def __init__(self, hs): """ Args: hs (synapse.server.HomeServer): server """ super(EmailRegisterRequestTokenRestServlet, self).__init__() self.hs = hs self.identity_handler = hs.get_handlers().identity_handler self.config = hs.config if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: from synapse.push.mailer import Mailer, load_jinja2_templates template_html, template_text = load_jinja2_templates( self.config.email_template_dir, [ self.config.email_registration_template_html, self.config.email_registration_template_text, ], apply_format_ts_filter=True, apply_mxc_to_http_filter=True, public_baseurl=self.config.public_baseurl, ) self.mailer = Mailer( hs=self.hs, app_name=self.config.email_app_name, template_html=template_html, template_text=template_text, )
def __init__(self, hs: "HomeServer"): self._callback_url = hs.config.oidc_callback_url # type: str self._scopes = hs.config.oidc_scopes # type: List[str] self._client_auth = ClientAuth( hs.config.oidc_client_id, hs.config.oidc_client_secret, hs.config.oidc_client_auth_method, ) # type: ClientAuth self._client_auth_method = hs.config.oidc_client_auth_method # type: str self._provider_metadata = OpenIDProviderMetadata( issuer=hs.config.oidc_issuer, authorization_endpoint=hs.config.oidc_authorization_endpoint, token_endpoint=hs.config.oidc_token_endpoint, userinfo_endpoint=hs.config.oidc_userinfo_endpoint, jwks_uri=hs.config.oidc_jwks_uri, ) # type: OpenIDProviderMetadata self._provider_needs_discovery = hs.config.oidc_discover # type: bool self._user_mapping_provider = hs.config.oidc_user_mapping_provider_class( hs.config.oidc_user_mapping_provider_config ) # type: OidcMappingProvider self._skip_verification = hs.config.oidc_skip_verification # type: bool self._http_client = hs.get_proxied_http_client() self._auth_handler = hs.get_auth_handler() self._registration_handler = hs.get_registration_handler() self._datastore = hs.get_datastore() self._clock = hs.get_clock() self._hostname = hs.hostname # type: str self._server_name = hs.config.server_name # type: str self._macaroon_secret_key = hs.config.macaroon_secret_key self._error_template = load_jinja2_templates( hs.config.sso_template_dir, ["sso_error.html"])[0] # identifier for the external_ids table self._auth_provider_id = "oidc"
def __init__(self, hs): """ Args: hs (synapse.server.HomeServer): server """ super(RegistrationSubmitTokenServlet, self).__init__() self.hs = hs self.auth = hs.get_auth() self.config = hs.config self.clock = hs.get_clock() self.store = hs.get_datastore() if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: (self.failure_email_template, ) = load_jinja2_templates( self.config.email_template_dir, [self.config.email_registration_template_failure_html], ) if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: (self.failure_email_template, ) = load_jinja2_templates( self.config.email_template_dir, [self.config.email_registration_template_failure_html], )
def __init__(self, hs): """ Args: hs (synapse.server.HomeServer): server """ super().__init__() self.config = hs.config self.clock = hs.get_clock() self.store = hs.get_datastore() if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: (self.failure_email_template, ) = load_jinja2_templates( self.config.email_template_dir, [self.config.email_add_threepid_template_failure_html], )
def __init__(self, hs): self.hs = hs self.config = hs.config self.store = self.hs.get_datastore() self.sendmail = self.hs.get_sendmail() self.clock = self.hs.get_clock() self._account_validity = self.hs.config.account_validity if ( self._account_validity.enabled and self._account_validity.renew_by_email_enabled and load_jinja2_templates ): # Don't do email-specific configuration if renewal by email is disabled. try: app_name = self.hs.config.email_app_name self._subject = self._account_validity.renew_email_subject % { "app": app_name } self._from_string = self.hs.config.email_notif_from % {"app": app_name} except Exception: # If substitution failed, fall back to the bare strings. self._subject = self._account_validity.renew_email_subject self._from_string = self.hs.config.email_notif_from self._raw_from = email.utils.parseaddr(self._from_string)[1] self._template_html, self._template_text = load_jinja2_templates( self.config.email_template_dir, [ self.config.email_expiry_template_html, self.config.email_expiry_template_text, ], apply_format_ts_filter=True, apply_mxc_to_http_filter=True, public_baseurl=self.config.public_baseurl, ) # Check the renewal emails to send and send them every 30min. def send_emails(): # run as a background process to make sure that the database transactions # have a logcontext to report to return run_as_background_process( "send_renewals", self._send_renewal_emails ) self.clock.looping_call(send_emails, 30 * 60 * 1000)
def __init__(self, hs): self.hs = hs self.pusher_types = { "http": HttpPusher, } logger.info("email enable notifs: %r", hs.config.email_enable_notifs) if hs.config.email_enable_notifs: self.mailers = {} # app_name -> Mailer templates = load_jinja2_templates(hs.config) self.notif_template_html, self.notif_template_text = templates self.pusher_types["email"] = self._create_email_pusher logger.info("defined email pusher type")
def __init__(self, hs): super(EmailPasswordRequestTokenRestServlet, self).__init__() self.hs = hs self.datastore = hs.get_datastore() self.config = hs.config self.identity_handler = hs.get_handlers().identity_handler if self.config.email_password_reset_behaviour == "local": from synapse.push.mailer import Mailer, load_jinja2_templates templates = load_jinja2_templates( config=hs.config, template_html_name=hs.config.email_password_reset_template_html, template_text_name=hs.config.email_password_reset_template_text, ) self.mailer = Mailer( hs=self.hs, app_name=self.config.email_app_name, template_html=templates[0], template_text=templates[1], )
def __init__(self, hs): super(EmailThreepidRequestTokenRestServlet, self).__init__() self.hs = hs self.config = hs.config self.identity_handler = hs.get_handlers().identity_handler self.store = self.hs.get_datastore() if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: template_html, template_text = load_jinja2_templates( self.config.email_template_dir, [ self.config.email_add_threepid_template_html, self.config.email_add_threepid_template_text, ], public_baseurl=self.config.public_baseurl, ) self.mailer = Mailer( hs=self.hs, app_name=self.config.email_app_name, template_html=template_html, template_text=template_text, )
def __init__(self, hs): self.hs = hs self.store = self.hs.get_datastore() self.sendmail = self.hs.get_sendmail() self.clock = self.hs.get_clock() self._account_validity = self.hs.config.account_validity if self._account_validity.renew_by_email_enabled and load_jinja2_templates: # Don't do email-specific configuration if renewal by email is disabled. try: app_name = self.hs.config.email_app_name self._subject = self._account_validity.renew_email_subject % { "app": app_name, } self._from_string = self.hs.config.email_notif_from % { "app": app_name, } except Exception: # If substitution failed, fall back to the bare strings. self._subject = self._account_validity.renew_email_subject self._from_string = self.hs.config.email_notif_from self._raw_from = email.utils.parseaddr(self._from_string)[1] self._template_html, self._template_text = load_jinja2_templates( config=self.hs.config, template_html_name=self.hs.config.email_expiry_template_html, template_text_name=self.hs.config.email_expiry_template_text, ) # Check the renewal emails to send and send them every 30min. self.clock.looping_call( self.send_renewal_emails, 30 * 60 * 1000, )
def __init__(self, hs): self.hs = hs self.store = self.hs.get_datastore() self.sendmail = self.hs.get_sendmail() self.clock = self.hs.get_clock() self._account_validity = self.hs.config.account_validity if self._account_validity.renew_by_email_enabled and load_jinja2_templates: # Don't do email-specific configuration if renewal by email is disabled. try: app_name = self.hs.config.email_app_name self._subject = self._account_validity.renew_email_subject % { "app": app_name, } self._from_string = self.hs.config.email_notif_from % { "app": app_name, } except Exception: # If substitution failed, fall back to the bare strings. self._subject = self._account_validity.renew_email_subject self._from_string = self.hs.config.email_notif_from self._raw_from = email.utils.parseaddr(self._from_string)[1] self._template_html, self._template_text = load_jinja2_templates( config=self.hs.config, template_html_name=self.hs.config.email_expiry_template_html, template_text_name=self.hs.config.email_expiry_template_text, ) # Check the renewal emails to send and send them every 30min. self.clock.looping_call( self.send_renewal_emails, 30 * 60 * 1000, )
def __init__(self, hs): super(EmailPasswordRequestTokenRestServlet, self).__init__() self.hs = hs self.datastore = hs.get_datastore() self.config = hs.config self.identity_handler = hs.get_handlers().identity_handler if self.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: template_html, template_text = load_jinja2_templates( self.config.email_template_dir, [ self.config.email_password_reset_template_html, self.config.email_password_reset_template_text, ], apply_format_ts_filter=True, apply_mxc_to_http_filter=True, public_baseurl=self.config.public_baseurl, ) self.mailer = Mailer( hs=self.hs, app_name=self.config.email_app_name, template_html=template_html, template_text=template_text, )
def __init__(self, hs): self.hs = hs self.config = hs.config self.pusher_types = {"http": HttpPusher} logger.info("email enable notifs: %r", hs.config.email_enable_notifs) if hs.config.email_enable_notifs: self.mailers = {} # app_name -> Mailer self.notif_template_html, self.notif_template_text = load_jinja2_templates( self.config.email_template_dir, [ self.config.email_notif_template_html, self.config.email_notif_template_text, ], apply_format_ts_filter=True, apply_mxc_to_http_filter=True, public_baseurl=self.config.public_baseurl, ) self.pusher_types["email"] = self._create_email_pusher logger.info("defined email pusher type")
def __init__(self, hs): """ Args: hs (synapse.server.HomeServer): """ super(AuthHandler, self).__init__(hs) self.checkers = {} # type: Dict[str, UserInteractiveAuthChecker] for auth_checker_class in INTERACTIVE_AUTH_CHECKERS: inst = auth_checker_class(hs) if inst.is_enabled(): self.checkers[inst.AUTH_TYPE] = inst # type: ignore self.bcrypt_rounds = hs.config.bcrypt_rounds account_handler = ModuleApi(hs, self) self.password_providers = [ module(config=config, account_handler=account_handler) for module, config in hs.config.password_providers ] logger.info("Extra password_providers: %r", self.password_providers) self.hs = hs # FIXME better possibility to access registrationHandler later? self.macaroon_gen = hs.get_macaroon_generator() self._password_enabled = hs.config.password_enabled self._sso_enabled = (hs.config.cas_enabled or hs.config.saml2_enabled or hs.config.oidc_enabled) # we keep this as a list despite the O(N^2) implication so that we can # keep PASSWORD first and avoid confusing clients which pick the first # type in the list. (NB that the spec doesn't require us to do so and # clients which favour types that they don't understand over those that # they do are technically broken) login_types = [] if self._password_enabled: login_types.append(LoginType.PASSWORD) for provider in self.password_providers: if hasattr(provider, "get_supported_login_types"): for t in provider.get_supported_login_types().keys(): if t not in login_types: login_types.append(t) self._supported_login_types = login_types # Login types and UI Auth types have a heavy overlap, but are not # necessarily identical. Login types have SSO (and other login types) # added in the rest layer, see synapse.rest.client.v1.login.LoginRestServerlet.on_GET. ui_auth_types = login_types.copy() if self._sso_enabled: ui_auth_types.append(LoginType.SSO) self._supported_ui_auth_types = ui_auth_types # Ratelimiter for failed auth during UIA. Uses same ratelimit config # as per `rc_login.failed_attempts`. self._failed_uia_attempts_ratelimiter = Ratelimiter() self._clock = self.hs.get_clock() # Expire old UI auth sessions after a period of time. if hs.config.worker_app is None: self._clock.looping_call( run_as_background_process, 5 * 60 * 1000, "expire_old_sessions", self._expire_old_sessions, ) # Load the SSO HTML templates. # The following template is shown to the user during a client login via SSO, # after the SSO completes and before redirecting them back to their client. # It notifies the user they are about to give access to their matrix account # to the client. self._sso_redirect_confirm_template = load_jinja2_templates( hs.config.sso_template_dir, ["sso_redirect_confirm.html"], )[0] # The following template is shown during user interactive authentication # in the fallback auth scenario. It notifies the user that they are # authenticating for an operation to occur on their account. self._sso_auth_confirm_template = load_jinja2_templates( hs.config.sso_template_dir, ["sso_auth_confirm.html"], )[0] # The following template is shown after a successful user interactive # authentication session. It tells the user they can close the window. self._sso_auth_success_template = hs.config.sso_auth_success_template # The following template is shown during the SSO authentication process if # the account is deactivated. self._sso_account_deactivated_template = ( hs.config.sso_account_deactivated_template) self._server_name = hs.config.server_name # cast to tuple for use with str.startswith self._whitelisted_sso_clients = tuple(hs.config.sso_client_whitelist)
def __init__(self, hs): """ Args: hs (synapse.server.HomeServer): """ super(AuthHandler, self).__init__(hs) self.checkers = {} # type: dict[str, UserInteractiveAuthChecker] for auth_checker_class in INTERACTIVE_AUTH_CHECKERS: inst = auth_checker_class(hs) if inst.is_enabled(): self.checkers[inst.AUTH_TYPE] = inst self.bcrypt_rounds = hs.config.bcrypt_rounds # This is not a cache per se, but a store of all current sessions that # expire after N hours self.sessions = ExpiringCache( cache_name="register_sessions", clock=hs.get_clock(), expiry_ms=self.SESSION_EXPIRE_MS, reset_expiry_on_get=True, ) account_handler = ModuleApi(hs, self) self.password_providers = [ module(config=config, account_handler=account_handler) for module, config in hs.config.password_providers ] logger.info("Extra password_providers: %r", self.password_providers) self.hs = hs # FIXME better possibility to access registrationHandler later? self.macaroon_gen = hs.get_macaroon_generator() self._password_enabled = hs.config.password_enabled # we keep this as a list despite the O(N^2) implication so that we can # keep PASSWORD first and avoid confusing clients which pick the first # type in the list. (NB that the spec doesn't require us to do so and # clients which favour types that they don't understand over those that # they do are technically broken) login_types = [] if self._password_enabled: login_types.append(LoginType.PASSWORD) for provider in self.password_providers: if hasattr(provider, "get_supported_login_types"): for t in provider.get_supported_login_types().keys(): if t not in login_types: login_types.append(t) self._supported_login_types = login_types # Ratelimiter for failed auth during UIA. Uses same ratelimit config # as per `rc_login.failed_attempts`. self._failed_uia_attempts_ratelimiter = Ratelimiter() self._clock = self.hs.get_clock() # Load the SSO redirect confirmation page HTML template self._sso_redirect_confirm_template = load_jinja2_templates( hs.config.sso_redirect_confirm_template_dir, ["sso_redirect_confirm.html"], )[0] self._server_name = hs.config.server_name # cast to tuple for use with str.startswith self._whitelisted_sso_clients = tuple(hs.config.sso_client_whitelist)