340 Commits

Author SHA1 Message Date
Erik Johnston
3bb3f02517 Enable guest access for private rooms by default 2016-03-17 16:23:53 +00:00
Erik Johnston
590fbbef03 Add config to create guest account on 3pid invite
Currently, when a 3pid invite request is sent to an identity server, it
includes a provisioned guest access token. This allows the link in the,
say, invite email to include the guest access token ensuring that the
same account is used each time the link is clicked.

This flow has a number of flaws, including when using different servers
or servers that have guest access disabled.

For now, we keep this implementation but hide it behind a config option
until a better flow is implemented.
2016-03-14 15:50:40 +00:00
David Baker
874fd43257 Send the user ID matching the guest access token, since there is no Matrix API to discover what user ID an access token is for. 2016-03-07 17:13:56 +00:00
Richard van der Hoff
09b1d98070 Merge pull request #623 from matrix-org/rav/fix_createroom_race
Make sure we add all invited members before returning from createRoom
2016-03-04 09:29:15 +00:00
Richard van der Hoff
a92b4ea76f Make sure we add all invited members before returning from createRoom
add a missing yield.
2016-03-04 00:06:03 +00:00
Richard van der Hoff
a85179aff3 Merge remote-tracking branch 'origin/develop' into rav/SYN-642 2016-03-03 19:05:54 +00:00
Daniel Wagner-Hall
b4022cc487 Pass whole requester to ratelimiting
This will enable more detailed decisions
2016-03-03 16:43:42 +00:00
Richard van der Hoff
74cd80e530 Fix typo 2016-03-03 10:28:58 +00:00
Richard van der Hoff
fc1f932cc0 Move arg default to the start of the function
Also don't overwrite the list that gets passed in.
2016-03-02 16:44:14 +00:00
Richard van der Hoff
9ff940a0ef Address review comments 2016-03-02 15:40:30 +00:00
Richard van der Hoff
8a1d3b86af Handle rejections of invites from local users locally
Slightly hacky fix to SYN-642, which avoids the federation codepath when trying
to reject invites from local users.
2016-03-01 17:27:22 +00:00
Daniel Wagner-Hall
33300673b7 Generate guest access token on 3pid invites
This means that following the same link across multiple sessions or
devices can re-use the same guest account.

Note that this is somewhat of an abuse vector; we can't throw up
captchas on this flow, so this is a way of registering ephemeral
accounts for spam, whose sign-up we don't rate limit.
2016-02-24 14:41:25 +00:00
Daniel Wagner-Hall
577951b032 Allow third_party_signed to be specified on /join 2016-02-23 15:11:25 +00:00
Daniel Wagner-Hall
f8d21e1431 Review comments 2016-02-18 11:02:14 +00:00
Daniel Wagner-Hall
591af2d074 Some cleanup
I'm not particularly happy with the "action" switching, but there's no
convenient way to defer the work that needs to happen after it, so... :(
2016-02-17 15:50:13 +00:00
Daniel Wagner-Hall
a4e278bfe7 Respond to federated invite with non-empty context
Currently, we magically perform an extra database hit to find the
inviter, and use this to guess where we should send the event. Instead,
fill in a valid context, so that other callers relying on the context
actually have one.
2016-02-17 15:25:12 +00:00
Daniel Wagner-Hall
6605adf669 Some cleanup, some TODOs, more to do 2016-02-16 19:05:02 +00:00
Daniel Wagner-Hall
d1fb790818 Some cleanup 2016-02-16 14:25:23 +00:00
Daniel Wagner-Hall
1f403325ac Tidy? up room creation event sending 2016-02-16 12:00:50 +00:00
Daniel Wagner-Hall
feedaa37fa Merge branch 'develop' into daniel/roomcleanupincremental
Conflicts:
	synapse/handlers/room.py
2016-02-16 11:34:48 +00:00
Daniel Wagner-Hall
4bfb32f685 Branch off member and non member sends
Unclean, needs tidy-up, but works
2016-02-15 18:21:30 +00:00
Daniel Wagner-Hall
1a2197d7bf Simplify room creation code 2016-02-15 18:19:01 +00:00
Daniel Wagner-Hall
e560045cfd Simplify room creation code 2016-02-15 18:18:39 +00:00
Daniel Wagner-Hall
8168341e9b Use update_membership for profile updates 2016-02-15 17:14:34 +00:00
Daniel Wagner-Hall
1bbb67c452 Use update_membership to kick guests 2016-02-15 16:40:22 +00:00
Daniel Wagner-Hall
150fcde0dc Reuse update_membership from /join 2016-02-15 16:16:03 +00:00
Daniel Wagner-Hall
73e616df2a Inline _do_local_membership_update 2016-02-15 16:02:22 +00:00
Daniel Wagner-Hall
f318d4f2a4 Inline _do_join as it now only has one caller
Also, consistently apply rate limiting.

Again, ugly, but a step in the right direction.
2016-02-15 15:57:10 +00:00
Daniel Wagner-Hall
e71095801f Merge implementation of /join by alias or ID
This code is kind of rough (passing the remote servers down a long
chain), but is a step towards improvement.
2016-02-15 15:39:16 +00:00
Daniel Wagner-Hall
dbeed36dec Merge some room joining codepaths
Force joining by alias to go through the send_membership_event checks,
rather than bypassing them straight into _do_join. This is the first of
many stages of cleanup.
2016-02-15 14:38:27 +00:00
Daniel Wagner-Hall
4de08a4672 Revert "Merge two of the room join codepaths"
This reverts commit cf81375b94c4763766440471e632fc4b103450ab.

It subtly violates a guest joining auth check
2016-02-12 16:17:24 +00:00
Daniel Wagner-Hall
cf81375b94 Merge two of the room join codepaths
There's at least one more to merge in.

Side-effects:
 * Stop reporting None as displayname and avatar_url in some cases
 * Joining a room by alias populates guest-ness in join event
 * Remove unspec'd PUT version of /join/<room_id_or_alias> which has not
   been called on matrix.org according to logs
 * Stop recording access_token_id on /join/room_id - currently we don't
   record it on /join/room_alias; I can try to thread it through at some
   point.
2016-02-12 15:11:49 +00:00
Erik Johnston
0eff740523 Return events in correct order for /events 2016-02-11 10:07:27 +00:00
Erik Johnston
2c1fbea531 Fix up logcontexts 2016-02-08 14:26:45 +00:00
Erik Johnston
9cd80a7b5c PEP8 2016-02-03 11:52:57 +00:00
Erik Johnston
772b45c745 Remove unused method 2016-02-03 11:43:26 +00:00
Erik Johnston
6f52e90065 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/public_room_fix 2016-02-03 11:06:29 +00:00
Daniel Wagner-Hall
d83d004ccd Fix flake8 warnings for new flake8 2016-02-02 17:18:50 +00:00
Erik Johnston
8a391e33ae s/get_room_changes_for_user/get_membership_changes_for_user/ 2016-02-02 16:12:10 +00:00
Erik Johnston
65e92eca49 Change the way we do public room list fetching 2016-02-02 15:21:10 +00:00
Erik Johnston
b023995538 WARN if we get a topo token instead of stream. 2016-02-02 14:11:14 +00:00
Erik Johnston
89b40b225c Order things correctly 2016-02-01 16:32:46 +00:00
Erik Johnston
4bf448be25 Switch over /events to use per room caches 2016-02-01 16:26:51 +00:00
Daniel Wagner-Hall
da417aa56d Allow non-guests to peek on rooms using /events 2016-01-20 15:34:07 +00:00
Daniel Wagner-Hall
ac5a4477ad Require unbanning before other membership changes 2016-01-15 16:27:26 +00:00
Daniel Wagner-Hall
b5ce4f0427 Remove unused parameters 2016-01-15 13:54:03 +00:00
Richard van der Hoff
2978053d16 Merge branch 'release-v0.12.1' into develop 2016-01-14 15:04:08 +00:00
Richard van der Hoff
49f33f6438 Add 'event' result to 'context' endpoint
... because the context isn't much use without the event.
2016-01-13 16:42:14 +00:00
Daniel Wagner-Hall
93afb40cd4 Skip, rather than erroring, invalid guest requests
Erroring causes problems when people make illegal requests, because they
don't know what limit parameter they should pass.

This is definitely buggy. It leaks message counts for rooms people don't
have permission to see, via tokens. But apparently we already
consciously decided to allow that as a team, so this preserves that
behaviour.
2016-01-13 16:41:42 +00:00
Daniel Wagner-Hall
2ef6de928d Skip, rather than erroring, invalid guest requests
Erroring causes problems when people make illegal requests, because they
don't know what limit parameter they should pass.

This is definitely buggy. It leaks message counts for rooms people don't
have permission to see, via tokens. But apparently we already
consciously decided to allow that as a team, so this preserves that
behaviour.
2016-01-05 18:12:37 +00:00