watcha-synapse

Commit Graph

Author	SHA1	Message	Date
Mark Haines	c18f7fc410	Fix flake8 and update changelog	8 years ago
Matthew Hodgson	d79d165761	add logging for all the places we call resolve_state_groups. my kingdom for a backtrace that actually works.	8 years ago
Richard van der Hoff	1529c19675	Prevent user tokens being used as guest tokens (#1675 ) Make sure that a user cannot pretend to be a guest by adding 'guest = True' caveats.	8 years ago
Richard van der Hoff	aa09d6b8f0	Rip out more refresh_token code We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema.	8 years ago
Richard van der Hoff	4febfe47f0	Comments Update comments in verify_macaroon	8 years ago
Richard van der Hoff	1c4f05db41	Stop putting a time caveat on access tokens The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats.	8 years ago
Richard van der Hoff	7f02e4d008	Give guest users a device_id We need to create devices for guests so that they can use e2e, but we don't have anywhere to store it, so just use a fixed one.	8 years ago
Richard van der Hoff	e1d7c96814	Remove redundant list of known caveat prefixes Also add some comments.	8 years ago
Kegan Dougal	83bcdcee61	Return early on /sync code paths if a '*' filter is used This is currently very conservative in that it only does this if there is no `since` token. This limits the risk to clients likely to be doing one-off syncs (like bridges), but does mean that normal human clients won't benefit from the time savings here. If the savings are large enough, I would consider generalising this to just check the filter.	8 years ago
Kegan Dougal	cea4e4e7b2	Glue only_event_fields into the sync rest servlet	8 years ago
Kegan Dougal	f97511a1f3	Move event_fields filtering to serialize_event Also make it an inclusive not exclusive filter, as the spec demands.	8 years ago
Kegan Dougal	e90fcd9edd	Add filter_event_fields and filter_field to FilterCollection	8 years ago
Kegan Dougal	a2a6c1c22f	Fail with a coherent error message if `/sync?filter=` is invalid	8 years ago
Luke Barnard	07caa749bf	Closing brace on following line	8 years ago
Luke Barnard	f09db236b1	as_user->app_service, less redundant comments, better positioned comments	8 years ago
Luke Barnard	8bfd01f619	flake8	8 years ago
Luke Barnard	1b17d1a106	Use real AS object by passing it through the requester This means synapse does not have to check if the AS is interested, but instead it effectively re-uses what it already knew about the requesting user	8 years ago
Erik Johnston	550308c7a1	Check whether to ratelimit sooner to avoid work	8 years ago
Patrik Oldsberg	9bfc617791	storage/appservice: make appservice methods only relying on the cache synchronous	8 years ago
Patrik Oldsberg	24a70e19c7	api/auth: fix for not being allowed to set your own state_key Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com>	8 years ago
Erik Johnston	f96020550f	Update comments	8 years ago
Erik Johnston	2e9ee30969	Add comments	8 years ago
Erik Johnston	a61e4522b5	Shuffle things around to make unit tests work	8 years ago
Erik Johnston	1168cbd54d	Allow invites via 3pid to bypass sender sig check When a server sends a third party invite another server may be the one that the inviting user registers with. In this case it is that remote server that will issue an actual invitation, and wants to do it "in the name of" the original invitee. However, the new proper invite will not be signed by the original server, and thus other servers would reject the invite if it was seen as coming from the original user. To fix this, a special case has been added to the auth rules whereby another server can send an invite "in the name of" another server's user, so long as that user had previously issued a third party invite that is now being accepted.	8 years ago
Mark Haines	ec609f8094	Fix unit tests	8 years ago
Mark Haines	8e01263587	Allow clients to supply access_tokens as headers Clients can continue to supply access tokens as query parameters or can supply the token as a header: Authorization: Bearer <access_token_goes_here> This matches the ouath2 format of https://tools.ietf.org/html/rfc6750#section-2.1	8 years ago
Mark Haines	8aee5aa068	Add helper function for getting access_tokens from requests Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers.	8 years ago
Erik Johnston	ed7a703d4c	Handle the fact that workers can't generate state groups	8 years ago
Erik Johnston	c10cb581c6	Correctly handle the difference between prev and current state	8 years ago
Erik Johnston	1ccdc1e93a	Cache check_host_in_room	8 years ago
Erik Johnston	25414b44a2	Add measure on check_host_in_room	8 years ago
Paul "LeoNerd" Evans	1294d4a329	Move ThirdPartyEntityKind into api.constants so the expectation becomes that the value is significant	8 years ago
Erik Johnston	0e1900d819	Pull out full state less	8 years ago
Paul "LeoNerd" Evans	142983b4ea	APP_SERVICE_PREFIX is never used; don't bother	8 years ago
Erik Johnston	a3dc1e9cbe	Replace context.current_state with context.current_state_ids	8 years ago
Richard van der Hoff	6fe6a6f029	Fix login with m.login.token login with token (as used by CAS auth) was broken by `067596d`, such that it always returned a 401.	8 years ago
Richard van der Hoff	eb359eced4	Add `create_requester` function Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout	8 years ago
Mark Haines	c824b29e77	Check if the user is banned when handling 3pid invites	8 years ago
Richard van der Hoff	ec041b335e	Record device_id in client_ips Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.	8 years ago
Richard van der Hoff	053e83dafb	More doc-comments Fix some more comments on some things	8 years ago
Mark Haines	d137e03231	Fix 500 ISE when sending alias event without a state_key	8 years ago
Erik Johnston	ebdafd8114	Check sender signed event	8 years ago
Erik Johnston	e5142f65a6	Add 'contains_url' to filter	8 years ago
Negar Fazeli	0136a522b1	Bug fix: expire invalid access tokens	8 years ago
Erik Johnston	2cb758ac75	Check if alias event's state_key matches sender's domain	8 years ago
Erik Johnston	560c71c735	Check creation event's room_id domain matches sender's	8 years ago
David Baker	385aec4010	Implement https://github.com/matrix-org/matrix-doc/pull/346/files	9 years ago
Erik Johnston	067596d341	Fix bug where we did not correctly explode when multiple user_ids were set in macaroon	9 years ago
David Baker	be8be535f7	requestToken update Don't send requestToken request to untrusted ID servers Also correct the THREEPID_IN_USE error to add the M_ prefix. This is a backwards incomaptible change, but the only thing using this is the angular client which is now unmaintained, so it's probably better to just do this now.	9 years ago
David Baker	1f31cc37f8	Working unsubscribe links going straight to the HS and authed by macaroons that let you delete pushers and nothing else	9 years ago

1 2 3 4 5 ...

439 Commits (c18f7fc41019be6a5c08df3f4976bd94435677c7)