Commit Graph

13954 Commits

Author SHA1 Message Date
David Baker 9e99143c47 Merge remote-tracking branch 'origin/develop' into dbkr/add_dummy_flow_to_recaptcha_only 2019-05-13 15:37:03 +01:00
David Baker 8782bfb783 And now I realise why the test is failing... 2019-05-13 15:34:11 +01:00
Richard van der Hoff 9a18e1d832 Merge branch 'master' into develop 2019-05-10 23:01:41 +01:00
Andrew Morgan 2f48c4e1ae
URL preview blacklisting fixes (#5155)
Prevents a SynapseError being raised inside of a IResolutionReceiver and instead opts to just return 0 results. This thus means that we have to lump a failed lookup and a blacklisted lookup together with the same error message, but the substitute should be generic enough to cover both cases.
2019-05-10 10:32:44 -07:00
David Baker c9f811c5d4 Update changelog 2019-05-10 14:01:19 +01:00
David Baker 04299132af Re-order flows so that email auth is done last
It's more natural for the user if the bit that takes them away
from the registration flow comes last. Adding the dummy stage allows
us to do the stages in this order without the ambiguity.
2019-05-10 13:58:03 +01:00
David Baker 7a3eb8657d Thanks, automated grammar pedantry. 2019-05-10 11:18:35 +01:00
David Baker 9c61dce3c8 Comment 2019-05-10 11:14:55 +01:00
David Baker a18f93279e Add changelog entry 2019-05-10 11:11:59 +01:00
David Baker 8714ff6d51 Add a DUMMY stage to captcha-only registration flow
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.

Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.

vector-im/riot-web#9586
2019-05-10 11:09:53 +01:00
David Baker c2bb7476c9 Revert 085ae346ac
Accidentally went straight to develop
2019-05-10 11:08:01 +01:00
David Baker 085ae346ac Add a DUMMY stage to captcha-only registration flow
This allows the client to complete the email last which is more
natual for the user. Without this stage, if the client would
complete the recaptcha (and terms, if enabled) stages and then the
registration request would complete because you've now completed a
flow, even if you were intending to complete the flow that's the
same except has email auth at the end.

Adding a dummy auth stage to the recaptcha-only flow means it's
always unambiguous which flow the client was trying to complete.
Longer term we should think about changing the protocol so the
client explicitly says which flow it's trying to complete.

https://github.com/vector-im/riot-web/issues/9586
2019-05-10 10:52:24 +01:00
Richard van der Hoff a78996cc4a fix sample config 2019-05-10 09:46:28 +01:00
Gergely Polonkai cd3f30014a Make Prometheus snippet less confusing on the metrics collection doc (#4288)
Signed-off-by: Gergely Polonkai <gergely@polonkai.eu>
2019-05-10 09:15:08 +01:00
Christoph Müller ee90c06e38 Set syslog identifiers in systemd units (#5023) 2019-05-10 09:09:25 +01:00
Amber Brown b36c82576e
Run Black on the tests again (#5170) 2019-05-10 00:12:11 -05:00
colonelkrud d9a02d1201 Add AllowEncodedSlashes to apache (#5068)
* Add AllowEncodedSlashes to apache

Add `AllowEncodedSlashes On` to apache config to support encoding for v3 rooms. "The AllowEncodedSlashes setting is not inherited by virtual hosts, and virtual hosts are used in many default Apache configurations, such as the one in Ubuntu. The workaround is to add the AllowEncodedSlashes setting inside a <VirtualHost> container (/etc/apache2/sites-available/default in Ubuntu)." Source: https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache

* change allowencodedslashes to nodecode
2019-05-09 23:27:04 +01:00
Richard van der Hoff ea41c740ee Merge remote-tracking branch 'origin/master' into develop 2019-05-09 22:54:04 +01:00
Richard van der Hoff 84cebb89cc
remove instructions for jessie installation (#5164)
We don't ship jessie packages, so these were a bit misleading.
2019-05-09 22:53:46 +01:00
Richard van der Hoff 130f932cbc Run `black` on per_destination_queue
... mostly to fix pep8 fails
2019-05-09 16:27:02 +01:00
Quentin Dufour 11ea16777f Limit the number of EDUs in transactions to 100 as expected by receiver (#5138)
Fixes #3951.
2019-05-09 11:01:41 +01:00
Brendan Abolivier d216a36b37
Fix bogus imports in tests (#5154) 2019-05-08 21:57:03 +01:00
Matthew Hodgson c0e0740bef add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
This commit adds two config options:

* `restrict_public_rooms_to_local_users`

Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.

* `require_auth_for_profile_requests`

When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.

MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.

Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Erik Johnston c8c069db92
Merge pull request #5037 from matrix-org/erikj/limit_inflight_dns
Limit in flight DNS requests
2019-05-08 17:11:03 +01:00
Brendan Abolivier 1473058b5e
Do checks on aliases for incoming m.room.aliases events (#5128)
Follow-up to #5124

Also added a bunch of checks to make sure everything (both the stuff added on #5124 and this PR) works as intended.
2019-05-08 17:01:30 +01:00
Erik Johnston de655e669a
Merge pull request #5104 from matrix-org/erikj/ratelimit_3pid_invite
Ratelimit 3pid invites
2019-05-07 10:12:49 +01:00
Richard van der Hoff 59e2d2694d
Remove the requirement to authenticate for /admin/server_version. (#5122)
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.

I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
2019-05-07 09:29:30 +01:00
Travis Ralston 3fdff14207 Fix spelling in server notices admin API docs (#5142) 2019-05-06 22:15:02 +01:00
Richard van der Hoff 4804206dbe Fix sample config
... after it got broken in 1565ebec2c.
2019-05-06 22:13:35 +01:00
Richard van der Hoff 836d3adcce Merge branch 'master' into develop 2019-05-03 19:25:01 +01:00
Richard van der Hoff 9b86d3dee6 Synapse 0.99.3.2 (2019-05-03)
=============================
 
 Internal Changes
 ----------------
 
 - Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAlzMgZwACgkQOSor00I9
 eP8Pxgf7BtwM5LrC/xGFKkE62U7bX4jE5EJ9gt+keN9+l5hnB75nBzyXpk0FY/CO
 lWOWeT3S0Nfkx5CqVjZ9I9Q83W3CAzcRO6Og3w4QRieoW74T/biCizIsYxHSjgeA
 LzwdGMMRtcoccxvi9uNgJID2LNsVHazNUKuGJNoqCXeeCkmmunSHbAb8TI9Cz7mU
 0Ul8oZV8zoOaf/Nzzh7WJJ+YsxprfGmUVD1ssWYzZvGotPw/wdAhlJJA3pzjAeBZ
 o94q/IMvA7baTEBUzAzMcJCEfxEueA9j/93eYJ4/dQcS6sqMN2GMTTaiXthkf2vQ
 9w+SgbvJqQG14lTJqPOYTHS1oud6PA==
 =3ooI
 -----END PGP SIGNATURE-----

Merge tag 'v0.99.3.2'

Synapse 0.99.3.2 (2019-05-03)
=============================

Internal Changes
----------------

- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
2019-05-03 19:24:42 +01:00
Richard van der Hoff fa21455e08 0.99.3.2 2019-05-03 18:56:24 +01:00
Richard van der Hoff 0b5cf95607 include disco in deb build target list 2019-05-03 18:55:13 +01:00
Richard van der Hoff dd76e5ca62
Merge pull request #5135 from matrix-org/rav/build_fixes
Build fixes
2019-05-03 18:54:49 +01:00
Richard van der Hoff 5485852b43 changelog 2019-05-03 18:36:55 +01:00
Richard van der Hoff ecc0967315 Debian: we now need libpq-dev.
psycopg 2.8 is now out, which means that the C library gets built from source,
so we now need libpq-dev when building.

Turns out the need for this package is already documented in
docs/postgres.rst.
2019-05-03 18:34:34 +01:00
Richard van der Hoff e3281d7d26 pin urllib3 to <1.25 2019-05-03 18:33:10 +01:00
Richard van der Hoff f73f18fe7b changelog tweaks 2019-05-03 16:09:34 +01:00
Richard van der Hoff 863ec09622 0.99.3.1 2019-05-03 16:03:24 +01:00
Richard van der Hoff a845abbf3a
Merge pull request #5134 from matrix-org/rav/url_preview_blacklist
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:59:20 +01:00
Richard van der Hoff 1565ebec2c more config comment updates 2019-05-03 15:50:59 +01:00
Richard van der Hoff 1acfb9e9f0
Merge pull request #5133 from matrix-org/rav/systemrandom
Use SystemRandom for token generation.
2019-05-03 15:39:30 +01:00
Richard van der Hoff 1a7104fde3 Blacklist 0.0.0.0 and :: by default for URL previews 2019-05-03 15:35:49 +01:00
Neil Johnson 60c3635f05
typo 2019-05-03 14:40:15 +01:00
Richard van der Hoff 247dc1bd0b Use SystemRandom for token generation 2019-05-03 13:02:55 +01:00
Erik Johnston 176f31c2e3 Rate limit early 2019-05-02 15:23:08 +01:00
Richard van der Hoff 12f9d51e82
Add admin api for sending server_notices (#5121) 2019-05-02 11:59:16 +01:00
Brendan Abolivier c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier 84196cb231 Add some limitations to alias creation 2019-05-02 11:05:11 +01:00
Richard van der Hoff 0836cbb9f5
Factor out an "assert_requester_is_admin" function (#5120)
Rather than copying-and-pasting the same four lines hundreds of times
2019-05-02 10:45:52 +01:00