Erik Johnston
76b18df3d9
Check that there are no null bytes in user and passsword
2016-07-06 11:17:53 +01:00
Erik Johnston
0da24cac8b
Add null separator to hmac
2016-07-06 11:05:16 +01:00
Erik Johnston
2e3c8acc68
Merge pull request #910 from KentShikama/hash_password_followup
...
Follow up to adding password pepper
2016-07-06 09:59:59 +01:00
Kent Shikama
8d9a884cee
Update password config comment
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06 12:18:19 +09:00
Kent Shikama
896bc6cd46
Update hash_password script
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-06 12:17:54 +09:00
Erik Johnston
be3548f7e1
Remove spurious txn
2016-07-05 17:46:51 +01:00
Erik Johnston
4adf93e0f7
Fix for postgres
2016-07-05 17:34:25 +01:00
Erik Johnston
651faee698
Add an admin option to shared secret registration
2016-07-05 17:30:22 +01:00
Erik Johnston
caf33b2d9b
Protect password when registering using shared secret
2016-07-05 17:18:19 +01:00
Erik Johnston
8f8798bc0d
Add ReadWriteLock for pagination and history prune
2016-07-05 15:30:25 +01:00
Erik Johnston
7335f0adda
Add ReadWriteLock
2016-07-05 15:23:17 +01:00
David Baker
ef535178ff
Merge pull request #904 from matrix-org/dbkr/register_email_no_untrusted_id_server
...
requestToken update
2016-07-05 15:13:34 +01:00
Mark Haines
04dee11e97
Merge pull request #906 from matrix-org/markjh/faster_events_around
...
Use a query that postgresql optimises better for get_events_around
2016-07-05 14:48:34 +01:00
Mark Haines
dd2ccee27d
Fix typo
2016-07-05 14:06:07 +01:00
Mark Haines
b6b0132ac7
Make get_events_around more efficient on sqlite3
2016-07-05 13:55:18 +01:00
Erik Johnston
e34cb5e7dc
Merge pull request #907 from KentShikama/pepper
...
Add pepper to password hashing
2016-07-05 11:26:22 +01:00
Kent Shikama
252ee2d979
Remove default password pepper string
2016-07-05 19:15:51 +09:00
Kent Shikama
14362bf359
Fix password config
2016-07-05 19:12:53 +09:00
Kent Shikama
1ee2584307
Fix pep8
2016-07-05 19:01:00 +09:00
Kent Shikama
507b8bb091
Add comment to prompt changing of pepper
2016-07-05 18:42:35 +09:00
Mark Haines
d44d11d864
Use true/false for boolean parameter inclusive to avoid potential for sqli, and possibly make the code clearer
2016-07-05 10:39:13 +01:00
Erik Johnston
2d21d43c34
Add purge_history API
2016-07-05 10:28:51 +01:00
Mark Haines
0fb76c71ac
Use different SQL for postgres and sqlite3 for when using multicolumn indexes
2016-07-04 19:44:55 +01:00
Kent Shikama
8bdaf5f7af
Add pepper to password hashing
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-05 02:13:52 +09:00
Erik Johnston
a67bf0b074
Add storage function to purge history for a room
2016-07-04 16:02:50 +01:00
Mark Haines
f18d7546c6
Use a query that postgresql optimises better for get_events_around
2016-07-04 15:48:25 +01:00
Erik Johnston
3de8168343
Merge pull request #905 from KentShikama/add-password-hash
...
Optionally include password hash in createUser endpoint
2016-07-04 14:23:04 +01:00
Kent Shikama
bb069079bb
Fix style violations
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04 22:07:11 +09:00
Kent Shikama
2e5a31f197
Use .get() instead of [] to access password_hash
2016-07-04 22:00:13 +09:00
Kent Shikama
fc8007dbec
Optionally include password hash in createUser endpoint
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-03 15:08:15 +09:00
Richard van der Hoff
1238203bc4
code_style.rst: add link to sphinx examples
2016-07-01 09:36:51 +01:00
Richard van der Hoff
41f072fd0e
code_style.rst: *fix* link to google style
2016-07-01 09:09:40 +01:00
Richard van der Hoff
5a6ef20ef6
code_style.rst: add link to google style
2016-07-01 09:08:35 +01:00
David Baker
be8be535f7
requestToken update
...
Don't send requestToken request to untrusted ID servers
Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.
2016-06-30 17:51:28 +01:00
Erik Johnston
ab71589c0b
Merge pull request #903 from matrix-org/erikj/deactivate_user
...
Feature: Add deactivate account admin API
2016-06-30 15:57:29 +01:00
Erik Johnston
f328d95cef
Feature: Add deactivate account admin API
...
Allows server admins to "deactivate" accounts, which:
- Revokes all access tokens
- Removes all threepids
- Removes password
The API is a POST to `/admin/deactivate/<user_id>`
2016-06-30 15:40:58 +01:00
Erik Johnston
aac546c978
Merge pull request #902 from matrix-org/erikj/expire_media
...
Feature: Implement purge_media_cache admin API
2016-06-29 15:50:57 +01:00
Erik Johnston
f52cb4cd78
Remove race
2016-06-29 15:24:50 +01:00
Mark Haines
6783534a0f
Merge pull request #886 from matrix-org/markjh/async_commit
...
Optionally make committing to postgres asynchronous.
2016-06-29 15:21:58 +01:00
Erik Johnston
a70688445d
Implement purge_media_cache admin API
2016-06-29 14:57:59 +01:00
Erik Johnston
314b146b2e
Track approximate last access time for remote media
2016-06-29 11:41:20 +01:00
David Baker
7846ac3125
Merge pull request #900 from RickCogley/RickCogley-coturn-readme-2
...
Rick cogley coturn readme 2
2016-06-28 10:49:02 +01:00
Rick Cogley
56ec5869c9
Update turn-howto.rst to use git clone (2)
...
Not logical to use svn checkout against a github repo, so changed to git clone.
Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28 18:34:38 +09:00
Rick Cogley
1ea358b28b
Update turn-howto.rst to use git clone
...
svn checkout is not logical for a checkout from github, so changed the checkout to "git clone".
thanks @dbkr
Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28 18:27:54 +09:00
David Baker
db74dcda5b
Merge pull request #894 from matrix-org/dbkr/push_room_naming
...
Use similar naming we use in email notifs for push
2016-06-28 10:12:24 +01:00
Rick Cogley
551fe80bed
Remove double spaces
...
Reading the RST spec, I was trying to get breaks to appear by entering the double spaces after the lines in the code blocks. It does not work anyway, and, as pointed out, I've removed.
2016-06-28 12:47:55 +09:00
Matthew Hodgson
63bb8f0df9
remove vector.im from default secondary DS list
2016-06-27 13:13:33 +04:00
Rick Cogley
70d820c875
Update to reflect new location at github.
...
Additionally it does not appear there is turnserver.conf.default, but rather, just /etc/turnserver.conf.
2016-06-26 19:07:07 +09:00
David Baker
3f7652c56f
Merge remote-tracking branch 'origin/develop' into dbkr/push_room_naming
2016-06-24 14:03:39 +01:00
Mark Haines
535b6bfacc
Merge pull request #895 from matrix-org/markjh/jenkins_port_range
...
Fix the sytests to use a port-range rather than a port base
2016-06-24 14:03:01 +01:00