summary refs log tree commit diff
path: root/tests/rest (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move MSC3030 `/timestamp_to_event` endpoint to stable v1 location (#14471)Eric Eastwood2022-11-281-6/+1
| | | | | | | | Fix https://github.com/matrix-org/synapse/issues/14390 - Client API: `/_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` -> `/_matrix/client/v1/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>` - Federation API: `/_matrix/federation/unstable/org.matrix.msc3030/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` -> `/_matrix/federation/v1/timestamp_to_event/<roomID>?ts=<timestamp>&dir=<direction>` Complement test changes: https://github.com/matrix-org/complement/pull/559
* Implement message forward pagination from start when no from is given, fixes ↵Benjamin Kampmann2022-11-241-0/+40
| | | | | #12383 (#14149) Fixes https://github.com/matrix-org/synapse/issues/12383
* Add a type hint for `get_device_handler()` and fix incorrect types. (#14055)Patrick Cloke2022-11-221-1/+4
| | | | | This was the last untyped handler from the HomeServer object. Since it was being treated as Any (and thus unchecked) it was being used incorrectly in a few places.
* Batch fetch bundled references (#14508)Patrick Cloke2022-11-221-2/+2
| | | | | | | | | Avoid an n+1 query problem and fetch the bundled aggregations for m.reference relations in a single query instead of a query per event. This applies similar logic for as was previously done for edits in 8b309adb436c162510ed1402f33b8741d71fc058 (#11660; threads in b65acead428653b988351ae8d7b22127a22039cd (#11752); and annotations in 1799a54a545618782840a60950ef4b64da9ee24d (#14491).
* Batch fetch bundled annotations (#14491)Patrick Cloke2022-11-221-2/+2
| | | | | | | | Avoid an n+1 query problem and fetch the bundled aggregations for m.annotation relations in a single query instead of a query per event. This applies similar logic for as was previously done for edits in 8b309adb436c162510ed1402f33b8741d71fc058 (#11660) and threads in b65acead428653b988351ae8d7b22127a22039cd (#11752).
* Add an Admin API endpoint for looking up users based on 3PID (#14405)Ashish Kumar2022-11-111-13/+94
|
* Correctly create power level event during initial room creation (#14361)Shay2022-11-071-2/+2
|
* Fix /refresh endpoint version (#14364)Tulir Asokan2022-11-041-8/+8
|
* Implement MSC3912: Relation-based redactions (#14260)Brendan Abolivier2022-11-032-4/+306
| | | Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fix dehydrated device REST checks (#14336)David Robertson2022-10-311-0/+34
|
* Support OIDC backchannel logouts (#11414)Quentin Gliech2022-10-312-28/+417
| | | | | | | If configured an OIDC IdP can log a user's session out of Synapse when they log out of the identity provider. The IdP sends a request directly to Synapse (and must be configured with an endpoint) when a user logs out.
* Merge branch 'master' into developOlivier Wilkinson (reivilibre)2022-10-281-3/+51
|\
| * Fix room creation being rate limited too aggressively since Synapse v1.69.0. ↵reivilibre2022-10-281-3/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14314) * Introduce a test for the old behaviour which we want to restore * Reintroduce the old behaviour in a simpler way * Newsfile Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org> * Use 1 credit instead of 2 for creating a room: be more lenient than before Notably, the UI in Element Web was still broken after restoring to prior behaviour. After discussion, we agreed that it would be sensible to increase the limit. Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
* | Merge branch 'release-v1.70' into developOlivier Wilkinson (reivilibre)2022-10-251-33/+77
|\|
| * Properly update the threads table when thread events are redacted. (#14248)Patrick Cloke2022-10-211-33/+77
| | | | | | | | | | | | | | | | | | When the last event in a thread is redacted we need to update the threads table: * Find the new latest event in the thread and store it into the table; or * Remove the thread from the table if it is no longer a thread (i.e. all events in the thread were redacted).
* | Refactor OIDC tests to better mimic an actual OIDC provider. (#13910)Quentin Gliech2022-10-253-88/+120
| | | | | | | | | | | | | | | | | | This implements a fake OIDC server, which intercepts calls to the HTTP client. Improves accuracy of tests by covering more internal methods. One particular example was the ID token validation, which previously mocked. This uncovered an incorrect dependency: Synapse actually requires at least authlib 0.15.1, not 0.14.0.
* | Show erasure status when listing users in the Admin API (#14205)Tadeusz Sośnierz2022-10-211-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Show erasure status when listing users in the Admin API * Use USING when joining erased_users * Add changelog entry * Revert "Use USING when joining erased_users" This reverts commit 30bd2bf106415caadcfdbdd1b234ef2b106cc394. * Make the erased check work on postgres * Add a testcase for showing erased user status * Appease the style linter * Explicitly convert `erased` to bool to make SQLite consistent with Postgres This also adds us an easy way in to fix the other accidentally integered columns. * Move erasure status test to UsersListTestCase * Include user erased status when fetching user info via the admin API * Document the erase status in user_admin_api * Appease the linter and mypy * Signpost comments in tests Co-authored-by: Tadeusz Sośnierz <tadeusz@sosnierz.com> Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* | Use servlets for /key/ endpoints. (#14229)Patrick Cloke2022-10-201-2/+2
|/ | | | | To fix the response for unknown endpoints under that prefix. See MSC3743.
* Fix MSC3030 `/timestamp_to_event` returning `outliers` that it has no idea ↵Eric Eastwood2022-10-181-0/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | whether are near a gap or not (#14215) Fix MSC3030 `/timestamp_to_event` endpoint returning `outliers` that it has no idea whether are near a gap or not (and therefore unable to determine whether it's actually the closest event). The reason Synapse doesn't know whether an `outlier` is next to a gap is because our gap checks rely on entries in the `event_edges`, `event_forward_extremeties`, and `event_backward_extremities` tables which is [not the case for `outliers`](https://github.com/matrix-org/synapse/blob/2c63cdcc3f1aa4625e947de3c23e0a8133c61286/docs/development/room-dag-concepts.md#outliers). Also fixes MSC3030 Complement `can_paginate_after_getting_remote_event_from_timestamp_to_event_endpoint` test flake. Although this acted flakey in Complement, if `sync_partial_state` raced and beat us before `/timestamp_to_event`, then even if we retried the failing `/context` request it wouldn't work until we made this Synapse change. With this PR, Synapse will never return an `outlier` event so that test will always go and ask over federation. Fix https://github.com/matrix-org/synapse/issues/13944 ### Why did this fail before? Why was it flakey? Sleuthing the server logs on the [CI failure](https://github.com/matrix-org/synapse/actions/runs/3149623842/jobs/5121449357#step:5:5805), it looks like `hs2:/timestamp_to_event` found `$NP6-oU7mIFVyhtKfGvfrEQX949hQX-T-gvuauG6eurU` as an `outlier` event locally. Then when we went and asked for it via `/context`, since it's an `outlier`, it was filtered out of the results -> `You don't have permission to access that event.` This is reproducible when `sync_partial_state` races and persists `$NP6-oU7mIFVyhtKfGvfrEQX949hQX-T-gvuauG6eurU` as an `outlier` before we evaluate `get_event_for_timestamp(...)`. To consistently reproduce locally, just add a delay at the [start of `get_event_for_timestamp(...)`](https://github.com/matrix-org/synapse/blob/cb20b885cb4bd1648581dd043a184d86fc8c7a00/synapse/handlers/room.py#L1470-L1496) so it always runs after `sync_partial_state` completes. ```py from twisted.internet import task as twisted_task d = twisted_task.deferLater(self.hs.get_reactor(), 3.5) await d ``` In a run where it passes, on `hs2`, `get_event_for_timestamp(...)` finds a different event locally which is next to a gap and we request from a closer one from `hs1` which gets backfilled. And since the backfilled event is not an `outlier`, it's returned as expected during `/context`. With this PR, Synapse will never return an `outlier` event so that test will always go and ask over federation.
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-181-0/+45
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Support filtering the /messages API by relation type (MSC3874). (#14148)Patrick Cloke2022-10-172-138/+8
| | | Gated behind an experimental configuration flag.
* Do not allow a None-limit on PaginationConfig. (#14146)Patrick Cloke2022-10-141-1/+2
| | | | | | | The callers either set a default limit or manually handle a None-limit later on (by setting a default value). Update the callers to always instantiate PaginationConfig with a default limit and then assume the limit is non-None.
* Stabilize the threads API. (#14175)Patrick Cloke2022-10-141-18/+29
| | | | | | | Stabilize the threads API (MSC3856) by supporting (only) the v1 path for the endpoint. This also marks the API as safe for workers since it is a read-only API.
* Add an API for listing threads in a room. (#13394)Patrick Cloke2022-10-131-0/+151
| | | | | | | | | Implement the /threads endpoint from MSC3856. This is currently unstable and behind an experimental configuration flag. It includes a background update to backfill data, results from the /threads endpoint will be partial until that finishes.
* Be more lenient in the oEmbed response parsing. (#14089)Patrick Cloke2022-10-071-1/+102
| | | | | | Attempt to parse any valid information from an oEmbed response (instead of bailing at the first unexpected data). This should allow for more partial oEmbed data to be returned, resulting in better / more URL previews, even if those URL previews are only partial.
* Fix handling of public rooms filter with a network tuple. (#14053)Patrick Cloke2022-10-051-10/+31
| | | | | | | | Fixes two related bugs: * The handling of `[null]` for a `room_types` filter was incorrect. * The ordering of arguments when providing both a network tuple and room type field was incorrect.
* Do not return unspecced original_event field when using the stable ↵Patrick Cloke2022-10-031-5/+8
| | | | | | | | | | /relations endpoint. (#14025) Keep the old behavior (of including the original_event field) for any requests to the /unstable version of the endpoint, but do not include the field when the /v1 version is used. This should avoid new clients from depending on this field, but will not help with current dependencies.
* Add query parameter `ts` to allow appservices set the `origin_server_ts` for ↵lukasdenk2022-10-031-2/+117
| | | | | | | state events. (#11866) MSC3316 declares that both /rooms/{roomId}/send and /rooms/{roomId}/state should accept a ts parameter for appservices. This change expands support to /state and adds tests.
* Skip filtering during push if there are no push actions (#13992)Erik Johnston2022-09-301-2/+2
|
* Allow admins to require a manual approval process before new accounts can be ↵Brendan Abolivier2022-09-295-7/+297
| | | | used (using MSC3866) (#13556)
* Expose MSC3882 only be under an unstable endpoint. (#13868)Hugh Nimmo-Smith2022-09-291-7/+9
|
* Prepatory work for batching events to send (#13487)Shay2022-09-281-2/+2
| | | This PR begins work on batching up events during the creation of a room. The PR splits out the creation and sending/persisting of the events. The first three events in the creation of the room-creating the room, joining the creator to the room, and the power levels event are sent sequentially, while the subsequent events are created and collected to be sent at the end of the function. This is currently done by appending them to a list and then iterating over the list to send, the next step (after this PR) would be to send and persist the collected events as a batch.
* Support the stable dir parameter for /relations. (#13920)Patrick Cloke2022-09-271-4/+2
| | | | | | | Since MSC3715 has passed FCP, the stable parameter can be used. This currently falls back to the unstable parameter if the stable parameter is not provided (and MSC3715 support is enabled in the configuration).
* Properly paginate forward in the /relations API. (#13840)Patrick Cloke2022-09-221-1/+28
| | | | | This fixes a bug where the `/relations` API with `dir=f` would skip the first item of each page (except the first page), causing incomplete data to be returned to the client.
* Implementation of MSC3882 login token request (#13722)Hugh Nimmo-Smith2022-09-211-0/+132
|
* Support enabling/disabling pushers (from MSC3881) (#13799)Brendan Abolivier2022-09-211-1/+1
| | | Partial implementation of MSC3881
* Add an admin API endpoint to find a user based on its external ID in an auth ↵Quentin Gliech2022-09-161-0/+87
| | | | provider. (#13810)
* A third batch of Pydantic validation for rest/client/account.py (#13736)David Robertson2022-09-151-3/+26
|
* Add a `MXCUri` class to make working with mxc uri's easier. (#13162)Andrew Morgan2022-09-151-64/+38
|
* Add timestamp to user's consent (#13741)Dirk Klimpel2022-09-081-0/+1
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Cancel the processing of key query requests when they time out. (#13680)reivilibre2022-09-071-0/+29
|
* Add Admin API to Fetch Messages Within a Particular Window (#13672)Connor Davis2022-09-071-1/+157
| | | This adds two new admin APIs that allow us to fetch messages from a room within a particular time.
* Remove support for unstable private read receipts (#13653)Šimon Brandner2022-09-011-26/+11
| | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Drop support for calling `/_matrix/client/v3/rooms/{roomId}/invite` without ↵Jacek Kuśnierz2022-08-313-3/+25
| | | | | | | an `id_access_token` (#13241) Fixes #13206 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
* Fix admin List Room API return type on sqlite (#13509)David Robertson2022-08-311-5/+14
|
* Directly lookup local membership instead of getting all members in a room ↵Eric Eastwood2022-08-241-6/+6
| | | | | first (`get_users_in_room` mis-use) (#13608) See https://github.com/matrix-org/synapse/pull/13575#discussion_r953023755
* Drop support for delegating email validation, round 2 (#13596)David Robertson2022-08-231-1/+1
|
* Fix that sending server notices fail if avatar is `None` (#13566)Dirk Klimpel2022-08-231-0/+56
| | | Indroduced in #11846.
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-222-5/+5
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Implement MSC3852: Expose `last_seen_user_agent` to users for their own ↵Andrew Morgan2022-08-191-1/+91
| | | | devices; also expose to Admin API (#13549)
* Fix a bug in the `/event_reports` Admin API which meant that the total count ↵reivilibre2022-08-171-0/+27
| | | | | could be larger than the number of results you can actually query for. (#13525) Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Add forgotten status to Room Details API (#13503)Dirk Klimpel2022-08-171-0/+1
|
* Use Pydantic to systematically validate a first batch of endpoints in ↵David Robertson2022-08-152-5/+58
| | | | `synapse.rest.client.account`. (#13188)
* Use literals in place of `HTTPStatus` constants in tests (#13488)Dirk Klimpel2022-08-1011-447/+176
| | | | | | | | | * Use literals in place of `HTTPStatus` constants in tests * newsfile * code style * code style
* Use literals in place of `HTTPStatus` constants in tests (#13479)Dirk Klimpel2022-08-0911-141/+140
| | | | | | | | | | Replace - `HTTPStatus.NOT_FOUND` - `HTTPStatus.FORBIDDEN` - `HTTPStatus.UNAUTHORIZED` - `HTTPStatus.CONFLICT` - `HTTPStatus.CREATED` Signed-off-by: Dirk Klimpel <dirk@klimpel.org>
* Use literals in place of `HTTPStatus` constants in tests (#13469)Dirk Klimpel2022-08-0812-331/+328
|
* Support stable identifiers for MSC2285: private read receipts. (#13273)Šimon Brandner2022-08-051-19/+39
| | | | | This adds support for the stable identifiers of MSC2285 while continuing to support the unstable identifiers behind the configuration flag. These will be removed in a future version.
* Use literals in place of `HTTPStatus` constants in tests (#13463)Dirk Klimpel2022-08-059-162/+147
|
* Fix rooms not being properly excluded from incremental sync (#13408)Brendan Abolivier2022-08-041-0/+21
|
* Return 404 or member list when getting joined_members after leaving (#13374)andrew do2022-08-031-0/+15
| | | | | | Signed-off-by: Andrew Doh <andrewddo@gmail.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <andrewm@element.io> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Merge tag 'v1.64.0rc2' into developRichard van der Hoff2022-07-291-1/+1
|\ | | | | | | | | | | | | Synapse 1.64.0rc2 (2022-07-29) ============================== This RC reintroduces support for `account_threepid_delegates.email`, which was removed in 1.64.0rc1. It remains deprecated and will be removed altogether in a future release. ([\#13406](https://github.com/matrix-org/synapse/issues/13406))
| * Revert "Drop support for delegating email validation (#13192)" (#13406)3nprob2022-07-291-1/+1
| | | | | | | | | | Reverts commit fa71bb18b527d1a3e2629b48640ea67fff2f8c59, and tweaks documentation. Signed-off-by: 3nprob <git@3n.anonaddy.com>
* | Use stable prefixes for MSC3827: filtering of `/publicRooms` by room type ↵Šimon Brandner2022-07-271-3/+2
| | | | | | | | | | | | (#13370) Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* | Add missing type hints for tests.unittest. (#13397)Patrick Cloke2022-07-272-3/+5
| |
* | Implement MSC3848: Introduce errcodes for specific event sending failures ↵Will Hunt2022-07-271-2/+3
| | | | | | | | | | (#13343) Implements MSC3848
* | Make minor clarifications to the error messages given when we fail to join a ↵reivilibre2022-07-271-1/+4
|/ | | | room via any server. (#13160)
* Rate limit joins per-room (#13276)David Robertson2022-07-191-2/+2
|
* Update expected DB query count when creating a room (#13307)Andrew Morgan2022-07-181-2/+2
|
* Remove unnecessary `json.dumps` from tests (#13303)Dirk Klimpel2022-07-1710-159/+113
|
* Use HTTPStatus constants in place of literals in tests. (#13297)Dirk Klimpel2022-07-154-209/+274
|
* Provide more info why we don't have any thumbnails to serve (#13038)Eric Eastwood2022-07-151-8/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix https://github.com/matrix-org/synapse/issues/13016 ## New error code and status ### Before Previously, we returned a `404` for `/thumbnail` which isn't even in the spec. ```json { "errcode": "M_NOT_FOUND", "error": "Not found [b'hs1', b'tefQeZhmVxoiBfuFQUKRzJxc']" } ``` ### After What does the spec say? > 400: The request does not make sense to the server, or the server cannot thumbnail the content. For example, the client requested non-integer dimensions or asked for negatively-sized images. > > *-- https://spec.matrix.org/v1.1/client-server-api/#get_matrixmediav3thumbnailservernamemediaid* Now with this PR, we respond with a `400` when we don't have thumbnails to serve and we explain why we might not have any thumbnails. ```json { "errcode": "M_UNKNOWN", "error": "Cannot find any thumbnails for the requested media ([b'example.com', b'12345']). This might mean the media is not a supported_media_format=(image/jpeg, image/jpg, image/webp, image/gif, image/png) or that thumbnailing failed for some other reason. (Dynamic thumbnails are disabled on this server.)", } ``` > Cannot find any thumbnails for the requested media ([b'example.com', b'12345']). This might mean the media is not a supported_media_format=(image/jpeg, image/jpg, image/webp, image/gif, image/png) or that thumbnailing failed for some other reason. (Dynamic thumbnails are disabled on this server.) --- We still respond with a 404 in many other places. But we can iterate on those later and maybe keep some in some specific places after spec updates/clarification: https://github.com/matrix-org/matrix-spec/issues/1122 We can also iterate on the bugs where Synapse doesn't thumbnail when it should in other issues/PRs.
* Don't pull out the full state when storing state (#13274)Erik Johnston2022-07-151-2/+2
|
* Rip out auth-event reconciliation code (#12943)Richard van der Hoff2022-07-141-9/+2
| | | | | | | There is a corner in `_check_event_auth` (long known as "the weird corner") where, if we get an event with auth_events which don't match those we were expecting, we attempt to resolve the diffence between our state and the remote's with a state resolution. This isn't specced, and there's general agreement we shouldn't be doing it. However, it turns out that the faster-joins code was relying on it, so we need to introduce something similar (but rather simpler) for that.
* Optimise room creation event lookups part 2 (#13224)Nick Mills-Barrett2022-07-131-4/+4
|
* Fix "add user" admin api error when request contains a "msisdn" threepid ↵Thomas Weston2022-07-131-0/+35
| | | | | | (#13263) Co-authored-by: Thomas Weston <thomas.weston@clearspancloud.com> Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* Drop support for delegating email validation (#13192)Richard van der Hoff2022-07-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop support for delegating email validation Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been deprecated. It will now cause a config error at startup. * Update unit test which checks for email verification Give it an `email` config instead of a threepid delegate * Remove unused method `requestEmailToken` * Simplify config handling for email verification Rather than an enum and a boolean, all we need here is a single bool, which says whether we are or are not doing email verification. * update docs * changelog * upgrade.md: fix typo * update version number this will be in 1.64, not 1.63 * update version number this one too
* expose whether a room is a space in the Admin API (#13208)andrew do2022-07-121-3/+10
|
* Don't pull out the full state when calculating push actions (#13078)Erik Johnston2022-07-111-2/+2
|
* Reduce event lookups during room creation by passing known event IDs (#13210)Nick Mills-Barrett2022-07-111-0/+15
| | | | | | | | Inspired by the room batch handler, this uses previous event inserts to pre-populate prev events during room creation, reducing the number of queries required to create a room. Signed off by Nick @ Beeper (@Fizzadar)
* Uniformize spam-checker API, part 5: expand other spam-checker callbacks to ↵David Teller2022-07-113-10/+249
| | | | | | return `Tuple[Codes, dict]` (#13044) Signed-off-by: David Teller <davidt@element.io> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* annotate tests.server.FakeChannel (#13136)David Robertson2022-07-045-9/+14
|
* Implement MSC3827: Filtering of `/publicRooms` by room type (#13031)Šimon Brandner2022-06-291-3/+89
| | | | Signed-off-by: Šimon Brandner <simon.bra.ag@gmail.com>
* Merge branch 'master' into developAndrew Morgan2022-06-281-0/+17
|\
| * Merge pull request from GHSA-22p3-qrh9-cx32reivilibre2022-06-281-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Make _iterate_over_text easier to read by using simple data structures * Prefer a set of tags to ignore In my tests, it's 4x faster to check for containment in a set of this size * Add a stack size limit to _iterate_over_text * Continue accepting the case where there is no body element * Use an early return instead for None Co-authored-by: Richard van der Hoff <richard@matrix.org>
* | Add Cross-Origin-Resource-Policy header to thumbnail and download media ↵Robert Long2022-06-271-0/+20
| | | | | | | | endpoints (#12944)
* | validate room alias before interacting with the room directory (#13106)santhoshivan232022-06-221-0/+13
| |
* | Simplify the alias deletion logic as an application service. (#13093)Quentin Gliech2022-06-171-0/+34
| |
* | Improve URL previews for sites with only Twitter card information. (#13056)Patrick Cloke2022-06-161-0/+41
| | | | | | | | | | | | Pull out `twitter:` meta tags when generating a preview and use it to augment any `og:` meta tags. Prefers Open Graph information over Twitter card information.
* | Add custom well-known (#13035)Jacek Kuśnierz2022-06-161-0/+22
| | | | | | Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* | Add more tests for room upgrades (#13074)Sean Quah2022-06-151-5/+78
| | | | | | | | Signed-off-by: Sean Quah <seanq@element.io>
* | Replace pyjwt with authlib in `org.matrix.login.jwt` (#13011)Hannes Lerchl2022-06-151-21/+23
| |
* | Fix `destination_is` errors seen in sentry. (#13041)David Robertson2022-06-141-0/+8
| | | | | | | | | | | | * Rename test_fedclient to match its source file * Require at least one destination to be truthy * Explicitly validate user ID in profile endpoint GETs Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* | Uniformize spam-checker API, part 4: port other spam-checker callbacks to ↵David Teller2022-06-131-5/+170
| | | | | | | | | | return `Union[Allow, Codes]`. (#12857) Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* | Move the (unstable) `dir` parameter for /relations behind an experimental ↵Patrick Cloke2022-06-081-0/+1
| | | | | | | | | | | | flag. (#12984) MSC3715 defines this parameter, but the unstable version of it should be behind an experimental flag.
* | Test cancellation at every `await` during request handling (#12674)Sean Quah2022-06-071-0/+100
|/ | | | | | * Add tests for `/rooms/<room_id>/members` cancellation. * Add tests for `/rooms/<room_id>/state` cancellation. Signed-off-by: Sean Quah <seanq@element.io>
* Prevent local quarantined media from being claimed by media retention (#12972)Andrew Morgan2022-06-071-13/+96
|
* Remove remaining pieces of groups code. (#12966)Patrick Cloke2022-06-061-2/+0
| | | | | * Remove an unused stream ID generator. * Remove the now unused remote profile cache.
* Do not break URL previews if an image is unreachable. (#12950)Patrick Cloke2022-06-061-0/+35
| | | | Avoid breaking a URL preview completely if the chosen image 404s or is unreachable for some other reason (e.g. DNS).
* Implement MSC3816, consider the root event for thread participation. (#12766)Patrick Cloke2022-06-061-26/+59
| | | | As opposed to only considering a user to have "participated" if they replied to the thread.
* Improve URL previews for some pages (#12951)Patrick Cloke2022-06-031-1/+36
| | | | | * Skip `og` and `meta` tags where the value is empty. * Fallback to the favicon if there are no other images. * Ignore tags meant for navigation.
* Wait for lazy join to complete when getting current state (#12872)Erik Johnston2022-06-011-2/+6
|
* Remove remaining bits of groups code. (#12936)Patrick Cloke2022-06-014-6/+0
| | | | | | * Update worker docs to remove group endpoints. * Removes an unused parameter to `ApplicationService`. * Break dependency between media repo and groups. * Avoid copying `m.room.related_groups` state events during room upgrades.
* Add config options for media retention (#12732)Andrew Morgan2022-05-311-0/+238
|
* Rename storage classes (#12913)Erik Johnston2022-05-313-6/+8
|
* Fix invite notifications for users without pushers (#12840)DeepBlueV7.X2022-05-301-0/+91
| | | | Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de> Co-authored-by: Brendan Abolivier <github@brendanabolivier.com>
* Mutual rooms: Remove dependency on user directory (#12836)Jonathan de Jong2022-05-301-2/+0
|
* Add a background job to automatically delete stale devices (#12855)Brendan Abolivier2022-05-271-0/+43
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Additional constants for EDU types. (#12884)Patrick Cloke2022-05-276-8/+13
| | | Instead of hard-coding strings in many places.
* Merge tag 'v1.60.0rc2' into developSean Quah2022-05-271-0/+41
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.60.0rc2 (2022-05-27) ============================== This release of Synapse adds a unique index to the `state_group_edges` table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. Additionally, the signature of the `check_event_for_spam` module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible. See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1600) for more details. Features -------- - Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. ([\#12883](https://github.com/matrix-org/synapse/issues/12883)) Bugfixes -------- - Explicitly close `ijson` coroutines once we are done with them, instead of leaving the garbage collector to close them. ([\#12875](https://github.com/matrix-org/synapse/issues/12875)) Internal Changes ---------------- - Improve URL previews by not including the content of media tags in the generated description. ([\#12887](https://github.com/matrix-org/synapse/issues/12887))
| * Add an option allowing users to use their password to reauthenticate even ↵reivilibre2022-05-271-0/+41
| | | | | | | | though password authentication is disabled. (#12883)
* | Remove user-visible groups/communities code (#12553)Patrick Cloke2022-05-252-145/+1
|/ | | | | | | | | Makes it so that groups/communities no longer exist from a user-POV. E.g. we remove: * All API endpoints (including Client-Server, Server-Server, and admin). * Documented configuration options (and the experimental flag, which is now unused). * Special handling during room upgrades. * The `groups` section of the `/sync` response.
* Prevent expired events from being filtered out when retention is disabled ↵Brendan Abolivier2022-05-232-8/+35
| | | | | | (#12611) Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Add a unit test for copying over arbitrary room types when upgrading a room ↵Andrew Morgan2022-05-191-1/+31
| | | | (#12792)
* Delete events from federation_inbound_events_staging table on purge (#12770)Mathieu Velten2022-05-171-0/+1
|
* Consolidate logic for parsing relations. (#12693)Patrick Cloke2022-05-161-2/+6
| | | | | | | | | | | | | Parse the `m.relates_to` event content field (which describes relations) in a single place, this is used during: * Event persistence. * Validation of the Client-Server API. * Fetching bundled aggregations. * Processing of push rules. Each of these separately implement the logic and each made slightly different assumptions about what was valid. Some had minor / potential bugs.
* SpamChecker metrics (#12513)Jess Porter2022-05-131-2/+4
| | | | | | | | | * add Measure blocks all over SpamChecker Signed-off-by: jesopo <github@lolnerd.net> * fix test_spam_checker_may_join_room and test_threepid_invite_spamcheck * better changelog entry
* add default_power_level_content_override config option. (#12618)Andy Balaam2022-05-121-0/+258
| | | Co-authored-by: Matthew Hodgson <matthew@matrix.org>
* No longer permit empty body when sending receipts (#12709)David Robertson2022-05-111-26/+4
|
* Convert stringy power levels to integers on room upgrade (#12657)David Robertson2022-05-071-0/+44
|
* Use `private` instead of `hidden` in MSC2285 related code. (#12635)Šimon Brandner2022-05-051-2/+2
|
* Edits/annotations should not have any bundled aggregations calculated. (#12633)Patrick Cloke2022-05-051-0/+31
| | | | | | Fixes a regression from 8b309adb436c162510ed1402f33b8741d71fc058 (#11660) and b65acead428653b988351ae8d7b22127a22039cd (#11752) where events which themselves were an edit or an annotation could have bundled aggregations calculated, which is not allowed.
* Implement changes to MSC2285 (hidden read receipts) (#12168)Šimon Brandner2022-05-041-17/+144
| | | | | * Changes hidden read receipts to be a separate receipt type (instead of a field on `m.read`). * Updates the `/receipts` endpoint to accept `m.fully_read`.
* Remove unstable/unspecced login types. (#12597)Patrick Cloke2022-05-041-3/+1
| | | | | | * `m.login.jwt`, which was never specced and has been deprecated since Synapse 1.16.0. (`org.matrix.login.jwt` can be used instead.) * `uk.half-shot.msc2778.login.application_service`, which was stabilized as part of the Matrix spec v1.2 release.
* Include bundled aggregations for the latest event in a thread. (#12273)Patrick Cloke2022-05-041-1/+107
| | | | | | The `latest_event` field of the bundled aggregations for `m.thread` relations did not include bundled aggregations itself. This resulted in clients needing to immediately request the event from the server (and thus making it useless that the latest event itself was serialized instead of just including an event ID).
* Remove unstable identifiers for MSC3069. (#12596)Patrick Cloke2022-05-031-6/+0
|
* Use constants for receipt types in tests. (#12582)Šimon Brandner2022-04-281-1/+2
|
* Prefer `make_awaitable` over `defer.succeed` in tests (#12505)Sean Quah2022-04-273-10/+8
| | | | | | | | | | | When configuring the return values of mocks, prefer awaitables from `make_awaitable` over `defer.succeed`. `Deferred`s are only awaitable once, so it is inappropriate for a mock to return the same `Deferred` multiple times. Also update `run_in_background` to support functions that return arbitrary awaitables. Signed-off-by: Sean Quah <seanq@element.io>
* Misc. clean-ups to the relations code (#12519)Patrick Cloke2022-04-251-40/+34
| | | | | * Corrects some typos / copy & paste errors in tests. * Clarifies docstrings. * Removes an unnecessary method.
* Remove unnecessary config overrides for MSC3666. (#12511)Patrick Cloke2022-04-201-4/+0
|
* Fix `/room/.../event/...` to return the *original* event after any edits ↵Richard van der Hoff2022-04-191-30/+62
| | | | | | (#12476) This is what the MSC (now) requires. Fixes https://github.com/matrix-org/synapse/issues/10310.
* Limit `device_id` size to 512B (#12454)Shay2022-04-131-1/+26
| | | *
* Fix missing sync events during historical batch imports (#12319)Nick Mills-Barrett2022-04-131-2/+123
| | | | | | | | Discovered after much in-depth investigation in #12281. Closes: #12281 Closes: #3305 Signed off by: Nick Mills-Barrett nick@beeper.com
* Disable groups/communities by default. (#12344)Patrick Cloke2022-04-121-0/+1
| | | | This disables the endpoints (and sync response fields) for groups/communities by default.
* Do not consider events by ignored users for bundled aggregations (#12235)Patrick Cloke2022-04-111-5/+68
| | | | | | | Consider the requester's ignored users when calculating the bundled aggregations. See #12285 / 4df10d32148ae29f792afc68ff774bcbd1915cea for corresponding changes for the `/relations` endpoint.
* Update the server notices user profile in room if changed. (#12115)Jorge Florian2022-04-081-0/+92
|
* Support the v1 endpoint for `/relations`. (#12403)Patrick Cloke2022-04-071-11/+11
| | | | Now that MSC2675 has passed FCP and the implementation is compliant with the final version.
* Add type hints for `tests/unittest.py`. (#12347)Richard van der Hoff2022-04-012-6/+17
| | | In particular, add type hints for get_success and friends, which are then helpful in a bunch of places.
* Remove redundant `get_success` calls in test code (#12346)Richard van der Hoff2022-04-012-10/+4
| | | There are a bunch of places we call get_success on an immediate value, which is unnecessary. Let's rip them out, and remove the redundant functionality in get_success and friends.
* Default to `private` room visibility rather than `public` when a client does ↵reivilibre2022-04-011-4/+7
| | | | not specify one, according to spec. (#12350)
* Move single-use methods out of `TestCase` (#12348)Richard van der Hoff2022-04-011-0/+11
| | | | These methods are only used by a single testcase, so they shouldn't be cluttering up the base `TestCase` class.
* Add a module callback to react to account data changes (#12327)Brendan Abolivier2022-04-011-0/+75
| | | | Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Move MSC2654 support behind an experimental configuration flag. (#12295)Patrick Cloke2022-03-311-0/+5
| | | To match the current thinking on disabling experimental features by default.
* Add a callback to react to 3PID associations (#12302)Brendan Abolivier2022-03-311-0/+41
|
* Ensure the type of URL attributes is always str when matching against ↵Brendan Abolivier2022-03-311-2/+41
| | | | preview blacklist (#12333)
* Remove the unused and unstable `/aggregations` endpoint. (#12293)Patrick Cloke2022-03-301-207/+0
| | | | | | | | | This endpoint was removed from MSC2675 before it was approved. It is currently unspecified (even in any MSCs) and therefore subject to removal. It is not implemented by any known clients. This also changes the bundled aggregation format for `m.annotation`, which previously included pagination tokens for the `/aggregations` endpoint, which are no longer useful.
* Remove references to "msc2403" (#12165)Andrew Morgan2022-03-301-1/+0
|
* Add a configuration to exclude rooms from sync response (#12310)Brendan Abolivier2022-03-301-0/+62
|
* Fix typechecker problems exposed by signedjson 1.1.2 (#12326)David Robertson2022-03-291-5/+11
|
* Always allow the empty string as an avatar_url. (#12261)David Robertson2022-03-251-0/+19
| | | | | Hopefully this fixes #12257. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Do not consider events by ignored users for relations (#12285)Patrick Cloke2022-03-241-1/+79
| | | | Filter the events returned from `/relations` for the requester's ignored users in a similar way to `/messages` (and `/sync`).
* Optionally include account validity in MSC3720 account status responses (#12266)Brendan Abolivier2022-03-241-1/+57
|
* Rename shared_rooms to mutual_rooms (#12036)Jonathan de Jong2022-03-231-15/+15
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Only fetch thread participation for events with threads. (#12228)Patrick Cloke2022-03-181-238/+271
| | | | | | | | | We fetch the thread summary in two phases: 1. The summary that is shared by all users (count of messages and latest event). 2. Whether the requesting user has participated in the thread. There's no use in attempting step 2 for events which did not return a summary from step 1.
* Merge branch 'release-v1.55' into developPatrick Cloke2022-03-161-0/+28
|\
| * Fix bundling aggregations if unsigned is not a returned event field. (#12234)Patrick Cloke2022-03-161-0/+28
| | | | | | | | | | | | | | An error occured if a filter was supplied with `event_fields` which did not include `unsigned`. In that case, bundled aggregations are still added as the spec states it is allowed for servers to add additional fields.
* | Refactor relations tests (#12232)Patrick Cloke2022-03-161-406/+363
| | | | | | | | | | * Moves the relation pagination tests to a separate class. * Move the assertion of the response code into the `_send_relation` helper. * Moves some helpers into the base-class.
* | Clean-up logic for rebasing URLs during URL preview. (#12219)Patrick Cloke2022-03-161-43/+11
|/ | | | By using urljoin from the standard library and reducing the number of places URLs are rebased.
* Add config settings for background update parameters (#11980)Shay2022-03-111-4/+5
|
* Add type hints to `tests/rest`. (#12208)Dirk Klimpel2022-03-113-84/+128
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Retention test: avoid relying on state at purged events (#12202)Richard van der Hoff2022-03-111-12/+17
| | | | This test was relying on poking events which weren't in the database into filter_events_for_client.
* Support stable identifiers for MSC3440: Threading (#12151)Patrick Cloke2022-03-102-16/+9
| | | | The unstable identifiers are still supported if the experimental configuration flag is enabled. The unstable identifiers will be removed in a future release.
* Allow retrieving the relations of a redacted event. (#12130)Patrick Cloke2022-03-101-5/+40
| | | | | | | | | This is allowed per MSC2675, although the original implementation did not allow for it and would return an empty chunk / not bundle aggregations. The main thing to improve is that the various caches get cleared properly when an event is redacted, and that edits must not leak if the original event is redacted (as that would presumably leak something similar to the original event content).
* Add third_party module callbacks to check if a user can delete a room and ↵Will Hunt2022-03-091-0/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | deactivate a user (#12028) * Add check_can_deactivate_user * Add check_can_shutdown_rooms * Documentation * callbacks, not functions * Various suggested tweaks * Add tests for test_check_can_shutdown_room and test_check_can_deactivate_user * Update check_can_deactivate_user to not take a Requester * Fix check_can_shutdown_room docs * Renegade and use `by_admin` instead of `admin_user_id` * fix lint * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> * Update docs/modules/third_party_rules_callbacks.md Co-authored-by: Brendan Abolivier <babolivier@matrix.org> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Fix a bug in background updates wherein background updates are never run ↵Shay2022-03-071-10/+8
| | | | using the default batch size (#12157)
* Invalidate caches when an event with a relation is redacted. (#12121)Patrick Cloke2022-03-071-42/+165
| | | | | The caches for the target of the relation must be cleared so that the bundled aggregations are re-calculated after the redaction is processed.
* Remove backwards compatibility with RelationPaginationToken. (#12138)Patrick Cloke2022-03-041-72/+1
|
* Add type hints to `tests/rest` (#12146)Dirk Klimpel2022-03-037-86/+102
| | | | | | | * Add type hints to `tests/rest` * newsfile * change import from `SigningKey`
* Use the proper serialization format when bundling aggregations. (#12090)Patrick Cloke2022-03-031-2/+0
| | | | This ensures that the `latest_event` field of the bundled aggregation for threads uses the same format as the other events in the response.
* Remove unused mocks from `test_typing` (#12136)David Robertson2022-03-021-31/+1
| | | | | | | | | | | * Remove unused mocks from `test_typing` It's not clear what these do. `get_user_by_access_token` has the wrong signature, including the return type. Tests all pass without these. I think we should nuke them. * Changelog * Fixup imports
* Add type hints to `tests/rest/client` (#12108)Dirk Klimpel2022-03-027-346/+422
| | | | | | | | | | | | | | | | | | | | | | | * Add type hints to `tests/rest/client` * newsfile * fix imports * add `test_account.py` * Remove one type hint in `test_report_event.py` * change `on_create_room` to `async` * update new functions in `test_third_party_rules.py` * Add `test_filter.py` * add `test_rooms.py` * change to `assertEquals` to `assertEqual` * lint
* Improve and refactor the tests for relations. (#12113)Patrick Cloke2022-03-021-208/+178
| | | | | | * Modernizes code (f-strings, etc.) * Fixes incorrect comments. * Splits the test case into two. * Factors out some duplicated code.
* Add module callbacks called for reacting to deactivation status change and ↵Brendan Abolivier2022-03-011-2/+217
| | | | profile update (#12062)
* Add type hints to `tests/rest/client` (#12094)Dirk Klimpel2022-02-283-61/+71
| | | | | | | | | * Add type hints to `tests/rest/client` * update `mypy.ini` * newsfile * add `test_register.py`
* Add type hints to `tests/rest/client` (#12084)Dirk Klimpel2022-02-2810-136/+196
|
* Replace assertEquals and friends with non-deprecated versions. (#12092)Patrick Cloke2022-02-2817-434/+432
|
* Add type hints to `tests/rest/client` (#12072)Dirk Klimpel2022-02-2410-102/+159
|
* Add type hints to `tests/rest/client` (#12066)Dirk Klimpel2022-02-234-119/+148
|
* Remove more references to `get_datastore` (#12067)Richard van der Hoff2022-02-231-1/+3
| | | | | These have snuck in since #12031 was started. Also a couple of other cleanups while we're in the area.
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-2321-56/+60
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Implement account status endpoints (MSC3720) (#12001)Brendan Abolivier2022-02-221-4/+200
| | | | | See matrix-org/matrix-doc#3720 Co-authored-by: Sean Quah <8349537+squahtx@users.noreply.github.com>
* Fix slow performance of `/logout` in some cases where refresh tokens are in ↵reivilibre2022-02-221-2/+91
| | | | use. The slowness existed since the initial implementation of refresh tokens. (#12056)
* Use stable MSC3069 `is_guest` flag on `/whoami`. (#12021)Travis Ralston2022-02-181-3/+6
| | | Keeping backwards compatibility with the unstable flag for now.
* Fix incorrect thread summaries when the latest event is edited. (#11992)Patrick Cloke2022-02-151-0/+42
| | | | | If the latest event in a thread was edited than the original event content was included in bundled aggregation for threads instead of the edited event content.
* Add some tests for propagation of device list changes between local users ↵Andrew Morgan2022-02-152-1/+160
| | | | (#11972)
* Support the MSC3715 for `/relations`. (#11941)Patrick Cloke2022-02-111-6/+31
| | | | This adds an unstable org.matrix.msc3715.dir parameter which acts like dir on /mesages.
* Remove deprecated user_may_create_room_with_invites callback (#11950)Brendan Abolivier2022-02-111-117/+2
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Fix to-device being dropped in limited sync in SQLite. (#11966)Erik Johnston2022-02-111-0/+40
| | | | | | | | | If ther are more than 100 to-device messages pending for a device `/sync` will only return the first 100, however the next batch token was incorrectly calculated and so all other pending messages would be dropped. This is due to `txn.rowcount` only returning the number of rows that *changed*, rather than the number *selected* in SQLite.
* Tests: replace mocked Authenticator with the real thing (#11913)Richard van der Hoff2022-02-111-4/+2
| | | | | | | | | | | | If we prepopulate the test homeserver with a key for a remote homeserver, we can make federation requests to it without having to stub out the authenticator. This has two advantages: * means that what we are testing is closer to reality (ie, we now have complete tests for the incoming-request-authorisation flow) * some tests require that other objects be signed by the remote server (eg, the event in `/send_join`), and doing that would require a whole separate set of mocking out. It's much simpler just to use real keys.
* Support the stable API endpoint for MSC3283: new settings in `/capabilities` ↵Dirk Klimpel2022-02-111-48/+21
| | | | endpoint (#11933)
* Support pagination tokens from /sync and /messages in the relations API. ↵Patrick Cloke2022-02-101-14/+137
| | | | (#11952)
* Implement a content type allow list for URL previews (#11936)Denis Kasak2022-02-101-0/+72
| | | | | | | This implements an allow list for content types for which Synapse will attempt URL preview. If a URL resolves to a resource with a content type which isn't in the list, the download will terminate immediately. This makes sense given that Synapse would never successfully generate a URL preview for such files in the first place, and helps prevent issues with streaming media servers, such as #8302. Signed-off-by: Denis Kasak dkasak@termina.org.uk
* Experimental support to include bundled aggregations in search results ↵Patrick Cloke2022-02-081-1/+38
| | | | (MSC3666) (#11837)
* Add a unit test for users receiving their own device list updates (#11909)Andrew Morgan2022-02-071-1/+56
|
* Stabilise MSC3231 (Token Based Registration) (#11867)Jonathan de Jong2022-02-041-1/+1
|
* Allow specifying the application service-specific `user_id` parameter in the ↵reivilibre2022-02-031-5/+26
| | | | `join` test helper. (#11616)
* Expose the registered device ID from the `register_appservice_user` test ↵reivilibre2022-02-021-1/+1
| | | | helper. (#11615)
* Add type hints to `tests/rest/admin` (#11851)Dirk Klimpel2022-01-313-229/+183
|
* Configurable limits on avatars (#11846)Brendan Abolivier2022-01-281-0/+156
| | | | | | Only allow files which file size and content types match configured limits to be set as avatar. Most of the inspiration from the non-test code comes from matrix-org/synapse-dinsic#19
* Improvements to bundling aggregations. (#11815)Patrick Cloke2022-01-261-1/+1
| | | | | | | | | | | This is some odds and ends found during the review of #11791 and while continuing to work in this code: * Return attrs classes instead of dictionaries from some methods to improve type safety. * Call `get_bundled_aggregations` fewer times. * Adds a missing assertion in the tests. * Do not return empty bundled aggregations for an event (preferring to not include the bundle at all, as the docstring states).
* Add a config flag to inhibit `M_USER_IN_USE` during registration (#11743)Brendan Abolivier2022-01-261-0/+41
| | | | | | | This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work). This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (https://github.com/matrix-org/synapse/pull/11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique. More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
* Add admin API to get a list of federated rooms (#11658)Dirk Klimpel2022-01-251-25/+277
|
* Add admin API to reset connection timeouts for remote server (#11639)Dirk Klimpel2022-01-251-4/+51
| | | * Fix get federation status of destination if no error occured
* Support rendering previews with data: URLs in them (#11767)Patrick Cloke2022-01-242-8/+554
| | | | | Images which are data URLs will no longer break URL previews and will properly be "downloaded" and thumbnailed.
* Do not try to serialize raw aggregations dict. (#11791)Patrick Cloke2022-01-211-35/+73
|
* Drop unused table `public_room_list_stream`. (#11795)Richard van der Hoff2022-01-211-1/+0
| | | This is a follow-up to #10565.
* Include whether the requesting user has participated in a thread. (#11577)Patrick Cloke2022-01-181-0/+3
| | | | | | Per updates to MSC3440. This is implement as a separate method since it needs to be cached on a per-user basis, instead of a per-thread basis.
* Make pagination of rooms in admin api stable (#11737)Daniel Sonck2022-01-171-19/+28
| | | | | | | | | | | | | | Always add state.room_id after the configurable ORDER BY. Otherwise, for any sort, certain pages can contain results from other pages. (Especially when sorting by creator, since there may be many rooms by the same creator) * Document different order direction of numerical fields "joined_members", "joined_local_members", "version" and "state_events" are ordered in descending direction by default (dir=f). Added a note in tests to explain the differences in ordering. Signed-off-by: Daniël Sonck <daniel@sonck.nl>
* Remove the 'password_hash' from the Users Admin API endpoint response ↵Andrew Morgan2022-01-141-17/+33
| | | | dictionary (#11576)
* Replace uses of simple_insert_many with simple_insert_many_values. (#11742)Patrick Cloke2022-01-131-11/+4
| | | | This should be (slightly) more efficient and it is simpler to have a single method for inserting multiple values.
* Include bundled aggregations in the sync response cache. (#11659)Patrick Cloke2022-01-131-5/+5
|
* Test that bans win a join against a race when computing `/sync` response ↵David Robertson2022-01-071-0/+10
| | | | (#11701)
* Bundle aggregations outside of the serialization method. (#11612)Patrick Cloke2022-01-071-1/+1
| | | | | | | | This makes the serialization of events synchronous (and it no longer access the database), but we must manually calculate and provide the bundled aggregations. Overall this should cause no change in behavior, but is prep work for other improvements.
* Remove the /send_relation endpoint. (#11682)Patrick Cloke2022-01-061-13/+13
| | | | This was removed from MSC2674 before that was approved and is not used by any known clients.
* Fix get federation status of destination if no error occured (#11593)Dirk Klimpel2022-01-051-18/+57
|
* Add admin API to get users' account data (#11664)Dirk Klimpel2022-01-051-0/+90
| | | Co-authored-by: reivilibre <olivier@librepush.net>
* Merge remote-tracking branch 'origin/release-v1.49' into developRichard van der Hoff2021-12-201-5/+5
|\
| * Disable aggregation bundling on `/sync` responses (#11583)Richard van der Hoff2021-12-201-5/+5
| | | | | | | | | | | | | | | | | | | | | | * Disable aggregation bundling on `/sync` responses A partial revert of #11478. This turns out to have had a significant CPU impact on initial-sync handling. For now, let's disable it, until we find a more efficient way of achieving this. * Fix tests. Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* | Add type hints to `synapse/tests/rest/admin` (#11590)Dirk Klimpel2021-12-165-57/+70
| |
* | Move HTML parsing to a separate file for URL previews. (#11566)Patrick Cloke2021-12-131-0/+1
| | | | | | | | | | | | | | * Splits the logic for parsing HTML from the resource handling code. * Fix a circular import in the oEmbed code (which uses the HTML parsing code). * Renames some of the HTML parsing methods to: * Make it clear which methods are "internal" to the module. * Clarify what the methods do.
* | Test to ensure we share the same `state_group` across the whole historical ↵Eric Eastwood2021-12-101-0/+180
| | | | | | | | | | | | | | | | batch (MSC2716) (#11487) Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 We did some work on making sure the `state_groups` were shared in https://github.com/matrix-org/synapse/pull/10975
* | Ensure emails are canonicalized before fetching associated user. (#11547)Patrick Cloke2021-12-101-1/+2
| | | | | | | | This should fix pushers with an email in non-canonical form is used as the pushkey.
* | Do not allow cross-room relations, per MSC2674. (#11516)Patrick Cloke2021-12-091-0/+115
| |
* | Add missing `errcode` to `parse_string` and `parse_boolean` (#11542)Dirk Klimpel2021-12-094-10/+10
| |
* | Clean up `synapse.rest.admin` (#11535)Dirk Klimpel2021-12-081-1/+1
| |
* | Use HTTPStatus constants in place of literals in ↵reivilibre2021-12-081-47/+87
|/ | | | `tests.rest.client.test_auth`. (#11520)
* Fix 'delete room' admin api to work on incomplete rooms (#11523)Richard van der Hoff2021-12-071-17/+25
| | | | | If, for some reason, we don't have the create event, we should still be able to purge a room.
* Fix the test breakage introduced by #11435 as a result of concurrent PRs ↵reivilibre2021-12-071-1/+1
| | | | (#11522)
* Stabilise support for MSC2918 refresh tokens as they have now been merged ↵reivilibre2021-12-061-15/+15
| | | | into the Matrix specification. (#11435)
* Add admin API to get some information about federation status (#11407)Dirk Klimpel2021-12-061-0/+456
|
* Include bundled aggregations in /sync and related fixes (#11478)Patrick Cloke2021-12-061-39/+96
| | | | | | | | Due to updates to MSC2675 this includes a few fixes: * Include bundled aggregations for /sync. * Do not include bundled aggregations for /initialSync and /events. * Do not bundle aggregations for state events. * Clarifies comments and variable names.
* Support configuring the lifetime of non-refreshable access tokens separately ↵reivilibre2021-12-031-0/+76
| | | | to refreshable access tokens. (#11445)
* Add type hints to `synapse/tests/rest/admin` (#11501)Dirk Klimpel2021-12-039-225/+256
|
* Fix media repository failing when media store path contains symlinks (#11446)Sean Quah2021-12-021-1/+108
|
* Bundle relations of relations into the `/relations` result. (#11284)Patrick Cloke2021-11-301-0/+118
| | | | | Per updates to MSC2675 which now states that bundled aggregations should be included from the `/relations` endpoint.
* Remove unnecessary `json.dumps` from `tests.rest.admin` (#11461)Dirk Klimpel2021-11-301-41/+20
| | | | | The tests helpers automatically convert dictionaries to JSON payloads, no need to do it manually for each test.
* Convert status codes to `HTTPStatus` in `tests.rest.admin` (#11455)Dirk Klimpel2021-11-3011-557/+886
|
* Make background updates controllable via a plugin (#11306)Erik Johnston2021-11-291-1/+1
| | | Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Update MSC2918 refresh token support to confirm with the latest revision: ↵reivilibre2021-11-261-14/+44
| | | | accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
* Support expiry of refresh tokens and expiry of the overall session when ↵reivilibre2021-11-261-1/+124
| | | | refresh tokens are in use. (#11425)
* Lower minumum batch size to 1 for background updates (#11422)Brendan Abolivier2021-11-241-8/+17
| | | Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Rename unstable `access_token_lifetime` configuration option to ↵reivilibre2021-11-231-1/+1
| | | | `refreshable_access_token_lifetime` to make it clear it only concerns refreshable access tokens. (#11388)
* Merge branch 'master' into developSean Quah2021-11-231-0/+250
|\
| * Prevent the media store from writing outside of the configured directorySean Quah2021-11-191-0/+250
| | | | | | | | | | Also tighten validation of server names by forbidding invalid characters in IPv6 addresses and empty domain labels.
* | Add config for customizing the claim used for JWT logins. (#11361)Kostas2021-11-221-32/+36
| | | | | | | | | | Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
* | Store arbitrary relations from events. (#11391)Patrick Cloke2021-11-221-0/+111
| | | | | | | | | | Instead of only known relation types. This also reworks the background update for thread relations to crawl events and search for any relation type, not just threaded relations.
* | Add an admin API to run background jobs. (#11352)Dirk Klimpel2021-11-191-8/+146
| | | | | | | | | | | | Instead of having admins poke into the database directly. Can currently run jobs to populate stats and to populate the user directory.
* | Add dedicated admin API for blocking a room (#11324)Dirk Klimpel2021-11-181-0/+228
| |
* | Do not allow MSC3440 threads to fork threads (#11161)Patrick Cloke2021-11-181-0/+62
| | | | | | | | | | | | | | | | | | | | | | Adds validation to the Client-Server API to ensure that the potential thread head does not relate to another event already. This results in not allowing a thread to "fork" into other threads. If the target event is unknown for some reason (maybe it isn't visible to your homeserver), but is the target of other events it is assumed that the thread can be created from it. Otherwise, it is rejected as an unknown event.
* | Rename `get_access_token_for_user_id` method to ↵reivilibre2021-11-172-6/+6
| | | | | | | | `create_access_token_for_user_id` (#11369)
* | Add ability to un-shadow-ban via the admin API. (#11347)Patrick Cloke2021-11-161-6/+20
| |