From a8878960c0139f80bbb6f84bd0f0cb7352429c5b Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Wed, 17 Feb 2021 17:11:24 +0000 Subject: Update workers.md tiny typo in sso paths --- docs/workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/workers.md b/docs/workers.md index 9bda0f8c23..582ad48cd6 100644 --- a/docs/workers.md +++ b/docs/workers.md @@ -261,7 +261,7 @@ using): # for all SSO providers ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect ^/_synapse/client/pick_idp$ - ^/_synapse/client/pick_username + ^/_synapse/client/pick_username$ ^/_synapse/client/new_user_consent$ ^/_synapse/client/sso_register$ -- cgit 1.4.1 From 53f1c4da81968dfce1dea8d70d0e391b5c367170 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Wed, 17 Feb 2021 17:14:23 +0000 Subject: Update workers.md --- docs/workers.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/workers.md b/docs/workers.md index 582ad48cd6..847ac91649 100644 --- a/docs/workers.md +++ b/docs/workers.md @@ -276,7 +276,8 @@ using): Ensure that all SSO logins go to a single process. For multiple workers not handling the SSO endpoints properly, see -[#7530](https://github.com/matrix-org/synapse/issues/7530). +[#7530](https://github.com/matrix-org/synapse/issues/7530) and +[#9427](https://github.com/matrix-org/synapse/issues/9427). Note that a HTTP listener with `client` and `federation` resources must be configured in the `worker_listeners` option in the worker config. -- cgit 1.4.1 From 3e5749b99fc47a28681178d96923519866b3ae5d Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Wed, 17 Feb 2021 17:31:37 +0000 Subject: Fix only handling the last presence state for each user (#9425) This is a small bug that I noticed while working on #8956. We have a for-loop which attempts to strip all presence changes for each user except for the final one, as we don't really care about older presence: https://github.com/matrix-org/synapse/blob/9e19c6aab4b5a99039f2ddc7d3120dd3b26c274b/synapse/handlers/presence.py#L368-L371 `new_states_dict` stores this stripped copy of latest presence state for each user, before it is... put into a new variable `new_state`, which is just overridden by the subsequent for loop. I believe this was instead meant to override `new_states`. Without doing so, it effectively meant: 1. The for loop had no effect. 2. We were still processing old presence state for users. --- changelog.d/9425.bugfix | 1 + synapse/handlers/presence.py | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 changelog.d/9425.bugfix diff --git a/changelog.d/9425.bugfix b/changelog.d/9425.bugfix new file mode 100644 index 0000000000..f5b8857cdb --- /dev/null +++ b/changelog.d/9425.bugfix @@ -0,0 +1 @@ +Fix a long-standing bug in the deduplication of old presence, resulting in no deduplication. \ No newline at end of file diff --git a/synapse/handlers/presence.py b/synapse/handlers/presence.py index 7ba22d511f..ed90b5d457 100644 --- a/synapse/handlers/presence.py +++ b/synapse/handlers/presence.py @@ -349,10 +349,13 @@ class PresenceHandler(BasePresenceHandler): [self.user_to_current_state[user_id] for user_id in unpersisted] ) - async def _update_states(self, new_states): + async def _update_states(self, new_states: Iterable[UserPresenceState]) -> None: """Updates presence of users. Sets the appropriate timeouts. Pokes the notifier and federation if and only if the changed presence state should be sent to clients/servers. + + Args: + new_states: The new user presence state updates to process. """ now = self.clock.time_msec() @@ -368,7 +371,7 @@ class PresenceHandler(BasePresenceHandler): new_states_dict = {} for new_state in new_states: new_states_dict[new_state.user_id] = new_state - new_state = new_states_dict.values() + new_states = new_states_dict.values() for new_state in new_states: user_id = new_state.user_id -- cgit 1.4.1 From a25661b2eb058019ffcd035f6a5371c09782b950 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Wed, 17 Feb 2021 17:32:26 +0000 Subject: Remove dead notify_for_states presence method (#9408) --- changelog.d/9408.misc | 1 + synapse/handlers/presence.py | 11 ----------- 2 files changed, 1 insertion(+), 11 deletions(-) create mode 100644 changelog.d/9408.misc diff --git a/changelog.d/9408.misc b/changelog.d/9408.misc new file mode 100644 index 0000000000..600bacbfe7 --- /dev/null +++ b/changelog.d/9408.misc @@ -0,0 +1 @@ +Clean up an unused method in the presence handler code. \ No newline at end of file diff --git a/synapse/handlers/presence.py b/synapse/handlers/presence.py index ed90b5d457..fb85b19770 100644 --- a/synapse/handlers/presence.py +++ b/synapse/handlers/presence.py @@ -660,17 +660,6 @@ class PresenceHandler(BasePresenceHandler): self._push_to_remotes(states) - async def notify_for_states(self, state, stream_id): - parties = await get_interested_parties(self.store, [state]) - room_ids_to_states, users_to_states = parties - - self.notifier.on_new_event( - "presence_key", - stream_id, - rooms=room_ids_to_states.keys(), - users=[UserID.from_string(u) for u in users_to_states], - ) - def _push_to_remotes(self, states): """Sends state updates to remote servers. -- cgit 1.4.1 From c8d9383cfb0985a99bf10756ea2dcb0b6329859d Mon Sep 17 00:00:00 2001 From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Date: Wed, 17 Feb 2021 21:19:23 +0100 Subject: Add the shadow-banning status to the display user admin API. (#9400) --- changelog.d/9400.feature | 1 + docs/admin_api/user_admin_api.rst | 9 ++++++--- synapse/storage/databases/main/__init__.py | 2 +- synapse/storage/databases/main/registration.py | 7 +++++-- tests/rest/admin/test_user.py | 2 ++ tests/storage/test_registration.py | 1 + 6 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 changelog.d/9400.feature diff --git a/changelog.d/9400.feature b/changelog.d/9400.feature new file mode 100644 index 0000000000..3067c3907b --- /dev/null +++ b/changelog.d/9400.feature @@ -0,0 +1 @@ +Add the shadow-banning status to the display user admin API. \ No newline at end of file diff --git a/docs/admin_api/user_admin_api.rst b/docs/admin_api/user_admin_api.rst index 1eb674939e..33dfbcfb49 100644 --- a/docs/admin_api/user_admin_api.rst +++ b/docs/admin_api/user_admin_api.rst @@ -29,8 +29,9 @@ It returns a JSON body like the following: } ], "avatar_url": "", - "admin": false, - "deactivated": false, + "admin": 0, + "deactivated": 0, + "shadow_banned": 0, "password_hash": "$2b$12$p9B4GkqYdRTPGD", "creation_ts": 1560432506, "appservice_id": null, @@ -150,6 +151,7 @@ A JSON body is returned with the following shape: "admin": 0, "user_type": null, "deactivated": 0, + "shadow_banned": 0, "displayname": "", "avatar_url": null }, { @@ -158,6 +160,7 @@ A JSON body is returned with the following shape: "admin": 1, "user_type": null, "deactivated": 0, + "shadow_banned": 0, "displayname": "", "avatar_url": "" } @@ -262,7 +265,7 @@ The following actions are performed when deactivating an user: - Reject all pending invites - Remove all account validity information related to the user -The following additional actions are performed during deactivation if``erase`` +The following additional actions are performed during deactivation if ``erase`` is set to ``true``: - Remove the user's display name diff --git a/synapse/storage/databases/main/__init__.py b/synapse/storage/databases/main/__init__.py index 5d0845588c..70b49854cf 100644 --- a/synapse/storage/databases/main/__init__.py +++ b/synapse/storage/databases/main/__init__.py @@ -340,7 +340,7 @@ class DataStore( count = txn.fetchone()[0] sql = ( - "SELECT name, user_type, is_guest, admin, deactivated, displayname, avatar_url " + "SELECT name, user_type, is_guest, admin, deactivated, shadow_banned, displayname, avatar_url " + sql_base + " ORDER BY u.name LIMIT ? OFFSET ?" ) diff --git a/synapse/storage/databases/main/registration.py b/synapse/storage/databases/main/registration.py index 07e219aaed..d5b5507815 100644 --- a/synapse/storage/databases/main/registration.py +++ b/synapse/storage/databases/main/registration.py @@ -113,6 +113,7 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore): "creation_ts", "user_type", "deactivated", + "shadow_banned", ], allow_none=True, desc="get_user_by_id", @@ -372,23 +373,25 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore): """ def set_shadow_banned_txn(txn): + user_id = user.to_string() self.db_pool.simple_update_one_txn( txn, table="users", - keyvalues={"name": user.to_string()}, + keyvalues={"name": user_id}, updatevalues={"shadow_banned": shadow_banned}, ) # In order for this to apply immediately, clear the cache for this user. tokens = self.db_pool.simple_select_onecol_txn( txn, table="access_tokens", - keyvalues={"user_id": user.to_string()}, + keyvalues={"user_id": user_id}, retcol="token", ) for token in tokens: self._invalidate_cache_and_stream( txn, self.get_user_by_access_token, (token,) ) + self._invalidate_cache_and_stream(txn, self.get_user_by_id, (user_id,)) await self.db_pool.runInteraction("set_shadow_banned", set_shadow_banned_txn) diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py index ff75199c8e..ba26895391 100644 --- a/tests/rest/admin/test_user.py +++ b/tests/rest/admin/test_user.py @@ -769,6 +769,7 @@ class UsersListTestCase(unittest.HomeserverTestCase): self.assertIn("admin", u) self.assertIn("user_type", u) self.assertIn("deactivated", u) + self.assertIn("shadow_banned", u) self.assertIn("displayname", u) self.assertIn("avatar_url", u) @@ -1146,6 +1147,7 @@ class UserRestTestCase(unittest.HomeserverTestCase): self.assertEqual(False, channel.json_body["admin"]) self.assertEqual(False, channel.json_body["is_guest"]) self.assertEqual(False, channel.json_body["deactivated"]) + self.assertEqual(False, channel.json_body["shadow_banned"]) self.assertEqual("mxc://fibble/wibble", channel.json_body["avatar_url"]) @override_config( diff --git a/tests/storage/test_registration.py b/tests/storage/test_registration.py index abbaed7cdc..4eb41c46e8 100644 --- a/tests/storage/test_registration.py +++ b/tests/storage/test_registration.py @@ -52,6 +52,7 @@ class RegistrationStoreTestCase(unittest.TestCase): "creation_ts": 1000, "user_type": None, "deactivated": 0, + "shadow_banned": 0, }, (yield defer.ensureDeferred(self.store.get_user_by_id(self.user_id))), ) -- cgit 1.4.1 From 626afd7e898ae87106502de162b3be9f03b51c75 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 18 Feb 2021 11:56:25 +0000 Subject: Revert "Update workers.md" This reverts commit a8878960c0139f80bbb6f84bd0f0cb7352429c5b. --- docs/workers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/workers.md b/docs/workers.md index 847ac91649..e7bf9b8ce4 100644 --- a/docs/workers.md +++ b/docs/workers.md @@ -261,7 +261,7 @@ using): # for all SSO providers ^/_matrix/client/(api/v1|r0|unstable)/login/sso/redirect ^/_synapse/client/pick_idp$ - ^/_synapse/client/pick_username$ + ^/_synapse/client/pick_username ^/_synapse/client/new_user_consent$ ^/_synapse/client/sso_register$ -- cgit 1.4.1 From 5ee8a1c50a1b571a8a8704a59635232193b454f2 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 18 Feb 2021 14:01:23 +0000 Subject: Redirect redirect requests if they arrive on the wrong URI --- synapse/rest/client/v1/login.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index 6e2fbedd99..3e6a21e20f 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -354,6 +354,7 @@ class SsoRedirectServlet(RestServlet): hs.get_oidc_handler() self._sso_handler = hs.get_sso_handler() self._msc2858_enabled = hs.config.experimental.msc2858_enabled + self._public_baseurl = hs.config.public_baseurl def register(self, http_server: HttpServer) -> None: super().register(http_server) @@ -373,6 +374,28 @@ class SsoRedirectServlet(RestServlet): async def on_GET( self, request: SynapseRequest, idp_id: Optional[str] = None ) -> None: + if not self._public_baseurl: + raise SynapseError(400, "SSO requires a valid public_baseurl") + + # if this isn't the expected hostname, redirect to the right one, so that we + # get our cookies back. + requested_uri = b"%s://%s%s" % ( + b"https" if request.isSecure() else b"http", + request.getHeader(b"host"), + request.uri, + ) + baseurl_bytes = self._public_baseurl.encode("utf-8") + if not requested_uri.startswith(baseurl_bytes): + i = requested_uri.index(b"/_matrix") + new_uri = baseurl_bytes[:-1] + requested_uri[i:] + logger.info( + "Requested URI %s is not canonical: redirecting to %s", + requested_uri.decode("utf-8", errors="replace"), + new_uri.decode("utf-8", errors="replace"), + ) + request.redirect(new_uri) + finish_request(request) + client_redirect_url = parse_string( request, "redirectUrl", required=True, encoding=None ) -- cgit 1.4.1