Compare commits

..

11 Commits

Author SHA1 Message Date
Richard van der Hoff 883ac4b1bb Synapse 1.12.3 (2020-04-03)
===========================
 
 - Remove the the pin to Pillow 7.0 which was introduced in Synapse 1.12.2, and
 correctly fix the issue with building the Debian packages. ([\#7212](https://github.com/matrix-org/synapse/issues/7212))
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAl6HCicACgkQOSor00I9
 eP+TYgf+P5+hlfR1xiYt8R+qzT2YIyBmYa6eGT8QoHMQx3ndMuYF2rCm/7i6JVVO
 +40kXIkRwRyge9dQIPaFNiWWGVQTMPROkLqB1Wo4CBK2fDLGqh2mEoqkS/65ZYFX
 8ktaB0i/iyhUQg6KQCQ701mLydikh3Lr+a2RnezWa8xGJpBFdA/MYYf+O5reiorg
 LeKyEgxVOBbURxFPNBV+eBv9+/bUYUIV+TijXK+n+mywsYa5MQpPKFWK6NzCR3O9
 7LqW0lInkKeZjusUZNZuuFYtbZqKiqQKomCAxyOCiUKerENXrCXxfKLrDSVlc7l+
 doyZEZA8uNXpiz7CF5DNrheEOxDzzQ==
 =ZWNz
 -----END PGP SIGNATURE-----

Merge tag 'v1.12.3'

Synapse 1.12.3 (2020-04-03)
===========================

- Remove the the pin to Pillow 7.0 which was introduced in Synapse 1.12.2, and
correctly fix the issue with building the Debian packages. ([\#7212](https://github.com/matrix-org/synapse/issues/7212))
2020-04-03 11:25:56 +01:00
Richard van der Hoff cb40b0cb80 Synapse 1.12.2 (2020-04-02)
===========================
 
 This release fixes [an
 issue](https://github.com/matrix-org/synapse/issues/7208) with building the
 debian packages.
 
 No other significant changes since 1.12.1.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEgQG31Z317NrSMt0QiISIDS7+X/QFAl6GKjQTHGFuZHJld0Bh
 bW9yZ2FuLnh5egAKCRCIhIgNLv5f9IDlD/4901bArTyjasnD3tvbaf3N4Z8oatPu
 bSn2AZv9rnhiPjqLnqs4EWkFihRbOe2jM3DQ/j2h8LTxBSSTxUY8LQHi94PtcMFc
 o2Fj6Bd8UOLJPep5xdGbEOlgeqTkAxiMQpghNFP5ptmLEba7OdHDugJaF6yLDdSW
 TtX6W9PAukHuP49EvUMdfORBGLxC9nyUU0uIha0iuDZBsV/MRmlDQVhQ2UTZY9NU
 ayiEvgHH0jVw7Hy3O7kI8dFuvgAVIqefYdZnwdB71zgujNQs+/IJQnTdcCwc/qFB
 2DnJqQRJDQ5fB0IfE3uG+24vTwNx6yKwGETENIMUd1mhlh9nX9Jx66zlEjeupA2Q
 G0UxUVWLYpboP94cMI4voxpq0SM3DtJP0fZRiGkId3njjv4icIX7nqUeasF5MkVC
 i7/6OOIAYpLekmyVVsN/gyYA1W59Kr/rEyi29lThzdAwnFwZOnW2QvEjaERPQ91t
 aQJ0n92SkMW14MY2JEcu5dHSI806eFGAPJoiWFk/O/2ez2Lt3dnCjfx/DZwEvuAx
 OyFsEnLWAaJsx7rYIinoHH5zepI2ixk0PyE1IbyZyoVnUqlDsi7nl4w4ynhMu6F2
 OjyJgI2qiNqnTJFpYaHDpFqrZK6TSm1oyQOWZlHCj79YoqC7IigZzrKzgjS4A2d0
 qzgHVUxnivf5kA==
 =Uerf
 -----END PGP SIGNATURE-----

Merge tag 'v1.12.2'

Synapse 1.12.2 (2020-04-02)
===========================

This release fixes [an
issue](https://github.com/matrix-org/synapse/issues/7208) with building the
debian packages.

No other significant changes since 1.12.1.
2020-04-03 11:25:42 +01:00
Richard van der Hoff 0122ef1037 Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback"
This was incorrectly merged to master.

This reverts commit 319c41f573, reversing
changes made to 229eb81498.
2020-04-03 11:17:39 +01:00
Richard van der Hoff 8d4cbdeaa9 Revert "Improve the UX of the login fallback when using SSO (#7152)"
This was incorrectly merged to `master` instead of develop.

This reverts commit 90246344e3.
2020-04-03 11:16:41 +01:00
Richard van der Hoff 553c8a9b6b tweak changelog 2020-04-03 11:00:57 +01:00
Richard van der Hoff 29ce90358c 1.12.3 2020-04-03 10:57:07 +01:00
Richard van der Hoff 6d7cec7a57
Fix the debian build in a better way. (#7212) 2020-04-03 10:23:36 +01:00
Andrew Morgan f7d6e849b3 Fix changelog wording 2020-04-02 19:08:06 +01:00
Andrew Morgan 08edefe694 1.12.2 2020-04-02 19:02:45 +01:00
Andrew Morgan ec56620ff6 Pin Pillow>=4.3.0,<7.1.0 to fix dep issue 2020-04-02 18:58:08 +01:00
Andrew Morgan b730480abb 1.12.1 2020-04-02 18:57:31 +01:00
11 changed files with 84 additions and 67 deletions

View File

@ -1,3 +1,19 @@
Synapse 1.12.3 (2020-04-03)
===========================
- Remove the the pin to Pillow 7.0 which was introduced in Synapse 1.12.2, and
correctly fix the issue with building the Debian packages. ([\#7212](https://github.com/matrix-org/synapse/issues/7212))
Synapse 1.12.2 (2020-04-02)
===========================
This release works around [an
issue](https://github.com/matrix-org/synapse/issues/7208) with building the
debian packages.
No other significant changes since 1.12.1.
Synapse 1.12.1 (2020-04-02)
===========================

View File

@ -1 +0,0 @@
Improve the support for SSO authentication on the login fallback page.

View File

@ -1 +0,0 @@
Always whitelist the login fallback in the SSO configuration if `public_baseurl` is set.

17
debian/changelog vendored
View File

@ -1,3 +1,20 @@
matrix-synapse-py3 (1.12.3) stable; urgency=medium
[ Richard van der Hoff ]
* Update the Debian build scripts to handle the new installation paths
for the support libraries introduced by Pillow 7.1.1.
[ Synapse Packaging team ]
* New synapse release 1.12.3.
-- Synapse Packaging team <packages@matrix.org> Fri, 03 Apr 2020 10:55:03 +0100
matrix-synapse-py3 (1.12.2) stable; urgency=medium
* New synapse release 1.12.2.
-- Synapse Packaging team <packages@matrix.org> Mon, 02 Apr 2020 19:02:17 +0000
matrix-synapse-py3 (1.12.1) stable; urgency=medium
* New synapse release 1.12.1.

33
debian/rules vendored
View File

@ -15,17 +15,38 @@ override_dh_installinit:
# we don't really want to strip the symbols from our object files.
override_dh_strip:
# dh_shlibdeps calls dpkg-shlibdeps, which finds all the binary files
# (executables and shared libs) in the package, and looks for the shared
# libraries that they depend on. It then adds a dependency on the package that
# contains that library to the package.
#
# We make two modifications to that process...
#
override_dh_shlibdeps:
# make the postgres package's dependencies a recommendation
# rather than a hard dependency.
# Firstly, postgres is not a hard dependency for us, so we want to make
# the things that psycopg2 depends on (such as libpq) be
# recommendations rather than hard dependencies. We do so by
# running dpkg-shlibdeps manually on psycopg2's libs.
#
find debian/$(PACKAGE_NAME)/ -path '*/site-packages/psycopg2/*.so' | \
xargs dpkg-shlibdeps -Tdebian/$(PACKAGE_NAME).substvars \
-pshlibs1 -dRecommends
# all the other dependencies can be normal 'Depends' requirements,
# except for PIL's, which is self-contained and which confuses
# dpkg-shlibdeps.
dh_shlibdeps -X site-packages/PIL/.libs -X site-packages/psycopg2
# secondly, we exclude PIL's libraries from the process. They are known
# to be self-contained, but they have interdependencies and
# dpkg-shlibdeps doesn't know how to resolve them.
#
# As of Pillow 7.1.0, these libraries are in
# site-packages/Pillow.libs. Previously, they were in
# site-packages/PIL/.libs.
#
# (we also need to exclude psycopg2, of course, since we've already
# dealt with that.)
#
dh_shlibdeps \
-X site-packages/PIL/.libs \
-X site-packages/Pillow.libs \
-X site-packages/psycopg2
override_dh_virtualenv:
./debian/build_virtualenv

View File

@ -1392,10 +1392,6 @@ sso:
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
#
# By default, this list is empty.
#
#client_whitelist:

View File

@ -36,7 +36,7 @@ try:
except ImportError:
pass
__version__ = "1.12.1"
__version__ = "1.12.3"
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when

View File

@ -39,17 +39,6 @@ class SSOConfig(Config):
self.sso_client_whitelist = sso_config.get("client_whitelist") or []
# Attempt to also whitelist the server's login fallback, since that fallback sets
# the redirect URL to itself (so it can process the login token then return
# gracefully to the client). This would make it pointless to ask the user for
# confirmation, since the URL the confirmation page would be showing wouldn't be
# the client's.
# public_baseurl is an optional setting, so we only add the fallback's URL to the
# list if it's provided (because we can't figure out what that URL is otherwise).
if self.public_baseurl:
login_fallback_url = self.public_baseurl + "_matrix/static/client/login"
self.sso_client_whitelist.append(login_fallback_url)
def generate_config_section(self, **kwargs):
return """\
# Additional settings to use with single-sign on systems such as SAML2 and CAS.
@ -65,10 +54,6 @@ class SSOConfig(Config):
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
#
# By default, this list is empty.
#
#client_whitelist:

View File

@ -9,7 +9,7 @@
<body onload="matrixLogin.onLoad()">
<center>
<br/>
<h1 id="title"></h1>
<h1>Log in with one of the following methods</h1>
<span id="feedback" style="color: #f00"></span>

View File

@ -1,41 +1,37 @@
window.matrixLogin = {
endpoint: location.origin + "/_matrix/client/r0/login",
serverAcceptsPassword: false,
serverAcceptsCas: false,
serverAcceptsSso: false,
};
var title_pre_auth = "Log in with one of the following methods";
var title_post_auth = "Logging in...";
var submitPassword = function(user, pwd) {
console.log("Logging in with password...");
set_title(title_post_auth);
var data = {
type: "m.login.password",
user: user,
password: pwd,
};
$.post(matrixLogin.endpoint, JSON.stringify(data), function(response) {
show_login();
matrixLogin.onLogin(response);
}).error(errorFunc);
};
var submitToken = function(loginToken) {
console.log("Logging in with login token...");
set_title(title_post_auth);
var data = {
type: "m.login.token",
token: loginToken
};
$.post(matrixLogin.endpoint, JSON.stringify(data), function(response) {
show_login();
matrixLogin.onLogin(response);
}).error(errorFunc);
};
var errorFunc = function(err) {
// We want to show the error to the user rather than redirecting immediately to the
// SSO portal (if SSO is the only login option), so we inhibit the redirect.
show_login(true);
show_login();
if (err.responseJSON && err.responseJSON.error) {
setFeedbackString(err.responseJSON.error + " (" + err.responseJSON.errcode + ")");
@ -49,33 +45,26 @@ var setFeedbackString = function(text) {
$("#feedback").text(text);
};
var show_login = function(inhibit_redirect) {
var show_login = function() {
$("#loading").hide();
var this_page = window.location.origin + window.location.pathname;
$("#sso_redirect_url").val(this_page);
// If inhibit_redirect is false, and SSO is the only supported login method, we can
// redirect straight to the SSO page
if (matrixLogin.serverAcceptsSso) {
if (!inhibit_redirect && !matrixLogin.serverAcceptsPassword) {
$("#sso_form").submit();
return;
}
// Otherwise, show the SSO form
$("#sso_form").show();
}
if (matrixLogin.serverAcceptsPassword) {
$("#password_flow").show();
}
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsSso) {
$("#no_login_types").show();
if (matrixLogin.serverAcceptsSso) {
$("#sso_flow").show();
} else if (matrixLogin.serverAcceptsCas) {
$("#sso_form").attr("action", "/_matrix/client/r0/login/cas/redirect");
$("#sso_flow").show();
}
set_title(title_pre_auth);
$("#loading").hide();
if (!matrixLogin.serverAcceptsPassword && !matrixLogin.serverAcceptsCas && !matrixLogin.serverAcceptsSso) {
$("#no_login_types").show();
}
};
var show_spinner = function() {
@ -85,15 +74,17 @@ var show_spinner = function() {
$("#loading").show();
};
var set_title = function(title) {
$("#title").text(title);
};
var fetch_info = function(cb) {
$.get(matrixLogin.endpoint, function(response) {
var serverAcceptsPassword = false;
var serverAcceptsCas = false;
for (var i=0; i<response.flows.length; i++) {
var flow = response.flows[i];
if ("m.login.cas" === flow.type) {
matrixLogin.serverAcceptsCas = true;
console.log("Server accepts CAS");
}
if ("m.login.sso" === flow.type) {
matrixLogin.serverAcceptsSso = true;
console.log("Server accepts SSO");
@ -111,7 +102,7 @@ var fetch_info = function(cb) {
matrixLogin.onLoad = function() {
fetch_info(function() {
if (!try_token()) {
show_login(false);
show_login();
}
});
};

View File

@ -350,14 +350,7 @@ class CASRedirectConfirmTestCase(unittest.HomeserverTestCase):
def test_cas_redirect_whitelisted(self):
"""Tests that the SSO login flow serves a redirect to a whitelisted url
"""
self._test_redirect("https://legit-site.com/")
@override_config({"public_baseurl": "https://example.com"})
def test_cas_redirect_login_fallback(self):
self._test_redirect("https://example.com/_matrix/static/client/login")
def _test_redirect(self, redirect_url):
"""Tests that the SSO login flow serves a redirect for the given redirect URL."""
redirect_url = "https://legit-site.com/"
cas_ticket_url = (
"/_matrix/client/r0/login/cas/ticket?redirectUrl=%s&ticket=ticket"
% (urllib.parse.quote(redirect_url))