This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.
I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
=============================
Internal Changes
----------------
- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEv27Axt/F4vrTL/8QOSor00I9eP8FAlzMgZwACgkQOSor00I9
eP8Pxgf7BtwM5LrC/xGFKkE62U7bX4jE5EJ9gt+keN9+l5hnB75nBzyXpk0FY/CO
lWOWeT3S0Nfkx5CqVjZ9I9Q83W3CAzcRO6Og3w4QRieoW74T/biCizIsYxHSjgeA
LzwdGMMRtcoccxvi9uNgJID2LNsVHazNUKuGJNoqCXeeCkmmunSHbAb8TI9Cz7mU
0Ul8oZV8zoOaf/Nzzh7WJJ+YsxprfGmUVD1ssWYzZvGotPw/wdAhlJJA3pzjAeBZ
o94q/IMvA7baTEBUzAzMcJCEfxEueA9j/93eYJ4/dQcS6sqMN2GMTTaiXthkf2vQ
9w+SgbvJqQG14lTJqPOYTHS1oud6PA==
=3ooI
-----END PGP SIGNATURE-----
Merge tag 'v0.99.3.2'
Synapse 0.99.3.2 (2019-05-03)
=============================
Internal Changes
----------------
- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
psycopg 2.8 is now out, which means that the C library gets built from source,
so we now need libpq-dev when building.
Turns out the need for this package is already documented in
docs/postgres.rst.
