Commit Graph

12931 Commits (664b7a2920ee481359e0cf3df35a16ec0948526e)

Author SHA1 Message Date
Richard van der Hoff c7401a697f
Implement SAML2 authentication (#4267)
This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.

What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.
2018-12-07 13:11:11 +01:00
Richard van der Hoff c588b9b9e4
Factor SSO success handling out of CAS login (#4264)
This is mostly factoring out the post-CAS-login code to somewhere we can reuse
it for other SSO flows, but it also fixes the userid mapping while we're at it.
2018-12-07 13:10:07 +01:00
Richard van der Hoff b0c24a66ec Rip out half-implemented m.login.saml2 support (#4265)
* Rip out half-implemented m.login.saml2 support

This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.

* drop undocumented dependency on dateutil

It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
2018-12-06 19:44:38 +11:00
Richard van der Hoff 9a3e24a13d drop undocumented dependency on dateutil (#4266)
It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.
2018-12-06 04:52:42 +11:00
Richard van der Hoff e8d98466b0
Implement .well-known handling (#4262)
Sometimes it's useful for synapse to generate its own .well-known file.
2018-12-05 14:38:58 +01:00
Richard van der Hoff dece89d280
fix upgrade.rst link again 2018-12-04 14:01:27 +00:00
Richard van der Hoff fe324cb184 Fix link to upgrade notes 2018-12-04 13:59:45 +00:00
Richard van der Hoff 5f00cfa40d fix typo in changelog 2018-12-04 13:57:28 +00:00
Richard van der Hoff e55983defe Prepare 0.34.0rc1 2018-12-04 13:52:16 +00:00
Richard van der Hoff a2ed0f287e
Merge pull request #4260 from matrix-org/rav/python3
Notes on upgrading to python3, and README updates.
2018-12-04 14:46:31 +01:00
Richard van der Hoff 956061732d
Merge pull request #4261 from matrix-org/rav/docker/remove_log_file
Remove obsolete settings from docker homeserver.yaml
2018-12-04 14:46:12 +01:00
Richard van der Hoff 75937e9033 Remove obsolete settings from docker homeserver.yaml
These aren't used, because we have a `log_config` setting.
2018-12-04 12:31:00 +00:00
Richard van der Hoff 4acd1a3549 Notes on upgrading to python3, and README updates. 2018-12-04 12:28:24 +00:00
Richard van der Hoff b164241814
Merge pull request #4005 from matrix-org/michaelkaye/move_to_docker_label
Use labels to tag builds with their SHA1 version.
2018-12-04 13:14:35 +01:00
Travis Ralston 1737753a62 Add an option to enable recording IPs for appservice users (#3831) 2018-12-04 12:44:41 +01:00
Amber Brown fd96dd75a3 Fix non-ASCII pushrules (#4248) 2018-12-04 12:44:02 +01:00
Richard van der Hoff dd27e47b5c
Merge pull request #4210 from axelsimon/patch-1
Replace mentions of Vector with Riot
2018-12-04 12:08:07 +01:00
Travis Ralston 158ffb92f1 Add an option to disable search for homeservers which may not be interested in it (#4230)
This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
2018-12-04 12:01:02 +01:00
Aaron Raimist 512e94d230 Add note to UPGRADE.rst about removing riot.im from list of trusted identity servers (#4224)
* Add note to UPGRADE.rst about removing riot.im from list of trusted identity servers

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Add changelog

Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-12-04 11:59:09 +01:00
Ben Parsons b5ac0ffa0a add more detail to logging regarding "More than one row matched" error (#4234) 2018-12-04 11:57:39 +01:00
Richard van der Hoff ecc23188f4
Fix UnicodeDecodeError when postgres is not configured in english (#4253)
This is a bit of a half-assed effort at fixing https://github.com/matrix-org/synapse/issues/4252. Fundamentally the right answer is to drop support for Python 2.
2018-12-04 11:55:52 +01:00
Richard van der Hoff f144c0a210
Merge pull request #4244 from aaronraimist/drop-sent-txt
Drop sent_transactions
2018-12-04 11:41:28 +01:00
Richard van der Hoff 48972ce9d1
Patch defer.inlineCallbacks to check logcontexts in tests (#4205) 2018-12-04 11:30:32 +01:00
Richard van der Hoff a077e710a3
Merge pull request #4250 from matrix-org/hawkowl/pusher-remove-py3
Fix removing pushers on python 3
2018-12-04 11:22:46 +01:00
Richard van der Hoff a484735bb0
Merge pull request #4257 from aaronraimist/add-editorconfig
Add a basic .editorconfig
2018-12-04 11:10:02 +01:00
Richard van der Hoff 52e87fbfbe
Run the AS senders as background processes (#4189)
This should fix some "Starting db connection from sentinel context" warnings,
and will mean we get metrics for these processes.
2018-12-04 10:53:49 +01:00
Aaron Raimist 3518c28aa8
Add a basic .editorconfig
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-12-03 22:38:47 -06:00
Amber Brown 998ba41493 changelog 2018-12-03 22:28:12 +11:00
Amber Brown d3c61ef906 fix type error 2018-12-03 22:27:41 +11:00
Richard van der Hoff c03324294d Workaround for non-ascii event ids (#4241)
It turns out that we accept events with non-ascii IDs, which would later cause
an explosion during state res.

Fixes #4226
2018-12-03 21:47:48 +11:00
Aaron Raimist 44dc4c365b
Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-12-01 23:10:21 -06:00
Aaron Raimist 704c5298f0
Drop sent_transactions
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-12-01 23:07:35 -06:00
Neil Johnson 7039ece8fb Neilj/fix autojoin (#4223)
* Fix auto join failures for servers that require user consent

* Fix auto join failures for servers that require user consent
2018-11-28 22:24:57 +11:00
Amber Brown 8ca53fb53e
Report combined coverage to codecov (#4225) 2018-11-28 20:59:31 +11:00
Neil Johnson f9b136a886 Neilj/fix mau initial reserved users (#4211)
* fix transaction wrapping bug that caused get_user_id_by_threepid_txn to fail

* towncrier

* white space
2018-11-28 20:33:41 +11:00
Richard van der Hoff 944d524f18 Support m.login.sso (#4220)
* Clean up the CSS for the fallback login form

I was finding this hard to work with, so simplify a bunch of things. Each
flow is now a form inside a div of class login_flow.

The login_flow class now has a fixed width, as that looks much better than each
flow having a differnt width.

* Support m.login.sso

MSC1721 renames m.login.cas to m.login.sso. This implements the change
(retaining support for m.login.cas for older clients).

* changelog
2018-11-27 18:51:52 +11:00
Richard van der Hoff a44c0a096f Check logcontexts before and after each test (#4190)
* Add better diagnostics to flakey keyring test

* fix interpolation fail

* Check logcontexts before and after each test

* update changelog

* update changelog
2018-11-27 13:47:18 +11:00
Richard van der Hoff 80527b568d Fix more logcontext leaks in tests (#4209) 2018-11-27 13:01:04 +11:00
Richard van der Hoff de8772a655 Do a GC after each test to fix logcontext leaks (#4227)
* Some words about garbage collections and logcontexts

* Do a GC after each test to fix logcontext leaks

This feels like an awful hack, but...

* changelog
2018-11-27 13:00:33 +11:00
Amber Brown e8690dec2e
Merge pull request #4214 from matrix-org/rav/ignore_pycache
Ignore __pycache__ directories in schema delta dir
2018-11-20 23:36:30 -06:00
Richard van der Hoff 6c18cc4b50 Ignore __pycache__ directories in schema delta dir
Now that we use py3, compiled python ends up in __pycache__ rather than *.pyc.
2018-11-20 22:52:34 +00:00
axel simon 455df4dda0
Replace mentions of Vector with Riot
https://github.com/vector-im/vector-web/issues/1977 --> https://github.com/vector-im/riot-web/issues/1977
And mention of Vector as a client replaced with Riot.
2018-11-20 16:57:54 +01:00
Neil Johnson 78ba0e7ab8 Remove riot.im from the list of trusted Identity Servers in the default configuration (#4207) 2018-11-20 12:29:25 +01:00
Richard van der Hoff 416c671474
Merge pull request #4204 from matrix-org/rav/logcontext_leak_fixes
Fix some logcontext leaks
2018-11-20 12:19:19 +01:00
Amber Brown 31425d82a3 Merge remote-tracking branch 'origin/master' into develop 2018-11-19 12:55:25 -06:00
Amber Brown 678ad155a2 Features
--------
 
 - Include flags to optionally add `m.login.terms` to the registration flow when consent tracking is enabled.
 ([\#4004](https://github.com/matrix-org/synapse/issues/4004), [\#4133](https://github.com/matrix-org/synapse/issues/4133),
 [\#4142](https://github.com/matrix-org/synapse/issues/4142), [\#4184](https://github.com/matrix-org/synapse/issues/4184))
 - Support for replacing rooms with new ones ([\#4091](https://github.com/matrix-org/synapse/issues/4091), [\#4099](https://github.com/matrix-org/synapse/issues/4099),
 [\#4100](https://github.com/matrix-org/synapse/issues/4100), [\#4101](https://github.com/matrix-org/synapse/issues/4101))
 
 Bugfixes
 --------
 
 - Fix exceptions when using the email mailer on Python 3. ([\#4095](https://github.com/matrix-org/synapse/issues/4095))
 - Fix e2e key backup with more than 9 backup versions ([\#4113](https://github.com/matrix-org/synapse/issues/4113))
 - Searches that request profile info now no longer fail with a 500. ([\#4122](https://github.com/matrix-org/synapse/issues/4122))
 - fix return code of empty key backups ([\#4123](https://github.com/matrix-org/synapse/issues/4123))
 - If the typing stream ID goes backwards (as on a worker when the master restarts), the worker's typing handler will no longer erroneously report rooms containing new
 typing events. ([\#4127](https://github.com/matrix-org/synapse/issues/4127))
 - Fix table lock of device_lists_remote_cache which could freeze the application ([\#4132](https://github.com/matrix-org/synapse/issues/4132))
 - Fix exception when using state res v2 algorithm ([\#4135](https://github.com/matrix-org/synapse/issues/4135))
 - Generating the user consent URI no longer fails on Python 3. ([\#4140](https://github.com/matrix-org/synapse/issues/4140),
 [\#4163](https://github.com/matrix-org/synapse/issues/4163))
 - Loading URL previews from the DB cache on Postgres will no longer cause Unicode type errors when responding to the request, and URL previews will no longer fail if
 the remote server returns a Content-Type header with the chartype in quotes. ([\#4157](https://github.com/matrix-org/synapse/issues/4157))
 - The hash_password script now works on Python 3. ([\#4161](https://github.com/matrix-org/synapse/issues/4161))
 - Fix noop checks when updating device keys, reducing spurious device list update notifications. ([\#4164](https://github.com/matrix-org/synapse/issues/4164))
 
 Deprecations and Removals
 -------------------------
 
 - The disused and un-specced identicon generator has been removed. ([\#4106](https://github.com/matrix-org/synapse/issues/4106))
 - The obsolete and non-functional /pull federation endpoint has been removed. ([\#4118](https://github.com/matrix-org/synapse/issues/4118))
 - The deprecated v1 key exchange endpoints have been removed. ([\#4119](https://github.com/matrix-org/synapse/issues/4119))
 - Synapse will no longer fetch keys using the fallback deprecated v1 key exchange method and will now always use v2.
 ([\#4120](https://github.com/matrix-org/synapse/issues/4120))
 
 Internal Changes
 ----------------
 
 - Fix build of Docker image with docker-compose ([\#3778](https://github.com/matrix-org/synapse/issues/3778))
 - Delete unreferenced state groups during history purge ([\#4006](https://github.com/matrix-org/synapse/issues/4006))
 - The "Received rdata" log messages on workers is now logged at DEBUG, not INFO. ([\#4108](https://github.com/matrix-org/synapse/issues/4108))
 - Reduce replication traffic for device lists ([\#4109](https://github.com/matrix-org/synapse/issues/4109))
 - Fix `synapse_replication_tcp_protocol_*_commands` metric label to be full command name, rather than just the first character
 ([\#4110](https://github.com/matrix-org/synapse/issues/4110))
 - Log some bits about room creation ([\#4121](https://github.com/matrix-org/synapse/issues/4121))
 - Fix `tox` failure on old systems ([\#4124](https://github.com/matrix-org/synapse/issues/4124))
 - Add STATE_V2_TEST room version ([\#4128](https://github.com/matrix-org/synapse/issues/4128))
 - Clean up event accesses and tests ([\#4137](https://github.com/matrix-org/synapse/issues/4137))
 - The default logging config will now set an explicit log file encoding of UTF-8. ([\#4138](https://github.com/matrix-org/synapse/issues/4138))
 - Add helpers functions for getting prev and auth events of an event ([\#4139](https://github.com/matrix-org/synapse/issues/4139))
 - Add some tests for the HTTP pusher. ([\#4149](https://github.com/matrix-org/synapse/issues/4149))
 - add purge_history.sh and purge_remote_media.sh scripts to contrib/ ([\#4155](https://github.com/matrix-org/synapse/issues/4155))
 - HTTP tests have been refactored to contain less boilerplate. ([\#4156](https://github.com/matrix-org/synapse/issues/4156))
 - Drop incoming events from federation for unknown rooms ([\#4165](https://github.com/matrix-org/synapse/issues/4165))
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEELYHpJ0E46Qa70sEIINaFRWrb6wFAlvzBkIACgkQIINaFRWr
 b6x8Nw/+OPgR2kCHwEsIe83Ec9aCXtiuZZmmVmA4Xq37uy7XTADtsIi6cPJHHMG6
 fR5Cn7eZXGwvrrRFeLX3IlZBf8CegfA21AkADvpDUp1A5cblH3iV27tdYmpft2E0
 DskVCDgESXDn/SOeLMyZg6bOk01ZHAEU5Z466wr7tKlb7GBv+amt6BUWKw+eEilX
 SneYFjUpsCiYTJyx/MmoTKba5znbSx7snzMbKi5kZaRr6xI/vvOI+EN293dpgJ8K
 ZDkwnjWYJ8RCw/7jctO41qu5zmlrFYA83YKNIguX8hCHp+0Sr8Z4a5SnNekwlUE9
 f3jKVs836R4sT0MWLZtFpCUlWOXTjNhHGQNu7QbylPBO0Py8GLrzR5jB4lORwVDD
 39X9Ue0N9sEKzCOWqZ8W3VoxCHyjeo5xkA3JxqHgrU5oiRJu5Jypp4zSzlJM7ndu
 XqQQhOxZArWNq74mWMutNetGck606dVJ5xR0rSQ9s1FVP36zzWNkrTssATjESmTd
 nvpmbHxUG8T6balbXncRxs9xO7A8nBssV+2lLI91ImbdeBIo+8pCkumKMPQe+sjh
 4pHnUpqQk9o4BTm5ETk47JzYJxX5N9MO3zRtrlhWOI2/iVmEA+VJuFWt1jEO7iic
 OG25upMOD3FVX/+pGZfcNnjMG5ojB8v7M9kfAvxTFCyZrUAnHOU=
 =iMv/
 -----END PGP SIGNATURE-----

Merge tag 'v0.33.9'

Features
--------

- Include flags to optionally add `m.login.terms` to the registration flow when consent tracking is enabled.
([\#4004](https://github.com/matrix-org/synapse/issues/4004), [\#4133](https://github.com/matrix-org/synapse/issues/4133),
[\#4142](https://github.com/matrix-org/synapse/issues/4142), [\#4184](https://github.com/matrix-org/synapse/issues/4184))
- Support for replacing rooms with new ones ([\#4091](https://github.com/matrix-org/synapse/issues/4091), [\#4099](https://github.com/matrix-org/synapse/issues/4099),
[\#4100](https://github.com/matrix-org/synapse/issues/4100), [\#4101](https://github.com/matrix-org/synapse/issues/4101))

Bugfixes
--------

- Fix exceptions when using the email mailer on Python 3. ([\#4095](https://github.com/matrix-org/synapse/issues/4095))
- Fix e2e key backup with more than 9 backup versions ([\#4113](https://github.com/matrix-org/synapse/issues/4113))
- Searches that request profile info now no longer fail with a 500. ([\#4122](https://github.com/matrix-org/synapse/issues/4122))
- fix return code of empty key backups ([\#4123](https://github.com/matrix-org/synapse/issues/4123))
- If the typing stream ID goes backwards (as on a worker when the master restarts), the worker's typing handler will no longer erroneously report rooms containing new
typing events. ([\#4127](https://github.com/matrix-org/synapse/issues/4127))
- Fix table lock of device_lists_remote_cache which could freeze the application ([\#4132](https://github.com/matrix-org/synapse/issues/4132))
- Fix exception when using state res v2 algorithm ([\#4135](https://github.com/matrix-org/synapse/issues/4135))
- Generating the user consent URI no longer fails on Python 3. ([\#4140](https://github.com/matrix-org/synapse/issues/4140),
[\#4163](https://github.com/matrix-org/synapse/issues/4163))
- Loading URL previews from the DB cache on Postgres will no longer cause Unicode type errors when responding to the request, and URL previews will no longer fail if
the remote server returns a Content-Type header with the chartype in quotes. ([\#4157](https://github.com/matrix-org/synapse/issues/4157))
- The hash_password script now works on Python 3. ([\#4161](https://github.com/matrix-org/synapse/issues/4161))
- Fix noop checks when updating device keys, reducing spurious device list update notifications. ([\#4164](https://github.com/matrix-org/synapse/issues/4164))

Deprecations and Removals
-------------------------

- The disused and un-specced identicon generator has been removed. ([\#4106](https://github.com/matrix-org/synapse/issues/4106))
- The obsolete and non-functional /pull federation endpoint has been removed. ([\#4118](https://github.com/matrix-org/synapse/issues/4118))
- The deprecated v1 key exchange endpoints have been removed. ([\#4119](https://github.com/matrix-org/synapse/issues/4119))
- Synapse will no longer fetch keys using the fallback deprecated v1 key exchange method and will now always use v2.
([\#4120](https://github.com/matrix-org/synapse/issues/4120))

Internal Changes
----------------

- Fix build of Docker image with docker-compose ([\#3778](https://github.com/matrix-org/synapse/issues/3778))
- Delete unreferenced state groups during history purge ([\#4006](https://github.com/matrix-org/synapse/issues/4006))
- The "Received rdata" log messages on workers is now logged at DEBUG, not INFO. ([\#4108](https://github.com/matrix-org/synapse/issues/4108))
- Reduce replication traffic for device lists ([\#4109](https://github.com/matrix-org/synapse/issues/4109))
- Fix `synapse_replication_tcp_protocol_*_commands` metric label to be full command name, rather than just the first character
([\#4110](https://github.com/matrix-org/synapse/issues/4110))
- Log some bits about room creation ([\#4121](https://github.com/matrix-org/synapse/issues/4121))
- Fix `tox` failure on old systems ([\#4124](https://github.com/matrix-org/synapse/issues/4124))
- Add STATE_V2_TEST room version ([\#4128](https://github.com/matrix-org/synapse/issues/4128))
- Clean up event accesses and tests ([\#4137](https://github.com/matrix-org/synapse/issues/4137))
- The default logging config will now set an explicit log file encoding of UTF-8. ([\#4138](https://github.com/matrix-org/synapse/issues/4138))
- Add helpers functions for getting prev and auth events of an event ([\#4139](https://github.com/matrix-org/synapse/issues/4139))
- Add some tests for the HTTP pusher. ([\#4149](https://github.com/matrix-org/synapse/issues/4149))
- add purge_history.sh and purge_remote_media.sh scripts to contrib/ ([\#4155](https://github.com/matrix-org/synapse/issues/4155))
- HTTP tests have been refactored to contain less boilerplate. ([\#4156](https://github.com/matrix-org/synapse/issues/4156))
- Drop incoming events from federation for unknown rooms ([\#4165](https://github.com/matrix-org/synapse/issues/4165))
2018-11-19 12:54:29 -06:00
Amber Brown 47e26f5a4d towncrier 2018-11-19 12:43:14 -06:00
Amber Brown d102e19e47 version 2018-11-19 12:42:49 -06:00
Amber Brown 80cac86b2c
Fix fallback auth on Python 3 (#4197) 2018-11-19 12:27:33 -06:00
Richard van der Hoff 0c05da2e2e changelog 2018-11-19 17:07:42 +00:00