Merge branch 'release-v1.44' into matrix-org-hotfixes
This commit is contained in:
commit
ebbd37b66d
16
CHANGES.md
16
CHANGES.md
|
@ -1,3 +1,19 @@
|
|||
Synapse 1.44.0rc2 (2021-09-30)
|
||||
==============================
|
||||
|
||||
Bugfixes
|
||||
--------
|
||||
|
||||
- Fix a bug introduced in v1.44.0rc1 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error. ([\#10938](https://github.com/matrix-org/synapse/issues/10938))
|
||||
- Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services. ([\#10944](https://github.com/matrix-org/synapse/issues/10944))
|
||||
|
||||
|
||||
Improved Documentation
|
||||
----------------------
|
||||
|
||||
- Minor updates to the installation instructions. ([\#10919](https://github.com/matrix-org/synapse/issues/10919))
|
||||
|
||||
|
||||
Synapse 1.44.0rc1 (2021-09-29)
|
||||
==============================
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
Minor updates to the installation instructions.
|
1
changelog.d/10933.bugfix
Normal file
1
changelog.d/10933.bugfix
Normal file
|
@ -0,0 +1 @@
|
|||
Fix a bug introduced in Synapse v1.40.0 where changing a user's display name or avatar in a restricted room would cause an authentication error.
|
|
@ -1 +0,0 @@
|
|||
Fix bug introduced in Synapse 1.44 which caused the experimental [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint to return a 500 error.
|
|
@ -1 +0,0 @@
|
|||
Fix a bug introduced in v1.44.0rc1 which prevented sending presence events to application services.
|
1
changelog.d/10968.bugfix
Normal file
1
changelog.d/10968.bugfix
Normal file
|
@ -0,0 +1 @@
|
|||
Fix `/admin/whois/{user_id}` endpoint, which was broken in v1.44.0rc1.
|
6
debian/changelog
vendored
6
debian/changelog
vendored
|
@ -1,3 +1,9 @@
|
|||
matrix-synapse-py3 (1.44.0~rc2) stable; urgency=medium
|
||||
|
||||
* New synapse release 1.44.0~rc2.
|
||||
|
||||
-- Synapse Packaging team <packages@matrix.org> Thu, 30 Sep 2021 12:39:10 +0100
|
||||
|
||||
matrix-synapse-py3 (1.44.0~rc1) stable; urgency=medium
|
||||
|
||||
* New synapse release 1.44.0~rc1.
|
||||
|
|
|
@ -47,7 +47,7 @@ try:
|
|||
except ImportError:
|
||||
pass
|
||||
|
||||
__version__ = "1.44.0rc1"
|
||||
__version__ = "1.44.0rc2"
|
||||
|
||||
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
|
||||
# We import here so that we don't have to install a bunch of deps when
|
||||
|
|
|
@ -217,6 +217,9 @@ class EventContentFields:
|
|||
# For "marker" events
|
||||
MSC2716_MARKER_INSERTION = "org.matrix.msc2716.marker.insertion"
|
||||
|
||||
# The authorising user for joining a restricted room.
|
||||
AUTHORISING_USER = "join_authorised_via_users_server"
|
||||
|
||||
|
||||
class RoomTypes:
|
||||
"""Understood values of the room_type field of m.room.create events."""
|
||||
|
|
|
@ -115,11 +115,11 @@ def check(
|
|||
is_invite_via_allow_rule = (
|
||||
event.type == EventTypes.Member
|
||||
and event.membership == Membership.JOIN
|
||||
and "join_authorised_via_users_server" in event.content
|
||||
and EventContentFields.AUTHORISING_USER in event.content
|
||||
)
|
||||
if is_invite_via_allow_rule:
|
||||
authoriser_domain = get_domain_from_id(
|
||||
event.content["join_authorised_via_users_server"]
|
||||
event.content[EventContentFields.AUTHORISING_USER]
|
||||
)
|
||||
if not event.signatures.get(authoriser_domain):
|
||||
raise AuthError(403, "Event not signed by authorising server")
|
||||
|
@ -381,7 +381,9 @@ def _is_membership_change_allowed(
|
|||
# Note that if the caller is in the room or invited, then they do
|
||||
# not need to meet the allow rules.
|
||||
if not caller_in_room and not caller_invited:
|
||||
authorising_user = event.content.get("join_authorised_via_users_server")
|
||||
authorising_user = event.content.get(
|
||||
EventContentFields.AUTHORISING_USER
|
||||
)
|
||||
|
||||
if authorising_user is None:
|
||||
raise AuthError(403, "Join event is missing authorising user.")
|
||||
|
@ -836,10 +838,10 @@ def auth_types_for_event(
|
|||
auth_types.add(key)
|
||||
|
||||
if room_version.msc3083_join_rules and membership == Membership.JOIN:
|
||||
if "join_authorised_via_users_server" in event.content:
|
||||
if EventContentFields.AUTHORISING_USER in event.content:
|
||||
key = (
|
||||
EventTypes.Member,
|
||||
event.content["join_authorised_via_users_server"],
|
||||
event.content[EventContentFields.AUTHORISING_USER],
|
||||
)
|
||||
auth_types.add(key)
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ def prune_event_dict(room_version: RoomVersion, event_dict: dict) -> dict:
|
|||
if event_type == EventTypes.Member:
|
||||
add_fields("membership")
|
||||
if room_version.msc3375_redaction_rules:
|
||||
add_fields("join_authorised_via_users_server")
|
||||
add_fields(EventContentFields.AUTHORISING_USER)
|
||||
elif event_type == EventTypes.Create:
|
||||
# MSC2176 rules state that create events cannot be redacted.
|
||||
if room_version.msc2176_redaction_rules:
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
import logging
|
||||
from collections import namedtuple
|
||||
|
||||
from synapse.api.constants import MAX_DEPTH, EventTypes, Membership
|
||||
from synapse.api.constants import MAX_DEPTH, EventContentFields, EventTypes, Membership
|
||||
from synapse.api.errors import Codes, SynapseError
|
||||
from synapse.api.room_versions import EventFormatVersions, RoomVersion
|
||||
from synapse.crypto.event_signing import check_event_content_hash
|
||||
|
@ -184,10 +184,10 @@ async def _check_sigs_on_pdu(
|
|||
room_version.msc3083_join_rules
|
||||
and pdu.type == EventTypes.Member
|
||||
and pdu.membership == Membership.JOIN
|
||||
and "join_authorised_via_users_server" in pdu.content
|
||||
and EventContentFields.AUTHORISING_USER in pdu.content
|
||||
):
|
||||
authorising_server = get_domain_from_id(
|
||||
pdu.content["join_authorised_via_users_server"]
|
||||
pdu.content[EventContentFields.AUTHORISING_USER]
|
||||
)
|
||||
try:
|
||||
await keyring.verify_event_for_server(
|
||||
|
|
|
@ -37,7 +37,7 @@ from typing import (
|
|||
import attr
|
||||
from prometheus_client import Counter
|
||||
|
||||
from synapse.api.constants import EventTypes, Membership
|
||||
from synapse.api.constants import EventContentFields, EventTypes, Membership
|
||||
from synapse.api.errors import (
|
||||
CodeMessageException,
|
||||
Codes,
|
||||
|
@ -875,9 +875,9 @@ class FederationClient(FederationBase):
|
|||
# If the join is being authorised via allow rules, we need to send
|
||||
# the /send_join back to the same server that was originally used
|
||||
# with /make_join.
|
||||
if "join_authorised_via_users_server" in pdu.content:
|
||||
if EventContentFields.AUTHORISING_USER in pdu.content:
|
||||
destinations = [
|
||||
get_domain_from_id(pdu.content["join_authorised_via_users_server"])
|
||||
get_domain_from_id(pdu.content[EventContentFields.AUTHORISING_USER])
|
||||
]
|
||||
|
||||
return await self._try_destination_list(
|
||||
|
|
|
@ -34,7 +34,7 @@ from twisted.internet import defer
|
|||
from twisted.internet.abstract import isIPAddress
|
||||
from twisted.python import failure
|
||||
|
||||
from synapse.api.constants import EduTypes, EventTypes, Membership
|
||||
from synapse.api.constants import EduTypes, EventContentFields, EventTypes, Membership
|
||||
from synapse.api.errors import (
|
||||
AuthError,
|
||||
Codes,
|
||||
|
@ -765,11 +765,11 @@ class FederationServer(FederationBase):
|
|||
if (
|
||||
room_version.msc3083_join_rules
|
||||
and event.membership == Membership.JOIN
|
||||
and "join_authorised_via_users_server" in event.content
|
||||
and EventContentFields.AUTHORISING_USER in event.content
|
||||
):
|
||||
# We can only authorise our own users.
|
||||
authorising_server = get_domain_from_id(
|
||||
event.content["join_authorised_via_users_server"]
|
||||
event.content[EventContentFields.AUTHORISING_USER]
|
||||
)
|
||||
if authorising_server != self.server_name:
|
||||
raise SynapseError(
|
||||
|
|
|
@ -27,7 +27,12 @@ from unpaddedbase64 import decode_base64
|
|||
from twisted.internet import defer
|
||||
|
||||
from synapse import event_auth
|
||||
from synapse.api.constants import EventTypes, Membership, RejectedReason
|
||||
from synapse.api.constants import (
|
||||
EventContentFields,
|
||||
EventTypes,
|
||||
Membership,
|
||||
RejectedReason,
|
||||
)
|
||||
from synapse.api.errors import (
|
||||
AuthError,
|
||||
CodeMessageException,
|
||||
|
@ -712,7 +717,7 @@ class FederationHandler(BaseHandler):
|
|||
|
||||
if include_auth_user_id:
|
||||
event_content[
|
||||
"join_authorised_via_users_server"
|
||||
EventContentFields.AUTHORISING_USER
|
||||
] = await self._event_auth_handler.get_user_which_could_invite(
|
||||
room_id,
|
||||
state_ids,
|
||||
|
|
|
@ -593,6 +593,14 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
|||
errcode=Codes.BAD_JSON,
|
||||
)
|
||||
|
||||
# The event content should *not* include the authorising user as
|
||||
# it won't be properly signed. Strip it out since it might come
|
||||
# back from a client updating a display name / avatar.
|
||||
#
|
||||
# This only applies to restricted rooms, but there should be no reason
|
||||
# for a client to include it. Unconditionally remove it.
|
||||
content.pop(EventContentFields.AUTHORISING_USER, None)
|
||||
|
||||
effective_membership_state = action
|
||||
if action in ["kick", "unban"]:
|
||||
effective_membership_state = "leave"
|
||||
|
@ -959,7 +967,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
|||
# be included in the event content in order to efficiently validate
|
||||
# the event.
|
||||
content[
|
||||
"join_authorised_via_users_server"
|
||||
EventContentFields.AUTHORISING_USER
|
||||
] = await self.event_auth_handler.get_user_which_could_invite(
|
||||
room_id,
|
||||
current_state_ids,
|
||||
|
|
|
@ -591,8 +591,8 @@ class ClientIpStore(ClientIpWorkerStore):
|
|||
)
|
||||
|
||||
results.update(
|
||||
((row["access_token"], row["ip"]), (row["user_agent"], row["last_seen"]))
|
||||
for row in rows
|
||||
((access_token, ip), (user_agent, last_seen))
|
||||
for access_token, ip, user_agent, last_seen in rows
|
||||
)
|
||||
return [
|
||||
{
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from synapse.api.constants import EventContentFields
|
||||
from synapse.api.room_versions import RoomVersions
|
||||
from synapse.events import make_event_from_dict
|
||||
from synapse.events.utils import (
|
||||
|
@ -352,7 +353,7 @@ class PruneEventTestCase(unittest.TestCase):
|
|||
"event_id": "$test:domain",
|
||||
"content": {
|
||||
"membership": "join",
|
||||
"join_authorised_via_users_server": "@user:domain",
|
||||
EventContentFields.AUTHORISING_USER: "@user:domain",
|
||||
"other_key": "stripped",
|
||||
},
|
||||
},
|
||||
|
@ -372,7 +373,7 @@ class PruneEventTestCase(unittest.TestCase):
|
|||
"type": "m.room.member",
|
||||
"content": {
|
||||
"membership": "join",
|
||||
"join_authorised_via_users_server": "@user:domain",
|
||||
EventContentFields.AUTHORISING_USER: "@user:domain",
|
||||
"other_key": "stripped",
|
||||
},
|
||||
},
|
||||
|
@ -380,7 +381,7 @@ class PruneEventTestCase(unittest.TestCase):
|
|||
"type": "m.room.member",
|
||||
"content": {
|
||||
"membership": "join",
|
||||
"join_authorised_via_users_server": "@user:domain",
|
||||
EventContentFields.AUTHORISING_USER: "@user:domain",
|
||||
},
|
||||
"signatures": {},
|
||||
"unsigned": {},
|
||||
|
|
|
@ -15,9 +15,12 @@
|
|||
|
||||
from unittest.mock import Mock
|
||||
|
||||
from parameterized import parameterized
|
||||
|
||||
import synapse.rest.admin
|
||||
from synapse.http.site import XForwardedForRequest
|
||||
from synapse.rest.client import login
|
||||
from synapse.types import UserID
|
||||
|
||||
from tests import unittest
|
||||
from tests.server import make_request
|
||||
|
@ -143,6 +146,37 @@ class ClientIpStoreTestCase(unittest.HomeserverTestCase):
|
|||
],
|
||||
)
|
||||
|
||||
@parameterized.expand([(False,), (True,)])
|
||||
def test_get_user_ip_and_agents(self, after_persisting: bool):
|
||||
"""Test `get_user_ip_and_agents` for persisted and unpersisted data"""
|
||||
self.reactor.advance(12345678)
|
||||
|
||||
user_id = "@user:id"
|
||||
user = UserID.from_string(user_id)
|
||||
|
||||
# Insert a user IP
|
||||
self.get_success(
|
||||
self.store.insert_client_ip(
|
||||
user_id, "access_token", "ip", "user_agent", "MY_DEVICE"
|
||||
)
|
||||
)
|
||||
|
||||
if after_persisting:
|
||||
# Trigger the storage loop
|
||||
self.reactor.advance(10)
|
||||
|
||||
self.assertEqual(
|
||||
self.get_success(self.store.get_user_ip_and_agents(user)),
|
||||
[
|
||||
{
|
||||
"access_token": "access_token",
|
||||
"ip": "ip",
|
||||
"user_agent": "user_agent",
|
||||
"last_seen": 12345678000,
|
||||
},
|
||||
],
|
||||
)
|
||||
|
||||
@override_config({"limit_usage_by_mau": False, "max_mau_value": 50})
|
||||
def test_disabled_monthly_active_user(self):
|
||||
user_id = "@user:server"
|
||||
|
|
|
@ -16,6 +16,7 @@ import unittest
|
|||
from typing import Optional
|
||||
|
||||
from synapse import event_auth
|
||||
from synapse.api.constants import EventContentFields
|
||||
from synapse.api.errors import AuthError
|
||||
from synapse.api.room_versions import RoomVersions
|
||||
from synapse.events import EventBase, make_event_from_dict
|
||||
|
@ -380,7 +381,7 @@ class EventAuthTestCase(unittest.TestCase):
|
|||
authorised_join_event = _join_event(
|
||||
pleb,
|
||||
additional_content={
|
||||
"join_authorised_via_users_server": "@creator:example.com"
|
||||
EventContentFields.AUTHORISING_USER: "@creator:example.com"
|
||||
},
|
||||
)
|
||||
event_auth.check(
|
||||
|
@ -404,7 +405,7 @@ class EventAuthTestCase(unittest.TestCase):
|
|||
_join_event(
|
||||
pleb,
|
||||
additional_content={
|
||||
"join_authorised_via_users_server": "@inviter:foo.test"
|
||||
EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
|
||||
},
|
||||
),
|
||||
pl_auth_events,
|
||||
|
@ -431,7 +432,7 @@ class EventAuthTestCase(unittest.TestCase):
|
|||
_join_event(
|
||||
pleb,
|
||||
additional_content={
|
||||
"join_authorised_via_users_server": "@other:example.com"
|
||||
EventContentFields.AUTHORISING_USER: "@other:example.com"
|
||||
},
|
||||
),
|
||||
auth_events,
|
||||
|
@ -448,7 +449,7 @@ class EventAuthTestCase(unittest.TestCase):
|
|||
"join",
|
||||
sender=creator,
|
||||
additional_content={
|
||||
"join_authorised_via_users_server": "@inviter:foo.test"
|
||||
EventContentFields.AUTHORISING_USER: "@inviter:foo.test"
|
||||
},
|
||||
),
|
||||
auth_events,
|
||||
|
|
Loading…
Reference in a new issue