Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix comments | Erik Johnston | 2019-09-11 | 1 | -2/+2 |
| | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | ||||
* | Add test for admin redaction ratelimiting. | Erik Johnston | 2019-09-11 | 1 | -0/+25 |
| | |||||
* | Fix and refactor room and user stats (#5971) | Erik Johnston | 2019-09-04 | 1 | -2/+6 |
| | | | Previously the stats were not being correctly populated. | ||||
* | Remove unnecessary parentheses around return statements (#5931) | Andrew Morgan | 2019-08-30 | 1 | -1/+1 |
| | | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :) | ||||
* | Add tests | Brendan Abolivier | 2019-08-01 | 1 | -0/+37 |
| | |||||
* | Replace returnValue with return (#5736) | Amber Brown | 2019-07-23 | 1 | -1/+1 |
| | |||||
* | Remove the ability to query relations when the original event was redacted. ↵ | Andrew Morgan | 2019-07-18 | 1 | -3/+113 |
| | | | | | | | (#5629) Fixes #5594 Forbid viewing relations on an event once it has been redacted. | ||||
* | Ignore redactions of m.room.create events (#5701) | Richard van der Hoff | 2019-07-17 | 1 | -0/+20 |
| | |||||
* | More refactoring in `get_events_as_list` (#5707) | Richard van der Hoff | 2019-07-17 | 1 | -0/+159 |
| | | | | | | | | We can now use `_get_events_from_cache_or_db` rather than going right back to the database, which means that (a) we can benefit from caching, and (b) it opens the way forward to more extensive checks on the original event. We now always require the original event to exist before we will serve up a redaction. | ||||
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -0/+108 |
| | | | | Record how long an access token is valid for, and raise a soft-logout once it expires. | ||||
* | Include the original event in /relations (#5626) | Andrew Morgan | 2019-07-09 | 1 | -0/+5 |
| | | | When asking for the relations of an event, include the original event in the response. This will mostly be used for efficiently showing edit history, but could be useful in other circumstances. | ||||
* | Lint | Brendan Abolivier | 2019-07-08 | 1 | -2/+2 |
| | |||||
* | Add test case | Brendan Abolivier | 2019-07-08 | 1 | -0/+47 |
| | |||||
* | Add origin_server_ts and sender fields to m.replace (#5613) | Andrew Morgan | 2019-07-05 | 1 | -6/+18 |
| | | | | | Riot team would like some extra fields as part of m.replace, so here you go. Fixes: #5598 | ||||
* | Move logging utilities out of the side drawer of util/ and into logging/ (#5606) | Amber Brown | 2019-07-04 | 2 | -2/+2 |
| | |||||
* | Fix media repo breaking (#5593) | Amber Brown | 2019-07-02 | 1 | -0/+12 |
| | |||||
* | Make the http server handle coroutine-making REST servlets (#5475) | Amber Brown | 2019-06-29 | 1 | -10/+15 |
| | |||||
* | Split public rooms directory auth config in two | Brendan Abolivier | 2019-06-24 | 1 | -1/+1 |
| | |||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 13 | -179/+160 |
| | |||||
* | Merge pull request #5440 from matrix-org/babolivier/third_party_event_rules | Brendan Abolivier | 2019-06-14 | 1 | -0/+79 |
|\ | | | | | Allow server admins to define implementations of extra rules for allowing or denying incoming events | ||||
| * | Add plugin APIs for implementations of custom event rules. | Brendan Abolivier | 2019-06-14 | 1 | -0/+79 |
| | | |||||
* | | Don't send renewal emails to deactivated users | Brendan Abolivier | 2019-06-14 | 1 | -25/+42 |
| | | |||||
* | | Track deactivated accounts in the database (#5378) | Brendan Abolivier | 2019-06-14 | 1 | -0/+45 |
| | | |||||
* | | Merge branch 'master' of github.com:matrix-org/synapse into develop | Erik Johnston | 2019-06-11 | 3 | -12/+241 |
|\ \ | |||||
| * | | Bump bleach version so that tests can run on old deps. | Erik Johnston | 2019-06-11 | 2 | -12/+0 |
| | | | |||||
| * | | Change password reset links to /_matrix. | Erik Johnston | 2019-06-11 | 1 | -0/+241 |
| |/ | |||||
* | | Merge pull request #5363 from ↵ | Brendan Abolivier | 2019-06-10 | 1 | -0/+35 |
|\ \ | |/ |/| | | | | | matrix-org/babolivier/account_validity_send_mail_auth Don't check whether the user's account is expired on /send_mail requests | ||||
| * | Don't check whether the user's account is expired on /send_mail requests | Brendan Abolivier | 2019-06-05 | 1 | -0/+35 |
| | | |||||
* | | Unify v1 and v2 REST client APIs (#5226) | Amber Brown | 2019-06-03 | 2 | -2/+1 |
| | | |||||
* | | Merge pull request #5309 from matrix-org/rav/limit_displayname_length | Richard van der Hoff | 2019-06-01 | 1 | -2/+60 |
|\ \ | | | | | | | Limit displaynames and avatar URLs | ||||
| * | | add some tests | Richard van der Hoff | 2019-06-01 | 1 | -2/+60 |
| | | | |||||
* | | | Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta | Erik Johnston | 2019-05-31 | 1 | -5/+10 |
|\ \ \ | | | | | | | | | Allow configuring a range for the account validity startup job | ||||
| * | | | Move delta from +10% to -10% | Brendan Abolivier | 2019-05-31 | 1 | -2/+2 |
| | | | | |||||
| * | | | Make max_delta equal to period * 10% | Brendan Abolivier | 2019-05-31 | 1 | -17/+1 |
| | | | | |||||
| * | | | Typo | Brendan Abolivier | 2019-05-28 | 1 | -1/+1 |
| | | | | |||||
| * | | | Allow configuring a range for the account validity startup job | Brendan Abolivier | 2019-05-28 | 1 | -0/+21 |
| | |/ | |/| | | | | | | | | | | When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal. In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch. | ||||
* | | | Add config option for setting homeserver's default room version (#5223) | Andrew Morgan | 2019-05-23 | 1 | -2/+5 |
| | | | | | | | | | | | | | | | Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present. That hardcoded value is now located in the server.py config file. | ||||
* | | | Room Statistics (#4338) | Amber Brown | 2019-05-21 | 1 | -0/+17 |
| |/ |/| | |||||
* | | Merge pull request #5212 from matrix-org/erikj/deny_multiple_reactions | Erik Johnston | 2019-05-21 | 1 | -1/+26 |
|\ \ | | | | | | | Block attempts to annotate the same event twice | ||||
| * | | Block attempts to annotate the same event twice | Erik Johnston | 2019-05-20 | 1 | -1/+26 |
| | | | |||||
* | | | Merge pull request #5204 from ↵ | Brendan Abolivier | 2019-05-21 | 1 | -0/+55 |
|\ \ \ | |/ / |/| / | |/ | | | matrix-org/babolivier/account_validity_expiration_date Add startup background job for account validity | ||||
| * | Add startup background job for account validity | Brendan Abolivier | 2019-05-17 | 1 | -0/+55 |
| | | | | | | | | If account validity is enabled in the server's configuration, this job will run at startup as a background job and will stick an expiration date to any registered account missing one. | ||||
* | | Rename relation types to match MSC | Erik Johnston | 2019-05-20 | 1 | -11/+11 |
| | | |||||
* | | Merge pull request #5209 from matrix-org/erikj/reactions_base | Erik Johnston | 2019-05-20 | 1 | -0/+539 |
|\ \ | | | | | | | Land basic reaction and edit support. | ||||
| * | | Fixup comments | Erik Johnston | 2019-05-20 | 1 | -2/+2 |
| | | | |||||
| * | | Correctly update aggregation counts after redaction | Erik Johnston | 2019-05-20 | 1 | -0/+37 |
| | | | |||||
| * | | Make tests use different user for each reaction it sends | Erik Johnston | 2019-05-17 | 1 | -12/+68 |
| | | | | | | | | | | | | As users aren't allowed to react with the same emoji more than once. | ||||
| * | | Add basic editing support | Erik Johnston | 2019-05-16 | 1 | -9/+82 |
| | | | |||||
| * | | Check that event is visible in new APIs | Erik Johnston | 2019-05-16 | 1 | -1/+1 |
| | | | |||||
| * | | Add aggregations API | Erik Johnston | 2019-05-16 | 1 | -3/+248 |
| | | | |||||
| * | | Add simple pagination API | Erik Johnston | 2019-05-15 | 1 | -0/+30 |
| | | | |||||
| * | | Add simple send_relation API and track in DB | Erik Johnston | 2019-05-15 | 1 | -0/+98 |
| | | | |||||
* | | | Merge pull request #5196 from matrix-org/babolivier/per_room_profiles | Brendan Abolivier | 2019-05-17 | 1 | -1/+69 |
|\ \ \ | | |/ | |/| | Add an option to disable per-room profiles | ||||
| * | | Lint | Brendan Abolivier | 2019-05-16 | 1 | -1/+0 |
| | | | |||||
| * | | Lint | Brendan Abolivier | 2019-05-16 | 1 | -1/+3 |
| | | | |||||
| * | | Forgot copyright | Brendan Abolivier | 2019-05-16 | 1 | -0/+1 |
| | | | |||||
| * | | Add test case | Brendan Abolivier | 2019-05-16 | 1 | -1/+67 |
| |/ | |||||
* | | Merge pull request #5174 from matrix-org/dbkr/add_dummy_flow_to_recaptcha_only | David Baker | 2019-05-16 | 1 | -1/+8 |
|\ \ | |/ |/| | Re-order registration stages to do msisdn & email auth last | ||||
| * | Merge remote-tracking branch 'origin/develop' into ↵ | David Baker | 2019-05-13 | 1 | -11/+11 |
| |\ | | | | | | | | | | dbkr/add_dummy_flow_to_recaptcha_only | ||||
| * | | And now I realise why the test is failing... | David Baker | 2019-05-13 | 1 | -1/+8 |
| | | | |||||
* | | | Migrate all tests to use the dict-based config format instead of hanging ↵ | Amber Brown | 2019-05-13 | 10 | -69/+70 |
| |/ |/| | | | | | items off HomeserverConfig (#5171) | ||||
* | | URL preview blacklisting fixes (#5155) | Andrew Morgan | 2019-05-10 | 1 | -11/+11 |
|/ | | | Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases. | ||||
* | Run Black on the tests again (#5170) | Amber Brown | 2019-05-10 | 8 | -222/+114 |
| | |||||
* | Fix bogus imports in tests (#5154) | Brendan Abolivier | 2019-05-08 | 3 | -5/+6 |
| | |||||
* | add options to require an access_token to GET /profile and /publicRooms on ↵ | Matthew Hodgson | 2019-05-08 | 2 | -1/+123 |
| | | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit. | ||||
* | Do checks on aliases for incoming m.room.aliases events (#5128) | Brendan Abolivier | 2019-05-08 | 1 | -0/+169 |
| | | | | | Follow-up to #5124 Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended. | ||||
* | Remove the requirement to authenticate for /admin/server_version. (#5122) | Richard van der Hoff | 2019-05-07 | 1 | -22/+8 |
| | | | | | | | | | This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently. | ||||
* | Add admin api for sending server_notices (#5121) | Richard van der Hoff | 2019-05-02 | 10 | -14/+14 |
| | |||||
* | Move admin api impl to its own package | Richard van der Hoff | 2019-05-01 | 11 | -25/+47 |
| | | | | It doesn't really belong under rest/client/v1 any more. | ||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵ | Erik Johnston | 2019-04-17 | 3 | -2/+191 |
|\ | | | | | | | babolivier/account_expiration | ||||
| * | Merge pull request #5047 from matrix-org/babolivier/account_expiration | Brendan Abolivier | 2019-04-17 | 1 | -1/+99 |
| |\ | | | | | | | Send out emails with links to extend an account's validity period | ||||
| * \ | Merge pull request #5027 from matrix-org/babolivier/account_expiration | Brendan Abolivier | 2019-04-09 | 1 | -2/+49 |
| |\ \ | | | | | | | | | Add time-based account expiration | ||||
| * | | | Add config option to block users from looking up 3PIDs (#5010) | Brendan Abolivier | 2019-04-04 | 1 | -0/+65 |
| | | | | |||||
| * | | | Add unit test for deleting groups | Erik Johnston | 2019-04-03 | 1 | -0/+124 |
| | | | | |||||
| * | | | Collect room-version variations into one place (#4969) | Richard van der Hoff | 2019-04-01 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions. | ||||
* | | | | Add management endpoints for account validity | Brendan Abolivier | 2019-04-17 | 1 | -8/+87 |
| |_|/ |/| | | |||||
* | | | Send out emails with links to extend an account's validity period | Brendan Abolivier | 2019-04-17 | 1 | -1/+99 |
| |/ |/| | |||||
* | | Add account expiration feature | Brendan Abolivier | 2019-04-09 | 1 | -2/+49 |
|/ | |||||
* | Some more porting to HomeserverTestCase and remove old RESTHelper (#4913) | Amber Brown | 2019-03-22 | 1 | -125/+0 |
| | |||||
* | Merge pull request #4908 from matrix-org/erikj/block_peek_on_blocked_rooms | Erik Johnston | 2019-03-21 | 1 | -1/+65 |
|\ | | | | | Deny peeking into rooms that have been blocked | ||||
| * | isort | Erik Johnston | 2019-03-21 | 1 | -1/+1 |
| | | |||||
| * | Deny peeking into rooms that have been blocked | Erik Johnston | 2019-03-21 | 1 | -1/+65 |
| | | |||||
* | | Fix typo and add description | Erik Johnston | 2019-03-21 | 1 | -1/+5 |
|/ | |||||
* | Rejig testcase to make it more extensible | Erik Johnston | 2019-03-21 | 1 | -17/+22 |
| | |||||
* | Remove debug | Erik Johnston | 2019-03-21 | 1 | -1/+0 |
| | |||||
* | Add tests | Erik Johnston | 2019-03-21 | 1 | -1/+66 |
| | |||||
* | Fix registration test | Richard van der Hoff | 2019-03-19 | 1 | -1/+2 |
| | | | | | * Set allow_guest_access = True, since we rely on it * config doesn't have a `hostname` attribute; it is `server_name` | ||||
* | Add ratelimiting on failed login attempts (#4865) | Brendan Abolivier | 2019-03-18 | 1 | -0/+45 |
| | |||||
* | Add ratelimiting on login (#4821) | Brendan Abolivier | 2019-03-15 | 2 | -2/+122 |
| | | | Add two ratelimiters on login (per-IP address and per-userID). | ||||
* | Merge pull request #4772 from jbweston/jbweston/server-version-api | Erik Johnston | 2019-03-05 | 1 | -2/+36 |
|\ | | | | | Add 'server_version' endpoint to admin API | ||||
| * | Add 'server_version' endpoint to admin API | Joseph Weston | 2019-03-01 | 1 | -1/+35 |
| | | | | | | | | | | This is required because the 'Server' HTTP header is not always passed through proxies. | ||||
| * | Import 'admin' module rather than 'register_servlets' directly | Joseph Weston | 2019-03-01 | 1 | -2/+2 |
| | | | | | | | | | | | | We will later need also to import 'register_servlets' from the 'login' module, so we un-pollute the namespace now to keep the logical changes separate. | ||||
* | | Add rate-limiting on registration (#4735) | Brendan Abolivier | 2019-03-05 | 4 | -7/+55 |
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test | ||||
* | Fix parsing of Content-Disposition headers (#4763) | Richard van der Hoff | 2019-02-27 | 1 | -0/+45 |
| | | | | | | | | | | | * Fix parsing of Content-Disposition headers TIL: filenames in content-dispostion headers can contain semicolons, and aren't %-encoded. * fix python2 incompatibility * Fix docstrings | ||||
* | Move register_device into handler | Erik Johnston | 2019-02-18 | 1 | -70/+23 |
| | |||||
* | Fix unit tests | Erik Johnston | 2019-02-18 | 1 | -6/+15 |
| | |||||
* | rework format of change password capability | Neil Johnson | 2019-01-29 | 1 | -2/+2 |
| | |||||
* | support change_password in capabilities end-point | Neil Johnson | 2019-01-29 | 1 | -0/+23 |
| | |||||
* | isort | Neil Johnson | 2019-01-29 | 1 | -1/+2 |
| | |||||
* | enforce auth for capabilities endpoint | Neil Johnson | 2019-01-29 | 1 | -4/+19 |
| | |||||
* | Support room version capabilities in CS API (MSC1804) | Neil Johnson | 2019-01-25 | 1 | -0/+39 |
| | |||||
* | Remove v1 only REST APIs now we don't ship matrix console (#4334) | Amber Brown | 2018-12-29 | 2 | -145/+44 |
| | |||||
* | Fix IP URL previews on Python 3 (#4215) | Amber Brown | 2018-12-22 | 1 | -98/+326 |
| | |||||
* | create support user (#4141) | Neil Johnson | 2018-12-14 | 1 | -5/+28 |
| | | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. | ||||
* | Implement .well-known handling (#4262) | Richard van der Hoff | 2018-12-05 | 1 | -0/+58 |
| | | | | Sometimes it's useful for synapse to generate its own .well-known file. | ||||
* | Fix more logcontext leaks in tests (#4209) | Richard van der Hoff | 2018-11-27 | 1 | -1/+2 |
| | |||||
* | Merge pull request #4204 from matrix-org/rav/logcontext_leak_fixes | Richard van der Hoff | 2018-11-20 | 1 | -1/+2 |
|\ | | | | | Fix some logcontext leaks | ||||
| * | Fix logcontext leak in test_url_preview | Richard van der Hoff | 2018-11-19 | 1 | -1/+2 |
| | | |||||
* | | Fix fallback auth on Python 3 (#4197) | Amber Brown | 2018-11-19 | 1 | -0/+104 |
|/ | |||||
* | Fix Content-Disposition in media repository (#4176) | Amber Brown | 2018-11-15 | 1 | -0/+145 |
| | |||||
* | Use <meta> tags to discover the per-page encoding of html previews (#4183) | Amber Brown | 2018-11-15 | 1 | -0/+77 |
| | |||||
* | Add a test for the public T&Cs form | Richard van der Hoff | 2018-11-14 | 1 | -0/+7 |
| | |||||
* | Fix URL preview bugs (type error when loading cache from db, content-type ↵ | Amber Brown | 2018-11-08 | 1 | -0/+164 |
| | | | | including quotes) (#4157) | ||||
* | Remove some boilerplate in tests (#4156) | Amber Brown | 2018-11-07 | 5 | -178/+117 |
| | |||||
* | Tests for user consent resource (#4140) | Amber Brown | 2018-11-06 | 1 | -0/+111 |
| | |||||
* | Fix typing being reset causing infinite syncs (#4127) | Amber Brown | 2018-11-03 | 1 | -0/+123 |
| | |||||
* | Fix search 500ing (#4122) | Amber Brown | 2018-10-31 | 1 | -1/+105 |
| | |||||
* | Port tests/ to Python 3 (#3808) | Amber Brown | 2018-09-07 | 2 | -311/+258 |
| | |||||
* | Port storage/ to Python 3 (#3725) | Amber Brown | 2018-08-31 | 1 | -4/+10 |
| | |||||
* | Integrate presence from hotfixes (#3694) | Amber Brown | 2018-08-18 | 2 | -46/+105 |
| | |||||
* | Fix the tests | Amber Brown | 2018-08-15 | 5 | -45/+24 |
| | |||||
* | Implement a new test baseclass to cut down on boilerplate (#3684) | Amber Brown | 2018-08-14 | 1 | -37/+29 |
| | |||||
* | Run tests under PostgreSQL (#3423) | Amber Brown | 2018-08-13 | 9 | -5/+9 |
| | |||||
* | Run black. | black | 2018-08-10 | 9 | -132/+119 |
| | |||||
* | Test fixes for Python 3 (#3647) | Amber Brown | 2018-08-09 | 7 | -36/+36 |
| | |||||
* | Admin API for creating new users (#3415) | Amber Brown | 2018-07-20 | 1 | -0/+305 |
| | |||||
* | Move v1-only APIs into their own module & isolate deprecated ones (#3460) | Amber Brown | 2018-07-19 | 5 | -86/+27 |
| | |||||
* | Refactor REST API tests to use explicit reactors (#3351) | Amber Brown | 2018-07-17 | 7 | -921/+902 |
| | |||||
* | Make auth & transactions more testable (#3499) | Amber Brown | 2018-07-14 | 1 | -1/+4 |
| | |||||
* | run isort | Amber Brown | 2018-07-09 | 11 | -48/+51 |
| | |||||
* | Pass around the reactor explicitly (#3385) | Amber Brown | 2018-06-22 | 2 | -5/+6 |
| | |||||
* | Fix logcontext leak in HttpTransactionCache | Richard van der Hoff | 2018-05-21 | 1 | -0/+21 |
| | | | | ONE DAY I WILL PURGE THE WORLD OF THIS EVIL | ||||
* | Stop the transaction cache caching failures | Richard van der Hoff | 2018-05-21 | 1 | -0/+54 |
| | | | | | | The transaction cache has some code which tries to stop it caching failures, but if the callback function failed straight away, then things would happen backwards and we'd end up with the failure stuck in the cache. | ||||
* | Burminate v1auth | Adrian Tschira | 2018-04-30 | 4 | -13/+18 |
| | | | | | | | | | | | | | | | | | | This closes #2602 v1auth was created to account for the differences in status code between the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid tokens). However since those protocols were merged, this makes the r0 version/endpoint internally inconsistent, and violates the specification for the r0 endpoint. This might break clients that rely on this inconsistency with the specification. This is said to affect the legacy angular reference client. However, I feel that restoring parity with the spec is more important. Either way, it is critical to inform developers about this change, in case they rely on the illegal behaviour. Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | Use six.moves.urlparse | Adrian Tschira | 2018-04-15 | 1 | -7/+7 |
| | | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | move handling of auto_join_rooms to RegisterHandler | Krombel | 2018-03-14 | 1 | -0/+1 |
| | | | | | | | | | | | | | Currently the handling of auto_join_rooms only works when a user registers itself via public register api. Registrations via registration_shared_secret and ModuleApi do not work This auto_joins the users in the registration handler which enables the auto join feature for all 3 registration paths. This is related to issue #2725 Signed-Off-by: Matthias Kesler <krombel@krombel.de> | ||||
* | s/replication_client/federation_client/ | Erik Johnston | 2018-03-13 | 4 | -11/+11 |
| | |||||
* | Fix tests | Erik Johnston | 2018-03-13 | 4 | -11/+11 |
| | |||||
* | Move RoomMemberHandler out of Handlers | Erik Johnston | 2018-03-01 | 1 | -1/+1 |
| | |||||
* | Fix broken unit test for media storage | Erik Johnston | 2018-02-05 | 1 | -1/+6 |
| | |||||
* | Merge pull request #2791 from matrix-org/erikj/media_storage_refactor | Erik Johnston | 2018-02-05 | 3 | -0/+109 |
|\ | | | | | Ensure media is in local cache before thumbnailing | ||||
| * | Add unit tests | Erik Johnston | 2018-01-18 | 3 | -0/+109 |
| | | |||||
* | | mock registrations_require_3pid | Matthew Hodgson | 2018-01-19 | 1 | -0/+1 |
|/ | |||||
* | Remove dead code | Richard van der Hoff | 2018-01-09 | 1 | -3/+0 |
| | | | | pointless function is pointless | ||||
* | Refactor UI auth implementation | Richard van der Hoff | 2017-12-05 | 1 | -4/+7 |
| | | | | | Instead of returning False when auth is incomplete, throw an exception which can be caught with a wrapper. | ||||
* | Fix test | David Baker | 2017-10-17 | 1 | -0/+1 |
| | |||||
* | Split out profile handler to fix tests | Erik Johnston | 2017-08-25 | 1 | -2/+1 |
| | |||||
* | Add groups to sync stream | Erik Johnston | 2017-07-20 | 1 | -2/+2 |
| | |||||
* | use jsonschema.FormatChecker for RoomID and UserID strings | pik | 2017-03-23 | 1 | -2/+2 |
| | | | | | | * use a valid filter in rest/client/v2_alpha test Signed-off-by: pik <alexander.maznev@gmail.com> | ||||
* | Add basic implementation of local device list changes | Erik Johnston | 2017-01-25 | 1 | -2/+2 |
| | |||||
* | Linearize updates to membership via PUT /state/ | Erik Johnston | 2017-01-09 | 2 | -3/+6 |
| | |||||
* | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 1 | -8/+4 |
| | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins. | ||||
* | Clean transactions based on time. Add HttpTransactionCache tests. | Kegan Dougal | 2016-11-14 | 1 | -0/+69 |
| | |||||
* | Merge pull request #1098 from matrix-org/markjh/bearer_token | Mark Haines | 2016-10-25 | 2 | -0/+4 |
|\ | | | | | Allow clients to supply access_tokens as headers | ||||
| * | Fix unit tests | Mark Haines | 2016-09-12 | 2 | -0/+4 |
| | | |||||
* | | Merge pull request #1164 from pik/error-codes | Erik Johnston | 2016-10-19 | 1 | -40/+87 |
|\ \ | | | | | | | Clarify Error codes for GET /filter/ | ||||
| * | | Refactor test_filter to use real DataStore | pik | 2016-10-18 | 1 | -43/+81 |
| | | | | | | | | | | | | * add tests for filter api errors | ||||
| * | | Error codes for filters | Alexander Maznev | 2016-10-14 | 1 | -3/+12 |
| | | | | | | | | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com> | ||||
* | | | rest/client/v1/register: use the correct requester in createUser | Patrik Oldsberg | 2016-10-06 | 1 | -21/+9 |
| | | | | | | | | | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
* | | | storage/appservice: make appservice methods only relying on the cache ↵ | Patrik Oldsberg | 2016-10-06 | 1 | -1/+1 |
|/ / | | | | | | | synchronous | ||||
* / | Time out typing over federation | Erik Johnston | 2016-09-23 | 1 | -4/+1 |
|/ | |||||
* | More 0_0 in tests | Mark Haines | 2016-08-25 | 1 | -2/+2 |
| | |||||
* | Add `create_requester` function | Richard van der Hoff | 2016-07-26 | 1 | -8/+5 |
| | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout | ||||
* | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -4/+10 |
| | |||||
* | Register a device_id in the /v2/register flow. | Richard van der Hoff | 2016-07-20 | 1 | -3/+10 |
| | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit. | ||||
* | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 1 | -1/+5 |
| | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
* | rest/client/v2_alpha/register.py: Refactor flow somewhat. | Richard van der Hoff | 2016-07-19 | 1 | -1/+2 |
| | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful. | ||||
* | Split out the auth handler | David Baker | 2016-06-02 | 1 | -1/+1 |
| | |||||
* | Move typing handler out of the Handlers object | Mark Haines | 2016-05-17 | 1 | -1/+1 |
| | |||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -0/+88 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Do checks for memberships before creating events | Erik Johnston | 2016-04-01 | 1 | -2/+2 |
| | |||||
* | Fix tests | David Baker | 2016-03-16 | 1 | -4/+5 |
| | |||||
* | Use parse_json_object_from_request to parse JSON out of request bodies | Mark Haines | 2016-03-11 | 1 | -2/+4 |
| | |||||
* | Flake8 fix | blide | 2016-03-10 | 1 | -6/+6 |
| | |||||
* | Register endpoint returns refresh_token | blide | 2016-03-10 | 1 | -12/+18 |
| | | | | Guest registration still doesn't return refresh_token | ||||
* | Fix tests | David Baker | 2016-03-07 | 3 | -20/+20 |
| | |||||
* | Fix unit tests | Mark Haines | 2016-03-04 | 1 | -2/+2 |
| | |||||
* | Pass whole requester to ratelimiting | Daniel Wagner-Hall | 2016-03-03 | 1 | -2/+2 |
| | | | | This will enable more detailed decisions | ||||
* | Fix flake8 warnings for tests | Mark Haines | 2016-02-19 | 8 | -170/+181 |
| | |||||
* | Remove old tests. | Erik Johnston | 2016-02-18 | 2 | -418/+0 |
| | |||||
* | Rename config field to reflect yaml name | Daniel Wagner-Hall | 2016-02-03 | 2 | -3/+3 |
| | |||||
* | Allow paginating backwards from stream token | Erik Johnston | 2016-01-28 | 1 | -8/+1 |
| | |||||
* | Merge pull request #535 from matrix-org/rav/paginate_from_stream_token | Richard van der Hoff | 2016-01-28 | 1 | -2/+14 |
|\ | | | | | Make it possible to paginate forwards from stream tokens | ||||
| * | Make it possible to paginate forwards from stream tokens | Richard van der Hoff | 2016-01-27 | 1 | -2/+14 |
| | | | | | | | | | | In order that we can fill the gap after a /sync, make it possible to paginate forwards from a stream token. | ||||
* | | Remove redundated BaseHomeServer | Erik Johnston | 2016-01-26 | 1 | -8/+10 |
|/ | |||||
* | Introduce a Requester object | Daniel Wagner-Hall | 2016-01-11 | 2 | -7/+5 |
| | | | | | | | | | This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. | ||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 11 | -11/+11 |
| | |||||
* | Return non-room events from guest /events calls | Daniel Wagner-Hall | 2015-11-12 | 1 | -0/+3 |
| | |||||
* | Add a couple of unit tests for room/<x>/messages | Richard van der Hoff | 2015-11-09 | 1 | -0/+56 |
| | | | | ... merely because I was trying to figure out how it worked, and couldn't. | ||||
* | Open up /events to anonymous users for room events only | Daniel Wagner-Hall | 2015-11-05 | 2 | -2/+12 |
| | | | | Squash-merge of PR #345 from daniel/anonymousevents | ||||
* | Allow guests to register and call /events?room_id= | Daniel Wagner-Hall | 2015-11-04 | 5 | -15/+26 |
| | | | | | | | This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. | ||||
* | Support clients supplying older tokens, fix short poll test | Mark Haines | 2015-10-30 | 1 | -2/+2 |
| | |||||
* | Allow rejecting invites | Daniel Wagner-Hall | 2015-10-20 | 1 | -2/+2 |
| | | | | | This is done by using the same /leave flow as you would use if you had already accepted the invite and wanted to leave. | ||||
* | Move NullSource out of synapse and into tests since it is only used by the tests | Mark Haines | 2015-09-22 | 1 | -1/+17 |
| | |||||
* | Merge pull request #276 from ↵ | Mark Haines | 2015-09-21 | 1 | -7/+7 |
|\ | | | | | | | | | matrix-org/markjh/history_for_rooms_that_have_been_left SPEC-216: Allow users to view the history of rooms that they have left. | ||||
| * | Allow users to GET individual state events for rooms that they have left | Mark Haines | 2015-09-10 | 1 | -5/+5 |
| | | |||||
| * | Allow users that have left the room to view the member list from the point ↵ | Mark Haines | 2015-09-09 | 1 | -2/+2 |
| | | | | | | | | they left | ||||
* | | s/user_id/user/g for consistency | Daniel Wagner-Hall | 2015-09-01 | 4 | -11/+11 |
| | | |||||
* | | Attempt to validate macaroons | Daniel Wagner-Hall | 2015-08-26 | 5 | -25/+22 |
|/ | | | | | | | | | | | | | A couple of weird caveats: * If we can't validate your macaroon, we fall back to checking that your access token is in the DB, and ignoring the failure * Even if we can validate your macaroon, we still have to hit the DB to get the access token ID, which we pretend is a device ID all over the codebase. This mostly adds the interesting code, and points out the two pieces we need to delete (and necessary conditions) in order to fix the above caveats. | ||||
* | Stop looking up "admin", which we never read | Daniel Wagner-Hall | 2015-08-25 | 4 | -11/+0 |
| | |||||
* | Remove completely unused concepts from codebase | Daniel Wagner-Hall | 2015-08-25 | 4 | -11/+0 |
| | | | | | | | | | | Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly. | ||||
* | Merge branch 'develop' into refresh | Daniel Wagner-Hall | 2015-08-20 | 1 | -1/+2 |
|\ | | | | | | | | | Conflicts: synapse/rest/client/v1/login.py | ||||
| * | Fix tests | David Baker | 2015-08-04 | 1 | -1/+2 |
| | | |||||
* | | s/by_token/by_access_token/g | Daniel Wagner-Hall | 2015-08-20 | 5 | -23/+23 |
|/ | | | | We're about to have two kinds of token, access and refresh | ||||
* | Use the same reg paths as register v1 for ASes. | Kegan Dougal | 2015-07-29 | 1 | -1/+3 |
| | | | | Namely this means using registration_handler.appservice_register. | ||||
* | Fix v2_alpha registration. Add unit tests. | Kegan Dougal | 2015-07-28 | 1 | -0/+132 |
| | | | | | | | | V2 Registration forced everyone (including ASes) to create a password for a user, when ASes should be able to omit passwords. Also unbreak AS registration in general which checked too early if the given username was claimed by an AS; it was checked before knowing if the AS was the one doing the registration! Add unit tests for AS reg, user reg and disabled_registration flag. | ||||
* | Fix test. | Erik Johnston | 2015-07-07 | 1 | -1/+11 |
| | |||||
* | Add receipts_key to StreamToken | Erik Johnston | 2015-07-02 | 1 | -2/+2 |
| | |||||
* | Fix the presence tests | Mark Haines | 2015-05-22 | 1 | -2/+2 |
| | |||||
* | Merge pull request #157 from matrix-org/markjh/presence_performance | Mark Haines | 2015-05-22 | 1 | -0/+3 |
|\ | | | | | Improve presence performance in loadtest | ||||
| * | Fix the presence tests | Mark Haines | 2015-05-20 | 1 | -0/+3 |
| | | |||||
* | | Oops, get_rooms_for_user returns a namedtuple, not a room_id | Mark Haines | 2015-05-21 | 1 | -1/+6 |
|/ | |||||
* | Discard unused NotifierUserStreams | Mark Haines | 2015-05-13 | 1 | -0/+1 |
| | |||||
* | Don't bother checking for updates if the stream token hasn't advanced for a user | Mark Haines | 2015-05-13 | 1 | -5/+10 |
| | |||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into postgres | Erik Johnston | 2015-04-28 | 4 | -13/+13 |
|\ | |||||
| * | Merge branch 'develop' into csauth | David Baker | 2015-04-17 | 1 | -2/+5 |
| |\ | |||||
| * | | Fix tests | David Baker | 2015-03-24 | 4 | -13/+13 |
| | | | |||||
* | | | Merge branch 'develop' of github.com:matrix-org/synapse into postgres | Erik Johnston | 2015-04-17 | 1 | -2/+5 |
|\ \ \ | | |/ | |/| | |||||
| * | | Various minor fixes to unit-test structure around typing notifications | Paul "LeoNerd" Evans | 2015-04-15 | 1 | -2/+4 |
| | | | |||||
| * | | Have TypingNotificationEventSource.get_new_events_for_user() return a ↵ | Paul "LeoNerd" Evans | 2015-04-15 | 1 | -1/+2 |
| |/ | | | | | | | deferred, for consistency and extensibility | ||||
* / | Make work in both Maria and SQLite. Fix tests | Erik Johnston | 2015-04-01 | 1 | -9/+0 |
|/ | |||||
* | Fix tests | Erik Johnston | 2015-03-09 | 1 | -4/+4 |
| | |||||
* | Fix unit tests | Kegan Dougal | 2015-02-27 | 1 | -0/+3 |
| | |||||
* | Update tests | Erik Johnston | 2015-02-19 | 1 | -0/+1 |
| | |||||
* | Merge branch 'develop' into application-services | Kegan Dougal | 2015-02-11 | 6 | -141/+34 |
|\ | |||||
| * | Factor out some of the common homeserver setup code into a | Mark Haines | 2015-02-11 | 6 | -141/+34 |
| | | | | | | | | setup_test_homeserver function in utils. | ||||
* | | Modify auth.get_user_by_req for authing appservices directly. | Kegan Dougal | 2015-02-09 | 2 | -1/+6 |
|/ | | | | | | Add logic to map the appservice token to the autogenned appservice user ID. Add unit tests for all forms of get_user_by_req (user/appservice, valid/bad/missing tokens) | ||||
* | Merge in auth changes from develop | Mark Haines | 2015-01-29 | 1 | -0/+1 |
| | |||||
* | Merge changes from develop | Mark Haines | 2015-01-29 | 4 | -2/+12 |
|\ | |||||
| * | Merge pull request #36 from matrix-org/device_id_from_access_token | Mark Haines | 2015-01-28 | 4 | -2/+12 |
| |\ | | | | | | | Extract the device id and token id from the access token when autheniticating users | ||||
| | * | Extract the id token of the token when authing users, include the token and ↵ | Mark Haines | 2015-01-28 | 3 | -0/+10 |
| | | | | | | | | | | | | device_id in the internal meta data for the event along with the transaction id when sending events | ||||
| | * | Return the device_id from get_auth_by_req | Mark Haines | 2015-01-28 | 2 | -2/+2 |
| | | | |||||
* | | | More unit-testing of REST errors | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -1/+35 |
| | | | |||||
* | | | Move storage of user filters into real datastore layer; now have to mock it ↵ | Paul "LeoNerd" Evans | 2015-01-27 | 2 | -3/+27 |
| | | | | | | | | | | | | out in the REST-level tests | ||||
* | | | Use new V2AlphaRestTestCase | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -38/+2 |
| | | | |||||
* | | | Merge branch 'develop' into client_v2_filter | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -0/+45 |
|\| | | |||||
| * | | Initial cut of a shared base class for REST unit tests | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -0/+45 |
| |/ | |||||
* | | Minor changes to v2_alpha filter REST test to allow the setUp method to be ↵ | Paul "LeoNerd" Evans | 2015-01-27 | 1 | -5/+7 |
| | | | | | | | | shareable | ||||
* | | Initial trivial REST test of v2_alpha filter API | Paul "LeoNerd" Evans | 2015-01-26 | 1 | -0/+74 |
|/ | |||||
* | Create (empty) v2_alpha REST tests directory | Paul "LeoNerd" Evans | 2015-01-26 | 1 | -0/+15 |
| | |||||
* | Replace hs.parse_userid with UserID.from_string | Mark Haines | 2015-01-23 | 4 | -24/+24 |
| | |||||
* | Merge rest servlets into the client json resource object | Mark Haines | 2015-01-23 | 2 | -4/+9 |
| | |||||
* | Move client rest tests back under rest | Mark Haines | 2015-01-22 | 9 | -0/+2156 |
| | |||||
* | Move client v1 api rest servlets into a "client/v1" directory | Mark Haines | 2015-01-22 | 7 | -2128/+0 |
| | |||||
* | Check that setting typing notification still works after explicit timeout at ↵ | Paul "LeoNerd" Evans | 2015-01-12 | 1 | -1/+50 |
| | | | | REST layer - SYN-230 | ||||
* | Update tests | Kegan Dougal | 2015-01-07 | 1 | -1/+1 |
| | |||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into events_refactor | Erik Johnston | 2014-12-15 | 2 | -4/+115 |
|\ | | | | | | | | | Conflicts: tests/handlers/test_room.py | ||||
| * | Send list of typing user IDs as 'user_ids' list within 'content', so that ↵ | Paul "LeoNerd" Evans | 2014-12-12 | 1 | -1/+3 |
| | | | | | | | | m.typing stream events have a toplevel content, for consistency with others | ||||
| * | Move typing-notification REST tests into their own .py file | Paul "LeoNerd" Evans | 2014-12-11 | 2 | -83/+113 |
| | | |||||
| * | Actually unit-test the event stream around REST typing tests | Paul "LeoNerd" Evans | 2014-12-11 | 1 | -0/+14 |
| | |