Imported Upstream version 0.33.1
Erik Johnston
5 years ago
0 | Synapse 0.33.1 (2018-08-02) | |
1 | =========================== | |
2 | ||
3 | SECURITY FIXES | |
4 | -------------- | |
5 | ||
6 | - Fix a potential issue where servers could request events for rooms they have not joined. (`#3641 <https://github.com/matrix-org/synapse/issues/3641>`_) | |
7 | - Fix a potential issue where users could see events in private rooms before they joined. (`#3642 <https://github.com/matrix-org/synapse/issues/3642>`_) | |
8 | ||
9 | ||
0 | 10 | Synapse 0.33.0 (2018-07-19) |
1 | 11 | =========================== |
2 | 12 | |
13 | Bugfixes | |
14 | -------- | |
15 | ||
16 | - Disable a noisy warning about logcontexts. (`#3561 <https://github.com/matrix-org/synapse/issues/3561>`_) | |
17 | ||
18 | ||
19 | Synapse 0.33.0rc1 (2018-07-18) | |
20 | ============================== | |
21 | ||
3 | 22 | Features |
4 | 23 | -------- |
5 | 24 | |
6 | - Enforce the specified API for report_event (`#3316 <https://github.com/matrix-org/synapse/issues/3316>`_) | |
25 | - Enforce the specified API for report_event. (`#3316 <https://github.com/matrix-org/synapse/issues/3316>`_) | |
7 | 26 | - Include CPU time from database threads in request/block metrics. (`#3496 <https://github.com/matrix-org/synapse/issues/3496>`_, `#3501 <https://github.com/matrix-org/synapse/issues/3501>`_) |
8 | - Add CPU metrics for _fetch_event_list (`#3497 <https://github.com/matrix-org/synapse/issues/3497>`_) | |
9 | - optimisation for /sync (`#3505 <https://github.com/matrix-org/synapse/issues/3505>`_, `#3521 <https://github.com/matrix-org/synapse/issues/3521>`_) | |
27 | - Add CPU metrics for _fetch_event_list. (`#3497 <https://github.com/matrix-org/synapse/issues/3497>`_) | |
10 | 28 | - Optimisation to make handling incoming federation requests more efficient. (`#3541 <https://github.com/matrix-org/synapse/issues/3541>`_) |
11 | 29 | |
12 | 30 | |
13 | 31 | Bugfixes |
14 | 32 | -------- |
15 | 33 | |
16 | - Use more portable syntax in our use of the attrs package, widening the supported versions (`#3498 <https://github.com/matrix-org/synapse/issues/3498>`_) | |
17 | - Fix queued federation requests being processed in the wrong order (`#3533 <https://github.com/matrix-org/synapse/issues/3533>`_) | |
34 | - Fix a significant performance regression in /sync. (`#3505 <https://github.com/matrix-org/synapse/issues/3505>`_, `#3521 <https://github.com/matrix-org/synapse/issues/3521>`_, `#3530 <https://github.com/matrix-org/synapse/issues/3530>`_, `#3544 <https://github.com/matrix-org/synapse/issues/3544>`_) | |
35 | - Use more portable syntax in our use of the attrs package, widening the supported versions. (`#3498 <https://github.com/matrix-org/synapse/issues/3498>`_) | |
36 | - Fix queued federation requests being processed in the wrong order. (`#3533 <https://github.com/matrix-org/synapse/issues/3533>`_) | |
18 | 37 | - Ensure that erasure requests are correctly honoured for publicly accessible rooms when accessed over federation. (`#3546 <https://github.com/matrix-org/synapse/issues/3546>`_) |
19 | - Disable a noisy warning about logcontexts (`#3561 <https://github.com/matrix-org/synapse/issues/3561>`_) | |
20 | 38 | |
21 | 39 | |
22 | 40 | Misc |
23 | 41 | ---- |
24 | 42 | |
25 | - `#3351 <https://github.com/matrix-org/synapse/issues/3351>`_, `#3463 <https://github.com/matrix-org/synapse/issues/3463>`_, `#3464 <https://github.com/matrix-org/synapse/issues/3464>`_, `#3499 <https://github.com/matrix-org/synapse/issues/3499>`_, `#3530 <https://github.com/matrix-org/synapse/issues/3530>`_, `#3534 <https://github.com/matrix-org/synapse/issues/3534>`_, `#3535 <https://github.com/matrix-org/synapse/issues/3535>`_, `#3540 <https://github.com/matrix-org/synapse/issues/3540>`_, `#3544 <https://github.com/matrix-org/synapse/issues/3544>`_ | |
43 | - Refactoring to improve testability. (`#3351 <https://github.com/matrix-org/synapse/issues/3351>`_, `#3499 <https://github.com/matrix-org/synapse/issues/3499>`_) | |
44 | - Use ``isort`` to sort imports. (`#3463 <https://github.com/matrix-org/synapse/issues/3463>`_, `#3464 <https://github.com/matrix-org/synapse/issues/3464>`_, `#3540 <https://github.com/matrix-org/synapse/issues/3540>`_) | |
45 | - Use parse and asserts from http.servlet. (`#3534 <https://github.com/matrix-org/synapse/issues/3534>`_, `#3535 <https://github.com/matrix-org/synapse/issues/3535>`_). | |
26 | 46 | |
27 | 47 | |
28 | 48 | Synapse 0.32.2 (2018-07-07) |
16 | 16 | """ This is a reference implementation of a Matrix home server. |
17 | 17 | """ |
18 | 18 | |
19 | __version__ = "0.33.0" | |
19 | __version__ = "0.33.1" |
424 | 424 | ret = yield self.handler.on_query_auth( |
425 | 425 | origin, |
426 | 426 | event_id, |
427 | room_id, | |
427 | 428 | signed_auth, |
428 | 429 | content.get("rejects", []), |
429 | 430 | content.get("missing", []), |
18 | 18 | from twisted.internet import defer |
19 | 19 | |
20 | 20 | from synapse.api.constants import EventTypes, Membership |
21 | from synapse.api.errors import AuthError | |
21 | 22 | from synapse.events import EventBase |
22 | 23 | from synapse.events.utils import serialize_event |
23 | 24 | from synapse.types import UserID |
24 | 25 | from synapse.util.logutils import log_function |
26 | from synapse.visibility import filter_events_for_client | |
25 | 27 | |
26 | 28 | from ._base import BaseHandler |
27 | 29 | |
128 | 130 | class EventHandler(BaseHandler): |
129 | 131 | |
130 | 132 | @defer.inlineCallbacks |
131 | def get_event(self, user, event_id): | |
133 | def get_event(self, user, room_id, event_id): | |
132 | 134 | """Retrieve a single specified event. |
133 | 135 | |
134 | 136 | Args: |
135 | 137 | user (synapse.types.UserID): The user requesting the event |
138 | room_id (str|None): The expected room id. We'll return None if the | |
139 | event's room does not match. | |
136 | 140 | event_id (str): The event ID to obtain. |
137 | 141 | Returns: |
138 | 142 | dict: An event, or None if there is no event matching this ID. |
141 | 145 | AuthError if the user does not have the rights to inspect this |
142 | 146 | event. |
143 | 147 | """ |
144 | event = yield self.store.get_event(event_id) | |
148 | event = yield self.store.get_event(event_id, check_room_id=room_id) | |
145 | 149 | |
146 | 150 | if not event: |
147 | 151 | defer.returnValue(None) |
148 | 152 | return |
149 | 153 | |
150 | if hasattr(event, "room_id"): | |
151 | yield self.auth.check_joined_room(event.room_id, user.to_string()) | |
154 | users = yield self.store.get_users_in_room(event.room_id) | |
155 | is_peeking = user.to_string() not in users | |
156 | ||
157 | filtered = yield filter_events_for_client( | |
158 | self.store, | |
159 | user.to_string(), | |
160 | [event], | |
161 | is_peeking=is_peeking | |
162 | ) | |
163 | ||
164 | if not filtered: | |
165 | raise AuthError( | |
166 | 403, | |
167 | "You don't have permission to access that event." | |
168 | ) | |
152 | 169 | |
153 | 170 | defer.returnValue(event) |
1348 | 1348 | def get_state_for_pdu(self, room_id, event_id): |
1349 | 1349 | """Returns the state at the event. i.e. not including said event. |
1350 | 1350 | """ |
1351 | ||
1352 | event = yield self.store.get_event( | |
1353 | event_id, allow_none=False, check_room_id=room_id, | |
1354 | ) | |
1355 | ||
1351 | 1356 | state_groups = yield self.store.get_state_groups( |
1352 | 1357 | room_id, [event_id] |
1353 | 1358 | ) |
1358 | 1363 | (e.type, e.state_key): e for e in state |
1359 | 1364 | } |
1360 | 1365 | |
1361 | event = yield self.store.get_event(event_id) | |
1362 | if event and event.is_state(): | |
1366 | if event.is_state(): | |
1363 | 1367 | # Get previous state |
1364 | 1368 | if "replaces_state" in event.unsigned: |
1365 | 1369 | prev_id = event.unsigned["replaces_state"] |
1390 | 1394 | def get_state_ids_for_pdu(self, room_id, event_id): |
1391 | 1395 | """Returns the state at the event. i.e. not including said event. |
1392 | 1396 | """ |
1397 | event = yield self.store.get_event( | |
1398 | event_id, allow_none=False, check_room_id=room_id, | |
1399 | ) | |
1400 | ||
1393 | 1401 | state_groups = yield self.store.get_state_groups_ids( |
1394 | 1402 | room_id, [event_id] |
1395 | 1403 | ) |
1398 | 1406 | _, state = state_groups.items().pop() |
1399 | 1407 | results = state |
1400 | 1408 | |
1401 | event = yield self.store.get_event(event_id) | |
1402 | if event and event.is_state(): | |
1409 | if event.is_state(): | |
1403 | 1410 | # Get previous state |
1404 | 1411 | if "replaces_state" in event.unsigned: |
1405 | 1412 | prev_id = event.unsigned["replaces_state"] |
1705 | 1712 | defer.returnValue(context) |
1706 | 1713 | |
1707 | 1714 | @defer.inlineCallbacks |
1708 | def on_query_auth(self, origin, event_id, remote_auth_chain, rejects, | |
1715 | def on_query_auth(self, origin, event_id, room_id, remote_auth_chain, rejects, | |
1709 | 1716 | missing): |
1717 | in_room = yield self.auth.check_host_in_room( | |
1718 | room_id, | |
1719 | origin | |
1720 | ) | |
1721 | if not in_room: | |
1722 | raise AuthError(403, "Host not in room.") | |
1723 | ||
1724 | event = yield self.store.get_event( | |
1725 | event_id, allow_none=False, check_room_id=room_id | |
1726 | ) | |
1727 | ||
1710 | 1728 | # Just go through and process each event in `remote_auth_chain`. We |
1711 | 1729 | # don't want to fall into the trap of `missing` being wrong. |
1712 | 1730 | for e in remote_auth_chain: |
1716 | 1734 | pass |
1717 | 1735 | |
1718 | 1736 | # Now get the current auth_chain for the event. |
1719 | event = yield self.store.get_event(event_id) | |
1720 | 1737 | local_auth_chain = yield self.store.get_auth_chain( |
1721 | 1738 | [auth_id for auth_id, _ in event.auth_events], |
1722 | 1739 | include_given=True |
87 | 87 | @defer.inlineCallbacks |
88 | 88 | def on_GET(self, request, event_id): |
89 | 89 | requester = yield self.auth.get_user_by_req(request) |
90 | event = yield self.event_handler.get_event(requester.user, event_id) | |
90 | event = yield self.event_handler.get_event(requester.user, None, event_id) | |
91 | 91 | |
92 | 92 | time_now = self.clock.time_msec() |
93 | 93 | if event: |
507 | 507 | @defer.inlineCallbacks |
508 | 508 | def on_GET(self, request, room_id, event_id): |
509 | 509 | requester = yield self.auth.get_user_by_req(request) |
510 | event = yield self.event_handler.get_event(requester.user, event_id) | |
510 | event = yield self.event_handler.get_event(requester.user, room_id, event_id) | |
511 | 511 | |
512 | 512 | time_now = self.clock.time_msec() |
513 | 513 | if event: |
342 | 342 | table="events", |
343 | 343 | keyvalues={ |
344 | 344 | "event_id": event_id, |
345 | "room_id": room_id, | |
345 | 346 | }, |
346 | 347 | retcol="depth", |
347 | 348 | allow_none=True, |
18 | 18 | |
19 | 19 | from twisted.internet import defer |
20 | 20 | |
21 | from synapse.api.errors import SynapseError | |
21 | from synapse.api.errors import NotFoundError | |
22 | 22 | # these are only included to make the type annotations work |
23 | 23 | from synapse.events import EventBase # noqa: F401 |
24 | 24 | from synapse.events import FrozenEvent |
75 | 75 | @defer.inlineCallbacks |
76 | 76 | def get_event(self, event_id, check_redacted=True, |
77 | 77 | get_prev_content=False, allow_rejected=False, |
78 | allow_none=False): | |
78 | allow_none=False, check_room_id=None): | |
79 | 79 | """Get an event from the database by event_id. |
80 | 80 | |
81 | 81 | Args: |
86 | 86 | include the previous states content in the unsigned field. |
87 | 87 | allow_rejected (bool): If True return rejected events. |
88 | 88 | allow_none (bool): If True, return None if no event found, if |
89 | False throw an exception. | |
89 | False throw a NotFoundError | |
90 | check_room_id (str|None): if not None, check the room of the found event. | |
91 | If there is a mismatch, behave as per allow_none. | |
90 | 92 | |
91 | 93 | Returns: |
92 | 94 | Deferred : A FrozenEvent. |
98 | 100 | allow_rejected=allow_rejected, |
99 | 101 | ) |
100 | 102 | |
101 | if not events and not allow_none: | |
102 | raise SynapseError(404, "Could not find event %s" % (event_id,)) | |
103 | ||
104 | defer.returnValue(events[0] if events else None) | |
103 | event = events[0] if events else None | |
104 | ||
105 | if event is not None and check_room_id is not None: | |
106 | if event.room_id != check_room_id: | |
107 | event = None | |
108 | ||
109 | if event is None and not allow_none: | |
110 | raise NotFoundError("Could not find event %s" % (event_id,)) | |
111 | ||
112 | defer.returnValue(event) | |
105 | 113 | |
106 | 114 | @defer.inlineCallbacks |
107 | 115 | def get_events(self, event_ids, check_redacted=True, |