Commit Graph

11261 Commits

Author SHA1 Message Date
Richard van der Hoff c2a83349f0 changelog: this is a security release 2018-08-02 15:35:42 +01:00
Richard van der Hoff db1f33fb36 fix changelog typos 2018-08-02 15:33:53 +01:00
Richard van der Hoff 14a4e7d5a4 Prepare 0.33.1 2018-08-02 15:31:04 +01:00
Richard van der Hoff 50d9d97408
Merge pull request #3642 from matrix-org/rav/another_room_id_check
Check room visibility for /event/ requests
2018-08-02 15:21:59 +01:00
Richard van der Hoff 8cefc690c9 changelogs 2018-08-02 15:11:19 +01:00
Richard van der Hoff 0bf5ec0db7 Check room visibility for /event/ requests
Make sure that the user has permission to view the requeseted event for
/event/{eventId} and /room/{roomId}/event/{eventId} requests.

Also check that the event is in the given room for
/room/{roomId}/event/{eventId}, for sanity.
2018-08-02 15:03:27 +01:00
Richard van der Hoff a937497cf5
Merge pull request #3641 from matrix-org/rav/room_id_check
Validation for events/rooms in fed requests
2018-08-02 14:22:05 +01:00
Richard van der Hoff a013404292 changelog 2018-08-02 14:00:29 +01:00
Richard van der Hoff 14fa9d4d92 Avoid extra db lookups
Since we're about to look up the events themselves anyway, we can skip the
extra db queries here.
2018-08-02 13:55:51 +01:00
Richard van der Hoff 0a65450d04 Validation for events/rooms in fed requests
When we get a federation request which refers to an event id, make sure that
said event is in the room the caller claims it is in.

(patch supplied by @turt2live)
2018-08-02 13:48:40 +01:00
Richard van der Hoff 6284f579bf Update r0.33.0 release notes
(mostly just clarifications)
2018-07-19 12:37:55 +01:00
Amber Brown d69decd5c7 0.33.0 final changelog 2018-07-19 21:12:15 +10:00
Amber Brown 38f53399a2 0.33 final 2018-07-19 21:11:40 +10:00
Amber Brown 13d501c773 update changelogs 2018-07-19 21:11:24 +10:00
Amber Brown ce0545eca1 Revert "0.33.0rc1 changelog"
This reverts commit 21d3b87943.
2018-07-19 21:03:15 +10:00
Richard van der Hoff 2de3d994f3
Merge pull request #3561 from matrix-org/rav/disable_logcontext_warning
Disable logcontext warning
2018-07-19 11:05:57 +01:00
Richard van der Hoff 18a2b2c0b4 changelog 2018-07-19 10:54:39 +01:00
Richard van der Hoff 00bc979137 Disable logcontext warning
Temporary workaround to #3518 while we release 0.33.0.
2018-07-19 10:51:15 +01:00
Amber Brown 21d3b87943 0.33.0rc1 changelog 2018-07-18 12:53:32 +10:00
Amber Brown 5f3d02f6eb bump to 0.33.0rc1 2018-07-18 12:52:56 +10:00
Richard van der Hoff 0aed3fc346
Merge pull request #3546 from matrix-org/rav/fix_erasure_over_federation
Fix visibility of events from erased users over federation
2018-07-17 15:16:45 +01:00
Richard van der Hoff 79eb339c66 add a comment 2018-07-17 14:53:34 +01:00
Richard van der Hoff 4a11df5b64 changelog 2018-07-17 14:24:29 +01:00
Richard van der Hoff d897be6a98 Fix visibility of events from erased users over federation 2018-07-17 14:02:07 +01:00
Richard van der Hoff 9c04b4abf9
Merge pull request #3541 from matrix-org/rav/optimize_filter_events_for_server
Refactor and optimze filter_events_for_server
2018-07-17 14:01:39 +01:00
Richard van der Hoff 94440ae994 fix imports 2018-07-17 11:51:26 +01:00
Amber Brown bc006b3c9d
Refactor REST API tests to use explicit reactors (#3351) 2018-07-17 20:43:18 +10:00
Erik Johnston c7320a5564
Merge pull request #3544 from matrix-org/erikj/fixup_stream_cache
Fix perf regression in PR #3530
2018-07-17 11:16:59 +01:00
Richard van der Hoff 2172a3d8cb add a comment 2018-07-17 11:13:57 +01:00
Erik Johnston b2aa05a8d6 Use efficient .intersection 2018-07-17 11:07:04 +01:00
Erik Johnston 850238b4ef Add unit test 2018-07-17 10:59:02 +01:00
Erik Johnston 9952d18e4d Newsfile 2018-07-17 10:31:51 +01:00
Erik Johnston 547b1355d3 Fix perf regression in PR #3530
The get_entities_changed function was changed to return all changed
entities since the given stream position, rather than only those changed
from a given list of entities. This resulted in the function incorrectly
returning large numbers of entities that, for example, caused large
increases in database usage.
2018-07-17 10:27:51 +01:00
Amber Brown 3fe0938b76
Merge pull request #3530 from matrix-org/erikj/stream_cache
Don't return unknown entities in get_entities_changed
2018-07-17 13:44:46 +10:00
Amber Brown fe10dd9fb2
Merge pull request #3540 from krombel/enforce_isort
check isort by travis
2018-07-17 13:41:59 +10:00
Krombel 9677b1d1c0 rename 'isort' to 'check_isort' as requested 2018-07-16 16:03:41 +02:00
Richard van der Hoff 2731bf7ac3 Changelog 2018-07-16 14:12:25 +01:00
Richard van der Hoff 09e29fb58b Attempt to make _filter_events_for_server more efficient 2018-07-16 14:06:09 +01:00
Richard van der Hoff 15b13b537f Add a test which profiles filter_events_for_server in a large room 2018-07-16 14:06:09 +01:00
Krombel 78a9ddcf9a rerun isort with latest version 2018-07-16 14:23:25 +02:00
Richard van der Hoff ea69d35651 Move filter_events_for_server out of FederationHandler
for easier unit testing.
2018-07-16 13:06:24 +01:00
Krombel 4a27000548 check isort by travis 2018-07-16 13:57:33 +02:00
Amber Brown 8a4f05fefb
Fix develop because I broke it :( (#3535) 2018-07-14 09:51:00 +10:00
Amber Brown 8532953c04
Merge pull request #3534 from krombel/use_parse_and_asserts_from_servlet
Use parse and asserts from http.servlet
2018-07-14 09:09:19 +10:00
Amber Brown a2374b2c7f
fix sytests 2018-07-14 07:52:58 +10:00
Amber Brown 33b60c01b5
Make auth & transactions more testable (#3499) 2018-07-14 07:34:49 +10:00
Krombel 516f960ad8 add changelog 2018-07-13 22:19:19 +02:00
Krombel 3366b9c534 rename assert_params_in_request to assert_params_in_dict
the method "assert_params_in_request" does handle dicts and not
requests. A request body has to be parsed to json before this method
can be used
2018-07-13 21:53:01 +02:00
Krombel 32fd6910d0 Use parse_{int,str} and assert from http.servlet
parse_integer and parse_string can take a request and raise errors
in case we have wrong or missing params.
This PR tries to use them more to deduplicate some code and make it
better readable
2018-07-13 21:40:14 +02:00
Erik Johnston bc832f822f Fixup unit test 2018-07-13 17:03:04 +01:00