watcha-synapse

Commit Graph

Author	SHA1	Message	Date
Jason Robinson	6d847d8ce6	Ensure support users can be registered even if MAU limit is reached This allows support users to be created even on MAU limits via the admin API. Support users are excluded from MAU after creation, so it makes sense to exclude them in creation - except if the whole host is in disabled state. Signed-off-by: Jason Robinson <jasonr@matrix.org>	6 years ago
Richard van der Hoff	5f158ec039	Implement access token expiry (#5660 ) Record how long an access token is valid for, and raise a soft-logout once it expires.	6 years ago
Richard van der Hoff	0a4001eba1	Clean up exception handling for access_tokens (#5656 ) First of all, let's get rid of `TOKEN_NOT_FOUND_HTTP_STATUS`. It was a hack we did at one point when it was possible to return either a 403 or a 401 if the creds were missing. We always return a 401 in these cases now (thankfully), so it's not needed. Let's also stop abusing `AuthError` for these cases. Honestly they have nothing that relates them to the other places that `AuthError` is used, other than the fact that they are loosely under the 'Auth' banner. It makes no sense for them to share exception classes. Instead, let's add a couple of new exception classes: `InvalidClientTokenError` and `MissingClientTokenError`, for the `M_UNKNOWN_TOKEN` and `M_MISSING_TOKEN` cases respectively - and an `InvalidClientCredentialsError` base class for the two of them.	6 years ago
Richard van der Hoff	1890cfcf82	Inline issue_access_token (#5659 ) this is only used in one place, so it's clearer if we inline it and reduce the API surface. Also, fixes a buglet where we would create an access token even if we were about to block the user (we would never return the AT, so the user could never use it, but it was still created and added to the db.)	6 years ago
Richard van der Hoff	953dbb7980	Remove access-token support from RegistrationStore.register (#5642 ) The 'token' param is no longer used anywhere except the tests, so let's kill that off too.	6 years ago
Amber Brown	32e7c9e7f2	Run Black. (#5482 )	6 years ago
Richard van der Hoff	0dbfae03f9	Enforce hs_disabled_message correctly Fixes a bug where hs_disabled_message was not enforced for 3pid-based requests if there was no server_notices_mxid configured.	6 years ago
Richard van der Hoff	566947ff34	Skip macaroon check for access tokens in the db	6 years ago
Neil Johnson	d2f7c4e6b1	create support user (#4141 ) Allow for the creation of a support user. A support user can access the server, join rooms, interact with other users, but does not appear in the user directory nor does it contribute to monthly active user limits.	6 years ago
Amber Brown	52ec6e9dfa	Port tests/ to Python 3 (#3808 )	7 years ago
Neil Johnson	ea068d6f3c	fix bug where preserved threepid user comes to sign up and server is mau blocked	7 years ago
Erik Johnston	05077e06fa	Change admin_uri to admin_contact in config and errors	7 years ago
Neil Johnson	e07970165f	rename error code	7 years ago
Neil Johnson	ba1fbf7d5b	special case server_notices_mxid	7 years ago
Neil Johnson	13ad9930c8	add new error type ResourceLimit	7 years ago
Neil Johnson	b8429c7c81	update error codes for resource limiting	7 years ago
Neil Johnson	ab035bdeac	replace admin_email with admin_uri for greater flexibility	7 years ago
Neil Johnson	f4b49152e2	support admin_email config and pass through into blocking errors, return AuthError in all cases	7 years ago
Neil Johnson	ce7de9ae6b	Revert "support admin_email config and pass through into blocking errors, return AuthError in all cases" This reverts commit `0d43f991a1`.	7 years ago
Neil Johnson	0d43f991a1	support admin_email config and pass through into blocking errors, return AuthError in all cases	7 years ago
Amber Brown	99dd975dae	Run tests under PostgreSQL (#3423 )	7 years ago
black	8b3d9b6b19	Run black.	7 years ago
Neil Johnson	42c6823827	disable HS from config	7 years ago
Neil Johnson	d08296f9f2	remove unused import	7 years ago
Neil Johnson	886be75ad1	bug fixes	7 years ago
Neil Johnson	74b1d46ad9	do mau checks based on monthly_active_users table	7 years ago
Amber Brown	da7785147d	Python 3: Convert some unicode/bytes uses (#3569 )	7 years ago
Amber Brown	49af402019	run isort	7 years ago
Matthew Hodgson	f82cf3c7df	add test	7 years ago
Matthew Hodgson	e72234f6bd	fix tests	7 years ago
Richard van der Hoff	1529c19675	Prevent user tokens being used as guest tokens (#1675 ) Make sure that a user cannot pretend to be a guest by adding 'guest = True' caveats.	8 years ago
Mark Haines	ec609f8094	Fix unit tests	9 years ago
Richard van der Hoff	ec041b335e	Record device_id in client_ips Record the device_id when we add a client ip; it's somewhat redundant as we could get it via the access_token, but it will make querying rather easier.	9 years ago
Negar Fazeli	0136a522b1	Bug fix: expire invalid access tokens	9 years ago
Negi Fazeli	40aa6e8349	Create user with expiry - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>	9 years ago
Mark Haines	700487a7c7	Fix flake8 warnings for tests	9 years ago
Daniel Wagner-Hall	2110e35fd6	Introduce a Requester object This tracks data about the entity which made the request. This is instead of passing around a tuple, which requires call-site modifications every time a new piece of optional context is passed around. I tried to introduce a User object. I gave up.	9 years ago
Daniel Wagner-Hall	cfd07aafff	Allow guests to upgrade their accounts	9 years ago
Daniel Wagner-Hall	f522f50a08	Allow guests to register and call /events?room_id= This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices.	9 years ago
Daniel Wagner-Hall	e255c2c32f	s/user_id/user/g for consistency	10 years ago
Daniel Wagner-Hall	81450fded8	Turn TODO into thing which actually will fail	10 years ago
Daniel Wagner-Hall	6a4b650d8a	Attempt to validate macaroons A couple of weird caveats: * If we can't validate your macaroon, we fall back to checking that your access token is in the DB, and ignoring the failure * Even if we can validate your macaroon, we still have to hit the DB to get the access token ID, which we pretend is a device ID all over the codebase. This mostly adds the interesting code, and points out the two pieces we need to delete (and necessary conditions) in order to fix the above caveats.	10 years ago
Daniel Wagner-Hall	a9d8bd95e7	Stop looking up "admin", which we never read	10 years ago
Daniel Wagner-Hall	a0b181bd17	Remove completely unused concepts from codebase Removes device_id and ClientInfo device_id is never actually written, and the matrix.org DB has no non-null entries for it. Right now, it's just cluttering up code. This doesn't remove the columns from the database, because that's fiddly.	10 years ago
Daniel Wagner-Hall	13a6517d89	s/by_token/by_access_token/g We're about to have two kinds of token, access and refresh	10 years ago
Kegan Dougal	ab3c897ce1	Remove unused imports.	10 years ago
Kegan Dougal	5a7dd05818	Modify auth.get_user_by_req for authing appservices directly. Add logic to map the appservice token to the autogenned appservice user ID. Add unit tests for all forms of get_user_by_req (user/appservice, valid/bad/missing tokens)	10 years ago

49 Commits (d630c8234928c008e12c79ebef10cee570779fa5)