Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Convert auth handler to async/await (#7261) | Patrick Cloke | 2020-04-15 | 1 | -24/+40 |
| | |||||
* | Add a `make_event_from_dict` method (#6858) | Richard van der Hoff | 2020-02-07 | 1 | -2/+2 |
| | | | | | | | ... and use it in places where it's trivial to do so. This will make it easier to pass room versions into the FrozenEvent constructors. | ||||
* | Update copyrights | Brendan Abolivier | 2019-11-05 | 1 | -0/+3 |
| | |||||
* | Incorporate review | Brendan Abolivier | 2019-11-01 | 1 | -4/+4 |
| | |||||
* | Incorporate review | Brendan Abolivier | 2019-11-01 | 1 | -5/+5 |
| | |||||
* | Lint | Brendan Abolivier | 2019-10-30 | 1 | -12/+4 |
| | |||||
* | Add unit tests | Brendan Abolivier | 2019-10-30 | 1 | -0/+51 |
| | |||||
* | Ensure support users can be registered even if MAU limit is reached | Jason Robinson | 2019-09-11 | 1 | -0/+18 |
| | | | | | | | | | This allows support users to be created even on MAU limits via the admin API. Support users are excluded from MAU after creation, so it makes sense to exclude them in creation - except if the whole host is in disabled state. Signed-off-by: Jason Robinson <jasonr@matrix.org> | ||||
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -2/+4 |
| | | | | Record how long an access token is valid for, and raise a soft-logout once it expires. | ||||
* | Clean up exception handling for access_tokens (#5656) | Richard van der Hoff | 2019-07-11 | 1 | -7/+24 |
| | | | | | | | | | | | | | | | | First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them. | ||||
* | Inline issue_access_token (#5659) | Richard van der Hoff | 2019-07-11 | 1 | -1/+1 |
| | | | | | | | | this is only used in one place, so it's clearer if we inline it and reduce the API surface. Also, fixes a buglet where we would create an access token even if we were about to block the user (we would never return the AT, so the user could never use it, but it was still created and added to the db.) | ||||
* | Remove access-token support from RegistrationStore.register (#5642) | Richard van der Hoff | 2019-07-10 | 1 | -1/+1 |
| | | | | | The 'token' param is no longer used anywhere except the tests, so let's kill that off too. | ||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 1 | -6/+6 |
| | |||||
* | Run Black on the tests again (#5170) | Amber Brown | 2019-05-10 | 2 | -4/+3 |
| | |||||
* | Enforce hs_disabled_message correctly | Richard van der Hoff | 2019-03-19 | 1 | -0/+17 |
| | | | | | Fixes a bug where hs_disabled_message was not enforced for 3pid-based requests if there was no server_notices_mxid configured. | ||||
* | Add rate-limiting on registration (#4735) | Brendan Abolivier | 2019-03-05 | 1 | -10/+10 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test | ||||
* | Merge branch rav/macaroon_key_fix_0.34 into rav/macaroon_key_fix_0.34.1 | Richard van der Hoff | 2019-01-10 | 1 | -154/+1 |
|\ | | | | | | | Fixes #4371 | ||||
| * | Merge branch 'rav/macaroon_key_fix' into rav/macaroon_key_fix_0.34 | Richard van der Hoff | 2019-01-10 | 1 | -154/+1 |
| |\ | |||||
| | * | Skip macaroon check for access tokens in the db | Richard van der Hoff | 2019-01-10 | 1 | -148/+1 |
| | | | |||||
* | | | create support user (#4141) | Neil Johnson | 2018-12-14 | 1 | -0/+2 |
|/ / | | | | | | | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. | ||||
* | | Allow backslashes in event field filters | Richard van der Hoff | 2018-10-24 | 1 | -1/+11 |
| | | | | | | | | | | | | | | | | Fixes a bug introduced in https://github.com/matrix-org/synapse/pull/1783 which meant that single backslashes were not allowed in event field filters. The intention here is to allow single-backslashes, but disallow double-backslashes. | ||||
* | | Port tests/ to Python 3 (#3808) | Amber Brown | 2018-09-07 | 1 | -0/+1 |
| | | |||||
* | | fix bug where preserved threepid user comes to sign up and server is mau blocked | Neil Johnson | 2018-08-31 | 1 | -0/+17 |
| | | |||||
* | | Change admin_uri to admin_contact in config and errors | Erik Johnston | 2018-08-24 | 1 | -2/+2 |
| | | |||||
* | | rename error code | Neil Johnson | 2018-08-18 | 1 | -2/+2 |
| | | |||||
* | | special case server_notices_mxid | Neil Johnson | 2018-08-18 | 1 | -0/+8 |
| | | |||||
* | | add new error type ResourceLimit | Neil Johnson | 2018-08-16 | 1 | -3/+3 |
| | | |||||
* | | update error codes for resource limiting | Neil Johnson | 2018-08-15 | 1 | -2/+2 |
| | | |||||
* | | replace admin_email with admin_uri for greater flexibility | Neil Johnson | 2018-08-15 | 1 | -2/+2 |
| | | |||||
* | | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -1/+5 |
| | | | | | | | | AuthError in all cases | ||||
* | | Revert "support admin_email config and pass through into blocking errors, ↵ | Neil Johnson | 2018-08-13 | 1 | -5/+1 |
| | | | | | | | | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6. | ||||
* | | support admin_email config and pass through into blocking errors, return ↵ | Neil Johnson | 2018-08-13 | 1 | -1/+5 |
| | | | | | | | | AuthError in all cases | ||||
* | | Run tests under PostgreSQL (#3423) | Amber Brown | 2018-08-13 | 2 | -2/+5 |
| | | |||||
* | | Run black. | black | 2018-08-10 | 3 | -305/+139 |
| | | |||||
* | | disable HS from config | Neil Johnson | 2018-08-04 | 1 | -1/+10 |
| | | |||||
* | | remove unused import | Neil Johnson | 2018-08-03 | 1 | -1/+1 |
| | | |||||
* | | bug fixes | Neil Johnson | 2018-08-03 | 1 | -7/+3 |
| | | |||||
* | | do mau checks based on monthly_active_users table | Neil Johnson | 2018-08-02 | 1 | -1/+30 |
|/ | |||||
* | Python 3: Convert some unicode/bytes uses (#3569) | Amber Brown | 2018-08-02 | 1 | -16/+19 |
| | |||||
* | run isort | Amber Brown | 2018-07-09 | 2 | -10/+12 |
| | |||||
* | add test | Matthew Hodgson | 2018-06-28 | 1 | -0/+33 |
| | |||||
* | fix tests | Matthew Hodgson | 2018-06-28 | 1 | -3/+15 |
| | |||||
* | use jsonschema.FormatChecker for RoomID and UserID strings | pik | 2017-03-23 | 1 | -4/+11 |
| | | | | | | * use a valid filter in rest/client/v2_alpha test Signed-off-by: pik <alexander.maznev@gmail.com> | ||||
* | Add valid filter tests, flake8, fix typo | pik | 2017-03-23 | 1 | -5/+49 |
| | | | | Signed-off-by: pik <alexander.maznev@gmail.com> | ||||
* | check_valid_filter using JSONSchema | pik | 2017-03-23 | 1 | -1/+17 |
| | | | | | | * add invalid filter tests Signed-off-by: pik <alexander.maznev@gmail.com> | ||||
* | Optimise state resolution | Erik Johnston | 2017-01-17 | 1 | -1/+4 |
| | |||||
* | Prevent user tokens being used as guest tokens (#1675) | Richard van der Hoff | 2016-12-06 | 1 | -15/+78 |
| | | | | | Make sure that a user cannot pretend to be a guest by adding 'guest = True' caveats. | ||||
* | Fix unit tests | Mark Haines | 2016-09-12 | 1 | -9/+9 |
| | |||||
* | Record device_id in client_ips | Richard van der Hoff | 2016-07-20 | 1 | -1/+9 |
| | | | | | Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier. | ||||
* | Bug fix: expire invalid access tokens | Negar Fazeli | 2016-07-13 | 1 | -1/+30 |
| | |||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -6/+6 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Test Filter.filter_rooms | Mark Haines | 2016-02-19 | 1 | -0/+18 |
| | | | | | Also check that the __repr__ method for FilterCollection does something sensible. | ||||
* | Fix flake8 warnings for tests | Mark Haines | 2016-02-19 | 3 | -10/+7 |
| | |||||
* | Fix test | Erik Johnston | 2016-01-28 | 1 | -3/+4 |
| | |||||
* | Fix tests | Erik Johnston | 2016-01-25 | 1 | -6/+4 |
| | |||||
* | Fix tests | Erik Johnston | 2016-01-22 | 1 | -1/+1 |
| | |||||
* | Introduce a Requester object | Daniel Wagner-Hall | 2016-01-11 | 1 | -6/+6 |
| | | | | | | | | | This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. | ||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Allow guests to upgrade their accounts | Daniel Wagner-Hall | 2016-01-05 | 1 | -9/+9 |
| | |||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 1 | -3/+22 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Refactor api.filtering to have a Filter API | Erik Johnston | 2015-10-20 | 1 | -26/+31 |
| | |||||
* | update filtering tests | Mark Haines | 2015-10-13 | 1 | -6/+6 |
| | |||||
* | s/user_id/user/g for consistency | Daniel Wagner-Hall | 2015-09-01 | 1 | -4/+4 |
| | |||||
* | Turn TODO into thing which actually will fail | Daniel Wagner-Hall | 2015-08-26 | 1 | -6/+9 |
| | |||||
* | Attempt to validate macaroons | Daniel Wagner-Hall | 2015-08-26 | 1 | -2/+140 |
| | | | | | | | | | | | | | A couple of weird caveats: * If we can't validate your macaroon, we fall back to checking that your access token is in the DB, and ignoring the failure * Even if we can validate your macaroon, we still have to hit the DB to get the access token ID, which we pretend is a device ID all over the codebase. This mostly adds the interesting code, and points out the two pieces we need to delete (and necessary conditions) in order to fix the above caveats. | ||||
* | Stop looking up "admin", which we never read | Daniel Wagner-Hall | 2015-08-25 | 1 | -2/+0 |
| | |||||
* | Remove completely unused concepts from codebase | Daniel Wagner-Hall | 2015-08-25 | 1 | -5/+3 |
| | | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly. | ||||
* | s/by_token/by_access_token/g | Daniel Wagner-Hall | 2015-08-20 | 1 | -8/+8 |
| | | | | We're about to have two kinds of token, access and refresh | ||||
* | Merge branch 'develop' into application-services | Kegan Dougal | 2015-02-11 | 1 | -12/+2 |
|\ | |||||
| * | Factor out some of the common homeserver setup code into a | Mark Haines | 2015-02-11 | 1 | -12/+2 |
| | | | | | | | | setup_test_homeserver function in utils. | ||||
* | | Remove unused imports. | Kegan Dougal | 2015-02-09 | 1 | -2/+2 |
| | | |||||
* | | Modify auth.get_user_by_req for authing appservices directly. | Kegan Dougal | 2015-02-09 | 1 | -0/+139 |
|/ | | | | | | Add logic to map the appservice token to the autogenned appservice user ID. Add unit tests for all forms of get_user_by_req (user/appservice, valid/bad/missing tokens) | ||||
* | Create a separate filter object to do the actual filtering, so that we can | Mark Haines | 2015-01-29 | 1 | -51/+57 |
| | | | | | split the storage and management of filters from the actual filter code and don't have to load a filter from the db each time we filter an event | ||||
* | Add filter_room_state unit tests. | Kegan Dougal | 2015-01-29 | 1 | -0/+56 |
| | |||||
* | Add basic filtering public API unit tests. Use defers in the right places. | Kegan Dougal | 2015-01-29 | 1 | -1/+53 |
| | |||||
* | Add more unit tests for the filter algorithm. | Kegan Dougal | 2015-01-29 | 1 | -5/+259 |
| | |||||
* | Implement filter algorithm. Add basic event type unit tests to assert it works. | Kegan Dougal | 2015-01-29 | 1 | -1/+44 |
| | |||||
* | Add filter JSON sanity checks. | Kegan Dougal | 2015-01-28 | 1 | -4/+20 |
| | |||||
* | Initial stab at real SQL storage implementation of user filter definitions | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -1/+18 |
| | |||||
* | Have the Filtering API return Deferreds, so we can do the Datastore ↵ | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -2/+3 |
| | | | | implementation nicely | ||||
* | Initial trivial unittest of Filtering object | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -0/+67 |
| | |||||
* | Have all unit tests import from our own subclass of trial's unittest ↵ | Paul "LeoNerd" Evans | 2014-09-12 | 1 | -1/+1 |
| | | | | TestCase; set up logging in ONE PLACE ONLY | ||||
* | Test ratelimiter | Mark Haines | 2014-09-02 | 2 | -0/+39 |