Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge tag 'v1.26.0rc1' into develop
Browse files Browse the repository at this point in the history
Synapse 1.26.0rc1 (2021-01-20)
==============================

This release brings a new schema version for Synapse and rolling back to a previous
verious is not trivial.  Please review [UPGRADE.rst](UPGRADE.rst) for more details
on these changes  and for general upgrade guidance.

Features
--------

- Add support for multiple SSO Identity Providers. ([\#9015](#9015), [\#9017](#9017), [\#9036](#9036), [\#9067](#9067), [\#9081](#9081), [\#9082](#9082), [\#9105](#9105), [\#9107](#9107), [\#9109](#9109), [\#9110](#9110), [\#9127](#9127), [\#9153](#9153), [\#9154](#9154), [\#9177](#9177))
- During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](#9091))
- Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](#9159))
- Improve performance when calculating ignored users in large rooms. ([\#9024](#9024))
- Implement [MSC2176](matrix-org/matrix-spec-proposals#2176) in an experimental room version. ([\#8984](#8984))
- Add an admin API for protecting local media from quarantine. ([\#9086](#9086))
- Remove a user's avatar URL and display name when deactivated with the Admin API. ([\#8932](#8932))
- Update `/_synapse/admin/v1/users/<user_id>/joined_rooms` to work for both local and remote users. ([\#8948](#8948))
- Add experimental support for handling to-device messages on worker processes. ([\#9042](#9042), [\#9043](#9043), [\#9044](#9044), [\#9130](#9130))
- Add experimental support for handling `/keys/claim` and `/room_keys` APIs on worker processes. ([\#9068](#9068))
- Add experimental support for handling `/devices` API on worker processes. ([\#9092](#9092))
- Add experimental support for moving off receipts and account data persistence off master. ([\#9104](#9104), [\#9166](#9166))

Bugfixes
--------

- Fix a long-standing issue where an internal server error would occur when requesting a profile over federation that did not include a display name / avatar URL. ([\#9023](#9023))
- Fix a long-standing bug where some caches could grow larger than configured. ([\#9028](#9028))
- Fix error handling during insertion of client IPs into the database. ([\#9051](#9051))
- Fix bug where we didn't correctly record CPU time spent in `on_new_event` block. ([\#9053](#9053))
- Fix a minor bug which could cause confusing error messages from invalid configurations. ([\#9054](#9054))
- Fix incorrect exit code when there is an error at startup. ([\#9059](#9059))
- Fix `JSONDecodeError` spamming the logs when sending transactions to remote servers. ([\#9070](#9070))
- Fix "Failed to send request" errors when a client provides an invalid room alias. ([\#9071](#9071))
- Fix bugs in federation catchup logic that caused outbound federation to be delayed for large servers after start up. Introduced in v1.8.0 and v1.21.0. ([\#9114](#9114), [\#9116](#9116))
- Fix corruption of `pushers` data when a postgres bouncer is used. ([\#9117](#9117))
- Fix minor bugs in handling the `clientRedirectUrl` parameter for SSO login. ([\#9128](#9128))
- Fix "Unhandled error in Deferred: BodyExceededMaxSize" errors when .well-known files that are too large. ([\#9108](#9108))
- Fix "UnboundLocalError: local variable 'length' referenced before assignment" errors when the response body exceeds the expected size. This bug was introduced in v1.25.0. ([\#9145](#9145))
- Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter. ([\#9161](#9161))

Improved Documentation
----------------------

- Add some extra docs for getting Synapse running on macOS. ([\#8997](#8997))
- Correct a typo in the `systemd-with-workers` documentation. ([\#9035](#9035))
- Correct a typo in `INSTALL.md`. ([\#9040](#9040))
- Add missing `user_mapping_provider` configuration to the Keycloak OIDC example. Contributed by @chris-ruecker. ([\#9057](#9057))
- Quote `pip install` packages when extras are used to avoid shells interpreting bracket characters. ([\#9151](#9151))

Deprecations and Removals
-------------------------

- Remove broken and unmaintained `demo/webserver.py` script. ([\#9039](#9039))

Internal Changes
----------------

- Improve efficiency of large state resolutions. ([\#8868](#8868), [\#9029](#9029), [\#9115](#9115), [\#9118](#9118), [\#9124](#9124))
- Various clean-ups to the structured logging and logging context code. ([\#8939](#8939))
- Ensure rejected events get added to some metadata tables. ([\#9016](#9016))
- Ignore date-rotated homeserver logs saved to disk. ([\#9018](#9018))
- Remove an unused column from `access_tokens` table. ([\#9025](#9025))
- Add a `-noextras` factor to `tox.ini`, to support running the tests with no optional dependencies. ([\#9030](#9030))
- Fix running unit tests when optional dependencies are not installed. ([\#9031](#9031))
- Allow bumping schema version when using split out state database. ([\#9033](#9033))
- Configure the linters to run on a consistent set of files. ([\#9038](#9038))
- Various cleanups to device inbox store. ([\#9041](#9041))
- Drop unused database tables. ([\#9055](#9055))
- Remove unused `SynapseService` class. ([\#9058](#9058))
- Remove unnecessary declarations in the tests for the admin API. ([\#9063](#9063))
- Remove `SynapseRequest.get_user_agent`. ([\#9069](#9069))
- Remove redundant `Homeserver.get_ip_from_request` method. ([\#9080](#9080))
- Add type hints to media repository. ([\#9093](#9093))
- Fix the wrong arguments being passed to `BlacklistingAgentWrapper` from `MatrixFederationAgent`. Contributed by Timothy Leung. ([\#9098](#9098))
- Reduce the scope of caught exceptions in `BlacklistingAgentWrapper`. ([\#9106](#9106))
- Improve `UsernamePickerTestCase`. ([\#9112](#9112))
- Remove dependency on `distutils`. ([\#9125](#9125))
- Enforce that replication HTTP clients are called with keyword arguments only. ([\#9144](#9144))
- Fix the Python 3.5 / old dependencies build in CI. ([\#9146](#9146))
- Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`. ([\#9157](#9157))
  • Loading branch information
clokep committed Jan 20, 2021
2 parents 620ecf1 + adabf32 commit f81d02d
Show file tree
Hide file tree
Showing 21 changed files with 210 additions and 96 deletions.
7 changes: 6 additions & 1 deletion CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
Synapse 1.26.0rc1 (2021-01-20)
==============================

This release brings a new schema version for Synapse and rolling back to a previous
verious is not trivial. Please review [UPGRADE.rst](UPGRADE.rst) for more details
on these changes and for general upgrade guidance.

Features
--------

- Add support for multiple SSO Identity Providers. ([\#9015](https://github.com/matrix-org/synapse/issues/9015), [\#9017](https://github.com/matrix-org/synapse/issues/9017), [\#9036](https://github.com/matrix-org/synapse/issues/9036), [\#9067](https://github.com/matrix-org/synapse/issues/9067), [\#9081](https://github.com/matrix-org/synapse/issues/9081), [\#9082](https://github.com/matrix-org/synapse/issues/9082), [\#9105](https://github.com/matrix-org/synapse/issues/9105), [\#9107](https://github.com/matrix-org/synapse/issues/9107), [\#9109](https://github.com/matrix-org/synapse/issues/9109), [\#9110](https://github.com/matrix-org/synapse/issues/9110), [\#9127](https://github.com/matrix-org/synapse/issues/9127), [\#9153](https://github.com/matrix-org/synapse/issues/9153))
- Add support for multiple SSO Identity Providers. ([\#9015](https://github.com/matrix-org/synapse/issues/9015), [\#9017](https://github.com/matrix-org/synapse/issues/9017), [\#9036](https://github.com/matrix-org/synapse/issues/9036), [\#9067](https://github.com/matrix-org/synapse/issues/9067), [\#9081](https://github.com/matrix-org/synapse/issues/9081), [\#9082](https://github.com/matrix-org/synapse/issues/9082), [\#9105](https://github.com/matrix-org/synapse/issues/9105), [\#9107](https://github.com/matrix-org/synapse/issues/9107), [\#9109](https://github.com/matrix-org/synapse/issues/9109), [\#9110](https://github.com/matrix-org/synapse/issues/9110), [\#9127](https://github.com/matrix-org/synapse/issues/9127), [\#9153](https://github.com/matrix-org/synapse/issues/9153), [\#9154](https://github.com/matrix-org/synapse/issues/9154), [\#9177](https://github.com/matrix-org/synapse/issues/9177))
- During user-interactive authentication via single-sign-on, give a better error if the user uses the wrong account on the SSO IdP. ([\#9091](https://github.com/matrix-org/synapse/issues/9091))
- Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file. ([\#9159](https://github.com/matrix-org/synapse/issues/9159))
- Improve performance when calculating ignored users in large rooms. ([\#9024](https://github.com/matrix-org/synapse/issues/9024))
- Implement [MSC2176](https://github.com/matrix-org/matrix-doc/pull/2176) in an experimental room version. ([\#8984](https://github.com/matrix-org/synapse/issues/8984))
- Add an admin API for protecting local media from quarantine. ([\#9086](https://github.com/matrix-org/synapse/issues/9086))
Expand Down
50 changes: 50 additions & 0 deletions UPGRADE.rst
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,56 @@ for example:
wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
Upgrading to v1.26.0
====================

Rolling back to v1.25.0 after a failed upgrade
----------------------------------------------

v1.26.0 includes a lot of large changes. If something problematic occurs, you
may want to roll-back to a previous version of Synapse. Because v1.26.0 also
includes a new database schema version, reverting that version is also required
alongside the generic rollback instructions mentioned above. In short, to roll
back to v1.25.0 you need to:

1. Stop the server
2. Decrease the schema version in the database:

.. code:: sql
UPDATE schema_version SET version = 58;
3. Delete the ignored users & chain cover data:

.. code:: sql
DROP TABLE IF EXISTS ignored_users;
UPDATE rooms SET has_auth_chain_index = false;
For PostgreSQL run:

.. code:: sql
TRUNCATE event_auth_chain_links;
TRUNCATE event_auth_chains;
For SQLite run:

.. code:: sql
DELETE FROM event_auth_chain_links;
DELETE FROM event_auth_chains;
4. Mark the deltas as not run (so they will re-run on upgrade).

.. code:: sql
DELETE FROM applied_schema_deltas WHERE version = 59 AND file = "59/01ignored_user.py";
DELETE FROM applied_schema_deltas WHERE version = 59 AND file = "59/06chain_cover_index.sql";
5. Downgrade Synapse by following the instructions for your installation method
in the "Rolling back to older versions" section above.

Upgrading to v1.25.0
====================

Expand Down
1 change: 0 additions & 1 deletion changelog.d/9159.feature

This file was deleted.

4 changes: 4 additions & 0 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1726,6 +1726,10 @@ saml2_config:
# idp_name: A user-facing name for this identity provider, which is used to
# offer the user a choice of login mechanisms.
#
# idp_icon: An optional icon for this identity provider, which is presented
# by identity picker pages. If given, must be an MXC URI of the format
# mxc://<server-name>/<media-id>
#
# discover: set to 'false' to disable the use of the OIDC discovery mechanism
# to discover endpoints. Defaults to true.
#
Expand Down
1 change: 1 addition & 0 deletions mypy.ini
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ files =
synapse/util/async_helpers.py,
synapse/util/caches,
synapse/util/metrics.py,
synapse/util/stringutils.py,
tests/replication,
tests/test_utils,
tests/handlers/test_password_providers.py,
Expand Down
32 changes: 29 additions & 3 deletions synapse/config/oidc_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
from synapse.python_dependencies import DependencyException, check_requirements
from synapse.types import Collection, JsonDict
from synapse.util.module_loader import load_module
from synapse.util.stringutils import parse_and_validate_mxc_uri

from ._base import Config, ConfigError

Expand Down Expand Up @@ -66,6 +67,10 @@ def generate_config_section(self, config_dir_path, server_name, **kwargs):
# idp_name: A user-facing name for this identity provider, which is used to
# offer the user a choice of login mechanisms.
#
# idp_icon: An optional icon for this identity provider, which is presented
# by identity picker pages. If given, must be an MXC URI of the format
# mxc://<server-name>/<media-id>
#
# discover: set to 'false' to disable the use of the OIDC discovery mechanism
# to discover endpoints. Defaults to true.
#
Expand Down Expand Up @@ -207,6 +212,7 @@ def generate_config_section(self, config_dir_path, server_name, **kwargs):
"properties": {
"idp_id": {"type": "string", "minLength": 1, "maxLength": 128},
"idp_name": {"type": "string"},
"idp_icon": {"type": "string"},
"discover": {"type": "boolean"},
"issuer": {"type": "string"},
"client_id": {"type": "string"},
Expand Down Expand Up @@ -325,20 +331,37 @@ def _parse_oidc_config_dict(
config_path + ("user_mapping_provider", "module"),
)

# MSC2858 will appy certain limits in what can be used as an IdP id, so let's
# MSC2858 will apply certain limits in what can be used as an IdP id, so let's
# enforce those limits now.
# TODO: factor out this stuff to a generic function
idp_id = oidc_config.get("idp_id", "oidc")
valid_idp_chars = set(string.ascii_letters + string.digits + "-._~")
valid_idp_chars = set(string.ascii_lowercase + string.digits + "-._")

if any(c not in valid_idp_chars for c in idp_id):
raise ConfigError(
'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"',
'idp_id may only contain a-z, 0-9, "-", ".", "_"',
config_path + ("idp_id",),
)

if idp_id[0] not in string.ascii_lowercase:
raise ConfigError(
"idp_id must start with a-z", config_path + ("idp_id",),
)

# MSC2858 also specifies that the idp_icon must be a valid MXC uri
idp_icon = oidc_config.get("idp_icon")
if idp_icon is not None:
try:
parse_and_validate_mxc_uri(idp_icon)
except ValueError as e:
raise ConfigError(
"idp_icon must be a valid MXC URI", config_path + ("idp_icon",)
) from e

return OidcProviderConfig(
idp_id=idp_id,
idp_name=oidc_config.get("idp_name", "OIDC"),
idp_icon=idp_icon,
discover=oidc_config.get("discover", True),
issuer=oidc_config["issuer"],
client_id=oidc_config["client_id"],
Expand Down Expand Up @@ -366,6 +389,9 @@ class OidcProviderConfig:
# user-facing name for this identity provider.
idp_name = attr.ib(type=str)

# Optional MXC URI for icon for this IdP.
idp_icon = attr.ib(type=Optional[str])

# whether the OIDC discovery mechanism is used to discover endpoints
discover = attr.ib(type=bool)

Expand Down
2 changes: 1 addition & 1 deletion synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
from netaddr import IPSet

from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
from synapse.http.endpoint import parse_and_validate_server_name
from synapse.util.stringutils import parse_and_validate_server_name

from ._base import Config, ConfigError

Expand Down
2 changes: 1 addition & 1 deletion synapse/federation/federation_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@
from synapse.federation.federation_base import FederationBase, event_from_pdu_json
from synapse.federation.persistence import TransactionActions
from synapse.federation.units import Edu, Transaction
from synapse.http.endpoint import parse_server_name
from synapse.http.servlet import assert_params_in_dict
from synapse.logging.context import (
make_deferred_yieldable,
Expand All @@ -66,6 +65,7 @@
from synapse.util import glob_to_regex, json_decoder, unwrapFirstError
from synapse.util.async_helpers import Linearizer, concurrently_execute
from synapse.util.caches.response_cache import ResponseCache
from synapse.util.stringutils import parse_server_name

if TYPE_CHECKING:
from synapse.server import HomeServer
Expand Down
2 changes: 1 addition & 1 deletion synapse/federation/transport/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
FEDERATION_V1_PREFIX,
FEDERATION_V2_PREFIX,
)
from synapse.http.endpoint import parse_and_validate_server_name
from synapse.http.server import JsonResource
from synapse.http.servlet import (
parse_boolean_from_args,
Expand All @@ -45,6 +44,7 @@
)
from synapse.server import HomeServer
from synapse.types import ThirdPartyInstanceID, get_domain_from_id
from synapse.util.stringutils import parse_and_validate_server_name
from synapse.util.versionstring import get_version_string

logger = logging.getLogger(__name__)
Expand Down
4 changes: 4 additions & 0 deletions synapse/handlers/cas_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ def __init__(self, hs: "HomeServer"):
# user-facing name of this auth provider
self.idp_name = "CAS"

# we do not currently support icons for CAS auth, but this is required by
# the SsoIdentityProvider protocol type.
self.idp_icon = None

self._sso_handler = hs.get_sso_handler()

self._sso_handler.register_identity_provider(self)
Expand Down
3 changes: 3 additions & 0 deletions synapse/handlers/oidc_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,9 @@ def __init__(
# user-facing name of this auth provider
self.idp_name = provider.idp_name

# MXC URI for icon for this auth provider
self.idp_icon = provider.idp_icon

self._sso_handler = hs.get_sso_handler()

self._sso_handler.register_identity_provider(self)
Expand Down
2 changes: 1 addition & 1 deletion synapse/handlers/room.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion
from synapse.events import EventBase
from synapse.events.utils import copy_power_levels_contents
from synapse.http.endpoint import parse_and_validate_server_name
from synapse.storage.state import StateFilter
from synapse.types import (
JsonDict,
Expand All @@ -55,6 +54,7 @@
from synapse.util import stringutils
from synapse.util.async_helpers import Linearizer
from synapse.util.caches.response_cache import ResponseCache
from synapse.util.stringutils import parse_and_validate_server_name
from synapse.visibility import filter_events_for_client

from ._base import BaseHandler
Expand Down
4 changes: 4 additions & 0 deletions synapse/handlers/saml_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ def __init__(self, hs: "HomeServer"):
# user-facing name of this auth provider
self.idp_name = "SAML"

# we do not currently support icons for SAML auth, but this is required by
# the SsoIdentityProvider protocol type.
self.idp_icon = None

# a map from saml session id to Saml2SessionData object
self._outstanding_requests_dict = {} # type: Dict[str, Saml2SessionData]

Expand Down
5 changes: 5 additions & 0 deletions synapse/handlers/sso.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ def idp_id(self) -> str:
def idp_name(self) -> str:
"""User-facing name for this provider"""

@property
def idp_icon(self) -> Optional[str]:
"""Optional MXC URI for user-facing icon"""
return None

@abc.abstractmethod
async def handle_redirect_request(
self,
Expand Down
79 changes: 0 additions & 79 deletions synapse/http/endpoint.py

This file was deleted.

3 changes: 3 additions & 0 deletions synapse/res/templates/sso_login_idp_picker.html
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ <h1 id="title">{{server_name | e}} Login</h1>
<li>
<input type="radio" name="idp" id="prov{{loop.index}}" value="{{p.idp_id}}">
<label for="prov{{loop.index}}">{{p.idp_name | e}}</label>
{% if p.idp_icon %}
<img src="{{p.idp_icon | mxc_to_http(32, 32)}}"/>
{% endif %}
</li>
{% endfor %}
</ul>
Expand Down
3 changes: 1 addition & 2 deletions synapse/rest/client/v1/room.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
)
from synapse.api.filtering import Filter
from synapse.events.utils import format_event_for_client_v2
from synapse.http.endpoint import parse_and_validate_server_name
from synapse.http.servlet import (
RestServlet,
assert_params_in_dict,
Expand All @@ -47,7 +46,7 @@
from synapse.streams.config import PaginationConfig
from synapse.types import RoomAlias, RoomID, StreamToken, ThirdPartyInstanceID, UserID
from synapse.util import json_decoder
from synapse.util.stringutils import random_string
from synapse.util.stringutils import parse_and_validate_server_name, random_string

if TYPE_CHECKING:
import synapse.server
Expand Down
Loading

0 comments on commit f81d02d

Please sign in to comment.