1565ebec2c
more config comment updates
2019-05-03 15:50:59 +01:00
1a7104fde3
Blacklist 0.0.0.0 and :: by default for URL previews
2019-05-03 15:35:49 +01:00
c193b39134
Merge pull request #5124 from matrix-org/babolivier/aliases
...
Add some limitations to alias creation
2019-05-02 11:22:40 +01:00
84196cb231
Add some limitations to alias creation
2019-05-02 11:05:11 +01:00
8e9ca83537
Move admin API to a new prefix
2019-05-01 15:44:30 +01:00
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
f8826d31cd
Don't crash on lack of expiry templates
2019-04-18 14:50:05 +01:00
91934025b9
Merge pull request #5047 from matrix-org/babolivier/account_expiration
...
Send out emails with links to extend an account's validity period
2019-04-17 14:57:39 +01:00
20f0617e87
Send out emails with links to extend an account's validity period
2019-04-17 14:42:20 +01:00
caa76e6021
Remove periods from copyright headers ( #5046 )
2019-04-11 17:08:13 +01:00
bfc8fdf1fc
Merge pull request #5027 from matrix-org/babolivier/account_expiration
...
Add time-based account expiration
2019-04-09 17:02:41 +01:00
747aa9f8ca
Add account expiration feature
2019-04-09 16:46:04 +01:00
b25e387c0d
add context to phonehome stats ( #5020 )
...
add context to phonehome stats
2019-04-08 15:47:39 +01:00
8e85493b0c
Add config option to block users from looking up 3PIDs ( #5010 )
2019-04-04 17:25:47 +01:00
8530090b16
Add config.signing_key_path. ( #4974 )
...
As requested by @andrewshadura
2019-04-02 16:59:27 +01:00
3677548a82
Use yaml safe_load
2019-03-22 10:20:17 +00:00
09f991a63d
Merge pull request #4896 from matrix-org/erikj/disable_room_directory
...
Add option to disable search room lists
2019-03-21 10:16:54 +00:00
263f2c9ce1
Merge pull request #4895 from matrix-org/erikj/disable_user_search
...
Add option to disable searching in the user dir
2019-03-20 16:47:15 +00:00
cdb8036161
Add a config option for torture-testing worker replication. ( #4902 )
...
Setting this to 50 or so makes a bunch of sytests fail in worker mode.
2019-03-20 16:04:35 +00:00
a902d13180
Batch up outgoing read-receipts to reduce federation traffic. ( #4890 )
...
Rate-limit outgoing read-receipts as per #4730 .
2019-03-20 16:02:25 +00:00
cd8c5b91ad
Fix up sample config
2019-03-20 14:35:41 +00:00
ab20f85c59
Update synapse/config/user_directory.py
...
Co-Authored-By: erikjohnston <erikj@jki.re>
2019-03-20 14:33:11 +00:00
926f29ea6d
Fix up config comments
2019-03-20 14:24:53 +00:00
213c98c00a
Add option to disable search room lists
...
This disables both local and remote room list searching.
2019-03-19 17:10:52 +00:00
320667a479
Add option to disable searching in the user dir
...
We still populate it, as it can still be accessed via the admin API.
2019-03-19 16:40:19 +00:00
13bc1e0746
Use a regular HomeServerConfig object for unit tests
...
Rather than using a Mock for the homeserver config, use a genuine
HomeServerConfig object. This makes for a more realistic test, and means that
we don't have to keep remembering to add things to the mock config every time
we add a new config setting.
2019-03-19 11:44:43 +00:00
fd463b4f5d
Comment out most options in the generated config. ( #4863 )
...
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
2019-03-19 10:06:40 +00:00
651ad8bc96
Add ratelimiting on failed login attempts ( #4865 )
2019-03-18 12:57:20 +00:00
899e523d6d
Add ratelimiting on login ( #4821 )
...
Add two ratelimiters on login (per-IP address and per-userID).
2019-03-15 17:46:16 +00:00
9ad448c1e5
Correctly handle all command line options
2019-03-14 13:32:14 +00:00
72bfaf746d
Allow passing --daemonize to workers
2019-03-13 17:33:54 +00:00
7998ca3a66
Document using a certificate with a full chain ( #4849 )
2019-03-13 15:26:29 +00:00
8ea1b41a0e
Clarify what registration_shared_secret allows for ( #2885 ) ( #4844 )
...
* Clarify what registration_shared_secret allows for (#2885 )
Signed-off-by: Aaron Raimist <aaron@raim.ist>
* Add changelog
Signed-off-by: Aaron Raimist <aaron@raim.ist>
2019-03-11 18:21:52 +00:00
067ce795c0
Move settings from registration to ratelimiting in config file
2019-03-05 18:03:14 +00:00
a4c3a361b7
Add rate-limiting on registration ( #4735 )
...
* Rate-limiting for registration
* Add unit test for registration rate limiting
* Add config parameters for rate limiting on auth endpoints
* Doc
* Fix doc of rate limiting function
Co-Authored-By: babolivier <contact@brendanabolivier.com>
* Incorporate review
* Fix config parsing
* Fix linting errors
* Set default config for auth rate limiting
* Fix tests
* Add changelog
* Advance reactor instead of mocked clock
* Move parameters to registration specific config and give them more sensible default values
* Remove unused config options
* Don't mock the rate limiter un MAU tests
* Rename _register_with_store into register_with_store
* Make CI happy
* Remove unused import
* Update sample config
* Fix ratelimiting test for py2
* Add non-guest test
2019-03-05 14:25:33 +00:00
8e28bc5eee
Include a default configuration file in the 'docs' directory. ( #4791 )
2019-03-04 17:14:58 +00:00
641c409e4e
Fix ACME config for python 2. ( #4717 )
...
Fixes #4675 .
2019-02-25 11:16:33 -08:00
70ea2f4e1d
switch from google.com to recaptcha.net for reCAPTCHA ( #4731 )
...
* add trivial clarification about jemalloc
* switch from google.com to recaptcha.net
because https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
2019-02-25 11:15:36 -08:00
82fca11fc1
Merge pull request #4694 from matrix-org/erikj/fix_sentry_config_format
...
Fixup generated metrics config
2019-02-20 14:13:38 +00:00
3d672fec51
Fixup generated metrics config
2019-02-20 13:39:37 +00:00
5f9bdf90fe
Attempt to make default config more consistent
...
The general idea here is that config examples should just have a hash and no
extraneous whitespace, both to make it easier for people who don't understand
yaml, and to make the examples stand out from the comments.
2019-02-19 13:54:29 +00:00
a288bdf0b1
Merge pull request #4652 from matrix-org/babolivier/acme-delegated
...
Support .well-known delegation when issuing certificates through ACME
2019-02-19 11:15:38 +00:00
5a707a2f9a
Improve config documentation
2019-02-19 10:59:26 +00:00
d154f5a055
Merge pull request #4632 from matrix-org/erikj/basic_sentry
...
Add basic optional sentry.io integration
2019-02-18 17:22:45 +00:00
d328a93b51
Fixup error handling and message
2019-02-18 16:53:56 +00:00
45bb55c6de
Use a configuration parameter to give the domain to generate a certificate for
2019-02-18 15:46:23 +00:00
dc5efc92a8
Fixup
2019-02-18 13:52:49 +00:00
68d2869c8d
config: Remove a repeated word from a logger warning
...
The warning for missing macaroon_secret_key was "missing missing".
2019-02-15 22:24:53 -07:00
bd4505f765
Merge pull request #4647 from matrix-org/erikj/add_room_publishing_rules
...
Add configurable room list publishing rules
2019-02-15 22:11:01 +00:00
b99c532c1c
Move defaults up into code
2019-02-15 10:53:39 +00:00
02c729d6b0
Hoist up checks to reduce overall work
2019-02-15 10:20:02 +00:00
02c46acc6a
Fixup comments
2019-02-15 10:17:13 +00:00
8e32f26cb8
Clarify comments
2019-02-14 18:21:24 +00:00
cb12a37708
Clarify and fix behaviour when there are multiple aliases
2019-02-14 18:16:32 +00:00
f666fe36d7
Fixup comments
2019-02-14 18:07:24 +00:00
f311018823
Fix errors in acme provisioning ( #4648 )
...
* Better logging for errors on startup
* Fix "TypeError: '>' not supported" when starting without an existing
certificate
* Fix a bug where an existing certificate would be reprovisoned every day
2019-02-14 17:10:36 +00:00
eaf4d11af9
Add configurable room list publishing rules
...
This allows specifying who and what is allowed to be published onto the
public room list
2019-02-14 16:02:23 +00:00
6cb415b63f
Fixup comments and add warning
2019-02-13 16:15:11 +00:00
e3a0300431
Special-case the default bind_addresses for metrics listener
...
turns out it doesn't really support ipv6, so let's hack around that by only
listening on ipv4 by default.
2019-02-13 11:48:56 +00:00
6a8f902edb
Raise an appropriate error message if sentry_sdk missing
2019-02-12 16:01:41 +00:00
ef2228c890
Basic sentry integration
2019-02-12 13:55:58 +00:00
3c03c37883
Merge pull request #4625 from matrix-org/rav/fix_generate_config_warnings
...
fix self-signed cert notice from generate-config
2019-02-12 11:24:45 +00:00
a4ce91396b
Disable TLS by default ( #4614 )
2019-02-12 10:52:08 +00:00
32b781bfe2
Fix error when loading cert if tls is disabled ( #4618 )
...
If TLS is disabled, it should not be an error if no cert is given.
Fixes #4554 .
2019-02-12 10:51:31 +00:00
dfc846a316
fix self-signed cert notice from generate-config
...
fixes #4620
2019-02-12 10:37:59 +00:00
0ca2908653
fix tests
2019-02-11 22:01:27 +00:00
4fddf8fc77
Infer no_tls from presence of TLS listeners
...
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
2019-02-11 21:39:14 +00:00
be794c7cf7
Merge branch 'rav/tls_config_logging_fixes' into rav/tls_cert/work
2019-02-11 21:16:00 +00:00
2129dd1a02
Fail cleanly if listener config lacks a 'port'
...
... otherwise we would fail with a mysterious KeyError or something later.
2019-02-11 21:15:01 +00:00
086f6f27d4
Logging improvements around TLS certs
...
Log which file we're reading keys and certs from, and refactor the code a bit
in preparation for other work
2019-02-11 21:02:06 +00:00
24b7f3916d
Clean up default listener configuration ( #4586 )
...
Rearrange the comments to try to clarify them, and expand on what some of it
means.
Use a sensible default 'bind_addresses' setting.
For the insecure port, only bind to localhost, and enable x_forwarded, since
apparently it's for use behind a load-balancer.
2019-02-11 12:50:30 +00:00
6e2a5aa050
ACME Reprovisioning ( #4522 )
2019-02-11 10:36:26 +00:00
4ffd10f46d
Be tolerant of blank TLS fingerprints config ( #4589 )
2019-02-11 10:04:27 +00:00
b201149c7e
Merge pull request #4420 from matrix-org/jaywink/openid-listener
...
New listener resource for the federation API "openid/userinfo" endpoint
2019-02-11 09:44:00 +00:00
9cd33d2f4b
Deduplicate some code in synapse.app ( #4567 )
2019-02-08 17:25:57 +00:00
2475434080
Merge branch 'master' into develop
2019-02-05 18:44:49 +00:00
bf1e4d96ad
Fix default ACME config for py2 ( #4564 )
...
Fixes #4559
2019-02-05 11:37:33 +00:00
d7e27a1f08
fix typo in config comments ( #4557 )
2019-02-05 11:32:45 +00:00
ad7ac8853c
by default include m.room.encryption on invites ( #3902 )
...
* by default include m.room.encryption on invites
* fix constant
* changelog
2019-01-30 16:26:13 +00:00
7615a8ced1
ACME config cleanups ( #4525 )
...
* Handle listening for ACME requests on IPv6 addresses
the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses
without extra quoting. Building a string which you are about to parse again
seems like a weird choice. Let's just use listenTCP, which is consistent with
what we do elsewhere.
* Clean up the default ACME config
make it look a bit more consistent with everything else, and tweak the defaults
to listen on port 80.
* newsfile
2019-01-30 14:17:55 +00:00
f6813919e8
SIGHUP for TLS cert reloading ( #4495 )
2019-01-30 11:00:02 +00:00
03b086647f
Merge pull request #4512 from matrix-org/anoa/consent_dir
...
Check consent dir path on startup
2019-01-29 20:08:18 +00:00
d02c5ccb11
Merge pull request #4498 from matrix-org/travis/fix-docs-public_baseurl
...
Don't recommend :8448 to people on public_baseurl
2019-01-29 09:06:16 -07:00
e65a17b26f
Check consent dir path on startup
2019-01-29 15:30:33 +00:00
6bd4374636
Do not generate self-signed TLS certificates by default. ( #4509 )
2019-01-29 14:09:10 +00:00
6901ac7e9d
Don't recommend :8448 to people on public_baseurl
2019-01-28 12:15:22 -07:00
4a3f138832
Fix quoting for allowed_local_3pids example config ( #4476 )
...
If you use double-quotes here, you have to escape your backslashes. It's much
easier with single-quotes.
(Note that the existing double-backslashes are already interpreted by python's
""" parsing.)
2019-01-25 13:57:52 +00:00
10b89d5c2e
Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_check
...
Neilj/fix threepid auth check
2019-01-24 13:02:50 +00:00
92d8a068ad
Clarify docs for public_baseurl
...
This is leading to problems with people upgrading to clients that
support MSC1730 because people have this misconfigured, so try
to make the docs completely unambiguous.
2019-01-24 10:52:06 +00:00
6f680241bd
Fix flake8 issues
...
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:53:48 +02:00
6129e52f43
Support ACME for certificate provisioning ( #4384 )
2019-01-23 19:39:06 +11:00
0516dc4d85
Remove openid resource from default config
...
Instead document it commented out.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
82e13662c0
Split federation OpenID userinfo endpoint out of the federation resource
...
This allows the OpenID userinfo endpoint to be active even if the
federation resource is not active. The OpenID userinfo endpoint
is called by integration managers to verify user actions using the
client API OpenID access token. Without this verification, the
integration manager cannot know that the access token is valid.
The OpenID userinfo endpoint will be loaded in the case that either
"federation" or "openid" resource is defined. The new "openid"
resource is defaulted to active in default configuration.
Signed-off-by: Jason Robinson <jasonr@matrix.org>
2019-01-23 10:32:41 +02:00
c99c2d58d7
move guard out of is_threepid_reserved and into register.py
2019-01-22 17:47:00 +00:00
d619b113ed
Fix None guard in config.server.is_threepid_reserved
2019-01-22 16:52:29 +00:00
388c164aea
Merge pull request #4423 from matrix-org/neilj/disable_msisdn_on_registration
...
Config option to disable requesting MSISDN on registration
2019-01-22 16:23:08 +00:00
23b0813599
Require ECDH key exchange & remove dh_params ( #4429 )
...
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
1b53cc3cb4
fix line length
2019-01-21 15:17:20 +00:00
5349262302
Config option to disable requesting MSISDN on registration
2019-01-21 14:59:37 +00:00
3982a6ee07
Changing macaroon_secret_key no longer logs you out ( #4387 )
2019-01-16 23:14:41 +00:00
Richard van der Hoff