1008 Commits (watcha-develop)

Author	SHA1	Message	Date
dlamarcheteamnet	ec2ccc606e	rm auth.py	2 years ago
dlamarcheteamnet	7b6bbcac8a	add allow_locked in _wrapped_get_user_by_req	2 years ago
dlamarcheteamnet	4421b4f0e5	séparation auth	2 years ago
Patrick Cloke	696cc9e802	Stabilize support for Retry-After header (MSC4014) (#16947)	2 years ago
Erik Johnston	23740eaa3d	Correctly mention previous copyright (#16820) ... During the migration the automated script to update the copyright headers accidentally got rid of some of the existing copyright lines. Reinstate them.	2 years ago
David Robertson	32a59a6495	Keep track of `user_ips` and `monthly_active_users` when delegating auth (#16672) ... * Describe `insert_client_ip` * Pull out client_ips and MAU tracking to BaseAuth * Define HAS_AUTHLIB once in tests sick of copypasting * Track ips and token usage when delegating auth * Test that we track MAU and user_ips * Don't track `__oidc_admin`	2 years ago
Patrick Cloke	8e1e62c9e0	Update license headers	2 years ago
Sumner Evans	999bd77d3a	Asynchronous Uploads (#15503) ... Support asynchronous uploads as defined in MSC2246.	2 years ago
Christoph	32fd9bc673	Fix possible AttributeError when account-api is called over unix socket (#16404) ... Fixes #16396	2 years ago
Patrick Cloke	06bbf1029c	Convert simple_select_list_paginate_txn to return tuples. (#16433)	2 years ago
Patrick Cloke	7ec0a141b4	Convert more cached return values to immutable types (#16356)	2 years ago
Erik Johnston	954921736b	Refactor `get_user_by_id` (#16316)	2 years ago
Quentin Gliech	1940d990a3	Revert MSC3861 introspection cache, admin impersonation and account lock (#16258)	2 years ago
Patrick Cloke	a2b8814d64	Fix incorrect docstring for Ratelimiter. (#16255)	2 years ago
Patrick Cloke	ea75346f6a	Track presence state per-device and combine to a user state. (#16066) ... Tracks presence on an individual per-device basis and combine the per-device state into a per-user state. This should help in situations where a user has multiple devices with conflicting status (e.g. one is syncing with unavailable and one is syncing with online). The tie-breaking is done by priority: BUSY > ONLINE > UNAVAILABLE > OFFLINE	2 years ago
David Robertson	62a1a9be52	Describe which rate limiter was hit in logs (#16135)	2 years ago
Will Hunt	0538e3e2db	Add `Retry-After` to M_LIMIT_EXCEEDED error responses (#16136) ... Implements MSC4041 behind an experimental configuration flag.	2 years ago
Shay	69048f7b48	Add an admin endpoint to allow authorizing server to signal token revocations (#16125)	2 years ago
Mathieu Velten	2d15e39684	MSC3861: allow impersonation by an admin using a query param (#16132)	2 years ago
Erik Johnston	6130afb862	Add response time metrics for introspection requests (#16131) ... See #16119	2 years ago
Shay	54a51ff6c1	Cache token introspection response from OIDC provider (#16117)	2 years ago
Patrick Cloke	ad3f43be9a	Run pyupgrade for python 3.7 & 3.8. (#16110)	2 years ago
Mathieu Velten	dac97642e4	Implements admin API to lock an user (MSC3939) (#15870)	2 years ago
Patrick Cloke	6d81aec09f	Support room version 11 (#15912) ... And fix a bug in the implementation of the updated redaction format (MSC2174) where the top-level redacts field was not properly added for backwards-compatibility.	3 years ago
Eric Eastwood	1c802de626	Re-introduce the outbound federation proxy (#15913) ... Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world.	3 years ago
Eric Eastwood	0f02f0b4da	Remove experimental MSC2716 implementation to incrementally import history into existing rooms (#15748) ... Context for why we're removing the implementation: - https://github.com/matrix-org/matrix-spec-proposals/pull/2716#issuecomment-1487441010 - https://github.com/matrix-org/matrix-spec-proposals/pull/2716#issuecomment-1504262734 Anyone wanting to continue MSC2716, should also address these leftover tasks: https://github.com/matrix-org/synapse/issues/10737 Closes https://github.com/matrix-org/synapse/issues/10737 in the fact that it is not longer necessary to track those things.	3 years ago
Patrick Cloke	f880e64b11	Stabilize support for MSC3952: Intentional mentions. (#15520)	3 years ago
Shay	d0c4257f14	`N + 3`: Read from column `full_user_id` rather than `user_id` of tables `profiles` and `user_filters` (#15649)	3 years ago
Patrick Cloke	c01343de43	Add stricter mypy options (#15694) ... Enable warn_unused_configs, strict_concatenate, disallow_subclassing_any, and disallow_incomplete_defs.	3 years ago
Quentin Gliech	ceb3dd77db	Enforce that an admin token also has the basic Matrix API scope	3 years ago
Quentin Gliech	f739bde962	Reject tokens with multiple device scopes	3 years ago
Quentin Gliech	98afc57d59	Make OIDC scope constants	3 years ago
Quentin Gliech	14a5be9c4d	Handle errors when introspecting tokens ... This returns a proper 503 when the introspection endpoint is not working for some reason, which should avoid logging out clients in those cases.	3 years ago
Quentin Gliech	4d0231b364	Make AS tokens work & allow ASes to /register	3 years ago
Quentin Gliech	c008b44b4f	Add an admin token for MAS -> Synapse calls	3 years ago
Hugh Nimmo-Smith	249f4a338d	Refactor config to be an experimental feature ... Also enforce you can't combine it with incompatible config options	3 years ago
Hugh Nimmo-Smith	5fe96082d0	Actually enforce guest + return www-authenticate header	3 years ago
Hugh Nimmo-Smith	a1374b5c70	MSC2967: Check access token scope for use as user and add guest support	3 years ago
Hugh Nimmo-Smith	d20669971a	Use `name` claim as display name when registering users on the fly. ... This makes is so that the `name` claim got when introspecting the token is used as the display name when registering a user on the fly.	3 years ago
Quentin Gliech	f9cd549f64	Record the `sub` claims as an external_id	3 years ago
Quentin Gliech	7628dbf4e9	Handle the Synapse admin scope	3 years ago
Quentin Gliech	c5cf1b421d	Save the scopes in the requester	3 years ago
Quentin Gliech	765244faee	Initial MSC3964 support: delegation of auth to OIDC server	3 years ago
Quentin Gliech	e2c8458bba	Make the api.auth.Auth a Protocol	3 years ago
Travis Ralston	50918c4940	Add `MSC3820opt2` as a known room version (#15678)	3 years ago
Travis Ralston	4e013093a8	Add MSC3820 (room version 11) option 2 unstable room version. (#15666)	3 years ago
Patrick Cloke	c5d1e6d414	Properly parse event_fields in filters (#15607) ... The event_fields property in filters should use the proper escape rules, namely backslashes can be escaped with an additional backslash. This adds tests (adapted from matrix-js-sdk) and implements the logic to properly split the event_fields strings.	3 years ago
Patrick Cloke	f2905d827f	Implement MSC3821 to update redaction rules (`third_party_invite.signed`) (#15563) ... Updates the redaction rules to protect enough information that the event can still be properly verified.	3 years ago
Patrick Cloke	ba6b21c81e	Implement MSC3389 to protect relations from redaction. (#15565) ... MSC3389 proposes protecting the relation type & parent event ID from redaction. This keeps the relation information intact after redaction which helps with some UX flaws (e.g. deleting an event causes it to no longer be in a thread, which is confusing).	3 years ago
Tulir Asokan	86d541f37c	Stabilize MSC2659 support for AS ping endpoint. (#15528)	3 years ago