Richard van der Hoff
36f4953dec
Add support for tracking SAML2 sessions.
...
This allows us to correctly handle `allow_unsolicited: False`.
2019-06-26 23:50:55 +01:00
Richard van der Hoff
a4daa899ec
Merge branch 'develop' into rav/saml2_client
2019-06-26 22:34:41 +01:00
Richard van der Hoff
4ac7ef4b67
Merge pull request #5524 from matrix-org/rav/new_cmdline_options
...
Add --data-dir and --open-private-ports options.
2019-06-24 17:25:57 +01:00
Richard van der Hoff
af8a962905
Merge pull request #5523 from matrix-org/rav/arg_defaults
...
Stop conflating generated config and default config
2019-06-24 17:24:35 +01:00
Brendan Abolivier
deb4fe6ef3
Merge pull request #5534 from matrix-org/babolivier/federation-publicrooms
...
Split public rooms directory auth config in two
2019-06-24 16:08:02 +01:00
Brendan Abolivier
bfe84e051e
Split public rooms directory auth config in two
2019-06-24 15:42:31 +01:00
Richard van der Hoff
3f8a252dd8
Add "--open-private-ports" cmdline option
...
This is helpful when generating a config file for running synapse under docker.
2019-06-24 14:15:34 +01:00
Richard van der Hoff
6a92b06cbb
Add --data-directory commandline argument
...
We don't necessarily want to put the data in the cwd.
2019-06-24 14:15:34 +01:00
Richard van der Hoff
16b52642e2
Don't load the generated config as the default.
...
It's too confusing.
2019-06-24 14:14:52 +01:00
Richard van der Hoff
7c2f8881a9
Ensure that all config options have sensible defaults
...
This will enable us to skip the unintuitive behaviour where the generated
config and default config are the same thing.
2019-06-24 14:14:52 +01:00
Richard van der Hoff
367a8263b3
Remove unused Config.config_dir_path attribute
...
This is no longer used and only serves to confuse.
2019-06-24 13:51:22 +01:00
Richard van der Hoff
edea4bb5be
Allow configuration of the path used for ACME account keys.
...
Because sticking it in the same place as the config isn't necessarily the right
thing to do.
2019-06-24 13:51:22 +01:00
Richard van der Hoff
c3c6b00d95
Pass config_dir_path and data_dir_path into Config.read_config. ( #5522 )
...
* Pull config_dir_path and data_dir_path calculation out of read_config_files
* Pass config_dir_path and data_dir_path into read_config
2019-06-24 11:34:45 +01:00
Richard van der Hoff
6cda36777b
Drop support for cpu_affinity ( #5525 )
...
This has no useful purpose on python3, and is generally a source of confusion.
2019-06-22 11:01:55 +10:00
Richard van der Hoff
e1a795758c
Improve help and cmdline option names for --generate-config options ( #5512 )
...
* group the arguments together into a group
* add new names "--generate-missing-config" and "--config-directory" for
existing cmdline options "--generate-keys" and "--keys-dir", which better
reflect their purposes.
2019-06-21 18:50:43 +01:00
Richard van der Hoff
03cea2b0fe
Refactor Config parser and add some comments. ( #5511 )
...
Add some comments, and simplify `read_config_files`.
2019-06-21 17:43:38 +01:00
Richard van der Hoff
37933a3bf8
Improve logging when generating config files ( #5510 )
...
Make it a bit clearer what's going on.
2019-06-21 17:14:56 +01:00
Amber Brown
32e7c9e7f2
Run Black. ( #5482 )
2019-06-20 19:32:02 +10:00
Erik Johnston
b42f90470f
Add experimental option to reduce extremities.
...
Adds new config option `cleanup_extremities_with_dummy_events` which
periodically sends dummy events to rooms with more than 10 extremities.
THIS IS REALLY EXPERIMENTAL.
2019-06-18 15:02:18 +01:00
Brendan Abolivier
f12e1f029c
Merge pull request #5440 from matrix-org/babolivier/third_party_event_rules
...
Allow server admins to define implementations of extra rules for allowing or denying incoming events
2019-06-14 19:37:59 +01:00
Brendan Abolivier
f874b16b2e
Add plugin APIs for implementations of custom event rules.
2019-06-14 18:16:03 +01:00
Andrew Morgan
2ddc13577c
Don't warn user about password reset disabling through config code ( #5387 )
...
Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen?
Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense.
Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
2019-06-11 00:25:07 +01:00
Richard van der Hoff
426049247b
Code cleanups and simplifications.
...
Also: share the saml client between redirect and response handlers.
2019-06-11 00:03:57 +01:00
Richard van der Hoff
69a43d9974
Merge remote-tracking branch 'origin/develop' into rav/saml2_client
2019-06-10 20:28:08 +01:00
Richard van der Hoff
88d7182ada
Improve startup checks for insecure notary configs ( #5392 )
...
It's not really a problem to trust notary responses signed by the old key so
long as we are also doing TLS validation.
This commit adds a check to the config parsing code at startup to check that
we do not have the insecure matrix.org key without tls validation, and refuses
to start without it.
This allows us to remove the rather alarming-looking warning which happens at
runtime.
2019-06-10 10:33:00 +01:00
Neil Johnson
a11865016e
Set default room version to v4. ( #5379 )
...
Set default room version to v4.
2019-06-06 20:13:47 +01:00
Andrew Morgan
3719680ee4
Add ability to perform password reset via email without trusting the identity server ( #5377 )
...
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
2019-06-06 17:34:07 +01:00
Richard van der Hoff
9fbb20a531
Stop hardcoding trust of old matrix.org key ( #5374 )
...
There are a few changes going on here:
* We make checking the signature on a key server response optional: if no
verify_keys are specified, we trust to TLS to validate the connection.
* We change the default config so that it does not require responses to be
signed by the old key.
* We replace the old 'perspectives' config with 'trusted_key_servers', which
is also formatted slightly differently.
* We emit a warning to the logs every time we trust a key server response
signed by the old key.
2019-06-06 17:33:11 +01:00
Richard van der Hoff
7603a706eb
Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification
2019-06-05 16:32:35 +01:00
Richard van der Hoff
f8a45302c9
Fix federation_custom_ca_list
configuration option.
...
Previously, setting this option would cause an exception at startup.
2019-06-05 16:19:07 +01:00
Richard van der Hoff
e2dfb922e1
Validate federation server TLS certificates by default.
2019-06-05 14:17:50 +01:00
Neil Johnson
26713515de
Neilj/mau tracking config explainer ( #5284 )
...
Improve documentation of monthly active user blocking and mau_trial_days
2019-06-05 13:16:23 +01:00
Brendan Abolivier
f6dd12d1e2
Merge pull request #5341 from matrix-org/babolivier/email_config
...
Make account validity renewal emails work when email notifs are disabled
2019-06-04 14:49:06 +01:00
Brendan Abolivier
2f62e1f6ff
Only parse from email if provided
2019-06-04 14:24:36 +01:00
Brendan Abolivier
1cc5fc1f6c
Lint
2019-06-04 13:51:23 +01:00
Brendan Abolivier
ac3cc32367
Make account validity renewal emails work when email notifs are disabled
2019-06-04 13:47:44 +01:00
Alexander Trost
dc3e586938
SAML2 Improvements and redirect stuff
...
Signed-off-by: Alexander Trost <galexrt@googlemail.com>
2019-06-02 18:14:40 +02:00
Erik Johnston
58cce39f3a
Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta
...
Allow configuring a range for the account validity startup job
2019-05-31 12:11:56 +01:00
Brendan Abolivier
4d794dae21
Move delta from +10% to -10%
2019-05-31 11:09:39 +01:00
Brendan Abolivier
0c2362861e
Gah python
2019-05-31 09:56:52 +01:00
Brendan Abolivier
847b9dcd1c
Make max_delta equal to period * 10%
2019-05-31 09:54:46 +01:00
Aaron Raimist
9b6f72663e
Fix docs on resetting the user directory ( #5036 )
...
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-05-28 20:54:01 -05:00
Brendan Abolivier
52839886d6
Allow configuring a range for the account validity startup job
...
When enabling the account validity feature, Synapse will look at startup for registered account without an expiration date, and will set one equals to 'now + validity_period' for them. On large servers, it can mean that a large number of users will have the same expiration date, which means that they will all be sent a renewal email at the same time, which isn't ideal.
In order to mitigate this, this PR allows server admins to define a 'max_delta' so that the expiration date is a random value in the [now + validity_period ; now + validity_period + max_delta] range. This allows renewal emails to be progressively sent over a configured period instead of being sent all in one big batch.
2019-05-28 16:52:45 +01:00
Richard van der Hoff
dba9152d15
Add missing blank line in config ( #5249 )
2019-05-24 14:12:38 +01:00
Andrew Morgan
6368150a74
Add config option for setting homeserver's default room version ( #5223 )
...
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.
That hardcoded value is now located in the server.py config file.
2019-05-23 15:00:20 +01:00
Amber Brown
4a30e4acb4
Room Statistics ( #4338 )
2019-05-21 11:36:50 -05:00
Brendan Abolivier
6a5a70edf0
Merge pull request #5204 from matrix-org/babolivier/account_validity_expiration_date
...
Add startup background job for account validity
2019-05-21 14:55:15 +01:00
Brendan Abolivier
384122efa8
Doc
2019-05-21 14:39:36 +01:00
Erik Johnston
57ba3451b6
Merge pull request #5209 from matrix-org/erikj/reactions_base
...
Land basic reaction and edit support.
2019-05-20 14:06:40 +01:00
Brendan Abolivier
cd32375846
Add option to disable per-room profiles
2019-05-16 14:34:28 +01:00
Erik Johnston
a0603523d2
Add aggregations API
2019-05-16 09:37:20 +01:00
Amber Brown
f1e5b41388
Make all the rate limiting options more consistent ( #5181 )
2019-05-15 12:06:04 -05:00
Andrew Morgan
5a4b328f52
Add ability to blacklist ip ranges for federation traffic ( #5043 )
2019-05-13 19:05:06 +01:00
Matthew Hodgson
c0e0740bef
add options to require an access_token to GET /profile and /publicRooms on CS API ( #5083 )
...
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Richard van der Hoff
836d3adcce
Merge branch 'master' into develop
2019-05-03 19:25:01 +01:00
Richard van der Hoff
1565ebec2c
more config comment updates
2019-05-03 15:50:59 +01:00
Richard van der Hoff
1a7104fde3
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:35:49 +01:00
Brendan Abolivier
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
...
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier
84196cb231
Add some limitations to alias creation
2019-05-02 11:05:11 +01:00
Richard van der Hoff
8e9ca83537
Move admin API to a new prefix
2019-05-01 15:44:30 +01:00
Andrew Morgan
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
Brendan Abolivier
f8826d31cd
Don't crash on lack of expiry templates
2019-04-18 14:50:05 +01:00
Brendan Abolivier
91934025b9
Merge pull request #5047 from matrix-org/babolivier/account_expiration
...
Send out emails with links to extend an account's validity period
2019-04-17 14:57:39 +01:00
Brendan Abolivier
20f0617e87
Send out emails with links to extend an account's validity period
2019-04-17 14:42:20 +01:00
Andrew Morgan
caa76e6021
Remove periods from copyright headers ( #5046 )
2019-04-11 17:08:13 +01:00
Brendan Abolivier
bfc8fdf1fc
Merge pull request #5027 from matrix-org/babolivier/account_expiration
...
Add time-based account expiration
2019-04-09 17:02:41 +01:00
Brendan Abolivier
747aa9f8ca
Add account expiration feature
2019-04-09 16:46:04 +01:00
Neil Johnson
b25e387c0d
add context to phonehome stats ( #5020 )
...
add context to phonehome stats
2019-04-08 15:47:39 +01:00
Brendan Abolivier
8e85493b0c
Add config option to block users from looking up 3PIDs ( #5010 )
2019-04-04 17:25:47 +01:00
Richard van der Hoff
8530090b16
Add config.signing_key_path. ( #4974 )
...
As requested by @andrewshadura
2019-04-02 16:59:27 +01:00
Erik Johnston
3677548a82
Use yaml safe_load
2019-03-22 10:20:17 +00:00
Erik Johnston
09f991a63d
Merge pull request #4896 from matrix-org/erikj/disable_room_directory
...
Add option to disable search room lists
2019-03-21 10:16:54 +00:00
Erik Johnston
263f2c9ce1
Merge pull request #4895 from matrix-org/erikj/disable_user_search
...
Add option to disable searching in the user dir
2019-03-20 16:47:15 +00:00
Richard van der Hoff
cdb8036161
Add a config option for torture-testing worker replication. ( #4902 )
...
Setting this to 50 or so makes a bunch of sytests fail in worker mode.
2019-03-20 16:04:35 +00:00
Richard van der Hoff
a902d13180
Batch up outgoing read-receipts to reduce federation traffic. ( #4890 )
...
Rate-limit outgoing read-receipts as per #4730 .
2019-03-20 16:02:25 +00:00
Erik Johnston
cd8c5b91ad
Fix up sample config
2019-03-20 14:35:41 +00:00
Richard van der Hoff
ab20f85c59
Update synapse/config/user_directory.py
...
Co-Authored-By: erikjohnston <erikj@jki.re>
2019-03-20 14:33:11 +00:00
Erik Johnston
926f29ea6d
Fix up config comments
2019-03-20 14:24:53 +00:00
Erik Johnston
213c98c00a
Add option to disable search room lists
...
This disables both local and remote room list searching.
2019-03-19 17:10:52 +00:00
Erik Johnston
320667a479
Add option to disable searching in the user dir
...
We still populate it, as it can still be accessed via the admin API.
2019-03-19 16:40:19 +00:00
Richard van der Hoff
13bc1e0746
Use a regular HomeServerConfig object for unit tests
...
Rather than using a Mock for the homeserver config, use a genuine
HomeServerConfig object. This makes for a more realistic test, and means that
we don't have to keep remembering to add things to the mock config every time
we add a new config setting.
2019-03-19 11:44:43 +00:00
Richard van der Hoff
fd463b4f5d
Comment out most options in the generated config. ( #4863 )
...
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
2019-03-19 10:06:40 +00:00
Brendan Abolivier
651ad8bc96
Add ratelimiting on failed login attempts ( #4865 )
2019-03-18 12:57:20 +00:00
Brendan Abolivier
899e523d6d
Add ratelimiting on login ( #4821 )
...
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
Erik Johnston
9ad448c1e5
Correctly handle all command line options
2019-03-14 13:32:14 +00:00
Erik Johnston
72bfaf746d
Allow passing --daemonize to workers
2019-03-13 17:33:54 +00:00
Andrew Morgan
7998ca3a66
Document using a certificate with a full chain ( #4849 )
2019-03-13 15:26:29 +00:00
Aaron Raimist
8ea1b41a0e
Clarify what registration_shared_secret allows for ( #2885 ) ( #4844 )
...
* Clarify what registration_shared_secret allows for (#2885 )
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-03-11 18:21:52 +00:00
Brendan Abolivier
067ce795c0
Move settings from registration to ratelimiting in config file
2019-03-05 18:03:14 +00:00
Brendan Abolivier
a4c3a361b7
Add rate-limiting on registration ( #4735 )
...
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
2019-03-05 14:25:33 +00:00
Richard van der Hoff
8e28bc5eee
Include a default configuration file in the 'docs' directory. ( #4791 )
2019-03-04 17:14:58 +00:00
Richard van der Hoff
641c409e4e
Fix ACME config for python 2. ( #4717 )
...
Fixes #4675 .
2019-02-25 11:16:33 -08:00
Matthew Hodgson
70ea2f4e1d
switch from google.com to recaptcha.net for reCAPTCHA ( #4731 )
...
* add trivial clarification about jemalloc
* switch from google.com to recaptcha.net
because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
2019-02-25 11:15:36 -08:00
Erik Johnston
82fca11fc1
Merge pull request #4694 from matrix-org/erikj/fix_sentry_config_format
...
Fixup generated metrics config
2019-02-20 14:13:38 +00:00
Erik Johnston
3d672fec51
Fixup generated metrics config
2019-02-20 13:39:37 +00:00
Richard van der Hoff
5f9bdf90fe
Attempt to make default config more consistent
...
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
2019-02-19 13:54:29 +00:00
Brendan Abolivier
a288bdf0b1
Merge pull request #4652 from matrix-org/babolivier/acme-delegated
...
Support .well-known delegation when issuing certificates through ACME
2019-02-19 11:15:38 +00:00
Brendan Abolivier
5a707a2f9a
Improve config documentation
2019-02-19 10:59:26 +00:00
Erik Johnston
d154f5a055
Merge pull request #4632 from matrix-org/erikj/basic_sentry
...
Add basic optional sentry.io integration
2019-02-18 17:22:45 +00:00
Erik Johnston
d328a93b51
Fixup error handling and message
2019-02-18 16:53:56 +00:00
Brendan Abolivier
45bb55c6de
Use a configuration parameter to give the domain to generate a certificate for
2019-02-18 15:46:23 +00:00
Erik Johnston
dc5efc92a8
Fixup
2019-02-18 13:52:49 +00:00
Juuso "Linda" Lapinlampi
68d2869c8d
config: Remove a repeated word from a logger warning
...
The warning for missing macaroon_secret_key was "missing missing".
2019-02-15 22:24:53 -07:00
Erik Johnston
bd4505f765
Merge pull request #4647 from matrix-org/erikj/add_room_publishing_rules
...
Add configurable room list publishing rules
2019-02-15 22:11:01 +00:00
Erik Johnston
b99c532c1c
Move defaults up into code
2019-02-15 10:53:39 +00:00
Erik Johnston
02c729d6b0
Hoist up checks to reduce overall work
2019-02-15 10:20:02 +00:00
Erik Johnston
02c46acc6a
Fixup comments
2019-02-15 10:17:13 +00:00
Erik Johnston
8e32f26cb8
Clarify comments
2019-02-14 18:21:24 +00:00
Erik Johnston
cb12a37708
Clarify and fix behaviour when there are multiple aliases
2019-02-14 18:16:32 +00:00
Erik Johnston
f666fe36d7
Fixup comments
2019-02-14 18:07:24 +00:00
Richard van der Hoff
f311018823
Fix errors in acme provisioning ( #4648 )
...
* Better logging for errors on startup
* Fix "TypeError: '>' not supported" when starting without an existing
certificate
* Fix a bug where an existing certificate would be reprovisoned every day
2019-02-14 17:10:36 +00:00
Erik Johnston
eaf4d11af9
Add configurable room list publishing rules
...
This allows specifying who and what is allowed to be published onto the
public room list
2019-02-14 16:02:23 +00:00
Erik Johnston
6cb415b63f
Fixup comments and add warning
2019-02-13 16:15:11 +00:00
Richard van der Hoff
e3a0300431
Special-case the default bind_addresses for metrics listener
...
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
2019-02-13 11:48:56 +00:00
Erik Johnston
6a8f902edb
Raise an appropriate error message if sentry_sdk missing
2019-02-12 16:01:41 +00:00
Erik Johnston
ef2228c890
Basic sentry integration
2019-02-12 13:55:58 +00:00
Erik Johnston
3c03c37883
Merge pull request #4625 from matrix-org/rav/fix_generate_config_warnings
...
fix self-signed cert notice from generate-config
2019-02-12 11:24:45 +00:00
Richard van der Hoff
a4ce91396b
Disable TLS by default ( #4614 )
2019-02-12 10:52:08 +00:00
Richard van der Hoff
32b781bfe2
Fix error when loading cert if tls is disabled ( #4618 )
...
If TLS is disabled, it should not be an error if no cert is given.
Fixes #4554 .
2019-02-12 10:51:31 +00:00
Richard van der Hoff
dfc846a316
fix self-signed cert notice from generate-config
...
fixes #4620
2019-02-12 10:37:59 +00:00
Richard van der Hoff
0ca2908653
fix tests
2019-02-11 22:01:27 +00:00
Richard van der Hoff
4fddf8fc77
Infer no_tls from presence of TLS listeners
...
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
2019-02-11 21:39:14 +00:00
Richard van der Hoff
be794c7cf7
Merge branch 'rav/tls_config_logging_fixes' into rav/tls_cert/work
2019-02-11 21:16:00 +00:00
Richard van der Hoff
2129dd1a02
Fail cleanly if listener config lacks a 'port'
...
... otherwise we would fail with a mysterious KeyError or something later.
2019-02-11 21:15:01 +00:00
Richard van der Hoff
086f6f27d4
Logging improvements around TLS certs
...
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
2019-02-11 21:02:06 +00:00
Richard van der Hoff
24b7f3916d
Clean up default listener configuration ( #4586 )
...
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
2019-02-11 12:50:30 +00:00
Amber Brown
6e2a5aa050
ACME Reprovisioning ( #4522 )
2019-02-11 10:36:26 +00:00
Amber Brown
4ffd10f46d
Be tolerant of blank TLS fingerprints config ( #4589 )
2019-02-11 10:04:27 +00:00
Erik Johnston
b201149c7e
Merge pull request #4420 from matrix-org/jaywink/openid-listener
...
New listener resource for the federation API "openid/userinfo" endpoint
2019-02-11 09:44:00 +00:00
Amber Brown
9cd33d2f4b
Deduplicate some code in synapse.app ( #4567 )
2019-02-08 17:25:57 +00:00
Richard van der Hoff
2475434080
Merge branch 'master' into develop
2019-02-05 18:44:49 +00:00
Richard van der Hoff
bf1e4d96ad
Fix default ACME config for py2 ( #4564 )
...
Fixes #4559
2019-02-05 11:37:33 +00:00
Richard van der Hoff
d7e27a1f08
fix typo in config comments ( #4557 )
2019-02-05 11:32:45 +00:00
Matthew Hodgson
ad7ac8853c
by default include m.room.encryption on invites ( #3902 )
...
* by default include m.room.encryption on invites
* fix constant
* changelog
2019-01-30 16:26:13 +00:00
Richard van der Hoff
7615a8ced1
ACME config cleanups ( #4525 )
...
* Handle listening for ACME requests on IPv6 addresses
the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses
without extra quoting. Building a string which you are about to parse again
seems like a weird choice. Let's just use listenTCP, which is consistent with
what we do elsewhere.
* Clean up the default ACME config
make it look a bit more consistent with everything else, and tweak the defaults
to listen on port 80.
* newsfile
2019-01-30 14:17:55 +00:00
Amber Brown
f6813919e8
SIGHUP for TLS cert reloading ( #4495 )
2019-01-30 11:00:02 +00:00
Andrew Morgan
03b086647f
Merge pull request #4512 from matrix-org/anoa/consent_dir
...
Check consent dir path on startup
2019-01-29 20:08:18 +00:00
Travis Ralston
d02c5ccb11
Merge pull request #4498 from matrix-org/travis/fix-docs-public_baseurl
...
Don't recommend :8448 to people on public_baseurl
2019-01-29 09:06:16 -07:00
Andrew Morgan
e65a17b26f
Check consent dir path on startup
2019-01-29 15:30:33 +00:00
Amber Brown
6bd4374636
Do not generate self-signed TLS certificates by default. ( #4509 )
2019-01-29 14:09:10 +00:00
Travis Ralston
6901ac7e9d
Don't recommend :8448 to people on public_baseurl
2019-01-28 12:15:22 -07:00
Richard van der Hoff
4a3f138832
Fix quoting for allowed_local_3pids example config ( #4476 )
...
If you use double-quotes here, you have to escape your backslashes. It's much
easier with single-quotes.
(Note that the existing double-backslashes are already interpreted by python's
""" parsing.)
2019-01-25 13:57:52 +00:00
Neil Johnson
10b89d5c2e
Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_check
...
Neilj/fix threepid auth check
2019-01-24 13:02:50 +00:00
David Baker
92d8a068ad
Clarify docs for public_baseurl
...
This is leading to problems with people upgrading to clients that
support MSC1730 because people have this misconfigured, so try
to make the docs completely unambiguous.
2019-01-24 10:52:06 +00:00
Jason Robinson
6f680241bd
Fix flake8 issues
...
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:53:48 +02:00
Amber Brown
6129e52f43
Support ACME for certificate provisioning ( #4384 )
2019-01-23 19:39:06 +11:00
Jason Robinson
0516dc4d85
Remove openid resource from default config
...
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
Jason Robinson
82e13662c0
Split federation OpenID userinfo endpoint out of the federation resource
...
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
Neil Johnson
c99c2d58d7
move guard out of is_threepid_reserved and into register.py
2019-01-22 17:47:00 +00:00
Neil Johnson
d619b113ed
Fix None guard in config.server.is_threepid_reserved
2019-01-22 16:52:29 +00:00
Neil Johnson
388c164aea
Merge pull request #4423 from matrix-org/neilj/disable_msisdn_on_registration
...
Config option to disable requesting MSISDN on registration
2019-01-22 16:23:08 +00:00
Amber Brown
23b0813599
Require ECDH key exchange & remove dh_params ( #4429 )
...
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
Neil Johnson
1b53cc3cb4
fix line length
2019-01-21 15:17:20 +00:00
Neil Johnson
5349262302
Config option to disable requesting MSISDN on registration
2019-01-21 14:59:37 +00:00
Richard van der Hoff
3982a6ee07
Changing macaroon_secret_key no longer logs you out ( #4387 )
2019-01-16 23:14:41 +00:00
Richard van der Hoff
e0910d0145
Merge branch rav/macaroon_key_fix_0.34 into rav/macaroon_key_fix_0.34.1
...
Fixes #4371
2019-01-10 14:12:50 +00:00
Richard van der Hoff
ba41aeed6a
Revert "Fix macaroon_secret_key fallback logic"
...
This is already fixed in 0.34.1, by 59f93bb
This reverts commit efc522c55e
.
2019-01-10 14:09:26 +00:00
Richard van der Hoff
aa70d24125
Merge branch 'rav/macaroon_key_fix' into rav/macaroon_key_fix_0.34
2019-01-10 12:58:33 +00:00
Richard van der Hoff
efc522c55e
Fix macaroon_secret_key fallback logic
2019-01-10 12:57:27 +00:00
Richard van der Hoff
353f2407b7
Fix fallback to signing key for macaroon-secret-key
2019-01-10 12:42:56 +00:00
Amber Brown
1dcb086f33
Fix synapse.config.__main__ on python 3 ( #4356 )
2019-01-08 10:03:09 +11:00
Richard van der Hoff
b7c0218812
Check jinja version for consent resource ( #4327 )
...
* Raise a ConfigError if an invalid resource is specified
* Require Jinja 2.9 for the consent resource
* changelog
2019-01-07 10:14:31 +00:00
Richard van der Hoff
9c2af7b2c5
Add a script to generate a clean config file ( #4315 )
2018-12-22 02:04:57 +11:00
Richard van der Hoff
f3561f8d86
Fix indentation in default config ( #4313 )
...
These settings are not supposed to be under 'listeners'.
2018-12-22 02:01:43 +11:00
Richard van der Hoff
f208f608cb
Merge branch 'release-v0.34.0' into develop
2018-12-11 15:43:20 +00:00
Richard van der Hoff
df96177ca7
Stop installing Matrix Console by default
...
This is based on the work done by @krombel in #2601 .
2018-12-11 13:20:33 +00:00
Richard van der Hoff
c7401a697f
Implement SAML2 authentication ( #4267 )
...
This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.
What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
2018-12-07 13:11:11 +01:00
Richard van der Hoff
b0c24a66ec
Rip out half-implemented m.login.saml2 support ( #4265 )
...
* Rip out half-implemented m.login.saml2 support
This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
* drop undocumented dependency on dateutil
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
2018-12-06 19:44:38 +11:00
Richard van der Hoff
e8d98466b0
Implement .well-known handling ( #4262 )
...
Sometimes it's useful for synapse to generate its own .well-known file.
2018-12-05 14:38:58 +01:00
Travis Ralston
1737753a62
Add an option to enable recording IPs for appservice users ( #3831 )
2018-12-04 12:44:41 +01:00
Travis Ralston
158ffb92f1
Add an option to disable search for homeservers which may not be interested in it ( #4230 )
...
This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
2018-12-04 12:01:02 +01:00
Neil Johnson
78ba0e7ab8
Remove riot.im from the list of trusted Identity Servers in the default configuration ( #4207 )
2018-11-20 12:29:25 +01:00
Travis Ralston
835779f7fb
Add option to track MAU stats (but not limit people) ( #3830 )
2018-11-15 18:08:27 +00:00
Travis Ralston
0f5e51f726
Add config variables for enabling terms auth and the policy name ( #4142 )
...
So people can still collect consent the old way if they want to.
2018-11-06 10:32:34 +00:00
Amber Brown
0467384d2f
Set the encoding to UTF8 in the default logconfig ( #4138 )
2018-11-03 02:28:07 +11:00
Erik Johnston
b94a43d5b5
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/alias_disallow_list
2018-10-25 15:25:31 +01:00
Erik Johnston
e5481b22aa
Use allow/deny
2018-10-25 15:25:21 +01:00
Neil Johnson
f7f487e14c
Merge branch 'develop' of github.com:matrix-org/synapse into matthew/autocreate_autojoin
2018-10-25 14:40:06 +01:00
Neil Johnson
9ec2186586
isort
2018-10-24 16:09:21 +01:00
Richard van der Hoff
ef771cc4c2
Fix a number of flake8 errors
...
Broadly three things here:
* disable W504 which seems a bit whacko
* remove a bunch of `as e` expressions from exception handlers that don't use
them
* use `r""` for strings which include backslashes
Also, we don't use pep8 any more, so we can get rid of the duplicate config
there.
2018-10-24 10:39:03 +01:00
Erik Johnston
47a9ba435d
Use match rather than search
2018-10-24 09:54:57 +01:00
Neil Johnson
a67d8ace9b
remove errant exception and style
2018-10-23 17:44:39 +01:00
Amber Brown
e1728dfcbe
Make scripts/ and scripts-dev/ pass pyflakes (and the rest of the codebase on py3) ( #4068 )
2018-10-20 11:16:55 +11:00
Richard van der Hoff
cc325c7069
Calculate absolute path for email templates
2018-10-19 14:01:59 +01:00
Erik Johnston
084046456e
Add config option to control alias creation
2018-10-19 10:22:45 +01:00
Richard van der Hoff
c8f2c19991
Put the warning blob at the top of the file
2018-10-17 16:56:22 +01:00
Richard van der Hoff
1519572961
Ship the email templates as package_data
...
move the example email templates into the synapse package so that they can be
used as package data, which should mean that all of the packaging mechanisms
(pip, docker, debian, arch, etc) should now come with the example templates.
In order to grandfather in people who relied on the templates being in the old
place, check for that situation and fall back to using the defaults if the
templates directory does not exist.
2018-10-17 16:46:02 +01:00
Neil Johnson
c6584f4b5f
clean up config error logic and imports
2018-10-17 11:36:41 +01:00
Neil Johnson
a2bfb778c8
improve auto room join logic, comments and tests
2018-10-12 18:17:36 +01:00
Matthew Hodgson
8f646f2d04
fix UTs
2018-09-28 15:37:28 +01:00
Matthew Hodgson
07340cdaca
untested stab at autocreating autojoin rooms
2018-09-28 01:42:53 +01:00
Schnuffle
dc5db01ff2
Replaced all occurences of e.message with str(e)
...
Signed-off-by: Schnuffle <schnuffle@github.com>
2018-09-27 13:38:50 +02:00
Amber Brown
b7d2fb5eb9
Remove some superfluous logging ( #3855 )
2018-09-13 19:59:32 +10:00
Richard van der Hoff
b8ad756bd0
Fix jwt import check
...
This handy code attempted to check that we could import jwt, but utterly failed
to check it was the right jwt.
Fixes https://github.com/matrix-org/synapse/issues/3793
2018-09-07 14:20:54 +01:00
Neil Johnson
0b01281e77
move threepid checker to config, add missing yields
2018-08-31 17:11:11 +01:00
Erik Johnston
05077e06fa
Change admin_uri to admin_contact in config and errors
2018-08-24 16:51:27 +01:00
Erik Johnston
cd77270a66
Implement trail users
2018-08-23 19:17:19 +01:00
Amber Brown
324525f40c
Port over enough to get some sytests running on Python 3 ( #3668 )
2018-08-20 23:54:49 +10:00
Amber Brown
c334ca67bb
Integrate presence from hotfixes ( #3694 )
2018-08-18 01:08:45 +10:00
Neil Johnson
0195dfbf52
server limits config docs
2018-08-17 13:58:25 +01:00
Neil Johnson
13ad9930c8
add new error type ResourceLimit
2018-08-16 18:02:02 +01:00
Neil Johnson
55afba0fc5
update admin email to uri
2018-08-15 11:41:18 +01:00
Neil Johnson
ab035bdeac
replace admin_email with admin_uri for greater flexibility
2018-08-15 10:16:41 +01:00
Neil Johnson
f4b49152e2
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 21:09:47 +01:00
Neil Johnson
ce7de9ae6b
Revert "support admin_email config and pass through into blocking errors, return AuthError in all cases"
...
This reverts commit 0d43f991a1
.
2018-08-13 18:06:18 +01:00
Neil Johnson
0d43f991a1
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 18:00:23 +01:00
Richard van der Hoff
c08f9d95b2
log *after* reloading log config
...
... because logging *before* reloading means the log message gets lost in the old MemoryLogger
2018-08-10 14:56:48 +01:00
Neil Johnson
d2f3ef98ac
Merge branch 'develop' into neilj/disable_hs
2018-08-08 15:55:47 +00:00
Neil Johnson
e8eba2b4e3
implement reserved users for mau limits
2018-08-07 17:49:43 +01:00
Neil Johnson
7daa8a78c5
load mau limit threepids
2018-08-06 22:55:05 +01:00
Neil Johnson
42c6823827
disable HS from config
2018-08-04 22:07:04 +01:00
Neil Johnson
5593ff6773
fix (lots of) py3 test failures
2018-08-03 14:59:17 +01:00
Richard van der Hoff
704c3e6239
Merge branch 'master' into develop
2018-08-02 15:43:30 +01:00
Neil Johnson
2c54f1c225
remove need to plot limit_usage_by_mau
2018-08-01 11:46:59 +01:00
Neil Johnson
df2235e7fa
coding style
2018-07-31 13:16:20 +01:00
Neil Johnson
251e6c1210
limit register and sign in on number of monthly users
2018-07-30 15:55:57 +01:00
Richard van der Hoff
5f3658baf5
Merge pull request #3377 from Valodim/note-affinity
...
document that the affinity package is required for the cpu_affinity setting
2018-07-19 14:35:06 +01:00
David Baker
36f4fd3e1e
Comment dummy TURN parameters in default config
...
This default config is parsed and used a base before the actual
config is overlaid, so with these values not commented out, the
code to detect when no turn params were set and refuse to generate
credentials was never firing because the dummy default was always set.
2018-07-11 15:49:29 +01:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Richard van der Hoff
546bc9e28b
More server_name validation
...
We need to do a bit more validation when we get a server name, but don't want
to be re-doing it all over the shop, so factor out a separate
parse_and_validate_server_name, and do the extra validation.
Also, use it to verify the server name in the config file.
2018-07-04 18:59:51 +01:00
Matthew Hodgson
e72234f6bd
fix tests
2018-06-28 20:56:07 +01:00
Matthew Hodgson
f4f1cda928
add ip_range_whitelist parameter to limit where ASes can connect from
2018-06-28 20:32:00 +01:00
Richard van der Hoff
245d53d32a
Write a clear restart indicator in logs
...
I'm fed up with never being able to find the point a server restarted in the
logs.
2018-06-20 15:33:14 +01:00
Vincent Breitmoser
b800834351
add note that the affinity package is required for the cpu_affinity setting
2018-06-09 22:50:29 +02:00
Neil Johnson
752b7b32ed
Changes in synapse v0.31.0 (2018-06-06)
...
======================================
Most notable change from v0.30.0 is to switch to python prometheus library to improve system
stats reporting. WARNING this changes a number of prometheus metrics in a
backwards-incompatible manner. For more details, see
`docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_.
Bug Fixes:
* Fix metric documentation tables (PR #3341 )
* Fix LaterGuage error handling (694968f
)
* Fix replication metrics (b7e7fd2
)
Changes in synapse v0.31.0-rc1 (2018-06-04)
==========================================
Features:
* Switch to the Python Prometheus library (PR #3256 , #3274 )
* Let users leave the server notice room after joining (PR #3287 )
Changes:
* daily user type phone home stats (PR #3264 )
* Use iter* methods for _filter_events_for_server (PR #3267 )
* Docs on consent bits (PR #3268 )
* Remove users from user directory on deactivate (PR #3277 )
* Avoid sending consent notice to guest users (PR #3288 )
* disable CPUMetrics if no /proc/self/stat (PR #3299 )
* Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312 ) Thanks to @thegcat!
* Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307 )
* Add private IPv6 addresses to example config for url preview blacklist (PR #3317 ) Thanks to @thegcat!
* Reduce stuck read-receipts: ignore depth when updating (PR #3318 )
* Put python's logs into Trial when running unit tests (PR #3319 )
Changes, python 3 migration:
* Replace some more comparisons with six (PR #3243 ) Thanks to @NotAFile!
* replace some iteritems with six (PR #3244 ) Thanks to @NotAFile!
* Add batch_iter to utils (PR #3245 ) Thanks to @NotAFile!
* use repr, not str (PR #3246 ) Thanks to @NotAFile!
* Misc Python3 fixes (PR #3247 ) Thanks to @NotAFile!
* Py3 storage/_base.py (PR #3278 ) Thanks to @NotAFile!
* more six iteritems (PR #3279 ) Thanks to @NotAFile!
* More Misc. py3 fixes (PR #3280 ) Thanks to @NotAFile!
* remaining isintance fixes (PR #3281 ) Thanks to @NotAFile!
* py3-ize state.py (PR #3283 ) Thanks to @NotAFile!
* extend tox testing for py3 to avoid regressions (PR #3302 ) Thanks to @krombel!
* use memoryview in py3 (PR #3303 ) Thanks to @NotAFile!
Bugs:
* Fix federation backfill bugs (PR #3261 )
* federation: fix LaterGauge usage (PR #3328 ) Thanks to @intelfx!
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEETQ1YthIGLQRddG54CTxDAAxPS/QFAlsXxJAACgkQCTxDAAxP
S/SJTg//Wtr+Qop9LJh2/leAYXpyqW6P7Ftak0w3aJ3KL3+tYg32yYNoRADCqbp3
LkrHu8MwbZagHjRUyEWNfDk4jbfq5fwh0JVGmYuUKhG9aF0HYyytKkbW79YzuhdQ
dfHj9x0xSBOUvgt/husloZSDy0VHC6uyQSAFgFDyHS2y7RPAiGstqLGByv0ciZOk
pO7TdjkUQcx4Ps7Wgip31NuHy3GY2int6f540pUXoZHLXs7RkfqS2cpF9Z/sTXJ4
xDLiY7uYNsTcCblwqaiijY5c90xwRB2vLs5CJdKFgyB6PNgg/2wHJqP/WHHEj+F8
BoSm3Ts7NXQf23pP9CXICe7vXX3J+ruOnC7FOSRobr6KGjn6DUrIZxo1ZepTwpp9
DIq+1eOFKKjwLQM3Jdi8WBCP63LhYXrTZxreke3jpwdcD7oIO9v6/e9J1gU5xHWa
Izg+YnWn1JLfq/X8T7YTZddUXGGPkH5i6LZKKkyY8u7LkJ4WR7syuAceUzkOOIAq
UWO0uEV7IiLnZzZGTtNIlEqtuklmVQTm6bvAgTPabai2JQyngFpH5M/5mPpVSiLV
QRLwaM56c+5GGZJWef8vxdGeYn+8rFI/UUniJ7358kLJF2IHsxlZu8J0ZZO2HWI2
ze5Kz0AWRzXLhWzq62Qb2dsiGySrZ7hng1tDxLak2IiusY+9SjM=
=Mz9U
-----END PGP SIGNATURE-----
Merge tag 'v0.31.0'
Changes in synapse v0.31.0 (2018-06-06)
======================================
Most notable change from v0.30.0 is to switch to python prometheus library to improve system
stats reporting. WARNING this changes a number of prometheus metrics in a
backwards-incompatible manner. For more details, see
`docs/metrics-howto.rst <docs/metrics-howto.rst#removal-of-deprecated-metrics--time-based-counters-becoming-histograms-in-0310>`_.
Bug Fixes:
* Fix metric documentation tables (PR #3341 )
* Fix LaterGuage error handling (694968f
)
* Fix replication metrics (b7e7fd2
)
Changes in synapse v0.31.0-rc1 (2018-06-04)
==========================================
Features:
* Switch to the Python Prometheus library (PR #3256 , #3274 )
* Let users leave the server notice room after joining (PR #3287 )
Changes:
* daily user type phone home stats (PR #3264 )
* Use iter* methods for _filter_events_for_server (PR #3267 )
* Docs on consent bits (PR #3268 )
* Remove users from user directory on deactivate (PR #3277 )
* Avoid sending consent notice to guest users (PR #3288 )
* disable CPUMetrics if no /proc/self/stat (PR #3299 )
* Add local and loopback IPv6 addresses to url_preview_ip_range_blacklist (PR #3312 ) Thanks to @thegcat!
* Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (PR #3307 )
* Add private IPv6 addresses to example config for url preview blacklist (PR #3317 ) Thanks to @thegcat!
* Reduce stuck read-receipts: ignore depth when updating (PR #3318 )
* Put python's logs into Trial when running unit tests (PR #3319 )
Changes, python 3 migration:
* Replace some more comparisons with six (PR #3243 ) Thanks to @NotAFile!
* replace some iteritems with six (PR #3244 ) Thanks to @NotAFile!
* Add batch_iter to utils (PR #3245 ) Thanks to @NotAFile!
* use repr, not str (PR #3246 ) Thanks to @NotAFile!
* Misc Python3 fixes (PR #3247 ) Thanks to @NotAFile!
* Py3 storage/_base.py (PR #3278 ) Thanks to @NotAFile!
* more six iteritems (PR #3279 ) Thanks to @NotAFile!
* More Misc. py3 fixes (PR #3280 ) Thanks to @NotAFile!
* remaining isintance fixes (PR #3281 ) Thanks to @NotAFile!
* py3-ize state.py (PR #3283 ) Thanks to @NotAFile!
* extend tox testing for py3 to avoid regressions (PR #3302 ) Thanks to @krombel!
* use memoryview in py3 (PR #3303 ) Thanks to @NotAFile!
Bugs:
* Fix federation backfill bugs (PR #3261 )
* federation: fix LaterGauge usage (PR #3328 ) Thanks to @intelfx!
2018-06-06 12:27:33 +01:00
Richard van der Hoff
522bd3c8a3
Merge remote-tracking branch 'origin/master' into develop
2018-06-05 17:42:49 +01:00
Felix Schäfer
4ef76f3ac4
Add private IPv6 addresses to preview blacklist #3312
...
The added addresses are expected to be local or loopback addresses and
shouldn't be spidered for previews.
Signed-off-by: Felix Schäfer <felix@thegcat.net>
2018-06-01 12:18:35 +02:00
Amber Brown
febe0ec8fd
Run Prometheus on a different port, optionally. ( #3274 )
2018-05-31 19:04:50 +10:00
Richard van der Hoff
219c2a322b
remove trailing whitespace
2018-05-30 19:42:19 +01:00
Richard van der Hoff
2e4be8bfd9
fix english and wrap comment
2018-05-30 19:24:12 +01:00
Ruben Barkow
08ea5fe635
add link to thorough instruction how to configure consent
2018-05-25 23:19:55 +02:00
Richard van der Hoff
66bdae986f
Fix default for send_server_notice_to_guests
...
bool("False") == True...
2018-05-25 11:42:05 +01:00
Richard van der Hoff
ba1b163590
Avoid sending consent notice to guest users
...
we think it makes sense not to send the notices to guest users.
2018-05-25 11:36:43 +01:00
Richard van der Hoff
9bf4b2bda3
Allow overriding the server_notices user's avatar
...
probably should have done this in the first place, like @turt2live suggested.
2018-05-23 17:43:30 +01:00
Richard van der Hoff
82191b08f6
Support for putting %(consent_uri)s in messages
...
Make it possible to put the URI in the error message and the server notice that
get sent by the server
2018-05-23 15:24:31 +01:00
Richard van der Hoff
a5e2941aad
Reject attempts to send event before privacy consent is given
...
Returns an M_CONSENT_NOT_GIVEN error (cf
https://github.com/matrix-org/matrix-doc/issues/1252 ) if consent is not yet
given.
2018-05-22 12:00:47 +01:00
Richard van der Hoff
d5dca9a04f
Move consent config parsing into ConsentConfig
...
turns out we need to reuse this, so it's better in the config class.
2018-05-22 11:54:51 +01:00
Richard van der Hoff
9ea219c514
Send users a server notice about consent
...
When a user first syncs, we will send them a server notice asking them to
consent to the privacy policy if they have not already done so.
2018-05-22 11:54:51 +01:00
Richard van der Hoff
d14d7b8fdc
Rename 'version' param on user consent config
...
we're going to use it for the version we require too.
2018-05-22 11:54:51 +01:00
Richard van der Hoff
d10707c810
Replace inline docstrings with "Attributes" in class docstring
2018-05-18 11:00:55 +01:00
Richard van der Hoff
fed62e21ad
Infrastructure for a server notices room
...
Server Notices use a special room which the user can't dismiss. They are
created on demand when some other bit of the code calls send_notice.
(This doesn't actually do much yet becuse we don't call send_notice anywhere)
2018-05-17 17:58:25 +01:00
Richard van der Hoff
47815edcfa
ConsentResource to gather policy consent from users
...
Hopefully there are enough comments and docs in this that it makes sense on its
own.
2018-05-15 15:11:59 +01:00
Richard van der Hoff
2fd96727b1
Merge pull request #3085 from NotAFile/py3-config-text-mode
...
Open config file in non-bytes mode
2018-04-30 01:00:23 +01:00
Richard van der Hoff
b8ee12b978
Merge pull request #3084 from NotAFile/py3-certs-byte-mode
...
Open certificate files as bytes
2018-04-30 01:00:05 +01:00
Adrian Tschira
a376d8f761
open log_config in text mode too
...
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-28 13:34:13 +02:00
Adrian Tschira
2a3c33ff03
Use six.moves.urlparse
...
The imports were shuffled around a bunch in py3
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-15 21:22:43 +02:00
Adrian Tschira
a3f9ddbede
Open certificate files as bytes
...
That's what pyOpenSSL expects on python3
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-10 17:36:29 +02:00
Adrian Tschira
7f8eebc8ee
Open config file in non-bytes mode
...
Nothing written into it is encoded, so it makes little sense, but it
does break in python3 the way it was before.
The variable names were adjusted to be less misleading.
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-10 17:32:40 +02:00
Richard van der Hoff
0e9aa1d091
Merge pull request #3074 from NotAFile/fix-py3-prints
...
use python3-compatible prints
2018-04-09 23:44:41 +01:00
Adrian Tschira
e54c202b81
Replace some type checks with six type checks
...
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-07 01:02:32 +02:00
Adrian Tschira
b0500d3774
use python3-compatible prints
2018-04-06 23:35:27 +02:00
Matthew Hodgson
38f952b9bc
spell out not to massively increase bcrypt rounds
2018-03-19 09:27:36 +00:00
Erik Johnston
24dd73028a
Add replication http endpoint for event sending
2018-02-07 10:32:32 +00:00
Matthew Hodgson
ab9f844aaf
Add federation_domain_whitelist option ( #2820 )
...
Add federation_domain_whitelist
gives a way to restrict which domains your HS is allowed to federate with.
useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
2018-01-22 19:11:18 +01:00
Matthew Hodgson
d84f65255e
Merge pull request #2813 from matrix-org/matthew/registrations_require_3pid
...
add registrations_require_3pid and allow_local_3pids
2018-01-22 13:57:22 +00:00
Matthew Hodgson
447f4f0d5f
rewrite based on PR feedback:
...
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
2018-01-19 15:33:55 +00:00
Matthew Hodgson
28a6ccb49c
add registrations_require_3pid
...
lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with.
Typically useful for stopping people from registering with non-work emails
2018-01-19 00:19:58 +00:00
Erik Johnston
d69768348f
Fix passing wrong config to provider constructor
2018-01-18 17:14:05 +00:00
Erik Johnston
8e85220373
Remove duplicate directory test
2018-01-18 17:12:35 +00:00
Erik Johnston
aae77da73f
Fixup comments
2018-01-18 17:11:29 +00:00
Erik Johnston
0af5dc63a8
Make storage providers more configurable
2018-01-18 14:07:21 +00:00
Matthew Hodgson
5e97ca7ee6
fix typo
2018-01-16 16:52:35 +00:00
Erik Johnston
f4d93ae424
Actually make it work
2018-01-12 10:39:27 +00:00
Richard van der Hoff
cb66a2d387
Merge pull request #2763 from matrix-org/rav/fix_config_uts
...
Fix broken config UTs
2018-01-09 12:08:08 +00:00
Richard van der Hoff
0211464ba2
Fix broken config UTs
...
https://github.com/matrix-org/synapse/pull/2755 broke log-config generation,
which in turn broke the unit tests.
2018-01-09 11:28:33 +00:00
Richard van der Hoff
3a556f1ea0
Make indentation of generated log config consistent
...
(we had a mix of 2- and 4-space indents)
2018-01-09 11:27:19 +00:00
Richard van der Hoff
840f72356e
Remove 'verbosity'/'log_file' from generated cfg
...
... because these only really exist to confuse people nowadays.
Also bring log config more into line with the generated log config, by making `level_for_storage`
apply to the `synapse.storage.SQL` logger rather than `synapse.storage`.
2018-01-05 12:30:28 +00:00
Richard van der Hoff
3f9f1c50f3
Merge pull request #2683 from seckrv/fix_pwd_auth_prov_typo
...
synapse/config/password_auth_providers: Fixed bracket typo
2017-12-18 22:37:21 +00:00
Silke Hofstra
37d1a90025
Allow binds to both :: and 0.0.0.0
...
Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed.
This causes a warning explaining the behaviour.
Configuration changed to match.
See #2232
Signed-off-by: Silke Hofstra <silke@slxh.eu>
2017-12-17 13:10:31 +01:00
Willem Mulder
3e59143ba8
Adapt the default config to bind on IPv6.
...
Most deployments are on Linux (or Mac OS), so this would actually bind
on both IPv4 and IPv6.
Resolves #1886 .
Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
2017-12-17 13:07:37 +01:00
Matthew Hodgson
b11dca2025
better doc
2017-12-04 17:51:33 +00:00
Matthew Hodgson
1bd40ca73e
switch to a simpler 'search_all_users' button as per review feedback
2017-12-04 14:58:39 +00:00
Matthew Hodgson
f397153dfc
Merge branch 'develop' into matthew/search-all-local-users
2017-11-30 01:51:38 +00:00
Matthew Hodgson
5406392f8b
specify default user_directory_include_pattern
2017-11-30 01:45:34 +00:00
Matthew Hodgson
3241c7aac3
untested WIP but might actually work
2017-11-29 18:27:05 +00:00
Matthew Hodgson
47d99a20d5
Add user_directory_include_pattern config param to expand search results to additional users
...
Initial commit; this doesn't work yet - the LIKE filtering seems too aggressive.
It also needs _do_initial_spam to be aware of prepopulating the whole user_directory_search table with all users...
...and it needs a handle_user_signup() or something to be added so that new signups get incrementally added to the table too.
Committing it here as a WIP
2017-11-29 16:46:45 +00:00
Richard van der Hoff
68ca864141
Add config option to disable media_repo on main synapse
...
... to stop us doing the cache cleanup jobs on the master.
2017-11-22 16:20:27 +00:00
Luke Barnard
b1edf26051
Check group_id belongs to this domain
2017-11-16 17:54:27 +00:00
Richard von Seck
6f05de0e5e
synapse/config/password_auth_providers: Fixed bracket typo
...
Signed-off-by: Richard von Seck <richard.von-seck@gmx.net>
2017-11-16 15:59:38 +01:00
David Baker
45ab288e07
Print instead of logging
...
because we had to wait until the logger was set up
2017-11-13 18:32:08 +00:00
David Baker
b2a788e902
Make the commented config have the default
2017-11-09 10:11:42 +00:00
David Baker
ad408beb66
better comments
2017-11-08 11:50:08 +00:00
David Baker
1b870937ae
Log if any of the old config flags are set
2017-11-08 11:46:24 +00:00
David Baker
2a98ba0ed3
Rename redact_content option to include_content
...
The redact_content option never worked because it read the wrong config
section. The PR introducing it
(https://github.com/matrix-org/synapse/pull/2301 ) had feedback suggesting the
name be changed to not re-use the term 'redact' but this wasn't
incorporated.
This reanmes the option to give it a less confusing name, and also
means that people who've set the redact_content option won't suddenly
see a behaviour change when upgrading synapse, but instead can set
include_content if they want to.
This PR also updates the wording of the config comment to clarify
that this has no effect on event_id_only push.
Includes https://github.com/matrix-org/synapse/pull/2422
2017-11-08 10:35:30 +00:00
Richard van der Hoff
fcdfc911ee
Add a hook for custom rest endpoints
...
Let the user specify custom modules which can be used for implementing extra
endpoints.
2017-11-02 14:36:55 +00:00
Richard van der Hoff
ffc574a6f9
Clean up backwards-compat hacks for ldap
...
try to make the backwards-compat flows follow the same code paths as the modern
impl.
This commit should be non-functional.
2017-10-31 10:47:02 +00:00
Matthew Hodgson
208a6647f1
fix typo
2017-10-29 20:54:20 +00:00
Richard van der Hoff
f7f90e0c8d
Fix error when running synapse with no logfile
...
Fixes 'UnboundLocalError: local variable 'sighup' referenced before assignment'
2017-10-26 16:45:20 +01:00
Matthew Hodgson
efd0f5a3c5
tip for generating tls_fingerprints
2017-10-24 18:49:49 +01:00
Richard van der Hoff
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Erik Johnston
c7d46510d7
Flake8
2017-10-19 13:36:06 +01:00
Erik Johnston
ffd3f1a783
Add missing file...
2017-10-19 12:17:30 +01:00
Erik Johnston
29bafe2f7e
Add config to enable group creation
2017-10-19 12:13:44 +01:00
Richard van der Hoff
7216c76654
Improve error handling for missing files ( #2551 )
...
`os.path.exists` doesn't allow us to distinguish between permissions errors and
the path actually not existing, which repeatedly confuses people. It also means
that we try to overwrite existing key files, which is super-confusing. (cf
issues #2455 , #2379 ). Use os.stat instead.
Also, don't recomemnd the the use of --generate-config, which screws everything
up if you're using debian (cf #2455 ).
2017-10-17 14:46:17 +01:00
David Baker
a9c2e930ac
pep8
2017-10-17 10:13:13 +01:00
David Baker
c05e6015cc
Add config option to auto-join new users to rooms
...
New users who register on the server will be dumped into all rooms in
auto_join_rooms in the config.
2017-10-16 17:57:27 +01:00
Erik Johnston
e283b555b1
Copy everything to backup
2017-10-12 17:31:24 +01:00
Erik Johnston
bf4fb1fb40
Basic implementation of backup media store
2017-10-12 15:20:59 +01:00
David Baker
1786b0e768
Forgot the new file again :(
2017-09-27 10:22:54 +01:00
David Baker
6cd5fcd536
Make the spam checker a module
2017-09-26 19:20:23 +01:00
David Baker
4824a33c31
Factor out module loading to a separate place
...
So it can be reused
2017-09-26 17:51:26 +01:00
Richard van der Hoff
aa620d09a0
Add a config option to block all room invites ( #2457 )
...
- allows sysadmins the ability to lock down their servers so that people can't
send their users room invites.
2017-09-19 16:08:14 +01:00
Richard van der Hoff
d2352347cf
Fix process startup
...
escape the % that got added in 92168cb
so that the process starts up ok.
2017-08-16 14:57:35 +01:00
Matthew Hodgson
92168cbbc5
explain why CPU affinity is a good idea
2017-08-15 18:27:42 +01:00
Richard van der Hoff
10d8b701a1
Allow configuration of CPU affinity
...
Make it possible to set the CPU affinity in the config file, so that we don't
need to remember to do it manually every time.
2017-08-15 17:08:28 +01:00
Erik Johnston
1fc4a962e4
Add a frontend proxy
2017-07-07 18:19:46 +01:00
Caleb James DeLisle
27bd0b9a91
Change the config file generator to more descriptive explanation of push.redact_content
2017-06-24 10:32:12 +02:00
Caleb James DeLisle
bce144595c
Fix TravisCI tests for PR #2301 - Fat finger mistake
2017-06-23 15:26:09 +02:00
Caleb James DeLisle
75eba3b07d
Fix TravisCI tests for PR #2301
2017-06-23 15:15:18 +02:00
Caleb James DeLisle
1591eddaea
Add configuration parameter to allow redaction of content from push messages for google/apple devices
2017-06-23 13:01:04 +02:00
Erik Johnston
6aa5bc8635
Initial worker impl
2017-06-16 11:47:11 +01:00
Pablo Saavedra
9da4316ca5
Configurable maximum number of events requested by /sync and /messages ( #2220 )
...
Set the limit on the returned events in the timeline in the get and sync
operations. The default value is -1, means no upper limit.
For example, using `filter_timeline_limit: 5000`:
POST /_matrix/client/r0/user/user:id/filter
{
room: {
timeline: {
limit: 1000000000000000000
}
}
}
GET /_matrix/client/r0/user/user:id/filter/filter:id
{
room: {
timeline: {
limit: 5000
}
}
}
The server cuts down the room.timeline.limit.
2017-05-13 18:17:54 +02:00
Matthew Wolff
8e780b113d
web_server_root documentation fix
...
Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
2017-04-17 00:49:11 -05:00
Matthew Hodgson
7c551ec445
trust a hypothetical future riot.im IS
2017-04-10 17:58:36 +01:00
David Baker
405ba4178a
Merge pull request #2102 from DanielDent/add-auth-email
...
Support authenticated SMTP
2017-04-10 15:42:16 +01:00
Daniel Dent
5058292537
Support authenticated SMTP
...
Closes (SYN-714) #1385
Signed-off-by: Daniel Dent <matrixcontrib@contactdaniel.net>
2017-04-05 21:01:08 -07:00
Erik Johnston
a5c401bd12
Merge pull request #2097 from matrix-org/erikj/repl_tcp_client
...
Move to using TCP replication
2017-04-05 09:36:21 +01:00
Erik Johnston
d1605794ad
Remove unused worker config option
2017-04-04 11:17:00 +01:00
Erik Johnston
36c28bc467
Update all the workers and master to use TCP replication
2017-04-03 15:35:52 +01:00
Matthew Hodgson
0970e0307e
typo
2017-03-15 12:40:42 +00:00
Matthew Hodgson
5aa42d4292
set default for turn_allow_guests correctly
2017-03-15 12:40:13 +00:00
Matthew Hodgson
e0ff66251f
add setting (on by default) to support TURN for guests
2017-03-15 12:22:18 +00:00
Richard van der Hoff
6037a9804c
Add helpful texts to logger config options
2017-03-13 12:33:35 +00:00
Richard van der Hoff
6bfe8e32b5
Merge pull request #1983 from matrix-org/rav/no_redirect_stdio
...
Add an option to disable stdio redirect
2017-03-13 12:20:07 +00:00
Richard van der Hoff
bcfa5cd00c
Add an option to disable stdio redirect
...
This makes it tractable to run synapse under pdb.
2017-03-10 15:38:29 +00:00
Richard van der Hoff
d84bd51e95
Refactor logger config for workers
...
- to make it easier to add more config options.
2017-03-10 15:34:01 +00:00
Richard van der Hoff
9072a8c627
Reread log config on SIGHUP
...
When we are using a log_config file, reread it on SIGHUP.
2017-03-10 15:29:55 +00:00
Tyler Smith
df4407d665
Fix typo in config comments.
...
Signed-off-by: Tyler Smith <tylersmith.me@gmail.com>
2017-02-11 23:02:57 -08:00
Erik Johnston
86063d4321
Merge pull request #1835 from matrix-org/erikj/fix_workers
...
Make worker listener config backwards compat
2017-01-20 11:55:56 +00:00
Erik Johnston
97efe99ae9
Make worker listener config backwards compat
2017-01-20 11:45:29 +00:00
Marvin Steadfast
86e6165687
Added default config for turn username and password
2017-01-19 14:35:55 +01:00
Marvin Steadfast
1e38be3a7a
Added username and password for turn server
...
It makes it possible to use a turn server that needs a username and
password instead of a token.
2017-01-19 14:08:20 +01:00
Adrian Perez de Castro
a3e4a198e3
Allow configuring the Riot URL used in notification emails
...
The URLs used for notification emails were hardcoded to use either matrix.to
or vector.im; but for self-hosted setups where Riot is also self-hosted it
may be desirable to allow configuring an alternative Riot URL.
Fixes #1809 .
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
2017-01-13 17:12:04 +02:00
Erik Johnston
641ccdbb14
Merge pull request #1795 from matrix-org/erikj/port_defaults
...
Restore default bind address
2017-01-13 13:02:59 +00:00
Erik Johnston
bf5c9706d9
Remove full_twisted_stacktraces option
...
The debug 'full_twisted_stacktraces' flag caused synapse to rewrite
twisted deferreds to always fire the callback on the next reactor tick.
This was to force the deferred to always store the stacktraces on
exceptions, and thus be more likely to have a full stacktrace when it
reaches the final error handlers and gets printed to the logs.
Dynamically rewriting things is generally bad, and in particular this
change violates assumptions of various bits of Twisted. This wouldn't
necessarily be so bad, but it turns out this option has been turned on
on some production servers.
Turning the option can cause e.g. #1778 .
For now, lets just entirely nuke this option.
2017-01-12 10:32:52 +00:00
Erik Johnston
b1dfd20292
Pop bind_address
2017-01-10 17:23:18 +00:00
Erik Johnston
edd6cdfc9a
Restore default bind address
2017-01-10 17:21:41 +00:00
Mark Haines
f576c34594
Merge remote-tracking branch 'origin/release-v0.18.6' into develop
2016-12-30 15:13:49 +00:00
Mark Haines
822cb39dfa
Use the new twisted logging framework.
...
Hopefully adding an observer to the new framework will avoid a memory
leak https://twistedmatrix.com/trac/ticket/8164
2016-12-30 11:09:24 +00:00
Johannes Löthberg
f5cd5ebd7b
Add IPv6 comment to default config
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-12-18 23:14:32 +01:00
Johannes Löthberg
c95e9fff99
Make default homeserver config use bind_addresses
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-12-18 21:51:56 +01:00
pik
c46e7a9c9b
Bugfix: Console logging handler missing default filter
2016-12-03 20:14:58 -03:00
Richard van der Hoff
1c4f05db41
Stop putting a time caveat on access tokens
...
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.
Let's move in the right direction by not lying in our caveats.
2016-11-29 16:49:41 +00:00
Erik Johnston
ed787cf09e
Hook up the send queue and create a federation sender worker
2016-11-16 17:34:44 +00:00
Erik Johnston
d56c39cf24
Use external ldap auth pacakge
2016-11-15 13:03:19 +00:00
Erik Johnston
0964005d84
Merge pull request #1625 from DanielDent/patch-1
...
Add support for durations in minutes
2016-11-12 11:20:46 +00:00
Daniel Dent
1c93cd9f9f
Add support for durations in minutes
2016-11-12 00:10:23 -08:00
Erik Johnston
ac507e7ab8
Don't assume providers raise ConfigError's
2016-11-08 17:23:28 +00:00
Euan Kemp
c6bbad109b
default config: blacklist more internal ips
2016-11-06 17:02:25 -08:00
Luke Barnard
5b54d51d1e
Allow Configurable Rate Limiting Per AS
...
This adds a flag loaded from the registration file of an AS that will determine whether or not its users are rate limited (by ratelimit in _base.py). Needed for IRC bridge reasons - see https://github.com/matrix-org/matrix-appservice-irc/issues/240 .
2016-10-18 17:04:09 +01:00
Mark Haines
9e18e0b1cb
Merge pull request #1167 from matrix-org/markjh/fingerprints
...
Add config option for adding additional TLS fingerprints
2016-10-12 15:27:44 +01:00
Mark Haines
c61ddeedac
Explain how long the servers can cache the TLS fingerprints for
2016-10-12 14:48:24 +01:00
Mark Haines
0af6213019
Improve comment formatting
2016-10-12 14:45:13 +01:00
Mark Haines
6e9f3ab415
Add config option for adding additional TLS fingerprints
2016-10-11 19:14:46 +01:00
Erik Johnston
850b103b36
Implement pluggable password auth
...
Allows delegating the password auth to an external module. This also
moves the LDAP auth to using this system, allowing it to be removed from
the synapse tree entirely in the future.
2016-10-03 10:36:40 +01:00
Erik Johnston
4131381123
Remove support for aggregate room lists
2016-09-15 09:28:15 +01:00
Kegan Dougal
c882783535
flake8
2016-08-30 17:20:31 +01:00
Kegan Dougal
572acde483
Use None instead of the empty string
...
Change how we validate the 'url' field as a result.
2016-08-30 17:16:00 +01:00
Kegan Dougal
16b652f0a3
Flake8
2016-08-30 16:30:12 +01:00
Kegan Dougal
e82247f990
Allow application services to have an optional 'url'
...
If 'url' is not specified, they will not be pushed for events or queries. This
is useful for bots who simply wish to reserve large chunks of user/alias
namespace, and don't care about being pushed for events.
2016-08-30 16:21:16 +01:00
Paul Evans
5674ea3e6c
Merge pull request #1026 from matrix-org/paul/thirdpartylookup
...
3rd party entity lookup
2016-08-18 20:52:50 +01:00
Erik Johnston
07229bbdae
Add appservice worker
2016-08-18 14:59:55 +01:00
Paul "LeoNerd" Evans
434bbf2cb5
Filter 3PU lookups by only ASes that declare knowledge of that protocol
2016-08-18 14:56:02 +01:00
Kent Shikama
8d9a884cee
Update password config comment
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06 12:18:19 +09:00
Kent Shikama
252ee2d979
Remove default password pepper string
2016-07-05 19:15:51 +09:00
Kent Shikama
14362bf359
Fix password config
2016-07-05 19:12:53 +09:00
Kent Shikama
1ee2584307
Fix pep8
2016-07-05 19:01:00 +09:00
Kent Shikama
507b8bb091
Add comment to prompt changing of pepper
2016-07-05 18:42:35 +09:00
Kent Shikama
8bdaf5f7af
Add pepper to password hashing
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05 02:13:52 +09:00
Matthew Hodgson
63bb8f0df9
remove vector.im from default secondary DS list
2016-06-27 13:13:33 +04:00
Mark Haines
05f1a4596a
Merge branch 'master' into develop
2016-06-23 11:17:48 +01:00
Martin Weinelt
0a32208e5d
Rework ldap integration with ldap3
...
Use the pure-python ldap3 library, which eliminates the need for a
system dependency.
Offer both a `search` and `simple_bind` mode, for more sophisticated
ldap scenarios.
- `search` tries to find a matching DN within the `user_base` while
employing the `user_filter`, then tries the bind when a single
matching DN was found.
- `simple_bind` tries the bind against a specific DN by combining the
localpart and `user_base`
Offer support for STARTTLS on a plain connection.
The configuration was changed to reflect these new possibilities.
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-06-22 17:51:59 +02:00
Mark Haines
13e334506c
Remove the legacy v0 content upload API.
...
The existing content can still be downloaded. The last upload to the
matrix.org server was in January 2015, so it is probably safe to remove
the upload API.
2016-06-21 11:47:39 +01:00
Erik Johnston
bc72d381b2
Merge branch 'release-v0.16.1' of github.com:matrix-org/synapse
2016-06-20 14:18:04 +01:00
Erik Johnston
3e41de05cc
Turn use_frozen_events off by default
2016-06-17 15:11:22 +01:00
Mark Haines
a352b68acf
Use worker_ prefixes for worker config, use existing support for multiple config files
2016-06-16 17:29:50 +01:00
Mark Haines
364d616792
Access the event_cache_size directly from the server object.
...
This means that the workers can override the event_cache_size
directly without clobbering the value in the main synapse config.
2016-06-16 12:53:15 +01:00
Mark Haines
bde13833cb
Access replication_url from the worker config directly
2016-06-16 12:44:40 +01:00
Mark Haines
80a1bc7db5
Comment on what's going on in clobber_with_worker_config
2016-06-16 11:29:45 +01:00
Mark Haines
dbb5a39b64
Add worker config module
2016-06-16 11:09:15 +01:00
Mark Haines
885ee861f7
Inline the synchrotron and pusher configs into the main config
2016-06-16 11:06:12 +01:00
Matthew Hodgson
33546b58aa
point to the CAPTCHA docs
2016-06-12 23:11:29 +01:00
Mark Haines
7dbb473339
Add function to load config without generating it
...
Renames ``load_config`` to ``load_or_generate_config``
Adds a method called ``load_config`` that just loads the
config.
The main synapse.app.homeserver will continue to use
``load_or_generate_config`` to retain backwards compat.
However new worker processes can use ``load_config`` to
load the config avoiding some of the cruft needed to generate
the config.
As the new ``load_config`` method is expected to be used by new
configs it removes support for the legacy commandline overrides
that ``load_or_generate_config`` supports
2016-06-09 18:50:38 +01:00
Erik Johnston
dded389ac1
Allow setting of gc.set_thresholds
2016-06-07 15:45:56 +01:00
Matthew Hodgson
79d1f072f4
brand the email from header
2016-06-02 21:34:40 +01:00
David Baker
6ca4d3ae9a
Add vector.im to default secondary_directory_servers and add comment explaining it's not a permanent solution
2016-05-31 17:24:50 +01:00
David Baker
e1625d62a8
Add federation room list servlet
2016-05-31 11:55:57 +01:00
Mark Haines
6a30a0bfd3
Move the functions for parsing app service config
2016-05-17 11:28:58 +01:00
Mark Haines
eb79110beb
Clean up the blacklist/whitelist handling.
...
Always set the config key with an empty list, even if a list isn't specified.
This means that the codepaths are the same for both the empty list and
for a missing key. Since the behaviour is the same for both cases this
makes the code somewhat easier to reason about.
2016-05-16 13:03:59 +01:00
Mark Haines
dd95eb4cb5
Merge branch 'develop' into matthew/preview_url_ip_whitelist
2016-05-16 12:59:41 +01:00
Negi Fazeli
40aa6e8349
Create user with expiry
...
- Add unittests for client, api and handler
Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
David Baker
c00b484eff
More consistent config naming
2016-05-10 14:39:16 +02:00
David Baker
94040b0798
Add config option to not send email notifs for new users
2016-05-10 14:34:53 +02:00
Matthew Hodgson
81c2176cba
fix layout; handle app naming in synapse, not jinja
2016-05-05 15:54:29 +01:00
Matthew Hodgson
17cbf773b9
fix assorted typos in default config
2016-05-04 11:38:01 +01:00
Matthew Hodgson
792def4928
add a url_preview_ip_range_whitelist config param so we can whitelist the matrix.org IP space
2016-05-01 12:44:24 +01:00
David Baker
83618d719a
Try imports in config
2016-04-29 19:13:52 +01:00
David Baker
765f2b8446
Default enable email notifs to False
2016-04-29 14:46:18 +01:00
David Baker
4b0c3a3270
Correct public_baseurl default
2016-04-29 14:30:15 +01:00
David Baker
5048455965
Nicer get() shorthand
2016-04-29 14:27:40 +01:00
David Baker
6c8957be7f
Remove redundant docstring
2016-04-29 14:25:28 +01:00
David Baker
18ce88bd2d
Correct default template and add text template
2016-04-29 14:24:25 +01:00
David Baker
40d40e470d
Send mail notifs with a plaintext part too
2016-04-29 13:56:21 +01:00
David Baker
acded821c4
Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs
2016-04-29 10:05:20 +01:00
David Baker
60f86fc876
pep8
2016-04-28 15:16:30 +01:00
David Baker
fa12209c1b
Hopefully all remaining bits for email notifs
...
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
2016-04-27 15:09:55 +01:00
Erik Johnston
52ecbc2843
Make pyjwt dependency optional
2016-04-25 14:30:15 +01:00
Mark Haines
2022ae0fb9
Merge pull request #746 from matrix-org/markjh/split_out_pusher
...
Optionally split out the pushers into a separate process
2016-04-22 11:34:08 +01:00
Erik Johnston
b9675ef6e6
Merge pull request #687 from nikriek/jwt-fix
...
Fix issues with JWT login
2016-04-21 17:42:25 +01:00
Mark Haines
a3ac837599
Optionally split out the pushers into a separate process
2016-04-21 17:22:37 +01:00
Niklas Riekenbrauck
565c2edb0a
Fix issues with JWT login
2016-04-21 18:10:48 +02:00
David Baker
2ed0adb075
Generate mails from a template
2016-04-20 18:35:29 +01:00
David Baker
f63bd4ff47
Send a rather basic email notif
...
Also pep8 fixes
2016-04-20 13:02:01 +01:00
Erik Johnston
f338bf9257
Give install requirements
2016-04-13 14:33:48 +01:00
Erik Johnston
bfe586843f
Add back in helpful description for missing url_preview_ip_range_blacklist
2016-04-13 13:52:57 +01:00
Erik Johnston
d0633e6dbe
Sanitize the optional dependencies for spider API
2016-04-13 13:38:09 +01:00
Matthew Hodgson
4bd3d25218
Merge pull request #688 from matrix-org/matthew/preview_urls
...
URL previewing support
2016-04-11 10:40:29 +01:00
Matthew Hodgson
af582b66bb
fix typo
2016-04-08 19:08:47 +01:00
Matthew Hodgson
dafef5a688
Add url_preview_enabled config option to turn on/off preview_url endpoint. defaults to off.
...
Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered.
Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered.
Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist
Add commentary and generally address PR feedback
2016-04-08 18:37:15 +01:00
Christoph Witzany
92767dd703
add tls property
2016-04-06 18:23:45 +02:00
Christoph Witzany
3d95405e5f
Introduce LDAP authentication
2016-04-06 18:23:45 +02:00
Matthew Hodgson
9f7dc2bef7
Merge branch 'develop' into matthew/preview_urls
2016-04-04 00:38:21 +01:00
Niklas Riekenbrauck
3f9948a069
Add JWT support
2016-03-29 14:36:36 +02:00
Matthew Hodgson
d9d48aad2d
Merge branch 'develop' into matthew/preview_urls
2016-03-27 22:54:42 +01:00
Erik Johnston
590fbbef03
Add config to create guest account on 3pid invite
...
Currently, when a 3pid invite request is sent to an identity server, it
includes a provisioned guest access token. This allows the link in the,
say, invite email to include the guest access token ensuring that the
same account is used each time the link is clicked.
This flow has a number of flaws, including when using different servers
or servers that have guest access disabled.
For now, we keep this implementation but hide it behind a config option
until a better flow is implemented.
2016-03-14 15:50:40 +00:00
Mark Haines
239badea9b
Use syntax that works on both py2.7 and py3
2016-03-07 20:13:10 +00:00
Patrik Oldsberg
5fc59f009c
config,handlers/_base: added homeserver config for what state is included in a room invite
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-03-04 10:43:17 +01:00
Matthew Hodgson
47c361d2f8
add 800x600 thumbnails to make vector look prettier (and anyone else who likes big thumbnails)
2016-03-02 15:57:54 +00:00
Erik Johnston
f078ecbc8f
Derive macaroon_secret_key from signing key.
...
Unfortunately, there are people that are running synapse without a
`macaroon_sercret_key` set. Mandating they set one is a good solution,
except that breaking auto upgrades is annoying.
2016-02-08 16:35:44 +00:00
Daniel Wagner-Hall
6a9f1209df
Error if macaroon key is missing from config
...
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-05 01:58:23 +00:00
Daniel Wagner-Hall
5054806ec1
Rename config field to reflect yaml name
2016-02-03 14:42:01 +00:00
Mark Haines
0fcafbece8
Add config option for setting the trusted id servers, disabling checking the ID server in integration tests
2016-01-29 14:12:26 +00:00
Matthew Hodgson
7dd0c1730a
initial WIP of a tentative preview_url endpoint - incomplete, untested, experimental, etc. just putting it here for safekeeping for now
2016-01-24 18:47:27 -05:00
Erik Johnston
5727922106
Merge pull request #473 from matrix-org/erikj/ssh_manhole
...
Change manhole to use ssh
2016-01-07 14:36:16 +00:00
Erik Johnston
5dc5e29b9c
s/telnet/ssh/
2016-01-07 14:02:57 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Robin Lambertz
4106477e7f
Config Comment mixup in captcha public/private key
2016-01-06 23:19:33 +01:00
Mads R. Christensen
6863466653
Added a single line to explain what the server_name is used for
2015-12-02 00:37:55 +01:00
Erik Johnston
06f74068f4
Comment
2015-11-19 13:05:51 +00:00
Erik Johnston
037ce4c68f
Split out text for missing config options.
...
This allows packages to more easily override the default messages to
include package specific options.
2015-11-18 18:37:05 +00:00
Steven Hammerton
f5e25c5f35
Merge branch 'develop' into sh-cas-auth-via-homeserver
2015-11-17 10:55:41 +00:00
Daniel Wagner-Hall
6a9c4cfd0b
Fix race creating directories
2015-11-12 11:58:48 +00:00
Steven Hammerton
414a4a71b4
Allow hs to do CAS login completely and issue the client with a login token that can be redeemed for the usual successful login response
2015-11-05 14:06:48 +00:00
Steven Hammerton
45f1827fb7
Add service URL to CAS config
2015-11-04 23:32:30 +00:00
Daniel Wagner-Hall
f522f50a08
Allow guests to register and call /events?room_id=
...
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Erik Johnston
259d10f0e4
Merge branch 'release-v0.10.1' of github.com:matrix-org/synapse into develop
2015-10-23 11:11:56 +01:00
Erik Johnston
5025ba959f
Add config option to disable password login
2015-10-22 10:37:04 +01:00
Mark Haines
f2f031fd57
Add config for how many bcrypt rounds to use for password hashes
...
By default we leave it at the default value of 12. But now we can reduce
it for preparing users for loadtests or running integration tests.
2015-10-16 14:52:08 +01:00
Mark Haines
9020860479
Only turn on the twisted deferred debugging if full_twisted_stacktraces is set in the config
2015-10-13 17:50:44 +01:00
Steven Hammerton
ab7f9bb861
Default cas_required_attributes to empty dictionary
2015-10-12 14:58:59 +01:00
Steven Hammerton
01a5f1991c
Support multiple required attributes in CAS response, and in a nicer config format too
2015-10-12 14:43:17 +01:00
Steven Hammerton
76421c496d
Allow optional config params for a required attribute and it's value, if specified any CAS user must have the given attribute and the value must equal
2015-10-12 11:11:49 +01:00
Steven Hammerton
c33f5c1a24
Provide ability to login using CAS
2015-10-10 10:49:42 +01:00
Daniel Wagner-Hall
b28c7da0a4
Preserve version string in user agent
2015-10-05 20:49:39 -05:00
Daniel Wagner-Hall
8fc52bc56a
Allow synapse's useragent to be customized
...
This will allow me to write tests which verify which server made HTTP
requests in a federation context.
2015-10-02 17:13:51 -05:00
Daniel Wagner-Hall
6d7f291b93
Front-load spaces
2015-09-22 13:13:07 +01:00
Daniel Wagner-Hall
7213588083
Implement configurable stats reporting
...
SYN-287
This requires that HS owners either opt in or out of stats reporting.
When --generate-config is passed, --report-stats must be specified
If an already-generated config is used, and doesn't have the
report_stats key, it is requested to be set.
2015-09-22 12:57:40 +01:00
Daniel Wagner-Hall
2c8f16257a
Merge pull request #272 from matrix-org/daniel/insecureclient
...
Allow configuration to ignore invalid SSL certs
2015-09-15 16:52:38 +01:00
Daniel Wagner-Hall
d4af08a167
Use shorter config key name
2015-09-15 15:50:13 +01:00
Paul "LeoNerd" Evans
9cd5b9a802
Hacky attempt at catching SIGHUP and rotating the logfile around
2015-09-14 19:03:53 +01:00
Daniel Wagner-Hall
2c746382e0
Merge branch 'daniel/insecureclient' into develop
2015-09-09 14:27:30 +01:00
Daniel Wagner-Hall
ddfe30ba83
Better document the intent of the insecure SSL setting
2015-09-09 13:26:23 +01:00
Daniel Wagner-Hall
81a93ddcc8
Allow configuration to ignore invalid SSL certs
...
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00
Mark Haines
73e4ad4b8b
Merge branch 'master' into develop
...
Conflicts:
setup.py
2015-09-07 15:06:46 +01:00
Erik Johnston
fd0a919af3
Lists use 'append'
2015-09-02 17:27:59 +01:00
Erik Johnston
b62c1395d6
Merge branch 'release-v0.10.0' of github.com:matrix-org/synapse into develop
2015-09-01 13:11:55 +01:00
Mark Haines
a7122692d9
Merge branch 'release-v0.10.0' into develop
...
Conflicts:
synapse/handlers/auth.py
synapse/python_dependencies.py
synapse/rest/client/v1/login.py
2015-08-28 11:15:27 +01:00
Erik Johnston
b442217d91
Actually add config path
2015-08-28 10:37:17 +01:00
Erik Johnston
0de2aad061
Merge pull request #250 from matrix-org/erikj/generated_directory
...
Add config option to specify where generated files should be dumped
2015-08-25 17:40:19 +01:00
Erik Johnston
3f6f74686a
Update config doc
2015-08-25 17:37:21 +01:00
Erik Johnston
82145912c3
s/--generated-directory/--keys-directory/
2015-08-25 17:31:22 +01:00
Erik Johnston
3e1029fe80
Warn if we encounter unexpected files in config directories
2015-08-25 17:08:23 +01:00
Erik Johnston
af7c1397d1
Add config option to specify where generated files should be dumped
2015-08-25 16:58:01 +01:00
Erik Johnston
bfb66773a4
Allow specifying directories as config files
2015-08-25 16:25:54 +01:00
Erik Johnston
747535f20f
Merge pull request #245 from matrix-org/erikj/configurable_client_location
...
Allow specifying a directory to host a web client from
2015-08-25 15:50:25 +01:00
Erik Johnston
1d1c303b9b
Fix typo when using sys.stderr.write
2015-08-25 15:39:16 +01:00
Erik Johnston
f63208a1c0
Add utility to parse config and print out a key
...
Usage:
```
$ python -m synapse.config read server_name -c homeserver.yaml
localhost
```
2015-08-25 15:16:31 +01:00
Erik Johnston
86cef6a91b
Allow specifying a directory to host a web client from
2015-08-25 12:01:23 +01:00
Mark Haines
cf8c04948f
Fix typo in module imports and package dependencies
2015-08-25 10:42:59 +01:00
Mark Haines
78323ccdb3
Remove syutil dependency in favour of smaller single-purpose libraries
2015-08-24 16:17:38 +01:00
Daniel Wagner-Hall
ce2a7ed6e4
Merge branch 'develop' into auth
2015-08-20 16:28:36 +01:00
Daniel Wagner-Hall
2d3462714e
Issue macaroons as opaque auth tokens
...
This just replaces random bytes with macaroons. The macaroons are not
inspected by the client or server.
In particular, they claim to have an expiry time, but nothing verifies
that they have not expired.
Follow-up commits will actually enforce the expiration, and allow for
token refresh.
See https://bit.ly/matrix-auth for more information
2015-08-18 14:22:02 +01:00
Mark Haines
95b0f5449d
Fix flake8 warning
2015-08-13 17:34:22 +01:00
Mark Haines
b16cd18a86
Merge remote-tracking branch 'origin/develop' into erikj/generate_presice_thumbnails
2015-08-13 17:23:39 +01:00
Mark Haines
de3b7b55d6
Doc-string for config ultility function
2015-08-12 14:29:17 +01:00
Mark Haines
7bbaab9432
Fix the --generate-keys option. Make it do the same thing as --generate-config does when the config file exists, but without printing a warning
2015-08-12 11:57:37 +01:00
Mark Haines
fdb724cb70
Add config option for setting the list of thumbnail sizes to precalculate
2015-08-12 10:55:27 +01:00
Mark Haines
7e3d1c7d92
Make a config option for whether to generate new thumbnail sizes dynamically
2015-08-12 10:54:38 +01:00
Paul "LeoNerd" Evans
e3c8e2c13c
Add a --generate-keys option
2015-08-07 16:42:27 +01:00
Paul "LeoNerd" Evans
efe60d5e8c
Only print the pidfile path on startup if requested by a commandline flag
2015-08-07 16:36:42 +01:00
Erik Johnston
90dbd71c13
Merge branch 'master' of github.com:matrix-org/synapse into develop
2015-07-21 09:25:30 +01:00
David Baker
62b4b72fe4
Close, but no cigar.
2015-07-14 10:33:25 +01:00
Erik Johnston
f3049d0b81
Small tweaks to SAML2 configuration.
...
- Add saml2 config docs to default config.
- Use existence of saml2 config to indicate if saml2 should be enabled.
2015-07-10 10:50:14 +01:00
Erik Johnston
9158ad1abb
Merge pull request #201 from EricssonResearch/msba/saml2-develop
...
Integrate SAML2 basic authentication - uses pysaml2
2015-07-10 10:25:56 +01:00
Erik Johnston
294dbd712f
We don't want semicolons.
2015-07-09 11:47:24 +01:00
Muthu Subramanian
8cd34dfe95
Make SAML2 optional and add some references/comments
2015-07-09 13:34:47 +05:30
Matthew Hodgson
fb8d2862c1
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates
2015-07-09 00:45:41 +01:00
Matthew Hodgson
8ad2d2d1cb
document tls_certificate_chain_path more clearly
2015-07-09 00:06:01 +01:00
Matthew Hodgson
f26a3df1bf
oops, context.tls_certificate_chain_file() expects a file, not a certificate.
2015-07-08 21:33:02 +01:00
Matthew Hodgson
465acb0c6a
*cough*
2015-07-08 18:30:59 +01:00
Matthew Hodgson
64afbe6ccd
add new optional config for tls_certificate_chain_path for folks with intermediary SSL certs
2015-07-08 18:20:02 +01:00
Matthew Hodgson
04192ee05b
typo
2015-07-08 17:49:15 +01:00
Muthu Subramanian
f53bae0c19
code beautify
2015-07-08 16:05:46 +05:30
Muthu Subramanian
81682d0f82
Integrate SAML2 basic authentication - uses pysaml2
2015-07-08 15:36:54 +05:30
Eric Myhre
9e5a353663
Make upload dir a configurable path.
...
Fixes SYN-425.
Signed-off-by: Eric Myhre <hash@exultant.us>
2015-06-18 23:38:20 -05:00
Paul "LeoNerd" Evans
9a3cd1c00d
Correct -H SERVER_NAME in config-missing complaint message
2015-06-16 16:03:35 +01:00
Erik Johnston
9d0326baa6
Remove redundant newline
2015-06-15 11:27:29 +01:00
Erik Johnston
186f61a3ac
Document listener config. Remove deprecated config options
2015-06-15 11:25:53 +01:00
Erik Johnston
a005b7269a
Add backwards compat support for metrics, manhole and webclient config options
2015-06-12 17:44:23 +01:00
Erik Johnston
9c5fc81c2d
Correctly handle x_forwaded listener option
2015-06-12 17:13:23 +01:00
Erik Johnston
fd2c07bfed
Use config.listeners
2015-06-12 15:33:07 +01:00
Erik Johnston
f7f07dc517
Begin changing the config format
2015-06-11 15:48:52 +01:00
Erik Johnston
522f285f9b
Add config option to disable compression of http responses
2015-06-01 13:36:30 +01:00
Mark Haines
d70c847b4f
Merge pull request #170 from matrix-org/markjh/SYT-8-recaptcha
...
Allow endpoint for verifying recaptcha to be configured
2015-05-29 15:32:54 +01:00
Mark Haines
784aaa53df
Merge branch 'develop' into markjh/SYT-8-recaptcha
...
Conflicts:
synapse/handlers/auth.py
2015-05-29 13:49:44 +01:00
Erik Johnston
a7b65bdedf
Add config option to turn off freezing events. Use new encode_json api and ujson.loads
2015-05-29 12:17:33 +01:00
Mark Haines
d94590ed48
Add config for setting the recaptcha verify api endpoint, so we can test it in sytest
2015-05-29 12:11:40 +01:00
Erik Johnston
36b3b75b21
Registration should be disabled by default
2015-05-28 11:01:34 +01:00
Erik Johnston
1ce1509989
s/metric_interface/metric_bind_host/
2015-05-22 14:51:22 +01:00
Erik Johnston
59a0682f3e
Enable changing the interface the metrics listener binds to
2015-05-22 13:13:07 +01:00
David Baker
97a64f3ebe
Merge branch 'develop' of github.com:matrix-org/synapse into develop
2015-05-07 09:33:42 +01:00
David Baker
b850c9fa04
Typo
2015-05-07 09:33:30 +01:00
Mark Haines
e45b05647e
Fix the --help option for synapse
2015-05-05 17:39:59 +01:00
Mark Haines
3bcdf3664c
Use the daemonize key from the config if it exists
2015-05-01 14:34:55 +01:00
Mark Haines
46a65c282f
Allow generate-config to run against an existing config file to generate default keys
2015-05-01 13:54:38 +01:00
Mark Haines
50c87b8eed
Allow "manhole" to be ommited from the config
2015-04-30 18:11:47 +01:00
Mark Haines
345995fcde
Remove the ~, comment the lines instead
2015-04-30 18:10:19 +01:00
Mark Haines
62cebee8ee
Update key.py
2015-04-30 17:54:01 +01:00
Mark Haines
95cbfee8ae
Update metrics.py
2015-04-30 17:52:20 +01:00
Mark Haines
2d4d2bbae4
Merge branch 'develop' into markjh/config_cleanup
...
Conflicts:
synapse/config/captcha.py
2015-04-30 16:54:55 +01:00
Mark Haines
2f1348f339
Write a default log_config when generating config
2015-04-30 16:52:57 +01:00
David Baker
5b02f33451
Undo changes to logger config, ie. remove the access_log_file option: decision is to support this through log_config rather tan adding an option.
2015-04-30 16:21:39 +01:00
David Baker
054aa0d58c
Do access log using python's logging stuff, just under a separate logger name
2015-04-30 16:21:38 +01:00
Mark Haines
74aaacf82a
Don't break when sizes or durations are given as integers
2015-04-30 16:04:02 +01:00
Mark Haines
c28f1d16f0
Add a random string to the auto generated key id
2015-04-30 15:13:14 +01:00
Mark Haines
265f30bd3f
Allow --enable-registration to be passed on the commandline
2015-04-30 15:04:06 +01:00
Mark Haines
c9e62927f2
Use disable_registration keys if they are present
2015-04-30 14:34:09 +01:00
David Baker
d89a9f7283
Add an access_log
...
SYN-161 #resolve
2015-04-30 13:58:13 +01:00
Mark Haines
1aa11cf7ce
Allow multiple config files, set up a default config before applying the config files
2015-04-30 13:48:15 +01:00
Mark Haines
6b69ddd17a
remove duplicate parse_size method
2015-04-30 04:26:29 +01:00
Mark Haines
d624e2a638
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
2015-04-30 04:24:44 +01:00
Mark Haines
4ad8b45155
Merge branch 'develop' into key_distribution
...
Conflicts:
synapse/config/homeserver.py
2015-04-29 13:15:14 +01:00
Mark Haines
f4c9ebbc34
Delete ugly commented out log line.
2015-04-29 11:07:13 +01:00
Matthew Hodgson
68c0603946
comment out ugly test logline
2015-04-29 00:14:44 +01:00
Erik Johnston
327ca883ec
Merge branch 'develop' of github.com:matrix-org/synapse into postgres
2015-04-28 13:39:42 +01:00
Mark Haines
9182f87664
Merge pull request #126 from matrix-org/csauth
...
Client / Server Auth Refactor
2015-04-28 11:00:27 +01:00
Mark Haines
0bc71103e1
Output vim style mode markers into the yaml config file
2015-04-28 10:17:10 +01:00
Erik Johnston
1ef66cc3bd
Move database configuration into config module
2015-04-27 15:57:43 +01:00
Erik Johnston
6f8e2d517e
Merge branch 'develop' of github.com:matrix-org/synapse into postgres
2015-04-27 14:41:40 +01:00
Mark Haines
288702170d
Add config for setting the perspective servers
2015-04-24 17:01:34 +01:00
Mark Haines
c253b14f6e
Merge branch 'develop' into key_distribution
2015-04-24 11:29:46 +01:00
Mark Haines
bdcb23ca25
Fix spelling
2015-04-24 11:29:19 +01:00
Mark Haines
b2c2dc8940
Merge branch 'develop' into key_distribution
2015-04-24 11:28:10 +01:00
Mark Haines
869dc94cbb
Call the super classes when generating config
2015-04-24 11:27:56 +01:00
Mark Haines
b1e68add19
Add a config file for perspective servers
2015-04-24 11:26:19 +01:00
Mark Haines
c8c710eca7
Move the key related config parser into a separate file
2015-04-24 10:22:22 +01:00
Mark Haines
149ed9f151
Better help for the old-signing-key option
2015-04-24 10:07:55 +01:00
David Baker
2e0d9219b9
Remove now-redundant email config
2015-04-23 11:45:29 +01:00
Mark Haines
f30d47c876
Implement remote key lookup api
2015-04-22 14:21:08 +01:00
Erik Johnston
5e7a90316d
Update --database-path metavar to SQLITE_DATABASE_PATH
2015-04-17 16:08:18 +01:00
David Baker
cb03fafdf1
Merge branch 'develop' into csauth
2015-04-17 13:51:10 +01:00
Erik Johnston
6606f7c659
Merge branch 'develop' of github.com:matrix-org/synapse into postgres
2015-04-15 10:27:20 +01:00
Mark Haines
88cb06e996
Update syutil version to 0.0.4
2015-04-14 16:18:17 +01:00
Mark Haines
d488463fa3
Add a version 2 of the key server api
2015-04-14 16:04:52 +01:00
Erik Johnston
d5e7e6b9b6
Merge branch 'develop' of github.com:matrix-org/synapse into mysql
2015-04-07 18:17:22 +01:00
Erik Johnston
0775c62469
Fix --enable-registration flag to work if you don't give a value
2015-04-07 18:16:23 +01:00
Erik Johnston
4fe95094d1
Merge branch 'develop' of github.com:matrix-org/synapse into mysql
2015-04-07 18:05:39 +01:00
Kegan Dougal
af853a4cdb
Add AppServiceConfig
2015-03-31 09:22:31 +01:00
David Baker
59bf16eddc
New registration for C/S API v2. Only ReCAPTCHA working currently.
2015-03-30 18:13:10 +01:00
Matthew Hodgson
8366fde82f
turn --disable-registration into --enable-registration, given the default is for registration to be disabled by default now. this is backwards incompatible by removing the old --disable-registration arg, but makes for a much more intuitive arg
2015-03-30 12:01:09 -04:00
Erik Johnston
f6583796fe
Merge branch 'develop' of github.com:matrix-org/synapse into mysql
2015-03-20 16:31:48 +00:00
Erik Johnston
455579ca90
Make database selection configurable
2015-03-20 10:55:55 +00:00
Erik Johnston
ed4d44d833
Merge pull request #109 from matrix-org/default_registration
...
Disable registration by default. Add script to register new users.
2015-03-18 11:38:52 +00:00
David Baker
7564dac8cb
Wire up the webclient option
...
It existed but was hardcoded to True.
Give it an underscore for consistency.
Also don't pull in syweb unless we're actually using the web client.
2015-03-17 12:45:37 +01:00
Erik Johnston
8bad40701b
Comment.
2015-03-16 13:13:07 +00:00
Erik Johnston
98a3825614
Allow enabling of registration with --disable-registration false
2015-03-13 16:49:18 +00:00
Erik Johnston
9266cb0a22
PEP8
2015-03-13 15:26:00 +00:00
Erik Johnston
69135f59aa
Implement registering with shared secret.
2015-03-13 15:23:37 +00:00
Erik Johnston
58367a9da2
Disable registration by default
2015-03-13 12:59:45 +00:00
Paul "LeoNerd" Evans
b98b4c135d
Option to serve metrics from their own localhost-only TCP port instead of muxed on the main listener
2015-03-12 16:24:51 +00:00
Paul "LeoNerd" Evans
5b6e11d560
Commandline option to enable metrics system
2015-03-12 16:24:50 +00:00
Erik Johnston
e49d6b1568
Unused import
2015-03-06 11:37:24 +00:00
Erik Johnston
3ce8540484
Don't look for an TLS private key if we have set --no-tls
2015-03-06 11:34:06 +00:00
Erik Johnston
3fce185c77
Merge pull request #83 from matrix-org/nofile_limit_config
...
Add config option to set the soft fd limit on start
2015-03-02 13:52:16 +00:00
Erik Johnston
9d9b230501
Make the federation server ratelimiting configurable.
2015-03-02 11:33:45 +00:00
David Baker
255f989c7b
turns uris config options should append since it's a list
2015-02-24 20:57:58 +00:00
Erik Johnston
7c56210f20
By default set soft limit to hard limit
2015-02-20 16:09:44 +00:00
Erik Johnston
81163f822e
Add config option to disable registration.
2015-02-19 14:16:53 +00:00
Erik Johnston
c3eb7dd9c5
Add config option to set the soft fd limit on start
2015-02-19 11:50:49 +00:00
Mark Haines
f5a70e0d2e
Add a cache for get_event
2015-02-11 15:01:15 +00:00
Erik Johnston
f91345bdb5
yaml.load expects strings to be a yaml rather than file
2015-02-10 13:57:31 +00:00
Erik Johnston
30595b466f
Use yaml logging config format because it is much nicer
2015-02-10 13:50:33 +00:00
Mark Haines
8ce100c7b4
Convert directory paths to absolute paths before daemonizing
2015-02-09 18:30:00 +00:00
Mark Haines
3e85e52b3f
Allow ':memory:' as the database path for sqlite3
2015-01-19 15:26:19 +00:00
Kegan Dougal
9d0dcf2e3c
SYN-142: Rotate logs if logging to file. Fixed to a 4 file rotate with 100MB/file for now.
2015-01-08 15:31:29 +00:00
Erik Johnston
379a653ae3
Add better help message for --server-name config option.
2015-01-08 14:32:53 +00:00
Mark Haines
b9f77d1ae1
Increase default maximum attachment size to 10M
2015-01-06 14:04:58 +00:00
Mark Haines
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
Kegan Dougal
4dcad143dd
SYN-142: Use a default log file 'homeserver.log' so people get logging by default.
2014-12-16 17:24:49 +00:00
Erik Johnston
3983c7fb0f
Merge branch 'hotfixes-v0.5.4' of github.com:matrix-org/synapse into develop
2014-12-13 18:16:12 +00:00
Erik Johnston
6380ead2ee
Fix bug while generating the error message when a file path specified in the config doesn't exist
2014-12-13 18:03:01 +00:00
Mark Haines
d80d505b1f
Limit the size of images that are thumbnailed serverside. Limit the size of file that a server will download from a remote server
2014-12-11 14:19:32 +00:00
Mark Haines
61fc37e467
Merge branch 'develop' into media_repository
2014-12-10 16:14:17 +00:00
Paul "LeoNerd" Evans
66b0596b7a
Don't log synapse.storage at DEBUG level when under -v; require -v -v for that
2014-12-02 22:28:18 +00:00
Mark Haines
5da65085d1
Get uploads working with new media repo
2014-12-02 19:51:47 +00:00
Mark Haines
7993e3d10d
SYN-187: Set a more sensible default for the content_addr
2014-12-02 17:20:02 +00:00
David Baker
fe3401e037
Be more helpful and tell the user how to generate a config too.
2014-11-14 13:30:06 +00:00
David Baker
933ce76057
Adding --generate-config will not help if the user has not specified a config file.
2014-11-14 13:24:12 +00:00
Mark Haines
e903c941cb
Merge branch 'develop' into request_logging
...
Conflicts:
setup.py
synapse/storage/_base.py
synapse/util/async.py
2014-11-14 11:16:50 +00:00
Erik Johnston
af7ae048f8
Add option to not bind to HTTPS port. This is useful if running behind an ssl load balancer
2014-11-03 15:06:40 +00:00
Mark Haines
7c06399512
Merge branch 'develop' into request_logging
...
Conflicts:
synapse/config/logger.py
2014-10-30 11:13:58 +00:00
Mark Haines
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
Mark Haines
fa955cc2a4
Pep8 and a few doc strings
2014-10-30 10:13:46 +00:00
Mark Haines
b29517bd01
Add a request-id to each log line
2014-10-30 01:21:33 +00:00
Mark Haines
d56e389a95
Fix pyflakes warnings
2014-10-27 10:33:17 +00:00
Mark Haines
9c0826592c
Fix auto generating signing_keys
2014-10-18 16:56:44 +01:00
Mark Haines
984e207b59
Merge branch develop into server2server_signing
...
Conflicts:
synapse/app/homeserver.py
2014-10-13 10:58:50 +01:00
David Baker
9435830351
Merge branch 'master' into develop
2014-10-02 14:11:17 +01:00
David Baker
d694619a95
Fix ncorrect ports in documentation and add notes on how generate-config also generates certs bound to whatever hostname you give with --generate-config.
...
SYN-87 #resolved
2014-10-02 14:09:27 +01:00
Mark Haines
099083ea6b
Merge remote-tracking branch 'origin/master' into develop
2014-10-02 10:46:41 +01:00
David Baker
7a322b6326
Update README setup instructions to be correct. Make synapse spit out explanatory note when generating config to tell people to look at it and customise it.
2014-10-02 10:43:22 +01:00
Mark Haines
9605593d11
Merge branch 'develop' into server2server_signing
...
Conflicts:
synapse/storage/__init__.py
tests/rest/test_presence.py
2014-09-30 17:55:06 +01:00
Erik Johnston
fbf6320614
pyflakes cleanup
2014-09-30 12:38:38 +01:00
David Baker
ec5fb77a66
Just use a yaml list for turn servers
2014-09-25 19:18:32 +02:00
David Baker
c58eb0d5a3
Merge branch 'turn' into develop
2014-09-25 13:09:56 +01:00
David Baker
a31bf77776
Make turn server endpoint return an empty object if no turn servers to
...
match the normal response. Don't break if the turn_uris option isn't
present.
2014-09-25 11:24:49 +02:00
David Baker
5383ba5587
rename endpoint to better reflect what it is and allow specifying multiple uris
2014-09-24 16:01:36 +01:00
Mark Haines
c6a8e7d9b9
Read signing keys using methods from syutil. convert keys that are in the wrong format
2014-09-23 18:43:34 +01:00
David Baker
14ed6799d7
Add support for TURN servers as per the TURN REST API ( http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 )
2014-09-23 17:16:13 +01:00
Paul "LeoNerd" Evans
3a8a94448a
Allow a (hidden undocumented) key to m.login.recaptcha to specify a shared secret to allow bots to bypass the ReCAPTCHA test (SYN-60)
2014-09-23 14:29:08 +01:00
Kegan Dougal
3fa01be9e4
formatting
2014-09-19 12:04:26 +01:00
Kegan Dougal
cc83b06cd1
Added support for the HS to send emails. Use it to send password resets. Added email_smtp_server and email_from_address config args. Added emailutils.
2014-09-16 12:36:39 +01:00
Kegan Dougal
37e53513b6
Add config opion for XFF headers when performing ReCaptcha auth.
2014-09-05 22:51:11 -07:00
Kegan Dougal
0b9e1e7b56
Added a captcha config to the HS, to enable registration captcha checking and for the recaptcha private key.
2014-09-05 17:58:06 -07:00
Paul "LeoNerd" Evans
4c3512a45c
Added a TODO note about YAML modeline for editors
2014-09-03 19:30:48 +01:00
Paul "LeoNerd" Evans
4081413876
Default PID file should be 'homeserver.pid' to match the other 'homeserver.*' naming convention
2014-09-03 17:34:07 +01:00
Matthew Hodgson
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
Mark Haines
ee2bcdec65
Limit the size of uploads
2014-09-03 17:04:16 +01:00
Erik Johnston
bc21350298
Add option to change content repo location
2014-09-03 11:57:23 +01:00
Mark Haines
c6eafdfbaf
Add copyright notices and fix pyflakes errors
2014-09-03 09:43:11 +01:00
Mark Haines
780548b577
rate limiting for message sending
2014-09-02 18:22:15 +01:00
Mark Haines
0a1260b03a
Add ratelimiting config
2014-09-02 18:00:15 +01:00
Mark Haines
c7a7cdf734
Add ratelimiting function to basehandler
2014-09-02 17:57:04 +01:00
Mark Haines
cf890e9d43
Remove option for disabling webclient because it was confusing
2014-09-02 11:09:41 +01:00
Erik Johnston
08d2f902dd
Default HTTP and HTTPS ports to 8008 and 8448
2014-09-02 10:58:33 +01:00
Mark Haines
45570e4695
os.makedirs is almost but not entirely unlike mkdir -p
2014-09-02 10:58:05 +01:00
Mark Haines
64b341cc10
Fix typo when reading TLS config
2014-09-02 10:54:56 +01:00
Mark Haines
30572e28c2
Make the config directory if the directory doesn't exisit when generating config
2014-09-02 10:52:25 +01:00
Mark Haines
d45f89c95b
More helpful error messages for missing config
2014-09-02 10:49:11 +01:00
Mark Haines
399e004884
Add unsecure listener port to homeserver
2014-09-01 22:38:52 +01:00