This fixes the behaviour to match what synapse implements in practice.
If you use threepidCreds, you will just get an error about a missing
threepid_creds field. Synapse also treats this as an object. All clients
also seem to send threepid_creds, if they work on Synapse. Since
matrix.org requires an email currently for registration, most clients
that implement registration, will hit this issue.
a0f48ee89d/synapse/handlers/ui_auth/checkers.py (L145)fixes#3156fixes#2189
Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
* Fully specify room versions
* Misc typo clarifications
* Try to clarify redactions a bit
* Update content/client-server-api/_index.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update content/rooms/v6.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update content/rooms/v6.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Better describe client considerations
* Doc template params
* Move redaction "new stuff" to v3
* Remove unhelpful sentences about "here follows unchanged stuff"
* Simplify event signing text
* Clean up handling redactions sections
* Move v4's event schema to unchanged section
* Update content/rooms/v4.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Spaces Summary
* MSC2946
* Clarity
* More clarity
* Clarify what no room data means for clients
* Federation API
* Update 2946-spaces-summary.md
* auto_join filter
* Blurb on auth for fed api
* Update to reflect MSC1772 changes
* Mention auth chain on federation api
* Add 'version' field
* Stripped state; remove room versions
* Update 2946-spaces-summary.md
* Update proposals/2946-spaces-summary.md
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Replace with link to draft doc.
* Add a preamble and copy the current draft API.
* Switch to using stable identifiers (and add an unstable identifiers section).
* Updates / clarifications.
* Fix typo.
* Clean-ups.
* Update proposals/2946-spaces-summary.md
Co-authored-by: Travis Ralston <travpc@gmail.com>
* Drop unstable identifiers from MSC1772.
* Various updates and clarifications.
* Include the origin_server_ts in the response, as needed by MSC1772.
* Rename a parameter for clarity.
* Fix typo.
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
* Various clarifications based on feedback.
* Add auth / rate-limiting info.
* Combine some double spaces.
* Use only GET endpoints.
* Add notes about DoS potential.
* Tweaks from review.
* Add context about why stripped events are returned.
* Remove some implementation details.
* Add notes on ordering.
* Remove unnecessary data.
* Clarify the server-server API.
* More clarifications.
* Remove obsolete note.
* Some clarifications to what accessible means.
* Update notes about sorting to include the origin_server_ts of the m.space.child event.
This reverts commit af8c7b04d9f87bb2c4292a549b7db36ae6ef2324.
* Only consider `m.space` rooms and do not return links to nowhere.
* Updates based on MSC3173 merging and updates to MSC3083.
* Updates per MSC2403.
* Remove field which is not part of the C-S API.
* Rewrite the proposal.
* Handle todo comments.
* Update URLs.
* Rename field.
* Updates based on implementation.
* Clarify the state which is persisted.
* Expand notes about errors.
* Update MSC with pagination parameter.
* Fix wrong endpoint.
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
* Clarifications based on implementation.
* Remove empty section.
* Fix typo.
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Rename field in example.
* Clarify error code.
* Clarify ordering changes.
* Clarify wording.
Co-authored-by: Travis Ralston <travisr@matrix.org>
* Fix typos.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Clarify that rooms do not belong to servers.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Fix example to use correct URL.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Clarify using local vs. remote data.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Clarify bits aboud stripped state.
* Clarify access control of federation responses.
* Clarify error code.
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Be less prescriptive about expiring data.
* Limit must be non-zero.
Co-authored-by: Travis Ralston <travisr@matrix.org>
* Rate limiting.
Co-authored-by: Travis Ralston <travisr@matrix.org>
* Add a note about room upgrades.
* Update stable URLs per MSC2844.
* Clarify federation return values.
* Clarify `origin_server_ts`.
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Tweak wording around `inaccessible_children`.
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <richard@matrix.org>
Co-authored-by: Patrick Cloke <patrickc@matrix.org>
Co-authored-by: Matthew Hodgson <matthew@matrix.org>
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Travis Ralston <travisr@matrix.org>
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Build release tags of the spec
* Update .github/workflows/main.yml
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Move historical (future old) job out to its own thing
* Update for new baseurl setup
* Use hugo config overrides instead
* Remove mistakenly re-added matrix.org poke
* Restore npm stuff to main branch representations
* [2] Restore npm stuff to main branch representations
* Update .github/workflows/main.yml
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* add room type in store invite
* update dev identifier purpose
* Added clarification if type not present, and on email generation
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Travis Ralston <travpc@gmail.com>
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Travis Ralston <travpc@gmail.com>
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update proposals/3288-pass_room_type_in_3pid_invite.md
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Update 3288-pass_room_type_in_3pid_invite.md
fix typo
Co-authored-by: Travis Ralston <travpc@gmail.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Remove extra pyprojects and update changelog docs
* Add script for rendering the changelog
* Add docs for how to release the spec
* Move legacy changelogs out of the way
* Inline resolve_references in dump-swagger
Since this is the only bit of the old templating system we still use, let's
inline it.
OrederedLoader and OrderedDict are now redundant, because all dicts in Python
preserve insertion order.
* Remove the old templating system
We've now replaced the old templates with hugo, so we can get rid of this mess.
PyYAML 6.0 was released yesterday, and it finally drops support for `yaml.load`
without a `loader` argument, which has been deprecated since 2017.
We don't use any fancy yaml objects, so `safe_load` should be fine.
* Introduce a new "added-in" template and use it on endpoints
* Use "added-in" on schema properties too
* Annotate sections of the spec with their added versions
* Demo of "added-in" on a room version (to be fleshed out)
* Use clearer versioning semantics
* Update and fix validator for Swagger custom properties
* Fix docs
* Cut/paste room version spec to its own page
* Move grammar to bottom + add feature matrix
The version grammar is not as interesting as the actual room versions, so this moves that whole section to the bottom.
* Fix all links to room versions
As "unstable" changes and "latest" becomes no more, these sorts of links should be updated to reference the approximate section they intended to reference at the time of writing.
This change tries to link up the relevant bits for the time of the proposal, though it's not a perfect match. Some MSCs were brought into the spec before an API version could be assigned to the "old" text, so github permalinks are used instead.
* Refresh tokens MSC
* MSC2918: minor changes
* MSC2918: access token expiration as milliseconds
* MSC2918: account registration API changes
* MSC2918: fix `expires_in_ms` example
* MSC2918: add precision about token revocation
* MSC2918: specify error codes for the refresh API
* MSC2918: clarify that the change also applies to ASes
* Apply suggestions from code review
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* MSC2918: clarify what problem this MSC solves
* MSC2918: minor formatting and rephrasing
* MSC2918: clarify ratelimiting, masquerading and authentication on refresh token API
* MSC2918: make expires_in_ms/refresh_token optional
* MSC2918: soft logout in refresh token API
* MSC2918: add detailed rationale
While not exhaustive, it outlines a few attack vectors this MSC tries to
mitigate.
* MSC2918: minor fix
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* MSC2918: clarifications on backward compatibility
* MSC2918: advertise support in the request body
* MSC2918: clarify on what happen when token expire
* MSC2918: remove redundant precision about token expiration and lifetime
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* MSC2918: minor clarification
* MSC2918: soft logout when using expired token
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Hubert Chathi <hubert@uhoreg.ca>
* Proposal for token authenticated registration
Signed-off-by: Callum Brown <callum@calcuode.com>
* Hard-wrap lines
Signed-off-by: Callum Brown <callum@calcuode.com>
* Link to released version of spec
Signed-off-by: Callum Brown <callum@calcuode.com>
* Fix unstable prefix wording
Signed-off-by: Callum Brown <callum@calcuode.com>
* Tokens should only be invalidated after registration
Signed-off-by: Callum Brown <callum@calcuode.com>
* Change auth type to m.login.registration_token
This is consistent with the other UIAA auth types, and does not suggest
that other `m.login.*` types cannot be used for registration.
Signed-off-by: Callum Brown <callum@calcuode.com>
* Add proposal for checking the validity of a token
Signed-off-by: Callum Brown <callum@calcuode.com>
* Fix validity checking endpoint
Signed-off-by: Callum Brown <callum@calcuode.com>
* Limit allowed characters and length of token
This allows tokens to be used easily in query parameters
Signed-off-by: Callum Brown <callum@calcuode.com>
* Give reason for limiting token length and chars
Signed-off-by: Callum Brown <callum@calcuode.com>
* Note all stages must be complete for registration
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
* Fix mistake in MSC number
Signed-off-by: Callum Brown <callum@calcuode.com>
* Validity checking should be rate limited
Signed-off-by: Callum Brown <callum@calcuode.com>
* Change v1 to r0
Signed-off-by: Callum Brown <callum@calcuode.com>
* Include `.` and `~` in allowed characters for registration tokens
For consistency with the unreserved URL characters in RFC3986
https://www.ietf.org/rfc/rfc3986.html#section-2.3
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Clarify how redacted_because actually works for events
* changelog
* mention federation
* Fix wording
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
This tweaks the DAG to be simpler, with two linear event chains E4 -> E3
-> E2 -> E1 and E6 -> E5 -> E2 -> E1. The extremities of the DAG are now
the first and only point in the DAG where multiple event parents occur.
Since the point of the diagram is to demonstrate this very situation,
it's better didactically if there is only one such situation in the
diagram.