Adrian Tschira
6495dbb326
Burminate v1auth
...
This closes #2602
v1auth was created to account for the differences in status code between
the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid
tokens). However since those protocols were merged, this makes the r0
version/endpoint internally inconsistent, and violates the
specification for the r0 endpoint.
This might break clients that rely on this inconsistency with the
specification. This is said to affect the legacy angular reference
client. However, I feel that restoring parity with the spec is more
important. Either way, it is critical to inform developers about this
change, in case they rely on the illegal behaviour.
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-30 22:20:43 +02:00
Krombel
576b71dd3d
add guard for None on purge_history api
2018-04-30 14:29:48 +02:00
Richard van der Hoff
1315d374cc
Merge pull request #3156 from NotAFile/py3-hmac-bytes
...
Construct HMAC as bytes on py3
2018-04-30 00:33:20 +01:00
Adrian Tschira
122593265b
Construct HMAC as bytes on py3
...
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-29 00:19:41 +02:00
Adrian Tschira
2a3c33ff03
Use six.moves.urlparse
...
The imports were shuffled around a bunch in py3
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-15 21:22:43 +02:00
Erik Johnston
eaa2ebf20b
Merge pull request #3079 from matrix-org/erikj/limit_concurrent_sends
...
Limit concurrent event sends for a room
2018-04-10 16:43:58 +01:00
Richard van der Hoff
87478c5a60
Merge pull request #3061 from NotAFile/add-some-byte-strings
...
Add b prefixes to some strings that are bytes in py3
2018-04-09 23:54:05 +01:00
Richard van der Hoff
37354b55c9
Merge pull request #2938 from dklug/develop
...
Return 401 for invalid access_token on logout
2018-04-09 23:52:56 +01:00
Erik Johnston
56b0589865
Use create_and_send_nonmember_event everywhere
2018-04-09 12:04:18 +01:00
Richard van der Hoff
c7f0969731
Merge pull request #2986 from jplatte/join_reponse_room_id
...
Add room_id to the response of `rooms/{roomId}/join`
2018-04-05 17:29:06 +01:00
Adrian Tschira
6168351877
Add b prefixes to some strings that are bytes in py3
...
This has no effect on python2
Signed-off-by: Adrian Tschira <nota@notafile.com>
2018-04-04 13:48:51 +02:00
Erik Johnston
fa72803490
Merge branch 'master' of github.com:matrix-org/synapse into develop
2018-03-19 11:41:01 +00:00
Erik Johnston
926ba76e23
Replace ujson with simplejson
2018-03-15 23:43:31 +00:00
Jonas Platte
47ce527f45
Add room_id to the response of rooms/{roomId}/join
...
Fixes #2349
2018-03-13 14:48:12 +01:00
Erik Johnston
f5160d4a3e
RoomMembershipRestServlet doesn't handle /forget
...
Due to the order we register the REST handlers `/forget` was handled by
the correct handler.
2018-03-13 12:12:55 +00:00
Richard van der Hoff
e48c7aac4d
Add transactional API to history purge
...
Make the purge request return quickly, and allow scripts to poll for updates.
2018-03-12 16:22:55 +00:00
Richard van der Hoff
f8bfcd7e0d
Provide a means to pass a timestamp to purge_history
2018-03-05 14:37:23 +00:00
dklug
af7ed8e1ef
Return 401 for invalid access_token on logout
...
Signed-off-by: Duncan Klug <dklug@ucmerced.edu>
2018-03-02 22:01:27 -08:00
Erik Johnston
784f036306
Move RoomMemberHandler out of Handlers
2018-03-01 14:36:50 +00:00
Erik Johnston
c0c9327fe0
Merge pull request #2854 from matrix-org/erikj/event_create_worker
...
Create a worker for event creation
2018-02-13 18:07:10 +00:00
Richard van der Hoff
8fd1a32456
Fix typos in purge api & doc
...
* It's supposed to be purge_local_events, not ..._history
* Fix the doc to have valid json
2018-02-13 13:09:39 +00:00
Richard van der Hoff
10b34dbb9a
Merge pull request #2858 from matrix-org/rav/purge_updates
...
delete_local_events for purge_room_history
2018-02-09 14:11:00 +00:00
Richard van der Hoff
74fcbf741b
delete_local_events for purge_history
...
Add a flag which makes the purger delete local events
2018-02-09 13:07:41 +00:00
Erik Johnston
8ec2e638be
Add event_creator worker
2018-02-07 10:32:32 +00:00
Erik Johnston
3e1e69ccaf
Update copyright
2018-02-06 16:40:38 +00:00
Erik Johnston
3fa362502c
Update places where we create events
2018-02-05 16:01:48 +00:00
Travis Ralston
6e87b34f7b
Merge branch 'develop' into travis/admin-list-media
2018-02-01 18:05:47 -07:00
Matthew Hodgson
d32385336f
add ?ts massaging for ASes ( #2754 )
...
blindly implement ?ts for AS. untested
2018-01-23 09:59:06 +01:00
Travis Ralston
5552ed9a7f
Add an admin route to get all the media in a room
...
This is intended to be used by administrators to monitor the media that is passing through their server, if they wish.
Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-01-20 22:37:53 -07:00
Matthew Hodgson
447f4f0d5f
rewrite based on PR feedback:
...
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
2018-01-19 15:33:55 +00:00
Matthew Hodgson
9d332e0f79
fix up v1, and improve errors
2018-01-19 00:53:58 +00:00
Richard van der Hoff
51c9d9ed65
Add /room/{id}/event/{id} to synapse
...
Turns out that there is a valid usecase for retrieving event by id (notably
having received a push), but event ids should be scoped to room, so /event/{id}
is wrong.
2018-01-09 14:39:12 +00:00
Richard van der Hoff
75c1b8df01
Better logging when login can't find a 3pid
2017-12-20 19:31:00 +00:00
Richard van der Hoff
ad7e570d07
Delete devices in various logout situations
...
Make sure that we delete devices whenever a user is logged out due to any of
the following situations:
* /logout
* /logout_all
* change password
* deactivate account (by the user or by an admin)
* invalidate access token from a dynamic module
Fixes #2672 .
2017-11-29 16:44:35 +00:00
Richard van der Hoff
ae31f8ce45
Move set_password into its own handler
...
Non-functional refactoring to move set_password. This means that we'll be able
to properly deactivate devices and access tokens without introducing a
dependency loop.
2017-11-29 16:44:35 +00:00
Richard van der Hoff
7ca5c68233
Move deactivate_account into its own handler
...
Non-functional refactoring to move deactivate_account. This means that we'll be
able to properly deactivate devices and access tokens without introducing a
dependency loop.
2017-11-29 16:44:35 +00:00
Richard van der Hoff
e0ebd1e4bd
Downcase userids for shared-secret registration
2017-11-10 12:39:05 +00:00
Richard van der Hoff
4c8f94ac94
Allow password_auth_providers to return a callback
...
... so that they have a way to record access tokens.
2017-11-01 16:51:03 +00:00
David Baker
4f0488b307
Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_delete
2017-11-01 16:20:19 +00:00
David Baker
e5e930aec3
Merge pull request #2615 from matrix-org/rav/break_auth_device_dep
...
Break dependency of auth_handler on device_handler
2017-11-01 16:06:31 +00:00
Richard van der Hoff
dd13310fb8
Move access token deletion into auth handler
...
Also move duplicated deactivation code into the auth handler.
I want to add some hooks when we deactivate an access token, so let's bring it
all in here so that there's somewhere to put it.
2017-11-01 15:46:22 +00:00
David Baker
0bb253f37b
Apparently this is python
2017-11-01 14:02:52 +00:00
David Baker
59e7e62c4b
Log login requests
...
Carefully though, to avoid logging passwords
2017-11-01 13:58:01 +00:00
Richard van der Hoff
74c56f794c
Break dependency of auth_handler on device_handler
...
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.
It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
2017-11-01 10:27:06 +00:00
Richard van der Hoff
1b65ae00ac
Refactor some logic from LoginRestServlet into AuthHandler
...
I'm going to need some more flexibility in handling login types in password
auth providers, so as a first step, move some stuff from LoginRestServlet into
AuthHandler.
In particular, we pass everything other than SAML, JWT and token logins down to
the AuthHandler, which now has responsibility for checking the login type and
fishing the password out of the login dictionary, as well as qualifying the
user_id if need be. Ideally SAML, JWT and token would go that way too, but
there's no real need for it right now and I'm trying to minimise impact.
This commit *should* be non-functional.
2017-10-31 10:48:41 +00:00
Richard van der Hoff
eaaabc6c4f
replace 'except:' with 'except Exception:'
...
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Richard van der Hoff
631d7b87b5
Remove pointless create() method
...
It just calls the constructor, so we may as well kill it rather than having
random codepaths.
2017-10-20 22:14:55 +01:00
David Baker
27955056e0
Merge branch 'develop' into erikj/groups_merged
2017-10-02 16:20:41 +01:00
Erik Johnston
8090fd4664
Fix /joined_members to work with AS users
2017-09-28 10:09:32 +01:00
Erik Johnston
adec03395d
Fix bug where /joined_members didn't check user was in room
2017-09-27 15:14:39 +01:00
Erik Johnston
b5feaa5a49
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/groups_merged
2017-09-19 11:07:45 +01:00
Erik Johnston
bf81f3cf2c
Split out profile handler to fix tests
2017-08-25 14:34:56 +01:00
hera
eae04f1952
fix english
2017-08-04 23:56:42 +01:00
hera
5699b05072
typo
2017-08-04 23:44:37 +01:00
Erik Johnston
5a7f561a9b
Fix bug where pusherpool didn't start and broke some rooms
...
Since we didn't instansiate the PusherPool at start time it could fail
at run time, which it did for some users.
This may or may not fix things for those users, but it should happen at
start time and stop the server from starting.
2017-07-06 17:55:51 +01:00
Erik Johnston
b8b936a6ea
Add API to quarantine media
2017-06-19 17:39:21 +01:00
Erik Johnston
36e51aad3c
Remove unused import
2017-06-19 14:42:21 +01:00
Erik Johnston
b490299a3b
Change to create new room and join other users
2017-06-19 14:10:13 +01:00
Erik Johnston
5db7070dd1
Forget room
2017-06-19 12:40:29 +01:00
Erik Johnston
d7fe6b356c
Add shutdown room API
2017-06-19 12:37:27 +01:00
Erik Johnston
3e5a62ecd8
Add more granular event send metrics
2017-05-02 14:23:26 +01:00
Erik Johnston
d3c150411c
Merge pull request #2130 from APwhitehat/roomexists
...
Check that requested room_id exists
2017-04-27 09:20:26 +01:00
Erik Johnston
d9aa645f86
Reduce size of joined_user cache
...
The _get_joined_users_from_context cache stores a mapping from user_id
to avatar_url and display_name. Instead of storing those in a dict,
store them in a namedtuple as that uses much less memory.
We also try converting the string to ascii to further reduce the size.
2017-04-25 14:38:51 +01:00
Anant Prakash
574d573ac2
Check that requested room_id exists
2017-04-14 23:50:59 +05:30
Erik Johnston
142b6b4abf
Merge pull request #2011 from matrix-org/matthew/turn_allow_guests
...
add setting (on by default) to support TURN for guests
2017-03-31 14:37:09 +01:00
Erik Johnston
6957bfdca6
Don't recreate so many sets
2017-03-16 11:54:26 +00:00
Erik Johnston
6c82de5100
Format presence events on the edges instead of reformatting them multiple times
2017-03-15 14:27:34 +00:00
David Baker
0ad44acb5a
Merge pull request #1997 from matrix-org/dbkr/cas_partialdownload
...
Handle PartialDownloadError in CAS login
2017-03-15 13:52:34 +00:00
Matthew Hodgson
e0ff66251f
add setting (on by default) to support TURN for guests
2017-03-15 12:22:18 +00:00
David Baker
1ece06273e
Handle PartialDownloadError in CAS login
2017-03-14 13:37:36 +00:00
David Baker
73a5f06652
Support registration / login with phone number
...
Changes from https://github.com/matrix-org/synapse/pull/1971
2017-03-13 17:27:51 +00:00
Erik Johnston
7eae6eaa2f
Revert "Support registration & login with phone number"
2017-03-13 09:59:33 +00:00
David Baker
727124a762
Not any more, it doesn't
2017-03-08 19:00:23 +00:00
David Baker
65d43f3ca5
Minor fixes from PR feedback
2017-03-08 11:48:43 +00:00
David Baker
88df6c0c9a
Factor out msisdn canonicalisation
...
Plus a couple of other minor fixes
2017-03-08 11:03:39 +00:00
David Baker
402a7bf63d
Fix pep8
2017-03-08 09:33:40 +00:00
David Baker
00466e2feb
Support new login format
...
https://docs.google.com/document/d/1-6ZSSW5YvCGhVFDyD2QExAUAdpCWjccvJT5xiyTTG2Y/edit#
2017-03-07 16:37:23 +00:00
Erik Johnston
17673404fb
Remove unused param
2017-02-20 15:02:01 +00:00
David Baker
355d62c499
Make kick & ban reasons work
...
We somehow specced APIs with reason strings, preserve the content
in the events and even have the clients display them, but failed
to actually pass the parameter through to the event content.
2017-02-14 15:10:55 +00:00
Morteza Araby
2849d3f29d
admin,storage: added more administrator functionalities
...
administrators can now:
- Set displayname of users
- Update user avatars
- Search for users by user_id
- Browse all users in a paginated API
- Reset user passwords
- Deactivate users
Helpers for doing paginated queries has also been added to storage
Signed-off-by: Morteza Araby <morteza.araby@ericsson.com>
2017-02-02 14:02:26 +01:00
Erik Johnston
51adaac953
Fix email push in pusher worker
...
This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.
2017-02-02 10:53:36 +00:00
Marvin Steadfast
1e38be3a7a
Added username and password for turn server
...
It makes it possible to use a turn server that needs a username and
password instead of a token.
2017-01-19 14:08:20 +01:00
David Baker
8c5009b628
Lowercase all email addresses before querying db
...
Since we store all emails in the DB in lowercase
(https://github.com/matrix-org/synapse/pull/1170 )
2017-01-18 13:25:56 +00:00
Erik Johnston
6823fe5241
Linearize updates to membership via PUT /state/
2017-01-09 18:25:13 +00:00
Erik Johnston
1574b839e0
Merge pull request #1676 from matrix-org/erikj/room_list
...
Add new API appservice specific public room list
2016-12-12 17:00:10 +00:00
Erik Johnston
52d12ca782
Add /room/<room_id>/joined_members API
...
This returns the currently joined members in the room with their display
names and avatar urls. This is more efficient than /members for large
rooms where you don't need the full events.
2016-12-08 13:32:07 +00:00
Erik Johnston
de796f27e6
Add joined_rooms servlet
2016-12-08 11:39:03 +00:00
Erik Johnston
f32fb65552
Add new API appservice specific public room list
2016-12-06 16:12:27 +00:00
Richard van der Hoff
dc4b23e1a1
Merge branch 'develop' into rav/no_more_refresh_tokens
2016-11-30 17:10:04 +00:00
Richard van der Hoff
1c4f05db41
Stop putting a time caveat on access tokens
...
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.
Let's move in the right direction by not lying in our caveats.
2016-11-29 16:49:41 +00:00
Richard van der Hoff
5c4edc83b5
Stop generating refresh tokens
...
Since we're not doing refresh tokens any more, we should start killing off the
dead code paths. /tokenrefresh itself is a bit of a thornier subject, since
there might be apps out there using it, but we can at least not generate
refresh tokens on new logins.
2016-11-28 10:13:01 +00:00
Kegan Dougal
3991b4cbdb
Clean transactions based on time. Add HttpTransactionCache tests.
2016-11-14 11:19:24 +00:00
Kegan Dougal
af4a1bac50
Move .observe() up to the cache to make things neater
2016-11-14 09:52:41 +00:00
Kegan Dougal
8ecaff51a1
Review comments
2016-11-11 17:47:03 +00:00
Kegan Dougal
f6c48802f5
More flake8
2016-11-11 15:08:24 +00:00
Kegan Dougal
a88bc67f88
Flake8 and fix whoopsie
2016-11-11 15:02:29 +00:00
Kegan Dougal
42c43cfafd
Use ObservableDeferreds instead of Deferreds as they behave as intended
2016-11-11 14:54:10 +00:00
Kegan Dougal
8a8ad46f48
Flake8
2016-11-10 15:22:11 +00:00
Kegan Dougal
2771447c29
Store Promise<Response> instead of Response for HTTP API transactions
...
This fixes a race whereby:
- User hits an endpoint.
- No cached transaction so executes main code.
- User hits same endpoint.
- No cache transaction so executes main code.
- Main code finishes executing and caches response and returns.
- Main code finishes executing and caches response and returns.
This race is common in the wild when Synapse is struggling under load.
This commit fixes the race by:
- User hits an endpoint.
- Caches the promise to execute the main code and executes main code.
- User hits same endpoint.
- Yields on the same promise as the first request.
- Main code finishes executing and returns, unblocking both requests.
2016-11-10 14:49:26 +00:00
Patrik Oldsberg
7b5546d077
rest/client/v1/register: use the correct requester in createUser
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-10-06 22:12:32 +02:00
Patrik Oldsberg
9bfc617791
storage/appservice: make appservice methods only relying on the cache synchronous
2016-10-06 15:24:59 +02:00
Erik Johnston
22578545a0
Time out typing over federation
2016-09-23 14:00:52 +01:00
Erik Johnston
87528f0756
Support /initialSync in synchrotron worker
2016-09-21 11:46:28 +01:00
Erik Johnston
ddc89df89d
Enable guest access to POST /publicRooms
2016-09-17 15:55:24 +01:00
Erik Johnston
2e67cabd7f
Make POST /publicRooms require auth
2016-09-16 11:32:51 +01:00
Erik Johnston
c33b25fd8d
Change the way we calculate new_limit in /publicRooms and add POST API
2016-09-15 17:35:20 +01:00
Erik Johnston
68c1ed4d1a
Remove default public rooms limit
2016-09-15 13:56:20 +01:00
Erik Johnston
1d98cf26be
By default limit /publicRooms to 100 entries
2016-09-15 13:18:35 +01:00
Erik Johnston
5810cffd33
Pass since/from parameters over federation
2016-09-15 10:36:19 +01:00
Erik Johnston
f3eead0660
Allow paginating both forwards and backwards
2016-09-15 10:15:37 +01:00
Erik Johnston
4131381123
Remove support for aggregate room lists
2016-09-15 09:28:15 +01:00
Shell Turner
29205e9596
Conform better to the CAS protocol specification
...
Redirect to CAS's /login endpoint properly, and
don't require an <attributes> element.
Signed-off-by: Shell Turner <cam.turn@gmail.com>
2016-09-09 21:20:14 +01:00
Mark Haines
dbff7e9436
Merge pull request #1096 from matrix-org/markjh/get_access_token
...
Add helper function for getting access_tokens from requests
2016-09-09 17:09:27 +01:00
Mark Haines
8aee5aa068
Add helper function for getting access_tokens from requests
...
Rather than reimplementing the token parsing in the various places.
This will make it easier to change the token parsing to allow access_tokens
in HTTP headers.
2016-09-09 16:33:15 +01:00
Paul "LeoNerd" Evans
d271383e63
Filter returned events for client-facing format
2016-09-09 14:40:15 +01:00
Paul "LeoNerd" Evans
0fc0a3bdff
Allow clients to specify the format a room state event is returned in
2016-09-09 14:34:29 +01:00
Erik Johnston
3f9889bfd6
Use parse_string
2016-09-08 15:51:10 +01:00
Erik Johnston
791658b576
Add server param to /publicRooms
2016-09-08 11:53:05 +01:00
Kegan Dougal
4b31426a02
Pass through user-supplied content in /join/$room_id
...
It was always intended to allow custom keys on the join event, but this has
at some point been lost. Restore it.
If the user specifies keys like "avatar_url" then they will be clobbered.
2016-08-23 16:32:04 +01:00
Erik Johnston
4e1cebd56f
Make synchrotron accept /events
2016-08-12 15:31:44 +01:00
Erik Johnston
866a5320de
Dont invoke get_handlers fromClientV1RestServlet
...
hs.get_handlers() can not be invoked from split out processes. Moving
the invocations down a level means that we can slowly split out
individual servlets.
2016-08-12 10:03:19 +01:00
David Baker
cd41c6ece2
Merge pull request #995 from matrix-org/rav/clean_up_cas_login
...
Clean up CAS login code
2016-08-09 10:21:56 +01:00
Richard van der Hoff
65666fedd5
Clean up CAS login code
...
Remove some apparently unused code.
Clean up parse_cas_response, mostly to catch the exception if the CAS response
isn't valid XML.
2016-08-08 17:17:25 +01:00
Richard van der Hoff
0682ca04b3
Fix CAS login
...
Attempting to log in with CAS was giving a 500 error.
2016-08-08 17:01:30 +01:00
Richard van der Hoff
436bffd15f
Implement deleting devices
2016-07-26 07:35:48 +01:00
Richard van der Hoff
c68518dfbb
Merge pull request #933 from matrix-org/rav/type_annotations
...
Type annotations
2016-07-20 12:26:32 +01:00
David Baker
e967bc86e7
Merge pull request #932 from matrix-org/rav/register_refactor
...
Further registration refactoring
2016-07-20 11:03:33 +01:00
Erik Johnston
1e2a7f18a1
Merge pull request #922 from matrix-org/erikj/file_api2
...
Feature: Add filter to /messages. Add 'contains_url' to filter.
2016-07-20 10:40:48 +01:00
Richard van der Hoff
3413f1e284
Type annotations
...
Add some type annotations to help PyCharm (in particular) to figure out the
types of a bunch of things.
2016-07-19 18:56:16 +01:00
Richard van der Hoff
40cbffb2d2
Further registration refactoring
...
* `RegistrationHandler.appservice_register` no longer issues an access token:
instead it is left for the caller to do it. (There are two of these, one in
`synapse/rest/client/v1/register.py`, which now simply calls
`AuthHandler.issue_access_token`, and the other in
`synapse/rest/client/v2_alpha/register.py`, which is covered below).
* In `synapse/rest/client/v2_alpha/register.py`, move the generation of
access_tokens into `_create_registration_details`. This means that the normal
flow no longer needs to call `AuthHandler.issue_access_token`; the
shared-secret flow can tell `RegistrationHandler.register` not to generate a
token; and the appservice flow continues to work despite the above change.
2016-07-19 18:46:19 +01:00
Richard van der Hoff
f863a52cea
Add device_id support to /login
...
Add a 'devices' table to the storage, as well as a 'device_id' column to
refresh_tokens.
Allow the client to pass a device_id, and initial_device_display_name, to
/login. If login is successful, then register the device in the devices table
if it wasn't known already. If no device_id was supplied, make one up.
Associate the device_id with the access token and refresh token, so that we can
get at it again later. Ensure that the device_id is copied from the refresh
token to the access_token when the token is refreshed.
2016-07-18 16:39:44 +01:00
Richard van der Hoff
dcfd71aa4c
Refactor login flow
...
Make sure that we have the canonical user_id *before* calling
get_login_tuple_for_user_id.
Replace login_with_password with a method which just validates the password,
and have the caller call get_login_tuple_for_user_id. This brings the password
flow into line with the other flows, and will give us a place to register the
device_id if necessary.
2016-07-18 15:23:54 +01:00
Erik Johnston
a98d215204
Add filter param to /messages API
2016-07-14 16:30:56 +01:00
Negar Fazeli
0136a522b1
Bug fix: expire invalid access tokens
2016-07-13 15:00:37 +02:00
Erik Johnston
67f2c901ea
Add rest servlet. Fix SQL.
2016-07-06 15:56:59 +01:00
Erik Johnston
a17e7caeb7
Merge branch 'erikj/shared_secret' into erikj/test2
2016-07-06 14:46:31 +01:00
Erik Johnston
76b18df3d9
Check that there are no null bytes in user and passsword
2016-07-06 11:17:53 +01:00
Erik Johnston
0da24cac8b
Add null separator to hmac
2016-07-06 11:05:16 +01:00
Erik Johnston
651faee698
Add an admin option to shared secret registration
2016-07-05 17:30:22 +01:00
Erik Johnston
caf33b2d9b
Protect password when registering using shared secret
2016-07-05 17:18:19 +01:00
Erik Johnston
2d21d43c34
Add purge_history API
2016-07-05 10:28:51 +01:00
Kent Shikama
bb069079bb
Fix style violations
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-04 22:07:11 +09:00
Kent Shikama
2e5a31f197
Use .get() instead of [] to access password_hash
2016-07-04 22:00:13 +09:00
Kent Shikama
fc8007dbec
Optionally include password hash in createUser endpoint
...
Signed-off-by: Kent Shikama <kent@kentshikama.com>
2016-07-03 15:08:15 +09:00
Erik Johnston
f328d95cef
Feature: Add deactivate account admin API
...
Allows server admins to "deactivate" accounts, which:
- Revokes all access tokens
- Removes all threepids
- Removes password
The API is a POST to `/admin/deactivate/<user_id>`
2016-06-30 15:40:58 +01:00
Erik Johnston
a70688445d
Implement purge_media_cache admin API
2016-06-29 14:57:59 +01:00
Erik Johnston
95f305c35a
Remove redundant exception log in /events
2016-06-09 11:15:04 +01:00
Erik Johnston
690029d1a3
Don't make rooms visibile by default
2016-06-08 14:47:42 +01:00
Erik Johnston
efeabd3180
Log user that is making /publicRooms calls
2016-06-08 14:23:15 +01:00
Erik Johnston
6a0afa582a
Load push rules in storage layer, so that they get cached
2016-06-03 11:10:00 +01:00
David Baker
1f31cc37f8
Working unsubscribe links going straight to the HS
...
and authed by macaroons that let you delete pushers and nothing else
2016-06-02 17:21:31 +01:00
David Baker
3a3fb2f6f9
Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribe
2016-06-02 13:35:25 +01:00
David Baker
4a10510cd5
Split out the auth handler
2016-06-02 13:31:45 +01:00
David Baker
991af8b0d6
WIP on unsubscribing email notifs without logging in
2016-06-01 17:40:52 +01:00
David Baker
d240796ded
Basic, un-cached support for secondary_directory_servers
2016-05-31 17:20:07 +01:00
David Baker
887c6e6f05
Split out the room list handler
...
So I can use it from federation bits without pulling in all the handlers.
2016-05-31 11:05:16 +01:00
Kegan Dougal
332d7e9b97
Allow clients to specify a server_name to avoid 'No known servers'
...
Multiple server_names are supported via ?server_name=foo&server_name=bar
2016-05-19 13:50:52 +01:00
Mark Haines
0cb441fedd
Move typing handler out of the Handlers object
2016-05-17 15:58:46 +01:00
Mark Haines
3b86ecfa79
Move the presence handler out of the Handlers object
2016-05-16 18:56:37 +01:00
Negi Fazeli
40aa6e8349
Create user with expiry
...
- Add unittests for client, api and handler
Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
Erik Johnston
52ecbc2843
Make pyjwt dependency optional
2016-04-25 14:30:15 +01:00
Erik Johnston
b9675ef6e6
Merge pull request #687 from nikriek/jwt-fix
...
Fix issues with JWT login
2016-04-21 17:42:25 +01:00
Niklas Riekenbrauck
565c2edb0a
Fix issues with JWT login
2016-04-21 18:10:48 +02:00
David Baker
a04c076b7f
Make the /set part mandatory
2016-04-12 13:54:41 +01:00
David Baker
7b39bcdaae
Mis-named function
2016-04-12 13:35:08 +01:00
David Baker
d937f342bb
Split into separate servlet classes
2016-04-12 13:33:30 +01:00
David Baker
8a76094965
Add get endpoint for pushers
...
As per https://github.com/matrix-org/matrix-doc/pull/308
2016-04-11 18:00:03 +01:00
Erik Johnston
08a8514b7a
Remove spurious comment
2016-03-30 15:05:33 +01:00
Erik Johnston
fddb6fddc1
Require user to have left room to forget room
...
This dramatically simplifies the forget API code - in particular it no
longer generates a leave event.
2016-03-30 11:03:00 +01:00
Niklas Riekenbrauck
3f9948a069
Add JWT support
2016-03-29 14:36:36 +02:00
Erik Johnston
3e7fac0d56
Add published room list edit API
2016-03-21 15:06:07 +00:00
Erik Johnston
2cd9260500
Update aliases event after deletion
...
Attempt to update the appropriate `m.room.aliases` event after deleting
an alias. This may fail due to the deleter not being in the room.
Will also check if the canonical alias of the event is set to the
deleted alias, and if so will attempt to delete it.
2016-03-17 11:42:00 +00:00
Mark Haines
12904932c4
Hook up adding a pusher to the notifier for replication.
2016-03-15 17:42:03 +00:00
Mark Haines
398cd1edfb
Fix regression where synapse checked whether push rules were valid JSON before the compatibility hack that handled clients sending invalid JSON
2016-03-14 14:16:41 +00:00
Erik Johnston
494d0c8e02
Merge pull request #642 from matrix-org/erikj/logout
...
Implement logout
2016-03-11 20:16:25 +00:00
Mark Haines
e9c1cabac2
Use parse_json_object_from_request to parse JSON out of request bodies
2016-03-11 16:41:03 +00:00
Erik Johnston
b13035cc91
Implement logout
2016-03-11 16:27:50 +00:00
Mark Haines
b7dbe5147a
Add a parse_json_object function
...
to deduplicate all the copy+pasted _parse_json functions. Also document
the parse_.* functions.
2016-03-09 11:26:26 +00:00
Mark Haines
7076082ae6
Fix relative imports so they work in both py3 and py27
2016-03-08 11:45:50 +00:00
Mark Haines
239badea9b
Use syntax that works on both py2.7 and py3
2016-03-07 20:13:10 +00:00
Mark Haines
ec7460b4f2
Merge branch 'develop' into markjh/pushrule_stream
2016-03-04 14:44:34 +00:00
Mark Haines
1b4f4a936f
Hook up the push rules stream to account_data in /sync
2016-03-04 14:44:01 +00:00
Erik Johnston
dd463e246d
Merge pull request #614 from matrix-org/erikj/alias_delete
...
Allow alias creators to delete aliases
2016-03-04 09:02:33 +00:00
Daniel Wagner-Hall
b4022cc487
Pass whole requester to ratelimiting
...
This will enable more detailed decisions
2016-03-03 16:43:42 +00:00
Mark Haines
3406eba4ef
Move the code for formatting push rules into a separate function
2016-03-03 16:11:59 +00:00
Mark Haines
ddf9e7b302
Hook up the push rules to the notifier
2016-03-03 14:57:45 +00:00
Erik Johnston
f9af8962f8
Allow alias creators to delete aliases
2016-03-01 14:46:31 +00:00
Mark Haines
de27f7fc79
Add support for changing the actions for default rules
...
See matrix-org/matrix-doc#283
Works by adding dummy rules to the push rules table with a negative priority class and then using those rules to clobber the default rule actions when adding the default rules in ``list_with_base_rules``
2016-02-26 14:28:19 +00:00
Gergely Polonkai
87acd8fb07
Fix to appease the PEP8 dragon
2016-02-26 12:05:38 +01:00
Gergely Polonkai
a53774721a
Add error codes for malformed/bad JSON in /login
...
Signed-off-by: Gergely Polonkai <gergely@polonkaieu>
2016-02-26 10:22:35 +01:00
Mark Haines
15c2ac2cac
Make sure we return a JSON object when returning the values of specif…
...
…ic keys from a push rule
2016-02-25 15:13:07 +00:00
Mark Haines
9892d017b2
Remove unused get_rule_attr method
2016-02-24 16:31:07 +00:00
Daniel Wagner-Hall
869580206d
Ignore invalid POST bodies when joining rooms
2016-02-24 08:50:28 +00:00
Daniel Wagner-Hall
577951b032
Allow third_party_signed to be specified on /join
2016-02-23 15:11:25 +00:00
Erik Johnston
e5ad2e5267
Merge pull request #582 from matrix-org/erikj/presence
...
Rewrite presence for performance.
2016-02-19 09:37:50 +00:00
Erik Johnston
e12ec335a5
"You are not..."
2016-02-18 17:01:53 +00:00
Mark Haines
b9977ea667
Remove dead code for setting device specific rules.
...
It wasn't possible to hit the code from the API because of a typo
in parsing the request path. Since no-one was using the feature
we might as well remove the dead code.
2016-02-18 16:05:13 +00:00
Daniel Wagner-Hall
7e90fb6a57
Merge branch 'develop' into daniel/roomcleanupincremental
...
Conflicts:
synapse/rest/client/v1/room.py
2016-02-17 15:53:59 +00:00
Daniel Wagner-Hall
591af2d074
Some cleanup
...
I'm not particularly happy with the "action" switching, but there's no
convenient way to defer the work that needs to happen after it, so... :(
2016-02-17 15:50:13 +00:00
Erik Johnston
e5999bfb1a
Initial cut
2016-02-17 15:40:50 +00:00
Patrik Oldsberg
71d5d2c669
client/v1/room: include event_id in response to state event PUT, in accordance with the spec
...
Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>
2016-02-17 11:53:43 +01:00
Mark Haines
458782bf67
Fix typo in request validation for adding push rules.
2016-02-16 18:00:30 +00:00
Daniel Wagner-Hall
4bfb32f685
Branch off member and non member sends
...
Unclean, needs tidy-up, but works
2016-02-15 18:21:30 +00:00
Daniel Wagner-Hall
1a2197d7bf
Simplify room creation code
2016-02-15 18:19:01 +00:00
Daniel Wagner-Hall
e560045cfd
Simplify room creation code
2016-02-15 18:18:39 +00:00
Daniel Wagner-Hall
150fcde0dc
Reuse update_membership from /join
2016-02-15 16:16:03 +00:00
Daniel Wagner-Hall
e71095801f
Merge implementation of /join by alias or ID
...
This code is kind of rough (passing the remote servers down a long
chain), but is a step towards improvement.
2016-02-15 15:39:16 +00:00
Daniel Wagner-Hall
dbeed36dec
Merge some room joining codepaths
...
Force joining by alias to go through the send_membership_event checks,
rather than bypassing them straight into _do_join. This is the first of
many stages of cleanup.
2016-02-15 14:38:27 +00:00
Daniel Wagner-Hall
4de08a4672
Revert "Merge two of the room join codepaths"
...
This reverts commit cf81375b94
.
It subtly violates a guest joining auth check
2016-02-12 16:17:24 +00:00
Daniel Wagner-Hall
cf81375b94
Merge two of the room join codepaths
...
There's at least one more to merge in.
Side-effects:
* Stop reporting None as displayname and avatar_url in some cases
* Joining a room by alias populates guest-ness in join event
* Remove unspec'd PUT version of /join/<room_id_or_alias> which has not
been called on matrix.org according to logs
* Stop recording access_token_id on /join/room_id - currently we don't
record it on /join/room_alias; I can try to thread it through at some
point.
2016-02-12 15:11:49 +00:00
Mark Haines
58c9f20692
Catch the exceptions thrown by twisted when you write to a closed connection
2016-02-12 13:46:59 +00:00
Daniel Wagner-Hall
ebaa999f92
Revert "Reject additional path segments"
...
This reverts commit 1d19a5ec0f
.
iOS Console is apparently relying on these paths.
2016-02-09 12:46:52 +00:00
Daniel Wagner-Hall
1d19a5ec0f
Reject additional path segments
2016-02-08 10:50:55 +00:00
David Baker
34dda7cc7f
Merge pull request #557 from matrix-org/dbkr/profile_dont_return_null
...
Omit keys rather then returning null in profile API
2016-02-04 15:39:12 +00:00
Erik Johnston
709e09e1c3
Remove old log line
2016-02-03 16:32:20 +00:00
David Baker
156cea5b45
No braces here
2016-02-03 15:04:51 +00:00
David Baker
24277fbb97
Don't return null if profile display name / avatar url isn't set: omit them instead
2016-02-03 14:59:19 +00:00
Daniel Wagner-Hall
5054806ec1
Rename config field to reflect yaml name
2016-02-03 14:42:01 +00:00
Daniel Wagner-Hall
d83d004ccd
Fix flake8 warnings for new flake8
2016-02-02 17:18:50 +00:00
Mark Haines
8c94833b72
Fix adding push rules relative to other rules
2016-01-27 10:24:20 +00:00
Mark Haines
e18257f0e5
Add missing yield in push_rules set enabled
2016-01-25 16:51:56 +00:00
Daniel Wagner-Hall
da417aa56d
Allow non-guests to peek on rooms using /events
2016-01-20 15:34:07 +00:00
Erik Johnston
0d241e1114
Take a deepcopy of push rules before mutating them
2016-01-19 10:15:12 +00:00
Erik Johnston
d1f56f732e
Use static for const dicts
2016-01-18 15:17:56 +00:00
Erik Johnston
0e39dcd135
Remove internal ids
2016-01-18 14:50:17 +00:00
Daniel Wagner-Hall
ac5a4477ad
Require unbanning before other membership changes
2016-01-15 16:27:26 +00:00
Richard van der Hoff
2978053d16
Merge branch 'release-v0.12.1' into develop
2016-01-14 15:04:08 +00:00
David Baker
a7927c13fd
Fix enabling & disabling push rules
2016-01-14 10:53:44 +00:00
Richard van der Hoff
49f33f6438
Add 'event' result to 'context' endpoint
...
... because the context isn't much use without the event.
2016-01-13 16:42:14 +00:00
Mark Haines
9c1f853d58
Rename 'user_name' to 'user_id' in push to make it consistent with the rest of the code
2016-01-13 13:32:59 +00:00
Daniel Wagner-Hall
2110e35fd6
Introduce a Requester object
...
This tracks data about the entity which made the request. This is
instead of passing around a tuple, which requires call-site
modifications every time a new piece of optional context is passed
around.
I tried to introduce a User object. I gave up.
2016-01-11 17:48:45 +00:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Richard van der Hoff
32d9fd0b26
Expose /login under r0
...
The spec says /login should be available at r0 and 'unstable', so make it so.
2016-01-02 17:24:28 +00:00
Mark Haines
515548a47a
Missing yield
2015-12-10 17:54:23 +00:00
Daniel Wagner-Hall
7a8ba4c9a0
Actually host r0 and unstable prefixes
2015-12-08 15:26:52 +00:00
David Baker
9c9b2829ae
also do more structured logging
2015-12-07 12:01:00 +00:00
David Baker
50e5886de1
pep8
2015-12-07 11:57:48 +00:00
David Baker
ba1d740239
Add logging to pushers API to log the body of the request
2015-12-07 11:52:20 +00:00
Daniel Wagner-Hall
41905784f7
Take object not bool
...
Allows bool as legacy fallback
See https://github.com/matrix-org/matrix-doc/pull/212
2015-12-07 10:44:33 +00:00
Daniel Wagner-Hall
ac213c2e08
Merge pull request #415 from matrix-org/daniel/endpoints
...
Merge pull request #415 from matrix-org/daniel/endpoints
2015-12-03 12:19:12 +00:00
Daniel Wagner-Hall
526bc33e02
Fix implementation of /admin/whois
2015-12-02 17:29:47 +00:00
Daniel Wagner-Hall
872c134807
Update endpoints to reflect current spec
2015-12-02 15:45:04 +00:00
Mark Haines
37b2d69bbc
Reuse a single http client, rather than creating new ones
2015-12-02 11:36:02 +00:00
Daniel Wagner-Hall
14d7acfad4
Host /unstable and /r0 versions of r0 APIs
2015-12-01 17:34:32 +00:00
Mark Haines
31069ecf6a
Rename presence_handler.send_invite to presence_handler.send_presence_invite to distinguish it from normal invites
2015-12-01 15:59:45 +00:00
Mark Haines
c6a15f5026
Merge pull request #385 from matrix-org/daniel/forgetrooms
...
Allow users to forget rooms
2015-11-20 18:07:26 +00:00
Erik Johnston
e3dae653e8
Comment
2015-11-20 14:05:22 +00:00
Erik Johnston
37de8a7f4a
Remove m.login.token from advertised flows.
2015-11-19 16:16:49 +00:00
Daniel Wagner-Hall
ba26eb3d5d
Allow users to forget rooms
2015-11-17 17:17:30 -05:00
Steven Hammerton
f5e25c5f35
Merge branch 'develop' into sh-cas-auth-via-homeserver
2015-11-17 10:55:41 +00:00