summary refs log tree commit diff
path: root/synapse (follow)
Commit message (Collapse)AuthorAgeFilesLines
* enable aggregations support by defaultNeil Johnson2019-07-181-1/+1
|
* Clean up opentracing configuration options (#5712)Richard van der Hoff2019-07-183-48/+61
| | | | | | | | | | | | | | | | | Clean up config settings and dead code. This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular: * There should be a blank line after `## Section ##' headings * There should be a blank line between each config setting * There should be a `#`-only line between a comment and the setting it describes * We don't really do the `# #` style commenting-out of whole sections if we can help it * rename `tracer_enabled` to `enabled` While we're here, do more config parsing upfront, which makes it easier to use later on. Also removes redundant code from LogContextScopeManager. Also changes the changelog fragment to a `feature` - it's exciting!
* Support Prometheus_client 0.4.0+ (#5636)Amber Brown2019-07-1816-47/+288
|
* Remove the ability to query relations when the original event was redacted. ↵Andrew Morgan2019-07-183-36/+66
| | | | | | | (#5629) Fixes #5594 Forbid viewing relations on an event once it has been redacted.
* Convert synapse.federation.transport.server to async (#5689)Richard van der Hoff2019-07-181-242/+188
| | | | | | | | | | | | | | | | * Convert BaseFederationServlet._wrap to async Empirically, this fixes some lost stacktraces. It should be safe because the wrapped function is called from JsonResource._async_render, which is already async. * Convert the rest of synapse.federation.transport.server to async We may as well do the whole file while we're here. * changelog * flake8
* Ignore redactions of m.room.create events (#5701)Richard van der Hoff2019-07-173-24/+36
|
* More refactoring in `get_events_as_list` (#5707)Richard van der Hoff2019-07-171-27/+37
| | | | | | | | We can now use `_get_events_from_cache_or_db` rather than going right back to the database, which means that (a) we can benefit from caching, and (b) it opens the way forward to more extensive checks on the original event. We now always require the original event to exist before we will serve up a redaction.
* Fix redaction authentication (#5700)Richard van der Hoff2019-07-171-85/+129
| | | | | | | | | | | | | | | | | Ensures that redactions are correctly authenticated for recent room versions. There are a few things going on here: * `_fetch_event_rows` is updated to return a dict rather than a list of rows. * Rather than returning multiple copies of an event which was redacted multiple times, it returns the redactions as a list within the dict. * It also returns the actual rejection reason, rather than merely the fact that it was rejected, so that we don't have to query the table again in `_get_event_from_row`. * The redaction handling is factored out of `_get_event_from_row`, and now checks if any of the redactions are valid.
* Refactor `get_events_as_list` (#5699)Richard van der Hoff2019-07-171-48/+74
| | | | | | | | | | | A couple of changes here: * get rid of a redundant `allow_rejected` condition - we should already have filtered out any rejected events before we get to that point in the code, and the redundancy is confusing. Instead, let's stick in an assertion just to make double-sure we aren't leaking rejected events by mistake. * factor out a `_get_events_from_cache_or_db` method, which is going to be important for a forthcoming fix to redactions.
* Remove pointless descriptionErik Johnston2019-07-161-1/+0
|
* Clean up arg name and remove lying commentErik Johnston2019-07-161-7/+5
|
* Fix typo in synapse/app/admin_cmd.pyErik Johnston2019-07-161-1/+1
| | | Co-Authored-By: Aaron Raimist <aaron@raim.ist>
* Fix invoking add_argument from homeserver.pyErik Johnston2019-07-151-1/+1
|
* s/exfiltrate_user_data/export_user_data/Erik Johnston2019-07-151-1/+1
|
* Add FileExfiltrationWriterErik Johnston2019-07-151-1/+69
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_api_cmdErik Johnston2019-07-15111-1621/+2238
|\
| * Return a different error from Invalid Password when a user is deactivated ↵Andrew Morgan2019-07-152-0/+25
| | | | | | | | | | (#5674) Return `This account has been deactivated` instead of `Invalid password` when a user is deactivated.
| * Merge pull request #5589 from matrix-org/erikj/admin_exfiltrate_dataErik Johnston2019-07-153-6/+211
| |\ | | | | | | Add basic function to get all data for a user out of synapse
| | * Fixup docstringsErik Johnston2019-07-121-7/+5
| | |
| | * pep8Erik Johnston2019-07-051-4/+0
| | |
| | * Remove FileExfiltrationWriterErik Johnston2019-07-051-63/+0
| | |
| | * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-07-0584-1027/+1237
| | |\ | | | | | | | | | | | | erikj/admin_exfiltrate_data
| | * | Assume key existence. Update docstringsErik Johnston2019-07-052-9/+11
| | | |
| | * | Fixup from review comments.Erik Johnston2019-07-041-17/+22
| | | |
| | * | Apply comment fixups from code reviewErik Johnston2019-07-031-6/+6
| | | | | | | | | | | | Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
| * | | Implement access token expiry (#5660)Richard van der Hoff2019-07-127-20/+105
| | | | | | | | | | | | | | | | Record how long an access token is valid for, and raise a soft-logout once it expires.
| * | | fix typo: backgroud -> backgroundAndrew Morgan2019-07-122-5/+5
| | | |
| * | | small typo fix (#5655)Andrew Morgan2019-07-111-1/+1
| | | |
| * | | Clean up exception handling for access_tokens (#5656)Richard van der Hoff2019-07-114-93/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them.
| * | | Add basic opentracing support (#5544)Jorik Schellekens2019-07-1110-12/+615
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
| * | | Inline issue_access_token (#5659)Richard van der Hoff2019-07-111-7/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is only used in one place, so it's clearer if we inline it and reduce the API surface. Also, fixes a buglet where we would create an access token even if we were about to block the user (we would never return the AT, so the user could never use it, but it was still created and added to the db.)
| * | | Merge pull request #5658 from matrix-org/babolivier/is-jsonBrendan Abolivier2019-07-101-1/+1
| |\ \ \ | | | | | | | | | | Send 3PID bind requests as JSON data
| | * | | TypoBrendan Abolivier2019-07-101-1/+1
| | | | |
| | * | | Send 3PID bind requests as JSON dataBrendan Abolivier2019-07-101-1/+1
| | | | |
| * | | | Remove access-token support from RegistrationStore.register (#5642)Richard van der Hoff2019-07-102-21/+5
| |/ / / | | | | | | | | | | | | | | | | The 'token' param is no longer used anywhere except the tests, so let's kill that off too.
| * | | Don't bundle aggregations when retrieving the original event (#5654)Andrew Morgan2019-07-101-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A fix for PR #5626, which returned the original event content as part of a call to /relations. Only problem was that we were attempting to aggregate the relations on top of it when we did so. We now set bundle_aggregations to False in the get_event call. We also do this when pulling the relation events as well, because edits of edits are not something we'd like to support here.
| * | | Merge pull request #5638 from matrix-org/babolivier/invite-jsonBrendan Abolivier2019-07-091-4/+18
| |\ \ \ | | | | | | | | | | Use JSON when querying the IS's /store-invite endpoint
| | * \ \ Merge branch 'develop' into babolivier/invite-jsonBrendan Abolivier2019-07-08105-1513/+1630
| | |\ \ \
| | * | | | LintBrendan Abolivier2019-07-081-1/+2
| | | | | |
| | * | | | Use application/json when querying the IS's /store-invite endpointBrendan Abolivier2019-07-081-4/+17
| | | | | |
| * | | | | remove unused and unnecessary check for FederationDeniedError (#5645)Hubert Chathi2019-07-091-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FederationDeniedError is a subclass of SynapseError, which is a subclass of CodeMessageException, so if e is a FederationDeniedError, then this check for FederationDeniedError will never be reached since it will be caught by the check for CodeMessageException above. The check for CodeMessageException does almost the same thing as this check (since FederationDeniedError initialises with code=403 and msg="Federation denied with %s."), so may as well just keep allowing it to handle this case.
| * | | | | Include the original event in /relations (#5626)Andrew Morgan2019-07-092-4/+6
| | | | | | | | | | | | | | | | | | When asking for the relations of an event, include the original event in the response. This will mostly be used for efficiently showing edit history, but could be useful in other circumstances.
| * | | | | Merge pull request #5644 from matrix-org/babolivier/profile-allow-selfBrendan Abolivier2019-07-091-0/+4
| |\ \ \ \ \ | | | | | | | | | | | | | | Allow newly-registered users to lookup their own profiles
| | * | | | | Allow newly-registered users to lookup their own profilesBrendan Abolivier2019-07-081-0/+4
| | | |/ / / | | |/| | | | | | | | | | | | | | | When a user creates an account and the 'require_auth_for_profile_requests' config flag is set, and a client that performed the registration wants to lookup the newly-created profile, the request will be denied because the user doesn't share a room with themselves yet.
| * | | | | Remove access-token support from RegistrationHandler.register (#5641)Richard van der Hoff2019-07-086-56/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nothing uses this now, so we can remove the dead code, and clean up the API. Since we're changing the shape of the return value anyway, we take the opportunity to give the method a better name.
| * | | | | Better logging for auto-join. (#5643)Richard van der Hoff2019-07-081-0/+7
| |/ / / / | | | | | | | | | | It was pretty unclear what was going on, so I've added a couple of log lines.
| * | | | Update ModuleApi to avoid register(generate_token=True) (#5640)Richard van der Hoff2019-07-081-8/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update ModuleApi to avoid register(generate_token=True) This is the only place this is still used, so I'm trying to kill it off. * changelog
| * | | | Factor out some redundant code in the login impl (#5639)Richard van der Hoff2019-07-081-39/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Factor out some redundant code in the login impl Also fixes a redundant access_token which was generated during jwt login. * changelog
| * | | | Move get_or_create_user to test code (#5628)Richard van der Hoff2019-07-081-51/+0
| | | | | | | | | | | | | | | This is only used in tests, so...
| * | | | Add default push rule to ignore reactions (#5623)J. Ryan Stinnett2019-07-051-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a default push rule following the proposal in [MSC2153](https://github.com/matrix-org/matrix-doc/pull/2153). See also https://github.com/vector-im/riot-web/issues/10208 See also https://github.com/matrix-org/matrix-js-sdk/pull/976
| * | | | Add origin_server_ts and sender fields to m.replace (#5613)Andrew Morgan2019-07-051-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | Riot team would like some extra fields as part of m.replace, so here you go. Fixes: #5598
| * | | | Remove support for invite_3pid_guest. (#5625)Richard van der Hoff2019-07-056-196/+2
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has never been documented, and I'm not sure it's ever been used outside sytest. It's quite a lot of poorly-maintained code, so I'd like to get rid of it. For now I haven't removed the database table; I suggest we leave that for a future clearout.
| * | | remove dead transaction persist code (#5622)Richard van der Hoff2019-07-053-69/+0
| | | | | | | | | | | | | | | | this hasn't done anything for years
| * | | Fixes to the federation rate limiter (#5621)Richard van der Hoff2019-07-052-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Put the default window_size back to 1000ms (broken by #5181) - Make the `rc_federation` config actually do something - fix an off-by-one error in the 'concurrent' limit - Avoid creating an unused `_PerHostRatelimiter` object for every single incoming request
| * | | Make errors about email password resets much clearer (#5616)Andrew Morgan2019-07-051-11/+8
| | | | | | | | | | | | The runtime errors that dealt with local email password resets talked about config options that users may not even have in their config file yet (if upgrading). Instead, the cryptic errors are now replaced with hopefully much more helpful ones.
| * | | Improve the backwards compatibility re-exports of synapse.logging.context ↵Amber Brown2019-07-053-5/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#5617) * Improve the backwards compatibility re-exports of synapse.logging.context. * reexport logformatter too
| * | | Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2019-07-041-1/+1
| |\ \ \
| | * | | 1.1.0Erik Johnston2019-07-041-1/+1
| | | | |
| * | | | Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-0471-141/+153
| | | | |
| * | | | Fix 'utime went backwards' errors on daemonization. (#5609)Richard van der Hoff2019-07-032-31/+43
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix 'utime went backwards' errors on daemonization. Fixes #5608 * remove spurious debug
| * | | 1.1.0rc2 v1.1.0rc2Richard van der Hoff2019-07-031-1/+1
| | | |
| * | | Fix a number of "Starting txn from sentinel context" warnings (#5605)Richard van der Hoff2019-07-034-6/+34
| | | | | | | | | | | | | | | | Fixes #5602, #5603
| * | | Fix media repo breaking (#5593)Amber Brown2019-07-023-12/+24
| | | |
| * | | prepare v1.1.0rc1Richard van der Hoff2019-07-021-1/+1
| | | |
| * | | Complete the SAML2 implementation (#5422)Richard van der Hoff2019-07-025-44/+209
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SAML2 Improvements and redirect stuff Signed-off-by: Alexander Trost <galexrt@googlemail.com> * Code cleanups and simplifications. Also: share the saml client between redirect and response handlers. * changelog * Revert redundant changes to static js * Move all the saml stuff out to a centralised handler * Add support for tracking SAML2 sessions. This allows us to correctly handle `allow_unsolicited: False`. * update sample config * cleanups * update sample config * rename BaseSSORedirectServlet for consistency * Address review comments
| | * \ \ Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-07-0122-205/+303
| | |\ \ \
| | * | | | Address review commentsRichard van der Hoff2019-07-011-5/+7
| | | | | |
| | * | | | rename BaseSSORedirectServlet for consistencyRichard van der Hoff2019-06-271-3/+3
| | | | | |
| | * | | | cleanupsRichard van der Hoff2019-06-273-11/+18
| | | | | |
| | * | | | Add support for tracking SAML2 sessions.Richard van der Hoff2019-06-262-3/+56
| | | | | | | | | | | | | | | | | | | | | | | | This allows us to correctly handle `allow_unsolicited: False`.
| | * | | | Move all the saml stuff out to a centralised handlerRichard van der Hoff2019-06-264-50/+96
| | | | | |
| | * | | | Revert redundant changes to static jsRichard van der Hoff2019-06-261-4/+2
| | | | | |
| | * | | | Merge branch 'develop' into rav/saml2_clientRichard van der Hoff2019-06-26304-9516/+9216
| | |\ \ \ \
| | * \ \ \ \ Merge tag 'v1.0.0rc3' into rav/saml2_clientRichard van der Hoff2019-06-114-2/+7
| | |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.0.0rc3 (2019-06-10) ============================= Security: Fix authentication bug introduced in 1.0.0rc1. Please upgrade to rc3 immediately
| | * | | | | | Code cleanups and simplifications.Richard van der Hoff2019-06-116-50/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also: share the saml client between redirect and response handlers.
| | * | | | | | Merge remote-tracking branch 'origin/develop' into rav/saml2_clientRichard van der Hoff2019-06-1085-861/+4648
| | |\ \ \ \ \ \
| | * | | | | | | SAML2 Improvements and redirect stuffAlexander Trost2019-06-025-2/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexander Trost <galexrt@googlemail.com>
| * | | | | | | | Fix JWT login with new users (#5586)PauRE2019-07-021-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* | | | | | | | | Use set_defaults(func=) styleErik Johnston2019-07-151-11/+8
| | | | | | | | |
* | | | | | | | | Move creation of ArgumentParser to callerErik Johnston2019-07-152-11/+8
| | | | | | | | |
* | | | | | | | | Fix up commentsErik Johnston2019-07-152-3/+3
| | | | | | | | |
* | | | | | | | | Change add_arguments to be a static methodErik Johnston2019-07-155-5/+39
| | | | | | | | |
* | | | | | | | | Add basic admin cmd appErik Johnston2019-07-023-6/+257
| |_|_|_|_|_|_|/ |/| | | | | | |
* | | | | | | | Add basic function to get all data for a user out of synapseErik Johnston2019-07-022-0/+267
|/ / / / / / /
* | | | | | | fix async/await consentresource (#5585)Amber Brown2019-07-011-1/+3
| | | | | | | | | | | | | | | | | | | | | Fixes #5582
* | | | | | | Merge pull request #5507 from matrix-org/erikj/presence_sync_tighloopErik Johnston2019-07-011-2/+19
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Fix sync tightloop bug.
| * | | | | | Fixup commentErik Johnston2019-07-011-6/+13
| | | | | | |
| * | | | | | Fix sync tightloop bug.Erik Johnston2019-06-211-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If, for some reason, presence updates take a while to persist then it can trigger clients to tightloop calling `/sync` due to the presence handler returning updates but not advancing the stream token. Fixes #5503.
* | | | | | | Make the http server handle coroutine-making REST servlets (#5475)Amber Brown2019-06-299-156/+114
| | | | | | |
* | | | | | | Merge pull request #5576 from matrix-org/babolivier/3pid-invite-ratelimitBrendan Abolivier2019-06-281-0/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Don't update the ratelimiter before sending a 3PID invite
| * | | | | | | Only ratelimit when sending the emailBrendan Abolivier2019-06-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we do the opposite, an event can arrive after or while sending the email and the 3PID invite event will get ratelimited.
| * | | | | | | Don't update the ratelimiter before sending a 3PID inviteBrendan Abolivier2019-06-281-1/+1
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | This would cause emails being sent, but Synapse responding with a 429 when creating the event. The client would then retry, and with bad timing the same scenario would happen again. Some testing I did ended up sending me 10 emails for one single invite because of this.
* | | | | | | Don't log GC 0s at INFO (#5557)Amber Brown2019-06-281-1/+4
| | | | | | |
* | | | | | | Update the TLS cipher string and provide configurability for TLS on outgoing ↵Amber Brown2019-06-282-7/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | federation (#5550)
* | | | | | | Added possibilty to disable local password authentication (#5092)Daniel Hoffend2019-06-273-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel Hoffend <dh@dotlan.net>
* | | | | | | Make it clearer that the template dir is relative to synapse's root dir (#5543)Andrew Morgan2019-06-271-1/+9
| | | | | | | | | | | | | | | | | | | | | Helps address #5444
* | | | | | | Merge pull request #5559 from matrix-org/erikj/refactor_changed_devicesErik Johnston2019-06-273-37/+97
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Refactor devices changed query to pull less from DB
| * | | | | | Review commentsErik Johnston2019-06-272-7/+5
| | | | | | |
| * | | | | | Refactor and comment sync device list codeErik Johnston2019-06-261-17/+53
| | | | | | |
| * | | | | | Use batch_iter and correct docstringErik Johnston2019-06-261-15/+12
| | | | | | |
| * | | | | | Rename get_users_whose_devices_changedErik Johnston2019-06-263-5/+5
| | | | | | |
| * | | | | | Refactor get_user_ids_changed to pull less from DBErik Johnston2019-06-263-28/+57
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a client asks for users whose devices have changed since a token we used to pull *all* users from the database since the token, which could easily be thousands of rows for old tokens. This PR changes this to only check for changes for users the client is actually interested in. Fixes #5553
* / | | | | Fix JWT login (#5555)PauRE2019-06-272-1/+2
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix JWT login with register Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Add pyjwt conditional dependency Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Added changelog file Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com> * Improved changelog description Signed-off-by: Pau Rodriguez-Estivill <prodrigestivill@gmail.com>
* | | | | Prevent multiple upgrades on the same room at once (#5051)Andrew Morgan2019-06-252-52/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #4583 Does slightly less than #5045, which prevented a room from being upgraded multiple times, one after another. This PR still allows that, but just prevents two from happening at the same time. Mostly just to mitigate the fact that servers are slow and it can take a moment for the room upgrade to actually complete. We don't want people sending another request to upgrade the room when really they just thought the first didn't go through.
* | | | | Merge pull request #5524 from matrix-org/rav/new_cmdline_optionsRichard van der Hoff2019-06-242-5/+41
|\ \ \ \ \ | | | | | | | | | | | | Add --data-dir and --open-private-ports options.
| * | | | | Add "--open-private-ports" cmdline optionRichard van der Hoff2019-06-242-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | This is helpful when generating a config file for running synapse under docker.
| * | | | | Add --data-directory commandline argumentRichard van der Hoff2019-06-241-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | We don't necessarily want to put the data in the cwd.
* | | | | | Merge pull request #5523 from matrix-org/rav/arg_defaultsRichard van der Hoff2019-06-2429-107/+87
|\| | | | | | | | | | | | | | | | | Stop conflating generated config and default config
| * | | | | Don't load the generated config as the default.Richard van der Hoff2019-06-2429-94/+60
| | | | | | | | | | | | | | | | | | | | | | | | It's too confusing.
| * | | | | Ensure that all config options have sensible defaultsRichard van der Hoff2019-06-244-13/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will enable us to skip the unintuitive behaviour where the generated config and default config are the same thing.
* | | | | | Merge pull request #5499 from matrix-org/rav/cleanup_metricsRichard van der Hoff2019-06-242-29/+52
|\ \ \ \ \ \ | | | | | | | | | | | | | | Cleanups and sanity-checking in cpu and db metrics
| * | | | | | blackRichard van der Hoff2019-06-241-6/+2
| | | | | | |
| * | | | | | Avoid raising exceptions in metricsRichard van der Hoff2019-06-241-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sentry will catch the errors if they happen, so that should be good enough, and woun't make things explode if we hit the error condition.
| * | | | | | Merge branch 'develop' into rav/cleanup_metricsRichard van der Hoff2019-06-24291-9106/+8018
| |\ \ \ \ \ \
| * | | | | | | Sanity-checking for metrics updatesRichard van der Hoff2019-06-191-7/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check that our clocks go forward.
| * | | | | | | Simplify PerformanceCounters.update interfaceRichard van der Hoff2019-06-191-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we already have the duration for the update, so may as well use it rather than passing extra params around and recalculating it.
| * | | | | | | Remove unused _get_event_countersRichard van der Hoff2019-06-191-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has been redundant since cdb3757942fefdcdc3d33b9c6d7c9e44decefd6f.
* | | | | | | | Merge pull request #5534 from matrix-org/babolivier/federation-publicroomsBrendan Abolivier2019-06-243-15/+39
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Split public rooms directory auth config in two
| * | | | | | | | Split public rooms directory auth config in twoBrendan Abolivier2019-06-243-15/+39
| | | | | | | | |
* | | | | | | | | Merge pull request #5531 from matrix-org/erikj/workers_pagination_tokenErik Johnston2019-06-242-17/+19
|\ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / |/| | | | | | | | Fix /messages on workers when no from param specified.
| * | | | | | | | Fix /messages on workers when no from param specified.Erik Johnston2019-06-242-17/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If no `from` param is specified we calculate and use the "current token" that inlcuded typing, presence, etc. These are unused during pagination and are not available on workers, so we simply don't calculate them.
* | | | | | | | | Remove unused Config.config_dir_path attributeRichard van der Hoff2019-06-241-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is no longer used and only serves to confuse.
* | | | | | | | | Allow configuration of the path used for ACME account keys.Richard van der Hoff2019-06-243-7/+52
| |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because sticking it in the same place as the config isn't necessarily the right thing to do.
* | | | | | | | Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-2430-63/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
* | | | | | | | Factor acme bits out to a separate file (#5521)Richard van der Hoff2019-06-242-53/+93
|/ / / / / / / | | | | | | | | | | | | | | This makes some of the conditional-import hoop-jumping easier.
* | | | | | | Merge pull request #5498 from matrix-org/rav/fix_clock_reversalRichard van der Hoff2019-06-241-6/+14
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Use monotonic clock where possible for metrics
| * | | | | | | Use monotonic clock where possible for metricsRichard van der Hoff2019-06-191-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes intermittent errors observed on Apple hardware which were caused by time.clock() appearing to go backwards when called from different threads. Also fixes a bug where database activity times were logged as 1/1000 of their correct ratio due to confusion between milliseconds and seconds.
* | | | | | | | Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-224-51/+1
| |_|/ / / / / |/| | | | | | | | | | | | | This has no useful purpose on python3, and is generally a source of confusion.
* | | | | | | Improve help and cmdline option names for --generate-config options (#5512)Richard van der Hoff2019-06-211-22/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * group the arguments together into a group * add new names "--generate-missing-config" and "--config-directory" for existing cmdline options "--generate-keys" and "--keys-dir", which better reflect their purposes.
* | | | | | | Refactor Config parser and add some comments. (#5511)Richard van der Hoff2019-06-211-14/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add some comments, and simplify `read_config_files`.
* | | | | | | Improve logging when generating config files (#5510)Richard van der Hoff2019-06-213-1/+7
| | | | | | | | | | | | | | | | | | | | | Make it a bit clearer what's going on.
* | | | | | | Only import jinja2 when needed (#5514)Andrew Morgan2019-06-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes https://github.com/matrix-org/synapse/issues/5431 `jinja2` was being imported even when it wasn't strictly necessary. This made it required to run Synapse, even if the functionality that required it wasn't enabled. This was causing new Synapse installations to crash on startup. Email modules are now required.
* | | | | | | Fix "Unexpected entry in 'full_schemas'" log warning (#5509)Richard van der Hoff2019-06-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a README.txt which always sets off this warning, which is a bit alarming when you first start synapse. I don't think we need to warn about this.
* | | | | | | Fix logging error when a tampered event is detected. (#5500)Richard van der Hoff2019-06-211-1/+0
| | | | | | |
* | | | | | | Fix /messages on worker when no token suppliedErik Johnston2019-06-211-0/+2
| | | | | | |
* | | | | | | Support pagination API in client_reader workerErik Johnston2019-06-211-0/+2
| |_|/ / / / |/| | | | |
* | | | | | Merge pull request #5476 from matrix-org/erikj/histogram_extremitiesErik Johnston2019-06-212-1/+36
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add metrics for length of new extremities persisted.
| * | | | | | BlackErik Johnston2019-06-201-2/+2
| | | | | | |
| * | | | | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-06-20292-9079/+7986
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | erikj/histogram_extremities
| * | | | | | | Add descriptions and remove redundant set(..)Erik Johnston2019-06-192-4/+7
| | | | | | | |
| * | | | | | | Only count non-cache state resolutionErik Johnston2019-06-181-3/+3
| | | | | | | |
| * | | | | | | Use consistent bucketsErik Johnston2019-06-181-1/+1
| | | | | | | |
| * | | | | | | Add metric fo number of state groups in resolutionErik Johnston2019-06-171-0/+10
| | | | | | | |
| * | | | | | | Add metrics for len of new extremities persisted.Erik Johnston2019-06-171-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Of new events being persisted add metrics for total size of forward extremities and number of unchanged, "stale" extremities.
* | | | | | | | Improve email notification logging (#5502)Neil Johnson2019-06-201-1/+1
| |/ / / / / / |/| | | | | |
* | | | | | | Run Black. (#5482)Amber Brown2019-06-20291-9076/+7753
| | | | | | |
* | | | | | | Merge pull request #5042 from matrix-org/erikj/fix_get_missing_events_errorErik Johnston2019-06-191-9/+19
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Handle the case of `get_missing_events` failing
| * | | | | | | Fix loglineErik Johnston2019-06-181-1/+1
| | | | | | | |
| * | | | | | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-06-18171-2326/+11195
| |\ \ \ \ \ \ \ | | | |_|/ / / / | | |/| | | | | | | | | | | | | erikj/fix_get_missing_events_error
| * | | | | | | Handle the case of `get_missing_events` failingErik Johnston2019-04-101-9/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a call to `/get_missing_events` fails we log an exception and stop processing the top level event we received over federation. Instead let's try and handle it sensibly given it is a somewhat expected failure mode.
* | | | | | | | Merge pull request #5480 from matrix-org/erikj/extremities_dummy_eventsErik Johnston2019-06-195-1/+124
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Add experimental option to reduce extremities.
| * | | | | | | | Run as background process and fix commentsErik Johnston2019-06-192-3/+6
| | | | | | | | |
| * | | | | | | | Add experimental option to reduce extremities.Erik Johnston2019-06-185-1/+121
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new config option `cleanup_extremities_with_dummy_events` which periodically sends dummy events to rooms with more than 10 extremities. THIS IS REALLY EXPERIMENTAL.
* | | | | | | | Fix typo in deactivation background jobBrendan Abolivier2019-06-191-1/+1
| | | | | | | |
* | | | | | | | Add some logging to 3pid invite sig verification (#5015)David Baker2019-06-181-8/+38
| |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I had to add quite a lot of logging to diagnose a problem with 3pid invites - we only logged the one failure which isn't all that informative. NB. I'm not convinced the logic of this loop is right: I think it should just accept a single valid signature from a trusted source rather than fail if *any* signature is invalid. Also it should probably not skip the rest of middle loop if a check fails? However, I'm deliberately not changing the logic here.
* | | | | | | Merge pull request #5477 from matrix-org/babolivier/third_party_rules_3pidBrendan Abolivier2019-06-172-1/+42
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add third party rules hook for 3PID invites
| * | | | | | | Make check_threepid_can_be_invited asyncBrendan Abolivier2019-06-171-0/+1
| | | | | | | |
| * | | | | | | Add third party rules hook for 3PID invitesBrendan Abolivier2019-06-172-1/+41
| | | | | | | |
* | | | | | | | Merge pull request #5479 from matrix-org/erikj/add_create_room_hook_developErik Johnston2019-06-172-4/+48
|\| | | | | | | | | | | | | | | | | | | | | | | Add third party rules hook into create room
| * | | | | | | Add third party rules hook into create roomErik Johnston2019-06-172-4/+48
| |/ / / / / /
* / / / / / / Remove Postgres 9.4 support (#5448)Amber Brown2019-06-182-24/+6
|/ / / / / /
* | | | | | Merge pull request #5385 from matrix-org/erikj/reduce_http_exceptionsErik Johnston2019-06-174-19/+28
|\ \ \ \ \ \ | | | | | | | | | | | | | | Handle HttpResponseException when using federation client.
| * | | | | | Handle failing to talk to master over replicationErik Johnston2019-06-071-1/+9
| | | | | | |
| * | | | | | Handle HttpResponseException when using federation client.Erik Johnston2019-06-073-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we just log exceptions everywhere.
* | | | | | | Merge pull request #5388 from matrix-org/erikj/fix_email_pushErik Johnston2019-06-173-7/+53
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix email notifications for unnamed rooms with multiple people
| * | | | | | | Add testErik Johnston2019-06-072-7/+42
| | | | | | | |
| * | | | | | | Fix email notifications for large unnamed rooms.Erik Johnston2019-06-071-0/+11
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we try and calculate a description for a room for with no name but multiple other users we threw an exception (due to trying to subscript result of `dict.values()`).
* | | | | | | Merge pull request #5389 from matrix-org/erikj/renew_attestations_on_masterErik Johnston2019-06-171-3/+4
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Only start background group attestation renewals on master
| * | | | | | | Only start background group attestation renewals on masterErik Johnston2019-06-071-3/+4
| | | | | | | |
* | | | | | | | Merge pull request #5464 from matrix-org/erikj/3pid_remote_invite_stateErik Johnston2019-06-171-6/+0
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix 3PID invite room state over federation.
| * | | | | | | | Fix 3PID invite room state over federation.Erik Johnston2019-06-141-6/+0
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes that when a user exchanges a 3PID invite for a proper invite over federation it does not include the `invite_room_state` key. This was due to synapse incorrectly sending out two invite requests.
* | | | | | | | Merge pull request #5440 from matrix-org/babolivier/third_party_event_rulesBrendan Abolivier2019-06-146-4/+191
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Allow server admins to define implementations of extra rules for allowing or denying incoming events
| * | | | | | | | Add plugin APIs for implementations of custom event rules.Brendan Abolivier2019-06-146-4/+191
| | |_|_|_|_|_|/ | |/| | | | | |
* | | | | | | | Merge pull request #5461 from matrix-org/erikj/histograms_are_cumalitiveErik Johnston2019-06-142-2/+2
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Prometheus histograms are cumalative
| * | | | | | | | Prometheus histograms are cumalativeErik Johnston2019-06-142-2/+2
| | | | | | | | |
* | | | | | | | | Merge pull request #5465 from matrix-org/babolivier/fix_deactivation_bg_jobBrendan Abolivier2019-06-141-2/+4
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix background job for deactivated flag
| * | | | | | | | | Fix background job for deactivated flagBrendan Abolivier2019-06-141-2/+4
| | | | | | | | | |
* | | | | | | | | | Merge pull request #5462 from ↵Brendan Abolivier2019-06-144-2/+25
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | matrix-org/babolivier/account_validity_deactivated_accounts_2 Don't send renewal emails to deactivated users (second attempt)
| * | | | | | | | | Don't send renewal emails to deactivated usersBrendan Abolivier2019-06-144-2/+25
| |/ / / / / / / /
* | | | | | | | | Merge pull request #5390 from matrix-org/erikj/dont_log_on_fail_to_get_fileErik Johnston2019-06-142-6/+13
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | Don't log exception when failing to fetch remote content.
| * | | | | | | | Don't log exception when failing to fetch remote content.Erik Johnston2019-06-072-6/+13
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular, let's not log stack traces when we stop processing becuase the response body was too large.
* | | | | | | | Track deactivated accounts in the database (#5378)Brendan Abolivier2019-06-143-0/+137
| | | | | | | |
* | | | | | | | fix prometheus rendering errorAmber H. Brown2019-06-141-1/+1
| | | | | | | |
* | | | | | | | Clean up code for sending federation EDUs. (#5381)Richard van der Hoff2019-06-131-14/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This code confused the hell out of me today. Split _get_new_device_messages into its two (unrelated) parts.
* | | | | | | | Expose statistics on extrems to prometheus (#5384)Amber Brown2019-06-132-33/+123
| | | | | | | |
* | | | | | | | Remove Python 2.7 support. (#5425)Amber Brown2019-06-122-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * remove 2.7 from CI and publishing * fill out classifiers and also make it not be installed on 3.5 * some minor bumps so that the old deps work on python 3.5
* | | | | | | | Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2019-06-116-9/+9
|\ \ \ \ \ \ \ \ | | |_|/ / / / / | |/| | | | | |
| * | | | | | | 1.0.0 v1.0.0Erik Johnston2019-06-111-1/+1
| | | | | | | |
| * | | | | | | Bump bleach version so that tests can run on old deps.Erik Johnston2019-06-111-1/+1
| | | | | | | |
| * | | | | | | Change password reset links to /_matrix.Erik Johnston2019-06-114-7/+7
| | |/ / / / / | |/| | | | |
* | | | | | | Merge branch 'release-v1.0.0' of github.com:matrix-org/synapse into developErik Johnston2019-06-114-2/+7
|\| | | | | |
| * | | | | | 1.0.0rc3 v1.0.0rc3Erik Johnston2019-06-111-1/+1
| | | | | | |
| * | | | | | Fix defaults on checking threepidsErik Johnston2019-06-102-1/+2
| | | | | | |
| * | | | | | Merge pull request #5418 from matrix-org/erikj/fix_send_fed_with_limit_zeroErik Johnston2019-06-101-0/+4
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix bug sending federation transactions with lots of EDUs
| | * | | | | | Fix bug sending federation transactions with lots of EDUsErik Johnston2019-06-101-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we try and send a transaction with lots of EDUs and we run out of space, we call get_new_device_msgs_for_remote with a limit of 0, which then failed.
* | | | | | | | Don't warn user about password reset disabling through config code (#5387)Andrew Morgan2019-06-112-10/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen? Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense. Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
* | | | | | | | add monthly active users to phonehome stats (#5252)Neil Johnson2019-06-102-15/+30
| |_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | * add monthly active users to phonehome stats
* | | | | | | Merge branch 'release-v1.0.0' of github.com:matrix-org/synapse into developErik Johnston2019-06-105-87/+134
|\| | | | | |
| * | | | | | 1.0.0rc2 v1.0.0rc2Erik Johnston2019-06-101-1/+1
| | | | | | |
| * | | | | | Merge pull request #5417 from matrix-org/rav/shared_ssl_contextErik Johnston2019-06-102-75/+110
| |\ \ \ \ \ \ | | |/ / / / / | |/| | | | | Share an SSL context object between SSL connections
| | * | | | | rename gutwrenched attrRichard van der Hoff2019-06-101-5/+9
| | | | | | |
| | * | | | | Fix federation connections to literal IP addressesRichard van der Hoff2019-06-102-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | turns out we need a shiny version of service_identity to enforce this correctly.
| | * | | | | clean up impl, and import idna directlyRichard van der Hoff2019-06-102-15/+12
| | | | | | |
| | * | | | | Share an SSL context object between SSL connectionsRichard van der Hoff2019-06-091-60/+89
| | |/ / / / | | | | | | | | | | | | | | | | | | This involves changing how the info callbacks work.
| * | | | | Merge branch 'erikj/fix_null_valid_until_ms' of ↵Erik Johnston2019-06-101-0/+8
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | github.com:matrix-org/synapse into release-v1.0.0
| * | | | | | Improve startup checks for insecure notary configs (#5392)Richard van der Hoff2019-06-102-11/+23
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's not really a problem to trust notary responses signed by the old key so long as we are also doing TLS validation. This commit adds a check to the config parsing code at startup to check that we do not have the insecure matrix.org key without tls validation, and refuses to start without it. This allows us to remove the rather alarming-looking warning which happens at runtime.
* | | | | | Merge pull request #5415 from matrix-org/erikj/fix_null_valid_until_msErik Johnston2019-06-101-0/+8
|\ \ \ \ \ \ | | |/ / / / | |/| | | | Fix key verification when key stored with null valid_until_ms
| * | | | | Fix key verification when key stored with null valid_until_msErik Johnston2019-06-101-0/+8
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some keys are stored in the synapse database with a null valid_until_ms which caused an exception to be thrown when using that key. We fix this by treating nulls as zeroes, i.e. they keys will match verification requests with a minimum_valid_until_ms of zero (i.e. don't validate ts) but will not match requests with a non-zero minimum_valid_until_ms. Fixes #5391.
* | | | | Merge pull request #5363 from ↵Brendan Abolivier2019-06-102-3/+14
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | matrix-org/babolivier/account_validity_send_mail_auth Don't check whether the user's account is expired on /send_mail requests
| * | | | Better wordingBrendan Abolivier2019-06-101-1/+1
| | | | |
| * | | | DocBrendan Abolivier2019-06-101-0/+5
| | | | |
| * | | | Don't check whether the user's account is expired on /send_mail requestsBrendan Abolivier2019-06-052-3/+9
| | | | |
* | | | | 1.0.0rc1 v1.0.0rc1Neil Johnson2019-06-071-1/+1
| |/ / / |/| | |
* | | | Prevent multiple device list updates from breaking a batch send (#5156)Andrew Morgan2019-06-062-31/+126
| | | | | | | | | | | | fixes #5153
* | | | Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | | | | | | | | | | | | | Set default room version to v4.
* | | | Merge pull request #5320 from matrix-org/hawkowl/full-schema-v1Erik Johnston2019-06-065-2/+2352
|\ \ \ \ | | | | | | | | | | Make a full SQL schema
| * | | | fix maybeAmber H. Brown2019-06-071-20/+2
| | | | |
| * | | | just user dir?Amber H. Brown2019-06-071-1/+19
| | | | |
| * | | | remove background updates that arent neededAmber H. Brown2019-06-071-33/+1
| | | | |
| * | | | add more commentsAmber Brown2019-06-061-0/+5
| | | | |
| * | | | Merge remote-tracking branch 'origin/develop' into hawkowl/full-schema-v1Amber Brown2019-06-0439-323/+294
| |\ \ \ \
| * | | | | add stuff in bg updatesAmber Brown2019-06-041-10/+62
| | | | | |
| * | | | | WHY IS THIS CALLED A SLIGHTLY DIFFERENT THINGAmber Brown2019-06-031-0/+1
| | | | | |
| * | | | | more fixAmber Brown2019-06-031-0/+38
| | | | | |
| * | | | | fix schemasAmber Brown2019-06-034-61/+20
| | | | | |
| * | | | | full schemaAmber Brown2019-06-033-0/+2315
| | | | | |
| * | | | | prepareAmber Brown2019-06-031-2/+14
| | |_|_|/ | |/| | |
* | | | | Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-0617-60/+871
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* | | | | Stop hardcoding trust of old matrix.org key (#5374)Richard van der Hoff2019-06-062-74/+226
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a few changes going on here: * We make checking the signature on a key server response optional: if no verify_keys are specified, we trust to TLS to validate the connection. * We change the default config so that it does not require responses to be signed by the old key. * We replace the old 'perspectives' config with 'trusted_key_servers', which is also formatted slightly differently. * We emit a warning to the logs every time we trust a key server response signed by the old key.
* | | | | Fix missing logcontext for PresenceHandler.on_shutdown. (#5369)Richard van der Hoff2019-06-061-1/+7
| | | | | | | | | | | | | | | | | | | | Fixes some warnings, and a scary-looking stacktrace when sytest kills the process.
* | | | | Merge pull request #5221 from matrix-org/erikj/fix_worker_sytestErik Johnston2019-06-061-1/+11
|\ \ \ \ \ | | | | | | | | | | | | Fix get_max_topological_token to never return None
| * | | | | Better wordsErik Johnston2019-06-061-1/+1
| | | | | |
| * | | | | Fix get_max_topological_token to never return NoneErik Johnston2019-05-211-1/+11
| | | | | |
* | | | | | Merge pull request #5089 from dnaf/m-heroes-empty-room-nameBrendan Abolivier2019-06-061-5/+4
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make /sync return heroes if room name or canonical alias are empty
| * | | | | | Simplify conditionBrendan Abolivier2019-06-061-2/+2
| | | | | | |
| * | | | | | Simplify conditionBrendan Abolivier2019-06-051-3/+2
| | | | | | |
| * | | | | | Merge branch 'develop' into m-heroes-empty-room-nameBrendan Abolivier2019-06-05136-1945/+5896
| |\ \ \ \ \ \
| * | | | | | | LintKatie Wolfe2019-04-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I probably should've just run autopep8 in the first place... Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | | | Clean up codeKatie Wolfe2019-04-241-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | | | Show heroes if room name or canonical alias are emptyKatie Wolfe2019-04-241-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4194 Signed-off-by: Katie Wolfe <katie@dnaf.moe>
| * | | | | | | Show heroes if room name or canonical alias are emptyKatie Wolfe2019-04-241-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #4194 Signed-off-by: Katie Wolfe <katie@dnaf.moe>
* | | | | | | | Merge pull request #5359 from matrix-org/rav/enable_tls_verificationRichard van der Hoff2019-06-061-5/+5
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Validate federation server TLS certificates by default.
| * \ \ \ \ \ \ \ Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verificationRichard van der Hoff2019-06-057-22/+121
| |\ \ \ \ \ \ \ \
| * | | | | | | | | Validate federation server TLS certificates by default.Richard van der Hoff2019-06-051-5/+5
| | | | | | | | | |
* | | | | | | | | | Merge pull request #5355 from matrix-org/babolivier/heroes_left_membersBrendan Abolivier2019-06-061-15/+19
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Include left members in room summaries' heroes
| * | | | | | | | | | Do user_id != me checks before deciding whether we should pick heroes from ↵Brendan Abolivier2019-06-051-15/+19
| | |_|_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | the joined members or the parted ones
* | | | | | | | | | Merge pull request #5354 from matrix-org/rav/server_keys/99-room-v5Richard van der Hoff2019-06-061-5/+5
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Implement room v5 which enforces signing key validity
| * | | | | | | | | | Implement room v5 which enforces signing key validityRichard van der Hoff2019-06-051-5/+5
| | |/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implements [MSC2077](https://github.com/matrix-org/matrix-doc/pull/2077) and fixes #5247 and #4364.
* | | | | | | | | | Merge pull request #5353 from matrix-org/rav/verify_key_loggingRichard van der Hoff2019-06-064-46/+76
|\ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / |/| | | | | | | | | Associate a request_name with each verify request, for logging
| * | | | | | | | | Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-054-46/+76
| |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also: * rename VerifyKeyRequest->VerifyJsonRequest * calculate key_ids on VerifyJsonRequest construction * refactor things to pass around VerifyJsonRequests instead of 4-tuples