760 Commits

Author	SHA1	Message	Date
Richard van der Hoff	93efcb8526	Merge pull request #928 from matrix-org/rav/refactor_login ... Refactor login flow	2016-07-18 16:12:35 +01:00
Richard van der Hoff	dcfd71aa4c	Refactor login flow ... Make sure that we have the canonical user_id *before* calling get_login_tuple_for_user_id. Replace login_with_password with a method which just validates the password, and have the caller call get_login_tuple_for_user_id. This brings the password flow into line with the other flows, and will give us a place to register the device_id if necessary.	2016-07-18 15:23:54 +01:00
Will Hunt	511a52afc8	Use body.get to check for 'user'	2016-07-16 18:44:08 +01:00
Will Hunt	e885e2a623	Fall back to 'username' if 'user' is not given for appservice reg.	2016-07-16 18:33:48 +01:00
Erik Johnston	a3036ac37e	Merge pull request #921 from matrix-org/erikj/account_deactivate ... Feature: Add an /account/deactivate endpoint	2016-07-14 17:25:15 +01:00
Erik Johnston	209e04fa11	Merge pull request #918 from negzi/bugfix_for_token_expiry ... Bug fix: expire invalid access tokens	2016-07-14 15:51:52 +01:00
Erik Johnston	848d3bf2e1	Add hs object	2016-07-14 10:25:52 +01:00
Erik Johnston	b55c770271	Only accept password auth	2016-07-14 10:00:38 +01:00
Erik Johnston	d543b72562	Add an /account/deactivate endpoint	2016-07-14 09:56:53 +01:00
Negar Fazeli	0136a522b1	Bug fix: expire invalid access tokens	2016-07-13 15:00:37 +02:00
David Baker	c55ad2e375	be more pythonic	2016-07-12 14:15:10 +01:00
David Baker	aaa9d9f0e1	on_OPTIONS isn't neccessary	2016-07-12 14:13:14 +01:00
David Baker	75fa7f6b3c	Remove other debug logging	2016-07-12 14:08:57 +01:00
David Baker	a5db0026ed	Separate out requestTokens to separate handlers	2016-07-11 09:57:07 +01:00
David Baker	9c491366c5	Oops, remove debug logging	2016-07-11 09:07:40 +01:00
David Baker	385aec4010	Implement https://github.com/matrix-org/matrix-doc/pull/346/files	2016-07-08 17:42:48 +01:00
Erik Johnston	67f2c901ea	Add rest servlet. Fix SQL.	2016-07-06 15:56:59 +01:00
Erik Johnston	a17e7caeb7	Merge branch 'erikj/shared_secret' into erikj/test2	2016-07-06 14:46:31 +01:00
Erik Johnston	76b18df3d9	Check that there are no null bytes in user and passsword	2016-07-06 11:17:53 +01:00
Erik Johnston	0da24cac8b	Add null separator to hmac	2016-07-06 11:05:16 +01:00
Erik Johnston	651faee698	Add an admin option to shared secret registration	2016-07-05 17:30:22 +01:00
Erik Johnston	caf33b2d9b	Protect password when registering using shared secret	2016-07-05 17:18:19 +01:00
Erik Johnston	2d21d43c34	Add purge_history API	2016-07-05 10:28:51 +01:00
Kent Shikama	bb069079bb	Fix style violations ... Signed-off-by: Kent Shikama <kent@kentshikama.com>	2016-07-04 22:07:11 +09:00
Kent Shikama	2e5a31f197	Use .get() instead of [] to access password_hash	2016-07-04 22:00:13 +09:00
Kent Shikama	fc8007dbec	Optionally include password hash in createUser endpoint ... Signed-off-by: Kent Shikama <kent@kentshikama.com>	2016-07-03 15:08:15 +09:00
Erik Johnston	f328d95cef	Feature: Add deactivate account admin API ... Allows server admins to "deactivate" accounts, which: - Revokes all access tokens - Removes all threepids - Removes password The API is a POST to `/admin/deactivate/<user_id>`	2016-06-30 15:40:58 +01:00
Erik Johnston	f52cb4cd78	Remove race	2016-06-29 15:24:50 +01:00
Erik Johnston	a70688445d	Implement purge_media_cache admin API	2016-06-29 14:57:59 +01:00
Erik Johnston	314b146b2e	Track approximate last access time for remote media	2016-06-29 11:41:20 +01:00
Mark Haines	13e334506c	Remove the legacy v0 content upload API. ... The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.	2016-06-21 11:47:39 +01:00
Erik Johnston	09a17f965c	Line lengths	2016-06-15 16:58:12 +01:00
Erik Johnston	1e9026e484	Handle floats as img widths	2016-06-15 16:58:05 +01:00
Erik Johnston	a60169ea09	Handle og props with not content	2016-06-15 16:57:48 +01:00
Erik Johnston	eba4ff1bcb	502 on /thumbnail when can't contact remote server	2016-06-09 11:29:43 +01:00
Erik Johnston	95f305c35a	Remove redundant exception log in /events	2016-06-09 11:15:04 +01:00
Erik Johnston	690029d1a3	Don't make rooms visibile by default	2016-06-08 14:47:42 +01:00
Erik Johnston	efeabd3180	Log user that is making /publicRooms calls	2016-06-08 14:23:15 +01:00
Erik Johnston	6a0afa582a	Load push rules in storage layer, so that they get cached	2016-06-03 11:10:00 +01:00
David Baker	1f31cc37f8	Working unsubscribe links going straight to the HS ... and authed by macaroons that let you delete pushers and nothing else	2016-06-02 17:21:31 +01:00
David Baker	3a3fb2f6f9	Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribe	2016-06-02 13:35:25 +01:00
David Baker	4a10510cd5	Split out the auth handler	2016-06-02 13:31:45 +01:00
David Baker	991af8b0d6	WIP on unsubscribing email notifs without logging in	2016-06-01 17:40:52 +01:00
David Baker	d240796ded	Basic, un-cached support for secondary_directory_servers	2016-05-31 17:20:07 +01:00
David Baker	887c6e6f05	Split out the room list handler ... So I can use it from federation bits without pulling in all the handlers.	2016-05-31 11:05:16 +01:00
Kegan Dougal	332d7e9b97	Allow clients to specify a server_name to avoid 'No known servers' ... Multiple server_names are supported via ?server_name=foo&server_name=bar	2016-05-19 13:50:52 +01:00
Mark Haines	0cb441fedd	Move typing handler out of the Handlers object	2016-05-17 15:58:46 +01:00
Mark Haines	f68eea808a	Move SyncHandler out of the Handlers object	2016-05-16 20:19:26 +01:00
Mark Haines	3b86ecfa79	Move the presence handler out of the Handlers object	2016-05-16 18:56:37 +01:00
Mark Haines	eb79110beb	Clean up the blacklist/whitelist handling. ... Always set the config key with an empty list, even if a list isn't specified. This means that the codepaths are the same for both the empty list and for a missing key. Since the behaviour is the same for both cases this makes the code somewhat easier to reason about.	2016-05-16 13:03:59 +01:00