Commit Graph

844 Commits (c1883f042d4e6d69e4c211bcad5d65da5123f33d)

Author SHA1 Message Date
Neil Johnson 8b8f8c7b3c Explicitly log when a homeserver does not have a trusted key server configured (#6090) 2019-09-26 12:57:01 +01:00
Erik Johnston 4fb3c129aa Merge branch 'develop' of github.com:matrix-org/synapse into erikj/cleanup_user_ips_2 2019-09-25 17:53:13 +01:00
Erik Johnston 39b50ad42a Review comments 2019-09-25 17:22:33 +01:00
Erik Johnston 242017db8b Prune rows in user_ips older than configured period
Defaults to pruning everything older than 28d.
2019-09-24 15:53:17 +01:00
Richard van der Hoff ed8b92f0d2 Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_work 2019-09-24 12:57:32 +01:00
Andrew Morgan 50776261e1 Add submit_url response parameter to msisdn /requestToken (#6079)
Second part of solving #6076
Fixes #6076

We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
2019-09-23 21:21:03 +01:00
Richard van der Hoff 78e8ec368e
Merge pull request #6064 from matrix-org/rav/saml_config_cleanup
Make the sample saml config closer to our standards
2019-09-23 20:36:51 +01:00
Andrew Morgan e08ea43463 Use the federation blacklist for requests to untrusted Identity Servers (#6000)
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.

Fixes #5935
2019-09-23 20:23:20 +01:00
Andrew Morgan df3401a71d
Allow HS to send emails when adding an email to the HS (#6042) 2019-09-20 15:21:30 +01:00
Richard van der Hoff b65327ff66 Merge branch 'develop' into rav/saml_mapping_work 2019-09-19 18:13:31 +01:00
Richard van der Hoff b789c7eb03 Merge branch 'develop' into rav/saml_config_cleanup 2019-09-19 15:05:31 +01:00
Jorik Schellekens 38fd1f8e3f Fix typo in account_threepid_delegates config (#6028) 2019-09-18 22:30:44 +01:00
Richard van der Hoff 7100b5cc9d fix sample config
this was apparently broken by #6040.
2019-09-18 10:16:00 +01:00
dstipp 379d2a8c39 (#5849) Convert rst to markdown (#6040)
Converting some of the rst documentation to markdown.  Attempted to
preserve whitespace and line breaks to minimize cosmetic change.
2019-09-17 12:55:29 +01:00
Richard van der Hoff a8ac40445c Record mappings from saml users in an external table
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
2019-09-13 16:01:46 +01:00
Richard van der Hoff 785cbd3999 Make the sample saml config closer to our standards
It' still not great, thanks to the nested dictionaries, but it's better.
2019-09-13 12:07:03 +01:00
Travis Ralston c755955f33 Add developer docs for using SAML without a server (#6032) 2019-09-13 08:58:18 +01:00
axel simon 1c7df13e7b add explanations on how to actually include an access_token (#6031) 2019-09-13 08:50:17 +01:00
Sorunome dd2e5b0038 add report_stats_endpoint config option (#6012)
This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
2019-09-12 11:24:57 +01:00
Erik Johnston 66ace43546 Update sample config 2019-09-11 14:50:40 +01:00
Erik Johnston 8df88b5ff3 Update sample config 2019-09-11 10:58:26 +01:00
Erik Johnston 470dc621ae
Merge pull request #5934 from matrix-org/erikj/censor_redactions
Censor redactions in DB after a month
2019-09-09 15:29:39 +01:00
Erik Johnston 8b9ade8c78 Default to censoring redactions after seven days 2019-09-09 13:55:28 +01:00
Amber Brown 55d5b3af88
Servers-known-about statistic (#5981) 2019-09-07 01:45:51 +10:00
Andrew Morgan 0c0b82b6d1
Allow Synapse to send registration emails + choose Synapse or an external server to handle 3pid validation (#5987)
This is a combination of a few different PRs, finally all being merged into `develop`:

* #5875 
* #5876 
* #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](891afb57cb (diff-e591d42d30690ffb79f63bb726200891)) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future)
* #5835 
* #5969 
* #5940

Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged.

UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
2019-09-06 11:35:28 +01:00
Erik Johnston 591d82f06b Merge branch 'develop' of github.com:matrix-org/synapse into erikj/censor_redactions 2019-09-05 17:27:46 +01:00
Erik Johnston 3ff0422d2d Make redaction retention period configurable 2019-09-05 17:16:45 +01:00
Erik Johnston 6e834e94fc
Fix and refactor room and user stats (#5971)
Previously the stats were not being correctly populated.
2019-09-04 13:04:27 +01:00
Jorik Schellekens 92c1550f4a Add a link to python's logging config schema (#5926) 2019-08-28 19:08:32 +01:00
Jorik Schellekens 6d97843793
Config templating (#5900)
Template config files

* Imagine a system composed entirely of x, y, z etc and the basic operations..

Wait George, why XOR? Why not just neq?

George: Eh, I didn't think of that..

Co-Authored-By: Erik Johnston <erik@matrix.org>
2019-08-28 13:12:22 +01:00
Amber Brown 7dc398586c
Implement a structured logging output system. (#5680) 2019-08-28 21:18:53 +10:00
reivilibre a3f0635686
Merge pull request #5914 from matrix-org/rei/admin_getadmin
Add GET method to admin API /users/@user:dom/admin
2019-08-28 09:44:22 +01:00
Olivier Wilkinson (reivilibre) 1b959b6977 Document GET method for retrieving admin bit of user in admin API
Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
2019-08-27 13:19:19 +01:00
Erik Johnston f5b50d0871
Merge pull request #5895 from matrix-org/erikj/notary_key
Add config option to sign remote key query responses with a separate key.
2019-08-27 11:51:37 +01:00
reivilibre 1a7e6eb633
Add Admin API capability to set adminship of a user (#5878)
Admin API: Set adminship of a user
2019-08-27 10:14:00 +01:00
Erik Johnston 7af5a63063 Fixup review comments 2019-08-23 15:36:28 +01:00
Jorik Schellekens 8767b63a82
Propagate opentracing contexts through EDUs (#5852)
Propagate opentracing contexts through EDUs
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-08-22 18:21:10 +01:00
Richard van der Hoff 119aa31b10
Servlet to purge old rooms (#5845) 2019-08-22 10:42:59 +01:00
Erik Johnston 5906be8589 Add config option for keys to use to sign keys
This allows servers to separate keys that are used to sign remote keys
when acting as a notary server.
2019-08-21 10:44:58 +01:00
Amber Brown 0b6fbb28a8
Don't load the media repo when configured to use an external media repo (#5754) 2019-08-13 21:49:28 +10:00
Brendan Abolivier f25f638c35
Lint 2019-08-01 12:19:08 +02:00
Brendan Abolivier 3ff3dfe5a3
Sample config 2019-08-01 12:08:25 +02:00
Richard van der Hoff 8c97f6414c
Remove non-functional 'expire_access_token' setting (#5782)
The `expire_access_token` didn't do what it sounded like it should do. What it
actually did was make Synapse enforce the 'time' caveat on macaroons used as
access tokens, but since our access token macaroons never contained such a
caveat, it was always a no-op.

(The code to add 'time' caveats was removed back in v0.18.5, in #1656)
2019-07-30 08:25:02 +01:00
Amber Brown 865077f1d1
Room Complexity Client Implementation (#5783) 2019-07-30 02:47:27 +10:00
Jorik Schellekens 3641784e8c
Make Jaeger fully configurable (#5694)
* Allow Jaeger to be configured

* Update sample config
2019-07-23 15:46:04 +01:00
Amber Brown 4806651744
Replace returnValue with return (#5736) 2019-07-23 23:00:55 +10:00
Jorik Schellekens 0fd171770a Merge branch 'release-v1.2.0' into develop 2019-07-22 11:18:50 +01:00
Jorik Schellekens 826e6ec3bd
Opentracing Documentation (#5703)
* Opentracing survival guide

* Update decorator names in doc

* Doc cleanup

These are all alterations as a result of comments in #5703, it
includes mostly typos and clarifications. The most interesting
changes are:

- Split developer and user docs into two sections
- Add a high level description of OpenTracing

* newsfile

* Move contributer specific info to docstring.

* Sample config.

* Trailing whitespace.

* Update 5703.misc

* Apply suggestions from code review

Mostly just rewording parts of the docs for clarity.

Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-07-22 11:15:21 +01:00
Richard van der Hoff b73ce4ba81
Update the coding style doc (#5719)
A few fixes and removal of duplicated stuff, but mostly a bunch of the words on the config file.
2019-07-19 11:55:14 +01:00
Richard van der Hoff 82345bc09a
Clean up opentracing configuration options (#5712)
Clean up config settings and dead code.

This is mostly about cleaning up the config format, to bring it into line with our conventions. In particular:
 * There should be a blank line after `## Section ##' headings
 * There should be a blank line between each config setting
 * There should be a `#`-only line between a comment and the setting it describes
 * We don't really do the `#  #` style commenting-out of whole sections if we can help it
 * rename `tracer_enabled` to `enabled`

While we're here, do more config parsing upfront, which makes it easier to use
later on.

Also removes redundant code from LogContextScopeManager.

Also changes the changelog fragment to a `feature` - it's exciting!
2019-07-18 15:06:54 +01:00
Amber Brown 7ad1d76356
Support Prometheus_client 0.4.0+ (#5636) 2019-07-18 23:57:15 +10:00
Richard van der Hoff 1def298119
Improve `Depends` specs in debian package. (#5675)
This is basically a contrived way of adding a `Recommends` on `libpq5`, to fix #5653.

The way this is supposed to happen in debhelper is to run
`dh_shlibdeps`, which in turn runs `dpkg-shlibdeps`, which spits things out
into `debian/<package>.substvars` whence they can later be included by
`control`.

Previously, we had disabled `dh_shlibdeps`, mostly because `dpkg-shlibdeps`
gets confused about PIL's interdependent objects, but that's not really the
right thing to do and there is another way to work around that.

Since we don't always use postgres, we don't necessarily want a hard Depends on
libpq5, so I've actually ended up adding an explicit invocation of
`dpkg-shlibdeps` for `psycopg2`.

I've also updated the build-depends list for the package, which was missing a
couple of entries.
2019-07-17 17:47:07 +01:00
Richard van der Hoff 5f158ec039
Implement access token expiry (#5660)
Record how long an access token is valid for, and raise a soft-logout once it
expires.
2019-07-12 17:26:02 +01:00
Ulrik Günther d445b3ae57 Update reverse_proxy.rst (#5397)
Updates reverse_proxy.rst with information about nginx' URI normalisation.
2019-07-12 11:46:18 +01:00
Lrizika 39e9839a04 Improved docs on setting up Postgresql (#5661)
Added that synapse_user needs a database to access before it can auth
Noted you'll need to enable password auth, linked to pg_hba.conf docs
2019-07-11 14:31:36 +01:00
Jorik Schellekens 38a6d3eea7
Add basic opentracing support (#5544)
* Configure and initialise tracer

Includes config options for the tracer and sets up JaegerClient.

* Scope manager using LogContexts

We piggy-back our tracer scopes by using log context.
The current log context gives us the current scope. If new scope is
created we create a stack of scopes in the context.

* jaeger is a dependency now

* Carrier inject and extraction for Twisted Headers

* Trace federation requests on the way in and out.

The span is created in _started_processing and closed in
_finished_processing because we need a meaningful log context.

* Create logcontext for new scope.

Instead of having a stack of scopes in a logcontext we create a new
context for a new scope if the current logcontext already has a scope.

* Remove scope from logcontext if logcontext is top level

* Disable tracer if not configured

* typo

* Remove dependence on jaeger internals

* bools

* Set service name

* :Explicitely state that the tracer is disabled

* Black is the new black

* Newsfile

* Code style

* Use the new config setup.

* Generate config.

* Copyright

* Rename config to opentracing

* Remove user whitelisting

* Empty whitelist by default

* User ConfigError instead of RuntimeError

* Use isinstance

* Use tag constants for opentracing.

* Remove debug comment and no need to explicitely record error

* Two errors a "s(c)entry"

* Docstrings!

* Remove debugging brainslip

* Homeserver Whitlisting

* Better opentracing config comment

* linting

* Inclue worker name in service_name

* Make opentracing an optional dependency

* Neater config retreival

* Clean up dummy tags

* Instantiate tracing as object instead of global class

* Inlcude opentracing as a homeserver member.

* Thread opentracing to the request level

* Reference opetnracing through hs

* Instantiate dummy opentracin g for tests.

* About to revert, just keeping the unfinished changes just in case

* Revert back to global state, commit number:

9ce4a3d906

* Use class level methods in tracerutils

* Start and stop requests spans in a place where we
have access to the authenticated entity

* Seen it, isort it

* Make sure to close the active span.

* I'm getting black and blue from this.

* Logger formatting

Co-Authored-By: Erik Johnston <erik@matrix.org>

* Outdated comment

* Import opentracing at the top

* Return a contextmanager

* Start tracing client requests from the servlet

* Return noop context manager if not tracing

* Explicitely say that these are federation requests

* Include servlet name in client requests

* Use context manager

* Move opentracing to logging/

* Seen it, isort it again!

* Ignore twisted return exceptions on context exit

* Escape the scope

* Scopes should be entered to make them useful.

* Nicer decorator names

* Just one init, init?

* Don't need to close something that isn't open

* Docs make you smarter
2019-07-11 10:36:03 +01:00
Amber Brown 463b072b12
Move logging utilities out of the side drawer of util/ and into logging/ (#5606) 2019-07-04 00:07:04 +10:00
Richard van der Hoff b4fd86a9b4 Merge branch 'develop' into rav/saml2_client 2019-07-01 14:21:03 +01:00
Amber Brown be3b901ccd
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 18:19:09 +10:00
Daniel Hoffend 9646a593ac Added possibilty to disable local password authentication (#5092)
Signed-off-by: Daniel Hoffend <dh@dotlan.net>
2019-06-27 18:37:29 +01:00
Andrew Morgan c548dbc4b1
Make it clearer that the template dir is relative to synapse's root dir (#5543)
Helps address #5444
2019-06-27 18:20:17 +01:00
Richard van der Hoff 47fa836abb
Merge pull request #5313 from twrist/patch-1
Update HAProxy example rules
2019-06-27 00:53:48 +01:00
Richard van der Hoff dde4118341 update sample config 2019-06-27 00:41:04 +01:00
Richard van der Hoff a0acfcc73e update sample config 2019-06-26 23:56:28 +01:00
Andrew Morgan 3eb8c7b0eb Merge branch 'master' into develop
* master:
  Fix broken link in MSC1711 FAQ
  Update changelog to better expain password reset change (#5545)
2019-06-25 18:08:56 +01:00
Richard van der Hoff c8cb186260
Fix broken link in MSC1711 FAQ 2019-06-25 12:27:56 +01:00
Andrew Morgan 28604ab03d
Add info about black to code_style.rst (#5537)
Fixes #5533

Adds information about how to install and run black on the codebase.
2019-06-24 17:48:05 +01:00
Richard van der Hoff 4ac7ef4b67
Merge pull request #5524 from matrix-org/rav/new_cmdline_options
Add --data-dir and --open-private-ports options.
2019-06-24 17:25:57 +01:00
Brendan Abolivier deb4fe6ef3
Merge pull request #5534 from matrix-org/babolivier/federation-publicrooms
Split public rooms directory auth config in two
2019-06-24 16:08:02 +01:00
Brendan Abolivier bfe84e051e Split public rooms directory auth config in two 2019-06-24 15:42:31 +01:00
Richard van der Hoff 3f8a252dd8 Add "--open-private-ports" cmdline option
This is helpful when generating a config file for running synapse under docker.
2019-06-24 14:15:34 +01:00
Richard van der Hoff edea4bb5be Allow configuration of the path used for ACME account keys.
Because sticking it in the same place as the config isn't necessarily the right
thing to do.
2019-06-24 13:51:22 +01:00
Richard van der Hoff 6cda36777b Drop support for cpu_affinity (#5525)
This has no useful purpose on python3, and is generally a source of confusion.
2019-06-22 11:01:55 +10:00
Erik Johnston 60b912cf0d
Update docs/workers.rst
E_TOO_MANY_NEGATIVES

Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
2019-06-21 11:54:03 +01:00
Erik Johnston f3ab533374 Support pagination API in client_reader worker 2019-06-21 10:43:12 +01:00
Amber Brown 32e7c9e7f2
Run Black. (#5482) 2019-06-20 19:32:02 +10:00
Amber Brown eba7caf09f
Remove Postgres 9.4 support (#5448) 2019-06-18 00:59:00 +10:00
Brendan Abolivier f12e1f029c
Merge pull request #5440 from matrix-org/babolivier/third_party_event_rules
Allow server admins to define implementations of extra rules for allowing or denying incoming events
2019-06-14 19:37:59 +01:00
Brendan Abolivier f874b16b2e Add plugin APIs for implementations of custom event rules. 2019-06-14 18:16:03 +01:00
Neil Johnson 426218323b
Neilj/improve federation docs (#5419)
Add FAQ questions to federate.md. Add a health warning making it clear that the 1711 upgrade FAQ is now out of date.
2019-06-11 12:17:43 +01:00
Neil Johnson a11865016e
Set default room version to v4. (#5379)
Set default room version to v4.
2019-06-06 20:13:47 +01:00
Andrew Morgan 3719680ee4
Add ability to perform password reset via email without trusting the identity server (#5377)
Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.

This PR is a culmination of 3 smaller PRs which have each been separately reviewed:

* #5308
* #5345
* #5368
2019-06-06 17:34:07 +01:00
Richard van der Hoff 9fbb20a531
Stop hardcoding trust of old matrix.org key (#5374)
There are a few changes going on here:

* We make checking the signature on a key server response optional: if no
  verify_keys are specified, we trust to TLS to validate the connection.

* We change the default config so that it does not require responses to be
  signed by the old key.

* We replace the old 'perspectives' config with 'trusted_key_servers', which
  is also formatted slightly differently.

* We emit a warning to the logs every time we trust a key server response
  signed by the old key.
2019-06-06 17:33:11 +01:00
Neil Johnson 833c406b9b
Neilj/1.0 upgrade notes (#5371)
1.0 upgrade/install notes
2019-06-06 17:23:02 +01:00
Richard van der Hoff 7603a706eb Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification 2019-06-05 16:32:35 +01:00
Richard van der Hoff b4f1cd31f4 Update sample config 2019-06-05 15:30:10 +01:00
Richard van der Hoff 95ab2eb4a1
Fix notes about well-known and acme (#5357)
fixes #4951
2019-06-05 15:12:33 +01:00
Neil Johnson 26713515de
Neilj/mau tracking config explainer (#5284)
Improve documentation of monthly active user blocking and mau_trial_days
2019-06-05 13:16:23 +01:00
Ike Johnson 145f57897d
Update HAProxy example rules
These new rules allow a user to instead route only matrix traffic, allowing them to run matrix on the domain without affecting their existing websites
2019-06-02 23:10:27 +08:00
Erik Johnston 58cce39f3a
Merge pull request #5276 from matrix-org/babolivier/account_validity_job_delta
Allow configuring a range for the account validity startup job
2019-05-31 12:11:56 +01:00
Brendan Abolivier e975b15101 Sample config 2019-05-31 11:14:21 +01:00
Brendan Abolivier 6bfc5ad3a1 Sample config 2019-05-31 09:56:57 +01:00
Travis Ralston 3e1af5109c Clarify that the admin change password endpoint logs them out (#5303) 2019-05-31 09:45:46 +01:00
Erik Johnston 8541db741a
Merge pull request #5283 from aaronraimist/captcha-docs
Specify the type of reCAPTCHA key to use (#5013)
2019-05-29 19:02:27 +01:00
Amber Brown 0729ef01f8 regenerate sample config 2019-05-29 16:41:25 +10:00
Aaron Raimist f795595e95
Specify the type of reCAPTCHA key to use (#5013)
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-05-28 22:04:27 -05:00
Aaron Raimist 9b6f72663e
Fix docs on resetting the user directory (#5036)
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-05-28 20:54:01 -05:00
Brendan Abolivier 4aba561c65
Config and changelog 2019-05-28 16:55:10 +01:00
Richard van der Hoff dba9152d15
Add missing blank line in config (#5249) 2019-05-24 14:12:38 +01:00
Andrew Morgan 6368150a74
Add config option for setting homeserver's default room version (#5223)
Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present.

That hardcoded value is now located in the server.py config file.
2019-05-23 15:00:20 +01:00
Amber Brown 4a30e4acb4
Room Statistics (#4338) 2019-05-21 11:36:50 -05:00
Brendan Abolivier 6a5a70edf0
Merge pull request #5204 from matrix-org/babolivier/account_validity_expiration_date
Add startup background job for account validity
2019-05-21 14:55:15 +01:00
Brendan Abolivier 384122efa8
Doc 2019-05-21 14:39:36 +01:00
Richard van der Hoff da5ef0bb42 Merge remote-tracking branch 'origin/master' into develop 2019-05-17 12:39:48 +01:00
Richard van der Hoff 7ce1f97a13
Stop telling people to install the optional dependencies. (#5197)
* Stop telling people to install the optional dependencies.

They're optional.

Also update the postgres docs a bit for clarity(?)
2019-05-17 12:38:03 +01:00
Brendan Abolivier a5fe16c5a7
Changelog + sample config 2019-05-16 15:11:37 +01:00
Amber Brown f1e5b41388
Make all the rate limiting options more consistent (#5181) 2019-05-15 12:06:04 -05:00
Andrew Morgan 5a4b328f52 Add ability to blacklist ip ranges for federation traffic (#5043) 2019-05-13 19:05:06 +01:00
Gergely Polonkai cd3f30014a Make Prometheus snippet less confusing on the metrics collection doc (#4288)
Signed-off-by: Gergely Polonkai <gergely@polonkai.eu>
2019-05-10 09:15:08 +01:00
colonelkrud d9a02d1201 Add AllowEncodedSlashes to apache (#5068)
* Add AllowEncodedSlashes to apache

Add `AllowEncodedSlashes On` to apache config to support encoding for v3 rooms. "The AllowEncodedSlashes setting is not inherited by virtual hosts, and virtual hosts are used in many default Apache configurations, such as the one in Ubuntu. The workaround is to add the AllowEncodedSlashes setting inside a <VirtualHost> container (/etc/apache2/sites-available/default in Ubuntu)." Source: https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache

* change allowencodedslashes to nodecode
2019-05-09 23:27:04 +01:00
Matthew Hodgson c0e0740bef add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
This commit adds two config options:

* `restrict_public_rooms_to_local_users`

Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.

* `require_auth_for_profile_requests`

When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.

MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.

Groups have been intentionally omitted from this commit.
2019-05-08 18:26:56 +01:00
Richard van der Hoff 59e2d2694d
Remove the requirement to authenticate for /admin/server_version. (#5122)
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.

I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
2019-05-07 09:29:30 +01:00
Travis Ralston 3fdff14207 Fix spelling in server notices admin API docs (#5142) 2019-05-06 22:15:02 +01:00
Richard van der Hoff 4804206dbe Fix sample config
... after it got broken in 1565ebec2c.
2019-05-06 22:13:35 +01:00
Richard van der Hoff 836d3adcce Merge branch 'master' into develop 2019-05-03 19:25:01 +01:00
Richard van der Hoff 1565ebec2c more config comment updates 2019-05-03 15:50:59 +01:00
Richard van der Hoff 1a7104fde3 Blacklist 0.0.0.0 and :: by default for URL previews 2019-05-03 15:35:49 +01:00
Richard van der Hoff 12f9d51e82
Add admin api for sending server_notices (#5121) 2019-05-02 11:59:16 +01:00
Brendan Abolivier c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
Brendan Abolivier 84196cb231 Add some limitations to alias creation 2019-05-02 11:05:11 +01:00
Richard van der Hoff cc4bd762df Fix sample config 2019-05-01 16:48:23 +01:00
Richard van der Hoff 8e9ca83537 Move admin API to a new prefix 2019-05-01 15:44:30 +01:00
Brendan Abolivier c1799b0f85
Merge pull request #5116 from matrix-org/babolivier/account_expiration
Fix path in account validity admin route's doc
2019-05-01 11:59:56 +01:00
Brendan Abolivier 031919dafb Fix whole path for admin route 2019-05-01 11:38:27 +01:00
Brendan Abolivier d8e357b7cf Fix typo in account validity admin route 2019-05-01 11:34:22 +01:00
Andrew Morgan 6824ddd93d Config option for verifying federation certificates (MSC 1711) (#4967) 2019-04-25 14:22:49 +01:00
Erik Johnston ca90336a69 Merge branch 'develop' of github.com:matrix-org/synapse into babolivier/account_expiration 2019-04-17 19:44:40 +01:00
Brendan Abolivier eaf41a943b Add management endpoints for account validity 2019-04-17 19:34:45 +01:00
Brendan Abolivier 91934025b9
Merge pull request #5047 from matrix-org/babolivier/account_expiration
Send out emails with links to extend an account's validity period
2019-04-17 14:57:39 +01:00
Brendan Abolivier 20f0617e87 Send out emails with links to extend an account's validity period 2019-04-17 14:42:20 +01:00
Erik Johnston 6e27a8620f
Merge pull request #5063 from matrix-org/erikj/move_endpoints
Move some rest endpoints to client reader
2019-04-15 18:55:01 +01:00
Erik Johnston ec638a1602 Only handle GET requests for /push_rules 2019-04-15 18:51:48 +01:00
Erik Johnston d5adf297e6 Move some rest endpoints to client reader 2019-04-15 17:21:03 +01:00
Brendan Abolivier bfc8fdf1fc
Merge pull request #5027 from matrix-org/babolivier/account_expiration
Add time-based account expiration
2019-04-09 17:02:41 +01:00
Brendan Abolivier 747aa9f8ca Add account expiration feature 2019-04-09 16:46:04 +01:00
Neil Johnson b25e387c0d
add context to phonehome stats (#5020)
add context to phonehome stats
2019-04-08 15:47:39 +01:00
Brendan Abolivier 8e85493b0c
Add config option to block users from looking up 3PIDs (#5010) 2019-04-04 17:25:47 +01:00
Erik Johnston c192bf8970 Add admin API for group deletion 2019-04-03 16:29:52 +01:00
Andrew Morgan bbd244c7b2
Support 3PID login in password providers (#4931)
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
2019-03-26 17:48:30 +00:00
Richard van der Hoff 7105057cf2
Fix nginx example in ACME doc. (#4923) 2019-03-25 09:59:36 +00:00
Colin W ab4e4c6c2f Update Apache Setup To Remove Location Syntax (#4870)
This one should close #4841. Many thanks to @dev4223 for bringing it up and finding a solution.

Signed-off-by: Colin White
2019-03-21 14:05:56 +00:00
Erik Johnston 09f991a63d
Merge pull request #4896 from matrix-org/erikj/disable_room_directory
Add option to disable search room lists
2019-03-21 10:16:54 +00:00
Erik Johnston 263f2c9ce1
Merge pull request #4895 from matrix-org/erikj/disable_user_search
Add option to disable searching in the user dir
2019-03-20 16:47:15 +00:00
Richard van der Hoff a902d13180
Batch up outgoing read-receipts to reduce federation traffic. (#4890)
Rate-limit outgoing read-receipts as per #4730.
2019-03-20 16:02:25 +00:00
Erik Johnston cd8c5b91ad Fix up sample config 2019-03-20 14:35:41 +00:00
Erik Johnston 926f29ea6d Fix up config comments 2019-03-20 14:24:53 +00:00
Erik Johnston 213c98c00a Add option to disable search room lists
This disables both local and remote room list searching.
2019-03-19 17:10:52 +00:00
Erik Johnston 855bf4658d Update sample config 2019-03-19 16:47:04 +00:00
Erik Johnston b616a8717b Add note on tuning postgres 2019-03-19 16:05:32 +00:00
Richard van der Hoff d2a537ea60 Merge remote-tracking branch 'origin/master' into develop 2019-03-19 10:37:50 +00:00
Michael Kaye 9482a84c0a Repoint docs for federation (#4881) 2019-03-19 10:37:18 +00:00
Richard van der Hoff fd463b4f5d
Comment out most options in the generated config. (#4863)
Make it so that most options in the config are optional, and commented out in
the generated config.

The reasons this is a good thing are as follows:

* If we decide that we should change the default for an option, we can do so,
  and only those admins that have deliberately chosen to override that option
  will be stuck on the old setting.

* It moves us towards a point where we can get rid of the super-surprising
  feature of synapse where the default settings for the config come from the
  generated yaml.

* It makes setting up a test config for unit testing an order of magnitude
  easier (see forthcoming PR).

* It makes the generated config more consistent, and hopefully easier for users
  to understand.
2019-03-19 10:06:40 +00:00
Brendan Abolivier 651ad8bc96 Add ratelimiting on failed login attempts (#4865) 2019-03-18 12:57:20 +00:00
Brendan Abolivier 899e523d6d
Add ratelimiting on login (#4821)
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
Richard van der Hoff 9ffadcdbad
fix some typos in federate.md 2019-03-15 09:43:24 +00:00
Andrew Morgan 7998ca3a66
Document using a certificate with a full chain (#4849) 2019-03-13 15:26:29 +00:00
Neil Johnson 332b60ec68 Merge branch 'master' of github.com:matrix-org/synapse into develop 2019-03-12 17:15:21 +00:00
Neil Johnson 83193a9362
fix orphaned sentence 2019-03-12 16:57:17 +00:00
Neil Johnson 8b692bf7c2
Neilj/improved delegation doc 2 (#4832)
Improved federation configuration docs.  Specifically detailing  .well-known and SRV based delegation methods. 

Inspiration Valentin Lab <valentin.lab@kalysto.org> for https://github.com/matrix-org/synapse/pull/4781
2019-03-12 14:23:28 +00:00
Aaron Raimist 8ea1b41a0e Clarify what registration_shared_secret allows for (#2885) (#4844)
* Clarify what registration_shared_secret allows for (#2885)

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Add changelog

Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-03-11 18:21:52 +00:00
Matthew Hodgson 8f4b9f5210 Reword the sample config header to be less scary (#4801) 2019-03-07 07:09:01 +00:00
Brendan Abolivier c23e8c3333 Update sample config 2019-03-05 18:03:48 +00:00
Erik Johnston 16c8b4ecbd
Merge pull request #4772 from jbweston/jbweston/server-version-api
Add 'server_version' endpoint to admin API
2019-03-05 16:31:00 +00:00
Brendan Abolivier a4c3a361b7
Add rate-limiting on registration (#4735)
* Rate-limiting for registration

* Add unit test for registration rate limiting

* Add config parameters for rate limiting on auth endpoints

* Doc

* Fix doc of rate limiting function

Co-Authored-By: babolivier <contact@brendanabolivier.com>

* Incorporate review

* Fix config parsing

* Fix linting errors

* Set default config for auth rate limiting

* Fix tests

* Add changelog

* Advance reactor instead of mocked clock

* Move parameters to registration specific config and give them more sensible default values

* Remove unused config options

* Don't mock the rate limiter un MAU tests

* Rename _register_with_store into register_with_store

* Make CI happy

* Remove unused import

* Update sample config

* Fix ratelimiting test for py2

* Add non-guest test
2019-03-05 14:25:33 +00:00
Erik Johnston c3c542bb4a
Merge pull request #4796 from matrix-org/erikj/factor_out_e2e_keys
Allow /keys/{changes,query} API to run on worker
2019-03-05 09:06:25 +00:00
Erik Johnston bfa7d46a10 Allow /keys/{changes,query} API to run on worker 2019-03-04 18:30:01 +00:00
Richard van der Hoff 8e28bc5eee
Include a default configuration file in the 'docs' directory. (#4791) 2019-03-04 17:14:58 +00:00
Seebi aba5eeabd5 Fix v4v6 option in HAProxy example config (#4790)
The v4v6 option only has a usage one ipv6 socket: https://serverfault.com/q/747895

Signed-off-by: Flakebi <flakebi@t-online.de>
2019-03-04 13:19:41 +00:00
Joseph Weston 144cbfd650
add API documentation
Signed-off-by: Joseph Weston <joseph@weston.cloud>
2019-03-02 03:07:04 +01:00
Erik Johnston 76550c58d2
Merge pull request #4759 from matrix-org/erikj/3pid_client_reader
Move /account/3pid to client_reader
2019-02-27 16:11:21 +00:00
Erik Johnston 54f9ce11a7 Move /account/3pid to client_reader 2019-02-27 14:26:08 +00:00
Erik Johnston 4cff9376f7 Move server key queries to federation reader 2019-02-27 13:43:53 +00:00
Erik Johnston 7590e9fa28
Merge pull request #4749 from matrix-org/erikj/replication_connection_backoff
Fix tightloop over connecting to replication server
2019-02-27 11:00:59 +00:00
Paul Tötterman 4bc7483518 Fix apache reverse proxy example (#4742)
So that it actually works. See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

Signed-off-by: Paul Tötterman <paul.totterman@iki.fi>
2019-02-26 18:01:45 +00:00
Erik Johnston 313987187e Fix tightloop over connecting to replication server
If the client failed to process incoming commands during the initial set
up of the replication connection it would immediately disconnect and
reconnect, resulting in a tightloop.

This can happen, for example, when subscribing to a stream that has a
row that is too long in the backlog.

The fix here is to not consider the connection successfully set up until
the client has succesfully subscribed and caught up with the streams.
This ensures that the retry logic timers aren't reset until then,
meaning that if an error does happen during start up the client will
continue backing off before retrying again.
2019-02-26 15:05:41 +00:00
Richard van der Hoff fcd6f01dc7
Minor tweaks to acme docs (#4689) 2019-02-22 10:56:42 +00:00
Benoît S 16e0680498 Added HAProxy example (#4660)
* Added HAProxy example

Proposal of an example with HAProxy. Asked by #4541.

Signed-off-by: Benoît S. (“Benpro”) <gitlab@benpro.fr>

* Following suggestions of @richvdh
2019-02-21 17:44:10 +00:00
Erik Johnston c003450057
Merge pull request #4671 from matrix-org/erikj/state_cache_invalidation
Batch cache invalidation over replication
2019-02-19 13:14:30 +00:00
Erik Johnston 62175a20e5 Docs 2019-02-19 11:38:40 +00:00
Erik Johnston bc8fa1509d Documentation 2019-02-19 11:24:59 +00:00
Erik Johnston 128902d60a Update worker docs 2019-02-18 17:21:51 +00:00
Erik Johnston 8b9ae6d3a6 Update docs 2019-02-18 15:26:13 +00:00
Richard van der Hoff 00cf679bf2 Synapse 0.99.1 (2019-02-14)
===========================
 
 Features
 --------
 
 - Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902))
 - Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420))
 - Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522))
 - Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580))
 - Allow the "unavailable" presence status for /sync.
   This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592))
 - There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613), [\#4615](https://github.com/matrix-org/synapse/issues/4615), [\#4617](https://github.com/matrix-org/synapse/issues/4617), [\#4636](https://github.com/matrix-org/synapse/issues/4636))
 - The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614))
 
 Bugfixes
 --------
 
 - Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530))
 - Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546))
 - Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589))
 - Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591))
 - Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608))
 - Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618))
 - Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625))
 - Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626), [\#4627](https://github.com/matrix-org/synapse/issues/4627))
 
 Internal Changes
 ----------------
 
 - Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462))
 - Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513))
 - Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567))
 - Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576))
 - Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578))
 - Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584))
 - Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586))
 - Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607))
 - Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611))
 - Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616))
 - Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619))
 - README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621))
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCgAxFiEEQlNDQm4FMsm53u1sih+T1XW16NUFAlxlemgTHHJpY2hhcmRA
 bWF0cml4Lm9yZwAKCRCKH5PVdbXo1eKYCACR9TcOvMver/YyD2qP+dY6Lt24f8zG
 zYYzHGAHin+p204q8Pp6o0XLe4UuLDuhAyNVPZyj1wzwHYdubRvdah1uFwPdxmCY
 tGbJG5p37ykSEfEwcxdXEjYfPqflOwQL5aCeXyCCLWSdVVFKkWCXGgw8F6WPkgrI
 QwWKTfsM3wCnfa8ryKAXHxcmX2G1JncZ0ouUZTVNz5vokBsA19IaLvfJ5Rv3Kk59
 eXsBB/yE+9Dat4A439AGfVDQDKiGYvuhppJmUdYRMqxulzakd8diyZqBDAHZafqt
 QdjxnDx2e0OtSxI3RSevABnDnNyJ4NsUEtrny1Lh/MV72T9K3yEbHuwH
 =UCD1
 -----END PGP SIGNATURE-----

Merge tag 'v0.99.1'

Synapse 0.99.1 (2019-02-14)
===========================

Features
--------

- Include m.room.encryption on invites by default ([\#3902](https://github.com/matrix-org/synapse/issues/3902))
- Federation OpenID listener resource can now be activated even if federation is disabled ([\#4420](https://github.com/matrix-org/synapse/issues/4420))
- Synapse's ACME support will now correctly reprovision a certificate that approaches its expiry while Synapse is running. ([\#4522](https://github.com/matrix-org/synapse/issues/4522))
- Add ability to update backup versions ([\#4580](https://github.com/matrix-org/synapse/issues/4580))
- Allow the "unavailable" presence status for /sync.
  This change makes Synapse compliant with r0.4.0 of the Client-Server specification. ([\#4592](https://github.com/matrix-org/synapse/issues/4592))
- There is no longer any need to specify `no_tls`: it is inferred from the absence of TLS listeners ([\#4613](https://github.com/matrix-org/synapse/issues/4613), [\#4615](https://github.com/matrix-org/synapse/issues/4615), [\#4617](https://github.com/matrix-org/synapse/issues/4617), [\#4636](https://github.com/matrix-org/synapse/issues/4636))
- The default configuration no longer requires TLS certificates. ([\#4614](https://github.com/matrix-org/synapse/issues/4614))

Bugfixes
--------

- Copy over room federation ability on room upgrade. ([\#4530](https://github.com/matrix-org/synapse/issues/4530))
- Fix noisy "twisted.internet.task.TaskStopped" errors in logs ([\#4546](https://github.com/matrix-org/synapse/issues/4546))
- Synapse is now tolerant of the `tls_fingerprints` option being None or not specified. ([\#4589](https://github.com/matrix-org/synapse/issues/4589))
- Fix 'no unique or exclusion constraint' error ([\#4591](https://github.com/matrix-org/synapse/issues/4591))
- Transfer Server ACLs on room upgrade. ([\#4608](https://github.com/matrix-org/synapse/issues/4608))
- Fix failure to start when not TLS certificate was given even if TLS was disabled. ([\#4618](https://github.com/matrix-org/synapse/issues/4618))
- Fix self-signed cert notice from generate-config. ([\#4625](https://github.com/matrix-org/synapse/issues/4625))
- Fix performance of `user_ips` table deduplication background update ([\#4626](https://github.com/matrix-org/synapse/issues/4626), [\#4627](https://github.com/matrix-org/synapse/issues/4627))

Internal Changes
----------------

- Change the user directory state query to use a filtered call to the db instead of a generic one. ([\#4462](https://github.com/matrix-org/synapse/issues/4462))
- Reject federation transactions if they include more than 50 PDUs or 100 EDUs. ([\#4513](https://github.com/matrix-org/synapse/issues/4513))
- Reduce duplication of ``synapse.app`` code. ([\#4567](https://github.com/matrix-org/synapse/issues/4567))
- Fix docker upload job to push -py2 images. ([\#4576](https://github.com/matrix-org/synapse/issues/4576))
- Add port configuration information to ACME instructions. ([\#4578](https://github.com/matrix-org/synapse/issues/4578))
- Update MSC1711 FAQ to calrify .well-known usage ([\#4584](https://github.com/matrix-org/synapse/issues/4584))
- Clean up default listener configuration ([\#4586](https://github.com/matrix-org/synapse/issues/4586))
- Clarifications for reverse proxy docs ([\#4607](https://github.com/matrix-org/synapse/issues/4607))
- Move ClientTLSOptionsFactory init out of `refresh_certificates` ([\#4611](https://github.com/matrix-org/synapse/issues/4611))
- Fail cleanly if listener config lacks a 'port' ([\#4616](https://github.com/matrix-org/synapse/issues/4616))
- Remove redundant entries from docker config ([\#4619](https://github.com/matrix-org/synapse/issues/4619))
- README updates ([\#4621](https://github.com/matrix-org/synapse/issues/4621))
2019-02-14 14:41:40 +00:00
Richard van der Hoff c475275926
Clarifications for reverse proxy docs (#4607)
Factor out the reverse proxy info to a separate file, add some more info on
reverse-proxying the federation port.
2019-02-11 11:44:28 +00:00
Erik Johnston 4588b0d64a
Update MSC1711_certificates_FAQ.md
Fix incorrect heading level
2019-02-08 09:37:16 +00:00
Erik Johnston acb2ac5863 Update MSC1711 FAQ to be explicit about well-known (#4584)
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.

Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:30:32 +00:00
Richard van der Hoff 7cadc4c918 cleanups 2019-02-07 19:29:20 +00:00
Richard van der Hoff 188ad47e73 Merge branch 'master' into erikj/msc1711_faq 2019-02-07 19:27:42 +00:00
Erik Johnston 9285d5c2ce Update MSC1711 FAQ to be explicit about well-known
A surprising number of people are using the well-known method, and are
simply copying the example configuration. This is problematic as the
example includes an explicit port, which causes inbound federation
requests to have the HTTP Host header include the port, upsetting some
reverse proxies.

Given that, we update the well-known example to be more explicit about
the various ways you can set it up, and the consequence of using an
explict port.
2019-02-07 19:24:11 +00:00
Richard van der Hoff 624b172e08 Merge remote-tracking branch 'origin/release-v0.99.0' 2019-02-07 19:18:26 +00:00
Andrew Morgan c17b128b83 Update ACME docs to include port instructions (#4578) 2019-02-07 19:18:08 +00:00
Richard van der Hoff 9b7aa543d9
clarify option 1 2019-02-07 18:46:02 +00:00
Richard van der Hoff b05dd4ac06 faq cleanups 2019-02-05 18:59:57 +00:00
Richard van der Hoff 39bf0ea2e8
Add notes on SRV and .well-known (#4573) 2019-02-05 18:11:26 +00:00
Andrew Morgan 4a7524ffd3
Merge pull request #4570 from matrix-org/anoa/self_signed_upgrade
Add ACME docs and link to it from README and INSTALL
2019-02-05 17:34:43 +00:00
Neil Johnson 6585ef4799
Neilj/1711faq (#4572)
MSC1711 certificates FAQ
2019-02-05 17:19:28 +00:00
Andrew Morgan a6345009f9 Add TL;DR and final step details to ACME 2019-02-05 17:04:34 +00:00
Andrew Morgan 56cb34ba8b Merge branch 'anoa/self_signed_upgrade' of github.com:matrix-org/synapse into anoa/self_signed_upgrade 2019-02-05 16:53:05 +00:00
Andrew Morgan 2ca63df83b Update ACME 2019-02-05 16:50:00 +00:00
Richard van der Hoff 13828f7d58
Update docs/ACME.md
Co-Authored-By: anoadragon453 <1342360+anoadragon453@users.noreply.github.com>
2019-02-05 16:46:28 +00:00
Andrew Morgan ffcbd80982 Actually add ACME docs 2019-02-05 15:50:18 +00:00
Andrew Morgan cbdc01cc3b Convert ACME docs to md 2019-02-05 15:38:27 +00:00
Andrew Morgan 08b26afeee Move ACME docs to docs/ACME.rst and link from UPGRADE. 2019-02-05 15:33:23 +00:00
Krithin Sitaram 98df67a8de Remove mention of lt-cred-mech in the sample coturn config. (#4333)
* Remove mention of lt-cred-mech in the sample coturn config.

See https://github.com/coturn/coturn/pull/262 for more context.
Also clean up some minor formatting issues while I'm here.

* Add changelog.

Signed-off-by: Krithin Sitaram <krithin@gmail.com>
2018-12-28 23:31:49 +00:00
Neil Johnson d2f7c4e6b1
create support user (#4141)
Allow for the creation of a support user.

A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.
2018-12-14 18:20:59 +00:00
Richard van der Hoff de8772a655 Do a GC after each test to fix logcontext leaks (#4227)
* Some words about garbage collections and logcontexts

* Do a GC after each test to fix logcontext leaks

This feels like an awful hack, but...

* changelog
2018-11-27 13:00:33 +11:00
Aaron Raimist f6cbef6332
Add a note saying you need to manually reclaim disk space
People keep asking why their database hasn't gotten smaller after using this API.

Signed-off-by: Aaron Raimist <aaron@raim.ist>
2018-11-18 12:38:04 -06:00
Travis Ralston 0f5e51f726 Add config variables for enabling terms auth and the policy name (#4142)
So people can still collect consent the old way if they want to.
2018-11-06 10:32:34 +00:00
Travis Ralston 22a2004428 Update documentation and templates for new consent 2018-10-12 17:53:14 -06:00
Travis Ralston 1ca2744621
Merge pull request #3734 from matrix-org/travis/worker-docs
Reference that the federation_reader needs the HTTP replication port set
2018-08-23 07:51:46 -06:00
Erik Johnston 764030cf63
Merge pull request #3659 from matrix-org/erikj/split_profiles
Allow profile updates to happen on workers
2018-08-22 11:35:55 +01:00
Travis Ralston dd0ac1614c
Reference that the federation_reader needs the HTTP replication port set 2018-08-21 23:35:50 -06:00
Amber Brown c334ca67bb
Integrate presence from hotfixes (#3694) 2018-08-18 01:08:45 +10:00
Erik Johnston 782689bd40 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/split_profiles 2018-08-17 14:15:48 +01:00
Travis Ralston a8ffc27db7
Update the admin register documentation to return a real user ID
Presumably this is the intention anyways. I've also updated the domain part to be something more along the lines of what people might expect.
2018-08-17 02:46:25 -06:00
Erik Johnston 5c6226707d Update docs/workers.rst 2018-08-09 10:37:42 +01:00
Erik Johnston f81f421086 Update workers.rst with new paths 2018-08-07 10:51:35 +01:00
Erik Johnston 0b0b24cb82 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/client_apis_move 2018-07-23 13:21:15 +01:00
Erik Johnston 4fc52b1037 Update docs/workers.rst 2018-07-23 13:20:43 +01:00
Amber Brown e1a237eaab
Admin API for creating new users (#3415) 2018-07-20 22:41:13 +10:00
Matthew Hodgson 9570aa82eb update doc for deactivate API 2018-06-26 10:42:50 +01:00
Amber Brown 304bb22c1d
Fix metric documentation tables (#3341) 2018-06-06 15:52:37 +10:00
Richard van der Hoff 617afee069
Merge pull request #3340 from ArchangeGabriel/patch-1
doc/postgres.rst: fix display of the last command block
2018-06-05 17:45:17 +01:00
Bruno Pagani b50f18171d
doc/postgres.rest: fix displaying of the last command block
Also indent all of them with 4 spaces.
2018-06-04 22:41:52 +00:00
Richard van der Hoff c2c3092cce
code_style.rst: formatting 2018-05-31 16:11:34 +01:00
Amber Brown febe0ec8fd
Run Prometheus on a different port, optionally. (#3274) 2018-05-31 19:04:50 +10:00
Richard van der Hoff 757ed27258 Let users leave the server notice room after joining
They still can't reject invites, but we let them leave it.
2018-05-25 11:07:21 +01:00
Richard van der Hoff 9bf4b2bda3 Allow overriding the server_notices user's avatar
probably should have done this in the first place, like @turt2live suggested.
2018-05-23 17:43:30 +01:00
Richard van der Hoff e206b2c9ac
consent_tracking.md: clarify link 2018-05-23 15:57:10 +01:00
Richard van der Hoff 2df8c3139a minor post-review tweaks 2018-05-23 15:39:52 +01:00
Richard van der Hoff cd8ab9a0d8 mention public_baseurl 2018-05-23 14:43:09 +01:00
Richard van der Hoff 1cbb8e5a33 fix wrapping 2018-05-23 13:58:28 +01:00
Richard van der Hoff 052d08a6a5 Using the manhole to send server notices 2018-05-23 13:55:39 +01:00
Richard van der Hoff 5ad1149f38 Notes on the manhole 2018-05-23 13:47:34 +01:00
Richard van der Hoff 563606b8f2
consent_tracking: formatting etc 2018-05-23 12:37:39 +01:00
Richard van der Hoff 2574ea3dc8
server_notices.md: fix link 2018-05-23 12:34:34 +01:00
Richard van der Hoff 833db2d922 consent tracking docs 2018-05-23 12:32:38 +01:00
Richard van der Hoff e7598b666b Some docs about server notices 2018-05-23 11:14:23 +01:00
Richard van der Hoff 7b36d06a69 Add a 'has_consented' template var to consent forms
fixes #3260
2018-05-22 14:58:34 +01:00
Neil Johnson 2725223f08 Merge branch 'master' into develop 2018-05-18 14:07:50 +01:00
rubo77 616da9eb1d postgres.rst: Add instructions how to setup the postgres user and clarify the final step 2018-05-17 11:48:56 +02:00
Richard van der Hoff 47815edcfa ConsentResource to gather policy consent from users
Hopefully there are enough comments and docs in this that it makes sense on its
own.
2018-05-15 15:11:59 +01:00
Richard van der Hoff 13decdbf96 Revert "Merge pull request #3066 from matrix-org/rav/remove_redundant_metrics"
We aren't ready to release this yet, so I'm reverting it for now.

This reverts commit d1679a4ed7, reversing
changes made to e089100c62.
2018-04-09 12:59:12 +01:00
Richard van der Hoff 551422051b
Merge pull request #2886 from turt2live/travis/new-worker-docs
Add a blurb explaining the main synapse worker
2018-04-05 17:33:09 +01:00
Richard van der Hoff 518f6de088 Remove redundant metrics which were deprecated in 0.27.0. 2018-04-04 19:46:28 +01:00
Travis Ralston 88964b987e Merge remote-tracking branch 'matrix-org/develop' into travis/new-worker-docs 2018-04-04 08:46:56 -06:00
Travis Ralston 204fc98520 Document the additional routes for the event_creator worker
Fixes https://github.com/matrix-org/synapse/issues/3018

Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-04-04 08:46:17 -06:00
Travis Ralston 301b339494 Move the mention of the main synapse worker higher up
Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-04-04 08:45:51 -06:00
Erik Johnston 873aea7168
Merge pull request #3002 from matrix-org/rav/purge_doc
Update purge_history_api.rst
2018-03-15 13:31:54 +00:00
Richard van der Hoff 0ad5125814
Update purge_history_api.rst
clarify that `purge_history` will not purge state
2018-03-15 11:05:42 +00:00
Travis Ralston c33c1ceddd
OCD: Make the event_creator routes regex a code block
All the others are code blocks, so this one should be to (currently it is a blockquote).

Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-03-14 11:09:08 -06:00
Richard van der Hoff e48c7aac4d Add transactional API to history purge
Make the purge request return quickly, and allow scripts to poll for updates.
2018-03-12 16:22:55 +00:00
Richard van der Hoff 20f40348d4 Factor run_in_background out from preserve_fn
It annoys me that we create temporary function objects when there's really no
need for it. Let's factor the gubbins out of preserve_fn and start using it.
2018-03-08 11:50:11 +00:00
Richard van der Hoff f8bfcd7e0d Provide a means to pass a timestamp to purge_history 2018-03-05 14:37:23 +00:00
Travis Ralston 923d9300ed Add a blurb explaining the main synapse worker
Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-02-17 21:53:46 -07:00
Erik Johnston c0c9327fe0
Merge pull request #2854 from matrix-org/erikj/event_create_worker
Create a worker for event creation
2018-02-13 18:07:10 +00:00
Erik Johnston 059d3a6c8e Update docs 2018-02-13 17:53:56 +00:00
Richard van der Hoff 8fd1a32456 Fix typos in purge api & doc
* It's supposed to be purge_local_events, not ..._history
* Fix the doc to have valid json
2018-02-13 13:09:39 +00:00
Erik Johnston 32c7b8e48b Update workers docs to include http port 2018-02-12 17:21:23 +00:00
Richard van der Hoff 10b34dbb9a
Merge pull request #2858 from matrix-org/rav/purge_updates
delete_local_events for purge_room_history
2018-02-09 14:11:00 +00:00
Richard van der Hoff 74fcbf741b delete_local_events for purge_history
Add a flag which makes the purger delete local events
2018-02-09 13:07:41 +00:00
Erik Johnston f133228cb3 Add note in docs/workers.rst 2018-02-07 10:34:31 +00:00
Travis Ralston 3af53c183a Add admin api documentation for list media endpoint
Signed-off-by: Travis Ralston <travpc@gmail.com>
2018-01-31 08:15:59 -07:00
Richard van der Hoff ee7a1cabd8 document metrics changes 2018-01-16 13:04:01 +00:00
Richard van der Hoff 68ca864141 Add config option to disable media_repo on main synapse
... to stop us doing the cache cleanup jobs on the master.
2017-11-22 16:20:27 +00:00
Richard van der Hoff a0c6688976 Improve documentation of workers
Fixes https://github.com/matrix-org/synapse/issues/2554
2017-11-21 18:28:13 +00:00
Richard van der Hoff 7e6fa29cb5 Remove preserve_context_over_{fn, deferred}
Both of these functions ae known to leak logcontexts. Replace the remaining
calls to them and kill them off.
2017-11-14 11:22:42 +00:00
Matthew Hodgson 2ac6deafb7 simplify instructions for regenerating user_dir 2017-11-04 19:34:59 +00:00
Richard van der Hoff 1189be43a2 Factor _AccountHandler proxy out to ModuleApi
We're going to need to use this from places that aren't password auth, so let's
move it to a proper class.
2017-11-02 14:36:11 +00:00
David Baker b19d9e2174
Merge pull request #2624 from matrix-org/rav/password_provider_notify_logout
Notify auth providers on logout
2017-11-02 10:55:17 +00:00
Richard van der Hoff bc8a5c0330 Notify auth providers on logout
Provide a hook by which auth providers can be notified of logouts.
2017-11-01 16:51:51 +00:00
Richard van der Hoff 4c8f94ac94 Allow password_auth_providers to return a callback
... so that they have a way to record access tokens.
2017-11-01 16:51:03 +00:00
Richard van der Hoff 3cd6b22c7b Let password auth providers handle arbitrary login types
Provide a hook where password auth providers can say they know about other
login types, and get passed the relevant parameters
2017-11-01 16:43:57 +00:00
Richard van der Hoff 1650eb5847 DB schema interface for password auth providers
Provide an interface by which password auth providers can register db schema
files to be run at startup
2017-10-31 14:01:53 +00:00
Richard van der Hoff ebda45de4c Start some documentation on password providers
Document the existing interface, before I start adding new stuff.
2017-10-31 10:47:52 +00:00
Matthew Hodgson e51c2bcaef move url_previews to MD as RST does my head in 2017-10-29 20:47:17 +00:00
Richard van der Hoff 1eb300e1fc Document import rules 2017-10-26 11:55:41 +01:00
Richard van der Hoff f7f6bfaae4 code_style: more formatting 2017-10-26 11:55:41 +01:00
Richard van der Hoff 351cc35342 code_style.rst: a couple of tidyups 2017-10-26 10:29:26 +01:00
Erik Johnston ffba978077 Merge branch 'release-v0.24.0' of github.com:matrix-org/synapse 2017-10-23 13:13:53 +01:00
Ander Punnar b2e02084b8 make it absolutely clear that Purge History API does not remove all traces of events and message contents
because this topic pops up too often

#890 #1621 #1730 #2260 #2315 and so on
2017-10-14 13:25:42 +03:00
Matthew Hodgson 64665b57d0 oops 2017-10-13 14:26:07 +01:00
Matthew Hodgson 931fc43cc8 fix copyright to companies which actually exist(ed) 2017-10-13 13:54:31 +01:00
Paul Tötterman 8b16b43b7f Document known to work postgres version 2017-09-01 16:52:45 +03:00
Sean Enck 719aec4064
clarify metric setup to use 'scrape_configs' section of yaml and use an array for target 2017-04-21 11:03:32 -04:00
Richard van der Hoff cea7839911 Document some of the admin APIs (#2143)
I haven't (yet) documented all of the user-list APIs introduced in
https://github.com/matrix-org/synapse/pull/1784 because the API shape seems
very odd, given the functionality.
2017-04-21 11:55:07 +01:00
Erik Johnston 82301b6c29 Remove last reference to worker_replication_url 2017-04-12 10:21:02 +01:00
Erik Johnston 6f65e2f90c Update replication docs 2017-04-11 16:21:12 +01:00
Erik Johnston 323634bf8b Update workers docs 2017-04-11 16:19:52 +01:00
Erik Johnston 62b89daac6 Merge branch 'develop' of github.com:matrix-org/synapse into erikj/repl_tcp_server 2017-04-04 09:46:16 +01:00
Erik Johnston 142b6b4abf Merge pull request #2011 from matrix-org/matthew/turn_allow_guests
add setting (on by default) to support TURN for guests
2017-03-31 14:37:09 +01:00
Erik Johnston 07a32d192c Merge pull request #1961 from benhylau/patch-1
Clarify doc for SQLite to PostgreSQL port
2017-03-31 14:13:26 +01:00
Erik Johnston b4276a3896 Add a brief list of commands to docs 2017-03-31 11:34:45 +01:00
Erik Johnston bfcf016714 Fix up docs 2017-03-31 11:19:24 +01:00
Erik Johnston 31e0fe9031 Fix indentation in docs/ 2017-03-30 13:54:15 +01:00
Richard van der Hoff f9b4bb05e0 Fix the logcontext handling in the cache wrappers (#2077)
The cache wrappers had a habit of leaking the logcontext into the reactor while
the lookup function was running, and then not restoring it correctly when the
lookup function had completed. It's all the fault of
`preserve_context_over_{fn,deferred}` which are basically a bit broken.
2017-03-30 13:22:24 +01:00
Erik Johnston 7450693435 Initial TCP protocol implementation
This defines the low level TCP replication protocol
2017-03-30 12:54:46 +01:00
Richard van der Hoff a4cb21659b log_contexts.rst: fix formatting of Note block
Apparently the github RST renderer doesn't like Note blocks.
2017-03-20 12:01:26 +00:00
Richard van der Hoff d78d08981a log_contexts.rst: fix typos 2017-03-18 22:47:37 +00:00
Richard van der Hoff d2d146a314 Logcontext docs 2017-03-17 23:59:28 +00:00
Matthew Hodgson e0ff66251f add setting (on by default) to support TURN for guests 2017-03-15 12:22:18 +00:00
Benedict Lau 92312aa3e6 Clarify doc for SQLite to PostgreSQL port 2017-03-01 01:30:11 -05:00
Richard van der Hoff 11940d462a Merge remote-tracking branch 'origin/master' into develop 2017-02-20 09:14:43 +00:00
Richard van der Hoff 6184f6fcbc Update metrics-howto.rst 2017-02-19 23:06:45 +00:00
Richard van der Hoff e556aefe0a Update metrics-howto.rst 2017-02-19 23:06:08 +00:00
Richard van der Hoff 7efb38d1dd Update metrics-howto.rst 2017-02-19 22:55:48 +00:00
Daniel Dent fdbd90e25d Update CAPTCHA_SETUP.rst X-Forwarded-For docs
It looks like CAPTCHA_SETUP.rst contains information relevant to an old version of Synapse, but Synapse now has a different approach to configuring use of the X-Forwarded-For header.
2017-02-08 21:21:02 -08:00
Richard van der Hoff 83333498a5 fix doc for purge_media_cache
purge_media_cache takes its arg from a query-param, not the POST body, for some
reason.
2017-01-20 12:15:50 +00:00
Richard van der Hoff 971edd04af rename CAPTCHA_SETUP
this is rst so name it accordingly
2016-12-01 12:08:03 +00:00
Paul "LeoNerd" Evans 89e3e39d52 Fix copypasto error in metric rename table in docs 2016-11-03 17:04:13 +00:00
Paul "LeoNerd" Evans 1d4d518b50 Add details of renamed metrics 2016-10-31 15:06:52 +00:00
Paul "LeoNerd" Evans 159434a133 Remove long-deprecated instructions about promethesus console; also fix for modern config file format 2016-10-28 13:58:27 +01:00
Matthew Hodgson 64527f94cc mention client_reader worker 2016-09-17 14:15:10 +01:00
Matthew Hodgson 58d6c93103 PR feedback 2016-08-19 19:16:55 +01:00
Matthew Hodgson b7ffa0e2cd quick guide to synapse scalability via workers 2016-08-19 18:55:57 +01:00
Erik Johnston 3c3246c078 Use correct path 2016-07-28 15:08:37 +01:00
Erik Johnston 367b594183 Add some basic admin API docs 2016-07-28 14:56:09 +01:00
Richard van der Hoff 1238203bc4 code_style.rst: add link to sphinx examples 2016-07-01 09:36:51 +01:00
Richard van der Hoff 41f072fd0e code_style.rst: *fix* link to google style 2016-07-01 09:09:40 +01:00
Richard van der Hoff 5a6ef20ef6 code_style.rst: add link to google style 2016-07-01 09:08:35 +01:00
Rick Cogley 56ec5869c9 Update turn-howto.rst to use git clone (2)
Not logical to use svn checkout against a github repo, so changed to git clone. 

Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28 18:34:38 +09:00
Rick Cogley 1ea358b28b Update turn-howto.rst to use git clone
svn checkout is not logical for a checkout from github, so changed the checkout to "git clone". 
thanks @dbkr

Signed-off-by: Rick Cogley <rick.cogley@esolia.co.jp>
2016-06-28 18:27:54 +09:00
Rick Cogley 551fe80bed Remove double spaces
Reading the RST spec, I was trying to get breaks to appear by entering the double spaces after the lines in the code blocks. It does not work anyway, and, as pointed out, I've removed.
2016-06-28 12:47:55 +09:00
Rick Cogley 70d820c875 Update to reflect new location at github.
Additionally it does not appear there is turnserver.conf.default, but rather, just /etc/turnserver.conf.
2016-06-26 19:07:07 +09:00
Richard van der Hoff 09804c9862 Fix link to A-S spec 2016-05-23 16:29:38 +01:00
Matthew Hodgson 8a04412fa1 starting point for doc on how log contexts are supposed to work 2016-05-04 12:19:04 +01:00
Mark Haines 10ebbaea2e Update replication.rst 2016-04-12 15:53:45 +01:00
Mark Haines aa5ce4d450 Add some design documentation for replication 2016-04-12 15:14:10 +01:00
Matthew Hodgson 64b4aead15 make it work 2016-03-29 03:13:25 +01:00
Matthew Hodgson 7dd0c1730a initial WIP of a tentative preview_url endpoint - incomplete, untested, experimental, etc. just putting it here for safekeeping for now 2016-01-24 18:47:27 -05:00
Mads R. Christensen 44b2bf91be Added installation instructions for postgres on CentOS 7 2015-12-05 15:09:20 +01:00
Erik Johnston 3e4de64bc9 Remove spurious .py from docs 2015-09-01 09:46:42 +01:00
Erik Johnston c961cd7736 Clean up scripts/ 2015-08-27 13:03:17 +01:00
Matthew Hodgson d79ffa1898 typo 2015-05-09 14:45:37 +01:00
Erik Johnston 22a7ba8b22 Actually rename all isntances 2015-05-08 13:50:03 +01:00
Erik Johnston 3a42f32134 Reword port script usage 2015-05-08 13:47:48 +01:00
Erik Johnston 6101ce427a Slight rewording 2015-05-07 18:58:28 +01:00
Erik Johnston 5fe26a9b5c Reword docs/application_services.rst 2015-05-07 18:54:53 +01:00
Erik Johnston 35698484a5 Add some information on registering AS's 2015-05-07 18:51:09 +01:00
Erik Johnston 938939fd89 Move CAPTCHA_SETUP to docs/ 2015-05-06 13:48:06 +01:00
Mark Haines 32937f3ea0 database config is not kept in separate config file anymore 2015-05-01 14:06:54 +01:00
Erik Johnston 72443572bf Mention that postgres databases must have the correct charset encoding 2015-04-29 11:50:33 +01:00
Matthew Hodgson 478e511db0 improve postgres blurb a bit 2015-04-29 00:48:07 +01:00
Erik Johnston cc52f02d74 Fix rst 2015-04-28 18:09:20 +01:00
Erik Johnston 3151afee9e Update docs/postgres.rst to explain port script usage 2015-04-28 17:59:27 +01:00
Erik Johnston 56f518d279 Add docs on how to use synapse with psycopg2 2015-04-27 14:53:35 +01:00
Paul "LeoNerd" Evans 6d15401341 Mumble ReST mumble ``fixed-width`` mumble 2015-04-23 16:16:08 +01:00
Paul "LeoNerd" Evans 8c78414284 Formatting / wording fixes to metrics doc 2015-04-23 16:14:08 +01:00
Matthew Hodgson 6c99491347 prometheus/metrics howto from Leo 2015-04-23 16:08:08 +01:00
David Baker e60353c4a0 Fix YAML syntax of turn config example 2015-02-24 19:34:21 +00:00