Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support branded templates #328

Merged
merged 16 commits into from
Jan 15, 2021
Merged

Support branded templates #328

merged 16 commits into from
Jan 15, 2021

Conversation

ara4n
Copy link
Member

@ara4n ara4n commented Jan 15, 2021
edited by clokep
Loading

A PR to allow requests to hint at what branded templates they would like via a brand GET parameter. If this is not provided (or invalid) than the default branding is used.

This is to add branded templates for FOSDEM.

clokep
clokep reviewed Jan 15, 2021
View reviewed changes
tests/utils.py
Comment on lines +204 to +205
if isinstance(content, dict):
content = json.dumps(content)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How I wish this code was shared with synapse. 😢

@clokep clokep changed the title support branded templates (untested) Support branded templates Jan 15, 2021
@clokep clokep marked this pull request as ready for review January 15, 2021 14:32
@clokep clokep requested a review from a team January 15, 2021 14:32
@clokep clokep self-assigned this Jan 15, 2021
erikjohnston
erikjohnston approved these changes Jan 15, 2021
View reviewed changes
Copy link
Member

@erikjohnston erikjohnston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming the config changes are backwards compatible?

@clokep clokep merged commit 4d96e71 into master Jan 15, 2021
@clokep clokep deleted the matthew/branded-email branch January 15, 2021 17:48
@turt2live turt2live mentioned this pull request Jan 15, 2021
Open
benbz added a commit that referenced this pull request Apr 15, 2021
@benbz
Merge tag 'v2.3.0' into bbz/info_mainline-20210413
4563cd5 
Sydent 2.3.0 (2021-04-15)
=========================

**Note**: this will be the last release of Sydent to support Python 3.5 or earlier. Future releases will require at least Python 3.6.

Security advisory
-----------------

This release contains fixes to the following security issues:

- Denial of service attack via disk space or memory exhaustion ([CVE-2021-29430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29430)).
- SSRF due to missing validation of hostnames ([CVE-2021-29431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29431)).
- Malicious users could control the content of invitation emails ([CVE-2021-29432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29432)).
- Denial of service (via resource exhaustion) due to improper input validation ([CVE-2021-29433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29433)).

Although we are not aware of these vulnerabilities being exploited in the wild, Sydent server administrators are advised to update as soon as possible. Note that as well as changes to the package, there are also changes to the default email templates. If any templates have been updated locally, they must also be updated in line with the changes to the defaults for full protection from CVE-2021-29432.

Features
--------

- Accept an optional `web_client_location` argument to the invite endpoint which allows customisation of the email template. ([\#326](#326))
- Move templates to a per-brand subdirectory of `/res`. Add `templates.path` and `brand.default` config options. ([\#328](#328))

Bugfixes
--------

- Fix a regression in v2.2.0 where the wrong characters would be obfuscated in a 3pid invite. ([\#317](#317))
- Fix a long-standing bug where invalid JSON would be accepted over the HTTP interfaces. ([\#337](#337))
- During user registration on the identity server, validate that the MXID returned by the contacted homeserver is valid for that homeserver. ([cc97fff](cc97fff))
- Ensure that `/v2/` endpoints are correctly authenticated. ([ce04a68](ce04a68))
- Perform additional validation on the response received when requesting server signing keys. ([07e6da7](07e6da7))
- Validate the `matrix_server_name` parameter given during user registration. ([9e57334](9e57334), [8936925](8936925), [3d531ed](3d531ed), [0f00412](0f00412))
- Limit the size of requests received from HTTP clients. ([89071a1](89071a1), [0523511](0523511), [f56eee3](f56eee3))
- Limit the size of responses received from HTTP servers. ([89071a1](89071a1), [0523511](0523511), [f56eee3](f56eee3))
- In invite emails, randomise the multipart boundary, and include MXIDs where available. ([4469d1d](4469d1d), [6b405a8](6b405a8), [65a6e91](65a6e91))
- Perform additional validation on the `client_secret` and `email` parameters to various APIs. ([3175fd3](3175fd3))

Updates to the Docker image
---------------------------

- Base docker image on Debian rather than Alpine Linux. ([\#335](#335))

Internal Changes
----------------

- Fix test logging to allow braces in log output. ([\#318](#318))
- Install prometheus_client in the Docker image. ([\#325](#325))
- Bump the version of signedjson to 1.1.1. ([\#334](#334))
@clokep clokep mentioned this pull request May 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clokep clokep clokep left review comments

@erikjohnston erikjohnston erikjohnston approved these changes

Assignees

@clokep clokep

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ara4n @clokep @erikjohnston