Kent Shikama
8d9a884cee
Update password config comment
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06 12:18:19 +09:00
Kent Shikama
252ee2d979
Remove default password pepper string
2016-07-05 19:15:51 +09:00
Kent Shikama
14362bf359
Fix password config
2016-07-05 19:12:53 +09:00
Kent Shikama
1ee2584307
Fix pep8
2016-07-05 19:01:00 +09:00
Kent Shikama
507b8bb091
Add comment to prompt changing of pepper
2016-07-05 18:42:35 +09:00
Kent Shikama
8bdaf5f7af
Add pepper to password hashing
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05 02:13:52 +09:00
Matthew Hodgson
63bb8f0df9
remove vector.im from default secondary DS list
2016-06-27 13:13:33 +04:00
Mark Haines
05f1a4596a
Merge branch 'master' into develop
2016-06-23 11:17:48 +01:00
Martin Weinelt
0a32208e5d
Rework ldap integration with ldap3
...
Use the pure-python ldap3 library, which eliminates the need for a
system dependency.
Offer both a `search` and `simple_bind` mode, for more sophisticated
ldap scenarios.
- `search` tries to find a matching DN within the `user_base` while
employing the `user_filter`, then tries the bind when a single
matching DN was found.
- `simple_bind` tries the bind against a specific DN by combining the
localpart and `user_base`
Offer support for STARTTLS on a plain connection.
The configuration was changed to reflect these new possibilities.
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-06-22 17:51:59 +02:00
Mark Haines
13e334506c
Remove the legacy v0 content upload API.
...
The existing content can still be downloaded. The last upload to the
matrix.org server was in January 2015, so it is probably safe to remove
the upload API.
2016-06-21 11:47:39 +01:00
Erik Johnston
bc72d381b2
Merge branch 'release-v0.16.1' of github.com:matrix-org/synapse
2016-06-20 14:18:04 +01:00
Erik Johnston
3e41de05cc
Turn use_frozen_events off by default
2016-06-17 15:11:22 +01:00
Mark Haines
a352b68acf
Use worker_ prefixes for worker config, use existing support for multiple config files
2016-06-16 17:29:50 +01:00
Mark Haines
364d616792
Access the event_cache_size directly from the server object.
...
This means that the workers can override the event_cache_size
directly without clobbering the value in the main synapse config.
2016-06-16 12:53:15 +01:00
Mark Haines
bde13833cb
Access replication_url from the worker config directly
2016-06-16 12:44:40 +01:00
Mark Haines
80a1bc7db5
Comment on what's going on in clobber_with_worker_config
2016-06-16 11:29:45 +01:00
Mark Haines
dbb5a39b64
Add worker config module
2016-06-16 11:09:15 +01:00
Mark Haines
885ee861f7
Inline the synchrotron and pusher configs into the main config
2016-06-16 11:06:12 +01:00
Matthew Hodgson
33546b58aa
point to the CAPTCHA docs
2016-06-12 23:11:29 +01:00
Mark Haines
7dbb473339
Add function to load config without generating it
...
Renames ``load_config`` to ``load_or_generate_config``
Adds a method called ``load_config`` that just loads the
config.
The main synapse.app.homeserver will continue to use
``load_or_generate_config`` to retain backwards compat.
However new worker processes can use ``load_config`` to
load the config avoiding some of the cruft needed to generate
the config.
As the new ``load_config`` method is expected to be used by new
configs it removes support for the legacy commandline overrides
that ``load_or_generate_config`` supports
2016-06-09 18:50:38 +01:00
Erik Johnston
dded389ac1
Allow setting of gc.set_thresholds
2016-06-07 15:45:56 +01:00
Matthew Hodgson
79d1f072f4
brand the email from header
2016-06-02 21:34:40 +01:00
David Baker
6ca4d3ae9a
Add vector.im to default secondary_directory_servers and add comment explaining it's not a permanent solution
2016-05-31 17:24:50 +01:00
David Baker
e1625d62a8
Add federation room list servlet
2016-05-31 11:55:57 +01:00
Mark Haines
6a30a0bfd3
Move the functions for parsing app service config
2016-05-17 11:28:58 +01:00
Mark Haines
eb79110beb
Clean up the blacklist/whitelist handling.
...
Always set the config key with an empty list, even if a list isn't specified.
This means that the codepaths are the same for both the empty list and
for a missing key. Since the behaviour is the same for both cases this
makes the code somewhat easier to reason about.
2016-05-16 13:03:59 +01:00
Mark Haines
dd95eb4cb5
Merge branch 'develop' into matthew/preview_url_ip_whitelist
2016-05-16 12:59:41 +01:00
Negi Fazeli
40aa6e8349
Create user with expiry
...
- Add unittests for client, api and handler
Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
David Baker
c00b484eff
More consistent config naming
2016-05-10 14:39:16 +02:00
David Baker
94040b0798
Add config option to not send email notifs for new users
2016-05-10 14:34:53 +02:00
Matthew Hodgson
81c2176cba
fix layout; handle app naming in synapse, not jinja
2016-05-05 15:54:29 +01:00
Matthew Hodgson
17cbf773b9
fix assorted typos in default config
2016-05-04 11:38:01 +01:00
Matthew Hodgson
792def4928
add a url_preview_ip_range_whitelist config param so we can whitelist the matrix.org IP space
2016-05-01 12:44:24 +01:00
David Baker
83618d719a
Try imports in config
2016-04-29 19:13:52 +01:00
David Baker
765f2b8446
Default enable email notifs to False
2016-04-29 14:46:18 +01:00
David Baker
4b0c3a3270
Correct public_baseurl default
2016-04-29 14:30:15 +01:00
David Baker
5048455965
Nicer get() shorthand
2016-04-29 14:27:40 +01:00
David Baker
6c8957be7f
Remove redundant docstring
2016-04-29 14:25:28 +01:00
David Baker
18ce88bd2d
Correct default template and add text template
2016-04-29 14:24:25 +01:00
David Baker
40d40e470d
Send mail notifs with a plaintext part too
2016-04-29 13:56:21 +01:00
David Baker
acded821c4
Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs
2016-04-29 10:05:20 +01:00
David Baker
60f86fc876
pep8
2016-04-28 15:16:30 +01:00
David Baker
fa12209c1b
Hopefully all remaining bits for email notifs
...
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
2016-04-27 15:09:55 +01:00
Erik Johnston
52ecbc2843
Make pyjwt dependency optional
2016-04-25 14:30:15 +01:00
Mark Haines
2022ae0fb9
Merge pull request #746 from matrix-org/markjh/split_out_pusher
...
Optionally split out the pushers into a separate process
2016-04-22 11:34:08 +01:00
Erik Johnston
b9675ef6e6
Merge pull request #687 from nikriek/jwt-fix
...
Fix issues with JWT login
2016-04-21 17:42:25 +01:00
Mark Haines
a3ac837599
Optionally split out the pushers into a separate process
2016-04-21 17:22:37 +01:00
Niklas Riekenbrauck
565c2edb0a
Fix issues with JWT login
2016-04-21 18:10:48 +02:00
David Baker
2ed0adb075
Generate mails from a template
2016-04-20 18:35:29 +01:00
David Baker
f63bd4ff47
Send a rather basic email notif
...
Also pep8 fixes
2016-04-20 13:02:01 +01:00
Erik Johnston
f338bf9257
Give install requirements
2016-04-13 14:33:48 +01:00
Erik Johnston
bfe586843f
Add back in helpful description for missing url_preview_ip_range_blacklist
2016-04-13 13:52:57 +01:00
Erik Johnston
d0633e6dbe
Sanitize the optional dependencies for spider API
2016-04-13 13:38:09 +01:00
Matthew Hodgson
4bd3d25218
Merge pull request #688 from matrix-org/matthew/preview_urls
...
URL previewing support
2016-04-11 10:40:29 +01:00
Matthew Hodgson
af582b66bb
fix typo
2016-04-08 19:08:47 +01:00
Matthew Hodgson
dafef5a688
Add url_preview_enabled config option to turn on/off preview_url endpoint. defaults to off.
...
Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered.
Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered.
Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist
Add commentary and generally address PR feedback
2016-04-08 18:37:15 +01:00
Christoph Witzany
92767dd703
add tls property
2016-04-06 18:23:45 +02:00
Christoph Witzany
3d95405e5f
Introduce LDAP authentication
2016-04-06 18:23:45 +02:00
Matthew Hodgson
9f7dc2bef7
Merge branch 'develop' into matthew/preview_urls
2016-04-04 00:38:21 +01:00
Niklas Riekenbrauck
3f9948a069
Add JWT support
2016-03-29 14:36:36 +02:00
Matthew Hodgson
d9d48aad2d
Merge branch 'develop' into matthew/preview_urls
2016-03-27 22:54:42 +01:00
Erik Johnston
590fbbef03
Add config to create guest account on 3pid invite
...
Currently, when a 3pid invite request is sent to an identity server, it
includes a provisioned guest access token. This allows the link in the,
say, invite email to include the guest access token ensuring that the
same account is used each time the link is clicked.
This flow has a number of flaws, including when using different servers
or servers that have guest access disabled.
For now, we keep this implementation but hide it behind a config option
until a better flow is implemented.
2016-03-14 15:50:40 +00:00
Mark Haines
239badea9b
Use syntax that works on both py2.7 and py3
2016-03-07 20:13:10 +00:00
Patrik Oldsberg
5fc59f009c
config,handlers/_base: added homeserver config for what state is included in a room invite
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-03-04 10:43:17 +01:00
Matthew Hodgson
47c361d2f8
add 800x600 thumbnails to make vector look prettier (and anyone else who likes big thumbnails)
2016-03-02 15:57:54 +00:00
Erik Johnston
f078ecbc8f
Derive macaroon_secret_key from signing key.
...
Unfortunately, there are people that are running synapse without a
`macaroon_sercret_key` set. Mandating they set one is a good solution,
except that breaking auto upgrades is annoying.
2016-02-08 16:35:44 +00:00
Daniel Wagner-Hall
6a9f1209df
Error if macaroon key is missing from config
...
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-05 01:58:23 +00:00
Daniel Wagner-Hall
5054806ec1
Rename config field to reflect yaml name
2016-02-03 14:42:01 +00:00
Mark Haines
0fcafbece8
Add config option for setting the trusted id servers, disabling checking the ID server in integration tests
2016-01-29 14:12:26 +00:00
Matthew Hodgson
7dd0c1730a
initial WIP of a tentative preview_url endpoint - incomplete, untested, experimental, etc. just putting it here for safekeeping for now
2016-01-24 18:47:27 -05:00
Erik Johnston
5727922106
Merge pull request #473 from matrix-org/erikj/ssh_manhole
...
Change manhole to use ssh
2016-01-07 14:36:16 +00:00
Erik Johnston
5dc5e29b9c
s/telnet/ssh/
2016-01-07 14:02:57 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Robin Lambertz
4106477e7f
Config Comment mixup in captcha public/private key
2016-01-06 23:19:33 +01:00
Mads R. Christensen
6863466653
Added a single line to explain what the server_name is used for
2015-12-02 00:37:55 +01:00
Erik Johnston
06f74068f4
Comment
2015-11-19 13:05:51 +00:00
Erik Johnston
037ce4c68f
Split out text for missing config options.
...
This allows packages to more easily override the default messages to
include package specific options.
2015-11-18 18:37:05 +00:00
Steven Hammerton
f5e25c5f35
Merge branch 'develop' into sh-cas-auth-via-homeserver
2015-11-17 10:55:41 +00:00
Daniel Wagner-Hall
6a9c4cfd0b
Fix race creating directories
2015-11-12 11:58:48 +00:00
Steven Hammerton
414a4a71b4
Allow hs to do CAS login completely and issue the client with a login token that can be redeemed for the usual successful login response
2015-11-05 14:06:48 +00:00
Steven Hammerton
45f1827fb7
Add service URL to CAS config
2015-11-04 23:32:30 +00:00
Daniel Wagner-Hall
f522f50a08
Allow guests to register and call /events?room_id=
...
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Erik Johnston
259d10f0e4
Merge branch 'release-v0.10.1' of github.com:matrix-org/synapse into develop
2015-10-23 11:11:56 +01:00
Erik Johnston
5025ba959f
Add config option to disable password login
2015-10-22 10:37:04 +01:00
Mark Haines
f2f031fd57
Add config for how many bcrypt rounds to use for password hashes
...
By default we leave it at the default value of 12. But now we can reduce
it for preparing users for loadtests or running integration tests.
2015-10-16 14:52:08 +01:00
Mark Haines
9020860479
Only turn on the twisted deferred debugging if full_twisted_stacktraces is set in the config
2015-10-13 17:50:44 +01:00
Steven Hammerton
ab7f9bb861
Default cas_required_attributes to empty dictionary
2015-10-12 14:58:59 +01:00
Steven Hammerton
01a5f1991c
Support multiple required attributes in CAS response, and in a nicer config format too
2015-10-12 14:43:17 +01:00
Steven Hammerton
76421c496d
Allow optional config params for a required attribute and it's value, if specified any CAS user must have the given attribute and the value must equal
2015-10-12 11:11:49 +01:00
Steven Hammerton
c33f5c1a24
Provide ability to login using CAS
2015-10-10 10:49:42 +01:00
Daniel Wagner-Hall
b28c7da0a4
Preserve version string in user agent
2015-10-05 20:49:39 -05:00
Daniel Wagner-Hall
8fc52bc56a
Allow synapse's useragent to be customized
...
This will allow me to write tests which verify which server made HTTP
requests in a federation context.
2015-10-02 17:13:51 -05:00
Daniel Wagner-Hall
6d7f291b93
Front-load spaces
2015-09-22 13:13:07 +01:00
Daniel Wagner-Hall
7213588083
Implement configurable stats reporting
...
SYN-287
This requires that HS owners either opt in or out of stats reporting.
When --generate-config is passed, --report-stats must be specified
If an already-generated config is used, and doesn't have the
report_stats key, it is requested to be set.
2015-09-22 12:57:40 +01:00
Daniel Wagner-Hall
2c8f16257a
Merge pull request #272 from matrix-org/daniel/insecureclient
...
Allow configuration to ignore invalid SSL certs
2015-09-15 16:52:38 +01:00
Daniel Wagner-Hall
d4af08a167
Use shorter config key name
2015-09-15 15:50:13 +01:00
Paul "LeoNerd" Evans
9cd5b9a802
Hacky attempt at catching SIGHUP and rotating the logfile around
2015-09-14 19:03:53 +01:00
Daniel Wagner-Hall
2c746382e0
Merge branch 'daniel/insecureclient' into develop
2015-09-09 14:27:30 +01:00
Daniel Wagner-Hall
ddfe30ba83
Better document the intent of the insecure SSL setting
2015-09-09 13:26:23 +01:00
Daniel Wagner-Hall
81a93ddcc8
Allow configuration to ignore invalid SSL certs
...
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00