Erik Johnston
a80e6b53f9
Newsfile
2019-05-14 13:12:23 +01:00
Erik Johnston
b54b03f9e1
Allow client event serialization to be async
2019-05-14 11:58:01 +01:00
Amber Brown
df2ebd75d3
Migrate all tests to use the dict-based config format instead of hanging items off HomeserverConfig ( #5171 )
2019-05-13 15:01:14 -05:00
Andrew Morgan
5a4b328f52
Add ability to blacklist ip ranges for federation traffic ( #5043 )
2019-05-13 19:05:06 +01:00
Brendan Abolivier
2e1129b5f7
0.99.4rc1
2019-05-13 16:11:21 +01:00
David Baker
516a5fb64b
Merge remote-tracking branch 'origin/develop' into dbkr/add_dummy_flow_to_recaptcha_only
2019-05-13 15:54:25 +01:00
David Baker
9e99143c47
Merge remote-tracking branch 'origin/develop' into dbkr/add_dummy_flow_to_recaptcha_only
2019-05-13 15:37:03 +01:00
Brendan Abolivier
bb93757b32
Fix CI after new release of isort
2019-05-13 15:19:44 +01:00
Andrew Morgan
2f48c4e1ae
URL preview blacklisting fixes ( #5155 )
...
Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases.
2019-05-10 10:32:44 -07:00
David Baker
04299132af
Re-order flows so that email auth is done last
...
It's more natural for the user if the bit that takes them away
from the registration flow comes last. Adding the dummy stage allows
us to do the stages in this order without the ambiguity.
2019-05-10 13:58:03 +01:00
David Baker
9c61dce3c8
Comment
2019-05-10 11:14:55 +01:00
David Baker
8714ff6d51
Add a DUMMY stage to captcha-only registration flow
...
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.
Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.
vector-im/riot-web#9586
2019-05-10 11:09:53 +01:00
David Baker
c2bb7476c9
Revert 085ae346ac
...
Accidentally went straight to develop
2019-05-10 11:08:01 +01:00
David Baker
085ae346ac
Add a DUMMY stage to captcha-only registration flow
...
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.
Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.
https://github.com/vector-im/riot-web/issues/9586
2019-05-10 10:52:24 +01:00
Richard van der Hoff
130f932cbc
Run black
on per_destination_queue
...
... mostly to fix pep8 fails
2019-05-09 16:27:02 +01:00
Quentin Dufour
11ea16777f
Limit the number of EDUs in transactions to 100 as expected by receiver ( #5138 )
...
Fixes #3951 .
2019-05-09 11:01:41 +01:00
Matthew Hodgson
c0e0740bef
add options to require an access_token to GET /profile and /publicRooms on CS API ( #5083 )
...
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Erik Johnston
c8c069db92
Merge pull request #5037 from matrix-org/erikj/limit_inflight_dns
...
Limit in flight DNS requests
2019-05-08 17:11:03 +01:00
Brendan Abolivier
1473058b5e
Do checks on aliases for incoming m.room.aliases events ( #5128 )
...
Follow-up to #5124
Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
2019-05-08 17:01:30 +01:00
Erik Johnston
de655e669a
Merge pull request #5104 from matrix-org/erikj/ratelimit_3pid_invite
...
Ratelimit 3pid invites
2019-05-07 10:12:49 +01:00
Richard van der Hoff
59e2d2694d
Remove the requirement to authenticate for /admin/server_version. ( #5122 )
...
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.
I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
2019-05-07 09:29:30 +01:00
Richard van der Hoff
836d3adcce
Merge branch 'master' into develop
2019-05-03 19:25:01 +01:00
Richard van der Hoff
fa21455e08
0.99.3.2
2019-05-03 18:56:24 +01:00
Richard van der Hoff
e3281d7d26
pin urllib3 to <1.25
2019-05-03 18:33:10 +01:00
Richard van der Hoff
863ec09622
0.99.3.1
2019-05-03 16:03:24 +01:00
Richard van der Hoff
a845abbf3a
Merge pull request #5134 from matrix-org/rav/url_preview_blacklist
...
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:59:20 +01:00
Richard van der Hoff
1565ebec2c
more config comment updates
2019-05-03 15:50:59 +01:00
Richard van der Hoff
1acfb9e9f0
Merge pull request #5133 from matrix-org/rav/systemrandom
...
Use SystemRandom for token generation.
2019-05-03 15:39:30 +01:00
Richard van der Hoff
1a7104fde3
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:35:49 +01:00
Richard van der Hoff
247dc1bd0b
Use SystemRandom for token generation
2019-05-03 13:02:55 +01:00
Erik Johnston
176f31c2e3
Rate limit early
2019-05-02 15:23:08 +01:00
Richard van der Hoff
12f9d51e82
Add admin api for sending server_notices ( #5121 )
2019-05-02 11:59:16 +01:00
Brendan Abolivier
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
...
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier
84196cb231
Add some limitations to alias creation
2019-05-02 11:05:11 +01:00
Richard van der Hoff
0836cbb9f5
Factor out an "assert_requester_is_admin" function ( #5120 )
...
Rather than copying-and-pasting the same four lines hundreds of times
2019-05-02 10:45:52 +01:00
Richard van der Hoff
f203c98794
fix examples
2019-05-01 17:49:56 +01:00
Richard van der Hoff
40e576e29c
Move admin api impl to its own package
...
It doesn't really belong under rest/client/v1 any more.
2019-05-01 15:44:30 +01:00
Richard van der Hoff
8e9ca83537
Move admin API to a new prefix
2019-05-01 15:44:30 +01:00
Richard van der Hoff
579b637b6c
Move admin API away from ClientV1RestServlet
2019-05-01 15:16:04 +01:00
Travis Ralston
8c5b1e30d4
Add a default .m.rule.tombstone push rule ( #4867 )
...
* Add a default .m.rule.tombstone push rule
In support of MSC1930: https://github.com/matrix-org/matrix-doc/pull/1930
* changelog
* Appease the changelog linter
2019-04-29 15:40:31 -06:00
Richard van der Hoff
b31cc1c613
Merge pull request #5100 from matrix-org/rav/verification_hackery
...
Improve logging when event-signature checking fails
2019-04-29 13:19:32 +01:00
Erik Johnston
d6118c5be6
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/ratelimit_3pid_invite
2019-04-26 18:14:23 +01:00
Erik Johnston
28a81ed62f
Ratelimit 3pid invites
...
We do ratelimit sending the 3PID invite events, but that happens after
spamming the identity server.
2019-04-26 18:06:25 +01:00
Richard van der Hoff
bd0d45ca69
Fix infinite loop in presence handler
...
Fixes #5102
2019-04-26 11:14:49 +01:00
Richard van der Hoff
837d7f85a9
more logging improvements
2019-04-25 22:17:59 +01:00
Richard van der Hoff
fd8fb32bdd
remove extraneous exception logging
2019-04-25 22:02:03 +01:00
Richard van der Hoff
7ca638c761
Clarify logging when PDU signature checking fails
2019-04-25 20:55:12 +01:00
Andrew Morgan
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
Michael Kaye
788163e204
Remove log error for .well-known/matrix/client ( #4972 )
2019-04-24 17:44:06 +01:00
Amber Brown
6b2b9a58c4
Prevent "producer not unregistered" message ( #5009 )
2019-04-24 17:37:32 +01:00
Brendan Abolivier
f8826d31cd
Don't crash on lack of expiry templates
2019-04-18 14:50:05 +01:00
Erik Johnston
ca90336a69
Merge branch 'develop' of github.com:matrix-org/synapse into babolivier/account_expiration
2019-04-17 19:44:40 +01:00
Brendan Abolivier
eaf41a943b
Add management endpoints for account validity
2019-04-17 19:34:45 +01:00
Brendan Abolivier
91934025b9
Merge pull request #5047 from matrix-org/babolivier/account_expiration
...
Send out emails with links to extend an account's validity period
2019-04-17 14:57:39 +01:00
Brendan Abolivier
20f0617e87
Send out emails with links to extend an account's validity period
2019-04-17 14:42:20 +01:00
Brendan Abolivier
49ff74da9b
Merge pull request #5071 from matrix-org/babolivier/3pid-check
...
Make sure we're not registering the same 3pid twice
2019-04-17 14:37:42 +01:00
Brendan Abolivier
600ec04739
Make sure we're not registering the same 3pid twice
2019-04-17 14:23:01 +01:00
Erik Johnston
fd2fcb817c
Merge pull request #5070 from matrix-org/erikj/postpath
...
Remove usage of request.postpath
2019-04-17 09:03:26 +01:00
Erik Johnston
a1eb4c6d2f
Merge pull request #5065 from matrix-org/erikj/fix_versions
...
VersionRestServlet doesn't take a param
2019-04-16 17:52:36 +01:00
Erik Johnston
ad010f6306
Remove usage of request.postpath
...
This is an undocumented variable in twisted, and relies on the servlet
being mounted in the right way.
This also breaks getting push rules on workers.
2019-04-16 17:42:50 +01:00
Silke Hofstra
a137f4eac0
Add systemd-python to optional dependencies ( #4339 )
...
Using systemd-python allows for logging to the systemd journal,
as is documented in: `synapse/contrib/systemd/log_config.yaml`.
Signed-off-by: Silke Hofstra <silke@slxh.eu>
2019-04-16 20:41:17 +10:00
Erik Johnston
38642614cf
VersionRestServlet doesn't take a param
2019-04-15 19:39:47 +01:00
Erik Johnston
6e27a8620f
Merge pull request #5063 from matrix-org/erikj/move_endpoints
...
Move some rest endpoints to client reader
2019-04-15 18:55:01 +01:00
Erik Johnston
ec638a1602
Only handle GET requests for /push_rules
2019-04-15 18:51:48 +01:00
Erik Johnston
d5adf297e6
Move some rest endpoints to client reader
2019-04-15 17:21:03 +01:00
Andrew Morgan
caa76e6021
Remove periods from copyright headers ( #5046 )
2019-04-11 17:08:13 +01:00
Erik Johnston
e446921def
Merge pull request #5033 from matrix-org/erikj/fix_schema_delta
...
Fix schema upgrade when dropping tables
2019-04-10 10:22:35 +01:00
Richard van der Hoff
329688c161
Fix disappearing exceptions in manhole. ( #5035 )
...
Avoid sending syntax errors from the manhole to sentry.
2019-04-10 07:23:48 +01:00
Erik Johnston
a0fc256d65
Limit in flight DNS requests
...
This is to work around a bug in twisted where a large number of
concurrent DNS requests cause it to tight loop forever.
c.f. https://twistedmatrix.com/trac/ticket/9620#ticket
2019-04-09 17:23:42 +01:00
Brendan Abolivier
bfc8fdf1fc
Merge pull request #5027 from matrix-org/babolivier/account_expiration
...
Add time-based account expiration
2019-04-09 17:02:41 +01:00
Brendan Abolivier
747aa9f8ca
Add account expiration feature
2019-04-09 16:46:04 +01:00
Erik Johnston
50d2a3059d
Fix schema upgrade when dropping tables
...
We need to drop tables in the correct order due to foreign table
constraints (on `application_services`), otherwise the DROP TABLE
command will fail.
Introduced in #4992 .
2019-04-09 14:39:18 +01:00
Richard van der Hoff
644b86677f
Merge pull request #5030 from matrix-org/rav/rewrite_g_s_v_k
...
Rewrite Datastore.get_server_verify_keys
2019-04-09 11:30:23 +01:00
Richard van der Hoff
4abf5aa81a
Bump psycopg requirement ( #5032 )
2019-04-09 11:29:50 +01:00
Richard van der Hoff
18b69be00f
Rewrite Datastore.get_server_verify_keys
...
Rewrite this so that it doesn't hammer the database.
2019-04-09 00:00:10 +01:00
Richard van der Hoff
f50efcb65d
Replace SlavedKeyStore with a shim
...
since we're pulling everything out of KeyStore anyway, we may as well simplify
it.
2019-04-08 23:59:07 +01:00
Richard van der Hoff
f88a9e6323
Remove redundant merged_keys dict
...
There's no point in collecting a merged dict of keys: it is sufficient to
consider just the new keys which have been fetched by the most recent
key_fetch_fns.
2019-04-08 22:36:18 +01:00
Richard van der Hoff
3352baac4b
Remove unused server_tls_certificates functions ( #5028 )
...
These have been unused since #4120 , and with the demise of perspectives, it is
unlikely that they will ever be used again.
2019-04-08 21:50:18 +01:00
Neil Johnson
b25e387c0d
add context to phonehome stats ( #5020 )
...
add context to phonehome stats
2019-04-08 15:47:39 +01:00
Richard van der Hoff
67d7b44784
Merge pull request #5024 from matrix-org/rav/record_correct_server_in_serverkeys
...
Fix from_server buglet in get_keys_from_perspectives
2019-04-08 15:40:37 +01:00
Neil Johnson
2d951686a7
drop tables listed in #1830 ( #4992 )
...
Tables dropped:
* application_services,
* application_services_regex,
* transaction_id_to_pdu,
* stats_reporting
* current_state_resets
* event_content_hashes
* event_destinations
* event_edge_hashes
* event_signatures
* feedback
* room_hosts
* state_forward_extremities
2019-04-08 15:37:26 +01:00
Richard van der Hoff
7d2a0c848e
Fix from_server buglet in get_keys_from_perspectives
...
make sure we store the name of the server the keys came from, rather than the
origin server, after doing a fetch-from-perspectives.
2019-04-08 12:51:16 +01:00
Richard van der Hoff
7fc1e17f4c
Merge pull request #5001 from matrix-org/rav/keyring_cleanups
...
Cleanups in the Keyring
2019-04-08 12:47:09 +01:00
Richard van der Hoff
6ae9361510
Hoist server_name check out of process_v2_response
...
It's easier to check it in the caller than to complicate the interface with an
extra param.
2019-04-04 19:12:54 +01:00
Richard van der Hoff
ef27d434d1
Clean up Keyring.process_v2_response
...
Make this just return the key dict, rather than a single-entry dict mapping the
server name to the key dict. It's easy for the caller to get the server name
from from the response object anyway.
2019-04-04 19:12:54 +01:00
Richard van der Hoff
b43d9a920b
Fix docstring on get_server_keys_json
2019-04-04 18:54:03 +01:00
Brendan Abolivier
8e85493b0c
Add config option to block users from looking up 3PIDs ( #5010 )
2019-04-04 17:25:47 +01:00
Amber Brown
a33a5abc4c
Clean up the database pagination code ( #5007 )
...
* rewrite & simplify
* changelog
* cleanup potential sql injection
2019-04-05 00:21:16 +11:00
Erik Johnston
616e6a10bd
Merge pull request #5002 from matrix-org/erikj/delete_group
...
Add delete group admin API
2019-04-04 14:15:41 +01:00
Andrew Morgan
db265f0642
Prevent kicking users who aren't in the room ( #4999 )
...
Prevent kick events from succeeding if the user is not currently in the room.
2019-04-04 13:05:51 +01:00
Marcel Krüger
9f5d206c4a
Avoid redundant URL encoding ( #4555 )
...
* Do not double encode fallback redirect URL
Signed-off-by: Marcel Fabian Krüger <zauguin@gmail.com>
2019-04-04 12:05:56 +01:00
Erik Johnston
c192bf8970
Add admin API for group deletion
2019-04-03 16:29:52 +01:00
Erik Johnston
4a2e13631d
Add functions to delete a group
2019-04-03 16:29:52 +01:00
Andrew Morgan
4a4d5c4fd6
Fix grammar and document get_current_users_in_room ( #4998 )
2019-04-03 14:32:20 +01:00
Neil Johnson
e8419554ff
Remove presence lists ( #4989 )
...
Remove presence list support as per MSC 1819
2019-04-03 11:11:15 +01:00
Erik Johnston
8f549c1177
Merge pull request #4982 from matrix-org/erikj/msc1915
...
Implement MSC1915 - 3PID unbind APIs
2019-04-03 11:07:09 +01:00
Amber Brown
7efd1d87c2
Run black on the rest of the storage module ( #4996 )
2019-04-03 10:07:29 +01:00
Erik Johnston
3039d61baf
Merge pull request #4991 from matrix-org/erikj/stagger_push_startup
...
Make starting pushers faster during start up
2019-04-02 18:23:32 +01:00
Andrew Morgan
66e78700a2
Transfer related groups on room upgrade ( #4990 )
...
Transfers the m.room.related_groups state event on room upgrade.
2019-04-02 17:15:24 +01:00
Richard van der Hoff
8530090b16
Add config.signing_key_path. ( #4974 )
...
As requested by @andrewshadura
2019-04-02 16:59:27 +01:00