |||||
* | Merge pull request #1164 from pik/error-codes | Erik Johnston | 2016-10-19 | 1 | -6/+6 |
|\ | | | | | Clarify Error codes for GET /filter/ | ||||
| * | Refactor test_filter to use real DataStore | pik | 2016-10-18 | 1 | -2/+2 |
| | | | | | | | | * add tests for filter api errors | ||||
| * | Error codes for filters | Alexander Maznev | 2016-10-14 | 1 | -4/+4 |
| | | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com> | ||||
* | | Merge pull request #1168 from matrix-org/rav/ui_auth_on_device_delete | Richard van der Hoff | 2016-10-13 | 1 | -5/+20 |
|\ \ | | | | | | | User-interactive auth on delete device | ||||
| * | | Handle delete device requests with no body | Richard van der Hoff | 2016-10-12 | 1 | -2/+11 |
| | | | | | | | | | | | | | | | We should probably return a 401 rather than a 400 for existing clients that don't know they have to do the UIA dance to delete a device. | ||||
| * | | User-interactive auth on delete device | Richard van der Hoff | 2016-10-12 | 1 | -5/+11 |
| | | | |||||
* | | | Merge pull request #1167 from matrix-org/markjh/fingerprints | Mark Haines | 2016-10-12 | 1 | -13/+8 |
|\ \ \ | |/ / |/| | | Add config option for adding additional TLS fingerprints | ||||
| * | | Improve comment formatting | Mark Haines | 2016-10-12 | 1 | -3/+6 |
| | | | |||||
| * | | Add config option for adding additional TLS fingerprints | Mark Haines | 2016-10-11 | 1 | -12/+4 |
| |/ | |||||
* | | Merge pull request #1157 from Rugvip/nolimit | Erik Johnston | 2016-10-11 | 1 | -4/+7 |
|\ \ | |/ |/| | Remove rate limiting from app service senders and fix get_or_create_user requester | ||||
| * | rest/client/v1/register: use the correct requester in createUser | Patrik Oldsberg | 2016-10-06 | 1 | -3/+6 |
| | | | | | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
| * | storage/appservice: make appservice methods only relying on the cache ↵ | Patrik Oldsberg | 2016-10-06 | 1 | -1/+1 |
| | | | | | | | | synchronous | ||||
* | | window.postmessage for Interactive Auth fallback | Richard van der Hoff | 2016-10-06 | 1 | -1/+3 |
|/ | | | | | If you're a webapp running the fallback in an iframe, you can't set set a window.onAuthDone function. Let's post a message back to window.opener instead. | ||||
* | Time out typing over federation | Erik Johnston | 2016-09-23 | 1 | -1/+4 |
| | |||||
* | Support /initialSync in synchrotron worker | Erik Johnston | 2016-09-21 | 2 | -5/+4 |
| | |||||
* | Enable guest access to POST /publicRooms | Erik Johnston | 2016-09-17 | 1 | -2/+2 |
| | |||||
* | Make POST /publicRooms require auth | Erik Johnston | 2016-09-16 | 1 | -2/+1 |
| | |||||
* | Change the way we calculate new_limit in /publicRooms and add POST API | Erik Johnston | 2016-09-15 | 1 | -0/+29 |
| | |||||
* | Remove default public rooms limit | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | By default limit /publicRooms to 100 entries | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Pass since/from parameters over federation | Erik Johnston | 2016-09-15 | 1 | -3/+3 |
| | |||||
* | Allow paginating both forwards and backwards | Erik Johnston | 2016-09-15 | 1 | -3/+15 |
| | |||||
* | Remove support for aggregate room lists | Erik Johnston | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Move the E2E key handling into the e2e handler | Mark Haines | 2016-09-13 | 1 | -112/+16 |
| | |||||
* | Add a timeout parameter for end2end key queries. | Mark Haines | 2016-09-12 | 1 | -26/+51 |
| | | | | | | | | | | Add a timeout parameter for controlling how long synapse will wait for responses from remote servers. For servers that fail include how they failed to make it easier to debug. Fetch keys from different servers in parallel rather than in series. Set the default timeout to 10s. | ||||
* | Conform better to the CAS protocol specification | Shell Turner | 2016-09-09 | 1 | -5/+2 |
| | | | | | | | Redirect to CAS's /login endpoint properly, and don't require an <attributes> element. Signed-off-by: Shell Turner <cam.turn@gmail.com> | ||||
* | Merge pull request #1096 from matrix-org/markjh/get_access_token | Mark Haines | 2016-09-09 | 5 | -20/+16 |
|\ | | | | | Add helper function for getting access_tokens from requests | ||||
| * | Add helper function for getting access_tokens from requests | Mark Haines | 2016-09-09 | 5 | -20/+16 |
| | | | | | | | | | | | | Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers. | ||||
* | | Merge pull request #1091 from matrix-org/paul/third-party-lookup | Paul Evans | 2016-09-09 | 1 | -0/+24 |
|\ \ | | | | | | | Improvements to 3PE lookup API | ||||
| * | | appease pep8 | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+2 |
| | | | |||||
| * | | Python isn't JavaScript; have to quote dict keys | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+1 |
| | | | |||||
| * | | Efficiency fix for lookups of a single protocol | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+3 |
| | | | |||||
| * | | Allow lookup of a single 3PE protocol query metadata | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -0/+21 |
| | | | |||||
* | | | Filter returned events for client-facing format | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -2/+3 |
| | | | |||||
* | | | Allow clients to specify the format a room state event is returned in | Paul "LeoNerd" Evans | 2016-09-09 | 1 | -1/+7 |
| |/ |/| | |||||
* | | Merge pull request #1081 from matrix-org/dbkr/notifications_only_highlight | Matthew Hodgson | 2016-09-09 | 1 | -1/+2 |
|\ \ | |/ |/| | Implement `only=highlight` on `/notifications` | ||||
| * | Implement `only=highlight` on `/notifications` | David Baker | 2016-09-08 | 1 | -1/+2 |
| | | |||||
* | | Merge pull request #1082 from matrix-org/erikj/remote_public_rooms | Erik Johnston | 2016-09-08 | 1 | -6/+17 |
|\ \ | | | | | | | Add server param to /publicRooms | ||||
| * | | Use parse_string | Erik Johnston | 2016-09-08 | 1 | -2/+2 |
| | | | |||||
| * | | Add server param to /publicRooms | Erik Johnston | 2016-09-08 | 1 | -5/+16 |
| |/ | |||||
* | | Merge branch 'develop' into markjh/direct_to_device_federation | Mark Haines | 2016-09-08 | 1 | -1/+8 |
|\| | |||||
| * | Add quotes and be explicity about script-src | Erik Johnston | 2016-09-05 | 1 | -1/+2 |
| | | |||||
| * | Allow PDF to be rendered from media repo | Erik Johnston | 2016-09-05 | 1 | -1/+7 |
| | | |||||
* | | Send device messages over federation | Mark Haines | 2016-09-06 | 1 | -26/+7 |
|/ | |||||
* | Fix up the calls to the notifier for device messages | Mark Haines | 2016-09-01 | 1 | -1/+1 |
| | |||||
* | Add a replication stream for direct to device messages | Mark Haines | 2016-08-31 | 1 | -2/+8 |
| | |||||
* | Merge remote-tracking branch 'origin/develop' into markjh/direct_to_device | Mark Haines | 2016-08-26 | 1 | -1/+1 |
|\ | |||||
| * | Move ThirdPartyEntityKind into api.constants so the expectation becomes that ↵ | Paul "LeoNerd" Evans | 2016-08-25 | 1 | -1/+1 |
| | | | | | | | | the value is significant | ||||
* | | Merge branch 'develop' into markjh/direct_to_device | Mark Haines | 2016-08-25 | 2 | -4/+21 |
|\| | |||||
| * | Merge pull request #1041 from matrix-org/paul/third-party-lookup | Paul Evans | 2016-08-25 | 1 | -2/+20 |
| |\ | | | | | | | Extend 3PE lookup APIs for metadata query | ||||
| | * | Move static knowledge of protocol metadata into AS handler; cache the result | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -20/+1 |
| | | | |||||
| | * | Declare 'gitter' known protocol, with user lookup | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -0/+3 |
| | | | |||||
| | * | Initial hack at the 3PN protocols metadata lookup API | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -0/+34 |
| | | | |||||
| | * | Move 3PU/3PL lookup APIs into /thirdparty containing entity | Paul "LeoNerd" Evans | 2016-08-24 | 1 | -2/+2 |
| | | | |||||
| * | | Preserve some logcontexts | Erik Johnston | 2016-08-24 | 1 | -2/+1 |
| |/ | |||||
* | | Add some TODOs | Mark Haines | 2016-08-25 | 1 | -0/+4 |
| | | |||||
* | | Fix the deduplication of incoming direct-to-device messages | Mark Haines | 2016-08-25 | 1 | -1/+12 |
| | | |||||
* | | Add store-and-forward direct-to-device messaging | Mark Haines | 2016-08-25 | 3 | -3/+77 |
|/ | |||||
* | Pass through user-supplied content in /join/$room_id | Kegan Dougal | 2016-08-23 | 1 | -0/+1 |
| | | | | | | | It was always intended to allow custom keys on the join event, but this has at some point been lost. Restore it. If the user specifies keys like "avatar_url" then they will be clobbered. | ||||
* | Merge branch 'develop' into dbkr/notifications_api | Matthew Hodgson | 2016-08-20 | 2 | -0/+80 |
|\ | |||||
| * | Avoid so much copypasta between 3PU and 3PL query by unifying around a ↵ | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -2/+7 |
| | | | | | | | | ThirdPartyEntityKind enumeration | ||||
| * | Authenticate 3PE lookup requests | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -0/+6 |
| | | |||||
| * | Copypasta the 3PU support code to also do 3PL | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -0/+20 |
| | | |||||
| * | Remove TODO note about request fields being strings - they're always strings | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -2/+0 |
| | | |||||
| * | Merge remote-tracking branch 'origin/develop' into paul/thirdpartylookup | Paul "LeoNerd" Evans | 2016-08-18 | 11 | -164/+285 |
| |\ | |||||
| * | | Ensure that 3PU lookup request fields actually get passed in | Paul "LeoNerd" Evans | 2016-08-18 | 1 | -1/+5 |
| | | | |||||
| * | | Thread 3PU lookup through as far as the AS API object; which currently noöps it | Paul "LeoNerd" Evans | 2016-08-17 | 1 | -2/+9 |
| | | | |||||
| * | | Initial empty implementation that just registers an API endpoint handler | Paul "LeoNerd" Evans | 2016-08-17 | 2 | -0/+40 |
| | | | |||||
* | | | Use tuple comparison | David Baker | 2016-08-18 | 1 | -4/+3 |
| | | | | | | | | | | | | Hopefully easier to read | ||||
* | | | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_api | David Baker | 2016-08-18 | 12 | -165/+286 |
|\ \ \ | | |/ | |/| | |||||
| * | | Set `Content-Security-Policy` on media repo | Erik Johnston | 2016-08-17 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | This is to inform browsers that they should sandbox the returned media. This is particularly cruical for javascript/HTML files. | ||||
| * | | Add None check to _iterate_over_text | Erik Johnston | 2016-08-17 | 1 | -1/+1 |
| | | | |||||
| * | | Flake8 | Erik Johnston | 2016-08-16 | 1 | -4/+1 |
| | | | |||||
| * | | Fix up preview URL API. Add tests. | Erik Johnston | 2016-08-16 | 1 | -157/+196 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes: - Splitting out methods of a class into stand alone functions, to make them easier to test. - Adding unit tests to split out functions, testing HTML -> preview. - Handle the fact that elements in lxml may have tail text. | ||||
| * | | Make synchrotron accept /events | Erik Johnston | 2016-08-12 | 1 | -5/+4 |
| | | | |||||
| * | | Dont invoke get_handlers fromClientV1RestServlet | Erik Johnston | 2016-08-12 | 9 | -1/+86 |
| |/ | | | | | | | | | | | hs.get_handlers() can not be invoked from split out processes. Moving the invocations down a level means that we can slowly split out individual servlets. | ||||
| * | Don't change status_msg on /sync | Will Hunt | 2016-08-10 | 1 | -1/+1 |
| | | |||||
* | | Merge remote-tracking branch 'origin/develop' into dbkr/notifications_api | David Baker | 2016-08-11 | 22 | -534/+973 |
|\| | |||||
| * | Don't print stack traces when failing to get remote keys | Erik Johnston | 2016-08-10 | 1 | -1/+3 |
| | | |||||
| * | Merge pull request #995 from matrix-org/rav/clean_up_cas_login | David Baker | 2016-08-09 | 1 | -125/+33 |
| |\ | | | | | | | Clean up CAS login code | ||||
| | * | Clean up CAS login code | Richard van der Hoff | 2016-08-08 | 1 | -125/+33 |
| | | | | | | | | | | | | | | | | | | | | | Remove some apparently unused code. Clean up parse_cas_response, mostly to catch the exception if the CAS response isn't valid XML. | ||||
| * | | Fix CAS login | Richard van der Hoff | 2016-08-08 | 1 | -0/+1 |
| |/ | | | | | | | Attempting to log in with CAS was giving a 500 error. | ||||
| * | Don't include html comments in description | Erik Johnston | 2016-08-05 | 1 | -1/+2 |
| | | |||||
| * | Typo | Erik Johnston | 2016-08-04 | 1 | -1/+1 |
| | | |||||
| * | Test summarization | Erik Johnston | 2016-08-04 | 1 | -52/+54 |
| | | |||||
| * | Merge branch 'develop' of github.com:matrix-org/synapse into erikj/xpath_fix | Erik Johnston | 2016-08-04 | 1 | -42/+8 |
| |\ | |||||
| | * | Merge branch 'rav/null_default_device_displayname' into develop | Richard van der Hoff | 2016-08-03 | 1 | -3/+1 |
| | |\ | |||||
| | | * | Default device_display_name to null | Richard van der Hoff | 2016-08-03 | 1 | -3/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | It turns out that it's more useful to return a null device display name (and let clients decide how to handle it: eg, falling back to device_id) than using a constant string like "unknown device". | ||||
| | * | | Merge branch 'develop' into rav/refactor_device_query | Mark Haines | 2016-08-03 | 1 | -9/+7 |
| | |\| | |||||
| | * | | Move e2e query logic into a handler | Richard van der Hoff | 2016-08-01 | 1 | -39/+7 |
| | | | | |||||
| * | | | Don't infer paragrahs from newlines | Erik Johnston | 2016-08-02 | 1 | -2/+1 |
| | | | | |||||
| * | | | Comment on why we clone | Erik Johnston | 2016-08-02 | 1 | -0/+1 |
| | | | | |||||
| * | | | Spelling. | Erik Johnston | 2016-08-02 | 1 | -3/+3 |
| | | | | |||||
| * | | | Make it actually compile | Erik Johnston | 2016-08-02 | 1 | -1/+1 |
| | | | | |||||
| * | | | Change the way we summarize URLs | Erik Johnston | 2016-08-02 | 1 | -11/+67 |
| | |/ | |/| | | | | | | | | | | | | | | | | | | | Using XPath is slow on some machines (for unknown reasons), so use a different approach to get a list of text nodes. Try to generate a summary that respect paragraph and then word boundaries, adding ellipses when appropriate. | ||||
| * | | Fix adding emails on registration | David Baker | 2016-07-29 | 1 | -9/+7 |
| |/ | | | | | | | Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing. | ||||
| * | Add r0.1.0 to the "supported versions" list | Richard van der Hoff | 2016-07-28 | 1 | -0/+1 |
| | | |||||
| * | Add r0.2.0 to the "supported versions" list | Richard van der Hoff | 2016-07-28 | 1 | -1/+4 |
| | | |||||
| * | key upload tweaks | Richard van der Hoff | 2016-07-27 | 1 | -7/+5 |
| | | | | | | | | | | | | | | 1. Add v2_alpha URL back in, since things seem to be using it. 2. Don't reject the request if the device_id in the upload request fails to match that in the access_token. | ||||
| * | Delete e2e keys on device delete | Richard van der Hoff | 2016-07-27 | 1 | -4/+9 |
| | | |||||
| * | Make the device id on e2e key upload optional | Richard van der Hoff | 2016-07-26 | 1 | -12/+35 |
| | | | | | | | | | | | | | | | | | | | | | | | | We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices. | ||||
| * | Add `create_requester` function | Richard van der Hoff | 2016-07-26 | 1 | -6/+4 |
| | | | | | | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout | ||||
| * | Implement updating devices | Richard van der Hoff | 2016-07-26 | 1 | -7/+17 |
| | | | | | | | | You can update the displayname of devices now. | ||||
| * | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 3 | -8/+29 |
| | | |||||
| * | Merge pull request #943 from matrix-org/rav/get_device_api | David Baker | 2016-07-21 | 1 | -0/+25 |
| |\ | | | | | | | Implement GET /device/{deviceId} | ||||
| | * | Implement GET /device/{deviceId} | Richard van der Hoff | 2016-07-21 | 1 | -0/+25 |
| | | | |||||
| * | | Merge pull request #942 from matrix-org/rav/fix_register_deviceid | David Baker | 2016-07-21 | 1 | -11/+10 |
| |\ \ | | |/ | |/| | Preserve device_id from first call to /register | ||||
| | * | Preserve device_id from first call to /register | Richard van der Hoff | 2016-07-21 | 1 | -11/+10 |
| | | | | | | | | | | | | | | | device_id may only be passed in the first call to /register, so make sure we fish it out of the register `params` rather than the body of the final call. | ||||
| * | | Merge branch 'develop' into rav/get_devices_api | Richard van der Hoff | 2016-07-20 | 1 | -15/+39 |
| |\| | | | | | | | | | | (pick up PR #938 in the hope of fixing the UTs) | ||||
| | * | Register a device_id in the /v2/register flow. | Richard van der Hoff | 2016-07-20 | 1 | -15/+39 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit. | ||||
| * | | GET /devices endpoint | Richard van der Hoff | 2016-07-20 | 3 | -4/+62 |
| |/ | | | | | | | | | | | | | implement a GET /devices endpoint which lists all of the user's devices. It also returns the last IP where we saw that device, so there is some dancing to fish that out of the user_ips table. | ||||
| * | Merge pull request #933 from matrix-org/rav/type_annotations | Richard van der Hoff | 2016-07-20 | 3 | -0/+17 |
| |\ | | | | | | | Type annotations | ||||
| | * | Type annotations | Richard van der Hoff | 2016-07-19 | 3 | -0/+17 |
| | | | | | | | | | | | | | | | Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things. | ||||
| * | | Merge pull request #932 from matrix-org/rav/register_refactor | David Baker | 2016-07-20 | 2 | -14/+40 |
| |\ \ | | | | | | | | | Further registration refactoring | ||||
| | * | | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 2 | -14/+40 |
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
| * | | Merge pull request #922 from matrix-org/erikj/file_api2 | Erik Johnston | 2016-07-20 | 1 | -1/+10 |
| |\ \ | | |/ | |/| | Feature: Add filter to /messages. Add 'contains_url' to filter. | ||||
| | * | Add filter param to /messages API | Erik Johnston | 2016-07-14 | 1 | -1/+10 |
| | | | |||||
| * | | Merge pull request #931 from matrix-org/rav/refactor_register | David Baker | 2016-07-19 | 1 | -78/+102 |
| |\ \ | | | | | | | | | rest/client/v2_alpha/register.py: Refactor flow somewhat. | ||||
| | * | | Don't bind email unless threepid contains expected fields | Richard van der Hoff | 2016-07-19 | 1 | -28/+25 |
| | | | | |||||
| | * | | rest/client/v2_alpha/register.py: Refactor flow somewhat. | Richard van der Hoff | 2016-07-19 | 1 | -75/+102 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful. | ||||
| * | | | Add device_id support to /login | Richard van der Hoff | 2016-07-18 | 2 | -6/+43 |
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed. | ||||
| * | | Merge pull request #928 from matrix-org/rav/refactor_login | Richard van der Hoff | 2016-07-18 | 1 | -18/+23 |
| |\ \ | | | | | | | | | Refactor login flow | ||||
| | * | | Refactor login flow | Richard van der Hoff | 2016-07-18 | 1 | -18/+23 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary. | ||||
| * | | | Use body.get to check for 'user' | Will Hunt | 2016-07-16 | 1 | -2/+1 |
| | | | | |||||
| * | | | Fall back to 'username' if 'user' is not given for appservice reg. | Will Hunt | 2016-07-16 | 1 | -3/+5 |
| |/ / | |||||
| * | | Merge pull request #921 from matrix-org/erikj/account_deactivate | Erik Johnston | 2016-07-14 | 1 | -0/+44 |
| |\ \ | | | | | | | | | Feature: Add an /account/deactivate endpoint | ||||
| | * | | Add hs object | Erik Johnston | 2016-07-14 | 1 | -0/+1 |
| | | | | |||||
| | * | | Only accept password auth | Erik Johnston | 2016-07-14 | 1 | -12/+0 |
| | | | | |||||
| | * | | Add an /account/deactivate endpoint | Erik Johnston | 2016-07-14 | 1 | -0/+55 |
| | |/ | |||||
| * | | Merge pull request #918 from negzi/bugfix_for_token_expiry | Erik Johnston | 2016-07-14 | 1 | -1/+1 |
| |\ \ | | |/ | |/| | Bug fix: expire invalid access tokens | ||||
| | * | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -1/+1 |
| | | | |||||
| * | | be more pythonic | David Baker | 2016-07-12 | 1 | -1/+1 |
| | | | |||||
| * | | on_OPTIONS isn't neccessary | David Baker | 2016-07-12 | 2 | -10/+1 |
| | | | |||||
| * | | Remove other debug logging | David Baker | 2016-07-12 | 1 | -2/+0 |
| | | | |||||
| * | | Separate out requestTokens to separate handlers | David Baker | 2016-07-11 | 2 | -65/+93 |
| | | | |||||
| * | | Oops, remove debug logging | David Baker | 2016-07-11 | 1 | -4/+0 |
| | | | |||||
| * | | Implement https://github.com/matrix-org/matrix-doc/pull/346/files | David Baker | 2016-07-08 | 1 | -0/+59 |
| |/ | |||||
| * | Add rest servlet. Fix SQL. | Erik Johnston | 2016-07-06 | 1 | -0/+1 |
| | | |||||
| * | Merge branch 'erikj/shared_secret' into erikj/test2 | Erik Johnston | 2016-07-06 | 1 | -4/+16 |
| |\ | |||||
| | * | Check that there are no null bytes in user and passsword | Erik Johnston | 2016-07-06 | 1 | -0/+6 |
| | | | |||||
| | * | Add null separator to hmac | Erik Johnston | 2016-07-06 | 1 | -0/+2 |
| | | | |||||
| | * | Add an admin option to shared secret registration | Erik Johnston | 2016-07-05 | 1 | -0/+1 |
| | | | |||||
| | * | Protect password when registering using shared secret | Erik Johnston | 2016-07-05 | 1 | -4/+7 |
| | | | |||||
| * | | Add purge_history API | Erik Johnston | 2016-07-05 | 1 | -0/+18 |
| |/ | |||||
| * | Fix style violations | Kent Shikama | 2016-07-04 | 1 | -1/+2 |
| | | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
| * | Use .get() instead of [] to access password_hash | Kent Shikama | 2016-07-04 | 1 | -1/+1 |
| | | |||||
| * | Optionally include password hash in createUser endpoint | Kent Shikama | 2016-07-03 | 1 | -1/+3 |
| | | | | | | | | Signed-off-by: Kent Shikama <kent@kentshikama.com> | ||||
| * | Feature: Add deactivate account admin API | Erik Johnston | 2016-06-30 | 1 | -0/+26 |
| | | | | | | | | | | | | | | | | | | | | Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>` | ||||
| * | Remove race | Erik Johnston | 2016-06-29 | 1 | -11/+0 |
| | | |||||
| * | Implement purge_media_cache admin API | Erik Johnston | 2016-06-29 | 3 | -20/+96 |
| | | |||||
| * | Track approximate last access time for remote media | Erik Johnston | 2016-06-29 | 1 | -0/+24 |
| | | |||||
| * | Remove the legacy v0 content upload API. | Mark Haines | 2016-06-21 | 1 | -110/+2 |
| | | | | | | | | | | | | The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API. | ||||
| * | Line lengths | Erik Johnston | 2016-06-15 | 1 | -3/+3 |
| | | |||||
| * | Handle floats as img widths | Erik Johnston | 2016-06-15 | 1 | -1/+1 |
| | | |||||
| * | Handle og props with not content | Erik Johnston | 2016-06-15 | 1 | -1/+2 |
| | | |||||
| * | 502 on /thumbnail when can't contact remote server | Erik Johnston | 2016-06-09 | 1 | -4/+10 |
| | | |||||
| * | Remove redundant exception log in /events | Erik Johnston | 2016-06-09 | 1 | -24/+21 |
| | | |||||
| * | Don't make rooms visibile by default | Erik Johnston | 2016-06-08 | 1 | -2/+0 |
| | | |||||
| * | Log user that is making /publicRooms calls | Erik Johnston | 2016-06-08 | 1 | -0/+7 |
| | | |||||
| * | Load push rules in storage layer, so that they get cached | Erik Johnston | 2016-06-03 | 1 | -4/+2 |
| | | |||||
| * | Working unsubscribe links going straight to the HS | David Baker | 2016-06-02 | 1 | -1/+3 |
| | | | | | | | | and authed by macaroons that let you delete pushers and nothing else | ||||
| * | Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribe | David Baker | 2016-06-02 | 5 | -10/+11 |
| |\ | |||||
| | * | Split out the auth handler | David Baker | 2016-06-02 | 5 | -10/+11 |
| | | | |||||
| * | | WIP on unsubscribing email notifs without logging in | David Baker | 2016-06-01 | 1 | -1/+54 |
| |/ | |||||
| * | Basic, un-cached support for secondary_directory_servers | David Baker | 2016-05-31 | 1 | -1/+2 |
| | | |||||
| * | Split out the room list handler | David Baker | 2016-05-31 | 1 | -1/+1 |
| | | | | | | | | So I can use it from federation bits without pulling in all the handlers. | ||||
* | | Include the ts the notif was received at | David Baker | 2016-05-24 | 1 | -0/+1 |
| | | |||||
* | | Actually make the 'read' flag correct | David Baker | 2016-05-23 | 1 | -4/+3 |
| | | |||||
* | | Add GET /notifications API | David Baker | 2016-05-23 | 2 | -0/+102 |
|/ | |||||
* | Allow clients to specify a server_name to avoid 'No known servers' | Kegan Dougal | 2016-05-19 | 1 | -1/+4 |
| | | | | Multiple server_names are supported via ?server_name=foo&server_name=bar | ||||
* | Move typing handler out of the Handlers object | Mark Haines | 2016-05-17 | 1 | -4/+3 |
| | |||||
* | Move SyncHandler out of the Handlers object | Mark Haines | 2016-05-16 | 1 | -2/+1 |
| | |||||
* | Move the presence handler out of the Handlers object | Mark Haines | 2016-05-16 | 4 | -9/+17 |
| | |||||
* | Clean up the blacklist/whitelist handling. | Mark Haines | 2016-05-16 | 1 | -33/+30 |
| | | | | | | | Always set the config key with an empty list, even if a list isn't specified. This means that the codepaths are the same for both the empty list and for a missing key. Since the behaviour is the same for both cases this makes the code somewhat easier to reason about. | ||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -0/+71 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs | David Baker | 2016-05-10 | 3 | -0/+159 |
|\ | |||||
| * | Rename openid/token to openid/request_token | Mark Haines | 2016-05-05 | 1 | -2/+2 |
| | | |||||
| * | Add an openidish mechanism for proving to third parties that you own a given ↵ | Mark Haines | 2016-05-05 | 2 | -0/+98 |
| | | | | | | | | user_id | ||||
| * | Add timestamp and auto incrementing ID | Erik Johnston | 2016-05-04 | 1 | -0/+2 |
| | | |||||
| * | Move event_id to path | Erik Johnston | 2016-05-04 | 1 | -4/+2 |
| | | |||||
| * | Add /report endpoint | Erik Johnston | 2016-05-04 | 2 | -0/+61 |
| | | |||||
* | | More consistent config naming | David Baker | 2016-05-10 | 1 | -1/+1 |
| | | |||||
* | | Add config option to not send email notifs for new users | David Baker | 2016-05-10 | 1 | -1/+4 |
| | | |||||
* | | Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs | David Baker | 2016-04-29 | 1 | -0/+1 |
|\| | |||||
| * | Fix password reset | David Baker | 2016-04-29 | 1 | -0/+1 |
| | | | | | | | | Default requester to None, otherwise it isn't defined when resetting using email auth | ||||
* | | Add an email pusher for new users | David Baker | 2016-04-29 | 1 | -0/+26 |
|/ | | | | If they registered with an email address and email notifs are enabled on the HS | ||||
* | Report per request metrics for all of the things using request_handler | Mark Haines | 2016-04-28 | 6 | -7/+9 |
| | |||||
* | Make pyjwt dependency optional | Erik Johnston | 2016-04-25 | 1 | -5/+7 |
| | |||||
* | Merge pull request #687 from nikriek/jwt-fix | Erik Johnston | 2016-04-21 | 1 | -3/+6 |
|\ | | | | | Fix issues with JWT login | ||||
| * | Fix issues with JWT login | Niklas Riekenbrauck | 2016-04-21 | 1 | -3/+6 |
| | | |||||
* | | Add self.media_repo to PreviewUrlResource | Erik Johnston | 2016-04-19 | 1 | -0/+1 |
| | | |||||
* | | _make_dirs was moved to MediaRepository | Erik Johnston | 2016-04-19 | 1 | -1/+1 |
| | | |||||
* | | Add store to PreviewUrlResource | Erik Johnston | 2016-04-19 | 1 | -0/+1 |
| | | |||||
* | | Reorder imports | Erik Johnston | 2016-04-19 | 1 | -7/+8 |
| | | |||||
* | | Move MediaRepository to media_repository module | Erik Johnston | 2016-04-19 | 5 | -489/+496 |
| | | |||||
* | | Split out BaseMediaResource into MediaRepository | Erik Johnston | 2016-04-19 | 6 | -138/+180 |
| | | | | | | | | | | | | | | | | | | This is so that a single MediaRepository can be shared across all resources, rather than having a "copy" per resource. In particular this allows us to guard against both the thumbnail and download resource triggering a download of remote content at the same time. | ||||
* | | explicitly pass in the charset from Content-Type to lxml to fix cyrillic ↵ | Matthew Hodgson | 2016-04-15 | 1 | -6/+18 |
| | | | | | | | | woes better | ||||
* | | fix cyrillic URL previews by hardcoding all page decoding to UTF-8 for now, ↵ | Matthew Hodgson | 2016-04-15 | 1 | -16/+8 |
| | | | | | | | | rather than relying on lxml's heuristics which seem to get it wrong | ||||
* | | fix urlparse import thinko breaking tiny URLs | Matthew Hodgson | 2016-04-14 | 1 | -5/+5 |
| | | |||||
* | | Make v2_alpha reg follow the AS API specification | Kegan Dougal | 2016-04-14 | 1 | -0/+5 |
| | | | | | | | | | | | | The spec is clear the key should be 'user' not 'username' and this is indeed the case for v1. This is not true for v2_alpha though, which is what this commit is fixing. | ||||
* | | comment out 2c838f6459db35ad9812a83184d85a06ca5d940a due to risk of ↵ | Matthew Hodgson | 2016-04-14 | 1 | -16/+16 |
| | | | | | | | | https://en.wikipedia.org/wiki/Billion_laughs attacks - thanks @torhve | ||||
* | | Sanitize the optional dependencies for spider API | Erik Johnston | 2016-04-13 | 2 | -27/+3 |
| | | |||||
* | | Make the /set part mandatory | David Baker | 2016-04-12 | 1 | -1/+1 |
| | | |||||
* | | Mis-named function | David Baker | 2016-04-12 | 1 | -1/+1 |
| | | |||||
* | | Split into separate servlet classes | David Baker | 2016-04-12 | 1 | -11/+16 |
| | | |||||
* | | Add get endpoint for pushers | David Baker | 2016-04-11 | 1 | -1/+34 |
| | | | | | | | | As per https://github.com/matrix-org/matrix-doc/pull/308 | ||||
* | | PEP8 | Erik Johnston | 2016-04-11 | 1 | -1/+0 |
| | | |||||
* | | fix typos and needless try/except from PR review | Matthew Hodgson | 2016-04-11 | 1 | -143/+140 |
| | | |||||
* | | actually throw meaningful errors | Matthew Hodgson | 2016-04-08 | 1 | -9/+24 |
| | | |||||
* | | Fix pep8 warning | Mark Haines | 2016-04-08 | 1 | -3/+4 |
| | | |||||
* | | more PR feedback | Matthew Hodgson | 2016-04-08 | 1 | -4/+8 |
| | | |||||
* | | Add url_preview_enabled config option to turn on/off preview_url endpoint. ↵ | Matthew Hodgson | 2016-04-08 | 2 | -18/+64 |
| | | | | | | | | | | | | | | | | | | defaults to off. Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered. Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered. Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist Add commentary and generally address PR feedback | ||||
* | | Merge branch 'develop' into matthew/preview_urls | Matthew Hodgson | 2016-04-04 | 3 | -36/+133 |
|\| | |||||
| * | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -36/+43 |
| | | | | | | | | | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. | ||||
| * | Remove spurious comment | Erik Johnston | 2016-03-30 | 1 | -1/+0 |
| | | |||||
| * | Require user to have left room to forget room | Erik Johnston | 2016-03-30 | 1 | -0/+38 |
| | | | | | | | | | | This dramatically simplifies the forget API code - in particular it no longer generates a leave event. | ||||
| * | Add JWT support | Niklas Riekenbrauck | 2016-03-29 | 1 | -0/+53 |
| | | |||||
* | | report image size (bytewise) in OG meta | Matthew Hodgson | 2016-04-03 | 1 | -0/+2 |
| | | |||||
* | | char encoding | Matthew Hodgson | 2016-04-03 | 1 | -0/+1 |
| | | |||||
* | | pep8 | Matthew Hodgson | 2016-04-03 | 2 | -55/+73 |
| | | |||||
* | | fix etag typing error. fix timestamp typing error | Matthew Hodgson | 2016-04-03 | 1 | -2/+2 |
| | | |||||
* | | rebase all image URLs | Matthew Hodgson | 2016-04-03 | 1 | -4/+4 |
| | | |||||
* | | remove stale todo | Matthew Hodgson | 2016-04-03 | 1 | -3/+0 |
| | | |||||
* | | Ensure only one download for a given URL is active at a time | Matthew Hodgson | 2016-04-03 | 1 | -1/+18 |
| | | |||||
* | | add a persistent cache of URL lookups, and fix up the in-memory one to work | Matthew Hodgson | 2016-04-03 | 1 | -10/+54 |
| | |