Merge branch 'release-v1.64' into matrix-org-hotfixes
Olivier Wilkinson (reivilibre)
commit
0a9bcc0313
90
CHANGES.md
90
CHANGES.md
|
|
@ -1,8 +1,94 @@
|
|||
Synapse vNext
|
||||
=============
|
||||
Synapse 1.64.0rc1 (2022-07-26)
|
||||
==============================
|
||||
|
||||
As of this release, Synapse no longer allows the tasks of verifying email address ownership, and password reset confirmation, to be delegated to an identity server. For more information, see the [upgrade notes](https://matrix-org.github.io/synapse/v1.64/upgrade.html#upgrading-to-v1640).
|
||||
|
||||
We have also stopped building `.deb` packages for Ubuntu 21.10 as it is no longer an active version of Ubuntu.
|
||||
|
||||
|
||||
Features
|
||||
--------
|
||||
|
||||
- Improve error messages when media thumbnails cannot be served. ([\#13038](https://github.com/matrix-org/synapse/issues/13038))
|
||||
- Allow pagination from remote event after discovering it from [MSC3030](https://github.com/matrix-org/matrix-spec-proposals/pull/3030) `/timestamp_to_event`. ([\#13205](https://github.com/matrix-org/synapse/issues/13205))
|
||||
- Add a `room_type` field in the responses for the list room and room details admin APIs. Contributed by @andrewdoh. ([\#13208](https://github.com/matrix-org/synapse/issues/13208))
|
||||
- Add support for room version 10. ([\#13220](https://github.com/matrix-org/synapse/issues/13220))
|
||||
- Add per-room rate limiting for room joins. For each room, Synapse now monitors the rate of join events in that room, and throttles additional joins if that rate grows too large. ([\#13253](https://github.com/matrix-org/synapse/issues/13253), [\#13254](https://github.com/matrix-org/synapse/issues/13254), [\#13255](https://github.com/matrix-org/synapse/issues/13255), [\#13276](https://github.com/matrix-org/synapse/issues/13276))
|
||||
- Support Implicit TLS (TLS without using a STARTTLS upgrade, typically on port 465) for sending emails, enabled by the new option `force_tls`. Contributed by Jan Schär. ([\#13317](https://github.com/matrix-org/synapse/issues/13317))
|
||||
|
||||
|
||||
Bugfixes
|
||||
--------
|
||||
|
||||
- Fix a bug introduced in Synapse 1.15.0 where adding a user through the Synapse Admin API with a phone number would fail if the `enable_email_notifs` and `email_notifs_for_new_users` options were enabled. Contributed by @thomasweston12. ([\#13263](https://github.com/matrix-org/synapse/issues/13263))
|
||||
- Fix a bug introduced in Synapse 1.40.0 where a user invited to a restricted room would be briefly unable to join. ([\#13270](https://github.com/matrix-org/synapse/issues/13270))
|
||||
- Fix a long-standing bug where, in rare instances, Synapse could store the incorrect state for a room after a state resolution. ([\#13278](https://github.com/matrix-org/synapse/issues/13278))
|
||||
- Fix a bug introduced in v1.18.0 where the `synapse_pushers` metric would overcount pushers when they are replaced. ([\#13296](https://github.com/matrix-org/synapse/issues/13296))
|
||||
- Disable autocorrection and autocapitalisation on the username text field shown during registration when using SSO. ([\#13350](https://github.com/matrix-org/synapse/issues/13350))
|
||||
- Update locked version of `frozendict` to 2.3.3, which has fixes for memory leaks affecting `/sync`. ([\#13284](https://github.com/matrix-org/synapse/issues/13284), [\#13352](https://github.com/matrix-org/synapse/issues/13352))
|
||||
|
||||
|
||||
Improved Documentation
|
||||
----------------------
|
||||
|
||||
- Provide an example of using the Admin API. Contributed by @jejo86. ([\#13231](https://github.com/matrix-org/synapse/issues/13231))
|
||||
- Move the documentation for how URL previews work to the URL preview module. ([\#13233](https://github.com/matrix-org/synapse/issues/13233), [\#13261](https://github.com/matrix-org/synapse/issues/13261))
|
||||
- Add another `contrib` script to help set up worker processes. Contributed by @villepeh. ([\#13271](https://github.com/matrix-org/synapse/issues/13271))
|
||||
- Document that certain config options were added or changed in Synapse 1.62. Contributed by @behrmann. ([\#13314](https://github.com/matrix-org/synapse/issues/13314))
|
||||
- Document the new `rc_invites.per_issuer` throttling option added in Synapse 1.63. ([\#13333](https://github.com/matrix-org/synapse/issues/13333))
|
||||
- Mention that BuildKit is needed when building Docker images for tests. ([\#13338](https://github.com/matrix-org/synapse/issues/13338))
|
||||
- Improve Caddy reverse proxy documentation. ([\#13344](https://github.com/matrix-org/synapse/issues/13344))
|
||||
|
||||
|
||||
Deprecations and Removals
|
||||
-------------------------
|
||||
|
||||
- Drop tables that were formerly used for groups/communities. ([\#12967](https://github.com/matrix-org/synapse/issues/12967))
|
||||
- Drop support for delegating email verification to an external server. ([\#13192](https://github.com/matrix-org/synapse/issues/13192))
|
||||
- Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu. ([\#13239](https://github.com/matrix-org/synapse/issues/13239))
|
||||
- Stop building `.deb` packages for Ubuntu 21.10 (Impish Indri), which has reached end of life. ([\#13326](https://github.com/matrix-org/synapse/issues/13326))
|
||||
|
||||
|
||||
Internal Changes
|
||||
----------------
|
||||
|
||||
- Use lower transaction isolation level when purging rooms to avoid serialization errors. Contributed by Nick @ Beeper. ([\#12942](https://github.com/matrix-org/synapse/issues/12942))
|
||||
- Remove code which incorrectly attempted to reconcile state with remote servers when processing incoming events. ([\#12943](https://github.com/matrix-org/synapse/issues/12943))
|
||||
- Make the AS login method call `Auth.get_user_by_req` for checking the AS token. ([\#13094](https://github.com/matrix-org/synapse/issues/13094))
|
||||
- Always use a version of canonicaljson that supports the C implementation of frozendict. ([\#13172](https://github.com/matrix-org/synapse/issues/13172))
|
||||
- Add prometheus counters for ephemeral events and to device messages pushed to app services. Contributed by Brad @ Beeper. ([\#13175](https://github.com/matrix-org/synapse/issues/13175))
|
||||
- Refactor receipts servlet logic to avoid duplicated code. ([\#13198](https://github.com/matrix-org/synapse/issues/13198))
|
||||
- Preparation for database schema simplifications: populate `state_key` and `rejection_reason` for existing rows in the `events` table. ([\#13215](https://github.com/matrix-org/synapse/issues/13215))
|
||||
- Remove unused database table `event_reference_hashes`. ([\#13218](https://github.com/matrix-org/synapse/issues/13218))
|
||||
- Further reduce queries used sending events when creating new rooms. Contributed by Nick @ Beeper (@fizzadar). ([\#13224](https://github.com/matrix-org/synapse/issues/13224))
|
||||
- Call the v2 identity service `/3pid/unbind` endpoint, rather than v1. Contributed by @Vetchu. ([\#13240](https://github.com/matrix-org/synapse/issues/13240))
|
||||
- Use an asynchronous cache wrapper for the get event cache. Contributed by Nick @ Beeper (@fizzadar). ([\#13242](https://github.com/matrix-org/synapse/issues/13242), [\#13308](https://github.com/matrix-org/synapse/issues/13308))
|
||||
- Optimise federation sender and appservice pusher event stream processing queries. Contributed by Nick @ Beeper (@fizzadar). ([\#13251](https://github.com/matrix-org/synapse/issues/13251))
|
||||
- Log the stack when waiting for an entire room to be un-partial stated. ([\#13257](https://github.com/matrix-org/synapse/issues/13257))
|
||||
- Fix spurious warning when fetching state after a missing prev event. ([\#13258](https://github.com/matrix-org/synapse/issues/13258))
|
||||
- Clean-up tests for notifications. ([\#13260](https://github.com/matrix-org/synapse/issues/13260))
|
||||
- Do not fail build if complement with workers fails. ([\#13266](https://github.com/matrix-org/synapse/issues/13266))
|
||||
- Don't pull out state in `compute_event_context` for unconflicted state. ([\#13267](https://github.com/matrix-org/synapse/issues/13267), [\#13274](https://github.com/matrix-org/synapse/issues/13274))
|
||||
- Reduce the rebuild time for the complement-synapse docker image. ([\#13279](https://github.com/matrix-org/synapse/issues/13279))
|
||||
- Don't pull out the full state when creating an event. ([\#13281](https://github.com/matrix-org/synapse/issues/13281), [\#13307](https://github.com/matrix-org/synapse/issues/13307))
|
||||
- Upgrade from Poetry 1.1.12 to 1.1.14, to fix bugs when locking packages. ([\#13285](https://github.com/matrix-org/synapse/issues/13285))
|
||||
- Make `DictionaryCache` expire full entries if they haven't been queried in a while, even if specific keys have been queried recently. ([\#13292](https://github.com/matrix-org/synapse/issues/13292))
|
||||
- Use `HTTPStatus` constants in place of literals in tests. ([\#13297](https://github.com/matrix-org/synapse/issues/13297))
|
||||
- Improve performance of query `_get_subset_users_in_room_with_profiles`. ([\#13299](https://github.com/matrix-org/synapse/issues/13299))
|
||||
- Up batch size of `bulk_get_push_rules` and `_get_joined_profiles_from_event_ids`. ([\#13300](https://github.com/matrix-org/synapse/issues/13300))
|
||||
- Remove unnecessary `json.dumps` from tests. ([\#13303](https://github.com/matrix-org/synapse/issues/13303))
|
||||
- Reduce memory usage of sending dummy events. ([\#13310](https://github.com/matrix-org/synapse/issues/13310))
|
||||
- Prevent formatting changes of [#3679](https://github.com/matrix-org/synapse/pull/3679) from appearing in `git blame`. ([\#13311](https://github.com/matrix-org/synapse/issues/13311))
|
||||
- Change `get_users_in_room` and `get_rooms_for_user` caches to enable pruning of old entries. ([\#13313](https://github.com/matrix-org/synapse/issues/13313))
|
||||
- Validate federation destinations and log an error if a destination is invalid. ([\#13318](https://github.com/matrix-org/synapse/issues/13318))
|
||||
- Fix `FederationClient.get_pdu()` returning events from the cache as `outliers` instead of original events we saw over federation. ([\#13320](https://github.com/matrix-org/synapse/issues/13320))
|
||||
- Reduce memory usage of state caches. ([\#13323](https://github.com/matrix-org/synapse/issues/13323))
|
||||
- Reduce the amount of state we store in the `state_cache`. ([\#13324](https://github.com/matrix-org/synapse/issues/13324))
|
||||
- Add missing type hints to open tracing module. ([\#13328](https://github.com/matrix-org/synapse/issues/13328), [\#13345](https://github.com/matrix-org/synapse/issues/13345), [\#13362](https://github.com/matrix-org/synapse/issues/13362))
|
||||
- Remove old base slaved store and de-duplicate cache ID generators. Contributed by Nick @ Beeper (@fizzadar). ([\#13329](https://github.com/matrix-org/synapse/issues/13329), [\#13349](https://github.com/matrix-org/synapse/issues/13349))
|
||||
- When reporting metrics is enabled, use ~8x less data to describe DB transaction metrics. ([\#13342](https://github.com/matrix-org/synapse/issues/13342))
|
||||
- Faster room joins: skip soft fail checks while Synapse only has partial room state, since the current membership of event senders may not be accurately known. ([\#13354](https://github.com/matrix-org/synapse/issues/13354))
|
||||
|
||||
|
||||
Synapse 1.63.1 (2022-07-20)
|
||||
===========================
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
Use lower isolation level when purging rooms to avoid serialization errors. Contributed by Nick @ Beeper.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Remove code which incorrectly attempted to reconcile state with remote servers when processing incoming events.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Drop tables used for groups/communities.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Provide more info why we don't have any thumbnails to serve.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Make the AS login method call `Auth.get_user_by_req` for checking the AS token.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Always use a version of canonicaljson that supports the C implementation of frozendict.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add prometheus counters for ephemeral events and to device messages pushed to app services. Contributed by Brad @ Beeper.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Drop support for delegating email verification to an external server.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Refactor receipts servlet logic to avoid duplicated code.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Allow pagination from remote event after discovering it from MSC3030 `/timestamp_to_event`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add a `room_type` field in the responses for the list room and room details admin API. Contributed by @andrewdoh.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Preparation for database schema simplifications: populate `state_key` and `rejection_reason` for existing rows in the `events` table.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Remove unused database table `event_reference_hashes`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add support for room version 10.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Further reduce queries used sending events when creating new rooms. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Provide an example of using the Admin API. Contributed by @jejo86.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Move the documentation for how URL previews work to the URL preview module.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Call the v2 identity service `/3pid/unbind` endpoint, rather than v1.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Use an asynchronous cache wrapper for the get event cache. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Optimise federation sender and appservice pusher event stream processing queries. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Preparatory work for a per-room rate limiter on joins.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Preparatory work for a per-room rate limiter on joins.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Preparatory work for a per-room rate limiter on joins.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Log the stack when waiting for an entire room to be un-partial stated.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix spurious warning when fetching state after a missing prev event.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Clean-up tests for notifications.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Move the documentation for how URL previews work to the URL preview module.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix a bug introduced in Synapse 1.15.0 where adding a user through the Synapse Admin API with a phone number would fail if the "enable_email_notifs" and "email_notifs_for_new_users" options were enabled. Contributed by @thomasweston12.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Do not fail build if complement with workers fails.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Don't pull out state in `compute_event_context` for unconflicted state.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix a bug introduced in Synapse 1.40 where a user invited to a restricted room would be briefly unable to join.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add another `contrib` script to help set up worker processes. Contributed by @villepeh.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Don't pull out state in `compute_event_context` for unconflicted state.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add per-room rate limiting for room joins. For each room, Synapse now monitors the rate of join events in that room, and throttle additional joins if that rate grows too large.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix long-standing bug where in rare instances Synapse could store the incorrect state for a room after a state resolution.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduce the rebuild time for the complement-synapse docker image.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Don't pull out the full state when creating an event.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Update locked version of `frozendict` to 2.3.2, which has a fix for a memory leak.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Upgrade from Poetry 1.1.14 to 1.1.12, to fix bugs when locking packages.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Make `DictionaryCache` expire full entries if they haven't been queried in a while, even if specific keys have been queried recently.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix a bug introduced in v1.18.0 where the `synapse_pushers` metric would overcount pushers when they are replaced.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Use `HTTPStatus` constants in place of literals in tests.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Improve performance of query `_get_subset_users_in_room_with_profiles`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Up batch size of `bulk_get_push_rules` and `_get_joined_profiles_from_event_ids`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Remove unnecessary `json.dumps` from tests.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Don't pull out the full state when creating an event.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Use an asynchronous cache wrapper for the get event cache. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduce memory usage of sending dummy events.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Prevent formatting changes of [#3679](https://github.com/matrix-org/synapse/pull/3679) from appearing in `git blame`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Change `get_users_in_room` and `get_rooms_for_user` caches to enable pruning of old entries.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add notes when config options where changed. Contributed by @behrmann.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Validate federation destinations and log an error if a destination is invalid.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Fix `FederationClient.get_pdu()` returning events from the cache as `outliers` instead of original events we saw over federation.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduce memory usage of state caches.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Reduce the amount of state we store in the `state_cache`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Stop builindg `.deb` packages for Ubuntu 21.10 (Impish Indri), which has reached end of life.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add missing type hints to open tracing module.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Remove old base slaved store and de-duplicate cache ID generators. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Document the new `rc_invites.per_issuer` throttling option added in Synapse 1.63.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Mention that BuildKit is needed when building Docker images for tests.
|
||||
|
|
@ -1 +0,0 @@
|
|||
When reporting metrics is enabled, use ~8x less data to describe DB transaction metrics.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Add missing type hints to open tracing module.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Remove old base slaved store and de-duplicate cache ID generators. Contributed by Nick @ Beeper (@fizzadar).
|
||||
|
|
@ -1 +0,0 @@
|
|||
Update locked version of `frozendict` to 2.3.3, which has fixes for memory leaks affecting `/sync`.
|
||||
|
|
@ -1 +0,0 @@
|
|||
Faster room joins: skip soft fail checks while Synapse only has partial room state, since the current membership of event senders may not be accurately known.
|
||||
|
|
@ -1,3 +1,9 @@
|
|||
matrix-synapse-py3 (1.64.0~rc1) stable; urgency=medium
|
||||
|
||||
* New Synapse release 1.64.0rc1.
|
||||
|
||||
-- Synapse Packaging team <packages@matrix.org> Tue, 26 Jul 2022 12:11:49 +0100
|
||||
|
||||
matrix-synapse-py3 (1.63.1) stable; urgency=medium
|
||||
|
||||
* New Synapse release 1.63.1.
|
||||
|
|
|
|||
|
|
@ -79,63 +79,32 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
### Caddy v1
|
||||
|
||||
```
|
||||
matrix.example.com {
|
||||
proxy /_matrix http://localhost:8008 {
|
||||
transparent
|
||||
}
|
||||
|
||||
proxy /_synapse/client http://localhost:8008 {
|
||||
transparent
|
||||
}
|
||||
}
|
||||
|
||||
example.com:8448 {
|
||||
proxy / http://localhost:8008 {
|
||||
transparent
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Caddy v2
|
||||
|
||||
```
|
||||
matrix.example.com {
|
||||
reverse_proxy /_matrix/* http://localhost:8008
|
||||
reverse_proxy /_synapse/client/* http://localhost:8008
|
||||
reverse_proxy /_matrix/* localhost:8008
|
||||
reverse_proxy /_synapse/client/* localhost:8008
|
||||
}
|
||||
|
||||
example.com:8448 {
|
||||
reverse_proxy http://localhost:8008
|
||||
reverse_proxy localhost:8008
|
||||
}
|
||||
```
|
||||
|
||||
[Delegation](delegate.md) example:
|
||||
|
||||
```
|
||||
(matrix-well-known-header) {
|
||||
# Headers
|
||||
header Access-Control-Allow-Origin "*"
|
||||
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
|
||||
header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
|
||||
header Content-Type "application/json"
|
||||
}
|
||||
|
||||
example.com {
|
||||
handle /.well-known/matrix/server {
|
||||
import matrix-well-known-header
|
||||
respond `{"m.server":"matrix.example.com:443"}`
|
||||
}
|
||||
|
||||
handle /.well-known/matrix/client {
|
||||
import matrix-well-known-header
|
||||
respond `{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}`
|
||||
}
|
||||
header /.well-known/matrix/* Content-Type application/json
|
||||
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||
respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
|
||||
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}`
|
||||
}
|
||||
|
||||
matrix.example.com {
|
||||
reverse_proxy /_matrix/* http://localhost:8008
|
||||
reverse_proxy /_synapse/client/* http://localhost:8008
|
||||
reverse_proxy /_matrix/* localhost:8008
|
||||
reverse_proxy /_synapse/client/* localhost:8008
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -3187,9 +3187,17 @@ Server admins can configure custom templates for email content. See
|
|||
|
||||
This setting has the following sub-options:
|
||||
* `smtp_host`: The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
||||
* `smtp_port`: The port on the mail server for outgoing SMTP. Defaults to 25.
|
||||
* `smtp_port`: The port on the mail server for outgoing SMTP. Defaults to 465 if `force_tls` is true, else 25.
|
||||
|
||||
_Changed in Synapse 1.64.0:_ the default port is now aware of `force_tls`.
|
||||
* `smtp_user` and `smtp_pass`: Username/password for authentication to the SMTP server. By default, no
|
||||
authentication is attempted.
|
||||
* `force_tls`: By default, Synapse connects over plain text and then optionally upgrades
|
||||
to TLS via STARTTLS. If this option is set to true, TLS is used from the start (Implicit TLS),
|
||||
and the option `require_transport_security` is ignored.
|
||||
It is recommended to enable this if supported by your mail server.
|
||||
|
||||
_New in Synapse 1.64.0._
|
||||
* `require_transport_security`: Set to true to require TLS transport security for SMTP.
|
||||
By default, Synapse will connect over plain text, and will then switch to
|
||||
TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
|
||||
|
|
@ -3254,6 +3262,7 @@ email:
|
|||
smtp_port: 587
|
||||
smtp_user: "exampleusername"
|
||||
smtp_pass: "examplepassword"
|
||||
force_tls: true
|
||||
require_transport_security: true
|
||||
enable_tls: false
|
||||
notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ skip_gitignore = true
|
|||
|
||||
[tool.poetry]
|
||||
name = "matrix-synapse"
|
||||
version = "1.63.1"
|
||||
version = "1.64.0rc1"
|
||||
description = "Homeserver for the Matrix decentralised comms protocol"
|
||||
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
|
||||
license = "Apache-2.0"
|
||||
|
|
|
|||
|
|
@ -85,14 +85,19 @@ class EmailConfig(Config):
|
|||
if email_config is None:
|
||||
email_config = {}
|
||||
|
||||
self.force_tls = email_config.get("force_tls", False)
|
||||
self.email_smtp_host = email_config.get("smtp_host", "localhost")
|
||||
self.email_smtp_port = email_config.get("smtp_port", 25)
|
||||
self.email_smtp_port = email_config.get(
|
||||
"smtp_port", 465 if self.force_tls else 25
|
||||
)
|
||||
self.email_smtp_user = email_config.get("smtp_user", None)
|
||||
self.email_smtp_pass = email_config.get("smtp_pass", None)
|
||||
self.require_transport_security = email_config.get(
|
||||
"require_transport_security", False
|
||||
)
|
||||
self.enable_smtp_tls = email_config.get("enable_tls", True)
|
||||
if self.force_tls and not self.enable_smtp_tls:
|
||||
raise ConfigError("email.force_tls requires email.enable_tls to be true")
|
||||
if self.require_transport_security and not self.enable_smtp_tls:
|
||||
raise ConfigError(
|
||||
"email.require_transport_security requires email.enable_tls to be true"
|
||||
|
|
|
|||
|
|
@ -23,10 +23,12 @@ from pkg_resources import parse_version
|
|||
|
||||
import twisted
|
||||
from twisted.internet.defer import Deferred
|
||||
from twisted.internet.interfaces import IOpenSSLContextFactory, IReactorTCP
|
||||
from twisted.internet.interfaces import IOpenSSLContextFactory
|
||||
from twisted.internet.ssl import optionsForClientTLS
|
||||
from twisted.mail.smtp import ESMTPSender, ESMTPSenderFactory
|
||||
|
||||
from synapse.logging.context import make_deferred_yieldable
|
||||
from synapse.types import ISynapseReactor
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from synapse.server import HomeServer
|
||||
|
|
@ -48,7 +50,7 @@ class _NoTLSESMTPSender(ESMTPSender):
|
|||
|
||||
|
||||
async def _sendmail(
|
||||
reactor: IReactorTCP,
|
||||
reactor: ISynapseReactor,
|
||||
smtphost: str,
|
||||
smtpport: int,
|
||||
from_addr: str,
|
||||
|
|
@ -59,6 +61,7 @@ async def _sendmail(
|
|||
require_auth: bool = False,
|
||||
require_tls: bool = False,
|
||||
enable_tls: bool = True,
|
||||
force_tls: bool = False,
|
||||
) -> None:
|
||||
"""A simple wrapper around ESMTPSenderFactory, to allow substitution in tests
|
||||
|
||||
|
|
@ -73,8 +76,9 @@ async def _sendmail(
|
|||
password: password to give when authenticating
|
||||
require_auth: if auth is not offered, fail the request
|
||||
require_tls: if TLS is not offered, fail the reqest
|
||||
enable_tls: True to enable TLS. If this is False and require_tls is True,
|
||||
enable_tls: True to enable STARTTLS. If this is False and require_tls is True,
|
||||
the request will fail.
|
||||
force_tls: True to enable Implicit TLS.
|
||||
"""
|
||||
msg = BytesIO(msg_bytes)
|
||||
d: "Deferred[object]" = Deferred()
|
||||
|
|
@ -105,13 +109,23 @@ async def _sendmail(
|
|||
# set to enable TLS.
|
||||
factory = build_sender_factory(hostname=smtphost if enable_tls else None)
|
||||
|
||||
reactor.connectTCP(
|
||||
smtphost,
|
||||
smtpport,
|
||||
factory,
|
||||
timeout=30,
|
||||
bindAddress=None,
|
||||
)
|
||||
if force_tls:
|
||||
reactor.connectSSL(
|
||||
smtphost,
|
||||
smtpport,
|
||||
factory,
|
||||
optionsForClientTLS(smtphost),
|
||||
timeout=30,
|
||||
bindAddress=None,
|
||||
)
|
||||
else:
|
||||
reactor.connectTCP(
|
||||
smtphost,
|
||||
smtpport,
|
||||
factory,
|
||||
timeout=30,
|
||||
bindAddress=None,
|
||||
)
|
||||
|
||||
await make_deferred_yieldable(d)
|
||||
|
||||
|
|
@ -132,6 +146,7 @@ class SendEmailHandler:
|
|||
self._smtp_pass = passwd.encode("utf-8") if passwd is not None else None
|
||||
self._require_transport_security = hs.config.email.require_transport_security
|
||||
self._enable_tls = hs.config.email.enable_smtp_tls
|
||||
self._force_tls = hs.config.email.force_tls
|
||||
|
||||
self._sendmail = _sendmail
|
||||
|
||||
|
|
@ -189,4 +204,5 @@ class SendEmailHandler:
|
|||
require_auth=self._smtp_user is not None,
|
||||
require_tls=self._require_transport_security,
|
||||
enable_tls=self._enable_tls,
|
||||
force_tls=self._force_tls,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -910,8 +910,8 @@ def tag_args(func: Callable[P, R]) -> Callable[P, R]:
|
|||
def _tag_args_inner(*args: P.args, **kwargs: P.kwargs) -> R:
|
||||
argspec = inspect.getfullargspec(func)
|
||||
for i, arg in enumerate(argspec.args[1:]):
|
||||
set_tag("ARG_" + arg, args[i]) # type: ignore[index]
|
||||
set_tag("args", args[len(argspec.args) :]) # type: ignore[index]
|
||||
set_tag("ARG_" + arg, str(args[i])) # type: ignore[index]
|
||||
set_tag("args", str(args[len(argspec.args) :])) # type: ignore[index]
|
||||
set_tag("kwargs", str(kwargs))
|
||||
return func(*args, **kwargs)
|
||||
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@
|
|||
<div class="username_input" id="username_input">
|
||||
<label for="field-username">Username (required)</label>
|
||||
<div class="prefix">@</div>
|
||||
<input type="text" name="username" id="field-username" value="{{ user_attributes.localpart }}" autofocus>
|
||||
<input type="text" name="username" id="field-username" value="{{ user_attributes.localpart }}" autofocus autocorrect="off" autocapitalize="none">
|
||||
<div class="postfix">:{{ server_name }}</div>
|
||||
</div>
|
||||
<output for="username_input" id="field-username-output"></output>
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ from twisted.internet.defer import ensureDeferred
|
|||
from twisted.mail import interfaces, smtp
|
||||
|
||||
from tests.server import FakeTransport
|
||||
from tests.unittest import HomeserverTestCase
|
||||
from tests.unittest import HomeserverTestCase, override_config
|
||||
|
||||
|
||||
@implementer(interfaces.IMessageDelivery)
|
||||
|
|
@ -110,3 +110,58 @@ class SendEmailHandlerTestCase(HomeserverTestCase):
|
|||
user, msg = message_delivery.messages.pop()
|
||||
self.assertEqual(str(user), "foo@bar.com")
|
||||
self.assertIn(b"Subject: test subject", msg)
|
||||
|
||||
@override_config(
|
||||
{
|
||||
"email": {
|
||||
"notif_from": "noreply@test",
|
||||
"force_tls": True,
|
||||
},
|
||||
}
|
||||
)
|
||||
def test_send_email_force_tls(self):
|
||||
"""Happy-path test that we can send email to an Implicit TLS server."""
|
||||
h = self.hs.get_send_email_handler()
|
||||
d = ensureDeferred(
|
||||
h.send_email(
|
||||
"foo@bar.com", "test subject", "Tests", "HTML content", "Text content"
|
||||
)
|
||||
)
|
||||
# there should be an attempt to connect to localhost:465
|
||||
self.assertEqual(len(self.reactor.sslClients), 1)
|
||||
(
|
||||
host,
|
||||
port,
|
||||
client_factory,
|
||||
contextFactory,
|
||||
_timeout,
|
||||
_bindAddress,
|
||||
) = self.reactor.sslClients[0]
|
||||
self.assertEqual(host, "localhost")
|
||||
self.assertEqual(port, 465)
|
||||
|
||||
# wire it up to an SMTP server
|
||||
message_delivery = _DummyMessageDelivery()
|
||||
server_protocol = smtp.ESMTP()
|
||||
server_protocol.delivery = message_delivery
|
||||
# make sure that the server uses the test reactor to set timeouts
|
||||
server_protocol.callLater = self.reactor.callLater # type: ignore[assignment]
|
||||
|
||||
client_protocol = client_factory.buildProtocol(None)
|
||||
client_protocol.makeConnection(FakeTransport(server_protocol, self.reactor))
|
||||
server_protocol.makeConnection(
|
||||
FakeTransport(
|
||||
client_protocol,
|
||||
self.reactor,
|
||||
peer_address=IPv4Address("TCP", "127.0.0.1", 1234),
|
||||
)
|
||||
)
|
||||
|
||||
# the message should now get delivered
|
||||
self.get_success(d, by=0.1)
|
||||
|
||||
# check it arrived
|
||||
self.assertEqual(len(message_delivery.messages), 1)
|
||||
user, msg = message_delivery.messages.pop()
|
||||
self.assertEqual(str(user), "foo@bar.com")
|
||||
self.assertIn(b"Subject: test subject", msg)
|
||||
|
|
|
|||
Loading…
Reference in New Issue