Erik Johnston
d59acb8c5b
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable
2015-09-14 18:05:31 +01:00
Erik Johnston
91cb3b630d
Merge pull request #265 from matrix-org/erikj/check_room_exists
...
Check room exists when authenticating an event
2015-09-14 17:56:18 +01:00
Erik Johnston
9b05ef6f39
Also check the domains for membership state_keys
2015-09-01 16:17:25 +01:00
Erik Johnston
187320b019
Merge branch 'erikj/check_room_exists' into erikj/unfederatable
2015-09-01 15:58:10 +01:00
Erik Johnston
b345853918
Check against sender rather than event_id
2015-09-01 15:57:35 +01:00
Erik Johnston
a88e16152f
Add flag which disables federation of the room
2015-09-01 15:47:30 +01:00
Erik Johnston
00149c063b
Fix tests
2015-09-01 15:42:03 +01:00
Erik Johnston
ab9e01809d
Check room exists when authenticating an event, by asserting they reference a creation event
2015-09-01 15:21:24 +01:00
Daniel Wagner-Hall
b854a375b0
Check domain of events properly
...
Federated servers still need to delegate authority to owning servers
2015-09-01 11:53:31 +01:00
Daniel Wagner-Hall
8256a8ece7
Allow users to redact their own events
2015-08-28 15:31:49 +01:00
Daniel Wagner-Hall
a9d8bd95e7
Stop looking up "admin", which we never read
2015-08-25 16:29:39 +01:00
Daniel Wagner-Hall
57619d6058
Re-wrap line
2015-08-25 16:25:46 +01:00
Daniel Wagner-Hall
a0b181bd17
Remove completely unused concepts from codebase
...
Removes device_id and ClientInfo
device_id is never actually written, and the matrix.org DB has no
non-null entries for it. Right now, it's just cluttering up code.
This doesn't remove the columns from the database, because that's
fiddly.
2015-08-25 16:23:06 +01:00
Daniel Wagner-Hall
13a6517d89
s/by_token/by_access_token/g
...
We're about to have two kinds of token, access and refresh
2015-08-20 16:01:29 +01:00
Erik Johnston
ee59af9ac0
Set request.authenticated_entity for application services
2015-08-18 15:17:47 +01:00
Daniel Wagner-Hall
45610305ea
Add missing space because linter
2015-08-11 16:43:27 +01:00
Daniel Wagner-Hall
88e03da39f
Minor docs cleanup
2015-08-11 16:35:28 +01:00
Daniel Wagner-Hall
9dba813234
Remove redundant if-guard
...
The startswith("@") does the job
2015-08-11 16:34:17 +01:00
Erik Johnston
016c089f13
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/power_level_sanity
2015-07-13 13:48:13 +01:00
Erik Johnston
a5ea22d468
Sanitize power level checks
2015-07-10 14:05:38 +01:00
Erik Johnston
7e3b14fe78
You shouldn't be able to ban/kick users with higher power levels
2015-07-10 14:05:38 +01:00
Erik Johnston
1a3255b507
Add m.room.history_visibility to newly created rooms' m.room.power_levels
2015-07-06 13:25:35 +01:00
Erik Johnston
00ab882ed6
Add m.room.history_visibility to list of auth events
2015-07-03 10:31:24 +01:00
Erik Johnston
cee69441d3
Log more when we have processed the request
2015-06-15 17:11:44 +01:00
Erik Johnston
22c7c5eb8f
Typo
2015-05-01 14:41:25 +01:00
Erik Johnston
42c12c04f6
Remove some run_on_reactors
2015-05-01 14:41:25 +01:00
Erik Johnston
adb5b76ff5
Don't log all auth events every time we call auth.check
2015-05-01 14:41:25 +01:00
Erik Johnston
80b4119279
Don't wait for storage of access_token
2015-05-01 13:14:05 +01:00
Mark Haines
9182f87664
Merge pull request #126 from matrix-org/csauth
...
Client / Server Auth Refactor
2015-04-28 11:00:27 +01:00
Paul "LeoNerd" Evans
38432d8c25
Merge branch 'develop' into invite_power_level
2015-04-27 17:09:25 +01:00
David Baker
6532b6e607
Merge branch 'develop' into csauth
...
Conflicts:
synapse/http/server.py
2015-04-24 09:37:54 +01:00
David Baker
a2c10d37d7
Add an error code to 'missing token' response.
2015-04-23 13:23:44 +01:00
Paul "LeoNerd" Evans
a16eaa0c33
Neater fetching of user's auth level in a room - squash to int() at access time (SYN-353)
2015-04-22 14:20:04 +01:00
Paul "LeoNerd" Evans
f43063158a
Appease pep8
2015-04-22 13:12:11 +01:00
Paul "LeoNerd" Evans
2808c040ef
Also remember to check 'invite' level for changes
2015-04-21 21:13:14 +01:00
Paul "LeoNerd" Evans
bc41f0398f
Initial implementation of an 'invite' power_level
2015-04-21 20:56:08 +01:00
Paul "LeoNerd" Evans
d3309933f5
Much neater fetching of defined powerlevels from m.room.power_levels state event
2015-04-21 20:53:23 +01:00
Paul "LeoNerd" Evans
b568c0231c
Remove debugging print statement accidentally committed
2015-04-21 20:21:14 +01:00
Paul "LeoNerd" Evans
3a7d7a3f22
Sanitise a user's powerlevel to an int() before numerical comparison, because otherwise Python is "helpful" with it (SYN-351)
2015-04-21 20:18:29 +01:00
David Baker
cb03fafdf1
Merge branch 'develop' into csauth
2015-04-17 13:51:10 +01:00
Paul "LeoNerd" Evans
399b5add58
Neater implementation of membership change auth checks, ensuring we can't forget to check if the calling user is a member of the room
2015-04-15 18:40:23 +01:00
Paul "LeoNerd" Evans
e6e130b9ba
Ensure that non-room-members cannot ban others, even if they do have enough powerlevel (SYN-343)
2015-04-15 18:07:33 +01:00
Kegan Dougal
ae8ff92e05
Fix a bug which causes a send event level of 0 to not be honoured.
...
Caused by a bad if check, which incorrectly executes for both 0 and None,
when None was the original intent.
2015-04-07 15:48:20 +01:00
David Baker
9aa0224cdf
unused import
2015-03-24 17:25:59 +00:00
David Baker
c7023f2155
1) Pushers are now associated with an access token
...
2) Change places where we mean unauthenticated to 401, not 403, in C/S v2: hack so it stays as 403 in v1 because web client relies on it.
2015-03-24 17:24:15 +00:00
Paul "LeoNerd" Evans
93978c5e2b
@cached() annotate get_user_by_token() - achieves a minor DB performance improvement
2015-03-17 17:24:51 +00:00
Erik Johnston
b2e6ee5b43
Remove concept of context.auth_events, instead use context.current_state
2015-03-16 13:06:23 +00:00
Erik Johnston
ea8590cf66
Make context.auth_events grap auth events from current state. Otherwise auth is wrong.
2015-03-16 00:18:08 +00:00
Erik Johnston
ab8229479b
Respect ban membership
2015-03-16 00:17:25 +00:00
Kegan Dougal
9978c5c103
Merge branch 'develop' into application-services
2015-02-11 10:03:24 +00:00