Commit graph

24456 commits

Author SHA1 Message Date
Andrew Morgan
3eb92369ca
Fix mypy errors on Twisted 24.11.0 (#17998)
Fixes various `mypy` errors associated with Twisted `24.11.0`.

Hopefully addresses https://github.com/element-hq/synapse/issues/17075,
though I've yet to test against `trunk`.

Changes should be compatible with our currently pinned Twisted version
of `24.7.0`.
2024-12-18 11:49:38 +00:00
Andrew Morgan
09f377fa52
Wording improvements for the TaskScheduler (#17992)
As I found the current docstrings a bit unclear while trying to wrap my
head around this class.
2024-12-18 11:42:34 +00:00
Andrew Morgan
f1b0f9a4ef
Bump mypy from 1.11.2 to 1.12.1 and fix new typechecking errors (#17999)
Supersedes https://github.com/element-hq/synapse/pull/17958.

Awkwardly, the changes made to fix the mypy errors in 1.12.1 cause
errors in 1.11.2. So you'll need to update your mypy version to 1.12.1
to eliminate typechecking errors during developing.
2024-12-18 11:42:17 +00:00
cynhr
f1ecf46647
Add email.tlsname config option (#17849)
The existing `email.smtp_host` config option is used for two distinct
purposes: it is resolved into the IP address to connect to, and used to
(request via SNI and) validate the server's certificate if TLS is
enabled. This new option allows specifying a different name for the
second purpose.

This is especially helpful, if `email.smtp_host` isn't a global FQDN,
but something that resolves only locally (e.g. "localhost" to connect
through the loopback interface, or some other internally routed name),
that one cannot get a valid certificate for.
Alternatives would of course be to specify a global FQDN as
`email.smtp_host`, or to disable TLS entirely, both of which might be
undesirable, depending on the SMTP server configuration.
2024-12-17 18:05:38 -06:00
V02460
57bf44941e
Add macaroon_secret_key_path config option (#17983)
Another config option on my quest to a `*_path` variant for every
secret. This time it’s `macaroon_secret_key_path`.

Reading secrets from files has the security advantage of separating the secrets from the config. It also simplifies secrets management in Kubernetes. Also useful to NixOS users.
2024-12-16 18:01:33 -06:00
Travis Ralston
3d60a58ad6
Add last_seen_ts to query user example (#17976)
This section could probably do with a lot more editorial attention, but
for now this is all there is in terms of documentation. The field is
already returned by Synapse:
4587decd67/synapse/handlers/admin.py (L150)

`last_seen_ts` was introduced in
https://github.com/matrix-org/synapse/pull/16218
2024-12-16 17:12:40 -06:00
Shay
8208186e3c
Add some useful endpoints to Admin API (#17948)
- Fetch the number of invites the provided user has sent after a given
timestamp
- Fetch the number of rooms the provided user has joined after a given
timestamp, regardless if they have left/been banned from the rooms
subsequently
- Get report IDs of event reports where the provided user was the sender
of the reported event
2024-12-16 13:27:34 -06:00
dependabot[bot]
29d586311d
Bump http from 1.1.0 to 1.2.0 (#18013) 2024-12-16 13:23:11 +00:00
dependabot[bot]
512c9efcb3
Bump serde from 1.0.215 to 1.0.216 (#18031) 2024-12-16 12:20:16 +00:00
dependabot[bot]
35c361c0d9
Bump pillow from 10.4.0 to 11.0.0 (#18015) 2024-12-16 12:19:09 +00:00
dependabot[bot]
95853c5f31
Bump pydantic from 2.9.2 to 2.10.3 (#18014) 2024-12-16 12:03:42 +00:00
dependabot[bot]
eb019c03c4
Bump anyhow from 1.0.93 to 1.0.94 (#18012) 2024-12-16 11:58:34 +00:00
Wilson
eedab12e6d
forward requester id to check username for spam callbacks (#17916) 2024-12-13 14:17:41 +00:00
Andrew Morgan
483602efb2 Merge branch 'master' into develop 2024-12-11 19:24:03 +00:00
Andrew Morgan
ac429050bc Remove redundant security disclaimer 2024-12-11 18:28:45 +00:00
Andrew Morgan
daa783f16c 1.121.1 2024-12-11 18:25:44 +00:00
Till
6c4037dcf3
Downgrade ubuntu to 22.04 when building docker images (#18026)
As currently all docker builds are failing.


https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/
https://github.com/actions/runner-images/issues/10636
2024-12-11 18:27:56 +01:00
Till Faelligen
737f6c73f7
Update changelog 2024-12-11 15:20:39 +01:00
Till Faelligen
ed6edc17d0
1.121.0 2024-12-11 13:12:50 +01:00
Till
5b0873516c
Attempt to fix duplicate releases issue (#18025)
This hopefully fixes https://github.com/element-hq/synapse/issues/17991,
as we first upgraded to v2 and are now back to 0.1.15.
(This was lost in https://github.com/element-hq/synapse/pull/17923,
related https://github.com/element-hq/synapse/pull/17995)
2024-12-11 12:40:36 +01:00
jahway603
5da7081197
Update Alpine Linux Synapse Package Maintainer within installation.md (#17846)
Update Alpine Linux Synapse Package Maintainer within installation.md as
it is outdated.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [x] Pull request is based on the develop branch
* [N/A] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [x] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
2024-12-10 22:24:03 +00:00
Mathieu Velten
5cf74c2da0
Fix bug when rejecting withdrew invite with a third_party_rules module (#17930)
When rejecting a withdrew invite through federation, an out of band
event needs to be created.

When doing so with a third_party_rules module installed,
`get_prev_state_ids` [is
called](e0fdb862cb/synapse/module_api/callbacks/third_party_event_rules_callbacks.py (L285))
on the context to calculate the state to pass at `check_event_allowed`
callbacks.

The context for outliers is defined
[here](e0fdb862cb/synapse/events/snapshot.py (L168)),
and `state_group_before_event` is None.

This change makes the behavior of `get_prev_state_ids` and
`get_current_state_ids` match the one presented in the docstring
regarding null state_group.
2024-12-10 14:26:38 +00:00
Rafał Hirsch
adce8a0111
Reorganize account data, receipts and presence request regexps in generic_worker docs (#17954)
POST requests for account data, receipts and presence require the worker
to be configured as a stream writer. The regular expressions in the
default list don't assume any HTTP method, so if the worker is not a
stream writer, the request fails.

The stream writer section of the documentation lists the same regexps as
the one I'm removing, so people configuring stream writers can still
configure their routing properly.

More context:
https://github.com/element-hq/synapse/issues/17243#issuecomment-2493621645
2024-12-09 10:30:03 -06:00
dependabot[bot]
790ce14e46
Bump pyo3 from 0.23.2 to 0.23.3 (#18001) 2024-12-09 10:54:53 +00:00
dependabot[bot]
ecbc0b740c
Bump dawidd6/action-download-artifact from 6 to 7 (#17981) 2024-12-05 17:37:40 +00:00
dependabot[bot]
0db5d247f8
Bump python-multipart from 0.0.16 to 0.0.18 (#17985) 2024-12-05 17:07:40 +00:00
Devon Hudson
02d09e3f0c
Add RoomID & EventID rust types (#17996)
Adds the RoomID & EventID rust types to the rust lib.
Also adds a Deserialize impl to the existing UserID type.

### Pull Request Checklist

<!-- Please read
https://element-hq.github.io/synapse/latest/development/contributing_guide.html
before submitting your pull request -->

* [X] Pull request is based on the develop branch
* [X] Pull request includes a [changelog
file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog).
The entry should:
- Be a short description of your change which makes sense to users.
"Fixed a bug that prevented receiving messages from other servers."
instead of "Moved X method from `EventStore` to `EventWorkerStore`.".
  - Use markdown where necessary, mostly for `code blocks`.
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
- Feel free to credit yourself, by adding a sentence "Contributed by
@github_username." or "Contributed by [Your Name]." to the end of the
entry.
* [X] [Code
style](https://element-hq.github.io/synapse/latest/code_style.html) is
correct
(run the
[linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
2024-12-05 15:41:57 +00:00
Travis Ralston
b90ad26ebc
Promote account suspension to stable (#17964)
MSC: https://github.com/matrix-org/matrix-spec-proposals/pull/3823
2024-12-04 17:56:42 -06:00
Andrew Morgan
a00d0b3d0e 1.121.0rc1 2024-12-04 14:49:28 +00:00
Andrew Morgan
45ca6392f4
Pin Rust to 1.82.0 when building Python wheels (#17993)
Addresses step 1 of #17988.
2024-12-04 12:58:26 +00:00
Andrew Morgan
05d58b86ac
Pin softprops/action-gh-release to v0.1.15 (#17995)
We are still seeing duplicate releases on v2.0.5, so roll back further.
[Other](f8a5a60b7c (diff-88ab30345d9874c4336fe50b54b083ba5bdd925be961c34060e6a192b56b0433R72))
[repositories](55fca4fec7 (diff-e426ed45842837026e10e66af23d9c7077e89eacbe6958ce7cb991130ad05adaR105))
seem to have settled on this version.

Addresses https://github.com/element-hq/synapse/issues/17991

We're just going to test this during 1.121.0rc1.
2024-12-04 12:53:51 +00:00
Quentin Gliech
23b626f2e6
Support for MSC4190: device management for application services (#17705)
This is an implementation of MSC4190, which allows appservices to manage
their user's devices without /login & /logout.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2024-12-04 12:04:49 +01:00
manuroe
abf44ad324
MSC4076: Add disable_badge_count to pusher configuration (#17975)
This PR implements [MSC4076: Let E2EE clients calculate app badge counts
themselves
(disable_badge_count)](https://github.com/matrix-org/matrix-spec-proposals/pull/4076).
2024-12-03 22:58:43 +00:00
Quentin Gliech
657dd5151e
Merge branch 'master' into develop 2024-12-03 17:44:48 +01:00
Quentin Gliech
6f689d452c
1.120.2 2024-12-03 16:58:40 +01:00
Quentin Gliech
650492ed4d
Stop building wheels for macOS 2024-12-03 16:39:41 +01:00
Eric Eastwood
b257c7ab19
Be able to test /login/sso/redirect in Complement (#17986)
Be able to test `/login/sso/redirect` in Complement

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1854926218 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). We have some
Complement tests in that codebase that go over this flow and these
changes are required [in order for the URL's to line
up](d648c8ce3f/synapse/rest/client/login.py (L652-L673)).
2024-12-03 12:54:25 +00:00
Quentin Gliech
fe3d88b833
1.120.1 2024-12-03 11:18:31 +01:00
Olivier 'reivilibre
b64a4e5fbb
Restrict which image formats we will decode in order to generate thumbnails 2024-12-03 09:53:21 +01:00
Devon Hudson
4b7154c585
Don't allow unsupported content-type
Co-authored-by: Eric Eastwood <erice@element.io>
2024-12-03 09:53:21 +01:00
Erik Johnston
d82e1ed357
Handle null invite and knock room state 2024-12-03 09:53:21 +01:00
Eric Eastwood
4daa533e82
Sliding Sync: Fix state leaking on incremental sync 2024-12-03 09:53:21 +01:00
Erik Johnston
f3fd6852ac
Fix release process to not create duplicate releases (#17970)
This is to work around
https://github.com/softprops/action-gh-release/issues/445

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
2024-12-03 09:53:20 +01:00
dependabot[bot]
d648c8ce3f
Bump bytes from 1.8.0 to 1.9.0 (#17982) 2024-12-02 16:55:53 +00:00
dependabot[bot]
190c400a83
Bump tomli from 2.1.0 to 2.2.1 (#17979) 2024-12-02 16:55:40 +00:00
Eric Eastwood
e5d3bfba30
Sliding Sync: Include invite, ban, kick, targets when $LAZY-loading room members (#17947)
Part of https://github.com/element-hq/synapse/issues/17929
2024-12-02 10:17:55 -06:00
Travis Ralston
9b2ae62d20
Use stable error code for account locking (#17965) 2024-12-02 15:28:47 +00:00
dependabot[bot]
a89b697209
Bump pysaml2 from 7.3.1 to 7.5.0 (#17978) 2024-12-02 15:28:08 +00:00
Erik Johnston
a82f5f206f
Fix release process to not create duplicate releases (#17970)
This is to work around
https://github.com/softprops/action-gh-release/issues/445

---------

Co-authored-by: Quentin Gliech <quenting@element.io>
2024-12-02 10:54:14 +00:00
Eric Eastwood
6a909aade2
Consolidate SSO redirects through /_matrix/client/v3/login/sso/redirect(/{idpId}) (#17972)
Consolidate SSO redirects through
`/_matrix/client/v3/login/sso/redirect(/{idpId})`

Spawning from
https://github.com/element-hq/sbg/pull/421#discussion_r1859497330 where
we have a proxy that intercepts responses to
`/_matrix/client/v3/login/sso/redirect(/{idpId})` in order to upgrade
them to use OAuth 2.0 Pushed Authorization Requests (PAR). Instead of
needing to intercept multiple endpoints that redirect to the
authorization endpoint, it seems better to just have Synapse consolidate
to a single flow.


### Testing strategy

1. Create a new OAuth application. I'll be using GitHub for example but
there are [many
options](be65a8ec01/docs/openid.md).
Visit https://github.com/settings/developers -> **New OAuth App**
    - Application name: `Synapse local testing`
    - Homepage URL: `http://localhost:8008`
- Authorization callback URL:
`http://localhost:8008/_synapse/client/oidc/callback`
 1. Update your Synapse `homeserver.yaml`
    ```yaml
    server_name: "my.synapse.server"
    public_baseurl: http://localhost:8008/
    listeners:
      - port: 8008
        bind_addresses: [
          #'::1',
          '127.0.0.1'
        ]
        tls: false
        type: http
        x_forwarded: true
        resources:
          - names: [client, federation, metrics]
            compress: false
    
    # SSO login testing
    oidc_providers:
      - idp_id: github
        idp_name: Github
        idp_brand: "github"  # optional: styling hint for clients
        discover: false
        issuer: "https://github.com/"
        client_id: "xxx" # TO BE FILLED
        client_secret: "xxx" # TO BE FILLED
authorization_endpoint: "https://github.com/login/oauth/authorize"
        token_endpoint: "https://github.com/login/oauth/access_token"
        userinfo_endpoint: "https://api.github.com/user"
        scopes: ["read:user"]
        user_mapping_provider:
          config:
            subject_claim: "id"
            localpart_template: "{{ user.login }}"
            display_name_template: "{{ user.name }}"
    ```
1. Start Synapse: `poetry run synapse_homeserver --config-path
homeserver.yaml`
1. Visit
`http://localhost:8008/_synapse/client/pick_idp?redirectUrl=http%3A%2F%2Fexample.com`
 1. Choose GitHub
1. Notice that you're redirected to GitHub to sign in
(`https://github.com/login/oauth/authorize?...`)

Tested locally and works:

1.
`http://localhost:8008/_synapse/client/pick_idp?idp=oidc-github&redirectUrl=http%3A//example.com`
->
1.
`http://localhost:8008/_matrix/client/v3/login/sso/redirect/oidc-github?redirectUrl=http://example.com`
->
1.
`https://github.com/login/oauth/authorize?response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A8008%2F_synapse%2Fclient%2Foidc%2Fcallback&scope=read%3Auser&state=xxx&nonce=xxx`
2024-11-29 11:26:37 -06:00