Commit Graph

14132 Commits

Author SHA1 Message Date
Matthew Hodgson
c0e0740bef add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
This commit adds two config options:

* `restrict_public_rooms_to_local_users`

Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.

* `require_auth_for_profile_requests`

When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.

MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.

Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Erik Johnston
c8c069db92
Merge pull request #5037 from matrix-org/erikj/limit_inflight_dns
Limit in flight DNS requests
2019-05-08 17:11:03 +01:00
Brendan Abolivier
1473058b5e
Do checks on aliases for incoming m.room.aliases events (#5128)
Follow-up to #5124

Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
2019-05-08 17:01:30 +01:00
Erik Johnston
de655e669a
Merge pull request #5104 from matrix-org/erikj/ratelimit_3pid_invite
Ratelimit 3pid invites
2019-05-07 10:12:49 +01:00
Richard van der Hoff
59e2d2694d
Remove the requirement to authenticate for /admin/server_version. (#5122)
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.

I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
2019-05-07 09:29:30 +01:00
Travis Ralston
3fdff14207 Fix spelling in server notices admin API docs (#5142) 2019-05-06 22:15:02 +01:00
Richard van der Hoff
4804206dbe Fix sample config
... after it got broken in 1565ebec2c.
2019-05-06 22:13:35 +01:00
Richard van der Hoff
836d3adcce Merge branch 'master' into develop 2019-05-03 19:25:01 +01:00
Richard van der Hoff
9b86d3dee6 Synapse 0.99.3.2 (2019-05-03)
=============================
 
 Internal Changes
 ----------------
 
 - Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAlzMgZwACgkQOSor00I9
 eP8Pxgf7BtwM5LrC/xGFKkE62U7bX4jE5EJ9gt+keN9+l5hnB75nBzyXpk0FY/CO
 lWOWeT3S0Nfkx5CqVjZ9I9Q83W3CAzcRO6Og3w4QRieoW74T/biCizIsYxHSjgeA
 LzwdGMMRtcoccxvi9uNgJID2LNsVHazNUKuGJNoqCXeeCkmmunSHbAb8TI9Cz7mU
 0Ul8oZV8zoOaf/Nzzh7WJJ+YsxprfGmUVD1ssWYzZvGotPw/wdAhlJJA3pzjAeBZ
 o94q/IMvA7baTEBUzAzMcJCEfxEueA9j/93eYJ4/dQcS6sqMN2GMTTaiXthkf2vQ
 9w+SgbvJqQG14lTJqPOYTHS1oud6PA==
 =3ooI
 -----END PGP SIGNATURE-----

Merge tag 'v0.99.3.2'

Synapse 0.99.3.2 (2019-05-03)
=============================

Internal Changes
----------------

- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
2019-05-03 19:24:42 +01:00
Richard van der Hoff
fa21455e08 0.99.3.2 2019-05-03 18:56:24 +01:00
Richard van der Hoff
0b5cf95607 include disco in deb build target list 2019-05-03 18:55:13 +01:00
Richard van der Hoff
dd76e5ca62
Merge pull request #5135 from matrix-org/rav/build_fixes
Build fixes
2019-05-03 18:54:49 +01:00
Richard van der Hoff
5485852b43 changelog 2019-05-03 18:36:55 +01:00
Richard van der Hoff
ecc0967315 Debian: we now need libpq-dev.
psycopg 2.8 is now out, which means that the C library gets built from source,
so we now need libpq-dev when building.

Turns out the need for this package is already documented in
docs/postgres.rst.
2019-05-03 18:34:34 +01:00
Richard van der Hoff
e3281d7d26 pin urllib3 to <1.25 2019-05-03 18:33:10 +01:00
Richard van der Hoff
f73f18fe7b changelog tweaks 2019-05-03 16:09:34 +01:00
Richard van der Hoff
863ec09622 0.99.3.1 2019-05-03 16:03:24 +01:00
Richard van der Hoff
a845abbf3a
Merge pull request #5134 from matrix-org/rav/url_preview_blacklist
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:59:20 +01:00
Richard van der Hoff
1565ebec2c more config comment updates 2019-05-03 15:50:59 +01:00
Richard van der Hoff
1acfb9e9f0
Merge pull request #5133 from matrix-org/rav/systemrandom
Use SystemRandom for token generation.
2019-05-03 15:39:30 +01:00
Richard van der Hoff
1a7104fde3 Blacklist 0.0.0.0 and :: by default for URL previews 2019-05-03 15:35:49 +01:00
Neil Johnson
60c3635f05
typo 2019-05-03 14:40:15 +01:00
Richard van der Hoff
247dc1bd0b Use SystemRandom for token generation 2019-05-03 13:02:55 +01:00
Erik Johnston
176f31c2e3 Rate limit early 2019-05-02 15:23:08 +01:00
Richard van der Hoff
12f9d51e82
Add admin api for sending server_notices (#5121) 2019-05-02 11:59:16 +01:00
Brendan Abolivier
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier
84196cb231 Add some limitations to alias creation 2019-05-02 11:05:11 +01:00
Richard van der Hoff
0836cbb9f5
Factor out an "assert_requester_is_admin" function (#5120)
Rather than copying-and-pasting the same four lines hundreds of times
2019-05-02 10:45:52 +01:00
Richard van der Hoff
1df2f80367
Merge pull request #5119 from matrix-org/rav/admin_api_urls
Move the admin API to `/_synapse/admin/v1`
2019-05-02 10:11:59 +01:00
Richard van der Hoff
f203c98794 fix examples 2019-05-01 17:49:56 +01:00
Richard van der Hoff
cc4bd762df Fix sample config 2019-05-01 16:48:23 +01:00
Richard van der Hoff
03ad6bd483 changelog 2019-05-01 15:44:30 +01:00
Richard van der Hoff
40e576e29c Move admin api impl to its own package
It doesn't really belong under rest/client/v1 any more.
2019-05-01 15:44:30 +01:00
Richard van der Hoff
8e9ca83537 Move admin API to a new prefix 2019-05-01 15:44:30 +01:00
Richard van der Hoff
579b637b6c Move admin API away from ClientV1RestServlet 2019-05-01 15:16:04 +01:00
Brendan Abolivier
c1799b0f85
Merge pull request #5116 from matrix-org/babolivier/account_expiration
Fix path in account validity admin route's doc
2019-05-01 11:59:56 +01:00
Brendan Abolivier
6aad81ec0c Rename changelog file 2019-05-01 11:50:15 +01:00
Brendan Abolivier
803a28fd1d Add changelog 2019-05-01 11:43:31 +01:00
Brendan Abolivier
031919dafb Fix whole path for admin route 2019-05-01 11:38:27 +01:00
Brendan Abolivier
d8e357b7cf Fix typo in account validity admin route 2019-05-01 11:34:22 +01:00
Travis Ralston
8c5b1e30d4
Add a default .m.rule.tombstone push rule (#4867)
* Add a default .m.rule.tombstone push rule

In support of MSC1930: https://github.com/matrix-org/matrix-doc/pull/1930

* changelog

* Appease the changelog linter
2019-04-29 15:40:31 -06:00
Richard van der Hoff
b31cc1c613
Merge pull request #5100 from matrix-org/rav/verification_hackery
Improve logging when event-signature checking fails
2019-04-29 13:19:32 +01:00
Erik Johnston
d6118c5be6 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/ratelimit_3pid_invite 2019-04-26 18:14:23 +01:00
Erik Johnston
19f0722b2c Newsfile 2019-04-26 18:08:33 +01:00
Erik Johnston
28a81ed62f Ratelimit 3pid invites
We do ratelimit sending the 3PID invite events, but that happens after
spamming the identity server.
2019-04-26 18:06:25 +01:00
Richard van der Hoff
63b75cf7d7
Merge pull request #5103 from matrix-org/rav/fix_notif_loop
Fix infinite loop in presence handler
2019-04-26 12:38:14 +01:00
Richard van der Hoff
bd0d45ca69 Fix infinite loop in presence handler
Fixes #5102
2019-04-26 11:14:49 +01:00
Richard van der Hoff
0962d3cdff changelog 2019-04-25 23:05:06 +01:00
Richard van der Hoff
837d7f85a9 more logging improvements 2019-04-25 22:17:59 +01:00
Richard van der Hoff
fd8fb32bdd remove extraneous exception logging 2019-04-25 22:02:03 +01:00