async def on_DELETE(self, request: SynapseRequest,
room_alias: str) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400,
"Room alias invalid",
errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias)
requester = await self.auth.get_user_by_req(request)
if requester.app_service:
await self.directory_handler.delete_appservice_association(
requester.app_service, room_alias_obj)
logger.info(
"Application service at %s deleted alias %s",
requester.app_service.url,
room_alias_obj.to_string(),
)
else:
await self.directory_handler.delete_association(
requester, room_alias_obj)
logger.info(
"User %s deleted alias %s",
requester.user.to_string(),
room_alias_obj.to_string(),
)
return 200, {}
async def on_PUT(self, request: SynapseRequest,
room_alias: str) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400,
"Room alias invalid",
errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias)
content = parse_json_object_from_request(request)
if "room_id" not in content:
raise SynapseError(400,
'Missing params: ["room_id"]',
errcode=Codes.BAD_JSON)
logger.debug("Got content: %s", content)
logger.debug("Got room name: %s", room_alias_obj.to_string())
room_id = content["room_id"]
servers = content["servers"] if "servers" in content else None
logger.debug("Got room_id: %s", room_id)
logger.debug("Got servers: %s", servers)
# TODO(erikj): Check types.
room = await self.store.get_room(room_id)
if room is None:
raise SynapseError(400, "Room does not exist")
requester = await self.auth.get_user_by_req(request)
await self.directory_handler.create_association(
requester, room_alias_obj, room_id, servers)
return 200, {}
def read_config(self, config):
self.enable_registration = bool(
strtobool(str(config["enable_registration"]))
)
if "disable_registration" in config:
self.enable_registration = not bool(
strtobool(str(config["disable_registration"]))
)
self.registrations_require_3pid = config.get("registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.registration_shared_secret = config.get("registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
self.invite_3pid_guest = (
self.allow_guest_access and config.get("invite_3pid_guest", False)
)
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError('Invalid auto_join_rooms entry %s' % (room_alias,))
self.autocreate_auto_join_rooms = config.get("autocreate_auto_join_rooms", True)
def read_config(self, config):
self.enable_registration = bool(
strtobool(str(config["enable_registration"])))
if "disable_registration" in config:
self.enable_registration = not bool(
strtobool(str(config["disable_registration"])))
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config[
"trusted_third_party_id_servers"]
self.allow_guest_access = config.get("allow_guest_access", False)
self.invite_3pid_guest = (self.allow_guest_access
and config.get("invite_3pid_guest", False))
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError('Invalid auto_join_rooms entry %s' %
(room_alias, ))
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
async def on_POST(self, request, room_identifier):
requester = await self.auth.get_user_by_req(request)
await assert_user_is_admin(self.auth, requester.user)
content = parse_json_object_from_request(request)
assert_params_in_dict(content, ["user_id"])
target_user = UserID.from_string(content["user_id"])
if not self.hs.is_mine(target_user):
raise SynapseError(400, "This endpoint can only be used with local users")
if not await self.admin_handler.get_user(target_user):
raise NotFoundError("User not found")
if RoomID.is_valid(room_identifier):
room_id = room_identifier
try:
remote_room_hosts = [
x.decode("ascii") for x in request.args[b"server_name"]
] # type: Optional[List[str]]
except Exception:
remote_room_hosts = None
elif RoomAlias.is_valid(room_identifier):
handler = self.room_member_handler
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = await handler.lookup_room_alias(room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(
400, "%s was not legal room ID or room alias" % (room_identifier,)
)
fake_requester = create_requester(target_user)
# send invite if room has "JoinRules.INVITE"
room_state = await self.state_handler.get_current_state(room_id)
join_rules_event = room_state.get((EventTypes.JoinRules, ""))
if join_rules_event:
if not (join_rules_event.content.get("join_rule") == JoinRules.PUBLIC):
await self.room_member_handler.update_membership(
requester=requester,
target=fake_requester.user,
room_id=room_id,
action="invite",
remote_room_hosts=remote_room_hosts,
ratelimit=False,
)
await self.room_member_handler.update_membership(
requester=fake_requester,
target=fake_requester.user,
room_id=room_id,
action="join",
remote_room_hosts=remote_room_hosts,
ratelimit=False,
)
return 200, {"room_id": room_id}
def read_config(self, config, **kwargs):
self.enable_registration = bool(
strtobool(str(config.get("enable_registration", False))))
if "disable_registration" in config:
self.enable_registration = not bool(
strtobool(str(config["disable_registration"])))
self.account_validity = AccountValidityConfig(
config.get("account_validity") or {}, config)
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
if self.account_threepid_delegate_msisdn and not self.public_baseurl:
raise ConfigError(
"The configuration option `public_baseurl` is required if "
"`account_threepid_delegate.msisdn` is set, such that "
"clients know where to submit validation tokens to. Please "
"configure `public_baseurl`.")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
async def on_GET(self, request: Request,
room_alias: str) -> Tuple[int, JsonDict]:
if not RoomAlias.is_valid(room_alias):
raise SynapseError(400,
"Room alias invalid",
errcode=Codes.INVALID_PARAM)
room_alias_obj = RoomAlias.from_string(room_alias)
res = await self.directory_handler.get_association(room_alias_obj)
return 200, res
def read_config(self, config, **kwargs):
self.enable_registration = bool(
strtobool(str(config.get("enable_registration", False))))
if "disable_registration" in config:
self.enable_registration = not bool(
strtobool(str(config["disable_registration"])))
self.account_validity = AccountValidityConfig(
config.get("account_validity", {}), config)
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
async def resolve_room_id(self, room_identifier: str) -> str:
"""Resolve to a room ID, if necessary."""
if RoomID.is_valid(room_identifier):
resolved_room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
room_id, _ = await self.room_member_handler.lookup_room_alias(
room_alias)
resolved_room_id = room_id.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
if not resolved_room_id:
raise SynapseError(
400, "Unknown room ID or room alias %s" % room_identifier)
return resolved_room_id
async def on_POST(
self,
request: SynapseRequest,
room_identifier: str,
txn_id: Optional[str] = None,
) -> Tuple[int, JsonDict]:
requester = await self.auth.get_user_by_req(request)
content = parse_json_object_from_request(request)
event_content = None
if "reason" in content:
event_content = {"reason": content["reason"]}
if RoomID.is_valid(room_identifier):
room_id = room_identifier
# twisted.web.server.Request.args is incorrectly defined as Optional[Any]
args: Dict[bytes, List[bytes]] = request.args # type: ignore
remote_room_hosts = parse_strings_from_args(args,
"server_name",
required=False)
elif RoomAlias.is_valid(room_identifier):
handler = self.room_member_handler
room_alias = RoomAlias.from_string(room_identifier)
room_id_obj, remote_room_hosts = await handler.lookup_room_alias(
room_alias)
room_id = room_id_obj.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
await self.room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
action=Membership.KNOCK,
txn_id=txn_id,
third_party_signed=None,
remote_room_hosts=remote_room_hosts,
content=event_content,
)
return 200, {"room_id": room_id}
def on_POST(self, request, room_identifier, txn_id=None):
requester = yield self.auth.get_user_by_req(
request,
allow_guest=True,
)
try:
content = parse_json_object_from_request(request)
except Exception:
# Turns out we used to ignore the body entirely, and some clients
# cheekily send invalid bodies.
content = {}
if RoomID.is_valid(room_identifier):
room_id = room_identifier
try:
remote_room_hosts = [
x.decode('ascii') for x in request.args[b"server_name"]
]
except Exception:
remote_room_hosts = None
elif RoomAlias.is_valid(room_identifier):
handler = self.room_member_handler
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = yield handler.lookup_room_alias(
room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
yield self.room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
action="join",
txn_id=txn_id,
remote_room_hosts=remote_room_hosts,
content=content,
third_party_signed=content.get("third_party_signed", None),
)
defer.returnValue((200, {"room_id": room_id}))
def on_POST(self, request, room_identifier, txn_id=None):
requester = yield self.auth.get_user_by_req(
request,
allow_guest=True,
)
try:
content = parse_json_object_from_request(request)
except Exception:
# Turns out we used to ignore the body entirely, and some clients
# cheekily send invalid bodies.
content = {}
if RoomID.is_valid(room_identifier):
room_id = room_identifier
try:
remote_room_hosts = [
x.decode('ascii') for x in request.args[b"server_name"]
]
except Exception:
remote_room_hosts = None
elif RoomAlias.is_valid(room_identifier):
handler = self.room_member_handler
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = yield handler.lookup_room_alias(room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(400, "%s was not legal room ID or room alias" % (
room_identifier,
))
yield self.room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
action="join",
txn_id=txn_id,
remote_room_hosts=remote_room_hosts,
content=content,
third_party_signed=content.get("third_party_signed", None),
)
defer.returnValue((200, {"room_id": room_id}))
def _join_user_to_room(self, requester, room_identifier):
room_id = None
if RoomID.is_valid(room_identifier):
room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = (
yield self.room_member_handler.lookup_room_alias(room_alias))
room_id = room_id.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
yield self.room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
action="join",
)
async def resolve_room_id(
self,
room_identifier: str,
remote_room_hosts: Optional[List[str]] = None
) -> Tuple[str, Optional[List[str]]]:
"""
Resolve a room identifier to a room ID, if necessary.
This also performanes checks to ensure the room ID is of the proper form.
Args:
room_identifier: The room ID or alias.
remote_room_hosts: The potential remote room hosts to use.
Returns:
The resolved room ID.
Raises:
SynapseError if the room ID is of the wrong form.
"""
if RoomID.is_valid(room_identifier):
resolved_room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
(
room_id,
remote_room_hosts,
) = await self.room_member_handler.lookup_room_alias(room_alias)
resolved_room_id = room_id.to_string()
else:
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"%s was not legal room ID or room alias" % (room_identifier, ),
)
if not resolved_room_id:
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"Unknown room ID or room alias %s" % room_identifier,
)
return resolved_room_id, remote_room_hosts
def read_config(self, config):
self.enable_registration = bool(
strtobool(str(config.get("enable_registration", False))))
if "disable_registration" in config:
self.enable_registration = not bool(
strtobool(str(config["disable_registration"])))
self.account_validity = AccountValidityConfig(
config.get("account_validity", {}),
config,
)
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers",
["matrix.org", "vector.im"],
)
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
self.invite_3pid_guest = (self.allow_guest_access
and config.get("invite_3pid_guest", False))
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError('Invalid auto_join_rooms entry %s' %
(room_alias, ))
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.disable_msisdn_registration = (config.get(
"disable_msisdn_registration", False))
async def _join_user_to_room(self, requester, room_identifier):
room_member_handler = self.hs.get_room_member_handler()
if RoomID.is_valid(room_identifier):
room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = await room_member_handler.lookup_room_alias(
room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
await room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="join",
ratelimit=False,
)
def _join_user_to_room(self, requester, room_identifier):
room_id = None
room_member_handler = self.hs.get_room_member_handler()
if RoomID.is_valid(room_identifier):
room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
room_id, remote_room_hosts = (
yield room_member_handler.lookup_room_alias(room_alias)
)
room_id = room_id.to_string()
else:
raise SynapseError(400, "%s was not legal room ID or room alias" % (
room_identifier,
))
yield room_member_handler.update_membership(
requester=requester,
target=requester.user,
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="join",
)
def read_config(self, config, **kwargs):
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_requires_token = config.get(
"registration_requires_token", False)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(
mxid_localpart, self.root.server.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The `access_token_lifetime` applies for tokens that can be renewed
# using a refresh token, as per MSC2918. If it is `None`, the refresh
# token mechanism is disabled.
#
# Since it is incompatible with the `session_lifetime` mechanism, it is set to
# `None` by default if a `session_lifetime` is set.
access_token_lifetime = config.get(
"access_token_lifetime",
"5m" if session_lifetime is None else None)
if access_token_lifetime is not None:
access_token_lifetime = self.parse_duration(access_token_lifetime)
self.access_token_lifetime = access_token_lifetime
if session_lifetime is not None and access_token_lifetime is not None:
raise ConfigError(
"The refresh token mechanism is incompatible with the "
"`session_lifetime` option. Consider disabling the "
"`session_lifetime` option or disabling the refresh token "
"mechanism by removing the `access_token_lifetime` option.")
# The fallback template used for authenticating using a registration token
self.registration_token_template = self.read_template(
"registration_token.html")
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
async def _join_rooms(self, user_id: str):
"""
Join or invite the user to the auto-join rooms.
Args:
user_id: The user to join
"""
room_member_handler = self.hs.get_room_member_handler()
for r in self.hs.config.registration.auto_join_rooms:
logger.info("Auto-joining %s to %s", user_id, r)
try:
room_alias = RoomAlias.from_string(r)
if RoomAlias.is_valid(r):
(
room_id,
remote_room_hosts,
) = await room_member_handler.lookup_room_alias(room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(
400, "%s was not legal room ID or room alias" % (r,)
)
# Calculate whether the room requires an invite or can be
# joined directly. Note that unless a join rule of public exists,
# it is treated as requiring an invite.
requires_invite = True
state = await self.store.get_filtered_current_state_ids(
room_id, StateFilter.from_types([(EventTypes.JoinRules, "")])
)
event_id = state.get((EventTypes.JoinRules, ""))
if event_id:
join_rules_event = await self.store.get_event(
event_id, allow_none=True
)
if join_rules_event:
join_rule = join_rules_event.content.get("join_rule", None)
requires_invite = join_rule and join_rule != JoinRules.PUBLIC
# Send the invite, if necessary.
if requires_invite:
await room_member_handler.update_membership(
requester=create_requester(
self.hs.config.registration.auto_join_user_id
),
target=UserID.from_string(user_id),
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="invite",
ratelimit=False,
)
# Send the join.
await room_member_handler.update_membership(
requester=create_requester(user_id),
target=UserID.from_string(user_id),
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="join",
ratelimit=False,
)
except ConsentNotGivenError as e:
# Technically not necessary to pull out this error though
# moving away from bare excepts is a good thing to do.
logger.error("Failed to join new user to %r: %r", r, e)
except Exception as e:
logger.error("Failed to join new user to %r: %r", r, e)
def read_config(self, config, **kwargs):
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.account_validity = AccountValidityConfig(
config.get("account_validity") or {}, config)
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
if self.account_threepid_delegate_msisdn and not self.public_baseurl:
raise ConfigError(
"The configuration option `public_baseurl` is required if "
"`account_threepid_delegate.msisdn` is set, such that "
"clients know where to submit validation tokens to. Please "
"configure `public_baseurl`.")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(mxid_localpart,
self.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
async def on_POST(self, request, room_identifier):
requester = await self.auth.get_user_by_req(request)
await assert_user_is_admin(self.auth, requester.user)
content = parse_json_object_from_request(request,
allow_empty_body=True)
# Resolve to a room ID, if necessary.
if RoomID.is_valid(room_identifier):
room_id = room_identifier
elif RoomAlias.is_valid(room_identifier):
room_alias = RoomAlias.from_string(room_identifier)
room_id, _ = await self.room_member_handler.lookup_room_alias(
room_alias)
room_id = room_id.to_string()
else:
raise SynapseError(
400,
"%s was not legal room ID or room alias" % (room_identifier, ))
# Which user to grant room admin rights to.
user_to_add = content.get("user_id", requester.user.to_string())
# Figure out which local users currently have power in the room, if any.
room_state = await self.state_handler.get_current_state(room_id)
if not room_state:
raise SynapseError(400, "Server not in room")
create_event = room_state[(EventTypes.Create, "")]
power_levels = room_state.get((EventTypes.PowerLevels, ""))
if power_levels is not None:
# We pick the local user with the highest power.
user_power = power_levels.content.get("users", {})
admin_users = [
user_id for user_id in user_power if self.is_mine_id(user_id)
]
admin_users.sort(key=lambda user: user_power[user])
if not admin_users:
raise SynapseError(400, "No local admin user in room")
admin_user_id = None
for admin_user in reversed(admin_users):
if room_state.get((EventTypes.Member, admin_user)):
admin_user_id = admin_user
break
if not admin_user_id:
raise SynapseError(
400,
"No local admin user in room",
)
pl_content = power_levels.content
else:
# If there is no power level events then the creator has rights.
pl_content = {}
admin_user_id = create_event.sender
if not self.is_mine_id(admin_user_id):
raise SynapseError(
400,
"No local admin user in room",
)
# Grant the user power equal to the room admin by attempting to send an
# updated power level event.
new_pl_content = dict(pl_content)
new_pl_content["users"] = dict(pl_content.get("users", {}))
new_pl_content["users"][user_to_add] = new_pl_content["users"][
admin_user_id]
fake_requester = create_requester(
admin_user_id,
authenticated_entity=requester.authenticated_entity,
)
try:
await self.event_creation_handler.create_and_send_nonmember_event(
fake_requester,
event_dict={
"content": new_pl_content,
"sender": admin_user_id,
"type": EventTypes.PowerLevels,
"state_key": "",
"room_id": room_id,
},
)
except AuthError:
# The admin user we found turned out not to have enough power.
raise SynapseError(
400,
"No local admin user in room with power to update power levels."
)
# Now we check if the user we're granting admin rights to is already in
# the room. If not and it's not a public room we invite them.
member_event = room_state.get((EventTypes.Member, user_to_add))
is_joined = False
if member_event:
is_joined = member_event.content["membership"] in (
Membership.JOIN,
Membership.INVITE,
)
if is_joined:
return 200, {}
join_rules = room_state.get((EventTypes.JoinRules, ""))
is_public = False
if join_rules:
is_public = join_rules.content.get("join_rule") == JoinRules.PUBLIC
if is_public:
return 200, {}
await self.room_member_handler.update_membership(
fake_requester,
target=UserID.from_string(user_to_add),
room_id=room_id,
action=Membership.INVITE,
)
return 200, {}
def test_validate(self):
id_string = "#test:domain,test"
self.assertFalse(RoomAlias.is_valid(id_string))
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.enable_registration_without_verification = strtobool(
str(config.get("enable_registration_without_verification", False)))
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_requires_token = config.get(
"registration_requires_token", False)
self.enable_registration_token_3pid_bypass = config.get(
"enable_registration_token_3pid_bypass", False)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(
mxid_localpart, self.root.server.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The `refreshable_access_token_lifetime` applies for tokens that can be renewed
# using a refresh token, as per MSC2918.
# If it is `None`, the refresh token mechanism is disabled.
refreshable_access_token_lifetime = config.get(
"refreshable_access_token_lifetime",
"5m",
)
if refreshable_access_token_lifetime is not None:
refreshable_access_token_lifetime = self.parse_duration(
refreshable_access_token_lifetime)
self.refreshable_access_token_lifetime: Optional[
int] = refreshable_access_token_lifetime
if (self.session_lifetime is not None
and "refreshable_access_token_lifetime" in config):
if self.session_lifetime < self.refreshable_access_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `refreshable_access_token_lifetime` "
"configuration options have been set, but `refreshable_access_token_lifetime` "
" exceeds `session_lifetime`!")
# The `nonrefreshable_access_token_lifetime` applies for tokens that can NOT be
# refreshed using a refresh token.
# If it is None, then these tokens last for the entire length of the session,
# which is infinite by default.
# The intention behind this configuration option is to help with requiring
# all clients to use refresh tokens, if the homeserver administrator requires.
nonrefreshable_access_token_lifetime = config.get(
"nonrefreshable_access_token_lifetime",
None,
)
if nonrefreshable_access_token_lifetime is not None:
nonrefreshable_access_token_lifetime = self.parse_duration(
nonrefreshable_access_token_lifetime)
self.nonrefreshable_access_token_lifetime = nonrefreshable_access_token_lifetime
if (self.session_lifetime is not None
and self.nonrefreshable_access_token_lifetime is not None):
if self.session_lifetime < self.nonrefreshable_access_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `nonrefreshable_access_token_lifetime` "
"configuration options have been set, but `nonrefreshable_access_token_lifetime` "
" exceeds `session_lifetime`!")
refresh_token_lifetime = config.get("refresh_token_lifetime")
if refresh_token_lifetime is not None:
refresh_token_lifetime = self.parse_duration(
refresh_token_lifetime)
self.refresh_token_lifetime: Optional[int] = refresh_token_lifetime
if (self.session_lifetime is not None
and self.refresh_token_lifetime is not None):
if self.session_lifetime < self.refresh_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `refresh_token_lifetime` "
"configuration options have been set, but `refresh_token_lifetime` "
" exceeds `session_lifetime`!")
# The fallback template used for authenticating using a registration token
self.registration_token_template = self.read_template(
"registration_token.html")
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
self.inhibit_user_in_use_error = config.get(
"inhibit_user_in_use_error", False)
async def _join_rooms(self, user_id: str) -> None:
"""
Join or invite the user to the auto-join rooms.
Args:
user_id: The user to join
"""
room_member_handler = self.hs.get_room_member_handler()
for r in self.hs.config.registration.auto_join_rooms:
logger.info("Auto-joining %s to %s", user_id, r)
try:
room_alias = RoomAlias.from_string(r)
if RoomAlias.is_valid(r):
(
room,
remote_room_hosts,
) = await room_member_handler.lookup_room_alias(room_alias)
room_id = room.to_string()
else:
raise SynapseError(
400, "%s was not legal room ID or room alias" % (r, ))
# Calculate whether the room requires an invite or can be
# joined directly. By default, we consider the room as requiring an
# invite if the homeserver is in the room (unless told otherwise by the
# join rules). Otherwise we consider it as being joinable, at the risk of
# failing to join, but in this case there's little more we can do since
# we don't have a local user in the room to craft up an invite with.
requires_invite = await self.store.is_host_joined(
room_id,
self._server_name,
)
if requires_invite:
# If the server is in the room, check if the room is public.
state = await self.store.get_filtered_current_state_ids(
room_id,
StateFilter.from_types([(EventTypes.JoinRules, "")]))
event_id = state.get((EventTypes.JoinRules, ""))
if event_id:
join_rules_event = await self.store.get_event(
event_id, allow_none=True)
if join_rules_event:
join_rule = join_rules_event.content.get(
"join_rule", None)
requires_invite = (join_rule and
join_rule != JoinRules.PUBLIC)
# Send the invite, if necessary.
if requires_invite:
# If an invite is required, there must be a auto-join user ID.
assert self.hs.config.registration.auto_join_user_id
await room_member_handler.update_membership(
requester=create_requester(
self.hs.config.registration.auto_join_user_id,
authenticated_entity=self._server_name,
),
target=UserID.from_string(user_id),
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="invite",
ratelimit=False,
)
# Send the join.
await room_member_handler.update_membership(
requester=create_requester(
user_id, authenticated_entity=self._server_name),
target=UserID.from_string(user_id),
room_id=room_id,
remote_room_hosts=remote_room_hosts,
action="join",
ratelimit=False,
)
except ConsentNotGivenError as e:
# Technically not necessary to pull out this error though
# moving away from bare excepts is a good thing to do.
logger.error("Failed to join new user to %r: %r", r, e)
except Exception as e:
logger.error("Failed to join new user to %r: %r", r, e)
