Merge branch 'release-v1.5.0' of github.com:matrix-org/synapse into matrix-org-hotfixes

2019-10-29 12:18:44 +00:00 · 2019-10-29 12:18:44 +00:00 · 33b4aa8d99
parent 627cf5def8 1652c8c1fc
commit 33b4aa8d99
12 changed files with 56 additions and 17 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,21 @@
+Synapse 1.5.0rc2 (2019-10-28)
+=============================
+
+Bugfixes
+--------
+
+- Update list of boolean columns in `synapse_port_db`. ([\#6247](https://github.com/matrix-org/synapse/issues/6247))
+- Fix /keys/query API on workers. ([\#6256](https://github.com/matrix-org/synapse/issues/6256))
+- Improve signature checking on some federation APIs. ([\#6262](https://github.com/matrix-org/synapse/issues/6262))
+
+
+Internal Changes
+----------------
+
+- Move schema delta files to the correct data store. ([\#6248](https://github.com/matrix-org/synapse/issues/6248))
+- Small performance improvement by removing repeated config lookups in room stats calculation. ([\#6255](https://github.com/matrix-org/synapse/issues/6255))
+
+
 Synapse 1.5.0rc1 (2019-10-24)
 ==========================

--- a/changelog.d/6247.bugfix
+++ b/changelog.d/6247.bugfix
@ -1 +0,0 @@
-Update list of boolean columns in `synapse_port_db`.
--- a/changelog.d/6248.misc
+++ b/changelog.d/6248.misc
@ -1 +0,0 @@
-Move schema delta files to the correct data store.
--- a/changelog.d/6255.misc
+++ b/changelog.d/6255.misc
@ -1 +0,0 @@
-Small performance improvement by removing repeated config lookups in room stats calculation.
--- a/changelog.d/6256.bugfix
+++ b/changelog.d/6256.bugfix
@ -1 +0,0 @@
-Fix /keys/query API on workers.
--- a/changelog.d/6286.bugfix
+++ b/changelog.d/6286.bugfix
@ -0,0 +1 @@
+Fix bug where room directory search was case sensitive.
--- a/synapse/init.py
+++ b/synapse/init.py
@ -36,7 +36,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.5.0rc1"
+__version__ = "1.5.0rc2"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@ -278,9 +278,7 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
            pdu_to_check.sender_domain,
            e.getErrorMessage(),
        )
-        # XX not really sure if these are the right codes, but they are what
-        # we've done for ages
-        raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)
+        raise SynapseError(403, errmsg, Codes.FORBIDDEN)

    for p, d in zip(pdus_to_check_sender, more_deferreds):
        d.addErrback(sender_err, p)
@ -314,8 +312,7 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
                "event id %s: unable to verify signature for event id domain: %s"
                % (pdu_to_check.pdu.event_id, e.getErrorMessage())
            )
-            # XX as above: not really sure if these are the right codes
-            raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)
+            raise SynapseError(403, errmsg, Codes.FORBIDDEN)

        for p, d in zip(pdus_to_check_event_id, more_deferreds):
            d.addErrback(event_err, p)
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@ -370,6 +370,7 @@ class FederationServer(FederationBase):
        pdu = event_from_pdu_json(content, format_ver)
        origin_host, _ = parse_server_name(origin)
        yield self.check_server_matches_acl(origin_host, pdu.room_id)
+        pdu = yield self._check_sigs_and_hash(room_version, pdu)
        ret_pdu = yield self.handler.on_invite_request(origin, pdu)
        time_now = self._clock.time_msec()
        return {"event": ret_pdu.get_pdu_json(time_now)}
@ -386,6 +387,9 @@ class FederationServer(FederationBase):
        yield self.check_server_matches_acl(origin_host, pdu.room_id)

        logger.debug("on_send_join_request: pdu sigs: %s", pdu.signatures)
+
+        pdu = yield self._check_sigs_and_hash(room_version, pdu)
+
        res_pdus = yield self.handler.on_send_join_request(origin, pdu)
        time_now = self._clock.time_msec()
        return (
@ -421,6 +425,9 @@ class FederationServer(FederationBase):
        yield self.check_server_matches_acl(origin_host, pdu.room_id)

        logger.debug("on_send_leave_request: pdu sigs: %s", pdu.signatures)
+
+        pdu = yield self._check_sigs_and_hash(room_version, pdu)
+
        yield self.handler.on_send_leave_request(origin, pdu)
        return 200, {}

--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -1222,7 +1222,6 @@ class FederationHandler(BaseHandler):
        Returns:
            Deferred[FrozenEvent]
        """
-
        if get_domain_from_id(user_id) != origin:
            logger.info(
                "Got /make_join request for user %r from different origin %s, ignoring",
@ -1280,11 +1279,20 @@ class FederationHandler(BaseHandler):
        event = pdu

        logger.debug(
-            "on_send_join_request: Got event: %s, signatures: %s",
+            "on_send_join_request from %s: Got event: %s, signatures: %s",
+            origin,
            event.event_id,
            event.signatures,
        )

+        if get_domain_from_id(event.sender) != origin:
+            logger.info(
+                "Got /send_join request for user %r from different origin %s",
+                event.sender,
+                origin,
+            )
+            raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
+
        event.internal_metadata.outlier = False
        # Send this event on behalf of the origin server.
        #
@ -1503,6 +1511,14 @@ class FederationHandler(BaseHandler):
            event.signatures,
        )

+        if get_domain_from_id(event.sender) != origin:
+            logger.info(
+                "Got /send_leave request for user %r from different origin %s",
+                event.sender,
+                origin,
+            )
+            raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
+
        event.internal_metadata.outlier = False

        context = yield self._handle_new_event(origin, event)
--- a/synapse/storage/data_stores/main/room.py
+++ b/synapse/storage/data_stores/main/room.py
@ -201,13 +201,17 @@ class RoomWorkerStore(SQLBaseStore):
            where_clauses.append(
                """
                    (
-                        name LIKE ?
-                        OR topic LIKE ?
-                        OR canonical_alias LIKE ?
+                        LOWER(name) LIKE ?
+                        OR LOWER(topic) LIKE ?
+                        OR LOWER(canonical_alias) LIKE ?
                    )
                """
            )
-            query_args += [search_term, search_term, search_term]
+            query_args += [
+                search_term.lower(),
+                search_term.lower(),
+                search_term.lower(),
+            ]

        where_clause = ""
        if where_clauses:
--- a/tox.ini
+++ b/tox.ini
@ -114,7 +114,7 @@ skip_install = True
 basepython = python3.6
 deps =
    flake8
-    black
+    black==19.3b0  # We pin so that our tests don't start failing on new releases of black.
 commands =
    python -m black --check --diff .
    /bin/sh -c "flake8 synapse tests scripts scripts-dev scripts/hash_password scripts/register_new_matrix_user scripts/synapse_port_db synctl {env:PEP8SUFFIX:}"
				`@ -1 +0,0 @@`
				Update list of boolean columns in `synapse_port_db`.
				`@ -1 +0,0 @@`
				`Move schema delta files to the correct data store.`
				`@ -1 +0,0 @@`
				`Small performance improvement by removing repeated config lookups in room stats calculation.`
				`@ -0,0 +1 @@`
				`Fix bug where room directory search was case sensitive.`