885a4726b7
Return timeout error to user for identity server calls ( #6073 )
2019-09-23 14:37:23 +01:00
df3401a71d
Allow HS to send emails when adding an email to the HS ( #6042 )
2019-09-20 15:21:30 +01:00
9fc71dc5ee
Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) ( #5976 )
...
This is a redo of https://github.com/matrix-org/synapse/pull/5897 but with `id_access_token` accepted.
Implements [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134 ) plus Identity Service v2 authentication ala [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140 ).
Identity lookup-related functions were also moved from `RoomMemberHandler` to `IdentityHandler`.
2019-09-11 16:02:42 +01:00
3505ffcda7
Fix existing v2 identity server calls (MSC2140) ( #6013 )
...
Two things I missed while implementing [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R80 ).
1. Access tokens should be provided to the identity server as `access_token`, not `id_access_token`, even though the homeserver may accept the tokens as `id_access_token`.
2. Access tokens must be sent to the identity server in a query parameter, the JSON body is not allowed.
We now send the access token as part of an `Authorization: ...` header, which fixes both things.
The breaking code was added in https://github.com/matrix-org/synapse/pull/5892
Sytest PR: https://github.com/matrix-org/sytest/pull/697
2019-09-11 11:59:45 +01:00
5e9b05d7da
Merge pull request #6011 from matrix-org/anoa/fix_3pid_validation
...
Use account_threepid_delegate for 3pid validation
2019-09-10 18:15:07 +01:00
b5833a2abf
Add changelog
2019-09-10 17:56:10 +01:00
60d3c57bd0
Use account_threepid_delegate for 3pid validation
2019-09-10 17:56:10 +01:00
78801e7f9e
Ensure a sid parameter is passed to bind_threepid ( #5995 )
...
`sid` is required to be part of `three_pid_creds`. We were 500'ing if it wasn't provided instead of returning `M_MISSING_PARAM`.
2019-09-06 15:36:50 +01:00
0c0b82b6d1
Allow Synapse to send registration emails + choose Synapse or an external server to handle 3pid validation ( #5987 )
...
This is a combination of a few different PRs, finally all being merged into `develop`:
* #5875
* #5876
* #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](891afb57cb (diff-e591d42d30690ffb79f63bb726200891)#5969 . What's left is just giving /versions access to the config file, which could be useful in the future)
* #5835
* #5969
* #5940
Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged.
UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
2019-09-06 11:35:28 +01:00
a0d294c306
Switch to using v2 Identity Service APIs other than lookup (MSC 2140) ( #5892 )
2019-09-05 14:31:22 +01:00
90d17a3d28
Add POST /_matrix/client/r0/account/3pid/unbind (MSC2140) ( #5980 )
...
Implements `POST /_matrix/client/r0/account/3pid/unbind` from [MSC2140](https://github.com/matrix-org/matrix-doc/blob/dbkr/tos_2/proposals/2140-terms-of-service-2.md#post-_matrixclientr0account3pidunbind ).
2019-09-05 14:00:30 +01:00
3057095a5d
Revert "Use the v2 lookup API for 3PID invites ( #5897 )" ( #5937 )
...
This reverts commit 71fc04069a#5892 was required for it to work correctly.
2019-08-30 12:00:20 +01:00
71fc04069a
Use the v2 lookup API for 3PID invites ( #5897 )
...
Fixes https://github.com/matrix-org/synapse/issues/5861
Adds support for the v2 lookup API as defined in [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134 ). Currently this is only used for 3PID invites.
Sytest PR: https://github.com/matrix-org/sytest/pull/679
2019-08-28 14:59:26 +02:00
4806651744
Replace returnValue with return ( #5736 )
2019-07-23 23:00:55 +10:00
b2a2e96ea6
Typo
2019-07-10 15:56:21 +01:00
f77e997619
Send 3PID bind requests as JSON data
2019-07-10 15:46:42 +01:00
32e7c9e7f2
Run Black. ( #5482 )
2019-06-20 19:32:02 +10:00
3719680ee4
Add ability to perform password reset via email without trusting the identity server ( #5377 )
...
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.
This PR is a culmination of 3 smaller PRs which have each been separately reviewed:
* #5308
* #5345
* #5368
2019-06-06 17:34:07 +01:00
24232514bf
Remove threepid binding if id server returns 400/404/501
2019-04-02 11:20:09 +01:00
c75e2017f1
Fixup docstrings
2019-04-02 11:20:06 +01:00
057715aaa2
Allowing specifying IS to use in unbind API.
...
By default the homeserver will use the identity server used during the
binding of the 3PID to unbind the 3PID. However, we need to allow
clients to explicitly ask the homeserver to unbind via a particular
identity server, for the case where the 3PID was bound out of band from
the homeserver.
Implements MSC915.
2019-04-01 15:25:18 +01:00
9fbbc3d9e5
For unbind poke IS used during binding of 3PID
...
This changes the behaviour from using the server specified trusted
identity server to using the IS that used during the binding of the
3PID, if known.
This is the behaviour specified by MSC1915.
2019-04-01 15:23:30 +01:00
1666c0696a
Track IS used to bind 3PIDs
...
This will then be used to know which IS to default to when unbinding the
threepid.
2019-04-01 15:23:01 +01:00
9feb5d0b71
sign_request -> build_auth_headers ( #4408 )
...
Just got very confused about the fact that the headers are only an output, not
an input.
2019-01-17 12:40:09 +00:00
bf7598f582
Log when we 3pid/unbind request fails
2018-08-09 10:09:56 +01:00
360ba89c50
Don't fail requests to unbind 3pids for non supporting ID servers
...
Older identity servers may not support the unbind 3pid request, so we
shouldn't fail the requests if we received one of 400/404/501. The
request still fails if we receive e.g. 500 responses, allowing clients
to retry requests on transient identity server errors that otherwise do
support the API.
Fixes #3661
2018-08-08 12:06:18 +01:00
01e93f48ed
Kill off MatrixCodeMessageException
...
This code brings the SimpleHttpClient into line with the
MatrixFederationHttpClient by having it raise HttpResponseExceptions when a
request fails (rather than trying to parse for matrix errors and maybe raising
MatrixCodeMessageException).
Then, whenever we were checking for MatrixCodeMessageException and turning them
into SynapseErrors, we now need to check for HttpResponseExceptions and call
to_synapse_error.
2018-08-01 16:02:46 +01:00
49af402019
run isort
2018-07-09 16:09:20 +10:00
6350bf925e
Attempt to be more performant on PyPy ( #3462 )
2018-06-28 14:49:57 +01:00
a61738b316
Remove run_on_reactor ( #3395 )
2018-06-14 18:27:37 +10:00
d62162bbec
doc fixes
2018-06-05 18:09:13 +01:00
f731e42baf
docstring
2018-06-04 12:00:51 +01:00
9700d15611
pep8
2018-05-24 11:23:15 +01:00
a21a41bad7
comment
2018-05-24 11:19:59 +01:00
2c7866d664
Hit the 3pid unbind endpoint on deactivation
2018-05-23 14:38:56 +01:00
fcfe7f6ad3
Use simplejson throughout
...
Let's use simplejson rather than json, for consistency.
2018-03-29 22:45:52 +01:00
82ae0238f9
Revert accidental commit
2017-04-26 11:43:16 +01:00
1a9255c12e
Use CodeMessageException subclass instead
...
Parse json errors from get_json client methods and throw special
errors.
2017-04-25 19:30:55 +01:00
a90a0f5c8a
Propagate errors sensibly from proxied IS requests
...
When we're proxying Matrix endpoints, parse out Matrix error
responses and turn them into SynapseErrors so they can be
propagated sensibly upstream.
2017-04-21 11:32:48 +01:00
73a5f06652
Support registration / login with phone number
...
Changes from https://github.com/matrix-org/synapse/pull/1971
2017-03-13 17:27:51 +00:00
7eae6eaa2f
Revert "Support registration & login with phone number"
2017-03-13 09:59:33 +00:00
ce3e583d94
WIP support for msisdn 3pid proxy methods
2017-02-14 15:05:55 +00:00
be8be535f7
requestToken update
...
Don't send requestToken request to untrusted ID servers
Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.
2016-06-30 17:51:28 +01:00
6927d0e091
Add missing param to the log line
2016-01-29 15:01:26 +00:00
0fcafbece8
Add config option for setting the trusted id servers, disabling checking the ID server in integration tests
2016-01-29 14:12:26 +00:00
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
37b2d69bbc
Reuse a single http client, rather than creating new ones
2015-12-02 11:36:02 +00:00
c77048e12f
Add endpoint that proxies ID server request token and errors if the given email is in use on this Home Server.
2015-08-04 14:37:09 +01:00
28d07a02e4
Add vector.im as trusted ID server
2015-08-03 15:31:21 +01:00
9927170787
Accept camelcase + underscores in binding too
2015-04-29 15:57:09 +01:00
109c8aafd2
Fix includes
2015-04-29 15:45:44 +01:00
b7788f80a3
Accept both camelcase and underscore threepid creds for transition
2015-04-29 15:41:29 +01:00
1bac74b9ae
Change to https for ID server communication
2015-04-24 14:48:49 +01:00
a218619626
Use underscores instead of camelcase for id server stuff
2015-04-24 11:27:38 +01:00
4eea5cf6c2
pep8
2015-04-17 16:46:45 +01:00
ea1776f556
Return user ID in use error straight away
2015-04-16 19:56:44 +01:00
766bd8e880
Dummy login so we can do the first POST request to get login flows without it just succeeding
2015-04-15 17:14:25 +01:00
a19b739909
Regstration with email in v2
2015-04-15 15:50:38 +01:00
Andrew Morgan