anonymousland-synapse/synapse
Quentin Gliech fe1daad672
Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986)
This simplifies the access token verification logic by removing the `rights`
parameter which was only ever used for the unsubscribe link in email
notifications. The latter has been moved under the `/_synapse` namespace,
since it is not a standard API.

This also makes the email verification link more secure, by embedding the
app_id and pushkey in the macaroon and verifying it. This prevents the user
from tampering the query parameters of that unsubscribe link.

Macaroon generation is refactored:

- Centralised all macaroon generation and verification logic to the
  `MacaroonGenerator`
- Moved to `synapse.utils`
- Changed the constructor to require only a `Clock`, hostname, and a secret key
  (instead of a full `Homeserver`).
- Added tests for all methods.
2022-06-14 09:12:08 -04:00
..
_scripts Replace noop background updates with DELETE. (#12954) 2022-06-13 14:06:27 -04:00
api Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
app Fix Synapse git info missing in version strings (#12973) 2022-06-07 15:24:11 +01:00
appservice Remove remaining bits of groups code. (#12936) 2022-06-01 09:41:25 -04:00
config Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
crypto Bump black and click versions (#12320) 2022-04-05 11:04:28 +01:00
events Uniformize spam-checker API, part 4: port other spam-checker callbacks to return Union[Allow, Codes]. (#12857) 2022-06-13 18:16:16 +00:00
federation Stop depending on room_id to be returned for children state in the hierarchy response. (#12991) 2022-06-10 07:15:51 -04:00
handlers Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
http Synapse 1.60.0rc2 (2022-05-27) 2022-05-27 12:07:18 +01:00
logging Easy type hints in synapse.logging.opentracing (#12894) 2022-05-27 11:17:33 +01:00
metrics Fix Synapse git info missing in version strings (#12973) 2022-06-07 15:24:11 +01:00
module_api Uniformize spam-checker API, part 4: port other spam-checker callbacks to return Union[Allow, Codes]. (#12857) 2022-06-13 18:16:16 +00:00
push Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
replication Remove groups replication code. (#12900) 2022-05-31 13:04:08 -04:00
res Fix Jinja templating error when generating thumbnail URLs. (#12510) 2022-04-20 12:03:03 -04:00
rest Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
server_notices Decouple synapse.api.auth_blocking.AuthBlocking from synapse.api.auth.Auth. (#13021) 2022-06-14 09:51:15 +01:00
spam_checker_api Fix import in module_api module and docs on the new check_event_for_spam signature (#12918) 2022-05-31 12:04:53 +02:00
state Merge branch 'rav/simplify_event_auth_interface' into develop 2022-06-13 11:34:59 +01:00
static Display an error page during failure of fallback UIA. (#10561) 2021-08-18 08:13:35 -04:00
storage Replace noop background updates with DELETE. (#12954) 2022-06-13 14:06:27 -04:00
streams Rework stream token to stop caring about groups. (#12897) 2022-05-31 07:42:50 -04:00
util Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
__init__.py Fix Synapse git info missing in version strings (#12973) 2022-06-07 15:24:11 +01:00
event_auth.py Remove room_version param from check_auth_rules_for_event 2022-06-12 23:13:10 +01:00
notifier.py Reduce the amount of state we pull from the DB (#12811) 2022-06-06 09:24:12 +01:00
py.typed Mark Module API error imports as re-exported and mark Synapse as containing type annotations (#11054) 2021-10-13 08:42:41 +01:00
server.py Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
types.py Rework stream token to stop caring about groups. (#12897) 2022-05-31 07:42:50 -04:00
visibility.py Fix 404 on /sync when the last event is a redaction of an unknown/purged event (#12905) 2022-06-01 11:29:51 +00:00