cee69441d3 
								
							
								 
							
						 
						
							
							
								
								Log more when we have processed the request  
							
							
							
						 
						
							2015-06-15 17:11:44 +01:00  
				
					
						
							
							
								 
						
							
							
								22c7c5eb8f 
								
							
								 
							
						 
						
							
							
								
								Typo  
							
							
							
						 
						
							2015-05-01 14:41:25 +01:00  
				
					
						
							
							
								 
						
							
							
								42c12c04f6 
								
							
								 
							
						 
						
							
							
								
								Remove some run_on_reactors  
							
							
							
						 
						
							2015-05-01 14:41:25 +01:00  
				
					
						
							
							
								 
						
							
							
								adb5b76ff5 
								
							
								 
							
						 
						
							
							
								
								Don't log all auth events every time we call auth.check  
							
							
							
						 
						
							2015-05-01 14:41:25 +01:00  
				
					
						
							
							
								 
						
							
							
								80b4119279 
								
							
								 
							
						 
						
							
							
								
								Don't wait for storage of access_token  
							
							
							
						 
						
							2015-05-01 13:14:05 +01:00  
				
					
						
							
							
								 
						
							
							
								9182f87664 
								
							
								 
							
						 
						
							
							
								
								Merge pull request  #126  from matrix-org/csauth  
							
							... 
							
							
							
							Client / Server Auth Refactor 
							
						 
						
							2015-04-28 11:00:27 +01:00  
				
					
						
							
							
								 
						
							
							
								38432d8c25 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into invite_power_level  
							
							
							
						 
						
							2015-04-27 17:09:25 +01:00  
				
					
						
							
							
								 
						
							
							
								6532b6e607 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into csauth  
							
							... 
							
							
							
							Conflicts:
	synapse/http/server.py 
							
						 
						
							2015-04-24 09:37:54 +01:00  
				
					
						
							
							
								 
						
							
							
								a2c10d37d7 
								
							
								 
							
						 
						
							
							
								
								Add an error code to 'missing token' response.  
							
							
							
						 
						
							2015-04-23 13:23:44 +01:00  
				
					
						
							
							
								 
						
							
							
								a16eaa0c33 
								
							
								 
							
						 
						
							
							
								
								Neater fetching of user's auth level in a room - squash to int() at access time (SYN-353)  
							
							
							
						 
						
							2015-04-22 14:20:04 +01:00  
				
					
						
							
							
								 
						
							
							
								f43063158a 
								
							
								 
							
						 
						
							
							
								
								Appease pep8  
							
							
							
						 
						
							2015-04-22 13:12:11 +01:00  
				
					
						
							
							
								 
						
							
							
								2808c040ef 
								
							
								 
							
						 
						
							
							
								
								Also remember to check 'invite' level for changes  
							
							
							
						 
						
							2015-04-21 21:13:14 +01:00  
				
					
						
							
							
								 
						
							
							
								bc41f0398f 
								
							
								 
							
						 
						
							
							
								
								Initial implementation of an 'invite' power_level  
							
							
							
						 
						
							2015-04-21 20:56:08 +01:00  
				
					
						
							
							
								 
						
							
							
								d3309933f5 
								
							
								 
							
						 
						
							
							
								
								Much neater fetching of defined powerlevels from m.room.power_levels state event  
							
							
							
						 
						
							2015-04-21 20:53:23 +01:00  
				
					
						
							
							
								 
						
							
							
								b568c0231c 
								
							
								 
							
						 
						
							
							
								
								Remove debugging print statement accidentally committed  
							
							
							
						 
						
							2015-04-21 20:21:14 +01:00  
				
					
						
							
							
								 
						
							
							
								3a7d7a3f22 
								
							
								 
							
						 
						
							
							
								
								Sanitise a user's powerlevel to an int() before numerical comparison, because otherwise Python is "helpful" with it (SYN-351)  
							
							
							
						 
						
							2015-04-21 20:18:29 +01:00  
				
					
						
							
							
								 
						
							
							
								cb03fafdf1 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into csauth  
							
							
							
						 
						
							2015-04-17 13:51:10 +01:00  
				
					
						
							
							
								 
						
							
							
								399b5add58 
								
							
								 
							
						 
						
							
							
								
								Neater implementation of membership change auth checks, ensuring we can't forget to check if the calling user is a member of the room  
							
							
							
						 
						
							2015-04-15 18:40:23 +01:00  
				
					
						
							
							
								 
						
							
							
								e6e130b9ba 
								
							
								 
							
						 
						
							
							
								
								Ensure that non-room-members cannot ban others, even if they do have enough powerlevel (SYN-343)  
							
							
							
						 
						
							2015-04-15 18:07:33 +01:00  
				
					
						
							
							
								 
						
							
							
								ae8ff92e05 
								
							
								 
							
						 
						
							
							
								
								Fix a bug which causes a send event level of 0 to not be honoured.  
							
							... 
							
							
							
							Caused by a bad if check, which incorrectly executes for both 0 and None,
when None was the original intent. 
							
						 
						
							2015-04-07 15:48:20 +01:00  
				
					
						
							
							
								 
						
							
							
								9aa0224cdf 
								
							
								 
							
						 
						
							
							
								
								unused import  
							
							
							
						 
						
							2015-03-24 17:25:59 +00:00  
				
					
						
							
							
								 
						
							
							
								c7023f2155 
								
							
								 
							
						 
						
							
							
								
								1) Pushers are now associated with an access token  
							
							... 
							
							
							
							2) Change places where we mean unauthenticated to 401, not 403, in C/S v2: hack so it stays as 403 in v1 because web client relies on it. 
							
						 
						
							2015-03-24 17:24:15 +00:00  
				
					
						
							
							
								 
						
							
							
								93978c5e2b 
								
							
								 
							
						 
						
							
							
								
								@cached() annotate get_user_by_token() - achieves a minor DB performance improvement  
							
							
							
						 
						
							2015-03-17 17:24:51 +00:00  
				
					
						
							
							
								 
						
							
							
								b2e6ee5b43 
								
							
								 
							
						 
						
							
							
								
								Remove concept of context.auth_events, instead use context.current_state  
							
							
							
						 
						
							2015-03-16 13:06:23 +00:00  
				
					
						
							
							
								 
						
							
							
								ea8590cf66 
								
							
								 
							
						 
						
							
							
								
								Make context.auth_events grap auth events from current state. Otherwise auth is wrong.  
							
							
							
						 
						
							2015-03-16 00:18:08 +00:00  
				
					
						
							
							
								 
						
							
							
								ab8229479b 
								
							
								 
							
						 
						
							
							
								
								Respect ban membership  
							
							
							
						 
						
							2015-03-16 00:17:25 +00:00  
				
					
						
							
							
								 
						
							
							
								9978c5c103 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' into application-services  
							
							
							
						 
						
							2015-02-11 10:03:24 +00:00  
				
					
						
							
							
								 
						
							
							
								d94f682a4c 
								
							
								 
							
						 
						
							
							
								
								During room intial sync, only calculate current state once.  
							
							
							
						 
						
							2015-02-09 17:41:29 +00:00  
				
					
						
							
							
								 
						
							
							
								5a7dd05818 
								
							
								 
							
						 
						
							
							
								
								Modify auth.get_user_by_req for authing appservices directly.  
							
							... 
							
							
							
							Add logic to map the appservice token to the autogenned appservice user ID.
Add unit tests for all forms of get_user_by_req (user/appservice,
valid/bad/missing tokens) 
							
						 
						
							2015-02-09 14:14:15 +00:00  
				
					
						
							
							
								 
						
							
							
								e426df8e10 
								
							
								 
							
						 
						
							
							
								
								Grant ASes the ability to create alias in their own namespace.  
							
							... 
							
							
							
							Add a new errcode type M_EXCLUSIVE when users try to create aliases inside
AS namespaces, and when ASes try to create aliases outside their own
namespace. 
							
						 
						
							2015-02-06 10:57:14 +00:00  
				
					
						
							
							
								 
						
							
							
								5b99b471b2 
								
							
								 
							
						 
						
							
							
								
								Fix unit tests.  
							
							
							
						 
						
							2015-02-05 15:12:36 +00:00  
				
					
						
							
							
								 
						
							
							
								c163357f38 
								
							
								 
							
						 
						
							
							
								
								Add CS extension for masquerading as users within the namespaces specified by the AS.  
							
							
							
						 
						
							2015-02-05 15:00:33 +00:00  
				
					
						
							
							
								 
						
							
							
								650e32d455 
								
							
								 
							
						 
						
							
							
								
								Change context.auth_events to what the auth_events would be bases on context.current_state, rather than based on the auth_events from the event.  
							
							
							
						 
						
							2015-02-04 14:06:46 +00:00  
				
					
						
							
							
								 
						
							
							
								0dd3aea319 
								
							
								 
							
						 
						
							
							
								
								Keep around the old (buggy) version of the prune_event function so that we can use it to check signatures for events on old servers  
							
							
							
						 
						
							2015-02-03 14:58:30 +00:00  
				
					
						
							
							
								 
						
							
							
								a70a801184 
								
							
								 
							
						 
						
							
							
								
								Fix bug where we superfluously asked for current state. Change API of /query_auth/ so that we don't duplicate events in the response.  
							
							
							
						 
						
							2015-01-30 13:34:01 +00:00  
				
					
						
							
							
								 
						
							
							
								2ebf795c0a 
								
							
								 
							
						 
						
							
							
								
								Merge branch 'develop' of github.com:matrix-org/synapse into rejections  
							
							... 
							
							
							
							Conflicts:
	synapse/storage/__init__.py
	synapse/storage/schema/delta/v12.sql 
							
						 
						
							2015-01-30 11:10:37 +00:00  
				
					
						
							
							
								 
						
							
							
								3cca61e006 
								
							
								 
							
						 
						
							
							
								
								Rename ClientID to ClientInfo since it is a pair of IDs rather than a single identifier  
							
							
							
						 
						
							2015-01-28 17:16:12 +00:00  
				
					
						
							
							
								 
						
							
							
								c18e551640 
								
							
								 
							
						 
						
							
							
								
								Add a : to the doc string after the type of the return value  
							
							
							
						 
						
							2015-01-28 17:08:53 +00:00  
				
					
						
							
							
								 
						
							
							
								388581e087 
								
							
								 
							
						 
						
							
							
								
								Extract the id token of the token when authing users, include the token and device_id in the internal meta data for the event along with the transaction id when sending events  
							
							
							
						 
						
							2015-01-28 16:58:23 +00:00  
				
					
						
							
							
								 
						
							
							
								0ef5bfd6a9 
								
							
								 
							
						 
						
							
							
								
								Start implementing auth conflict res  
							
							
							
						 
						
							2015-01-28 16:16:53 +00:00  
				
					
						
							
							
								 
						
							
							
								c59bcabf0b 
								
							
								 
							
						 
						
							
							
								
								Return the device_id from get_auth_by_req  
							
							
							
						 
						
							2015-01-28 15:43:41 +00:00  
				
					
						
							
							
								 
						
							
							
								5759bec43c 
								
							
								 
							
						 
						
							
							
								
								Replace hs.parse_userid with UserID.from_string  
							
							
							
						 
						
							2015-01-23 11:47:15 +00:00  
				
					
						
							
							
								 
						
							
							
								4c68460392 
								
							
								 
							
						 
						
							
							
								
								SYN-154: Tweak how the m.room.create check is done.  
							
							... 
							
							
							
							Don't perform the check in auth.is_host_in_room but instead do it in _do_join
and also assert that there are no m.room.members in the room before doing so. 
							
						 
						
							2015-01-07 16:09:00 +00:00  
				
					
						
							
							
								 
						
							
							
								9cb4f75d53 
								
							
								 
							
						 
						
							
							
								
								SYN-154: Better error messages when joining an unknown room by ID.  
							
							... 
							
							
							
							The simple fix doesn't work here because room creation also involves
unknown room IDs. The check relies on the presence of m.room.create for
rooms being created, whereas bogus room IDs have no state events at all. 
							
						 
						
							2015-01-07 15:21:48 +00:00  
				
					
						
							
							
								 
						
							
							
								adb04b1e57 
								
							
								 
							
						 
						
							
							
								
								Update copyright notices  
							
							
							
						 
						
							2015-01-06 13:21:39 +00:00  
				
					
						
							
							
								 
						
							
							
								fc409096ac 
								
							
								 
							
						 
						
							
							
								
								Make auth module use EventTypes constants  
							
							
							
						 
						
							2014-12-12 16:31:50 +00:00  
				
					
						
							
							
								 
						
							
							
								fa4b610ae3 
								
							
								 
							
						 
						
							
							
								
								Fix stream test. Make sure we add join to auth_events for invitiations  
							
							
							
						 
						
							2014-12-12 10:42:27 +00:00  
				
					
						
							
							
								 
						
							
							
								ba3d1e2fc0 
								
							
								 
							
						 
						
							
							
								
								Remove unused import  
							
							
							
						 
						
							2014-12-08 12:01:25 +00:00  
				
					
						
							
							
								 
						
							
							
								d044121168 
								
							
								 
							
						 
						
							
							
								
								Various typos and bug fixes.  
							
							
							
						 
						
							2014-12-08 09:08:26 +00:00  
				
					
						
							
							
								 
						
							
							
								6630e1b579 
								
							
								 
							
						 
						
							
							
								
								Start making more things use EventContext rather than event.*  
							
							
							
						 
						
							2014-12-05 16:20:48 +00:00