dandri/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2026-04-26 19:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
25,641 Commits 1,103 Branches 825 Tags
ded7a661b7ca4c9adc8d2f998643f3705297daa8
Commit Graph

4 Commits

Author SHA1 Message Date
Olivier 'reivilibre 6c7e05fe20 Allow Synapse to start up even when discovery fails for an OpenID Connect provider. (#19509) 
Fixes: #8088

Previously we would perform OIDC discovery on startup,
which involves making HTTP requests to the identity provider(s).

If that took a long time, we would block startup.

If that failed, we would crash startup.

This commit:

- makes the loading happen in the background on startup
- makes an error in the 'preload' non-fatal (though it logs at CRITICAL
for visibility)
- adds a templated error page to show on failed redirects (for
unavailable providers), as otherwise you get a JSON response in your
navigator.
- This involves introducing 2 new exception types to mark other
exceptions and keep the error handling fine-grained.

The machinery was already there to load-on-demand the discovery config,
so when the identity provider
comes back up, the discovery is reattempted and login can succeed.

Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
 2026-03-24 17:39:21 +00:00
Eric Eastwood e30001883c Add in-repo Complement test to sanity check Synapse version matches git checkout (#19476) 
This way we actually detect problems like
https://github.com/element-hq/synapse/pull/19475 as they happen instead
of being invisible until something breaks.

Sanity check that Complement is testing against your code changes
(whether it be local or from the PR in CI).

```
COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo -run TestSynapseVersion
```
 2026-03-11 15:30:32 -05:00
dependabot[bot] 1592afba8d Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /complement (#19436) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
28.2.2+incompatible to 28.3.3+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v28.3.3</h2>
<h2>28.3.3</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.3">docker/cli,
28.3.3 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.3">moby/moby,
28.3.3 milestone</a></li>
</ul>
<h3>Security</h3>
<p>This release fixes an issue where, after a firewalld reload,
published container ports could be accessed directly from the local
network, even when they were intended to be accessible only via a
loopback address. <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54388">CVE-2025-54388</a>
/ <a
href="https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4">GHSA-x4rx-4gw3-53p4</a>
/ <a
href="https://redirect.github.com/moby/moby/pull/50506">moby/moby#50506</a>.</p>
<h3>Packaging updates</h3>
<ul>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.26.1">v0.26.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1230">docker/docker-ce-packaging#1230</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.39.1">v2.39.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1234">docker/docker-ce-packaging#1234</a></li>
<li>Update Docker Model CLI plugin to <a
href="https://github.com/docker/model-cli/releases/tag/v0.1.36">v0.1.36</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1233">docker/docker-ce-packaging#1233</a></li>
</ul>
<h3>Go SDK</h3>
<ul>
<li>cli/command/formatter: add <code>TrunateID()</code> utility as
alternative for
<code>github.com/docker/docker/pkg/stringid.TrunateID()</code>. <a
href="https://redirect.github.com/docker/cli/pull/6180">docker/cli#6180</a></li>
</ul>
<h2>28.3.2</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.2">docker/cli,
28.3.2 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.3.2">moby/moby,
28.3.2 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v28.3.2/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v28.3.2/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fix <code>--use-api-socket</code> not working correctly when
targeting a remote daemon. <a
href="https://redirect.github.com/docker/cli/pull/6157">docker/cli#6157</a></li>
<li>Fix stray &quot;otel error&quot; logs being printed if debug logging
is enabled. <a
href="https://redirect.github.com/docker/cli/pull/6160">docker/cli#6160</a></li>
<li>Quote SSH arguments when connecting to a remote daemon over an SSH
connection to avoid unexpected expansion. <a
href="https://redirect.github.com/docker/cli/pull/6147">docker/cli#6147</a></li>
<li>Warn when <code>DOCKER_AUTH_CONFIG</code> is set during <code>docker
login</code> and <code>docker logout</code>. <a
href="https://redirect.github.com/docker/cli/pull/6163">docker/cli#6163</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.38.2">v2.38.2</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1225">docker/docker-ce-packaging#1225</a></li>
<li>Update Docker Model CLI plugin to <a
href="https://github.com/docker/model-cli/releases/tag/v0.1.33">v0.1.33</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1227">docker/docker-ce-packaging#1227</a></li>
<li>Update Go runtime to 1.24.5. <a
href="https://redirect.github.com/moby/moby/pull/50354">moby/moby#50354</a></li>
</ul>
<h2>28.3.1</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.3.1">docker/cli,
28.3.1 milestone</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0"><code>bea959c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50506">#50506</a>
from robmry/backport-28.x/fix_firewalld_reload</li>
<li><a
href="https://github.com/moby/moby/commit/3e9ff78b94efdd73bbccb13fe781b79ce7ca8cf1"><code>3e9ff78</code></a>
bridge: Reapply endpoint iptables rules on firewalld reload</li>
<li><a
href="https://github.com/moby/moby/commit/29ed80aa867e93b5f5134b053325d01fb6528da7"><code>29ed80a</code></a>
bridge: Trigger firewalld reload during bridge integration tests</li>
<li><a
href="https://github.com/moby/moby/commit/da489a11d4055fa01eeffa5a016cb03250733257"><code>da489a1</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50478">#50478</a>
from thaJeztah/28.x_backport_gha_bump_bk</li>
<li><a
href="https://github.com/moby/moby/commit/f173e45ae9bf199d1f3334d2fd5c4079c8d6daec"><code>f173e45</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50480">#50480</a>
from austinvazquez/cherry-pick-ea29dffaa541289591aa...</li>
<li><a
href="https://github.com/moby/moby/commit/e4b1f899962f287dee2291d387f04dde4b5c7e1a"><code>e4b1f89</code></a>
daemon/server: remove compatibility with API v1.4 auth-config on
push</li>
<li><a
href="https://github.com/moby/moby/commit/0c9e14dcce15b163dd1f655f9fdd33a1e71b0408"><code>0c9e14d</code></a>
hack/buildkit-ref: temporarily bump BuildKit to head of v0.23
branch</li>
<li><a
href="https://github.com/moby/moby/commit/bf6d688157b015ac1f018367c5d8fa5fa47af6fb"><code>bf6d688</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50471">#50471</a>
from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...</li>
<li><a
href="https://github.com/moby/moby/commit/4205776b8538e11805bf5bdb6ff2e356d4ee358f"><code>4205776</code></a>
client: always send (empty) body on push</li>
<li><a
href="https://github.com/moby/moby/commit/e77ff99ede5ee5952b3a9227863552ae6e5b6fb1"><code>e77ff99</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/50354">#50354</a>
from vvoland/50353-28.x</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v28.2.2...v28.3.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=28.2.2+incompatible&new-version=28.3.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/element-hq/synapse/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-17 13:58:10 +01:00
Eric Eastwood 46d235cd52 Add in-repo Complement tests (#19406) 
This is useful so we can test Synapse
specific behaviors like our admin API.

(see docs in PR, `complement/README.md`)
```
COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh --in-repo
```

Complement calls these
["out-of-repo"](https://github.com/matrix-org/complement/blob/78c255edcebfcb0ac5e3c86d49d76cb21fdd035a/OUT-OF-REPO-TESTS.md)
tests but it's a bit of a misnomer once they're in your project. (just
depends on the perspective)

There has been [previous
desire](https://github.com/element-hq/synapse/pull/19021#discussion_r2453442191)
for this kind of thing but this is spawning from wanting to have some
tests for our purge history admin API
(https://github.com/element-hq/synapse-rust-apps/issues/430). There are
some Sytest tests ([`matrix-org/sytest` ->
`tests/48admin.pl#L91-L618`](https://github.com/matrix-org/sytest/blob/1be04cce46c0f84abac736390dc3fab17f35a756/tests/48admin.pl#L91-L618))
for this already but I'd much rather work in Complement instead of
Sytest. I'm wanting these tests to ensure that our new `event-cache`
rust app for Synapse Pro doesn't break these kind of erasure features
(https://github.com/element-hq/synapse-rust-apps/issues/366 and
https://github.com/element-hq/synapse-rust-apps/issues/153).

Interestingly, there is already [`matrix-org/complement` ->
`tests/csapi/admin_test.go`](https://github.com/matrix-org/complement/blob/78c255edcebfcb0ac5e3c86d49d76cb21fdd035a/tests/csapi/admin_test.go)
(added in https://github.com/matrix-org/complement/pull/322) in the
Complement repo iteslf that tests the
`/_synapse/admin/v1/send_server_notice` endpoint but it's a bit of an
interesting case as [Dendrite also supports this
endpoint](https://github.com/matrix-org/dendrite/pull/2180). I don't
think it's good practice to continually shove in more and more
Synapse-specific behavior into the Complement repo itself.

We already have success with other out-of-repo tests for projects like
the
[SBG](https://github.com/element-hq/sbg/tree/b76b05b53e40bf6890e51dd1b83cec3460274eb2/complement_tests),
[TI-Messenger
Proxy](https://github.com/element-hq/ti-messenger-proxy/tree/c8fa87feccc743c01cccbbc2685321206b532925/complement),
and our [Synapse Pro for small
hosts](https://github.com/element-hq/synapse-small-hosts/tree/c2ea7eabf3e1d7c26a5312ebef326b254937be99/complement).
 2026-02-05 17:11:55 -06:00