Commit Graph

822 Commits

Author SHA1 Message Date
Patrick Cloke
e83627926f
Add type hints to auth and auth_blocking. () 2021-04-23 12:02:16 -04:00
Patrick Cloke
d924827da1
Check for space membership during a remote join of a restricted room ()
When receiving a /send_join request for a room with join rules set to 'restricted',
check if the user is a member of the spaces defined in the 'allow' key of the join rules.

This only applies to an experimental room version, as defined in MSC3083.
2021-04-23 07:05:51 -04:00
Andrew Morgan
71f0623de9
Port "Allow users to click account renewal links multiple times without hitting an 'Invalid Token' page " from synapse-dinsic ()
This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).
2021-04-19 19:16:34 +01:00
Jonathan de Jong
4b965c862d
Remove redundant "coding: utf-8" lines ()
Part of 

Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now.

`Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
2021-04-14 15:34:27 +01:00
Will Hunt
e300ef64b1
Require AppserviceRegistrationType ()
This change ensures that the appservice registration behaviour follows the spec. We decided to do this for Dendrite, so it made sense to also make a PR for synapse to correct the behaviour.
2021-04-12 15:13:55 +01:00
Patrick Cloke
35c5ef2d24
Add an experimental room version to support restricted join rules. ()
Per MSC3083.
2021-03-31 16:39:08 -04:00
Erik Johnston
963f4309fe
Make RateLimiter class check for ratelimit overrides ()
This should fix a class of bug where we forget to check if e.g. the appservice shouldn't be ratelimited.

We also check the `ratelimit_override` table to check if the user has ratelimiting disabled. That table is really only meant to override the event sender ratelimiting, so we don't use any values from it (as they might not make sense for different rate limits), but we do infer that if ratelimiting is disabled for the user we should disabled all ratelimits.

Fixes 
2021-03-30 12:06:09 +01:00
Erik Johnston
b5efcb577e
Make it possible to use dmypy ()
Running `dmypy run` will do a `mypy` check while spinning up a daemon
that makes rerunning `dmypy run` a lot faster.

`dmypy` doesn't support `follow_imports = silent` and has
`local_partial_types` enabled, so this PR enables those options and
fixes the issues that were newly raised. Note that `local_partial_types`
will be enabled by default in upcoming mypy releases.
2021-03-26 16:49:46 +00:00
Brendan Abolivier
592d6305fd
Merge branch 'develop' into babolivier/msc3026 2021-03-19 16:12:40 +01:00
Richard van der Hoff
004234f03a
Initial spaces summary API ()
This is very bare-bones for now: federation will come soon, while pagination is descoped for now but will come later.
2021-03-18 18:24:16 +00:00
Brendan Abolivier
405aeb0b2c
Implement MSC3026: busy presence state 2021-03-18 16:34:47 +01:00
Patrick Cloke
55da8df078
Fix additional type hints from Twisted 21.2.0. () 2021-03-12 11:37:57 -05:00
Richard van der Hoff
7eb6e39a8f
Record the SSO Auth Provider in the login token ()
This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)
2021-03-04 14:44:22 +00:00
Patrick Cloke
fc8b3d8809
Ratelimit cross-user key sharing requests. () 2021-02-19 13:20:34 -05:00
Patrick Cloke
d2f0ec12d5
Add type hints to groups code. () 2021-02-17 08:41:47 -05:00
Eric Eastwood
0a00b7ff14
Update black, and run auto formatting over the codebase ()
- Update black version to the latest
 - Run black auto formatting over the codebase
    - Run autoformatting according to [`docs/code_style.md
`](80d6dc9783/docs/code_style.md)
 - Update `code_style.md` docs around installing black to use the correct version
2021-02-16 22:32:34 +00:00
Patrick Cloke
e40d88cff3
Backout changes for automatically calculating the public baseurl. ()
This breaks some people's configurations (if their Client-Server API
is not accessed via port 443).
2021-02-11 11:16:54 -05:00
Richard van der Hoff
fa50e4bf4d
Give public_baseurl a default value () 2021-01-20 12:30:41 +00:00
Richard van der Hoff
0f8945e166
Kill off HomeServer.get_ip_from_request() ()
Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
2021-01-12 12:48:12 +00:00
Richard van der Hoff
2ec8ca5e60
Remove SynapseRequest.get_user_agent ()
SynapseRequest is in danger of becoming a bit of a dumping-ground for "useful stuff relating to Requests",
which isn't really its intention (its purpose is to override render, finished and connectionLost to set up the 
LoggingContext and write the right entries to the request log).

Putting utility functions inside SynapseRequest means that lots of our code ends up requiring a
SynapseRequest when there is nothing synapse-specific about the Request at all, and any old
twisted.web.iweb.IRequest will do. This increases code coupling and makes testing more difficult.

In short: move get_user_agent out to a utility function.
2021-01-12 12:34:16 +00:00
Patrick Cloke
9dde9c9f01
Implement MSC2176: Updated redaction rules ()
An experimental room version ("org.matrix.msc2176") contains
the new redaction rules for testing.
2021-01-05 07:41:48 -05:00
Erik Johnston
a7a913918c Merge remote-tracking branch 'origin/erikj/as_mau_block' into develop 2020-12-18 09:51:56 +00:00
Erik Johnston
70586aa63e
Try and drop stale extremities. ()
If we see stale extremities while persisting events, and notice that
they don't change the result of state resolution, we drop them.
2020-12-18 09:49:18 +00:00
Erik Johnston
7932d4e9f7 Don't MAU limit AS ghost users 2020-12-17 12:04:14 +00:00
Patrick Cloke
be2db93b3c
Do not assume that the contents dictionary includes history_visibility. () 2020-12-16 08:46:37 -05:00
Erik Johnston
a8eceb01e5
Honour AS ratelimit settings for /login requests ()
Fixes .
2020-12-11 16:33:31 +00:00
Erik Johnston
f737368a26
Add admin API for logging in as a user () 2020-11-17 10:51:25 +00:00
Erik Johnston
f21e24ffc2
Add ability for access tokens to belong to one user but grant access to another user. ()
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't).

A future PR will add an API for creating such a token.

When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
2020-10-29 15:58:44 +00:00
Erik Johnston
c850dd9a8e
Fix handling of User-Agent headers with bad utf-8. () 2020-10-23 17:12:59 +01:00
Richard van der Hoff
0ec0bc3886 type annotations for LruCache 2020-10-16 15:56:39 +01:00
Richard van der Hoff
3ee17585cd
Make LruCache register its own metrics ()
rather than have everything that instantiates an LruCache manage metrics
separately, have LruCache do it itself.
2020-10-16 15:51:57 +01:00
Patrick Cloke
c5251c6fbd
Do not assume that account data is of the correct form. ()
This fixes a bug where `m.ignored_user_list` was assumed to be a dict,
leading to odd behavior for users who set it to something else.
2020-10-05 09:28:05 -04:00
Mathieu Velten
916bb9d0d1
Don't push if an user account has expired () 2020-09-23 16:06:28 +01:00
Patrick Cloke
8a4a4186de
Simplify super() calls to Python 3 syntax. ()
This converts calls like super(Foo, self) -> super().

Generated with:

    sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
2020-09-18 09:56:44 -04:00
Andrew Morgan
a3a90ee031
Show a confirmation page during user password reset ()
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.

This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
2020-09-10 11:45:12 +01:00
Patrick Cloke
72bec36d50
Directly import json from the standard library. ()
By importing from canonicaljson the simplejson module was still being used
in some situations. After this change the std lib json is consistenty used
throughout Synapse.
2020-09-08 07:33:48 -04:00
Patrick Cloke
c619253db8
Stop sub-classing object () 2020-09-04 06:54:56 -04:00
Will Hunt
cbbf9126cb
Do not apply ratelimiting on joins to appservices ()
Add new method ratelimiter.can_requester_do_action and ensure that appservices are exempt from being ratelimited.

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Erik Johnston <erik@matrix.org>
2020-08-21 15:07:56 +01:00
Patrick Cloke
e259d63f73
Stop shadow-banned users from sending invites. () 2020-08-20 15:07:42 -04:00
Patrick Cloke
eebf52be06
Be stricter about JSON that is accepted by Synapse () 2020-08-19 07:26:03 -04:00
Patrick Cloke
ad6190c925
Convert stream database to async/await. () 2020-08-17 07:24:46 -04:00
Patrick Cloke
ac77cdb64e
Add a shadow-banned flag to users. () 2020-08-14 12:37:59 -04:00
Patrick Cloke
d4a7829b12
Convert synapse.api to async/await () 2020-08-06 08:30:06 -04:00
Patrick Cloke
66f24449dd
Improve performance of the register endpoint () 2020-08-06 08:09:55 -04:00
Patrick Cloke
8553f46498
Convert a synapse.events to async/await. () 2020-07-27 13:40:22 -04:00
Patrick Cloke
b975fa2e99
Convert state resolution to async/await () 2020-07-24 10:59:51 -04:00
Patrick Cloke
35450519de
Ensure that calls to json.dumps are compatible with the standard library json. () 2020-07-15 13:40:54 -04:00
Patrick Cloke
4db1509516
Improve the type hints of synapse.api.errors. () 2020-07-14 07:03:58 -04:00
Patrick Cloke
66a4af8d96
Do not use canonicaljson to magically handle decoding bytes from JSON. () 2020-07-10 14:30:08 -04:00
Patrick Cloke
38e1fac886
Fix some spelling mistakes / typos. () 2020-07-09 09:52:58 -04:00
Will Hunt
62b1ce8539
isort 5 compatibility ()
The CI appears to use the latest version of isort, which is a problem when isort gets a major version bump. Rather than try to pin the version, I've done the necessary to make isort5 happy with synapse.
2020-07-05 16:32:02 +01:00
Dagfinn Ilmari Mannsåker
a3f11567d9
Replace all remaining six usage with native Python 3 equivalents () 2020-06-16 08:51:47 -04:00
Patrick Cloke
bd6dc17221
Replace iteritems/itervalues/iterkeys with native versions. () 2020-06-15 07:03:36 -04:00
Andrew Morgan
fcd6961441
Add option to enable encryption by default for new rooms ()
Fixes https://github.com/matrix-org/synapse/issues/2431

Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used.

Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637

Based on 
2020-06-10 17:44:34 +01:00
Patrick Cloke
a0d2d81cf9
Update to the stable SSO prefix for UI Auth. () 2020-06-05 10:50:08 -04:00
Richard van der Hoff
eea124370b
Fix type information on assert_*_is_admin methods ()
These things don't return Deferreds.
2020-06-05 14:33:49 +01:00
Richard van der Hoff
b4f8dcb4bd
Remove some unused constants. () 2020-06-05 14:33:35 +01:00
Andrew Morgan
f4e6495b5d
Performance improvements and refactor of Ratelimiter ()
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:

* Rather undocumented, and
* causing a *lot* of config checks

This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. 

Best to be reviewed commit-by-commit.
2020-06-05 10:47:20 +01:00
Patrick Cloke
08bc80ef09
Implement room version 6 (MSC2240). () 2020-05-15 09:30:10 -04:00
Patrick Cloke
56b66db78a
Strictly enforce canonicaljson requirements in a new room version () 2020-05-14 13:24:01 -04:00
Patrick Cloke
fef3ff5cc4
Enforce MSC2209: auth rules for notifications in power level event ()
In a new room version, the "notifications" key of power level events are
subject to restricted auth rules.
2020-05-14 12:38:17 -04:00
Andrew Morgan
225c165087
Allow expired accounts to logout () 2020-05-14 16:32:49 +01:00
Amber Brown
7cb8b4bc67
Allow configuration of Synapse's cache without using synctl or environment variables () 2020-05-11 18:45:23 +01:00
Andrew Morgan
aee9130a83
Stop Auth methods from polling the config on every req. () 2020-05-06 15:54:58 +01:00
Andrew Morgan
6b22921b19
async/await is_server_admin () 2020-05-01 15:15:36 +01:00
Richard van der Hoff
71a1abb8a1
Stop the master relaying USER_SYNC for other workers ()
Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication.

In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits.

Fixes (I hope) .
2020-04-22 22:39:04 +01:00
Andrew Morgan
07b88c546d
Convert http.HTTPStatus objects to their int equivalent () 2020-04-03 14:26:07 +01:00
Patrick Cloke
b9930d24a0
Support SAML in the user interactive authentication workflow. () 2020-04-01 08:48:00 -04:00
Dirk Klimpel
e8e2ddb60a
Allow server admins to define and enforce a password policy (MSC2000). () 2020-03-26 16:51:13 +00:00
Patrick Cloke
06eb5cae08
Remove special auth and redaction rules for aliases events in experimental room ver. () 2020-03-09 08:58:25 -04:00
Patrick Cloke
13892776ef
Allow deleting an alias if the user has sufficient power level () 2020-03-04 11:30:46 -05:00
Patrick Cloke
7dcbc33a1b
Validate the alt_aliases property of canonical alias events () 2020-03-03 07:12:45 -05:00
Patrick Cloke
7936d2a96e
Publishing/removing from the directory requires a power level greater than canonical aliases. 2020-02-21 07:18:33 -05:00
Richard van der Hoff
a0a1fd0bec Add allow_departed_users param to check_in_room_or_world_readable
... and set it everywhere it's called.

while we're here, rename it for consistency with `check_user_in_room` (and to
help check that I haven't missed any instances)
2020-02-19 08:52:51 +00:00
Richard van der Hoff
b58d17e44f Refactor the membership check methods in Auth
these were getting a bit unwieldy, so let's combine `check_joined_room` and
`check_user_was_in_room` into a single `check_user_in_room`.
2020-02-18 23:21:44 +00:00
Erik Johnston
6475382d80
Fix detecting unknown devices from remote encrypted events. ()
We were looking at the wrong event type (`m.room.encryption` vs
`m.room.encrypted`).

Also fixup the duplicate `EvenTypes` entries.

Introduced in .
2020-02-04 17:25:54 +00:00
Richard van der Hoff
08f41a6f05 Add get_room_version method
So that we can start factoring out some of this boilerplatey boilerplate.
2020-01-31 10:28:15 +00:00
Richard van der Hoff
49d3bca37b Implement updated auth rules from MSC2260 2020-01-28 14:20:10 +00:00
Richard van der Hoff
a8ce7aeb43
Pass room version object into event_auth.check and check_redaction ()
These are easier to work with than the strings and we normally have one around.

This fixes `FederationHander._persist_auth_tree` which was passing a
RoomVersion object into event_auth.check instead of a string.
2020-01-28 14:18:29 +00:00
Erik Johnston
0f6e525be3
Fixup synapse.api to pass mypy () 2020-01-20 17:34:13 +00:00
Erik Johnston
d386f2f339
Add StateMap type alias () 2020-01-16 13:31:22 +00:00
Richard van der Hoff
8f5d7302ac
Implement RedirectException ()
Allow REST endpoint implemnentations to raise a RedirectException, which will
redirect the user's browser to a given location.
2020-01-15 15:58:55 +00:00
Richard van der Hoff
326c893d24
Kill off RegistrationError ()
This is pretty pointless. Let's just use SynapseError.
2020-01-13 12:48:22 +00:00
Richard van der Hoff
98247c4a0e
Remove unused, undocumented "content repo" resource ()
This looks like it got half-killed back in .

Fixes .
2020-01-03 17:10:52 +00:00
Erik Johnston
fa780e9721
Change EventContext to use the Storage class () 2019-12-20 10:32:02 +00:00
Erik Johnston
3fbe5b7ec3
Add auth events as per spec. ()
Previously we tried to be clever and filter out some unnecessary event
IDs to keep the auth chain small, but that had some annoying
interactions with state res v2 so we stop doing that for now.
2019-12-16 16:59:32 +00:00
Brendan Abolivier
c530f9af4d
Merge pull request from matrix-org/babolivier/context_filters
Filter state, events_before and events_after in /context requests
2019-12-04 15:24:16 +00:00
Brendan Abolivier
9dc84b7989
Merge branch 'develop' into babolivier/context_filters 2019-12-04 14:23:44 +00:00
Brendan Abolivier
54dd5dc12b
Add ephemeral messages support (MSC2228) ()
Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are:

* the feature is hidden behind a configuration flag (`enable_ephemeral_messages`)
* self-destruction doesn't happen for state events
* only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one)
* doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
2019-12-03 19:19:45 +00:00
Brendan Abolivier
9e937c28ee Merge branch 'develop' into babolivier/message_retention 2019-11-26 17:53:57 +00:00
Andrew Morgan
bc29a19731 Replace instance variations of homeserver with correct case/spacing 2019-11-12 13:08:12 +00:00
Brendan Abolivier
8822b33111
Update copyrights 2019-11-05 14:46:35 +00:00
Brendan Abolivier
09957ce0e4
Implement per-room message retention policies 2019-11-04 17:09:22 +00:00
Brendan Abolivier
f496d25877
Merge pull request from matrix-org/babolivier/msc2326
Implement MSC2326 (label based filtering)
2019-11-01 17:04:45 +00:00
Brendan Abolivier
988d8d6507
Incorporate review 2019-11-01 16:22:44 +00:00
Brendan Abolivier
57cdb046e4
Lint 2019-11-01 10:39:14 +00:00
Brendan Abolivier
c6dbca2422
Incorporate review 2019-11-01 10:30:51 +00:00
Andrew Morgan
54fef094b3
Remove usage of deprecated logger.warn method from codebase ()
Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
2019-10-31 10:23:24 +00:00
Brendan Abolivier
e7943f660a
Add unit tests 2019-10-30 16:15:04 +00:00
Brendan Abolivier
acd16ad86a
Implement filtering 2019-10-30 15:56:33 +00:00