Commit Graph

24434 Commits

Author SHA1 Message Date
Andrew Morgan ac429050bc Remove redundant security disclaimer 2024-12-11 18:28:45 +00:00
Andrew Morgan daa783f16c 1.121.1 2024-12-11 18:25:44 +00:00
Till 6c4037dcf3
Downgrade ubuntu to 22.04 when building docker images (#18026)
As currently all docker builds are failing.


https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/
https://github.com/actions/runner-images/issues/10636
2024-12-11 18:27:56 +01:00
Till Faelligen 737f6c73f7
Update changelog 2024-12-11 15:20:39 +01:00
Till Faelligen ed6edc17d0
1.121.0 2024-12-11 13:12:50 +01:00
Till 5b0873516c
Attempt to fix duplicate releases issue (#18025)
This hopefully fixes https://github.com/element-hq/synapse/issues/17991,
as we first upgraded to v2 and are now back to 0.1.15.
(This was lost in https://github.com/element-hq/synapse/pull/17923,
related https://github.com/element-hq/synapse/pull/17995)
2024-12-11 12:40:36 +01:00
Andrew Morgan a00d0b3d0e 1.121.0rc1 2024-12-04 14:49:28 +00:00
Andrew Morgan 45ca6392f4
Pin Rust to 1.82.0 when building Python wheels (#17993)
Addresses step 1 of #17988.
2024-12-04 12:58:26 +00:00
Andrew Morgan 05d58b86ac
Pin softprops/action-gh-release to v0.1.15 (#17995)
We are still seeing duplicate releases on v2.0.5, so roll back further.
[Other](f8a5a60b7c (diff-88ab30345d9874c4336fe50b54b083ba5bdd925be961c34060e6a192b56b0433R72))
[repositories](55fca4fec7 (diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR105))
seem to have settled on this version.

Addresses https://github.com/element-hq/synapse/issues/17991

We're just going to test this during 1.121.0rc1.
2024-12-04 12:53:51 +00:00
Quentin Gliech 23b626f2e6
Support for MSC4190: device management for application services (#17705)
This is an implementation of MSC4190, which allows appservices to manage
their user's devices without /login & /logout.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-12-04 12:04:49 +01:00
manuroe abf44ad324
MSC4076: Add disable_badge_count to pusher configuration (#17975)
This PR implements [MSC4076: Let E2EE clients calculate app badge counts
themselves
(disable_badge_count)](https://github.com/matrix-org/matrix-spec-proposals/pull/4076).
2024-12-03 22:58:43 +00:00
Quentin Gliech 657dd5151e
Merge branch 'master' into develop 2024-12-03 17:44:48 +01:00
Quentin Gliech 6f689d452c
1.120.2 2024-12-03 16:58:40 +01:00
Quentin Gliech 650492ed4d
Stop building wheels for macOS 2024-12-03 16:39:41 +01:00
Eric Eastwood b257c7ab19
Be able to test `/login/sso/redirect` in Complement (#17986)
Be able to test `/login/sso/redirect` in Complement

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1854926218 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). We have some
Complement tests in that codebase that go over this flow and these
changes are required [in order for the URL's to line
up](d648c8ce3f/synapse/rest/client/login.py (L652-L673)).
2024-12-03 12:54:25 +00:00
Quentin Gliech fe3d88b833
1.120.1 2024-12-03 11:18:31 +01:00
Olivier 'reivilibre b64a4e5fbb
Restrict which image formats we will decode in order to generate thumbnails 2024-12-03 09:53:21 +01:00
Devon Hudson 4b7154c585
Don't allow unsupported content-type
Co-authored-by: Eric Eastwood <erice@element.io>
2024-12-03 09:53:21 +01:00
Erik Johnston d82e1ed357
Handle null invite and knock room state 2024-12-03 09:53:21 +01:00
Eric Eastwood 4daa533e82
Sliding Sync: Fix state leaking on incremental sync 2024-12-03 09:53:21 +01:00
Erik Johnston f3fd6852ac
Fix release process to not create duplicate releases (#17970)
This is to work around
https://github.com/softprops/action-gh-release/issues/445

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
2024-12-03 09:53:20 +01:00
dependabot[bot] d648c8ce3f
Bump bytes from 1.8.0 to 1.9.0 (#17982) 2024-12-02 16:55:53 +00:00
dependabot[bot] 190c400a83
Bump tomli from 2.1.0 to 2.2.1 (#17979) 2024-12-02 16:55:40 +00:00
Eric Eastwood e5d3bfba30
Sliding Sync: Include invite, ban, kick, targets when `$LAZY`-loading room members (#17947)
Part of https://github.com/element-hq/synapse/issues/17929
2024-12-02 10:17:55 -06:00
Travis Ralston 9b2ae62d20
Use stable error code for account locking (#17965) 2024-12-02 15:28:47 +00:00
dependabot[bot] a89b697209
Bump pysaml2 from 7.3.1 to 7.5.0 (#17978) 2024-12-02 15:28:08 +00:00
Erik Johnston a82f5f206f
Fix release process to not create duplicate releases (#17970)
This is to work around
https://github.com/softprops/action-gh-release/issues/445

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
2024-12-02 10:54:14 +00:00
Eric Eastwood 6a909aade2
Consolidate SSO redirects through `/_matrix/client/v3/login/sso/redirect(/{idpId})` (#17972)
Consolidate SSO redirects through
`/_matrix/client/v3/login/sso/redirect(/{idpId})`

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1859497330 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). Instead of
needing to intercept multiple endpoints that redirect to the
authorization endpoint, it seems better to just have Synapse consolidate
to a single flow.


### Testing strategy

1. Create a new OAuth application. I'll be using GitHub for example but
there are [many
options](be65a8ec01/docs/openid.md).
Visit https://github.com/settings/developers -> **New OAuth App**
    - Application name: `Synapse local testing`
    - Homepage URL: `http://localhost:8008`
- Authorization callback URL:
`http://localhost:8008/_synapse/client/oidc/callback`
 1. Update your Synapse `homeserver.yaml`
    ```yaml
    server_name: "my.synapse.server"
    public_baseurl: http://localhost:8008/
    listeners:
      - port: 8008
        bind_addresses: [
          #'::1',
          '127.0.0.1'
        ]
        tls: false
        type: http
        x_forwarded: true
        resources:
          - names: [client, federation, metrics]
            compress: false
    
    # SSO login testing
    oidc_providers:
      - idp_id: github
        idp_name: Github
        idp_brand: "github"  # optional: styling hint for clients
        discover: false
        issuer: "https://github.com/"
        client_id: "xxx" # TO BE FILLED
        client_secret: "xxx" # TO BE FILLED
authorization_endpoint: "https://github.com/login/oauth/authorize"
        token_endpoint: "https://github.com/login/oauth/access_token"
        userinfo_endpoint: "https://api.github.com/user"
        scopes: ["read:user"]
        user_mapping_provider:
          config:
            subject_claim: "id"
            localpart_template: "{{ user.login }}"
            display_name_template: "{{ user.name }}"
    ```
1. Start Synapse: `poetry run synapse_homeserver --config-path
homeserver.yaml`
1. Visit
`http://localhost:8008/_synapse/client/pick_idp?redirectUrl=http%3A%2F%2Fexample.com`
 1. Choose GitHub
1. Notice that you're redirected to GitHub to sign in
(`https://github.com/login/oauth/authorize?...`)

Tested locally and works:

1.
`http://localhost:8008/_synapse/client/pick_idp?idp=oidc-github&redirectUrl=http%3A//example.com`
->
1.
`http://localhost:8008/_matrix/client/v3/login/sso/redirect/oidc-github?redirectUrl=http://example.com`
->
1.
`https://github.com/login/oauth/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A8008%2F_synapse%2Fclient%2Foidc%2Fcallback&scope=read%3Auser&state=xxx&nonce=xxx`
2024-11-29 11:26:37 -06:00
Richard van der Hoff d80cd57c54
Fix new scheduled tasks jumping the queue (#17962)
Currently, when a new scheduled task is added and its scheduled time has
already passed, we set it to ACTIVE. This is problematic, because it
means it will jump the queue ahead of all other SCHEDULED tasks;
furthermore, if the Synapse process gets restarted, it will jump ahead
of any ACTIVE tasks which have been started but are taking a while to
run.

Instead, we leave it set to SCHEDULED, but kick off a call to
`_launch_scheduled_tasks`, which will decide if we actually have
capacity to start a new task, and start the newly-added task if so.
2024-11-28 18:06:19 +00:00
Erik Johnston 59ad4b18fc
Update setuptools-rust and fix building abi3 wheels (#17969)
Newer versions of `setuptools-rust` ignore the `py_limited_api` flag to
`RustExtension`, and instead read it from `bdist_wheel` config.

c.f.
https://github.com/PyO3/setuptools-rust/blob/main/CHANGELOG.md#190-2024-02-24
2024-11-27 13:31:43 +00:00
V02460 a58f09acc7
Bump pyo3 to v0.23.2 (#17966)
Keep up-to-date with pyo3 releases. This bump enables Python 3.13
support and resolves deprecations.

Links for quick reference:
https://github.com/PyO3/pyo3/releases
https://github.com/davidhewitt/pythonize/releases
https://github.com/vorner/pyo3-log
2024-11-27 10:46:00 +00:00
Quentin Gliech cee9da0da5
MSC4108: Add a Content-Type header on the PUT response (#17253)
This is a workaround for some proxy setup, where the ETag header gets
stripped from the response headers unless there is a Content-Type header
set.

In particular, we saw this bug when putting Cloudflare in front of
Synapse.
I'm pretty sure this is a Cloudflare bug, as this behaviour isn't
documented anywhere, and doesn't make sense whatsoever.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-11-26 19:43:26 +01:00
Quentin Gliech a9c4d1c8ac
Merge branch 'master' into develop 2024-11-26 16:08:27 +01:00
Quentin Gliech 8c653e1dd6
1.120.0 2024-11-26 14:11:12 +01:00
dependabot[bot] cd7d90bd28
Bump tomli from 2.0.2 to 2.1.0 (#17959) 2024-11-26 09:30:16 +00:00
Richard van der Hoff 02aa7adf4c
Fix `delete_old_otks` job on worker deployments (#17960)
In a worker-mode deployment, the `E2eKeysHandler` is not necessarily
loaded, which means the handler for the `delete_old_otks` task will not
be registered. Make sure we load the handler.

Introduced in https://github.com/element-hq/synapse/pull/17934
2024-11-26 08:45:18 +01:00
Erik Johnston 3943d2fde7
Fix up logic for delaying sending read receipts over federation. (#17933)
For context of why we delay read receipts, see
https://github.com/matrix-org/synapse/issues/4730.

Element Web often sends read receipts in quick succession, if it reloads
the timeline it'll send one for the last message in the old timeline and
again for the last message in the new timeline. This caused remote users
to see a read receipt for older messages come through quickly, but then
the second read receipt taking a while to arrive for the most recent
message.

There are two things going on in this PR:
1. There was a mismatch between seconds and milliseconds, and so we
ended up delaying for far longer than intended.
2. Changing the logic to reuse the `DestinationWakeupQueue` (used for
presence)

The changes in logic are:
- Treat the first receipt and subsequent receipts in a room in the same
way
- Whitelist certain classes of receipts to never delay being sent, i.e.
receipts in small rooms, receipts for events that were sent within the
last 60s, and sending receipts to the event sender's server.
- The maximum delay a receipt can have before being sent to a server is
30s, and we'll send out receipts to remotes at least at 50Hz (by
default)

The upshot is that this should make receipts feel more snappy over
federation.

This new logic should send roughly between 10%–20% of transactions
immediately on matrix.org.
2024-11-25 18:12:33 +00:00
dependabot[bot] 93cc955051
Bump tornado from 6.4.1 to 6.4.2 (#17955) 2024-11-25 14:23:32 +00:00
Shay 4587decd67
Return suspended status when querying user account (#17952) 2024-11-22 12:37:19 +00:00
Matthew Hodgson 4c67d20af7
link to element-docker-demo from contrib/docker* (#17953) 2024-11-22 12:35:03 +00:00
Valentin Iovene 80e39fd834
Add Forgejo oidc provider config example (#17872) 2024-11-20 16:06:08 -06:00
Olivier 'reivilibre 573bdbc824 Merge branch 'release-v1.120' into develop 2024-11-20 17:26:16 +00:00
Erik Johnston 79c02cada0
Fix incorrect comment in new schema delta (#17936)
Added in #17912, was a bad copy and paste.
2024-11-20 17:12:17 +00:00
dependabot[bot] 81b080f7a2
Bump serde_json from 1.0.132 to 1.0.133 (#17939) 2024-11-20 16:52:19 +00:00
V02460 84ec15c47e
Raise setuptools_rust version cap to 1.10.2 (#17944) 2024-11-20 16:49:21 +00:00
Olivier 'reivilibre 0202e5f210 Tweak changelog 2024-11-20 16:45:54 +00:00
Will Hunt f73edbe4d2
Add encrypted appservice extensions to Complement test image. (#17945) 2024-11-20 16:35:43 +00:00
Olivier 'reivilibre ec4d136965 1.120.0rc1 2024-11-20 15:13:32 +00:00
Olivier 'reivilibre ddd1d79d03 Fix nix flake 2024-11-20 15:01:56 +00:00
Travis Ralston d0a474d312
Enable authenticated media by default (#17889)
Co-authored-by: Olivier 'reivilibre <oliverw@matrix.org>
2024-11-20 14:48:22 +00:00