summary refs log tree commit diff
path: root/synapse/storage/registration.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-3/+287
| | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* Add startup background job for account validityBrendan Abolivier2019-05-171-12/+4
| | | | If account validity is enabled in the server's configuration, this job will run at startup as a background job and will stick an expiration date to any registered account missing one.
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-04-171-125/+206
|\ | | | | | | babolivier/account_expiration
| * Merge pull request #5047 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-171-17/+151
| |\ | | | | | | Send out emails with links to extend an account's validity period
| * \ Merge pull request #5027 from matrix-org/babolivier/account_expirationBrendan Abolivier2019-04-091-0/+34
| |\ \ | | | | | | | | Add time-based account expiration
| * \ \ Merge pull request #4982 from matrix-org/erikj/msc1915Erik Johnston2019-04-031-0/+112
| |\ \ \ | | | | | | | | | | Implement MSC1915 - 3PID unbind APIs
| | * | | Fixup docstringsErik Johnston2019-04-021-3/+3
| | | | |
| | * | | Grandfather in existing user threepidsErik Johnston2019-04-011-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We assume, as we did before, that users bound their threepid to one of the trusted identity servers. So we simply fill the new table with all threepids in `user_threepids` joined with the trusted identity servers.
| | * | | Track IS used to bind 3PIDsErik Johnston2019-04-011-0/+77
| | | | | | | | | | | | | | | | | | | | | | | | | This will then be used to know which IS to default to when unbinding the threepid.
| * | | | Run black on the rest of the storage module (#4996)Amber Brown2019-04-031-130/+99
| |/ / /
* | | / Add management endpoints for account validityBrendan Abolivier2019-04-171-12/+17
| |_|/ |/| |
* | | Send out emails with links to extend an account's validity periodBrendan Abolivier2019-04-171-17/+151
| |/ |/|
* | Add account expiration featureBrendan Abolivier2019-04-091-0/+34
|/
* Move /account/3pid to client_readerErik Johnston2019-02-271-33/+33
|
* Split /login into client_readerErik Johnston2019-02-181-41/+41
|
* Split out registration to workerErik Johnston2019-02-181-115/+115
| | | | | | | | This allows registration to be handled by a worker, though the actual write to the database still happens on master. Note: due to the in-memory session map all registration requests must be handled by the same worker.
* Ensure synchrotrons can access is_support_user in the storage layerNeil Johnson2019-01-021-25/+25
|
* create support user (#4141)Neil Johnson2018-12-141-2/+36
| | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
* Initialise user displayname from SAML2 data (#4272)Richard van der Hoff2018-12-071-7/+13
| | | | | When we register a new user from SAML2 data, initialise their displayname correctly.
* fix style inconsistenciesNeil Johnson2018-10-241-0/+19
|
* Merge branch 'develop' of github.com:matrix-org/synapse into neilj/fix_mau_initNeil Johnson2018-10-241-1/+1
|\
| * Fix a number of flake8 errorsRichard van der Hoff2018-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Broadly three things here: * disable W504 which seems a bit whacko * remove a bunch of `as e` expressions from exception handlers that don't use them * use `r""` for strings which include backslashes Also, we don't use pep8 any more, so we can get rid of the duplicate config there.
* | fix race condiftion in calling initialise_reserved_usersNeil Johnson2018-10-231-4/+12
|/
* Implement trail usersErik Johnston2018-08-231-1/+27
|
* run isortAmber Brown2018-07-091-3/+3
|
* Fix error on deleting users pending deactivationDavid Baker2018-06-261-1/+3
| | | | Use simple_delete instead of simple_delete_one as commented
* Merge pull request #3276 from matrix-org/dbkr/unbindDavid Baker2018-06-111-9/+0
|\ | | | | Remove email addresses / phone numbers from ID servers when they're removed from synapse
| * Hit the 3pid unbind endpoint on deactivationDavid Baker2018-05-231-9/+0
| |
* | Merge pull request #3264 from matrix-org/neil/sign-up-statsNeil Johnson2018-06-011-0/+36
|\ \ | | | | | | daily user type phone home stats
| * | create index in backgroundNeil Johnson2018-05-291-0/+7
| | |
| * | daily user type phone home statsNeil Johnson2018-05-221-0/+29
| |/
* / Exempt AS-registered users from doing gdprRichard van der Hoff2018-05-291-0/+1
|/
* Send users a server notice about consentRichard van der Hoff2018-05-221-7/+39
| | | | | When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so.
* Merge pull request #3213 from matrix-org/rav/consent_handlerRichard van der Hoff2018-05-161-0/+18
|\ | | | | ConsentResource to gather policy consent from users
| * ConsentResource to gather policy consent from usersRichard van der Hoff2018-05-151-0/+18
| | | | | | | | | | Hopefully there are enough comments and docs in this that it makes sense on its own.
* | Many docstringsDavid Baker2018-05-101-0/+12
| |
* | Part deactivated users in the backgroundDavid Baker2018-05-091-0/+27
|/ | | | | One room at a time so we don't take out the whole server with leave events, and restart at server restart.
* Move more xrange to sixAdrian Tschira2018-04-281-1/+3
| | | | | | plus a bonus next() Signed-off-by: Adrian Tschira <nota@notafile.com>
* Don't use _cursor_to_dict in find_next_generated_user_id_localpartErik Johnston2018-03-261-3/+1
|
* Split registration storeErik Johnston2018-03-021-57/+61
|
* Reinstate event_search_postgres_gist handlerRichard van der Hoff2018-02-021-6/+1
| | | | People may have queued updates for this, so we can't just delete it.
* Remove pushers when deleting access tokensRichard van der Hoff2017-11-291-5/+5
| | | | | Whenever an access token is invalidated, we should remove the associated pushers.
* Make __init__ consitstent across Store heirarchyRichard van der Hoff2017-11-131-2/+2
| | | | | | Add db_conn parameters to the `__init__` methods of the *Store classes, so that they are all consistent, which makes the multiple inheritance work correctly (and so that we can later extract mixins which can be used in the slavedstores)
* Fix 'NoneType' not iterable in /deactivateRichard van der Hoff2017-11-091-2/+1
| | | | make sure we actually return a value from user_delete_access_tokens
* Notify auth providers on logoutRichard van der Hoff2017-11-011-5/+8
| | | | Provide a hook by which auth providers can be notified of logouts.
* Merge pull request #2617 from matrix-org/matthew/auto-displaynameMatthew Hodgson2017-11-011-2/+4
|\ | | | | automatically set default displayname on register
| * switch to setting default displayname in the storage layerMatthew Hodgson2017-11-011-2/+4
| | | | | | | | to avoid clobbering guest user displaynames on registration
* | Remove the last vestiges of refresh_tokensRichard van der Hoff2017-10-311-18/+11
|/
* Add some more statsErik Johnston2017-06-151-0/+13
|
* User Cursor.__iter__ instead of fetchallErik Johnston2017-03-231-1/+1
| | | | This prevents unnecessary construction of lists
* Add /account/3pid/delete endpointDavid Baker2016-12-201-0/+11
| | | | Also fix a typo in a comment
* Rip out more refresh_token codeRichard van der Hoff2016-11-301-66/+0
| | | | | | | | We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema.
* Add appservice workerErik Johnston2016-08-181-11/+22
|
* Refactor user_delete_access_tokens. Invalidate get_user_by_access_token to ↵Erik Johnston2016-08-151-38/+32
| | | | slaves.
* Fix typoRichard van der Hoff2016-07-261-1/+1
|
* Delete refresh tokens when deleting devicesRichard van der Hoff2016-07-261-13/+45
|
* Implement deleting devicesRichard van der Hoff2016-07-261-4/+22
|
* Further registration refactoringRichard van der Hoff2016-07-191-2/+4
| | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change.
* Add device_id support to /loginRichard van der Hoff2016-07-181-10/+18
| | | | | | | | | | | | | Add a 'devices' table to the storage, as well as a 'device_id' column to refresh_tokens. Allow the client to pass a device_id, and initial_device_display_name, to /login. If login is successful, then register the device in the devices table if it wasn't known already. If no device_id was supplied, make one up. Associate the device_id with the access token and refresh token, so that we can get at it again later. Ensure that the device_id is copied from the refresh token to the access_token when the token is refreshed.
* Add a comment explaining allow_noneMark Haines2016-07-081-0/+2
|
* Ensure that the guest user is in the database when upgrading accountsMark Haines2016-07-081-0/+13
|
* Remove spurious txnErik Johnston2016-07-051-9/+0
|
* Fix for postgresErik Johnston2016-07-051-2/+2
|
* Add an admin option to shared secret registrationErik Johnston2016-07-051-23/+38
|
* Feature: Add deactivate account admin APIErik Johnston2016-06-301-0/+9
| | | | | | | | | | Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>`
* Remove registered_users from the distributor.Mark Haines2016-06-171-3/+14
| | | | | | | | | | The only place that was observed was to set the profile. I've made it so that the profile is set within store.register in the same transaction that creates the user. This required some slight changes to the registration code for upgrading guest users, since it previously relied on the distributor swallowing errors if the profile already existed.
* Add cache to get_user_by_idErik Johnston2016-05-091-0/+3
|
* pep8David Baker2016-04-061-1/+1
|
* Make pushers use the event_push_actions table instead of listening on an ↵David Baker2016-04-061-20/+0
| | | | | | | event stream & running the rules again. Sytest passes, but remaining to do: * Make badges work again * Remove old, unused code
* Use google style doc strings.Mark Haines2016-04-011-6/+9
| | | | | | | pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format.
* Thats not how transactions work.Erik Johnston2016-03-111-13/+16
|
* Implement logoutErik Johnston2016-03-111-14/+35
|
* Fix SQL statementErik Johnston2016-03-111-1/+1
|
* more pep8David Baker2016-03-111-1/+1
|
* Make select more sensible when dseleting access tokens, rename pusher ↵David Baker2016-03-111-5/+3
| | | | deletion to match access token deletion and make exception arg optional.
* Delete old, unused methods and rename new one to just be ↵David Baker2016-03-111-15/+2
| | | | `user_delete_access_tokens` with an `except_token_ids` argument doing what it says on the tin.
* Dear PyCharm, please indent sensibly for me. Thx.David Baker2016-03-111-1/+1
|
* Fix cache invalidation so deleting access tokens (which we did when changing ↵David Baker2016-03-111-8/+20
| | | | password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f05491ce65a4fc34326519754cd1edd9c54
* Store appservice ID on registerDaniel Wagner-Hall2016-03-101-6/+34
|
* Load the current id in the IdGenerator constructorMark Haines2016-03-011-3/+3
| | | | | | | | | Rather than loading them lazily. This allows us to remove all the yield statements and spurious arguments for the get_next methods. It also allows us to replace all instances of get_next_txn with get_next since get_next no longer needs to access the db.
* Generate guest access token on 3pid invitesDaniel Wagner-Hall2016-02-241-0/+44
| | | | | | | | | This means that following the same link across multiple sessions or devices can re-use the same guest account. Note that this is somewhat of an abuse vector; we can't throw up captchas on this flow, so this is a way of registering ephemeral accounts for spam, whose sign-up we don't rate limit.
* Allocate guest user IDs numericcallyDaniel Wagner-Hall2016-02-051-0/+36
| | | | | | | | | The current random IDs are ugly and confusing when presented in UIs. This makes them prettier and easier to read. Also, disable non-automated registration of numeric IDs so that we don't need to worry so much about people carving out our automated address space and us needing to keep retrying ID registration.
* Add descriptionsErik Johnston2016-02-031-0/+1
|
* Make notifications go quickerErik Johnston2016-01-181-3/+23
|
* Postgres doesn't like booleansDavid Baker2016-01-111-2/+2
|
* This comma is actually importantDavid Baker2016-01-071-1/+1
|
* Adding is_guest here won't work because it just constructs a dict of uid -> ↵David Baker2016-01-061-1/+1
| | | | password hash
* Add is_guest flag to users db to track whether a user is a guest user or ↵David Baker2016-01-061-11/+29
| | | | not. Use this so we can run _filter_events_for_client when calculating event_push_actions.
* Allow guests to upgrade their accountsDaniel Wagner-Hall2016-01-051-7/+16
|
* Allow users to change which account a 3pid is bound toMark Haines2015-12-151-1/+1
|
* Allow guests to register and call /events?room_id=Daniel Wagner-Hall2015-11-041-7/+8
| | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.
* Add some docstringsDaniel Wagner-Hall2015-09-221-0/+1
|
* Implement configurable stats reportingDaniel Wagner-Hall2015-09-221-0/+12
| | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.
* Merge erikj/user_dedup to developDaniel Wagner-Hall2015-08-261-0/+14
|
* Stop looking up "admin", which we never readDaniel Wagner-Hall2015-08-251-3/+2
|
* Remove completely unused concepts from codebaseDaniel Wagner-Hall2015-08-251-3/+2
| | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly.
* /tokenrefresh POST endpointDaniel Wagner-Hall2015-08-201-0/+62
| | | | | | | | This allows refresh tokens to be exchanged for (access_token, refresh_token). It also starts issuing them on login, though no clients currently interpret them.
* s/by_token/by_access_token/gDaniel Wagner-Hall2015-08-201-3/+3
| | | | We're about to have two kinds of token, access and refresh
* Merge pull request #221 from matrix-org/authDaniel Wagner-Hall2015-08-141-6/+6
|\ | | | | Simplify LoginHander and AuthHandler
| * Simplify LoginHander and AuthHandlerDaniel Wagner-Hall2015-08-121-6/+6
| | | | | | | | | | | | | | | | | | * Merge LoginHandler -> AuthHandler * Add a bunch of documentation * Improve some naming * Remove unused branches I will start merging the actual logic of the two handlers shortly
| * Change Cache to not use *args in its interfaceErik Johnston2015-08-071-1/+1
| |
* | Move all the caches into their own package, synapse.util.cachesErik Johnston2015-08-111-1/+2
| |
* | Change Cache to not use *args in its interfaceErik Johnston2015-08-071-1/+1
|/
* user_id now in user_threepidsDavid Baker2015-05-011-3/+3
|
* Don't use self.execute: it's designed for fetching stuffDavid Baker2015-05-011-3/+8
|
* No id field on userDavid Baker2015-05-011-5/+1
|
* More missed get_user_by_id API changesDavid Baker2015-05-011-3/+3
|
* Be more postgressiveDavid Baker2015-04-291-2/+2
|
* Merge branch 'develop' of github.com:matrix-org/synapse into postgresErik Johnston2015-04-281-8/+72
|\
| * pep8David Baker2015-04-171-1/+1
| |
| * Password reset, finally.David Baker2015-04-171-1/+15
| |
| * Add endpoint to get threepids from serverDavid Baker2015-04-171-0/+11
| |
| * pep8David Baker2015-04-171-1/+1
| |
| * make add3pid servlet workDavid Baker2015-04-171-0/+11
| |
| * 1) Pushers are now associated with an access tokenDavid Baker2015-03-241-1/+1
| | | | | | | | 2) Change places where we mean unauthenticated to 401, not 403, in C/S v2: hack so it stays as 403 in v1 because web client relies on it.
| * Make deleting other access tokens when you change your password actually workDavid Baker2015-03-241-5/+11
| |
| * Implement password changing (finally) along with a start on making ↵David Baker2015-03-231-4/+29
| | | | | | | | client/server auth more general.
* | Go back to storing JSON in TEXTErik Johnston2015-04-161-5/+0
| |
* | Add missing yield in storage funcErik Johnston2015-04-151-1/+1
| |
* | Handle the fact that in sqlite binary data might be stored as unicode or bytesErik Johnston2015-04-101-1/+3
| |
* | Use generic db exceptions rather than sqlite3 specific onesErik Johnston2015-04-081-3/+1
| |
* | PEP8Erik Johnston2015-04-071-1/+0
| |
* | Don't use AUTOINCREMENT, use an in memory versionErik Johnston2015-04-071-3/+7
| |
* | Make work in both Maria and SQLite. Fix testsErik Johnston2015-04-011-2/+6
| |
* | Fix unicode database supportErik Johnston2015-03-251-4/+14
| |
* | Merge branch 'develop' of github.com:matrix-org/synapse into mysqlErik Johnston2015-03-201-2/+9
|\|
| * Give sensible names for '_simple_...' transactionsErik Johnston2015-03-201-2/+7
| |
| * @cached() annotate get_user_by_token() - achieves a minor DB performance ↵Paul "LeoNerd" Evans2015-03-171-1/+6
| | | | | | | | improvement
* | Convert storage layer to be mysql compatibleErik Johnston2015-03-191-9/+5
|/
* Also give _execute() a descriptionPaul "LeoNerd" Evans2015-03-111-2/+1
|
* Extract the id token of the token when authing users, include the token and ↵Mark Haines2015-01-281-1/+2
| | | | device_id in the internal meta data for the event along with the transaction id when sending events
* Update copyright noticesMark Haines2015-01-061-1/+1
|
* Fix pep8 codestyle warningsMark Haines2014-11-201-7/+9
|
* Add an EventValidator. Fix bugs in auth ++ storageErik Johnston2014-11-101-1/+5
|
* Add transaction level logging and timing information. Add a _simple_delete ↵Erik Johnston2014-10-281-2/+5
| | | | method
* Update docstringErik Johnston2014-09-291-1/+2
|
* SYN-48: Implement WHOIS rest servletErik Johnston2014-09-291-11/+15
|
* Add auth check to test if a user is an admin or not.Erik Johnston2014-09-291-0/+8
|
* Add a .runInteraction() method on SQLBaseStore itself to wrap the .db_poolPaul "LeoNerd" Evans2014-09-121-2/+2
|
* fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org ↵Matthew Hodgson2014-09-031-1/+1
| | | | hasn't been incorporated in time for launch.
* Be more helpful when failing to register/login, stating why (communication ↵Kegan Dougal2014-08-141-2/+2
| | | | error, user in user, wrong credentials, etc). Make the HS send M_USER_IN_USE.
* add in whitespace after copyright statements to improve legibilityMatthew Hodgson2014-08-131-0/+1
|
* Reference Matrix Home Servermatrix.org2014-08-121-0/+113