Quentin Gliech and Patrick Cloke
f739bde962
Reject tokens with multiple device scopes
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
98afc57d59
Make OIDC scope constants
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
14a5be9c4d
Handle errors when introspecting tokens
...
This returns a proper 503 when the introspection endpoint is not working
for some reason, which should avoid logging out clients in those cases.
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
ec9379d7e2
Newsfile.
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
e343125b38
Disable incompatible Admin API endpoints
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
4d0231b364
Make AS tokens work & allow ASes to /register
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
c008b44b4f
Add an admin token for MAS -> Synapse calls
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
bad1f2cd35
Tests for JWKS endpoint
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
249f4a338d
Refactor config to be an experimental feature
...
Also enforce you can't combine it with incompatible config options
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
03920bdd4e
Test MSC2965 implementation: well-known discovery document
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
31691d6151
Disable account related endpoints when using OAuth delegation
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
5fe96082d0
Actually enforce guest + return www-authenticate header
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
28a9663bdf
Initial tests for OAuth delegation
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
a1374b5c70
MSC2967: Check access token scope for use as user and add guest support
2023-05-30 09:43:06 -04:00
Hugh Nimmo-Smith and Patrick Cloke
d20669971a
Use name claim as display name when registering users on the fly.
...
This makes is so that the `name` claim got when introspecting the token
is used as the display name when registering a user on the fly.
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
f9cd549f64
Record the sub claims as an external_id
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
7628dbf4e9
Handle the Synapse admin scope
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
c5cf1b421d
Save the scopes in the requester
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
e82ec6d008
MSC2965: OIDC Provider discovery via well-known document
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
8f576aa462
Expose the public keys used for client authentication on an endpoint
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
765244faee
Initial MSC3964 support: delegation of auth to OIDC server
2023-05-30 09:43:06 -04:00
Quentin Gliech and Patrick Cloke
e2c8458bba
Make the api.auth.Auth a Protocol
2023-05-30 09:43:06 -04:00
Sean Quah and GitHub
5d8c659373
Remove unused FederationServer.__str__ override ( #15690 )
...
Signed-off-by: Sean Quah <seanq@matrix.org >
2023-05-30 14:37:39 +01:00
David Robertson and GitHub
42786d8a47
Create dependabot changelogs at release time ( #15481 )
...
* Ditch dependabot changelog workflow
* Summarise dependabot commits in release script
* Changelog
* Update scripts-dev/release.py
2023-05-30 13:54:50 +01:00
626bd75f48
Bump types-bleach from 6.0.0.1 to 6.0.0.3 ( #15686 )
...
* Bump types-bleach from 6.0.0.1 to 6.0.0.3
Bumps [types-bleach](https://github.com/python/typeshed ) from 6.0.0.1 to 6.0.0.3.
- [Commits](https://github.com/python/typeshed/commits )
---
updated-dependencies:
- dependency-name: types-bleach
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* Changelog
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com >
Co-authored-by: David Robertson <davidr@element.io >
2023-05-30 11:13:04 +01:00
2b6c9150dc
Bump types-requests from 2.30.0.0 to 2.31.0.0 ( #15684 )
...
* Bump types-requests from 2.30.0.0 to 2.31.0.0
Bumps [types-requests](https://github.com/python/typeshed ) from 2.30.0.0 to 2.31.0.0.
- [Commits](https://github.com/python/typeshed/commits )
---
updated-dependencies:
- dependency-name: types-requests
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Changelog
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
2023-05-30 11:03:58 +01:00
dependabot[bot] and GitHub
04798b710d
Bump log from 0.4.17 to 0.4.18 ( #15681 )
2023-05-29 14:15:49 -04:00
dependabot[bot] and GitHub
eb48b10f4f
Bump pydantic from 1.10.7 to 1.10.8 ( #15685 )
2023-05-29 14:14:58 -04:00
dependabot[bot] and GitHub
ea634a9f81
Bump prometheus-client from 0.16.0 to 0.17.0 ( #15682 )
2023-05-29 14:13:40 -04:00
dependabot[bot] and GitHub
4f07c2a170
Bump types-pyyaml from 6.0.12.9 to 6.0.12.10 ( #15683 )
2023-05-29 14:07:25 -04:00
Jason Little and GitHub
c835befd10
Add Unix socket support for Redis connections ( #15644 )
...
Adds a new configuration setting to connect to Redis via a Unix
socket instead of over TCP. Disabled by default.
2023-05-26 15:28:39 -04:00
Travis Ralston and GitHub
50918c4940
Add MSC3820opt2 as a known room version ( #15678 )
2023-05-26 18:05:24 +00:00
Grant McLean and GitHub
179f0f851e
Documentation improvements to contributing guide ( #15667 ) ( #15668 )
...
Fix #15667
- Reiterate the importance of getting Rust installed and set up before attempting to install the Python dependencies.
- Mention the importance of confirming that `poetry install` completed successfully and include a typical error that the user might see if it did not.
- Expand on "Now edit homeserver.yaml" to give examples of things likely to need changing and to link to the relevant sections of the Synapse server documentation.
2023-05-26 12:28:04 -05:00
Patrick Cloke and GitHub
2ad91ec628
Set thread_id column to non-null for event_push_{actions,actions_staging,summary} ( #15597 )
...
Updates the database schema to require a thread_id (by adding a
constraint that the column is non-null) for event_push_actions,
event_push_actions_staging, and event_push_actions_summary.
For PostgreSQL we add the constraint as NOT VALID, then
VALIDATE the constraint a background job to avoid locking
the table during an upgrade.
Each table is updated as a separate schema delta to avoid
deadlocks between them.
For SQLite we simply rebuild the table & copy the data.
2023-05-26 13:16:08 -04:00
Olivier Wilkinson (reivilibre)
a1154dfc20
Merge branch 'master' into develop
2023-05-26 17:16:15 +01:00
Olivier Wilkinson (reivilibre)
cb6f4a84a6
Fix a typographical error in changelog
v1.84.1
2023-05-26 16:18:35 +01:00
Olivier Wilkinson (reivilibre)
65bf5f3649
1.84.1
2023-05-26 16:17:50 +01:00
reivilibre and GitHub
c775d80b73
Fix a bug introduced in Synapse v1.84.0 where workers do not start up when no instance_map was provided. ( #15672 )
...
* Fix #15669 : always populate instance map even if it was empty
* Fix some tests
* Fix more tests
* Newsfile
Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org >
* CI fix: don't forget to update apt repository sources before installing olddeps deps
* Add test testing the backwards compatibility
---------
Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org >
2023-05-26 14:28:55 +00:00
Travis Ralston and GitHub
4e013093a8
Add MSC3820 (room version 11) option 2 unstable room version. ( #15666 )
2023-05-26 07:46:13 -04:00
reivilibre and GitHub
2d8a2ca374
Add dch and notify-send to the development Nix flake so that the release script can be used. ( #15673 )
...
* Add dch and notify-send to the Nix dev flake
* Newsfile
Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org >
---------
Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org >
2023-05-26 11:53:10 +01:00
Eric Eastwood and GitHub
77156a4bc1
Process previously failed backfill events in the background ( #15585 )
...
Process previously failed backfill events in the background because they are bound to fail again and we don't need to waste time holding up the request for something that is bound to fail again.
Fix https://github.com/matrix-org/synapse/issues/13623
Follow-up to https://github.com/matrix-org/synapse/issues/13621 and https://github.com/matrix-org/synapse/issues/13622
Part of making `/messages` faster: https://github.com/matrix-org/synapse/issues/13356
2023-05-24 23:22:24 -05:00
Shay and GitHub
8839b6c2f8
Add requesting user id parameter to key claim methods in TransportLayerClient ( #15663 )
2023-05-24 13:23:26 -07:00
Patrick Cloke and GitHub
ca5c4be921
Add type hints to test_descriptors. ( #15659 )
...
Require type hints in test_descriptors and add missing ones.
2023-05-24 14:18:52 +00:00
Erik Johnston and GitHub
c7e9c1d5ae
Speed up user directory rebuild for users some more... ( #15665 )
2023-05-24 14:13:28 +00:00
Patrick Cloke and GitHub
1f55c04cbc
Improve type hints for cached decorator. ( #15658 )
...
The cached decorators always return a Deferred, which was not
properly propagated. It was close enough when wrapping coroutines,
but failed if a bare function was wrapped.
2023-05-24 12:59:31 +00:00
Eric Eastwood and GitHub
379eb2d7ab
Fix @trace not wrapping some state methods that return coroutines correctly ( #15647 )
...
```
2023-05-21 09:30:09,288 - synapse.logging.opentracing - 940 - ERROR - POST-1 - @trace may not have wrapped StateStorageController.get_state_for_groups correctly! The function is not async but returned a coroutine
```
Tracing instrumentation for these functions originally introduced in https://github.com/matrix-org/synapse/pull/15610
2023-05-23 12:26:25 -05:00
Patrick Cloke and GitHub
7c9b91790c
Consolidate logic to check for deactivated users. ( #15634 )
...
This moves the deactivated user check to the method which
all login types call.
Additionally updates the application service tests to be more
realistic by removing invalid tests and fixing server names.
2023-05-23 10:35:43 -04:00
Jason Little and GitHub
1df0221bda
Use a custom scheme & the worker name for replication requests. ( #15578 )
...
All the information needed is already in the `instance_map`, so
use that instead of passing the hostname / IP & port manually
for each replication request.
This consolidates logic for future improvements of using e.g.
UNIX sockets for workers.
2023-05-23 09:05:30 -04:00
Olivier Wilkinson (reivilibre)
5b18a217ca
Merge branch 'master' into develop
2023-05-23 13:27:31 +01:00
dependabot[bot] and GitHub
03042e435b
Bump requests from 2.28.2 to 2.31.0 ( #15651 )
2023-05-23 07:28:51 -04:00