Commit Graph

456 Commits

Author SHA1 Message Date
Daniel Wagner-Hall
2df6114bc4 Log more diagnostics for unrecognised access tokens 2016-02-02 19:21:49 +00:00
Daniel Wagner-Hall
d83d004ccd Fix flake8 warnings for new flake8 2016-02-02 17:18:50 +00:00
Erik Johnston
35981c8b71 Fix test 2016-01-28 17:20:05 +00:00
Erik Johnston
8c6012a4af Fix tests 2016-01-25 13:12:35 +00:00
Erik Johnston
4021f95261 Move logic from rest/ to handlers/ 2016-01-25 10:10:44 +00:00
Erik Johnston
975903ae17 Sanitize filters 2016-01-22 10:41:30 +00:00
Daniel Wagner-Hall
808a8aedab Don't error on AS non-ghost user use
This will probably go away either when we fix our existing ASes, or when
we kill the concept of non-ghost users.
2016-01-18 16:33:05 +00:00
Daniel Wagner-Hall
74474a6d63 Pull out app service user lookup
I find this a lot simpler than nested try-catches and stuff
2016-01-18 16:32:33 +00:00
Daniel Wagner-Hall
ac5a4477ad Require unbanning before other membership changes 2016-01-15 16:27:26 +00:00
David Baker
5819b7a78c M_INVALID_USERNAME to be consistent with the parameter name 2016-01-15 10:06:34 +00:00
David Baker
3f8db3d597 Add specific error code for invalid user names. 2016-01-14 17:21:04 +00:00
Daniel Wagner-Hall
7d09ab8915 Require AS users to be registered before use 2016-01-13 13:19:47 +00:00
Daniel Wagner-Hall
2110e35fd6 Introduce a Requester object
This tracks data about the entity which made the request. This is
instead of passing around a tuple, which requires call-site
modifications every time a new piece of optional context is passed
around.

I tried to introduce a User object. I gave up.
2016-01-11 17:48:45 +00:00
Matthew Hodgson
6c28ac260c copyrights 2016-01-07 04:26:29 +00:00
Mark Haines
392773ccb2 Guest users must be joined to a room to see it in /sync 2016-01-06 16:44:13 +00:00
Daniel Wagner-Hall
cfd07aafff Allow guests to upgrade their accounts 2016-01-05 18:01:18 +00:00
Mark Haines
0ee0138325 Include the list of bad room ids in the error 2015-12-22 15:49:32 +00:00
Mark Haines
c058625959 Merge remote-tracking branch 'origin/develop' into markjh/guest_access
Conflicts:
	synapse/api/filtering.py
2015-12-22 13:58:18 +00:00
Mark Haines
b9b4466d0d Add top level filters for filtering by room id
Documented by matrix-org/matrix-doc#246
2015-12-22 11:40:32 +00:00
Mark Haines
45a9e0ae0c Allow guest access if the user provides a list of rooms in the filter 2015-12-22 10:25:46 +00:00
Mark Haines
489a4cd1cf Add top level filtering by room id 2015-12-21 21:10:41 +00:00
Daniel Wagner-Hall
8c5f252edb Strip address and such out of 3pid invites
We're not meant to leak that into the graph
2015-12-17 18:09:51 +01:00
Mark Haines
660dee94af Only include the archived rooms if a include_leave flag in set in the filter 2015-12-04 17:32:09 +00:00
Mark Haines
95f30ecd1f Add API for setting account_data globaly or on a per room basis 2015-12-01 18:41:32 +00:00
Erik Johnston
17dd5071ef Allow user to redact with an equal power
Users only need their power level to be equal to the redact level for
them to be allowed to redact events.
2015-11-26 11:17:57 +00:00
Paul "LeoNerd" Evans
1cfda3d2d8 Merge branch 'develop' into daniel/forgetrooms 2015-11-19 16:53:13 +00:00
Mark Haines
7a802ec0ff Merge pull request #386 from matrix-org/markjh/rename_pud_to_account_data
s/private_user_data/account_data/
2015-11-19 15:21:35 +00:00
Daniel Wagner-Hall
248cfd5eb3 Take a boolean not a list of lambdas 2015-11-19 15:16:25 +00:00
Mark Haines
1c960fbb80 s/private_user_data/account_data/ 2015-11-18 15:31:04 +00:00
Daniel Wagner-Hall
ba26eb3d5d Allow users to forget rooms 2015-11-17 17:17:30 -05:00
Steven Hammerton
f20d064e05 Always check guest = true in macaroons 2015-11-17 10:58:05 +00:00
Steven Hammerton
f5e25c5f35 Merge branch 'develop' into sh-cas-auth-via-homeserver 2015-11-17 10:55:41 +00:00
Steven Hammerton
dd2eb49385 Share more code between macaroon validation 2015-11-11 11:12:35 +00:00
Daniel Wagner-Hall
38d82edf0e Allow guest users to join and message rooms 2015-11-10 16:57:13 +00:00
Daniel Wagner-Hall
2cebe53545 Exchange 3pid invites for m.room.member invites 2015-11-05 16:43:19 +00:00
Mark Haines
7a369e8a55 Merge pull request #347 from matrix-org/markjh/check_filter
Remove fields that are both unspecified and unused from the filter checks
2015-11-05 11:15:39 +00:00
Daniel Wagner-Hall
f522f50a08 Allow guests to register and call /events?room_id=
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Mark Haines
285d056629 Remove fields that are both unspecified and unused from the filter checks, check the right top level definitions in the filter 2015-11-04 15:47:19 +00:00
Mark Haines
57be722c46 Include room tags in v2 /sync 2015-11-02 16:23:15 +00:00
Daniel Wagner-Hall
216c976399 Merge pull request #323 from matrix-org/daniel/sizelimits
Reject events which are too large
2015-10-23 11:26:03 +01:00
Mark Haines
b051781ddb Merge pull request #325 from matrix-org/markjh/filter_dicts
Support filtering events represented as dicts.
2015-10-22 17:14:52 +01:00
Mark Haines
4e05aab4f7 Don't assume that the event has a room_id or sender 2015-10-22 17:08:59 +01:00
Mark Haines
9b6f3bc742 Support filtering events represented as dicts.
This is useful because the emphemeral events such as presence and
typing are represented as dicts inside synapse.
2015-10-22 16:38:03 +01:00
Daniel Wagner-Hall
e60dad86ba Reject events which are too large
SPEC-222
2015-10-22 11:44:31 +01:00
Erik Johnston
5c41224a89 Filter room ids before hitting the database 2015-10-21 10:09:26 +01:00
Erik Johnston
87deec824a Docstring 2015-10-20 15:47:42 +01:00
Erik Johnston
45cd2b0233 Refactor api.filtering to have a Filter API 2015-10-20 15:33:25 +01:00
Daniel Wagner-Hall
137fafce4e Allow rejecting invites
This is done by using the same /leave flow as you would use if you had
already accepted the invite and wanted to leave.
2015-10-20 11:58:58 +01:00
Daniel Wagner-Hall
0e5239ffc3 Stuff signed data in a standalone object
Makes both generating it in sydent, and verifying it here, simpler at
the cost of some repetition
2015-10-16 17:45:48 +01:00
Daniel Wagner-Hall
c225d63e9e Add signing host and keyname to signatures 2015-10-16 15:07:56 +01:00
Daniel Wagner-Hall
b8dd5b1a2d Verify third party ID server certificates 2015-10-16 14:54:54 +01:00
Daniel Wagner-Hall
f38df51e8d Merge branch 'develop' into daniel/3pidinvites 2015-10-15 11:51:55 +01:00
Daniel Wagner-Hall
0c38e8637f Remove unnecessary class-wrapping 2015-10-13 18:00:38 +01:00
Daniel Wagner-Hall
95e53ac535 Add some docstring 2015-10-13 17:18:24 +01:00
Daniel Wagner-Hall
17dffef5ec Move event contents into third_party_layout field 2015-10-13 15:48:12 +01:00
Mark Haines
2fa9e23e04 Update the v2 filters to support filtering presence and remove support for public/private user data 2015-10-13 14:12:43 +01:00
Daniel Wagner-Hall
7c809abe86 Merge branch 'develop' into daniel/3pidinvites 2015-10-06 10:24:32 -05:00
Daniel Wagner-Hall
1cacc71050 Add third party invites to auth_events for joins 2015-10-06 10:13:28 -05:00
Mark Haines
93cc60e805 Remove log line that was generated whenever an error was created. We are now creating error objects that aren't raised so it's probably a bit too confusing to keep 2015-10-06 16:10:19 +01:00
Daniel Wagner-Hall
58e6a58eb7 Merge branch 'develop' into daniel/3pidinvites 2015-10-05 10:33:41 -05:00
Erik Johnston
40017a9a11 Add 'trusted_private_chat' to room creation presets 2015-10-02 11:22:56 +01:00
Erik Johnston
d5e081c7ae Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable 2015-10-02 10:33:49 +01:00
Daniel Wagner-Hall
5b3e9713dd Implement third party identifier invites 2015-10-01 17:49:52 +01:00
Mark Haines
f2fcc0a8cf synapse/api/errors.py:RoomError was unused 2015-09-22 18:18:45 +01:00
Mark Haines
ee2d722f0f Merge pull request #276 from matrix-org/markjh/history_for_rooms_that_have_been_left
SPEC-216: Allow users to view the history of rooms that they have left.
2015-09-21 14:38:13 +01:00
Mark Haines
8e3bbc9bd0 Clarify which event is returned by check_user_was_in_room 2015-09-21 13:47:44 +01:00
Daniel Wagner-Hall
728d07c8c1 Merge pull request #256 from matrix-org/auth
Attempt to validate macaroons
2015-09-14 18:09:33 +01:00
Erik Johnston
d59acb8c5b Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable 2015-09-14 18:05:31 +01:00
Erik Johnston
91cb3b630d Merge pull request #265 from matrix-org/erikj/check_room_exists
Check room exists when authenticating an event
2015-09-14 17:56:18 +01:00
Mark Haines
3c166a24c5 Remove undocumented and unimplemented 'feedback' parameter from the Client-Server API 2015-09-09 16:05:09 +01:00
Mark Haines
1d579df664 Allow rooms/{roomId}/state for a room that has been left 2015-09-09 14:12:24 +01:00
Mark Haines
89ae0166de Allow room initialSync for users that have left the room, returning a snapshot of how the room was when they left it 2015-09-09 13:25:22 +01:00
Erik Johnston
9b05ef6f39 Also check the domains for membership state_keys 2015-09-01 16:17:25 +01:00
Erik Johnston
187320b019 Merge branch 'erikj/check_room_exists' into erikj/unfederatable 2015-09-01 15:58:10 +01:00
Erik Johnston
b345853918 Check against sender rather than event_id 2015-09-01 15:57:35 +01:00
Erik Johnston
a88e16152f Add flag which disables federation of the room 2015-09-01 15:47:30 +01:00
Erik Johnston
00149c063b Fix tests 2015-09-01 15:42:03 +01:00
Erik Johnston
ab9e01809d Check room exists when authenticating an event, by asserting they reference a creation event 2015-09-01 15:21:24 +01:00
Daniel Wagner-Hall
e255c2c32f s/user_id/user/g for consistency 2015-09-01 12:41:16 +01:00
Daniel Wagner-Hall
b854a375b0 Check domain of events properly
Federated servers still need to delegate authority to owning servers
2015-09-01 11:53:31 +01:00
Daniel Wagner-Hall
8256a8ece7 Allow users to redact their own events 2015-08-28 15:31:49 +01:00
Daniel Wagner-Hall
6a4b650d8a Attempt to validate macaroons
A couple of weird caveats:
 * If we can't validate your macaroon, we fall back to checking that
   your access token is in the DB, and ignoring the failure
 * Even if we can validate your macaroon, we still have to hit the DB to
   get the access token ID, which we pretend is a device ID all over the
   codebase.

This mostly adds the interesting code, and points out the two pieces we
need to delete (and necessary conditions) in order to fix the above
caveats.
2015-08-26 13:22:23 +01:00
Daniel Wagner-Hall
a9d8bd95e7 Stop looking up "admin", which we never read 2015-08-25 16:29:39 +01:00
Daniel Wagner-Hall
57619d6058 Re-wrap line 2015-08-25 16:25:46 +01:00
Daniel Wagner-Hall
a0b181bd17 Remove completely unused concepts from codebase
Removes device_id and ClientInfo

device_id is never actually written, and the matrix.org DB has no
non-null entries for it. Right now, it's just cluttering up code.

This doesn't remove the columns from the database, because that's
fiddly.
2015-08-25 16:23:06 +01:00
Daniel Wagner-Hall
e8cf77fa49 Merge branch 'develop' into refresh
Conflicts:
	synapse/rest/client/v1/login.py
2015-08-20 16:25:40 +01:00
Daniel Wagner-Hall
13a6517d89 s/by_token/by_access_token/g
We're about to have two kinds of token, access and refresh
2015-08-20 16:01:29 +01:00
Erik Johnston
9b63def388 Add m.room.avatar to default power levels. Change default required power levels of such events to 50 2015-08-20 14:35:40 +01:00
Erik Johnston
cbd053bb8f Merge pull request #233 from matrix-org/erikj/canonical_alias
Add server side support for canonical aliases
2015-08-20 11:26:09 +01:00
Mark Haines
a0b8e5f2fe Merge pull request #211 from matrix-org/email_in_use
Changes for unique emails
2015-08-20 10:04:04 +01:00
Erik Johnston
d7272f8d9d Add canonical alias to the default power levels 2015-08-19 12:03:09 +01:00
Erik Johnston
ee59af9ac0 Set request.authenticated_entity for application services 2015-08-18 15:17:47 +01:00
Daniel Wagner-Hall
45610305ea Add missing space because linter 2015-08-11 16:43:27 +01:00
Daniel Wagner-Hall
88e03da39f Minor docs cleanup 2015-08-11 16:35:28 +01:00
Daniel Wagner-Hall
9dba813234 Remove redundant if-guard
The startswith("@") does the job
2015-08-11 16:34:17 +01:00
David Baker
c77048e12f Add endpoint that proxies ID server request token and errors if the given email is in use on this Home Server. 2015-08-04 14:37:09 +01:00
Erik Johnston
d155b318d2 Merge pull request #203 from matrix-org/erikj/room_creation_presets
Implement presets at room creation
2015-07-16 18:18:11 +01:00
Erik Johnston
b49a30a972 Capitalize contants 2015-07-14 10:20:31 +01:00
Erik Johnston
d5cc794598 Implement presets at room creation 2015-07-13 16:56:08 +01:00
Erik Johnston
016c089f13 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/power_level_sanity 2015-07-13 13:48:13 +01:00
Erik Johnston
a5ea22d468 Sanitize power level checks 2015-07-10 14:05:38 +01:00
Erik Johnston
7e3b14fe78 You shouldn't be able to ban/kick users with higher power levels 2015-07-10 14:05:38 +01:00
Erik Johnston
1a3255b507 Add m.room.history_visibility to newly created rooms' m.room.power_levels 2015-07-06 13:25:35 +01:00
Erik Johnston
00ab882ed6 Add m.room.history_visibility to list of auth events 2015-07-03 10:31:24 +01:00
Erik Johnston
1a60545626 Add basic impl for room history ACL on GET /messages client API 2015-07-02 16:20:10 +01:00
Erik Johnston
cee69441d3 Log more when we have processed the request 2015-06-15 17:11:44 +01:00
Erik Johnston
22c7c5eb8f Typo 2015-05-01 14:41:25 +01:00
Erik Johnston
42c12c04f6 Remove some run_on_reactors 2015-05-01 14:41:25 +01:00
Erik Johnston
adb5b76ff5 Don't log all auth events every time we call auth.check 2015-05-01 14:41:25 +01:00
Erik Johnston
80b4119279 Don't wait for storage of access_token 2015-05-01 13:14:05 +01:00
Mark Haines
4ad8b45155 Merge branch 'develop' into key_distribution
Conflicts:
	synapse/config/homeserver.py
2015-04-29 13:15:14 +01:00
Mark Haines
9182f87664 Merge pull request #126 from matrix-org/csauth
Client / Server Auth Refactor
2015-04-28 11:00:27 +01:00
Paul "LeoNerd" Evans
38432d8c25 Merge branch 'develop' into invite_power_level 2015-04-27 17:09:25 +01:00
Mark Haines
eede182df7 Merge branch 'develop' into key_distribution 2015-04-24 10:35:49 +01:00
David Baker
6532b6e607 Merge branch 'develop' into csauth
Conflicts:
	synapse/http/server.py
2015-04-24 09:37:54 +01:00
David Baker
74270defda No commas here, otherwise our error string constants become tuples. 2015-04-24 09:28:57 +01:00
David Baker
03eb4adc6e Dedicated error code for failed 3pid auth verification 2015-04-23 18:20:17 +01:00
David Baker
a2c10d37d7 Add an error code to 'missing token' response. 2015-04-23 13:23:44 +01:00
Paul "LeoNerd" Evans
a16eaa0c33 Neater fetching of user's auth level in a room - squash to int() at access time (SYN-353) 2015-04-22 14:20:04 +01:00
Paul "LeoNerd" Evans
f43063158a Appease pep8 2015-04-22 13:12:11 +01:00
Paul "LeoNerd" Evans
2808c040ef Also remember to check 'invite' level for changes 2015-04-21 21:13:14 +01:00
Paul "LeoNerd" Evans
bc41f0398f Initial implementation of an 'invite' power_level 2015-04-21 20:56:08 +01:00
Paul "LeoNerd" Evans
d3309933f5 Much neater fetching of defined powerlevels from m.room.power_levels state event 2015-04-21 20:53:23 +01:00
Paul "LeoNerd" Evans
b568c0231c Remove debugging print statement accidentally committed 2015-04-21 20:21:14 +01:00
Paul "LeoNerd" Evans
3a7d7a3f22 Sanitise a user's powerlevel to an int() before numerical comparison, because otherwise Python is "helpful" with it (SYN-351) 2015-04-21 20:18:29 +01:00
Mark Haines
db8d4e8dd6 Merge branch 'develop' into key_distribution 2015-04-20 16:24:21 +01:00
David Baker
cb03fafdf1 Merge branch 'develop' into csauth 2015-04-17 13:51:10 +01:00
Paul "LeoNerd" Evans
399b5add58 Neater implementation of membership change auth checks, ensuring we can't forget to check if the calling user is a member of the room 2015-04-15 18:40:23 +01:00
Paul "LeoNerd" Evans
e6e130b9ba Ensure that non-room-members cannot ban others, even if they do have enough powerlevel (SYN-343) 2015-04-15 18:07:33 +01:00
David Baker
766bd8e880 Dummy login so we can do the first POST request to get login flows without it just succeeding 2015-04-15 17:14:25 +01:00
Mark Haines
d488463fa3 Add a version 2 of the key server api 2015-04-14 16:04:52 +01:00
Kegan Dougal
ae8ff92e05 Fix a bug which causes a send event level of 0 to not be honoured.
Caused by a bad if check, which incorrectly executes for both 0 and None,
when None was the original intent.
2015-04-07 15:48:20 +01:00
David Baker
4eb6d66b45 Add app service auth back in to v2 register 2015-04-02 17:51:19 +01:00
David Baker
70a84f17f3 Add shared secret auth into register v2 and switch the script over. 2015-04-02 17:01:29 +01:00
David Baker
59bf16eddc New registration for C/S API v2. Only ReCAPTCHA working currently. 2015-03-30 18:13:10 +01:00
David Baker
9aa0224cdf unused import 2015-03-24 17:25:59 +00:00
David Baker
c7023f2155 1) Pushers are now associated with an access token
2) Change places where we mean unauthenticated to 401, not 403, in C/S v2: hack so it stays as 403 in v1 because web client relies on it.
2015-03-24 17:24:15 +00:00
Erik Johnston
ed4d44d833 Merge pull request #109 from matrix-org/default_registration
Disable registration by default. Add script to register new users.
2015-03-18 11:38:52 +00:00
Paul "LeoNerd" Evans
93978c5e2b @cached() annotate get_user_by_token() - achieves a minor DB performance improvement 2015-03-17 17:24:51 +00:00
Erik Johnston
b2e6ee5b43 Remove concept of context.auth_events, instead use context.current_state 2015-03-16 13:06:23 +00:00
Erik Johnston
ea8590cf66 Make context.auth_events grap auth events from current state. Otherwise auth is wrong. 2015-03-16 00:18:08 +00:00
Erik Johnston
ab8229479b Respect ban membership 2015-03-16 00:17:25 +00:00
Erik Johnston
69135f59aa Implement registering with shared secret. 2015-03-13 15:23:37 +00:00
Kegan Dougal
22399d3d8f Add RegisterFallbackResource to /_matrix/static/client/register
Try to keep both forms of registration logic (native/fallback) close
together for sanity.
2015-02-23 15:14:56 +00:00
Kegan Dougal
9978c5c103 Merge branch 'develop' into application-services 2015-02-11 10:03:24 +00:00
Erik Johnston
d94f682a4c During room intial sync, only calculate current state once. 2015-02-09 17:41:29 +00:00
Kegan Dougal
5a7dd05818 Modify auth.get_user_by_req for authing appservices directly.
Add logic to map the appservice token to the autogenned appservice user ID.
Add unit tests for all forms of get_user_by_req (user/appservice,
valid/bad/missing tokens)
2015-02-09 14:14:15 +00:00
Kegan Dougal
e426df8e10 Grant ASes the ability to create alias in their own namespace.
Add a new errcode type M_EXCLUSIVE when users try to create aliases inside
AS namespaces, and when ASes try to create aliases outside their own
namespace.
2015-02-06 10:57:14 +00:00
Kegan Dougal
0227618d3c Add m.login.application_service registration procedure.
This allows known application services to register any user ID under their
own user namespace(s).
2015-02-05 17:29:27 +00:00
Kegan Dougal
5b99b471b2 Fix unit tests. 2015-02-05 15:12:36 +00:00