| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to circumvent the number of duplicate foo:count metrics increasing
without bounds, it's time for a rearrangement.
The following are all deprecated, and replaced with synapse_util_metrics_block_count:
synapse_util_metrics_block_timer:count
synapse_util_metrics_block_ru_utime:count
synapse_util_metrics_block_ru_stime:count
synapse_util_metrics_block_db_txn_count:count
synapse_util_metrics_block_db_txn_duration:count
The following are all deprecated, and replaced with synapse_http_server_response_count:
synapse_http_server_requests
synapse_http_server_response_time:count
synapse_http_server_response_ru_utime:count
synapse_http_server_response_ru_stime:count
synapse_http_server_response_db_txn_count:count
synapse_http_server_response_db_txn_duration:count
The following are renamed (the old metrics are kept for now, but deprecated):
synapse_util_metrics_block_timer:total ->
synapse_util_metrics_block_time_seconds
synapse_util_metrics_block_ru_utime:total ->
synapse_util_metrics_block_ru_utime_seconds
synapse_util_metrics_block_ru_stime:total ->
synapse_util_metrics_block_ru_stime_seconds
synapse_util_metrics_block_db_txn_count:total ->
synapse_util_metrics_block_db_txn_count
synapse_util_metrics_block_db_txn_duration:total ->
synapse_util_metrics_block_db_txn_duration_seconds
synapse_http_server_response_time:total ->
synapse_http_server_response_time_seconds
synapse_http_server_response_ru_utime:total ->
synapse_http_server_response_ru_utime_seconds
synapse_http_server_response_ru_stime:total ->
synapse_http_server_response_ru_stime_seconds
synapse_http_server_response_db_txn_count:total ->
synapse_http_server_response_db_txn_count
synapse_http_server_response_db_txn_duration:total
synapse_http_server_response_db_txn_duration_seconds
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Prometheus handles all metrics as floats, and sometimes we store non-integer
values in them (notably, durations in seconds), so let's render them as floats
too.
(Note that the standard client libraries also treat Counters as floats.)
|
|
|
|
|
| |
We need to actually download the remote media when we get a request for a
thumbnail.
|
|\
| |
| | |
When using synctl with workers, don't start the main synapse automatically
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Add /room/{id}/event/{id} to synapse
|
| |
| |
| |
| |
| |
| | |
Turns out that there is a valid usecase for retrieving event by id (notably
having received a push), but event ids should be scoped to room, so /event/{id}
is wrong.
|
|\ \ |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Do bcrypt hashing in a background thread
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
which was missing its fed client API, since there is no other API
it might as well reuse the bulk one and unwrap it
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update http request metrics before calling servlet
|
| | |_|/
| |/| |
| | | |
| | | |
| | | | |
Make sure that we set the servlet name in the metrics object *before* calling
the servlet, in case the servlet throws an exception.
|
| | | | |
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Fix broken config UTs
|
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/matrix-org/synapse/pull/2755 broke log-config generation,
which in turn broke the unit tests.
|
|/ / /
| | |
| | |
| | | |
(we had a mix of 2- and 4-space indents)
|
| | |
| | |
| | |
| | |
| | | |
Fixes https://github.com/matrix-org/synapse/issues/2759
Signed-off-by: Travis Ralston <travpc@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
... because these only really exist to confuse people nowadays.
Also bring log config more into line with the generated log config, by making `level_for_storage`
apply to the `synapse.storage.SQL` logger rather than `synapse.storage`.
|
|\ \ \
| | | |
| | | | |
Better logging when login can't find a 3pid
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Return a 400 rather than a 500 when somebody messes up their send_join
|
| | | |
| | | |
| | | |
| | | |
| | | | |
turns out we have two copies of this, and neither needs to be an instance
method
|
| | | | |
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
synapse/config/password_auth_providers: Fixed bracket typo
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Richard von Seck <richard.von-seck@gmx.net>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Silke <silke@slxh.eu>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Silke <silke@slxh.eu>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add listen_tcp and listen_ssl which implement Twisted's reactor.listenTCP
and reactor.listenSSL for multiple addresses.
Signed-off-by: Silke Hofstra <silke@slxh.eu>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed.
This causes a warning explaining the behaviour.
Configuration changed to match.
See #2232
Signed-off-by: Silke Hofstra <silke@slxh.eu>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most deployments are on Linux (or Mac OS), so this would actually bind
on both IPv4 and IPv6.
Resolves #1886.
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
|
|\ \ \
| | | |
| | | |
| | | | |
erikj/createroom_content
|
| |\ \ \
| | | | |
| | | | | |
Add all local users to the user_directory and optionally search them
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | |/
| | | |/| |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
additional users
Initial commit; this doesn't work yet - the LIKE filtering seems too aggressive.
It also needs _do_initial_spam to be aware of prepopulating the whole user_directory_search table with all users...
...and it needs a handle_user_signup() or something to be added so that new signups get incrementally added to the table too.
Committing it here as a WIP
|
| | | | |
| | | | |
| | | | |
| | | | | |
This was introduced in d7ea8c4 / PR #2728
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Wire the custom login type support from password providers into the UI-auth
user-validation flows.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Collect together all the places that validate a logged-in user via UI auth.
|
| | |/ /
| |/| |
| | | |
| | | |
| | | | |
Instead of returning False when auth is incomplete, throw an exception which
can be caught with a wrapper.
|
| |\ \ \
| | | | |
| | | | | |
Improve comments on get_user_by_access_token
|
| | | | |
| | | | |
| | | | |
| | | | | |
because I have to reverse-engineer this every time.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make sure that we delete devices whenever a user is logged out due to any of
the following situations:
* /logout
* /logout_all
* change password
* deactivate account (by the user or by an admin)
* invalidate access token from a dynamic module
Fixes #2672.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Non-functional refactoring to move set_password. This means that we'll be able
to properly deactivate devices and access tokens without introducing a
dependency loop.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Non-functional refactoring to move deactivate_account. This means that we'll be
able to properly deactivate devices and access tokens without introducing a
dependency loop.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Whenever an access token is invalidated, we should remove the associated
pushers.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Clear logcontext before starting fed txn queue runner
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | | |
These processes take a long time compared to the request, so there is lots of
"Entering|Restoring dead context" in the logs. Let's try to shut it up a bit.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Fix 500 when joining matrix-dev
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
matrix-dev has an event (`$/6ANj/9QWQyd71N6DpRQPf+SDUu11+HVMeKSpMzBCwM:zemos.net`)
which has no `hashes` member.
Check for missing `hashes` element in events.
|
| |/ / / |
|
| |\ \ \
| | | | |
| | | | | |
Fix error on sqlite 3.7
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
so that the right thing happens on workers.
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Create the url_cache index on local_media_repository as a background update, so
that we can detect whether we are on sqlite or not and create a partial or
complete index accordingly.
To avoid running the cleanup job before we have built the index, add a bailout
which will defer the cleanup if the bg updates are still running.
Fixes https://github.com/matrix-org/synapse/issues/2572.
|
| |\ \ \
| | | | |
| | | | | |
Avoid retrying forever on IntegrityError
|
| | | | | |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Fix error handling on dns lookup
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
pass the right arguments to the errback handler
Fixes "TypeError('eb() takes exactly 2 arguments (1 given)',)"
|
| |\ \ \ \
| | | | | |
| | | | | | |
Tiny code cleanups
|
| | | | | | |
|
| | |/ / /
| | | | |
| | | | |
| | | | | |
This is never used; let's remove it to stop confusing things.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Fix some logcontext leaks in replication resource
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | | |
The @measure_func annotations rely on the wrapped function respecting the
logcontext rules. Add the necessary yields to make this work.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Fix OPTIONS on preview_url
|
| | |/ / /
| | | | |
| | | | |
| | | | | |
Fixes #2706
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Use failure.Failure to recover our failure, which will give us a useful
stacktrace, unlike the rethrown exception.
|
| | | |
| | | |
| | | |
| | | | |
... to stop us doing the cache cleanup jobs on the master.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids the scenario where we have four different PreviewUrlResources
configured on a single app, each of which have their own caches and cache
clearing jobs.
|
| |\ \ \
| | | | |
| | | | | |
Clean up dependency list
|
| | |/ /
| | | |
| | | |
| | | |
| | | | |
remove those that aren't used at all, and replace the ones that don't have
builders with simple getters rather than dynamically-generated methods.
|
| |\ \ \
| | |/ /
| |/| | |
Avoid locking account_data tables for upserts
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
Avoid locking for upsert on pushers tables
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* replace the upsert into deleted_pushers with an insert
* no need to lock for upsert on pusher_throttle
|
| |\ \ \ \ |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Add automagical AS Publicised Group(s)
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | |_|_|/
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
via registration file "users" namespace:
```YAML
...
namespaces:
users:
- exclusive: true
regex: '.*luke.*'
group_id: '+all_the_lukes:hsdomain'
...
```
This is part of giving App Services their own groups for matching users. With this, ghost users will be given the appeareance that they are in a group and that they have publicised the fact, but _only_ from the perspective of the `get_publicised_groups_for_user` API.
|
| | |_|_|/
| |/| | | |
|
| | |_|/
| |/| | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that _simple_upsert will retry on IntegrityError, we don't need to lock the
table.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
wrap the call to _simple_upsert_txn in a loop so that we retry on an
integrityerror: this means we can avoid locking the table provided there is an
unique index.
|
| |/ /
| | |
| | |
| | | |
Bail out early to reduce indentation
|
| |\ \
| | | |
| | | | |
Pull out bits of StateStore to a mixin
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
... so that we don't need to secretly gut-wrench it for use in the slaved
stores. I haven't done the other stores yet, but we should. I'm tired of the
workers breaking every time we tweak the stores because I forgot to gut-wrench
the right method.
fixes https://github.com/matrix-org/synapse/issues/2655.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We're going to fix this properly on this branch, so that the _state_group_cache
can end up in StateGroupReadStore.
This reverts commit ab335edb023d66cd0be439e045b10ca104b73cb5.
|
| | | | |
|
| |\ \ \
| | | | |
| | | | | |
Remove preserve_context_over_{fn, deferred}
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Both of these functions ae known to leak logcontexts. Replace the remaining
calls to them and kill them off.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Rename redact_content option to include_content
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
because we had to wait until the logger was set up
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The redact_content option never worked because it read the wrong config
section. The PR introducing it
(https://github.com/matrix-org/synapse/pull/2301) had feedback suggesting the
name be changed to not re-use the term 'redact' but this wasn't
incorporated.
This reanmes the option to give it a less confusing name, and also
means that people who've set the redact_content option won't suddenly
see a behaviour change when upgrading synapse, but instead can set
include_content if they want to.
This PR also updates the wording of the config comment to clarify
that this has no effect on event_id_only push.
Includes https://github.com/matrix-org/synapse/pull/2422
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Reshuffle room list request code
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
I'm not entirely sure if this will actually help anything, but it simplifies
the code and might give further clues about why room list search requests are
blowing out the get_current_state_ids caches.
|
| | | |/ / /
| | |/| | |
| | | | | |
| | | | | | |
So we can see what it gets up to.
|
| | | | | | |
|
| | | | | | |
|
| |_|_|_|/
|/| | | |
| | | | | |
We reused the `content` dictionary between invite requests, which meant they could end up reusing the profile info for a previous user
|
| | | | | |
|
|/ / / / |
|
| |_|/
|/| | |
|
|\ \ \
| |/ /
|/| | |
Make __init__ consistent across Store hierarchy
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add db_conn parameters to the `__init__` methods of the *Store classes, so that
they are all consistent, which makes the multiple inheritance work correctly
(and so that we can later extract mixins which can be used in the slavedstores)
|
|\ \ \
| | | |
| | | | |
Add a route for determining who you are
|
| | | |
| | | |
| | | | |
Signed-off-by: Travis Ralston <travpc@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Useful for applications which may have an access token, but no idea as to who owns it.
Signed-off-by: Travis Ralston <travpc@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Cache failures in url_preview handler
|
| | | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Reshuffle the caching logic in the url_preview handler so that failures are
cached (and to generally simplify things and fix the logcontext leaks).
|
|\ \ \ \
| | |/ /
| |/| | |
|
| | | |
| | | |
| | | |
| | | | |
This reverts commit f5cf3638e9c6086e1c33ddad8eda9298cf53a58e.
|
| |/ / |
|
| | |
| | |
| | |
| | | |
Explain why we don't validate userids registered via app services
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Force username to lowercase before attempting to register
https://github.com/matrix-org/synapse/issues/2660
|
| | |
| | |
| | |
| | | |
This reverts commit b70b64690330c25cbd04c1b2cacf8276b566efc8.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
If somebody sends us a request where the the body is invalid utf-8, we should
return a 400 rather than a 500. (json.loads throws a UnicodeError in this
situation)
We might as well catch all Exceptions here: it seems very unlikely that we
would get a request that *isn't caused by invalid json.
|
| |
| |
| |
| | |
Because we're never going to be able to fix this :'(
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Fix 'NoneType' not iterable in /deactivate
|
| | |
| | |
| | |
| | | |
make sure we actually return a value from user_delete_access_tokens
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix appservices being backlogged and not receiving new events due to a bug in notify_interested_services
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
in notify_interested_services
|
|\ \ \ \
| |_|_|/
|/| | | |
Avoid no-op media deletes
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If there are no media entries to delete,
avoid creating transactions, prepared statements
and unnecessary log entries.
Signed-off-by: Slavi Pantaleev <slavi@devture.com>
|
|\ \ \
| | | |
| | | | |
Fix bug in state group storage
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes a bug where the persisted state groups were different to those actually
being used after auth resolution.
|
| | | |
| | | |
| | | |
| | | | |
This is duplicated, so let's factor it out before fixing it
|
| | |/
| |/|
| | |
| | | |
this is internal to statestore, so let's keep it there.
|
|\ \ \
| |/ /
|/| | |
Fix various embarrassing typos around user_directory and add some doc.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Fix for #2635: correctly update rooms avatar/display name when modified by admin
|
| | | |
|
| | |
| | |
| | |
| | | |
by admin
|
| | |
| | |
| | |
| | |
| | | |
This reverts commit f9b255cd62fe724e16b2222f6af623b2d39282ab, reversing
changes made to 1bd654dabde776bbb7ee365c115b307cd6a110b8.
|
|\| | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Ignore <noscript> tags when generating URL preview descriptions
|
| | | | |
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add some logging to the Limiter in a similar spirit to the Linearizer, to help
debug issues.
Also fix a logcontext leak.
Also refactor slightly to avoid throwing exceptions.
|
|\ \ \
| | | |
| | | | |
Make the get_rooms_in_group API more sane
|
| | | |
| | | |
| | | |
| | | | |
Return entries with is_public = True when they're public and is_public = False otherwise.
|
|\ \ \ \
| |/ / /
|/| | | |
support inhibit_login in /register
|
| | | |
| | | |
| | | |
| | | | |
Allow things to pass inhibit_login when registering to ... inhibit logins.
|
|\ \ \ \ |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Add a hook for custom rest endpoints
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | | |
Let the user specify custom modules which can be used for implementing extra
endpoints.
|
| |\ \ \ \
| | | | | |
| | | | | | |
Factor _AccountHandler proxy out to ModuleApi
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
This was a bit of a code vomit, so let's factor it out to preserve some sanity
|
| |/ / /
|/| | |
| | | |
| | | | |
add `get_user_by_req` and `invalidate_access_token`
|
|/ / /
| | |
| | |
| | |
| | | |
We're going to need to use this from places that aren't password auth, so let's
move it to a proper class.
|
|\ \ \
| | | |
| | | | |
Notify auth providers on logout
|
| | | |
| | | |
| | | |
| | | | |
Provide a hook by which auth providers can be notified of logouts.
|
|\ \ \ \
| | | | |
| | | | | |
Allow password_auth_providers to return a callback
|
| | | | |
| | | | |
| | | | |
| | | | | |
this got broken in the previous commit
|
| |/ / /
| | | |
| | | |
| | | | |
... so that they have a way to record access tokens.
|
|\ \ \ \
| |/ / /
|/| | | |
Let auth providers get to the database
|
| | | |
| | | |
| | | |
| | | | |
Somewhat open to abuse, but also somewhat unavoidable :/
|
|\ \ \ \
| | | | |
| | | | | |
Let password auth providers handle arbitrary login types
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Provide a hook where password auth providers can say they know about other
login types, and get passed the relevant parameters
|
|\ \ \ \
| | | | |
| | | | | |
Move access token deletion into auth handler
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | | |
rav/refactor_accesstoken_delete
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also move duplicated deactivation code into the auth handler.
I want to add some hooks when we deactivate an access token, so let's bring it
all in here so that there's somewhere to put it.
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
automatically set default displayname on register
|
| | | | |
| | | | |
| | | | |
| | | | | |
to avoid clobbering guest user displaynames on registration
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
to avoid leaking ugly MXIDs and cluttering up the timeline with
displayname changes as well as membership joins for autojoin rooms
(e.g. the status autojoin rooms), automatically set the displayname
to match the localpart of the mxid upon registration.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Break dependency of auth_handler on device_handler
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.
It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove the last vestiges of refresh_tokens
|
| |/ / / / |
|
| | | | | |
|
| |/ / /
|/| | |
| | | |
| | | | |
Carefully though, to avoid logging passwords
|
|\ \ \ \
| |/ / /
|/| | | |
Modify group room association API to allow modification of is_public
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
also includes renamings to make things more consistent.
|
|/ / /
| | |
| | |
| | |
| | | |
Provide an interface by which password auth providers can register db schema
files to be run at startup
|
|\ \ \
| | | |
| | | | |
Refactor some logic from LoginRestServlet into AuthHandler
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I'm going to need some more flexibility in handling login types in password
auth providers, so as a first step, move some stuff from LoginRestServlet into
AuthHandler.
In particular, we pass everything other than SAML, JWT and token logins down to
the AuthHandler, which now has responsibility for checking the login type and
fishing the password out of the login dictionary, as well as qualifying the
user_id if need be. Ideally SAML, JWT and token would go that way too, but
there's no real need for it right now and I'm trying to minimise impact.
This commit *should* be non-functional.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
try to make the backwards-compat flows follow the same code paths as the modern
impl.
This commit should be non-functional.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | |/
| |/|
| | | |
into develop
|
| | |
| | |
| | |
| | |
| | | |
This helps ensure that the renewals of attestations are spread out more
evenly.
|
|\ \ \
| | | |
| | | |
| | | | |
into develop
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
|\ \ \
| | | |
| | | | |
Add comment about attestations
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Device deletion: check UI auth matches access token
|
| | | | |
| | | | |
| | | | |
| | | | | |
(otherwise there's no point in the UI auth)
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allow ASes to deactivate their own users
|
| | |_|_|/
| |/| | | |
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Add is_public to groups table to allow for private groups
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|