mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Use direct references for some configuration variables (part 3) (#10885)
This avoids the overhead of searching through the various configuration classes by directly referencing the class that the attributes are in. It also improves type hints since mypy can now resolve the types of the configuration variables.
This commit is contained in:
parent
aa2c027792
commit
e584534403
1
changelog.d/10885.misc
Normal file
1
changelog.d/10885.misc
Normal file
@ -0,0 +1 @@
|
||||
Use direct references to config flags.
|
@ -195,7 +195,7 @@ class SynapseHomeServer(HomeServer):
|
||||
}
|
||||
)
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
from synapse.rest.synapse.client.password_reset import (
|
||||
PasswordResetSubmitTokenResource,
|
||||
)
|
||||
|
@ -13,6 +13,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
from os import path
|
||||
from typing import Optional
|
||||
|
||||
from synapse.config import ConfigError
|
||||
|
||||
@ -78,8 +79,8 @@ class ConsentConfig(Config):
|
||||
def __init__(self, *args):
|
||||
super().__init__(*args)
|
||||
|
||||
self.user_consent_version = None
|
||||
self.user_consent_template_dir = None
|
||||
self.user_consent_version: Optional[str] = None
|
||||
self.user_consent_template_dir: Optional[str] = None
|
||||
self.user_consent_server_notice_content = None
|
||||
self.user_consent_server_notice_to_guests = False
|
||||
self.block_events_without_consent_error = None
|
||||
@ -94,7 +95,9 @@ class ConsentConfig(Config):
|
||||
return
|
||||
self.user_consent_version = str(consent_config["version"])
|
||||
self.user_consent_template_dir = self.abspath(consent_config["template_dir"])
|
||||
if not path.isdir(self.user_consent_template_dir):
|
||||
if not isinstance(self.user_consent_template_dir, str) or not path.isdir(
|
||||
self.user_consent_template_dir
|
||||
):
|
||||
raise ConfigError(
|
||||
"Could not find template directory '%s'"
|
||||
% (self.user_consent_template_dir,)
|
||||
|
@ -47,7 +47,7 @@ class AccountValidityHandler:
|
||||
self.send_email_handler = self.hs.get_send_email_handler()
|
||||
self.clock = self.hs.get_clock()
|
||||
|
||||
self._app_name = self.hs.config.email_app_name
|
||||
self._app_name = self.hs.config.email.email_app_name
|
||||
|
||||
self._account_validity_enabled = (
|
||||
hs.config.account_validity.account_validity_enabled
|
||||
|
@ -52,7 +52,7 @@ class ApplicationServicesHandler:
|
||||
self.scheduler = hs.get_application_service_scheduler()
|
||||
self.started_scheduler = False
|
||||
self.clock = hs.get_clock()
|
||||
self.notify_appservices = hs.config.notify_appservices
|
||||
self.notify_appservices = hs.config.appservice.notify_appservices
|
||||
self.event_sources = hs.get_event_sources()
|
||||
|
||||
self.current_max = 0
|
||||
|
@ -210,15 +210,15 @@ class AuthHandler(BaseHandler):
|
||||
|
||||
self.password_providers = [
|
||||
PasswordProvider.load(module, config, account_handler)
|
||||
for module, config in hs.config.password_providers
|
||||
for module, config in hs.config.authproviders.password_providers
|
||||
]
|
||||
|
||||
logger.info("Extra password_providers: %s", self.password_providers)
|
||||
|
||||
self.hs = hs # FIXME better possibility to access registrationHandler later?
|
||||
self.macaroon_gen = hs.get_macaroon_generator()
|
||||
self._password_enabled = hs.config.password_enabled
|
||||
self._password_localdb_enabled = hs.config.password_localdb_enabled
|
||||
self._password_enabled = hs.config.auth.password_enabled
|
||||
self._password_localdb_enabled = hs.config.auth.password_localdb_enabled
|
||||
|
||||
# start out by assuming PASSWORD is enabled; we will remove it later if not.
|
||||
login_types = set()
|
||||
@ -250,7 +250,7 @@ class AuthHandler(BaseHandler):
|
||||
)
|
||||
|
||||
# The number of seconds to keep a UI auth session active.
|
||||
self._ui_auth_session_timeout = hs.config.ui_auth_session_timeout
|
||||
self._ui_auth_session_timeout = hs.config.auth.ui_auth_session_timeout
|
||||
|
||||
# Ratelimitier for failed /login attempts
|
||||
self._failed_login_attempts_ratelimiter = Ratelimiter(
|
||||
@ -739,19 +739,19 @@ class AuthHandler(BaseHandler):
|
||||
return canonical_id
|
||||
|
||||
def _get_params_recaptcha(self) -> dict:
|
||||
return {"public_key": self.hs.config.recaptcha_public_key}
|
||||
return {"public_key": self.hs.config.captcha.recaptcha_public_key}
|
||||
|
||||
def _get_params_terms(self) -> dict:
|
||||
return {
|
||||
"policies": {
|
||||
"privacy_policy": {
|
||||
"version": self.hs.config.user_consent_version,
|
||||
"version": self.hs.config.consent.user_consent_version,
|
||||
"en": {
|
||||
"name": self.hs.config.user_consent_policy_name,
|
||||
"name": self.hs.config.consent.user_consent_policy_name,
|
||||
"url": "%s_matrix/consent?v=%s"
|
||||
% (
|
||||
self.hs.config.server.public_baseurl,
|
||||
self.hs.config.user_consent_version,
|
||||
self.hs.config.consent.user_consent_version,
|
||||
),
|
||||
},
|
||||
}
|
||||
@ -1016,7 +1016,7 @@ class AuthHandler(BaseHandler):
|
||||
def can_change_password(self) -> bool:
|
||||
"""Get whether users on this server are allowed to change or set a password.
|
||||
|
||||
Both `config.password_enabled` and `config.password_localdb_enabled` must be true.
|
||||
Both `config.auth.password_enabled` and `config.auth.password_localdb_enabled` must be true.
|
||||
|
||||
Note that any account (even SSO accounts) are allowed to add passwords if the above
|
||||
is true.
|
||||
@ -1486,7 +1486,7 @@ class AuthHandler(BaseHandler):
|
||||
pw = unicodedata.normalize("NFKC", password)
|
||||
|
||||
return bcrypt.hashpw(
|
||||
pw.encode("utf8") + self.hs.config.password_pepper.encode("utf8"),
|
||||
pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
|
||||
bcrypt.gensalt(self.bcrypt_rounds),
|
||||
).decode("ascii")
|
||||
|
||||
@ -1510,7 +1510,7 @@ class AuthHandler(BaseHandler):
|
||||
pw = unicodedata.normalize("NFKC", password)
|
||||
|
||||
return bcrypt.checkpw(
|
||||
pw.encode("utf8") + self.hs.config.password_pepper.encode("utf8"),
|
||||
pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
|
||||
checked_hash,
|
||||
)
|
||||
|
||||
|
@ -65,10 +65,10 @@ class CasHandler:
|
||||
self._auth_handler = hs.get_auth_handler()
|
||||
self._registration_handler = hs.get_registration_handler()
|
||||
|
||||
self._cas_server_url = hs.config.cas_server_url
|
||||
self._cas_service_url = hs.config.cas_service_url
|
||||
self._cas_displayname_attribute = hs.config.cas_displayname_attribute
|
||||
self._cas_required_attributes = hs.config.cas_required_attributes
|
||||
self._cas_server_url = hs.config.cas.cas_server_url
|
||||
self._cas_service_url = hs.config.cas.cas_service_url
|
||||
self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute
|
||||
self._cas_required_attributes = hs.config.cas.cas_required_attributes
|
||||
|
||||
self._http_client = hs.get_proxied_http_client()
|
||||
|
||||
|
@ -62,7 +62,7 @@ class IdentityHandler(BaseHandler):
|
||||
self.federation_http_client = hs.get_federation_http_client()
|
||||
self.hs = hs
|
||||
|
||||
self._web_client_location = hs.config.invite_client_location
|
||||
self._web_client_location = hs.config.email.invite_client_location
|
||||
|
||||
# Ratelimiters for `/requestToken` endpoints.
|
||||
self._3pid_validation_ratelimiter_ip = Ratelimiter(
|
||||
@ -419,7 +419,7 @@ class IdentityHandler(BaseHandler):
|
||||
|
||||
token_expires = (
|
||||
self.hs.get_clock().time_msec()
|
||||
+ self.hs.config.email_validation_token_lifetime
|
||||
+ self.hs.config.email.email_validation_token_lifetime
|
||||
)
|
||||
|
||||
await self.store.start_or_continue_validation_session(
|
||||
@ -465,7 +465,7 @@ class IdentityHandler(BaseHandler):
|
||||
if next_link:
|
||||
params["next_link"] = next_link
|
||||
|
||||
if self.hs.config.using_identity_server_from_trusted_list:
|
||||
if self.hs.config.email.using_identity_server_from_trusted_list:
|
||||
# Warn that a deprecated config option is in use
|
||||
logger.warning(
|
||||
'The config option "trust_identity_server_for_password_resets" '
|
||||
@ -518,7 +518,7 @@ class IdentityHandler(BaseHandler):
|
||||
if next_link:
|
||||
params["next_link"] = next_link
|
||||
|
||||
if self.hs.config.using_identity_server_from_trusted_list:
|
||||
if self.hs.config.email.using_identity_server_from_trusted_list:
|
||||
# Warn that a deprecated config option is in use
|
||||
logger.warning(
|
||||
'The config option "trust_identity_server_for_password_resets" '
|
||||
@ -572,12 +572,12 @@ class IdentityHandler(BaseHandler):
|
||||
validation_session = None
|
||||
|
||||
# Try to validate as email
|
||||
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
# Ask our delegated email identity server
|
||||
validation_session = await self.threepid_from_creds(
|
||||
self.hs.config.account_threepid_delegate_email, threepid_creds
|
||||
)
|
||||
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
# Get a validated session matching these details
|
||||
validation_session = await self.store.get_threepid_validation_session(
|
||||
"email", client_secret, sid=sid, validated=True
|
||||
|
@ -443,7 +443,7 @@ class EventCreationHandler:
|
||||
)
|
||||
|
||||
self._block_events_without_consent_error = (
|
||||
self.config.block_events_without_consent_error
|
||||
self.config.consent.block_events_without_consent_error
|
||||
)
|
||||
|
||||
# we need to construct a ConsentURIBuilder here, as it checks that the necessary
|
||||
@ -744,7 +744,7 @@ class EventCreationHandler:
|
||||
if u["appservice_id"] is not None:
|
||||
# users registered by an appservice are exempt
|
||||
return
|
||||
if u["consent_version"] == self.config.user_consent_version:
|
||||
if u["consent_version"] == self.config.consent.user_consent_version:
|
||||
return
|
||||
|
||||
consent_uri = self._consent_uri_builder.build_user_consent_uri(user.localpart)
|
||||
|
@ -27,8 +27,8 @@ logger = logging.getLogger(__name__)
|
||||
|
||||
class PasswordPolicyHandler:
|
||||
def __init__(self, hs: "HomeServer"):
|
||||
self.policy = hs.config.password_policy
|
||||
self.enabled = hs.config.password_policy_enabled
|
||||
self.policy = hs.config.auth.password_policy
|
||||
self.enabled = hs.config.auth.password_policy_enabled
|
||||
|
||||
# Regexps for the spec'd policy parameters.
|
||||
self.regexp_digit = re.compile("[0-9]")
|
||||
|
@ -97,6 +97,7 @@ class RegistrationHandler(BaseHandler):
|
||||
self.ratelimiter = hs.get_registration_ratelimiter()
|
||||
self.macaroon_gen = hs.get_macaroon_generator()
|
||||
self._account_validity_handler = hs.get_account_validity_handler()
|
||||
self._user_consent_version = self.hs.config.consent.user_consent_version
|
||||
self._server_notices_mxid = hs.config.server_notices_mxid
|
||||
self._server_name = hs.hostname
|
||||
|
||||
@ -339,7 +340,7 @@ class RegistrationHandler(BaseHandler):
|
||||
auth_provider=(auth_provider_id or ""),
|
||||
).inc()
|
||||
|
||||
if not self.hs.config.user_consent_at_registration:
|
||||
if not self.hs.config.consent.user_consent_at_registration:
|
||||
if not self.hs.config.auto_join_rooms_for_guests and make_guest:
|
||||
logger.info(
|
||||
"Skipping auto-join for %s because auto-join for guests is disabled",
|
||||
@ -864,7 +865,9 @@ class RegistrationHandler(BaseHandler):
|
||||
await self._register_msisdn_threepid(user_id, threepid)
|
||||
|
||||
if auth_result and LoginType.TERMS in auth_result:
|
||||
await self._on_user_consented(user_id, self.hs.config.user_consent_version)
|
||||
# The terms type should only exist if consent is enabled.
|
||||
assert self._user_consent_version is not None
|
||||
await self._on_user_consented(user_id, self._user_consent_version)
|
||||
|
||||
async def _on_user_consented(self, user_id: str, consent_version: str) -> None:
|
||||
"""A user consented to the terms on registration
|
||||
@ -910,8 +913,8 @@ class RegistrationHandler(BaseHandler):
|
||||
# getting mail spam where they weren't before if email
|
||||
# notifs are set up on a homeserver)
|
||||
if (
|
||||
self.hs.config.email_enable_notifs
|
||||
and self.hs.config.email_notif_for_new_users
|
||||
self.hs.config.email.email_enable_notifs
|
||||
and self.hs.config.email.email_notif_for_new_users
|
||||
and token
|
||||
):
|
||||
# Pull the ID of the access token back out of the db
|
||||
|
@ -82,10 +82,10 @@ class RecaptchaAuthChecker(UserInteractiveAuthChecker):
|
||||
|
||||
def __init__(self, hs: "HomeServer"):
|
||||
super().__init__(hs)
|
||||
self._enabled = bool(hs.config.recaptcha_private_key)
|
||||
self._enabled = bool(hs.config.captcha.recaptcha_private_key)
|
||||
self._http_client = hs.get_proxied_http_client()
|
||||
self._url = hs.config.recaptcha_siteverify_api
|
||||
self._secret = hs.config.recaptcha_private_key
|
||||
self._url = hs.config.captcha.recaptcha_siteverify_api
|
||||
self._secret = hs.config.captcha.recaptcha_private_key
|
||||
|
||||
def is_enabled(self) -> bool:
|
||||
return self._enabled
|
||||
@ -161,12 +161,17 @@ class _BaseThreepidAuthChecker:
|
||||
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
|
||||
)
|
||||
elif medium == "email":
|
||||
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
if (
|
||||
self.hs.config.email.threepid_behaviour_email
|
||||
== ThreepidBehaviour.REMOTE
|
||||
):
|
||||
assert self.hs.config.account_threepid_delegate_email
|
||||
threepid = await identity_handler.threepid_from_creds(
|
||||
self.hs.config.account_threepid_delegate_email, threepid_creds
|
||||
)
|
||||
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
elif (
|
||||
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
|
||||
):
|
||||
threepid = None
|
||||
row = await self.store.get_threepid_validation_session(
|
||||
medium,
|
||||
@ -218,7 +223,7 @@ class EmailIdentityAuthChecker(UserInteractiveAuthChecker, _BaseThreepidAuthChec
|
||||
_BaseThreepidAuthChecker.__init__(self, hs)
|
||||
|
||||
def is_enabled(self) -> bool:
|
||||
return self.hs.config.threepid_behaviour_email in (
|
||||
return self.hs.config.email.threepid_behaviour_email in (
|
||||
ThreepidBehaviour.REMOTE,
|
||||
ThreepidBehaviour.LOCAL,
|
||||
)
|
||||
|
@ -119,14 +119,16 @@ class ModuleApi:
|
||||
self.custom_template_dir = hs.config.server.custom_template_directory
|
||||
|
||||
try:
|
||||
app_name = self._hs.config.email_app_name
|
||||
app_name = self._hs.config.email.email_app_name
|
||||
|
||||
self._from_string = self._hs.config.email_notif_from % {"app": app_name}
|
||||
self._from_string = self._hs.config.email.email_notif_from % {
|
||||
"app": app_name
|
||||
}
|
||||
except (KeyError, TypeError):
|
||||
# If substitution failed (which can happen if the string contains
|
||||
# placeholders other than just "app", or if the type of the placeholder is
|
||||
# not a string), fall back to the bare strings.
|
||||
self._from_string = self._hs.config.email_notif_from
|
||||
self._from_string = self._hs.config.email.email_notif_from
|
||||
|
||||
self._raw_from = email.utils.parseaddr(self._from_string)[1]
|
||||
|
||||
|
@ -77,4 +77,4 @@ class PusherFactory:
|
||||
if isinstance(brand, str):
|
||||
return brand
|
||||
|
||||
return self.config.email_app_name
|
||||
return self.config.email.email_app_name
|
||||
|
@ -368,8 +368,8 @@ class UserRestServletV2(RestServlet):
|
||||
user_id, medium, address, current_time
|
||||
)
|
||||
if (
|
||||
self.hs.config.email_enable_notifs
|
||||
and self.hs.config.email_notif_for_new_users
|
||||
self.hs.config.email.email_enable_notifs
|
||||
and self.hs.config.email.email_notif_for_new_users
|
||||
):
|
||||
await self.pusher_pool.add_pusher(
|
||||
user_id=user_id,
|
||||
|
@ -64,17 +64,17 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
||||
self.config = hs.config
|
||||
self.identity_handler = hs.get_identity_handler()
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
self.mailer = Mailer(
|
||||
hs=self.hs,
|
||||
app_name=self.config.email_app_name,
|
||||
template_html=self.config.email_password_reset_template_html,
|
||||
template_text=self.config.email_password_reset_template_text,
|
||||
app_name=self.config.email.email_app_name,
|
||||
template_html=self.config.email.email_password_reset_template_html,
|
||||
template_text=self.config.email.email_password_reset_template_text,
|
||||
)
|
||||
|
||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.local_threepid_handling_disabled_due_to_email_config:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.email.local_threepid_handling_disabled_due_to_email_config:
|
||||
logger.warning(
|
||||
"User password resets have been disabled due to lack of email config"
|
||||
)
|
||||
@ -129,7 +129,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
||||
|
||||
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
assert self.hs.config.account_threepid_delegate_email
|
||||
|
||||
# Have the configured identity server handle the request
|
||||
@ -349,17 +349,17 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
||||
self.identity_handler = hs.get_identity_handler()
|
||||
self.store = self.hs.get_datastore()
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
self.mailer = Mailer(
|
||||
hs=self.hs,
|
||||
app_name=self.config.email_app_name,
|
||||
template_html=self.config.email_add_threepid_template_html,
|
||||
template_text=self.config.email_add_threepid_template_text,
|
||||
app_name=self.config.email.email_app_name,
|
||||
template_html=self.config.email.email_add_threepid_template_html,
|
||||
template_text=self.config.email.email_add_threepid_template_text,
|
||||
)
|
||||
|
||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.local_threepid_handling_disabled_due_to_email_config:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.email.local_threepid_handling_disabled_due_to_email_config:
|
||||
logger.warning(
|
||||
"Adding emails have been disabled due to lack of an email config"
|
||||
)
|
||||
@ -413,7 +413,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
||||
|
||||
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
assert self.hs.config.account_threepid_delegate_email
|
||||
|
||||
# Have the configured identity server handle the request
|
||||
@ -534,21 +534,21 @@ class AddThreepidEmailSubmitTokenServlet(RestServlet):
|
||||
self.config = hs.config
|
||||
self.clock = hs.get_clock()
|
||||
self.store = hs.get_datastore()
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
self._failure_email_template = (
|
||||
self.config.email_add_threepid_template_failure_html
|
||||
self.config.email.email_add_threepid_template_failure_html
|
||||
)
|
||||
|
||||
async def on_GET(self, request: Request) -> None:
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.local_threepid_handling_disabled_due_to_email_config:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.email.local_threepid_handling_disabled_due_to_email_config:
|
||||
logger.warning(
|
||||
"Adding emails have been disabled due to lack of an email config"
|
||||
)
|
||||
raise SynapseError(
|
||||
400, "Adding an email to your account is disabled on this server"
|
||||
)
|
||||
elif self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
elif self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
raise SynapseError(
|
||||
400,
|
||||
"This homeserver is not validating threepids. Use an identity server "
|
||||
@ -575,7 +575,7 @@ class AddThreepidEmailSubmitTokenServlet(RestServlet):
|
||||
return None
|
||||
|
||||
# Otherwise show the success template
|
||||
html = self.config.email_add_threepid_template_success_html_content
|
||||
html = self.config.email.email_add_threepid_template_success_html_content
|
||||
status_code = 200
|
||||
except ThreepidValidationError as e:
|
||||
status_code = e.code
|
||||
|
@ -47,7 +47,7 @@ class AuthRestServlet(RestServlet):
|
||||
self.auth = hs.get_auth()
|
||||
self.auth_handler = hs.get_auth_handler()
|
||||
self.registration_handler = hs.get_registration_handler()
|
||||
self.recaptcha_template = hs.config.recaptcha_template
|
||||
self.recaptcha_template = hs.config.captcha.recaptcha_template
|
||||
self.terms_template = hs.config.terms_template
|
||||
self.registration_token_template = hs.config.registration_token_template
|
||||
self.success_template = hs.config.fallback_success_template
|
||||
@ -62,7 +62,7 @@ class AuthRestServlet(RestServlet):
|
||||
session=session,
|
||||
myurl="%s/r0/auth/%s/fallback/web"
|
||||
% (CLIENT_API_PREFIX, LoginType.RECAPTCHA),
|
||||
sitekey=self.hs.config.recaptcha_public_key,
|
||||
sitekey=self.hs.config.captcha.recaptcha_public_key,
|
||||
)
|
||||
elif stagetype == LoginType.TERMS:
|
||||
html = self.terms_template.render(
|
||||
@ -70,7 +70,7 @@ class AuthRestServlet(RestServlet):
|
||||
terms_url="%s_matrix/consent?v=%s"
|
||||
% (
|
||||
self.hs.config.server.public_baseurl,
|
||||
self.hs.config.user_consent_version,
|
||||
self.hs.config.consent.user_consent_version,
|
||||
),
|
||||
myurl="%s/r0/auth/%s/fallback/web"
|
||||
% (CLIENT_API_PREFIX, LoginType.TERMS),
|
||||
@ -118,7 +118,7 @@ class AuthRestServlet(RestServlet):
|
||||
session=session,
|
||||
myurl="%s/r0/auth/%s/fallback/web"
|
||||
% (CLIENT_API_PREFIX, LoginType.RECAPTCHA),
|
||||
sitekey=self.hs.config.recaptcha_public_key,
|
||||
sitekey=self.hs.config.captcha.recaptcha_public_key,
|
||||
error=e.msg,
|
||||
)
|
||||
else:
|
||||
@ -139,7 +139,7 @@ class AuthRestServlet(RestServlet):
|
||||
terms_url="%s_matrix/consent?v=%s"
|
||||
% (
|
||||
self.hs.config.server.public_baseurl,
|
||||
self.hs.config.user_consent_version,
|
||||
self.hs.config.consent.user_consent_version,
|
||||
),
|
||||
myurl="%s/r0/auth/%s/fallback/web"
|
||||
% (CLIENT_API_PREFIX, LoginType.TERMS),
|
||||
|
@ -77,7 +77,7 @@ class LoginRestServlet(RestServlet):
|
||||
|
||||
# SSO configuration.
|
||||
self.saml2_enabled = hs.config.saml2_enabled
|
||||
self.cas_enabled = hs.config.cas_enabled
|
||||
self.cas_enabled = hs.config.cas.cas_enabled
|
||||
self.oidc_enabled = hs.config.oidc_enabled
|
||||
self._msc2918_enabled = hs.config.access_token_lifetime is not None
|
||||
|
||||
@ -559,7 +559,7 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
|
||||
if hs.config.access_token_lifetime is not None:
|
||||
RefreshTokenServlet(hs).register(http_server)
|
||||
SsoRedirectServlet(hs).register(http_server)
|
||||
if hs.config.cas_enabled:
|
||||
if hs.config.cas.cas_enabled:
|
||||
CasTicketServlet(hs).register(http_server)
|
||||
|
||||
|
||||
|
@ -35,8 +35,8 @@ class PasswordPolicyServlet(RestServlet):
|
||||
def __init__(self, hs: "HomeServer"):
|
||||
super().__init__()
|
||||
|
||||
self.policy = hs.config.password_policy
|
||||
self.enabled = hs.config.password_policy_enabled
|
||||
self.policy = hs.config.auth.password_policy
|
||||
self.enabled = hs.config.auth.password_policy_enabled
|
||||
|
||||
def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
|
||||
if not self.enabled or not self.policy:
|
||||
|
@ -75,17 +75,19 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
||||
self.identity_handler = hs.get_identity_handler()
|
||||
self.config = hs.config
|
||||
|
||||
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
self.mailer = Mailer(
|
||||
hs=self.hs,
|
||||
app_name=self.config.email_app_name,
|
||||
template_html=self.config.email_registration_template_html,
|
||||
template_text=self.config.email_registration_template_text,
|
||||
app_name=self.config.email.email_app_name,
|
||||
template_html=self.config.email.email_registration_template_html,
|
||||
template_text=self.config.email.email_registration_template_text,
|
||||
)
|
||||
|
||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.hs.config.local_threepid_handling_disabled_due_to_email_config:
|
||||
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if (
|
||||
self.hs.config.email.local_threepid_handling_disabled_due_to_email_config
|
||||
):
|
||||
logger.warning(
|
||||
"Email registration has been disabled due to lack of email config"
|
||||
)
|
||||
@ -137,7 +139,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
||||
|
||||
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||
assert self.hs.config.account_threepid_delegate_email
|
||||
|
||||
# Have the configured identity server handle the request
|
||||
@ -259,9 +261,9 @@ class RegistrationSubmitTokenServlet(RestServlet):
|
||||
self.clock = hs.get_clock()
|
||||
self.store = hs.get_datastore()
|
||||
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||
self._failure_email_template = (
|
||||
self.config.email_registration_template_failure_html
|
||||
self.config.email.email_registration_template_failure_html
|
||||
)
|
||||
|
||||
async def on_GET(self, request: Request, medium: str) -> None:
|
||||
@ -269,8 +271,8 @@ class RegistrationSubmitTokenServlet(RestServlet):
|
||||
raise SynapseError(
|
||||
400, "This medium is currently not supported for registration"
|
||||
)
|
||||
if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.local_threepid_handling_disabled_due_to_email_config:
|
||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.OFF:
|
||||
if self.config.email.local_threepid_handling_disabled_due_to_email_config:
|
||||
logger.warning(
|
||||
"User registration via email has been disabled due to lack of email config"
|
||||
)
|
||||
@ -303,7 +305,7 @@ class RegistrationSubmitTokenServlet(RestServlet):
|
||||
return None
|
||||
|
||||
# Otherwise show the success template
|
||||
html = self.config.email_registration_template_success_html_content
|
||||
html = self.config.email.email_registration_template_success_html_content
|
||||
status_code = 200
|
||||
except ThreepidValidationError as e:
|
||||
status_code = e.code
|
||||
@ -897,12 +899,12 @@ def _calculate_registration_flows(
|
||||
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
|
||||
|
||||
# Prepend m.login.terms to all flows if we're requiring consent
|
||||
if config.user_consent_at_registration:
|
||||
if config.consent.user_consent_at_registration:
|
||||
for flow in flows:
|
||||
flow.insert(0, LoginType.TERMS)
|
||||
|
||||
# Prepend recaptcha to all flows if we're requiring captcha
|
||||
if config.enable_registration_captcha:
|
||||
if config.captcha.enable_registration_captcha:
|
||||
for flow in flows:
|
||||
flow.insert(0, LoginType.RECAPTCHA)
|
||||
|
||||
|
@ -84,14 +84,15 @@ class ConsentResource(DirectServeHtmlResource):
|
||||
# this is required by the request_handler wrapper
|
||||
self.clock = hs.get_clock()
|
||||
|
||||
self._default_consent_version = hs.config.user_consent_version
|
||||
if self._default_consent_version is None:
|
||||
# Consent must be configured to create this resource.
|
||||
default_consent_version = hs.config.consent.user_consent_version
|
||||
consent_template_directory = hs.config.consent.user_consent_template_dir
|
||||
if default_consent_version is None or consent_template_directory is None:
|
||||
raise ConfigError(
|
||||
"Consent resource is enabled but user_consent section is "
|
||||
"missing in config file."
|
||||
)
|
||||
|
||||
consent_template_directory = hs.config.user_consent_template_dir
|
||||
self._default_consent_version = default_consent_version
|
||||
|
||||
# TODO: switch to synapse.util.templates.build_jinja_env
|
||||
loader = jinja2.FileSystemLoader(consent_template_directory)
|
||||
|
@ -47,20 +47,20 @@ class PasswordResetSubmitTokenResource(DirectServeHtmlResource):
|
||||
self.store = hs.get_datastore()
|
||||
|
||||
self._local_threepid_handling_disabled_due_to_email_config = (
|
||||
hs.config.local_threepid_handling_disabled_due_to_email_config
|
||||
hs.config.email.local_threepid_handling_disabled_due_to_email_config
|
||||
)
|
||||
self._confirmation_email_template = (
|
||||
hs.config.email_password_reset_template_confirmation_html
|
||||
hs.config.email.email_password_reset_template_confirmation_html
|
||||
)
|
||||
self._email_password_reset_template_success_html = (
|
||||
hs.config.email_password_reset_template_success_html_content
|
||||
hs.config.email.email_password_reset_template_success_html_content
|
||||
)
|
||||
self._failure_email_template = (
|
||||
hs.config.email_password_reset_template_failure_html
|
||||
hs.config.email.email_password_reset_template_failure_html
|
||||
)
|
||||
|
||||
# This resource should not be mounted if threepid behaviour is not LOCAL
|
||||
assert hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL
|
||||
assert hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
|
||||
|
||||
async def _async_render_GET(self, request: Request) -> Tuple[int, bytes]:
|
||||
sid = parse_string(request, "sid", required=True)
|
||||
|
@ -36,9 +36,11 @@ class ConsentServerNotices:
|
||||
|
||||
self._users_in_progress: Set[str] = set()
|
||||
|
||||
self._current_consent_version = hs.config.user_consent_version
|
||||
self._server_notice_content = hs.config.user_consent_server_notice_content
|
||||
self._send_to_guests = hs.config.user_consent_server_notice_to_guests
|
||||
self._current_consent_version = hs.config.consent.user_consent_version
|
||||
self._server_notice_content = (
|
||||
hs.config.consent.user_consent_server_notice_content
|
||||
)
|
||||
self._send_to_guests = hs.config.consent.user_consent_server_notice_to_guests
|
||||
|
||||
if self._server_notice_content is not None:
|
||||
if not self._server_notices_manager.is_enabled():
|
||||
@ -63,6 +65,9 @@ class ConsentServerNotices:
|
||||
# not enabled
|
||||
return
|
||||
|
||||
# A consent version must be given.
|
||||
assert self._current_consent_version is not None
|
||||
|
||||
# make sure we don't send two messages to the same user at once
|
||||
if user_id in self._users_in_progress:
|
||||
return
|
||||
|
@ -60,7 +60,7 @@ def _make_exclusive_regex(
|
||||
class ApplicationServiceWorkerStore(SQLBaseStore):
|
||||
def __init__(self, database: DatabasePool, db_conn: Connection, hs: "HomeServer"):
|
||||
self.services_cache = load_appservices(
|
||||
hs.hostname, hs.config.app_service_config_files
|
||||
hs.hostname, hs.config.appservice.app_service_config_files
|
||||
)
|
||||
self.exclusive_user_regex = _make_exclusive_regex(self.services_cache)
|
||||
|
||||
|
@ -63,7 +63,7 @@ class MonthlyActiveUsersWorkerStore(SQLBaseStore):
|
||||
"""Generates current count of monthly active users broken down by service.
|
||||
A service is typically an appservice but also includes native matrix users.
|
||||
Since the `monthly_active_users` table is populated from the `user_ips` table
|
||||
`config.track_appservice_user_ips` must be set to `true` for this
|
||||
`config.appservice.track_appservice_user_ips` must be set to `true` for this
|
||||
method to return anything other than native matrix users.
|
||||
|
||||
Returns:
|
||||
|
@ -388,7 +388,7 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore):
|
||||
"get_users_expiring_soon",
|
||||
select_users_txn,
|
||||
self._clock.time_msec(),
|
||||
self.config.account_validity_renew_at,
|
||||
self.config.account_validity.account_validity_renew_at,
|
||||
)
|
||||
|
||||
async def set_renewal_mail_status(self, user_id: str, email_sent: bool) -> None:
|
||||
|
@ -545,7 +545,7 @@ def _apply_module_schemas(
|
||||
database_engine:
|
||||
config: application config
|
||||
"""
|
||||
for (mod, _config) in config.password_providers:
|
||||
for (mod, _config) in config.authproviders.password_providers:
|
||||
if not hasattr(mod, "get_db_schema_files"):
|
||||
continue
|
||||
modname = ".".join((mod.__module__, mod.__name__))
|
||||
|
@ -33,7 +33,7 @@ def run_upgrade(cur, database_engine, config, *args, **kwargs):
|
||||
|
||||
config_files = []
|
||||
try:
|
||||
config_files = config.app_service_config_files
|
||||
config_files = config.appservice.app_service_config_files
|
||||
except AttributeError:
|
||||
logger.warning("Could not get app_service_config_files from config")
|
||||
pass
|
||||
|
@ -47,7 +47,7 @@ class DeleteRoomTestCase(unittest.HomeserverTestCase):
|
||||
|
||||
def prepare(self, reactor, clock, hs):
|
||||
self.event_creation_handler = hs.get_event_creation_handler()
|
||||
hs.config.user_consent_version = "1"
|
||||
hs.config.consent.user_consent_version = "1"
|
||||
|
||||
consent_uri_builder = Mock()
|
||||
consent_uri_builder.build_user_consent_uri.return_value = "http://example.com"
|
||||
|
@ -97,7 +97,7 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
|
||||
self.hs.config.enable_registration = True
|
||||
self.hs.config.registrations_require_3pid = []
|
||||
self.hs.config.auto_join_rooms = []
|
||||
self.hs.config.enable_registration_captcha = False
|
||||
self.hs.config.captcha.enable_registration_captcha = False
|
||||
|
||||
return self.hs
|
||||
|
||||
|
@ -41,9 +41,8 @@ class ApplicationServiceStoreTestCase(unittest.TestCase):
|
||||
self.addCleanup, federation_sender=Mock(), federation_client=Mock()
|
||||
)
|
||||
|
||||
hs.config.app_service_config_files = self.as_yaml_files
|
||||
hs.config.appservice.app_service_config_files = self.as_yaml_files
|
||||
hs.config.caches.event_cache_size = 1
|
||||
hs.config.password_providers = []
|
||||
|
||||
self.as_token = "token1"
|
||||
self.as_url = "some_url"
|
||||
@ -108,9 +107,8 @@ class ApplicationServiceTransactionStoreTestCase(unittest.TestCase):
|
||||
self.addCleanup, federation_sender=Mock(), federation_client=Mock()
|
||||
)
|
||||
|
||||
hs.config.app_service_config_files = self.as_yaml_files
|
||||
hs.config.appservice.app_service_config_files = self.as_yaml_files
|
||||
hs.config.caches.event_cache_size = 1
|
||||
hs.config.password_providers = []
|
||||
|
||||
self.as_list = [
|
||||
{"token": "token1", "url": "https://matrix-as.org", "id": "id_1"},
|
||||
@ -496,9 +494,8 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
|
||||
self.addCleanup, federation_sender=Mock(), federation_client=Mock()
|
||||
)
|
||||
|
||||
hs.config.app_service_config_files = [f1, f2]
|
||||
hs.config.appservice.app_service_config_files = [f1, f2]
|
||||
hs.config.caches.event_cache_size = 1
|
||||
hs.config.password_providers = []
|
||||
|
||||
database = hs.get_datastores().databases[0]
|
||||
ApplicationServiceStore(
|
||||
@ -514,7 +511,7 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
|
||||
self.addCleanup, federation_sender=Mock(), federation_client=Mock()
|
||||
)
|
||||
|
||||
hs.config.app_service_config_files = [f1, f2]
|
||||
hs.config.appservice.app_service_config_files = [f1, f2]
|
||||
hs.config.caches.event_cache_size = 1
|
||||
hs.config.password_providers = []
|
||||
|
||||
@ -540,9 +537,8 @@ class ApplicationServiceStoreConfigTestCase(unittest.TestCase):
|
||||
self.addCleanup, federation_sender=Mock(), federation_client=Mock()
|
||||
)
|
||||
|
||||
hs.config.app_service_config_files = [f1, f2]
|
||||
hs.config.appservice.app_service_config_files = [f1, f2]
|
||||
hs.config.caches.event_cache_size = 1
|
||||
hs.config.password_providers = []
|
||||
|
||||
with self.assertRaises(ConfigError) as cm:
|
||||
database = hs.get_datastores().databases[0]
|
||||
|
@ -258,7 +258,7 @@ class CleanupExtremDummyEventsTestCase(HomeserverTestCase):
|
||||
info, _ = self.get_success(self.room_creator.create_room(self.requester, {}))
|
||||
self.room_id = info["room_id"]
|
||||
self.event_creator = homeserver.get_event_creation_handler()
|
||||
homeserver.config.user_consent_version = self.CONSENT_VERSION
|
||||
homeserver.config.consent.user_consent_version = self.CONSENT_VERSION
|
||||
|
||||
def test_send_dummy_event(self):
|
||||
self._create_extremity_rich_graph()
|
||||
|
Loading…
Reference in New Issue
Block a user