From 1d03cfa165a01f331f750e31cd07cee8175372b3 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 24 Jan 2024 13:01:39 +0000 Subject: [PATCH 01/12] An federation whitelist query endpoint extension --- .../configuration/config_documentation.md | 31 +++++++++ synapse/config/_base.pyi | 2 + synapse/config/extensions.py | 29 ++++++++ synapse/config/homeserver.py | 2 + synapse/rest/synapse/client/__init__.py | 4 ++ .../synapse/client/federation_whitelist.py | 67 +++++++++++++++++++ 6 files changed, 135 insertions(+) create mode 100644 synapse/config/extensions.py create mode 100644 synapse/rest/synapse/client/federation_whitelist.py diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index 638a459ed52..7c25f286c1d 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -4541,3 +4541,34 @@ background_updates: min_batch_size: 10 default_batch_size: 50 ``` + + +--- +## Extension features +Configuration for extension features for Synapse + +--- +### `extension_federation_whitelist_endpoint` + +Enables an endpoint for fetching the federation whitelist config. + +The request path is `/_synapse/client/config/federation_whitelist`, and the +response format is: + +```json +{ + "whitelist_enabled": true, // Whether there is a federation whitelist + "whitelist": [ // Which hosts are allowed by the whitelist + "example.com" + ] +} +``` + +If `whitelist_enabled` is `false` then the server can federate with all others. + +The endpoint requires authentication. + +Example configuration: +```yaml +extension_federation_whitelist_endpoint: true +``` diff --git a/synapse/config/_base.pyi b/synapse/config/_base.pyi index fc51aed2345..9ce32ad88ee 100644 --- a/synapse/config/_base.pyi +++ b/synapse/config/_base.pyi @@ -31,6 +31,7 @@ from synapse.config import ( # noqa: F401 database, emailconfig, experimental, + extensions, federation, jwt, key, @@ -120,6 +121,7 @@ class RootConfig: federation: federation.FederationConfig retention: retention.RetentionConfig background_updates: background_updates.BackgroundUpdateConfig + extensions: extensions.ExtensionsConfig config_classes: List[Type["Config"]] = ... config_files: List[str] diff --git a/synapse/config/extensions.py b/synapse/config/extensions.py new file mode 100644 index 00000000000..02cc0511168 --- /dev/null +++ b/synapse/config/extensions.py @@ -0,0 +1,29 @@ +# +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# + +from typing import Any + +from synapse.config._base import Config +from synapse.types import JsonDict + + +class ExtensionsConfig(Config): + """Config section for enabling extension features""" + + section = "extensions" + + def read_config(self, config: JsonDict, **kwargs: Any) -> None: + self.federation_whitelist_endpoint: bool = config.get( + "extension_federation_whitelist_endpoint", False + ) diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index 72e93ed04f8..0532bcb80a3 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -31,6 +31,7 @@ from .database import DatabaseConfig from .emailconfig import EmailConfig from .experimental import ExperimentalConfig +from .extensions import ExtensionsConfig from .federation import FederationConfig from .jwt import JWTConfig from .key import KeyConfig @@ -105,4 +106,5 @@ class HomeServerConfig(RootConfig): RedisConfig, ExperimentalConfig, BackgroundUpdateConfig, + ExtensionsConfig, ] diff --git a/synapse/rest/synapse/client/__init__.py b/synapse/rest/synapse/client/__init__.py index 31544867d4a..c58c2c0b340 100644 --- a/synapse/rest/synapse/client/__init__.py +++ b/synapse/rest/synapse/client/__init__.py @@ -23,6 +23,7 @@ from twisted.web.resource import Resource +from synapse.rest.synapse.client.federation_whitelist import FederationWhitelistResource from synapse.rest.synapse.client.new_user_consent import NewUserConsentResource from synapse.rest.synapse.client.pick_idp import PickIdpResource from synapse.rest.synapse.client.pick_username import pick_username_resource @@ -76,6 +77,9 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc # To be removed in Synapse v1.32.0. resources["/_matrix/saml2"] = res + if hs.config.extensions.federation_whitelist_endpoint: + resources[FederationWhitelistResource.PATH] = FederationWhitelistResource(hs) + return resources diff --git a/synapse/rest/synapse/client/federation_whitelist.py b/synapse/rest/synapse/client/federation_whitelist.py new file mode 100644 index 00000000000..ac650610eab --- /dev/null +++ b/synapse/rest/synapse/client/federation_whitelist.py @@ -0,0 +1,67 @@ +# +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2024 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# + +import logging +from typing import TYPE_CHECKING, Tuple + +from synapse.http.server import DirectServeJsonResource +from synapse.http.site import SynapseRequest +from synapse.types import JsonDict + +if TYPE_CHECKING: + from synapse.server import HomeServer + +logger = logging.getLogger(__name__) + + +class FederationWhitelistResource(DirectServeJsonResource): + """Custom endpoint (disabled by default) to fetch the federation whitelist + config. + + Only enabled if `federation_whitelist_endpoint` extension feature is + enabled. + + Response format: + + { + "whitelist_enabled": true, // Whether there is a federation whitelist + "whitelist": [ // Which hosts are allowed by the whitelist + "example.com" + ] + } + """ + + PATH = "/_synapse/client/config/federation_whitelist" + + def __init__(self, hs: "HomeServer"): + super().__init__() + + self._federation_whitelist = hs.config.federation.federation_domain_whitelist + + self._auth = hs.get_auth() + + async def _async_render_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: + await self._auth.get_user_by_req(request) + + whitelist = [] + if self._federation_whitelist: + # federation_whitelist is actually a dict, not a list + whitelist = list(self._federation_whitelist) + + return_dict: JsonDict = { + "whitelist_enabled": self._federation_whitelist is not None, + "whitelist": whitelist, + } + + return 200, return_dict From 8653451cd7c6fa8e4983aaddb4fe77985443ba06 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 24 Jan 2024 13:08:42 +0000 Subject: [PATCH 02/12] Newsfile --- changelog.d/16848.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/16848.feature diff --git a/changelog.d/16848.feature b/changelog.d/16848.feature new file mode 100644 index 00000000000..829a0bce0f5 --- /dev/null +++ b/changelog.d/16848.feature @@ -0,0 +1 @@ +Add an extension feature that allows clients to query the configured federation whitelist. Disabled by default. From d4c12700b9ead03ae08771e9471443424cb7b1c6 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 24 Jan 2024 14:54:46 +0000 Subject: [PATCH 03/12] Add tests --- tests/rest/synapse/__init__.py | 12 +++ tests/rest/synapse/client/__init__.py | 12 +++ .../client/test_federation_whitelist.py | 95 +++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 tests/rest/synapse/__init__.py create mode 100644 tests/rest/synapse/client/__init__.py create mode 100644 tests/rest/synapse/client/test_federation_whitelist.py diff --git a/tests/rest/synapse/__init__.py b/tests/rest/synapse/__init__.py new file mode 100644 index 00000000000..e5138f67e12 --- /dev/null +++ b/tests/rest/synapse/__init__.py @@ -0,0 +1,12 @@ +# +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2024 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . diff --git a/tests/rest/synapse/client/__init__.py b/tests/rest/synapse/client/__init__.py new file mode 100644 index 00000000000..e5138f67e12 --- /dev/null +++ b/tests/rest/synapse/client/__init__.py @@ -0,0 +1,12 @@ +# +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2024 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . diff --git a/tests/rest/synapse/client/test_federation_whitelist.py b/tests/rest/synapse/client/test_federation_whitelist.py new file mode 100644 index 00000000000..0363ad9694c --- /dev/null +++ b/tests/rest/synapse/client/test_federation_whitelist.py @@ -0,0 +1,95 @@ +# +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2024 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . + +from typing import Dict + +from twisted.web.resource import Resource + +from synapse.rest import admin +from synapse.rest.client import login +from synapse.rest.synapse.client import build_synapse_client_resource_tree + +from tests import unittest + + +class FederationWhitelistTests(unittest.HomeserverTestCase): + servlets = [ + admin.register_servlets_for_client_rest_resource, + login.register_servlets, + ] + + def create_resource_dict(self) -> Dict[str, Resource]: + base = super().create_resource_dict() + base.update(build_synapse_client_resource_tree(self.hs)) + return base + + def test_default(self) -> None: + "By default the endpoint should 404" + channel = self.make_request( + "GET", "/_synapse/client/config/federation_whitelist", shorthand=False + ) + + self.assertEqual(channel.code, 404) + + @unittest.override_config({"extension_federation_whitelist_endpoint": True}) + def test_no_auth(self) -> None: + "Endpoint requires auth when enabled" + + channel = self.make_request( + "GET", "/_synapse/client/config/federation_whitelist", shorthand=False + ) + + self.assertEqual(channel.code, 401) + + @unittest.override_config({"extension_federation_whitelist_endpoint": True}) + def test_no_whitelist(self) -> None: + "Test when there is no whitelist configured" + + self.register_user("user", "password") + tok = self.login("user", "password") + + channel = self.make_request( + "GET", + "/_synapse/client/config/federation_whitelist", + shorthand=False, + access_token=tok, + ) + + self.assertEqual(channel.code, 200) + self.assertEqual( + channel.json_body, {"whitelist_enabled": False, "whitelist": []} + ) + + @unittest.override_config( + { + "extension_federation_whitelist_endpoint": True, + "federation_domain_whitelist": ["example.com"], + } + ) + def test_whitelist(self) -> None: + "Test when there is a whitelist configured" + + self.register_user("user", "password") + tok = self.login("user", "password") + + channel = self.make_request( + "GET", + "/_synapse/client/config/federation_whitelist", + shorthand=False, + access_token=tok, + ) + + self.assertEqual(channel.code, 200) + self.assertEqual( + channel.json_body, {"whitelist_enabled": True, "whitelist": ["example.com"]} + ) From da1b7b904971c42dda57c2dee10ee9dd65a0281b Mon Sep 17 00:00:00 2001 From: devonh Date: Tue, 7 May 2024 15:33:38 +0000 Subject: [PATCH 04/12] Update docs/usage/configuration/config_documentation.md Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> --- docs/usage/configuration/config_documentation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index 9c193342e9b..aa3bed07ce1 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -4562,8 +4562,8 @@ response format is: ```json { - "whitelist_enabled": true, // Whether there is a federation whitelist - "whitelist": [ // Which hosts are allowed by the whitelist + "whitelist_enabled": true, // Whether the federation whitelist is being enforced + "whitelist": [ // Which server names are allowed by the whitelist "example.com" ] } From 2ec7a550973d895c9d448d2ba3c15b24d2528901 Mon Sep 17 00:00:00 2001 From: devonh Date: Tue, 7 May 2024 15:33:47 +0000 Subject: [PATCH 05/12] Update docs/usage/configuration/config_documentation.md Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> --- docs/usage/configuration/config_documentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index aa3bed07ce1..eac41885df1 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -4557,7 +4557,7 @@ Configuration for extension features for Synapse Enables an endpoint for fetching the federation whitelist config. -The request path is `/_synapse/client/config/federation_whitelist`, and the +The request method and path is `GET /_synapse/client/config/federation_whitelist`, and the response format is: ```json From d9aa8a9be3a23587dde3cc161974b7cd14540375 Mon Sep 17 00:00:00 2001 From: devonh Date: Tue, 7 May 2024 15:34:05 +0000 Subject: [PATCH 06/12] Update docs/usage/configuration/config_documentation.md Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> --- docs/usage/configuration/config_documentation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index eac41885df1..876f479542f 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -4569,7 +4569,7 @@ response format is: } ``` -If `whitelist_enabled` is `false` then the server can federate with all others. +If `whitelist_enabled` is `false` then the server is permitted to federate with all others. The endpoint requires authentication. From 1829e4a632e4d7b05b53a075f64d63f4e90e6343 Mon Sep 17 00:00:00 2001 From: devonh Date: Tue, 7 May 2024 15:34:21 +0000 Subject: [PATCH 07/12] Update tests/rest/synapse/client/test_federation_whitelist.py Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> --- tests/rest/synapse/client/test_federation_whitelist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/rest/synapse/client/test_federation_whitelist.py b/tests/rest/synapse/client/test_federation_whitelist.py index 0363ad9694c..4df529ab0f0 100644 --- a/tests/rest/synapse/client/test_federation_whitelist.py +++ b/tests/rest/synapse/client/test_federation_whitelist.py @@ -34,7 +34,7 @@ def create_resource_dict(self) -> Dict[str, Resource]: return base def test_default(self) -> None: - "By default the endpoint should 404" + "If the config option is not enabled, the endpoint should 404" channel = self.make_request( "GET", "/_synapse/client/config/federation_whitelist", shorthand=False ) From a70d14fa1529ebc159b005c301a0403773a540ea Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 7 May 2024 09:30:58 -0600 Subject: [PATCH 08/12] Add fed whitelist test that filters duplicates --- .../client/test_federation_whitelist.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/rest/synapse/client/test_federation_whitelist.py b/tests/rest/synapse/client/test_federation_whitelist.py index 4df529ab0f0..fa07e095630 100644 --- a/tests/rest/synapse/client/test_federation_whitelist.py +++ b/tests/rest/synapse/client/test_federation_whitelist.py @@ -93,3 +93,27 @@ def test_whitelist(self) -> None: self.assertEqual( channel.json_body, {"whitelist_enabled": True, "whitelist": ["example.com"]} ) + + @unittest.override_config( + { + "extension_federation_whitelist_endpoint": True, + "federation_domain_whitelist": ["example.com", "example.com"], + } + ) + def test_whitelist_no_duplicates(self) -> None: + "Test when there is a whitelist configured with duplicates, no duplicates are returned" + + self.register_user("user", "password") + tok = self.login("user", "password") + + channel = self.make_request( + "GET", + "/_synapse/client/config/federation_whitelist", + shorthand=False, + access_token=tok, + ) + + self.assertEqual(channel.code, 200) + self.assertEqual( + channel.json_body, {"whitelist_enabled": True, "whitelist": ["example.com"]} + ) From 77bd7b2107e437a36e7f7615bb8c5c328aa8f98d Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Tue, 7 May 2024 09:34:53 -0600 Subject: [PATCH 09/12] Update fed whitelist docstring for clarity --- synapse/rest/synapse/client/federation_whitelist.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse/rest/synapse/client/federation_whitelist.py b/synapse/rest/synapse/client/federation_whitelist.py index ac650610eab..c80ecbf89f4 100644 --- a/synapse/rest/synapse/client/federation_whitelist.py +++ b/synapse/rest/synapse/client/federation_whitelist.py @@ -35,8 +35,8 @@ class FederationWhitelistResource(DirectServeJsonResource): Response format: { - "whitelist_enabled": true, // Whether there is a federation whitelist - "whitelist": [ // Which hosts are allowed by the whitelist + "whitelist_enabled": true, // Whether the federation whitelist is being enforced + "whitelist": [ // Which server names are allowed by the whitelist "example.com" ] } From 75a3ec2409b1ccf4bfa500c1f2dc48ab0d32fb6a Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Thu, 9 May 2024 12:27:20 -0600 Subject: [PATCH 10/12] Move config option under federation --- .../configuration/config_documentation.md | 56 +++++++++---------- synapse/config/_base.pyi | 2 - synapse/config/extensions.py | 29 ---------- synapse/config/federation.py | 4 ++ synapse/config/homeserver.py | 2 - synapse/rest/synapse/client/__init__.py | 2 +- .../client/test_federation_whitelist.py | 8 +-- 7 files changed, 34 insertions(+), 69 deletions(-) delete mode 100644 synapse/config/extensions.py diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index 876f479542f..d8818b936b4 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -1232,6 +1232,31 @@ federation_domain_whitelist: - syd.example.com ``` --- +### `federation_whitelist_endpoint_enabled` + +Enables an endpoint for fetching the federation whitelist config. + +The request method and path is `GET /_synapse/client/config/federation_whitelist`, and the +response format is: + +```json +{ + "whitelist_enabled": true, // Whether the federation whitelist is being enforced + "whitelist": [ // Which server names are allowed by the whitelist + "example.com" + ] +} +``` + +If `whitelist_enabled` is `false` then the server is permitted to federate with all others. + +The endpoint requires authentication. + +Example configuration: +```yaml +federation_whitelist_endpoint_enabled: true +``` +--- ### `federation_metrics_domains` Report prometheus metrics on the age of PDUs being sent to and received from @@ -4546,34 +4571,3 @@ background_updates: min_batch_size: 10 default_batch_size: 50 ``` - - ---- -## Extension features -Configuration for extension features for Synapse - ---- -### `extension_federation_whitelist_endpoint` - -Enables an endpoint for fetching the federation whitelist config. - -The request method and path is `GET /_synapse/client/config/federation_whitelist`, and the -response format is: - -```json -{ - "whitelist_enabled": true, // Whether the federation whitelist is being enforced - "whitelist": [ // Which server names are allowed by the whitelist - "example.com" - ] -} -``` - -If `whitelist_enabled` is `false` then the server is permitted to federate with all others. - -The endpoint requires authentication. - -Example configuration: -```yaml -extension_federation_whitelist_endpoint: true -``` diff --git a/synapse/config/_base.pyi b/synapse/config/_base.pyi index 9ce32ad88ee..fc51aed2345 100644 --- a/synapse/config/_base.pyi +++ b/synapse/config/_base.pyi @@ -31,7 +31,6 @@ from synapse.config import ( # noqa: F401 database, emailconfig, experimental, - extensions, federation, jwt, key, @@ -121,7 +120,6 @@ class RootConfig: federation: federation.FederationConfig retention: retention.RetentionConfig background_updates: background_updates.BackgroundUpdateConfig - extensions: extensions.ExtensionsConfig config_classes: List[Type["Config"]] = ... config_files: List[str] diff --git a/synapse/config/extensions.py b/synapse/config/extensions.py deleted file mode 100644 index 02cc0511168..00000000000 --- a/synapse/config/extensions.py +++ /dev/null @@ -1,29 +0,0 @@ -# -# This file is licensed under the Affero General Public License (AGPL) version 3. -# -# Copyright (C) 2023 New Vector, Ltd -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# See the GNU Affero General Public License for more details: -# . -# - -from typing import Any - -from synapse.config._base import Config -from synapse.types import JsonDict - - -class ExtensionsConfig(Config): - """Config section for enabling extension features""" - - section = "extensions" - - def read_config(self, config: JsonDict, **kwargs: Any) -> None: - self.federation_whitelist_endpoint: bool = config.get( - "extension_federation_whitelist_endpoint", False - ) diff --git a/synapse/config/federation.py b/synapse/config/federation.py index 9032effac39..cf29fa25624 100644 --- a/synapse/config/federation.py +++ b/synapse/config/federation.py @@ -42,6 +42,10 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None: for domain in federation_domain_whitelist: self.federation_domain_whitelist[domain] = True + self.federation_whitelist_endpoint_enabled = config.get( + "federation_whitelist_endpoint_enabled", False + ) + federation_metrics_domains = config.get("federation_metrics_domains") or [] validate_config( _METRICS_FOR_DOMAINS_SCHEMA, diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py index 0532bcb80a3..72e93ed04f8 100644 --- a/synapse/config/homeserver.py +++ b/synapse/config/homeserver.py @@ -31,7 +31,6 @@ from .database import DatabaseConfig from .emailconfig import EmailConfig from .experimental import ExperimentalConfig -from .extensions import ExtensionsConfig from .federation import FederationConfig from .jwt import JWTConfig from .key import KeyConfig @@ -106,5 +105,4 @@ class HomeServerConfig(RootConfig): RedisConfig, ExperimentalConfig, BackgroundUpdateConfig, - ExtensionsConfig, ] diff --git a/synapse/rest/synapse/client/__init__.py b/synapse/rest/synapse/client/__init__.py index 4ed8aee37d3..7b5bfc0421e 100644 --- a/synapse/rest/synapse/client/__init__.py +++ b/synapse/rest/synapse/client/__init__.py @@ -78,7 +78,7 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc # To be removed in Synapse v1.32.0. resources["/_matrix/saml2"] = res - if hs.config.extensions.federation_whitelist_endpoint: + if hs.config.federation.federation_whitelist_endpoint_enabled: resources[FederationWhitelistResource.PATH] = FederationWhitelistResource(hs) if hs.config.experimental.msc4108_enabled: diff --git a/tests/rest/synapse/client/test_federation_whitelist.py b/tests/rest/synapse/client/test_federation_whitelist.py index fa07e095630..b872482a131 100644 --- a/tests/rest/synapse/client/test_federation_whitelist.py +++ b/tests/rest/synapse/client/test_federation_whitelist.py @@ -41,7 +41,7 @@ def test_default(self) -> None: self.assertEqual(channel.code, 404) - @unittest.override_config({"extension_federation_whitelist_endpoint": True}) + @unittest.override_config({"federation_whitelist_endpoint_enabled": True}) def test_no_auth(self) -> None: "Endpoint requires auth when enabled" @@ -51,7 +51,7 @@ def test_no_auth(self) -> None: self.assertEqual(channel.code, 401) - @unittest.override_config({"extension_federation_whitelist_endpoint": True}) + @unittest.override_config({"federation_whitelist_endpoint_enabled": True}) def test_no_whitelist(self) -> None: "Test when there is no whitelist configured" @@ -72,7 +72,7 @@ def test_no_whitelist(self) -> None: @unittest.override_config( { - "extension_federation_whitelist_endpoint": True, + "federation_whitelist_endpoint_enabled": True, "federation_domain_whitelist": ["example.com"], } ) @@ -96,7 +96,7 @@ def test_whitelist(self) -> None: @unittest.override_config( { - "extension_federation_whitelist_endpoint": True, + "federation_whitelist_endpoint_enabled": True, "federation_domain_whitelist": ["example.com", "example.com"], } ) From 320fb3e67382b0667f1ee4cc3018c8caf420f0b4 Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Fri, 10 May 2024 08:36:04 -0600 Subject: [PATCH 11/12] Version federation whitelist endpoint --- synapse/rest/synapse/client/federation_whitelist.py | 2 +- tests/rest/synapse/client/test_federation_whitelist.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/synapse/rest/synapse/client/federation_whitelist.py b/synapse/rest/synapse/client/federation_whitelist.py index c80ecbf89f4..2b96178216d 100644 --- a/synapse/rest/synapse/client/federation_whitelist.py +++ b/synapse/rest/synapse/client/federation_whitelist.py @@ -42,7 +42,7 @@ class FederationWhitelistResource(DirectServeJsonResource): } """ - PATH = "/_synapse/client/config/federation_whitelist" + PATH = "/_synapse/client/v1/config/federation_whitelist" def __init__(self, hs: "HomeServer"): super().__init__() diff --git a/tests/rest/synapse/client/test_federation_whitelist.py b/tests/rest/synapse/client/test_federation_whitelist.py index b872482a131..f0067a8f2bf 100644 --- a/tests/rest/synapse/client/test_federation_whitelist.py +++ b/tests/rest/synapse/client/test_federation_whitelist.py @@ -36,7 +36,7 @@ def create_resource_dict(self) -> Dict[str, Resource]: def test_default(self) -> None: "If the config option is not enabled, the endpoint should 404" channel = self.make_request( - "GET", "/_synapse/client/config/federation_whitelist", shorthand=False + "GET", "/_synapse/client/v1/config/federation_whitelist", shorthand=False ) self.assertEqual(channel.code, 404) @@ -46,7 +46,7 @@ def test_no_auth(self) -> None: "Endpoint requires auth when enabled" channel = self.make_request( - "GET", "/_synapse/client/config/federation_whitelist", shorthand=False + "GET", "/_synapse/client/v1/config/federation_whitelist", shorthand=False ) self.assertEqual(channel.code, 401) @@ -60,7 +60,7 @@ def test_no_whitelist(self) -> None: channel = self.make_request( "GET", - "/_synapse/client/config/federation_whitelist", + "/_synapse/client/v1/config/federation_whitelist", shorthand=False, access_token=tok, ) @@ -84,7 +84,7 @@ def test_whitelist(self) -> None: channel = self.make_request( "GET", - "/_synapse/client/config/federation_whitelist", + "/_synapse/client/v1/config/federation_whitelist", shorthand=False, access_token=tok, ) @@ -108,7 +108,7 @@ def test_whitelist_no_duplicates(self) -> None: channel = self.make_request( "GET", - "/_synapse/client/config/federation_whitelist", + "/_synapse/client/v1/config/federation_whitelist", shorthand=False, access_token=tok, ) From e3794aded838ec7cc96b65dde14ec186ea15624d Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 13 May 2024 13:13:02 -0600 Subject: [PATCH 12/12] Remove reference to extension feature --- changelog.d/16848.feature | 2 +- synapse/rest/synapse/client/federation_whitelist.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/changelog.d/16848.feature b/changelog.d/16848.feature index 829a0bce0f5..1a72bad013e 100644 --- a/changelog.d/16848.feature +++ b/changelog.d/16848.feature @@ -1 +1 @@ -Add an extension feature that allows clients to query the configured federation whitelist. Disabled by default. +Add a feature that allows clients to query the configured federation whitelist. Disabled by default. diff --git a/synapse/rest/synapse/client/federation_whitelist.py b/synapse/rest/synapse/client/federation_whitelist.py index 2b96178216d..2b8f0320e0e 100644 --- a/synapse/rest/synapse/client/federation_whitelist.py +++ b/synapse/rest/synapse/client/federation_whitelist.py @@ -29,8 +29,7 @@ class FederationWhitelistResource(DirectServeJsonResource): """Custom endpoint (disabled by default) to fetch the federation whitelist config. - Only enabled if `federation_whitelist_endpoint` extension feature is - enabled. + Only enabled if `federation_whitelist_endpoint_enabled` feature is enabled. Response format: