Use direct references for some configuration variables (part 3) (#10885)

This avoids the overhead of searching through the various
configuration classes by directly referencing the class that
the attributes are in.

It also improves type hints since mypy can now resolve the
types of the configuration variables.
This commit is contained in:
Patrick Cloke 2021-09-23 07:13:34 -04:00 committed by GitHub
parent aa2c027792
commit e584534403
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
32 changed files with 137 additions and 119 deletions

1
changelog.d/10885.misc Normal file
View File

@ -0,0 +1 @@
Use direct references to config flags.

View File

@ -195,7 +195,7 @@ class SynapseHomeServer(HomeServer):
} }
) )
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
from synapse.rest.synapse.client.password_reset import ( from synapse.rest.synapse.client.password_reset import (
PasswordResetSubmitTokenResource, PasswordResetSubmitTokenResource,
) )

View File

@ -13,6 +13,7 @@
# limitations under the License. # limitations under the License.
from os import path from os import path
from typing import Optional
from synapse.config import ConfigError from synapse.config import ConfigError
@ -78,8 +79,8 @@ class ConsentConfig(Config):
def __init__(self, *args): def __init__(self, *args):
super().__init__(*args) super().__init__(*args)
self.user_consent_version = None self.user_consent_version: Optional[str] = None
self.user_consent_template_dir = None self.user_consent_template_dir: Optional[str] = None
self.user_consent_server_notice_content = None self.user_consent_server_notice_content = None
self.user_consent_server_notice_to_guests = False self.user_consent_server_notice_to_guests = False
self.block_events_without_consent_error = None self.block_events_without_consent_error = None
@ -94,7 +95,9 @@ class ConsentConfig(Config):
return return
self.user_consent_version = str(consent_config["version"]) self.user_consent_version = str(consent_config["version"])
self.user_consent_template_dir = self.abspath(consent_config["template_dir"]) self.user_consent_template_dir = self.abspath(consent_config["template_dir"])
if not path.isdir(self.user_consent_template_dir): if not isinstance(self.user_consent_template_dir, str) or not path.isdir(
self.user_consent_template_dir
):
raise ConfigError( raise ConfigError(
"Could not find template directory '%s'" "Could not find template directory '%s'"
% (self.user_consent_template_dir,) % (self.user_consent_template_dir,)

View File

@ -47,7 +47,7 @@ class AccountValidityHandler:
self.send_email_handler = self.hs.get_send_email_handler() self.send_email_handler = self.hs.get_send_email_handler()
self.clock = self.hs.get_clock() self.clock = self.hs.get_clock()
self._app_name = self.hs.config.email_app_name self._app_name = self.hs.config.email.email_app_name
self._account_validity_enabled = ( self._account_validity_enabled = (
hs.config.account_validity.account_validity_enabled hs.config.account_validity.account_validity_enabled

View File

@ -52,7 +52,7 @@ class ApplicationServicesHandler:
self.scheduler = hs.get_application_service_scheduler() self.scheduler = hs.get_application_service_scheduler()
self.started_scheduler = False self.started_scheduler = False
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.notify_appservices = hs.config.notify_appservices self.notify_appservices = hs.config.appservice.notify_appservices
self.event_sources = hs.get_event_sources() self.event_sources = hs.get_event_sources()
self.current_max = 0 self.current_max = 0

View File

@ -210,15 +210,15 @@ class AuthHandler(BaseHandler):
self.password_providers = [ self.password_providers = [
PasswordProvider.load(module, config, account_handler) PasswordProvider.load(module, config, account_handler)
for module, config in hs.config.password_providers for module, config in hs.config.authproviders.password_providers
] ]
logger.info("Extra password_providers: %s", self.password_providers) logger.info("Extra password_providers: %s", self.password_providers)
self.hs = hs # FIXME better possibility to access registrationHandler later? self.hs = hs # FIXME better possibility to access registrationHandler later?
self.macaroon_gen = hs.get_macaroon_generator() self.macaroon_gen = hs.get_macaroon_generator()
self._password_enabled = hs.config.password_enabled self._password_enabled = hs.config.auth.password_enabled
self._password_localdb_enabled = hs.config.password_localdb_enabled self._password_localdb_enabled = hs.config.auth.password_localdb_enabled
# start out by assuming PASSWORD is enabled; we will remove it later if not. # start out by assuming PASSWORD is enabled; we will remove it later if not.
login_types = set() login_types = set()
@ -250,7 +250,7 @@ class AuthHandler(BaseHandler):
) )
# The number of seconds to keep a UI auth session active. # The number of seconds to keep a UI auth session active.
self._ui_auth_session_timeout = hs.config.ui_auth_session_timeout self._ui_auth_session_timeout = hs.config.auth.ui_auth_session_timeout
# Ratelimitier for failed /login attempts # Ratelimitier for failed /login attempts
self._failed_login_attempts_ratelimiter = Ratelimiter( self._failed_login_attempts_ratelimiter = Ratelimiter(
@ -739,19 +739,19 @@ class AuthHandler(BaseHandler):
return canonical_id return canonical_id
def _get_params_recaptcha(self) -> dict: def _get_params_recaptcha(self) -> dict:
return {"public_key": self.hs.config.recaptcha_public_key} return {"public_key": self.hs.config.captcha.recaptcha_public_key}
def _get_params_terms(self) -> dict: def _get_params_terms(self) -> dict:
return { return {
"policies": { "policies": {
"privacy_policy": { "privacy_policy": {
"version": self.hs.config.user_consent_version, "version": self.hs.config.consent.user_consent_version,
"en": { "en": {
"name": self.hs.config.user_consent_policy_name, "name": self.hs.config.consent.user_consent_policy_name,
"url": "%s_matrix/consent?v=%s" "url": "%s_matrix/consent?v=%s"
% ( % (
self.hs.config.server.public_baseurl, self.hs.config.server.public_baseurl,
self.hs.config.user_consent_version, self.hs.config.consent.user_consent_version,
), ),
}, },
} }
@ -1016,7 +1016,7 @@ class AuthHandler(BaseHandler):
def can_change_password(self) -> bool: def can_change_password(self) -> bool:
"""Get whether users on this server are allowed to change or set a password. """Get whether users on this server are allowed to change or set a password.
Both `config.password_enabled` and `config.password_localdb_enabled` must be true. Both `config.auth.password_enabled` and `config.auth.password_localdb_enabled` must be true.
Note that any account (even SSO accounts) are allowed to add passwords if the above Note that any account (even SSO accounts) are allowed to add passwords if the above
is true. is true.
@ -1486,7 +1486,7 @@ class AuthHandler(BaseHandler):
pw = unicodedata.normalize("NFKC", password) pw = unicodedata.normalize("NFKC", password)
return bcrypt.hashpw( return bcrypt.hashpw(
pw.encode("utf8") + self.hs.config.password_pepper.encode("utf8"), pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
bcrypt.gensalt(self.bcrypt_rounds), bcrypt.gensalt(self.bcrypt_rounds),
).decode("ascii") ).decode("ascii")
@ -1510,7 +1510,7 @@ class AuthHandler(BaseHandler):
pw = unicodedata.normalize("NFKC", password) pw = unicodedata.normalize("NFKC", password)
return bcrypt.checkpw( return bcrypt.checkpw(
pw.encode("utf8") + self.hs.config.password_pepper.encode("utf8"), pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
checked_hash, checked_hash,
) )

View File

@ -65,10 +65,10 @@ class CasHandler:
self._auth_handler = hs.get_auth_handler() self._auth_handler = hs.get_auth_handler()
self._registration_handler = hs.get_registration_handler() self._registration_handler = hs.get_registration_handler()
self._cas_server_url = hs.config.cas_server_url self._cas_server_url = hs.config.cas.cas_server_url
self._cas_service_url = hs.config.cas_service_url self._cas_service_url = hs.config.cas.cas_service_url
self._cas_displayname_attribute = hs.config.cas_displayname_attribute self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
self._cas_required_attributes = hs.config.cas_required_attributes self._cas_required_attributes = hs.config.cas.cas_required_attributes
self._http_client = hs.get_proxied_http_client() self._http_client = hs.get_proxied_http_client()

View File

@ -62,7 +62,7 @@ class IdentityHandler(BaseHandler):
self.federation_http_client = hs.get_federation_http_client() self.federation_http_client = hs.get_federation_http_client()
self.hs = hs self.hs = hs
self._web_client_location = hs.config.invite_client_location self._web_client_location = hs.config.email.invite_client_location
# Ratelimiters for `/requestToken` endpoints. # Ratelimiters for `/requestToken` endpoints.
self._3pid_validation_ratelimiter_ip = Ratelimiter( self._3pid_validation_ratelimiter_ip = Ratelimiter(
@ -419,7 +419,7 @@ class IdentityHandler(BaseHandler):
token_expires = ( token_expires = (
self.hs.get_clock().time_msec() self.hs.get_clock().time_msec()
+ self.hs.config.email_validation_token_lifetime + self.hs.config.email.email_validation_token_lifetime
) )
await self.store.start_or_continue_validation_session( await self.store.start_or_continue_validation_session(
@ -465,7 +465,7 @@ class IdentityHandler(BaseHandler):
if next_link: if next_link:
params["next_link"] = next_link params["next_link"] = next_link
if self.hs.config.using_identity_server_from_trusted_list: if self.hs.config.email.using_identity_server_from_trusted_list:
# Warn that a deprecated config option is in use # Warn that a deprecated config option is in use
logger.warning( logger.warning(
'The config option "trust_identity_server_for_password_resets" ' 'The config option "trust_identity_server_for_password_resets" '
@ -518,7 +518,7 @@ class IdentityHandler(BaseHandler):
if next_link: if next_link:
params["next_link"] = next_link params["next_link"] = next_link
if self.hs.config.using_identity_server_from_trusted_list: if self.hs.config.email.using_identity_server_from_trusted_list:
# Warn that a deprecated config option is in use # Warn that a deprecated config option is in use
logger.warning( logger.warning(
'The config option "trust_identity_server_for_password_resets" ' 'The config option "trust_identity_server_for_password_resets" '
@ -572,12 +572,12 @@ class IdentityHandler(BaseHandler):
validation_session = None validation_session = None
# Try to validate as email # Try to validate as email
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
# Ask our delegated email identity server # Ask our delegated email identity server
validation_session = await self.threepid_from_creds( validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds self.hs.config.account_threepid_delegate_email, threepid_creds
) )
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
# Get a validated session matching these details # Get a validated session matching these details
validation_session = await self.store.get_threepid_validation_session( validation_session = await self.store.get_threepid_validation_session(
"email", client_secret, sid=sid, validated=True "email", client_secret, sid=sid, validated=True

View File

@ -443,7 +443,7 @@ class EventCreationHandler:
) )
self._block_events_without_consent_error = ( self._block_events_without_consent_error = (
self.config.block_events_without_consent_error self.config.consent.block_events_without_consent_error
) )
# we need to construct a ConsentURIBuilder here, as it checks that the necessary # we need to construct a ConsentURIBuilder here, as it checks that the necessary
@ -744,7 +744,7 @@ class EventCreationHandler:
if u["appservice_id"] is not None: if u["appservice_id"] is not None:
# users registered by an appservice are exempt # users registered by an appservice are exempt
return return
if u["consent_version"] == self.config.user_consent_version: if u["consent_version"] == self.config.consent.user_consent_version:
return return
consent_uri = self._consent_uri_builder.build_user_consent_uri(user.localpart) consent_uri = self._consent_uri_builder.build_user_consent_uri(user.localpart)

View File

@ -27,8 +27,8 @@ logger = logging.getLogger(__name__)
class PasswordPolicyHandler: class PasswordPolicyHandler:
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
self.policy = hs.config.password_policy self.policy = hs.config.auth.password_policy
self.enabled = hs.config.password_policy_enabled self.enabled = hs.config.auth.password_policy_enabled
# Regexps for the spec'd policy parameters. # Regexps for the spec'd policy parameters.
self.regexp_digit = re.compile("[0-9]") self.regexp_digit = re.compile("[0-9]")

View File

@ -97,6 +97,7 @@ class RegistrationHandler(BaseHandler):
self.ratelimiter = hs.get_registration_ratelimiter() self.ratelimiter = hs.get_registration_ratelimiter()
self.macaroon_gen = hs.get_macaroon_generator() self.macaroon_gen = hs.get_macaroon_generator()
self._account_validity_handler = hs.get_account_validity_handler() self._account_validity_handler = hs.get_account_validity_handler()
self._user_consent_version = self.hs.config.consent.user_consent_version
self._server_notices_mxid = hs.config.server_notices_mxid self._server_notices_mxid = hs.config.server_notices_mxid
self._server_name = hs.hostname self._server_name = hs.hostname
@ -339,7 +340,7 @@ class RegistrationHandler(BaseHandler):
auth_provider=(auth_provider_id or ""), auth_provider=(auth_provider_id or ""),
).inc() ).inc()
if not self.hs.config.user_consent_at_registration: if not self.hs.config.consent.user_consent_at_registration:
if not self.hs.config.auto_join_rooms_for_guests and make_guest: if not self.hs.config.auto_join_rooms_for_guests and make_guest:
logger.info( logger.info(
"Skipping auto-join for %s because auto-join for guests is disabled", "Skipping auto-join for %s because auto-join for guests is disabled",
@ -864,7 +865,9 @@ class RegistrationHandler(BaseHandler):
await self._register_msisdn_threepid(user_id, threepid) await self._register_msisdn_threepid(user_id, threepid)
if auth_result and LoginType.TERMS in auth_result: if auth_result and LoginType.TERMS in auth_result:
await self._on_user_consented(user_id, self.hs.config.user_consent_version) # The terms type should only exist if consent is enabled.
assert self._user_consent_version is not None
await self._on_user_consented(user_id, self._user_consent_version)
async def _on_user_consented(self, user_id: str, consent_version: str) -> None: async def _on_user_consented(self, user_id: str, consent_version: str) -> None:
"""A user consented to the terms on registration """A user consented to the terms on registration
@ -910,8 +913,8 @@ class RegistrationHandler(BaseHandler):
# getting mail spam where they weren't before if email # getting mail spam where they weren't before if email
# notifs are set up on a homeserver) # notifs are set up on a homeserver)
if ( if (
self.hs.config.email_enable_notifs self.hs.config.email.email_enable_notifs
and self.hs.config.email_notif_for_new_users and self.hs.config.email.email_notif_for_new_users
and token and token
): ):
# Pull the ID of the access token back out of the db # Pull the ID of the access token back out of the db

View File

@ -82,10 +82,10 @@ class RecaptchaAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
super().__init__(hs) super().__init__(hs)
self._enabled = bool(hs.config.recaptcha_private_key) self._enabled = bool(hs.config.captcha.recaptcha_private_key)
self._http_client = hs.get_proxied_http_client() self._http_client = hs.get_proxied_http_client()
self._url = hs.config.recaptcha_siteverify_api self._url = hs.config.captcha.recaptcha_siteverify_api
self._secret = hs.config.recaptcha_private_key self._secret = hs.config.captcha.recaptcha_private_key
def is_enabled(self) -> bool: def is_enabled(self) -> bool:
return self._enabled return self._enabled
@ -161,12 +161,17 @@ class _BaseThreepidAuthChecker:
self.hs.config.account_threepid_delegate_msisdn, threepid_creds self.hs.config.account_threepid_delegate_msisdn, threepid_creds
) )
elif medium == "email": elif medium == "email":
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if (
self.hs.config.email.threepid_behaviour_email
== ThreepidBehaviour.REMOTE
):
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.account_threepid_delegate_email
threepid = await identity_handler.threepid_from_creds( threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds self.hs.config.account_threepid_delegate_email, threepid_creds
) )
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: elif (
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
):
threepid = None threepid = None
row = await self.store.get_threepid_validation_session( row = await self.store.get_threepid_validation_session(
medium, medium,
@ -218,7 +223,7 @@ class EmailIdentityAuthChecker(UserInteractiveAuthChecker, _BaseThreepidAuthChec
_BaseThreepidAuthChecker.__init__(self, hs) _BaseThreepidAuthChecker.__init__(self, hs)
def is_enabled(self) -> bool: def is_enabled(self) -> bool:
return self.hs.config.threepid_behaviour_email in ( return self.hs.config.email.threepid_behaviour_email in (
ThreepidBehaviour.REMOTE, ThreepidBehaviour.REMOTE,
ThreepidBehaviour.LOCAL, ThreepidBehaviour.LOCAL,
) )

View File

@ -119,14 +119,16 @@ class ModuleApi:
self.custom_template_dir = hs.config.server.custom_template_directory self.custom_template_dir = hs.config.server.custom_template_directory
try: try:
app_name = self._hs.config.email_app_name app_name = self._hs.config.email.email_app_name
self._from_string = self._hs.config.email_notif_from % {"app": app_name} self._from_string = self._hs.config.email.email_notif_from % {
"app": app_name
}
except (KeyError, TypeError): except (KeyError, TypeError):
# If substitution failed (which can happen if the string contains # If substitution failed (which can happen if the string contains
# placeholders other than just "app", or if the type of the placeholder is # placeholders other than just "app", or if the type of the placeholder is
# not a string), fall back to the bare strings. # not a string), fall back to the bare strings.
self._from_string = self._hs.config.email_notif_from self._from_string = self._hs.config.email.email_notif_from
self._raw_from = email.utils.parseaddr(self._from_string)[1] self._raw_from = email.utils.parseaddr(self._from_string)[1]

View File

@ -77,4 +77,4 @@ class PusherFactory:
if isinstance(brand, str): if isinstance(brand, str):
return brand return brand
return self.config.email_app_name return self.config.email.email_app_name

View File

@ -368,8 +368,8 @@ class UserRestServletV2(RestServlet):
user_id, medium, address, current_time user_id, medium, address, current_time
) )
if ( if (
self.hs.config.email_enable_notifs self.hs.config.email.email_enable_notifs
and self.hs.config.email_notif_for_new_users and self.hs.config.email.email_notif_for_new_users
): ):
await self.pusher_pool.add_pusher( await self.pusher_pool.add_pusher(
user_id=user_id, user_id=user_id,

View File

@ -64,17 +64,17 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
self.config = hs.config self.config = hs.config
self.identity_handler = hs.get_identity_handler() self.identity_handler = hs.get_identity_handler()
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
self.mailer = Mailer( self.mailer = Mailer(
hs=self.hs, hs=self.hs,
app_name=self.config.email_app_name, app_name=self.config.email.email_app_name,
template_html=self.config.email_password_reset_template_html, template_html=self.config.email.email_password_reset_template_html,
template_text=self.config.email_password_reset_template_text, template_text=self.config.email.email_password_reset_template_text,
) )
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
if self.config.local_threepid_handling_disabled_due_to_email_config: if self.config.email.local_threepid_handling_disabled_due_to_email_config:
logger.warning( logger.warning(
"User password resets have been disabled due to lack of email config" "User password resets have been disabled due to lack of email config"
) )
@ -129,7 +129,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND) raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
@ -349,17 +349,17 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
self.identity_handler = hs.get_identity_handler() self.identity_handler = hs.get_identity_handler()
self.store = self.hs.get_datastore() self.store = self.hs.get_datastore()
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
self.mailer = Mailer( self.mailer = Mailer(
hs=self.hs, hs=self.hs,
app_name=self.config.email_app_name, app_name=self.config.email.email_app_name,
template_html=self.config.email_add_threepid_template_html, template_html=self.config.email.email_add_threepid_template_html,
template_text=self.config.email_add_threepid_template_text, template_text=self.config.email.email_add_threepid_template_text,
) )
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
if self.config.local_threepid_handling_disabled_due_to_email_config: if self.config.email.local_threepid_handling_disabled_due_to_email_config:
logger.warning( logger.warning(
"Adding emails have been disabled due to lack of an email config" "Adding emails have been disabled due to lack of an email config"
) )
@ -413,7 +413,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE) raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
@ -534,21 +534,21 @@ class AddThreepidEmailSubmitTokenServlet(RestServlet):
self.config = hs.config self.config = hs.config
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.store = hs.get_datastore() self.store = hs.get_datastore()
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
self._failure_email_template = ( self._failure_email_template = (
self.config.email_add_threepid_template_failure_html self.config.email.email_add_threepid_template_failure_html
) )
async def on_GET(self, request: Request) -> None: async def on_GET(self, request: Request) -> None:
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
if self.config.local_threepid_handling_disabled_due_to_email_config: if self.config.email.local_threepid_handling_disabled_due_to_email_config:
logger.warning( logger.warning(
"Adding emails have been disabled due to lack of an email config" "Adding emails have been disabled due to lack of an email config"
) )
raise SynapseError( raise SynapseError(
400, "Adding an email to your account is disabled on this server" 400, "Adding an email to your account is disabled on this server"
) )
elif self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: elif self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
raise SynapseError( raise SynapseError(
400, 400,
"This homeserver is not validating threepids. Use an identity server " "This homeserver is not validating threepids. Use an identity server "
@ -575,7 +575,7 @@ class AddThreepidEmailSubmitTokenServlet(RestServlet):
return None return None
# Otherwise show the success template # Otherwise show the success template
html = self.config.email_add_threepid_template_success_html_content html = self.config.email.email_add_threepid_template_success_html_content
status_code = 200 status_code = 200
except ThreepidValidationError as e: except ThreepidValidationError as e:
status_code = e.code status_code = e.code

View File

@ -47,7 +47,7 @@ class AuthRestServlet(RestServlet):
self.auth = hs.get_auth() self.auth = hs.get_auth()
self.auth_handler = hs.get_auth_handler() self.auth_handler = hs.get_auth_handler()
self.registration_handler = hs.get_registration_handler() self.registration_handler = hs.get_registration_handler()
self.recaptcha_template = hs.config.recaptcha_template self.recaptcha_template = hs.config.captcha.recaptcha_template
self.terms_template = hs.config.terms_template self.terms_template = hs.config.terms_template
self.registration_token_template = hs.config.registration_token_template self.registration_token_template = hs.config.registration_token_template
self.success_template = hs.config.fallback_success_template self.success_template = hs.config.fallback_success_template
@ -62,7 +62,7 @@ class AuthRestServlet(RestServlet):
session=session, session=session,
myurl="%s/r0/auth/%s/fallback/web" myurl="%s/r0/auth/%s/fallback/web"
% (CLIENT_API_PREFIX, LoginType.RECAPTCHA), % (CLIENT_API_PREFIX, LoginType.RECAPTCHA),
sitekey=self.hs.config.recaptcha_public_key, sitekey=self.hs.config.captcha.recaptcha_public_key,
) )
elif stagetype == LoginType.TERMS: elif stagetype == LoginType.TERMS:
html = self.terms_template.render( html = self.terms_template.render(
@ -70,7 +70,7 @@ class AuthRestServlet(RestServlet):
terms_url="%s_matrix/consent?v=%s" terms_url="%s_matrix/consent?v=%s"
% ( % (
self.hs.config.server.public_baseurl, self.hs.config.server.public_baseurl,
self.hs.config.user_consent_version, self.hs.config.consent.user_consent_version,
), ),
myurl="%s/r0/auth/%s/fallback/web" myurl="%s/r0/auth/%s/fallback/web"
% (CLIENT_API_PREFIX, LoginType.TERMS), % (CLIENT_API_PREFIX, LoginType.TERMS),
@ -118,7 +118,7 @@ class AuthRestServlet(RestServlet):
session=session, session=session,
myurl="%s/r0/auth/%s/fallback/web" myurl="%s/r0/auth/%s/fallback/web"
% (CLIENT_API_PREFIX, LoginType.RECAPTCHA), % (CLIENT_API_PREFIX, LoginType.RECAPTCHA),
sitekey=self.hs.config.recaptcha_public_key, sitekey=self.hs.config.captcha.recaptcha_public_key,
error=e.msg, error=e.msg,
) )
else: else:
@ -139,7 +139,7 @@ class AuthRestServlet(RestServlet):
terms_url="%s_matrix/consent?v=%s" terms_url="%s_matrix/consent?v=%s"
% ( % (
self.hs.config.server.public_baseurl, self.hs.config.server.public_baseurl,
self.hs.config.user_consent_version, self.hs.config.consent.user_consent_version,
), ),
myurl="%s/r0/auth/%s/fallback/web" myurl="%s/r0/auth/%s/fallback/web"
% (CLIENT_API_PREFIX, LoginType.TERMS), % (CLIENT_API_PREFIX, LoginType.TERMS),

View File

@ -77,7 +77,7 @@ class LoginRestServlet(RestServlet):
# SSO configuration. # SSO configuration.
self.saml2_enabled = hs.config.saml2_enabled self.saml2_enabled = hs.config.saml2_enabled
self.cas_enabled = hs.config.cas_enabled self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc_enabled self.oidc_enabled = hs.config.oidc_enabled
self._msc2918_enabled = hs.config.access_token_lifetime is not None self._msc2918_enabled = hs.config.access_token_lifetime is not None
@ -559,7 +559,7 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
if hs.config.access_token_lifetime is not None: if hs.config.access_token_lifetime is not None:
RefreshTokenServlet(hs).register(http_server) RefreshTokenServlet(hs).register(http_server)
SsoRedirectServlet(hs).register(http_server) SsoRedirectServlet(hs).register(http_server)
if hs.config.cas_enabled: if hs.config.cas.cas_enabled:
CasTicketServlet(hs).register(http_server) CasTicketServlet(hs).register(http_server)

View File

@ -35,8 +35,8 @@ class PasswordPolicyServlet(RestServlet):
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
super().__init__() super().__init__()
self.policy = hs.config.password_policy self.policy = hs.config.auth.password_policy
self.enabled = hs.config.password_policy_enabled self.enabled = hs.config.auth.password_policy_enabled
def on_GET(self, request: Request) -> Tuple[int, JsonDict]: def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
if not self.enabled or not self.policy: if not self.enabled or not self.policy:

View File

@ -75,17 +75,19 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
self.identity_handler = hs.get_identity_handler() self.identity_handler = hs.get_identity_handler()
self.config = hs.config self.config = hs.config
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
self.mailer = Mailer( self.mailer = Mailer(
hs=self.hs, hs=self.hs,
app_name=self.config.email_app_name, app_name=self.config.email.email_app_name,
template_html=self.config.email_registration_template_html, template_html=self.config.email.email_registration_template_html,
template_text=self.config.email_registration_template_text, template_text=self.config.email.email_registration_template_text,
) )
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.OFF: if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
if self.hs.config.local_threepid_handling_disabled_due_to_email_config: if (
self.hs.config.email.local_threepid_handling_disabled_due_to_email_config
):
logger.warning( logger.warning(
"Email registration has been disabled due to lack of email config" "Email registration has been disabled due to lack of email config"
) )
@ -137,7 +139,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE) raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
@ -259,9 +261,9 @@ class RegistrationSubmitTokenServlet(RestServlet):
self.clock = hs.get_clock() self.clock = hs.get_clock()
self.store = hs.get_datastore() self.store = hs.get_datastore()
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
self._failure_email_template = ( self._failure_email_template = (
self.config.email_registration_template_failure_html self.config.email.email_registration_template_failure_html
) )
async def on_GET(self, request: Request, medium: str) -> None: async def on_GET(self, request: Request, medium: str) -> None:
@ -269,8 +271,8 @@ class RegistrationSubmitTokenServlet(RestServlet):
raise SynapseError( raise SynapseError(
400, "This medium is currently not supported for registration" 400, "This medium is currently not supported for registration"
) )
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
if self.config.local_threepid_handling_disabled_due_to_email_config: if self.config.email.local_threepid_handling_disabled_due_to_email_config:
logger.warning( logger.warning(
"User registration via email has been disabled due to lack of email config" "User registration via email has been disabled due to lack of email config"
) )
@ -303,7 +305,7 @@ class RegistrationSubmitTokenServlet(RestServlet):
return None return None
# Otherwise show the success template # Otherwise show the success template
html = self.config.email_registration_template_success_html_content html = self.config.email.email_registration_template_success_html_content
status_code = 200 status_code = 200
except ThreepidValidationError as e: except ThreepidValidationError as e:
status_code = e.code status_code = e.code
@ -897,12 +899,12 @@ def _calculate_registration_flows(
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY]) flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
# Prepend m.login.terms to all flows if we're requiring consent # Prepend m.login.terms to all flows if we're requiring consent
if config.user_consent_at_registration: if config.consent.user_consent_at_registration:
for flow in flows: for flow in flows:
flow.insert(0, LoginType.TERMS) flow.insert(0, LoginType.TERMS)
# Prepend recaptcha to all flows if we're requiring captcha # Prepend recaptcha to all flows if we're requiring captcha
if config.enable_registration_captcha: if config.captcha.enable_registration_captcha:
for flow in flows: for flow in flows:
flow.insert(0, LoginType.RECAPTCHA) flow.insert(0, LoginType.RECAPTCHA)

View File

@ -84,14 +84,15 @@ class ConsentResource(DirectServeHtmlResource):
# this is required by the request_handler wrapper # this is required by the request_handler wrapper
self.clock = hs.get_clock() self.clock = hs.get_clock()
self._default_consent_version = hs.config.user_consent_version # Consent must be configured to create this resource.
if self._default_consent_version is None: default_consent_version = hs.config.consent.user_consent_version
consent_template_directory = hs.config.consent.user_consent_template_dir
if default_consent_version is None or consent_template_directory is None:
raise ConfigError( raise ConfigError(
"Consent resource is enabled but user_consent section is " "Consent resource is enabled but user_consent section is "
"missing in config file." "missing in config file."
) )
self._default_consent_version = default_consent_version
consent_template_directory = hs.config.user_consent_template_dir
# TODO: switch to synapse.util.templates.build_jinja_env # TODO: switch to synapse.util.templates.build_jinja_env
loader = jinja2.FileSystemLoader(consent_template_directory) loader = jinja2.FileSystemLoader(consent_template_directory)

View File

@ -47,20 +47,20 @@ class PasswordResetSubmitTokenResource(DirectServeHtmlResource):
self.store = hs.get_datastore() self.store = hs.get_datastore()
self._local_threepid_handling_disabled_due_to_email_config = ( self._local_threepid_handling_disabled_due_to_email_config = (
hs.config.local_threepid_handling_disabled_due_to_email_config hs.config.email.local_threepid_handling_disabled_due_to_email_config
) )
self._confirmation_email_template = ( self._confirmation_email_template = (
hs.config.email_password_reset_template_confirmation_html hs.config.email.email_password_reset_template_confirmation_html
) )
self._email_password_reset_template_success_html = ( self._email_password_reset_template_success_html = (
hs.config.email_password_reset_template_success_html_content hs.config.email.email_password_reset_template_success_html_content
) )
self._failure_email_template = ( self._failure_email_template = (
hs.config.email_password_reset_template_failure_html hs.config.email.email_password_reset_template_failure_html
) )
# This resource should not be mounted if threepid behaviour is not LOCAL # This resource should not be mounted if threepid behaviour is not LOCAL
assert hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL assert hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
async def _async_render_GET(self, request: Request) -> Tuple[int, bytes]: async def _async_render_GET(self, request: Request) -> Tuple[int, bytes]:
sid = parse_string(request, "sid", required=True) sid = parse_string(request, "sid", required=True)

View File

@ -36,9 +36,11 @@ class ConsentServerNotices:
self._users_in_progress: Set[str] = set() self._users_in_progress: Set[str] = set()
self._current_consent_version = hs.config.user_consent_version self._current_consent_version = hs.config.consent.user_consent_version
self._server_notice_content = hs.config.user_consent_server_notice_content self._server_notice_content = (
self._send_to_guests = hs.config.user_consent_server_notice_to_guests hs.config.consent.user_consent_server_notice_content
)
self._send_to_guests = hs.config.consent.user_consent_server_notice_to_guests
if self._server_notice_content is not None: if self._server_notice_content is not None:
if not self._server_notices_manager.is_enabled(): if not self._server_notices_manager.is_enabled():
@ -63,6 +65,9 @@ class ConsentServerNotices:
# not enabled # not enabled
return return
# A consent version must be given.
assert self._current_consent_version is not None
# make sure we don't send two messages to the same user at once # make sure we don't send two messages to the same user at once
if user_id in self._users_in_progress: if user_id in self._users_in_progress:
return return

View File

@ -60,7 +60,7 @@ def _make_exclusive_regex(
class ApplicationServiceWorkerStore(SQLBaseStore): class ApplicationServiceWorkerStore(SQLBaseStore):
def __init__(self, database: DatabasePool, db_conn: Connection, hs: "HomeServer"): def __init__(self, database: DatabasePool, db_conn: Connection, hs: "HomeServer"):
self.services_cache = load_appservices( self.services_cache = load_appservices(
hs.hostname, hs.config.app_service_config_files hs.hostname, hs.config.appservice.app_service_config_files
) )
self.exclusive_user_regex = _make_exclusive_regex(self.services_cache) self.exclusive_user_regex = _make_exclusive_regex(self.services_cache)

View File

@ -63,7 +63,7 @@ class MonthlyActiveUsersWorkerStore(SQLBaseStore):
"""Generates current count of monthly active users broken down by service. """Generates current count of monthly active users broken down by service.
A service is typically an appservice but also includes native matrix users. A service is typically an appservice but also includes native matrix users.
Since the `monthly_active_users` table is populated from the `user_ips` table Since the `monthly_active_users` table is populated from the `user_ips` table
`config.track_appservice_user_ips` must be set to `true` for this `config.appservice.track_appservice_user_ips` must be set to `true` for this
method to return anything other than native matrix users. method to return anything other than native matrix users.
Returns: Returns:

View File

@ -388,7 +388,7 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore):
"get_users_expiring_soon", "get_users_expiring_soon",
select_users_txn, select_users_txn,
self._clock.time_msec(), self._clock.time_msec(),
self.config.account_validity_renew_at, self.config.account_validity.account_validity_renew_at,
) )
async def set_renewal_mail_status(self, user_id: str, email_sent: bool) -> None: async def set_renewal_mail_status(self, user_id: str, email_sent: bool) -> None:

View File

@ -545,7 +545,7 @@ def _apply_module_schemas(
database_engine: database_engine:
config: application config config: application config
""" """
for (mod, _config) in config.password_providers: for (mod, _config) in config.authproviders.password_providers:
if not hasattr(mod, "get_db_schema_files"): if not hasattr(mod, "get_db_schema_files"):
continue continue
modname = ".".join((mod.__module__, mod.__name__)) modname = ".".join((mod.__module__, mod.__name__))

View File

@ -33,7 +33,7 @@ def run_upgrade(cur, database_engine, config, *args, **kwargs):
config_files = [] config_files = []
try: try:
config_files = config.app_service_config_files config_files = config.appservice.app_service_config_files
except AttributeError: except AttributeError:
logger.warning("Could not get app_service_config_files from config") logger.warning("Could not get app_service_config_files from config")
pass pass

View File

@ -47,7 +47,7 @@ class DeleteRoomTestCase(unittest.HomeserverTestCase):
def prepare(self, reactor, clock, hs): def prepare(self, reactor, clock, hs):
self.event_creation_handler = hs.get_event_creation_handler() self.event_creation_handler = hs.get_event_creation_handler()
hs.config.user_consent_version = "1" hs.config.consent.user_consent_version = "1"
consent_uri_builder = Mock() consent_uri_builder = Mock()
consent_uri_builder.build_user_consent_uri.return_value = "http://example.com" consent_uri_builder.build_user_consent_uri.return_value = "http://example.com"

View File

@ -97,7 +97,7 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
self.hs.config.enable_registration = True self.hs.config.enable_registration = True
self.hs.config.registrations_require_3pid = [] self.hs.config.registrations_require_3pid = []
self.hs.config.auto_join_rooms = [] self.hs.config.auto_join_rooms = []
self.hs.config.enable_registration_captcha = False self.hs.config.captcha.enable_registration_captcha = False
return self.hs return self.hs

View File

@ -41,9 +41,8 @@ class ApplicationServiceStoreTestCase(unittest.TestCase):
self.addCleanup, federation_sender=Mock(), federation_client=Mock() self.addCleanup, federation_sender=Mock(), federation_client=Mock()
) )
hs.config.app_service_config_files = self.as_yaml_files hs.config.appservice.app_service_config_files = self.as_yaml_files
hs.config.caches.event_cache_size = 1 hs.config.caches.event_cache_size = 1
hs.config.password_providers = []
self.as_token = "token1" self.as_token = "token1"
self.as_url = "some_url" self.as_url = "some_url"
@ -108,9 +107,8 @@ class ApplicationServiceTransactionStoreTestCase(unittest.TestCase):
self.addCleanup, federation_sender=Mock(), federation_client=Mock() self.addCleanup, federation_sender=Mock(), federation_client=Mock()
) )
hs.config.app_service_config_files = self.as_yaml_files hs.config.appservice.app_service_config_files = self.as_yaml_files
hs.config.caches.event_cache_size = 1 hs.config.caches.event_cache_size = 1
hs.config.password_providers = []
self.as_list = [ self.as_list = [
{"token": "token1", "url": "https://matrix-as.org", "id": "id_1"}, {"token": "token1", "url": "https://matrix-as.org", "id": "id_1"},
@ -496,9 +494,8 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
self.addCleanup, federation_sender=Mock(), federation_client=Mock() self.addCleanup, federation_sender=Mock(), federation_client=Mock()
) )
hs.config.app_service_config_files = [f1, f2] hs.config.appservice.app_service_config_files = [f1, f2]
hs.config.caches.event_cache_size = 1 hs.config.caches.event_cache_size = 1
hs.config.password_providers = []
database = hs.get_datastores().databases[0] database = hs.get_datastores().databases[0]
ApplicationServiceStore( ApplicationServiceStore(
@ -514,7 +511,7 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
self.addCleanup, federation_sender=Mock(), federation_client=Mock() self.addCleanup, federation_sender=Mock(), federation_client=Mock()
) )
hs.config.app_service_config_files = [f1, f2] hs.config.appservice.app_service_config_files = [f1, f2]
hs.config.caches.event_cache_size = 1 hs.config.caches.event_cache_size = 1
hs.config.password_providers = [] hs.config.password_providers = []
@ -540,9 +537,8 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
self.addCleanup, federation_sender=Mock(), federation_client=Mock() self.addCleanup, federation_sender=Mock(), federation_client=Mock()
) )
hs.config.app_service_config_files = [f1, f2] hs.config.appservice.app_service_config_files = [f1, f2]
hs.config.caches.event_cache_size = 1 hs.config.caches.event_cache_size = 1
hs.config.password_providers = []
with self.assertRaises(ConfigError) as cm: with self.assertRaises(ConfigError) as cm:
database = hs.get_datastores().databases[0] database = hs.get_datastores().databases[0]

View File

@ -258,7 +258,7 @@ class CleanupExtremDummyEventsTestCase(HomeserverTestCase):
info, _ = self.get_success(self.room_creator.create_room(self.requester, {})) info, _ = self.get_success(self.room_creator.create_room(self.requester, {}))
self.room_id = info["room_id"] self.room_id = info["room_id"]
self.event_creator = homeserver.get_event_creation_handler() self.event_creator = homeserver.get_event_creation_handler()
homeserver.config.user_consent_version = self.CONSENT_VERSION homeserver.config.consent.user_consent_version = self.CONSENT_VERSION
def test_send_dummy_event(self): def test_send_dummy_event(self):
self._create_extremity_rich_graph() self._create_extremity_rich_graph()