Commit Graph

2043 Commits (735fd8719a27137e91a2bd8ac425125392df5454)

Author SHA1 Message Date
Matthew Hodgson 33cb7ef0b7
Merge pull request #2723 from matrix-org/matthew/search-all-local-users
Add all local users to the user_directory and optionally search them
2017-12-05 11:09:47 +00:00
Richard van der Hoff da1010c83a support custom login types for validating users
Wire the custom login type support from password providers into the UI-auth
user-validation flows.
2017-12-05 09:43:30 +00:00
Richard van der Hoff d7ea8c4800 Factor out a validate_user_via_ui_auth method
Collect together all the places that validate a logged-in user via UI auth.
2017-12-05 09:42:30 +00:00
Richard van der Hoff d5f9fb06b0 Refactor UI auth implementation
Instead of returning False when auth is incomplete, throw an exception which
can be caught with a wrapper.
2017-12-05 09:40:05 +00:00
Matthew Hodgson c22e73293a speed up the rate of initial spam for users 2017-12-04 18:05:28 +00:00
Matthew Hodgson 74e0cc74ce fix pep8 and tests 2017-12-04 15:11:38 +00:00
Matthew Hodgson 1bd40ca73e switch to a simpler 'search_all_users' button as per review feedback 2017-12-04 14:58:39 +00:00
Matthew Hodgson f397153dfc Merge branch 'develop' into matthew/search-all-local-users 2017-11-30 01:51:38 +00:00
Matthew Hodgson a4bb133b68 fix thinkos galore 2017-11-30 01:17:15 +00:00
Matthew Hodgson cd3697e8b7 kick the user_directory index when new users register 2017-11-29 18:33:34 +00:00
Matthew Hodgson 3241c7aac3 untested WIP but might actually work 2017-11-29 18:27:05 +00:00
Matthew Hodgson 47d99a20d5 Add user_directory_include_pattern config param to expand search results to additional users
Initial commit; this doesn't work yet - the LIKE filtering seems too aggressive.
It also needs _do_initial_spam to be aware of prepopulating the whole user_directory_search table with all users...
...and it needs a handle_user_signup() or something to be added so that new signups get incrementally added to the table too.

Committing it here as a WIP
2017-11-29 16:46:45 +00:00
Richard van der Hoff ad7e570d07 Delete devices in various logout situations
Make sure that we delete devices whenever a user is logged out due to any of
the following situations:

 * /logout
 * /logout_all
 * change password
 * deactivate account (by the user or by an admin)
 * invalidate access token from a dynamic module

Fixes #2672.
2017-11-29 16:44:35 +00:00
Richard van der Hoff ae31f8ce45 Move set_password into its own handler
Non-functional refactoring to move set_password. This means that we'll be able
to properly deactivate devices and access tokens without introducing a
dependency loop.
2017-11-29 16:44:35 +00:00
Richard van der Hoff 7ca5c68233 Move deactivate_account into its own handler
Non-functional refactoring to move deactivate_account. This means that we'll be
able to properly deactivate devices and access tokens without introducing a
dependency loop.
2017-11-29 16:44:35 +00:00
Richard van der Hoff 2c6d63922a Remove pushers when deleting access tokens
Whenever an access token is invalidated, we should remove the associated
pushers.
2017-11-29 16:44:35 +00:00
Erik Johnston dfbc45302e
PEP8 2017-11-28 15:23:26 +00:00
Erik Johnston c4c1d170af
Fix wrong avatars when inviting multiple users when creating room
We reused the `content` dictionary between invite requests, which meant they could end up reusing the profile info for a previous user
2017-11-28 15:19:15 +00:00
Luke Barnard cdf6fc15b0
Merge pull request #2686 from matrix-org/luke/as-flair
Add automagical AS Publicised Group(s)
2017-11-17 10:13:46 +00:00
Jurek eded7084d2 Fix auth handler #2678 2017-11-17 10:07:27 +00:00
Matthew Hodgson 34c3d0a386 typo 2017-11-17 01:54:02 +00:00
Luke Barnard 5b48eec4a1 Make sure we check AS groups for lookup on bulk 2017-11-16 17:55:15 +00:00
Jurek 624a8bbd67 Fix auth handler #2678 2017-11-16 17:19:02 +00:00
Luke Barnard 97bd18af4e Add automagical AS Publicised Group(s)
via registration file "users" namespace:

```YAML
...
namespaces:
  users:
    - exclusive: true
      regex: '.*luke.*'
      group_id: '+all_the_lukes:hsdomain'
...
```

This is part of giving App Services their own groups for matching users. With this, ghost users will be given the appeareance that they are in a group and that they have publicised the fact, but _only_ from the perspective of the `get_publicised_groups_for_user` API.
2017-11-16 16:44:55 +00:00
Richard van der Hoff 1b83c09c03
Merge pull request #2675 from matrix-org/rav/remove_broken_logcontext_funcs
Remove preserve_context_over_{fn, deferred}
2017-11-15 11:13:53 +00:00
Richard van der Hoff 7e6fa29cb5 Remove preserve_context_over_{fn, deferred}
Both of these functions ae known to leak logcontexts. Replace the remaining
calls to them and kill them off.
2017-11-14 11:22:42 +00:00
Richard van der Hoff 44a1bfd6a6 Reshuffle room list request code
I'm not entirely sure if this will actually help anything, but it simplifies
the code and might give further clues about why room list search requests are
blowing out the get_current_state_ids caches.
2017-11-14 10:29:58 +00:00
Richard van der Hoff 1fc66c7460 Add a load of logging to the room_list handler
So we can see what it gets up to.
2017-11-14 10:23:47 +00:00
Richard van der Hoff 9b803ccc98 Revert "Allow upper-case characters in mxids"
This reverts commit b70b646903.
2017-11-09 21:57:24 +00:00
Richard van der Hoff b70b646903 Allow upper-case characters in mxids
Because we're never going to be able to fix this :'(
2017-11-09 19:36:13 +00:00
Erik Johnston e8814410ef Have an explicit API to update room config 2017-11-08 16:13:27 +00:00
Erik Johnston 94ff2cda73
Revert "Modify group room association API to allow modification of is_public" 2017-11-08 15:43:34 +00:00
Erik Johnston d305987b40
Merge pull request #2631 from xyzz/fix_appservice_event_backlog
Fix appservices being backlogged and not receiving new events due to a bug in notify_interested_services
2017-11-08 11:54:10 +00:00
Richard van der Hoff 02a9a93bde
Merge pull request #2649 from matrix-org/rav/fix_delta_on_state_res
Fix bug in state group storage
2017-11-08 09:22:13 +00:00
Richard van der Hoff e148438e97 s/items/iteritems/ 2017-11-08 09:21:41 +00:00
Ilya Zhuravlev d46386d57e Remove useless assignment in notify_interested_services 2017-11-07 22:23:22 +03:00
Matthew Hodgson 228ccf1fe3
Merge pull request #2643 from matrix-org/matthew/user_dir_typos
Fix various embarrassing typos around user_directory and add some doc.
2017-11-07 17:31:11 +00:00
Richard van der Hoff 780dbb378f Update deltas when doing auth resolution
Fixes a bug where the persisted state groups were different to those actually
being used after auth resolution.
2017-11-07 16:43:00 +00:00
Richard van der Hoff 1ca4288135 factor out _update_context_for_auth_events
This is duplicated, so let's factor it out before fixing it
2017-11-07 16:43:00 +00:00
Erik Johnston 5ef5e14ecc
Merge pull request #2636 from farialima/me-master
Fix for #2635: correctly update rooms avatar/display name when modified by admin
2017-11-07 13:49:27 +00:00
Matthew Hodgson d1622e080f s/intial/initial/ 2017-11-04 19:35:14 +00:00
Francois Granade f103b91ffa removed unused import flagged by flake8a 2017-11-03 18:45:49 +01:00
Francois Granade fa4f337b49 Fix for issue 2635: correctly update rooms avatar/display name when modified by admin 2017-11-03 18:25:04 +01:00
Ilya Zhuravlev 45fbe4ff67 Fix appservices being backlogged and not receiving new events due to a bug in notify_interested_services 2017-11-02 22:49:43 +03:00
Richard van der Hoff 1189be43a2 Factor _AccountHandler proxy out to ModuleApi
We're going to need to use this from places that aren't password auth, so let's
move it to a proper class.
2017-11-02 14:36:11 +00:00
David Baker b19d9e2174
Merge pull request #2624 from matrix-org/rav/password_provider_notify_logout
Notify auth providers on logout
2017-11-02 10:55:17 +00:00
David Baker 1f080a6c97
Merge pull request #2623 from matrix-org/rav/callbacks_for_auth_providers
Allow password_auth_providers to return a callback
2017-11-02 10:49:03 +00:00
David Baker 04897c9dc1
Merge pull request #2622 from matrix-org/rav/db_access_for_auth_providers
Let auth providers get to the database
2017-11-02 10:41:25 +00:00
Richard van der Hoff 979eed4362 Fix user-interactive password auth
this got broken in the previous commit
2017-11-01 17:03:20 +00:00
Richard van der Hoff bc8a5c0330 Notify auth providers on logout
Provide a hook by which auth providers can be notified of logouts.
2017-11-01 16:51:51 +00:00
Richard van der Hoff 4c8f94ac94 Allow password_auth_providers to return a callback
... so that they have a way to record access tokens.
2017-11-01 16:51:03 +00:00
Richard van der Hoff 846a94fbc9
Merge pull request #2620 from matrix-org/rav/auth_non_password
Let password auth providers handle arbitrary login types
2017-11-01 16:45:33 +00:00
Richard van der Hoff 3cd6b22c7b Let password auth providers handle arbitrary login types
Provide a hook where password auth providers can say they know about other
login types, and get passed the relevant parameters
2017-11-01 16:43:57 +00:00
David Baker 4f0488b307 Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_delete 2017-11-01 16:20:19 +00:00
David Baker e5e930aec3
Merge pull request #2615 from matrix-org/rav/break_auth_device_dep
Break dependency of auth_handler on device_handler
2017-11-01 16:06:31 +00:00
David Baker fbbacb284e
Merge pull request #2613 from matrix-org/rav/kill_refresh_tokens
Remove the last vestiges of refresh_tokens
2017-11-01 15:57:35 +00:00
Richard van der Hoff dd13310fb8 Move access token deletion into auth handler
Also move duplicated deactivation code into the auth handler.

I want to add some hooks when we deactivate an access token, so let's bring it
all in here so that there's somewhere to put it.
2017-11-01 15:46:22 +00:00
Richard van der Hoff 74c56f794c Break dependency of auth_handler on device_handler
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.

It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
2017-11-01 10:27:06 +00:00
Richard van der Hoff 356bcafc44 Remove the last vestiges of refresh_tokens 2017-10-31 20:35:58 +00:00
Richard van der Hoff 3e0aaad190 Let auth providers get to the database
Somewhat open to abuse, but also somewhat unavoidable :/
2017-10-31 17:22:29 +00:00
Luke Barnard 20fe347906 Modify group room association API to allow modification of is_public
also includes renamings to make things more consistent.
2017-10-31 17:04:28 +00:00
Richard van der Hoff 1b65ae00ac Refactor some logic from LoginRestServlet into AuthHandler
I'm going to need some more flexibility in handling login types in password
auth providers, so as a first step, move some stuff from LoginRestServlet into
AuthHandler.

In particular, we pass everything other than SAML, JWT and token logins down to
the AuthHandler, which now has responsibility for checking the login type and
fishing the password out of the login dictionary, as well as qualifying the
user_id if need be. Ideally SAML, JWT and token would go that way too, but
there's no real need for it right now and I'm trying to minimise impact.

This commit *should* be non-functional.
2017-10-31 10:48:41 +00:00
Richard van der Hoff 110b373e9c Merge pull request #2589 from matrix-org/rav/as_deactivate_account
Allow ASes to deactivate their own users
2017-10-27 12:29:32 +01:00
Richard van der Hoff 785bd7fd75 Allow ASes to deactivate their own users 2017-10-27 00:01:00 +01:00
Erik Johnston 566e21eac8 Update room_list.py 2017-10-26 11:39:54 +01:00
Erik Johnston 2a7e9faeec Do logcontexts outside ResponseCache 2017-10-25 15:21:08 +01:00
Erik Johnston 33a9026cdf Add logging and fix log contexts for publicRooms 2017-10-25 10:26:06 +01:00
Richard van der Hoff eaaabc6c4f replace 'except:' with 'except Exception:'
what could possibly go wrong
2017-10-23 15:52:32 +01:00
Richard van der Hoff 3267b81b81 Merge pull request #2561 from matrix-org/rav/id_checking
Updates to ID checking
2017-10-23 14:39:20 +01:00
Richard van der Hoff 29812c628b Allow = in mxids and groupids
... because the spec says we should.
2017-10-20 23:42:53 +01:00
Richard van der Hoff 58fbbe0f1d Disallow capital letters in userids
Factor out a common function for checking user ids and group ids, which forbids
capitals.
2017-10-20 23:37:22 +01:00
Richard van der Hoff 631d7b87b5 Remove pointless create() method
It just calls the constructor, so we may as well kill it rather than having
random codepaths.
2017-10-20 22:14:55 +01:00
Luke Barnard a3ac4f6b0a _create_rererouter for get_invited_users_in_group 2017-10-16 15:41:03 +01:00
Luke Barnard 2c5972f87f Implement GET /groups/$groupId/invited_users 2017-10-16 15:31:11 +01:00
Luke Barnard 6079d0027a Log a warning when no profile for invited member
And return empty profile
2017-10-16 14:20:45 +01:00
David Baker b8d8ed1ba9 Merge pull request #2531 from matrix-org/dbkr/spamcheck_error_messages
Allow error strings from spam checker
2017-10-12 10:31:03 +01:00
Erik Johnston b752507b48 Fix fetching remote summaries 2017-10-11 16:59:18 +01:00
Richard van der Hoff 68fd82e840 Merge pull request #2530 from matrix-org/rav/fix_receipt_logcontext
fix a logcontext leak in read receipt handling
2017-10-11 15:08:53 +01:00
David Baker b78bae2d51 fix isinstance 2017-10-11 14:49:09 +01:00
David Baker c3b7a45e84 Allow error strings from spam checker 2017-10-11 14:39:22 +01:00
Richard van der Hoff c3e190ce67 fix a logcontext leak in read receipt handling 2017-10-11 14:37:20 +01:00
Erik Johnston 4ce4379235 Fix attestations to check correct server name 2017-10-11 14:11:43 +01:00
Erik Johnston 535cc49f27 Merge pull request #2466 from matrix-org/erikj/groups_merged
Initial Group Implementation
2017-10-11 13:20:07 +01:00
Erik Johnston bc7f3eb32f Merge pull request #2483 from jeremycline/unfreeze-ujson-dump
Unfreeze event before serializing with ujson
2017-10-11 13:18:52 +01:00
Erik Johnston 84e27a592d Merge pull request #2490 from matrix-org/erikj/drop_left_room_events
Ignore incoming events for rooms that we have left
2017-10-10 11:58:32 +01:00
Richard van der Hoff c8f568ddf9 Fix up deferred handling in federation.py
* Avoid preserve_context_over_deferred, which is broken

* set consumeErrors=True on defer.gatherResults, to avoid spurious "unhandled
  failure" erros
2017-10-06 22:14:24 +01:00
David Baker f878e6f8af Spam checking: add the invitee to user_may_invite 2017-10-05 14:02:28 +01:00
David Baker d8ce68b09b spam check room publishing 2017-10-04 14:29:33 +01:00
David Baker 78d4ced829 un-double indent 2017-10-04 12:44:27 +01:00
David Baker 197c14dbcf Add room creation checks to spam checker
Lets the spam checker deny attempts to create rooms and add aliases
to them.
2017-10-04 10:47:54 +01:00
David Baker 1e375468de pass room id too 2017-10-03 17:13:14 +01:00
David Baker c2c188b699 Federation was passing strings anyway
so pass string everywhere
2017-10-03 15:46:19 +01:00
David Baker c46a0d7eb4 this shouldn't be debug 2017-10-03 15:20:14 +01:00
David Baker bd769a81e1 better logging 2017-10-03 15:16:40 +01:00
David Baker 41fd9989a2 Skip spam check for admin users 2017-10-03 14:17:44 +01:00
Erik Johnston e4ab96021e Update comments 2017-10-03 14:10:41 +01:00
David Baker 2a7ed700d5 Fix param name & lint 2017-10-03 14:04:10 +01:00
David Baker 84716d267c Allow spam checker to reject invites too 2017-10-03 13:56:43 +01:00
Erik Johnston f2da6df568 Remove spurious line feed 2017-10-03 11:31:06 +01:00
Erik Johnston 30848c0fcd Ignore incoming events for rooms that we have left
When synapse receives an event for a room its not in over federation, it
double checks with the remote server to see if it is in fact in the
room. This is done so that if the server has forgotten about the room
(usually as a result of the database being dropped) it can recover from
it.

However, in the presence of state resets in large rooms, this can cause
a lot of work for servers that have legitimately left. As a hacky
solution that supports both cases we drop incoming events for rooms that
we have explicitly left.

This means that we no longer support the case of servers having
forgotten that they've rejoined a room, but that is sufficiently rare
that we're not going to support it for now.
2017-10-03 11:18:21 +01:00