* develop: (45 commits)
URL preview blacklisting fixes (#5155)
Revert 085ae346ac
Add a DUMMY stage to captcha-only registration flow
Make Prometheus snippet less confusing on the metrics collection doc (#4288)
Set syslog identifiers in systemd units (#5023)
Run Black on the tests again (#5170)
Add AllowEncodedSlashes to apache (#5068)
remove instructions for jessie installation (#5164)
Run `black` on per_destination_queue
Limit the number of EDUs in transactions to 100 as expected by receiver (#5138)
Fix bogus imports in tests (#5154)
add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
Do checks on aliases for incoming m.room.aliases events (#5128)
Remove the requirement to authenticate for /admin/server_version. (#5122)
Fix spelling in server notices admin API docs (#5142)
Fix sample config
0.99.3.2
include disco in deb build target list
changelog
Debian: we now need libpq-dev.
...
* Add AllowEncodedSlashes to apache
Add `AllowEncodedSlashes On` to apache config to support encoding for v3 rooms. "The AllowEncodedSlashes setting is not inherited by virtual hosts, and virtual hosts are used in many default Apache configurations, such as the one in Ubuntu. The workaround is to add the AllowEncodedSlashes setting inside a <VirtualHost> container (/etc/apache2/sites-available/default in Ubuntu)." Source: https://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache
* change allowencodedslashes to nodecode
This commit adds two config options:
* `restrict_public_rooms_to_local_users`
Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API.
* `require_auth_for_profile_requests`
When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301.
MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though.
Groups have been intentionally omitted from this commit.
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.
I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.
* develop: (34 commits)
Add a default .m.rule.tombstone push rule (#4867)
Fix infinite loop in presence handler
changelog
more logging improvements
remove extraneous exception logging
Clarify logging when PDU signature checking fails
Changelog
Add --no-pep-517 to README instructions
set PIP_USE_PEP517 = False for tests
Fix handling of SYNAPSE_NO_TLS in docker image (#5005)
Config option for verifying federation certificates (MSC 1711) (#4967)
Remove log error for .well-known/matrix/client (#4972)
Prevent "producer not unregistered" message (#5009)
add gpg key fingerprint
Don't crash on lack of expiry templates
Update debian install docs for new key and repo (#5074)
Add management endpoints for account validity
Send out emails with links to extend an account's validity period
Make sure we're not registering the same 3pid twice
Newsfile
...
Adds a new method, check_3pid_auth, which gives password providers
the chance to allow authentication with third-party identifiers such
as email or msisdn.
Make it so that most options in the config are optional, and commented out in
the generated config.
The reasons this is a good thing are as follows:
* If we decide that we should change the default for an option, we can do so,
and only those admins that have deliberately chosen to override that option
will be stuck on the old setting.
* It moves us towards a point where we can get rid of the super-surprising
feature of synapse where the default settings for the config come from the
generated yaml.
* It makes setting up a test config for unit testing an order of magnitude
easier (see forthcoming PR).
* It makes the generated config more consistent, and hopefully easier for users
to understand.
