Brendan Abolivier
84875301b6
Split public rooms directory auth config in two
2019-06-24 16:41:48 +01:00
Brendan Abolivier
c1bc48f9d4
Add tests for constraints on changing the rule for a room
2019-06-18 18:07:05 +01:00
Brendan Abolivier
9b3c69f661
Add tests for 3PID invites
2019-06-18 17:59:07 +01:00
Brendan Abolivier
1532369dcd
Remove unused import
2019-06-18 16:46:57 +01:00
Brendan Abolivier
145291108d
Add tests for inviting with access rules
2019-06-18 16:32:54 +01:00
Brendan Abolivier
2a1f35193b
Remove unused imports
2019-06-18 14:57:04 +01:00
Brendan Abolivier
a09767d57d
Lint
2019-06-18 14:55:24 +01:00
Brendan Abolivier
bc0fd8f170
Add tests for room creation hook
2019-06-18 14:54:19 +01:00
Brendan Abolivier
5c4296b47a
Merge branch 'babolivier/third_party_event_rules' into dinsic
2019-06-14 19:38:44 +01:00
Brendan Abolivier
f874b16b2e
Add plugin APIs for implementations of custom event rules.
2019-06-14 18:16:03 +01:00
Brendan Abolivier
c7964e7430
Fix test
2019-06-14 16:25:18 +01:00
Brendan Abolivier
aded5cfb72
Don't send renewal emails to deactivated users
2019-06-14 15:39:18 +01:00
Brendan Abolivier
57bd5cfc9a
Track deactivated accounts in the database ( #5378 )
2019-06-14 13:45:36 +01:00
Brendan Abolivier
8400e5f624
Merge branch 'dinsic' into babolivier/userdir_hide_users
2019-06-12 16:29:56 +01:00
Brendan Abolivier
d907e8f599
Merge branch 'master' into dinsic
2019-06-12 14:36:44 +01:00
Erik Johnston
a766c41d25
Bump bleach version so that tests can run on old deps.
2019-06-11 12:34:18 +01:00
Erik Johnston
10383e6e6f
Change password reset links to /_matrix.
2019-06-11 11:34:33 +01:00
Brendan Abolivier
3c8262b181
Merge branch 'master' into dinsic
2019-06-11 10:55:53 +01:00
Erik Johnston
a6b1817940
Merge pull request #5417 from matrix-org/rav/shared_ssl_context
...
Share an SSL context object between SSL connections
2019-06-10 18:16:12 +01:00
Richard van der Hoff
db74c4fc6c
fix ci on py2, again
2019-06-10 17:55:01 +01:00
Richard van der Hoff
19780a521e
fix CI on python 2.7
2019-06-10 17:41:10 +01:00
Brendan Abolivier
c10226581a
Lint
2019-06-10 17:25:42 +01:00
Brendan Abolivier
10510f1e7e
Lint
2019-06-10 17:23:11 +01:00
Brendan Abolivier
1924848dfa
Add test case
2019-06-10 17:16:17 +01:00
Richard van der Hoff
e016681221
Tests for SSL certs for federation connections
...
Add some tests for bad certificates for federation and .well-known connections
2019-06-10 16:14:20 +01:00
Erik Johnston
43badd2cd4
Fix key verification when key stored with null valid_until_ms
...
Some keys are stored in the synapse database with a null valid_until_ms
which caused an exception to be thrown when using that key. We fix this
by treating nulls as zeroes, i.e. they keys will match verification
requests with a minimum_valid_until_ms of zero (i.e. don't validate ts)
but will not match requests with a non-zero minimum_valid_until_ms.
Fixes #5391 .
2019-06-10 15:37:10 +01:00
Brendan Abolivier
8d16321edc
Merge branch 'babolivier/account_validity_send_mail_auth' into dinsic
2019-06-10 11:59:20 +01:00
Andrew Morgan
2d1d7b7e6f
Prevent multiple device list updates from breaking a batch send ( #5156 )
...
fixes #5153
2019-06-06 23:54:00 +01:00
Neil Johnson
a11865016e
Set default room version to v4. ( #5379 )
...
Set default room version to v4.
2019-06-06 20:13:47 +01:00
Andrew Morgan
3719680ee4
Add ability to perform password reset via email without trusting the identity server ( #5377 )
...
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
2019-06-06 17:34:07 +01:00
Richard van der Hoff
9fbb20a531
Stop hardcoding trust of old matrix.org key ( #5374 )
...
There are a few changes going on here:
* We make checking the signature on a key server response optional: if no
verify_keys are specified, we trust to TLS to validate the connection.
* We change the default config so that it does not require responses to be
signed by the old key.
* We replace the old 'perspectives' config with 'trusted_key_servers', which
is also formatted slightly differently.
* We emit a warning to the logs every time we trust a key server response
signed by the old key.
2019-06-06 17:33:11 +01:00
Richard van der Hoff
cb3b381fcb
Merge pull request #5359 from matrix-org/rav/enable_tls_verification
...
Validate federation server TLS certificates by default.
2019-06-06 10:50:42 +01:00
Richard van der Hoff
2eb47e5ee7
Merge pull request #5353 from matrix-org/rav/verify_key_logging
...
Associate a request_name with each verify request, for logging
2019-06-06 09:33:09 +01:00
Brendan Abolivier
fe13bd52ac
Don't check whether the user's account is expired on /send_mail requests
2019-06-05 16:35:05 +01:00
Richard van der Hoff
7603a706eb
Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification
2019-06-05 16:32:35 +01:00
Erik Johnston
75538813fc
Fix background updates to handle redactions/rejections ( #5352 )
...
* Fix background updates to handle redactions/rejections
In background updates based on current state delta stream we need to
handle that we may not have all the events (or at least that
`get_events` may raise an exception).
2019-06-06 00:45:46 +10:00
Richard van der Hoff
e2dfb922e1
Validate federation server TLS certificates by default.
2019-06-05 14:17:50 +01:00
Richard van der Hoff
cea9750d11
Associate a request_name with each verify request, for logging
...
Also:
* rename VerifyKeyRequest->VerifyJsonRequest
* calculate key_ids on VerifyJsonRequest construction
* refactor things to pass around VerifyJsonRequests instead of 4-tuples
2019-06-05 10:46:26 +01:00
Richard van der Hoff
def5ea4062
Don't bomb out on direct key fetches as soon as one fails
2019-06-04 00:16:56 +01:00
Richard van der Hoff
fec2dcb1a5
Enforce validity period on server_keys for fed requests. ( #5321 )
...
When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.
We do not yet enforce the validity period for event signatures.
2019-06-03 22:59:51 +01:00
Amber Brown
2889b05554
Unify v1 and v2 REST client APIs ( #5226 )
2019-06-03 21:28:59 +10:00
Richard van der Hoff
d828d1dc57
Merge pull request #5309 from matrix-org/rav/limit_displayname_length
...
Limit displaynames and avatar URLs
2019-06-01 11:34:50 +01:00
Richard van der Hoff
93003aa172
add some tests
2019-06-01 11:14:37 +01:00
Erik Johnston
d8fdba7bfb
Merge branch 'babolivier/account_validity_job_delta' of github.com:matrix-org/synapse into dinsic
2019-05-31 12:12:24 +01:00
Erik Johnston
58cce39f3a
Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta
...
Allow configuring a range for the account validity startup job
2019-05-31 12:11:56 +01:00
Brendan Abolivier
4d794dae21
Move delta from +10% to -10%
2019-05-31 11:09:39 +01:00
Brendan Abolivier
847b9dcd1c
Make max_delta equal to period * 10%
2019-05-31 09:54:46 +01:00
Erik Johnston
6574d4ad0a
Add test
2019-05-30 16:15:37 +01:00
Erik Johnston
e9e5d3392d
Merge pull request #5278 from matrix-org/erikj/cleanup_bad_extremities
...
Add DB bg update to cleanup extremities.
2019-05-30 14:28:26 +01:00
Amber Brown
46c8f7a517
Implement the SHHS complexity API ( #5216 )
2019-05-30 01:47:16 +10:00