Erik Johnston
209e04fa11
Merge pull request #918 from negzi/bugfix_for_token_expiry
...
Bug fix: expire invalid access tokens
2016-07-14 15:51:52 +01:00
Erik Johnston
e5142f65a6
Add 'contains_url' to filter
2016-07-14 15:35:48 +01:00
Negar Fazeli
0136a522b1
Bug fix: expire invalid access tokens
2016-07-13 15:00:37 +02:00
Erik Johnston
2cb758ac75
Check if alias event's state_key matches sender's domain
2016-07-13 13:12:25 +01:00
Erik Johnston
560c71c735
Check creation event's room_id domain matches sender's
2016-07-13 13:07:19 +01:00
David Baker
385aec4010
Implement https://github.com/matrix-org/matrix-doc/pull/346/files
2016-07-08 17:42:48 +01:00
Erik Johnston
58930da52b
Merge branch 'master' of github.com:matrix-org/synapse into develop
2016-07-08 14:11:37 +01:00
Erik Johnston
067596d341
Fix bug where we did not correctly explode when multiple user_ids were set in macaroon
2016-07-07 16:22:24 +01:00
David Baker
be8be535f7
requestToken update
...
Don't send requestToken request to untrusted ID servers
Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.
2016-06-30 17:51:28 +01:00
David Baker
1f31cc37f8
Working unsubscribe links going straight to the HS
...
and authed by macaroons that let you delete pushers and nothing else
2016-06-02 17:21:31 +01:00
David Baker
812b5de0fe
Merge remote-tracking branch 'origin/develop' into dbkr/email_unsubscribe
2016-06-02 15:33:28 +01:00
Matthew Hodgson
aaa70e26a2
special case m.room.third_party_invite event auth to match invites, otherwise they get out of sync and you get https://github.com/vector-im/vector-web/issues/1208
2016-06-01 22:13:47 +01:00
David Baker
991af8b0d6
WIP on unsubscribing email notifs without logging in
2016-06-01 17:40:52 +01:00
Mark Haines
1a3a2002ff
Spell "domain" correctly
...
s/domian/domain/g
2016-05-16 19:17:23 +01:00
Negi Fazeli
40aa6e8349
Create user with expiry
...
- Add unittests for client, api and handler
Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
Erik Johnston
c9eb6dfc1b
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/ignore_user
2016-05-09 13:21:06 +01:00
Erik Johnston
08dfa8eee2
Add and use get_domian_from_id
2016-05-09 10:36:03 +01:00
Erik Johnston
a438a6d2bc
Implement basic ignore user
2016-05-04 10:16:46 +01:00
Erik Johnston
0f2ca8cde1
Measure Auth.check
2016-04-13 11:15:59 +01:00
Erik Johnston
c53f9d561e
Don't auto log failed auth checks
2016-04-13 11:11:46 +01:00
Erik Johnston
3e7fac0d56
Add published room list edit API
2016-03-21 15:06:07 +00:00
David Baker
874fd43257
Send the user ID matching the guest access token, since there is no Matrix API to discover what user ID an access token is for.
2016-03-07 17:13:56 +00:00
Daniel Wagner-Hall
577951b032
Allow third_party_signed to be specified on /join
2016-02-23 15:11:25 +00:00
Erik Johnston
e5ad2e5267
Merge pull request #582 from matrix-org/erikj/presence
...
Rewrite presence for performance.
2016-02-19 09:37:50 +00:00
Erik Johnston
114b929f8b
Check presence state is a valid one
2016-02-18 09:16:32 +00:00
Patrik Oldsberg
536f949a1a
api/filtering: don't assume that event content will always be a dict
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-02-17 12:59:41 +01:00
Daniel Wagner-Hall
4de08a4672
Revert "Merge two of the room join codepaths"
...
This reverts commit cf81375b94
.
It subtly violates a guest joining auth check
2016-02-12 16:17:24 +00:00
Daniel Wagner-Hall
cf81375b94
Merge two of the room join codepaths
...
There's at least one more to merge in.
Side-effects:
* Stop reporting None as displayname and avatar_url in some cases
* Joining a room by alias populates guest-ness in join event
* Remove unspec'd PUT version of /join/<room_id_or_alias> which has not
been called on matrix.org according to logs
* Stop recording access_token_id on /join/room_id - currently we don't
record it on /join/room_alias; I can try to thread it through at some
point.
2016-02-12 15:11:49 +00:00
Erik Johnston
2c1fbea531
Fix up logcontexts
2016-02-08 14:26:45 +00:00
Daniel Wagner-Hall
737c4223ef
Host /media/r0 as well as /media/v1
2016-02-05 10:47:46 +00:00
Daniel Wagner-Hall
2df6114bc4
Log more diagnostics for unrecognised access tokens
2016-02-02 19:21:49 +00:00
Daniel Wagner-Hall
d83d004ccd
Fix flake8 warnings for new flake8
2016-02-02 17:18:50 +00:00
Erik Johnston
35981c8b71
Fix test
2016-01-28 17:20:05 +00:00
Erik Johnston
8c6012a4af
Fix tests
2016-01-25 13:12:35 +00:00
Erik Johnston
4021f95261
Move logic from rest/ to handlers/
2016-01-25 10:10:44 +00:00
Erik Johnston
975903ae17
Sanitize filters
2016-01-22 10:41:30 +00:00
Daniel Wagner-Hall
808a8aedab
Don't error on AS non-ghost user use
...
This will probably go away either when we fix our existing ASes, or when
we kill the concept of non-ghost users.
2016-01-18 16:33:05 +00:00
Daniel Wagner-Hall
74474a6d63
Pull out app service user lookup
...
I find this a lot simpler than nested try-catches and stuff
2016-01-18 16:32:33 +00:00
Daniel Wagner-Hall
ac5a4477ad
Require unbanning before other membership changes
2016-01-15 16:27:26 +00:00
David Baker
5819b7a78c
M_INVALID_USERNAME to be consistent with the parameter name
2016-01-15 10:06:34 +00:00
David Baker
3f8db3d597
Add specific error code for invalid user names.
2016-01-14 17:21:04 +00:00
Daniel Wagner-Hall
7d09ab8915
Require AS users to be registered before use
2016-01-13 13:19:47 +00:00
Daniel Wagner-Hall
2110e35fd6
Introduce a Requester object
...
This tracks data about the entity which made the request. This is
instead of passing around a tuple, which requires call-site
modifications every time a new piece of optional context is passed
around.
I tried to introduce a User object. I gave up.
2016-01-11 17:48:45 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Mark Haines
392773ccb2
Guest users must be joined to a room to see it in /sync
2016-01-06 16:44:13 +00:00
Daniel Wagner-Hall
cfd07aafff
Allow guests to upgrade their accounts
2016-01-05 18:01:18 +00:00
Mark Haines
0ee0138325
Include the list of bad room ids in the error
2015-12-22 15:49:32 +00:00
Mark Haines
c058625959
Merge remote-tracking branch 'origin/develop' into markjh/guest_access
...
Conflicts:
synapse/api/filtering.py
2015-12-22 13:58:18 +00:00
Mark Haines
b9b4466d0d
Add top level filters for filtering by room id
...
Documented by matrix-org/matrix-doc#246
2015-12-22 11:40:32 +00:00
Mark Haines
45a9e0ae0c
Allow guest access if the user provides a list of rooms in the filter
2015-12-22 10:25:46 +00:00
Mark Haines
489a4cd1cf
Add top level filtering by room id
2015-12-21 21:10:41 +00:00
Daniel Wagner-Hall
8c5f252edb
Strip address and such out of 3pid invites
...
We're not meant to leak that into the graph
2015-12-17 18:09:51 +01:00
Mark Haines
660dee94af
Only include the archived rooms if a include_leave flag in set in the filter
2015-12-04 17:32:09 +00:00
Mark Haines
95f30ecd1f
Add API for setting account_data globaly or on a per room basis
2015-12-01 18:41:32 +00:00
Erik Johnston
17dd5071ef
Allow user to redact with an equal power
...
Users only need their power level to be equal to the redact level for
them to be allowed to redact events.
2015-11-26 11:17:57 +00:00
Paul "LeoNerd" Evans
1cfda3d2d8
Merge branch 'develop' into daniel/forgetrooms
2015-11-19 16:53:13 +00:00
Mark Haines
7a802ec0ff
Merge pull request #386 from matrix-org/markjh/rename_pud_to_account_data
...
s/private_user_data/account_data/
2015-11-19 15:21:35 +00:00
Daniel Wagner-Hall
248cfd5eb3
Take a boolean not a list of lambdas
2015-11-19 15:16:25 +00:00
Mark Haines
1c960fbb80
s/private_user_data/account_data/
2015-11-18 15:31:04 +00:00
Daniel Wagner-Hall
ba26eb3d5d
Allow users to forget rooms
2015-11-17 17:17:30 -05:00
Steven Hammerton
f20d064e05
Always check guest = true in macaroons
2015-11-17 10:58:05 +00:00
Steven Hammerton
f5e25c5f35
Merge branch 'develop' into sh-cas-auth-via-homeserver
2015-11-17 10:55:41 +00:00
Steven Hammerton
dd2eb49385
Share more code between macaroon validation
2015-11-11 11:12:35 +00:00
Daniel Wagner-Hall
38d82edf0e
Allow guest users to join and message rooms
2015-11-10 16:57:13 +00:00
Daniel Wagner-Hall
2cebe53545
Exchange 3pid invites for m.room.member invites
2015-11-05 16:43:19 +00:00
Mark Haines
7a369e8a55
Merge pull request #347 from matrix-org/markjh/check_filter
...
Remove fields that are both unspecified and unused from the filter checks
2015-11-05 11:15:39 +00:00
Daniel Wagner-Hall
f522f50a08
Allow guests to register and call /events?room_id=
...
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Mark Haines
285d056629
Remove fields that are both unspecified and unused from the filter checks, check the right top level definitions in the filter
2015-11-04 15:47:19 +00:00
Mark Haines
57be722c46
Include room tags in v2 /sync
2015-11-02 16:23:15 +00:00
Daniel Wagner-Hall
216c976399
Merge pull request #323 from matrix-org/daniel/sizelimits
...
Reject events which are too large
2015-10-23 11:26:03 +01:00
Mark Haines
b051781ddb
Merge pull request #325 from matrix-org/markjh/filter_dicts
...
Support filtering events represented as dicts.
2015-10-22 17:14:52 +01:00
Mark Haines
4e05aab4f7
Don't assume that the event has a room_id or sender
2015-10-22 17:08:59 +01:00
Mark Haines
9b6f3bc742
Support filtering events represented as dicts.
...
This is useful because the emphemeral events such as presence and
typing are represented as dicts inside synapse.
2015-10-22 16:38:03 +01:00
Daniel Wagner-Hall
e60dad86ba
Reject events which are too large
...
SPEC-222
2015-10-22 11:44:31 +01:00
Erik Johnston
5c41224a89
Filter room ids before hitting the database
2015-10-21 10:09:26 +01:00
Erik Johnston
87deec824a
Docstring
2015-10-20 15:47:42 +01:00
Erik Johnston
45cd2b0233
Refactor api.filtering to have a Filter API
2015-10-20 15:33:25 +01:00
Daniel Wagner-Hall
137fafce4e
Allow rejecting invites
...
This is done by using the same /leave flow as you would use if you had
already accepted the invite and wanted to leave.
2015-10-20 11:58:58 +01:00
Daniel Wagner-Hall
0e5239ffc3
Stuff signed data in a standalone object
...
Makes both generating it in sydent, and verifying it here, simpler at
the cost of some repetition
2015-10-16 17:45:48 +01:00
Daniel Wagner-Hall
c225d63e9e
Add signing host and keyname to signatures
2015-10-16 15:07:56 +01:00
Daniel Wagner-Hall
b8dd5b1a2d
Verify third party ID server certificates
2015-10-16 14:54:54 +01:00
Daniel Wagner-Hall
f38df51e8d
Merge branch 'develop' into daniel/3pidinvites
2015-10-15 11:51:55 +01:00
Daniel Wagner-Hall
0c38e8637f
Remove unnecessary class-wrapping
2015-10-13 18:00:38 +01:00
Daniel Wagner-Hall
95e53ac535
Add some docstring
2015-10-13 17:18:24 +01:00
Daniel Wagner-Hall
17dffef5ec
Move event contents into third_party_layout field
2015-10-13 15:48:12 +01:00
Mark Haines
2fa9e23e04
Update the v2 filters to support filtering presence and remove support for public/private user data
2015-10-13 14:12:43 +01:00
Daniel Wagner-Hall
7c809abe86
Merge branch 'develop' into daniel/3pidinvites
2015-10-06 10:24:32 -05:00
Daniel Wagner-Hall
1cacc71050
Add third party invites to auth_events for joins
2015-10-06 10:13:28 -05:00
Mark Haines
93cc60e805
Remove log line that was generated whenever an error was created. We are now creating error objects that aren't raised so it's probably a bit too confusing to keep
2015-10-06 16:10:19 +01:00
Daniel Wagner-Hall
58e6a58eb7
Merge branch 'develop' into daniel/3pidinvites
2015-10-05 10:33:41 -05:00
Erik Johnston
40017a9a11
Add 'trusted_private_chat' to room creation presets
2015-10-02 11:22:56 +01:00
Erik Johnston
d5e081c7ae
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable
2015-10-02 10:33:49 +01:00
Daniel Wagner-Hall
5b3e9713dd
Implement third party identifier invites
2015-10-01 17:49:52 +01:00
Mark Haines
f2fcc0a8cf
synapse/api/errors.py:RoomError was unused
2015-09-22 18:18:45 +01:00
Mark Haines
ee2d722f0f
Merge pull request #276 from matrix-org/markjh/history_for_rooms_that_have_been_left
...
SPEC-216: Allow users to view the history of rooms that they have left.
2015-09-21 14:38:13 +01:00
Mark Haines
8e3bbc9bd0
Clarify which event is returned by check_user_was_in_room
2015-09-21 13:47:44 +01:00
Daniel Wagner-Hall
728d07c8c1
Merge pull request #256 from matrix-org/auth
...
Attempt to validate macaroons
2015-09-14 18:09:33 +01:00
Erik Johnston
d59acb8c5b
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable
2015-09-14 18:05:31 +01:00
Erik Johnston
91cb3b630d
Merge pull request #265 from matrix-org/erikj/check_room_exists
...
Check room exists when authenticating an event
2015-09-14 17:56:18 +01:00
Mark Haines
3c166a24c5
Remove undocumented and unimplemented 'feedback' parameter from the Client-Server API
2015-09-09 16:05:09 +01:00