From 9915139bef11723e04e22a4d5f3074c48bdaada0 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 30 Dec 2020 14:18:58 +0000 Subject: Move AccountValidityConfig to its own config file --- docs/sample_config.yaml | 105 +++++++++++------------ docs/sample_log_config.yaml | 71 ---------------- synapse/config/_base.pyi | 2 + synapse/config/account_validity.py | 166 +++++++++++++++++++++++++++++++++++++ synapse/config/homeserver.py | 3 +- synapse/config/registration.py | 128 ---------------------------- 6 files changed, 224 insertions(+), 251 deletions(-) create mode 100644 synapse/config/account_validity.py diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index f196781c1c..dcd2582d85 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1111,15 +1111,8 @@ url_preview_accept_language: #turn_allow_guests: true -## Registration ## -# -# Registration can be rate-limited using the parameters in the "Ratelimiting" -# section of this file. - -# Enable registration for new users. +## Account Validity ## # -#enable_registration: false - # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. # @@ -1131,57 +1124,67 @@ url_preview_accept_language: # after that the validity period changes and Synapse is restarted, the users' # expiration dates won't be updated unless their account is manually renewed. This # date will be randomly selected within a range [now + period - d ; now + period], -# where d is equal to 10% of the validity period. +# where d is equal to 10%% of the validity period. # account_validity: - # The account validity feature is disabled by default. Uncomment the - # following line to enable it. - # - #enabled: true +# The account validity feature is disabled by default. Uncomment the +# following line to enable it. +# +#enabled: true - # The period after which an account is valid after its registration. When - # renewing the account, its validity period will be extended by this amount - # of time. This parameter is required when using the account validity - # feature. - # - #period: 6w +# The period after which an account is valid after its registration. When +# renewing the account, its validity period will be extended by this amount +# of time. This parameter is required when using the account validity +# feature. +# +#period: 6w - # The amount of time before an account's expiry date at which Synapse will - # send an email to the account's email address with a renewal link. By - # default, no such emails are sent. - # - # If you enable this setting, you will also need to fill out the 'email' and - # 'public_baseurl' configuration sections. - # - #renew_at: 1w +# The amount of time before an account's expiry date at which Synapse will +# send an email to the account's email address with a renewal link. By +# default, no such emails are sent. +# +# If you enable this setting, you will also need to fill out the 'email' and +# 'public_baseurl' configuration sections. +# +#renew_at: 1w - # The subject of the email sent out with the renewal link. '%(app)s' can be - # used as a placeholder for the 'app_name' parameter from the 'email' - # section. - # - # Note that the placeholder must be written '%(app)s', including the - # trailing 's'. - # - # If this is not set, a default value is used. - # - #renew_email_subject: "Renew your %(app)s account" +# The subject of the email sent out with the renewal link. '%%(app)s' can be +# used as a placeholder for the 'app_name' parameter from the 'email' +# section. +# +# Note that the placeholder must be written '%%(app)s', including the +# trailing 's'. +# +# If this is not set, a default value is used. +# +#renew_email_subject: "Renew your %%(app)s account" - # Directory in which Synapse will try to find templates for the HTML files to - # serve to the user when trying to renew an account. If not set, default - # templates from within the Synapse package will be used. - # - #template_dir: "res/templates" +# Directory in which Synapse will try to find templates for the HTML files to +# serve to the user when trying to renew an account. If not set, default +# templates from within the Synapse package will be used. +# +#template_dir: "res/templates" - # File within 'template_dir' giving the HTML to be displayed to the user after - # they successfully renewed their account. If not set, default text is used. - # - #account_renewed_html_path: "account_renewed.html" +# File within 'template_dir' giving the HTML to be displayed to the user after +# they successfully renewed their account. If not set, default text is used. +# +#account_renewed_html_path: "account_renewed.html" - # File within 'template_dir' giving the HTML to be displayed when the user - # tries to renew an account with an invalid renewal token. If not set, - # default text is used. - # - #invalid_token_html_path: "invalid_token.html" +# File within 'template_dir' giving the HTML to be displayed when the user +# tries to renew an account with an invalid renewal token. If not set, +# default text is used. +# +#invalid_token_html_path: "invalid_token.html" + + +## Registration ## +# +# Registration can be rate-limited using the parameters in the "Ratelimiting" +# section of this file. + +# Enable registration for new users. +# +#enable_registration: false # Time that a user's session remains valid for, after they log in. # diff --git a/docs/sample_log_config.yaml b/docs/sample_log_config.yaml index ff3c747180..e69de29bb2 100644 --- a/docs/sample_log_config.yaml +++ b/docs/sample_log_config.yaml @@ -1,71 +0,0 @@ -# Log configuration for Synapse. -# -# This is a YAML file containing a standard Python logging configuration -# dictionary. See [1] for details on the valid settings. -# -# Synapse also supports structured logging for machine readable logs which can -# be ingested by ELK stacks. See [2] for details. -# -# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema -# [2]: https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md - -version: 1 - -formatters: - precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' - -handlers: - file: - class: logging.handlers.TimedRotatingFileHandler - formatter: precise - filename: /var/log/matrix-synapse/homeserver.log - when: midnight - backupCount: 3 # Does not include the current log file. - encoding: utf8 - - # Default to buffering writes to log file for efficiency. This means that - # will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR - # logs will still be flushed immediately. - buffer: - class: logging.handlers.MemoryHandler - target: file - # The capacity is the number of log lines that are buffered before - # being written to disk. Increasing this will lead to better - # performance, at the expensive of it taking longer for log lines to - # be written to disk. - capacity: 10 - flushLevel: 30 # Flush for WARNING logs as well - - # A handler that writes logs to stderr. Unused by default, but can be used - # instead of "buffer" and "file" in the logger handlers. - console: - class: logging.StreamHandler - formatter: precise - -loggers: - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: INFO - - twisted: - # We send the twisted logging directly to the file handler, - # to work around https://github.com/matrix-org/synapse/issues/3471 - # when using "buffer" logger. Use "console" to log to stderr instead. - handlers: [file] - propagate: false - -root: - level: INFO - - # Write logs to the `buffer` handler, which will buffer them together in memory, - # then write them to a file. - # - # Replace "buffer" with "console" to log to stderr instead. (Note that you'll - # also need to update the configuration for the `twisted` logger above, in - # this case.) - # - handlers: [buffer] - -disable_existing_loggers: false diff --git a/synapse/config/_base.pyi b/synapse/config/_base.pyi index ed26e2fb60..719509af25 100644 --- a/synapse/config/_base.pyi +++ b/synapse/config/_base.pyi @@ -1,6 +1,7 @@ from typing import Any, Iterable, List, Optional from synapse.config import ( + account_validity, api, appservice, captcha, @@ -55,6 +56,7 @@ class RootConfig: media: repository.ContentRepositoryConfig captcha: captcha.CaptchaConfig voip: voip.VoipConfig + accountvalidity: account_validity.AccountValidityConfig registration: registration.RegistrationConfig metrics: metrics.MetricsConfig api: api.ApiConfig diff --git a/synapse/config/account_validity.py b/synapse/config/account_validity.py new file mode 100644 index 0000000000..66545d717c --- /dev/null +++ b/synapse/config/account_validity.py @@ -0,0 +1,166 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 The Matrix.org Foundation C.I.C. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import os + +import pkg_resources + +from synapse.config._base import Config, ConfigError + + +class AccountValidityConfig(Config): + section = "accountvalidity" + + def read_config(self, config, **kwargs): + self.enabled = config.get("enabled", False) + self.renew_by_email_enabled = "renew_at" in config + + if self.enabled: + if "period" in config: + self.period = self.parse_duration(config["period"]) + else: + raise ConfigError("'period' is required when using account validity") + + if "renew_at" in config: + self.renew_at = self.parse_duration(config["renew_at"]) + + if "renew_email_subject" in config: + self.renew_email_subject = config["renew_email_subject"] + else: + self.renew_email_subject = "Renew your %(app)s account" + + self.startup_job_max_delta = self.period * 10.0 / 100.0 + + if self.renew_by_email_enabled: + if not self.public_baseurl: + raise ConfigError("Can't send renewal emails without 'public_baseurl'") + + template_dir = config.get("template_dir") + + if not template_dir: + template_dir = pkg_resources.resource_filename("synapse", "res/templates") + + if "account_renewed_html_path" in config: + file_path = os.path.join(template_dir, config["account_renewed_html_path"]) + + self.account_renewed_html_content = self.read_file( + file_path, "account_validity.account_renewed_html_path" + ) + else: + self.account_renewed_html_content = ( + "Your account has been successfully renewed." + ) + + if "invalid_token_html_path" in config: + file_path = os.path.join(template_dir, config["invalid_token_html_path"]) + + self.invalid_token_html_content = self.read_file( + file_path, "account_validity.invalid_token_html_path" + ) + else: + self.invalid_token_html_content = ( + "Invalid renewal token." + ) + + # Load account validity templates. + # We do this here instead of in AccountValidityConfig as read_templates + # relies on state that hasn't been initialised in AccountValidityConfig + account_renewed_template_filename = config.get( + "account_renewed_html_path", "account_renewed.html" + ) + account_previously_renewed_template_filename = config.get( + "account_previously_renewed_html_path", "account_previously_renewed.html" + ) + invalid_token_template_filename = config.get( + "invalid_token_html_path", "invalid_token.html" + ) + ( + self.account_validity.account_renewed_template, + self.account_validity.account_previously_renewed_template, + self.account_validity.invalid_token_template, + ) = self.read_templates( + [ + account_renewed_template_filename, + account_previously_renewed_template_filename, + invalid_token_template_filename, + ] + ) + + def generate_config_section(self, **kwargs): + return """\ + ## Account Validity ## + # + # Optional account validity configuration. This allows for accounts to be denied + # any request after a given period. + # + # Once this feature is enabled, Synapse will look for registered users without an + # expiration date at startup and will add one to every account it found using the + # current settings at that time. + # This means that, if a validity period is set, and Synapse is restarted (it will + # then derive an expiration date from the current validity period), and some time + # after that the validity period changes and Synapse is restarted, the users' + # expiration dates won't be updated unless their account is manually renewed. This + # date will be randomly selected within a range [now + period - d ; now + period], + # where d is equal to 10%% of the validity period. + # + account_validity: + # The account validity feature is disabled by default. Uncomment the + # following line to enable it. + # + #enabled: true + + # The period after which an account is valid after its registration. When + # renewing the account, its validity period will be extended by this amount + # of time. This parameter is required when using the account validity + # feature. + # + #period: 6w + + # The amount of time before an account's expiry date at which Synapse will + # send an email to the account's email address with a renewal link. By + # default, no such emails are sent. + # + # If you enable this setting, you will also need to fill out the 'email' and + # 'public_baseurl' configuration sections. + # + #renew_at: 1w + + # The subject of the email sent out with the renewal link. '%%(app)s' can be + # used as a placeholder for the 'app_name' parameter from the 'email' + # section. + # + # Note that the placeholder must be written '%%(app)s', including the + # trailing 's'. + # + # If this is not set, a default value is used. + # + #renew_email_subject: "Renew your %%(app)s account" + + # Directory in which Synapse will try to find templates for the HTML files to + # serve to the user when trying to renew an account. If not set, default + # templates from within the Synapse package will be used. + # + #template_dir: "res/templates" + + # File within 'template_dir' giving the HTML to be displayed to the user after + # they successfully renewed their account. If not set, default text is used. + # + #account_renewed_html_path: "account_renewed.html" + + # File within 'template_dir' giving the HTML to be displayed when the user + # tries to renew an account with an invalid renewal token. If not set, + # default text is used. + # + #invalid_token_html_path: "invalid_token.html" + """ diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index be65554524..53294d98a3 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -13,8 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - from ._base import RootConfig +from .account_validity import AccountValidityConfig from .api import ApiConfig from .appservice import AppServiceConfig from .cache import CacheConfig @@ -66,6 +66,7 @@ class HomeServerConfig(RootConfig): ContentRepositoryConfig, CaptchaConfig, VoipConfig, + AccountValidityConfig, RegistrationConfig, MetricsConfig, ApiConfig, diff --git a/synapse/config/registration.py b/synapse/config/registration.py index cc5f75123c..3fc0f4d4d8 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -13,75 +13,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os from distutils.util import strtobool -import pkg_resources - from synapse.api.constants import RoomCreationPreset from synapse.config._base import Config, ConfigError from synapse.types import RoomAlias, UserID from synapse.util.stringutils import random_string_with_symbols -class AccountValidityConfig(Config): - section = "accountvalidity" - - def __init__(self, config, synapse_config): - if config is None: - return - super().__init__() - self.enabled = config.get("enabled", False) - self.renew_by_email_enabled = "renew_at" in config - - if self.enabled: - if "period" in config: - self.period = self.parse_duration(config["period"]) - else: - raise ConfigError("'period' is required when using account validity") - - if "renew_at" in config: - self.renew_at = self.parse_duration(config["renew_at"]) - - if "renew_email_subject" in config: - self.renew_email_subject = config["renew_email_subject"] - else: - self.renew_email_subject = "Renew your %(app)s account" - - self.startup_job_max_delta = self.period * 10.0 / 100.0 - - if self.renew_by_email_enabled: - if "public_baseurl" not in synapse_config: - raise ConfigError("Can't send renewal emails without 'public_baseurl'") - - template_dir = config.get("template_dir") - - if not template_dir: - template_dir = pkg_resources.resource_filename("synapse", "res/templates") - - if "account_renewed_html_path" in config: - file_path = os.path.join(template_dir, config["account_renewed_html_path"]) - - self.account_renewed_html_content = self.read_file( - file_path, "account_validity.account_renewed_html_path" - ) - else: - self.account_renewed_html_content = ( - "Your account has been successfully renewed." - ) - - if "invalid_token_html_path" in config: - file_path = os.path.join(template_dir, config["invalid_token_html_path"]) - - self.invalid_token_html_content = self.read_file( - file_path, "account_validity.invalid_token_html_path" - ) - else: - self.invalid_token_html_content = ( - "Invalid renewal token." - ) - - class RegistrationConfig(Config): section = "registration" @@ -94,10 +33,6 @@ class RegistrationConfig(Config): strtobool(str(config["disable_registration"])) ) - self.account_validity = AccountValidityConfig( - config.get("account_validity") or {}, config - ) - self.registrations_require_3pid = config.get("registrations_require_3pid", []) self.allowed_local_3pids = config.get("allowed_local_3pids", []) self.enable_3pid_lookup = config.get("enable_3pid_lookup", True) @@ -211,69 +146,6 @@ class RegistrationConfig(Config): # #enable_registration: false - # Optional account validity configuration. This allows for accounts to be denied - # any request after a given period. - # - # Once this feature is enabled, Synapse will look for registered users without an - # expiration date at startup and will add one to every account it found using the - # current settings at that time. - # This means that, if a validity period is set, and Synapse is restarted (it will - # then derive an expiration date from the current validity period), and some time - # after that the validity period changes and Synapse is restarted, the users' - # expiration dates won't be updated unless their account is manually renewed. This - # date will be randomly selected within a range [now + period - d ; now + period], - # where d is equal to 10%% of the validity period. - # - account_validity: - # The account validity feature is disabled by default. Uncomment the - # following line to enable it. - # - #enabled: true - - # The period after which an account is valid after its registration. When - # renewing the account, its validity period will be extended by this amount - # of time. This parameter is required when using the account validity - # feature. - # - #period: 6w - - # The amount of time before an account's expiry date at which Synapse will - # send an email to the account's email address with a renewal link. By - # default, no such emails are sent. - # - # If you enable this setting, you will also need to fill out the 'email' and - # 'public_baseurl' configuration sections. - # - #renew_at: 1w - - # The subject of the email sent out with the renewal link. '%%(app)s' can be - # used as a placeholder for the 'app_name' parameter from the 'email' - # section. - # - # Note that the placeholder must be written '%%(app)s', including the - # trailing 's'. - # - # If this is not set, a default value is used. - # - #renew_email_subject: "Renew your %%(app)s account" - - # Directory in which Synapse will try to find templates for the HTML files to - # serve to the user when trying to renew an account. If not set, default - # templates from within the Synapse package will be used. - # - #template_dir: "res/templates" - - # File within 'template_dir' giving the HTML to be displayed to the user after - # they successfully renewed their account. If not set, default text is used. - # - #account_renewed_html_path: "account_renewed.html" - - # File within 'template_dir' giving the HTML to be displayed when the user - # tries to renew an account with an invalid renewal token. If not set, - # default text is used. - # - #invalid_token_html_path: "invalid_token.html" - # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. -- cgit 1.4.1