Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Quarantine media by ID or user ID (#6681) | Andrew Morgan | 2020-01-13 | 2 | -0/+378 |
| | |||||
* | Allow admin users to create or modify users without a shared secret (#6495) | Manuel Stahl | 2020-01-09 | 2 | -338/+465 |
| | | | Signed-off-by: Manuel Stahl <manuel.stahl@awesome-technologies.de> | ||||
* | Fix GET request on /_synapse/admin/v2/users endpoint (#6563) | Manuel Stahl | 2020-01-08 | 1 | -0/+41 |
| | | | | Fixes #6552 | ||||
* | Back out ill-advised notary server hackery (#6657) | Richard van der Hoff | 2020-01-08 | 3 | -4/+131 |
| | | | | | | | | | | | This was ill-advised. We can't modify verify_keys here, because the response object has already been signed by the requested key. Furthermore, it's somewhat unnecessary because existing versions of Synapse (which get upset that the notary key isn't present in verify_keys) will fall back to a direct fetch via `/key/v2/server`. Also: more tests for fetching keys via perspectives: it would be nice if we actually tested when our fetcher can't talk to our notary impl. | ||||
* | Workaround for error when fetching notary's own key (#6620) | Richard van der Hoff | 2020-01-06 | 1 | -0/+130 |
| | | | | | | | | | | | | | | * Kill off redundant SynapseRequestFactory We already get the Site via the Channel, so there's no need for a dedicated RequestFactory: we can just use the right constructor. * Workaround for error when fetching notary's own key As a notary server, when we return our own keys, include all of our signing keys in verify_keys. This is a workaround for #6596. | ||||
* | Merge release-v1.7.1 into develop | Richard van der Hoff | 2019-12-18 | 1 | -0/+127 |
|\ | |||||
| * | Incorporate review | Brendan Abolivier | 2019-12-16 | 1 | -5/+0 |
| | | |||||
| * | Lint | Brendan Abolivier | 2019-12-16 | 1 | -2/+1 |
| | | |||||
| * | Add test case | Brendan Abolivier | 2019-12-16 | 1 | -0/+133 |
| | | |||||
* | | Add option to allow profile queries without sharing a room (#6523) | Will Hunt | 2019-12-16 | 1 | -0/+2 |
| | | |||||
* | | Port handlers.account_validity to async/await. | Erik Johnston | 2019-12-10 | 1 | -2/+1 |
|/ | |||||
* | Merge pull request #6484 from matrix-org/erikj/port_sync_handler | Erik Johnston | 2019-12-09 | 1 | -1/+3 |
|\ | | | | | Port SyncHandler to async/await | ||||
| * | Fixup functions to consistently return deferreds | Erik Johnston | 2019-12-06 | 1 | -1/+3 |
| | | |||||
* | | Merge branch 'develop' of github.com:matrix-org/synapse into ↵ | Erik Johnston | 2019-12-06 | 2 | -1/+12 |
|\| | | | | | | | erikj/make_database_class | ||||
| * | Fixup tests | Erik Johnston | 2019-12-05 | 2 | -1/+12 |
| | | |||||
* | | Move DB pool and helper functions into dedicated Database class | Erik Johnston | 2019-12-05 | 1 | -1/+1 |
|/ | |||||
* | Remove underscore from SQLBaseStore functions | Erik Johnston | 2019-12-04 | 1 | -1/+1 |
| | |||||
* | Merge pull request #6329 from matrix-org/babolivier/context_filters | Brendan Abolivier | 2019-12-04 | 3 | -100/+381 |
|\ | | | | | Filter state, events_before and events_after in /context requests | ||||
| * | Un-remove room purge test | Brendan Abolivier | 2019-12-04 | 1 | -0/+72 |
| | | |||||
| * | Merge branch 'babolivier/context_filters' of github.com:matrix-org/synapse ↵ | Brendan Abolivier | 2019-12-04 | 1 | -1/+1 |
| |\ | | | | | | | | | | into babolivier/context_filters | ||||
| | * | Merge branch 'develop' into babolivier/context_filters | Brendan Abolivier | 2019-11-26 | 3 | -1/+213 |
| | |\ | |||||
| * | \ | Merge branch 'develop' into babolivier/context_filters | Brendan Abolivier | 2019-12-04 | 5 | -3/+477 |
| |\ \ \ | | |/ / | |/| | | |||||
| * | | | Lint | Brendan Abolivier | 2019-11-05 | 1 | -30/+41 |
| | | | | |||||
| * | | | Update copyrights | Brendan Abolivier | 2019-11-05 | 3 | -1/+7 |
| | | | | |||||
| * | | | Add tests for /search | Brendan Abolivier | 2019-11-05 | 1 | -44/+143 |
| | | | | |||||
| * | | | Merge labels tests for /context and /messages | Brendan Abolivier | 2019-11-05 | 1 | -146/+130 |
| | | | | |||||
| * | | | Add test case | Brendan Abolivier | 2019-11-05 | 1 | -0/+182 |
| | | | | |||||
* | | | | Add ephemeral messages support (MSC2228) (#6409) | Brendan Abolivier | 2019-12-03 | 1 | -0/+101 |
| |/ / |/| | | | | | | | | | | | | | | | | | | | | Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are: * the feature is hidden behind a configuration flag (`enable_ephemeral_messages`) * self-destruction doesn't happen for state events * only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one) * doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database | ||||
* | | | Add tests | Erik Johnston | 2019-11-28 | 1 | -0/+140 |
| | | | |||||
* | | | Merge pull request #6358 from matrix-org/babolivier/message_retention | Brendan Abolivier | 2019-11-27 | 1 | -0/+293 |
|\ \ \ | | | | | | | | | Implement message retention policies (MSC1763) | ||||
| * \ \ | Merge branch 'develop' into babolivier/message_retention | Brendan Abolivier | 2019-11-26 | 3 | -1/+114 |
| |\ \ \ | | | |/ | | |/| | |||||
| * | | | Don't restrict the tests to v1 rooms | Brendan Abolivier | 2019-11-26 | 1 | -2/+0 |
| | | | | |||||
| * | | | Lint again | Brendan Abolivier | 2019-11-19 | 1 | -10/+2 |
| | | | | |||||
| * | | | Lint | Brendan Abolivier | 2019-11-19 | 1 | -50/+23 |
| | | | | |||||
| * | | | Don't apply retention policy based filtering on state events | Brendan Abolivier | 2019-11-06 | 1 | -0/+10 |
| | | | | | | | | | | | | | | | | As per MSC1763, 'Retention is only considered for non-state events.', so don't filter out state events based on the room's retention policy. | ||||
| * | | | Implement per-room message retention policies | Brendan Abolivier | 2019-11-04 | 1 | -0/+320 |
| | |/ | |/| | |||||
* | | | Remove assertion and provide a clear warning on startup for missing ↵ | Andrew Morgan | 2019-11-26 | 1 | -0/+1 |
| |/ |/| | | | | | public_baseurl (#6379) | ||||
* | | Lint | Brendan Abolivier | 2019-11-20 | 1 | -6/+8 |
| | | |||||
* | | Test if a purge can make /messages return 500 responses | Brendan Abolivier | 2019-11-20 | 1 | -0/+72 |
| | | |||||
* | | Blacklist PurgeRoomTestCase (#6361) | Andrew Morgan | 2019-11-13 | 1 | -0/+2 |
| | | |||||
* | | Merge pull request #6295 from matrix-org/erikj/split_purge_history | Erik Johnston | 2019-11-08 | 1 | -1/+3 |
|\ \ | | | | | | | Split purge API into events vs state and add PurgeEventsStorage | ||||
| * | | Fix deleting state groups during room purge. | Erik Johnston | 2019-11-06 | 1 | -1/+3 |
| |/ | | | | | | | And fix the tests to actually test that things got deleted. | ||||
* | | Merge branch 'develop' into rav/url_preview_limit_title | Richard van der Hoff | 2019-11-05 | 4 | -5/+332 |
|\| | |||||
| * | Merge pull request #6301 from matrix-org/babolivier/msc2326 | Brendan Abolivier | 2019-11-01 | 3 | -5/+254 |
| |\ | | | | | | | Implement MSC2326 (label based filtering) | ||||
| | * | Incorporate review | Brendan Abolivier | 2019-11-01 | 2 | -8/+8 |
| | | | |||||
| | * | Incorporate review | Brendan Abolivier | 2019-11-01 | 2 | -10/+10 |
| | | | |||||
| | * | Lint | Brendan Abolivier | 2019-10-30 | 2 | -31/+30 |
| | | | |||||
| | * | Add integration tests for /messages | Brendan Abolivier | 2019-10-30 | 1 | -1/+101 |
| | | | |||||
| | * | Add more integration testing | Brendan Abolivier | 2019-10-30 | 1 | -6/+39 |
| | | | |||||
| | * | Add integration tests for sync | Brendan Abolivier | 2019-10-30 | 2 | -5/+122 |
| | | | |||||
| * | | Add unit test for /purge_room API | Erik Johnston | 2019-10-31 | 1 | -0/+78 |
| |/ | |||||
* | | Apply suggestions from code review | Richard van der Hoff | 2019-11-05 | 1 | -0/+1 |
| | | | | | | | | Co-Authored-By: Brendan Abolivier <babolivier@matrix.org> Co-Authored-By: Erik Johnston <erik@matrix.org> | ||||
* | | Strip overlong OpenGraph data from url preview | Richard van der Hoff | 2019-11-05 | 1 | -0/+34 |
|/ | | | | ... to stop people causing DoSes with malicious web pages | ||||
* | Add domain validation when creating room with list of invitees (#6121) | werner291 | 2019-10-10 | 1 | -0/+9 |
| | |||||
* | send 404 as http-status when filter-id is unknown to the server (#2380) | krombel | 2019-10-10 | 1 | -1/+1 |
| | | | | | | | This fixed the weirdness of 400 vs 404 as http status code in the case the filter id is not known by the server. As e.g. matrix-js-sdk expects 404 to catch this situation this leads to unwanted behaviour. | ||||
* | Fix races in room stats (and other) updates. (#6187) | Richard van der Hoff | 2019-10-10 | 1 | -1/+1 |
| | | | | | | | Hopefully this will fix the occasional failures we were seeing in the room directory. The problem was that events are not necessarily persisted (and `current_state_delta_stream` updated) in the same order as their stream_id. So for instance current_state_delta 9 might be persisted *before* current_state_delta 8. Then, when the room stats saw stream_id 9, it assumed it had done everything up to 9, and never came back to do stream_id 8. We can solve this easily by only processing up to the stream_id where we know all events have been persisted. | ||||
* | ok | Brendan Abolivier | 2019-09-27 | 1 | -1/+3 |
| | |||||
* | Lint | Brendan Abolivier | 2019-09-27 | 1 | -7/+1 |
| | |||||
* | Add test to validate the change | Brendan Abolivier | 2019-09-27 | 1 | -13/+57 |
| | |||||
* | Stop advertising unsupported flows for registration (#6107) | Richard van der Hoff | 2019-09-25 | 1 | -12/+17 |
| | | | | | | | If email or msisdn verification aren't supported, let's stop advertising them for registration. Fixes #6100. | ||||
* | Refactor the user-interactive auth handling (#6105) | Richard van der Hoff | 2019-09-25 | 1 | -10/+16 |
| | | | | | | | Pull the checkers out to their own classes, rather than having them lost in a massive 1000-line class which does everything. This is also preparation for some more intelligent advertising of flows, as per #6100 | ||||
* | Refactor code for calculating registration flows (#6106) | Richard van der Hoff | 2019-09-25 | 1 | -12/+67 |
| | | | | | | | | | because, frankly, it looked like it was written by an axe-murderer. This should be a non-functional change, except that where `m.login.dummy` was previously advertised *before* `m.login.terms`, it will now be advertised afterwards. AFAICT that should have no effect, and will be more consistent with the flows that involve passing a 3pid. | ||||
* | Fix comments | Erik Johnston | 2019-09-11 | 1 | -2/+2 |
| | | | Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | ||||
* | Add test for admin redaction ratelimiting. | Erik Johnston | 2019-09-11 | 1 | -0/+25 |
| | |||||
* | Fix and refactor room and user stats (#5971) | Erik Johnston | 2019-09-04 | 1 | -2/+6 |
| | | | Previously the stats were not being correctly populated. | ||||
* | Remove unnecessary parentheses around return statements (#5931) | Andrew Morgan | 2019-08-30 | 1 | -1/+1 |
| | | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :) | ||||
* | Add tests | Brendan Abolivier | 2019-08-01 | 1 | -0/+37 |
| | |||||
* | Replace returnValue with return (#5736) | Amber Brown | 2019-07-23 | 1 | -1/+1 |
| | |||||
* | Remove the ability to query relations when the original event was redacted. ↵ | Andrew Morgan | 2019-07-18 | 1 | -3/+113 |
| | | | | | | | (#5629) Fixes #5594 Forbid viewing relations on an event once it has been redacted. | ||||
* | Ignore redactions of m.room.create events (#5701) | Richard van der Hoff | 2019-07-17 | 1 | -0/+20 |
| | |||||
* | More refactoring in `get_events_as_list` (#5707) | Richard van der Hoff | 2019-07-17 | 1 | -0/+159 |
| | | | | | | | | We can now use `_get_events_from_cache_or_db` rather than going right back to the database, which means that (a) we can benefit from caching, and (b) it opens the way forward to more extensive checks on the original event. We now always require the original event to exist before we will serve up a redaction. | ||||
* | Implement access token expiry (#5660) | Richard van der Hoff | 2019-07-12 | 1 | -0/+108 |
| | | | | Record how long an access token is valid for, and raise a soft-logout once it expires. | ||||
* | Include the original event in /relations (#5626) | Andrew Morgan | 2019-07-09 | 1 | -0/+5 |
| | | | When asking for the relations of an event, include the original event in the response. This will mostly be used for efficiently showing edit history, but could be useful in other circumstances. | ||||
* | Lint | Brendan Abolivier | 2019-07-08 | 1 | -2/+2 |
| | |||||
* | Add test case | Brendan Abolivier | 2019-07-08 | 1 | -0/+47 |
| | |||||
* | Add origin_server_ts and sender fields to m.replace (#5613) | Andrew Morgan | 2019-07-05 | 1 | -6/+18 |
| | | | | | Riot team would like some extra fields as part of m.replace, so here you go. Fixes: #5598 | ||||
* | Move logging utilities out of the side drawer of util/ and into logging/ (#5606) | Amber Brown | 2019-07-04 | 2 | -2/+2 |
| | |||||
* | Fix media repo breaking (#5593) | Amber Brown | 2019-07-02 | 1 | -0/+12 |
| | |||||
* | Make the http server handle coroutine-making REST servlets (#5475) | Amber Brown | 2019-06-29 | 1 | -10/+15 |
| | |||||
* | Split public rooms directory auth config in two | Brendan Abolivier | 2019-06-24 | 1 | -1/+1 |
| | |||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 13 | -179/+160 |
| | |||||
* | Merge pull request #5440 from matrix-org/babolivier/third_party_event_rules | Brendan Abolivier | 2019-06-14 | 1 | -0/+79 |
|\ | | | | | Allow server admins to define implementations of extra rules for allowing or denying incoming events | ||||
| * | Add plugin APIs for implementations of custom event rules. | Brendan Abolivier | 2019-06-14 | 1 | -0/+79 |
| | | |||||
* | | Don't send renewal emails to deactivated users | Brendan Abolivier | 2019-06-14 | 1 | -25/+42 |
| | | |||||
* | | Track deactivated accounts in the database (#5378) | Brendan Abolivier | 2019-06-14 | 1 | -0/+45 |
| | | |||||
* | | Merge branch 'master' of github.com:matrix-org/synapse into develop | Erik Johnston | 2019-06-11 | 3 | -12/+241 |
|\ \ | |||||
| * | | Bump bleach version so that tests can run on old deps. | Erik Johnston | 2019-06-11 | 2 | -12/+0 |
| | | | |||||
| * | | Change password reset links to /_matrix. | Erik Johnston | 2019-06-11 | 1 | -0/+241 |
| |/ | |||||
* | | Merge pull request #5363 from ↵ | Brendan Abolivier | 2019-06-10 | 1 | -0/+35 |
|\ \ | |/ |/| | | | | | matrix-org/babolivier/account_validity_send_mail_auth Don't check whether the user's account is expired on /send_mail requests | ||||
| * | Don't check whether the user's account is expired on /send_mail requests | Brendan Abolivier | 2019-06-05 | 1 | -0/+35 |
| | | |||||
* | | Unify v1 and v2 REST client APIs (#5226) | Amber Brown | 2019-06-03 | 2 | -2/+1 |
| | | |||||
* | | Merge pull request #5309 from matrix-org/rav/limit_displayname_length | Richard van der Hoff | 2019-06-01 | 1 | -2/+60 |
|\ \ | | | | | | | Limit displaynames and avatar URLs | ||||
| * | | add some tests | Richard van der Hoff | 2019-06-01 | 1 | -2/+60 |
| | | | |||||
* | | | Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta | Erik Johnston | 2019-05-31 | 1 | -5/+10 |
|\ \ \ | | | | | | | | | Allow configuring a range for the account validity startup job | ||||
| * | | | Move delta from +10% to -10% | Brendan Abolivier | 2019-05-31 | 1 | -2/+2 |
| | | | | |||||
| * | | | Make max_delta equal to period * 10% | Brendan Abolivier | 2019-05-31 | 1 | -17/+1 |
| | | | | |||||
| * | | | Typo | Brendan Abolivier | 2019-05-28 | 1 | -1/+1 |
| | | | | |||||
| * | | | Allow configuring a range for the account validity startup job | Brendan Abolivier | 2019-05-28 | 1 | -0/+21 |
| | |/ | |/| | | | | | | | | | | When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal. In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch. | ||||
* | | | Add config option for setting homeserver's default room version (#5223) | Andrew Morgan | 2019-05-23 | 1 | -2/+5 |
| | | | | | | | | | | | | | | | Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present. That hardcoded value is now located in the server.py config file. | ||||
* | | | Room Statistics (#4338) | Amber Brown | 2019-05-21 | 1 | -0/+17 |
| |/ |/| | |||||
* | | Merge pull request #5212 from matrix-org/erikj/deny_multiple_reactions | Erik Johnston | 2019-05-21 | 1 | -1/+26 |
|\ \ | | | | | | | Block attempts to annotate the same event twice | ||||
| * | | Block attempts to annotate the same event twice | Erik Johnston | 2019-05-20 | 1 | -1/+26 |
| | | | |||||
* | | | Merge pull request #5204 from ↵ | Brendan Abolivier | 2019-05-21 | 1 | -0/+55 |
|\ \ \ | |/ / |/| / | |/ | | | matrix-org/babolivier/account_validity_expiration_date Add startup background job for account validity | ||||
| * | Add startup background job for account validity | Brendan Abolivier | 2019-05-17 | 1 | -0/+55 |
| | | | | | | | | If account validity is enabled in the server's configuration, this job will run at startup as a background job and will stick an expiration date to any registered account missing one. | ||||
* | | Rename relation types to match MSC | Erik Johnston | 2019-05-20 | 1 | -11/+11 |
| | | |||||
* | | Merge pull request #5209 from matrix-org/erikj/reactions_base | Erik Johnston | 2019-05-20 | 1 | -0/+539 |
|\ \ | | | | | | | Land basic reaction and edit support. | ||||
| * | | Fixup comments | Erik Johnston | 2019-05-20 | 1 | -2/+2 |
| | | | |||||
| * | | Correctly update aggregation counts after redaction | Erik Johnston | 2019-05-20 | 1 | -0/+37 |
| | | | |||||
| * | | Make tests use different user for each reaction it sends | Erik Johnston | 2019-05-17 | 1 | -12/+68 |
| | | | | | | | | | | | | As users aren't allowed to react with the same emoji more than once. | ||||
| * | | Add basic editing support | Erik Johnston | 2019-05-16 | 1 | -9/+82 |
| | | | |||||
| * | | Check that event is visible in new APIs | Erik Johnston | 2019-05-16 | 1 | -1/+1 |
| | | | |||||
| * | | Add aggregations API | Erik Johnston | 2019-05-16 | 1 | -3/+248 |
| | | | |||||
| * | | Add simple pagination API | Erik Johnston | 2019-05-15 | 1 | -0/+30 |
| | | | |||||
| * | | Add simple send_relation API and track in DB | Erik Johnston | 2019-05-15 | 1 | -0/+98 |
| | | | |||||
* | | | Merge pull request #5196 from matrix-org/babolivier/per_room_profiles | Brendan Abolivier | 2019-05-17 | 1 | -1/+69 |
|\ \ \ | | |/ | |/| | Add an option to disable per-room profiles | ||||
| * | | Lint | Brendan Abolivier | 2019-05-16 | 1 | -1/+0 |
| | | | |||||
| * | | Lint | Brendan Abolivier | 2019-05-16 | 1 | -1/+3 |
| | | | |||||
| * | | Forgot copyright | Brendan Abolivier | 2019-05-16 | 1 | -0/+1 |
| | | | |||||
| * | | Add test case | Brendan Abolivier | 2019-05-16 | 1 | -1/+67 |
| |/ | |||||
* | | Merge pull request #5174 from matrix-org/dbkr/add_dummy_flow_to_recaptcha_only | David Baker | 2019-05-16 | 1 | -1/+8 |
|\ \ | |/ |/| | Re-order registration stages to do msisdn & email auth last | ||||
| * | Merge remote-tracking branch 'origin/develop' into ↵ | David Baker | 2019-05-13 | 1 | -11/+11 |
| |\ | | | | | | | | | | dbkr/add_dummy_flow_to_recaptcha_only | ||||
| * | | And now I realise why the test is failing... | David Baker | 2019-05-13 | 1 | -1/+8 |
| | | | |||||
* | | | Migrate all tests to use the dict-based config format instead of hanging ↵ | Amber Brown | 2019-05-13 | 10 | -69/+70 |
| |/ |/| | | | | | items off HomeserverConfig (#5171) | ||||
* | | URL preview blacklisting fixes (#5155) | Andrew Morgan | 2019-05-10 | 1 | -11/+11 |
|/ | | | Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases. | ||||
* | Run Black on the tests again (#5170) | Amber Brown | 2019-05-10 | 8 | -222/+114 |
| | |||||
* | Fix bogus imports in tests (#5154) | Brendan Abolivier | 2019-05-08 | 3 | -5/+6 |
| | |||||
* | add options to require an access_token to GET /profile and /publicRooms on ↵ | Matthew Hodgson | 2019-05-08 | 2 | -1/+123 |
| | | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit. | ||||
* | Do checks on aliases for incoming m.room.aliases events (#5128) | Brendan Abolivier | 2019-05-08 | 1 | -0/+169 |
| | | | | | Follow-up to #5124 Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended. | ||||
* | Remove the requirement to authenticate for /admin/server_version. (#5122) | Richard van der Hoff | 2019-05-07 | 1 | -22/+8 |
| | | | | | | | | | This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently. | ||||
* | Add admin api for sending server_notices (#5121) | Richard van der Hoff | 2019-05-02 | 10 | -14/+14 |
| | |||||
* | Move admin api impl to its own package | Richard van der Hoff | 2019-05-01 | 11 | -25/+47 |
| | | | | It doesn't really belong under rest/client/v1 any more. | ||||
* | Merge branch 'develop' of github.com:matrix-org/synapse into ↵ | Erik Johnston | 2019-04-17 | 3 | -2/+191 |
|\ | | | | | | | babolivier/account_expiration | ||||
| * | Merge pull request #5047 from matrix-org/babolivier/account_expiration | Brendan Abolivier | 2019-04-17 | 1 | -1/+99 |
| |\ | | | | | | | Send out emails with links to extend an account's validity period | ||||
| * \ | Merge pull request #5027 from matrix-org/babolivier/account_expiration | Brendan Abolivier | 2019-04-09 | 1 | -2/+49 |
| |\ \ | | | | | | | | | Add time-based account expiration | ||||
| * | | | Add config option to block users from looking up 3PIDs (#5010) | Brendan Abolivier | 2019-04-04 | 1 | -0/+65 |
| | | | | |||||
| * | | | Add unit test for deleting groups | Erik Johnston | 2019-04-03 | 1 | -0/+124 |
| | | | | |||||
| * | | | Collect room-version variations into one place (#4969) | Richard van der Hoff | 2019-04-01 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions. | ||||
* | | | | Add management endpoints for account validity | Brendan Abolivier | 2019-04-17 | 1 | -8/+87 |
| |_|/ |/| | | |||||
* | | | Send out emails with links to extend an account's validity period | Brendan Abolivier | 2019-04-17 | 1 | -1/+99 |
| |/ |/| | |||||
* | | Add account expiration feature | Brendan Abolivier | 2019-04-09 | 1 | -2/+49 |
|/ | |||||
* | Some more porting to HomeserverTestCase and remove old RESTHelper (#4913) | Amber Brown | 2019-03-22 | 1 | -125/+0 |
| | |||||
* | Merge pull request #4908 from matrix-org/erikj/block_peek_on_blocked_rooms | Erik Johnston | 2019-03-21 | 1 | -1/+65 |
|\ | | | | | Deny peeking into rooms that have been blocked | ||||
| * | isort | Erik Johnston | 2019-03-21 | 1 | -1/+1 |
| | | |||||
| * | Deny peeking into rooms that have been blocked | Erik Johnston | 2019-03-21 | 1 | -1/+65 |
| | | |||||
* | | Fix typo and add description | Erik Johnston | 2019-03-21 | 1 | -1/+5 |
|/ | |||||
* | Rejig testcase to make it more extensible | Erik Johnston | 2019-03-21 | 1 | -17/+22 |
| | |||||
* | Remove debug | Erik Johnston | 2019-03-21 | 1 | -1/+0 |
| | |||||
* | Add tests | Erik Johnston | 2019-03-21 | 1 | -1/+66 |
| | |||||
* | Fix registration test | Richard van der Hoff | 2019-03-19 | 1 | -1/+2 |
| | | | | | * Set allow_guest_access = True, since we rely on it * config doesn't have a `hostname` attribute; it is `server_name` | ||||
* | Add ratelimiting on failed login attempts (#4865) | Brendan Abolivier | 2019-03-18 | 1 | -0/+45 |
| | |||||
* | Add ratelimiting on login (#4821) | Brendan Abolivier | 2019-03-15 | 2 | -2/+122 |
| | | | Add two ratelimiters on login (per-IP address and per-userID). | ||||
* | Merge pull request #4772 from jbweston/jbweston/server-version-api | Erik Johnston | 2019-03-05 | 1 | -2/+36 |
|\ | | | | | Add 'server_version' endpoint to admin API | ||||
| * | Add 'server_version' endpoint to admin API | Joseph Weston | 2019-03-01 | 1 | -1/+35 |
| | | | | | | | | | | This is required because the 'Server' HTTP header is not always passed through proxies. | ||||
| * | Import 'admin' module rather than 'register_servlets' directly | Joseph Weston | 2019-03-01 | 1 | -2/+2 |
| | | | | | | | | | | | | We will later need also to import 'register_servlets' from the 'login' module, so we un-pollute the namespace now to keep the logical changes separate. | ||||
* | | Add rate-limiting on registration (#4735) | Brendan Abolivier | 2019-03-05 | 4 | -7/+55 |
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test | ||||
* | Fix parsing of Content-Disposition headers (#4763) | Richard van der Hoff | 2019-02-27 | 1 | -0/+45 |
| | | | | | | | | | | | * Fix parsing of Content-Disposition headers TIL: filenames in content-dispostion headers can contain semicolons, and aren't %-encoded. * fix python2 incompatibility * Fix docstrings | ||||
* | Move register_device into handler | Erik Johnston | 2019-02-18 | 1 | -70/+23 |
| | |||||
* | Fix unit tests | Erik Johnston | 2019-02-18 | 1 | -6/+15 |
| | |||||
* | rework format of change password capability | Neil Johnson | 2019-01-29 | 1 | -2/+2 |
| | |||||
* | support change_password in capabilities end-point | Neil Johnson | 2019-01-29 | 1 | -0/+23 |
| | |||||
* | isort | Neil Johnson | 2019-01-29 | 1 | -1/+2 |
| | |||||
* | enforce auth for capabilities endpoint | Neil Johnson | 2019-01-29 | 1 | -4/+19 |
| | |||||
* | Support room version capabilities in CS API (MSC1804) | Neil Johnson | 2019-01-25 | 1 | -0/+39 |
| | |||||
* | Remove v1 only REST APIs now we don't ship matrix console (#4334) | Amber Brown | 2018-12-29 | 2 | -145/+44 |
| | |||||
* | Fix IP URL previews on Python 3 (#4215) | Amber Brown | 2018-12-22 | 1 | -98/+326 |
| | |||||
* | create support user (#4141) | Neil Johnson | 2018-12-14 | 1 | -5/+28 |
| | | | | | | Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits. | ||||
* | Implement .well-known handling (#4262) | Richard van der Hoff | 2018-12-05 | 1 | -0/+58 |
| | | | | Sometimes it's useful for synapse to generate its own .well-known file. | ||||
* | Fix more logcontext leaks in tests (#4209) | Richard van der Hoff | 2018-11-27 | 1 | -1/+2 |
| | |||||
* | Merge pull request #4204 from matrix-org/rav/logcontext_leak_fixes | Richard van der Hoff | 2018-11-20 | 1 | -1/+2 |
|\ | | | | | Fix some logcontext leaks | ||||
| * | Fix logcontext leak in test_url_preview | Richard van der Hoff | 2018-11-19 | 1 | -1/+2 |
| | | |||||
* | | Fix fallback auth on Python 3 (#4197) | Amber Brown | 2018-11-19 | 1 | -0/+104 |
|/ | |||||
* | Fix Content-Disposition in media repository (#4176) | Amber Brown | 2018-11-15 | 1 | -0/+145 |
| | |||||
* | Use <meta> tags to discover the per-page encoding of html previews (#4183) | Amber Brown | 2018-11-15 | 1 | -0/+77 |
| | |||||
* | Add a test for the public T&Cs form | Richard van der Hoff | 2018-11-14 | 1 | -0/+7 |
| | |||||
* | Fix URL preview bugs (type error when loading cache from db, content-type ↵ | Amber Brown | 2018-11-08 | 1 | -0/+164 |
| | | | | including quotes) (#4157) | ||||
* | Remove some boilerplate in tests (#4156) | Amber Brown | 2018-11-07 | 5 | -178/+117 |
| | |||||
* | Tests for user consent resource (#4140) | Amber Brown | 2018-11-06 | 1 | -0/+111 |
| | |||||
* | Fix typing being reset causing infinite syncs (#4127) | Amber Brown | 2018-11-03 | 1 | -0/+123 |
| | |||||
* | Fix search 500ing (#4122) | Amber Brown | 2018-10-31 | 1 | -1/+105 |
| | |||||
* | Port tests/ to Python 3 (#3808) | Amber Brown | 2018-09-07 | 2 | -311/+258 |
| | |||||
* | Port storage/ to Python 3 (#3725) | Amber Brown | 2018-08-31 | 1 | -4/+10 |
| | |||||
* | Integrate presence from hotfixes (#3694) | Amber Brown | 2018-08-18 | 2 | -46/+105 |
| | |||||
* | Fix the tests | Amber Brown | 2018-08-15 | 5 | -45/+24 |
| | |||||
* | Implement a new test baseclass to cut down on boilerplate (#3684) | Amber Brown | 2018-08-14 | 1 | -37/+29 |
| | |||||
* | Run tests under PostgreSQL (#3423) | Amber Brown | 2018-08-13 | 9 | -5/+9 |
| | |||||
* | Run black. | black | 2018-08-10 | 9 | -132/+119 |
| | |||||
* | Test fixes for Python 3 (#3647) | Amber Brown | 2018-08-09 | 7 | -36/+36 |
| | |||||
* | Admin API for creating new users (#3415) | Amber Brown | 2018-07-20 | 1 | -0/+305 |
| | |||||
* | Move v1-only APIs into their own module & isolate deprecated ones (#3460) | Amber Brown | 2018-07-19 | 5 | -86/+27 |
| | |||||
* | Refactor REST API tests to use explicit reactors (#3351) | Amber Brown | 2018-07-17 | 7 | -921/+902 |
| | |||||
* | Make auth & transactions more testable (#3499) | Amber Brown | 2018-07-14 | 1 | -1/+4 |
| | |||||
* | run isort | Amber Brown | 2018-07-09 | 11 | -48/+51 |
| | |||||
* | Pass around the reactor explicitly (#3385) | Amber Brown | 2018-06-22 | 2 | -5/+6 |
| | |||||
* | Fix logcontext leak in HttpTransactionCache | Richard van der Hoff | 2018-05-21 | 1 | -0/+21 |
| | | | | ONE DAY I WILL PURGE THE WORLD OF THIS EVIL | ||||
* | Stop the transaction cache caching failures | Richard van der Hoff | 2018-05-21 | 1 | -0/+54 |
| | | | | | | The transaction cache has some code which tries to stop it caching failures, but if the callback function failed straight away, then things would happen backwards and we'd end up with the failure stuck in the cache. | ||||
* | Burminate v1auth | Adrian Tschira | 2018-04-30 | 4 | -13/+18 |
| | | | | | | | | | | | | | | | | | | This closes #2602 v1auth was created to account for the differences in status code between the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid tokens). However since those protocols were merged, this makes the r0 version/endpoint internally inconsistent, and violates the specification for the r0 endpoint. This might break clients that rely on this inconsistency with the specification. This is said to affect the legacy angular reference client. However, I feel that restoring parity with the spec is more important. Either way, it is critical to inform developers about this change, in case they rely on the illegal behaviour. Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | Use six.moves.urlparse | Adrian Tschira | 2018-04-15 | 1 | -7/+7 |
| | | | | | | The imports were shuffled around a bunch in py3 Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | move handling of auto_join_rooms to RegisterHandler | Krombel | 2018-03-14 | 1 | -0/+1 |
| | | | | | | | | | | | | | Currently the handling of auto_join_rooms only works when a user registers itself via public register api. Registrations via registration_shared_secret and ModuleApi do not work This auto_joins the users in the registration handler which enables the auto join feature for all 3 registration paths. This is related to issue #2725 Signed-Off-by: Matthias Kesler <krombel@krombel.de> | ||||
* | s/replication_client/federation_client/ | Erik Johnston | 2018-03-13 | 4 | -11/+11 |
| | |||||
* | Fix tests | Erik Johnston | 2018-03-13 | 4 | -11/+11 |
| | |||||
* | Move RoomMemberHandler out of Handlers | Erik Johnston | 2018-03-01 | 1 | -1/+1 |
| | |||||
* | Fix broken unit test for media storage | Erik Johnston | 2018-02-05 | 1 | -1/+6 |
| | |||||
* | Merge pull request #2791 from matrix-org/erikj/media_storage_refactor | Erik Johnston | 2018-02-05 | 3 | -0/+109 |
|\ | | | | | Ensure media is in local cache before thumbnailing | ||||
| * | Add unit tests | Erik Johnston | 2018-01-18 | 3 | -0/+109 |
| | | |||||
* | | mock registrations_require_3pid | Matthew Hodgson | 2018-01-19 | 1 | -0/+1 |
|/ | |||||
* | Remove dead code | Richard van der Hoff | 2018-01-09 | 1 | -3/+0 |
| | | | | pointless function is pointless | ||||
* | Refactor UI auth implementation | Richard van der Hoff | 2017-12-05 | 1 | -4/+7 |
| | | | | | Instead of returning False when auth is incomplete, throw an exception which can be caught with a wrapper. | ||||
* | Fix test | David Baker | 2017-10-17 | 1 | -0/+1 |
| | |||||
* | Split out profile handler to fix tests | Erik Johnston | 2017-08-25 | 1 | -2/+1 |
| | |||||
* | Add groups to sync stream | Erik Johnston | 2017-07-20 | 1 | -2/+2 |
| | |||||
* | use jsonschema.FormatChecker for RoomID and UserID strings | pik | 2017-03-23 | 1 | -2/+2 |
| | | | | | | * use a valid filter in rest/client/v2_alpha test Signed-off-by: pik <alexander.maznev@gmail.com> | ||||
* | Add basic implementation of local device list changes | Erik Johnston | 2017-01-25 | 1 | -2/+2 |
| | |||||
* | Linearize updates to membership via PUT /state/ | Erik Johnston | 2017-01-09 | 2 | -3/+6 |
| | |||||
* | Stop generating refresh tokens | Richard van der Hoff | 2016-11-28 | 1 | -8/+4 |
| | | | | | | | Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins. | ||||
* | Clean transactions based on time. Add HttpTransactionCache tests. | Kegan Dougal | 2016-11-14 | 1 | -0/+69 |
| | |||||
* | Merge pull request #1098 from matrix-org/markjh/bearer_token | Mark Haines | 2016-10-25 | 2 | -0/+4 |
|\ | | | | | Allow clients to supply access_tokens as headers | ||||
| * | Fix unit tests | Mark Haines | 2016-09-12 | 2 | -0/+4 |
| | | |||||
* | | Merge pull request #1164 from pik/error-codes | Erik Johnston | 2016-10-19 | 1 | -40/+87 |
|\ \ | | | | | | | Clarify Error codes for GET /filter/ | ||||
| * | | Refactor test_filter to use real DataStore | pik | 2016-10-18 | 1 | -43/+81 |
| | | | | | | | | | | | | * add tests for filter api errors | ||||
| * | | Error codes for filters | Alexander Maznev | 2016-10-14 | 1 | -3/+12 |
| | | | | | | | | | | | | | | | | | | * add tests Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com> | ||||
* | | | rest/client/v1/register: use the correct requester in createUser | Patrik Oldsberg | 2016-10-06 | 1 | -21/+9 |
| | | | | | | | | | | | | Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> | ||||
* | | | storage/appservice: make appservice methods only relying on the cache ↵ | Patrik Oldsberg | 2016-10-06 | 1 | -1/+1 |
|/ / | | | | | | | synchronous | ||||
* / | Time out typing over federation | Erik Johnston | 2016-09-23 | 1 | -4/+1 |
|/ | |||||
* | More 0_0 in tests | Mark Haines | 2016-08-25 | 1 | -2/+2 |
| | |||||
* | Add `create_requester` function | Richard van der Hoff | 2016-07-26 | 1 | -8/+5 |
| | | | | | Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout | ||||
* | Implement deleting devices | Richard van der Hoff | 2016-07-26 | 1 | -4/+10 |
| | |||||
* | Register a device_id in the /v2/register flow. | Richard van der Hoff | 2016-07-20 | 1 | -3/+10 |
| | | | | | | | | | | This doesn't cover *all* of the registration flows, but it does cover the most common ones: in particular: shared_secret registration, appservice registration, and normal user/pass registration. Pull device_id from the registration parameters. Register the device in the devices table. Associate the device with the returned access and refresh tokens. Profit. | ||||
* | Further registration refactoring | Richard van der Hoff | 2016-07-19 | 1 | -1/+5 |
| | | | | | | | | | | | | | | * `RegistrationHandler.appservice_register` no longer issues an access token: instead it is left for the caller to do it. (There are two of these, one in `synapse/rest/client/v1/register.py`, which now simply calls `AuthHandler.issue_access_token`, and the other in `synapse/rest/client/v2_alpha/register.py`, which is covered below). * In `synapse/rest/client/v2_alpha/register.py`, move the generation of access_tokens into `_create_registration_details`. This means that the normal flow no longer needs to call `AuthHandler.issue_access_token`; the shared-secret flow can tell `RegistrationHandler.register` not to generate a token; and the appservice flow continues to work despite the above change. | ||||
* | rest/client/v2_alpha/register.py: Refactor flow somewhat. | Richard van der Hoff | 2016-07-19 | 1 | -1/+2 |
| | | | | | | | | | | | This is meant to be an *almost* non-functional change, with the exception that it fixes what looks a lot like a bug in that it only calls `auth_handler.add_threepid` and `add_pusher` once instead of three times. The idea is to move the generation of the `access_token` out of `registration_handler.register`, because `access_token`s now require a device_id, and we only want to generate a device_id once registration has been successful. | ||||
* | Split out the auth handler | David Baker | 2016-06-02 | 1 | -1/+1 |
| | |||||
* | Move typing handler out of the Handlers object | Mark Haines | 2016-05-17 | 1 | -1/+1 |
| | |||||
* | Create user with expiry | Negi Fazeli | 2016-05-13 | 1 | -0/+88 |
| | | | | | | - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> | ||||
* | Do checks for memberships before creating events | Erik Johnston | 2016-04-01 | 1 | -2/+2 |
| | |||||
* | Fix tests | David Baker | 2016-03-16 | 1 | -4/+5 |
| | |||||
* | Use parse_json_object_from_request to parse JSON out of request bodies | Mark Haines | 2016-03-11 | 1 | -2/+4 |
| | |||||
* | Flake8 fix | blide | 2016-03-10 | 1 | -6/+6 |
| | |||||
* | Register endpoint returns refresh_token | blide | 2016-03-10 | 1 | -12/+18 |
| | | | | Guest registration still doesn't return refresh_token | ||||
* | Fix tests | David Baker | 2016-03-07 | 3 | -20/+20 |
| | |||||
* | Fix unit tests | Mark Haines | 2016-03-04 | 1 | -2/+2 |
| | |||||
* | Pass whole requester to ratelimiting | Daniel Wagner-Hall | 2016-03-03 | 1 | -2/+2 |
| | | | | This will enable more detailed decisions | ||||
* | Fix flake8 warnings for tests | Mark Haines | 2016-02-19 | 8 | -170/+181 |
| | |||||
* | Remove old tests. | Erik Johnston | 2016-02-18 | 2 | -418/+0 |
| | |||||
* | Rename config field to reflect yaml name | Daniel Wagner-Hall | 2016-02-03 | 2 | -3/+3 |
| | |||||
* | Allow paginating backwards from stream token | Erik Johnston | 2016-01-28 | 1 | -8/+1 |
| | |||||
* | Merge pull request #535 from matrix-org/rav/paginate_from_stream_token | Richard van der Hoff | 2016-01-28 | 1 | -2/+14 |
|\ | | | | | Make it possible to paginate forwards from stream tokens | ||||
| * | Make it possible to paginate forwards from stream tokens | Richard van der Hoff | 2016-01-27 | 1 | -2/+14 |
| | | | | | | | | | | In order that we can fill the gap after a /sync, make it possible to paginate forwards from a stream token. | ||||
* | | Remove redundated BaseHomeServer | Erik Johnston | 2016-01-26 | 1 | -8/+10 |
|/ | |||||
* | Introduce a Requester object | Daniel Wagner-Hall | 2016-01-11 | 2 | -7/+5 |
| | | | | | | | | | This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up. | ||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 11 | -11/+11 |
| | |||||
* | Return non-room events from guest /events calls | Daniel Wagner-Hall | 2015-11-12 | 1 | -0/+3 |
| |