This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Port "Allow users to click account renewal links multiple times without hitting an 'Invalid Token' page #74" from synapse-dinsic #9832
Merged
Merged
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
0f18a26
Allow users to click account renewal links multiple times without hit…
anoadragon453 4caface
Move migration file to latest migration stage
anoadragon453 69e4a35
Add account_previously_renewed_html_path to sample config
anoadragon453 7ce453f
Add note to UPGRADE.rst about changes in account validity templates
anoadragon453 c0f0908
Changelog
anoadragon453 a89b354
Apply suggestions from code review
anoadragon453 bd15afe
Point directly to the config class where referencing AV config
anoadragon453 41a8f7d
Fix empty line in sample_config
anoadragon453 a367241
Ensure we actually read templates from the configured template_dir
anoadragon453 d702445
Don't add a new config option for the new template
anoadragon453 fdbf9a8
Replace config option with hardcoded template name
anoadragon453 d3f2a26
Some small wording updates to the UPGRADES.rst notice
anoadragon453 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Don't return an error when a user attempts to renew their account multiple times with the same token. Instead, state when their account is set to expire. This change concerns the optional account validity feature. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,165 @@ | ||
| # -*- coding: utf-8 -*- | ||
| # Copyright 2020 The Matrix.org Foundation C.I.C. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
| from synapse.config._base import Config, ConfigError | ||
|
|
||
|
|
||
| class AccountValidityConfig(Config): | ||
| section = "account_validity" | ||
|
|
||
| def read_config(self, config, **kwargs): | ||
| account_validity_config = config.get("account_validity") or {} | ||
| self.account_validity_enabled = account_validity_config.get("enabled", False) | ||
| self.account_validity_renew_by_email_enabled = ( | ||
| "renew_at" in account_validity_config | ||
| ) | ||
|
|
||
| if self.account_validity_enabled: | ||
| if "period" in account_validity_config: | ||
| self.account_validity_period = self.parse_duration( | ||
| account_validity_config["period"] | ||
| ) | ||
| else: | ||
| raise ConfigError("'period' is required when using account validity") | ||
|
|
||
| if "renew_at" in account_validity_config: | ||
| self.account_validity_renew_at = self.parse_duration( | ||
| account_validity_config["renew_at"] | ||
| ) | ||
|
|
||
| if "renew_email_subject" in account_validity_config: | ||
| self.account_validity_renew_email_subject = account_validity_config[ | ||
| "renew_email_subject" | ||
| ] | ||
| else: | ||
| self.account_validity_renew_email_subject = "Renew your %(app)s account" | ||
|
|
||
| self.account_validity_startup_job_max_delta = ( | ||
| self.account_validity_period * 10.0 / 100.0 | ||
| ) | ||
|
|
||
| if self.account_validity_renew_by_email_enabled: | ||
| if not self.public_baseurl: | ||
| raise ConfigError("Can't send renewal emails without 'public_baseurl'") | ||
|
|
||
| # Load account validity templates. | ||
| account_validity_template_dir = account_validity_config.get("template_dir") | ||
|
|
||
| account_renewed_template_filename = account_validity_config.get( | ||
| "account_renewed_html_path", "account_renewed.html" | ||
| ) | ||
| invalid_token_template_filename = account_validity_config.get( | ||
| "invalid_token_html_path", "invalid_token.html" | ||
| ) | ||
|
|
||
| # Read and store template content | ||
| ( | ||
| self.account_validity_account_renewed_template, | ||
| self.account_validity_account_previously_renewed_template, | ||
| self.account_validity_invalid_token_template, | ||
| ) = self.read_templates( | ||
| [ | ||
| account_renewed_template_filename, | ||
| "account_previously_renewed.html", | ||
| invalid_token_template_filename, | ||
| ], | ||
| account_validity_template_dir, | ||
| ) | ||
|
|
||
| def generate_config_section(self, **kwargs): | ||
| return """\ | ||
| ## Account Validity ## | ||
|
|
||
| # Optional account validity configuration. This allows for accounts to be denied | ||
| # any request after a given period. | ||
| # | ||
| # Once this feature is enabled, Synapse will look for registered users without an | ||
| # expiration date at startup and will add one to every account it found using the | ||
| # current settings at that time. | ||
| # This means that, if a validity period is set, and Synapse is restarted (it will | ||
| # then derive an expiration date from the current validity period), and some time | ||
| # after that the validity period changes and Synapse is restarted, the users' | ||
| # expiration dates won't be updated unless their account is manually renewed. This | ||
| # date will be randomly selected within a range [now + period - d ; now + period], | ||
| # where d is equal to 10% of the validity period. | ||
| # | ||
| account_validity: | ||
| # The account validity feature is disabled by default. Uncomment the | ||
| # following line to enable it. | ||
| # | ||
| #enabled: true | ||
|
|
||
| # The period after which an account is valid after its registration. When | ||
| # renewing the account, its validity period will be extended by this amount | ||
| # of time. This parameter is required when using the account validity | ||
| # feature. | ||
| # | ||
| #period: 6w | ||
|
|
||
| # The amount of time before an account's expiry date at which Synapse will | ||
| # send an email to the account's email address with a renewal link. By | ||
| # default, no such emails are sent. | ||
| # | ||
| # If you enable this setting, you will also need to fill out the 'email' and | ||
| # 'public_baseurl' configuration sections. | ||
| # | ||
| #renew_at: 1w | ||
|
|
||
| # The subject of the email sent out with the renewal link. '%(app)s' can be | ||
| # used as a placeholder for the 'app_name' parameter from the 'email' | ||
| # section. | ||
| # | ||
| # Note that the placeholder must be written '%(app)s', including the | ||
| # trailing 's'. | ||
| # | ||
| # If this is not set, a default value is used. | ||
| # | ||
| #renew_email_subject: "Renew your %(app)s account" | ||
|
|
||
| # Directory in which Synapse will try to find templates for the HTML files to | ||
| # serve to the user when trying to renew an account. If not set, default | ||
| # templates from within the Synapse package will be used. | ||
| # | ||
| # The currently available templates are: | ||
| # | ||
| # * account_renewed.html: Displayed to the user after they have successfully | ||
| # renewed their account. | ||
| # | ||
| # * account_previously_renewed.html: Displayed to the user if they attempt to | ||
| # renew their account with a token that is valid, but that has already | ||
| # been used. In this case the account is not renewed again. | ||
| # | ||
| # * invalid_token.html: Displayed to the user when they try to renew an account | ||
| # with an unknown or invalid renewal token. | ||
| # | ||
| # See https://github.com/matrix-org/synapse/tree/master/synapse/res/templates for | ||
| # default template contents. | ||
| # | ||
| # The file name of some of these templates can be configured below for legacy | ||
| # reasons. | ||
| # | ||
| #template_dir: "res/templates" | ||
|
|
||
| # A custom file name for the 'account_renewed.html' template. | ||
| # | ||
| # If not set, the file is assumed to be named "account_renewed.html". | ||
| # | ||
| #account_renewed_html_path: "account_renewed.html" | ||
|
|
||
| # A custom file name for the 'invalid_token.html' template. | ||
| # | ||
| # If not set, the file is assumed to be named "invalid_token.html". | ||
| # | ||
| #invalid_token_html_path: "invalid_token.html" | ||
| """ |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fwiw we've completely removed options like this from the sample config in the past, but this seems fine for now at least.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I'm not too opposed to that really. But I think we should do it in a separate PR anyhow.