* Ensure appservices can auth as users in their namespaces
Currently in Dendrite appservices can only auth as a user if the user was created by said appservice. This does not align with the appservices spec which specifically says:
> The application service may specify the virtual user to act as through use of a user_id query string parameter on the request. The user specified in the query string must be covered by one of the application service’s user namespaces.
https://matrix.org/docs/spec/application_service/r0.1.2#identity-assertion
In the case that a user has been created for example via manual registration but belongs to an appservice namespace, the current functionality does not allow appservices to auth as them. This PR fixes that by replacing the appservice ID check with a check against the appservice namespace.
This also matches Synapse functionality, which I confirmed to allow appservices to auth as a user in their namespace, irregardless of how the user was registered.
* Also allow appservice itself to auth with user_id
Appservice user_id + access token check needs to work both when user_id is the appservice and when appservice has the user in their user namespace.
Signed-off-by: Jason Robinson <mail@jasonrobinson.me>
* Do not check if a username is exclusive if the request is for an appservice in /register
* remove useless comment
* Move statements
* fix broken test
* Also fix the senderLocalpart problem
* Check domain name is ours
* Handle accessTokenErr
* Return unauthorised instead of forbidden
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Update sync responses
* Fix positions, add ApplyUpdates
* Fix MarshalText as non-pointer, PrevBatch is optional
* Increment by number of read receipts
* Merge branch 'master' into neilalexander/devicelist
* Tweak typing
* Include keyserver position tweak
* Fix typing next position in all cases
* Tweaks
* Fix typo
* Tweaks, restore StreamingToken.MarshalText which somehow went missing?
* Rely on positions from notifier rather than manually advancing them
* Revert "Rely on positions from notifier rather than manually advancing them"
This reverts commit 53112a62cc.
* Give invites their own position, fix other things
* Fix test
* Fix invites maybe
* Un-whitelist tests that look to be genuinely wrong
* Use real receipt positions
* Ensure send-to-device uses real positions too
Squashed commit of the following:
commit c38c39107b6dda0c8e6320d61da2365c47eea4e9
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu Dec 17 10:13:09 2020 +0000
Update buckets
commit 5a3bcc8bd4167150374827b0e42a0dea0366beff
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu Dec 17 09:41:43 2020 +0000
Update buckets
commit 78dff8165ddf596e28af04faf56466752ebc17af
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu Dec 17 09:37:27 2020 +0000
Register sendEventDuration
commit 612b0f3d84f1547ff30131f7b084baf609edab52
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu Dec 17 09:35:59 2020 +0000
sendevent metrics
Squashed commit of the following:
commit 7ed1c6cfe67429dbe378a763d832c150eb0f781d
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Dec 16 14:53:27 2020 +0000
Updates
commit 8442099d08760b8d086e6d58f9f30284e378a2cd
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Dec 16 14:43:18 2020 +0000
Add some sync statistics
commit ffe2a11644ed3d5297d1775a680886c574143fdb
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Dec 16 14:37:00 2020 +0000
Fix backing off display
commit 27443a93855aa60a49806ecabbf9b09f818301bd
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Dec 16 14:28:43 2020 +0000
Add some destination queue metrics
* Add RoomInfo cache, remove RoomServerRoomNID cache, ensure caches are thread-safe
* Don't panic if the roomInfo isn't known yet
* LRU package is already threadsafe
* Use RoomInfo cache to find room version if possible in Events()
* Adding comments about RoomInfoCache safety
* Hit the database far less to find room NIDs for event NIDs
* Close the rows
* Fix SQLite selectRoomNIDsForEventNIDsSQL
* Give same treatment to room version lookups
* Give read recipts their own database sequence
* Give receipts their own stream ID
* Change migration names
* Reset sequences
* Add max receipt queries, missing stream_id table entry for SQLite
* Don't bail so quickly in fetchMissingStateEvents
* Don't recalculate event IDs so often in sync API
* Add comments
* Fix comments
* Update to matrix-org/gomatrixserverlib@eb6a890
* Refactor federation sender, again
* Clean up better
* Missing operators
* Try to get overflowed events from database
* Fix queries
* Log less
* Comments
* nil PDUs/EDUs shouldn't happen but guard against them for safety
* Tweak logging
* Fix transaction coalescing
* Update comments
* Check nils more
* Remove channels as they add extra complexity and possibly will deadlock
* Don't hold lock while sending transaction
* Less spam about sleeping queues
* Comments
* Bug-fixing
* Don't try to rehydrate twice
* Don't queue in memory for blacklisted destinations
* Don't queue in memory for blacklisted destinations
* Fix a couple of bugs
* Check for duplicates when pulling things out of the database
* Durable transactions, some more refactoring
* Revert "Durable transactions, some more refactoring"
This reverts commit 5daf924eaa.
* Fix deadlock
* Update GMSL
* Add MSC2836EventRelationships to fedsender
* Call MSC2836EventRelationships in reqCtx
* auth remote servers
* Extract room ID and servers from previous events; refactor a bit
* initial cut of federated threading
* Use the right client/fed struct in the response
* Add QueryAuthChain for use with MSC2836
* Add auth chain to federated response
* Fix pointers
* under CI: more logging and enable mscs, nil fix
* Handle direction: up
* Actually send message events to the roomserver..
* Add children and children_hash to unsigned, with tests
* Add logic for exploring threads and tracking children; missing storage functions
* Implement storage functions for children
* Add fetchUnknownEvent
* Do federated hits for include_children if we have unexplored children
* Use /ev_rel rather than /event as the former includes child metadata
* Remove cross-room threading impl
* Enable MSC2836 in the p2p demo
* Namespace mscs db
* Enable msc2836 for ygg
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Don't recalculate event IDs so often
* Revert invite change
* Make sure we're using the right NIDs
* Update gomatrixserverlib
* Update to NewEventFromTrustedJSONWithEventID
* Fix go.mod
* Update gomatrixserverlib to matrix-org/gomatrixserverlib#243
* Use BulkSelectEventID
* Created polylith reverse proxy sample for Hiawatha
* Create monolith-sample.conf
* Added timeout to proxies and binding explanation.
* Fixed typo.
* Consistency with regards to polylith-sample.conf.