def read_arguments(self, args):
if args.enable_registration is not None:
self.enable_registration = strtobool(str(args.enable_registration))
def read_config(self, config, **kwargs):
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_requires_token = config.get(
"registration_requires_token", False)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(
mxid_localpart, self.root.server.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The `access_token_lifetime` applies for tokens that can be renewed
# using a refresh token, as per MSC2918. If it is `None`, the refresh
# token mechanism is disabled.
#
# Since it is incompatible with the `session_lifetime` mechanism, it is set to
# `None` by default if a `session_lifetime` is set.
access_token_lifetime = config.get(
"access_token_lifetime",
"5m" if session_lifetime is None else None)
if access_token_lifetime is not None:
access_token_lifetime = self.parse_duration(access_token_lifetime)
self.access_token_lifetime = access_token_lifetime
if session_lifetime is not None and access_token_lifetime is not None:
raise ConfigError(
"The refresh token mechanism is incompatible with the "
"`session_lifetime` option. Consider disabling the "
"`session_lifetime` option or disabling the refresh token "
"mechanism by removing the `access_token_lifetime` option.")
# The fallback template used for authenticating using a registration token
self.registration_token_template = self.read_template(
"registration_token.html")
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
def read_config(self, config, **kwargs):
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.account_validity = AccountValidityConfig(
config.get("account_validity") or {}, config)
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config.get(
"trusted_third_party_id_servers", ["matrix.org", "vector.im"])
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
if self.account_threepid_delegate_msisdn and not self.public_baseurl:
raise ConfigError(
"The configuration option `public_baseurl` is required if "
"`account_threepid_delegate.msisdn` is set, such that "
"clients know where to submit validation tokens to. Please "
"configure `public_baseurl`.")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(mxid_localpart,
self.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
from synapse.api.room_versions import EventFormatVersions, RoomVersion, RoomVersions
from synapse.types import JsonDict, RoomStreamToken
from synapse.util.caches import intern_dict
from synapse.util.frozenutils import freeze
from synapse.util.stringutils import strtobool
# Whether we should use frozen_dict in FrozenEvent. Using frozen_dicts prevents
# bugs where we accidentally share e.g. signature dicts. However, converting a
# dict to frozen_dicts is expensive.
#
# NOTE: This is overridden by the configuration by the Synapse worker apps, but
# for the sake of tests, it is set here while it cannot be configured on the
# homeserver object itself.
USE_FROZEN_DICTS = strtobool(os.environ.get("SYNAPSE_USE_FROZEN_DICTS", "0"))
class DictProperty:
"""An object property which delegates to the `_dict` within its parent object."""
__slots__ = ["key"]
def __init__(self, key: str):
self.key = key
def __get__(self, instance, owner=None):
# if the property is accessed as a class property rather than an instance
# property, return the property itself rather than the value
if instance is None:
return self
def read_arguments(self, args: argparse.Namespace) -> None:
if args.enable_registration is not None:
self.enable_registration = strtobool(str(args.enable_registration))
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.enable_registration = strtobool(
str(config.get("enable_registration", False)))
if "disable_registration" in config:
self.enable_registration = not strtobool(
str(config["disable_registration"]))
self.enable_registration_without_verification = strtobool(
str(config.get("enable_registration_without_verification", False)))
self.registrations_require_3pid = config.get(
"registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
self.registration_requires_token = config.get(
"registration_requires_token", False)
self.enable_registration_token_3pid_bypass = config.get(
"enable_registration_token_3pid_bypass", False)
self.registration_shared_secret = config.get(
"registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
account_threepid_delegates = config.get(
"account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get(
"email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get(
"msisdn")
self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
if config.get("invite_3pid_guest", False):
raise ConfigError("invite_3pid_guest is no longer supported")
self.auto_join_rooms = config.get("auto_join_rooms", [])
for room_alias in self.auto_join_rooms:
if not RoomAlias.is_valid(room_alias):
raise ConfigError("Invalid auto_join_rooms entry %s" %
(room_alias, ))
# Options for creating auto-join rooms if they do not exist yet.
self.autocreate_auto_join_rooms = config.get(
"autocreate_auto_join_rooms", True)
self.autocreate_auto_join_rooms_federated = config.get(
"autocreate_auto_join_rooms_federated", True)
self.autocreate_auto_join_room_preset = (
config.get("autocreate_auto_join_room_preset")
or RoomCreationPreset.PUBLIC_CHAT)
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}
# Pull the creator/inviter from the configuration, this gets used to
# send invites for invite-only rooms.
mxid_localpart = config.get("auto_join_mxid_localpart")
self.auto_join_user_id = None
if mxid_localpart:
# Convert the localpart to a full mxid.
self.auto_join_user_id = UserID(
mxid_localpart, self.root.server.server_name).to_string()
if self.autocreate_auto_join_rooms:
# Ensure the preset is a known value.
if self.autocreate_auto_join_room_preset not in {
RoomCreationPreset.PUBLIC_CHAT,
RoomCreationPreset.PRIVATE_CHAT,
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
}:
raise ConfigError(
"Invalid value for autocreate_auto_join_room_preset")
# If the preset requires invitations to be sent, ensure there's a
# configured user to send them from.
if self.auto_join_room_requires_invite:
if not mxid_localpart:
raise ConfigError(
"The configuration option `auto_join_mxid_localpart` is required if "
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
"Synapse knows who to send invitations from. Please "
"configure `auto_join_mxid_localpart`.")
self.auto_join_rooms_for_guests = config.get(
"auto_join_rooms_for_guests", True)
self.enable_set_displayname = config.get("enable_set_displayname",
True)
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
self.disable_msisdn_registration = config.get(
"disable_msisdn_registration", False)
session_lifetime = config.get("session_lifetime")
if session_lifetime is not None:
session_lifetime = self.parse_duration(session_lifetime)
self.session_lifetime = session_lifetime
# The `refreshable_access_token_lifetime` applies for tokens that can be renewed
# using a refresh token, as per MSC2918.
# If it is `None`, the refresh token mechanism is disabled.
refreshable_access_token_lifetime = config.get(
"refreshable_access_token_lifetime",
"5m",
)
if refreshable_access_token_lifetime is not None:
refreshable_access_token_lifetime = self.parse_duration(
refreshable_access_token_lifetime)
self.refreshable_access_token_lifetime: Optional[
int] = refreshable_access_token_lifetime
if (self.session_lifetime is not None
and "refreshable_access_token_lifetime" in config):
if self.session_lifetime < self.refreshable_access_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `refreshable_access_token_lifetime` "
"configuration options have been set, but `refreshable_access_token_lifetime` "
" exceeds `session_lifetime`!")
# The `nonrefreshable_access_token_lifetime` applies for tokens that can NOT be
# refreshed using a refresh token.
# If it is None, then these tokens last for the entire length of the session,
# which is infinite by default.
# The intention behind this configuration option is to help with requiring
# all clients to use refresh tokens, if the homeserver administrator requires.
nonrefreshable_access_token_lifetime = config.get(
"nonrefreshable_access_token_lifetime",
None,
)
if nonrefreshable_access_token_lifetime is not None:
nonrefreshable_access_token_lifetime = self.parse_duration(
nonrefreshable_access_token_lifetime)
self.nonrefreshable_access_token_lifetime = nonrefreshable_access_token_lifetime
if (self.session_lifetime is not None
and self.nonrefreshable_access_token_lifetime is not None):
if self.session_lifetime < self.nonrefreshable_access_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `nonrefreshable_access_token_lifetime` "
"configuration options have been set, but `nonrefreshable_access_token_lifetime` "
" exceeds `session_lifetime`!")
refresh_token_lifetime = config.get("refresh_token_lifetime")
if refresh_token_lifetime is not None:
refresh_token_lifetime = self.parse_duration(
refresh_token_lifetime)
self.refresh_token_lifetime: Optional[int] = refresh_token_lifetime
if (self.session_lifetime is not None
and self.refresh_token_lifetime is not None):
if self.session_lifetime < self.refresh_token_lifetime:
raise ConfigError(
"Both `session_lifetime` and `refresh_token_lifetime` "
"configuration options have been set, but `refresh_token_lifetime` "
" exceeds `session_lifetime`!")
# The fallback template used for authenticating using a registration token
self.registration_token_template = self.read_template(
"registration_token.html")
# The success template used during fallback auth.
self.fallback_success_template = self.read_template(
"auth_success.html")
self.inhibit_user_in_use_error = config.get(
"inhibit_user_in_use_error", False)
