Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #3213 from matrix-org/rav/consent_handler | Richard van der Hoff | 2018-05-16 | 1 | -0/+18 |
|\ | | | | | ConsentResource to gather policy consent from users | ||||
| * | ConsentResource to gather policy consent from users | Richard van der Hoff | 2018-05-15 | 1 | -0/+18 |
| | | | | | | | | | | Hopefully there are enough comments and docs in this that it makes sense on its own. | ||||
* | | Many docstrings | David Baker | 2018-05-10 | 1 | -0/+12 |
| | | |||||
* | | Part deactivated users in the background | David Baker | 2018-05-09 | 1 | -0/+27 |
|/ | | | | | One room at a time so we don't take out the whole server with leave events, and restart at server restart. | ||||
* | Move more xrange to six | Adrian Tschira | 2018-04-28 | 1 | -1/+3 |
| | | | | | | plus a bonus next() Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | Don't use _cursor_to_dict in find_next_generated_user_id_localpart | Erik Johnston | 2018-03-26 | 1 | -3/+1 |
| | |||||
* | Split registration store | Erik Johnston | 2018-03-02 | 1 | -57/+61 |
| | |||||
* | Reinstate event_search_postgres_gist handler | Richard van der Hoff | 2018-02-02 | 1 | -6/+1 |
| | | | | People may have queued updates for this, so we can't just delete it. | ||||
* | Remove pushers when deleting access tokens | Richard van der Hoff | 2017-11-29 | 1 | -5/+5 |
| | | | | | Whenever an access token is invalidated, we should remove the associated pushers. | ||||
* | Make __init__ consitstent across Store heirarchy | Richard van der Hoff | 2017-11-13 | 1 | -2/+2 |
| | | | | | | Add db_conn parameters to the `__init__` methods of the *Store classes, so that they are all consistent, which makes the multiple inheritance work correctly (and so that we can later extract mixins which can be used in the slavedstores) | ||||
* | Fix 'NoneType' not iterable in /deactivate | Richard van der Hoff | 2017-11-09 | 1 | -2/+1 |
| | | | | make sure we actually return a value from user_delete_access_tokens | ||||
* | Notify auth providers on logout | Richard van der Hoff | 2017-11-01 | 1 | -5/+8 |
| | | | | Provide a hook by which auth providers can be notified of logouts. | ||||
* | Merge pull request #2617 from matrix-org/matthew/auto-displayname | Matthew Hodgson | 2017-11-01 | 1 | -2/+4 |
|\ | | | | | automatically set default displayname on register | ||||
| * | switch to setting default displayname in the storage layer | Matthew Hodgson | 2017-11-01 | 1 | -2/+4 |
| | | | | | | | | to avoid clobbering guest user displaynames on registration | ||||
* | | Remove the last vestiges of refresh_tokens | Richard van der Hoff | 2017-10-31 | 1 | -18/+11 |
|/ | |||||
* | Add some more stats | Erik Johnston | 2017-06-15 | 1 | -0/+13 |
| | |||||
* | User Cursor.__iter__ instead of fetchall | Erik Johnston | 2017-03-23 | 1 | -1/+1 |
| | | | | This prevents unnecessary construction of lists | ||||
* | Add /account/3pid/delete endpoint | David Baker | 2016-12-20 | 1 | -0/+11 |
| | | | | Also fix a typo in a comment | ||||
* | Rip out more refresh_token code | Richard van der Hoff | 2016-11-30 | 1 | -66/+0 |
| | | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema. | ||||
* | Add appservice worker | Erik Johnston | 2016-08-18 | 1 | -11/+22 |
| | |||||
* | Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to ↵ | Erik Johnston | 2016-08-15 | 1 | -38/+32 |
| | | | | slaves. | ||||
* | Fix typo | Richard van der Hoff | 2016-07-26 | 1 | -1/+1 |
| | |||||
* | Delete refresh tokens when deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -13/+45 |
| | |||||
* | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -4/+22 |
| | |||||
* | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 1 | -2/+4 |
| | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
* | Add device_id support to /login | Richard van der Hoff | 2016-07-18 | 1 | -10/+18 |
| | | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed. | ||||
* | Add a comment explaining allow_none | Mark Haines | 2016-07-08 | 1 | -0/+2 |
| | |||||
* | Ensure that the guest user is in the database when upgrading accounts | Mark Haines | 2016-07-08 | 1 | -0/+13 |
| | |||||
* | Remove spurious txn | Erik Johnston | 2016-07-05 | 1 | -9/+0 |
| | |||||
* | Fix for postgres | Erik Johnston | 2016-07-05 | 1 | -2/+2 |
| | |||||
* | Add an admin option to shared secret registration | Erik Johnston | 2016-07-05 | 1 | -23/+38 |
| | |||||
* | Feature: Add deactivate account admin API | Erik Johnston | 2016-06-30 | 1 | -0/+9 |
| | | | | | | | | | | Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>` | ||||
* | Remove registered_users from the distributor. | Mark Haines | 2016-06-17 | 1 | -3/+14 |
| | | | | | | | | | | The only place that was observed was to set the profile. I've made it so that the profile is set within store.register in the same transaction that creates the user. This required some slight changes to the registration code for upgrading guest users, since it previously relied on the distributor swallowing errors if the profile already existed. | ||||
* | Add cache to get_user_by_id | Erik Johnston | 2016-05-09 | 1 | -0/+3 |
| | |||||
* | pep8 | David Baker | 2016-04-06 | 1 | -1/+1 |
| | |||||
* | Make pushers use the event_push_actions table instead of listening on an ↵ | David Baker | 2016-04-06 | 1 | -20/+0 |
| | | | | | | | event stream & running the rules again. Sytest passes, but remaining to do: * Make badges work again * Remove old, unused code | ||||
* | Use google style doc strings. | Mark Haines | 2016-04-01 | 1 | -6/+9 |
| | | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. | ||||
* | Thats not how transactions work. | Erik Johnston | 2016-03-11 | 1 | -13/+16 |
| | |||||
* | Implement logout | Erik Johnston | 2016-03-11 | 1 | -14/+35 |
| | |||||
* | Fix SQL statement | Erik Johnston | 2016-03-11 | 1 | -1/+1 |
| | |||||
* | more pep8 | David Baker | 2016-03-11 | 1 | -1/+1 |
| | |||||
* | Make select more sensible when dseleting access tokens, rename pusher ↵ | David Baker | 2016-03-11 | 1 | -5/+3 |
| | | | | deletion to match access token deletion and make exception arg optional. | ||||
* | Delete old, unused methods and rename new one to just be ↵ | David Baker | 2016-03-11 | 1 | -15/+2 |
| | | | | `user_delete_access_tokens` with an `except_token_ids` argument doing what it says on the tin. | ||||
* | Dear PyCharm, please indent sensibly for me. Thx. | David Baker | 2016-03-11 | 1 | -1/+1 |
| | |||||
* | Fix cache invalidation so deleting access tokens (which we did when changing ↵ | David Baker | 2016-03-11 | 1 | -8/+20 |
| | | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54 | ||||
* | Store appservice ID on register | Daniel Wagner-Hall | 2016-03-10 | 1 | -6/+34 |
| | |||||
* | Load the current id in the IdGenerator constructor | Mark Haines | 2016-03-01 | 1 | -3/+3 |
| | | | | | | | | | Rather than loading them lazily. This allows us to remove all the yield statements and spurious arguments for the get_next methods. It also allows us to replace all instances of get_next_txn with get_next since get_next no longer needs to access the db. | ||||
* | Generate guest access token on 3pid invites | Daniel Wagner-Hall | 2016-02-24 | 1 | -0/+44 |
| | | | | | | | | | This means that following the same link across multiple sessions or devices can re-use the same guest account. Note that this is somewhat of an abuse vector; we can't throw up captchas on this flow, so this is a way of registering ephemeral accounts for spam, whose sign-up we don't rate limit. | ||||
* | Allocate guest user IDs numericcally | Daniel Wagner-Hall | 2016-02-05 | 1 | -0/+36 |
| | | | | | | | | | The current random IDs are ugly and confusing when presented in UIs. This makes them prettier and easier to read. Also, disable non-automated registration of numeric IDs so that we don't need to worry so much about people carving out our automated address space and us needing to keep retrying ID registration. | ||||
* | Add descriptions | Erik Johnston | 2016-02-03 | 1 | -0/+1 |
| | |||||
* | Make notifications go quicker | Erik Johnston | 2016-01-18 | 1 | -3/+23 |
| | |||||
* | Postgres doesn't like booleans | David Baker | 2016-01-11 | 1 | -2/+2 |
| | |||||
* | This comma is actually important | David Baker | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Adding is_guest here won't work because it just constructs a dict of uid -> ↵ | David Baker | 2016-01-06 | 1 | -1/+1 |
| | | | | password hash | ||||
* | Add is_guest flag to users db to track whether a user is a guest user or ↵ | David Baker | 2016-01-06 | 1 | -11/+29 |
| | | | | not. Use this so we can run _filter_events_for_client when calculating event_push_actions. | ||||
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -7/+16 |
| | |||||
* | Allow users to change which account a 3pid is bound to | Mark Haines | 2015-12-15 | 1 | -1/+1 |
| | |||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -7/+8 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Add some docstrings | Daniel Wagner-Hall | 2015-09-22 | 1 | -0/+1 |
| | |||||
* | Implement configurable stats reporting | Daniel Wagner-Hall | 2015-09-22 | 1 | -0/+12 |
| | | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set. | ||||
* | Merge erikj/user_dedup to develop | Daniel Wagner-Hall | 2015-08-26 | 1 | -0/+14 |
| | |||||
* | Stop looking up "admin", which we never read | Daniel Wagner-Hall | 2015-08-25 | 1 | -3/+2 |
| | |||||
* | Remove completely unused concepts from codebase | Daniel Wagner-Hall | 2015-08-25 | 1 | -3/+2 |
| | | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly. | ||||
* | /tokenrefresh POST endpoint | Daniel Wagner-Hall | 2015-08-20 | 1 | -0/+62 |
| | | | | | | | | This allows refresh tokens to be exchanged for (access_token, refresh_token). It also starts issuing them on login, though no clients currently interpret them. | ||||
* | s/by_token/by_access_token/g | Daniel Wagner-Hall | 2015-08-20 | 1 | -3/+3 |
| | | | | We're about to have two kinds of token, access and refresh | ||||
* | Merge pull request #221 from matrix-org/auth | Daniel Wagner-Hall | 2015-08-14 | 1 | -6/+6 |
|\ | | | | | Simplify LoginHander and AuthHandler | ||||
| * | Simplify LoginHander and AuthHandler | Daniel Wagner-Hall | 2015-08-12 | 1 | -6/+6 |
| | | | | | | | | | | | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly | ||||
| * | Change Cache to not use *args in its interface | Erik Johnston | 2015-08-07 | 1 | -1/+1 |
| | | |||||
* | | Move all the caches into their own package, synapse.util.caches | Erik Johnston | 2015-08-11 | 1 | -1/+2 |
| | | |||||
* | | Change Cache to not use *args in its interface | Erik Johnston | 2015-08-07 | 1 | -1/+1 |
|/ | |||||
* | user_id now in user_threepids | David Baker | 2015-05-01 | 1 | -3/+3 |
| | |||||
* | Don't use self.execute: it's designed for fetching stuff | David Baker | 2015-05-01 | 1 | -3/+8 |
| | |||||
* | No id field on user | David Baker | 2015-05-01 | 1 | -5/+1 |
| | |||||
* | More missed get_user_by_id API changes | David Baker | 2015-05-01 | 1 | -3/+3 |
| | |||||
* | Be more postgressive | David Baker | 2015-04-29 | 1 | -2/+2 |
| | |||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into postgres | Erik Johnston | 2015-04-28 | 1 | -8/+72 |
|\ | |||||
| * | pep8 | David Baker | 2015-04-17 | 1 | -1/+1 |
| | | |||||
| * | Password reset, finally. | David Baker | 2015-04-17 | 1 | -1/+15 |
| | | |||||
| * | Add endpoint to get threepids from server | David Baker | 2015-04-17 | 1 | -0/+11 |
| | | |||||
| * | pep8 | David Baker | 2015-04-17 | 1 | -1/+1 |
| | | |||||
| * | make add3pid servlet work | David Baker | 2015-04-17 | 1 | -0/+11 |
| | | |||||
| * | 1) Pushers are now associated with an access token | David Baker | 2015-03-24 | 1 | -1/+1 |
| | | | | | | | | 2) Change places where we mean unauthenticated to 401, not 403, in C/S v2: hack so it stays as 403 in v1 because web client relies on it. | ||||
| * | Make deleting other access tokens when you change your password actually work | David Baker | 2015-03-24 | 1 | -5/+11 |
| | | |||||
| * | Implement password changing (finally) along with a start on making ↵ | David Baker | 2015-03-23 | 1 | -4/+29 |
| | | | | | | | | client/server auth more general. | ||||
* | | Go back to storing JSON in TEXT | Erik Johnston | 2015-04-16 | 1 | -5/+0 |
| | | |||||
* | | Add missing yield in storage func | Erik Johnston | 2015-04-15 | 1 | -1/+1 |
| | | |||||
* | | Handle the fact that in sqlite binary data might be stored as unicode or bytes | Erik Johnston | 2015-04-10 | 1 | -1/+3 |
| | | |||||
* | | Use generic db exceptions rather than sqlite3 specific ones | Erik Johnston | 2015-04-08 | 1 | -3/+1 |
| | | |||||
* | | PEP8 | Erik Johnston | 2015-04-07 | 1 | -1/+0 |
| | | |||||
* | | Don't use AUTOINCREMENT, use an in memory version | Erik Johnston | 2015-04-07 | 1 | -3/+7 |
| | | |||||
* | | Make work in both Maria and SQLite. Fix tests | Erik Johnston | 2015-04-01 | 1 | -2/+6 |
| | | |||||
* | | Fix unicode database support | Erik Johnston | 2015-03-25 | 1 | -4/+14 |
| | | |||||
* | | Merge branch 'develop' of github.com:matrix-org/synapse into mysql | Erik Johnston | 2015-03-20 | 1 | -2/+9 |
|\| | |||||
| * | Give sensible names for '_simple_...' transactions | Erik Johnston | 2015-03-20 | 1 | -2/+7 |
| | | |||||
| * | @cached() annotate get_user_by_token() - achieves a minor DB performance ↵ | Paul "LeoNerd" Evans | 2015-03-17 | 1 | -1/+6 |
| | | | | | | | | improvement | ||||
* | | Convert storage layer to be mysql compatible | Erik Johnston | 2015-03-19 | 1 | -9/+5 |
|/ | |||||
* | Also give _execute() a description | Paul "LeoNerd" Evans | 2015-03-11 | 1 | -2/+1 |
| | |||||
* | Extract the id token of the token when authing users, include the token and ↵ | Mark Haines | 2015-01-28 | 1 | -1/+2 |
| | | | | device_id in the internal meta data for the event along with the transaction id when sending events | ||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Fix pep8 codestyle warnings | Mark Haines | 2014-11-20 | 1 | -7/+9 |
| | |||||
* | Add an EventValidator. Fix bugs in auth ++ storage | Erik Johnston | 2014-11-10 | 1 | -1/+5 |
| | |||||
* | Add transaction level logging and timing information. Add a _simple_delete ↵ | Erik Johnston | 2014-10-28 | 1 | -2/+5 |
| | | | | method | ||||
* | Update docstring | Erik Johnston | 2014-09-29 | 1 | -1/+2 |
| | |||||
* | SYN-48: Implement WHOIS rest servlet | Erik Johnston | 2014-09-29 | 1 | -11/+15 |
| | |||||
* | Add auth check to test if a user is an admin or not. | Erik Johnston | 2014-09-29 | 1 | -0/+8 |
| | |||||
* | Add a .runInteraction() method on SQLBaseStore itself to wrap the .db_pool | Paul "LeoNerd" Evans | 2014-09-12 | 1 | -2/+2 |
| | |||||
* | fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵ | Matthew Hodgson | 2014-09-03 | 1 | -1/+1 |
| | | | | hasn't been incorporated in time for launch. | ||||
* | Be more helpful when failing to register/login, stating why (communication ↵ | Kegan Dougal | 2014-08-14 | 1 | -2/+2 |
| | | | | error, user in user, wrong credentials, etc). Make the HS send M_USER_IN_USE. | ||||
* | add in whitespace after copyright statements to improve legibility | Matthew Hodgson | 2014-08-13 | 1 | -0/+1 |
| | |||||
* | Reference Matrix Home Server | matrix.org | 2014-08-12 | 1 | -0/+113 |