Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'origin/develop' into shhs
Browse files Browse the repository at this point in the history
  • Loading branch information
hawkowl committed May 8, 2019
2 parents 12875f9 + d216a36 commit faee1e9
Show file tree
Hide file tree
Showing 68 changed files with 1,158 additions and 283 deletions.
20 changes: 20 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
Synapse 0.99.3.2 (2019-05-03)
=============================

Internal Changes
----------------

- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))


Synapse 0.99.3.1 (2019-05-03)
=============================

Security update
---------------

This release includes two security fixes:

- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133))
- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134))

Synapse 0.99.3 (2019-04-01)
===========================

Expand Down
1 change: 1 addition & 0 deletions changelog.d/5037.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Workaround bug in twisted where attempting too many concurrent DNS requests could cause it to hang due to running out of file descriptors.
1 change: 1 addition & 0 deletions changelog.d/5083.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add an configuration option to require authentication on /publicRooms and /profile endpoints.
1 change: 1 addition & 0 deletions changelog.d/5104.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the ratelimting on third party invites.
1 change: 1 addition & 0 deletions changelog.d/5119.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Move admin APIs to `/_synapse/admin/v1`. (The old paths are retained for backwards-compatibility, for now).
1 change: 1 addition & 0 deletions changelog.d/5120.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Factor out an "assert_requester_is_admin" function.
1 change: 1 addition & 0 deletions changelog.d/5121.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Implement an admin API for sending server notices. Many thanks to @krombel who provided a foundation for this work.
1 change: 1 addition & 0 deletions changelog.d/5122.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove the requirement to authenticate for /admin/server_version.
1 change: 1 addition & 0 deletions changelog.d/5124.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add some missing limitations to room alias creation.
1 change: 1 addition & 0 deletions changelog.d/5128.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add some missing limitations to room alias creation.
1 change: 1 addition & 0 deletions changelog.d/5142.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Implement an admin API for sending server notices. Many thanks to @krombel who provided a foundation for this work.
1 change: 1 addition & 0 deletions changelog.d/5154.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix bogus imports in unit tests.
12 changes: 12 additions & 0 deletions debian/changelog
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
matrix-synapse-py3 (0.99.3.2) stable; urgency=medium

* New synapse release 0.99.3.2.

-- Synapse Packaging team <packages@matrix.org> Fri, 03 May 2019 18:56:20 +0100

matrix-synapse-py3 (0.99.3.1) stable; urgency=medium

* New synapse release 0.99.3.1.

-- Synapse Packaging team <packages@matrix.org> Fri, 03 May 2019 16:02:43 +0100

matrix-synapse-py3 (0.99.3) stable; urgency=medium

[ Richard van der Hoff ]
Expand Down
3 changes: 2 additions & 1 deletion docker/Dockerfile-dhvirtualenv
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ RUN apt-get update -qq -o Acquire::Languages=none \
python3-pip \
python3-setuptools \
python3-venv \
sqlite3
sqlite3 \
libpq-dev

COPY --from=builder /dh-virtualenv_1.1-1_all.deb /

Expand Down
2 changes: 1 addition & 1 deletion docs/admin_api/account_validity.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This API extends the validity of an account by as much time as configured in the

The API is::

POST /_matrix/client/unstable/admin/account_validity/validity
POST /_synapse/admin/v1/account_validity/validity

with the following body:

Expand Down
2 changes: 1 addition & 1 deletion docs/admin_api/delete_group.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ being deleted.
The API is:

```
POST /_matrix/client/r0/admin/delete_group/<group_id>
POST /_synapse/admin/v1/delete_group/<group_id>
```

including an `access_token` of a server admin.
2 changes: 1 addition & 1 deletion docs/admin_api/media_admin_api.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This API gets a list of known media in a room.

The API is:
```
GET /_matrix/client/r0/admin/room/<room_id>/media
GET /_synapse/admin/v1/room/<room_id>/media
```
including an `access_token` of a server admin.

Expand Down
4 changes: 2 additions & 2 deletions docs/admin_api/purge_history_api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ paginate further back in the room from the point being purged from.

The API is:

``POST /_matrix/client/r0/admin/purge_history/<room_id>[/<event_id>]``
``POST /_synapse/admin/v1/purge_history/<room_id>[/<event_id>]``

including an ``access_token`` of a server admin.

Expand Down Expand Up @@ -49,7 +49,7 @@ Purge status query

It is possible to poll for updates on recent purges with a second API;

``GET /_matrix/client/r0/admin/purge_history_status/<purge_id>``
``GET /_synapse/admin/v1/purge_history_status/<purge_id>``

(again, with a suitable ``access_token``). This API returns a JSON body like
the following:
Expand Down
2 changes: 1 addition & 1 deletion docs/admin_api/purge_remote_media.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ media.

The API is::

POST /_matrix/client/r0/admin/purge_media_cache?before_ts=<unix_timestamp_in_ms>&access_token=<access_token>
POST /_synapse/admin/v1/purge_media_cache?before_ts=<unix_timestamp_in_ms>&access_token=<access_token>

{}

Expand Down
4 changes: 2 additions & 2 deletions docs/admin_api/register_api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ is not enabled.

To fetch the nonce, you need to request one from the API::

> GET /_matrix/client/r0/admin/register
> GET /_synapse/admin/v1/register

< {"nonce": "thisisanonce"}

Expand All @@ -22,7 +22,7 @@ body containing the nonce, username, password, whether they are an admin

As an example::

> POST /_matrix/client/r0/admin/register
> POST /_synapse/admin/v1/register
> {
"nonce": "thisisanonce",
"username": "pepper_roni",
Expand Down
48 changes: 48 additions & 0 deletions docs/admin_api/server_notices.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Server Notices

The API to send notices is as follows:

```
POST /_synapse/admin/v1/send_server_notice
```

or:

```
PUT /_synapse/admin/v1/send_server_notice/{txnId}
```

You will need to authenticate with an access token for an admin user.

When using the `PUT` form, retransmissions with the same transaction ID will be
ignored in the same way as with `PUT
/_matrix/client/r0/rooms/{roomId}/send/{eventType}/{txnId}`.

The request body should look something like the following:

```json
{
"user_id": "@target_user:server_name",
"content": {
"msgtype": "m.text",
"body": "This is my message"
}
}
```

You can optionally include the following additional parameters:

* `type`: the type of event. Defaults to `m.room.message`.
* `state_key`: Setting this will result in a state event being sent.


Once the notice has been sent, the API will return the following response:

```json
{
"event_id": "<event_id>"
}
```

Note that server notices must be enabled in `homeserver.yaml` before this API
can be used. See [server_notices.md](../server_notices.md) for more information.
6 changes: 3 additions & 3 deletions docs/admin_api/user_admin_api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ This API returns information about a specific user account.

The api is::

GET /_matrix/client/r0/admin/whois/<user_id>
GET /_synapse/admin/v1/whois/<user_id>

including an ``access_token`` of a server admin.

Expand Down Expand Up @@ -50,7 +50,7 @@ references to it).

The api is::

POST /_matrix/client/r0/admin/deactivate/<user_id>
POST /_synapse/admin/v1/deactivate/<user_id>

with a body of:

Expand All @@ -73,7 +73,7 @@ Changes the password of another user.

The api is::

POST /_matrix/client/r0/admin/reset_password/<user_id>
POST /_synapse/admin/v1/reset_password/<user_id>

with a body of:

Expand Down
4 changes: 1 addition & 3 deletions docs/admin_api/version_api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,7 @@ contains Synapse version information).

The api is::

GET /_matrix/client/r0/admin/server_version

including an ``access_token`` of a server admin.
GET /_synapse/admin/v1/server_version

It returns a JSON body like the following:

Expand Down
40 changes: 33 additions & 7 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,20 @@ pid_file: DATADIR/homeserver.pid
#
#use_presence: false

# Whether to require authentication to retrieve profile data (avatars,
# display names) of other users through the client API. Defaults to
# 'false'. Note that profile data is also available via the federation
# API, so this setting is of limited value if federation is enabled on
# the server.
#
#require_auth_for_profile_requests: true

# If set to 'true', requires authentication to access the server's
# public rooms directory through the client API, and forbids any other
# homeserver to fetch it via federation. Defaults to 'false'.
#
#restrict_public_rooms_to_local_users: true

# The GC threshold parameters to pass to `gc.set_threshold`, if defined
#
#gc_thresholds: [700, 10, 10]
Expand Down Expand Up @@ -136,8 +150,8 @@ pid_file: DATADIR/homeserver.pid
#
# Valid resource names are:
#
# client: the client-server API (/_matrix/client). Also implies 'media' and
# 'static'.
# client: the client-server API (/_matrix/client), and the synapse admin
# API (/_synapse/admin). Also implies 'media' and 'static'.
#
# consent: user consent forms (/_matrix/consent). See
# docs/consent_tracking.md.
Expand Down Expand Up @@ -239,6 +253,11 @@ listeners:
# Used by phonehome stats to group together related servers.
#server_context: context

# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
#require_membership_for_aliases: false


## TLS ##

Expand Down Expand Up @@ -543,11 +562,12 @@ uploads_path: "DATADIR/uploads"
# height: 600
# method: scale

# Is the preview URL API enabled? If enabled, you *must* specify
# an explicit url_preview_ip_range_blacklist of IPs that the spider is
# denied from accessing.
# Is the preview URL API enabled?
#
#url_preview_enabled: false
# 'false' by default: uncomment the following to enable it (and specify a
# url_preview_ip_range_blacklist blacklist).
#
#url_preview_enabled: true

# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. There are no defaults: you must explicitly
Expand All @@ -557,6 +577,12 @@ uploads_path: "DATADIR/uploads"
# synapse to issue arbitrary GET requests to your internal services,
# causing serious security issues.
#
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.)
#
# This must be specified if url_preview_enabled is set. It is recommended that
# you uncomment the following list as a starting point.
#
#url_preview_ip_range_blacklist:
# - '127.0.0.0/8'
# - '10.0.0.0/8'
Expand All @@ -567,7 +593,7 @@ uploads_path: "DATADIR/uploads"
# - '::1/128'
# - 'fe80::/64'
# - 'fc00::/7'
#

# List of IP address CIDR ranges that the URL preview spider is allowed
# to access even if they are specified in url_preview_ip_range_blacklist.
# This is useful for specifying exceptions to wide-ranging blacklisted
Expand Down
25 changes: 6 additions & 19 deletions docs/server_notices.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
Server Notices
==============
# Server Notices

'Server Notices' are a new feature introduced in Synapse 0.30. They provide a
channel whereby server administrators can send messages to users on the server.
Expand All @@ -11,8 +10,7 @@ they may also find a use for features such as "Message of the day".
This is a feature specific to Synapse, but it uses standard Matrix
communication mechanisms, so should work with any Matrix client.

User experience
---------------
## User experience

When the user is first sent a server notice, they will get an invitation to a
room (typically called 'Server Notices', though this is configurable in
Expand All @@ -29,8 +27,7 @@ levels.
Having joined the room, the user can leave the room if they want. Subsequent
server notices will then cause a new room to be created.

Synapse configuration
---------------------
## Synapse configuration

Server notices come from a specific user id on the server. Server
administrators are free to choose the user id - something like `server` is
Expand Down Expand Up @@ -58,17 +55,7 @@ room which will be created.
`system_mxid_display_name` and `system_mxid_avatar_url` can be used to set the
displayname and avatar of the Server Notices user.

Sending notices
---------------
## Sending notices

As of the current version of synapse, there is no convenient interface for
sending notices (other than the automated ones sent as part of consent
tracking).

In the meantime, it is possible to test this feature using the manhole. Having
gone into the manhole as described in [manhole.md](manhole.md), a notice can be
sent with something like:

```
>>> hs.get_server_notices_manager().send_notice('@user:server.com', {'msgtype':'m.text', 'body':'foo'})
```
To send server notices to users you can use the
[admin_api](admin_api/server_notices.md).
1 change: 1 addition & 0 deletions scripts-dev/build_debian_packages
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ DISTS = (
"ubuntu:xenial",
"ubuntu:bionic",
"ubuntu:cosmic",
"ubuntu:disco",
)

DESC = '''\
Expand Down
2 changes: 1 addition & 1 deletion synapse/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,4 @@
except ImportError:
pass

__version__ = "0.99.3"
__version__ = "0.99.3.2"
2 changes: 1 addition & 1 deletion synapse/api/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -556,7 +556,7 @@ def is_server_admin(self, user):
""" Check if the given user is a local server admin.
Args:
user (str): mxid of user to check
user (UserID): user to check
Returns:
bool: True if the user is an admin
Expand Down
3 changes: 3 additions & 0 deletions synapse/api/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
# the "depth" field on events is limited to 2**63 - 1
MAX_DEPTH = 2**63 - 1

# the maximum length for a room alias is 255 characters
MAX_ALIAS_LENGTH = 255


class Membership(object):

Expand Down
Loading

0 comments on commit faee1e9

Please sign in to comment.