summary refs log tree commit diff
path: root/synapse (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix email notifications for large unnamed rooms.Erik Johnston2019-06-071-0/+11
| | | | | | When we try and calculate a description for a room for with no name but multiple other users we threw an exception (due to trying to subscript result of `dict.values()`).
* Prevent multiple device list updates from breaking a batch send (#5156)Andrew Morgan2019-06-062-31/+126
| | | fixes #5153
* Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | Set default room version to v4.
* Merge pull request #5320 from matrix-org/hawkowl/full-schema-v1Erik Johnston2019-06-065-2/+2352
|\ | | | | Make a full SQL schema
| * fix maybeAmber H. Brown2019-06-071-20/+2
| |
| * just user dir?Amber H. Brown2019-06-071-1/+19
| |
| * remove background updates that arent neededAmber H. Brown2019-06-071-33/+1
| |
| * add more commentsAmber Brown2019-06-061-0/+5
| |
| * Merge remote-tracking branch 'origin/develop' into hawkowl/full-schema-v1Amber Brown2019-06-0439-323/+294
| |\
| * | add stuff in bg updatesAmber Brown2019-06-041-10/+62
| | |
| * | WHY IS THIS CALLED A SLIGHTLY DIFFERENT THINGAmber Brown2019-06-031-0/+1
| | |
| * | more fixAmber Brown2019-06-031-0/+38
| | |
| * | fix schemasAmber Brown2019-06-034-61/+20
| | |
| * | full schemaAmber Brown2019-06-033-0/+2315
| | |
| * | prepareAmber Brown2019-06-031-2/+14
| | |
* | | Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-0617-60/+871
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* | | Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-062-74/+226
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* | | Fix missing logcontext for PresenceHandler.on_shutdown. (#5369)Richard van der Hoff2019-06-061-1/+7
| | | | | | | | | | | | Fixes some warnings, and a scary-looking stacktrace when sytest kills the process.
* | | Merge pull request #5221 from matrix-org/erikj/fix_worker_sytestErik Johnston2019-06-061-1/+11
|\ \ \ | | | | | | | | Fix get_max_topological_token to never return None
| * | | Better wordsErik Johnston2019-06-061-1/+1
| | | |
| * | | Fix get_max_topological_token to never return NoneErik Johnston2019-05-211-1/+11
| | | |
* | | | Merge pull request #5089 from dnaf/m-heroes-empty-room-nameBrendan Abolivier2019-06-061-5/+4
|\ \ \ \ | | | | | | | | | | Make /sync return heroes if room name or canonical alias are empty
| * | | | Simplify conditionBrendan Abolivier2019-06-061-2/+2
| | | | |
| * | | | Simplify conditionBrendan Abolivier2019-06-051-3/+2
| | | | |
| * | | | Merge branch 'develop' into m-heroes-empty-room-nameBrendan Abolivier2019-06-05136-1945/+5896
| |\ \ \ \
| * | | | | LintKatie Wolfe2019-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I probably should've just run autopep8 in the first place... Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | Clean up codeKatie Wolfe2019-04-241-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | Show heroes if room name or canonical alias are emptyKatie Wolfe2019-04-241-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4194 Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | Show heroes if room name or canonical alias are emptyKatie Wolfe2019-04-241-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4194 Signed-off-by: Katie Wolfe <katie@dnaf.moe>
* | | | | | Merge pull request #5359 from matrix-org/rav/enable_tls_verificationRichard van der Hoff2019-06-061-5/+5
|\ \ \ \ \ \ | | | | | | | | | | | | | | Validate federation server TLS certificates by default.
| * \ \ \ \ \ Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verificationRichard van der Hoff2019-06-057-22/+121
| |\ \ \ \ \ \
| * | | | | | | Validate federation server TLS certificates by default.Richard van der Hoff2019-06-051-5/+5
| | | | | | | |
* | | | | | | | Merge pull request #5355 from matrix-org/babolivier/heroes_left_membersBrendan Abolivier2019-06-061-15/+19
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Include left members in room summaries' heroes
| * | | | | | | | Do user_id != me checks before deciding whether we should pick heroes from ↵Brendan Abolivier2019-06-051-15/+19
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | the joined members or the parted ones
* | | | | | | | Merge pull request #5354 from matrix-org/rav/server_keys/99-room-v5Richard van der Hoff2019-06-061-5/+5
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Implement room v5 which enforces signing key validity
| * | | | | | | | Implement room v5 which enforces signing key validityRichard van der Hoff2019-06-051-5/+5
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements [MSC2077](https://github.com/matrix-org/matrix-doc/pull/2077) and fixes #5247 and #4364.
* | | | | | | | Merge pull request #5353 from matrix-org/rav/verify_key_loggingRichard van der Hoff2019-06-064-46/+76
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | | | | | Associate a request_name with each verify request, for logging
| * | | | | | | Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-054-46/+76
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also: * rename VerifyKeyRequest->VerifyJsonRequest * calculate key_ids on VerifyJsonRequest construction * refactor things to pass around VerifyJsonRequests instead of 4-tuples
* | | | | | | Fix `federation_custom_ca_list` configuration option.Richard van der Hoff2019-06-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, setting this option would cause an exception at startup.
* | | | | | | Neilj/add r0.5 to versions (#5360)Neil Johnson2019-06-051-0/+1
| | | | | | | | | | | | | | | | | | | | | * Update _matrix/client/versions to reference support for r0.5.0
* | | | | | | Fix background updates to handle redactions/rejections (#5352)Erik Johnston2019-06-063-9/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix background updates to handle redactions/rejections In background updates based on current state delta stream we need to handle that we may not have all the events (or at least that `get_events` may raise an exception).
* | | | | | | Merge pull request #5317 from matrix-org/erikj/make_do_auth_non_essentialErik Johnston2019-06-051-12/+46
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix handling of failures when calling /event_auth.
| * | | | | | | Add logging when request fails and clarify we ignore errors.Erik Johnston2019-06-051-4/+12
| | | | | | | |
| * | | | | | | Fix handling of failures when calling /event_auth.Erik Johnston2019-06-031-12/+38
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When processing an incoming event over federation, we may try and resolve any unexpected differences in auth events. This is a non-essential process and so should not stop the processing of the event if it fails (e.g. due to the remote disappearing or not implementing the necessary endpoints). Fixes #3330
* | | | | | | Neilj/mau tracking config explainer (#5284)Neil Johnson2019-06-051-0/+16
| |/ / / / / |/| | | | | | | | | | | | | | | | | Improve documentation of monthly active user blocking and mau_trial_days
* | | | | | Add a test room version where we enforce key validity (#5348)Richard van der Hoff2019-06-052-22/+37
| |/ / / / |/| | | |
* | | | | Clean up debug logging (#5347)Richard van der Hoff2019-06-053-8/+18
| | | | | | | | | | | | | | | Remove some spurious stuff, clarify some other stuff
* | | | | Rename VerifyKeyRequest.deferred field (#5343)Richard van der Hoff2019-06-051-12/+12
| | | | | | | | | | | | | | | it's a bit confusing
* | | | | Call RetryLimiter correctly (#5340)Richard van der Hoff2019-06-041-1/+6
| | | | | | | | | | | | | | | Fixes a regression introduced in #5335.
* | | | | Fix failure to fetch batches of PDUs (#5342)Richard van der Hoff2019-06-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | FederationClient.get_pdu is called in a loop to fetch a batch of PDUs. A failure to fetch one should not result in a failure of the whole batch. Add the missing `continue`.
* | | | | Rename get_events->get_events_from_store_or_dest (#5344)Richard van der Hoff2019-06-041-20/+13
| | | | | | | | | | | | | | | | | | | | | | | | | We have too many things called get_event, and it's hard to figure out what we mean. Also remove some unused params from the signature, and add some logging.
* | | | | Merge pull request #5341 from matrix-org/babolivier/email_configBrendan Abolivier2019-06-041-42/+57
|\ \ \ \ \ | | | | | | | | | | | | Make account validity renewal emails work when email notifs are disabled
| * | | | | Only parse from email if providedBrendan Abolivier2019-06-041-4/+5
| | | | | |
| * | | | | LintBrendan Abolivier2019-06-041-1/+0
| | | | | |
| * | | | | Make account validity renewal emails work when email notifs are disabledBrendan Abolivier2019-06-041-42/+57
| | | | | |
* | | | | | Merge pull request #5324 from matrix-org/erikj/ignore_nullErik Johnston2019-06-041-0/+16
|\ \ \ \ \ \ | | | | | | | | | | | | | | Ignore room state with null bytes in for room stats
| * | | | | | FixErik Johnston2019-06-031-1/+2
| | | | | | |
| * | | | | | Ignore room state with null bytes in for room statsErik Johnston2019-06-031-0/+15
| | |_|_|_|/ | |/| | | |
* | | | | | Avoid rapidly backing-off a server if we ignore the retry interval (#5335)Richard van der Hoff2019-06-041-23/+37
|\ \ \ \ \ \
| * | | | | | Avoid rapidly backing-off a server if we ignore the retry intervalRichard van der Hoff2019-06-031-23/+37
| | | | | | |
* | | | | | | Don't do long retries when calling the key notary server. (#5334)Richard van der Hoff2019-06-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It takes at least 20 minutes to work through the long_retries schedule (11 attempts, each with a 60 second timeout, and 60 seconds between each request), so if the notary server isn't returning within the timeout, we'll just end up blocking whatever request is happening for 20 minutes. Ain't nobody got time for that.
* | | | | | | Merge pull request #5333 from ↵Richard van der Hoff2019-06-042-33/+60
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/rav/server_keys/09_improve_notary_server Fixes for the key-notary server
| * | | | | | | Notary server: make requests to origins in parallelRichard van der Hoff2019-06-042-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... else we're guaranteed to time out.
| * | | | | | | Don't bomb out on direct key fetches as soon as one failsRichard van der Hoff2019-06-041-22/+36
| | | | | | | |
| * | | | | | | Reduce timeout for outbound /key/v2/server requests.Richard van der Hoff2019-06-031-0/+13
| |/ / / / / /
* | | | | | | Improve docstrings on MatrixFederationClient. (#5332)Richard van der Hoff2019-06-041-16/+55
| | | | | | |
* | | | | | | Hawkowl/fix missing auth (#5328)Amber Brown2019-06-041-0/+1
|/ / / / / /
* / / / / / Enforce validity period on server_keys for fed requests. (#5321)Richard van der Hoff2019-06-034-61/+119
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures.
* | | | | Merge pull request #5307 from ↵Richard van der Hoff2019-06-031-12/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/rav/server_keys/07-fix-notary-cache-poison Stop overwriting server keys with other keys
| * | | | | Stop overwriting server keys with other keysRichard van der Hoff2019-05-311-12/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a bug where we would discard a key result which the origin server is no longer returning. Fixes #5305.
* | | | | | Unify v1 and v2 REST client APIs (#5226)Amber Brown2019-06-0338-311/+292
| |_|/ / / |/| | | |
* | | | | Merge pull request #5309 from matrix-org/rav/limit_displayname_lengthRichard van der Hoff2019-06-012-0/+15
|\ \ \ \ \ | | | | | | | | | | | | Limit displaynames and avatar URLs
| * | | | | Limit displaynames and avatar URLsRichard van der Hoff2019-06-012-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These end up in join events everywhere, so let's limit them. Fixes #5079
* | | | | | Merge pull request #5299 from matrix-org/rav/server_keys/05-rewrite-gsvk-againRichard van der Hoff2019-05-311-48/+53
|\ \ \ \ \ \ | | | | | | | | | | | | | | Rewrite get_server_verify_keys, again.
| * \ \ \ \ \ Merge remote-tracking branch 'origin/develop' into ↵Richard van der Hoff2019-05-316-128/+141
| |\ \ \ \ \ \ | | | |/ / / / | | |/| | | | | | | | | | | rav/server_keys/05-rewrite-gsvk-again
| * | | | | | Rewrite get_server_verify_keys, again.Richard van der Hoff2019-05-301-48/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attempt to simplify the logic in get_server_verify_keys by splitting it into two methods.
* | | | | | | Merge pull request #5276 from matrix-org/babolivier/account_validity_job_deltaErik Johnston2019-05-312-3/+25
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Allow configuring a range for the account validity startup job
| * | | | | | Move delta from +10% to -10%Brendan Abolivier2019-05-312-3/+3
| | | | | | |
| * | | | | | Gah pythonBrendan Abolivier2019-05-311-1/+1
| | | | | | |
| * | | | | | Make max_delta equal to period * 10%Brendan Abolivier2019-05-312-15/+7
| | | | | | |
| * | | | | | Allow configuring a range for the account validity startup jobBrendan Abolivier2019-05-282-2/+32
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal. In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch.
* | | | | | Merge pull request #5300 from ↵Richard van der Hoff2019-05-311-25/+8
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/rav/server_keys/06-fix-serverkeys-handling Remove some pointless exception handling
| * | | | | | Remove some pointless exception handlingRichard van der Hoff2019-05-301-25/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The verify_request deferred already returns a suitable SynapseError, so I don't really know what we expect to achieve by doing more wrapping, other than log spam. Fixes #4278.
* | | | | | | Merge pull request #5296 from ↵Richard van der Hoff2019-05-311-17/+21
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/rav/server_keys/04-use-attrs-for_verify-request use attr.s for VerifyKeyRequest
| * | | | | | use attr.s for VerifyKeyRequestRichard van der Hoff2019-05-301-17/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | because namedtuple is awful
* | | | | | | Merge pull request #5293 from Kagamihime/messages-federation-formatErik Johnston2019-05-311-0/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix ignored filter field in `/messages` endpoint
| * | | | | | | Fix ignored filter field in `/messages` endpointEisha Chen-yen-su2019-05-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a bug which were causing the "event_format" field to be ignored in the filter of requests to the `/messages` endpoint of the CS API. Signed-off-by: Eisha Chen-yen-su <chenyensu0@gmail.com>
* | | | | | | | Merge pull request #5294 from matrix-org/erikj/speed_up_room_statsErik Johnston2019-05-314-87/+111
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | Speed up room stats background update
| * | | | | | | Add indices. Remove room_ids accidentally addedErik Johnston2019-05-312-13/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have to do this by re-inserting a background update and recreating tables, as the tables only get created during a background update and will later be deleted. We also make sure that we remove any entries that should have been removed but weren't due to a race that has been fixed in a previous commit.
| * | | | | | | Join against events to use its room_id indexErik Johnston2019-05-301-1/+6
| | | | | | | |
| * | | | | | | Move deletion from table inside txnErik Johnston2019-05-301-2/+5
| | | | | | | |
| * | | | | | | Fetch membership counts all at onceErik Johnston2019-05-302-38/+18
| | | | | | | |
| * | | | | | | Get events all at onceErik Johnston2019-05-301-33/+26
| | | | | | | |
* | | | | | | | Merge branch 'master' into developErik Johnston2019-05-301-1/+1
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | |
| * | | | | | | 0.99.5.2 v0.99.5.2 github/release-v0.99.5 release-v0.99.5Erik Johnston2019-05-301-1/+1
| | | | | | | |
| * | | | | | | Add index to temp tableErik Johnston2019-05-301-0/+1
| | | | | | | |
| * | | | | | | Update synapse/storage/events_bg_updates.pyErik Johnston2019-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | | | | | | Rename constantErik Johnston2019-05-301-3/+3
| | | | | | | |
| * | | | | | | Move event background updates to a separate fileErik Johnston2019-05-303-369/+405
| | | | | | | |
| * | | | | | | Fixup comments and loggingErik Johnston2019-05-302-9/+15
| | | | | | | |
| * | | | | | | Log actual number of entries deletedErik Johnston2019-05-302-5/+13
| | | | | | | |
| * | | | | | | Add DB bg update to cleanup extremities.Erik Johnston2019-05-302-0/+205
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to #5269 we may have extremities in our DB that we shouldn't have, so lets add a cleanup task such to remove those.
| * | | | | | | Correctly filter out extremities with soft failed prevs (#5274)Erik Johnston2019-05-301-3/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we receive a soft failed event we, correctly, *do not* update the forward extremity table with the event. However, if we later receive an event that references the soft failed event we then need to remove the soft failed events prev events from the forward extremities table, otherwise we just build up forward extremities. Fixes #5269
* | | | | | | | Add index to temp tableErik Johnston2019-05-301-0/+1
| |/ / / / / / |/| | | | | |
* | | | | | | Merge pull request #5278 from matrix-org/erikj/cleanup_bad_extremitiesErik Johnston2019-05-305-181/+436
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add DB bg update to cleanup extremities.
| * | | | | | | Update synapse/storage/events_bg_updates.pyErik Johnston2019-05-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | | | | | | Rename constantErik Johnston2019-05-301-3/+3
| | | | | | | |
| * | | | | | | Move event background updates to a separate fileErik Johnston2019-05-303-369/+405
| | | | | | | |
| * | | | | | | Fixup comments and loggingErik Johnston2019-05-302-9/+15
| | | | | | | |
| * | | | | | | Log actual number of entries deletedErik Johnston2019-05-292-5/+13
| | | | | | | |
| * | | | | | | Add DB bg update to cleanup extremities.Erik Johnston2019-05-292-0/+205
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to #5269 we may have extremities in our DB that we shouldn't have, so lets add a cleanup task such to remove those.
* | | | | | | | Merge pull request #5256 from aaronraimist/logout-correct-errorErik Johnston2019-05-301-18/+9
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Show correct error when logging out and access token is missing
| * | | | | | | | LintAaron Raimist2019-05-291-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
| * | | | | | | | Get rid of try exceptAaron Raimist2019-05-271-16/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
| * | | | | | | | Show correct error when logging out and access token is missingAaron Raimist2019-05-241-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | | | | | | | | Remove spurious debug from MatrixFederationHttpClient.get_json (#5287) v0.99.5.1.dev0Richard van der Hoff2019-05-291-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is just unhelpful spam
* | | | | | | | | Improve logging for logcontext leaks. (#5288)Richard van der Hoff2019-05-291-9/+13
| | | | | | | | |
* | | | | | | | | Implement the SHHS complexity API (#5216)Amber Brown2019-05-304-5/+89
| | | | | | | | |
* | | | | | | | | Serve CAS login over r0 (#5286)Amber Brown2019-05-301-2/+2
| | | | | | | | |
* | | | | | | | | Fix error when downloading thumbnail with width/height param missing (#5258)Aaron Raimist2019-05-291-2/+2
| |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix error when downloading thumbnail with width/height param missing Fixes #2748 Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | | | | | | | Correctly filter out extremities with soft failed prevs (#5274)Erik Johnston2019-05-291-3/+79
| |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we receive a soft failed event we, correctly, *do not* update the forward extremity table with the event. However, if we later receive an event that references the soft failed event we then need to remove the soft failed events prev events from the forward extremities table, otherwise we just build up forward extremities. Fixes #5269
* | | | | | | Fix dropped logcontexts during high outbound traffic. (#5277)Richard van der Hoff2019-05-291-7/+13
| | | | | | | | | | | | | | | | | | | | | Fixes #5271.
* | | | | | | Fix docs on resetting the user directory (#5036)Aaron Raimist2019-05-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* | | | | | | Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sigRichard van der Hoff2019-05-281-41/+92
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Ensure that server_keys fetched via a notary server are correctly signed.
| * | | | | | | Improve error handling/logging for perspectives-key fetching.Richard van der Hoff2019-05-241-28/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular, don't give up on the first failure.
| * | | | | | | Require sig from origin server on perspectives responsesRichard van der Hoff2019-05-231-13/+15
| | | | | | | |
* | | | | | | | Fix "db txn 'update_presence' from sentinel context" log messages (#5275)Richard van der Hoff2019-05-281-52/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4414.
* | | | | | | | Merge pull request #5268 from matrix-org/babolivier/account_validity_fix_schemaBrendan Abolivier2019-05-281-0/+3
|\ \ \ \ \ \ \ \ | | |_|_|/ / / / | |/| | | | | | Fix schema update for account validity
| * | | | | | | Fix schema update for account validityBrendan Abolivier2019-05-281-0/+3
| | | | | | | |
* | | | | | | | Merge pull request #5260 from matrix-org/travis/fix-room-bg-taskErik Johnston2019-05-251-1/+1
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix logging for room stats background update
| * | | | | | | | Fix logging for room stats background updateTravis Ralston2019-05-251-1/+1
| | | | | | | | |
* | | | | | | | | Merge pull request #5257 from aaronraimist/fix-error-code-publicroomsErik Johnston2019-05-251-1/+1
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix error code for invalid parameter
| * | | | | | | | | Fix error code for invalid parameterAaron Raimist2019-05-241-1/+1
| | |_|_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Aaron Raimist <aaron@raim.ist>
* / | | | | | | | Simplification to Keyring.wait_for_previous_lookups. (#5250)Richard van der Hoff2019-05-241-7/+4
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The list of server names was redundant, since it was equivalent to the keys on the server_to_deferred map. This reduces the number of large lists being passed around, and has the benefit of deduplicating the entries in `wait_on`.
* | | | | | | | Fix appservice timestamp massaging (#5233)Tulir Asokan2019-05-241-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Tulir Asokan <tulir@maunium.net>
* | | | | | | | Add missing blank line in config (#5249)Richard van der Hoff2019-05-241-0/+1
| | | | | | | |
* | | | | | | | Merge pull request #5220 from matrix-org/erikj/dont_bundle_live_eventsErik Johnston2019-05-244-2/+12
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Don't bundle aggregations with events in /sync or /events or state queries
| * | | | | | | Don't bundle aggs for /state and /members etc APIsErik Johnston2019-05-241-0/+3
| | | | | | | |
| * | | | | | | Don't bundle events in /sync or /eventsErik Johnston2019-05-213-2/+9
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | As we'll send down the annotations too anyway, so this just ends up confusing clients.
* | | | | | | Merge pull request #5244 from matrix-org/rav/server_keys/00-factor-out-fetchersErik Johnston2019-05-232-143/+178
|\ \ \ \ \ \ \ | | |_|/ / / / | |/| | | | | Factor out KeyFetchers from KeyRing
| * | | | | | Fix remote_key_resourceRichard van der Hoff2019-05-231-3/+3
| | | | | | |
| * | | | | | Factor out KeyFetchers from KeyRingRichard van der Hoff2019-05-231-140/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than have three methods which have to have the same interface, factor out a separate interface which is provided by three implementations. I find it easier to grok the code this way.
* | | | | | | Add config option for setting homeserver's default room version (#5223)Andrew Morgan2019-05-234-8/+42
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present. That hardcoded value is now located in the server.py config file.
* | | | | | Store key validity time in the storage layerRichard van der Hoff2019-05-233-24/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a first step to checking that the key is valid at the required moment. The idea here is that, rather than passing VerifyKey objects in and out of the storage layer, we instead pass FetchKeyResult objects, which simply wrap the VerifyKey and add a valid_until_ts field.
* | | | | | Simplify process_v2_response (#5236)Richard van der Hoff2019-05-231-21/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Pass time_added_ms into process_v2_response * Simplify process_v2_response We can merge old_verify_keys into verify_keys, and reduce the number of dicts flying around.
* | | | | | Remove unused VerifyKey.expired and .time_added fields (#5235)Richard van der Hoff2019-05-231-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were never used, and poking arbitary data into objects from other packages seems confusing at best.
* | | | | | Rewrite store_server_verify_key to store several keys at once (#5234)Richard van der Hoff2019-05-232-71/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Storing server keys hammered the database a bit. This replaces the implementation which stored a single key, with one which can do many updates at once.
* | | | | | Simplifications and comments in do_auth (#5227)Richard van der Hoff2019-05-232-121/+182
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I was staring at this function trying to figure out wtf it was actually doing. This is (hopefully) a non-functional refactor which makes it a bit clearer.
* | | | | | Run black on synapse.crypto.keyring (#5232)Richard van der Hoff2019-05-221-149/+137
| | | | | |
* | | | | | Merge branch 'master' into developNeil Johnson2019-05-221-1/+1
|\ \ \ \ \ \ | | |_|/ / / | |/| | | |
| * | | | | 0.99.5.1 v0.99.5.1Neil Johnson2019-05-221-1/+1
| | | | | |
| * | | | | Revert "0.99.5"Neil Johnson2019-05-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit c31e375ade1b59a7fe38628337e9e1aa3de91feb.
| * | | | | 0.99.5Neil Johnson2019-05-221-1/+1
| | | | | |
* | | | | | remove urllib3 pin (#5230)Marcus Hoffmann2019-05-221-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | requests 2.22.0 as been released supporting urllib3 1.25.2 Signed-off-by: Marcus Hoffmann <bubu@bubu1.eu>
* | | | | | Merge branch 'master' into developNeil Johnson2019-05-221-1/+1
|\| | | | |
| * | | | | 0.99.5 v0.99.5Neil Johnson2019-05-221-1/+1
| | |_|/ / | |/| | |
* | | | | Neilj/ensure get profileinfo available in client reader slaved store (#5213)Neil Johnson2019-05-221-0/+2
| | | | | | | | | | | | | | | * expose SlavedProfileStore to ClientReaderSlavedStore
* | | | | Merge branch 'master' into developRichard van der Hoff2019-05-221-1/+1
|\| | | |
| * | | | Merge commit 'f4c80d70f' into release-v0.99.5Richard van der Hoff2019-05-212-5/+61
| |\ \ \ \
| * | | | | 0.99.5rc1Richard van der Hoff2019-05-211-1/+1
| | | | | |
* | | | | | Room Statistics (#4338)Amber Brown2019-05-2111-13/+1021
| |/ / / / |/| | | |
* | | | | Merge pull request #5203 from matrix-org/erikj/aggregate_by_senderErik Johnston2019-05-211-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Only count aggregations from distinct senders
| * | | | | Only count aggregations from distinct sendersErik Johnston2019-05-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | As a user isn't allowed to send a single emoji more than once.
* | | | | | Merge pull request #5212 from matrix-org/erikj/deny_multiple_reactionsErik Johnston2019-05-212-4/+60
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Block attempts to annotate the same event twice
| * | | | | Fix wordsErik Johnston2019-05-211-3/+3
| | | | | |
| * | | | | Block attempts to annotate the same event twiceErik Johnston2019-05-202-4/+60
| | | | | |
* | | | | | Introduce room v4 which updates event ID format. (#5217)Richard van der Hoff2019-05-211-4/+4
| | | | | | | | | | | | | | | | | | Implements https://github.com/matrix-org/matrix-doc/pull/2002.
* | | | | | Exclude soft-failed events from fwd-extremity candidates. (#5146)Richard van der Hoff2019-05-212-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When considering the candidates to be forward-extremities, we must exclude soft failures. Hopefully fixes #5090.
* | | | | | Pin eliot to <1.8 on python 3.5.2 (#5218)Richard van der Hoff2019-05-211-6/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Pin eliot to <1.8 on python 3.5.2 Fixes https://github.com/matrix-org/synapse/issues/5199 * Add support for 'markers' to python_dependencies * tell xargs not to strip quotes
* | | | | | Merge pull request #5204 from ↵Brendan Abolivier2019-05-213-12/+70
|\ \ \ \ \ \ | |_|_|/ / / |/| | | / / | | |_|/ / | |/| | | matrix-org/babolivier/account_validity_expiration_date Add startup background job for account validity
| * | | | DocBrendan Abolivier2019-05-211-0/+8
| | | | |
| * | | | Do the select and insert in a single transactionBrendan Abolivier2019-05-211-10/+6
| | | | |
| * | | | Add startup background job for account validityBrendan Abolivier2019-05-172-12/+66
| | | | | | | | | | | | | | | | | | | | If account validity is enabled in the server's configuration, this job will run at startup as a background job and will stick an expiration date to any registered account missing one.
* | | | | Fix error handling for rooms whose versions are unknown. (#5219)Richard van der Hoff2019-05-214-7/+37
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | If we remove support for a particular room version, we should behave more gracefully. This should make client requests fail with a 400 rather than a 500, and will ignore individiual PDUs in a federation transaction, rather than the whole transaction.
* | | | Revert "expose SlavedProfileStore to ClientReaderSlavedStore (#5200)"Richard van der Hoff2019-05-201-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit ce5bcefc609db40740c692bd53a1ef84ab675e8c. This caused: ``` Traceback (most recent call last): File "/usr/local/lib/python3.7/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/usr/local/lib/python3.7/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/synapse/src/synapse/app/client_reader.py", line 32, in <module> from synapse.replication.slave.storage import SlavedProfileStore ImportError: cannot import name 'SlavedProfileStore' from 'synapse.replication.slave.storage' (/home/synapse/src/synapse/replication/slave/storage/__init__.py) error starting synapse.app.client_reader('/home/synapse/config/workers/client_reader.yaml') (exit code: 1); see above for logs ```
* | | | Add a test room version which updates event ID format (#5210)Richard van der Hoff2019-05-202-3/+33
| | | | | | | | | | | | Implements MSC1884
* | | | Rename relation types to match MSCErik Johnston2019-05-203-9/+9
| | | |
* | | | Merge pull request #5209 from matrix-org/erikj/reactions_baseErik Johnston2019-05-2012-16/+899
|\ \ \ \ | | | | | | | | | | Land basic reaction and edit support.
| * | | | Correctly update aggregation counts after redactionErik Johnston2019-05-202-0/+20
| | |/ / | |/| |
| * | | Fixup bsaed on review commentsErik Johnston2019-05-173-19/+19
| | | |
| * | | Add basic editing supportErik Johnston2019-05-163-6/+85
| | | |
| * | | Move parsing of tokens out of storage layerErik Johnston2019-05-162-14/+21
| | | |
| * | | Indirect tuple conversionErik Johnston2019-05-161-0/+6
| | | |
| * | | Check that event is visible in new APIsErik Johnston2019-05-161-2/+15
| | | |
| * | | Fix relations in worker modeErik Johnston2019-05-165-13/+28
| | | |
| * | | Add cache to relationsErik Johnston2019-05-161-0/+8
| | | |
| * | | Add aggregations APIErik Johnston2019-05-164-10/+395
| | | |
| * | | Actually check for None rather falseyErik Johnston2019-05-151-2/+2
| | | |
| * | | Actually implement idempotencyErik Johnston2019-05-151-1/+8
| | | |
| * | | Add simple pagination APIErik Johnston2019-05-152-0/+130
| | | |
| * | | Add simple send_relation API and track in DBErik Johnston2019-05-157-0/+213
| | | |
* | | | Limit UserIds to a length that fits in a state key (#5198)ReidAnderson2019-05-202-1/+13
| | | |
* | | | fix mapping of return values for get_or_register_3pid_guest (#5177)bytepoets-blo2019-05-171-1/+1
| | | | | | | | | | | | * fix mapping of return values for get_or_register_3pid_guest
* | | | Merge pull request #5191 from matrix-org/erikj/refactor_pagination_boundsErik Johnston2019-05-171-61/+133
|\ \ \ \ | | | | | | | | | | Make generating SQL bounds for pagination generic
| * | | | Spelling and clarificationsErik Johnston2019-05-171-5/+9
| | | | |
| * | | | Update docstringErik Johnston2019-05-161-1/+12
| |/ / /
| * | | Make generating SQL bounds for pagination genericErik Johnston2019-05-151-61/+118
| | | | | | | | | | | | | | | | | | | | This will allow us to reuse the same structure when we paginate e.g. relations
* | | | expose SlavedProfileStore to ClientReaderSlavedStore (#5200)Neil Johnson2019-05-171-0/+2
| | | | | | | | | | | | * expose SlavedProfileStore to ClientReaderSlavedStore
* | | | Merge pull request #5196 from matrix-org/babolivier/per_room_profilesBrendan Abolivier2019-05-172-0/+20
|\ \ \ \ | | |/ / | |/| | Add an option to disable per-room profiles
| * | | Add option to disable per-room profilesBrendan Abolivier2019-05-162-0/+20
| | | |
* | | | Fix image orientation when generating thumbnail (#5039)PauRE2019-05-163-1/+45
| | | |
* | | | Merge pull request #5174 from matrix-org/dbkr/add_dummy_flow_to_recaptcha_onlyDavid Baker2019-05-161-5/+17
|\ \ \ \ | |/ / / |/| | | Re-order registration stages to do msisdn & email auth last
| * | | Merge remote-tracking branch 'origin/develop' into ↵David Baker2019-05-131-1/+0
| |\ \ \ | | | | | | | | | | | | | | | dbkr/add_dummy_flow_to_recaptcha_only
| * \ \ \ Merge remote-tracking branch 'origin/develop' into ↵David Baker2019-05-132-20/+35
| |\ \ \ \ | | | | | | | | | | | | | | | | | | dbkr/add_dummy_flow_to_recaptcha_only
| * | | | | Re-order flows so that email auth is done lastDavid Baker2019-05-101-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's more natural for the user if the bit that takes them away from the registration flow comes last. Adding the dummy stage allows us to do the stages in this order without the ambiguity.
| * | | | | CommentDavid Baker2019-05-101-0/+4
| | | | | |
| * | | | | Add a DUMMY stage to captcha-only registration flowDavid Baker2019-05-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the client to complete the email last which is more natual for the user. Without this stage, if the client would complete the recaptcha (and terms, if enabled) stages and then the registration request would complete because you've now completed a flow, even if you were intending to complete the flow that's the same except has email auth at the end. Adding a dummy auth stage to the recaptcha-only flow means it's always unambiguous which flow the client was trying to complete. Longer term we should think about changing the protocol so the client explicitly says which flow it's trying to complete. vector-im/riot-web#9586
* | | | | | Make /sync attempt to return device updates for both joined and invited ↵Matthew Hodgson2019-05-161-19/+25
| | | | | | | | | | | | | | | | | | | | | | | | users (#3484)
* | | | | | Merge pull request #5187 from ↵David Baker2019-05-161-18/+22
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/dbkr/only_check_threepid_not_in_use_if_actually_registering Only check 3pids not in use when registering
| * | | | | | Only check 3pids not in use when registeringDavid Baker2019-05-141-18/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We checked that 3pids were not already in use before we checked if we were going to return the account previously registered in the same UI auth session, in which case the 3pids will definitely be in use. https://github.com/vector-im/riot-web/issues/9586
* | | | | | | Make all the rate limiting options more consistent (#5181)Amber Brown2019-05-155-91/+104
| | | | | | |
* | | | | | | Drop support for v2_alpha API prefix (#5190)Richard van der Hoff2019-05-157-26/+20
| | | | | | |
* | | | | | | Merge branch 'master' into developRichard van der Hoff2019-05-151-1/+1
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | |
| * | | | | | 0.99.4Richard van der Hoff2019-05-151-1/+1
| | | | | | |
* | | | | | | Merge pull request #5183 from matrix-org/erikj/async_serialize_eventErik Johnston2019-05-1512-101/+193
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Allow client event serialization to be async
| * | | | | | | Update docstring with correct return typeErik Johnston2019-05-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | | | | | | NewsfileErik Johnston2019-05-141-6/+6
| | | | | | | |
| * | | | | | | Allow client event serialization to be asyncErik Johnston2019-05-1412-95/+187
| | |/ / / / / | |/| | | | |
* | | | | | | Merge pull request #5184 from matrix-org/erikj/expose_get_events_as_arrayErik Johnston2019-05-155-29/+53
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Expose DataStore._get_events as get_events_as_list
| * | | | | | | Update docstring with correct typeErik Johnston2019-05-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | | | | | | Expose DataStore._get_events as get_events_as_listErik Johnston2019-05-145-29/+53
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | This is in preparation for reaction work which requires it.
* / / / / / / comment about user_joined_roomRichard van der Hoff2019-05-141-0/+1
|/ / / / / /
* | | | | | Migrate all tests to use the dict-based config format instead of hanging ↵Amber Brown2019-05-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | items off HomeserverConfig (#5171)
* | | | | | Add ability to blacklist ip ranges for federation traffic (#5043)Andrew Morgan2019-05-133-14/+78
|/ / / / /
* | | / / 0.99.4rc1 v0.99.4rc1Brendan Abolivier2019-05-131-1/+1
| |_|/ / |/| | |
* | | | Fix CI after new release of isortBrendan Abolivier2019-05-131-1/+0
| |/ / |/| |
* | | URL preview blacklisting fixes (#5155)Andrew Morgan2019-05-102-20/+35
|/ / | | | | Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases.
* | Revert 085ae346ace418e0fc043ac5f568f85ebf80038eDavid Baker2019-05-101-1/+1
| | | | | | | | Accidentally went straight to develop
* | Add a DUMMY stage to captcha-only registration flowDavid Baker2019-05-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the client to complete the email last which is more natual for the user. Without this stage, if the client would complete the recaptcha (and terms, if enabled) stages and then the registration request would complete because you've now completed a flow, even if you were intending to complete the flow that's the same except has email auth at the end. Adding a dummy auth stage to the recaptcha-only flow means it's always unambiguous which flow the client was trying to complete. Longer term we should think about changing the protocol so the client explicitly says which flow it's trying to complete. https://github.com/vector-im/riot-web/issues/9586
* | Run `black` on per_destination_queueRichard van der Hoff2019-05-091-35/+39
| | | | | | | | ... mostly to fix pep8 fails
* | Limit the number of EDUs in transactions to 100 as expected by receiver (#5138)Quentin Dufour2019-05-092-27/+31
| | | | | | Fixes #3951.
* | add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-085-12/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* | Merge pull request #5037 from matrix-org/erikj/limit_inflight_dnsErik Johnston2019-05-081-1/+82
|\ \ | | | | | | Limit in flight DNS requests
| * | Limit in flight DNS requestsErik Johnston2019-04-091-1/+82
| | | | | | | | | | | | | | | | | | | | | This is to work around a bug in twisted where a large number of concurrent DNS requests cause it to tight loop forever. c.f. https://twistedmatrix.com/trac/ticket/9620#ticket
* | | Do checks on aliases for incoming m.room.aliases events (#5128)Brendan Abolivier2019-05-085-8/+55
| | | | | | | | | | | | | | | Follow-up to #5124 Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
* | | Merge pull request #5104 from matrix-org/erikj/ratelimit_3pid_inviteErik Johnston2019-05-071-0/+11
|\ \ \ | | | | | | | | Ratelimit 3pid invites
| * | | Rate limit earlyErik Johnston2019-05-021-2/+3
| | | |
| * | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-04-2663-959/+1158
| |\ \ \ | | | | | | | | | | | | | | | erikj/ratelimit_3pid_invite
| * | | | Ratelimit 3pid invitesErik Johnston2019-04-261-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | We do ratelimit sending the 3PID invite events, but that happens after spamming the identity server.
* | | | | Remove the requirement to authenticate for /admin/server_version. (#5122)Richard van der Hoff2019-05-071-10/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently.
* | | | | Merge branch 'master' into developRichard van der Hoff2019-05-034-13/+37
|\ \ \ \ \
| * | | | | 0.99.3.2 v0.99.3.2 github/release-v0.99.3.2 release-v0.99.3.2Richard van der Hoff2019-05-031-1/+1
| | | | | |
| * | | | | pin urllib3 to <1.25Richard van der Hoff2019-05-031-0/+8
| | | | | |
| * | | | | 0.99.3.1Richard van der Hoff2019-05-031-1/+1
| | | | | |
| * | | | | Merge pull request #5134 from matrix-org/rav/url_preview_blacklistRichard van der Hoff2019-05-031-10/+21
| |\ \ \ \ \ | | | | | | | | | | | | | | Blacklist 0.0.0.0 and :: by default for URL previews
| | * | | | | more config comment updatesRichard van der Hoff2019-05-031-2/+5
| | | | | | |
| | * | | | | Blacklist 0.0.0.0 and :: by default for URL previewsRichard van der Hoff2019-05-031-10/+18
| | | | | | |
| * | | | | | Merge pull request #5133 from matrix-org/rav/systemrandomRichard van der Hoff2019-05-031-2/+7
| |\ \ \ \ \ \ | | |/ / / / / | |/| | | | | Use SystemRandom for token generation.
| | * | | | | Use SystemRandom for token generationRichard van der Hoff2019-05-031-2/+7
| | | | | | |
* | | | | | | Add admin api for sending server_notices (#5121)Richard van der Hoff2019-05-023-3/+118
| | | | | | |