Merge remote-tracking branch 'origin/release-v1.80' into matrix-org-hotfixes

CHANGES.md

@@ -1,3 +1,70 @@
+Synapse 1.80.0rc1 (2023-03-21)
+==============================
+
+Features
+--------
+
+- Stabilise support for [MSC3966](https://github.com/matrix-org/matrix-spec-proposals/pull/3966): `event_property_contains` push condition. ([\#15187](https://github.com/matrix-org/synapse/issues/15187))
+- Implement [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper. ([\#15249](https://github.com/matrix-org/synapse/issues/15249))
+- Allow loading `/register/available` endpoint on workers. ([\#15268](https://github.com/matrix-org/synapse/issues/15268))
+- Improve performance of creating and authenticating events. ([\#15195](https://github.com/matrix-org/synapse/issues/15195))
+- Add topic and name events to group of events that are batch persisted when creating a room. ([\#15229](https://github.com/matrix-org/synapse/issues/15229))
+
+
+Bugfixes
+--------
+
+- Fix a long-standing bug in which the user directory would assume any remote membership state events represent a profile change. ([\#14755](https://github.com/matrix-org/synapse/issues/14755), [\#14756](https://github.com/matrix-org/synapse/issues/14756))
+- Implement [MSC3873](https://github.com/matrix-org/matrix-spec-proposals/pull/3873) to fix a long-standing bug where properties with dots were handled ambiguously in push rules. ([\#15190](https://github.com/matrix-org/synapse/issues/15190))
+- Faster joins: Fix a bug introduced in Synapse 1.66 where spurious "Failed to find memberships ..." errors would be logged. ([\#15232](https://github.com/matrix-org/synapse/issues/15232))
+- Fix a long-standing error when sending message into deleted room. ([\#15235](https://github.com/matrix-org/synapse/issues/15235))
+
+
+Updates to the Docker image
+---------------------------
+
+- Ensure the Dockerfile builds on platforms that don't have a `cryptography` wheel. ([\#15239](https://github.com/matrix-org/synapse/issues/15239))
+- Mirror images to the GitHub Container Registry (`ghcr.io/matrix-org/synapse`). ([\#15281](https://github.com/matrix-org/synapse/issues/15281), [\#15282](https://github.com/matrix-org/synapse/issues/15282))
+
+
+Improved Documentation
+----------------------
+
+- Add a missing endpoint to the workers documentation. ([\#15223](https://github.com/matrix-org/synapse/issues/15223))
+
+
+Internal Changes
+----------------
+
+- Add additional functionality to declaring worker types when starting Complement in worker mode. ([\#14921](https://github.com/matrix-org/synapse/issues/14921))
+- Add `Synapse-Trace-Id` to `access-control-expose-headers` header. ([\#14974](https://github.com/matrix-org/synapse/issues/14974))
+- Make the `HttpTransactionCache` use the `Requester` in addition of the just the `Request` to build the transaction key. ([\#15200](https://github.com/matrix-org/synapse/issues/15200))
+- Improve log lines when purging rooms. ([\#15222](https://github.com/matrix-org/synapse/issues/15222))
+- Improve type hints. ([\#15230](https://github.com/matrix-org/synapse/issues/15230), [\#15231](https://github.com/matrix-org/synapse/issues/15231), [\#15238](https://github.com/matrix-org/synapse/issues/15238))
+- Move various module API callback registration methods to a dedicated class. ([\#15237](https://github.com/matrix-org/synapse/issues/15237))
+- Configure GitHub Actions for merge queues. ([\#15244](https://github.com/matrix-org/synapse/issues/15244))
+- Add schema comments about the `destinations` and `destination_rooms` tables. ([\#15247](https://github.com/matrix-org/synapse/issues/15247))
+- Skip processing of auto-join room behaviour if there are no auto-join rooms configured. ([\#15262](https://github.com/matrix-org/synapse/issues/15262))
+- Remove unused store method `_set_destination_retry_timings_emulated`. ([\#15266](https://github.com/matrix-org/synapse/issues/15266))
+- Reorganize URL preview code. ([\#15269](https://github.com/matrix-org/synapse/issues/15269))
+- Clean-up direct TCP replication code. ([\#15272](https://github.com/matrix-org/synapse/issues/15272), [\#15274](https://github.com/matrix-org/synapse/issues/15274))
+- Make `configure_workers_and_start` script used in Complement tests compatible with older versions of Python. ([\#15275](https://github.com/matrix-org/synapse/issues/15275))
+- Add a `/versions` flag for [MSC3952](https://github.com/matrix-org/matrix-spec-proposals/pull/3952). ([\#15293](https://github.com/matrix-org/synapse/issues/15293))
+- Bump hiredis from 2.2.1 to 2.2.2. ([\#15252](https://github.com/matrix-org/synapse/issues/15252))
+- Bump serde from 1.0.152 to 1.0.155. ([\#15253](https://github.com/matrix-org/synapse/issues/15253))
+- Bump pysaml2 from 7.2.1 to 7.3.1. ([\#15254](https://github.com/matrix-org/synapse/issues/15254))
+- Bump msgpack from 1.0.4 to 1.0.5. ([\#15255](https://github.com/matrix-org/synapse/issues/15255))
+- Bump gitpython from 3.1.30 to 3.1.31. ([\#15256](https://github.com/matrix-org/synapse/issues/15256))
+- Bump cryptography from 39.0.1 to 39.0.2. ([\#15257](https://github.com/matrix-org/synapse/issues/15257))
+- Bump pydantic from 1.10.4 to 1.10.6. ([\#15286](https://github.com/matrix-org/synapse/issues/15286))
+- Bump serde from 1.0.155 to 1.0.157. ([\#15287](https://github.com/matrix-org/synapse/issues/15287))
+- Bump anyhow from 1.0.69 to 1.0.70. ([\#15288](https://github.com/matrix-org/synapse/issues/15288))
+- Bump txredisapi from 1.4.7 to 1.4.9. ([\#15289](https://github.com/matrix-org/synapse/issues/15289))
+- Bump pygithub from 1.57 to 1.58.1. ([\#15290](https://github.com/matrix-org/synapse/issues/15290))
+- Bump types-requests from 2.28.11.12 to 2.28.11.15. ([\#15291](https://github.com/matrix-org/synapse/issues/15291))
+
+
+
 Synapse 1.79.0 (2023-03-14)
 ===========================
 

changelog.d/14755.bugfix

@@ -1 +0,0 @@
-Fix a long-standing bug in which the user directory would assume any remote membership state events represent a profile change.

changelog.d/14756.bugfix

@@ -1 +0,0 @@
-Fix a long-standing bug in which the user directory would assume any remote membership state events represent a profile change.

changelog.d/14921.misc

@@ -1 +0,0 @@
-Add additional functionality to declaring worker types when starting Complement in worker mode.

changelog.d/14974.misc

@@ -1 +0,0 @@
-Add `Synapse-Trace-Id` to `access-control-expose-headers` header.

changelog.d/15187.feature

@@ -1 +0,0 @@
-Stabilise support for [MSC3966](https://github.com/matrix-org/matrix-spec-proposals/pull/3966): `event_property_contains` push condition.

changelog.d/15190.bugfix

@@ -1 +0,0 @@
-Implement [MSC3873](https://github.com/matrix-org/matrix-spec-proposals/pull/3873) to fix a long-standing bug where properties with dots were handled ambiguously in push rules.

changelog.d/15195.misc

@@ -1 +0,0 @@
-Improve performance of creating and authenticating events.

changelog.d/15200.misc

@@ -1 +0,0 @@
-Make the `HttpTransactionCache` use the `Requester` in addition of the just the `Request` to build the transaction key.

changelog.d/15222.misc

@@ -1 +0,0 @@
-Improve log lines when purging rooms.

changelog.d/15223.doc

@@ -1 +0,0 @@
-Add a missing endpoint to the workers documentation.

changelog.d/15229.misc

@@ -1 +0,0 @@
-Add topic and name events to group of events that are batch persisted when creating a room.

changelog.d/15230.misc

@@ -1 +0,0 @@
-Improve type hints.

changelog.d/15231.misc

@@ -1 +0,0 @@
-Improve type hints.

changelog.d/15232.bugfix

@@ -1 +0,0 @@
-Faster joins: Fix a bug introduced in Synapse 1.66 where spurious "Failed to find memberships ..." errors would be logged.

changelog.d/15235.bugfix

@@ -1 +0,0 @@
-Fix long-standing error when sending message into deleted room.

changelog.d/15237.misc

@@ -1 +0,0 @@
-Move various module API callback registration methods to a dedicated class.

changelog.d/15238.misc

@@ -1 +0,0 @@
-Improve type hints.

changelog.d/15239.docker

@@ -1 +0,0 @@
-Ensure the Dockerfile builds on platforms that don't have a `cryptography` wheel.

changelog.d/15244.misc

@@ -1 +0,0 @@
-Configure GitHub Actions for merge queues.

changelog.d/15247.misc

@@ -1 +0,0 @@
-Add schema comments about the `destinations` and `destination_rooms` tables.

changelog.d/15249.feature

@@ -1 +0,0 @@
-Implement [MSC2659](https://github.com/matrix-org/matrix-spec-proposals/pull/2659): application service ping endpoint. Contributed by Tulir @ Beeper.

changelog.d/15252.misc

@@ -1 +0,0 @@
-Bump hiredis from 2.2.1 to 2.2.2.

changelog.d/15253.misc

@@ -1 +0,0 @@
-Bump serde from 1.0.152 to 1.0.155.

changelog.d/15254.misc

@@ -1 +0,0 @@
-Bump pysaml2 from 7.2.1 to 7.3.1.

changelog.d/15255.misc

@@ -1 +0,0 @@
-Bump msgpack from 1.0.4 to 1.0.5.

changelog.d/15256.misc

@@ -1 +0,0 @@
-Bump gitpython from 3.1.30 to 3.1.31.

changelog.d/15257.misc

@@ -1 +0,0 @@
-Bump cryptography from 39.0.1 to 39.0.2.

changelog.d/15262.misc

@@ -1 +0,0 @@
-Skip processing of auto-join room behaviour if there are not auto-join rooms configured.

changelog.d/15266.misc

@@ -1 +0,0 @@
-Remove unused store method `_set_destination_retry_timings_emulated`.

changelog.d/15268.feature

@@ -1 +0,0 @@
-Allow loading `/register/available` endpoint on workers.

changelog.d/15269.misc

@@ -1 +0,0 @@
-Reorganize URL preview code.

changelog.d/15272.misc

@@ -1 +0,0 @@
-Clean-up direct TCP replication code.

changelog.d/15274.misc

@@ -1 +0,0 @@
-Clean-up direct TCP replication code.

changelog.d/15275.misc

@@ -1 +0,0 @@
-Make `configure_workers_and_start` script used in Complement tests compatible with older versions of Python.

changelog.d/15281.docker

@@ -1 +0,0 @@
-Mirror images to the GitHub Container Registry (`ghcr.io/matrix-org/synapse`).

changelog.d/15282.docker

@@ -1 +0,0 @@
-Mirror images to the GitHub Container Registry (`ghcr.io/matrix-org/synapse`).

changelog.d/15286.misc

@@ -1 +0,0 @@
-Bump pydantic from 1.10.4 to 1.10.6.

changelog.d/15287.misc

@@ -1 +0,0 @@
-Bump serde from 1.0.155 to 1.0.157.

changelog.d/15288.misc

@@ -1 +0,0 @@
-Bump anyhow from 1.0.69 to 1.0.70.

changelog.d/15289.misc

@@ -1 +0,0 @@
-Bump txredisapi from 1.4.7 to 1.4.9.

changelog.d/15290.misc

@@ -1 +0,0 @@
-Bump pygithub from 1.57 to 1.58.1.

changelog.d/15291.misc

@@ -1 +0,0 @@
-Bump types-requests from 2.28.11.12 to 2.28.11.15.

changelog.d/15293.misc

@@ -1 +0,0 @@
-Add a `/versions` flag for [MSC3952](https://github.com/matrix-org/matrix-spec-proposals/pull/3952).

changelog.d/15298.bugfix

@@ -0,0 +1 @@
+Fix a bug in which the [`POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`](https://spec.matrix.org/v1.6/client-server-api/#post_matrixclientv3roomsroomidreporteventid) endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with [MSC2249](https://github.com/matrix-org/matrix-spec-proposals/pull/2249).

changelog.d/15300.bugfix

@@ -0,0 +1 @@
+Fix a bug in which the [`POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`](https://spec.matrix.org/v1.6/client-server-api/#post_matrixclientv3roomsroomidreporteventid) endpoint would return the wrong error if the user did not have permission to view the event. This aligns Synapse's implementation with [MSC2249](https://github.com/matrix-org/matrix-spec-proposals/pull/2249).

changelog.d/15301.bugfix

@@ -0,0 +1,3 @@
+Fix a bug introduced in Synapse 1.75.0rc1 where the [SQLite port_db script](https://matrix-org.github.io/synapse/latest/postgres.html#porting-from-sqlite)
+would fail to open the SQLite database.
+

debian/changelog

@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.80.0~rc1) stable; urgency=medium
+
+  * New Synapse release 1.80.0rc1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 21 Mar 2023 10:56:08 -0700
+
 matrix-synapse-py3 (1.79.0) stable; urgency=medium
 
   * New Synapse release 1.79.0.

docs/upgrade.md

@@ -88,6 +88,18 @@ process, for example:
     dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
     ```
 
+# Upgrading to v1.80.0
+
+## Reporting events error code change
+
+Before this update, the
+[`POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`](https://spec.matrix.org/v1.6/client-server-api/#post_matrixclientv3roomsroomidreporteventid)
+endpoint would return a `403` if a user attempted to report an event that they did not have access to.
+This endpoint will now return a `404` in this case instead.
+
+Clients that implement event reporting should check that their error handling code will handle this
+change.
+
 # Upgrading to v1.79.0
 
 ## The `on_threepid_bind` module callback method has been deprecated

pyproject.toml

@@ -89,7 +89,7 @@ manifest-path = "rust/Cargo.toml"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.79.0"
+version = "1.80.0rc1"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "Apache-2.0"

synapse/_scripts/synapse_port_db.py

@@ -1329,7 +1329,7 @@ def main() -> None:
     sqlite_config = {
         "name": "sqlite3",
         "args": {
-            "database": "file:{}?mode=rw".format(args.sqlite_database),
+            "database": args.sqlite_database,
             "cp_min": 1,
             "cp_max": 1,
             "check_same_thread": False,

synapse/handlers/events.py

@@ -159,15 +159,16 @@ class EventHandler:
         Returns:
             An event, or None if there is no event matching this ID.
         Raises:
-            SynapseError if there was a problem retrieving this event, or
+            AuthError: if the user does not have the rights to inspect this event.
-            AuthError if the user does not have the rights to inspect this
-            event.
         """
         redact_behaviour = (
             EventRedactBehaviour.as_is if show_redacted else EventRedactBehaviour.redact
         )
         event = await self.store.get_event(
-            event_id, check_room_id=room_id, redact_behaviour=redact_behaviour
+            event_id,
+            check_room_id=room_id,
+            redact_behaviour=redact_behaviour,
+            allow_none=True,
         )
 
         if not event:

synapse/rest/client/report_event.py

@@ -16,7 +16,7 @@ import logging
 from http import HTTPStatus
 from typing import TYPE_CHECKING, Tuple
 
-from synapse.api.errors import Codes, NotFoundError, SynapseError
+from synapse.api.errors import AuthError, Codes, NotFoundError, SynapseError
 from synapse.http.server import HttpServer
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.http.site import SynapseRequest
@@ -62,12 +62,18 @@ class ReportEventRestServlet(RestServlet):
                 Codes.BAD_JSON,
             )
 
-        event = await self._event_handler.get_event(
+        try:
-            requester.user, room_id, event_id, show_redacted=False
+            event = await self._event_handler.get_event(
-        )
+                requester.user, room_id, event_id, show_redacted=False
+            )
+        except AuthError:
+            # The event exists, but this user is not allowed to access this event.
+            event = None
+
         if event is None:
             raise NotFoundError(
-                "Unable to report event: it does not exist or you aren't able to see it."
+                "Unable to report event: "
+                "it does not exist or you aren't able to see it."
             )
 
         await self.store.add_event_report(

synapse/storage/databases/main/events_worker.py

@@ -805,7 +805,6 @@ class EventsWorkerStore(SQLBaseStore):
                 # the events have been redacted, and if so pulling the redaction event
                 # out of the database to check it.
                 #
-                missing_events = {}
                 try:
                     # Try to fetch from any external cache. We already checked the
                     # in-memory cache above.

tests/rest/client/test_report_event.py

@@ -84,6 +84,48 @@ class ReportEventTestCase(unittest.HomeserverTestCase):
             access_token=self.other_user_tok,
         )
         self.assertEqual(404, channel.code, msg=channel.result["body"])
+        self.assertEqual(
+            "Unable to report event: it does not exist or you aren't able to see it.",
+            channel.json_body["error"],
+            msg=channel.result["body"],
+        )
+
+    def test_cannot_report_event_if_not_in_room(self) -> None:
+        """
+        Tests that we don't accept event reports for events that exist, but for which
+        the reporter should not be able to view (because they are not in the room).
+        """
+        # Have the admin user create a room (the "other" user will not join this room).
+        new_room_id = self.helper.create_room_as(tok=self.admin_user_tok)
+
+        # Have the admin user send an event in this room.
+        response = self.helper.send_event(
+            new_room_id,
+            "m.room.message",
+            content={
+                "msgtype": "m.text",
+                "body": "This event has some bad words in it! Flip!",
+            },
+            tok=self.admin_user_tok,
+        )
+        event_id = response["event_id"]
+
+        # Have the "other" user attempt to report it. Perhaps they found the event ID
+        # in a screenshot or something...
+        channel = self.make_request(
+            "POST",
+            f"rooms/{new_room_id}/report/{event_id}",
+            {"reason": "I'm not in this room but I have opinions anyways!"},
+            access_token=self.other_user_tok,
+        )
+
+        # The "other" user is not in the room, so their report should be rejected.
+        self.assertEqual(404, channel.code, msg=channel.result["body"])
+        self.assertEqual(
+            "Unable to report event: it does not exist or you aren't able to see it.",
+            channel.json_body["error"],
+            msg=channel.result["body"],
+        )
 
     def _assert_status(self, response_status: int, data: JsonDict) -> None:
         channel = self.make_request(