diff --git a/CHANGES.md b/CHANGES.md index 4237550818..d5e578ee3a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,90 @@ +Synapse 1.24.0rc2 (2020-12-04) +============================== + +Bugfixes +-------- + +- Fix a regression in v1.24.0rc1 which failed to allow SAML mapping providers which were unable to redirect users to an additional page. ([\#8878](https://github.com/matrix-org/synapse/issues/8878)) + + +Internal Changes +---------------- + +- Add support for the `prometheus_client` newer than 0.9.0. Contributed by Jordan Bancino. ([\#8875](https://github.com/matrix-org/synapse/issues/8875)) + + +Synapse 1.24.0rc1 (2020-12-02) +============================== + +Features +-------- + +- Add admin API for logging in as a user. ([\#8617](https://github.com/matrix-org/synapse/issues/8617)) +- Allow specification of the SAML IdP if the metadata returns multiple IdPs. ([\#8630](https://github.com/matrix-org/synapse/issues/8630)) +- Add support for re-trying generation of a localpart for OpenID Connect mapping providers. ([\#8801](https://github.com/matrix-org/synapse/issues/8801), [\#8855](https://github.com/matrix-org/synapse/issues/8855)) +- Allow the `Date` header through CORS. Contributed by Nicolas Chamo. ([\#8804](https://github.com/matrix-org/synapse/issues/8804)) +- Add a config option, `push.group_by_unread_count`, which controls whether unread message counts in push notifications are defined as "the number of rooms with unread messages" or "total unread messages". ([\#8820](https://github.com/matrix-org/synapse/issues/8820)) +- Add `force_purge` option to delete-room admin api. ([\#8843](https://github.com/matrix-org/synapse/issues/8843)) + + +Bugfixes +-------- + +- Fix a bug where appservices may be sent an excessive amount of read receipts and presence. Broke in v1.22.0. ([\#8744](https://github.com/matrix-org/synapse/issues/8744)) +- Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. ([\#8776](https://github.com/matrix-org/synapse/issues/8776)) +- Fix a bug where synctl could spawn duplicate copies of a worker. Contributed by Waylon Cude. ([\#8798](https://github.com/matrix-org/synapse/issues/8798)) +- Allow per-room profiles to be used for the server notice user. ([\#8799](https://github.com/matrix-org/synapse/issues/8799)) +- Fix a bug where logging could break after a call to SIGHUP. ([\#8817](https://github.com/matrix-org/synapse/issues/8817)) +- Fix `register_new_matrix_user` failing with "Bad Request" when trailing slash is included in server URL. Contributed by @angdraug. ([\#8823](https://github.com/matrix-org/synapse/issues/8823)) +- Fix a minor long-standing bug in login, where we would offer the `password` login type if a custom auth provider supported it, even if password login was disabled. ([\#8835](https://github.com/matrix-org/synapse/issues/8835)) +- Fix a long-standing bug which caused Synapse to require unspecified parameters during user-interactive authentication. ([\#8848](https://github.com/matrix-org/synapse/issues/8848)) +- Fix a bug introduced in v1.20.0 where the user-agent and IP address reported during user registration for CAS, OpenID Connect, and SAML were of the wrong form. ([\#8784](https://github.com/matrix-org/synapse/issues/8784)) + + +Improved Documentation +---------------------- + +- Clarify the usecase for a msisdn delegate. Contributed by Adrian Wannenmacher. ([\#8734](https://github.com/matrix-org/synapse/issues/8734)) +- Remove extraneous comma from JSON example in User Admin API docs. ([\#8771](https://github.com/matrix-org/synapse/issues/8771)) +- Update `turn-howto.md` with troubleshooting notes. ([\#8779](https://github.com/matrix-org/synapse/issues/8779)) +- Fix the example on how to set the `Content-Type` header in nginx for the Client Well-Known URI. ([\#8793](https://github.com/matrix-org/synapse/issues/8793)) +- Improve the documentation for the admin API to list all media in a room with respect to encrypted events. ([\#8795](https://github.com/matrix-org/synapse/issues/8795)) +- Update the formatting of the `push` section of the homeserver config file to better align with the [code style guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format). ([\#8818](https://github.com/matrix-org/synapse/issues/8818)) +- Improve documentation how to configure prometheus for workers. ([\#8822](https://github.com/matrix-org/synapse/issues/8822)) +- Update example prometheus console. ([\#8824](https://github.com/matrix-org/synapse/issues/8824)) + + +Deprecations and Removals +------------------------- + +- Remove old `/_matrix/client/*/admin` endpoints which were deprecated since Synapse 1.20.0. ([\#8785](https://github.com/matrix-org/synapse/issues/8785)) +- Disable pretty printing JSON responses for curl. Users who want pretty-printed output should use [jq](https://stedolan.github.io/jq/) in combination with curl. Contributed by @tulir. ([\#8833](https://github.com/matrix-org/synapse/issues/8833)) + + +Internal Changes +---------------- + +- Simplify the way the `HomeServer` object caches its internal attributes. ([\#8565](https://github.com/matrix-org/synapse/issues/8565), [\#8851](https://github.com/matrix-org/synapse/issues/8851)) +- Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru. ([\#8731](https://github.com/matrix-org/synapse/issues/8731)) +- Generalise `RoomMemberHandler._locally_reject_invite` to apply to more flows than just invite. ([\#8751](https://github.com/matrix-org/synapse/issues/8751)) +- Generalise `RoomStore.maybe_store_room_on_invite` to handle other, non-invite membership events. ([\#8754](https://github.com/matrix-org/synapse/issues/8754)) +- Refactor test utilities for injecting HTTP requests. ([\#8757](https://github.com/matrix-org/synapse/issues/8757), [\#8758](https://github.com/matrix-org/synapse/issues/8758), [\#8759](https://github.com/matrix-org/synapse/issues/8759), [\#8760](https://github.com/matrix-org/synapse/issues/8760), [\#8761](https://github.com/matrix-org/synapse/issues/8761), [\#8777](https://github.com/matrix-org/synapse/issues/8777)) +- Consolidate logic between the OpenID Connect and SAML code. ([\#8765](https://github.com/matrix-org/synapse/issues/8765)) +- Use `TYPE_CHECKING` instead of magic `MYPY` variable. ([\#8770](https://github.com/matrix-org/synapse/issues/8770)) +- Add a commandline script to sign arbitrary json objects. ([\#8772](https://github.com/matrix-org/synapse/issues/8772)) +- Minor log line improvements for the SSO mapping code used to generate Matrix IDs from SSO IDs. ([\#8773](https://github.com/matrix-org/synapse/issues/8773)) +- Add additional error checking for OpenID Connect and SAML mapping providers. ([\#8774](https://github.com/matrix-org/synapse/issues/8774), [\#8800](https://github.com/matrix-org/synapse/issues/8800)) +- Add type hints to HTTP abstractions. ([\#8806](https://github.com/matrix-org/synapse/issues/8806), [\#8812](https://github.com/matrix-org/synapse/issues/8812)) +- Remove unnecessary function arguments and add typing to several membership replication classes. ([\#8809](https://github.com/matrix-org/synapse/issues/8809)) +- Optimise the lookup for an invite from another homeserver when trying to reject it. ([\#8815](https://github.com/matrix-org/synapse/issues/8815)) +- Add tests for `password_auth_provider`s. ([\#8819](https://github.com/matrix-org/synapse/issues/8819)) +- Drop redundant database index on `event_json`. ([\#8845](https://github.com/matrix-org/synapse/issues/8845)) +- Simplify `uk.half-shot.msc2778.login.application_service` login handler. ([\#8847](https://github.com/matrix-org/synapse/issues/8847)) +- Refactor `password_auth_provider` support code. ([\#8849](https://github.com/matrix-org/synapse/issues/8849)) +- Add missing `ordering` to background database updates. ([\#8850](https://github.com/matrix-org/synapse/issues/8850)) +- Allow for specifying a room version when creating a room in unit tests via `RestHelper.create_room_as`. ([\#8854](https://github.com/matrix-org/synapse/issues/8854)) + + Synapse 1.23.0 (2020-11-18) =========================== diff --git a/changelog.d/8565.misc b/changelog.d/8565.misc deleted file mode 100644 index 7bef422618..0000000000 --- a/changelog.d/8565.misc +++ /dev/null @@ -1 +0,0 @@ -Simplify the way the `HomeServer` object caches its internal attributes. diff --git a/changelog.d/8617.feature b/changelog.d/8617.feature deleted file mode 100644 index 4f1e788506..0000000000 --- a/changelog.d/8617.feature +++ /dev/null @@ -1 +0,0 @@ -Add admin API for logging in as a user. diff --git a/changelog.d/8630.feature b/changelog.d/8630.feature deleted file mode 100644 index 706051f131..0000000000 --- a/changelog.d/8630.feature +++ /dev/null @@ -1 +0,0 @@ -Allow specification of the SAML IdP if the metadata returns multiple IdPs. diff --git a/changelog.d/8731.misc b/changelog.d/8731.misc deleted file mode 100644 index df5882e960..0000000000 --- a/changelog.d/8731.misc +++ /dev/null @@ -1 +0,0 @@ -Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru. diff --git a/changelog.d/8734.doc b/changelog.d/8734.doc deleted file mode 100644 index 3bff9021c7..0000000000 --- a/changelog.d/8734.doc +++ /dev/null @@ -1 +0,0 @@ -Clarify the usecase for an msisdn delegate. Contributed by Adrian Wannenmacher. diff --git a/changelog.d/8744.bugfix b/changelog.d/8744.bugfix deleted file mode 100644 index f8f9630bd6..0000000000 --- a/changelog.d/8744.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug where appservices may be sent an excessive amount of read receipts and presence. Broke in v1.22.0. diff --git a/changelog.d/8751.misc b/changelog.d/8751.misc deleted file mode 100644 index 204c280c0e..0000000000 --- a/changelog.d/8751.misc +++ /dev/null @@ -1 +0,0 @@ -Generalise `RoomMemberHandler._locally_reject_invite` to apply to more flows than just invite. \ No newline at end of file diff --git a/changelog.d/8754.misc b/changelog.d/8754.misc deleted file mode 100644 index 0436bb1be7..0000000000 --- a/changelog.d/8754.misc +++ /dev/null @@ -1 +0,0 @@ -Generalise `RoomStore.maybe_store_room_on_invite` to handle other, non-invite membership events. \ No newline at end of file diff --git a/changelog.d/8757.misc b/changelog.d/8757.misc deleted file mode 100644 index 54502e9b90..0000000000 --- a/changelog.d/8757.misc +++ /dev/null @@ -1 +0,0 @@ -Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8758.misc b/changelog.d/8758.misc deleted file mode 100644 index 54502e9b90..0000000000 --- a/changelog.d/8758.misc +++ /dev/null @@ -1 +0,0 @@ -Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8759.misc b/changelog.d/8759.misc deleted file mode 100644 index 54502e9b90..0000000000 --- a/changelog.d/8759.misc +++ /dev/null @@ -1 +0,0 @@ -Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8760.misc b/changelog.d/8760.misc deleted file mode 100644 index 54502e9b90..0000000000 --- a/changelog.d/8760.misc +++ /dev/null @@ -1 +0,0 @@ -Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8761.misc b/changelog.d/8761.misc deleted file mode 100644 index e6da7d038d..0000000000 --- a/changelog.d/8761.misc +++ /dev/null @@ -1 +0,0 @@ - Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8765.misc b/changelog.d/8765.misc deleted file mode 100644 index 053f9acc9c..0000000000 --- a/changelog.d/8765.misc +++ /dev/null @@ -1 +0,0 @@ -Consolidate logic between the OpenID Connect and SAML code. diff --git a/changelog.d/8770.misc b/changelog.d/8770.misc deleted file mode 100644 index b5876a82f9..0000000000 --- a/changelog.d/8770.misc +++ /dev/null @@ -1 +0,0 @@ -Use `TYPE_CHECKING` instead of magic `MYPY` variable. diff --git a/changelog.d/8771.doc b/changelog.d/8771.doc deleted file mode 100644 index 297cf61e98..0000000000 --- a/changelog.d/8771.doc +++ /dev/null @@ -1 +0,0 @@ -Remove extraneous comma from JSON example in User Admin API docs. \ No newline at end of file diff --git a/changelog.d/8772.misc b/changelog.d/8772.misc deleted file mode 100644 index d74d0a3d5d..0000000000 --- a/changelog.d/8772.misc +++ /dev/null @@ -1 +0,0 @@ -Add a commandline script to sign arbitrary json objects. diff --git a/changelog.d/8773.misc b/changelog.d/8773.misc deleted file mode 100644 index 62778ba410..0000000000 --- a/changelog.d/8773.misc +++ /dev/null @@ -1 +0,0 @@ -Minor log line improvements for the SSO mapping code used to generate Matrix IDs from SSO IDs. diff --git a/changelog.d/8774.misc b/changelog.d/8774.misc deleted file mode 100644 index 57cca8fee5..0000000000 --- a/changelog.d/8774.misc +++ /dev/null @@ -1 +0,0 @@ -Add additional error checking for OpenID Connect and SAML mapping providers. diff --git a/changelog.d/8776.bugfix b/changelog.d/8776.bugfix deleted file mode 100644 index dd7ebbeb86..0000000000 --- a/changelog.d/8776.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug in some federation APIs which could lead to unexpected behaviour if different parameters were set in the URI and the request body. diff --git a/changelog.d/8777.misc b/changelog.d/8777.misc deleted file mode 100644 index e6da7d038d..0000000000 --- a/changelog.d/8777.misc +++ /dev/null @@ -1 +0,0 @@ - Refactor test utilities for injecting HTTP requests. diff --git a/changelog.d/8779.doc b/changelog.d/8779.doc deleted file mode 100644 index 3641ae7f91..0000000000 --- a/changelog.d/8779.doc +++ /dev/null @@ -1 +0,0 @@ -Update `turn-howto.md` with troubleshooting notes. diff --git a/changelog.d/8784.misc b/changelog.d/8784.misc deleted file mode 100644 index 18a4263398..0000000000 --- a/changelog.d/8784.misc +++ /dev/null @@ -1 +0,0 @@ -Fix a bug introduced in v1.20.0 where the user-agent and IP address reported during user registration for CAS, OpenID Connect, and SAML were of the wrong form. diff --git a/changelog.d/8785.removal b/changelog.d/8785.removal deleted file mode 100644 index ee8ee32598..0000000000 --- a/changelog.d/8785.removal +++ /dev/null @@ -1 +0,0 @@ -Remove old `/_matrix/client/*/admin` endpoints which was deprecated since Synapse 1.20.0. \ No newline at end of file diff --git a/changelog.d/8793.doc b/changelog.d/8793.doc deleted file mode 100644 index f6eee1ea73..0000000000 --- a/changelog.d/8793.doc +++ /dev/null @@ -1 +0,0 @@ -Fix the example on how to set the `Content-Type` header in nginx for the Client Well-Known URI. diff --git a/changelog.d/8795.doc b/changelog.d/8795.doc deleted file mode 100644 index f97a74efb5..0000000000 --- a/changelog.d/8795.doc +++ /dev/null @@ -1 +0,0 @@ -Improve the documentation for the admin API to list all media in a room with respect to encrypted events. diff --git a/changelog.d/8798.bugfix b/changelog.d/8798.bugfix deleted file mode 100644 index 9bdb2b51ea..0000000000 --- a/changelog.d/8798.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug where synctl could spawn duplicate copies of a worker. Contributed by Waylon Cude. diff --git a/changelog.d/8799.bugfix b/changelog.d/8799.bugfix deleted file mode 100644 index a7e6b3556d..0000000000 --- a/changelog.d/8799.bugfix +++ /dev/null @@ -1 +0,0 @@ -Allow per-room profiles to be used for the server notice user. diff --git a/changelog.d/8800.misc b/changelog.d/8800.misc deleted file mode 100644 index 57cca8fee5..0000000000 --- a/changelog.d/8800.misc +++ /dev/null @@ -1 +0,0 @@ -Add additional error checking for OpenID Connect and SAML mapping providers. diff --git a/changelog.d/8801.feature b/changelog.d/8801.feature deleted file mode 100644 index 77f7fe4e5d..0000000000 --- a/changelog.d/8801.feature +++ /dev/null @@ -1 +0,0 @@ -Add support for re-trying generation of a localpart for OpenID Connect mapping providers. diff --git a/changelog.d/8804.feature b/changelog.d/8804.feature deleted file mode 100644 index a907c8106c..0000000000 --- a/changelog.d/8804.feature +++ /dev/null @@ -1 +0,0 @@ -Allow Date header through CORS. Contributed by Nicolas Chamo. diff --git a/changelog.d/8806.misc b/changelog.d/8806.misc deleted file mode 100644 index ee144846a5..0000000000 --- a/changelog.d/8806.misc +++ /dev/null @@ -1 +0,0 @@ -Add type hints to HTTP abstractions. diff --git a/changelog.d/8809.misc b/changelog.d/8809.misc deleted file mode 100644 index bbf83cf18d..0000000000 --- a/changelog.d/8809.misc +++ /dev/null @@ -1 +0,0 @@ -Remove unnecessary function arguments and add typing to several membership replication classes. \ No newline at end of file diff --git a/changelog.d/8812.misc b/changelog.d/8812.misc deleted file mode 100644 index ee144846a5..0000000000 --- a/changelog.d/8812.misc +++ /dev/null @@ -1 +0,0 @@ -Add type hints to HTTP abstractions. diff --git a/changelog.d/8815.misc b/changelog.d/8815.misc deleted file mode 100644 index 647edeb568..0000000000 --- a/changelog.d/8815.misc +++ /dev/null @@ -1 +0,0 @@ -Optimise the lookup for an invite from another homeserver when trying to reject it. \ No newline at end of file diff --git a/changelog.d/8817.bugfix b/changelog.d/8817.bugfix deleted file mode 100644 index e45dbd2ba4..0000000000 --- a/changelog.d/8817.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix bug where logging could break after a call to SIGHUP. diff --git a/changelog.d/8818.doc b/changelog.d/8818.doc deleted file mode 100644 index 571b0e3f60..0000000000 --- a/changelog.d/8818.doc +++ /dev/null @@ -1 +0,0 @@ -Update the formatting of the `push` section of the homeserver config file to better align with the [code style guidelines](https://github.com/matrix-org/synapse/blob/develop/docs/code_style.md#configuration-file-format). \ No newline at end of file diff --git a/changelog.d/8819.misc b/changelog.d/8819.misc deleted file mode 100644 index a5793273a5..0000000000 --- a/changelog.d/8819.misc +++ /dev/null @@ -1 +0,0 @@ -Add tests for `password_auth_provider`s. diff --git a/changelog.d/8820.feature b/changelog.d/8820.feature deleted file mode 100644 index 9e35861b11..0000000000 --- a/changelog.d/8820.feature +++ /dev/null @@ -1 +0,0 @@ -Add a config option, `push.group_by_unread_count`, which controls whether unread message counts in push notifications are defined as "the number of rooms with unread messages" or "total unread messages". diff --git a/changelog.d/8822.doc b/changelog.d/8822.doc deleted file mode 100644 index 4299245990..0000000000 --- a/changelog.d/8822.doc +++ /dev/null @@ -1 +0,0 @@ -Improve documentation how to configure prometheus for workers. \ No newline at end of file diff --git a/changelog.d/8823.bugfix b/changelog.d/8823.bugfix deleted file mode 100644 index 74af1c20b6..0000000000 --- a/changelog.d/8823.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix `register_new_matrix_user` failing with "Bad Request" when trailing slash is included in server URL. Contributed by @angdraug. diff --git a/changelog.d/8824.doc b/changelog.d/8824.doc deleted file mode 100644 index 683b436328..0000000000 --- a/changelog.d/8824.doc +++ /dev/null @@ -1 +0,0 @@ -Update example prometheus console. \ No newline at end of file diff --git a/changelog.d/8833.removal b/changelog.d/8833.removal deleted file mode 100644 index 5c2d195f94..0000000000 --- a/changelog.d/8833.removal +++ /dev/null @@ -1 +0,0 @@ -Disable pretty printing JSON responses for curl. Users who want pretty-printed output should use [jq](https://stedolan.github.io/jq/) in combination with curl. Contributed by @tulir. diff --git a/changelog.d/8835.bugfix b/changelog.d/8835.bugfix deleted file mode 100644 index 446d04aa55..0000000000 --- a/changelog.d/8835.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix minor long-standing bug in login, where we would offer the `password` login type if a custom auth provider supported it, even if password login was disabled. diff --git a/changelog.d/8843.feature b/changelog.d/8843.feature deleted file mode 100644 index 824d46d5aa..0000000000 --- a/changelog.d/8843.feature +++ /dev/null @@ -1 +0,0 @@ -Add `force_purge` option to delete-room admin api. diff --git a/changelog.d/8845.misc b/changelog.d/8845.misc deleted file mode 100644 index 7db1c31520..0000000000 --- a/changelog.d/8845.misc +++ /dev/null @@ -1 +0,0 @@ -Drop redundant database index on `event_json`. diff --git a/changelog.d/8847.misc b/changelog.d/8847.misc deleted file mode 100644 index 5028997b04..0000000000 --- a/changelog.d/8847.misc +++ /dev/null @@ -1 +0,0 @@ -Simplify `uk.half-shot.msc2778.login.application_service` login handler. diff --git a/changelog.d/8848.bugfix b/changelog.d/8848.bugfix deleted file mode 100644 index 499e66f05b..0000000000 --- a/changelog.d/8848.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a long-standing bug which caused Synapse to require unspecified parameters during user-interactive authentication. diff --git a/changelog.d/8849.misc b/changelog.d/8849.misc deleted file mode 100644 index 3dd496ce61..0000000000 --- a/changelog.d/8849.misc +++ /dev/null @@ -1 +0,0 @@ -Refactor `password_auth_provider` support code. diff --git a/changelog.d/8850.misc b/changelog.d/8850.misc deleted file mode 100644 index 4b54b8dd87..0000000000 --- a/changelog.d/8850.misc +++ /dev/null @@ -1 +0,0 @@ -Add missing `ordering` to background database updates. diff --git a/changelog.d/8851.misc b/changelog.d/8851.misc deleted file mode 100644 index 7bef422618..0000000000 --- a/changelog.d/8851.misc +++ /dev/null @@ -1 +0,0 @@ -Simplify the way the `HomeServer` object caches its internal attributes. diff --git a/changelog.d/8854.misc b/changelog.d/8854.misc deleted file mode 100644 index 5895df2d5c..0000000000 --- a/changelog.d/8854.misc +++ /dev/null @@ -1 +0,0 @@ -Allow for specifying a room version when creating a room in unit tests via `RestHelper.create_room_as`. \ No newline at end of file diff --git a/changelog.d/8855.feature b/changelog.d/8855.feature deleted file mode 100644 index 77f7fe4e5d..0000000000 --- a/changelog.d/8855.feature +++ /dev/null @@ -1 +0,0 @@ -Add support for re-trying generation of a localpart for OpenID Connect mapping providers. diff --git a/docker/Dockerfile b/docker/Dockerfile index 791cd6936b..afd896ffc1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -37,7 +37,7 @@ RUN pip install --prefix="/install" --no-warn-script-location \ jaeger-client \ opentracing \ # Match the version constraints of Synapse - "prometheus_client>=0.4.0,<0.9.0" \ + "prometheus_client>=0.4.0" \ psycopg2 \ pycparser \ pyrsistent \ diff --git a/docs/sso_mapping_providers.md b/docs/sso_mapping_providers.md index dee53b5d40..ab2a648910 100644 --- a/docs/sso_mapping_providers.md +++ b/docs/sso_mapping_providers.md @@ -168,6 +168,13 @@ A custom mapping provider must specify the following methods: the value of `mxid_localpart`. * `emails` - A list of emails for the new user. If not provided, will default to an empty list. + + Alternatively it can raise a `synapse.api.errors.RedirectException` to + redirect the user to another page. This is useful to prompt the user for + additional information, e.g. if you want them to provide their own username. + It is the responsibility of the mapping provider to either redirect back + to `client_redirect_url` (including any additional information) or to + complete registration using methods from the `ModuleApi`. ### Default SAML Mapping Provider diff --git a/synapse/__init__.py b/synapse/__init__.py index 65c1f5aa3f..2e354f2cc6 100644 --- a/synapse/__init__.py +++ b/synapse/__init__.py @@ -48,7 +48,7 @@ try: except ImportError: pass -__version__ = "1.23.0" +__version__ = "1.24.0rc2" if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)): # We import here so that we don't have to install a bunch of deps when diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py index 55c4377890..c605f7082a 100644 --- a/synapse/handlers/oidc_handler.py +++ b/synapse/handlers/oidc_handler.py @@ -888,7 +888,7 @@ class OidcHandler(BaseHandler): # continue to already be in use. Note that the error raised is # arbitrary and will get turned into a MappingException. if failures: - raise RuntimeError( + raise MappingException( "Mapping provider does not support de-duplicating Matrix IDs" ) diff --git a/synapse/handlers/sso.py b/synapse/handlers/sso.py index f42b90e1bc..47ad96f97e 100644 --- a/synapse/handlers/sso.py +++ b/synapse/handlers/sso.py @@ -17,6 +17,7 @@ from typing import TYPE_CHECKING, Awaitable, Callable, List, Optional import attr +from synapse.api.errors import RedirectException from synapse.handlers._base import BaseHandler from synapse.http.server import respond_with_html from synapse.types import UserID, contains_invalid_mxid_characters @@ -28,7 +29,9 @@ logger = logging.getLogger(__name__) class MappingException(Exception): - """Used to catch errors when mapping the UserInfo object + """Used to catch errors when mapping an SSO response to user attributes. + + Note that the msg that is raised is shown to end-users. """ @@ -145,6 +148,14 @@ class SsoHandler(BaseHandler): sso_to_matrix_id_mapper: A callable to generate the user attributes. The only parameter is an integer which represents the amount of times the returned mxid localpart mapping has failed. + + It is expected that the mapper can raise two exceptions, which + will get passed through to the caller: + + MappingException if there was a problem mapping the response + to the user. + RedirectException to redirect to an additional page (e.g. + to prompt the user for more information). grandfather_existing_users: A callable which can return an previously existing matrix ID. The SSO ID is then linked to the returned matrix ID. @@ -154,8 +165,8 @@ class SsoHandler(BaseHandler): Raises: MappingException if there was a problem mapping the response to a user. - RedirectException: some mapping providers may raise this if they need - to redirect to an interstitial page. + RedirectException: if the mapping provider needs to redirect the user + to an additional page. (e.g. to prompt for more information) """ # first of all, check if we already have a mapping for this user @@ -179,10 +190,16 @@ class SsoHandler(BaseHandler): for i in range(self._MAP_USERNAME_RETRIES): try: attributes = await sso_to_matrix_id_mapper(i) + except (RedirectException, MappingException): + # Mapping providers are allowed to issue a redirect (e.g. to ask + # the user for more information) and can issue a mapping exception + # if a name cannot be generated. + raise except Exception as e: + # Any other exception is unexpected. raise MappingException( - "Could not extract user attributes from SSO response: " + str(e) - ) + "Could not extract user attributes from SSO response." + ) from e logger.debug( "Retrieved user attributes from user mapping provider: %r (attempt %d)", diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py index aab77fc453..c899ca14d3 100644 --- a/synapse/python_dependencies.py +++ b/synapse/python_dependencies.py @@ -40,6 +40,10 @@ logger = logging.getLogger(__name__) # Note that these both represent runtime dependencies (and the versions # installed are checked at runtime). # +# Also note that we replicate these constraints in the Synapse Dockerfile while +# pre-installing dependencies. If these constraints are updated here, the same +# change should be made in the Dockerfile. +# # [1] https://pip.pypa.io/en/stable/reference/pip_install/#requirement-specifiers. REQUIREMENTS = [ @@ -69,14 +73,7 @@ REQUIREMENTS = [ "msgpack>=0.5.2", "phonenumbers>=8.2.0", # we use GaugeHistogramMetric, which was added in prom-client 0.4.0. - # prom-client has a history of breaking backwards compatibility between - # minor versions (https://github.com/prometheus/client_python/issues/317), - # so we also pin the minor version. - # - # Note that we replicate these constraints in the Synapse Dockerfile while - # pre-installing dependencies. If these constraints are updated here, the - # same change should be made in the Dockerfile. - "prometheus_client>=0.4.0,<0.9.0", + "prometheus_client>=0.4.0", # we use attr.validators.deep_iterable, which arrived in 19.1.0 (Note: # Fedora 31 only has 19.1, so if we want to upgrade we should wait until 33 # is out in November.) diff --git a/tests/handlers/test_oidc.py b/tests/handlers/test_oidc.py index d485af52fd..a308c46da9 100644 --- a/tests/handlers/test_oidc.py +++ b/tests/handlers/test_oidc.py @@ -705,8 +705,7 @@ class OidcHandlerTestCase(HomeserverTestCase): MappingException, ) self.assertEqual( - str(e.value), - "Could not extract user attributes from SSO response: Mapping provider does not support de-duplicating Matrix IDs", + str(e.value), "Mapping provider does not support de-duplicating Matrix IDs", ) @override_config({"oidc_config": {"allow_existing_users": True}}) diff --git a/tests/handlers/test_saml.py b/tests/handlers/test_saml.py index e1e13a5faf..45dc17aba5 100644 --- a/tests/handlers/test_saml.py +++ b/tests/handlers/test_saml.py @@ -14,6 +14,7 @@ import attr +from synapse.api.errors import RedirectException from synapse.handlers.sso import MappingException from tests.unittest import HomeserverTestCase, override_config @@ -49,6 +50,13 @@ class TestMappingProvider: return {"mxid_localpart": localpart, "displayname": None} +class TestRedirectMappingProvider(TestMappingProvider): + def saml_response_to_user_attributes( + self, saml_response, failures, client_redirect_url + ): + raise RedirectException(b"https://custom-saml-redirect/") + + class SamlHandlerTestCase(HomeserverTestCase): def default_config(self): config = super().default_config() @@ -166,3 +174,23 @@ class SamlHandlerTestCase(HomeserverTestCase): self.assertEqual( str(e.value), "Unable to generate a Matrix ID from the SSO response" ) + + @override_config( + { + "saml2_config": { + "user_mapping_provider": { + "module": __name__ + ".TestRedirectMappingProvider" + }, + } + } + ) + def test_map_saml_response_redirect(self): + saml_response = FakeAuthnResponse({"uid": "test", "username": "test_user"}) + redirect_url = "" + e = self.get_failure( + self.handler._map_saml_response_to_user( + saml_response, redirect_url, "user-agent", "10.10.10.10" + ), + RedirectException, + ) + self.assertEqual(e.value.location, b"https://custom-saml-redirect/")