summary refs log tree commit diff
path: root/synapse/rest (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use direct references for some configuration variables (#10798)Patrick Cloke2021-09-139-17/+22
| | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit).
* Add types to synapse.util. (#10601)reivilibre2021-09-103-6/+9
|
* Ask consent on SSO registration with default mxid (#10733)AndrewFerr2021-09-101-2/+2
| | | | | | Fixes #10732: consent flow skipped during SSO user registration if username is left at default Signed-off-by: Andrew Ferrazzutti fair@miscworks.net
* Remove unstable MSC2858 API, including `experimental.msc2858_enabled` config ↵Sean2021-09-091-46/+11
| | | | | option (#10693) Signed-off-by: Sean Quah <seanq@element.io>
* Request JSON for oEmbed requests (and ignore XML only providers). (#10759)Patrick Cloke2021-09-081-3/+23
| | | | | | | | This adds the format to the request arguments / URL to ensure that JSON data is returned (which is all that Synapse supports). This also adds additional error checking / filtering to the configuration file to ignore XML-only providers.
* Use attrs internally for the URL preview code & add documentation. (#10753)Patrick Cloke2021-09-071-42/+79
|
* Additional type hints for client REST servlets (part 5) (#10736)Patrick Cloke2021-09-035-68/+123
| | | | Additionally this enforce type hints on all function signatures inside of the synapse.rest.client package.
* Additional type hints for client REST servlets (part 4) (#10728)Patrick Cloke2021-09-018-100/+144
|
* Allow configuration of the oEmbed URLs. (#10714)Patrick Cloke2021-08-312-142/+140
| | | | | This adds configuration options (under an `oembed` section) to configure which URLs are matched to use oEmbed for URL previews.
* Additional type hints for the client REST servlets (part 3). (#10707)Patrick Cloke2021-08-316-150/+305
|
* Remove unused `compare_digest` function. (#10706)Patrick Cloke2021-08-271-13/+0
|
* Improve ServerNoticeServlet to avoid duplicate requests (#10679)Dirk Klimpel2021-08-272-8/+16
| | | Fixes: #9544
* Additional type hints for REST servlets (part 2). (#10674)Patrick Cloke2021-08-2615-138/+210
| | | Applies the changes from #10665 to additional modules.
* Fix error when selecting between thumbnails with the same quality (#10684)Sean2021-08-251-9/+17
| | | Fixes #10318
* Correctly initialise the `synapse_user_logins` metric. (#10677)Richard van der Hoff2021-08-241-6/+23
| | | | | Fix a bug where the prometheus metrics for SSO logins wouldn't be initialised until the first user logged in with a given auth provider.
* Additional type hints for the sync REST servlet. (#10666)Patrick Cloke2021-08-231-51/+81
|
* Addtional type hints for the REST servlets. (#10665)Patrick Cloke2021-08-2313-107/+203
|
* Implement MSC3231: Token authenticated registration (#10142)Callum Brown2021-08-214-0/+425
| | | | | Signed-off-by: Callum Brown <callum@calcuode.com> This is part of my GSoC project implementing [MSC3231](https://github.com/matrix-org/matrix-doc/pull/3231).
* Validate device_keys for C-S /keys/query requests (#10593)David Robertson2021-08-201-1/+15
| | | | | | | | * Validate device_keys for C-S /keys/query requests Closes #10354 A small, not particularly critical fix. I'm interested in seeing if we can find a more systematic approach though. #8445 is the place for any discussion.
* Support MSC3283: Expose `enable_set_displayname` in capabilities (#10452)Dirk Klimpel2021-08-191-0/+11
|
* Remove not needed database updates in modify user admin API (#10627)Dirk Klimpel2021-08-191-20/+35
|
* Merge branch 'release-v1.41' into developErik Johnston2021-08-186-165/+168
|\
| * Mount /_synapse/admin/v1/users/{userId}/media admin API on media workers ↵Andrew Morgan2021-08-183-164/+163
| | | | | | | | | | only (#10628) Co-authored-by: Patrick Cloke <patrickc@matrix.org>
| * Allow /createRoom to be run on workers (#10564)Andrew Morgan2021-08-171-1/+1
| | | | | | Fixes https://github.com/matrix-org/synapse/issues/7867
| * Centralise the custom template directory (#10596)Brendan Abolivier2021-08-172-0/+4
| | | | | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* | Display an error page during failure of fallback UIA. (#10561)Callum Brown2021-08-181-15/+24
| |
* | Remove deprecated Shutdown Room and Purge Room Admin API (#8830)Dirk Klimpel2021-08-173-97/+0
|/
* Flatten the synapse.rest.client package (#10600)reivilibre2021-08-1745-62/+31
|
* Always list fallback key types in /sync (#10623)Andrew Morgan2021-08-171-4/+5
|
* Allow to edit `external_ids` by Edit User admin API (#10598)Dirk Klimpel2021-08-171-48/+91
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add an admin API to check if a username is available (#10578)Will Hunt2021-08-172-0/+53
| | | This adds a new API GET /_synapse/admin/v1/username_available?username=foo to check if a username is available. It is the counterpart to https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-register-available, except that it works even if registration is disabled.
* Validate the max_rooms_per_space parameter to ensure it is non-negative. ↵Patrick Cloke2021-08-161-5/+20
| | | | (#10611)
* Experimental support for MSC3266 Room Summary API. (#10394)Michael Telatynski2021-08-162-76/+59
|
* Move /batch_send to /v2_alpha directory (MSC2716) (#10576)Eric Eastwood2021-08-133-409/+444
| | | | | | | * Move /batch_send to /v2_alpha directory As pointed out by @erikjohnston, https://github.com/matrix-org/synapse/pull/10552#discussion_r685836624
* Admin API to delete media for a specific user (#10558)Dirk Klimpel2021-08-113-9/+81
|
* Only return state events that the AS passed in via `state_events_at_start` ↵Eric Eastwood2021-08-101-1/+3
| | | | | | | | | | | | | | (MSC2716) (#10552) * Only return state events that the AS passed in via state_events_at_start As discovered by @Half-Shot in https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684158448 Part of MSC2716 * Add changelog * Fix changelog extension
* Add local support for the new spaces summary endpoint (MSC2946) (#10549)Patrick Cloke2021-08-101-0/+41
| | | | | This adds support for the /hierarchy endpoint, which is an update to MSC2946. Currently this only supports rooms known locally to the homeserver.
* Fix exceptions in logs when failing to get remote room list (#10541)Erik Johnston2021-08-061-18/+12
|
* Mark all MSC2716 events as historical (#10537)Eric Eastwood2021-08-051-5/+10
| | | * Mark all MSC2716 events as historical
* Don't fail on empty bodies when sending out read receipts (#10531)Brendan Abolivier2021-08-041-1/+1
| | | | | Fixes a bug introduced in rc1 that would cause Synapse to 400 on read receipts requests with empty bodies. Broken in #10413
* Make historical events discoverable from backfill for servers without any ↵Eric Eastwood2021-07-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrollback history (MSC2716) (#10245) * Make historical messages available to federated servers Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 Follow-up to https://github.com/matrix-org/synapse/pull/9247 * Debug message not available on federation * Add base starting insertion point when no chunk ID is provided * Fix messages from multiple senders in historical chunk Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 --- Previously, Synapse would throw a 403, `Cannot force another user to join.`, because we were trying to use `?user_id` from a single virtual user which did not match with messages from other users in the chunk. * Remove debug lines * Messing with selecting insertion event extremeties * Move db schema change to new version * Add more better comments * Make a fake requester with just what we need See https://github.com/matrix-org/synapse/pull/10276#discussion_r660999080 * Store insertion events in table * Make base insertion event float off on its own See https://github.com/matrix-org/synapse/pull/10250#issuecomment-875711889 Conflicts: synapse/rest/client/v1/room.py * Validate that the app service can actually control the given user See https://github.com/matrix-org/synapse/pull/10276#issuecomment-876316455 Conflicts: synapse/rest/client/v1/room.py * Add some better comments on what we're trying to check for * Continue debugging * Share validation logic * Add inserted historical messages to /backfill response * Remove debug sql queries * Some marker event implemntation trials * Clean up PR * Rename insertion_event_id to just event_id * Add some better sql comments * More accurate description * Add changelog * Make it clear what MSC the change is part of * Add more detail on which insertion event came through * Address review and improve sql queries * Only use event_id as unique constraint * Fix test case where insertion event is already in the normal DAG * Remove debug changes * Switch to chunk events so we can auth via power_levels Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room. * Switch to chunk events for federation * Add unstable room version to support new historical PL * Fix federated events being rejected for no state_groups Add fix from https://github.com/matrix-org/synapse/pull/10439 until it merges. * Only connect base insertion event to prev_event_ids Per discussion with @erikjohnston, https://matrix.to/#/!UytJQHLQYfvYWsGrGY:jki.re/$12bTUiObDFdHLAYtT7E-BvYRp3k_xv8w0dUQHibasJk?via=jki.re&via=matrix.org * Make it possible to get the room_version with txn * Allow but ignore historical events in unsupported room version See https://github.com/matrix-org/synapse/pull/10245#discussion_r675592489 We can't reject historical events on unsupported room versions because homeservers without knowledge of MSC2716 or the new room version don't reject historical events either. Since we can't rely on the auth check here to stop historical events on unsupported room versions, I've added some additional checks in the processing/persisting code (`synapse/storage/databases/main/events.py` -> `_handle_insertion_event` and `_handle_chunk_event`). I've had to do some refactoring so there is method to fetch the room version by `txn`. * Move to unique index syntax See https://github.com/matrix-org/synapse/pull/10245#discussion_r675638509 * High-level document how the insertion->chunk lookup works * Remove create_event fallback for room_versions See https://github.com/matrix-org/synapse/pull/10245/files#r677641879 * Use updated method name
* Support for MSC2285 (hidden read receipts) (#10413)Šimon Brandner2021-07-283-4/+34
| | | Implementation of matrix-org/matrix-doc#2285
* Support underscores (in addition to hyphens) for charset detection. (#10410)sri-vidyut2021-07-271-2/+4
|
* Mitigate media repo XSSs on IE11. (#10468)Denis Kasak2021-07-271-0/+2
| | | | | | | | IE11 doesn't support Content-Security-Policy but it has support for a non-standard X-Content-Security-Policy header, which only supports the sandbox directive. This prevents script execution, so it at least offers some protection against media repo-based attacks. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
* Support MSC2033: Device ID on whoami (#9918)Travis Ralston2021-07-271-1/+8
| | | | | | | | | | * Fix no-access-token bug in deactivation tests * Support MSC2033: Device ID on whoami * Test for appservices too MSC: https://github.com/matrix-org/matrix-doc/pull/2033 The MSC has passed FCP, which means stable endpoints can be used.
* Merge branch 'master' into developErik Johnston2021-07-231-4/+7
|\
| * Always send device_one_time_keys_count (#10457)David Baker2021-07-221-4/+7
| | | | | | | | | | | | | | As per comment Fixes https://github.com/matrix-org/synapse/issues/10456 See also https://github.com/vector-im/element-android/issues/3725
* | Add `creation_ts` to list users admin API (#10448)Dirk Klimpel2021-07-221-0/+2
| | | | | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* | Add type hints to additional servlet functions (#10437)Patrick Cloke2021-07-211-1/+1
| | | | | | | | | | | | | | | | | | Improves type hints for: * parse_{boolean,integer} * parse_{boolean,integer}_from_args * parse_json_{value,object}_from_request And fixes any incorrect calls that resulted from unknown types.
* | Add a return type to parse_string. (#10438)Patrick Cloke2021-07-217-34/+36
| | | | | | | | And set the required attribute in a few places which will error if a parameter is not provided.
* | Switch to `chunk` events so we can auth via power_levels (MSC2716) (#10432)Eric Eastwood2021-07-211-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room.
* | MSC3244 room capabilities implementation (#10283)Michael Telatynski2021-07-201-1/+7
| |
* | [pyupgrade] `synapse/` (#10348)Jonathan de Jong2021-07-192-18/+11
| | | | | | | | | | | | | | | | | | This PR is tantamount to running ``` pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"` ``` Part of #9744
* | Use inline type hints in `handlers/` and `rest/`. (#10382)Jonathan de Jong2021-07-1613-39/+33
| |
* | Add a module type for account validity (#9884)Brendan Abolivier2021-07-162-14/+17
| | | | | | | | | | This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.
* | Fix messages from multiple senders in historical chunk (MSC2716) (#10276)Eric Eastwood2021-07-131-7/+42
| | | | | | | | | | | | | | Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716
* | Bugfix `make_room_admin` fails for users that have left a private room (#10367)Dirk Klimpel2021-07-131-1/+8
| | | | | | Fixes: #10338
* | Add base starting insertion event when no chunk ID is provided (MSC2716) ↵Eric Eastwood2021-07-081-23/+89
|/ | | | | | | | | (#10250) * Add base starting insertion point when no chunk ID is provided This is so we can have the marker event point to this initial insertion event and be able to traverse the events in the first chunk.
* MSC2918 Refresh tokens implementation (#9450)Quentin Gliech2021-06-242-41/+218
| | | | | | | | | | This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
* Re-introduce "Leave out optional keys from /sync" change (#10214)Andrew Morgan2021-06-231-23/+46
| | | Required some fixes due to merge conflicts with #6739, but nothing too hairy. The first commit is the same as the original (after merge conflict resolution) then two more for compatibility with the latest sync code.
* Add endpoints for backfilling history (MSC2716) (#9247)Eric Eastwood2021-06-221-1/+287
| | | Work on https://github.com/matrix-org/matrix-doc/pull/2716
* Always require users to re-authenticate for dangerous operations. (#10184)Patrick Cloke2021-06-162-0/+9
| | | | | | | Dangerous actions means deactivating an account, modifying an account password, or adding a 3PID. Other actions (deleting devices, uploading keys) can re-use the same UI auth session if ui_auth.session_timeout is configured.
* Fix requestOpenIdToken response: integer expires_in (#10175)Lukas Lihotzki2021-06-161-1/+1
| | | | | | | | | | `expires_in` must be an integer according to the OpenAPI spec: https://github.com/matrix-org/matrix-doc/blob/master/data/api/client-server/definitions/openid_token.yaml#L32 True division (`/`) returns a float instead (`"expires_in": 3600.0`). Floor division (`//`) returns an integer, so the response is spec compliant. Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
* Remove the experimental flag for knocking and use stable prefixes / ↵Patrick Cloke2021-06-152-8/+3
| | | | | | | endpoints. (#10167) * Room version 7 for knocking. * Stable prefixes and endpoints (both client and federation) for knocking. * Removes the experimental configuration flag.
* Implement knock feature (#6739)Sorunome2021-06-094-21/+203
| | | | | | This PR aims to implement the knock feature as proposed in https://github.com/matrix-org/matrix-doc/pull/2403 Signed-off-by: Sorunome mail@sorunome.de Signed-off-by: Andrew Morgan andrewm@element.io
* Limit the number of in-flight /keys/query requests from a single device. ↵Patrick Cloke2021-06-091-1/+4
| | | | (#10144)
* Correct type hints for parse_string(s)_from_args. (#10137)Patrick Cloke2021-06-085-15/+19
|
* Add missing type hints to the admin API servlets (#10105)Dirk Klimpel2021-06-075-40/+47
|
* r0.6.1 support: /rooms/:roomId/aliases endpoint (#9224)Travis Ralston2021-06-031-1/+1
| | | | | | [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432) added this endpoint originally but it has since been included in the spec for nearly a year. This is progress towards https://github.com/matrix-org/synapse/issues/8334
* Add new admin APIs to remove media by media ID from quarantine. (#10044)Dirk Klimpel2021-06-021-0/+30
| | | | | Related to: #6681, #5956, #10040 Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Rewrite the KeyRing (#10035)Erik Johnston2021-06-021-1/+8
|
* Move some more endpoints off master (#10084)Erik Johnston2021-05-271-4/+4
|
* Make reason and score optional for report_event (#10077)Callum Brown2021-05-271-9/+4
| | | | | | Implements MSC2414: https://github.com/matrix-org/matrix-doc/pull/2414 See #8551 Signed-off-by: Callum Brown <callum@calcuode.com>
* Remove the experimental spaces enabled flag. (#10063)Patrick Cloke2021-05-261-3/+1
| | | | In lieu of just always enabling the unstable spaces endpoint and unstable room version.
* Add an admin API for unprotecting local media from quarantine (#10040)Dirk Klimpel2021-05-261-2/+26
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Remove tls_fingerprints option (#9280)Jerin J Titus2021-05-242-11/+0
| | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
* Fix /upload 500'ing when presented a very large image (#10029)Michael Telatynski2021-05-212-0/+11
| | | | | | | | | | | | * Fix /upload 500'ing when presented a very large image Catch DecompressionBombError and re-raise as ThumbnailErrors * Set PIL's MAX_IMAGE_PIXELS to match homeserver.yaml to get it to bomb out quicker, to load less into memory in the case of super large images * Add changelog entry for 10029
* Use a database table to hold the users that should have full presence sent ↵Andrew Morgan2021-05-181-3/+5
| | | | to them, instead of something in-memory (#9823)
* Support fetching the spaces summary via GET over federation. (#9947)Patrick Cloke2021-05-111-0/+1
| | | | | | | | | | | Per changes in MSC2946, the C-S and S-S APIs for spaces summary should use GET requests. Until this is stable, the POST endpoints still exist. This does not switch federation requests to use the GET version yet since it is newly added and already deployed servers might not support it. When switching to the stable endpoint we should switch to GET requests.
* Revert "Leave out optional keys from /sync (#9919)" (#9940)Erik Johnston2021-05-061-44/+18
| | | This reverts commit e9eb3549d32a6f93d07de8dbd5e1ebe54c8d8278.
* Leave out optional keys from /sync (#9919)DeepBlueV7.X2021-05-051-18/+44
| | | | | | This leaves out all optional keys from /sync. This should be fine for all clients tested against conduit already, but it may break some clients, as such we should check, that at least most of them don't break horribly and maybe back out some of the individual changes. (We can probably always leave out groups for example, while the others may cause more issues.) Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
* Delete room endpoint (#9889)ThibF2021-04-291-44/+90
| | | | | | Support the delete of a room through DELETE request and mark previous request as deprecated through documentation. Signed-off-by: Thibault Ferrante <thibault.ferrante@pm.me>
* Remove various bits of compatibility code for Python <3.6 (#9879)Andrew Morgan2021-04-273-11/+4
| | | I went through and removed a bunch of cruft that was lying around for compatibility with old Python versions. This PR also will now prevent Synapse from starting unless you're running Python 3.6+.
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-2/+0
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* Make DomainSpecificString an attrs class (#9875)Erik Johnston2021-04-231-0/+9
|
* Split presence out of master (#9820)Erik Johnston2021-04-231-1/+6
|
* Limit length of accepted email addresses (#9855)Erik Johnston2021-04-222-6/+10
|
* Rename handler and config modules which end in handler/config. (#9816)Patrick Cloke2021-04-201-1/+1
|
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-2/+2
|
* Port "Allow users to click account renewal links multiple times without ↵Andrew Morgan2021-04-191-7/+25
| | | | | hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
* remove `HomeServer.get_config` (#9815)Richard van der Hoff2021-04-141-1/+1
| | | | Every single time I want to access the config object, I have to remember whether or not we use `get_config`. Let's just get rid of it.
* More robust handling of the Content-Type header for thumbnail generation (#9788)rkfg2021-04-141-0/+3
| | | | Signed-off-by: Sergey Shpikin <rkfg@rkfg.me>
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1485-85/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add an admin API to manage ratelimit for a specific user (#9648)Dirk Klimpel2021-04-132-0/+113
|
* Require AppserviceRegistrationType (#9548)Will Hunt2021-04-121-7/+16
| | | This change ensures that the appservice registration behaviour follows the spec. We decided to do this for Dendrite, so it made sense to also make a PR for synapse to correct the behaviour.
* Remove old admin API `GET /_synapse/admin/v1/users/<user_id>` (#9401)Dirk Klimpel2021-04-092-25/+0
| | | | | | | | | | | | | Related: #8334 Deprecated in: #9429 - Synapse 1.28.0 (2021-02-25) `GET /_synapse/admin/v1/users/<user_id>` has no - unit tests - documentation API in v2 is available (#5925 - 12/2019, v1.7.0). API is misleading. It expects `user_id` and returns a list of all users. Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add type hints to expiring cache. (#9730)Patrick Cloke2021-04-061-1/+1
|
* Add `order_by` to list user admin API (#9691)Dirk Klimpel2021-04-011-1/+20
|
* Make RateLimiter class check for ratelimit overrides (#9711)Erik Johnston2021-03-303-11/+21
| | | | | | | This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited. We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits. Fixes #9663
* Make it possible to use dmypy (#9692)Erik Johnston2021-03-265-0/+14
| | | | | | | | | Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.
* Add a type hints for service notices to the HomeServer object. (#9675)Patrick Cloke2021-03-241-3/+8
|
* Import HomeServer from the proper module. (#9665)Patrick Cloke2021-03-2311-11/+11
|
* Incorporate reviewBrendan Abolivier2021-03-191-1/+1
|
* Merge branch 'develop' into babolivier/msc3026Brendan Abolivier2021-03-192-4/+67
|\
| * fix mypyRichard van der Hoff2021-03-191-4/+7
| |
| * Fix type-hints from bad merge.Patrick Cloke2021-03-181-2/+2
| |
| * Initial spaces summary API (#9643)Richard van der Hoff2021-03-181-3/+63
| | | | | | This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
| * Consistently check whether a password may be set for a user. (#9636)Dirk Klimpel2021-03-181-1/+1
| |
* | Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-0/+2
|/
* Fix up types for the typing handler. (#9638)Patrick Cloke2021-03-171-6/+9
| | | | By splitting this to two separate methods the callers know what methods they can expect on the handler.
* Return m.change_password.enabled=false if local database is disabled (#9588)Dirk Klimpel2021-03-161-11/+12
| | | | | Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
* Add support for stable MSC2858 API (#9617)Richard van der Hoff2021-03-161-5/+34
| | | | | The stable format uses different brand identifiers, so we need to support two identifiers for each IdP.
* Prevent bundling aggregations for state events (#9619)Andrew Morgan2021-03-162-2/+8
| | | There's no need to do aggregation bundling for state events. Doing so can cause performance issues.
* Fix Internal Server Error on `GET /saml2/authn_response` (#9623)Richard van der Hoff2021-03-161-2/+8
| | | | | | | * Fix Internal Server Error on `GET /saml2/authn_response` Seems to have been introduced in #8765 (Synapse 1.24.0) * Fix newsfile
* Fix additional type hints from Twisted 21.2.0. (#9591)Patrick Cloke2021-03-126-54/+104
|
* Re-Activating account when local passwords are disabled (#9587)Dirk Klimpel2021-03-111-1/+4
| | | Fixes: #8393
* Convert Requester to attrs (#9586)Richard van der Hoff2021-03-101-1/+2
| | | | | | ... because namedtuples suck Fix up a couple of other annotations to keep mypy happy.
* Handle image transparency better when thumbnailing. (#9473)Patrick Cloke2021-03-091-3/+8
| | | | Properly uses RGBA mode for 1- and 8-bit images with transparency (instead of RBG mode).
* Add type hints to purge room and server notice admin API. (#9520)Dirk Klimpel2021-03-082-15/+23
|
* Prometheus metrics for logins and registrations (#9511)Richard van der Hoff2021-03-041-2/+8
| | | Add prom metrics for number of users successfully registering and logging in, by SSO provider.
* Record the SSO Auth Provider in the login token (#9510)Richard van der Hoff2021-03-041-4/+2
| | | This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)
* Add type hints to user admin API. (#9521)Dirk Klimpel2021-03-031-29/+56
|
* Add type hints to device and event report admin API (#9519)Dirk Klimpel2021-03-022-16/+39
|
* Fix a bug when a room alias is given to the admin join endpoint (#9506)Patrick Cloke2021-03-011-58/+74
|
* Use the proper Request in type hints. (#9515)Patrick Cloke2021-03-0113-23/+28
| | | | This also pins the Twisted version in the mypy job for CI until proper type hints are fixed throughout Synapse.
* Add support for no_proxy and case insensitive env variables (#9372)Tim Leung2021-02-261-2/+1
| | | | | | | | | | | | | | | ### Changes proposed in this PR - Add support for the `no_proxy` and `NO_PROXY` environment variables - Internally rely on urllib's [`proxy_bypass_environment`](https://github.com/python/cpython/blob/bdb941be423bde8b02a5695ccf51c303d6204bed/Lib/urllib/request.py#L2519) - Extract env variables using urllib's `getproxies`/[`getproxies_environment`](https://github.com/python/cpython/blob/bdb941be423bde8b02a5695ccf51c303d6204bed/Lib/urllib/request.py#L2488) which supports lowercase + uppercase, preferring lowercase, except for `HTTP_PROXY` in a CGI environment This does contain behaviour changes for consumers so making sure these are called out: - `no_proxy`/`NO_PROXY` is now respected - lowercase `https_proxy` is now allowed and taken over `HTTPS_PROXY` Related to #9306 which also uses `ProxyAgent` Signed-off-by: Timothy Leung tim95@hotmail.co.uk
* SSO: redirect to public URL before setting cookies (#9436)Richard van der Hoff2021-02-261-0/+28
| | | ... otherwise, we don't get the cookie back.
* Merge branch 'master' into developErik Johnston2021-02-251-1/+6
|\
| * Add back the deprecated SAML endpoint. (#9474)Patrick Cloke2021-02-231-1/+6
| |
* | Add an `order_by` field to list users' media admin API. (#8978)Dirk Klimpel2021-02-221-1/+27
| |
* | Ratelimit cross-user key sharing requests. (#8957)Patrick Cloke2021-02-191-3/+1
| |
* | Regenerate exact thumbnails if missing (#9438)Erik Johnston2021-02-193-3/+57
|\ \ | |/ |/|
| * Return a 404 if we don't have the original fileErik Johnston2021-02-192-1/+8
| |
| * Regenerate exact thumbnails if missingErik Johnston2021-02-182-2/+49
| |
* | Remove deprecated SAML2 callback URL since it does not work. (#9434)Patrick Cloke2021-02-181-5/+1
|/ | | | Updates documentation from #9289 and removes a deprecated endpoint which didn't work as expected.
* Add type hints to groups code. (#9393)Patrick Cloke2021-02-171-23/+120
|
* Support for form_post in OIDC responses (#9376)Richard van der Hoff2021-02-171-1/+12
| | | Apple want to POST the OIDC auth response back to us rather than using query-params; add the necessary support to make that work.
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-1618-87/+123
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Fix some typos.Patrick Cloke2021-02-124-7/+7
|
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-0/+4
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Type hints and validation improvements. (#9321)Patrick Cloke2021-02-082-60/+121
| | | | | | | | | | * Adds type hints to the groups servlet and stringutils code. * Assert the maximum length of some input values for spec compliance.
* | Handle additional errors when previewing URLs. (#9333)Patrick Cloke2021-02-081-19/+52
| | | | | | | | * Handle the case of lxml not finding a document tree. * Parse the document encoding from the XML tag.
* | Merge pull request #9150 from Yoric/develop-contextDavid Teller2021-02-083-1/+68
|\ \ | | | | | | New API /_synapse/admin/rooms/{roomId}/context/{eventId}
| * | FIXUP: linterDavid Teller2021-01-281-0/+5
| | |
| * | FIXUP: Making get_event_context a bit more paranoidDavid Teller2021-01-282-2/+2
| | |
| * | FIXUP: DocDavid Teller2021-01-281-0/+6
| | |
| * | FIXUP: Now testing that the user is admin!David Teller2021-01-281-1/+2
| | |
| * | New API /_synapse/admin/rooms/{roomId}/context/{eventId}David Teller2021-01-282-0/+55
| | | | | | | | | | | | Signed-off-by: David Teller <davidt@element.io>
* | | Add check_media_file_for_spam spam checker hookErik Johnston2021-02-042-6/+65
| |/ |/|
* | Add an admin API to get the current room state (#9168)Travis Ralston2021-02-022-0/+41
| | | | | | | | | | This could arguably replace the existing admin API for `/members`, however that is out of scope of this change. This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database.
* | Put SAML callback URI under /_synapse/client. (#9289)Richard van der Hoff2021-02-024-5/+12
| |
* | Put OIDC callback URI under /_synapse/client. (#9288)Richard van der Hoff2021-02-013-3/+7
| |
* | Merge branch 'social_login' into developRichard van der Hoff2021-02-013-3/+110
|\ \
| * | Collect terms consent from the user during SSO registration (#9276)Richard van der Hoff2021-02-012-0/+99
| | |
| * | Make importing display name and email optional (#9277)Richard van der Hoff2021-02-011-3/+11
| | |
* | | Merge branch 'social_login' into developRichard van der Hoff2021-02-014-29/+162
|\| |
| * | Replace username picker with a template (#9275)Richard van der Hoff2021-02-012-20/+60
| | | | | | | | | | | | | | | There's some prelimiary work here to pull out the construction of a jinja environment to a separate function. I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them.
| * | Fix SSO on workers (#9271)Richard van der Hoff2021-02-011-1/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
| * | Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-012-10/+56
| | | | | | | | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* | | Merge branch 'social_login' into developRichard van der Hoff2021-01-281-0/+2
|\| |
| * | Add 'brand' field to MSC2858 response (#9242)Richard van der Hoff2021-01-271-0/+2
| | | | | | | | | | | | | | | | | | We've decided to add a 'brand' field to help clients decide how to style the buttons. Also, fix up the allowed characters for idp_id, while I'm in the area.
* | | Ratelimit 3PID /requestToken API (#9238)Erik Johnston2021-01-282-2/+16
| |/ |/|
* | Check if a user is in the room before sending a PowerLevel event on their ↵Pankaj Yadav2021-01-271-1/+11
| | | | | | | | behalf (#9235)
* | Merge branch 'social_login' into developRichard van der Hoff2021-01-271-6/+49
|\|
| * Implement MSC2858 support (#9183)Richard van der Hoff2021-01-271-6/+49
| | | | | | Fixes #8928.
* | Try to recover from unknown encodings when previewing media. (#9164)Patrick Cloke2021-01-261-10/+34
| | | | | | | | | | | | Treat unknown encodings (according to lxml) as UTF-8 when generating a preview for HTML documents. This isn't fully accurate, but will hopefully give a reasonable title and summary.
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-262-0/+38
|\ \ | | | | | | | | | | | | # Conflicts: # synapse/rest/admin/__init__.py
| * | Add an admin API for shadow-banning users. (#9209)Patrick Cloke2021-01-252-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This expands the current shadow-banning feature to be usable via the admin API and adds documentation for it. A shadow-banned users receives successful responses to their client-server API requests, but the events are not propagated into rooms. Shadow-banning a user should be used as a tool of last resort and may lead to confusing or broken behaviour for the client.
* | | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-2323-392/+585
|\| |
| * | Return a 404 if no valid thumbnail is found. (#9163)Patrick Cloke2021-01-212-81/+158
| | | | | | | | | | | | | | | | | | If no thumbnail of the requested type exists, return a 404 instead of erroring. This doesn't quite match the spec (which does not define what happens if no thumbnail can be found), but is consistent with what Synapse already does.
| * | Add tests for List Users Admin API (#9045)Dirk Klimpel2021-01-211-3/+18
| |/
| * Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-2/+1
| |
| * Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-4/+0
| |
| * Validate the server name for the /publicRooms endpoint. (#9161)Patrick Cloke2021-01-191-2/+17
| | | | | | | | If a remote server name is provided, ensure it is something reasonable before making remote connections to it.
| * Allow moving account data and receipts streams off master (#9104)Erik Johnston2021-01-182-26/+7
| |
| * Fix bugs in handling clientRedirectUrl, and improve OIDC tests (#9127, #9128)Richard van der Hoff2021-01-181-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Factor out a common TestHtmlParser Looks like I'm doing this in a few different places. * Improve OIDC login test Complete the OIDC login flow, rather than giving up halfway through. * Ensure that OIDC login works with multiple OIDC providers * Fix bugs in handling clientRedirectUrl - don't drop duplicate query-params, or params with no value - allow utf-8 in query-params
| * Add an admin API endpoint to protect media. (#9086)Patrick Cloke2021-01-151-15/+49
| | | | | | | | | | | | Protecting media stops it from being quarantined when e.g. all media in a room is quarantined. This is useful for sticker packs and other media that is uploaded by server administrators, but used by many people.
| * Add type hints to media rest resources. (#9093)Patrick Cloke2021-01-1511-164/+283
| |
| * Remove user's avatar URL and displayname when deactivated. (#8932)Dirk Klimpel2021-01-122-9/+20
| | | | | | This only applies if the user's data is to be erased.
| * UI Auth via SSO: redirect the user to an appropriate SSO. (#9081)Richard van der Hoff2021-01-123-42/+22
| | | | | | | | | | | | | | If we have integrations with multiple identity providers, when the user does a UI Auth, we need to redirect them to the right one. There are a few steps to this. First of all we actually need to store the userid of the user we are trying to validate in the UIA session, since the /auth/sso/fallback/web request is unauthenticated. Then, once we get the /auth/sso/fallback/web request, we can fish the user id out of the session, and use it to look up the external id mappings, and hence pick an SSO provider for them.
| * Kill off `HomeServer.get_ip_from_request()` (#9080)Richard van der Hoff2021-01-125-39/+10
| | | | | | Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
| * Also support remote users on the joined_rooms admin API. (#8948)David Teller2021-01-111-7/+0
| | | | | | | | For remote users, only the rooms which the server knows about are returned. Local users have all of their joined rooms returned.
* | Address pr feedbackJason Robinson2021-01-112-1/+3
| | | | | | | | | | | | | | | | | | | | * docs updates * prettify SQL * add missing copyright * cursor_to_dict * update touched files copyright years Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Merge branch 'develop' into jaywink/admin-forward-extremitiesJason Robinson2021-01-091-2/+2
|\|
| * Add some tests for the IDP picker flowRichard van der Hoff2021-01-071-2/+2
| |
* | Implement clearing cache after deleting forward extremitiesJason Robinson2021-01-091-12/+9
| | | | | | | | | | | | Also run linter. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Add Rooms admin forward extremities DELETE endpointJason Robinson2021-01-081-0/+5
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Move unknown room ID error into resolve_room_idJason Robinson2021-01-071-7/+9
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Add forward extremities endpoint to rooms admin APIJason Robinson2021-01-072-0/+55
|/ | | | | | GET /_synapse/admin/v1/rooms/<identifier>/forward_extremities now gets forward extremities for a room, returning count and the list of extremities. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+82
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Combine the SSO Redirect Servlets (#9015)Richard van der Hoff2021-01-042-89/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement CasHandler.handle_redirect_request ... to make it match OidcHandler and SamlHandler * Clean up interface for OidcHandler.handle_redirect_request Make it accept `client_redirect_url=None`. * Clean up interface for `SamlHandler.handle_redirect_request` ... bring it into line with CAS and OIDC by making it take a Request parameter, move the magic for `client_redirect_url` for UIA into the handler, and fix the return type to be a `str` rather than a `bytes`. * Define a common protocol for SSO auth provider impls * Give SsoIdentityProvider an ID and register them * Combine the SSO Redirect servlets Now that the SsoHandler knows about the identity providers, we can combine the various *RedirectServlets into a single implementation which delegates to the right IdP. * changelog
* Add type hints to the crypto module. (#8999)Patrick Cloke2021-01-041-4/+5
|
* Check if group IDs are valid before using them. (#8977)Patrick Cloke2020-12-301-3/+45
|
* Validate input parameters for the sendToDevice API. (#8975)Patrick Cloke2020-12-291-1/+2
| | | | This makes the "messages" key in the content required. This is currently optional in the spec, but that seems to be an error.
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-7/+10
| | | Adds the redacts endpoint to workers that have the client listener.
* Allow server admin to get admin bit in rooms where local user is an admin ↵Erik Johnston2020-12-182-2/+136
| | | | | | | (#8756) This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power. Co-authored-by: Matthew Hodgson <matthew@matrix.org>
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-0/+88
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Allow re-using a UI auth validation for a period of time (#8970)Patrick Cloke2020-12-181-3/+7
|
* Merge remote-tracking branch 'origin/erikj/as_mau_block' into developErik Johnston2020-12-181-3/+11
|\
| * Correctly handle AS registerations and add testErik Johnston2020-12-171-3/+11
| |
* | Convert internal pusher dicts to attrs classes. (#8940)Patrick Cloke2020-12-162-29/+2
| | | | | | This improves type hinting and should use less memory.
* | Allow spam-checker modules to be provide async methods. (#8890)David Teller2020-12-111-10/+6
| | | | | | | | Spam checker modules can now provide async methods. This is implemented in a backwards-compatible manner.
* | Honour AS ratelimit settings for /login requests (#8920)Erik Johnston2020-12-111-6/+19
| | | | | | | | Fixes #8846.
* | Add number of local devices to Room Details Admin API (#8886)Dirk Klimpel2020-12-111-16/+32
| |
* | Add X-Robots-Tag header to stop crawlers from indexing media (#8887)Aaron Raimist2020-12-081-0/+5
| | | | | | | | | | | | | | Fixes / related to: https://github.com/matrix-org/synapse/issues/6533 This should do essentially the same thing as a robots.txt file telling robots to not index the media repo. https://developers.google.com/search/reference/robots_meta_tag Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | Call set_avatar_url with target_user, not user_id (#8872)Will Hunt2020-12-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Call set_avatar_url with target_user, not user_id Fixes https://github.com/matrix-org/synapse/issues/8871 * Create 8872.bugfix * Update synapse/rest/admin/users.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Testing * Update changelog.d/8872.bugfix Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* | Do not raise a 500 exception when previewing empty media. (#8883)Patrick Cloke2020-12-071-1/+5
| |
* | Do not 500 if the content-length is not provided when uploading media. (#8862)Patrick Cloke2020-12-041-1/+1
| | | | | | Instead return the proper 400 error.
* | Fix errorcode for disabled registration (#8867)Richard van der Hoff2020-12-031-1/+1
| | | | | | | | The spec says we should return `M_FORBIDDEN` when someone tries to register and registration is disabled.
* | Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* | Add additional validation for the admin register endpoint. (#8837)David Florness2020-12-021-0/+3
|/ | | Raise a proper 400 error if the `mac` field is missing.
* Support "identifier" dicts in UIA (#8848)Richard van der Hoff2020-12-011-105/+2
| | | | | | | | | | The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
* Simplify appservice login code (#8847)Richard van der Hoff2020-11-301-6/+21
| | | we don't need to support legacy login dictionaries here.
* Simplify the way the `HomeServer` object caches its internal attributes. ↵Jonathan de Jong2020-11-303-6/+6
| | | | | (#8565) Changes `@cache_in_self` to use underscore-prefixed attributes.
* Add `force_purge` option to delete-room admin api. (#8843)Richard van der Hoff2020-11-301-5/+17
|
* Remove deprecated `/_matrix/client/*/admin` endpoints (#8785)Dirk Klimpel2020-11-256-57/+27
| | | These are now only available via `/_synapse/admin/v1`.
* Use TYPE_CHECKING instead of magic MYPY variable. (#8770)Patrick Cloke2020-11-171-3/+2
|
* Add admin API for logging in as a user (#8617)Erik Johnston2020-11-174-2/+59
|
* Add metrics for tracking 3PID /requestToken requests. (#8712)Erik Johnston2020-11-132-0/+22
| | | | | | The main use case is to see how many requests are being made, and how many are second/third/etc attempts. If there are large number of retries then that likely indicates a delivery problem.
* Add an admin API for users' media statistics (#8700)Dirk Klimpel2020-11-052-0/+124
| | | | | | | | Add `GET /_synapse/admin/v1/statistics/users/media` to get statisics about local media usage by users. Related to #6094 It is the first API for statistics. Goal is to avoid/reduce usage of sql queries like [Wiki analyzing Synapse](https://github.com/matrix-org/synapse/wiki/SQL-for-analyzing-Synapse-PostgreSQL-database-stats) Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add `displayname` to Shared-Secret Registration for admins (#8722)Dirk Klimpel2020-11-051-0/+2
| | | Add `displayname` to Shared-Secret Registration for admins to `POST /_synapse/admin/v1/register`
* Fix race for concurrent downloads of remote media. (#8682)Erik Johnston2020-10-302-70/+125
| | | Fixes #6755
* Add an admin APIs to allow server admins to list users' pushers (#8610)Dirk Klimpel2020-10-282-1/+55
| | | Add an admin API `GET /_synapse/admin/v1/users/<user_id>/pushers` like https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-pushers
* Add admin API to list users' local media (#8647)Dirk Klimpel2020-10-272-1/+68
| | | Add admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information of users' uploaded files.
* Split admin API for reported events into a detail and a list view (#8539)Dirk Klimpel2020-10-262-2/+50
| | | | | | | | | | | | Split admin API for reported events in detail und list view. API was introduced with #8217 in synapse v.1.21.0. It makes the list (`GET /_synapse/admin/v1/event_reports`) less complex and provides a better overview. The details can be queried with: `GET /_synapse/admin/v1/event_reports/<report_id>`. It is similar to room and users API. It is a kind of regression in `GET /_synapse/admin/v1/event_reports`. `event_json` was removed. But the api was introduced one version before and it is an admin API (not under spec). Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Add an admin api to delete local media. (#8519)Dirk Klimpel2020-10-263-3/+167
| | | | | | Related to: #6459, #3479 Add `DELETE /_synapse/admin/v1/media/<server_name>/<media_id>` to delete a single file from server.
* Fix a bug in the joined_rooms admin API (#8643)Dirk Klimpel2020-10-261-3/+4
| | | | If the user was not in any rooms then the API returned the same error as if the user did not exist.
* Add field `total` to device list in admin API (#8644)Dirk Klimpel2020-10-261-1/+1
|
* Remove unused OPTIONS handlers. (#8621)Patrick Cloke2020-10-2212-62/+0
| | | | The handling of OPTIONS requests was consolidated in #7534, but the endpoint specific handlers were not removed.
* Expose the experimental appservice login flow to clients. (#8504)Patrick Cloke2020-10-191-0/+2
|
* Add correct M_BAD_JSON error code to /profile/{userId}/displayname (#8517)Aaron Raimist2020-10-141-1/+3
| | | Fixes #8029
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-097-41/+34
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Add support for MSC2697: Dehydrated devices (#8380)Hubert Chathi2020-10-072-15/+156
| | | | This allows a user to store an offline device on the server and then restore it at a subsequent login.
* Add support for MSC2732: olm fallback keys (#8312)Hubert Chathi2020-10-061-0/+1
|
* Don't bother responding to client requests that have already disconnected ↵Andrew Morgan2020-10-061-0/+6
| | | | | | | | | | (#8465) This PR ports the quick fix from https://github.com/matrix-org/synapse/pull/2796 to further methods which handle media, URL preview and `/key/v2/server` requests. This prevents a harmless `ERROR` that comes up in the logs when we were unable to respond to a client request when the client had already disconnected. In this case we simply bail out if the client has already done so. This is the 'simple fix' as suggested by https://github.com/matrix-org/synapse/issues/5304#issuecomment-574740003. Fixes https://github.com/matrix-org/synapse/issues/6700 Fixes https://github.com/matrix-org/synapse/issues/5304
* Remove stream ordering from Metadata dict (#8452)Richard van der Hoff2020-10-051-1/+4
| | | | | | | | There's no need for it to be in the dict as well as the events table. Instead, we store it in a separate attribute in the EventInternalMetadata object, and populate that on load. This means that we can rely on it being correctly populated for any event which has been persited to the database.
* Fix bug in remote thumbnail search (#8438)Richard van der Hoff2020-10-021-20/+23
| | | | | #7124 changed the behaviour of remote thumbnails so that the thumbnailing method was included in the filename of the thumbnail. To support existing files, it included a fallback so that we would check the old filename if the new filename didn't exist. Unfortunately, it didn't apply this logic to storage providers, so any thumbnails stored on such a storage provider was broken.
* Convert additional templates to Jinja (#8444)Patrick Cloke2020-10-021-110/+26
| | | This converts a few more of our inline HTML templates to Jinja. This is somewhat part of #7280 and should make it a bit easier to customize these in the future.
* Do not expose the experimental appservice login flow to clients. (#8440)Patrick Cloke2020-10-011-2/+0
|
* fix a logging error in thumbnailer (#8435)Richard van der Hoff2020-10-011-1/+1
| | | Introduced in #8236
* Make token serializing/deserializing async (#8427)Erik Johnston2020-09-306-12/+20
| | | The idea is that in future tokens will encode a mapping of instance to position. However, we don't want to include the full instance name in the string representation, so instead we'll have a mapping between instance name and an immutable integer ID in the DB that we can use instead. We'll then do the lookup when we serialize/deserialize the token (we could alternatively pass around an `Instance` type that includes both the name and ID, but that turns out to be a lot more invasive).
* Allow additional SSO properties to be passed to the client (#8413)Patrick Cloke2020-09-301-7/+15
|
* Various clean ups to room stream tokens. (#8423)Erik Johnston2020-09-291-1/+2
|
* Discard an empty upload_name before persisting an uploaded file (#7905)Will Hunt2020-09-292-3/+8
|
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2020-09-291-6/+9
|\ | | | | | | anoa/info-mainline-no-check-password-reset
| * Only assert valid next_link params when provided (#8417)Andrew Morgan2020-09-291-6/+9
| | | | | | | | | | | | | | Broken in https://github.com/matrix-org/synapse/pull/8275 and has yet to be put in a release. Fixes https://github.com/matrix-org/synapse/issues/8418. `next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL. This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
* | Don't check whether a 3pid is allowed to register during password resetAndrew Morgan2020-09-281-7/+0
|/ | | | | This endpoint should only deal with emails that have already been approved, and are attached with user's account. There's no need to re-check them here.
* Add type annotations to SimpleHttpClient (#8372)Richard van der Hoff2020-09-241-4/+10
|
* Admin API for reported events (#8217)Dirk Klimpel2020-09-222-0/+90
| | | Add an admin API to read entries of table `event_reports`. API: `GET /_synapse/admin/v1/event_reports`