Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'origin/develop' into shhs
Browse files Browse the repository at this point in the history
  • Loading branch information
hawkowl committed May 1, 2019
2 parents ed38141 + c1799b0 commit 12875f9
Show file tree
Hide file tree
Showing 11 changed files with 101 additions and 19 deletions.
2 changes: 2 additions & 0 deletions INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,8 @@ sudo apt update
sudo apt install matrix-synapse-py3
```

The fingerprint of the repository signing key is AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058.

**Note**: if you followed a previous version of these instructions which
recommended using `apt-key add` to add an old key from
`https://matrix.org/packages/debian/`, you should note that this key has been
Expand Down
1 change: 1 addition & 0 deletions changelog.d/4867.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add a default .m.rule.tombstone push rule.
1 change: 1 addition & 0 deletions changelog.d/5100.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Improve logging when event-signature checks fail.
1 change: 1 addition & 0 deletions changelog.d/5103.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix bug where presence updates were sent to all servers in a room when a new server joined, rather than to just the new server.
1 change: 1 addition & 0 deletions changelog.d/5116.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add time-based account expiration.
2 changes: 1 addition & 1 deletion docs/admin_api/account_validity.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ This API extends the validity of an account by as much time as configured in the

The API is::

POST /_matrix/client/unstable/account_validity/send_mail
POST /_matrix/client/unstable/admin/account_validity/validity

with the following body:

Expand Down
50 changes: 32 additions & 18 deletions synapse/crypto/keyring.py
Original file line number Diff line number Diff line change
Expand Up @@ -114,40 +114,54 @@ def verify_json_objects_for_server(self, server_and_json):
server_name. The deferreds run their callbacks in the sentinel
logcontext.
"""
# a list of VerifyKeyRequests
verify_requests = []
handle = preserve_fn(_handle_key_deferred)

for server_name, json_object in server_and_json:
def process(server_name, json_object):
"""Process an entry in the request list
Given a (server_name, json_object) pair from the request list,
adds a key request to verify_requests, and returns a deferred which will
complete or fail (in the sentinel context) when verification completes.
"""
key_ids = signature_ids(json_object, server_name)

if not key_ids:
logger.warn("Request from %s: no supported signature keys",
server_name)
deferred = defer.fail(SynapseError(
400,
"Not signed with a supported algorithm",
Codes.UNAUTHORIZED,
))
else:
deferred = defer.Deferred()
return defer.fail(
SynapseError(
400,
"Not signed by %s" % (server_name,),
Codes.UNAUTHORIZED,
)
)

logger.debug("Verifying for %s with key_ids %s",
server_name, key_ids)

# add the key request to the queue, but don't start it off yet.
verify_request = VerifyKeyRequest(
server_name, key_ids, json_object, deferred
server_name, key_ids, json_object, defer.Deferred(),
)

verify_requests.append(verify_request)

run_in_background(self._start_key_lookups, verify_requests)
# now run _handle_key_deferred, which will wait for the key request
# to complete and then do the verification.
#
# We want _handle_key_request to log to the right context, so we
# wrap it with preserve_fn (aka run_in_background)
return handle(verify_request)

# Pass those keys to handle_key_deferred so that the json object
# signatures can be verified
handle = preserve_fn(_handle_key_deferred)
return [
handle(rq) for rq in verify_requests
results = [
process(server_name, json_object)
for server_name, json_object in server_and_json
]

if verify_requests:
run_in_background(self._start_key_lookups, verify_requests)

return results

@defer.inlineCallbacks
def _start_key_lookups(self, verify_requests):
"""Sets off the key fetches for each verify request
Expand Down
22 changes: 22 additions & 0 deletions synapse/federation/federation_base.py
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,18 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
for p in pdus_to_check_sender
])

def sender_err(e, pdu_to_check):
errmsg = "event id %s: unable to verify signature for sender %s: %s" % (
pdu_to_check.pdu.event_id,
pdu_to_check.sender_domain,
e.getErrorMessage(),
)
# XX not really sure if these are the right codes, but they are what
# we've done for ages
raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)

for p, d in zip(pdus_to_check_sender, more_deferreds):
d.addErrback(sender_err, p)
p.deferreds.append(d)

# now let's look for events where the sender's domain is different to the
Expand All @@ -291,7 +302,18 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
for p in pdus_to_check_event_id
])

def event_err(e, pdu_to_check):
errmsg = (
"event id %s: unable to verify signature for event id domain: %s" % (
pdu_to_check.pdu.event_id,
e.getErrorMessage(),
)
)
# XX as above: not really sure if these are the right codes
raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)

for p, d in zip(pdus_to_check_event_id, more_deferreds):
d.addErrback(event_err, p)
p.deferreds.append(d)

# replace lists of deferreds with single Deferreds
Expand Down
5 changes: 5 additions & 0 deletions synapse/handlers/presence.py
Original file line number Diff line number Diff line change
Expand Up @@ -828,6 +828,11 @@ def _handle_state_delta(self, deltas):
if typ != EventTypes.Member:
continue

if event_id is None:
# state has been deleted, so this is not a join. We only care about
# joins.
continue

event = yield self.store.get_event(event_id)
if event.content.get("membership") != Membership.JOIN:
# We only care about joins
Expand Down
17 changes: 17 additions & 0 deletions synapse/push/baserules.py
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,23 @@ def make_base_prepend_rules(kind, modified_base_rules):
'value': True,
}
]
},
{
'rule_id': 'global/override/.m.rule.tombstone',
'conditions': [
{
'kind': 'event_match',
'key': 'type',
'pattern': 'm.room.tombstone',
'_id': '_tombstone',
}
],
'actions': [
'notify', {
'set_tweak': 'highlight',
'value': True,
}
]
}
]

Expand Down
18 changes: 18 additions & 0 deletions synapse/storage/state_deltas.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,24 @@

class StateDeltasStore(SQLBaseStore):
def get_current_state_deltas(self, prev_stream_id):
"""Fetch a list of room state changes since the given stream id
Each entry in the result contains the following fields:
- stream_id (int)
- room_id (str)
- type (str): event type
- state_key (str):
- event_id (str|None): new event_id for this state key. None if the
state has been deleted.
- prev_event_id (str|None): previous event_id for this state key. None
if it's new state.
Args:
prev_stream_id (int): point to get changes since (exclusive)
Returns:
Deferred[list[dict]]: results
"""
prev_stream_id = int(prev_stream_id)
if not self._curr_state_delta_stream_cache.has_any_entity_changed(
prev_stream_id
Expand Down

0 comments on commit 12875f9

Please sign in to comment.