forked from MirrorHub/synapse
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/split_federation
This commit is contained in:
commit
ef184caf30
217 changed files with 2601 additions and 2756 deletions
48
.circleci/config.yml
Normal file
48
.circleci/config.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
version: 2
|
||||||
|
jobs:
|
||||||
|
sytestpy2:
|
||||||
|
machine: true
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- run: docker pull matrixdotorg/sytest-synapsepy2
|
||||||
|
- run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs matrixdotorg/sytest-synapsepy2
|
||||||
|
- store_artifacts:
|
||||||
|
path: ~/project/logs
|
||||||
|
destination: logs
|
||||||
|
sytestpy2postgres:
|
||||||
|
machine: true
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- run: docker pull matrixdotorg/sytest-synapsepy2
|
||||||
|
- run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs -e POSTGRES=1 matrixdotorg/sytest-synapsepy2
|
||||||
|
- store_artifacts:
|
||||||
|
path: ~/project/logs
|
||||||
|
destination: logs
|
||||||
|
sytestpy3:
|
||||||
|
machine: true
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- run: docker pull matrixdotorg/sytest-synapsepy3
|
||||||
|
- run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs hawkowl/sytestpy3
|
||||||
|
- store_artifacts:
|
||||||
|
path: ~/project/logs
|
||||||
|
destination: logs
|
||||||
|
sytestpy3postgres:
|
||||||
|
machine: true
|
||||||
|
steps:
|
||||||
|
- checkout
|
||||||
|
- run: docker pull matrixdotorg/sytest-synapsepy3
|
||||||
|
- run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs -e POSTGRES=1 matrixdotorg/sytest-synapsepy3
|
||||||
|
- store_artifacts:
|
||||||
|
path: ~/project/logs
|
||||||
|
destination: logs
|
||||||
|
|
||||||
|
workflows:
|
||||||
|
version: 2
|
||||||
|
build:
|
||||||
|
jobs:
|
||||||
|
- sytestpy2
|
||||||
|
- sytestpy2postgres
|
||||||
|
# Currently broken while the Python 3 port is incomplete
|
||||||
|
# - sytestpy3
|
||||||
|
# - sytestpy3postgres
|
|
@ -3,3 +3,6 @@ Dockerfile
|
||||||
.gitignore
|
.gitignore
|
||||||
demo/etc
|
demo/etc
|
||||||
tox.ini
|
tox.ini
|
||||||
|
synctl
|
||||||
|
.git/*
|
||||||
|
.tox/*
|
||||||
|
|
10
.travis.yml
10
.travis.yml
|
@ -8,6 +8,9 @@ before_script:
|
||||||
- git remote set-branches --add origin develop
|
- git remote set-branches --add origin develop
|
||||||
- git fetch origin develop
|
- git fetch origin develop
|
||||||
|
|
||||||
|
services:
|
||||||
|
- postgresql
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
fast_finish: true
|
fast_finish: true
|
||||||
include:
|
include:
|
||||||
|
@ -20,6 +23,9 @@ matrix:
|
||||||
- python: 2.7
|
- python: 2.7
|
||||||
env: TOX_ENV=py27
|
env: TOX_ENV=py27
|
||||||
|
|
||||||
|
- python: 2.7
|
||||||
|
env: TOX_ENV=py27-postgres TRIAL_FLAGS="-j 4"
|
||||||
|
|
||||||
- python: 3.6
|
- python: 3.6
|
||||||
env: TOX_ENV=py36
|
env: TOX_ENV=py36
|
||||||
|
|
||||||
|
@ -29,6 +35,10 @@ matrix:
|
||||||
- python: 3.6
|
- python: 3.6
|
||||||
env: TOX_ENV=check-newsfragment
|
env: TOX_ENV=check-newsfragment
|
||||||
|
|
||||||
|
allow_failures:
|
||||||
|
- python: 2.7
|
||||||
|
env: TOX_ENV=py27-postgres TRIAL_FLAGS="-j 4"
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- pip install tox
|
- pip install tox
|
||||||
|
|
||||||
|
|
73
CHANGES.md
73
CHANGES.md
|
@ -1,3 +1,76 @@
|
||||||
|
Synapse 0.33.2 (2018-08-09)
|
||||||
|
===========================
|
||||||
|
|
||||||
|
No significant changes.
|
||||||
|
|
||||||
|
|
||||||
|
Synapse 0.33.2rc1 (2018-08-07)
|
||||||
|
==============================
|
||||||
|
|
||||||
|
Features
|
||||||
|
--------
|
||||||
|
|
||||||
|
- add support for the lazy_loaded_members filter as per MSC1227 ([\#2970](https://github.com/matrix-org/synapse/issues/2970))
|
||||||
|
- add support for the include_redundant_members filter param as per MSC1227 ([\#3331](https://github.com/matrix-org/synapse/issues/3331))
|
||||||
|
- Add metrics to track resource usage by background processes ([\#3553](https://github.com/matrix-org/synapse/issues/3553), [\#3556](https://github.com/matrix-org/synapse/issues/3556), [\#3604](https://github.com/matrix-org/synapse/issues/3604), [\#3610](https://github.com/matrix-org/synapse/issues/3610))
|
||||||
|
- Add `code` label to `synapse_http_server_response_time_seconds` prometheus metric ([\#3554](https://github.com/matrix-org/synapse/issues/3554))
|
||||||
|
- Add support for client_reader to handle more APIs ([\#3555](https://github.com/matrix-org/synapse/issues/3555), [\#3597](https://github.com/matrix-org/synapse/issues/3597))
|
||||||
|
- make the /context API filter & lazy-load aware as per MSC1227 ([\#3567](https://github.com/matrix-org/synapse/issues/3567))
|
||||||
|
- Add ability to limit number of monthly active users on the server ([\#3630](https://github.com/matrix-org/synapse/issues/3630))
|
||||||
|
- When we fail to join a room over federation, pass the error code back to the client. ([\#3639](https://github.com/matrix-org/synapse/issues/3639))
|
||||||
|
- Add a new /admin/register API for non-interactively creating users. ([\#3415](https://github.com/matrix-org/synapse/issues/3415))
|
||||||
|
|
||||||
|
|
||||||
|
Bugfixes
|
||||||
|
--------
|
||||||
|
|
||||||
|
- Make /directory/list API return 404 for room not found instead of 400 ([\#2952](https://github.com/matrix-org/synapse/issues/2952))
|
||||||
|
- Default inviter_display_name to mxid for email invites ([\#3391](https://github.com/matrix-org/synapse/issues/3391))
|
||||||
|
- Don't generate TURN credentials if no TURN config options are set ([\#3514](https://github.com/matrix-org/synapse/issues/3514))
|
||||||
|
- Correctly announce deleted devices over federation ([\#3520](https://github.com/matrix-org/synapse/issues/3520))
|
||||||
|
- Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis. ([\#3548](https://github.com/matrix-org/synapse/issues/3548))
|
||||||
|
- Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password. ([\#3569](https://github.com/matrix-org/synapse/issues/3569))
|
||||||
|
- Fix potential stack overflow and deadlock under heavy load ([\#3570](https://github.com/matrix-org/synapse/issues/3570))
|
||||||
|
- Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585 ([\#3585](https://github.com/matrix-org/synapse/issues/3585))
|
||||||
|
- Fix failure to persist events over federation under load ([\#3601](https://github.com/matrix-org/synapse/issues/3601))
|
||||||
|
- Fix updating of cached remote profiles ([\#3605](https://github.com/matrix-org/synapse/issues/3605))
|
||||||
|
- Fix 'tuple index out of range' error ([\#3607](https://github.com/matrix-org/synapse/issues/3607))
|
||||||
|
- Only import secrets when available (fix for py < 3.6) ([\#3626](https://github.com/matrix-org/synapse/issues/3626))
|
||||||
|
|
||||||
|
|
||||||
|
Internal Changes
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- Remove redundant checks on who_forgot_in_room ([\#3350](https://github.com/matrix-org/synapse/issues/3350))
|
||||||
|
- Remove unnecessary event re-signing hacks ([\#3367](https://github.com/matrix-org/synapse/issues/3367))
|
||||||
|
- Rewrite cache list decorator ([\#3384](https://github.com/matrix-org/synapse/issues/3384))
|
||||||
|
- Move v1-only REST APIs into their own module. ([\#3460](https://github.com/matrix-org/synapse/issues/3460))
|
||||||
|
- Replace more instances of Python 2-only iteritems and itervalues uses. ([\#3562](https://github.com/matrix-org/synapse/issues/3562))
|
||||||
|
- Refactor EventContext to accept state during init ([\#3577](https://github.com/matrix-org/synapse/issues/3577))
|
||||||
|
- Improve Dockerfile and docker-compose instructions ([\#3543](https://github.com/matrix-org/synapse/issues/3543))
|
||||||
|
- Release notes are now in the Markdown format. ([\#3552](https://github.com/matrix-org/synapse/issues/3552))
|
||||||
|
- add config for pep8 ([\#3559](https://github.com/matrix-org/synapse/issues/3559))
|
||||||
|
- Merge Linearizer and Limiter ([\#3571](https://github.com/matrix-org/synapse/issues/3571), [\#3572](https://github.com/matrix-org/synapse/issues/3572))
|
||||||
|
- Lazily load state on master process when using workers to reduce DB consumption ([\#3579](https://github.com/matrix-org/synapse/issues/3579), [\#3581](https://github.com/matrix-org/synapse/issues/3581), [\#3582](https://github.com/matrix-org/synapse/issues/3582), [\#3584](https://github.com/matrix-org/synapse/issues/3584))
|
||||||
|
- Fixes and optimisations for resolve_state_groups ([\#3586](https://github.com/matrix-org/synapse/issues/3586))
|
||||||
|
- Improve logging for exceptions when handling PDUs ([\#3587](https://github.com/matrix-org/synapse/issues/3587))
|
||||||
|
- Add some measure blocks to persist_events ([\#3590](https://github.com/matrix-org/synapse/issues/3590))
|
||||||
|
- Fix some random logcontext leaks. ([\#3591](https://github.com/matrix-org/synapse/issues/3591), [\#3606](https://github.com/matrix-org/synapse/issues/3606))
|
||||||
|
- Speed up calculating state deltas in persist_event loop ([\#3592](https://github.com/matrix-org/synapse/issues/3592))
|
||||||
|
- Attempt to reduce amount of state pulled out of DB during persist_events ([\#3595](https://github.com/matrix-org/synapse/issues/3595))
|
||||||
|
- Fix a documentation typo in on_make_leave_request ([\#3609](https://github.com/matrix-org/synapse/issues/3609))
|
||||||
|
- Make EventStore inherit from EventFederationStore ([\#3612](https://github.com/matrix-org/synapse/issues/3612))
|
||||||
|
- Remove some redundant joins on event_edges.room_id ([\#3613](https://github.com/matrix-org/synapse/issues/3613))
|
||||||
|
- Stop populating events.content ([\#3614](https://github.com/matrix-org/synapse/issues/3614))
|
||||||
|
- Update the /send_leave path registration to use event_id rather than a transaction ID. ([\#3616](https://github.com/matrix-org/synapse/issues/3616))
|
||||||
|
- Refactor FederationHandler to move DB writes into separate functions ([\#3621](https://github.com/matrix-org/synapse/issues/3621))
|
||||||
|
- Remove unused field "pdu_failures" from transactions. ([\#3628](https://github.com/matrix-org/synapse/issues/3628))
|
||||||
|
- rename replication_layer to federation_client ([\#3634](https://github.com/matrix-org/synapse/issues/3634))
|
||||||
|
- Factor out exception handling in federation_client ([\#3638](https://github.com/matrix-org/synapse/issues/3638))
|
||||||
|
- Refactor location of docker build script. ([\#3644](https://github.com/matrix-org/synapse/issues/3644))
|
||||||
|
- Update CONTRIBUTING to mention newsfragments. ([\#3645](https://github.com/matrix-org/synapse/issues/3645))
|
||||||
|
|
||||||
|
|
||||||
Synapse 0.33.1 (2018-08-02)
|
Synapse 0.33.1 (2018-08-02)
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
|
|
@ -36,3 +36,4 @@ recursive-include changelog.d *
|
||||||
prune .github
|
prune .github
|
||||||
prune demo/etc
|
prune demo/etc
|
||||||
prune docker
|
prune docker
|
||||||
|
prune .circleci
|
||||||
|
|
1
changelog.d/1491.feature
Normal file
1
changelog.d/1491.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add support for the SNI extension to federation TLS connections
|
|
@ -1 +0,0 @@
|
||||||
Make /directory/list API return 404 for room not found instead of 400
|
|
|
@ -1 +0,0 @@
|
||||||
add support for the lazy_loaded_members filter as per MSC1227
|
|
|
@ -1 +0,0 @@
|
||||||
add support for the include_redundant_members filter param as per MSC1227
|
|
|
@ -1 +0,0 @@
|
||||||
Remove redundant checks on who_forgot_in_room
|
|
|
@ -1 +0,0 @@
|
||||||
Remove unnecessary event re-signing hacks
|
|
|
@ -1 +0,0 @@
|
||||||
Rewrite cache list decorator
|
|
|
@ -1 +0,0 @@
|
||||||
Default inviter_display_name to mxid for email invites
|
|
1
changelog.d/3423.misc
Normal file
1
changelog.d/3423.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
The test suite now can run under PostgreSQL.
|
|
@ -1 +0,0 @@
|
||||||
Don't generate TURN credentials if no TURN config options are set
|
|
|
@ -1 +0,0 @@
|
||||||
Correctly announce deleted devices over federation
|
|
|
@ -1 +0,0 @@
|
||||||
Improve Dockerfile and docker-compose instructions
|
|
|
@ -1 +0,0 @@
|
||||||
Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis.
|
|
|
@ -1 +0,0 @@
|
||||||
Release notes are now in the Markdown format.
|
|
|
@ -1 +0,0 @@
|
||||||
Add metrics to track resource usage by background processes
|
|
|
@ -1 +0,0 @@
|
||||||
Add `code` label to `synapse_http_server_response_time_seconds` prometheus metric
|
|
|
@ -1 +0,0 @@
|
||||||
Add support for client_reader to handle more APIs
|
|
|
@ -1 +0,0 @@
|
||||||
Add metrics to track resource usage by background processes
|
|
|
@ -1 +0,0 @@
|
||||||
add config for pep8
|
|
|
@ -1 +0,0 @@
|
||||||
make the /context API filter & lazy-load aware as per MSC1227
|
|
|
@ -1 +0,0 @@
|
||||||
Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password.
|
|
|
@ -1 +0,0 @@
|
||||||
Fix potential stack overflow and deadlock under heavy load
|
|
|
@ -1 +0,0 @@
|
||||||
Merge Linearizer and Limiter
|
|
|
@ -1 +0,0 @@
|
||||||
Merge Linearizer and Limiter
|
|
|
@ -1 +0,0 @@
|
||||||
Lazily load state on master process when using workers to reduce DB consumption
|
|
|
@ -1 +0,0 @@
|
||||||
Lazily load state on master process when using workers to reduce DB consumption
|
|
|
@ -1 +0,0 @@
|
||||||
Lazily load state on master process when using workers to reduce DB consumption
|
|
|
@ -1 +0,0 @@
|
||||||
Lazily load state on master process when using workers to reduce DB consumption
|
|
|
@ -1 +0,0 @@
|
||||||
Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585
|
|
|
@ -1 +0,0 @@
|
||||||
Fixes and optimisations for resolve_state_groups
|
|
|
@ -1 +0,0 @@
|
||||||
Improve logging for exceptions when handling PDUs
|
|
|
@ -1 +0,0 @@
|
||||||
Add some measure blocks to persist_events
|
|
|
@ -1 +0,0 @@
|
||||||
Fix some random logcontext leaks.
|
|
|
@ -1 +0,0 @@
|
||||||
Speed up calculating state deltas in persist_event loop
|
|
|
@ -1 +0,0 @@
|
||||||
Attempt to reduce amount of state pulled out of DB during persist_events
|
|
|
@ -1 +0,0 @@
|
||||||
Add support for client_reader to handle more APIs
|
|
|
@ -1 +0,0 @@
|
||||||
Fix failure to persist events over federation under load
|
|
|
@ -1 +0,0 @@
|
||||||
Add metrics to track resource usage by background processes
|
|
|
@ -1 +0,0 @@
|
||||||
Fix updating of cached remote profiles
|
|
|
@ -1 +0,0 @@
|
||||||
Fix some random logcontext leaks.
|
|
|
@ -1 +0,0 @@
|
||||||
Fix 'tuple index out of range' error
|
|
|
@ -1 +0,0 @@
|
||||||
Fix a documentation typo in on_make_leave_request
|
|
|
@ -1 +0,0 @@
|
||||||
Add metrics to track resource usage by background processes
|
|
|
@ -1 +0,0 @@
|
||||||
Make EventStore inherit from EventFederationStore
|
|
|
@ -1 +0,0 @@
|
||||||
Remove some redundant joins on event_edges.room_id
|
|
|
@ -1 +0,0 @@
|
||||||
Stop populating events.content
|
|
|
@ -1 +0,0 @@
|
||||||
Update the /send_leave path registration to use event_id rather than a transaction ID.
|
|
|
@ -1 +0,0 @@
|
||||||
Refactor FederationHandler to move DB writes into separate functions
|
|
|
@ -1 +0,0 @@
|
||||||
Only import secrets when available (fix for py < 3.6)
|
|
|
@ -1 +0,0 @@
|
||||||
Remove unused field "pdu_failures" from transactions.
|
|
|
@ -1 +0,0 @@
|
||||||
Add ability to limit number of monthly active users on the server
|
|
|
@ -1 +0,0 @@
|
||||||
rename replication_layer to federation_client
|
|
|
@ -1 +0,0 @@
|
||||||
Factor out exception handling in federation_client
|
|
|
@ -1 +0,0 @@
|
||||||
When we fail to join a room over federation, pass the error code back to the client.
|
|
|
@ -1 +0,0 @@
|
||||||
Refactor location of docker build script.
|
|
|
@ -1 +0,0 @@
|
||||||
Update CONTRIBUTING to mention newsfragments.
|
|
1
changelog.d/3655.feature
Normal file
1
changelog.d/3655.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Ability to disable client/server Synapse via conf toggle
|
1
changelog.d/3660.misc
Normal file
1
changelog.d/3660.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Sytests can now be run inside a Docker container.
|
1
changelog.d/3661.bugfix
Normal file
1
changelog.d/3661.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix bug on deleting 3pid when using identity servers that don't support unbind API
|
1
changelog.d/3669.misc
Normal file
1
changelog.d/3669.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Update docker base image from alpine 3.7 to 3.8.
|
1
changelog.d/3670.feature
Normal file
1
changelog.d/3670.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Where server is disabled, block ability for locked out users to read new messages
|
1
changelog.d/3676.bugfix
Normal file
1
changelog.d/3676.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Make the tests pass on Twisted < 18.7.0
|
1
changelog.d/3677.bugfix
Normal file
1
changelog.d/3677.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Don’t ship recaptcha_ajax.js, use it directly from Google
|
1
changelog.d/3678.misc
Normal file
1
changelog.d/3678.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Rename synapse.util.async to synapse.util.async_helpers to mitigate async becoming a keyword on Python 3.7.
|
1
changelog.d/3679.misc
Normal file
1
changelog.d/3679.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Synapse's tests are now formatted with the black autoformatter.
|
1
changelog.d/3681.bugfix
Normal file
1
changelog.d/3681.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fixes test_reap_monthly_active_users so it passes under postgres
|
1
changelog.d/3684.misc
Normal file
1
changelog.d/3684.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Implemented a new testing base class to reduce test boilerplate.
|
1
changelog.d/3690.misc
Normal file
1
changelog.d/3690.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Rename MAU prometheus metrics
|
1
changelog.d/3692.bugfix
Normal file
1
changelog.d/3692.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix missing yield in synapse.storage.monthly_active_users.initialise_reserved_users
|
|
@ -1,4 +1,4 @@
|
||||||
FROM docker.io/python:2-alpine3.7
|
FROM docker.io/python:2-alpine3.8
|
||||||
|
|
||||||
RUN apk add --no-cache --virtual .nacl_deps \
|
RUN apk add --no-cache --virtual .nacl_deps \
|
||||||
build-base \
|
build-base \
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
package = "synapse"
|
package = "synapse"
|
||||||
filename = "CHANGES.md"
|
filename = "CHANGES.md"
|
||||||
directory = "changelog.d"
|
directory = "changelog.d"
|
||||||
issue_format = "[\\#{issue}](https://github.com/matrix-org/synapse/issues/{issue}>)"
|
issue_format = "[\\#{issue}](https://github.com/matrix-org/synapse/issues/{issue})"
|
||||||
|
|
||||||
[[tool.towncrier.type]]
|
[[tool.towncrier.type]]
|
||||||
directory = "feature"
|
directory = "feature"
|
||||||
|
|
|
@ -17,4 +17,4 @@
|
||||||
""" This is a reference implementation of a Matrix home server.
|
""" This is a reference implementation of a Matrix home server.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
__version__ = "0.33.1"
|
__version__ = "0.33.2"
|
||||||
|
|
|
@ -775,11 +775,25 @@ class Auth(object):
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def check_auth_blocking(self):
|
def check_auth_blocking(self, user_id=None):
|
||||||
"""Checks if the user should be rejected for some external reason,
|
"""Checks if the user should be rejected for some external reason,
|
||||||
such as monthly active user limiting or global disable flag
|
such as monthly active user limiting or global disable flag
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user_id(str|None): If present, checks for presence against existing
|
||||||
|
MAU cohort
|
||||||
"""
|
"""
|
||||||
|
if self.hs.config.hs_disabled:
|
||||||
|
raise AuthError(
|
||||||
|
403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
|
||||||
|
)
|
||||||
if self.hs.config.limit_usage_by_mau is True:
|
if self.hs.config.limit_usage_by_mau is True:
|
||||||
|
# If the user is already part of the MAU cohort
|
||||||
|
if user_id:
|
||||||
|
timestamp = yield self.store.user_last_seen_monthly_active(user_id)
|
||||||
|
if timestamp:
|
||||||
|
return
|
||||||
|
# Else if there is no room in the MAU bucket, bail
|
||||||
current_mau = yield self.store.get_monthly_active_count()
|
current_mau = yield self.store.get_monthly_active_count()
|
||||||
if current_mau >= self.hs.config.max_mau_value:
|
if current_mau >= self.hs.config.max_mau_value:
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
|
|
|
@ -57,6 +57,7 @@ class Codes(object):
|
||||||
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
||||||
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
||||||
MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
|
MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
|
||||||
|
HS_DISABLED = "M_HS_DISABLED"
|
||||||
UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION"
|
UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION"
|
||||||
INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
|
INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
|
||||||
|
|
||||||
|
|
|
@ -168,11 +168,13 @@ def start(config_options):
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ss = ClientReaderServer(
|
ss = ClientReaderServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -174,11 +174,13 @@ def start(config_options):
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ss = EventCreatorServer(
|
ss = EventCreatorServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -153,11 +153,13 @@ def start(config_options):
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ss = FederationReaderServer(
|
ss = FederationReaderServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -40,7 +40,7 @@ from synapse.replication.slave.storage.transactions import SlavedTransactionStor
|
||||||
from synapse.replication.tcp.client import ReplicationClientHandler
|
from synapse.replication.tcp.client import ReplicationClientHandler
|
||||||
from synapse.server import HomeServer
|
from synapse.server import HomeServer
|
||||||
from synapse.storage.engines import create_engine
|
from synapse.storage.engines import create_engine
|
||||||
from synapse.util.async import Linearizer
|
from synapse.util.async_helpers import Linearizer
|
||||||
from synapse.util.httpresourcetree import create_resource_tree
|
from synapse.util.httpresourcetree import create_resource_tree
|
||||||
from synapse.util.logcontext import LoggingContext, run_in_background
|
from synapse.util.logcontext import LoggingContext, run_in_background
|
||||||
from synapse.util.manhole import manhole
|
from synapse.util.manhole import manhole
|
||||||
|
@ -186,11 +186,13 @@ def start(config_options):
|
||||||
config.send_federation = True
|
config.send_federation = True
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ps = FederationSenderServer(
|
ps = FederationSenderServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -208,11 +208,13 @@ def start(config_options):
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ss = FrontendProxyServer(
|
ss = FrontendProxyServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -303,8 +303,8 @@ class SynapseHomeServer(HomeServer):
|
||||||
|
|
||||||
|
|
||||||
# Gauges to expose monthly active user control metrics
|
# Gauges to expose monthly active user control metrics
|
||||||
current_mau_gauge = Gauge("synapse_admin_current_mau", "Current MAU")
|
current_mau_gauge = Gauge("synapse_admin_mau:current", "Current MAU")
|
||||||
max_mau_value_gauge = Gauge("synapse_admin_max_mau_value", "MAU Limit")
|
max_mau_gauge = Gauge("synapse_admin_mau:max", "MAU Limit")
|
||||||
|
|
||||||
|
|
||||||
def setup(config_options):
|
def setup(config_options):
|
||||||
|
@ -338,6 +338,7 @@ def setup(config_options):
|
||||||
events.USE_FROZEN_DICTS = config.use_frozen_dicts
|
events.USE_FROZEN_DICTS = config.use_frozen_dicts
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
config.database_config["args"]["cp_openfun"] = database_engine.on_new_connection
|
config.database_config["args"]["cp_openfun"] = database_engine.on_new_connection
|
||||||
|
@ -346,6 +347,7 @@ def setup(config_options):
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
@ -530,7 +532,7 @@ def run(hs):
|
||||||
if hs.config.limit_usage_by_mau:
|
if hs.config.limit_usage_by_mau:
|
||||||
count = yield hs.get_datastore().get_monthly_active_count()
|
count = yield hs.get_datastore().get_monthly_active_count()
|
||||||
current_mau_gauge.set(float(count))
|
current_mau_gauge.set(float(count))
|
||||||
max_mau_value_gauge.set(float(hs.config.max_mau_value))
|
max_mau_gauge.set(float(hs.config.max_mau_value))
|
||||||
|
|
||||||
hs.get_datastore().initialise_reserved_users(
|
hs.get_datastore().initialise_reserved_users(
|
||||||
hs.config.mau_limits_reserved_threepids
|
hs.config.mau_limits_reserved_threepids
|
||||||
|
|
|
@ -155,11 +155,13 @@ def start(config_options):
|
||||||
database_engine = create_engine(config.database_config)
|
database_engine = create_engine(config.database_config)
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ss = MediaRepositoryServer(
|
ss = MediaRepositoryServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -214,11 +214,13 @@ def start(config_options):
|
||||||
config.update_user_directory = True
|
config.update_user_directory = True
|
||||||
|
|
||||||
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
tls_server_context_factory = context_factory.ServerContextFactory(config)
|
||||||
|
tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)
|
||||||
|
|
||||||
ps = UserDirectoryServer(
|
ps = UserDirectoryServer(
|
||||||
config.server_name,
|
config.server_name,
|
||||||
db_config=config.database_config,
|
db_config=config.database_config,
|
||||||
tls_server_context_factory=tls_server_context_factory,
|
tls_server_context_factory=tls_server_context_factory,
|
||||||
|
tls_client_options_factory=tls_client_options_factory,
|
||||||
config=config,
|
config=config,
|
||||||
version_string="Synapse/" + get_version_string(synapse),
|
version_string="Synapse/" + get_version_string(synapse),
|
||||||
database_engine=database_engine,
|
database_engine=database_engine,
|
||||||
|
|
|
@ -193,9 +193,8 @@ def setup_logging(config, use_worker_options=False):
|
||||||
|
|
||||||
def sighup(signum, stack):
|
def sighup(signum, stack):
|
||||||
# it might be better to use a file watcher or something for this.
|
# it might be better to use a file watcher or something for this.
|
||||||
logging.info("Reloading log config from %s due to SIGHUP",
|
|
||||||
log_config)
|
|
||||||
load_log_config()
|
load_log_config()
|
||||||
|
logging.info("Reloaded log config from %s due to SIGHUP", log_config)
|
||||||
|
|
||||||
load_log_config()
|
load_log_config()
|
||||||
|
|
||||||
|
|
|
@ -78,6 +78,10 @@ class ServerConfig(Config):
|
||||||
"mau_limit_reserved_threepids", []
|
"mau_limit_reserved_threepids", []
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Options to disable HS
|
||||||
|
self.hs_disabled = config.get("hs_disabled", False)
|
||||||
|
self.hs_disabled_message = config.get("hs_disabled_message", "")
|
||||||
|
|
||||||
# FIXME: federation_domain_whitelist needs sytests
|
# FIXME: federation_domain_whitelist needs sytests
|
||||||
self.federation_domain_whitelist = None
|
self.federation_domain_whitelist = None
|
||||||
federation_domain_whitelist = config.get(
|
federation_domain_whitelist = config.get(
|
||||||
|
|
|
@ -11,19 +11,22 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from zope.interface import implementer
|
||||||
|
|
||||||
from OpenSSL import SSL, crypto
|
from OpenSSL import SSL, crypto
|
||||||
from twisted.internet import ssl
|
|
||||||
from twisted.internet._sslverify import _defaultCurveName
|
from twisted.internet._sslverify import _defaultCurveName
|
||||||
|
from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
|
||||||
|
from twisted.internet.ssl import CertificateOptions, ContextFactory
|
||||||
|
from twisted.python.failure import Failure
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class ServerContextFactory(ssl.ContextFactory):
|
class ServerContextFactory(ContextFactory):
|
||||||
"""Factory for PyOpenSSL SSL contexts that are used to handle incoming
|
"""Factory for PyOpenSSL SSL contexts that are used to handle incoming
|
||||||
connections and to make connections to remote servers."""
|
connections."""
|
||||||
|
|
||||||
def __init__(self, config):
|
def __init__(self, config):
|
||||||
self._context = SSL.Context(SSL.SSLv23_METHOD)
|
self._context = SSL.Context(SSL.SSLv23_METHOD)
|
||||||
|
@ -48,3 +51,78 @@ class ServerContextFactory(ssl.ContextFactory):
|
||||||
|
|
||||||
def getContext(self):
|
def getContext(self):
|
||||||
return self._context
|
return self._context
|
||||||
|
|
||||||
|
|
||||||
|
def _idnaBytes(text):
|
||||||
|
"""
|
||||||
|
Convert some text typed by a human into some ASCII bytes. This is a
|
||||||
|
copy of twisted.internet._idna._idnaBytes. For documentation, see the
|
||||||
|
twisted documentation.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
import idna
|
||||||
|
except ImportError:
|
||||||
|
return text.encode("idna")
|
||||||
|
else:
|
||||||
|
return idna.encode(text)
|
||||||
|
|
||||||
|
|
||||||
|
def _tolerateErrors(wrapped):
|
||||||
|
"""
|
||||||
|
Wrap up an info_callback for pyOpenSSL so that if something goes wrong
|
||||||
|
the error is immediately logged and the connection is dropped if possible.
|
||||||
|
This is a copy of twisted.internet._sslverify._tolerateErrors. For
|
||||||
|
documentation, see the twisted documentation.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def infoCallback(connection, where, ret):
|
||||||
|
try:
|
||||||
|
return wrapped(connection, where, ret)
|
||||||
|
except: # noqa: E722, taken from the twisted implementation
|
||||||
|
f = Failure()
|
||||||
|
logger.exception("Error during info_callback")
|
||||||
|
connection.get_app_data().failVerification(f)
|
||||||
|
|
||||||
|
return infoCallback
|
||||||
|
|
||||||
|
|
||||||
|
@implementer(IOpenSSLClientConnectionCreator)
|
||||||
|
class ClientTLSOptions(object):
|
||||||
|
"""
|
||||||
|
Client creator for TLS without certificate identity verification. This is a
|
||||||
|
copy of twisted.internet._sslverify.ClientTLSOptions with the identity
|
||||||
|
verification left out. For documentation, see the twisted documentation.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, hostname, ctx):
|
||||||
|
self._ctx = ctx
|
||||||
|
self._hostname = hostname
|
||||||
|
self._hostnameBytes = _idnaBytes(hostname)
|
||||||
|
ctx.set_info_callback(
|
||||||
|
_tolerateErrors(self._identityVerifyingInfoCallback)
|
||||||
|
)
|
||||||
|
|
||||||
|
def clientConnectionForTLS(self, tlsProtocol):
|
||||||
|
context = self._ctx
|
||||||
|
connection = SSL.Connection(context, None)
|
||||||
|
connection.set_app_data(tlsProtocol)
|
||||||
|
return connection
|
||||||
|
|
||||||
|
def _identityVerifyingInfoCallback(self, connection, where, ret):
|
||||||
|
if where & SSL.SSL_CB_HANDSHAKE_START:
|
||||||
|
connection.set_tlsext_host_name(self._hostnameBytes)
|
||||||
|
|
||||||
|
|
||||||
|
class ClientTLSOptionsFactory(object):
|
||||||
|
"""Factory for Twisted ClientTLSOptions that are used to make connections
|
||||||
|
to remote servers for federation."""
|
||||||
|
|
||||||
|
def __init__(self, config):
|
||||||
|
# We don't use config options yet
|
||||||
|
pass
|
||||||
|
|
||||||
|
def get_options(self, host):
|
||||||
|
return ClientTLSOptions(
|
||||||
|
host.decode('utf-8'),
|
||||||
|
CertificateOptions(verify=False).getContext()
|
||||||
|
)
|
||||||
|
|
|
@ -30,14 +30,14 @@ KEY_API_V1 = b"/_matrix/key/v1/"
|
||||||
|
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def fetch_server_key(server_name, ssl_context_factory, path=KEY_API_V1):
|
def fetch_server_key(server_name, tls_client_options_factory, path=KEY_API_V1):
|
||||||
"""Fetch the keys for a remote server."""
|
"""Fetch the keys for a remote server."""
|
||||||
|
|
||||||
factory = SynapseKeyClientFactory()
|
factory = SynapseKeyClientFactory()
|
||||||
factory.path = path
|
factory.path = path
|
||||||
factory.host = server_name
|
factory.host = server_name
|
||||||
endpoint = matrix_federation_endpoint(
|
endpoint = matrix_federation_endpoint(
|
||||||
reactor, server_name, ssl_context_factory, timeout=30
|
reactor, server_name, tls_client_options_factory, timeout=30
|
||||||
)
|
)
|
||||||
|
|
||||||
for i in range(5):
|
for i in range(5):
|
||||||
|
|
|
@ -512,7 +512,7 @@ class Keyring(object):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
(response, tls_certificate) = yield fetch_server_key(
|
(response, tls_certificate) = yield fetch_server_key(
|
||||||
server_name, self.hs.tls_server_context_factory,
|
server_name, self.hs.tls_client_options_factory,
|
||||||
path=(b"/_matrix/key/v2/server/%s" % (
|
path=(b"/_matrix/key/v2/server/%s" % (
|
||||||
urllib.quote(requested_key_id),
|
urllib.quote(requested_key_id),
|
||||||
)).encode("ascii"),
|
)).encode("ascii"),
|
||||||
|
@ -655,7 +655,7 @@ class Keyring(object):
|
||||||
# Try to fetch the key from the remote server.
|
# Try to fetch the key from the remote server.
|
||||||
|
|
||||||
(response, tls_certificate) = yield fetch_server_key(
|
(response, tls_certificate) = yield fetch_server_key(
|
||||||
server_name, self.hs.tls_server_context_factory
|
server_name, self.hs.tls_client_options_factory
|
||||||
)
|
)
|
||||||
|
|
||||||
# Check the response.
|
# Check the response.
|
||||||
|
|
|
@ -44,7 +44,7 @@ from synapse.replication.http.federation import (
|
||||||
ReplicationGetQueryRestServlet,
|
ReplicationGetQueryRestServlet,
|
||||||
)
|
)
|
||||||
from synapse.types import get_domain_from_id
|
from synapse.types import get_domain_from_id
|
||||||
from synapse.util import async
|
from synapse.util.async_helpers import Linearizer, concurrently_execute
|
||||||
from synapse.util.caches.response_cache import ResponseCache
|
from synapse.util.caches.response_cache import ResponseCache
|
||||||
from synapse.util.logutils import log_function
|
from synapse.util.logutils import log_function
|
||||||
|
|
||||||
|
@ -71,8 +71,8 @@ class FederationServer(FederationBase):
|
||||||
self.auth = hs.get_auth()
|
self.auth = hs.get_auth()
|
||||||
self.handler = hs.get_handlers().federation_handler
|
self.handler = hs.get_handlers().federation_handler
|
||||||
|
|
||||||
self._server_linearizer = async.Linearizer("fed_server")
|
self._server_linearizer = Linearizer("fed_server")
|
||||||
self._transaction_linearizer = async.Linearizer("fed_txn_handler")
|
self._transaction_linearizer = Linearizer("fed_txn_handler")
|
||||||
|
|
||||||
self.transaction_actions = TransactionActions(self.store)
|
self.transaction_actions = TransactionActions(self.store)
|
||||||
|
|
||||||
|
@ -204,7 +204,7 @@ class FederationServer(FederationBase):
|
||||||
event_id, f.getTraceback().rstrip(),
|
event_id, f.getTraceback().rstrip(),
|
||||||
)
|
)
|
||||||
|
|
||||||
yield async.concurrently_execute(
|
yield concurrently_execute(
|
||||||
process_pdus_for_room, pdus_by_room.keys(),
|
process_pdus_for_room, pdus_by_room.keys(),
|
||||||
TRANSACTION_CONCURRENCY_LIMIT,
|
TRANSACTION_CONCURRENCY_LIMIT,
|
||||||
)
|
)
|
||||||
|
|
|
@ -828,12 +828,26 @@ class AuthHandler(BaseHandler):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def delete_threepid(self, user_id, medium, address):
|
def delete_threepid(self, user_id, medium, address):
|
||||||
|
"""Attempts to unbind the 3pid on the identity servers and deletes it
|
||||||
|
from the local database.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user_id (str)
|
||||||
|
medium (str)
|
||||||
|
address (str)
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Deferred[bool]: Returns True if successfully unbound the 3pid on
|
||||||
|
the identity server, False if identity server doesn't support the
|
||||||
|
unbind API.
|
||||||
|
"""
|
||||||
|
|
||||||
# 'Canonicalise' email addresses as per above
|
# 'Canonicalise' email addresses as per above
|
||||||
if medium == 'email':
|
if medium == 'email':
|
||||||
address = address.lower()
|
address = address.lower()
|
||||||
|
|
||||||
identity_handler = self.hs.get_handlers().identity_handler
|
identity_handler = self.hs.get_handlers().identity_handler
|
||||||
yield identity_handler.unbind_threepid(
|
result = yield identity_handler.try_unbind_threepid(
|
||||||
user_id,
|
user_id,
|
||||||
{
|
{
|
||||||
'medium': medium,
|
'medium': medium,
|
||||||
|
@ -841,10 +855,10 @@ class AuthHandler(BaseHandler):
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
ret = yield self.store.user_delete_threepid(
|
yield self.store.user_delete_threepid(
|
||||||
user_id, medium, address,
|
user_id, medium, address,
|
||||||
)
|
)
|
||||||
defer.returnValue(ret)
|
defer.returnValue(result)
|
||||||
|
|
||||||
def _save_session(self, session):
|
def _save_session(self, session):
|
||||||
# TODO: Persistent storage
|
# TODO: Persistent storage
|
||||||
|
|
|
@ -51,7 +51,8 @@ class DeactivateAccountHandler(BaseHandler):
|
||||||
erase_data (bool): whether to GDPR-erase the user's data
|
erase_data (bool): whether to GDPR-erase the user's data
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Deferred
|
Deferred[bool]: True if identity server supports removing
|
||||||
|
threepids, otherwise False.
|
||||||
"""
|
"""
|
||||||
# FIXME: Theoretically there is a race here wherein user resets
|
# FIXME: Theoretically there is a race here wherein user resets
|
||||||
# password using threepid.
|
# password using threepid.
|
||||||
|
@ -60,16 +61,22 @@ class DeactivateAccountHandler(BaseHandler):
|
||||||
# leave the user still active so they can try again.
|
# leave the user still active so they can try again.
|
||||||
# Ideally we would prevent password resets and then do this in the
|
# Ideally we would prevent password resets and then do this in the
|
||||||
# background thread.
|
# background thread.
|
||||||
|
|
||||||
|
# This will be set to false if the identity server doesn't support
|
||||||
|
# unbinding
|
||||||
|
identity_server_supports_unbinding = True
|
||||||
|
|
||||||
threepids = yield self.store.user_get_threepids(user_id)
|
threepids = yield self.store.user_get_threepids(user_id)
|
||||||
for threepid in threepids:
|
for threepid in threepids:
|
||||||
try:
|
try:
|
||||||
yield self._identity_handler.unbind_threepid(
|
result = yield self._identity_handler.try_unbind_threepid(
|
||||||
user_id,
|
user_id,
|
||||||
{
|
{
|
||||||
'medium': threepid['medium'],
|
'medium': threepid['medium'],
|
||||||
'address': threepid['address'],
|
'address': threepid['address'],
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
identity_server_supports_unbinding &= result
|
||||||
except Exception:
|
except Exception:
|
||||||
# Do we want this to be a fatal error or should we carry on?
|
# Do we want this to be a fatal error or should we carry on?
|
||||||
logger.exception("Failed to remove threepid from ID server")
|
logger.exception("Failed to remove threepid from ID server")
|
||||||
|
@ -103,6 +110,8 @@ class DeactivateAccountHandler(BaseHandler):
|
||||||
# parts users from rooms (if it isn't already running)
|
# parts users from rooms (if it isn't already running)
|
||||||
self._start_user_parting()
|
self._start_user_parting()
|
||||||
|
|
||||||
|
defer.returnValue(identity_server_supports_unbinding)
|
||||||
|
|
||||||
def _start_user_parting(self):
|
def _start_user_parting(self):
|
||||||
"""
|
"""
|
||||||
Start the process that goes through the table of users
|
Start the process that goes through the table of users
|
||||||
|
|
|
@ -23,7 +23,7 @@ from synapse.api.constants import EventTypes
|
||||||
from synapse.api.errors import FederationDeniedError
|
from synapse.api.errors import FederationDeniedError
|
||||||
from synapse.types import RoomStreamToken, get_domain_from_id
|
from synapse.types import RoomStreamToken, get_domain_from_id
|
||||||
from synapse.util import stringutils
|
from synapse.util import stringutils
|
||||||
from synapse.util.async import Linearizer
|
from synapse.util.async_helpers import Linearizer
|
||||||
from synapse.util.caches.expiringcache import ExpiringCache
|
from synapse.util.caches.expiringcache import ExpiringCache
|
||||||
from synapse.util.metrics import measure_func
|
from synapse.util.metrics import measure_func
|
||||||
from synapse.util.retryutils import NotRetryingDestination
|
from synapse.util.retryutils import NotRetryingDestination
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue