Commit graph

14228 commits

Author SHA1 Message Date
Andrew Morgan
1dcf4eb344 Merge branch 'anoa/hs_password_reset_sending_email' into anoa/hs_password_reset 2019-06-06 11:08:20 +01:00
Andrew Morgan
d8d198fbd3 Add changelog 2019-06-06 10:09:15 +01:00
Andrew Morgan
ec781af214 Reimplementation of /submitToken on the homeserver side. Only used by password resets
This PR creates an endpoint GET/POST /_matrix/identity/api/v1/validate/email/submitToken
which mirrors the same endpoint on the identity server used for submitting tokens
used for validating 3PID addresses.

When the token is submitted, it is checked along with the client_secret and session_id in
the db and if it matches and isn't expired, we mark the session as validated. Then, when
the user attempts to change their password, we check if the session is valid, and if so
allow it. We also delete the session at this point, as as far as I can tell there's no
further use for it.
2019-06-06 10:04:28 +01:00
Andrew Morgan
6efb301e05 infer ability to reset password from email config 2019-06-05 18:08:23 +01:00
Andrew Morgan
12ed769fbf Remove public_baseurl from unittest config 2019-06-05 17:41:24 +01:00
Andrew Morgan
78ca92a9b2 Revert manifest changes for new res directory 2019-06-05 17:38:46 +01:00
Andrew Morgan
6a9588cc60 Update sample config 2019-06-05 17:37:50 +01:00
Andrew Morgan
efa1a56552 Only import jinja2/bleach if we need it 2019-06-05 17:27:52 +01:00
Andrew Morgan
a4c0907b84 Update email condition requirement 2019-06-05 17:15:14 +01:00
Andrew Morgan
f522cde541 Change jinja2 and bleach back to opt deps 2019-06-05 17:11:04 +01:00
Andrew Morgan
79bc66883f Update templates and make password reset option work 2019-06-05 16:53:28 +01:00
Andrew Morgan
70b161decc Move templates. New option to disable password resets 2019-06-05 16:36:02 +01:00
Andrew Morgan
4c406f5afc Revert "Modify check for smtp settings to be kinder to CI"
This reverts commit 6d2d3c9fd3.
2019-06-05 15:13:23 +01:00
Andrew Morgan
c9573ca069 Change template_dir to originate from synapse root dir 2019-06-05 15:13:03 +01:00
Andrew Morgan
91eac880a1 one more time 2019-06-05 14:56:46 +01:00
Andrew Morgan
fe0af298ff Correct html5lib dep version number 2019-06-05 14:33:13 +01:00
Andrew Morgan
639471582c silly linting rules 2019-06-05 14:11:25 +01:00
Andrew Morgan
6d2d3c9fd3 Modify check for smtp settings to be kinder to CI 2019-06-05 13:56:42 +01:00
Andrew Morgan
177f02459a Add html5lib as a required dep 2019-06-05 13:46:21 +01:00
Andrew Morgan
752dbeea70 Merge branch 'anoa/feature_hs_password_resets' into anoa/hs_password_reset_sending_email 2019-06-05 13:37:56 +01:00
Andrew Morgan
a862f2adc4 gen sample config 2019-06-05 13:36:56 +01:00
Andrew Morgan
a0e2a103a6 Update unit test template dir 2019-06-05 13:33:37 +01:00
Andrew Morgan
24f31dfb59
Send password reset from HS: database stuff (#5308)
Database component of new behaviour of sending password reset emails from Synapse instead of Sydent.

Allows one to store threepid validation sessions along with password reset token attempts and retrieve them again.
2019-06-05 13:29:39 +01:00
Andrew Morgan
62e1ec098c Add email settings to default unit test config 2019-06-05 13:17:20 +01:00
Andrew Morgan
354d749ae1 mark jinja2 and bleach as required dependencies 2019-06-05 13:02:46 +01:00
Andrew Morgan
309943f2ef Update db 2019-06-05 12:55:51 +01:00
Andrew Morgan
899219c48c Update manifest to include txt/html template files 2019-06-05 09:47:56 +01:00
Andrew Morgan
094c351f1d Add changelog 2019-06-04 20:10:45 +01:00
Andrew Morgan
ed35302cd1 Fix validation token lifetime email_ prefix 2019-06-04 19:09:59 +01:00
Andrew Morgan
9567c60ffa Merge branch 'develop' into anoa/hs_password_reset_sending_email 2019-06-04 19:07:41 +01:00
Andrew Morgan
dbdebc2c6f Ability to send password reset emails
This changes the default behaviour of Synapse to send password reset
emails itself rather than through an identity server. The reasoning
behind the change is to prevent a malicious identity server from
being able to initiate a password reset attempt and then answering
it, successfully resetting their password, all without the user's
knowledge. This also aides in decentralisation by putting less
trust on the identity server itself, which traditionally is quite
centralised.

If users wish to continue with the old behaviour of proxying
password reset requests through the user's configured identity
server, they can do so by setting
email.enable_password_reset_from_is to True in Synapse's config.

Users should be able that with that option disabled (the default),
password resets will now no longer work unless email sending has
been enabled and set up correctly.
2019-06-04 18:49:54 +01:00
Brendan Abolivier
f6dd12d1e2
Merge pull request #5341 from matrix-org/babolivier/email_config
Make account validity renewal emails work when email notifs are disabled
2019-06-04 14:49:06 +01:00
Brendan Abolivier
2f62e1f6ff
Only parse from email if provided 2019-06-04 14:24:36 +01:00
Erik Johnston
d1d38081a7
Merge pull request #5324 from matrix-org/erikj/ignore_null
Ignore room state with null bytes in for room stats
2019-06-04 14:20:08 +01:00
Brendan Abolivier
1cc5fc1f6c
Lint 2019-06-04 13:51:23 +01:00
Brendan Abolivier
ac3cc32367
Make account validity renewal emails work when email notifs are disabled 2019-06-04 13:47:44 +01:00
Richard van der Hoff
df9c100542
Avoid rapidly backing-off a server if we ignore the retry interval (#5335) 2019-06-04 11:53:29 +01:00
Richard van der Hoff
4d08b8f30c
Don't do long retries when calling the key notary server. (#5334)
It takes at least 20 minutes to work through the long_retries schedule (11
attempts, each with a 60 second timeout, and 60 seconds between each request),
so if the notary server isn't returning within the timeout, we'll just end up
blocking whatever request is happening for 20 minutes.

Ain't nobody got time for that.
2019-06-04 11:53:07 +01:00
Richard van der Hoff
cb683d3e3c
Merge pull request #5333 from matrix-org/rav/server_keys/09_improve_notary_server
Fixes for the key-notary server
2019-06-04 11:48:18 +01:00
Richard van der Hoff
5bdb189f86
Improve docstrings on MatrixFederationClient. (#5332) 2019-06-04 11:14:16 +01:00
Amber Brown
b2b90b7d34
Hawkowl/fix missing auth (#5328) 2019-06-04 15:54:27 +10:00
Richard van der Hoff
a3f2d000e0 changelog 2019-06-04 00:16:56 +01:00
Richard van der Hoff
c5d60eadd5 Notary server: make requests to origins in parallel
... else we're guaranteed to time out.
2019-06-04 00:16:56 +01:00
Richard van der Hoff
def5ea4062 Don't bomb out on direct key fetches as soon as one fails 2019-06-04 00:16:56 +01:00
Richard van der Hoff
dce6e9e0c1 Avoid rapidly backing-off a server if we ignore the retry interval 2019-06-03 23:58:42 +01:00
Richard van der Hoff
06a1f3e207 Reduce timeout for outbound /key/v2/server requests. 2019-06-03 23:17:38 +01:00
Richard van der Hoff
fec2dcb1a5
Enforce validity period on server_keys for fed requests. (#5321)
When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.

We do not yet enforce the validity period for event signatures.
2019-06-03 22:59:51 +01:00
Erik Johnston
0a56966f7d Fix 2019-06-03 17:42:52 +01:00
Erik Johnston
0d67a8cd9d Newsfile 2019-06-03 17:17:57 +01:00
Erik Johnston
fe2294ec8d Revert "Newsfile"
This reverts commit 4bd67db100.
2019-06-03 17:17:35 +01:00