Neil Johnson
a2bfb778c8
improve auto room join logic, comments and tests
2018-10-12 18:17:36 +01:00
Neil Johnson
2dadc092b8
move logic into register, fix room alias localpart bug, tests
2018-10-04 17:00:27 +01:00
Matthew Hodgson
23b6a0537f
emit room aliases event
2018-09-29 02:19:37 +01:00
Matthew Hodgson
5b68f29f48
fix thinkos
2018-09-29 02:14:40 +01:00
Matthew Hodgson
8f646f2d04
fix UTs
2018-09-28 15:37:28 +01:00
Matthew Hodgson
07340cdaca
untested stab at autocreating autojoin rooms
2018-09-28 01:42:53 +01:00
Matthew Hodgson
d42d79e3c3
don't ratelimit autojoins
2018-09-15 22:27:41 +01:00
Neil Johnson
ea068d6f3c
fix bug where preserved threepid user comes to sign up and server is mau blocked
2018-08-31 10:49:14 +01:00
Neil Johnson
c74c71128d
remove blank line
2018-08-14 15:06:24 +01:00
Neil Johnson
99ebaed8e6
Update register.py
...
remove comments
2018-08-14 14:55:55 +01:00
Neil Johnson
f4b49152e2
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 21:09:47 +01:00
Neil Johnson
ce7de9ae6b
Revert "support admin_email config and pass through into blocking errors, return AuthError in all cases"
...
This reverts commit 0d43f991a1
.
2018-08-13 18:06:18 +01:00
Neil Johnson
0d43f991a1
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 18:00:23 +01:00
Amber Brown
b37c472419
Rename async to async_helpers because async
is a keyword on Python 3.7 ( #3678 )
2018-08-10 23:50:21 +10:00
Neil Johnson
e40a510fbf
py3 fix
2018-08-03 23:19:13 +01:00
Neil Johnson
886be75ad1
bug fixes
2018-08-03 22:29:03 +01:00
Neil Johnson
74b1d46ad9
do mau checks based on monthly_active_users table
2018-08-02 16:57:35 +01:00
Neil Johnson
085435e13a
Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limits
...
Initial impl of capping MAU
2018-08-01 15:58:45 +00:00
Amber Brown
da7785147d
Python 3: Convert some unicode/bytes uses ( #3569 )
2018-08-02 00:54:06 +10:00
Neil Johnson
7931393495
make count_monthly_users async synapse/handlers/auth.py
2018-08-01 10:21:56 +01:00
Neil Johnson
251e6c1210
limit register and sign in on number of monthly users
2018-07-30 15:55:57 +01:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Amber Brown
a61738b316
Remove run_on_reactor ( #3395 )
2018-06-14 18:27:37 +10:00
Richard van der Hoff
fed62e21ad
Infrastructure for a server notices room
...
Server Notices use a special room which the user can't dismiss. They are
created on demand when some other bit of the code calls send_notice.
(This doesn't actually do much yet becuse we don't call send_notice anywhere)
2018-05-17 17:58:25 +01:00
Krombel
6152e253d8
Merge branch 'develop' of into allow_auto_join_rooms
2018-03-28 14:45:28 +02:00
Erik Johnston
3e0c0660b3
Also do check inside linearizer
2018-03-27 13:01:34 +01:00
Erik Johnston
44cd6e1358
PEP8
2018-03-26 12:06:48 +01:00
Erik Johnston
a052aa42e7
Linearize calls to _generate_user_id
2018-03-26 12:02:20 +01:00
Krombel
91ea0202e6
move handling of auto_join_rooms to RegisterHandler
...
Currently the handling of auto_join_rooms only works when a user
registers itself via public register api. Registrations via
registration_shared_secret and ModuleApi do not work
This auto_joins the users in the registration handler which enables
the auto join feature for all 3 registration paths.
This is related to issue #2725
Signed-Off-by: Matthias Kesler <krombel@krombel.de>
2018-03-14 16:45:37 +01:00
Erik Johnston
8b3573a8b2
Refactor get_or_register_3pid_guest
2018-03-13 12:08:58 +00:00
Matthew Hodgson
447f4f0d5f
rewrite based on PR feedback:
...
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
2018-01-19 15:33:55 +00:00
Matthew Hodgson
9d332e0f79
fix up v1, and improve errors
2018-01-19 00:53:58 +00:00
Erik Johnston
825a07a974
Merge pull request #2773 from matrix-org/erikj/hash_bg
...
Do bcrypt hashing in a background thread
2018-01-10 18:11:41 +00:00
Erik Johnston
f8e1ab5fee
Do bcrypt hashing in a background thread
2018-01-10 18:01:28 +00:00
Matthew Hodgson
1bd40ca73e
switch to a simpler 'search_all_users' button as per review feedback
2017-12-04 14:58:39 +00:00
Matthew Hodgson
cd3697e8b7
kick the user_directory index when new users register
2017-11-29 18:33:34 +00:00
Richard van der Hoff
9b803ccc98
Revert "Allow upper-case characters in mxids"
...
This reverts commit b70b646903
.
2017-11-09 21:57:24 +00:00
Richard van der Hoff
b70b646903
Allow upper-case characters in mxids
...
Because we're never going to be able to fix this :'(
2017-11-09 19:36:13 +00:00
Richard van der Hoff
dd13310fb8
Move access token deletion into auth handler
...
Also move duplicated deactivation code into the auth handler.
I want to add some hooks when we deactivate an access token, so let's bring it
all in here so that there's somewhere to put it.
2017-11-01 15:46:22 +00:00
Richard van der Hoff
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Richard van der Hoff
29812c628b
Allow = in mxids and groupids
...
... because the spec says we should.
2017-10-20 23:42:53 +01:00
Richard van der Hoff
58fbbe0f1d
Disallow capital letters in userids
...
Factor out a common function for checking user ids and group ids, which forbids
capitals.
2017-10-20 23:37:22 +01:00
Erik Johnston
bf81f3cf2c
Split out profile handler to fix tests
2017-08-25 14:34:56 +01:00
Luke Barnard
ccad2ed824
Modify condition on empty localpart
2017-05-10 17:34:30 +01:00
Luke Barnard
369195caa5
Modify register/available to be GET with query param
...
- GET is now the method for register/available
- a query parameter "username" is now used
Also, empty usernames are now handled with an error message on registration or via register/available: `User ID cannot be empty`
2017-05-10 17:23:55 +01:00
Erik Johnston
51adaac953
Fix email push in pusher worker
...
This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.
2017-02-02 10:53:36 +00:00
Richard van der Hoff
1529c19675
Prevent user tokens being used as guest tokens ( #1675 )
...
Make sure that a user cannot pretend to be a guest by adding 'guest = True'
caveats.
2016-12-06 15:31:37 +00:00
Richard van der Hoff
1c4f05db41
Stop putting a time caveat on access tokens
...
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.
Let's move in the right direction by not lying in our caveats.
2016-11-29 16:49:41 +00:00
Patrik Oldsberg
7b5546d077
rest/client/v1/register: use the correct requester in createUser
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-10-06 22:12:32 +02:00
Patrik Oldsberg
9bfc617791
storage/appservice: make appservice methods only relying on the cache synchronous
2016-10-06 15:24:59 +02:00
Paul "LeoNerd" Evans
05f6447301
Forbid non-ASes from registering users whose names begin with '_' (SYN-738)
2016-07-27 17:54:26 +01:00
Richard van der Hoff
eb359eced4
Add create_requester
function
...
Wrap the `Requester` constructor with a function which provides sensible
defaults, and use it throughout
2016-07-26 16:46:53 +01:00
Richard van der Hoff
40cbffb2d2
Further registration refactoring
...
* `RegistrationHandler.appservice_register` no longer issues an access token:
instead it is left for the caller to do it. (There are two of these, one in
`synapse/rest/client/v1/register.py`, which now simply calls
`AuthHandler.issue_access_token`, and the other in
`synapse/rest/client/v2_alpha/register.py`, which is covered below).
* In `synapse/rest/client/v2_alpha/register.py`, move the generation of
access_tokens into `_create_registration_details`. This means that the normal
flow no longer needs to call `AuthHandler.issue_access_token`; the
shared-secret flow can tell `RegistrationHandler.register` not to generate a
token; and the appservice flow continues to work despite the above change.
2016-07-19 18:46:19 +01:00
Negar Fazeli
0136a522b1
Bug fix: expire invalid access tokens
2016-07-13 15:00:37 +02:00
Erik Johnston
651faee698
Add an admin option to shared secret registration
2016-07-05 17:30:22 +01:00
Kent Shikama
bb069079bb
Fix style violations
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04 22:07:11 +09:00
Kent Shikama
fc8007dbec
Optionally include password hash in createUser endpoint
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-03 15:08:15 +09:00
Mark Haines
0c13d45522
Add a comment on why we don't create a profile for upgrading users
2016-06-17 19:18:53 +01:00
Mark Haines
9f1800fba8
Remove registered_users from the distributor.
...
The only place that was observed was to set the profile. I've made it
so that the profile is set within store.register in the same transaction
that creates the user.
This required some slight changes to the registration code for upgrading
guest users, since it previously relied on the distributor swallowing errors
if the profile already existed.
2016-06-17 19:14:16 +01:00
Negar Fazeli
6e7dc7c7dd
Fix a bug caused by a change in auth_handler function
...
Fix the relevant unit test cases
2016-06-08 23:22:39 +02:00
David Baker
4a10510cd5
Split out the auth handler
2016-06-02 13:31:45 +01:00
Negi Fazeli
6fe04ffef2
Fix set profile error with Requester.
...
Replace flush_user with delete access token due to function removal
Add a new test case for if the user is already registered
2016-05-23 19:50:28 +02:00
Negi Fazeli
40aa6e8349
Create user with expiry
...
- Add unittests for client, api and handler
Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
Mark Haines
b9ee5650b0
Move all the wrapper functions for distributor.fire
...
Move the functions inside the distributor and import them
where needed. This reduces duplication and makes it possible
for flake8 to detect when the functions aren't used in a
given file.
2016-04-08 11:01:38 +01:00
David Baker
a7daa5ae13
Make registration idempotent, part 2: be idempotent if the client specifies a username.
2016-03-16 19:36:57 +00:00
Daniel Wagner-Hall
465605d616
Store appservice ID on register
2016-03-10 15:58:22 +00:00
Mark Haines
239badea9b
Use syntax that works on both py2.7 and py3
2016-03-07 20:13:10 +00:00
Patrik Oldsberg
9c48f1ed22
handlers/register: make sure another user id is generated when a collision occurs
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-02-29 23:12:37 +01:00
Daniel Wagner-Hall
33300673b7
Generate guest access token on 3pid invites
...
This means that following the same link across multiple sessions or
devices can re-use the same guest account.
Note that this is somewhat of an abuse vector; we can't throw up
captchas on this flow, so this is a way of registering ephemeral
accounts for spam, whose sign-up we don't rate limit.
2016-02-24 14:41:25 +00:00
Daniel Wagner-Hall
dc6da63e30
Enforce user_id exclusivity for AS registrations
...
This whole set of checks is kind of an ugly mess, which I may clean up
at some point, but for now let's be correct.
2016-02-11 17:37:38 +00:00
Erik Johnston
2c1fbea531
Fix up logcontexts
2016-02-08 14:26:45 +00:00
Daniel Wagner-Hall
79a1c0574b
Allocate guest user IDs numericcally
...
The current random IDs are ugly and confusing when presented in UIs.
This makes them prettier and easier to read.
Also, disable non-automated registration of numeric IDs so that we don't
need to worry so much about people carving out our automated address
space and us needing to keep retrying ID registration.
2016-02-05 11:22:30 +00:00
Daniel Wagner-Hall
d83d004ccd
Fix flake8 warnings for new flake8
2016-02-02 17:18:50 +00:00
David Baker
69214ea671
Pass make_guest whne we autogen a user ID
2016-02-02 14:42:31 +00:00
Erik Johnston
7959e8b764
Underscores are allowed in user ids
2016-01-22 14:59:49 +00:00
Erik Johnston
b088291f14
Don't explode when given a unicode username in /register/
2016-01-20 15:40:25 +00:00
David Baker
5819b7a78c
M_INVALID_USERNAME to be consistent with the parameter name
2016-01-15 10:06:34 +00:00
David Baker
3f8db3d597
Add specific error code for invalid user names.
2016-01-14 17:21:04 +00:00
David Baker
09dc9854cd
comma style
2016-01-06 17:44:10 +00:00
David Baker
c79f221192
Add is_guest flag to users db to track whether a user is a guest user or not. Use this so we can run _filter_events_for_client when calculating event_push_actions.
2016-01-06 11:38:09 +00:00
Daniel Wagner-Hall
cfd07aafff
Allow guests to upgrade their accounts
2016-01-05 18:01:18 +00:00
Matthew Hodgson
c8ea2d5b1f
Merge pull request #450 from matrix-org/matthew/no-identicons
...
Matthew/no identicons
2015-12-18 18:14:06 +00:00
David Baker
ce4999268a
Fix typo that broke registration on the mobile clients
2015-12-18 10:07:28 +00:00
Matthew Hodgson
64374bda5b
fix indentation level
2015-12-17 23:04:53 +00:00
Matthew Hodgson
772ad4f715
stop generating default identicons. reverts most of 582019f870
and solves vector-web/vector-im#346
2015-12-17 23:04:20 +00:00
Mark Haines
478b4e3ed4
Reuse the captcha client rather than creating a new one for each request
2015-12-03 13:48:55 +00:00
Mark Haines
a9526831a4
Wrap calls to distributor.fire in appropriately named functions so that static analysis can work out want is calling what
2015-12-01 20:53:04 +00:00
Daniel Wagner-Hall
f522f50a08
Allow guests to register and call /events?room_id=
...
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Daniel Wagner-Hall
86fac9c95e
Remove unused import
2015-08-26 16:03:17 +01:00
Daniel Wagner-Hall
3063383547
Swap out bcrypt for md5 in tests
...
This reduces our ~8 second sequential test time down to ~7 seconds
2015-08-26 15:59:32 +01:00
Daniel Wagner-Hall
d3c0e48859
Merge erikj/user_dedup to develop
2015-08-26 13:42:45 +01:00
Daniel Wagner-Hall
617501dd2a
Move token generation to auth handler
...
I prefer the auth handler to worry about all auth, and register to call
into it as needed, than to smatter auth logic between the two.
2015-08-20 11:35:56 +01:00
Daniel Wagner-Hall
70e265e695
Re-add whitespace around caveat operators
2015-08-19 14:30:31 +01:00
Daniel Wagner-Hall
ce832c38d4
Remove padding space around caveat operators
2015-08-18 17:39:26 +01:00
Daniel Wagner-Hall
3e6fdfda00
Fix some formatting to use tuples
2015-08-18 15:18:50 +01:00
Daniel Wagner-Hall
2d3462714e
Issue macaroons as opaque auth tokens
...
This just replaces random bytes with macaroons. The macaroons are not
inspected by the client or server.
In particular, they claim to have an expiry time, but nothing verifies
that they have not expired.
Follow-up commits will actually enforce the expiration, and allow for
token refresh.
See https://bit.ly/matrix-auth for more information
2015-08-18 14:22:02 +01:00
Daniel Wagner-Hall
415c2f0549
Simplify LoginHander and AuthHandler
...
* Merge LoginHandler -> AuthHandler
* Add a bunch of documentation
* Improve some naming
* Remove unused branches
I will start merging the actual logic of the two handlers shortly
2015-08-12 15:49:37 +01:00
Kegan Dougal
a4d62ba36a
Fix v2_alpha registration. Add unit tests.
...
V2 Registration forced everyone (including ASes) to create a password for a
user, when ASes should be able to omit passwords. Also unbreak AS registration
in general which checked too early if the given username was claimed by an AS;
it was checked before knowing if the AS was the one doing the registration! Add
unit tests for AS reg, user reg and disabled_registration flag.
2015-07-28 17:34:12 +01:00
Muthu Subramanian
f53bae0c19
code beautify
2015-07-08 16:05:46 +05:30
Muthu Subramanian
81682d0f82
Integrate SAML2 basic authentication - uses pysaml2
2015-07-08 15:36:54 +05:30
Mark Haines
dfa98f911b
revert accidental bcrypt gensalt round reduction from loadtesting
2015-05-07 17:45:42 +01:00
Mark Haines
ef8e8ebd91
pynacl-0.3.0 was released so we can finally start using it directly from pypi
2015-05-07 16:46:51 +01:00
David Baker
4eea5cf6c2
pep8
2015-04-17 16:46:45 +01:00
David Baker
83b554437e
Need to yield the username check, otherwise very very weird things happen.
2015-04-17 12:57:25 +01:00
David Baker
4cd5fb13a3
Oops, left debugging in.
2015-04-16 20:03:13 +01:00
David Baker
ea1776f556
Return user ID in use error straight away
2015-04-16 19:56:44 +01:00
David Baker
a19b739909
Regstration with email in v2
2015-04-15 15:50:38 +01:00
David Baker
59bf16eddc
New registration for C/S API v2. Only ReCAPTCHA working currently.
2015-03-30 18:13:10 +01:00
Erik Johnston
f88db7ac0b
Factor out user id validation checks
2015-03-18 11:34:18 +00:00
Kegan Dougal
58ff066064
Implement exclusive namespace checks.
2015-02-27 13:51:41 +00:00
Kegan Dougal
9978c5c103
Merge branch 'develop' into application-services
2015-02-11 10:03:24 +00:00
Mark Haines
b085fac735
Code-style fixes
2015-02-10 16:30:48 +00:00
Kegan Dougal
53557fc532
Merge branch 'develop' into application-services
2015-02-09 15:20:56 +00:00
Matthew Hodgson
37b6b880ef
don't give up if we can't create default avatars during tests
2015-02-07 21:24:08 +00:00
Matthew Hodgson
582019f870
...and here's the actual impl. git fail.
2015-02-07 13:32:14 +00:00
Kegan Dougal
73a680b2a8
Add errcodes for appservice registrations.
2015-02-06 17:10:04 +00:00
Kegan Dougal
0227618d3c
Add m.login.application_service registration procedure.
...
This allows known application services to register any user ID under their
own user namespace(s).
2015-02-05 17:29:27 +00:00
Kegan Dougal
cab4c73088
Prevent user IDs in AS namespaces being created/deleted by humans.
2015-02-05 16:46:56 +00:00
Kegan Dougal
96d4bf9012
Modify API for SimpleHttpClient.get_json and update usages.
...
Previously, this would only return the HTTP body as JSON, and discard other
response information (e.g. the HTTP response code). This has now been changed
to throw a CodeMessageException on a non-2xx response, with the response code
and body, which can then be parsed as JSON.
Affected modules include:
- Registration/Login (when using an email for IS auth)
2015-02-04 17:07:31 +00:00
David Baker
e32ded7b3e
Add matrix.org as a trusted ID server because it's now passed through on ports 80/443 and the web client defaults to that now. Fixes email validation (including signing up with an email address).
2015-01-28 10:09:54 +00:00
Mark Haines
adb04b1e57
Update copyright notices
2015-01-06 13:21:39 +00:00
Erik Johnston
a295a3c691
Fix registration
2014-12-08 09:24:37 +00:00
Mark Haines
610c2ea131
Fix pep8 and pyflakes warnings
2014-11-20 18:00:10 +00:00
David Baker
f1c7f8e813
Merge branch 'develop' into http_client_refactor
2014-11-20 17:49:48 +00:00
David Baker
e377d33652
Separate out the matrix http client completely because just about all of its code it now separate from the simple case we need for standard HTTP(S)
2014-11-20 17:41:56 +00:00
Mark Haines
32090aee16
Add a few missing yields, Move deferred lists inside PreserveLoggingContext because they don't interact well with the logging contexts
2014-11-20 16:24:00 +00:00
David Baker
20326054da
Oops, I removed this param.
2014-11-20 15:24:38 +00:00
David Baker
dc60eee50e
Refactor the HTTP clients a little.
2014-11-20 13:53:34 +00:00
Erik Johnston
1c6825cc7a
Use python logger, not the twisted logger
2014-11-03 10:16:28 +00:00
Mark Haines
7d709542ca
Fix pep8 warnings
2014-10-30 11:10:17 +00:00
Mark Haines
4be99c2989
Add get_json method to 3pid http client. Better logging for errors in 3pid requests
2014-10-20 14:10:08 +01:00
Mark Haines
b9cdc443d7
Fix pyflakes errors
2014-10-02 14:37:30 +01:00
Mark Haines
4f11518934
Split PlainHttpClient into separate clients for talking to Identity servers and talking to Capatcha servers
2014-10-02 14:03:26 +01:00
Kegan Dougal
285ecaacd0
Split out password/captcha/email logic.
2014-09-15 12:42:36 +01:00
Kegan Dougal
b5749c75d9
Reload captchas when they fail. Cleanup on success.
2014-09-05 23:08:39 -07:00
Kegan Dougal
3ea6f01b4e
80 chars please
2014-09-05 22:55:29 -07:00
Kegan Dougal
37e53513b6
Add config opion for XFF headers when performing ReCaptcha auth.
2014-09-05 22:51:11 -07:00
Kegan Dougal
1829b55bb0
Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message.
2014-09-05 19:18:23 -07:00
David Baker
d72ce4da64
Merge branch 'develop' of github.com:matrix-org/synapse into develop
...
Conflicts:
synapse/http/client.py
2014-09-03 18:25:17 +01:00
David Baker
d6ecbbdf0a
Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server).
2014-09-03 18:22:27 +01:00
Matthew Hodgson
8a7c1d6a00
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 17:31:57 +01:00
Matthew Hodgson
f98e6380f1
add in whitespace after copyright statements to improve legibility
2014-08-13 03:14:34 +01:00
matrix.org
4f475c7697
Reference Matrix Home Server
2014-08-12 15:10:52 +01:00