maxmustermann/synapse
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
18349 commits 636 branches 519 tags 164 MiB
Commit graph

238 commits

Author SHA1 Message Date
Tdxdxoz abd04b6af0
Allow existing users to login via OpenID Connect. (#8345) 
Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com>

This adds configuration flags that will match a user to pre-existing users
when logging in via OpenID Connect. This is useful when switching to
an existing SSO system.
 2020-09-25 07:01:45 -04:00
Patrick Cloke 6605470bfb
Improve SAML error messages (#8248) 2020-09-14 09:05:36 -04:00
Andrew Morgan a3a90ee031
Show a confirmation page during user password reset (#8004) 
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.

This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
 2020-09-10 11:45:12 +01:00
Andrew Morgan 094896a69d
Add a config option for validating 'next_link' parameters against a domain whitelist (#8275) 
This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285

They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.

This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.

This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
 2020-09-08 16:03:09 +01:00
Brendan Abolivier 420484a334
Allow capping a room's retention policy (#8104) 2020-08-24 18:21:04 +01:00
Andrew Morgan e04e465b4d
Use the default templates when a custom template file cannot be found (#8037) 
Fixes https://github.com/matrix-org/synapse/issues/6583
 2020-08-17 17:05:00 +01:00
Richard van der Hoff 0cb169900e
Implement login blocking based on SAML attributes (#8052) 
Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the
error handling.

Fixes #8047
 2020-08-11 16:08:10 +01:00
Erik Johnston faba873d4b Merge branch 'develop' of github.com:matrix-org/synapse into erikj/add_rate_limiting_to_joins 2020-07-31 15:07:01 +01:00
Erik Johnston 18de00adb4 Add ratelimiting on joins 2020-07-31 15:06:56 +01:00
Olivier Wilkinson (reivilibre) 3aa36b782c Merge branch 'master' into develop 2020-07-30 15:18:36 +01:00
Erik Johnston 2c1b9d6763
Update worker docs with recent enhancements (#7969) 2020-07-29 23:22:13 +01:00
Aaron Raimist 2184f61fae
Various improvements to the docs (#7899) 2020-07-29 10:35:44 -04:00
lugino-emeritus 3857de2194
Option to allow server admins to join complex rooms (#7902) 
Fixes #7901.

Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
 2020-07-28 13:41:44 +01:00
Adrian 64d2280299
Fix a typo in the sample config. (#7890) 2020-07-20 13:42:52 -04:00
Andrew Morgan 5ecf98f59e
Change sample config's postgres user to synapse_user (#7889) 
The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`.

However, uncommenting the postgres defaults in the sample config leave you with user `synapse`.

This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.
 2020-07-20 18:29:25 +01:00
Patrick Cloke 852930add7
Add a default limit (of 100) to get/sync operations. (#7858) 2020-07-17 07:59:23 -04:00
Brendan Abolivier 85223106f3
Allow email subjects to be customised through Synapse's configuration (#7846) 2020-07-14 19:10:42 +01:00
Patrick Cloke 77d2c05410
Add the option to validate the iss and aud claims for JWT logins. (#7827) 2020-07-14 07:16:43 -04:00
Erik Johnston f299441cc6
Add ability to shard the federation sender (#7798) 2020-07-10 18:26:36 +01:00
Patrick Cloke 2a266f4511
Add documentation for JWT login type and improve sample config. (#7776) 2020-07-06 08:31:51 -04:00
Patrick Cloke 71cccf1593
Additional configuration options for auto-join rooms (#7763) 2020-06-30 15:41:36 -04:00
Richard van der Hoff e452973fd2
fix broken link in sample config (#7712) 2020-06-16 19:50:16 +01:00
Patrick Cloke b9df7f70bb
Increase the default SAML session expirary time to 15 minutes. (#7664) 2020-06-11 07:55:45 -04:00
wondratsch c746889bb0
fix typo in sample_config.yaml (#7652) 
Just a simple typo fix.

Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
 2020-06-11 11:51:10 +01:00
Andrew Morgan fcd6961441
Add option to enable encryption by default for new rooms (#7639) 
Fixes https://github.com/matrix-org/synapse/issues/2431

Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used.

Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637

Based on #7637
 2020-06-10 17:44:34 +01:00
Travis Ralston 09099313e6
Add an option to disable autojoin for guest accounts (#6637) 
Fixes https://github.com/matrix-org/synapse/issues/3177
 2020-06-05 18:18:15 +01:00
Richard van der Hoff 11de843626
Cleanups to the OpenID Connect integration (#7628) 
docs, default configs, comments. Nothing very significant.
 2020-06-03 21:13:17 +01:00
Richard van der Hoff 1bbc9e2df6
Clean up exception handling in SAML2ResponseResource (#7614) 
* Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string

* Clean up exception handling in SAML2ResponseResource

  * use the existing code in `return_html_error` instead of re-implementing it
    (giving it a jinja2 template rather than inventing a new form of template)

  * do the exception-catching in the REST layer rather than in the handler
    layer, to make sure we catch all exceptions.
 2020-06-03 10:41:12 +01:00
Jason Robinson 4be968d05d
Fix sample config docs error (#7581) 
'client_auth_method' commented out value was erronously 'client_auth_basic',
when code and docstring says it should be 'client_secret_basic'.

Signed-off-by: Jason Robinson <jasonr@matrix.org>
 2020-05-27 13:52:18 +01:00
Erik Johnston d7d8a2e7ee Fix up comments 2020-05-27 13:34:46 +01:00
Erik Johnston 4ba55559ac
Fix specifying cache factors via env vars with * in name. (#7580) 
This mostly applise to `*stateGroupCache*` and co.

Broke in #6391.
 2020-05-27 13:17:01 +01:00
Richard van der Hoff 66a564c859
Fix some DETECTED VIOLATIONS in the config file (#7550) 
consistency ftw
 2020-05-22 10:11:50 +01:00
Amber Brown 7cb8b4bc67
Allow configuration of Synapse's cache without using synctl or environment variables (#6391) 2020-05-11 18:45:23 +01:00
Andrew Morgan 67feea8044
Extend spam checker to allow for multiple modules (#7435) 2020-05-08 19:25:48 +01:00
Quentin Gliech 616af44137
Implement OpenID Connect-based login (#7256) 2020-05-08 08:30:40 -04:00
Brendan Abolivier d9b8d27494
Add a configuration setting for the dummy event threshold (#7422) 
Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
 2020-05-07 10:35:23 +01:00
Patrick Cloke 7bfe0902ce
Add documentation to the sample config about the templates for SSO. (#7343) 2020-04-24 15:03:49 -04:00
Brendan Abolivier 2e3b9a0fcb
Revert "Revert "Merge pull request #7315 from matrix-org/babolivier/request_token"" 
This reverts commit 1adf6a5587.
 2020-04-23 11:23:53 +02:00
Lars Franke 13917232d5
Fix indention in generated config file (#7300) 
Also adjust sample_config.yaml

Signed-off-by: Lars Franke <frcl@mailbox.org>
 2020-04-20 16:51:27 +01:00
Tristan Lins c07fca9e2f
Clarify the comments for media_storage_providers options (#7272) 2020-04-17 07:09:33 -04:00
Andrew Morgan a48138784e
Allow specifying the value of Accept-Language header for URL previews (#7265) 2020-04-15 13:35:29 +01:00
Andrew Morgan 29b7e22b93
Add documentation to password_providers config option (#7238) 2020-04-08 00:46:50 +01:00
Martin Milata b0db928c63
Extend web_client_location to handle absolute URLs (#7006) 
Log warning when filesystem path is used.

Signed-off-by: Martin Milata <martin@martinmilata.cz>
 2020-04-03 11:57:34 -04:00
Andrew Morgan d9f29f8dae
Fix a small typo in the metrics_flags config option. (#7171) 2020-03-30 17:38:21 +01:00
Richard van der Hoff b7da598a61 Always whitelist the login fallback for SSO (#7153) 
That fallback sets the redirect URL to itself (so it can process the login
token then return gracefully to the client). This would make it pointless to
ask the user for confirmation, since the URL the confirmation page would be
showing wouldn't be the client's.
 2020-03-27 20:24:52 +00:00
Dirk Klimpel 8327eb9280
Add options to prevent users from changing their profile. (#7096) 2020-03-27 19:15:23 +00:00
Dirk Klimpel e8e2ddb60a
Allow server admins to define and enforce a password policy (MSC2000). (#7118) 2020-03-26 16:51:13 +00:00
Aaron Raimist 6ca5e56fd1
Remove unused captcha_bypass_secret option (#7137) 
Signed-off-by: Aaron Raimist <aaron@raim.ist>
 2020-03-25 17:49:34 +00:00
Richard van der Hoff c165c1233b
Improve database configuration docs (#6988) 
Attempts to clarify the sample config for databases, and add some stuff about
tcp keepalives to `postgres.md`.
 2020-03-20 15:24:22 +00:00
Richard van der Hoff 6a35046363 Revert "Add options to disable setting profile info for prevent changes. (#7053)" 
This reverts commit 54dd28621b, reversing
changes made to 6640460d05.
 2020-03-17 11:25:01 +00:00
Brendan Abolivier f9e98176bf
Put the file in the templates directory 2020-03-11 20:31:42 +00:00
Brendan Abolivier 900bca9707
Update wording and config 2020-03-11 19:40:30 +00:00
Brendan Abolivier 54dd28621b
Add options to disable setting profile info for prevent changes. (#7053) 2020-03-10 22:23:01 +00:00
Dirk Klimpel 751d51dd12
Update sample_config.yaml 2020-03-10 21:41:25 +01:00
Brendan Abolivier 51c094c4ac
Update sample config 2020-03-10 14:00:29 +00:00
dklimpel 885134529f updates after review 2020-03-09 22:09:29 +01:00
dklimpel 99bbe177b6 add disable_3pid_changes 2020-03-08 21:58:12 +01:00
dklimpel 20545a2199 lint2 2020-03-08 15:28:00 +01:00
dklimpel fb078f921b changelog 2020-03-08 15:19:07 +01:00
Brendan Abolivier 43f874055d
Merge branch 'master' into develop 2020-03-03 15:20:49 +00:00
Richard van der Hoff b68041df3d Add a whitelist for the SSO confirmation step. 2020-03-02 17:05:09 +00:00
Brendan Abolivier b2bd54a2e3 Add a confirmation step to the SSO login flow 2020-03-02 16:36:32 +00:00
Richard van der Hoff 4c2ed3f20e
Fix minor issues with email config (#6962) 
* Give `notif_template_html`, `notif_template_text` default values (fixes #6960)
 * Don't complain if `smtp_host` and `smtp_port` are unset, since they have sensible defaults (fixes #6961)
 * Set the example for `enable_notifs` to `True`, for consistency and because it's more useful
 * Raise errors as ConfigError rather than RuntimeError for nicer formatting
 2020-02-24 15:18:38 +00:00
Brendan Abolivier d484126bf7
Merge pull request #6907 from matrix-org/babolivier/acme-config 
Add mention and warning about ACME v1 deprecation to the TLS config
 2020-02-18 16:11:31 +00:00
Richard van der Hoff 97a42bbc3a
Add a warning about indentation to generated config (#6920) 
Fixes #6916.
 2020-02-14 16:22:30 +00:00
Brendan Abolivier 5820ed905f
Add mention and warning about ACME v1 deprecation to the Synapse config 2020-02-13 14:20:08 +00:00
Richard van der Hoff 5ce0b17e38
Clarify the account_validity and email sections of the sample configuration. (#6685) 
Generally try to make this more comprehensible, and make it match the
conventions.

I've removed the documentation for all the settings which allow you to change
the names of the template files, because I can't really see why they are
useful.
 2020-01-17 10:04:15 +00:00
Brendan Abolivier 2b6b7f482a
Merge pull request #6621 from matrix-org/babolivier/purge_job_config_typo 
Fix a typo in the purge jobs configuration example
 2020-01-07 16:17:40 +01:00
Brendan Abolivier 391fb47791
Reword 2020-01-07 14:54:32 +00:00
Brendan Abolivier 3a86477162
Change the example from 5min to 12h 
Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
 2020-01-07 14:53:07 +00:00
Richard van der Hoff 98247c4a0e
Remove unused, undocumented "content repo" resource (#6628) 
This looks like it got half-killed back in #888.

Fixes #6567.
 2020-01-03 17:10:52 +00:00
Brendan Abolivier dd2954f78d
Update sample config 2020-01-03 12:58:12 +01:00
Richard van der Hoff b95b762560
Add an export_signing_key script (#6546) 
I want to do some key rotation, and it is silly that we don't have a way to do
this.
 2019-12-19 11:11:14 +00:00
Will Hunt bfb95654c9 Add option to allow profile queries without sharing a room (#6523) 2019-12-16 16:11:55 +00:00
Andrew Morgan 4947de5a14
Allow SAML username provider plugins (#6411) 2019-12-10 17:30:16 +00:00
Neil Johnson cb0aeb147e
privacy by default for room dir (#6355) 
Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
 2019-12-04 09:46:16 +00:00
Richard van der Hoff c48ea98007
Clarifications for the email configuration settings. (#6423) 
Cf #6422
 2019-11-28 09:29:18 +00:00
Brendan Abolivier 9e937c28ee Merge branch 'develop' into babolivier/message_retention 2019-11-26 17:53:57 +00:00
Andrew Morgan 473acedcdd Merge branch 'develop' of github.com:matrix-org/synapse into anoa/homeserver_copy 
* 'develop' of github.com:matrix-org/synapse:
  Blacklist PurgeRoomTestCase (#6361)
  Set room version default to 5
 2019-11-14 10:26:27 +00:00
Brendan Abolivier a42567e4a8
Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5 
Set room version default to 5
 2019-11-14 10:21:00 +00:00
Andrew Morgan e1648dc576 sample config 2019-11-12 13:15:59 +00:00
Brendan Abolivier 09957ce0e4
Implement per-room message retention policies 2019-11-04 17:09:22 +00:00
Andrew Morgan 46c12918ad
Fix typo in domain name in account_threepid_delegates config option (#6273) 2019-10-30 11:07:42 +00:00
Neil Johnson 2794b79052 Option to suppress resource exceeded alerting (#6173) 
The expected use case is to suppress MAU limiting on small instances
 2019-10-24 11:48:46 +01:00
Andrew Morgan 409c62b27b
Add config linting script that checks for bool casing (#6203) 
Add a linting script that enforces all boolean values in the default config be lowercase.

This has annoyed me for a while so I decided to fix it.
 2019-10-23 13:22:54 +01:00
Neil Johnson 82c8799ec7 Set room version default to 5 2019-10-19 09:06:15 +01:00
Valérian Rousset be9b55e0d2 cas: support setting display name (#6114) 
Now, the CAS server can return an attribute stating what's the desired displayname, instead of using the username directly.
 2019-10-11 12:33:12 +01:00
Erik Johnston 3423633d50 Fix 'redaction_retention_period' sampel config to match guidelines 2019-09-26 16:43:52 +01:00
Neil Johnson 8b8f8c7b3c Explicitly log when a homeserver does not have a trusted key server configured (#6090) 2019-09-26 12:57:01 +01:00
Erik Johnston 4fb3c129aa Merge branch 'develop' of github.com:matrix-org/synapse into erikj/cleanup_user_ips_2 2019-09-25 17:53:13 +01:00
Erik Johnston 39b50ad42a Review comments 2019-09-25 17:22:33 +01:00
Erik Johnston 242017db8b Prune rows in user_ips older than configured period 
Defaults to pruning everything older than 28d.
 2019-09-24 15:53:17 +01:00
Richard van der Hoff ed8b92f0d2 Merge remote-tracking branch 'origin/develop' into rav/saml_mapping_work 2019-09-24 12:57:32 +01:00
Andrew Morgan 50776261e1 Add submit_url response parameter to msisdn /requestToken (#6079) 
Second part of solving #6076
Fixes #6076

We return a submit_url parameter on calls to POST */msisdn/requestToken so that clients know where to submit token information to.
 2019-09-23 21:21:03 +01:00
Richard van der Hoff 78e8ec368e
Merge pull request #6064 from matrix-org/rav/saml_config_cleanup 
Make the sample saml config closer to our standards
 2019-09-23 20:36:51 +01:00
Andrew Morgan e08ea43463 Use the federation blacklist for requests to untrusted Identity Servers (#6000) 
Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses.

Fixes #5935
 2019-09-23 20:23:20 +01:00
Andrew Morgan df3401a71d
Allow HS to send emails when adding an email to the HS (#6042) 2019-09-20 15:21:30 +01:00
Richard van der Hoff b65327ff66 Merge branch 'develop' into rav/saml_mapping_work 2019-09-19 18:13:31 +01:00
Richard van der Hoff b789c7eb03 Merge branch 'develop' into rav/saml_config_cleanup 2019-09-19 15:05:31 +01:00
Jorik Schellekens 38fd1f8e3f Fix typo in account_threepid_delegates config (#6028) 2019-09-18 22:30:44 +01:00