4ca054a4ea 
								
									
								
							
								 
							
						 
						
							
							
								
								Convert blacklisted IPv4 addresses to compatible IPv6 addresses. ( #9240 )  
							
							... 
							
							
							
							Also add a few more IP ranges to the default blacklist. 
							
						 
						
							2021-02-03 07:13:46 -05:00  
				
					
						
							
							
								 
						
							
							
								b60bb28bbc 
								
									
								
							
								 
							
						 
						
							
							
								
								Add an admin API to get the current room state ( #9168 )  
							
							... 
							
							
							
							This could arguably replace the existing admin API for `/members`, however that is out of scope of this change.
This sort of endpoint is ideal for moderation use cases as well as other applications, such as needing to retrieve various bits of information about a room to perform a task (like syncing power levels between two places). This endpoint exposes nothing more than an admin would be able to access with a `select *` query on their database. 
							
						 
						
							2021-02-02 11:16:29 +00:00  
				
					
						
							
							
								 
						
							
							
								8f75bf1df7 
								
									
								
							
								 
							
						 
						
							
							
								
								Put SAML callback URI under /_synapse/client. ( #9289 )  
							
							
							
						 
						
							2021-02-02 09:43:50 +00:00  
				
					
						
							
							
								 
						
							
							
								846b9d3df0 
								
									
								
							
								 
							
						 
						
							
							
								
								Put OIDC callback URI under /_synapse/client. ( #9288 )  
							
							
							
						 
						
							2021-02-01 22:56:01 +00:00  
				
					
						
							
							
								 
						
							
							
								d1f13c7485 
								
									
								
							
								 
							
						 
						
							
							
								
								Add an OpenID example config for Gitea. ( #9134 )  
							
							
							
						 
						
							2021-02-01 16:21:09 -05:00  
				
					
						
							
							
								 
						
							
							
								5963426b95 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'social_login' into develop  
							
							
							
						 
						
							2021-02-01 18:46:12 +00:00  
				
					
						
							
							
								 
						
							
							
								c543bf87ec 
								
									
								
							
								 
							
						 
						
							
							
								
								Collect terms consent from the user during SSO registration ( #9276 )  
							
							
							
						 
						
							2021-02-01 18:37:41 +00:00  
				
					
						
							
							
								 
						
							
							
								e5d70c8a82 
								
									
								
							
								 
							
						 
						
							
							
								
								Improve styling and wording of SSO UIA templates ( #9286 )  
							
							... 
							
							
							
							fixes  #9171  
						
							2021-02-01 18:36:04 +00:00  
				
					
						
							
							
								 
						
							
							
								18ab35284a 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'social_login' into develop  
							
							
							
						 
						
							2021-02-01 17:28:37 +00:00  
				
					
						
							
							
								 
						
							
							
								4167494c90 
								
									
								
							
								 
							
						 
						
							
							
								
								Replace username picker with a template ( #9275 )  
							
							... 
							
							
							
							There's some prelimiary work here to pull out the construction of a jinja environment to a separate function.
I wanted to load the template at display time rather than load time, so that it's easy to update on the fly. Honestly, I think we should do this with all our templates: the risk of ending up with malformed templates is far outweighed by the improved turnaround time for an admin trying to update them. 
							
						 
						
							2021-02-01 15:52:50 +00:00  
				
					
						
							
							
								 
						
							
							
								8aed29dc61 
								
									
								
							
								 
							
						 
						
							
							
								
								Improve styling and wording of SSO redirect confirm template ( #9272 )  
							
							
							
						 
						
							2021-02-01 15:50:56 +00:00  
				
					
						
							
							
								 
						
							
							
								9c715a5f19 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix SSO on workers ( #9271 )  
							
							... 
							
							
							
							Fixes  #8966 .
* Factor out build_synapse_client_resource_tree
Start a function which will mount resources common to all workers.
* Move sso init into build_synapse_client_resource_tree
... so that we don't have to do it for each worker
* Fix SSO-login-via-a-worker
Expose the SSO login endpoints on workers, like the documentation says.
* Update workers config for new endpoints
Add documentation for endpoints recently added (#8942 , #9017 , #9262 )
* remove submit_token from workers endpoints list
this *doesn't* work on workers (yet).
* changelog
* Add a comment about the odd path for SAML2Resource 
						
							2021-02-01 15:47:59 +00:00  
				
					
						
							
							
								 
						
							
							
								f2c1560eca 
								
									
								
							
								 
							
						 
						
							
							
								
								Ratelimit invites by room and target user ( #9258 )  
							
							
							
						 
						
							2021-01-29 16:38:29 +00:00  
				
					
						
							
							
								 
						
							
							
								0d81a6fa3e 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'social_login' into develop  
							
							
							
						 
						
							2021-01-28 22:08:11 +00:00  
				
					
						
							
							
								 
						
							
							
								4b73488e81 
								
									
								
							
								 
							
						 
						
							
							
								
								Ratelimit 3PID /requestToken API ( #9238 )  
							
							
							
						 
						
							2021-01-28 17:39:21 +00:00  
				
					
						
							
							
								 
						
							
							
								34efb4c604 
								
									
								
							
								 
							
						 
						
							
							
								
								Add notes on integrating with Facebook for SSO login. ( #9244 )  
							
							
							
						 
						
							2021-01-27 22:57:16 +00:00  
				
					
						
							
							
								 
						
							
							
								a083aea396 
								
									
								
							
								 
							
						 
						
							
							
								
								Add 'brand' field to MSC2858 response ( #9242 )  
							
							... 
							
							
							
							We've decided to add a 'brand' field to help clients decide how to style the
buttons.
Also, fix up the allowed characters for idp_id, while I'm in the area. 
							
						 
						
							2021-01-27 21:31:45 +00:00  
				
					
						
							
							
								 
						
							
							
								869667760f 
								
									
								
							
								 
							
						 
						
							
							
								
								Support for scraping email addresses from OIDC providers ( #9245 )  
							
							
							
						 
						
							2021-01-27 21:28:59 +00:00  
				
					
						
							
							
								 
						
							
							
								93b61589b0 
								
									
								
							
								 
							
						 
						
							
							
								
								Add a note to changelog about redis usage ( #9227 )  
							
							
							
						 
						
							2021-01-27 14:06:27 +00:00  
				
					
						
							
							
								 
						
							
							
								26837d5dbe 
								
									
								
							
								 
							
						 
						
							
							
								
								Do not require the CAS service URL setting (use public_baseurl instead). ( #9199 )  
							
							... 
							
							
							
							The current configuration is handled for backwards compatibility,
but is considered deprecated. 
							
						 
						
							2021-01-26 10:49:25 -05:00  
				
					
						
							
							
								 
						
							
							
								cee4010f94 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into jaywink/admin-forward-extremities  
							
							... 
							
							
							
							# Conflicts:
#	synapse/rest/admin/__init__.py 
							
						 
						
							2021-01-26 10:15:32 +02:00  
				
					
						
							
							
								 
						
							
							
								4a55d267ee 
								
									
								
							
								 
							
						 
						
							
							
								
								Add an admin API for shadow-banning users. ( #9209 )  
							
							... 
							
							
							
							This expands the current shadow-banning feature to be usable via
the admin API and adds documentation for it.
A shadow-banned users receives successful responses to their
client-server API requests, but the events are not propagated into rooms.
Shadow-banning a user should be used as a tool of last resort and may lead
to confusing or broken behaviour for the client. 
							
						 
						
							2021-01-25 14:49:39 -05:00  
				
					
						
							
							
								 
						
							
							
								8965b6cfec 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into jaywink/admin-forward-extremities  
							
							
							
						 
						
							2021-01-23 21:41:35 +02:00  
				
					
						
							
							
								 
						
							
							
								930ba00971 
								
							
								 
							
						 
						
							
							
								
								Add depth and received_ts to forward_extremities admin API response  
							
							... 
							
							
							
							Also add a warning on the admin API documentation.
Signed-off-by: Jason Robinson <jasonr@matrix.org> 
							
						 
						
							2021-01-23 21:34:32 +02:00  
				
					
						
							
							
								 
						
							
							
								b5120f09f1 
								
							
								 
							
						 
						
							
							
								
								Merge remote-tracking branch 'origin/release-v1.26.0' into develop  
							
							
							
						 
						
							2021-01-21 13:17:07 +00:00  
				
					
						
							
							
								 
						
							
							
								7447f19702 
								
									
								
							
								 
							
						 
						
							
							
								
								Prefix idp_id with "oidc-" ( #9189 )  
							
							... 
							
							
							
							... to avoid clashes with other SSO mechanisms 
							
						 
						
							2021-01-21 12:25:02 +00:00  
				
					
						
							
							
								 
						
							
							
								f81d02d75b 
								
							
								 
							
						 
						
							
							
								
								Synapse 1.26.0rc1 (2021-01-20)  
							
							... 
							
							
							
							==============================
 
 This release brings a new schema version for Synapse and rolling back to a previous
 verious is not trivial.  Please review [UPGRADE.rst](UPGRADE.rst) for more details
 on these changes  and for general upgrade guidance.
 
 Features
 --------
 
 - Add support for multiple SSO Identity Providers. ([\#9015](https://github.com/matrix-org/synapse/issues/9015 ), [\#9017](https://github.com/matrix-org/synapse/issues/9017 ), [\#9036](https://github.com/matrix-org/synapse/issues/9036 ), [\#9067](https://github.com/matrix-org/synapse/issues/9067 ), [\#9081](https://github.com/matrix-org/synapse/issues/9081 ), [\#9082](https://github.com/matrix-org/synapse/issues/9082 ), [\#9105](https://github.com/matrix-org/synapse/issues/9105 ), [\#9107](https://github.com/matrix-org/synapse/issues/9107 ), [\#9109](https://github.com/matrix-org/synapse/issues/9109 ), [\#9110](https://github.com/matrix-org/synapse/issues/9110 ), [\#9127](https://github.com/matrix-org/synapse/issues/9127 ), [\#9153](https://github.com/matrix-org/synapse/issues/9153 ), [\#9154](https://github.com/matrix-org/synapse/issues/9154 ), [\#9177](https://github.com/matrix-org/synapse/issues/9177 ))
 - During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](https://github.com/matrix-org/synapse/issues/9091 ))
 - Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](https://github.com/matrix-org/synapse/issues/9159 ))
 - Improve performance when calculating ignored users in large rooms. ([\#9024](https://github.com/matrix-org/synapse/issues/9024 ))
 - Implement [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176 ) in an experimental room version. ([\#8984](https://github.com/matrix-org/synapse/issues/8984 ))
 - Add an admin API for protecting local media from quarantine. ([\#9086](https://github.com/matrix-org/synapse/issues/9086 ))
 - Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](https://github.com/matrix-org/synapse/issues/8932 ))
 - Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](https://github.com/matrix-org/synapse/issues/8948 ))
 - Add experimental support for handling to-device messages on worker processes. ([\#9042](https://github.com/matrix-org/synapse/issues/9042 ), [\#9043](https://github.com/matrix-org/synapse/issues/9043 ), [\#9044](https://github.com/matrix-org/synapse/issues/9044 ), [\#9130](https://github.com/matrix-org/synapse/issues/9130 ))
 - Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](https://github.com/matrix-org/synapse/issues/9068 ))
 - Add experimental support for handling `/devices` API on worker processes. ([\#9092](https://github.com/matrix-org/synapse/issues/9092 ))
 - Add experimental support for moving off receipts and account data persistence off master. ([\#9104](https://github.com/matrix-org/synapse/issues/9104 ), [\#9166](https://github.com/matrix-org/synapse/issues/9166 ))
 
 Bugfixes
 --------
 
 - Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](https://github.com/matrix-org/synapse/issues/9023 ))
 - Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](https://github.com/matrix-org/synapse/issues/9028 ))
 - Fix error handling during insertion of client IPs into the database. ([\#9051](https://github.com/matrix-org/synapse/issues/9051 ))
 - Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](https://github.com/matrix-org/synapse/issues/9053 ))
 - Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](https://github.com/matrix-org/synapse/issues/9054 ))
 - Fix incorrect exit code when there is an error at startup. ([\#9059](https://github.com/matrix-org/synapse/issues/9059 ))
 - Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](https://github.com/matrix-org/synapse/issues/9070 ))
 - Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](https://github.com/matrix-org/synapse/issues/9071 ))
 - Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](https://github.com/matrix-org/synapse/issues/9114 ), [\#9116](https://github.com/matrix-org/synapse/issues/9116 ))
 - Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](https://github.com/matrix-org/synapse/issues/9117 ))
 - Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](https://github.com/matrix-org/synapse/issues/9128 ))
 - Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](https://github.com/matrix-org/synapse/issues/9108 ))
 - Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](https://github.com/matrix-org/synapse/issues/9145 ))
 - Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](https://github.com/matrix-org/synapse/issues/9161 ))
 
 Improved Documentation
 ----------------------
 
 - Add some extra docs for getting Synapse running on macOS. ([\#8997](https://github.com/matrix-org/synapse/issues/8997 ))
 - Correct a typo in the `systemd-with-workers` documentation. ([\#9035](https://github.com/matrix-org/synapse/issues/9035 ))
 - Correct a typo in `INSTALL.md`. ([\#9040](https://github.com/matrix-org/synapse/issues/9040 ))
 - Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](https://github.com/matrix-org/synapse/issues/9057 ))
 - Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](https://github.com/matrix-org/synapse/issues/9151 ))
 
 Deprecations and Removals
 -------------------------
 
 - Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](https://github.com/matrix-org/synapse/issues/9039 ))
 
 Internal Changes
 ----------------
 
 - Improve efficiency of large state resolutions. ([\#8868](https://github.com/matrix-org/synapse/issues/8868 ), [\#9029](https://github.com/matrix-org/synapse/issues/9029 ), [\#9115](https://github.com/matrix-org/synapse/issues/9115 ), [\#9118](https://github.com/matrix-org/synapse/issues/9118 ), [\#9124](https://github.com/matrix-org/synapse/issues/9124 ))
 - Various clean-ups to the structured logging and logging context code. ([\#8939](https://github.com/matrix-org/synapse/issues/8939 ))
 - Ensure rejected events get added to some metadata tables. ([\#9016](https://github.com/matrix-org/synapse/issues/9016 ))
 - Ignore date-rotated homeserver logs saved to disk. ([\#9018](https://github.com/matrix-org/synapse/issues/9018 ))
 - Remove an unused column from `access_tokens` table. ([\#9025](https://github.com/matrix-org/synapse/issues/9025 ))
 - Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](https://github.com/matrix-org/synapse/issues/9030 ))
 - Fix running unit tests when optional dependencies are not installed. ([\#9031](https://github.com/matrix-org/synapse/issues/9031 ))
 - Allow bumping schema version when using split out state database. ([\#9033](https://github.com/matrix-org/synapse/issues/9033 ))
 - Configure the linters to run on a consistent set of files. ([\#9038](https://github.com/matrix-org/synapse/issues/9038 ))
 - Various cleanups to device inbox store. ([\#9041](https://github.com/matrix-org/synapse/issues/9041 ))
 - Drop unused database tables. ([\#9055](https://github.com/matrix-org/synapse/issues/9055 ))
 - Remove unused `SynapseService` class. ([\#9058](https://github.com/matrix-org/synapse/issues/9058 ))
 - Remove unnecessary declarations in the tests for the admin API. ([\#9063](https://github.com/matrix-org/synapse/issues/9063 ))
 - Remove `SynapseRequest.get_user_agent`. ([\#9069](https://github.com/matrix-org/synapse/issues/9069 ))
 - Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](https://github.com/matrix-org/synapse/issues/9080 ))
 - Add type hints to media repository. ([\#9093](https://github.com/matrix-org/synapse/issues/9093 ))
 - Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](https://github.com/matrix-org/synapse/issues/9098 ))
 - Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](https://github.com/matrix-org/synapse/issues/9106 ))
 - Improve `UsernamePickerTestCase`. ([\#9112](https://github.com/matrix-org/synapse/issues/9112 ))
 - Remove dependency on `distutils`. ([\#9125](https://github.com/matrix-org/synapse/issues/9125 ))
 - Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](https://github.com/matrix-org/synapse/issues/9144 ))
 - Fix the Python 3.5 / old dependencies build in CI. ([\#9146](https://github.com/matrix-org/synapse/issues/9146 ))
 - Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](https://github.com/matrix-org/synapse/issues/9157 ))
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEF3tZXk38tRDFVnUIM/xY9qcRMEgFAmAIVFkACgkQM/xY9qcR
 MEhLfQ//Z4xnP5Icx732k2xpdR+JaXX6heNVFm/UuLNd6wq+uXjO/Dgc9IKQ5LXD
 kfG+/OnNGDr/eUk4mQ5s/ccBvaTrOid2IIemJd4lUBy/Q5LvPvfKIp08QFr72WJT
 7Y4Ma54nNSSMUAdESgj/aFAHjATbfHhxPOZ5OdQHGLAuJ/OUwR2ksasVNCuINbgh
 8vrxrzjeYn1Zl3UTBrsdCcat7AFqYjxK/Y0i6JxfSgRwDZjUbW4M2C4OGWZJPUrU
 2YTPHangxd+22+HObE2KDEzaHDdCR/Kj4dhCiJBynZ5iucuHSS+mgf39RtbjqWML
 01cmXXUV+FH7rnCilmF9rYdmHZ6L9BJxtrQDQU4dB106BX9G7hKR6rYHc9Z6tjOh
 3tg0cKWYMXOsTNnvRqiFNh2q0yBKS228HRAwyGosW/6NiYj43ArtYP6knX7dQyBX
 0mYNkfry2dyX6Kj5el0i9MOTHYQxfc8apsBm2M3OTNYukgQKA0NhbAquibaAxEEW
 2qIqbSp4CUlGPvM7+u+ZGTu0hEbVKKNjqMfXhuY8A4/BWiV2mSqKcEirR5cE/LqY
 mq5Ac7vbO4Uh+1xiRw/G9ITi1dqAjYIzhBawlhdUPOh+aINWTUikYYzjUSmm4PbN
 H9BTPLA9iAdVRfuWJ9um2G0DdS8Qpx/aIRh3MScXVly6cGCC6Do=
 =kgqn
 -----END PGP SIGNATURE-----
Merge tag 'v1.26.0rc1' into develop
Synapse 1.26.0rc1 (2021-01-20)
==============================
This release brings a new schema version for Synapse and rolling back to a previous
verious is not trivial.  Please review [UPGRADE.rst](UPGRADE.rst) for more details
on these changes  and for general upgrade guidance.
Features
--------
- Add support for multiple SSO Identity Providers. ([\#9015](https://github.com/matrix-org/synapse/issues/9015 ), [\#9017](https://github.com/matrix-org/synapse/issues/9017 ), [\#9036](https://github.com/matrix-org/synapse/issues/9036 ), [\#9067](https://github.com/matrix-org/synapse/issues/9067 ), [\#9081](https://github.com/matrix-org/synapse/issues/9081 ), [\#9082](https://github.com/matrix-org/synapse/issues/9082 ), [\#9105](https://github.com/matrix-org/synapse/issues/9105 ), [\#9107](https://github.com/matrix-org/synapse/issues/9107 ), [\#9109](https://github.com/matrix-org/synapse/issues/9109 ), [\#9110](https://github.com/matrix-org/synapse/issues/9110 ), [\#9127](https://github.com/matrix-org/synapse/issues/9127 ), [\#9153](https://github.com/matrix-org/synapse/issues/9153 ), [\#9154](https://github.com/matrix-org/synapse/issues/9154 ), [\#9177](https://github.com/matrix-org/synapse/issues/9177 ))
- During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](https://github.com/matrix-org/synapse/issues/9091 ))
- Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](https://github.com/matrix-org/synapse/issues/9159 ))
- Improve performance when calculating ignored users in large rooms. ([\#9024](https://github.com/matrix-org/synapse/issues/9024 ))
- Implement [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176 ) in an experimental room version. ([\#8984](https://github.com/matrix-org/synapse/issues/8984 ))
- Add an admin API for protecting local media from quarantine. ([\#9086](https://github.com/matrix-org/synapse/issues/9086 ))
- Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](https://github.com/matrix-org/synapse/issues/8932 ))
- Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](https://github.com/matrix-org/synapse/issues/8948 ))
- Add experimental support for handling to-device messages on worker processes. ([\#9042](https://github.com/matrix-org/synapse/issues/9042 ), [\#9043](https://github.com/matrix-org/synapse/issues/9043 ), [\#9044](https://github.com/matrix-org/synapse/issues/9044 ), [\#9130](https://github.com/matrix-org/synapse/issues/9130 ))
- Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](https://github.com/matrix-org/synapse/issues/9068 ))
- Add experimental support for handling `/devices` API on worker processes. ([\#9092](https://github.com/matrix-org/synapse/issues/9092 ))
- Add experimental support for moving off receipts and account data persistence off master. ([\#9104](https://github.com/matrix-org/synapse/issues/9104 ), [\#9166](https://github.com/matrix-org/synapse/issues/9166 ))
Bugfixes
--------
- Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](https://github.com/matrix-org/synapse/issues/9023 ))
- Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](https://github.com/matrix-org/synapse/issues/9028 ))
- Fix error handling during insertion of client IPs into the database. ([\#9051](https://github.com/matrix-org/synapse/issues/9051 ))
- Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](https://github.com/matrix-org/synapse/issues/9053 ))
- Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](https://github.com/matrix-org/synapse/issues/9054 ))
- Fix incorrect exit code when there is an error at startup. ([\#9059](https://github.com/matrix-org/synapse/issues/9059 ))
- Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](https://github.com/matrix-org/synapse/issues/9070 ))
- Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](https://github.com/matrix-org/synapse/issues/9071 ))
- Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](https://github.com/matrix-org/synapse/issues/9114 ), [\#9116](https://github.com/matrix-org/synapse/issues/9116 ))
- Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](https://github.com/matrix-org/synapse/issues/9117 ))
- Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](https://github.com/matrix-org/synapse/issues/9128 ))
- Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](https://github.com/matrix-org/synapse/issues/9108 ))
- Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](https://github.com/matrix-org/synapse/issues/9145 ))
- Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](https://github.com/matrix-org/synapse/issues/9161 ))
Improved Documentation
----------------------
- Add some extra docs for getting Synapse running on macOS. ([\#8997](https://github.com/matrix-org/synapse/issues/8997 ))
- Correct a typo in the `systemd-with-workers` documentation. ([\#9035](https://github.com/matrix-org/synapse/issues/9035 ))
- Correct a typo in `INSTALL.md`. ([\#9040](https://github.com/matrix-org/synapse/issues/9040 ))
- Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](https://github.com/matrix-org/synapse/issues/9057 ))
- Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](https://github.com/matrix-org/synapse/issues/9151 ))
Deprecations and Removals
-------------------------
- Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](https://github.com/matrix-org/synapse/issues/9039 ))
Internal Changes
----------------
- Improve efficiency of large state resolutions. ([\#8868](https://github.com/matrix-org/synapse/issues/8868 ), [\#9029](https://github.com/matrix-org/synapse/issues/9029 ), [\#9115](https://github.com/matrix-org/synapse/issues/9115 ), [\#9118](https://github.com/matrix-org/synapse/issues/9118 ), [\#9124](https://github.com/matrix-org/synapse/issues/9124 ))
- Various clean-ups to the structured logging and logging context code. ([\#8939](https://github.com/matrix-org/synapse/issues/8939 ))
- Ensure rejected events get added to some metadata tables. ([\#9016](https://github.com/matrix-org/synapse/issues/9016 ))
- Ignore date-rotated homeserver logs saved to disk. ([\#9018](https://github.com/matrix-org/synapse/issues/9018 ))
- Remove an unused column from `access_tokens` table. ([\#9025](https://github.com/matrix-org/synapse/issues/9025 ))
- Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](https://github.com/matrix-org/synapse/issues/9030 ))
- Fix running unit tests when optional dependencies are not installed. ([\#9031](https://github.com/matrix-org/synapse/issues/9031 ))
- Allow bumping schema version when using split out state database. ([\#9033](https://github.com/matrix-org/synapse/issues/9033 ))
- Configure the linters to run on a consistent set of files. ([\#9038](https://github.com/matrix-org/synapse/issues/9038 ))
- Various cleanups to device inbox store. ([\#9041](https://github.com/matrix-org/synapse/issues/9041 ))
- Drop unused database tables. ([\#9055](https://github.com/matrix-org/synapse/issues/9055 ))
- Remove unused `SynapseService` class. ([\#9058](https://github.com/matrix-org/synapse/issues/9058 ))
- Remove unnecessary declarations in the tests for the admin API. ([\#9063](https://github.com/matrix-org/synapse/issues/9063 ))
- Remove `SynapseRequest.get_user_agent`. ([\#9069](https://github.com/matrix-org/synapse/issues/9069 ))
- Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](https://github.com/matrix-org/synapse/issues/9080 ))
- Add type hints to media repository. ([\#9093](https://github.com/matrix-org/synapse/issues/9093 ))
- Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](https://github.com/matrix-org/synapse/issues/9098 ))
- Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](https://github.com/matrix-org/synapse/issues/9106 ))
- Improve `UsernamePickerTestCase`. ([\#9112](https://github.com/matrix-org/synapse/issues/9112 ))
- Remove dependency on `distutils`. ([\#9125](https://github.com/matrix-org/synapse/issues/9125 ))
- Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](https://github.com/matrix-org/synapse/issues/9144 ))
- Fix the Python 3.5 / old dependencies build in CI. ([\#9146](https://github.com/matrix-org/synapse/issues/9146 ))
- Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](https://github.com/matrix-org/synapse/issues/9157 )) 
							
						 
						
							2021-01-20 11:27:39 -05:00  
				
					
						
							
							
								 
						
							
							
								0cd2938bc8 
								
									
								
							
								 
							
						 
						
							
							
								
								Support icons for Identity Providers ( #9154 )  
							
							
							
						 
						
							2021-01-20 08:15:14 -05:00  
				
					
						
							
							
								 
						
							
							
								a5b9c87ac6 
								
									
								
							
								 
							
						 
						
							
							
								
								docs: Add link to Matrix VoIP tester for turn-howto ( #9135 )  
							
							... 
							
							
							
							Signed-off-by: rht <rhtbot@protonmail.com> 
							
						 
						
							2021-01-20 12:41:57 +00:00  
				
					
						
							
							
								 
						
							
							
								fa50e4bf4d 
								
									
								
							
								 
							
						 
						
							
							
								
								Give `public_baseurl` a default value ( #9159 )  
							
							
							
						 
						
							2021-01-20 12:30:41 +00:00  
				
					
						
							
							
								 
						
							
							
								de45bf5b5b 
								
									
								
							
								 
							
						 
						
							
							
								
								Quote pip install with brackets to avoid shell interpretation. ( #9151 )  
							
							
							
						 
						
							2021-01-18 11:12:20 -05:00  
				
					
						
							
							
								 
						
							
							
								883d4e6f2b 
								
							
								 
							
						 
						
							
							
								
								link to the scalability blog post from workers.md  
							
							
							
						 
						
							2021-01-18 00:27:27 +00:00  
				
					
						
							
							
								 
						
							
							
								9de6b94117 
								
									
								
							
								 
							
						 
						
							
							
								
								Land support for multiple OIDC providers ( #9110 )  
							
							... 
							
							
							
							This is the final step for supporting multiple OIDC providers concurrently.
First of all, we reorganise the config so that you can specify a list of OIDC providers, instead of a single one. Before:
    oidc_config:
       enabled: true
       issuer: "https://oidc_provider "
       # etc
After:
    oidc_providers:
     - idp_id: prov1
       issuer: "https://oidc_provider "
     - idp_id: prov2
       issuer: "https://another_oidc_provider "
The old format is still grandfathered in.
With that done, it's then simply a matter of having OidcHandler instantiate a new OidcProvider for each configured provider. 
							
						 
						
							2021-01-15 16:55:29 +00:00  
				
					
						
							
							
								 
						
							
							
								3e4cdfe5d9 
								
									
								
							
								 
							
						 
						
							
							
								
								Add an admin API endpoint to protect media. ( #9086 )  
							
							... 
							
							
							
							Protecting media stops it from being quarantined when
e.g. all media in a room is quarantined. This is useful
for sticker packs and other media that is uploaded by
server administrators, but used by many people. 
							
						 
						
							2021-01-15 11:18:09 -05:00  
				
					
						
							
							
								 
						
							
							
								5310808d3b 
								
							
								 
							
						 
						
							
							
								
								Give the user a better error when they present bad SSO creds  
							
							... 
							
							
							
							If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO
IdP, try to give them a better error.
Previously, the UIA would claim to be successful, but then the operation in
question would simply fail with "auth fail". Instead, serve up an error page
which explains the failure. 
							
						 
						
							2021-01-13 20:22:41 +00:00  
				
					
						
							
							
								 
						
							
							
								d1eb1b96e8 
								
									
								
							
								 
							
						 
						
							
							
								
								Register the /devices endpoint on workers. ( #9092 )  
							
							
							
						 
						
							2021-01-13 12:35:40 -05:00  
				
					
						
							
							
								 
						
							
							
								7a2e9b549d 
								
									
								
							
								 
							
						 
						
							
							
								
								Remove user's avatar URL and displayname when deactivated. ( #8932 )  
							
							... 
							
							
							
							This only applies if the user's data is to be erased. 
							
						 
						
							2021-01-12 16:30:15 -05:00  
				
					
						
							
							
								 
						
							
							
								da16d06301 
								
							
								 
							
						 
						
							
							
								
								Address pr feedback  
							
							... 
							
							
							
							* docs updates
* prettify SQL
* add missing copyright
* cursor_to_dict
* update touched files copyright years
Signed-off-by: Jason Robinson <jasonr@matrix.org> 
							
						 
						
							2021-01-11 23:43:58 +02:00  
				
					
						
							
							
								 
						
							
							
								0b77329fe2 
								
									
								
							
								 
							
						 
						
							
							
								
								Clarify rooms.md  
							
							... 
							
							
							
							Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> 
							
						 
						
							2021-01-11 23:05:36 +02:00  
				
					
						
							
							
								 
						
							
							
								b161528fcc 
								
									
								
							
								 
							
						 
						
							
							
								
								Also support remote users on the joined_rooms admin API. ( #8948 )  
							
							... 
							
							
							
							For remote users, only the rooms which the server knows about are returned.
Local users have all of their joined rooms returned. 
							
						 
						
							2021-01-11 14:32:17 -05:00  
				
					
						
							
							
								 
						
							
							
								1315a2e8be 
								
									
								
							
								 
							
						 
						
							
							
								
								Use a chain cover index to efficiently calculate auth chain difference ( #8868 )  
							
							
							
						 
						
							2021-01-11 16:09:22 +00:00  
				
					
						
							
							
								 
						
							
							
								e2c16edc78 
								
							
								 
							
						 
						
							
							
								
								Add changelog and admin API docs  
							
							... 
							
							
							
							Signed-off-by: Jason Robinson <jasonr@matrix.org> 
							
						 
						
							2021-01-09 22:58:29 +02:00  
				
					
						
							
							
								 
						
							
							
								bce0c91d9a 
								
									
								
							
								 
							
						 
						
							
							
								
								Keycloak mapping_provider example ( #9037 ) ( #9057 )  
							
							... 
							
							
							
							This PR adds the missing user_mapping_provider section in oidc.md
Signed-off-by: Christopher Rücker chris-ruecker@protonmail.com  
							
						 
						
							2021-01-08 18:29:30 +00:00  
				
					
						
							
							
								 
						
							
							
								9066c2fd7f 
								
									
								
							
								 
							
						 
						
							
							
								
								Fix typo in docs/systemd-with-workers/README.md ( #9035 )  
							
							... 
							
							
							
							Signed-off-by: Emelie em@nao.sh  
							
						 
						
							2021-01-07 15:31:01 +00:00  
				
					
						
							
							
								 
						
							
							
								111b673fc1 
								
									
								
							
								 
							
						 
						
							
							
								
								Add initial support for a "pick your IdP" page ( #9017 )  
							
							... 
							
							
							
							During login, if there are multiple IdPs enabled, offer the user a choice of
IdPs. 
							
						 
						
							2021-01-05 11:25:28 +00:00  
				
					
						
							
							
								 
						
							
							
								cfcf5541b4 
								
									
								
							
								 
							
						 
						
							
							
								
								Update the value of group_creation_prefix in sample config. ( #8992 )  
							
							... 
							
							
							
							Removes the trailing slash with causes issues with matrix.to/Element. 
							
						 
						
							2020-12-29 09:30:48 -05:00  
				
					
						
							
							
								 
						
							
							
								68bb26da69 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow redacting events on workers ( #8994 )  
							
							... 
							
							
							
							Adds the redacts endpoint to workers that have the client listener. 
							
						 
						
							2020-12-29 07:40:12 -05:00  
				
					
						
							
							
								 
						
							
							
								4218473f9e 
								
									
								
							
								 
							
						 
						
							
							
								
								Refactor the CAS handler in prep for using the abstracted SSO code. ( #8958 )  
							
							... 
							
							
							
							This makes the CAS handler look more like the SAML/OIDC handlers:
* Render errors to users instead of throwing JSON errors.
* Internal reorganization. 
							
						 
						
							2020-12-18 13:09:45 -05:00  
				
					
						
							
							
								 
						
							
							
								56e00ca85e 
								
									
								
							
								 
							
						 
						
							
							
								
								Send the location of the web client to the IS when inviting via 3PIDs. ( #8930 )  
							
							... 
							
							
							
							Adds a new setting `email.invite_client_location` which, if defined, is
passed to the identity server during invites. 
							
						 
						
							2020-12-18 11:01:57 -05:00  
				
					
						
							
							
								 
						
							
							
								d781a81e69 
								
									
								
							
								 
							
						 
						
							
							
								
								Allow server admin to get admin bit in rooms where local user is an admin ( #8756 )  
							
							... 
							
							
							
							This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power.
Co-authored-by: Matthew Hodgson <matthew@matrix.org> 
							
						 
						
							2020-12-18 15:37:19 +00:00