Commit Graph

22889 Commits (96529c42368a6153a92330c3f03be5b02ce4653c)

Author SHA1 Message Date
Jason Little 874378c052
Docker fully qualified image names (#15689)
* Fully qualified docker image names for the main Dockerfile and Complement related.

* Fully qualified docker image names for Dockerfiles associated with building Debian release artifacts.

This one is harder and is separate from the other commit in case it wasn't correct or was unwanted. I decided to
do the expansion on the docker images in the Dockerfile itself, instead of the various source places that build
which distribution that is selected, as it would have been more invasive with the scripts breaking up the string
for tagging and such. This one is untested.

* Changelog

* Update docker/Dockerfile-workers

* Update docker/complement/Dockerfile

---------

Co-authored-by: reivilibre <olivier@librepush.net>
2023-05-31 15:13:31 +00:00
reivilibre 11e15d79b8
Fix a performance issue introduced in Synapse v1.83.0 which meant that purging rooms was very slow and database-intensive. (#15693)
* Add indices required to efficiently validate new foreign key constraints on stream_ordering

* Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>

---------

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2023-05-31 14:59:56 +01:00
Gabriel Féron daf3a67908
Add get_canonical_room_alias to module API (#15450)
Co-authored-by: Boxdot <d@zerovolt.org>
2023-05-31 09:18:37 -04:00
Patrick Cloke c01343de43
Add stricter mypy options (#15694)
Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any,
and disallow_incomplete_defs.
2023-05-31 07:18:29 -04:00
David Robertson 6fc3deb029
Merge branch 'release-v1.85' into develop 2023-05-30 16:08:33 +01:00
Quentin Gliech ceb3dd77db Enforce that an admin token also has the basic Matrix API scope 2023-05-30 09:43:06 -04:00
Quentin Gliech 32a2f05004 Make the config tests spawn the homeserver only when needed 2023-05-30 09:43:06 -04:00
Quentin Gliech f739bde962 Reject tokens with multiple device scopes 2023-05-30 09:43:06 -04:00
Quentin Gliech 98afc57d59 Make OIDC scope constants 2023-05-30 09:43:06 -04:00
Quentin Gliech 14a5be9c4d Handle errors when introspecting tokens
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
2023-05-30 09:43:06 -04:00
Quentin Gliech ec9379d7e2 Newsfile. 2023-05-30 09:43:06 -04:00
Quentin Gliech e343125b38 Disable incompatible Admin API endpoints 2023-05-30 09:43:06 -04:00
Quentin Gliech 4d0231b364 Make AS tokens work & allow ASes to /register 2023-05-30 09:43:06 -04:00
Quentin Gliech c008b44b4f Add an admin token for MAS -> Synapse calls 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith bad1f2cd35 Tests for JWKS endpoint 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 249f4a338d Refactor config to be an experimental feature
Also enforce you can't combine it with incompatible config options
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 03920bdd4e Test MSC2965 implementation: well-known discovery document 2023-05-30 09:43:06 -04:00
Quentin Gliech 31691d6151 Disable account related endpoints when using OAuth delegation 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 5fe96082d0 Actually enforce guest + return www-authenticate header 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith 28a9663bdf Initial tests for OAuth delegation 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith a1374b5c70 MSC2967: Check access token scope for use as user and add guest support 2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith d20669971a Use `name` claim as display name when registering users on the fly.
This makes is so that the `name` claim got when introspecting the token
is used as the display name when registering a user on the fly.
2023-05-30 09:43:06 -04:00
Quentin Gliech f9cd549f64 Record the `sub` claims as an external_id 2023-05-30 09:43:06 -04:00
Quentin Gliech 7628dbf4e9 Handle the Synapse admin scope 2023-05-30 09:43:06 -04:00
Quentin Gliech c5cf1b421d Save the scopes in the requester 2023-05-30 09:43:06 -04:00
Quentin Gliech e82ec6d008 MSC2965: OIDC Provider discovery via well-known document 2023-05-30 09:43:06 -04:00
Quentin Gliech 8f576aa462 Expose the public keys used for client authentication on an endpoint 2023-05-30 09:43:06 -04:00
Quentin Gliech 765244faee Initial MSC3964 support: delegation of auth to OIDC server 2023-05-30 09:43:06 -04:00
Quentin Gliech e2c8458bba Make the api.auth.Auth a Protocol 2023-05-30 09:43:06 -04:00
Sean Quah 5d8c659373
Remove unused `FederationServer.__str__` override (#15690)
Signed-off-by: Sean Quah <seanq@matrix.org>
2023-05-30 14:37:39 +01:00
David Robertson 7477810cc2
fixup changelog 2023-05-30 14:33:05 +01:00
David Robertson 3389653e15
Update changelog 2023-05-30 14:18:42 +01:00
David Robertson cebff6f4d5
Tweak release script dependabot wording 2023-05-30 14:05:44 +01:00
David Robertson a103b874dd
1.85.0rc1 2023-05-30 14:03:22 +01:00
David Robertson 42786d8a47
Create dependabot changelogs at release time (#15481)
* Ditch dependabot changelog workflow

* Summarise dependabot commits in release script

* Changelog

* Update scripts-dev/release.py
2023-05-30 13:54:50 +01:00
dependabot[bot] 626bd75f48
Bump types-bleach from 6.0.0.1 to 6.0.0.3 (#15686)
* Bump types-bleach from 6.0.0.1 to 6.0.0.3

Bumps [types-bleach](https://github.com/python/typeshed) from 6.0.0.1 to 6.0.0.3.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-bleach
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: David Robertson <davidr@element.io>
2023-05-30 11:13:04 +01:00
dependabot[bot] 2b6c9150dc
Bump types-requests from 2.30.0.0 to 2.31.0.0 (#15684)
* Bump types-requests from 2.30.0.0 to 2.31.0.0

Bumps [types-requests](https://github.com/python/typeshed) from 2.30.0.0 to 2.31.0.0.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-requests
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
2023-05-30 11:03:58 +01:00
dependabot[bot] 04798b710d
Bump log from 0.4.17 to 0.4.18 (#15681) 2023-05-29 14:15:49 -04:00
dependabot[bot] eb48b10f4f
Bump pydantic from 1.10.7 to 1.10.8 (#15685) 2023-05-29 14:14:58 -04:00
dependabot[bot] ea634a9f81
Bump prometheus-client from 0.16.0 to 0.17.0 (#15682) 2023-05-29 14:13:40 -04:00
dependabot[bot] 4f07c2a170
Bump types-pyyaml from 6.0.12.9 to 6.0.12.10 (#15683) 2023-05-29 14:07:25 -04:00
Jason Little c835befd10
Add Unix socket support for Redis connections (#15644)
Adds a new configuration setting to connect to Redis via a Unix
socket instead of over TCP. Disabled by default.
2023-05-26 15:28:39 -04:00
Travis Ralston 50918c4940
Add `MSC3820opt2` as a known room version (#15678) 2023-05-26 18:05:24 +00:00
Grant McLean 179f0f851e
Documentation improvements to contributing guide (#15667) (#15668)
Fix #15667

 - Reiterate the importance of getting Rust installed and set up before attempting to install the Python dependencies.
 - Mention the importance of confirming that `poetry install` completed successfully and include a typical error that the user might see if it did not.
 - Expand on "Now edit homeserver.yaml" to give examples of things likely to need changing and to link to the relevant sections of the Synapse server documentation.
2023-05-26 12:28:04 -05:00
Patrick Cloke 2ad91ec628
Set thread_id column to non-null for event_push_{actions,actions_staging,summary} (#15597)
Updates the database schema to require a thread_id (by adding a
constraint that the column is non-null) for event_push_actions,
event_push_actions_staging, and event_push_actions_summary.

For PostgreSQL we add the constraint as NOT VALID, then
VALIDATE the constraint a background job to avoid locking
the table during an upgrade.

Each table is updated as a separate schema delta to avoid
deadlocks between them.

For SQLite we simply rebuild the table & copy the data.
2023-05-26 13:16:08 -04:00
Olivier Wilkinson (reivilibre) a1154dfc20 Merge branch 'master' into develop 2023-05-26 17:16:15 +01:00
Olivier Wilkinson (reivilibre) cb6f4a84a6 Fix a typographical error in changelog 2023-05-26 16:18:35 +01:00
Olivier Wilkinson (reivilibre) 65bf5f3649 1.84.1 2023-05-26 16:17:50 +01:00
reivilibre c775d80b73
Fix a bug introduced in Synapse v1.84.0 where workers do not start up when no `instance_map` was provided. (#15672)
* Fix #15669: always populate instance map even if it was empty

* Fix some tests

* Fix more tests

* Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>

* CI fix: don't forget to update apt repository sources before installing olddeps deps

* Add test testing the backwards compatibility

---------

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
2023-05-26 14:28:55 +00:00
Travis Ralston 4e013093a8
Add MSC3820 (room version 11) option 2 unstable room version. (#15666) 2023-05-26 07:46:13 -04:00