watcha-synapse

Commit Graph

Author	SHA1	Message	Date
Quentin Gliech	e2c8458bba	Make the api.auth.Auth a Protocol	2 years ago
David Robertson	a5a799722d	Tag federation request spans with the worker name (#15042 ) * Systematically include worker name as process info * Changelog * don't bother with inner setdefault	3 years ago
Quentin Gliech	eaed4e6113	Remove unused method in `synapse.api.auth.Auth`. (#13795 ) Clean-up from `b19060a29b` (#13094) and `73af10f419` (#13093) which removed all callers.	3 years ago
Eric Eastwood	a911ffb42c	Tag trace with instance name (#13761 ) We tag the Synapse instance name so that it's an easy jumping off point into the logs. Can also be used to filter for an instance that is under load. As suggested by @clokep and @reivilibre in, - https://github.com/matrix-org/synapse/pull/13729#discussion_r964719258 - https://github.com/matrix-org/synapse/pull/13729#discussion_r964733578	3 years ago
reivilibre	d3d9ca156e	Cancel the processing of key query requests when they time out. (#13680 )	3 years ago
Quentin Gliech	3dd175b628	`synapse.api.auth.Auth` cleanup: make permission-related methods use `Requester` instead of the `UserID` (#13024 ) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.	3 years ago
Eric Eastwood	92d21faf12	Instrument `/messages` for understandable traces in Jaeger (#13368 ) In Jaeger: - Before: huge list of uncategorized database calls - After: nice and collapsible into units of work	3 years ago
Will Hunt	502f075e96	Implement MSC3848: Introduce errcodes for specific event sending failures (#13343 ) Implements MSC3848	3 years ago
Quentin Gliech	fe1daad672	Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986 ) This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods.	3 years ago
Quentin Gliech	92103cb2c8	Decouple `synapse.api.auth_blocking.AuthBlocking` from `synapse.api.auth.Auth`. (#13021 )	3 years ago
Erik Johnston	e3163e2e11	Reduce the amount of state we pull from the DB (#12811 )	3 years ago
c-cal	5d2ae5ab9e	fix: properly check password_hash for capabilities	4 years ago
c-cal	9fcb262261	feat: add config for Watcha features	4 years ago
reivilibre	07fa53ec40	Improve comments and error messages around access tokens. (#12577 )	4 years ago
Patrick Cloke	7fbf42499d	Use `getClientAddress` instead of `getClientIP`. (#12599 ) getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.	4 years ago
Richard van der Hoff	e24ff8ebe3	Remove `HomeServer.get_datastore()` (#12031 ) The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733	4 years ago
KevICO	49e929de9e	fix: fix 'is_partner' assignment in log message	4 years ago
KevICO	a9023396a6	feat: format watcha logs (#143 )	4 years ago
KevICO	f2640d510b	feat: remove is_admin function (#137 )	4 years ago
KevICO	eb37701a65	feat: switch default partners authorization to true (#135 )	4 years ago
Kevin ICOL	1ab3a1f061	style: fix watcha tags and format code	4 years ago
Jason Robinson	2560b1b6b2	Allow tracking puppeted users for MAU (#11561 ) Currently when puppeting another user, the user doing the puppeting is tracked for client IPs and MAU (if configured). When tracking MAU is important, it becomes necessary to be possible to also track the client IPs and MAU of puppeted users. As an example a client that manages user creation and creation of tokens via the Synapse admin API, passing those tokens for the client to use. This PR adds optional configuration to enable tracking of puppeted users into monthly active users. The default behaviour stays the same. Signed-off-by: Jason Robinson <jasonr@matrix.org>	4 years ago
Richard van der Hoff	2215954147	Various opentracing enhancements (#11619 ) * Wrap `auth.get_user_by_req` in an opentracing span give `get_user_by_req` its own opentracing span, since it can result in a non-trivial number of sub-spans which it is useful to group together. This requires a bit of reorganisation because it also sets some tags (and may force tracing) on the servlet span. * Emit opentracing span for encoding json responses This can be a significant time sink. * Rename all sync spans with a prefix * Write an opentracing span for encoding sync response * opentracing span to group generate_room_entries * opentracing spans within sync.encode_response * changelog * Use the `trace` decorator instead of context managers	4 years ago
reivilibre	17886d2603	Add experimental support for MSC3202: allowing application services to masquerade as specific devices. (#11538 )	4 years ago
Patrick Cloke	3ab55d43bd	Add missing type hints to synapse.api. (#11109 ) * Convert UserPresenceState to attrs. * Remove args/kwargs from error classes and explicitly pass msg/errorcode.	4 years ago
Patrick Cloke	8c7a531e27	Use direct references for some configuration variables (part 2) (#10812 )	4 years ago
Brendan Abolivier	36dc15412d	Add a module type for account validity (#9884 ) This adds an API for third-party plugin modules to implement account validity, so they can provide this feature instead of Synapse. The module implementing the current behaviour for this feature can be found at https://github.com/matrix-org/synapse-email-account-validity. To allow for a smooth transition between the current feature and the new module, hooks have been added to the existing account validity endpoints to allow their behaviours to be overridden by a module.	4 years ago
Jonathan de Jong	bf72d10dbf	Use inline type hints in various other places (in `synapse/`) (#10380 )	4 years ago
Eric Eastwood	0d5b08ac7a	Fix messages from multiple senders in historical chunk (MSC2716) (#10276 ) Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716	4 years ago
Patrick Cloke	8d609435c0	Move methods involving event authentication to EventAuthHandler. (#10268 ) Instead of mixing them with user authentication methods.	4 years ago
Patrick Cloke	aaf7d1acb8	Correct type hints for synapse.event_auth. (#10253 )	4 years ago
Quentin Gliech	bd4919fb72	MSC2918 Refresh tokens implementation (#9450 ) This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>	4 years ago
Eric Eastwood	96f6293de5	Add endpoints for backfilling history (MSC2716) (#9247 ) Work on https://github.com/matrix-org/matrix-doc/pull/2716	4 years ago
Richard van der Hoff	9e405034e5	Make opentracing trace into event persistence (#10134 ) * Trace event persistence When we persist a batch of events, set the parent opentracing span to the that from the request, so that we can trace all the way in. * changelog * When we force tracing, set a baggage item ... so that we can check again later. * Link in both directions between persist_events spans	4 years ago
Richard van der Hoff	ed53bf314f	Set opentracing priority before setting other tags (#10092 ) ... because tags on spans which aren't being sampled get thrown away.	5 years ago
Richard van der Hoff	c14f99be46	Support enabling opentracing by user (#9978 ) Add a config option which allows enabling opentracing by user id, eg for debugging requests made by a test user.	5 years ago
Patrick Cloke	e83627926f	Add type hints to auth and auth_blocking. (#9876 )	5 years ago
Patrick Cloke	d924827da1	Check for space membership during a remote join of a restricted room (#9814 ) When receiving a /send_join request for a room with join rules set to 'restricted', check if the user is a member of the spaces defined in the 'allow' key of the join rules. This only applies to an experimental room version, as defined in MSC3083.	5 years ago
Andrew Morgan	71f0623de9	Port "Allow users to click account renewal links multiple times without hitting an 'Invalid Token' page #74" from synapse-dinsic (#9832 ) This attempts to be a direct port of https://github.com/matrix-org/synapse-dinsic/pull/74 to mainline. There was some fiddling required to deal with the changes that have been made to mainline since (mainly dealing with the split of `RegistrationWorkerStore` from `RegistrationStore`, and the changes made to `self.make_request` in test code).	5 years ago
Jonathan de Jong	4b965c862d	Remove redundant "coding: utf-8" lines (#9786 ) Part of #9744 Removes all redundant `# -- coding: utf-8 --` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`	5 years ago
Erik Johnston	b5efcb577e	Make it possible to use dmypy (#9692 ) Running `dmypy run` will do a `mypy` check while spinning up a daemon that makes rerunning `dmypy run` a lot faster. `dmypy` doesn't support `follow_imports = silent` and has `local_partial_types` enabled, so this PR enables those options and fixes the issues that were newly raised. Note that `local_partial_types` will be enabled by default in upcoming mypy releases.	5 years ago
Patrick Cloke	55da8df078	Fix additional type hints from Twisted 21.2.0. (#9591 )	5 years ago
Richard van der Hoff	7eb6e39a8f	Record the SSO Auth Provider in the login token (#9510 ) This great big stack of commits is a a whole load of hoop-jumping to make it easier to store additional values in login tokens, and then to actually store the SSO Identity Provider in the login token. (Making use of that data will follow in a subsequent PR.)	5 years ago
Eric Eastwood	0a00b7ff14	Update black, and run auto formatting over the codebase (#9381 ) - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](`80d6dc9783/docs/code_style.md`) - Update `code_style.md` docs around installing black to use the correct version	5 years ago
Richard van der Hoff	0f8945e166	Kill off `HomeServer.get_ip_from_request()` (#9080 ) Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.	5 years ago
Richard van der Hoff	2ec8ca5e60	Remove SynapseRequest.get_user_agent (#9069 ) SynapseRequest is in danger of becoming a bit of a dumping-ground for "useful stuff relating to Requests", which isn't really its intention (its purpose is to override render, finished and connectionLost to set up the LoggingContext and write the right entries to the request log). Putting utility functions inside SynapseRequest means that lots of our code ends up requiring a SynapseRequest when there is nothing synapse-specific about the Request at all, and any old twisted.web.iweb.IRequest will do. This increases code coupling and makes testing more difficult. In short: move get_user_agent out to a utility function.	5 years ago
Patrick Cloke	be2db93b3c	Do not assume that the contents dictionary includes history_visibility. (#8945 )	5 years ago
Erik Johnston	a8eceb01e5	Honour AS ratelimit settings for /login requests (#8920 ) Fixes #8846.	5 years ago
Erik Johnston	f21e24ffc2	Add ability for access tokens to belong to one user but grant access to another user. (#8616 ) We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.	5 years ago
Erik Johnston	c850dd9a8e	Fix handling of User-Agent headers with bad utf-8. (#8632 )	5 years ago

1 2 3 4 5 ...

391 Commits (f7e651d772ebdf7f328ae46cad1fb87bb1025ed2)