Commit 3ed5aa78d44bba3d25dd704ea7d292e090a94995 - matrix-synapse

+27

-7

CHANGES.rst less more

	0	Synapse 0.33.1 (2018-08-02)
	1	===========================
	2
	3	SECURITY FIXES
	4	--------------
	5
	6	- Fix a potential issue where servers could request events for rooms they have not joined. (`#3641 <https://github.com/matrix-org/synapse/issues/3641>`_)
	7	- Fix a potential issue where users could see events in private rooms before they joined. (`#3642 <https://github.com/matrix-org/synapse/issues/3642>`_)
	8
	9
0	10	Synapse 0.33.0 (2018-07-19)
1	11	===========================
2	12
	13	Bugfixes
	14	--------
	15
	16	- Disable a noisy warning about logcontexts. (`#3561 <https://github.com/matrix-org/synapse/issues/3561>`_)
	17
	18
	19	Synapse 0.33.0rc1 (2018-07-18)
	20	==============================
	21
3	22	Features
4	23	--------
5	24
6		- Enforce the specified API for report_event (`#3316 <https://github.com/matrix-org/synapse/issues/3316>`_)
	25	- Enforce the specified API for report_event. (`#3316 <https://github.com/matrix-org/synapse/issues/3316>`_)
7	26	- Include CPU time from database threads in request/block metrics. (`#3496 <https://github.com/matrix-org/synapse/issues/3496>`_, `#3501 <https://github.com/matrix-org/synapse/issues/3501>`_)
8		- Add CPU metrics for _fetch_event_list (`#3497 <https://github.com/matrix-org/synapse/issues/3497>`_)
9		- optimisation for /sync (`#3505 <https://github.com/matrix-org/synapse/issues/3505>`_, `#3521 <https://github.com/matrix-org/synapse/issues/3521>`_)
	27	- Add CPU metrics for _fetch_event_list. (`#3497 <https://github.com/matrix-org/synapse/issues/3497>`_)
10	28	- Optimisation to make handling incoming federation requests more efficient. (`#3541 <https://github.com/matrix-org/synapse/issues/3541>`_)
11	29
12	30
13	31	Bugfixes
14	32	--------
15	33
16		- Use more portable syntax in our use of the attrs package, widening the supported versions (`#3498 <https://github.com/matrix-org/synapse/issues/3498>`_)
17		- Fix queued federation requests being processed in the wrong order (`#3533 <https://github.com/matrix-org/synapse/issues/3533>`_)
	34	- Fix a significant performance regression in /sync. (`#3505 <https://github.com/matrix-org/synapse/issues/3505>`_, `#3521 <https://github.com/matrix-org/synapse/issues/3521>`_, `#3530 <https://github.com/matrix-org/synapse/issues/3530>`_, `#3544 <https://github.com/matrix-org/synapse/issues/3544>`_)
	35	- Use more portable syntax in our use of the attrs package, widening the supported versions. (`#3498 <https://github.com/matrix-org/synapse/issues/3498>`_)
	36	- Fix queued federation requests being processed in the wrong order. (`#3533 <https://github.com/matrix-org/synapse/issues/3533>`_)
18	37	- Ensure that erasure requests are correctly honoured for publicly accessible rooms when accessed over federation. (`#3546 <https://github.com/matrix-org/synapse/issues/3546>`_)
19		- Disable a noisy warning about logcontexts (`#3561 <https://github.com/matrix-org/synapse/issues/3561>`_)
20	38
21	39
22	40	Misc
23	41	----
24	42
25		- `#3351 <https://github.com/matrix-org/synapse/issues/3351>`_, `#3463 <https://github.com/matrix-org/synapse/issues/3463>`_, `#3464 <https://github.com/matrix-org/synapse/issues/3464>`_, `#3499 <https://github.com/matrix-org/synapse/issues/3499>`_, `#3530 <https://github.com/matrix-org/synapse/issues/3530>`_, `#3534 <https://github.com/matrix-org/synapse/issues/3534>`_, `#3535 <https://github.com/matrix-org/synapse/issues/3535>`_, `#3540 <https://github.com/matrix-org/synapse/issues/3540>`_, `#3544 <https://github.com/matrix-org/synapse/issues/3544>`_
	43	- Refactoring to improve testability. (`#3351 <https://github.com/matrix-org/synapse/issues/3351>`_, `#3499 <https://github.com/matrix-org/synapse/issues/3499>`_)
	44	- Use ``isort`` to sort imports. (`#3463 <https://github.com/matrix-org/synapse/issues/3463>`_, `#3464 <https://github.com/matrix-org/synapse/issues/3464>`_, `#3540 <https://github.com/matrix-org/synapse/issues/3540>`_)
	45	- Use parse and asserts from http.servlet. (`#3534 <https://github.com/matrix-org/synapse/issues/3534>`_, `#3535 <https://github.com/matrix-org/synapse/issues/3535>`_).
26	46
27	47
28	48	Synapse 0.32.2 (2018-07-07)

+1

-1

synapse/__init__.py less more

16	16	""" This is a reference implementation of a Matrix home server.
17	17	"""
18	18
19		__version__ = "0.33.0"
	19	__version__ = "0.33.1"

+1

-0

synapse/federation/federation_server.py less more

424	424	ret = yield self.handler.on_query_auth(
425	425	origin,
426	426	event_id,
	427	room_id,
427	428	signed_auth,
428	429	content.get("rejects", []),
429	430	content.get("missing", []),

+21

-4

synapse/handlers/events.py less more

18	18	from twisted.internet import defer
19	19
20	20	from synapse.api.constants import EventTypes, Membership
	21	from synapse.api.errors import AuthError
21	22	from synapse.events import EventBase
22	23	from synapse.events.utils import serialize_event
23	24	from synapse.types import UserID
24	25	from synapse.util.logutils import log_function
	26	from synapse.visibility import filter_events_for_client
25	27
26	28	from ._base import BaseHandler
27	29

128	130	class EventHandler(BaseHandler):
129	131
130	132	@defer.inlineCallbacks
131		def get_event(self, user, event_id):
	133	def get_event(self, user, room_id, event_id):
132	134	"""Retrieve a single specified event.
133	135
134	136	Args:
135	137	user (synapse.types.UserID): The user requesting the event
	138	room_id (str\|None): The expected room id. We'll return None if the
	139	event's room does not match.
136	140	event_id (str): The event ID to obtain.
137	141	Returns:
138	142	dict: An event, or None if there is no event matching this ID.

141	145	AuthError if the user does not have the rights to inspect this
142	146	event.
143	147	"""
144		event = yield self.store.get_event(event_id)
	148	event = yield self.store.get_event(event_id, check_room_id=room_id)
145	149
146	150	if not event:
147	151	defer.returnValue(None)
148	152	return
149	153
150		if hasattr(event, "room_id"):
151		yield self.auth.check_joined_room(event.room_id, user.to_string())
	154	users = yield self.store.get_users_in_room(event.room_id)
	155	is_peeking = user.to_string() not in users
	156
	157	filtered = yield filter_events_for_client(
	158	self.store,
	159	user.to_string(),
	160	[event],
	161	is_peeking=is_peeking
	162	)
	163
	164	if not filtered:
	165	raise AuthError(
	166	403,
	167	"You don't have permission to access that event."
	168	)
152	169
153	170	defer.returnValue(event)

+23

-6

synapse/handlers/federation.py less more

1348	1348	def get_state_for_pdu(self, room_id, event_id):
1349	1349	"""Returns the state at the event. i.e. not including said event.
1350	1350	"""
	1351
	1352	event = yield self.store.get_event(
	1353	event_id, allow_none=False, check_room_id=room_id,
	1354	)
	1355
1351	1356	state_groups = yield self.store.get_state_groups(
1352	1357	room_id, [event_id]
1353	1358	)

1358	1363	(e.type, e.state_key): e for e in state
1359	1364	}
1360	1365
1361		event = yield self.store.get_event(event_id)
1362		if event and event.is_state():
	1366	if event.is_state():
1363	1367	# Get previous state
1364	1368	if "replaces_state" in event.unsigned:
1365	1369	prev_id = event.unsigned["replaces_state"]

1390	1394	def get_state_ids_for_pdu(self, room_id, event_id):
1391	1395	"""Returns the state at the event. i.e. not including said event.
1392	1396	"""
	1397	event = yield self.store.get_event(
	1398	event_id, allow_none=False, check_room_id=room_id,
	1399	)
	1400
1393	1401	state_groups = yield self.store.get_state_groups_ids(
1394	1402	room_id, [event_id]
1395	1403	)

1398	1406	_, state = state_groups.items().pop()
1399	1407	results = state
1400	1408
1401		event = yield self.store.get_event(event_id)
1402		if event and event.is_state():
	1409	if event.is_state():
1403	1410	# Get previous state
1404	1411	if "replaces_state" in event.unsigned:
1405	1412	prev_id = event.unsigned["replaces_state"]

1705	1712	defer.returnValue(context)
1706	1713
1707	1714	@defer.inlineCallbacks
1708		def on_query_auth(self, origin, event_id, remote_auth_chain, rejects,
	1715	def on_query_auth(self, origin, event_id, room_id, remote_auth_chain, rejects,
1709	1716	missing):
	1717	in_room = yield self.auth.check_host_in_room(
	1718	room_id,
	1719	origin
	1720	)
	1721	if not in_room:
	1722	raise AuthError(403, "Host not in room.")
	1723
	1724	event = yield self.store.get_event(
	1725	event_id, allow_none=False, check_room_id=room_id
	1726	)
	1727
1710	1728	# Just go through and process each event in `remote_auth_chain`. We
1711	1729	# don't want to fall into the trap of `missing` being wrong.
1712	1730	for e in remote_auth_chain:

1716	1734	pass
1717	1735
1718	1736	# Now get the current auth_chain for the event.
1719		event = yield self.store.get_event(event_id)
1720	1737	local_auth_chain = yield self.store.get_auth_chain(
1721	1738	[auth_id for auth_id, _ in event.auth_events],
1722	1739	include_given=True

+1

-1

synapse/rest/client/v1/events.py less more

87	87	@defer.inlineCallbacks
88	88	def on_GET(self, request, event_id):
89	89	requester = yield self.auth.get_user_by_req(request)
90		event = yield self.event_handler.get_event(requester.user, event_id)
	90	event = yield self.event_handler.get_event(requester.user, None, event_id)
91	91
92	92	time_now = self.clock.time_msec()
93	93	if event:

+1

-1

synapse/rest/client/v1/room.py less more

507	507	@defer.inlineCallbacks
508	508	def on_GET(self, request, room_id, event_id):
509	509	requester = yield self.auth.get_user_by_req(request)
510		event = yield self.event_handler.get_event(requester.user, event_id)
	510	event = yield self.event_handler.get_event(requester.user, room_id, event_id)
511	511
512	512	time_now = self.clock.time_msec()
513	513	if event:

+1

-0

synapse/storage/event_federation.py less more

342	342	table="events",
343	343	keyvalues={
344	344	"event_id": event_id,
	345	"room_id": room_id,
345	346	},
346	347	retcol="depth",
347	348	allow_none=True,

+15

-7

synapse/storage/events_worker.py less more

18	18
19	19	from twisted.internet import defer
20	20
21		from synapse.api.errors import SynapseError
	21	from synapse.api.errors import NotFoundError
22	22	# these are only included to make the type annotations work
23	23	from synapse.events import EventBase # noqa: F401
24	24	from synapse.events import FrozenEvent

75	75	@defer.inlineCallbacks
76	76	def get_event(self, event_id, check_redacted=True,
77	77	get_prev_content=False, allow_rejected=False,
78		allow_none=False):
	78	allow_none=False, check_room_id=None):
79	79	"""Get an event from the database by event_id.
80	80
81	81	Args:

86	86	include the previous states content in the unsigned field.
87	87	allow_rejected (bool): If True return rejected events.
88	88	allow_none (bool): If True, return None if no event found, if
89		False throw an exception.
	89	False throw a NotFoundError
	90	check_room_id (str\|None): if not None, check the room of the found event.
	91	If there is a mismatch, behave as per allow_none.
90	92
91	93	Returns:
92	94	Deferred : A FrozenEvent.

98	100	allow_rejected=allow_rejected,
99	101	)
100	102
101		if not events and not allow_none:
102		raise SynapseError(404, "Could not find event %s" % (event_id,))
103
104		defer.returnValue(events[0] if events else None)
	103	event = events[0] if events else None
	104
	105	if event is not None and check_room_id is not None:
	106	if event.room_id != check_room_id:
	107	event = None
	108
	109	if event is None and not allow_none:
	110	raise NotFoundError("Could not find event %s" % (event_id,))
	111
	112	defer.returnValue(event)
105	113
106	114	@defer.inlineCallbacks
107	115	def get_events(self, event_ids, check_redacted=True,