WIP of --config-check commandline flag

Merge branch 'master' into develop
Merge tag 'v0.31.2'
2018-06-22 16:54:59 +01:00 · 2018-06-14 16:36:01 +01:00 · 2018-06-14 16:35:33 +01:00 · 2018-06-14 16:27:41 +01:00 · 2018-06-14 16:24:32 +01:00 · 2018-06-14 16:22:46 +01:00
38 changed files with 545 additions and 155 deletions
@@ -1,3 +1,24 @@
+Changes in synapse v0.31.2 (2018-06-14)
+=======================================
+
+SECURITY UPDATE: Prevent unauthorised users from setting state events in a room
+when there is no ``m.room.power_levels`` event in force in the room. (PR #3397)
+
+Discussion around the Matrix Spec change proposal for this change can be
+followed at https://github.com/matrix-org/matrix-doc/issues/1304.
+
+Changes in synapse v0.31.1 (2018-06-08)
+=======================================
+
+v0.31.1 fixes a security bug in the ``get_missing_events`` federation API
+where event visibility rules were not applied correctly.
+
+We are not aware of it being actively exploited but please upgrade asap.
+
+Bug Fixes:
+
+* Fix event filtering in get_missing_events handler (PR #3371)
+
 Changes in synapse v0.31.0 (2018-06-06)
 =======================================

@@ -18,14 +18,22 @@
 from __future__ import print_function

 import argparse
+from urlparse import urlparse, urlunparse
+
 import nacl.signing
 import json
 import base64
 import requests
 import sys
+
+from requests.adapters import HTTPAdapter
 import srvlookup
 import yaml

+# uncomment the following to enable debug logging of http requests
+#from httplib import HTTPConnection
+#HTTPConnection.debuglevel = 1
+
 def encode_base64(input_bytes):
    """Encode bytes as a base64 string without any padding."""

@@ -113,17 +121,6 @@ def read_signing_keys(stream):
    return keys


-def lookup(destination, path):
-    if ":" in destination:
-        return "https://%s%s" % (destination, path)
-    else:
-        try:
-            srv = srvlookup.lookup("matrix", "tcp", destination)[0]
-            return "https://%s:%d%s" % (srv.host, srv.port, path)
-        except:
-            return "https://%s:%d%s" % (destination, 8448, path)
-
-
 def request_json(method, origin_name, origin_key, destination, path, content):
    if method is None:
        if content is None:
@@ -152,13 +149,19 @@ def request_json(method, origin_name, origin_key, destination, path, content):
        authorization_headers.append(bytes(header))
        print ("Authorization: %s" % header, file=sys.stderr)

-    dest = lookup(destination, path)
+    dest = "matrix://%s%s" % (destination, path)
    print ("Requesting %s" % dest, file=sys.stderr)

-    result = requests.request(
+    s = requests.Session()
+    s.mount("matrix://", MatrixConnectionAdapter())
+
+    result = s.request(
        method=method,
        url=dest,
-        headers={"Authorization": authorization_headers[0]},
+        headers={
+            "Host": destination,
+            "Authorization": authorization_headers[0]
+        },
        verify=False,
        data=content,
    )
@@ -242,5 +245,39 @@ def read_args_from_config(args):
            args.signing_key_path = config['signing_key_path']


+class MatrixConnectionAdapter(HTTPAdapter):
+    @staticmethod
+    def lookup(s):
+        if s[-1] == ']':
+            # ipv6 literal (with no port)
+            return s, 8448
+
+        if ":" in s:
+            out = s.rsplit(":",1)
+            try:
+                port = int(out[1])
+            except ValueError:
+                raise ValueError("Invalid host:port '%s'" % s)
+            return out[0], port
+
+        try:
+            srv = srvlookup.lookup("matrix", "tcp", s)[0]
+            return srv.host, srv.port
+        except:
+            return s, 8448
+
+    def get_connection(self, url, proxies=None):
+        parsed = urlparse(url)
+
+        (host, port) = self.lookup(parsed.netloc)
+        netloc = "%s:%d" % (host, port)
+        print("Connecting to %s" % (netloc,), file=sys.stderr)
+        url = urlunparse((
+            "https", netloc, parsed.path, parsed.params, parsed.query,
+            parsed.fragment,
+        ))
+        return super(MatrixConnectionAdapter, self).get_connection(url, proxies)
+
+
 if __name__ == "__main__":
    main()
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2014-2016 OpenMarket Ltd
+# Copyright 2018 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,4 +17,4 @@
 """ This is a reference implementation of a Matrix home server.
 """

-__version__ = "0.31.0"
+__version__ = "0.31.2"
@@ -655,7 +655,7 @@ class Auth(object):
            auth_events[(EventTypes.PowerLevels, "")] = power_level_event

        send_level = event_auth.get_send_level(
-            EventTypes.Aliases, "", auth_events
+            EventTypes.Aliases, "", power_level_event,
        )
        user_level = event_auth.get_user_power_level(user_id, auth_events)

@@ -23,6 +23,7 @@ from synapse.config._base import ConfigError
 from synapse.config.homeserver import HomeServerConfig
 from synapse.config.logger import setup_logging
 from synapse.http.site import SynapseSite
+from synapse.metrics import RegistryProxy
 from synapse.metrics.resource import METRICS_PREFIX, MetricsResource
 from synapse.replication.slave.storage.appservice import SlavedApplicationServiceStore
 from synapse.replication.slave.storage.directory import DirectoryStore
@@ -62,7 +63,7 @@ class AppserviceServer(HomeServer):
        for res in listener_config["resources"]:
            for name in res["names"]:
                if name == "metrics":
-                    resources[METRICS_PREFIX] = MetricsResource(self)
+                    resources[METRICS_PREFIX] = MetricsResource(RegistryProxy)

        root_resource = create_resource_tree(resources, NoResource())

@@ -97,7 +98,7 @@ class AppserviceServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -122,7 +122,7 @@ class ClientReaderServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -138,7 +138,7 @@ class EventCreatorServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -111,7 +111,7 @@ class FederationReaderServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -125,7 +125,7 @@ class FederationSenderServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -176,7 +176,7 @@ class FrontendProxyServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -266,7 +266,7 @@ class SynapseHomeServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -118,7 +118,7 @@ class MediaRepositoryServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -128,7 +128,7 @@ class PusherServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -305,7 +305,7 @@ class SynchrotronServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -150,7 +150,7 @@ class UserDirectoryServer(HomeServer):
            elif listener["type"] == "metrics":
                if not self.get_config().enable_metrics:
                    logger.warn(("Metrics listener configured, but "
-                                 "collect_metrics is not enabled!"))
+                                 "enable_metrics is not True!"))
                else:
                    _base.listen_metrics(listener["bind_addresses"],
                                         listener["port"])
@@ -223,6 +223,11 @@ class Config(object):
            action="store_true",
            help="Generate a config file for the server name"
        )
+        config_parser.add_argument(
+            "--check-config",
+            action="store_true",
+            help="Check configuration supplied is valid"
+        )
        config_parser.add_argument(
            "--report-stats",
            action="store",
@@ -250,6 +255,8 @@ class Config(object):
        config_files = find_config_files(search_paths=config_args.config_path)

        generate_keys = config_args.generate_keys
+        
+        check_config = config_args.check_config

        obj = cls()

@@ -333,7 +340,9 @@ class Config(object):
        if generate_keys:
            return None

-        obj.invoke_all("read_arguments", args)
+        obj.invoke_all("read_arguments", args)  
+        if check_config:
+            return None

        return obj

@@ -34,9 +34,11 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
        event: the event being checked.
        auth_events (dict: event-key -> event): the existing room state.

+    Raises:
+        AuthError if the checks fail

    Returns:
-        True if the auth checks pass.
+         if the auth checks pass.
    """
    if do_size_check:
        _check_size_limits(event)
@@ -71,7 +73,7 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
        # Oh, we don't know what the state of the room was, so we
        # are trusting that this is allowed (at least for now)
        logger.warn("Trusting event: %s", event.event_id)
-        return True
+        return

    if event.type == EventTypes.Create:
        room_id_domain = get_domain_from_id(event.room_id)
@@ -81,7 +83,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
                "Creation event's room_id domain does not match sender's"
            )
        # FIXME
-        return True
+        logger.debug("Allowing! %s", event)
+        return

    creation_event = auth_events.get((EventTypes.Create, ""), None)

@@ -118,7 +121,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
                403,
                "Alias event's state_key does not match sender's domain"
            )
-        return True
+        logger.debug("Allowing! %s", event)
+        return

    if logger.isEnabledFor(logging.DEBUG):
        logger.debug(
@@ -127,14 +131,9 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
        )

    if event.type == EventTypes.Member:
-        allowed = _is_membership_change_allowed(
-            event, auth_events
-        )
-        if allowed:
-            logger.debug("Allowing! %s", event)
-        else:
-            logger.debug("Denying! %s", event)
-        return allowed
+        _is_membership_change_allowed(event, auth_events)
+        logger.debug("Allowing! %s", event)
+        return

    _check_event_sender_in_room(event, auth_events)

@@ -153,7 +152,8 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
                )
            )
        else:
-            return True
+            logger.debug("Allowing! %s", event)
+            return

    _can_send_event(event, auth_events)

@@ -200,7 +200,7 @@ def _is_membership_change_allowed(event, auth_events):
        create = auth_events.get(key)
        if create and event.prev_events[0][0] == create.event_id:
            if create.content["creator"] == event.state_key:
-                return True
+                return

    target_user_id = event.state_key

@@ -265,13 +265,13 @@ def _is_membership_change_allowed(event, auth_events):
            raise AuthError(
                403, "%s is banned from the room" % (target_user_id,)
            )
-        return True
+        return

    if Membership.JOIN != membership:
        if (caller_invited
                and Membership.LEAVE == membership
                and target_user_id == event.user_id):
-            return True
+            return

        if not caller_in_room:  # caller isn't joined
            raise AuthError(
@@ -334,8 +334,6 @@ def _is_membership_change_allowed(event, auth_events):
    else:
        raise AuthError(500, "Unknown membership %s" % membership)

-    return True
-

 def _check_event_sender_in_room(event, auth_events):
    key = (EventTypes.Member, event.user_id, )
@@ -355,35 +353,46 @@ def _check_joined_room(member, user_id, room_id):
        ))


-def get_send_level(etype, state_key, auth_events):
-    key = (EventTypes.PowerLevels, "", )
-    send_level_event = auth_events.get(key)
-    send_level = None
-    if send_level_event:
-        send_level = send_level_event.content.get("events", {}).get(
-            etype
-        )
-        if send_level is None:
-            if state_key is not None:
-                send_level = send_level_event.content.get(
-                    "state_default", 50
-                )
-            else:
-                send_level = send_level_event.content.get(
-                    "events_default", 0
-                )
+def get_send_level(etype, state_key, power_levels_event):
+    """Get the power level required to send an event of a given type

-    if send_level:
-        send_level = int(send_level)
+    The federation spec [1] refers to this as "Required Power Level".
+
+    https://matrix.org/docs/spec/server_server/unstable.html#definitions
+
+    Args:
+        etype (str): type of event
+        state_key (str|None): state_key of state event, or None if it is not
+            a state event.
+        power_levels_event (synapse.events.EventBase|None): power levels event
+            in force at this point in the room
+    Returns:
+        int: power level required to send this event.
+    """
+
+    if power_levels_event:
+        power_levels_content = power_levels_event.content
    else:
-        send_level = 0
+        power_levels_content = {}

-    return send_level
+    # see if we have a custom level for this event type
+    send_level = power_levels_content.get("events", {}).get(etype)
+
+    # otherwise, fall back to the state_default/events_default.
+    if send_level is None:
+        if state_key is not None:
+            send_level = power_levels_content.get("state_default", 50)
+        else:
+            send_level = power_levels_content.get("events_default", 0)
+
+    return int(send_level)


 def _can_send_event(event, auth_events):
+    power_levels_event = _get_power_level_event(auth_events)
+
    send_level = get_send_level(
-        event.type, event.get("state_key", None), auth_events
+        event.type, event.get("state_key"), power_levels_event,
    )
    user_level = get_user_power_level(event.user_id, auth_events)

@@ -524,13 +533,22 @@ def _check_power_levels(event, auth_events):


 def _get_power_level_event(auth_events):
-    key = (EventTypes.PowerLevels, "", )
-    return auth_events.get(key)
+    return auth_events.get((EventTypes.PowerLevels, ""))


 def get_user_power_level(user_id, auth_events):
-    power_level_event = _get_power_level_event(auth_events)
+    """Get a user's power level

+    Args:
+        user_id (str): user's id to look up in power_levels
+        auth_events (dict[(str, str), synapse.events.EventBase]):
+            state in force at this point in the room (or rather, a subset of
+            it including at least the create event and power levels event.
+
+    Returns:
+        int: the user's power level in this room.
+    """
+    power_level_event = _get_power_level_event(auth_events)
    if power_level_event:
        level = power_level_event.content.get("users", {}).get(user_id)
        if not level:
@@ -541,6 +559,11 @@ def get_user_power_level(user_id, auth_events):
        else:
            return int(level)
    else:
+        # if there is no power levels event, the creator gets 100 and everyone
+        # else gets 0.
+
+        # some things which call this don't pass the create event: hack around
+        # that.
        key = (EventTypes.Create, "", )
        create_event = auth_events.get(key)
        if (create_event is not None and
@@ -21,7 +21,6 @@ from .units import Transaction, Edu

 from synapse.api.errors import HttpResponseException, FederationDeniedError
 from synapse.util import logcontext, PreserveLoggingContext
-from synapse.util.async import run_on_reactor
 from synapse.util.retryutils import NotRetryingDestination, get_retry_limiter
 from synapse.util.metrics import measure_func
 from synapse.handlers.presence import format_user_presence_state, get_interested_remotes
@@ -451,9 +450,6 @@ class TransactionQueue(object):
            # hence why we throw the result away.
            yield get_retry_limiter(destination, self.clock, self.store)

-            # XXX: what's this for?
-            yield run_on_reactor()
-
            pending_pdus = []
            while True:
                device_message_edus, device_stream_id, dev_list_id = (
@@ -13,6 +13,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 from twisted.internet import defer, threads

 from ._base import BaseHandler
@@ -23,7 +24,6 @@ from synapse.api.errors import (
 )
 from synapse.module_api import ModuleApi
 from synapse.types import UserID
-from synapse.util.async import run_on_reactor
 from synapse.util.caches.expiringcache import ExpiringCache
 from synapse.util.logcontext import make_deferred_yieldable

@@ -423,15 +423,11 @@ class AuthHandler(BaseHandler):
    def _check_msisdn(self, authdict, _):
        return self._check_threepid('msisdn', authdict)

-    @defer.inlineCallbacks
    def _check_dummy_auth(self, authdict, _):
-        yield run_on_reactor()
-        defer.returnValue(True)
+        return defer.succeed(True)

    @defer.inlineCallbacks
    def _check_threepid(self, medium, authdict):
-        yield run_on_reactor()
-
        if 'threepid_creds' not in authdict:
            raise LoginError(400, "Missing threepid_creds", Codes.MISSING_PARAM)

@@ -825,6 +821,15 @@ class AuthHandler(BaseHandler):
        if medium == 'email':
            address = address.lower()

+        identity_handler = self.hs.get_handlers().identity_handler
+        yield identity_handler.unbind_threepid(
+            user_id,
+            {
+                'medium': medium,
+                'address': address,
+            },
+        )
+
        ret = yield self.store.user_delete_threepid(
            user_id, medium, address,
        )
@@ -17,6 +17,7 @@ from twisted.internet import defer, reactor
 from ._base import BaseHandler
 from synapse.types import UserID, create_requester
 from synapse.util.logcontext import run_in_background
+from synapse.api.errors import SynapseError

 import logging

@@ -30,6 +31,7 @@ class DeactivateAccountHandler(BaseHandler):
        self._auth_handler = hs.get_auth_handler()
        self._device_handler = hs.get_device_handler()
        self._room_member_handler = hs.get_room_member_handler()
+        self._identity_handler = hs.get_handlers().identity_handler
        self.user_directory_handler = hs.get_user_directory_handler()

        # Flag that indicates whether the process to part users from rooms is running
@@ -52,14 +54,35 @@ class DeactivateAccountHandler(BaseHandler):
        # FIXME: Theoretically there is a race here wherein user resets
        # password using threepid.

-        # first delete any devices belonging to the user, which will also
+        # delete threepids first. We remove these from the IS so if this fails,
+        # leave the user still active so they can try again.
+        # Ideally we would prevent password resets and then do this in the
+        # background thread.
+        threepids = yield self.store.user_get_threepids(user_id)
+        for threepid in threepids:
+            try:
+                yield self._identity_handler.unbind_threepid(
+                    user_id,
+                    {
+                        'medium': threepid['medium'],
+                        'address': threepid['address'],
+                    },
+                )
+            except Exception:
+                # Do we want this to be a fatal error or should we carry on?
+                logger.exception("Failed to remove threepid from ID server")
+                raise SynapseError(400, "Failed to remove threepid from ID server")
+            yield self.store.user_delete_threepid(
+                user_id, threepid['medium'], threepid['address'],
+            )
+
+        # delete any devices belonging to the user, which will also
        # delete corresponding access tokens.
        yield self._device_handler.delete_all_devices_for_user(user_id)
        # then delete any remaining access tokens which weren't associated with
        # a device.
        yield self._auth_handler.delete_access_tokens_for_user(user_id)

-        yield self.store.user_delete_threepids(user_id)
        yield self.store.user_set_password_hash(user_id, None)

        # Add the user to a table of users pending deactivation (ie.
@@ -39,7 +39,7 @@ from synapse.events.validator import EventValidator
 from synapse.util import unwrapFirstError, logcontext
 from synapse.util.metrics import measure_func
 from synapse.util.logutils import log_function
-from synapse.util.async import run_on_reactor, Linearizer
+from synapse.util.async import Linearizer
 from synapse.util.frozenutils import unfreeze
 from synapse.crypto.event_signing import (
    compute_event_signature, add_hashes_and_signatures,
@@ -1381,8 +1381,6 @@ class FederationHandler(BaseHandler):
    def get_state_for_pdu(self, room_id, event_id):
        """Returns the state at the event. i.e. not including said event.
        """
-        yield run_on_reactor()
-
        state_groups = yield self.store.get_state_groups(
            room_id, [event_id]
        )
@@ -1425,8 +1423,6 @@ class FederationHandler(BaseHandler):
    def get_state_ids_for_pdu(self, room_id, event_id):
        """Returns the state at the event. i.e. not including said event.
        """
-        yield run_on_reactor()
-
        state_groups = yield self.store.get_state_groups_ids(
            room_id, [event_id]
        )
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015, 2016 OpenMarket Ltd
 # Copyright 2017 Vector Creations Ltd
+# Copyright 2018 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,7 +27,6 @@ from synapse.api.errors import (
    MatrixCodeMessageException, CodeMessageException
 )
 from ._base import BaseHandler
-from synapse.util.async import run_on_reactor
 from synapse.api.errors import SynapseError, Codes

 logger = logging.getLogger(__name__)
@@ -38,6 +38,7 @@ class IdentityHandler(BaseHandler):
        super(IdentityHandler, self).__init__(hs)

        self.http_client = hs.get_simple_http_client()
+        self.federation_http_client = hs.get_http_client()

        self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers)
        self.trust_any_id_server_just_for_testing_do_not_use = (
@@ -60,8 +61,6 @@ class IdentityHandler(BaseHandler):

    @defer.inlineCallbacks
    def threepid_from_creds(self, creds):
-        yield run_on_reactor()
-
        if 'id_server' in creds:
            id_server = creds['id_server']
        elif 'idServer' in creds:
@@ -104,7 +103,6 @@ class IdentityHandler(BaseHandler):

    @defer.inlineCallbacks
    def bind_threepid(self, creds, mxid):
-        yield run_on_reactor()
        logger.debug("binding threepid %r to %s", creds, mxid)
        data = None

@@ -139,9 +137,53 @@ class IdentityHandler(BaseHandler):
        defer.returnValue(data)

    @defer.inlineCallbacks
-    def requestEmailToken(self, id_server, email, client_secret, send_attempt, **kwargs):
-        yield run_on_reactor()
+    def unbind_threepid(self, mxid, threepid):
+        """
+        Removes a binding from an identity server
+        Args:
+            mxid (str): Matrix user ID of binding to be removed
+            threepid (dict): Dict with medium & address of binding to be removed

+        Returns:
+            Deferred[bool]: True on success, otherwise False
+        """
+        logger.debug("unbinding threepid %r from %s", threepid, mxid)
+        if not self.trusted_id_servers:
+            logger.warn("Can't unbind threepid: no trusted ID servers set in config")
+            defer.returnValue(False)
+
+        # We don't track what ID server we added 3pids on (perhaps we ought to)
+        # but we assume that any of the servers in the trusted list are in the
+        # same ID server federation, so we can pick any one of them to send the
+        # deletion request to.
+        id_server = next(iter(self.trusted_id_servers))
+
+        url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
+        content = {
+            "mxid": mxid,
+            "threepid": threepid,
+        }
+        headers = {}
+        # we abuse the federation http client to sign the request, but we have to send it
+        # using the normal http client since we don't want the SRV lookup and want normal
+        # 'browser-like' HTTPS.
+        self.federation_http_client.sign_request(
+            destination=None,
+            method='POST',
+            url_bytes='/_matrix/identity/api/v1/3pid/unbind'.encode('ascii'),
+            headers_dict=headers,
+            content=content,
+            destination_is=id_server,
+        )
+        yield self.http_client.post_json_get_json(
+            url,
+            content,
+            headers,
+        )
+        defer.returnValue(True)
+
+    @defer.inlineCallbacks
+    def requestEmailToken(self, id_server, email, client_secret, send_attempt, **kwargs):
        if not self._should_trust_id_server(id_server):
            raise SynapseError(
                400, "Untrusted ID server '%s'" % id_server,
@@ -176,8 +218,6 @@ class IdentityHandler(BaseHandler):
            self, id_server, country, phone_number,
            client_secret, send_attempt, **kwargs
    ):
-        yield run_on_reactor()
-
        if not self._should_trust_id_server(id_server):
            raise SynapseError(
                400, "Untrusted ID server '%s'" % id_server,
@@ -36,7 +36,7 @@ from synapse.events.validator import EventValidator
 from synapse.types import (
    UserID, RoomAlias, RoomStreamToken,
 )
-from synapse.util.async import run_on_reactor, ReadWriteLock, Limiter
+from synapse.util.async import ReadWriteLock, Limiter
 from synapse.util.logcontext import run_in_background
 from synapse.util.metrics import measure_func
 from synapse.util.frozenutils import frozendict_json_encoder
@@ -959,9 +959,7 @@ class EventCreationHandler(object):
            event_stream_id, max_stream_id
        )

-        @defer.inlineCallbacks
        def _notify():
-            yield run_on_reactor()
            try:
                self.notifier.on_new_room_event(
                    event, event_stream_id, max_stream_id,
@@ -24,7 +24,7 @@ from synapse.api.errors import (
 from synapse.http.client import CaptchaServerHttpClient
 from synapse import types
 from synapse.types import UserID, create_requester, RoomID, RoomAlias
-from synapse.util.async import run_on_reactor, Linearizer
+from synapse.util.async import Linearizer
 from synapse.util.threepids import check_3pid_allowed
 from ._base import BaseHandler

@@ -139,7 +139,6 @@ class RegistrationHandler(BaseHandler):
        Raises:
            RegistrationError if there was a problem registering.
        """
-        yield run_on_reactor()
        password_hash = None
        if password:
            password_hash = yield self.auth_handler().hash(password)
@@ -431,8 +430,6 @@ class RegistrationHandler(BaseHandler):
        Raises:
            RegistrationError if there was a problem registering.
        """
-        yield run_on_reactor()
-
        if localpart is None:
            raise SynapseError(400, "Request must include user id")

@@ -260,14 +260,35 @@ class MatrixFederationHttpClient(object):
            defer.returnValue(response)

    def sign_request(self, destination, method, url_bytes, headers_dict,
-                     content=None):
+                     content=None, destination_is=None):
+        """
+        Signs a request by adding an Authorization header to headers_dict
+        Args:
+            destination (bytes|None): The desination home server of the request.
+                May be None if the destination is an identity server, in which case
+                destination_is must be non-None.
+            method (bytes): The HTTP method of the request
+            url_bytes (bytes): The URI path of the request
+            headers_dict (dict): Dictionary of request headers to append to
+            content (bytes): The body of the request
+            destination_is (bytes): As 'destination', but if the destination is an
+                identity server
+
+        Returns:
+            None
+        """
        request = {
            "method": method,
            "uri": url_bytes,
            "origin": self.server_name,
-            "destination": destination,
        }

+        if destination is not None:
+            request["destination"] = destination
+
+        if destination_is is not None:
+            request["destination_is"] = destination_is
+
        if content is not None:
            request["content"] = content

@@ -190,6 +190,22 @@ event_processing_last_ts = Gauge("synapse_event_processing_last_ts", "", ["name"
 # finished being processed.
 event_processing_lag = Gauge("synapse_event_processing_lag", "", ["name"])

+last_ticked = time.time()
+
+
+class ReactorLastSeenMetric(object):
+
+    def collect(self):
+        cm = GaugeMetricFamily(
+            "python_twisted_reactor_last_seen",
+            "Seconds since the Twisted reactor was last seen",
+        )
+        cm.add_metric([], time.time() - last_ticked)
+        yield cm
+
+
+REGISTRY.register(ReactorLastSeenMetric())
+

 def runUntilCurrentTimer(func):

@@ -222,6 +238,11 @@ def runUntilCurrentTimer(func):
        tick_time.observe(end - start)
        pending_calls_metric.observe(num_pending)

+        # Update the time we last ticked, for the metric to test whether
+        # Synapse's reactor has frozen
+        global last_ticked
+        last_ticked = end
+
        if running_on_pypy:
            return ret

@@ -19,7 +19,6 @@ import logging
 from twisted.internet import defer

 from synapse.push.pusher import PusherFactory
-from synapse.util.async import run_on_reactor
 from synapse.util.logcontext import make_deferred_yieldable, run_in_background

 logger = logging.getLogger(__name__)
@@ -125,7 +124,6 @@ class PusherPool:

    @defer.inlineCallbacks
    def on_new_notifications(self, min_stream_id, max_stream_id):
-        yield run_on_reactor()
        try:
            users_affected = yield self.store.get_push_action_users_in_range(
                min_stream_id, max_stream_id
@@ -151,7 +149,6 @@ class PusherPool:

    @defer.inlineCallbacks
    def on_new_receipts(self, min_stream_id, max_stream_id, affected_room_ids):
-        yield run_on_reactor()
        try:
            # Need to subtract 1 from the minimum because the lower bound here
            # is not inclusive
@@ -24,8 +24,6 @@ import synapse.util.stringutils as stringutils
 from synapse.http.servlet import parse_json_object_from_request
 from synapse.types import create_requester

-from synapse.util.async import run_on_reactor
-
 from hashlib import sha1
 import hmac
 import logging
@@ -272,7 +270,6 @@ class RegisterRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def _do_password(self, request, register_json, session):
-        yield run_on_reactor()
        if (self.hs.config.enable_registration_captcha and
                not session[LoginType.RECAPTCHA]):
            # captcha should've been done by this stage!
@@ -333,8 +330,6 @@ class RegisterRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def _do_shared_secret(self, request, register_json, session):
-        yield run_on_reactor()
-
        if not isinstance(register_json.get("mac", None), string_types):
            raise SynapseError(400, "Expected mac.")
        if not isinstance(register_json.get("user", None), string_types):
@@ -423,8 +418,6 @@ class CreateUserRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def _do_create(self, requester, user_json):
-        yield run_on_reactor()
-
        if "localpart" not in user_json:
            raise SynapseError(400, "Expected 'localpart' key.")

@@ -24,7 +24,6 @@ from synapse.http.servlet import (
    RestServlet, assert_params_in_request,
    parse_json_object_from_request,
 )
-from synapse.util.async import run_on_reactor
 from synapse.util.msisdn import phone_number_to_msisdn
 from synapse.util.threepids import check_3pid_allowed
 from ._base import client_v2_patterns, interactive_auth_handler
@@ -300,8 +299,6 @@ class ThreepidRestServlet(RestServlet):

    @defer.inlineCallbacks
    def on_GET(self, request):
-        yield run_on_reactor()
-
        requester = yield self.auth.get_user_by_req(request)

        threepids = yield self.datastore.user_get_threepids(
@@ -312,8 +309,6 @@ class ThreepidRestServlet(RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request):
-        yield run_on_reactor()
-
        body = parse_json_object_from_request(request)

        threePidCreds = body.get('threePidCreds')
@@ -365,8 +360,6 @@ class ThreepidDeleteRestServlet(RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request):
-        yield run_on_reactor()
-
        body = parse_json_object_from_request(request)

        required = ['medium', 'address']
@@ -381,9 +374,16 @@ class ThreepidDeleteRestServlet(RestServlet):
        requester = yield self.auth.get_user_by_req(request)
        user_id = requester.user.to_string()

-        yield self.auth_handler.delete_threepid(
-            user_id, body['medium'], body['address']
-        )
+        try:
+            yield self.auth_handler.delete_threepid(
+                user_id, body['medium'], body['address']
+            )
+        except Exception:
+            # NB. This endpoint should succeed if there is nothing to
+            # delete, so it should only throw if something is wrong
+            # that we ought to care about.
+            logger.exception("Failed to remove threepid")
+            raise SynapseError(500, "Failed to remove threepid")

        defer.returnValue((200, {}))

@@ -32,7 +32,6 @@ from ._base import client_v2_patterns, interactive_auth_handler
 import logging
 import hmac
 from hashlib import sha1
-from synapse.util.async import run_on_reactor
 from synapse.util.ratelimitutils import FederationRateLimiter

 from six import string_types
@@ -191,8 +190,6 @@ class RegisterRestServlet(RestServlet):
    @interactive_auth_handler
    @defer.inlineCallbacks
    def on_POST(self, request):
-        yield run_on_reactor()
-
        body = parse_json_object_from_request(request)

        kind = "user"
@@ -694,10 +694,10 @@ def _create_auth_events_from_maps(unconflicted_state, conflicted_state, state_ma
    return auth_events


-def _resolve_with_state(unconflicted_state_ids, conflicted_state_ds, auth_event_ids,
+def _resolve_with_state(unconflicted_state_ids, conflicted_state_ids, auth_event_ids,
                        state_map):
    conflicted_state = {}
-    for key, event_ids in iteritems(conflicted_state_ds):
+    for key, event_ids in iteritems(conflicted_state_ids):
        events = [state_map[ev_id] for ev_id in event_ids if ev_id in state_map]
        if len(events) > 1:
            conflicted_state[key] = events
@@ -460,15 +460,6 @@ class RegistrationStore(RegistrationWorkerStore,
            defer.returnValue(ret['user_id'])
        defer.returnValue(None)

-    def user_delete_threepids(self, user_id):
-        return self._simple_delete(
-            "user_threepids",
-            keyvalues={
-                "user_id": user_id,
-            },
-            desc="user_delete_threepids",
-        )
-
    def user_delete_threepid(self, user_id, medium, address):
        return self._simple_delete(
            "user_threepids",
@@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-
 from twisted.internet import defer, reactor
 from twisted.internet.defer import CancelledError
 from twisted.python import failure
@@ -41,13 +40,6 @@ def sleep(seconds):
    defer.returnValue(res)


-def run_on_reactor():
-    """ This will cause the rest of the function to be invoked upon the next
-    iteration of the main loop
-    """
-    return sleep(0)
-
-
 class ObservableDeferred(object):
    """Wraps a deferred object so that we can add observer deferreds. These
    observer deferreds do not affect the callback chain of the original
@@ -227,7 +219,7 @@ class Linearizer(object):
            # the context manager, but it needs to happen while we hold the
            # lock, and the context manager's exit code must be synchronous,
            # so actually this is the only sensible place.
-            yield run_on_reactor()
+            yield sleep(0)

        else:
            logger.info("Acquired uncontended linearizer lock %r for key %r",
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+# Copyright 2016 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import os.path
+import shutil
+import tempfile
+import yaml
+from synapse.config.homeserver import HomeServerConfig
+from tests import unittest
+
+
+class ConfigLoadingTestCase(unittest.TestCase):
+
+    def setUp(self):
+        self.dir = tempfile.mkdtemp()
+        print(self.dir)
+        self.file = os.path.join(self.dir, "homeserver.yaml")
+
+    def tearDown(self):
+        shutil.rmtree(self.dir)
+
+    def test_load_fails_if_server_name_missing(self):
+        self.generate_config()
+        self.remove_lines_containing("server_name")
+        with self.assertRaises(Exception):
+            HomeServerConfig.load_config("", ["--check-config", "-c", self.file])
+        with self.assertRaises(Exception):
+            HomeServerConfig.load_or_generate_config("", ["--check-config", "-c", self.file])
+
+    def test_generated_config_passes_check(self):
+        self.generate_config()
+
+        config = HomeServerConfig.load_config("", ["--check-config", "-c", self.file])
+        config = HomeServerConfig.load_or_generate_config("", ["--check-config", "-c", self.file])
+
+    def test_invalid_key(self):
+        self.generate_config()
+        self.add_lines_to_config([
+            "lemurs_key: 125123",
+        ])
+        config = HomeServerConfig.load_config("", ["--check-config", "-c", self.file])
+
+    def generate_config(self):
+        HomeServerConfig.load_or_generate_config("", [
+            "--generate-config",
+            "-c", self.file,
+            "--report-stats=yes",
+            "-H", "lemurs.win"
+        ])
+
+    def remove_lines_containing(self, needle):
+        with open(self.file, "r") as f:
+            contents = f.readlines()
+        contents = [l for l in contents if needle not in l]
+        with open(self.file, "w") as f:
+            f.write("".join(contents))
+
+    def add_lines_to_config(self, lines):
+        with open(self.file, "a") as f:
+            for line in lines:
+                f.write(line + "\n")
@@ -19,7 +19,6 @@ from twisted.internet import defer
 from mock import Mock, patch

 from synapse.util.distributor import Distributor
-from synapse.util.async import run_on_reactor


 class DistributorTestCase(unittest.TestCase):
@@ -95,7 +94,6 @@ class DistributorTestCase(unittest.TestCase):

        @defer.inlineCallbacks
        def observer():
-            yield run_on_reactor()
            raise MyException("Oopsie")

        self.dist.observe("whail", observer)
@@ -0,0 +1,151 @@
+# -*- coding: utf-8 -*-
+# Copyright 2018 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from synapse import event_auth
+from synapse.api.errors import AuthError
+from synapse.events import FrozenEvent
+import unittest
+
+
+class EventAuthTestCase(unittest.TestCase):
+    def test_random_users_cannot_send_state_before_first_pl(self):
+        """
+        Check that, before the first PL lands, the creator is the only user
+        that can send a state event.
+        """
+        creator = "@creator:example.com"
+        joiner = "@joiner:example.com"
+        auth_events = {
+            ("m.room.create", ""): _create_event(creator),
+            ("m.room.member", creator): _join_event(creator),
+            ("m.room.member", joiner): _join_event(joiner),
+        }
+
+        # creator should be able to send state
+        event_auth.check(
+            _random_state_event(creator), auth_events,
+            do_sig_check=False,
+        )
+
+        # joiner should not be able to send state
+        self.assertRaises(
+            AuthError,
+            event_auth.check,
+            _random_state_event(joiner),
+            auth_events,
+            do_sig_check=False,
+        ),
+
+    def test_state_default_level(self):
+        """
+        Check that users above the state_default level can send state and
+        those below cannot
+        """
+        creator = "@creator:example.com"
+        pleb = "@joiner:example.com"
+        king = "@joiner2:example.com"
+
+        auth_events = {
+            ("m.room.create", ""): _create_event(creator),
+            ("m.room.member", creator): _join_event(creator),
+            ("m.room.power_levels", ""): _power_levels_event(creator, {
+                "state_default": "30",
+                "users": {
+                    pleb: "29",
+                    king: "30",
+                },
+            }),
+            ("m.room.member", pleb): _join_event(pleb),
+            ("m.room.member", king): _join_event(king),
+        }
+
+        # pleb should not be able to send state
+        self.assertRaises(
+            AuthError,
+            event_auth.check,
+            _random_state_event(pleb),
+            auth_events,
+            do_sig_check=False,
+        ),
+
+        # king should be able to send state
+        event_auth.check(
+            _random_state_event(king), auth_events,
+            do_sig_check=False,
+        )
+
+
+# helpers for making events
+
+TEST_ROOM_ID = "!test:room"
+
+
+def _create_event(user_id):
+    return FrozenEvent({
+        "room_id": TEST_ROOM_ID,
+        "event_id": _get_event_id(),
+        "type": "m.room.create",
+        "sender": user_id,
+        "content": {
+            "creator": user_id,
+        },
+    })
+
+
+def _join_event(user_id):
+    return FrozenEvent({
+        "room_id": TEST_ROOM_ID,
+        "event_id": _get_event_id(),
+        "type": "m.room.member",
+        "sender": user_id,
+        "state_key": user_id,
+        "content": {
+            "membership": "join",
+        },
+    })
+
+
+def _power_levels_event(sender, content):
+    return FrozenEvent({
+        "room_id": TEST_ROOM_ID,
+        "event_id": _get_event_id(),
+        "type": "m.room.power_levels",
+        "sender": sender,
+        "state_key": "",
+        "content": content,
+    })
+
+
+def _random_state_event(sender):
+    return FrozenEvent({
+        "room_id": TEST_ROOM_ID,
+        "event_id": _get_event_id(),
+        "type": "test.state",
+        "sender": sender,
+        "state_key": "",
+        "content": {
+            "membership": "join",
+        },
+    })
+
+
+event_count = 0
+
+
+def _get_event_id():
+    global event_count
+    c = event_count
+    event_count += 1
+    return "!%i:example.com" % (c, )
@@ -606,6 +606,14 @@ class StateTestCase(unittest.TestCase):
            }
        )

+        power_levels = create_event(
+            type=EventTypes.PowerLevels, state_key="",
+            content={"users": {
+                "@foo:bar": "100",
+                "@user_id:example.com": "100",
+            }}
+        )
+
        creation = create_event(
            type=EventTypes.Create, state_key="",
            content={"creator": "@foo:bar"}
@@ -613,12 +621,14 @@ class StateTestCase(unittest.TestCase):

        old_state_1 = [
            creation,
+            power_levels,
            member_event,
            create_event(type="test1", state_key="1", depth=1),
        ]

        old_state_2 = [
            creation,
+            power_levels,
            member_event,
            create_event(type="test1", state_key="1", depth=2),
        ]
@@ -633,7 +643,7 @@ class StateTestCase(unittest.TestCase):
        )

        self.assertEqual(
-            old_state_2[2].event_id, context.current_state_ids[("test1", "1")]
+            old_state_2[3].event_id, context.current_state_ids[("test1", "1")]
        )

        # Reverse the depth to make sure we are actually using the depths
@@ -641,12 +651,14 @@ class StateTestCase(unittest.TestCase):

        old_state_1 = [
            creation,
+            power_levels,
            member_event,
            create_event(type="test1", state_key="1", depth=2),
        ]

        old_state_2 = [
            creation,
+            power_levels,
            member_event,
            create_event(type="test1", state_key="1", depth=1),
        ]
@@ -659,7 +671,7 @@ class StateTestCase(unittest.TestCase):
        )

        self.assertEqual(
-            old_state_1[2].event_id, context.current_state_ids[("test1", "1")]
+            old_state_1[3].event_id, context.current_state_ids[("test1", "1")]
        )

    def _get_context(self, event, prev_event_id_1, old_state_1, prev_event_id_2,
@@ -18,7 +18,6 @@ import logging

 import mock
 from synapse.api.errors import SynapseError
-from synapse.util import async
 from synapse.util import logcontext
 from twisted.internet import defer
 from synapse.util.caches import descriptors
@@ -195,7 +194,6 @@ class DescriptorTestCase(unittest.TestCase):
            def fn(self, arg1):
                @defer.inlineCallbacks
                def inner_fn():
-                    yield async.run_on_reactor()
                    raise SynapseError(400, "blah")

                return inner_fn()
Author	SHA1	Message	Date
Michael Kaye	c180116215	WIP of --config-check commandline flag	2018-06-22 16:54:59 +01:00
Richard van der Hoff	9a793f861c	Merge branch 'master' into develop	2018-06-14 16:36:01 +01:00
Richard van der Hoff	53969e1960	Merge tag 'v0.31.2' SECURITY UPDATE: Prevent unauthorised users from setting state events in a room when there is no `m.room.power_levels` event in force in the room. (PR #3397) Discussion around the Matrix Spec change proposal for this change can be followed at https://github.com/matrix-org/matrix-doc/issues/1304.	2018-06-14 16:35:33 +01:00
Richard van der Hoff	667c6546bd	link to spec proposal from changelog	2018-06-14 16:27:41 +01:00
Richard van der Hoff	7e1c616452	v0.31.2	2018-06-14 16:24:32 +01:00
Richard van der Hoff	ba438a3ac1	changelog for 0.31.2	2018-06-14 16:22:46 +01:00
Richard van der Hoff	61ab08a197	Merge pull request #3397 from matrix-org/rav/adjust_auth_rules Adjust event auth rules when there is no PL event	2018-06-14 16:09:13 +01:00
Richard van der Hoff	1e77ac66e3	Fix broken unit test We need power levels for this test to do what it is supposed to do.	2018-06-14 14:21:29 +01:00
Richard van der Hoff	a502cfec00	remove spurious debug	2018-06-14 14:20:53 +01:00
Richard van der Hoff	5c9afd6f80	Make default state_default 50 Make it so that, before there is a power-levels event in the room, you need a power level of at least 50 to send state. Partially addresses https://github.com/matrix-org/matrix-doc/issues/1192	2018-06-14 12:38:09 +01:00
Richard van der Hoff	52423607bd	Clarify interface for event_auth stop pretending that it returns a boolean, which just almost gave me a heart attack.	2018-06-14 12:26:17 +01:00
Amber Brown	f116f32ace	add a last seen metric (#3396 )	2018-06-14 20:26:59 +10:00
Richard van der Hoff	557b686eac	Refactor get_send_level to take a power_levels event it makes it easier for me to reason about	2018-06-14 11:26:27 +01:00
Amber Brown	a61738b316	Remove run_on_reactor (#3395 )	2018-06-14 18:27:37 +10:00
Richard van der Hoff	3681437c35	Merge pull request #3368 from matrix-org/rav/fix_federation_client_host Fix commandline federation_client to send the right Host header	2018-06-13 15:41:51 +01:00
Amber Brown	0fde1896cd	Merge pull request #3389 from turt2live/travis/name_metrics Use the correct flag (enable_metrics) when warning about an incorrect metrics setup	2018-06-13 23:50:10 +10:00
Amber Brown	2a4fde0a6f	Merge pull request #3390 from turt2live/travis/appsvc-metrics Use the RegistryProxy for appservices too	2018-06-13 22:05:15 +10:00
Travis Ralston	45768d1640	Use the RegistryProxy for appservices too Signed-off-by: Travis Ralston <travpc@gmail.com>	2018-06-12 12:55:48 -06:00
Travis Ralston	12285a1a76	The flag is named enable_metrics, not collect_metrics Signed-off-by: Travis Ralston <travpc@gmail.com>	2018-06-12 12:51:31 -06:00
Richard van der Hoff	96bad44f87	Fix federation_client to send the right Host This appears to have stopped working since matrix.org moved to cloudflare. The Host header should match the name of the server, not whatever is in the SRV record.	2018-06-12 14:14:36 +01:00
David Baker	187a546bff	Merge pull request #3276 from matrix-org/dbkr/unbind Remove email addresses / phone numbers from ID servers when they're removed from synapse	2018-06-11 16:02:00 +01:00
Matthew Hodgson	d6cc369205	fix idiotic typo in state res	2018-06-11 14:43:55 +01:00
Neil Johnson	ed5a0780a4	Merge branch 'master' into develop	2018-06-08 15:47:11 +01:00
Neil Johnson	1032393dfb	Merge tag 'v0.31.1' Changes in synapse v0.31.1 (2018-06-08) ======================================= v0.31.1 fixes a security bug in the ``get_missing_events`` federation API where event visibility rules were not applied correctly. We are not aware of it being actively exploited but please upgrade asap. Bug Fixes: * Fix event filtering in get_missing_events handler (PR #3371)	2018-06-08 15:46:18 +01:00
Neil Johnson	aefcc0f5e5	tweak changelog	2018-06-08 15:32:54 +01:00
Neil Johnson	82e751c43f	Update CHANGES.rst	2018-06-08 15:22:34 +01:00
Neil Johnson	0eb4722932	changelog a bump version	2018-06-08 15:21:46 +01:00
Richard van der Hoff	c6b1441c52	Fix event filtering in get_missing_events handler	2018-06-08 14:15:31 +01:00
Matthew Hodgson	8b98acca05	fix various changelog bugs and typos	2018-06-08 14:15:16 +01:00
David Baker	bf54c1cf6c	pep8	2018-06-06 10:15:33 +01:00
David Baker	3e4bc4488c	More doc fixes	2018-06-06 09:44:10 +01:00
David Baker	607bd27c83	fix pep8	2018-06-05 18:10:35 +01:00
David Baker	d62162bbec	doc fixes	2018-06-05 18:09:13 +01:00
David Baker	c5930d513a	Docstring	2018-06-04 12:05:58 +01:00
David Baker	6a29e815fc	Fix comment	2018-06-04 12:01:23 +01:00
David Baker	e44150a6de	Missing yield	2018-06-04 12:01:13 +01:00
David Baker	f731e42baf	docstring	2018-06-04 12:00:51 +01:00
David Baker	77a23e2e05	Merge remote-tracking branch 'origin/develop' into dbkr/unbind	2018-05-24 16:20:53 +01:00
David Baker	9700d15611	pep8	2018-05-24 11:23:15 +01:00
David Baker	a21a41bad7	comment	2018-05-24 11:19:59 +01:00
David Baker	b3bff53178	Unbind 3pids when they're deleted too	2018-05-24 11:08:05 +01:00
David Baker	2c7866d664	Hit the 3pid unbind endpoint on deactivation	2018-05-23 14:38:56 +01:00