Merge branch 'develop' into dependabot/pip/netaddr-1.2.1

CHANGES.md

@@ -1,3 +1,10 @@
+# Synapse 1.103.0 (2024-03-19)
+
+No significant changes since 1.103.0rc1.
+
+
+
+
 # Synapse 1.103.0rc1 (2024-03-12)
 
 ### Features

changelog.d/16907.misc

@@ -0,0 +1 @@
+Update power level default for public rooms (#16907).

changelog.d/16908.misc

@@ -0,0 +1 @@
+Improve event validation (#16908).

changelog.d/16950.misc

@@ -0,0 +1 @@
+Clarify docs for some room state functions.

changelog.d/16953.misc

@@ -0,0 +1 @@
+Specify IP subnets in canonical form.

changelog.d/16974.misc

@@ -0,0 +1 @@
+As done for SAML mapping provider, let's pass the module API to the OIDC one so the mapper can do more logic in its code.

debian/changelog

@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.103.0) stable; urgency=medium
+
+  * New Synapse release 1.103.0.
+
+ -- Synapse Packaging team <[email protected]>  Tue, 19 Mar 2024 12:24:36 +0000
+
 matrix-synapse-py3 (1.103.0~rc1) stable; urgency=medium
 
   * New Synapse release 1.103.0rc1.

docs/sso_mapping_providers.md

@@ -50,11 +50,13 @@ comment these options out and use those specified by the module instead.
 
 A custom mapping provider must specify the following methods:
 
-* `def __init__(self, parsed_config)`
+* `def __init__(self, parsed_config, module_api)`
    - Arguments:
      - `parsed_config` - A configuration object that is the return value of the
        `parse_config` method. You should set any configuration options needed by
        the module here.
+     - `module_api` - a `synapse.module_api.ModuleApi` object which provides the
+       stable API available for extension modules.
 * `def parse_config(config)`
     - This method should have the `@staticmethod` decoration.
     - Arguments:

pyproject.toml

@@ -96,7 +96,7 @@ module-name = "synapse.synapse_rust"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.103.0rc1"
+version = "1.103.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <[email protected]>"]
 license = "AGPL-3.0-or-later"

synapse/api/constants.py

@@ -129,6 +129,8 @@ class EventTypes:
 
     Reaction: Final = "m.reaction"
 
+    CallInvite: Final = "m.call.invite"
+
 
 class ToDeviceEventTypes:
     RoomKeyRequest: Final = "m.room_key_request"

synapse/handlers/message.py

@@ -34,6 +34,7 @@
     EventTypes,
     GuestAccess,
     HistoryVisibility,
+    JoinRules,
     Membership,
     RelationTypes,
     UserTypes,
@@ -1325,6 +1326,18 @@ async def create_new_client_event(
 
         self.validator.validate_new(event, self.config)
         await self._validate_event_relation(event)
+
+        if event.type == EventTypes.CallInvite:
+            room_id = event.room_id
+            room_info = await self.store.get_room_with_stats(room_id)
+            assert room_info is not None
+
+            if room_info.join_rules == JoinRules.PUBLIC:
+                raise SynapseError(
+                    403,
+                    "Call invites are not allowed in public rooms.",
+                    Codes.FORBIDDEN,
+                )
         logger.debug("Created event %s", event.event_id)
 
         return event, context

synapse/handlers/oidc.py

@@ -65,6 +65,7 @@
 from synapse.http.servlet import parse_string
 from synapse.http.site import SynapseRequest
 from synapse.logging.context import make_deferred_yieldable
+from synapse.module_api import ModuleApi
 from synapse.types import JsonDict, UserID, map_username_to_mxid_localpart
 from synapse.util import Clock, json_decoder
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
@@ -421,9 +422,19 @@ def __init__(
         # from the IdP's jwks_uri, if required.
         self._jwks = RetryOnExceptionCachedCall(self._load_jwks)
 
-        self._user_mapping_provider = provider.user_mapping_provider_class(
-            provider.user_mapping_provider_config
+        user_mapping_provider_init_method = (
+            provider.user_mapping_provider_class.__init__
         )
+        if len(inspect.signature(user_mapping_provider_init_method).parameters) == 3:
+            self._user_mapping_provider = provider.user_mapping_provider_class(
+                provider.user_mapping_provider_config,
+                ModuleApi(hs, hs.get_auth_handler()),
+            )
+        else:
+            self._user_mapping_provider = provider.user_mapping_provider_class(
+                provider.user_mapping_provider_config,
+            )
+
         self._skip_verification = provider.skip_verification
         self._allow_existing_users = provider.allow_existing_users
 
@@ -1583,7 +1594,7 @@ class JinjaOidcMappingProvider(OidcMappingProvider[JinjaOidcMappingConfig]):
     This is the default mapping provider.
     """
 
-    def __init__(self, config: JinjaOidcMappingConfig):
+    def __init__(self, config: JinjaOidcMappingConfig, module_api: ModuleApi):
         self._config = config
 
     @staticmethod

synapse/handlers/room.py

@@ -151,7 +151,7 @@ def __init__(self, hs: "HomeServer"):
                 "history_visibility": HistoryVisibility.SHARED,
                 "original_invitees_have_ops": False,
                 "guest_can_join": False,
-                "power_level_content_override": {},
+                "power_level_content_override": {EventTypes.CallInvite: 50},
             },
         }
 

synapse/handlers/sync.py

@@ -41,6 +41,7 @@
     AccountDataTypes,
     EventContentFields,
     EventTypes,
+    JoinRules,
     Membership,
 )
 from synapse.api.filtering import FilterCollection
@@ -675,13 +676,22 @@ async def _load_filtered_recents(
                         )
                     )
 
-                loaded_recents = await filter_events_for_client(
+                filtered_recents = await filter_events_for_client(
                     self._storage_controllers,
                     sync_config.user.to_string(),
                     loaded_recents,
                     always_include_ids=current_state_ids,
                 )
 
+                loaded_recents = []
+                for event in filtered_recents:
+                    if event.type == EventTypes.CallInvite:
+                        room_info = await self.store.get_room_with_stats(event.room_id)
+                        assert room_info is not None
+                        if room_info.join_rules == JoinRules.PUBLIC:
+                            continue
+                    loaded_recents.append(event)
+
                 log_kv({"loaded_recents_after_client_filtering": len(loaded_recents)})
 
                 loaded_recents.extend(recents)

synapse/storage/controllers/state.py

@@ -273,8 +273,10 @@ async def get_state_ids_for_events(
         await_full_state: bool = True,
     ) -> Dict[str, StateMap[str]]:
         """
-        Get the state dicts corresponding to a list of events, containing the event_ids
-        of the state events (as opposed to the events themselves)
+        Get the room states after each of a list of events.
+
+        For each event in `event_ids`, the result contains a map from state tuple
+        to the event_ids of the state event (as opposed to the events themselves).
 
         Args:
             event_ids: events whose state should be returned
@@ -347,7 +349,7 @@ async def get_state_ids_for_event(
         await_full_state: bool = True,
     ) -> StateMap[str]:
         """
-        Get the state dict corresponding to a particular event
+        Get the state dict corresponding to the state after a particular event
 
         Args:
             event_id: event whose state should be returned

tests/api/test_auth.py

@@ -128,7 +128,7 @@ def test_get_user_by_req_appservice_valid_token_good_ip(self) -> None:
             token="foobar",
             url="a_url",
             sender=self.test_user,
-            ip_range_whitelist=IPSet(["192.168/16"]),
+            ip_range_whitelist=IPSet(["192.168.0.0/16"]),
         )
         self.store.get_app_service_by_token = Mock(return_value=app_service)
         self.store.get_user_by_access_token = AsyncMock(return_value=None)
@@ -147,7 +147,7 @@ def test_get_user_by_req_appservice_valid_token_bad_ip(self) -> None:
             token="foobar",
             url="a_url",
             sender=self.test_user,
-            ip_range_whitelist=IPSet(["192.168/16"]),
+            ip_range_whitelist=IPSet(["192.168.0.0/16"]),
         )
         self.store.get_app_service_by_token = Mock(return_value=app_service)
         self.store.get_user_by_access_token = AsyncMock(return_value=None)

tests/handlers/test_message.py

@@ -24,6 +24,7 @@
 from twisted.test.proto_helpers import MemoryReactor
 
 from synapse.api.constants import EventTypes
+from synapse.api.errors import SynapseError
 from synapse.events import EventBase
 from synapse.events.snapshot import EventContext, UnpersistedEventContextBase
 from synapse.rest import admin
@@ -51,11 +52,15 @@ def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
         persistence = self.hs.get_storage_controllers().persistence
         assert persistence is not None
         self._persist_event_storage_controller = persistence
+        self.store = self.hs.get_datastores().main
 
         self.user_id = self.register_user("tester", "foobar")
         device_id = "dev-1"
         access_token = self.login("tester", "foobar", device_id=device_id)
         self.room_id = self.helper.create_room_as(self.user_id, tok=access_token)
+        self.private_room_id = self.helper.create_room_as(
+            self.user_id, tok=access_token, extra_content={"preset": "private_chat"}
+        )
 
         self.requester = create_requester(self.user_id, device_id=device_id)
 
@@ -285,6 +290,41 @@ def test_when_empty_prev_events_allowed_reject_event_with_empty_prev_events_and_
             AssertionError,
         )
 
+    def test_call_invite_event_creation_fails_in_public_room(self) -> None:
+        # get prev_events for room
+        prev_events = self.get_success(
+            self.store.get_prev_events_for_room(self.room_id)
+        )
+
+        # the invite in a public room should fail
+        self.get_failure(
+            self.handler.create_event(
+                self.requester,
+                {
+                    "type": EventTypes.CallInvite,
+                    "room_id": self.room_id,
+                    "sender": self.requester.user.to_string(),
+                },
+                prev_event_ids=prev_events,
+                auth_event_ids=prev_events,
+            ),
+            SynapseError,
+        )
+
+        # but a call invite in a private room should succeed
+        self.get_success(
+            self.handler.create_event(
+                self.requester,
+                {
+                    "type": EventTypes.CallInvite,
+                    "room_id": self.private_room_id,
+                    "sender": self.requester.user.to_string(),
+                },
+                prev_event_ids=prev_events,
+                auth_event_ids=prev_events,
+            )
+        )
+
 
 class ServerAclValidationTestCase(unittest.HomeserverTestCase):
     servlets = [