Commit Graph

210 Commits (0921d93dcdd64101cc2433892f7a8cd1caf2b1f5)

Author SHA1 Message Date
Richard van der Hoff c7401a697f
Implement SAML2 authentication (#4267)
This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.

What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
2018-12-07 13:11:11 +01:00
Richard van der Hoff b0c24a66ec Rip out half-implemented m.login.saml2 support (#4265)
* Rip out half-implemented m.login.saml2 support

This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.

* drop undocumented dependency on dateutil

It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
2018-12-06 19:44:38 +11:00
Amber Brown 4cd1c9f2ff
Delete the disused & unspecced identicon functionality (#4106) 2018-10-29 23:57:24 +11:00
Richard van der Hoff e5b52d0f94 Make psutil an explicit dependency
As of #4027, we require psutil to be installed, so it should be in our
dependency list. We can also remove some of the conditional import code
introduced by #992.

Fixes #4062.
2018-10-19 21:51:15 +01:00
Will Hunt d6a7797dd1 Fix roomlist since tokens on Python 3 (#4046)
Thanks @Half-Shot !!!
2018-10-17 23:04:55 +11:00
Amber Brown 381d2cfdf0
Make workers work on Py3 (#4027) 2018-10-13 00:14:08 +11:00
Richard van der Hoff a59d899668 Pin to prometheus_client<0.4 to avoid renaming all of our metrics 2018-10-03 17:20:15 +01:00
Amber Brown b3064532d0
Run our oldest supported configuration in CI (#3952) 2018-09-27 23:21:54 +10:00
Richard van der Hoff a9d84f4e44 We require attrs 16.0.0
Ref: https://github.com/matrix-org/synapse/issues/3945
2018-09-25 10:43:39 +01:00
Richard van der Hoff 625542878d bump dep on pyopenssl to 16.x 2018-09-06 12:53:15 +01:00
Amber Brown 2d2828dcbc
Port http/ to Python 3 (#3771) 2018-09-06 00:10:47 +10:00
Amber Brown 14e4d4f4bf
Port storage/ to Python 3 (#3725) 2018-08-31 00:19:58 +10:00
Richard van der Hoff f584d6108f Pin to twisted 17.1 or later
Fixes https://github.com/matrix-org/synapse/issues/3741.
2018-08-24 10:02:31 +01:00
Amber Brown e845fd41c2
Correct attrs package name in requirements (#3492) 2018-07-07 10:46:59 +10:00
Richard van der Hoff 1464a0578a Add explicit dependency on netaddr
the dependencies file, causing failures on upgrade (and presumably for new
installs).
2018-07-06 16:27:17 +01:00
Richard van der Hoff 57e3f923d2 Add missing dependency on attr
We've rcently added a dep on `attr`. I don't know why the CI didn't pick this
up, but we should make it explicit anyway.
2018-06-06 17:12:41 +01:00
Amber Brown f7869f8f8b
Port to sortedcontainers (with tests!) (#3332) 2018-06-06 00:13:57 +10:00
Amber Brown df9f72d9e5 replacing portions 2018-05-21 19:47:37 -05:00
Will Hunt 2ad3fc36e6 Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157)
fixes #3135

Signed-off-by: Will Hunt will@half-shot.uk
2018-04-30 16:21:11 +01:00
Richard van der Hoff d78ada3166 Miscellaneous fixes to python_dependencies
* add some doc about wtf this thing does
* pin Twisted to < 18.4
* add explicit dep on six (fixes #3089)
2018-04-26 13:11:03 +01:00
Richard van der Hoff fac3f9e678 Bump canonicaljson to 1.1.3
1.1.2 was a bit broken too :/
2018-04-13 10:21:38 +01:00
Richard van der Hoff 119596ab8f Update canonicaljson dependency
1.1.0 and 1.1.1 were broken, so we're updating this to help people make sure
they don't end up on a broken version.

Also, 1.1.0 is speedier...
2018-04-12 17:31:44 +01:00
Erik Johnston fecb45e0c3 Remove last usage of ujson 2018-03-26 13:32:29 +01:00
Krombel ed9b5eced4 use bcrypt.checkpw
in bcrypt 3.1.0 checkpw got introduced (already 2 years ago)
This makes use of that with enhancements which might get introduced
by that

Signed-Off-by: Matthias Kesler <krombel@krombel.de>
2018-03-05 18:02:59 +01:00
Pascal Bach 3acd616979 Update pynacl dependency to 1.2.1 or higher
Signed-off-by: Pascal Bach <pascal.bach@nextrem.ch>
2018-02-19 10:45:22 +01:00
Oliver Kurz 83d8d4d8cd Allow use of higher versions of saml2
The package was pinned to <4.0 with 07cf96eb because "from saml2 import
config" did not work. This seems to have been fixed in the mean time in the
saml2 package and therefore should not stop to use a more recent version.

Signed-off-by: Oliver Kurz <okurz@suse.de>
2017-11-20 11:14:39 +01:00
Erik Johnston ea87cb1ba5 Make 'affinity' package optional 2017-10-02 18:03:59 +01:00
Richard van der Hoff a7effa8400 Merge pull request #2288 from kyrias/bcrypt
python_dependencies: Use bcrypt module instead of py-bcrypt
2017-08-23 14:14:56 +01:00
Richard van der Hoff 10d8b701a1 Allow configuration of CPU affinity
Make it possible to set the CPU affinity in the config file, so that we don't
need to remember to do it manually every time.
2017-08-15 17:08:28 +01:00
Johannes Löthberg 4f66312df8 python_dependencies: Use bcrypt module instead of py-bcrypt
py-bcrypt has been unmaintained for a long while, while bcrypt is
actively maintained. And since ff8b87118d
we're compatible with the bcrypt anyway.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2017-06-17 17:39:35 +02:00
pik 250ce11ab9 Add jsonschema to python_dependencies.py
Signed-off-by: pik <alexander.maznev@gmail.com>
2017-03-23 11:42:47 -03:00
David Baker 73a5f06652 Support registration / login with phone number
Changes from https://github.com/matrix-org/synapse/pull/1971
2017-03-13 17:27:51 +00:00
Erik Johnston 7eae6eaa2f Revert "Support registration & login with phone number" 2017-03-13 09:59:33 +00:00
David Baker ce3e583d94 WIP support for msisdn 3pid proxy methods 2017-02-14 15:05:55 +00:00
Johannes Löthberg a9c1b419a9 Bump twisted dependency
At least 16.0.0 is needed for wrapClientTLS support.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-12-18 23:16:43 +01:00
Erik Johnston d56c39cf24 Use external ldap auth pacakge 2016-11-15 13:03:19 +00:00
Erik Johnston f9d156d270 New Flake8 fixes 2016-11-15 11:22:29 +00:00
Erik Johnston 4f181f361d Accept optional token to public room list 2016-09-15 09:08:57 +01:00
Erik Johnston 7c1a92274c Make psutil optional 2016-08-08 11:12:21 +01:00
Erik Johnston 66868119dc Add metrics for psutil derived memory usage 2016-07-20 16:00:21 +01:00
Martin Weinelt 0a32208e5d Rework ldap integration with ldap3
Use the pure-python ldap3 library, which eliminates the need for a
system dependency.

Offer both a `search` and `simple_bind` mode, for more sophisticated
ldap scenarios.
- `search` tries to find a matching DN within the `user_base` while
  employing the `user_filter`, then tries the bind when a single
  matching DN was found.
- `simple_bind` tries the bind against a specific DN by combining the
  localpart and `user_base`

Offer support for STARTTLS on a plain connection.

The configuration was changed to reflect these new possibilities.

Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-06-22 17:51:59 +02:00
David Baker acded821c4 Merge remote-tracking branch 'origin/develop' into dbkr/email_notifs 2016-04-29 10:05:20 +01:00
David Baker fa12209c1b Hopefully all remaining bits for email notifs
Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
2016-04-27 15:09:55 +01:00
Erik Johnston 52ecbc2843 Make pyjwt dependency optional 2016-04-25 14:30:15 +01:00
David Baker c10ed26c30 Flesh out email templating
Mostly WIP porting the room name calculation logic from the web client so our room names in the email mirror the clients.
2016-04-21 19:19:07 +01:00
David Baker 2ed0adb075 Generate mails from a template 2016-04-20 18:35:29 +01:00
Erik Johnston d0633e6dbe Sanitize the optional dependencies for spider API 2016-04-13 13:38:09 +01:00
Matthew Hodgson dafef5a688 Add url_preview_enabled config option to turn on/off preview_url endpoint. defaults to off.
Add url_preview_ip_range_blacklist to let admins specify internal IP ranges that must not be spidered.
Add url_preview_url_blacklist to let admins specify URL patterns that must not be spidered.
Implement a custom SpiderEndpoint and associated support classes to implement url_preview_ip_range_blacklist
Add commentary and generally address PR feedback
2016-04-08 18:37:15 +01:00
Matthew Hodgson 9f7dc2bef7 Merge branch 'develop' into matthew/preview_urls 2016-04-04 00:38:21 +01:00
Niklas Riekenbrauck 3f9948a069 Add JWT support 2016-03-29 14:36:36 +02:00
Matthew Hodgson dd4287ca5d make it build 2016-03-29 02:07:57 +01:00
Erik Johnston 07cf96ebf7 Pin pysaml2 version to 3.x
This is due to the fact that `from saml2 import config` fails in version
4.x
2016-03-09 11:54:56 +00:00
Daniel Wagner-Hall 577951b032 Allow third_party_signed to be specified on /join 2016-02-23 15:11:25 +00:00
Matthew Hodgson 7634687057 Merge branch 'master' of git+ssh://github.com/matrix-org/synapse 2016-02-10 16:27:15 +00:00
Matthew Hodgson b3ecb96e36 try to bump syweb to 0.6.8 2016-02-10 16:27:12 +00:00
Daniel Wagner-Hall 0935802f1e Pin pynacl to 0.3.0
Something has gone wrong in the packaging of 1.* which causes it not to
compile.
2016-01-28 14:47:03 +00:00
Matthew Hodgson 6c28ac260c copyrights 2016-01-07 04:26:29 +00:00
Mark Haines 8bab7abddd Add nacl.bindings to the list of modules checked. Re-arrange import order to check packages after the packages they depend on 2015-09-01 16:51:10 +01:00
Mark Haines 3cdfd37d95 Print an example "pip install" line for a missing requirement 2015-09-01 16:47:26 +01:00
Mark Haines 57df6fffa7 Use the version of "matrix-angular-sdk" hosted on pypi 2015-09-01 14:47:57 +01:00
Mark Haines a7122692d9 Merge branch 'release-v0.10.0' into develop
Conflicts:
	synapse/handlers/auth.py
	synapse/python_dependencies.py
	synapse/rest/client/v1/login.py
2015-08-28 11:15:27 +01:00
Erik Johnston d33f31d741 Print the correct pip install line when failing due to lack of matrix-angular-sdk 2015-08-25 15:33:23 +01:00
Erik Johnston 8b52fe48b5 Revert previous commit. Instead, always download matrix-angular-sdk as a requirement, but don't complain (when we do check_requirements) if we don't have it when we start synapse. 2015-08-25 14:10:31 +01:00
Erik Johnston d9088c923f Remove dependency on matrix-angular-sdk 2015-08-25 13:34:50 +01:00
Mark Haines cf8c04948f Fix typo in module imports and package dependencies 2015-08-25 10:42:59 +01:00
Mark Haines 78323ccdb3 Remove syutil dependency in favour of smaller single-purpose libraries 2015-08-24 16:17:38 +01:00
Daniel Wagner-Hall 4e706ec82c Merge branch 'develop' into auth 2015-08-20 16:59:41 +01:00
Daniel Wagner-Hall f90ea3dc73 Correct pynacl version to 0.3.0
0.0.3 was a typo
2015-08-20 16:42:17 +01:00
Daniel Wagner-Hall 7f08ebb772 Switch to pymacaroons-pynacl 2015-08-19 13:21:36 +01:00
Daniel Wagner-Hall 1469141023 Merge branch 'develop' into auth 2015-08-18 14:43:44 +01:00
Daniel Wagner-Hall 2d3462714e Issue macaroons as opaque auth tokens
This just replaces random bytes with macaroons. The macaroons are not
inspected by the client or server.

In particular, they claim to have an expiry time, but nothing verifies
that they have not expired.

Follow-up commits will actually enforce the expiration, and allow for
token refresh.

See https://bit.ly/matrix-auth for more information
2015-08-18 14:22:02 +01:00
Mark Haines 21ac8be5f7 Depend on Twisted>=15.1 rather than pining to a particular version 2015-08-12 17:25:13 +01:00
Mark Haines 998a72d4d9 Merge branch 'develop' into markjh/twisted-15
Conflicts:
	synapse/http/matrixfederationclient.py
2015-08-12 17:21:14 +01:00
Erik Johnston 5989637f37 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/receipts 2015-07-13 13:50:57 +01:00
Erik Johnston ce9e2f84ad Add blist to dependencies 2015-07-08 15:41:59 +01:00
Muthu Subramanian 81682d0f82 Integrate SAML2 basic authentication - uses pysaml2 2015-07-08 15:36:54 +05:30
Mark Haines b8d49be5a1 Merge branch 'develop' into markjh/twisted-15
Conflicts:
	synapse/python_dependencies.py
2015-06-01 10:56:05 +01:00
Mark Haines 90abdaf3bc Use Twisted-15.2.1, Use Agent.usingEndpointFactory rather than implement our own Agent 2015-06-01 10:51:50 +01:00
Erik Johnston 8355b4d074 Bump syutil version 2015-05-29 13:08:43 +01:00
Erik Johnston a7b65bdedf Add config option to turn off freezing events. Use new encode_json api and ujson.loads 2015-05-29 12:17:33 +01:00
Erik Johnston db0dca2f6f Merge branch 'master' of github.com:matrix-org/synapse into develop 2015-05-07 19:21:00 +01:00
Erik Johnston a151693a3b Bump syweb version 2015-05-07 18:01:46 +01:00
Mark Haines ef8e8ebd91 pynacl-0.3.0 was released so we can finally start using it directly from pypi 2015-05-07 16:46:51 +01:00
Mark Haines c0036ced54 bump syutil to 0.0.6 2015-04-29 14:16:41 +01:00
Mark Haines 4e2f8b8722 Copyright notices 2015-04-24 10:35:29 +01:00
Mark Haines 6080830bef Bump syutil version to 0.0.5 2015-04-21 17:04:06 +01:00
Mark Haines 88cb06e996 Update syutil version to 0.0.4 2015-04-14 16:18:17 +01:00
David Baker 6d33f97703 pep8 2015-03-17 11:53:55 +00:00
David Baker 7564dac8cb Wire up the webclient option
It existed but was hardcoded to True.
Give it an underscore for consistency.
Also don't pull in syweb unless we're actually using the web client.
2015-03-17 12:45:37 +01:00
Erik Johnston 58247c8b4b Also bump dependency link version 2015-03-13 11:39:57 +00:00
Matthew Hodgson f55bd3f94b bump dep on syweb 0.6.5 2015-03-12 18:56:53 +00:00
Erik Johnston 8486910b64 Bump webclient version 2015-03-02 14:57:37 +00:00
Erik Johnston 5b753d472b Bump matrix-angular-sdk version 2015-02-18 17:02:40 +00:00
Mark Haines 5806d52423 Fix syntax 2015-02-18 11:01:37 +00:00
Mark Haines 87e9aeb914 Move pynacl to the top of the depedency link list so that it is
installed before syutil
2015-02-18 11:00:13 +00:00
Erik Johnston a566ed2f0e Bump webclient version 2015-02-12 10:49:07 +00:00
Erik Johnston af89456c3c Update dependency links 2015-02-11 17:15:16 +00:00
Erik Johnston a793a0b810 Bump syutil version 2015-02-11 17:02:52 +00:00
Mark Haines 9c24cff6ef Allow newer versions of syutil 2015-02-11 17:00:32 +00:00
Mark Haines 7ed971d9b2 Single source version and python dependencies, prevent people accidentally installing with easy_install, use scripts rather than entry_points to install synctl 2015-02-10 17:42:36 +00:00
Mark Haines b085fac735 Code-style fixes 2015-02-10 16:30:48 +00:00
Matthew Hodgson 0b725f5c4f oops 2015-02-09 16:48:31 +00:00
Matthew Hodgson bd2373277d oops 2015-02-09 16:48:09 +00:00
Matthew Hodgson a578251b48 only do word-boundary patches on bodies for now 2015-02-09 16:44:47 +00:00
Mark Haines 09601255f5 Merge pull request #46 from matrix-org/identicons
Add a media/v1/identicon resource for generating identicons
2015-02-02 18:56:34 +00:00
Mark Haines a2da04b8ab Add pydenticon to python_dependencies 2015-02-02 17:37:26 +00:00
Mark Haines 4574b5a9e6 Generate a list of dependencies from synapse/python_dependencies.py 2015-02-02 17:23:51 +00:00
David Baker bd03947c05 We do need Twisted 14, not 15: we use internal Twisted things that have been removed in 15. 2015-01-30 11:13:42 +00:00
Paul "LeoNerd" Evans 85419e1257 Stop complaining about Synapse Angular SDK 0.6.1 2015-01-23 18:37:37 +00:00
Mark Haines 63403aa7a5 Check the existance and versions of necessary modules when starting synapse, log which modules are used 2015-01-08 17:08:57 +00:00