Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add a config flag to inhibit M_USER_IN_USE during registration #11743

Merged
merged 9 commits into from
Jan 26, 2022

Conversation

babolivier
Copy link
Contributor

@babolivier babolivier commented Jan 13, 2022

This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work).

This PR adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (an upcoming PR will add a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique.

More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: https://github.com/matrix-org/matrix-dinsic/issues/476

This is mostly motivated by the tchap use case, where usernames are
automatically generated from the user's email address (in a way that
allows figuring out the email address from the username). Therefore,
it's an issue if we respond to requests on `/register` and
`/register/available` with `M_USER_IN_USE`, because it can potentially
leak email addresses (which include the user's real name and place of
work).

If this config flag is turned on, Synapse ignores any username supplied
by the client on both endpoints, and instead generates a username
automatically for the user. In the future, there will be a module
callback that allows modules to decide which username to give the user
(by e.g. deriving it from an email address), so usernames generated with
this flag turned on won't be limited to integers.
@babolivier babolivier requested a review from a team as a code owner January 13, 2022 17:02
@babolivier babolivier added the Z-Time-Tracked Element employees should track their time spent on this issue/PR. label Jan 14, 2022
@anoadragon453
Copy link
Member

I'm wondering if we can break this up into two separate pieces of functionality:

  1. The ability to not respond with M_USER_IN_USE if desired
    • Togglable via a config option.
    • This could be useful outside of the generating usernames usecase.
  2. Implement the module API, and if implemented by a module, ignore usernames implicity.
    • No need to additionally toggle a config option after installing a module.

What do you think?

@babolivier
Copy link
Contributor Author

babolivier commented Jan 19, 2022

@anoadragon453 The issue I see with your proposed solution is that I'm not sure what we would do if the username is already registered. The main reason we don't want to return M_USER_IN_USE is so we don't leak existing usernames. We're bound to have to return an error somewhere in the process if we're using the username provided by the user and it clashes with an existing one, which would defeat the point.

@anoadragon453
Copy link
Member

@babolivier good point! Do you think a use case exists for returning M_USER_IN_USE while usernames are being generated? If so, perhaps an option for whether M_USER_IN_USE is returned is still useful, but it would be conditioned on whether a module has been registered to generate usernames.

Also, does:

Implement the module API, and if implemented by a module, ignore usernames implicity.

sounds reasonable?

@babolivier
Copy link
Contributor Author

babolivier commented Jan 19, 2022

@anoadragon453

Do you think a use case exists for returning M_USER_IN_USE while usernames are being generated?

I don't. afaiu the semantics of this error code is "the username supplied by the client is already used by an existing user". So if we ignore the username supplied by the client I don't see a reason to return this error.

Also, does:

Implement the module API, and if implemented by a module, ignore usernames implicity.

sounds reasonable?

The way I see it the module will be given the parameters the user provided during the registration process so the module can generate a username to use from it (e.g. for Tchap we would extract the email address and just use that). In this case imo whether to ignore the username provided by the client/user should be decided by the module, and Synapse shouldn't e.g. strip the provided username from the parameters it passes through.

@babolivier babolivier changed the title Add a config flag to ignore client-supplied usernames at registration Add a config flag to inhibit M_USER_IN_USE during registration Jan 20, 2022
@babolivier
Copy link
Contributor Author

After discussing this with @clokep, we agreed that a better solution would be to instead make the new config flag inhibit M_USER_IN_USE errors in /available requests and before completing the registration process. Since we're not ignoring the client's username anymore, if the username conflicts we'll still raise an error once the client completes the registration if the username conflicts. I've updated the PR's description to reflect this.

@@ -564,6 +574,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
desired_username,
guest_access_token=guest_access_token,
assigned_user_id=registered_user_id,
inhibit_user_in_use_error=self._inhibit_user_in_use_error,
Copy link
Contributor Author

@babolivier babolivier Jan 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not adding another check later on (e.g. after we've checked that the UIA flow is complete) because the registration handler's register_user (which is called towards the end of this function) already does that.

Copy link
Contributor

@DMRobertson DMRobertson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still a little anxious about this config option, but the source code changes look reasonable!

Comment on lines +352 to +353
if self.inhibit_user_in_use_error:
return 200, {"available": True}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Part of me feels uncomfortable lying here. I wondered about returning 400 or 403 with an appropriate error code. But I can imagine a) that clients would break, and b) that would require a spec change.

@babolivier babolivier merged commit 95b3f95 into develop Jan 26, 2022
@babolivier babolivier deleted the babolivier/reg_ignore_username branch January 26, 2022 12:02
babolivier added a commit that referenced this pull request Jan 26, 2022
)

This is mostly motivated by the tchap use case, where usernames are automatically generated from the user's email address (in a way that allows figuring out the email address from the username). Therefore, it's an issue if we respond to requests on /register and /register/available with M_USER_IN_USE, because it can potentially leak email addresses (which include the user's real name and place of work).

This commit adds a flag to inhibit the M_USER_IN_USE errors that are raised both by /register/available, and when providing a username early into the registration process. This error will still be raised if the user completes the registration process but the username conflicts. This is particularly useful when using modules (#11790 adds a module callback to set the username of users at registration) or SSO, since they can ensure the username is unique.

More context is available in the PR that introduced this behaviour to synapse-dinsic: matrix-org/synapse-dinsic#48 - as well as the issue in the matrix-dinsic repo: matrix-org/matrix-dinsic#476
babolivier added a commit to matrix-org/synapse-dinsic that referenced this pull request Feb 7, 2022
Synapse 1.52.0rc1 (2022-02-01)
==============================

Features
--------

- Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11621](matrix-org/synapse#11621), [\#11788](matrix-org/synapse#11788), [\#11789](matrix-org/synapse#11789))
- Add an admin API to reset connection timeouts for remote server. ([\#11639](matrix-org/synapse#11639))
- Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\#11658](matrix-org/synapse#11658))
- Add a config flag to inhibit M_USER_IN_USE during registration. ([\#11743](matrix-org/synapse#11743))
- Add a module callback to set username at registration. ([\#11790](matrix-org/synapse#11790))
- Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\#11846](matrix-org/synapse#11846))

Bugfixes
--------

- Include the bundled aggregations in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612))
- Fix a long-standing bug when previewing Reddit URLs which do not contain an image. ([\#11767](matrix-org/synapse#11767))
- Fix a long-standing bug that media streams could cause long-lived connections when generating URL previews. ([\#11784](matrix-org/synapse#11784))
- Include a `prev_content` field in state events sent to Application Services. Contributed by @totallynotvaishnav. ([\#11798](matrix-org/synapse#11798))
- Fix a bug introduced in Synapse 0.33.3 causing requests to sometimes log strings such as `HTTPStatus.OK` instead of integer status codes. ([\#11827](matrix-org/synapse#11827))

Improved Documentation
----------------------

- Update pypi installation docs to indicate that we now support Python 3.10. ([\#11820](matrix-org/synapse#11820))
- Add missing steps to the contribution submission process in the documentation.  Contributed by @sequentialread. ([\#11821](matrix-org/synapse#11821))
- Remove not needed old table of contents in documentation. ([\#11860](matrix-org/synapse#11860))
- Consolidate the `access_token` information at the top of each relevant page in the Admin API documentation. ([\#11861](matrix-org/synapse#11861))

Deprecations and Removals
-------------------------

- Drop support for Python 3.6, which is EOL. ([\#11683](matrix-org/synapse#11683))
- Remove the `experimental_msc1849_support_enabled` flag as the features are now stable. ([\#11843](matrix-org/synapse#11843))

Internal Changes
----------------

- Preparation for database schema simplifications: add `state_key` and `rejection_reason` columns to `events` table. ([\#11792](matrix-org/synapse#11792))
- Add `FrozenEvent.get_state_key` and use it in a couple of places. ([\#11793](matrix-org/synapse#11793))
- Preparation for database schema simplifications: stop reading from `event_reference_hashes`. ([\#11794](matrix-org/synapse#11794))
- Drop unused table `public_room_list_stream`. ([\#11795](matrix-org/synapse#11795))
- Preparation for reducing Postgres serialization errors: allow setting transaction isolation level. Contributed by Nick @ Beeper. ([\#11799](matrix-org/synapse#11799), [\#11847](matrix-org/synapse#11847))
- Docker: skip the initial amd64-only build and go straight to multiarch. ([\#11810](matrix-org/synapse#11810))
- Run Complement on the Github Actions VM and not inside a Docker container. ([\#11811](matrix-org/synapse#11811))
- Log module names at startup. ([\#11813](matrix-org/synapse#11813))
- Improve type safety of bundled aggregations code. ([\#11815](matrix-org/synapse#11815))
- Correct a type annotation in the event validation logic. ([\#11817](matrix-org/synapse#11817), [\#11830](matrix-org/synapse#11830))
- Minor updates and documentation for database schema delta files. ([\#11823](matrix-org/synapse#11823))
- Workaround a type annotation problem in `prometheus_client` 0.13.0. ([\#11834](matrix-org/synapse#11834))
- Minor performance improvement in room state lookup. ([\#11836](matrix-org/synapse#11836))
- Fix some indentation inconsistencies in the sample config. ([\#11838](matrix-org/synapse#11838))
- Add type hints to `tests/rest/admin`. ([\#11851](matrix-org/synapse#11851))
babolivier added a commit to matrix-org/synapse-dinsic that referenced this pull request Feb 8, 2022
Synapse 1.52.0 (2022-02-08)
===========================

No significant changes since 1.52.0rc1.

During the making of this release, the developers of Twisted have released
[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which
fixes [a security issue](GHSA-92x2-jw7w-xvvx)
within Twisted. We do not believe Synapse to be vulnerable to any security problem caused
by this issue, though we advise server administrators to update their local version of
Twisted if they can.

Synapse 1.52.0rc1 (2022-02-01)
==============================

Features
--------

- Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11621](matrix-org/synapse#11621), [\#11788](matrix-org/synapse#11788), [\#11789](matrix-org/synapse#11789))
- Add an admin API to reset connection timeouts for remote server. ([\#11639](matrix-org/synapse#11639))
- Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\#11658](matrix-org/synapse#11658))
- Add a config flag to inhibit `M_USER_IN_USE` during registration. ([\#11743](matrix-org/synapse#11743))
- Add a module callback to set username at registration. ([\#11790](matrix-org/synapse#11790))
- Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\#11846](matrix-org/synapse#11846))

Bugfixes
--------

- Include the bundled aggregations in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612))
- Fix a long-standing bug when previewing Reddit URLs which do not contain an image. ([\#11767](matrix-org/synapse#11767))
- Fix a long-standing bug that media streams could cause long-lived connections when generating URL previews. ([\#11784](matrix-org/synapse#11784))
- Include a `prev_content` field in state events sent to Application Services. Contributed by @totallynotvaishnav. ([\#11798](matrix-org/synapse#11798))
- Fix a bug introduced in Synapse 0.33.3 causing requests to sometimes log strings such as `HTTPStatus.OK` instead of integer status codes. ([\#11827](matrix-org/synapse#11827))

Improved Documentation
----------------------

- Update pypi installation docs to indicate that we now support Python 3.10. ([\#11820](matrix-org/synapse#11820))
- Add missing steps to the contribution submission process in the documentation.  Contributed by @sequentialread. ([\#11821](matrix-org/synapse#11821))
- Remove not needed old table of contents in documentation. ([\#11860](matrix-org/synapse#11860))
- Consolidate the `access_token` information at the top of each relevant page in the Admin API documentation. ([\#11861](matrix-org/synapse#11861))

Deprecations and Removals
-------------------------

- Drop support for Python 3.6, which is EOL. ([\#11683](matrix-org/synapse#11683))
- Remove the `experimental_msc1849_support_enabled` flag as the features are now stable. ([\#11843](matrix-org/synapse#11843))

Internal Changes
----------------

- Preparation for database schema simplifications: add `state_key` and `rejection_reason` columns to `events` table. ([\#11792](matrix-org/synapse#11792))
- Add `FrozenEvent.get_state_key` and use it in a couple of places. ([\#11793](matrix-org/synapse#11793))
- Preparation for database schema simplifications: stop reading from `event_reference_hashes`. ([\#11794](matrix-org/synapse#11794))
- Drop unused table `public_room_list_stream`. ([\#11795](matrix-org/synapse#11795))
- Preparation for reducing Postgres serialization errors: allow setting transaction isolation level. Contributed by Nick @ Beeper. ([\#11799](matrix-org/synapse#11799), [\#11847](matrix-org/synapse#11847))
- Docker: skip the initial amd64-only build and go straight to multiarch. ([\#11810](matrix-org/synapse#11810))
- Run Complement on the Github Actions VM and not inside a Docker container. ([\#11811](matrix-org/synapse#11811))
- Log module names at startup. ([\#11813](matrix-org/synapse#11813))
- Improve type safety of bundled aggregations code. ([\#11815](matrix-org/synapse#11815))
- Correct a type annotation in the event validation logic. ([\#11817](matrix-org/synapse#11817), [\#11830](matrix-org/synapse#11830))
- Minor updates and documentation for database schema delta files. ([\#11823](matrix-org/synapse#11823))
- Workaround a type annotation problem in `prometheus_client` 0.13.0. ([\#11834](matrix-org/synapse#11834))
- Minor performance improvement in room state lookup. ([\#11836](matrix-org/synapse#11836))
- Fix some indentation inconsistencies in the sample config. ([\#11838](matrix-org/synapse#11838))
- Add type hints to `tests/rest/admin`. ([\#11851](matrix-org/synapse#11851))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Feb 25, 2022
Synapse 1.53.0 (2022-02-22)
===========================

No significant changes.


Synapse 1.53.0rc1 (2022-02-15)
==============================

Features
--------

- Add experimental support for sending to-device messages to application services, as specified by [MSC2409](matrix-org/matrix-spec-proposals#2409). ([\#11215](matrix-org/synapse#11215), [\#11966](matrix-org/synapse#11966))
- Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11655](matrix-org/synapse#11655))
- Experimental support for [MSC3666](matrix-org/matrix-spec-proposals#3666): including bundled aggregations in server side search results. ([\#11837](matrix-org/synapse#11837))
- Enable cache time-based expiry by default. The `expiry_time` config flag has been superseded by `expire_caches` and `cache_entry_ttl`. ([\#11849](matrix-org/synapse#11849))
- Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. ([\#11854](matrix-org/synapse#11854))
- Stabilize support and remove unstable endpoints for [MSC3231](matrix-org/matrix-spec-proposals#3231). Clients must switch to the stable identifier and endpoint. See the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#stablisation-of-msc3231) for more information. ([\#11867](matrix-org/synapse#11867))
- Allow modules to retrieve the current instance's server name and worker name. ([\#11868](matrix-org/synapse#11868))
- Use a dedicated configurable rate limiter for 3PID invites. ([\#11892](matrix-org/synapse#11892))
- Support the stable API endpoint for [MSC3283](matrix-org/matrix-spec-proposals#3283): new settings in `/capabilities` endpoint. ([\#11933](matrix-org/synapse#11933), [\#11989](matrix-org/synapse#11989))
- Support the `dir` parameter on the `/relations` endpoint, per [MSC3715](matrix-org/matrix-spec-proposals#3715). ([\#11941](matrix-org/synapse#11941))
- Experimental implementation of [MSC3706](matrix-org/matrix-spec-proposals#3706): extensions to `/send_join` to support reduced response size. ([\#11967](matrix-org/synapse#11967))


Bugfixes
--------

- Fix [MSC2716](matrix-org/matrix-spec-proposals#2716) historical messages backfilling in random order on remote homeservers. ([\#11114](matrix-org/synapse#11114))
- Fix a bug introduced in Synapse 1.51.0 where incoming federation transactions containing at least one EDU would be dropped if debug logging was enabled for `synapse.8631_debug`. ([\#11890](matrix-org/synapse#11890))
- Fix a long-standing bug where some unknown endpoints would return HTML error pages instead of JSON `M_UNRECOGNIZED` errors. ([\#11930](matrix-org/synapse#11930))
- Implement an allow list of content types for which we will attempt to preview a URL. This prevents Synapse from making useless longer-lived connections to streaming media servers. ([\#11936](matrix-org/synapse#11936))
- Fix a long-standing bug where pagination tokens from `/sync` and `/messages` could not be provided to the `/relations` API. ([\#11952](matrix-org/synapse#11952))
- Require that modules register their callbacks using keyword arguments. ([\#11975](matrix-org/synapse#11975))
- Fix a long-standing bug where `M_WRONG_ROOM_KEYS_VERSION` errors would not include the specced `current_version` field. ([\#11988](matrix-org/synapse#11988))


Improved Documentation
----------------------

- Fix typo in User Admin API: unpind -> unbind. ([\#11859](matrix-org/synapse#11859))
- Document images returned by the User List Media Admin API can include those generated by URL previews. ([\#11862](matrix-org/synapse#11862))
- Remove outdated MSC1711 FAQ document. ([\#11907](matrix-org/synapse#11907))
- Correct the structured logging configuration example. Contributed by Brad Jones. ([\#11946](matrix-org/synapse#11946))
- Add information on the Synapse release cycle. ([\#11954](matrix-org/synapse#11954))
- Fix broken link in the README to the admin API for password reset. ([\#11955](matrix-org/synapse#11955))


Deprecations and Removals
-------------------------

- Drop support for `webclient` listeners and configuring `web_client_location` to a non-HTTP(S) URL. Deprecated configurations are a configuration error. ([\#11895](matrix-org/synapse#11895))
- Remove deprecated `user_may_create_room_with_invites` spam checker callback. See the [upgrade notes](https://matrix-org.github.io/synapse/latest/upgrade.html#removal-of-user_may_create_room_with_invites) for more information. ([\#11950](matrix-org/synapse#11950))
- No longer build `.deb` packages for Ubuntu 21.04 Hirsute Hippo, which has now EOLed. ([\#11961](matrix-org/synapse#11961))


Internal Changes
----------------

- Enhance user registration test helpers to make them more useful for tests involving application services and devices. ([\#11615](matrix-org/synapse#11615), [\#11616](matrix-org/synapse#11616))
- Improve performance when fetching bundled aggregations for multiple events. ([\#11660](matrix-org/synapse#11660), [\#11752](matrix-org/synapse#11752))
- Fix type errors introduced by new annotations in the Prometheus Client library. ([\#11832](matrix-org/synapse#11832))
- Add missing type hints to replication code. ([\#11856](matrix-org/synapse#11856), [\#11938](matrix-org/synapse#11938))
- Ensure that `opentracing` scopes are activated and closed at the right time. ([\#11869](matrix-org/synapse#11869))
- Improve opentracing for incoming federation requests. ([\#11870](matrix-org/synapse#11870))
- Improve internal docstrings in `synapse.util.caches`. ([\#11876](matrix-org/synapse#11876))
- Do not needlessly clear the `get_users_in_room` and `get_users_in_room_with_profiles` caches when any room state changes. ([\#11878](matrix-org/synapse#11878))
- Convert `ApplicationServiceTestCase` to use `simple_async_mock`. ([\#11880](matrix-org/synapse#11880))
- Remove experimental changes to the default push rules which were introduced in Synapse 1.19.0 but never enabled. ([\#11884](matrix-org/synapse#11884))
- Disable coverage calculation for olddeps build. ([\#11888](matrix-org/synapse#11888))
- Preparation to support sending device list updates to application services. ([\#11905](matrix-org/synapse#11905))
- Add a test that checks users receive their own device list updates down `/sync`. ([\#11909](matrix-org/synapse#11909))
- Run Complement tests sequentially. ([\#11910](matrix-org/synapse#11910))
- Various refactors to the application service notifier code. ([\#11911](matrix-org/synapse#11911), [\#11912](matrix-org/synapse#11912))
- Tests: replace mocked `Authenticator` with the real thing. ([\#11913](matrix-org/synapse#11913))
- Various refactors to the typing notifications code. ([\#11914](matrix-org/synapse#11914))
- Use the proper type for the `Content-Length` header in the `UploadResource`. ([\#11927](matrix-org/synapse#11927))
- Remove an unnecessary ignoring of type hints due to fixes in upstream packages. ([\#11939](matrix-org/synapse#11939))
- Add missing type hints. ([\#11953](matrix-org/synapse#11953))
- Fix an import cycle in `synapse.event_auth`. ([\#11965](matrix-org/synapse#11965))
- Unpin `frozendict` but exclude the known bad version 2.1.2. ([\#11969](matrix-org/synapse#11969))
- Prepare for rename of default Complement branch. ([\#11971](matrix-org/synapse#11971))
- Fetch Synapse's version using a helper from `matrix-common`. ([\#11979](matrix-org/synapse#11979))


Synapse 1.52.0 (2022-02-08)
===========================

No significant changes since 1.52.0rc1.

Note that [Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0)
has recently been released, which fixes a [security issue](GHSA-92x2-jw7w-xvvx)
within the Twisted library. We do not believe Synapse is affected by this vulnerability,
though we advise server administrators who installed Synapse via pip to upgrade Twisted
with `pip install --upgrade Twisted` as a matter of good practice. The Docker image
`matrixdotorg/synapse` and the Debian packages from `packages.matrix.org` are using the
updated library.


Synapse 1.52.0rc1 (2022-02-01)
==============================

Features
--------

- Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\#11621](matrix-org/synapse#11621), [\#11788](matrix-org/synapse#11788), [\#11789](matrix-org/synapse#11789))
- Add an admin API to reset connection timeouts for remote server. ([\#11639](matrix-org/synapse#11639))
- Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\#11658](matrix-org/synapse#11658))
- Add a config flag to inhibit `M_USER_IN_USE` during registration. ([\#11743](matrix-org/synapse#11743))
- Add a module callback to set username at registration. ([\#11790](matrix-org/synapse#11790))
- Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\#11846](matrix-org/synapse#11846))


Bugfixes
--------

- Include the bundled aggregations in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\#11612](matrix-org/synapse#11612))
- Fix a long-standing bug when previewing Reddit URLs which do not contain an image. ([\#11767](matrix-org/synapse#11767))
- Fix a long-standing bug that media streams could cause long-lived connections when generating URL previews. ([\#11784](matrix-org/synapse#11784))
- Include a `prev_content` field in state events sent to Application Services. Contributed by @totallynotvaishnav. ([\#11798](matrix-org/synapse#11798))
- Fix a bug introduced in Synapse 0.33.3 causing requests to sometimes log strings such as `HTTPStatus.OK` instead of integer status codes. ([\#11827](matrix-org/synapse#11827))


Improved Documentation
----------------------

- Update pypi installation docs to indicate that we now support Python 3.10. ([\#11820](matrix-org/synapse#11820))
- Add missing steps to the contribution submission process in the documentation.  Contributed by @sequentialread. ([\#11821](matrix-org/synapse#11821))
- Remove not needed old table of contents in documentation. ([\#11860](matrix-org/synapse#11860))
- Consolidate the `access_token` information at the top of each relevant page in the Admin API documentation. ([\#11861](matrix-org/synapse#11861))


Deprecations and Removals
-------------------------

- Drop support for Python 3.6, which is EOL. ([\#11683](matrix-org/synapse#11683))
- Remove the `experimental_msc1849_support_enabled` flag as the features are now stable. ([\#11843](matrix-org/synapse#11843))


Internal Changes
----------------

- Preparation for database schema simplifications: add `state_key` and `rejection_reason` columns to `events` table. ([\#11792](matrix-org/synapse#11792))
- Add `FrozenEvent.get_state_key` and use it in a couple of places. ([\#11793](matrix-org/synapse#11793))
- Preparation for database schema simplifications: stop reading from `event_reference_hashes`. ([\#11794](matrix-org/synapse#11794))
- Drop unused table `public_room_list_stream`. ([\#11795](matrix-org/synapse#11795))
- Preparation for reducing Postgres serialization errors: allow setting transaction isolation level. Contributed by Nick @ Beeper. ([\#11799](matrix-org/synapse#11799), [\#11847](matrix-org/synapse#11847))
- Docker: skip the initial amd64-only build and go straight to multiarch. ([\#11810](matrix-org/synapse#11810))
- Run Complement on the Github Actions VM and not inside a Docker container. ([\#11811](matrix-org/synapse#11811))
- Log module names at startup. ([\#11813](matrix-org/synapse#11813))
- Improve type safety of bundled aggregations code. ([\#11815](matrix-org/synapse#11815))
- Correct a type annotation in the event validation logic. ([\#11817](matrix-org/synapse#11817), [\#11830](matrix-org/synapse#11830))
- Minor updates and documentation for database schema delta files. ([\#11823](matrix-org/synapse#11823))
- Workaround a type annotation problem in `prometheus_client` 0.13.0. ([\#11834](matrix-org/synapse#11834))
- Minor performance improvement in room state lookup. ([\#11836](matrix-org/synapse#11836))
- Fix some indentation inconsistencies in the sample config. ([\#11838](matrix-org/synapse#11838))
- Add type hints to `tests/rest/admin`. ([\#11851](matrix-org/synapse#11851))
Fizzadar pushed a commit to Fizzadar/synapse that referenced this pull request Mar 7, 2022
Synapse 1.52.0 (2022-02-08)
===========================

No significant changes since 1.52.0rc1.

During the making of this release, the developers of Twisted have released
[Twisted 22.1.0](https://github.com/twisted/twisted/releases/tag/twisted-22.1.0), which
fixes [a security issue](GHSA-92x2-jw7w-xvvx)
within Twisted. We do not believe Synapse to be vulnerable to any security problem caused
by this issue, though we advise server administrators to update their local version of
Twisted if they can.

Synapse 1.52.0rc1 (2022-02-01)
==============================

Features
--------

- Remove account data (including client config, push rules and ignored users) upon user deactivation. ([\matrix-org#11621](matrix-org#11621), [\matrix-org#11788](matrix-org#11788), [\matrix-org#11789](matrix-org#11789))
- Add an admin API to reset connection timeouts for remote server. ([\matrix-org#11639](matrix-org#11639))
- Add an admin API to get a list of rooms that federate with a given remote homeserver. ([\matrix-org#11658](matrix-org#11658))
- Add a config flag to inhibit `M_USER_IN_USE` during registration. ([\matrix-org#11743](matrix-org#11743))
- Add a module callback to set username at registration. ([\matrix-org#11790](matrix-org#11790))
- Allow configuring a maximum file size as well as a list of allowed content types for avatars. ([\matrix-org#11846](matrix-org#11846))

Bugfixes
--------

- Include the bundled aggregations in the `/sync` response, per [MSC2675](matrix-org/matrix-spec-proposals#2675). ([\matrix-org#11612](matrix-org#11612))
- Fix a long-standing bug when previewing Reddit URLs which do not contain an image. ([\matrix-org#11767](matrix-org#11767))
- Fix a long-standing bug that media streams could cause long-lived connections when generating URL previews. ([\matrix-org#11784](matrix-org#11784))
- Include a `prev_content` field in state events sent to Application Services. Contributed by @totallynotvaishnav. ([\matrix-org#11798](matrix-org#11798))
- Fix a bug introduced in Synapse 0.33.3 causing requests to sometimes log strings such as `HTTPStatus.OK` instead of integer status codes. ([\matrix-org#11827](matrix-org#11827))

Improved Documentation
----------------------

- Update pypi installation docs to indicate that we now support Python 3.10. ([\matrix-org#11820](matrix-org#11820))
- Add missing steps to the contribution submission process in the documentation.  Contributed by @sequentialread. ([\matrix-org#11821](matrix-org#11821))
- Remove not needed old table of contents in documentation. ([\matrix-org#11860](matrix-org#11860))
- Consolidate the `access_token` information at the top of each relevant page in the Admin API documentation. ([\matrix-org#11861](matrix-org#11861))

Deprecations and Removals
-------------------------

- Drop support for Python 3.6, which is EOL. ([\matrix-org#11683](matrix-org#11683))
- Remove the `experimental_msc1849_support_enabled` flag as the features are now stable. ([\matrix-org#11843](matrix-org#11843))

Internal Changes
----------------

- Preparation for database schema simplifications: add `state_key` and `rejection_reason` columns to `events` table. ([\matrix-org#11792](matrix-org#11792))
- Add `FrozenEvent.get_state_key` and use it in a couple of places. ([\matrix-org#11793](matrix-org#11793))
- Preparation for database schema simplifications: stop reading from `event_reference_hashes`. ([\matrix-org#11794](matrix-org#11794))
- Drop unused table `public_room_list_stream`. ([\matrix-org#11795](matrix-org#11795))
- Preparation for reducing Postgres serialization errors: allow setting transaction isolation level. Contributed by Nick @ Beeper. ([\matrix-org#11799](matrix-org#11799), [\matrix-org#11847](matrix-org#11847))
- Docker: skip the initial amd64-only build and go straight to multiarch. ([\matrix-org#11810](matrix-org#11810))
- Run Complement on the Github Actions VM and not inside a Docker container. ([\matrix-org#11811](matrix-org#11811))
- Log module names at startup. ([\matrix-org#11813](matrix-org#11813))
- Improve type safety of bundled aggregations code. ([\matrix-org#11815](matrix-org#11815))
- Correct a type annotation in the event validation logic. ([\matrix-org#11817](matrix-org#11817), [\matrix-org#11830](matrix-org#11830))
- Minor updates and documentation for database schema delta files. ([\matrix-org#11823](matrix-org#11823))
- Workaround a type annotation problem in `prometheus_client` 0.13.0. ([\matrix-org#11834](matrix-org#11834))
- Minor performance improvement in room state lookup. ([\matrix-org#11836](matrix-org#11836))
- Fix some indentation inconsistencies in the sample config. ([\matrix-org#11838](matrix-org#11838))
- Add type hints to `tests/rest/admin`. ([\matrix-org#11851](matrix-org#11851))
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Z-Time-Tracked Element employees should track their time spent on this issue/PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants