matrix-synapse 1.142.0rc3__cp314-abi3-musllinux_1_2_aarch64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of matrix-synapse might be problematic. Click here for more details.
- matrix_synapse-1.142.0rc3.dist-info/AUTHORS.rst +51 -0
- matrix_synapse-1.142.0rc3.dist-info/LICENSE-AGPL-3.0 +661 -0
- matrix_synapse-1.142.0rc3.dist-info/LICENSE-COMMERCIAL +6 -0
- matrix_synapse-1.142.0rc3.dist-info/METADATA +375 -0
- matrix_synapse-1.142.0rc3.dist-info/RECORD +1057 -0
- matrix_synapse-1.142.0rc3.dist-info/WHEEL +4 -0
- matrix_synapse-1.142.0rc3.dist-info/entry_points.txt +14 -0
- matrix_synapse.libs/libgcc_s-2d945d6c.so.1 +0 -0
- synapse/__init__.py +97 -0
- synapse/_scripts/__init__.py +0 -0
- synapse/_scripts/export_signing_key.py +109 -0
- synapse/_scripts/generate_config.py +83 -0
- synapse/_scripts/generate_log_config.py +56 -0
- synapse/_scripts/generate_signing_key.py +55 -0
- synapse/_scripts/generate_workers_map.py +318 -0
- synapse/_scripts/hash_password.py +95 -0
- synapse/_scripts/move_remote_media_to_new_store.py +128 -0
- synapse/_scripts/register_new_matrix_user.py +374 -0
- synapse/_scripts/review_recent_signups.py +212 -0
- synapse/_scripts/synapse_port_db.py +1603 -0
- synapse/_scripts/synctl.py +365 -0
- synapse/_scripts/update_synapse_database.py +130 -0
- synapse/api/__init__.py +20 -0
- synapse/api/auth/__init__.py +207 -0
- synapse/api/auth/base.py +406 -0
- synapse/api/auth/internal.py +299 -0
- synapse/api/auth/mas.py +457 -0
- synapse/api/auth/msc3861_delegated.py +617 -0
- synapse/api/auth_blocking.py +144 -0
- synapse/api/constants.py +362 -0
- synapse/api/errors.py +907 -0
- synapse/api/filtering.py +539 -0
- synapse/api/presence.py +104 -0
- synapse/api/ratelimiting.py +482 -0
- synapse/api/room_versions.py +535 -0
- synapse/api/urls.py +119 -0
- synapse/app/__init__.py +60 -0
- synapse/app/_base.py +866 -0
- synapse/app/admin_cmd.py +388 -0
- synapse/app/appservice.py +30 -0
- synapse/app/client_reader.py +30 -0
- synapse/app/complement_fork_starter.py +206 -0
- synapse/app/event_creator.py +29 -0
- synapse/app/federation_reader.py +30 -0
- synapse/app/federation_sender.py +30 -0
- synapse/app/frontend_proxy.py +30 -0
- synapse/app/generic_worker.py +475 -0
- synapse/app/homeserver.py +504 -0
- synapse/app/media_repository.py +30 -0
- synapse/app/phone_stats_home.py +296 -0
- synapse/app/pusher.py +30 -0
- synapse/app/synchrotron.py +30 -0
- synapse/app/user_dir.py +31 -0
- synapse/appservice/__init__.py +461 -0
- synapse/appservice/api.py +569 -0
- synapse/appservice/scheduler.py +567 -0
- synapse/config/__init__.py +27 -0
- synapse/config/__main__.py +62 -0
- synapse/config/_base.py +1108 -0
- synapse/config/_base.pyi +217 -0
- synapse/config/_util.py +99 -0
- synapse/config/account_validity.py +116 -0
- synapse/config/api.py +141 -0
- synapse/config/appservice.py +210 -0
- synapse/config/auth.py +80 -0
- synapse/config/auto_accept_invites.py +43 -0
- synapse/config/background_updates.py +44 -0
- synapse/config/cache.py +231 -0
- synapse/config/captcha.py +90 -0
- synapse/config/cas.py +116 -0
- synapse/config/consent.py +73 -0
- synapse/config/database.py +184 -0
- synapse/config/emailconfig.py +367 -0
- synapse/config/experimental.py +595 -0
- synapse/config/federation.py +114 -0
- synapse/config/homeserver.py +141 -0
- synapse/config/jwt.py +55 -0
- synapse/config/key.py +447 -0
- synapse/config/logger.py +390 -0
- synapse/config/mas.py +191 -0
- synapse/config/matrixrtc.py +66 -0
- synapse/config/metrics.py +84 -0
- synapse/config/modules.py +40 -0
- synapse/config/oembed.py +185 -0
- synapse/config/oidc.py +509 -0
- synapse/config/password_auth_providers.py +82 -0
- synapse/config/push.py +64 -0
- synapse/config/ratelimiting.py +254 -0
- synapse/config/redis.py +74 -0
- synapse/config/registration.py +296 -0
- synapse/config/repository.py +311 -0
- synapse/config/retention.py +162 -0
- synapse/config/room.py +88 -0
- synapse/config/room_directory.py +165 -0
- synapse/config/saml2.py +251 -0
- synapse/config/server.py +1170 -0
- synapse/config/server_notices.py +84 -0
- synapse/config/spam_checker.py +66 -0
- synapse/config/sso.py +121 -0
- synapse/config/stats.py +54 -0
- synapse/config/third_party_event_rules.py +40 -0
- synapse/config/tls.py +192 -0
- synapse/config/tracer.py +71 -0
- synapse/config/user_directory.py +47 -0
- synapse/config/user_types.py +44 -0
- synapse/config/voip.py +59 -0
- synapse/config/workers.py +642 -0
- synapse/crypto/__init__.py +20 -0
- synapse/crypto/context_factory.py +278 -0
- synapse/crypto/event_signing.py +194 -0
- synapse/crypto/keyring.py +931 -0
- synapse/event_auth.py +1266 -0
- synapse/events/__init__.py +668 -0
- synapse/events/auto_accept_invites.py +216 -0
- synapse/events/builder.py +387 -0
- synapse/events/presence_router.py +245 -0
- synapse/events/snapshot.py +559 -0
- synapse/events/utils.py +928 -0
- synapse/events/validator.py +305 -0
- synapse/federation/__init__.py +22 -0
- synapse/federation/federation_base.py +383 -0
- synapse/federation/federation_client.py +2134 -0
- synapse/federation/federation_server.py +1544 -0
- synapse/federation/persistence.py +71 -0
- synapse/federation/send_queue.py +532 -0
- synapse/federation/sender/__init__.py +1165 -0
- synapse/federation/sender/per_destination_queue.py +884 -0
- synapse/federation/sender/transaction_manager.py +210 -0
- synapse/federation/transport/__init__.py +28 -0
- synapse/federation/transport/client.py +1201 -0
- synapse/federation/transport/server/__init__.py +334 -0
- synapse/federation/transport/server/_base.py +429 -0
- synapse/federation/transport/server/federation.py +912 -0
- synapse/federation/units.py +133 -0
- synapse/handlers/__init__.py +20 -0
- synapse/handlers/account.py +162 -0
- synapse/handlers/account_data.py +362 -0
- synapse/handlers/account_validity.py +361 -0
- synapse/handlers/admin.py +618 -0
- synapse/handlers/appservice.py +991 -0
- synapse/handlers/auth.py +2494 -0
- synapse/handlers/cas.py +413 -0
- synapse/handlers/deactivate_account.py +363 -0
- synapse/handlers/delayed_events.py +635 -0
- synapse/handlers/device.py +1873 -0
- synapse/handlers/devicemessage.py +399 -0
- synapse/handlers/directory.py +554 -0
- synapse/handlers/e2e_keys.py +1834 -0
- synapse/handlers/e2e_room_keys.py +455 -0
- synapse/handlers/event_auth.py +390 -0
- synapse/handlers/events.py +201 -0
- synapse/handlers/federation.py +2043 -0
- synapse/handlers/federation_event.py +2420 -0
- synapse/handlers/identity.py +812 -0
- synapse/handlers/initial_sync.py +528 -0
- synapse/handlers/jwt.py +120 -0
- synapse/handlers/message.py +2347 -0
- synapse/handlers/oidc.py +1803 -0
- synapse/handlers/pagination.py +768 -0
- synapse/handlers/password_policy.py +102 -0
- synapse/handlers/presence.py +2638 -0
- synapse/handlers/profile.py +655 -0
- synapse/handlers/push_rules.py +164 -0
- synapse/handlers/read_marker.py +79 -0
- synapse/handlers/receipts.py +351 -0
- synapse/handlers/register.py +1060 -0
- synapse/handlers/relations.py +624 -0
- synapse/handlers/reports.py +98 -0
- synapse/handlers/room.py +2447 -0
- synapse/handlers/room_list.py +632 -0
- synapse/handlers/room_member.py +2365 -0
- synapse/handlers/room_member_worker.py +146 -0
- synapse/handlers/room_policy.py +186 -0
- synapse/handlers/room_summary.py +1057 -0
- synapse/handlers/saml.py +524 -0
- synapse/handlers/search.py +723 -0
- synapse/handlers/send_email.py +209 -0
- synapse/handlers/set_password.py +71 -0
- synapse/handlers/sliding_sync/__init__.py +1701 -0
- synapse/handlers/sliding_sync/extensions.py +970 -0
- synapse/handlers/sliding_sync/room_lists.py +2266 -0
- synapse/handlers/sliding_sync/store.py +128 -0
- synapse/handlers/sso.py +1292 -0
- synapse/handlers/state_deltas.py +82 -0
- synapse/handlers/stats.py +322 -0
- synapse/handlers/sync.py +3109 -0
- synapse/handlers/thread_subscriptions.py +190 -0
- synapse/handlers/typing.py +606 -0
- synapse/handlers/ui_auth/__init__.py +48 -0
- synapse/handlers/ui_auth/checkers.py +332 -0
- synapse/handlers/user_directory.py +783 -0
- synapse/handlers/worker_lock.py +365 -0
- synapse/http/__init__.py +106 -0
- synapse/http/additional_resource.py +62 -0
- synapse/http/client.py +1360 -0
- synapse/http/connectproxyclient.py +309 -0
- synapse/http/federation/__init__.py +19 -0
- synapse/http/federation/matrix_federation_agent.py +490 -0
- synapse/http/federation/srv_resolver.py +196 -0
- synapse/http/federation/well_known_resolver.py +367 -0
- synapse/http/matrixfederationclient.py +1875 -0
- synapse/http/proxy.py +290 -0
- synapse/http/proxyagent.py +497 -0
- synapse/http/replicationagent.py +203 -0
- synapse/http/request_metrics.py +309 -0
- synapse/http/server.py +1114 -0
- synapse/http/servlet.py +1019 -0
- synapse/http/site.py +825 -0
- synapse/http/types.py +27 -0
- synapse/logging/__init__.py +31 -0
- synapse/logging/_remote.py +261 -0
- synapse/logging/_terse_json.py +95 -0
- synapse/logging/context.py +1211 -0
- synapse/logging/formatter.py +63 -0
- synapse/logging/handlers.py +99 -0
- synapse/logging/loggers.py +25 -0
- synapse/logging/opentracing.py +1132 -0
- synapse/logging/scopecontextmanager.py +161 -0
- synapse/media/_base.py +827 -0
- synapse/media/filepath.py +417 -0
- synapse/media/media_repository.py +1580 -0
- synapse/media/media_storage.py +704 -0
- synapse/media/oembed.py +277 -0
- synapse/media/preview_html.py +559 -0
- synapse/media/storage_provider.py +195 -0
- synapse/media/thumbnailer.py +833 -0
- synapse/media/url_previewer.py +875 -0
- synapse/metrics/__init__.py +754 -0
- synapse/metrics/_gc.py +219 -0
- synapse/metrics/_reactor_metrics.py +171 -0
- synapse/metrics/_types.py +38 -0
- synapse/metrics/background_process_metrics.py +556 -0
- synapse/metrics/common_usage_metrics.py +94 -0
- synapse/metrics/jemalloc.py +248 -0
- synapse/module_api/__init__.py +2154 -0
- synapse/module_api/callbacks/__init__.py +50 -0
- synapse/module_api/callbacks/account_validity_callbacks.py +106 -0
- synapse/module_api/callbacks/media_repository_callbacks.py +160 -0
- synapse/module_api/callbacks/ratelimit_callbacks.py +79 -0
- synapse/module_api/callbacks/spamchecker_callbacks.py +1113 -0
- synapse/module_api/callbacks/third_party_event_rules_callbacks.py +599 -0
- synapse/module_api/errors.py +42 -0
- synapse/notifier.py +972 -0
- synapse/push/__init__.py +212 -0
- synapse/push/bulk_push_rule_evaluator.py +637 -0
- synapse/push/clientformat.py +126 -0
- synapse/push/emailpusher.py +333 -0
- synapse/push/httppusher.py +564 -0
- synapse/push/mailer.py +1012 -0
- synapse/push/presentable_names.py +216 -0
- synapse/push/push_tools.py +114 -0
- synapse/push/push_types.py +141 -0
- synapse/push/pusher.py +87 -0
- synapse/push/pusherpool.py +501 -0
- synapse/push/rulekinds.py +33 -0
- synapse/py.typed +0 -0
- synapse/replication/__init__.py +20 -0
- synapse/replication/http/__init__.py +68 -0
- synapse/replication/http/_base.py +468 -0
- synapse/replication/http/account_data.py +297 -0
- synapse/replication/http/deactivate_account.py +81 -0
- synapse/replication/http/delayed_events.py +62 -0
- synapse/replication/http/devices.py +254 -0
- synapse/replication/http/federation.py +334 -0
- synapse/replication/http/login.py +106 -0
- synapse/replication/http/membership.py +364 -0
- synapse/replication/http/presence.py +133 -0
- synapse/replication/http/push.py +156 -0
- synapse/replication/http/register.py +172 -0
- synapse/replication/http/send_events.py +182 -0
- synapse/replication/http/state.py +82 -0
- synapse/replication/http/streams.py +101 -0
- synapse/replication/tcp/__init__.py +56 -0
- synapse/replication/tcp/client.py +552 -0
- synapse/replication/tcp/commands.py +569 -0
- synapse/replication/tcp/context.py +41 -0
- synapse/replication/tcp/external_cache.py +156 -0
- synapse/replication/tcp/handler.py +942 -0
- synapse/replication/tcp/protocol.py +608 -0
- synapse/replication/tcp/redis.py +509 -0
- synapse/replication/tcp/resource.py +348 -0
- synapse/replication/tcp/streams/__init__.py +96 -0
- synapse/replication/tcp/streams/_base.py +766 -0
- synapse/replication/tcp/streams/events.py +287 -0
- synapse/replication/tcp/streams/federation.py +92 -0
- synapse/replication/tcp/streams/partial_state.py +80 -0
- synapse/res/providers.json +29 -0
- synapse/res/templates/_base.html +29 -0
- synapse/res/templates/account_previously_renewed.html +6 -0
- synapse/res/templates/account_renewed.html +6 -0
- synapse/res/templates/add_threepid.html +8 -0
- synapse/res/templates/add_threepid.txt +6 -0
- synapse/res/templates/add_threepid_failure.html +7 -0
- synapse/res/templates/add_threepid_success.html +6 -0
- synapse/res/templates/already_in_use.html +12 -0
- synapse/res/templates/already_in_use.txt +10 -0
- synapse/res/templates/auth_success.html +21 -0
- synapse/res/templates/invalid_token.html +6 -0
- synapse/res/templates/mail-Element.css +7 -0
- synapse/res/templates/mail-Vector.css +7 -0
- synapse/res/templates/mail-expiry.css +4 -0
- synapse/res/templates/mail.css +156 -0
- synapse/res/templates/notice_expiry.html +46 -0
- synapse/res/templates/notice_expiry.txt +7 -0
- synapse/res/templates/notif.html +51 -0
- synapse/res/templates/notif.txt +22 -0
- synapse/res/templates/notif_mail.html +59 -0
- synapse/res/templates/notif_mail.txt +10 -0
- synapse/res/templates/password_reset.html +10 -0
- synapse/res/templates/password_reset.txt +7 -0
- synapse/res/templates/password_reset_confirmation.html +15 -0
- synapse/res/templates/password_reset_failure.html +7 -0
- synapse/res/templates/password_reset_success.html +6 -0
- synapse/res/templates/recaptcha.html +42 -0
- synapse/res/templates/registration.html +12 -0
- synapse/res/templates/registration.txt +10 -0
- synapse/res/templates/registration_failure.html +6 -0
- synapse/res/templates/registration_success.html +6 -0
- synapse/res/templates/registration_token.html +18 -0
- synapse/res/templates/room.html +33 -0
- synapse/res/templates/room.txt +9 -0
- synapse/res/templates/sso.css +129 -0
- synapse/res/templates/sso_account_deactivated.html +25 -0
- synapse/res/templates/sso_auth_account_details.html +186 -0
- synapse/res/templates/sso_auth_account_details.js +116 -0
- synapse/res/templates/sso_auth_bad_user.html +26 -0
- synapse/res/templates/sso_auth_confirm.html +27 -0
- synapse/res/templates/sso_auth_success.html +26 -0
- synapse/res/templates/sso_error.html +71 -0
- synapse/res/templates/sso_footer.html +19 -0
- synapse/res/templates/sso_login_idp_picker.html +60 -0
- synapse/res/templates/sso_new_user_consent.html +30 -0
- synapse/res/templates/sso_partial_profile.html +19 -0
- synapse/res/templates/sso_redirect_confirm.html +39 -0
- synapse/res/templates/style.css +33 -0
- synapse/res/templates/terms.html +27 -0
- synapse/rest/__init__.py +197 -0
- synapse/rest/admin/__init__.py +390 -0
- synapse/rest/admin/_base.py +72 -0
- synapse/rest/admin/background_updates.py +171 -0
- synapse/rest/admin/devices.py +221 -0
- synapse/rest/admin/event_reports.py +173 -0
- synapse/rest/admin/events.py +69 -0
- synapse/rest/admin/experimental_features.py +137 -0
- synapse/rest/admin/federation.py +243 -0
- synapse/rest/admin/media.py +540 -0
- synapse/rest/admin/registration_tokens.py +358 -0
- synapse/rest/admin/rooms.py +1061 -0
- synapse/rest/admin/scheduled_tasks.py +70 -0
- synapse/rest/admin/server_notice_servlet.py +132 -0
- synapse/rest/admin/statistics.py +132 -0
- synapse/rest/admin/username_available.py +58 -0
- synapse/rest/admin/users.py +1608 -0
- synapse/rest/client/__init__.py +20 -0
- synapse/rest/client/_base.py +113 -0
- synapse/rest/client/account.py +930 -0
- synapse/rest/client/account_data.py +319 -0
- synapse/rest/client/account_validity.py +103 -0
- synapse/rest/client/appservice_ping.py +125 -0
- synapse/rest/client/auth.py +218 -0
- synapse/rest/client/auth_metadata.py +122 -0
- synapse/rest/client/capabilities.py +121 -0
- synapse/rest/client/delayed_events.py +111 -0
- synapse/rest/client/devices.py +587 -0
- synapse/rest/client/directory.py +211 -0
- synapse/rest/client/events.py +116 -0
- synapse/rest/client/filter.py +112 -0
- synapse/rest/client/initial_sync.py +65 -0
- synapse/rest/client/keys.py +678 -0
- synapse/rest/client/knock.py +104 -0
- synapse/rest/client/login.py +754 -0
- synapse/rest/client/login_token_request.py +127 -0
- synapse/rest/client/logout.py +93 -0
- synapse/rest/client/matrixrtc.py +52 -0
- synapse/rest/client/media.py +286 -0
- synapse/rest/client/mutual_rooms.py +93 -0
- synapse/rest/client/notifications.py +137 -0
- synapse/rest/client/openid.py +109 -0
- synapse/rest/client/password_policy.py +69 -0
- synapse/rest/client/presence.py +131 -0
- synapse/rest/client/profile.py +291 -0
- synapse/rest/client/push_rule.py +331 -0
- synapse/rest/client/pusher.py +181 -0
- synapse/rest/client/read_marker.py +104 -0
- synapse/rest/client/receipts.py +165 -0
- synapse/rest/client/register.py +1067 -0
- synapse/rest/client/relations.py +138 -0
- synapse/rest/client/rendezvous.py +76 -0
- synapse/rest/client/reporting.py +207 -0
- synapse/rest/client/room.py +1669 -0
- synapse/rest/client/room_keys.py +426 -0
- synapse/rest/client/room_upgrade_rest_servlet.py +112 -0
- synapse/rest/client/sendtodevice.py +85 -0
- synapse/rest/client/sync.py +1131 -0
- synapse/rest/client/tags.py +129 -0
- synapse/rest/client/thirdparty.py +130 -0
- synapse/rest/client/thread_subscriptions.py +247 -0
- synapse/rest/client/tokenrefresh.py +52 -0
- synapse/rest/client/transactions.py +149 -0
- synapse/rest/client/user_directory.py +90 -0
- synapse/rest/client/versions.py +191 -0
- synapse/rest/client/voip.py +88 -0
- synapse/rest/consent/__init__.py +0 -0
- synapse/rest/consent/consent_resource.py +210 -0
- synapse/rest/health.py +38 -0
- synapse/rest/key/__init__.py +20 -0
- synapse/rest/key/v2/__init__.py +40 -0
- synapse/rest/key/v2/local_key_resource.py +125 -0
- synapse/rest/key/v2/remote_key_resource.py +302 -0
- synapse/rest/media/__init__.py +0 -0
- synapse/rest/media/config_resource.py +53 -0
- synapse/rest/media/create_resource.py +90 -0
- synapse/rest/media/download_resource.py +110 -0
- synapse/rest/media/media_repository_resource.py +113 -0
- synapse/rest/media/preview_url_resource.py +77 -0
- synapse/rest/media/thumbnail_resource.py +142 -0
- synapse/rest/media/upload_resource.py +187 -0
- synapse/rest/media/v1/__init__.py +39 -0
- synapse/rest/media/v1/_base.py +23 -0
- synapse/rest/media/v1/media_storage.py +23 -0
- synapse/rest/media/v1/storage_provider.py +23 -0
- synapse/rest/synapse/__init__.py +20 -0
- synapse/rest/synapse/client/__init__.py +93 -0
- synapse/rest/synapse/client/federation_whitelist.py +66 -0
- synapse/rest/synapse/client/jwks.py +77 -0
- synapse/rest/synapse/client/new_user_consent.py +115 -0
- synapse/rest/synapse/client/oidc/__init__.py +45 -0
- synapse/rest/synapse/client/oidc/backchannel_logout_resource.py +42 -0
- synapse/rest/synapse/client/oidc/callback_resource.py +48 -0
- synapse/rest/synapse/client/password_reset.py +129 -0
- synapse/rest/synapse/client/pick_idp.py +107 -0
- synapse/rest/synapse/client/pick_username.py +153 -0
- synapse/rest/synapse/client/rendezvous.py +58 -0
- synapse/rest/synapse/client/saml2/__init__.py +42 -0
- synapse/rest/synapse/client/saml2/metadata_resource.py +46 -0
- synapse/rest/synapse/client/saml2/response_resource.py +52 -0
- synapse/rest/synapse/client/sso_register.py +56 -0
- synapse/rest/synapse/client/unsubscribe.py +88 -0
- synapse/rest/synapse/mas/__init__.py +71 -0
- synapse/rest/synapse/mas/_base.py +55 -0
- synapse/rest/synapse/mas/devices.py +239 -0
- synapse/rest/synapse/mas/users.py +469 -0
- synapse/rest/well_known.py +148 -0
- synapse/server.py +1258 -0
- synapse/server_notices/__init__.py +0 -0
- synapse/server_notices/consent_server_notices.py +136 -0
- synapse/server_notices/resource_limits_server_notices.py +215 -0
- synapse/server_notices/server_notices_manager.py +388 -0
- synapse/server_notices/server_notices_sender.py +67 -0
- synapse/server_notices/worker_server_notices_sender.py +46 -0
- synapse/spam_checker_api/__init__.py +31 -0
- synapse/state/__init__.py +1022 -0
- synapse/state/v1.py +370 -0
- synapse/state/v2.py +985 -0
- synapse/static/client/login/index.html +47 -0
- synapse/static/client/login/js/jquery-3.4.1.min.js +2 -0
- synapse/static/client/login/js/login.js +291 -0
- synapse/static/client/login/spinner.gif +0 -0
- synapse/static/client/login/style.css +79 -0
- synapse/static/index.html +63 -0
- synapse/storage/__init__.py +43 -0
- synapse/storage/_base.py +245 -0
- synapse/storage/admin_client_config.py +26 -0
- synapse/storage/background_updates.py +1189 -0
- synapse/storage/controllers/__init__.py +57 -0
- synapse/storage/controllers/persist_events.py +1239 -0
- synapse/storage/controllers/purge_events.py +456 -0
- synapse/storage/controllers/state.py +954 -0
- synapse/storage/controllers/stats.py +119 -0
- synapse/storage/database.py +2720 -0
- synapse/storage/databases/__init__.py +175 -0
- synapse/storage/databases/main/__init__.py +424 -0
- synapse/storage/databases/main/account_data.py +1060 -0
- synapse/storage/databases/main/appservice.py +473 -0
- synapse/storage/databases/main/cache.py +911 -0
- synapse/storage/databases/main/censor_events.py +225 -0
- synapse/storage/databases/main/client_ips.py +817 -0
- synapse/storage/databases/main/delayed_events.py +560 -0
- synapse/storage/databases/main/deviceinbox.py +1272 -0
- synapse/storage/databases/main/devices.py +2581 -0
- synapse/storage/databases/main/directory.py +212 -0
- synapse/storage/databases/main/e2e_room_keys.py +690 -0
- synapse/storage/databases/main/end_to_end_keys.py +1896 -0
- synapse/storage/databases/main/event_federation.py +2509 -0
- synapse/storage/databases/main/event_push_actions.py +1937 -0
- synapse/storage/databases/main/events.py +3746 -0
- synapse/storage/databases/main/events_bg_updates.py +2910 -0
- synapse/storage/databases/main/events_forward_extremities.py +126 -0
- synapse/storage/databases/main/events_worker.py +2784 -0
- synapse/storage/databases/main/experimental_features.py +130 -0
- synapse/storage/databases/main/filtering.py +231 -0
- synapse/storage/databases/main/keys.py +291 -0
- synapse/storage/databases/main/lock.py +553 -0
- synapse/storage/databases/main/media_repository.py +1070 -0
- synapse/storage/databases/main/metrics.py +460 -0
- synapse/storage/databases/main/monthly_active_users.py +443 -0
- synapse/storage/databases/main/openid.py +61 -0
- synapse/storage/databases/main/presence.py +511 -0
- synapse/storage/databases/main/profile.py +541 -0
- synapse/storage/databases/main/purge_events.py +511 -0
- synapse/storage/databases/main/push_rule.py +972 -0
- synapse/storage/databases/main/pusher.py +794 -0
- synapse/storage/databases/main/receipts.py +1342 -0
- synapse/storage/databases/main/registration.py +3076 -0
- synapse/storage/databases/main/rejections.py +38 -0
- synapse/storage/databases/main/relations.py +1118 -0
- synapse/storage/databases/main/room.py +2781 -0
- synapse/storage/databases/main/roommember.py +2112 -0
- synapse/storage/databases/main/search.py +941 -0
- synapse/storage/databases/main/session.py +151 -0
- synapse/storage/databases/main/signatures.py +94 -0
- synapse/storage/databases/main/sliding_sync.py +603 -0
- synapse/storage/databases/main/state.py +1006 -0
- synapse/storage/databases/main/state_deltas.py +329 -0
- synapse/storage/databases/main/stats.py +791 -0
- synapse/storage/databases/main/stream.py +2580 -0
- synapse/storage/databases/main/tags.py +360 -0
- synapse/storage/databases/main/task_scheduler.py +225 -0
- synapse/storage/databases/main/thread_subscriptions.py +591 -0
- synapse/storage/databases/main/transactions.py +681 -0
- synapse/storage/databases/main/ui_auth.py +420 -0
- synapse/storage/databases/main/user_directory.py +1331 -0
- synapse/storage/databases/main/user_erasure_store.py +117 -0
- synapse/storage/databases/state/__init__.py +22 -0
- synapse/storage/databases/state/bg_updates.py +499 -0
- synapse/storage/databases/state/deletion.py +558 -0
- synapse/storage/databases/state/store.py +949 -0
- synapse/storage/engines/__init__.py +70 -0
- synapse/storage/engines/_base.py +154 -0
- synapse/storage/engines/postgres.py +261 -0
- synapse/storage/engines/sqlite.py +199 -0
- synapse/storage/invite_rule.py +112 -0
- synapse/storage/keys.py +40 -0
- synapse/storage/prepare_database.py +731 -0
- synapse/storage/push_rule.py +28 -0
- synapse/storage/roommember.py +89 -0
- synapse/storage/schema/README.md +4 -0
- synapse/storage/schema/__init__.py +182 -0
- synapse/storage/schema/common/delta/25/00background_updates.sql +40 -0
- synapse/storage/schema/common/delta/35/00background_updates_add_col.sql +36 -0
- synapse/storage/schema/common/delta/58/00background_update_ordering.sql +38 -0
- synapse/storage/schema/common/full_schemas/72/full.sql.postgres +8 -0
- synapse/storage/schema/common/full_schemas/72/full.sql.sqlite +6 -0
- synapse/storage/schema/common/schema_version.sql +60 -0
- synapse/storage/schema/main/delta/12/v12.sql +82 -0
- synapse/storage/schema/main/delta/13/v13.sql +38 -0
- synapse/storage/schema/main/delta/14/v14.sql +42 -0
- synapse/storage/schema/main/delta/15/appservice_txns.sql +50 -0
- synapse/storage/schema/main/delta/15/presence_indices.sql +2 -0
- synapse/storage/schema/main/delta/15/v15.sql +24 -0
- synapse/storage/schema/main/delta/16/events_order_index.sql +4 -0
- synapse/storage/schema/main/delta/16/remote_media_cache_index.sql +2 -0
- synapse/storage/schema/main/delta/16/remove_duplicates.sql +9 -0
- synapse/storage/schema/main/delta/16/room_alias_index.sql +3 -0
- synapse/storage/schema/main/delta/16/unique_constraints.sql +72 -0
- synapse/storage/schema/main/delta/16/users.sql +56 -0
- synapse/storage/schema/main/delta/17/drop_indexes.sql +37 -0
- synapse/storage/schema/main/delta/17/server_keys.sql +43 -0
- synapse/storage/schema/main/delta/17/user_threepids.sql +9 -0
- synapse/storage/schema/main/delta/18/server_keys_bigger_ints.sql +51 -0
- synapse/storage/schema/main/delta/19/event_index.sql +38 -0
- synapse/storage/schema/main/delta/20/dummy.sql +1 -0
- synapse/storage/schema/main/delta/20/pushers.py +93 -0
- synapse/storage/schema/main/delta/21/end_to_end_keys.sql +53 -0
- synapse/storage/schema/main/delta/21/receipts.sql +57 -0
- synapse/storage/schema/main/delta/22/receipts_index.sql +41 -0
- synapse/storage/schema/main/delta/22/user_threepids_unique.sql +19 -0
- synapse/storage/schema/main/delta/24/stats_reporting.sql +37 -0
- synapse/storage/schema/main/delta/25/fts.py +81 -0
- synapse/storage/schema/main/delta/25/guest_access.sql +44 -0
- synapse/storage/schema/main/delta/25/history_visibility.sql +44 -0
- synapse/storage/schema/main/delta/25/tags.sql +57 -0
- synapse/storage/schema/main/delta/26/account_data.sql +36 -0
- synapse/storage/schema/main/delta/27/account_data.sql +55 -0
- synapse/storage/schema/main/delta/27/forgotten_memberships.sql +45 -0
- synapse/storage/schema/main/delta/27/ts.py +61 -0
- synapse/storage/schema/main/delta/28/event_push_actions.sql +46 -0
- synapse/storage/schema/main/delta/28/events_room_stream.sql +39 -0
- synapse/storage/schema/main/delta/28/public_roms_index.sql +39 -0
- synapse/storage/schema/main/delta/28/receipts_user_id_index.sql +41 -0
- synapse/storage/schema/main/delta/28/upgrade_times.sql +40 -0
- synapse/storage/schema/main/delta/28/users_is_guest.sql +41 -0
- synapse/storage/schema/main/delta/29/push_actions.sql +54 -0
- synapse/storage/schema/main/delta/30/alias_creator.sql +35 -0
- synapse/storage/schema/main/delta/30/as_users.py +82 -0
- synapse/storage/schema/main/delta/30/deleted_pushers.sql +44 -0
- synapse/storage/schema/main/delta/30/presence_stream.sql +49 -0
- synapse/storage/schema/main/delta/30/public_rooms.sql +42 -0
- synapse/storage/schema/main/delta/30/push_rule_stream.sql +57 -0
- synapse/storage/schema/main/delta/30/threepid_guest_access_tokens.sql +43 -0
- synapse/storage/schema/main/delta/31/invites.sql +61 -0
- synapse/storage/schema/main/delta/31/local_media_repository_url_cache.sql +46 -0
- synapse/storage/schema/main/delta/31/pushers_0.py +92 -0
- synapse/storage/schema/main/delta/31/pushers_index.sql +41 -0
- synapse/storage/schema/main/delta/31/search_update.py +65 -0
- synapse/storage/schema/main/delta/32/events.sql +35 -0
- synapse/storage/schema/main/delta/32/openid.sql +9 -0
- synapse/storage/schema/main/delta/32/pusher_throttle.sql +42 -0
- synapse/storage/schema/main/delta/32/remove_indices.sql +52 -0
- synapse/storage/schema/main/delta/32/reports.sql +44 -0
- synapse/storage/schema/main/delta/33/access_tokens_device_index.sql +36 -0
- synapse/storage/schema/main/delta/33/devices.sql +40 -0
- synapse/storage/schema/main/delta/33/devices_for_e2e_keys.sql +38 -0
- synapse/storage/schema/main/delta/33/devices_for_e2e_keys_clear_unknown_device.sql +39 -0
- synapse/storage/schema/main/delta/33/event_fields.py +61 -0
- synapse/storage/schema/main/delta/33/remote_media_ts.py +43 -0
- synapse/storage/schema/main/delta/33/user_ips_index.sql +36 -0
- synapse/storage/schema/main/delta/34/appservice_stream.sql +42 -0
- synapse/storage/schema/main/delta/34/cache_stream.py +50 -0
- synapse/storage/schema/main/delta/34/device_inbox.sql +43 -0
- synapse/storage/schema/main/delta/34/push_display_name_rename.sql +39 -0
- synapse/storage/schema/main/delta/34/received_txn_purge.py +36 -0
- synapse/storage/schema/main/delta/35/contains_url.sql +36 -0
- synapse/storage/schema/main/delta/35/device_outbox.sql +58 -0
- synapse/storage/schema/main/delta/35/device_stream_id.sql +40 -0
- synapse/storage/schema/main/delta/35/event_push_actions_index.sql +36 -0
- synapse/storage/schema/main/delta/35/public_room_list_change_stream.sql +52 -0
- synapse/storage/schema/main/delta/35/stream_order_to_extrem.sql +56 -0
- synapse/storage/schema/main/delta/36/readd_public_rooms.sql +45 -0
- synapse/storage/schema/main/delta/37/remove_auth_idx.py +89 -0
- synapse/storage/schema/main/delta/37/user_threepids.sql +71 -0
- synapse/storage/schema/main/delta/38/postgres_fts_gist.sql +38 -0
- synapse/storage/schema/main/delta/39/appservice_room_list.sql +48 -0
- synapse/storage/schema/main/delta/39/device_federation_stream_idx.sql +35 -0
- synapse/storage/schema/main/delta/39/event_push_index.sql +36 -0
- synapse/storage/schema/main/delta/39/federation_out_position.sql +41 -0
- synapse/storage/schema/main/delta/39/membership_profile.sql +39 -0
- synapse/storage/schema/main/delta/40/current_state_idx.sql +36 -0
- synapse/storage/schema/main/delta/40/device_inbox.sql +40 -0
- synapse/storage/schema/main/delta/40/device_list_streams.sql +79 -0
- synapse/storage/schema/main/delta/40/event_push_summary.sql +57 -0
- synapse/storage/schema/main/delta/40/pushers.sql +58 -0
- synapse/storage/schema/main/delta/41/device_list_stream_idx.sql +36 -0
- synapse/storage/schema/main/delta/41/device_outbound_index.sql +35 -0
- synapse/storage/schema/main/delta/41/event_search_event_id_idx.sql +36 -0
- synapse/storage/schema/main/delta/41/ratelimit.sql +41 -0
- synapse/storage/schema/main/delta/42/current_state_delta.sql +48 -0
- synapse/storage/schema/main/delta/42/device_list_last_id.sql +52 -0
- synapse/storage/schema/main/delta/42/event_auth_state_only.sql +36 -0
- synapse/storage/schema/main/delta/42/user_dir.py +88 -0
- synapse/storage/schema/main/delta/43/blocked_rooms.sql +40 -0
- synapse/storage/schema/main/delta/43/quarantine_media.sql +36 -0
- synapse/storage/schema/main/delta/43/url_cache.sql +35 -0
- synapse/storage/schema/main/delta/43/user_share.sql +52 -0
- synapse/storage/schema/main/delta/44/expire_url_cache.sql +60 -0
- synapse/storage/schema/main/delta/45/group_server.sql +186 -0
- synapse/storage/schema/main/delta/45/profile_cache.sql +47 -0
- synapse/storage/schema/main/delta/46/drop_refresh_tokens.sql +36 -0
- synapse/storage/schema/main/delta/46/drop_unique_deleted_pushers.sql +54 -0
- synapse/storage/schema/main/delta/46/group_server.sql +51 -0
- synapse/storage/schema/main/delta/46/local_media_repository_url_idx.sql +43 -0
- synapse/storage/schema/main/delta/46/user_dir_null_room_ids.sql +54 -0
- synapse/storage/schema/main/delta/46/user_dir_typos.sql +43 -0
- synapse/storage/schema/main/delta/47/last_access_media.sql +35 -0
- synapse/storage/schema/main/delta/47/postgres_fts_gin.sql +36 -0
- synapse/storage/schema/main/delta/47/push_actions_staging.sql +47 -0
- synapse/storage/schema/main/delta/48/add_user_consent.sql +37 -0
- synapse/storage/schema/main/delta/48/add_user_ips_last_seen_index.sql +36 -0
- synapse/storage/schema/main/delta/48/deactivated_users.sql +44 -0
- synapse/storage/schema/main/delta/48/group_unique_indexes.py +67 -0
- synapse/storage/schema/main/delta/48/groups_joinable.sql +41 -0
- synapse/storage/schema/main/delta/49/add_user_consent_server_notice_sent.sql +39 -0
- synapse/storage/schema/main/delta/49/add_user_daily_visits.sql +40 -0
- synapse/storage/schema/main/delta/49/add_user_ips_last_seen_only_index.sql +36 -0
- synapse/storage/schema/main/delta/50/add_creation_ts_users_index.sql +38 -0
- synapse/storage/schema/main/delta/50/erasure_store.sql +40 -0
- synapse/storage/schema/main/delta/50/make_event_content_nullable.py +102 -0
- synapse/storage/schema/main/delta/51/e2e_room_keys.sql +58 -0
- synapse/storage/schema/main/delta/51/monthly_active_users.sql +46 -0
- synapse/storage/schema/main/delta/52/add_event_to_state_group_index.sql +38 -0
- synapse/storage/schema/main/delta/52/device_list_streams_unique_idx.sql +55 -0
- synapse/storage/schema/main/delta/52/e2e_room_keys.sql +72 -0
- synapse/storage/schema/main/delta/53/add_user_type_to_users.sql +38 -0
- synapse/storage/schema/main/delta/53/drop_sent_transactions.sql +35 -0
- synapse/storage/schema/main/delta/53/event_format_version.sql +35 -0
- synapse/storage/schema/main/delta/53/user_dir_populate.sql +49 -0
- synapse/storage/schema/main/delta/53/user_ips_index.sql +49 -0
- synapse/storage/schema/main/delta/53/user_share.sql +63 -0
- synapse/storage/schema/main/delta/53/user_threepid_id.sql +48 -0
- synapse/storage/schema/main/delta/53/users_in_public_rooms.sql +47 -0
- synapse/storage/schema/main/delta/54/account_validity_with_renewal.sql +49 -0
- synapse/storage/schema/main/delta/54/add_validity_to_server_keys.sql +42 -0
- synapse/storage/schema/main/delta/54/delete_forward_extremities.sql +42 -0
- synapse/storage/schema/main/delta/54/drop_legacy_tables.sql +49 -0
- synapse/storage/schema/main/delta/54/drop_presence_list.sql +35 -0
- synapse/storage/schema/main/delta/54/relations.sql +46 -0
- synapse/storage/schema/main/delta/54/stats.sql +99 -0
- synapse/storage/schema/main/delta/54/stats2.sql +47 -0
- synapse/storage/schema/main/delta/55/access_token_expiry.sql +37 -0
- synapse/storage/schema/main/delta/55/track_threepid_validations.sql +50 -0
- synapse/storage/schema/main/delta/55/users_alter_deactivated.sql +38 -0
- synapse/storage/schema/main/delta/56/add_spans_to_device_lists.sql +39 -0
- synapse/storage/schema/main/delta/56/current_state_events_membership.sql +41 -0
- synapse/storage/schema/main/delta/56/current_state_events_membership_mk2.sql +43 -0
- synapse/storage/schema/main/delta/56/delete_keys_from_deleted_backups.sql +44 -0
- synapse/storage/schema/main/delta/56/destinations_failure_ts.sql +44 -0
- synapse/storage/schema/main/delta/56/destinations_retry_interval_type.sql.postgres +18 -0
- synapse/storage/schema/main/delta/56/device_stream_id_insert.sql +39 -0
- synapse/storage/schema/main/delta/56/devices_last_seen.sql +43 -0
- synapse/storage/schema/main/delta/56/drop_unused_event_tables.sql +39 -0
- synapse/storage/schema/main/delta/56/event_expiry.sql +40 -0
- synapse/storage/schema/main/delta/56/event_labels.sql +49 -0
- synapse/storage/schema/main/delta/56/event_labels_background_update.sql +36 -0
- synapse/storage/schema/main/delta/56/fix_room_keys_index.sql +37 -0
- synapse/storage/schema/main/delta/56/hidden_devices.sql +37 -0
- synapse/storage/schema/main/delta/56/hidden_devices_fix.sql.sqlite +42 -0
- synapse/storage/schema/main/delta/56/nuke_empty_communities_from_db.sql +48 -0
- synapse/storage/schema/main/delta/56/public_room_list_idx.sql +35 -0
- synapse/storage/schema/main/delta/56/redaction_censor.sql +35 -0
- synapse/storage/schema/main/delta/56/redaction_censor2.sql +41 -0
- synapse/storage/schema/main/delta/56/redaction_censor3_fix_update.sql.postgres +25 -0
- synapse/storage/schema/main/delta/56/redaction_censor4.sql +35 -0
- synapse/storage/schema/main/delta/56/remove_tombstoned_rooms_from_directory.sql +38 -0
- synapse/storage/schema/main/delta/56/room_key_etag.sql +36 -0
- synapse/storage/schema/main/delta/56/room_membership_idx.sql +37 -0
- synapse/storage/schema/main/delta/56/room_retention.sql +52 -0
- synapse/storage/schema/main/delta/56/signing_keys.sql +75 -0
- synapse/storage/schema/main/delta/56/signing_keys_nonunique_signatures.sql +41 -0
- synapse/storage/schema/main/delta/56/stats_separated.sql +175 -0
- synapse/storage/schema/main/delta/56/unique_user_filter_index.py +46 -0
- synapse/storage/schema/main/delta/56/user_external_ids.sql +43 -0
- synapse/storage/schema/main/delta/56/users_in_public_rooms_idx.sql +36 -0
- synapse/storage/schema/main/delta/57/delete_old_current_state_events.sql +41 -0
- synapse/storage/schema/main/delta/57/device_list_remote_cache_stale.sql +44 -0
- synapse/storage/schema/main/delta/57/local_current_membership.py +111 -0
- synapse/storage/schema/main/delta/57/remove_sent_outbound_pokes.sql +40 -0
- synapse/storage/schema/main/delta/57/rooms_version_column.sql +43 -0
- synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.postgres +35 -0
- synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.sqlite +22 -0
- synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.postgres +39 -0
- synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.sqlite +23 -0
- synapse/storage/schema/main/delta/58/02remove_dup_outbound_pokes.sql +41 -0
- synapse/storage/schema/main/delta/58/03persist_ui_auth.sql +55 -0
- synapse/storage/schema/main/delta/58/05cache_instance.sql.postgres +30 -0
- synapse/storage/schema/main/delta/58/06dlols_unique_idx.py +83 -0
- synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.postgres +33 -0
- synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.sqlite +44 -0
- synapse/storage/schema/main/delta/58/07persist_ui_auth_ips.sql +44 -0
- synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.postgres +18 -0
- synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.sqlite +18 -0
- synapse/storage/schema/main/delta/58/09shadow_ban.sql +37 -0
- synapse/storage/schema/main/delta/58/10_pushrules_enabled_delete_obsolete.sql +47 -0
- synapse/storage/schema/main/delta/58/10drop_local_rejections_stream.sql +41 -0
- synapse/storage/schema/main/delta/58/10federation_pos_instance_name.sql +41 -0
- synapse/storage/schema/main/delta/58/11dehydration.sql +39 -0
- synapse/storage/schema/main/delta/58/11fallback.sql +43 -0
- synapse/storage/schema/main/delta/58/11user_id_seq.py +38 -0
- synapse/storage/schema/main/delta/58/12room_stats.sql +51 -0
- synapse/storage/schema/main/delta/58/13remove_presence_allow_inbound.sql +36 -0
- synapse/storage/schema/main/delta/58/14events_instance_name.sql +35 -0
- synapse/storage/schema/main/delta/58/14events_instance_name.sql.postgres +28 -0
- synapse/storage/schema/main/delta/58/15_catchup_destination_rooms.sql +61 -0
- synapse/storage/schema/main/delta/58/15unread_count.sql +45 -0
- synapse/storage/schema/main/delta/58/16populate_stats_process_rooms_fix.sql +41 -0
- synapse/storage/schema/main/delta/58/17_catchup_last_successful.sql +40 -0
- synapse/storage/schema/main/delta/58/18stream_positions.sql +41 -0
- synapse/storage/schema/main/delta/58/19instance_map.sql.postgres +25 -0
- synapse/storage/schema/main/delta/58/19txn_id.sql +59 -0
- synapse/storage/schema/main/delta/58/20instance_name_event_tables.sql +36 -0
- synapse/storage/schema/main/delta/58/20user_daily_visits.sql +37 -0
- synapse/storage/schema/main/delta/58/21as_device_stream.sql +36 -0
- synapse/storage/schema/main/delta/58/21drop_device_max_stream_id.sql +1 -0
- synapse/storage/schema/main/delta/58/22puppet_token.sql +36 -0
- synapse/storage/schema/main/delta/58/22users_have_local_media.sql +2 -0
- synapse/storage/schema/main/delta/58/23e2e_cross_signing_keys_idx.sql +36 -0
- synapse/storage/schema/main/delta/58/24drop_event_json_index.sql +38 -0
- synapse/storage/schema/main/delta/58/25user_external_ids_user_id_idx.sql +36 -0
- synapse/storage/schema/main/delta/58/26access_token_last_validated.sql +37 -0
- synapse/storage/schema/main/delta/58/27local_invites.sql +37 -0
- synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.postgres +16 -0
- synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.sqlite +62 -0
- synapse/storage/schema/main/delta/59/01ignored_user.py +85 -0
- synapse/storage/schema/main/delta/59/02shard_send_to_device.sql +37 -0
- synapse/storage/schema/main/delta/59/03shard_send_to_device_sequence.sql.postgres +25 -0
- synapse/storage/schema/main/delta/59/04_event_auth_chains.sql +71 -0
- synapse/storage/schema/main/delta/59/04_event_auth_chains.sql.postgres +16 -0
- synapse/storage/schema/main/delta/59/04drop_account_data.sql +36 -0
- synapse/storage/schema/main/delta/59/05cache_invalidation.sql +36 -0
- synapse/storage/schema/main/delta/59/06chain_cover_index.sql +36 -0
- synapse/storage/schema/main/delta/59/06shard_account_data.sql +39 -0
- synapse/storage/schema/main/delta/59/06shard_account_data.sql.postgres +32 -0
- synapse/storage/schema/main/delta/59/07shard_account_data_fix.sql +37 -0
- synapse/storage/schema/main/delta/59/08delete_pushers_for_deactivated_accounts.sql +39 -0
- synapse/storage/schema/main/delta/59/08delete_stale_pushers.sql +39 -0
- synapse/storage/schema/main/delta/59/09rejected_events_metadata.sql +45 -0
- synapse/storage/schema/main/delta/59/10delete_purged_chain_cover.sql +36 -0
- synapse/storage/schema/main/delta/59/11add_knock_members_to_stats.sql +39 -0
- synapse/storage/schema/main/delta/59/11drop_thumbnail_constraint.sql.postgres +22 -0
- synapse/storage/schema/main/delta/59/12account_validity_token_used_ts_ms.sql +37 -0
- synapse/storage/schema/main/delta/59/12presence_stream_instance.sql +37 -0
- synapse/storage/schema/main/delta/59/12presence_stream_instance_seq.sql.postgres +20 -0
- synapse/storage/schema/main/delta/59/13users_to_send_full_presence_to.sql +53 -0
- synapse/storage/schema/main/delta/59/14refresh_tokens.sql +53 -0
- synapse/storage/schema/main/delta/59/15locks.sql +56 -0
- synapse/storage/schema/main/delta/59/16federation_inbound_staging.sql +51 -0
- synapse/storage/schema/main/delta/60/01recreate_stream_ordering.sql.postgres +45 -0
- synapse/storage/schema/main/delta/60/02change_stream_ordering_columns.sql.postgres +30 -0
- synapse/storage/schema/main/delta/61/01change_appservices_txns.sql.postgres +23 -0
- synapse/storage/schema/main/delta/61/01insertion_event_lookups.sql +68 -0
- synapse/storage/schema/main/delta/61/02drop_redundant_room_depth_index.sql +37 -0
- synapse/storage/schema/main/delta/61/03recreate_min_depth.py +74 -0
- synapse/storage/schema/main/delta/62/01insertion_event_extremities.sql +43 -0
- synapse/storage/schema/main/delta/63/01create_registration_tokens.sql +42 -0
- synapse/storage/schema/main/delta/63/02delete_unlinked_email_pushers.sql +39 -0
- synapse/storage/schema/main/delta/63/02populate-rooms-creator.sql +36 -0
- synapse/storage/schema/main/delta/63/03session_store.sql +42 -0
- synapse/storage/schema/main/delta/63/04add_presence_stream_not_offline_index.sql +37 -0
- synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.postgres +23 -0
- synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.sqlite +37 -0
- synapse/storage/schema/main/delta/65/01msc2716_insertion_event_edges.sql +38 -0
- synapse/storage/schema/main/delta/65/03remove_hidden_devices_from_device_inbox.sql +41 -0
- synapse/storage/schema/main/delta/65/04_local_group_updates.sql +37 -0
- synapse/storage/schema/main/delta/65/05_remove_room_stats_historical_and_user_stats_historical.sql +38 -0
- synapse/storage/schema/main/delta/65/06remove_deleted_devices_from_device_inbox.sql +53 -0
- synapse/storage/schema/main/delta/65/07_arbitrary_relations.sql +37 -0
- synapse/storage/schema/main/delta/65/08_device_inbox_background_updates.sql +37 -0
- synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql +47 -0
- synapse/storage/schema/main/delta/65/11_devices_auth_provider_session.sql +46 -0
- synapse/storage/schema/main/delta/67/01drop_public_room_list_stream.sql +37 -0
- synapse/storage/schema/main/delta/68/01event_columns.sql +45 -0
- synapse/storage/schema/main/delta/68/02_msc2409_add_device_id_appservice_stream_type.sql +40 -0
- synapse/storage/schema/main/delta/68/03_delete_account_data_for_deactivated_accounts.sql +39 -0
- synapse/storage/schema/main/delta/68/04_refresh_tokens_index_next_token_id.sql +47 -0
- synapse/storage/schema/main/delta/68/04partial_state_rooms.sql +60 -0
- synapse/storage/schema/main/delta/68/05_delete_non_strings_from_event_search.sql.sqlite +22 -0
- synapse/storage/schema/main/delta/68/05partial_state_rooms_triggers.py +80 -0
- synapse/storage/schema/main/delta/68/06_msc3202_add_device_list_appservice_stream_type.sql +42 -0
- synapse/storage/schema/main/delta/69/01as_txn_seq.py +54 -0
- synapse/storage/schema/main/delta/69/01device_list_oubound_by_room.sql +57 -0
- synapse/storage/schema/main/delta/69/02cache_invalidation_index.sql +37 -0
- synapse/storage/schema/main/delta/70/01clean_table_purged_rooms.sql +39 -0
- synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.postgres +43 -0
- synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.sqlite +47 -0
- synapse/storage/schema/main/delta/71/01remove_noop_background_updates.sql +80 -0
- synapse/storage/schema/main/delta/71/02event_push_summary_unique.sql +37 -0
- synapse/storage/schema/main/delta/72/01add_room_type_to_state_stats.sql +38 -0
- synapse/storage/schema/main/delta/72/01event_push_summary_receipt.sql +54 -0
- synapse/storage/schema/main/delta/72/02event_push_actions_index.sql +38 -0
- synapse/storage/schema/main/delta/72/03bg_populate_events_columns.py +57 -0
- synapse/storage/schema/main/delta/72/03drop_event_reference_hashes.sql +36 -0
- synapse/storage/schema/main/delta/72/03remove_groups.sql +50 -0
- synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.postgres +17 -0
- synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.sqlite +40 -0
- synapse/storage/schema/main/delta/72/05receipts_event_stream_ordering.sql +38 -0
- synapse/storage/schema/main/delta/72/05remove_unstable_private_read_receipts.sql +38 -0
- synapse/storage/schema/main/delta/72/06add_consent_ts_to_users.sql +35 -0
- synapse/storage/schema/main/delta/72/06thread_notifications.sql +49 -0
- synapse/storage/schema/main/delta/72/07force_update_current_state_events_membership.py +67 -0
- synapse/storage/schema/main/delta/72/07thread_receipts.sql.postgres +30 -0
- synapse/storage/schema/main/delta/72/07thread_receipts.sql.sqlite +70 -0
- synapse/storage/schema/main/delta/72/08begin_cache_invalidation_seq_at_2.sql.postgres +23 -0
- synapse/storage/schema/main/delta/72/08thread_receipts.sql +39 -0
- synapse/storage/schema/main/delta/72/09partial_indices.sql.sqlite +56 -0
- synapse/storage/schema/main/delta/73/01event_failed_pull_attempts.sql +48 -0
- synapse/storage/schema/main/delta/73/02add_pusher_enabled.sql +35 -0
- synapse/storage/schema/main/delta/73/02room_id_indexes_for_purging.sql +41 -0
- synapse/storage/schema/main/delta/73/03pusher_device_id.sql +39 -0
- synapse/storage/schema/main/delta/73/03users_approved_column.sql +39 -0
- synapse/storage/schema/main/delta/73/04partial_join_details.sql +42 -0
- synapse/storage/schema/main/delta/73/04pending_device_list_updates.sql +47 -0
- synapse/storage/schema/main/delta/73/05old_push_actions.sql.postgres +22 -0
- synapse/storage/schema/main/delta/73/05old_push_actions.sql.sqlite +24 -0
- synapse/storage/schema/main/delta/73/06thread_notifications_thread_id_idx.sql +42 -0
- synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.postgres +23 -0
- synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.sqlite +76 -0
- synapse/storage/schema/main/delta/73/09partial_joined_via_destination.sql +37 -0
- synapse/storage/schema/main/delta/73/09threads_table.sql +49 -0
- synapse/storage/schema/main/delta/73/10_update_sqlite_fts4_tokenizer.py +71 -0
- synapse/storage/schema/main/delta/73/10login_tokens.sql +54 -0
- synapse/storage/schema/main/delta/73/11event_search_room_id_n_distinct.sql.postgres +33 -0
- synapse/storage/schema/main/delta/73/12refactor_device_list_outbound_pokes.sql +72 -0
- synapse/storage/schema/main/delta/73/13add_device_lists_index.sql +39 -0
- synapse/storage/schema/main/delta/73/20_un_partial_stated_room_stream.sql +51 -0
- synapse/storage/schema/main/delta/73/21_un_partial_stated_room_stream_seq.sql.postgres +20 -0
- synapse/storage/schema/main/delta/73/22_rebuild_user_dir_stats.sql +48 -0
- synapse/storage/schema/main/delta/73/22_un_partial_stated_event_stream.sql +53 -0
- synapse/storage/schema/main/delta/73/23_fix_thread_index.sql +52 -0
- synapse/storage/schema/main/delta/73/23_un_partial_stated_room_stream_seq.sql.postgres +20 -0
- synapse/storage/schema/main/delta/73/24_events_jump_to_date_index.sql +36 -0
- synapse/storage/schema/main/delta/73/25drop_presence.sql +36 -0
- synapse/storage/schema/main/delta/74/01_user_directory_stale_remote_users.sql +58 -0
- synapse/storage/schema/main/delta/74/02_set_device_id_for_pushers_bg_update.sql +38 -0
- synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.postgres +29 -0
- synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.sqlite +23 -0
- synapse/storage/schema/main/delta/74/03_room_membership_index.sql +38 -0
- synapse/storage/schema/main/delta/74/04_delete_e2e_backup_keys_for_deactivated_users.sql +36 -0
- synapse/storage/schema/main/delta/74/04_membership_tables_event_stream_ordering_triggers.py +87 -0
- synapse/storage/schema/main/delta/74/05_events_txn_id_device_id.sql +72 -0
- synapse/storage/schema/main/delta/74/90COMMENTS_destinations.sql.postgres +52 -0
- synapse/storage/schema/main/delta/76/01_add_profiles_full_user_id_column.sql +39 -0
- synapse/storage/schema/main/delta/76/02_add_user_filters_full_user_id_column.sql +39 -0
- synapse/storage/schema/main/delta/76/03_per_user_experimental_features.sql +46 -0
- synapse/storage/schema/main/delta/76/04_add_room_forgetter.sql +43 -0
- synapse/storage/schema/main/delta/77/01_add_profiles_not_valid_check.sql.postgres +16 -0
- synapse/storage/schema/main/delta/77/02_add_user_filters_not_valid_check.sql.postgres +16 -0
- synapse/storage/schema/main/delta/77/03bg_populate_full_user_id_profiles.sql +35 -0
- synapse/storage/schema/main/delta/77/04bg_populate_full_user_id_user_filters.sql +35 -0
- synapse/storage/schema/main/delta/77/05thread_notifications_backfill.sql +67 -0
- synapse/storage/schema/main/delta/77/06thread_notifications_not_null.sql.sqlite +102 -0
- synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions.sql.postgres +27 -0
- synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions_staging.sql.postgres +27 -0
- synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_summary.sql.postgres +29 -0
- synapse/storage/schema/main/delta/77/14bg_indices_event_stream_ordering.sql +39 -0
- synapse/storage/schema/main/delta/78/01_validate_and_update_profiles.py +99 -0
- synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py +100 -0
- synapse/storage/schema/main/delta/78/03_remove_unused_indexes_user_filters.py +72 -0
- synapse/storage/schema/main/delta/78/03event_extremities_constraints.py +65 -0
- synapse/storage/schema/main/delta/78/04_add_full_user_id_index_user_filters.py +32 -0
- synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.postgres +102 -0
- synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.sqlite +72 -0
- synapse/storage/schema/main/delta/79/04_mitigate_stream_ordering_update_race.py +70 -0
- synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.postgres +69 -0
- synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.sqlite +65 -0
- synapse/storage/schema/main/delta/80/01_users_alter_locked.sql +35 -0
- synapse/storage/schema/main/delta/80/02_read_write_locks_unlogged.sql.postgres +30 -0
- synapse/storage/schema/main/delta/80/02_scheduled_tasks.sql +47 -0
- synapse/storage/schema/main/delta/80/03_read_write_locks_triggers.sql.postgres +37 -0
- synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres +71 -0
- synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql +35 -0
- synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql +39 -0
- synapse/storage/schema/main/delta/82/05gaps.sql +44 -0
- synapse/storage/schema/main/delta/83/01_drop_old_tables.sql +43 -0
- synapse/storage/schema/main/delta/83/03_instance_name_receipts.sql.sqlite +17 -0
- synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql +34 -0
- synapse/storage/schema/main/delta/83/06_event_push_summary_room.sql +36 -0
- synapse/storage/schema/main/delta/84/01_auth_links_stats.sql.postgres +20 -0
- synapse/storage/schema/main/delta/84/02_auth_links_index.sql +16 -0
- synapse/storage/schema/main/delta/84/03_auth_links_analyze.sql.postgres +16 -0
- synapse/storage/schema/main/delta/84/04_access_token_index.sql +15 -0
- synapse/storage/schema/main/delta/85/01_add_suspended.sql +14 -0
- synapse/storage/schema/main/delta/85/02_add_instance_names.sql +27 -0
- synapse/storage/schema/main/delta/85/03_new_sequences.sql.postgres +54 -0
- synapse/storage/schema/main/delta/85/04_cleanup_device_federation_outbox.sql +15 -0
- synapse/storage/schema/main/delta/85/05_add_instance_names_converted_pos.sql +16 -0
- synapse/storage/schema/main/delta/85/06_add_room_reports.sql +20 -0
- synapse/storage/schema/main/delta/86/01_authenticate_media.sql +15 -0
- synapse/storage/schema/main/delta/86/02_receipts_event_id_index.sql +15 -0
- synapse/storage/schema/main/delta/87/01_sliding_sync_memberships.sql +169 -0
- synapse/storage/schema/main/delta/87/02_per_connection_state.sql +81 -0
- synapse/storage/schema/main/delta/87/03_current_state_index.sql +19 -0
- synapse/storage/schema/main/delta/88/01_add_delayed_events.sql +43 -0
- synapse/storage/schema/main/delta/88/01_custom_profile_fields.sql +15 -0
- synapse/storage/schema/main/delta/88/02_fix_sliding_sync_membership_snapshots_forgotten_column.sql +21 -0
- synapse/storage/schema/main/delta/88/03_add_otk_ts_added_index.sql +18 -0
- synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql +18 -0
- synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.postgres +19 -0
- synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.sqlite +19 -0
- synapse/storage/schema/main/delta/88/05_sliding_sync_room_config_index.sql +20 -0
- synapse/storage/schema/main/delta/88/06_events_received_ts_index.sql +17 -0
- synapse/storage/schema/main/delta/89/01_sliding_sync_membership_snapshot_index.sql +15 -0
- synapse/storage/schema/main/delta/90/01_add_column_participant_room_memberships_table.sql +16 -0
- synapse/storage/schema/main/delta/91/01_media_hash.sql +28 -0
- synapse/storage/schema/main/delta/92/01_remove_trigger.sql.postgres +16 -0
- synapse/storage/schema/main/delta/92/01_remove_trigger.sql.sqlite +16 -0
- synapse/storage/schema/main/delta/92/02_remove_populate_participant_bg_update.sql +17 -0
- synapse/storage/schema/main/delta/92/04_ss_membership_snapshot_idx.sql +16 -0
- synapse/storage/schema/main/delta/92/04_thread_subscriptions.sql +59 -0
- synapse/storage/schema/main/delta/92/04_thread_subscriptions_seq.sql.postgres +19 -0
- synapse/storage/schema/main/delta/92/05_fixup_max_depth_cap.sql +17 -0
- synapse/storage/schema/main/delta/92/05_thread_subscriptions_comments.sql.postgres +18 -0
- synapse/storage/schema/main/delta/92/06_device_federation_inbox_index.sql +16 -0
- synapse/storage/schema/main/delta/92/06_threads_last_sent_stream_ordering_comments.sql.postgres +24 -0
- synapse/storage/schema/main/delta/92/07_add_user_reports.sql +22 -0
- synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql +15 -0
- synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql +21 -0
- synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres +19 -0
- synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql +20 -0
- synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres +18 -0
- synapse/storage/schema/main/full_schemas/72/full.sql.postgres +1344 -0
- synapse/storage/schema/main/full_schemas/72/full.sql.sqlite +646 -0
- synapse/storage/schema/state/delta/23/drop_state_index.sql +35 -0
- synapse/storage/schema/state/delta/32/remove_state_indices.sql +38 -0
- synapse/storage/schema/state/delta/35/add_state_index.sql +36 -0
- synapse/storage/schema/state/delta/35/state.sql +41 -0
- synapse/storage/schema/state/delta/35/state_dedupe.sql +36 -0
- synapse/storage/schema/state/delta/47/state_group_seq.py +38 -0
- synapse/storage/schema/state/delta/56/state_group_room_idx.sql +36 -0
- synapse/storage/schema/state/delta/61/02state_groups_state_n_distinct.sql.postgres +34 -0
- synapse/storage/schema/state/delta/70/08_state_group_edges_unique.sql +36 -0
- synapse/storage/schema/state/delta/89/01_state_groups_deletion.sql +39 -0
- synapse/storage/schema/state/delta/90/02_delete_unreferenced_state_groups.sql +16 -0
- synapse/storage/schema/state/delta/90/03_remove_old_deletion_bg_update.sql +15 -0
- synapse/storage/schema/state/full_schemas/72/full.sql.postgres +30 -0
- synapse/storage/schema/state/full_schemas/72/full.sql.sqlite +20 -0
- synapse/storage/types.py +185 -0
- synapse/storage/util/__init__.py +20 -0
- synapse/storage/util/id_generators.py +909 -0
- synapse/storage/util/partial_state_events_tracker.py +194 -0
- synapse/storage/util/sequence.py +315 -0
- synapse/streams/__init__.py +43 -0
- synapse/streams/config.py +92 -0
- synapse/streams/events.py +203 -0
- synapse/synapse_rust/__init__.pyi +3 -0
- synapse/synapse_rust/acl.pyi +20 -0
- synapse/synapse_rust/events.pyi +136 -0
- synapse/synapse_rust/http_client.pyi +32 -0
- synapse/synapse_rust/push.pyi +86 -0
- synapse/synapse_rust/rendezvous.pyi +30 -0
- synapse/synapse_rust/segmenter.pyi +1 -0
- synapse/synapse_rust.abi3.so +0 -0
- synapse/types/__init__.py +1600 -0
- synapse/types/handlers/__init__.py +93 -0
- synapse/types/handlers/policy_server.py +16 -0
- synapse/types/handlers/sliding_sync.py +909 -0
- synapse/types/rest/__init__.py +25 -0
- synapse/types/rest/client/__init__.py +415 -0
- synapse/types/state.py +635 -0
- synapse/types/storage/__init__.py +66 -0
- synapse/util/__init__.py +170 -0
- synapse/util/async_helpers.py +1067 -0
- synapse/util/batching_queue.py +202 -0
- synapse/util/caches/__init__.py +300 -0
- synapse/util/caches/cached_call.py +143 -0
- synapse/util/caches/deferred_cache.py +530 -0
- synapse/util/caches/descriptors.py +694 -0
- synapse/util/caches/dictionary_cache.py +350 -0
- synapse/util/caches/expiringcache.py +251 -0
- synapse/util/caches/lrucache.py +977 -0
- synapse/util/caches/response_cache.py +323 -0
- synapse/util/caches/stream_change_cache.py +370 -0
- synapse/util/caches/treecache.py +189 -0
- synapse/util/caches/ttlcache.py +197 -0
- synapse/util/cancellation.py +63 -0
- synapse/util/check_dependencies.py +335 -0
- synapse/util/clock.py +500 -0
- synapse/util/constants.py +22 -0
- synapse/util/daemonize.py +165 -0
- synapse/util/distributor.py +159 -0
- synapse/util/events.py +134 -0
- synapse/util/file_consumer.py +164 -0
- synapse/util/frozenutils.py +57 -0
- synapse/util/gai_resolver.py +180 -0
- synapse/util/hash.py +38 -0
- synapse/util/httpresourcetree.py +108 -0
- synapse/util/iterutils.py +189 -0
- synapse/util/json.py +56 -0
- synapse/util/linked_list.py +156 -0
- synapse/util/logcontext.py +46 -0
- synapse/util/logformatter.py +28 -0
- synapse/util/macaroons.py +325 -0
- synapse/util/manhole.py +191 -0
- synapse/util/metrics.py +340 -0
- synapse/util/module_loader.py +116 -0
- synapse/util/msisdn.py +51 -0
- synapse/util/patch_inline_callbacks.py +250 -0
- synapse/util/pydantic_models.py +56 -0
- synapse/util/ratelimitutils.py +420 -0
- synapse/util/retryutils.py +339 -0
- synapse/util/rlimit.py +42 -0
- synapse/util/rust.py +134 -0
- synapse/util/sentinel.py +21 -0
- synapse/util/stringutils.py +293 -0
- synapse/util/task_scheduler.py +493 -0
- synapse/util/templates.py +126 -0
- synapse/util/threepids.py +123 -0
- synapse/util/wheel_timer.py +112 -0
- synapse/visibility.py +836 -0
|
@@ -0,0 +1,617 @@
|
|
|
1
|
+
#
|
|
2
|
+
# This file is licensed under the Affero General Public License (AGPL) version 3.
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2023 The Matrix.org Foundation.
|
|
5
|
+
# Copyright (C) 2023 New Vector, Ltd
|
|
6
|
+
#
|
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
|
8
|
+
# it under the terms of the GNU Affero General Public License as
|
|
9
|
+
# published by the Free Software Foundation, either version 3 of the
|
|
10
|
+
# License, or (at your option) any later version.
|
|
11
|
+
#
|
|
12
|
+
# See the GNU Affero General Public License for more details:
|
|
13
|
+
# <https://www.gnu.org/licenses/agpl-3.0.html>.
|
|
14
|
+
#
|
|
15
|
+
# Originally licensed under the Apache License, Version 2.0:
|
|
16
|
+
# <http://www.apache.org/licenses/LICENSE-2.0>.
|
|
17
|
+
#
|
|
18
|
+
# [This file includes modifications made by New Vector Limited]
|
|
19
|
+
#
|
|
20
|
+
#
|
|
21
|
+
import logging
|
|
22
|
+
from dataclasses import dataclass
|
|
23
|
+
from typing import TYPE_CHECKING, Any, Callable, Optional
|
|
24
|
+
from urllib.parse import urlencode
|
|
25
|
+
|
|
26
|
+
from authlib.oauth2 import ClientAuth
|
|
27
|
+
from authlib.oauth2.auth import encode_client_secret_basic, encode_client_secret_post
|
|
28
|
+
from authlib.oauth2.rfc7523 import ClientSecretJWT, PrivateKeyJWT, private_key_jwt_sign
|
|
29
|
+
from authlib.oauth2.rfc7662 import IntrospectionToken
|
|
30
|
+
from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
|
|
31
|
+
|
|
32
|
+
from synapse.api.auth.base import BaseAuth
|
|
33
|
+
from synapse.api.errors import (
|
|
34
|
+
AuthError,
|
|
35
|
+
HttpResponseException,
|
|
36
|
+
InvalidClientTokenError,
|
|
37
|
+
SynapseError,
|
|
38
|
+
UnrecognizedRequestError,
|
|
39
|
+
)
|
|
40
|
+
from synapse.http.site import SynapseRequest
|
|
41
|
+
from synapse.logging.opentracing import (
|
|
42
|
+
active_span,
|
|
43
|
+
force_tracing,
|
|
44
|
+
inject_request_headers,
|
|
45
|
+
start_active_span,
|
|
46
|
+
)
|
|
47
|
+
from synapse.metrics import SERVER_NAME_LABEL
|
|
48
|
+
from synapse.synapse_rust.http_client import HttpClient
|
|
49
|
+
from synapse.types import Requester, UserID, create_requester
|
|
50
|
+
from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
|
|
51
|
+
from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
|
|
52
|
+
from synapse.util.json import json_decoder
|
|
53
|
+
|
|
54
|
+
from . import introspection_response_timer
|
|
55
|
+
|
|
56
|
+
if TYPE_CHECKING:
|
|
57
|
+
from synapse.rest.admin.experimental_features import ExperimentalFeature
|
|
58
|
+
from synapse.server import HomeServer
|
|
59
|
+
|
|
60
|
+
logger = logging.getLogger(__name__)
|
|
61
|
+
|
|
62
|
+
# Scope as defined by MSC2967
|
|
63
|
+
# https://github.com/matrix-org/matrix-spec-proposals/pull/2967
|
|
64
|
+
UNSTABLE_SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
|
|
65
|
+
UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:org.matrix.msc2967.client:device:"
|
|
66
|
+
STABLE_SCOPE_MATRIX_API = "urn:matrix:client:api:*"
|
|
67
|
+
STABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:client:device:"
|
|
68
|
+
|
|
69
|
+
# Scope which allows access to the Synapse admin API
|
|
70
|
+
SCOPE_SYNAPSE_ADMIN = "urn:synapse:admin:*"
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
def scope_to_list(scope: str) -> list[str]:
|
|
74
|
+
"""Convert a scope string to a list of scope tokens"""
|
|
75
|
+
return scope.strip().split(" ")
|
|
76
|
+
|
|
77
|
+
|
|
78
|
+
@dataclass
|
|
79
|
+
class IntrospectionResult:
|
|
80
|
+
_inner: IntrospectionToken
|
|
81
|
+
|
|
82
|
+
# when we retrieved this token,
|
|
83
|
+
# in milliseconds since the Unix epoch
|
|
84
|
+
retrieved_at_ms: int
|
|
85
|
+
|
|
86
|
+
def is_active(self, now_ms: int) -> bool:
|
|
87
|
+
if not self._inner.get("active"):
|
|
88
|
+
return False
|
|
89
|
+
|
|
90
|
+
expires_in = self._inner.get("expires_in")
|
|
91
|
+
if expires_in is None:
|
|
92
|
+
return True
|
|
93
|
+
if not isinstance(expires_in, int):
|
|
94
|
+
raise InvalidClientTokenError("token `expires_in` is not an int")
|
|
95
|
+
|
|
96
|
+
absolute_expiry_ms = expires_in * 1000 + self.retrieved_at_ms
|
|
97
|
+
return now_ms < absolute_expiry_ms
|
|
98
|
+
|
|
99
|
+
def get_scope_list(self) -> list[str]:
|
|
100
|
+
value = self._inner.get("scope")
|
|
101
|
+
if not isinstance(value, str):
|
|
102
|
+
return []
|
|
103
|
+
return scope_to_list(value)
|
|
104
|
+
|
|
105
|
+
def get_sub(self) -> Optional[str]:
|
|
106
|
+
value = self._inner.get("sub")
|
|
107
|
+
if not isinstance(value, str):
|
|
108
|
+
return None
|
|
109
|
+
return value
|
|
110
|
+
|
|
111
|
+
def get_username(self) -> Optional[str]:
|
|
112
|
+
value = self._inner.get("username")
|
|
113
|
+
if not isinstance(value, str):
|
|
114
|
+
return None
|
|
115
|
+
return value
|
|
116
|
+
|
|
117
|
+
def get_name(self) -> Optional[str]:
|
|
118
|
+
value = self._inner.get("name")
|
|
119
|
+
if not isinstance(value, str):
|
|
120
|
+
return None
|
|
121
|
+
return value
|
|
122
|
+
|
|
123
|
+
def get_device_id(self) -> Optional[str]:
|
|
124
|
+
value = self._inner.get("device_id")
|
|
125
|
+
if value is not None and not isinstance(value, str):
|
|
126
|
+
raise AuthError(
|
|
127
|
+
500,
|
|
128
|
+
"Invalid device ID in introspection result",
|
|
129
|
+
)
|
|
130
|
+
return value
|
|
131
|
+
|
|
132
|
+
|
|
133
|
+
class PrivateKeyJWTWithKid(PrivateKeyJWT): # type: ignore[misc]
|
|
134
|
+
"""An implementation of the private_key_jwt client auth method that includes a kid header.
|
|
135
|
+
|
|
136
|
+
This is needed because some providers (Keycloak) require the kid header to figure
|
|
137
|
+
out which key to use to verify the signature.
|
|
138
|
+
"""
|
|
139
|
+
|
|
140
|
+
def sign(self, auth: Any, token_endpoint: str) -> bytes:
|
|
141
|
+
return private_key_jwt_sign(
|
|
142
|
+
auth.client_secret,
|
|
143
|
+
client_id=auth.client_id,
|
|
144
|
+
token_endpoint=token_endpoint,
|
|
145
|
+
claims=self.claims,
|
|
146
|
+
header={"kid": auth.client_secret["kid"]},
|
|
147
|
+
)
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
class MSC3861DelegatedAuth(BaseAuth):
|
|
151
|
+
AUTH_METHODS = {
|
|
152
|
+
"client_secret_post": encode_client_secret_post,
|
|
153
|
+
"client_secret_basic": encode_client_secret_basic,
|
|
154
|
+
"client_secret_jwt": ClientSecretJWT(),
|
|
155
|
+
"private_key_jwt": PrivateKeyJWTWithKid(),
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
EXTERNAL_ID_PROVIDER = "oauth-delegated"
|
|
159
|
+
|
|
160
|
+
def __init__(self, hs: "HomeServer"):
|
|
161
|
+
super().__init__(hs)
|
|
162
|
+
|
|
163
|
+
self._config = hs.config.experimental.msc3861
|
|
164
|
+
auth_method = MSC3861DelegatedAuth.AUTH_METHODS.get(
|
|
165
|
+
self._config.client_auth_method.value, None
|
|
166
|
+
)
|
|
167
|
+
# Those assertions are already checked when parsing the config
|
|
168
|
+
assert self._config.enabled, "OAuth delegation is not enabled"
|
|
169
|
+
assert self._config.issuer, "No issuer provided"
|
|
170
|
+
assert self._config.client_id, "No client_id provided"
|
|
171
|
+
assert auth_method is not None, "Invalid client_auth_method provided"
|
|
172
|
+
|
|
173
|
+
self.server_name = hs.hostname
|
|
174
|
+
self._clock = hs.get_clock()
|
|
175
|
+
self._http_client = hs.get_proxied_http_client()
|
|
176
|
+
self._hostname = hs.hostname
|
|
177
|
+
self._admin_token: Callable[[], Optional[str]] = self._config.admin_token
|
|
178
|
+
self._force_tracing_for_users = hs.config.tracing.force_tracing_for_users
|
|
179
|
+
|
|
180
|
+
self._rust_http_client = HttpClient(
|
|
181
|
+
reactor=hs.get_reactor(),
|
|
182
|
+
user_agent=self._http_client.user_agent.decode("utf8"),
|
|
183
|
+
)
|
|
184
|
+
|
|
185
|
+
# # Token Introspection Cache
|
|
186
|
+
# This remembers what users/devices are represented by which access tokens,
|
|
187
|
+
# in order to reduce overall system load:
|
|
188
|
+
# - on Synapse (as requests are relatively expensive)
|
|
189
|
+
# - on the network
|
|
190
|
+
# - on MAS
|
|
191
|
+
#
|
|
192
|
+
# Since there is no invalidation mechanism currently,
|
|
193
|
+
# the entries expire after 2 minutes.
|
|
194
|
+
# This does mean tokens can be treated as valid by Synapse
|
|
195
|
+
# for longer than reality.
|
|
196
|
+
#
|
|
197
|
+
# Ideally, tokens should logically be invalidated in the following circumstances:
|
|
198
|
+
# - If a session logout happens.
|
|
199
|
+
# In this case, MAS will delete the device within Synapse
|
|
200
|
+
# anyway and this is good enough as an invalidation.
|
|
201
|
+
# - If the client refreshes their token in MAS.
|
|
202
|
+
# In this case, the device still exists and it's not the end of the world for
|
|
203
|
+
# the old access token to continue working for a short time.
|
|
204
|
+
self._introspection_cache: ResponseCache[str] = ResponseCache(
|
|
205
|
+
clock=self._clock,
|
|
206
|
+
name="token_introspection",
|
|
207
|
+
server_name=self.server_name,
|
|
208
|
+
timeout_ms=120_000,
|
|
209
|
+
# don't log because the keys are access tokens
|
|
210
|
+
enable_logging=False,
|
|
211
|
+
)
|
|
212
|
+
|
|
213
|
+
self._issuer_metadata = RetryOnExceptionCachedCall[OpenIDProviderMetadata](
|
|
214
|
+
self._load_metadata
|
|
215
|
+
)
|
|
216
|
+
|
|
217
|
+
if isinstance(auth_method, PrivateKeyJWTWithKid):
|
|
218
|
+
# Use the JWK as the client secret when using the private_key_jwt method
|
|
219
|
+
assert self._config.jwk, "No JWK provided"
|
|
220
|
+
self._client_auth = ClientAuth(
|
|
221
|
+
self._config.client_id, self._config.jwk, auth_method
|
|
222
|
+
)
|
|
223
|
+
else:
|
|
224
|
+
# Else use the client secret
|
|
225
|
+
client_secret = self._config.client_secret()
|
|
226
|
+
assert client_secret, "No client_secret provided"
|
|
227
|
+
self._client_auth = ClientAuth(
|
|
228
|
+
self._config.client_id, client_secret, auth_method
|
|
229
|
+
)
|
|
230
|
+
|
|
231
|
+
async def _load_metadata(self) -> OpenIDProviderMetadata:
|
|
232
|
+
if self._config.issuer_metadata is not None:
|
|
233
|
+
return OpenIDProviderMetadata(**self._config.issuer_metadata)
|
|
234
|
+
url = get_well_known_url(self._config.issuer, external=True)
|
|
235
|
+
response = await self._http_client.get_json(url)
|
|
236
|
+
metadata = OpenIDProviderMetadata(**response)
|
|
237
|
+
# metadata.validate_introspection_endpoint()
|
|
238
|
+
return metadata
|
|
239
|
+
|
|
240
|
+
async def issuer(self) -> str:
|
|
241
|
+
"""
|
|
242
|
+
Get the configured issuer
|
|
243
|
+
|
|
244
|
+
This will use the issuer value set in the metadata,
|
|
245
|
+
falling back to the one set in the config if not set in the metadata
|
|
246
|
+
"""
|
|
247
|
+
metadata = await self._issuer_metadata.get()
|
|
248
|
+
return metadata.issuer or self._config.issuer
|
|
249
|
+
|
|
250
|
+
async def account_management_url(self) -> Optional[str]:
|
|
251
|
+
"""
|
|
252
|
+
Get the configured account management URL
|
|
253
|
+
|
|
254
|
+
This will discover the account management URL from the issuer if it's not set in the config
|
|
255
|
+
"""
|
|
256
|
+
if self._config.account_management_url is not None:
|
|
257
|
+
return self._config.account_management_url
|
|
258
|
+
|
|
259
|
+
try:
|
|
260
|
+
metadata = await self._issuer_metadata.get()
|
|
261
|
+
return metadata.get("account_management_uri", None)
|
|
262
|
+
# We don't want to raise here if we can't load the metadata
|
|
263
|
+
except Exception:
|
|
264
|
+
logger.warning("Failed to load metadata:", exc_info=True)
|
|
265
|
+
return None
|
|
266
|
+
|
|
267
|
+
async def auth_metadata(self) -> dict[str, Any]:
|
|
268
|
+
"""
|
|
269
|
+
Returns the auth metadata dict
|
|
270
|
+
"""
|
|
271
|
+
return await self._issuer_metadata.get()
|
|
272
|
+
|
|
273
|
+
async def _introspection_endpoint(self) -> str:
|
|
274
|
+
"""
|
|
275
|
+
Returns the introspection endpoint of the issuer
|
|
276
|
+
|
|
277
|
+
It uses the config option if set, otherwise it will use OIDC discovery to get it
|
|
278
|
+
"""
|
|
279
|
+
if self._config.introspection_endpoint is not None:
|
|
280
|
+
return self._config.introspection_endpoint
|
|
281
|
+
|
|
282
|
+
metadata = await self._issuer_metadata.get()
|
|
283
|
+
return metadata.get("introspection_endpoint")
|
|
284
|
+
|
|
285
|
+
async def _introspect_token(
|
|
286
|
+
self, token: str, cache_context: ResponseCacheContext[str]
|
|
287
|
+
) -> IntrospectionResult:
|
|
288
|
+
"""
|
|
289
|
+
Send a token to the introspection endpoint and returns the introspection response
|
|
290
|
+
|
|
291
|
+
Parameters:
|
|
292
|
+
token: The token to introspect
|
|
293
|
+
|
|
294
|
+
Raises:
|
|
295
|
+
HttpResponseException: If the introspection endpoint returns a non-2xx response
|
|
296
|
+
ValueError: If the introspection endpoint returns an invalid JSON response
|
|
297
|
+
JSONDecodeError: If the introspection endpoint returns a non-JSON response
|
|
298
|
+
Exception: If the HTTP request fails
|
|
299
|
+
|
|
300
|
+
Returns:
|
|
301
|
+
The introspection response
|
|
302
|
+
"""
|
|
303
|
+
# By default, we shouldn't cache the result unless we know it's valid
|
|
304
|
+
cache_context.should_cache = False
|
|
305
|
+
introspection_endpoint = await self._introspection_endpoint()
|
|
306
|
+
raw_headers: dict[str, str] = {
|
|
307
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
|
308
|
+
"Accept": "application/json",
|
|
309
|
+
# Tell MAS that we support reading the device ID as an explicit
|
|
310
|
+
# value, not encoded in the scope. This is supported by MAS 0.15+
|
|
311
|
+
"X-MAS-Supports-Device-Id": "1",
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
args = {"token": token, "token_type_hint": "access_token"}
|
|
315
|
+
body = urlencode(args, True)
|
|
316
|
+
|
|
317
|
+
# Fill the body/headers with credentials
|
|
318
|
+
uri, raw_headers, body = self._client_auth.prepare(
|
|
319
|
+
method="POST", uri=introspection_endpoint, headers=raw_headers, body=body
|
|
320
|
+
)
|
|
321
|
+
|
|
322
|
+
# Do the actual request
|
|
323
|
+
|
|
324
|
+
logger.debug("Fetching token from MAS")
|
|
325
|
+
start_time = self._clock.time()
|
|
326
|
+
try:
|
|
327
|
+
with start_active_span("mas-introspect-token"):
|
|
328
|
+
inject_request_headers(raw_headers)
|
|
329
|
+
resp_body = await self._rust_http_client.post(
|
|
330
|
+
url=uri,
|
|
331
|
+
response_limit=1 * 1024 * 1024,
|
|
332
|
+
headers=raw_headers,
|
|
333
|
+
request_body=body,
|
|
334
|
+
)
|
|
335
|
+
except HttpResponseException as e:
|
|
336
|
+
end_time = self._clock.time()
|
|
337
|
+
introspection_response_timer.labels(
|
|
338
|
+
code=e.code, **{SERVER_NAME_LABEL: self.server_name}
|
|
339
|
+
).observe(end_time - start_time)
|
|
340
|
+
raise
|
|
341
|
+
except Exception:
|
|
342
|
+
end_time = self._clock.time()
|
|
343
|
+
introspection_response_timer.labels(
|
|
344
|
+
code="ERR", **{SERVER_NAME_LABEL: self.server_name}
|
|
345
|
+
).observe(end_time - start_time)
|
|
346
|
+
raise
|
|
347
|
+
|
|
348
|
+
logger.debug("Fetched token from MAS")
|
|
349
|
+
|
|
350
|
+
end_time = self._clock.time()
|
|
351
|
+
introspection_response_timer.labels(
|
|
352
|
+
code=200, **{SERVER_NAME_LABEL: self.server_name}
|
|
353
|
+
).observe(end_time - start_time)
|
|
354
|
+
|
|
355
|
+
resp = json_decoder.decode(resp_body.decode("utf-8"))
|
|
356
|
+
|
|
357
|
+
if not isinstance(resp, dict):
|
|
358
|
+
raise ValueError(
|
|
359
|
+
"The introspection endpoint returned an invalid JSON response."
|
|
360
|
+
)
|
|
361
|
+
|
|
362
|
+
# We had a valid response, so we can cache it
|
|
363
|
+
cache_context.should_cache = True
|
|
364
|
+
return IntrospectionResult(
|
|
365
|
+
IntrospectionToken(**resp), retrieved_at_ms=self._clock.time_msec()
|
|
366
|
+
)
|
|
367
|
+
|
|
368
|
+
async def is_server_admin(self, requester: Requester) -> bool:
|
|
369
|
+
return "urn:synapse:admin:*" in requester.scope
|
|
370
|
+
|
|
371
|
+
def _is_access_token_the_admin_token(self, token: str) -> bool:
|
|
372
|
+
admin_token = self._admin_token()
|
|
373
|
+
if admin_token is None:
|
|
374
|
+
return False
|
|
375
|
+
return token == admin_token
|
|
376
|
+
|
|
377
|
+
async def get_user_by_req(
|
|
378
|
+
self,
|
|
379
|
+
request: SynapseRequest,
|
|
380
|
+
allow_guest: bool = False,
|
|
381
|
+
allow_expired: bool = False,
|
|
382
|
+
allow_locked: bool = False,
|
|
383
|
+
) -> Requester:
|
|
384
|
+
"""Get a registered user's ID.
|
|
385
|
+
|
|
386
|
+
Args:
|
|
387
|
+
request: An HTTP request with an access_token query parameter.
|
|
388
|
+
allow_guest: If False, will raise an AuthError if the user making the
|
|
389
|
+
request is a guest.
|
|
390
|
+
allow_expired: If True, allow the request through even if the account
|
|
391
|
+
is expired, or session token lifetime has ended. Note that
|
|
392
|
+
/login will deliver access tokens regardless of expiration.
|
|
393
|
+
|
|
394
|
+
Returns:
|
|
395
|
+
Resolves to the requester
|
|
396
|
+
Raises:
|
|
397
|
+
InvalidClientCredentialsError if no user by that token exists or the token
|
|
398
|
+
is invalid.
|
|
399
|
+
AuthError if access is denied for the user in the access token
|
|
400
|
+
"""
|
|
401
|
+
parent_span = active_span()
|
|
402
|
+
with start_active_span("get_user_by_req"):
|
|
403
|
+
requester = await self._wrapped_get_user_by_req(
|
|
404
|
+
request, allow_guest, allow_expired, allow_locked
|
|
405
|
+
)
|
|
406
|
+
|
|
407
|
+
if parent_span:
|
|
408
|
+
if requester.authenticated_entity in self._force_tracing_for_users:
|
|
409
|
+
# request tracing is enabled for this user, so we need to force it
|
|
410
|
+
# tracing on for the parent span (which will be the servlet span).
|
|
411
|
+
#
|
|
412
|
+
# It's too late for the get_user_by_req span to inherit the setting,
|
|
413
|
+
# so we also force it on for that.
|
|
414
|
+
force_tracing()
|
|
415
|
+
force_tracing(parent_span)
|
|
416
|
+
parent_span.set_tag(
|
|
417
|
+
"authenticated_entity", requester.authenticated_entity
|
|
418
|
+
)
|
|
419
|
+
parent_span.set_tag("user_id", requester.user.to_string())
|
|
420
|
+
if requester.device_id is not None:
|
|
421
|
+
parent_span.set_tag("device_id", requester.device_id)
|
|
422
|
+
if requester.app_service is not None:
|
|
423
|
+
parent_span.set_tag("appservice_id", requester.app_service.id)
|
|
424
|
+
return requester
|
|
425
|
+
|
|
426
|
+
async def _wrapped_get_user_by_req(
|
|
427
|
+
self,
|
|
428
|
+
request: SynapseRequest,
|
|
429
|
+
allow_guest: bool = False,
|
|
430
|
+
allow_expired: bool = False,
|
|
431
|
+
allow_locked: bool = False,
|
|
432
|
+
) -> Requester:
|
|
433
|
+
access_token = self.get_access_token_from_request(request)
|
|
434
|
+
|
|
435
|
+
requester = await self.get_appservice_user(request, access_token)
|
|
436
|
+
if not requester:
|
|
437
|
+
# TODO: we probably want to assert the allow_guest inside this call
|
|
438
|
+
# so that we don't provision the user if they don't have enough permission:
|
|
439
|
+
requester = await self.get_user_by_access_token(access_token, allow_expired)
|
|
440
|
+
|
|
441
|
+
# Do not record requests from MAS using the virtual `__oidc_admin` user.
|
|
442
|
+
if not self._is_access_token_the_admin_token(access_token):
|
|
443
|
+
await self._record_request(request, requester)
|
|
444
|
+
|
|
445
|
+
request.requester = requester
|
|
446
|
+
|
|
447
|
+
return requester
|
|
448
|
+
|
|
449
|
+
async def get_user_by_req_experimental_feature(
|
|
450
|
+
self,
|
|
451
|
+
request: SynapseRequest,
|
|
452
|
+
feature: "ExperimentalFeature",
|
|
453
|
+
allow_guest: bool = False,
|
|
454
|
+
allow_expired: bool = False,
|
|
455
|
+
allow_locked: bool = False,
|
|
456
|
+
) -> Requester:
|
|
457
|
+
try:
|
|
458
|
+
requester = await self.get_user_by_req(
|
|
459
|
+
request,
|
|
460
|
+
allow_guest=allow_guest,
|
|
461
|
+
allow_expired=allow_expired,
|
|
462
|
+
allow_locked=allow_locked,
|
|
463
|
+
)
|
|
464
|
+
if await self.store.is_feature_enabled(requester.user.to_string(), feature):
|
|
465
|
+
return requester
|
|
466
|
+
|
|
467
|
+
raise UnrecognizedRequestError(code=404)
|
|
468
|
+
except (AuthError, InvalidClientTokenError):
|
|
469
|
+
if feature.is_globally_enabled(self.hs.config):
|
|
470
|
+
# If its globally enabled then return the auth error
|
|
471
|
+
raise
|
|
472
|
+
|
|
473
|
+
raise UnrecognizedRequestError(code=404)
|
|
474
|
+
|
|
475
|
+
def is_request_using_the_admin_token(self, request: SynapseRequest) -> bool:
|
|
476
|
+
"""
|
|
477
|
+
Check if the request is using the admin token.
|
|
478
|
+
|
|
479
|
+
Args:
|
|
480
|
+
request: The request to check.
|
|
481
|
+
|
|
482
|
+
Returns:
|
|
483
|
+
True if the request is using the admin token, False otherwise.
|
|
484
|
+
"""
|
|
485
|
+
access_token = self.get_access_token_from_request(request)
|
|
486
|
+
return self._is_access_token_the_admin_token(access_token)
|
|
487
|
+
|
|
488
|
+
async def get_user_by_access_token(
|
|
489
|
+
self,
|
|
490
|
+
token: str,
|
|
491
|
+
allow_expired: bool = False,
|
|
492
|
+
) -> Requester:
|
|
493
|
+
if self._is_access_token_the_admin_token(token):
|
|
494
|
+
# XXX: This is a temporary solution so that the admin API can be called by
|
|
495
|
+
# the OIDC provider. This will be removed once we have OIDC client
|
|
496
|
+
# credentials grant support in matrix-authentication-service.
|
|
497
|
+
logger.info("Admin token used")
|
|
498
|
+
# XXX: that user doesn't exist and won't be provisioned.
|
|
499
|
+
# This is mostly fine for admin calls, but we should also think about doing
|
|
500
|
+
# requesters without a user_id.
|
|
501
|
+
admin_user = UserID("__oidc_admin", self._hostname)
|
|
502
|
+
return create_requester(
|
|
503
|
+
user_id=admin_user,
|
|
504
|
+
scope=["urn:synapse:admin:*"],
|
|
505
|
+
)
|
|
506
|
+
|
|
507
|
+
try:
|
|
508
|
+
introspection_result = await self._introspection_cache.wrap(
|
|
509
|
+
token, self._introspect_token, token, cache_context=True
|
|
510
|
+
)
|
|
511
|
+
except Exception:
|
|
512
|
+
logger.exception("Failed to introspect token")
|
|
513
|
+
raise SynapseError(503, "Unable to introspect the access token")
|
|
514
|
+
|
|
515
|
+
logger.debug("Introspection result: %r", introspection_result)
|
|
516
|
+
|
|
517
|
+
# TODO: introspection verification should be more extensive, especially:
|
|
518
|
+
# - verify the audience
|
|
519
|
+
if not introspection_result.is_active(self._clock.time_msec()):
|
|
520
|
+
raise InvalidClientTokenError("Token is not active")
|
|
521
|
+
|
|
522
|
+
# Let's look at the scope
|
|
523
|
+
scope: list[str] = introspection_result.get_scope_list()
|
|
524
|
+
|
|
525
|
+
# Determine type of user based on presence of particular scopes
|
|
526
|
+
has_user_scope = (
|
|
527
|
+
UNSTABLE_SCOPE_MATRIX_API in scope or STABLE_SCOPE_MATRIX_API in scope
|
|
528
|
+
)
|
|
529
|
+
|
|
530
|
+
if not has_user_scope:
|
|
531
|
+
raise InvalidClientTokenError("No scope in token granting user rights")
|
|
532
|
+
|
|
533
|
+
# Match via the sub claim
|
|
534
|
+
sub = introspection_result.get_sub()
|
|
535
|
+
if sub is None:
|
|
536
|
+
raise InvalidClientTokenError(
|
|
537
|
+
"Invalid sub claim in the introspection result"
|
|
538
|
+
)
|
|
539
|
+
|
|
540
|
+
user_id_str = await self.store.get_user_by_external_id(
|
|
541
|
+
MSC3861DelegatedAuth.EXTERNAL_ID_PROVIDER, sub
|
|
542
|
+
)
|
|
543
|
+
if user_id_str is None:
|
|
544
|
+
# If we could not find a user via the external_id, it either does not exist,
|
|
545
|
+
# or the external_id was never recorded
|
|
546
|
+
|
|
547
|
+
username = introspection_result.get_username()
|
|
548
|
+
if username is None:
|
|
549
|
+
raise AuthError(
|
|
550
|
+
500,
|
|
551
|
+
"Invalid username claim in the introspection result",
|
|
552
|
+
)
|
|
553
|
+
user_id = UserID(username, self._hostname)
|
|
554
|
+
|
|
555
|
+
# Try to find a user from the username claim
|
|
556
|
+
user_info = await self.store.get_user_by_id(user_id=user_id.to_string())
|
|
557
|
+
if user_info is None:
|
|
558
|
+
raise AuthError(
|
|
559
|
+
500,
|
|
560
|
+
"User not found",
|
|
561
|
+
)
|
|
562
|
+
|
|
563
|
+
# And record the sub as external_id
|
|
564
|
+
await self.store.record_user_external_id(
|
|
565
|
+
MSC3861DelegatedAuth.EXTERNAL_ID_PROVIDER, sub, user_id.to_string()
|
|
566
|
+
)
|
|
567
|
+
else:
|
|
568
|
+
user_id = UserID.from_string(user_id_str)
|
|
569
|
+
|
|
570
|
+
# MAS 0.15+ will give us the device ID as an explicit value for compatibility sessions
|
|
571
|
+
# If present, we get it from here, if not we get it in thee scope
|
|
572
|
+
device_id = introspection_result.get_device_id()
|
|
573
|
+
if device_id is None:
|
|
574
|
+
# Find device_ids in scope
|
|
575
|
+
# We only allow a single device_id in the scope, so we find them all in the
|
|
576
|
+
# scope list, and raise if there are more than one. The OIDC server should be
|
|
577
|
+
# the one enforcing valid scopes, so we raise a 500 if we find an invalid scope.
|
|
578
|
+
device_ids: set[str] = set()
|
|
579
|
+
for tok in scope:
|
|
580
|
+
if tok.startswith(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX):
|
|
581
|
+
device_ids.add(tok[len(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
|
|
582
|
+
elif tok.startswith(STABLE_SCOPE_MATRIX_DEVICE_PREFIX):
|
|
583
|
+
device_ids.add(tok[len(STABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
|
|
584
|
+
|
|
585
|
+
if len(device_ids) > 1:
|
|
586
|
+
raise AuthError(
|
|
587
|
+
500,
|
|
588
|
+
"Multiple device IDs in scope",
|
|
589
|
+
)
|
|
590
|
+
|
|
591
|
+
device_id = next(iter(device_ids), None)
|
|
592
|
+
|
|
593
|
+
if device_id is not None:
|
|
594
|
+
# Sanity check the device_id
|
|
595
|
+
if len(device_id) > 255 or len(device_id) < 1:
|
|
596
|
+
raise AuthError(
|
|
597
|
+
500,
|
|
598
|
+
"Invalid device ID in introspection result",
|
|
599
|
+
)
|
|
600
|
+
|
|
601
|
+
# Make sure the device exists
|
|
602
|
+
await self.store.get_device(
|
|
603
|
+
user_id=user_id.to_string(), device_id=device_id
|
|
604
|
+
)
|
|
605
|
+
|
|
606
|
+
# TODO: there is a few things missing in the requester here, which still need
|
|
607
|
+
# to be figured out, like:
|
|
608
|
+
# - impersonation, with the `authenticated_entity`, which is used for
|
|
609
|
+
# rate-limiting, MAU limits, etc.
|
|
610
|
+
# - shadow-banning, with the `shadow_banned` flag
|
|
611
|
+
# - a proper solution for appservices, which still needs to be figured out in
|
|
612
|
+
# the context of MSC3861
|
|
613
|
+
return create_requester(
|
|
614
|
+
user_id=user_id,
|
|
615
|
+
device_id=device_id,
|
|
616
|
+
scope=scope,
|
|
617
|
+
)
|