Patrick Cloke
6fde6aa9c0
Properly report user-agent/IP during registration of SSO users. ( #8784 )
...
This also expands type-hints to the SSO and registration code.
Refactors the CAS code to more closely match OIDC/SAML.
2020-11-23 13:28:03 -05:00
Erik Johnston
f737368a26
Add admin API for logging in as a user ( #8617 )
2020-11-17 10:51:25 +00:00
Erik Johnston
f21e24ffc2
Add ability for access tokens to belong to one user but grant access to another user. ( #8616 )
...
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't).
A future PR will add an API for creating such a token.
When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
2020-10-29 15:58:44 +00:00
Patrick Cloke
c9c0ad5e20
Remove the deprecated Handlers object ( #8494 )
...
All handlers now available via get_*_handler() methods on the HomeServer.
2020-10-09 07:24:34 -04:00
Patrick Cloke
8a4a4186de
Simplify super() calls to Python 3 syntax. ( #8344 )
...
This converts calls like super(Foo, self) -> super().
Generated with:
sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
2020-09-18 09:56:44 -04:00
Patrick Cloke
3f91638da6
Allow denying or shadow banning registrations via the spam checker ( #8034 )
2020-08-20 15:42:58 -04:00
Patrick Cloke
592cdf73be
Improve the error code when trying to register using a name reserved for guests. ( #8135 )
2020-08-20 10:39:41 -04:00
Patrick Cloke
ac77cdb64e
Add a shadow-banned flag to users. ( #8092 )
2020-08-14 12:37:59 -04:00
Patrick Cloke
3b415e23a5
Convert replication code to async/await. ( #7987 )
2020-08-03 07:12:55 -04:00
Richard van der Hoff
c445bc0cad
Use a postgres sequence to generate guest user IDs
2020-07-16 13:00:25 +01:00
Patrick Cloke
71cccf1593
Additional configuration options for auto-join rooms ( #7763 )
2020-06-30 15:41:36 -04:00
Patrick Cloke
3c45a78090
Convert the registration handler to async/await. ( #7649 )
2020-06-08 11:15:02 -04:00
Patrick Cloke
737b4a936e
Convert user directory handler and related classes to async/await. ( #7640 )
2020-06-05 14:42:55 -04:00
Travis Ralston
09099313e6
Add an option to disable autojoin for guest accounts ( #6637 )
...
Fixes https://github.com/matrix-org/synapse/issues/3177
2020-06-05 18:18:15 +01:00
Dirk Klimpel
908f9e2d24
Allow new users to be registered via the admin API even if the monthly active user limit has been reached ( #7263 )
2020-06-05 13:08:49 +01:00
Andrew Morgan
f4e6495b5d
Performance improvements and refactor of Ratelimiter ( #7595 )
...
While working on https://github.com/matrix-org/synapse/issues/5665 I found myself digging into the `Ratelimiter` class and seeing that it was both:
* Rather undocumented, and
* causing a *lot* of config checks
This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation.
Best to be reviewed commit-by-commit.
2020-06-05 10:47:20 +01:00
Brendan Abolivier
c9507be989
Check if the localpart is reserved for guests earlier in the registration flow ( #7625 )
...
This is so the user is warned about the username not being valid as soon as possible, rather than only once they've finished UIA.
2020-06-03 16:55:02 +02:00
Patrick Cloke
56db0b1365
Hash passwords earlier in the registration process ( #7523 )
2020-05-18 09:46:18 -04:00
Andrew Morgan
6b22921b19
async/await is_server_admin ( #7363 )
2020-05-01 15:15:36 +01:00
Patrick Cloke
eed7c5b89e
Convert auth handler to async/await ( #7261 )
2020-04-15 12:40:18 -04:00
Richard van der Hoff
326c893d24
Kill off RegistrationError ( #6691 )
...
This is pretty pointless. Let's just use SynapseError.
2020-01-13 12:48:22 +00:00
Richard van der Hoff
2d07c73777
Don't assign numeric IDs for empty usernames ( #6690 )
...
Fix a bug where we would assign a numeric userid if somebody tried registering
with an empty username
2020-01-13 12:47:30 +00:00
Syam G Krishnan
ce1c975ebc
Issue #6406 Fix parameter mismatch
...
Signed-off-by: Syam G Krishnan <syamgk01@gmail.com>
2019-12-04 13:03:46 +05:30
Andrew Morgan
bc29a19731
Replace instance variations of homeserver with correct case/spacing
2019-11-12 13:08:12 +00:00
Andrew Morgan
55bc8d531e
raise exception after multiple failures
2019-11-06 16:52:54 +00:00
Andrew Morgan
1fe3cc2c9c
Address review comments
2019-11-06 14:54:24 +00:00
Andrew Morgan
4059d61e26
Don't forget to ratelimit calls outside of RegistrationHandler
2019-11-06 12:01:54 +00:00
Andrew Morgan
b33c4f7a82
Numeric ID checker now checks @0, don't ratelimit on checking
2019-11-06 11:55:00 +00:00
Amber Brown
020add5099
Update black to 19.10b0 ( #6304 )
...
* update version of black and also fix the mypy config being overridden
2019-11-01 02:43:24 +11:00
Erik Johnston
ab8a64772b
Remove unused variable
2019-10-03 17:42:32 +01:00
Erik Johnston
693156aaf4
Don't regenerate numeric user ID if registration fails.
...
This causes huge amounts of DB IO if registrations start to fail e.g.
because the DB is struggling with IO.
2019-10-03 17:33:54 +01:00
Jason Robinson
be618e0551
Only count real users when checking for auto-creation of auto-join room
...
Previously if the first registered user was a "support" or "bot" user,
when the first real user registers, the auto-join rooms were not
created.
Fix to exclude non-real (ie users with a special user type) users
when counting how many users there are to determine whether we should
auto-create a room.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-09-09 14:48:08 +03:00
Andrew Morgan
b736c6cd3a
Remove bind_email and bind_msisdn ( #5964 )
...
Removes the `bind_email` and `bind_msisdn` parameters from the `/register` C/S API endpoint as per [MSC2140: Terms of Service for ISes and IMs](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R107 ).
2019-09-04 18:24:23 +01:00
Andrew Morgan
6b6086b8bf
Fix docstring
2019-09-03 20:00:09 +01:00
Andrew Morgan
a98b8583c6
Remove unnecessary variable declaration
2019-09-03 19:58:51 +01:00
Andrew Morgan
36f34e6f3d
Remove unused methods from c/s api v1 in register.py ( #5963 )
...
These methods were part of the v1 C/S API. Remove them as they are no longer used by any code paths.
2019-09-02 18:29:21 +01:00
Andrew Morgan
4548d1f87e
Remove unnecessary parentheses around return statements ( #5931 )
...
Python will return a tuple whether there are parentheses around the returned values or not.
I'm just sick of my editor complaining about this all over the place :)
2019-08-30 16:28:26 +01:00
Brendan Abolivier
1c5b8c6222
Revert "Add "require_consent" parameter for registration"
...
This reverts commit 3320aaab3a
.
2019-08-22 14:47:34 +01:00
Half-Shot
3320aaab3a
Add "require_consent" parameter for registration
2019-08-22 14:21:54 +01:00
Amber Brown
4806651744
Replace returnValue with return ( #5736 )
2019-07-23 23:00:55 +10:00
Richard van der Hoff
5f158ec039
Implement access token expiry ( #5660 )
...
Record how long an access token is valid for, and raise a soft-logout once it
expires.
2019-07-12 17:26:02 +01:00
Richard van der Hoff
953dbb7980
Remove access-token support from RegistrationStore.register ( #5642 )
...
The 'token' param is no longer used anywhere except the tests, so let's kill
that off too.
2019-07-10 16:26:49 +01:00
Richard van der Hoff
824707383b
Remove access-token support from RegistrationHandler.register ( #5641 )
...
Nothing uses this now, so we can remove the dead code, and clean up the
API.
Since we're changing the shape of the return value anyway, we take the
opportunity to give the method a better name.
2019-07-08 19:01:08 +01:00
Richard van der Hoff
b70e080b59
Better logging for auto-join. ( #5643 )
...
It was pretty unclear what was going on, so I've added a couple of log lines.
2019-07-08 17:14:51 +01:00
Richard van der Hoff
1af2fcd492
Move get_or_create_user to test code ( #5628 )
...
This is only used in tests, so...
2019-07-08 23:52:26 +10:00
Richard van der Hoff
80cc82a445
Remove support for invite_3pid_guest. ( #5625 )
...
This has never been documented, and I'm not sure it's ever been used outside
sytest.
It's quite a lot of poorly-maintained code, so I'd like to get rid of it.
For now I haven't removed the database table; I suggest we leave that for a
future clearout.
2019-07-05 16:47:58 +01:00
Amber Brown
32e7c9e7f2
Run Black. ( #5482 )
2019-06-20 19:32:02 +10:00
Richard van der Hoff
d16c6375fe
Limit displaynames and avatar URLs
...
These end up in join events everywhere, so let's limit them.
Fixes #5079
2019-06-01 10:44:36 +01:00
ReidAnderson
3787133c9e
Limit UserIds to a length that fits in a state key ( #5198 )
2019-05-20 11:20:08 +01:00
Andrew Morgan
7a91b9d81c
Allow password providers to bind emails ( #4947 )
...
This PR allows password provider modules to bind email addresses when a user is registering and is motivated by matrix-org/matrix-synapse-ldap3#58
2019-03-28 15:48:07 +00:00
Andrew Morgan
bbd244c7b2
Support 3PID login in password providers ( #4931 )
...
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
2019-03-26 17:48:30 +00:00
Neil Johnson
88f0675967
fix test_auto_create_auto_join_where_no_consent ( #4886 )
2019-03-19 11:38:59 +00:00
Brendan Abolivier
899e523d6d
Add ratelimiting on login ( #4821 )
...
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
Brendan Abolivier
6f3cde8b25
Make registration ratelimiter separate from the main events one
2019-03-06 11:02:42 +00:00
Brendan Abolivier
f4195f4118
Revert "Split ratelimiters in two (one for events, one for registration)"
...
This reverts commit d7dbad3526
.
2019-03-06 10:55:22 +00:00
Brendan Abolivier
d7dbad3526
Split ratelimiters in two (one for events, one for registration)
2019-03-05 18:41:27 +00:00
Brendan Abolivier
a4c3a361b7
Add rate-limiting on registration ( #4735 )
...
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
2019-03-05 14:25:33 +00:00
Matthew Hodgson
70ea2f4e1d
switch from google.com to recaptcha.net for reCAPTCHA ( #4731 )
...
* add trivial clarification about jemalloc
* switch from google.com to recaptcha.net
because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
2019-02-25 11:15:36 -08:00
Erik Johnston
dbdc565dfd
Fix registration on workers ( #4682 )
...
* Move RegistrationHandler init to HomeServer
* Move post registration actions to RegistrationHandler
* Add post regisration replication endpoint
* Newsfile
2019-02-20 18:47:31 +11:00
Erik Johnston
af691e415c
Move register_device into handler
2019-02-18 16:49:38 +00:00
Erik Johnston
eb2b8523ae
Split out registration to worker
...
This allows registration to be handled by a worker, though the actual
write to the database still happens on master.
Note: due to the in-memory session map all registration requests must be
handled by the same worker.
2019-02-18 12:12:57 +00:00
Neil Johnson
d2f7c4e6b1
create support user ( #4141 )
...
Allow for the creation of a support user.
A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
2018-12-14 18:20:59 +00:00
Richard van der Hoff
30da50a5b8
Initialise user displayname from SAML2 data ( #4272 )
...
When we register a new user from SAML2 data, initialise their displayname
correctly.
2018-12-07 14:44:46 +01:00
Richard van der Hoff
b0c24a66ec
Rip out half-implemented m.login.saml2 support ( #4265 )
...
* Rip out half-implemented m.login.saml2 support
This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.
* drop undocumented dependency on dateutil
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
2018-12-06 19:44:38 +11:00
Neil Johnson
7039ece8fb
Neilj/fix autojoin ( #4223 )
...
* Fix auto join failures for servers that require user consent
* Fix auto join failures for servers that require user consent
2018-11-28 22:24:57 +11:00
Amber Brown
4cd1c9f2ff
Delete the disused & unspecced identicon functionality ( #4106 )
2018-10-29 23:57:24 +11:00
Richard van der Hoff
7f7b2cd3de
Make room_member_handler a member of RoomCreationHandler
...
... to save passing it into `_send_events_for_new_room`
2018-10-25 19:10:18 +01:00
Neil Johnson
9532caf6ef
remove trailing whiter space
2018-10-24 16:08:25 +01:00
Richard van der Hoff
94a49e0636
fix tuple
...
Co-Authored-By: neilisfragile <neil@matrix.org>
2018-10-24 14:39:23 +01:00
Neil Johnson
a67d8ace9b
remove errant exception and style
2018-10-23 17:44:39 +01:00
Neil Johnson
c6584f4b5f
clean up config error logic and imports
2018-10-17 11:36:41 +01:00
Neil Johnson
1ccafb0c5e
no need to join room if creator
2018-10-13 21:14:21 +01:00
Neil Johnson
a2bfb778c8
improve auto room join logic, comments and tests
2018-10-12 18:17:36 +01:00
Neil Johnson
2dadc092b8
move logic into register, fix room alias localpart bug, tests
2018-10-04 17:00:27 +01:00
Matthew Hodgson
23b6a0537f
emit room aliases event
2018-09-29 02:19:37 +01:00
Matthew Hodgson
5b68f29f48
fix thinkos
2018-09-29 02:14:40 +01:00
Matthew Hodgson
8f646f2d04
fix UTs
2018-09-28 15:37:28 +01:00
Matthew Hodgson
07340cdaca
untested stab at autocreating autojoin rooms
2018-09-28 01:42:53 +01:00
Matthew Hodgson
d42d79e3c3
don't ratelimit autojoins
2018-09-15 22:27:41 +01:00
Neil Johnson
ea068d6f3c
fix bug where preserved threepid user comes to sign up and server is mau blocked
2018-08-31 10:49:14 +01:00
Neil Johnson
c74c71128d
remove blank line
2018-08-14 15:06:24 +01:00
Neil Johnson
99ebaed8e6
Update register.py
...
remove comments
2018-08-14 14:55:55 +01:00
Neil Johnson
f4b49152e2
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 21:09:47 +01:00
Neil Johnson
ce7de9ae6b
Revert "support admin_email config and pass through into blocking errors, return AuthError in all cases"
...
This reverts commit 0d43f991a1
.
2018-08-13 18:06:18 +01:00
Neil Johnson
0d43f991a1
support admin_email config and pass through into blocking errors, return AuthError in all cases
2018-08-13 18:00:23 +01:00
Amber Brown
b37c472419
Rename async to async_helpers because `async` is a keyword on Python 3.7 ( #3678 )
2018-08-10 23:50:21 +10:00
Neil Johnson
e40a510fbf
py3 fix
2018-08-03 23:19:13 +01:00
Neil Johnson
886be75ad1
bug fixes
2018-08-03 22:29:03 +01:00
Neil Johnson
74b1d46ad9
do mau checks based on monthly_active_users table
2018-08-02 16:57:35 +01:00
Neil Johnson
085435e13a
Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limits
...
Initial impl of capping MAU
2018-08-01 15:58:45 +00:00
Amber Brown
da7785147d
Python 3: Convert some unicode/bytes uses ( #3569 )
2018-08-02 00:54:06 +10:00
Neil Johnson
7931393495
make count_monthly_users async synapse/handlers/auth.py
2018-08-01 10:21:56 +01:00
Neil Johnson
251e6c1210
limit register and sign in on number of monthly users
2018-07-30 15:55:57 +01:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Amber Brown
a61738b316
Remove run_on_reactor ( #3395 )
2018-06-14 18:27:37 +10:00
Richard van der Hoff
fed62e21ad
Infrastructure for a server notices room
...
Server Notices use a special room which the user can't dismiss. They are
created on demand when some other bit of the code calls send_notice.
(This doesn't actually do much yet becuse we don't call send_notice anywhere)
2018-05-17 17:58:25 +01:00
Krombel
6152e253d8
Merge branch 'develop' of into allow_auto_join_rooms
2018-03-28 14:45:28 +02:00
Erik Johnston
3e0c0660b3
Also do check inside linearizer
2018-03-27 13:01:34 +01:00
Erik Johnston
44cd6e1358
PEP8
2018-03-26 12:06:48 +01:00
Erik Johnston
a052aa42e7
Linearize calls to _generate_user_id
2018-03-26 12:02:20 +01:00