This commit is contained in:
MatMaul 2023-09-12 13:23:07 +00:00
parent 684215670f
commit 7f6d1eb5dd
9 changed files with 50 additions and 8 deletions

View file

@ -147,6 +147,7 @@
</div>
<h1 id="account-validity-api"><a class="header" href="#account-validity-api">Account validity API</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows a server administrator to manage the validity of an account. To
use it, you must enable the account validity feature (under
<code>account_validity</code>) in Synapse's configuration.</p>

View file

@ -147,6 +147,7 @@
</div>
<h1 id="shared-secret-registration"><a class="header" href="#shared-secret-registration">Shared-Secret Registration</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows for the creation of users in an administrative and
non-interactive way. This is generally used for bootstrapping a Synapse
instance with administrator accounts.</p>

View file

@ -368,7 +368,7 @@ that contain this value. This parameter is ignored when using the <code>name</co
</li>
<li>
<p><code>guests</code> - string representing a bool - Is optional and if <code>false</code> will <strong>exclude</strong> guest users.
Defaults to <code>true</code> to include guest users.</p>
Defaults to <code>true</code> to include guest users. This parameter is not supported when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
</li>
<li>
<p><code>admins</code> - Optional flag to filter admins. If <code>true</code>, only admins are queried. If <code>false</code>, admins are excluded from
@ -402,6 +402,7 @@ which guarantees a stable ordering. Valid values are:</p>
<li><code>displayname</code> - Users are ordered alphabetically by <code>displayname</code>.</li>
<li><code>avatar_url</code> - Users are ordered alphabetically by avatar URL.</li>
<li><code>creation_ts</code> - Users are ordered by when the users was created in ms.</li>
<li><code>last_seen_ts</code> - Users are ordered by when the user was lastly seen in ms.</li>
</ul>
</li>
<li>
@ -436,6 +437,7 @@ This allows user type specific behaviour. There are also types <code>support</co
<li><code>displayname</code> - string - The user's display name if they have set one.</li>
<li><code>avatar_url</code> - string - The user's avatar URL if they have set one.</li>
<li><code>creation_ts</code> - integer - The user's creation timestamp in ms.</li>
<li><code>last_seen_ts</code> - integer - The user's last activity timestamp in ms.</li>
</ul>
</li>
<li>
@ -537,6 +539,7 @@ is set to <code>true</code>:</p>
<li>Remove user's consent information (consent version and timestamp)</li>
</ul>
<h2 id="reset-password"><a class="header" href="#reset-password">Reset password</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Changes the password of another user. This will automatically log the user out of all their devices.</p>
<p>The api is:</p>
<pre><code>POST /_synapse/admin/v1/reset_password/&lt;user_id&gt;
@ -550,6 +553,7 @@ is set to <code>true</code>:</p>
<p>The parameter <code>new_password</code> is required.
The parameter <code>logout_devices</code> is optional and defaults to <code>true</code>.</p>
<h2 id="get-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#get-whether-a-user-is-a-server-administrator-or-not">Get whether a user is a server administrator or not</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>The api is:</p>
<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/admin
</code></pre>
@ -559,6 +563,7 @@ The parameter <code>logout_devices</code> is optional and defaults to <code>true
}
</code></pre>
<h2 id="change-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#change-whether-a-user-is-a-server-administrator-or-not">Change whether a user is a server administrator or not</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Note that you cannot demote yourself.</p>
<p>The api is:</p>
<pre><code>PUT /_synapse/admin/v1/users/&lt;user_id&gt;/admin
@ -812,6 +817,7 @@ after deleting media the remaining media have a new order.</p>
With the parameters you can for example limit the number of files to delete at once or
delete largest/smallest or newest/oldest files first.</p>
<h2 id="login-as-a-user"><a class="header" href="#login-as-a-user">Login as a user</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Get an access token that can be used to authenticate as that user. Useful for
when admins wish to do actions on behalf of a user.</p>
<p>The API is:</p>

View file

@ -158,7 +158,7 @@ occurring on Tuesdays:</p>
<p>Note that this schedule might be modified depending on the availability of the
Synapse team, e.g. releases may be skipped to avoid holidays.</p>
<p>Release announcements can be found in the
<a href="https://matrix.org/blog/category/releases">release category of the Matrix blog</a>.</p>
<a href="https://matrix.org/category/releases">release category of the Matrix blog</a>.</p>
<h2 id="bugfix-releases"><a class="header" href="#bugfix-releases">Bugfix releases</a></h2>
<p>If a bug is found after release that is deemed severe enough (by a combination
of the impacted users and the impact on those users) then a bugfix release may
@ -175,7 +175,7 @@ immediately before the next release candidate. An example of this might be:</p>
be held to be released together.</p>
<p>In some cases, a pre-disclosure of a security release will be issued as a notice
to Synapse operators that there is an upcoming security release. These can be
found in the <a href="https://matrix.org/blog/category/security">security category of the Matrix blog</a>.</p>
found in the <a href="https://matrix.org/category/security">security category of the Matrix blog</a>.</p>
</main>

View file

@ -6608,6 +6608,7 @@ and then copy the &quot;url&quot; from the source of the event.)</li>
to style the login flow according to the identity provider in question.
See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li>
<li><code>server_url</code>: The URL of the CAS authorization endpoint.</li>
<li><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</li>
<li><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name.
If no name is given here, no displayname will be set.</li>
<li><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes
@ -6620,6 +6621,7 @@ All of the listed attributes must match for the login to be permitted.</li>
<pre><code class="language-yaml">cas_config:
enabled: true
server_url: &quot;https://cas-server.com&quot;
protocol_version: 3
displayname_attribute: name
required_attributes:
userGroup: &quot;staff&quot;
@ -7015,6 +7017,16 @@ normally or via a kick or ban. Defaults to false.</p>
<pre><code class="language-yaml">forget_rooms_on_leave: false
</code></pre>
<hr />
<h3 id="exclude_rooms_from_sync"><a class="header" href="#exclude_rooms_from_sync"><code>exclude_rooms_from_sync</code></a></h3>
<p>A list of rooms to exclude from sync responses. This is useful for server
administrators wishing to group users into a room without these users being able
to see it from their client.</p>
<p>By default, no room is excluded.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">exclude_rooms_from_sync:
- !foo:example.com
</code></pre>
<hr />
<h2 id="opentracing"><a class="header" href="#opentracing">Opentracing</a></h2>
<p>Configuration options related to Opentracing support.</p>
<hr />
@ -11774,6 +11786,7 @@ information from the Admin API.</p>
<p>For more details on access tokens in Matrix, please refer to the complete
<a href="https://matrix.org/docs/spec/client_server/r0.6.1#using-access-tokens">matrix spec documentation</a>.</p>
<div style="break-before: page; page-break-before: always;"></div><h1 id="account-validity-api"><a class="header" href="#account-validity-api">Account validity API</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows a server administrator to manage the validity of an account. To
use it, you must enable the account validity feature (under
<code>account_validity</code>) in Synapse's configuration.</p>
@ -12344,6 +12357,7 @@ a purge id:</p>
<code>VACUUM FULL;</code> on the database.</p>
<p><a href="https://www.postgresql.org/docs/current/sql-vacuum.html">https://www.postgresql.org/docs/current/sql-vacuum.html</a></p>
<div style="break-before: page; page-break-before: always;"></div><h1 id="shared-secret-registration"><a class="header" href="#shared-secret-registration">Shared-Secret Registration</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows for the creation of users in an administrative and
non-interactive way. This is generally used for bootstrapping a Synapse
instance with administrator accounts.</p>
@ -12418,6 +12432,7 @@ def generate_mac(nonce, user, password, admin=False, user_type=None):
return mac.hexdigest()
</code></pre>
<div style="break-before: page; page-break-before: always;"></div><h1 id="registration-tokens"><a class="header" href="#registration-tokens">Registration Tokens</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows you to manage tokens which can be used to authenticate
registration requests, as proposed in
<a href="https://github.com/matrix-org/matrix-doc/blob/main/proposals/3231-token-authenticated-registration.md">MSC3231</a>
@ -13997,7 +14012,7 @@ that contain this value. This parameter is ignored when using the <code>name</co
</li>
<li>
<p><code>guests</code> - string representing a bool - Is optional and if <code>false</code> will <strong>exclude</strong> guest users.
Defaults to <code>true</code> to include guest users.</p>
Defaults to <code>true</code> to include guest users. This parameter is not supported when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
</li>
<li>
<p><code>admins</code> - Optional flag to filter admins. If <code>true</code>, only admins are queried. If <code>false</code>, admins are excluded from
@ -14031,6 +14046,7 @@ which guarantees a stable ordering. Valid values are:</p>
<li><code>displayname</code> - Users are ordered alphabetically by <code>displayname</code>.</li>
<li><code>avatar_url</code> - Users are ordered alphabetically by avatar URL.</li>
<li><code>creation_ts</code> - Users are ordered by when the users was created in ms.</li>
<li><code>last_seen_ts</code> - Users are ordered by when the user was lastly seen in ms.</li>
</ul>
</li>
<li>
@ -14065,6 +14081,7 @@ This allows user type specific behaviour. There are also types <code>support</co
<li><code>displayname</code> - string - The user's display name if they have set one.</li>
<li><code>avatar_url</code> - string - The user's avatar URL if they have set one.</li>
<li><code>creation_ts</code> - integer - The user's creation timestamp in ms.</li>
<li><code>last_seen_ts</code> - integer - The user's last activity timestamp in ms.</li>
</ul>
</li>
<li>
@ -14166,6 +14183,7 @@ is set to <code>true</code>:</p>
<li>Remove user's consent information (consent version and timestamp)</li>
</ul>
<h2 id="reset-password"><a class="header" href="#reset-password">Reset password</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Changes the password of another user. This will automatically log the user out of all their devices.</p>
<p>The api is:</p>
<pre><code>POST /_synapse/admin/v1/reset_password/&lt;user_id&gt;
@ -14179,6 +14197,7 @@ is set to <code>true</code>:</p>
<p>The parameter <code>new_password</code> is required.
The parameter <code>logout_devices</code> is optional and defaults to <code>true</code>.</p>
<h2 id="get-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#get-whether-a-user-is-a-server-administrator-or-not">Get whether a user is a server administrator or not</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>The api is:</p>
<pre><code>GET /_synapse/admin/v1/users/&lt;user_id&gt;/admin
</code></pre>
@ -14188,6 +14207,7 @@ The parameter <code>logout_devices</code> is optional and defaults to <code>true
}
</code></pre>
<h2 id="change-whether-a-user-is-a-server-administrator-or-not"><a class="header" href="#change-whether-a-user-is-a-server-administrator-or-not">Change whether a user is a server administrator or not</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Note that you cannot demote yourself.</p>
<p>The api is:</p>
<pre><code>PUT /_synapse/admin/v1/users/&lt;user_id&gt;/admin
@ -14441,6 +14461,7 @@ after deleting media the remaining media have a new order.</p>
With the parameters you can for example limit the number of files to delete at once or
delete largest/smallest or newest/oldest files first.</p>
<h2 id="login-as-a-user"><a class="header" href="#login-as-a-user">Login as a user</a></h2>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>Get an access token that can be used to authenticate as that user. Useful for
when admins wish to do actions on behalf of a user.</p>
<p>The API is:</p>
@ -16648,7 +16669,7 @@ occurring on Tuesdays:</p>
<p>Note that this schedule might be modified depending on the availability of the
Synapse team, e.g. releases may be skipped to avoid holidays.</p>
<p>Release announcements can be found in the
<a href="https://matrix.org/blog/category/releases">release category of the Matrix blog</a>.</p>
<a href="https://matrix.org/category/releases">release category of the Matrix blog</a>.</p>
<h2 id="bugfix-releases"><a class="header" href="#bugfix-releases">Bugfix releases</a></h2>
<p>If a bug is found after release that is deemed severe enough (by a combination
of the impacted users and the impact on those users) then a bugfix release may
@ -16665,7 +16686,7 @@ immediately before the next release candidate. An example of this might be:</p>
be held to be released together.</p>
<p>In some cases, a pre-disclosure of a security release will be issued as a notice
to Synapse operators that there is an upcoming security release. These can be
found in the <a href="https://matrix.org/blog/category/security">security category of the Matrix blog</a>.</p>
found in the <a href="https://matrix.org/category/security">security category of the Matrix blog</a>.</p>
<div style="break-before: page; page-break-before: always;"></div><h1 id="some-notes-on-how-we-use-git"><a class="header" href="#some-notes-on-how-we-use-git">Some notes on how we use git</a></h1>
<h2 id="on-keeping-the-commit-history-clean"><a class="header" href="#on-keeping-the-commit-history-clean">On keeping the commit history clean</a></h2>
<p>In an ideal world, our git commit history would be a linear progression of

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -147,6 +147,7 @@
</div>
<h1 id="registration-tokens"><a class="header" href="#registration-tokens">Registration Tokens</a></h1>
<p><strong>Note:</strong> This API is disabled when MSC3861 is enabled. <a href="https://github.com/matrix-org/synapse/pull/15582">See #15582</a></p>
<p>This API allows you to manage tokens which can be used to authenticate
registration requests, as proposed in
<a href="https://github.com/matrix-org/matrix-doc/blob/main/proposals/3231-token-authenticated-registration.md">MSC3231</a>

View file

@ -3071,6 +3071,7 @@ and then copy the &quot;url&quot; from the source of the event.)</li>
to style the login flow according to the identity provider in question.
See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li>
<li><code>server_url</code>: The URL of the CAS authorization endpoint.</li>
<li><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</li>
<li><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name.
If no name is given here, no displayname will be set.</li>
<li><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes
@ -3083,6 +3084,7 @@ All of the listed attributes must match for the login to be permitted.</li>
<pre><code class="language-yaml">cas_config:
enabled: true
server_url: &quot;https://cas-server.com&quot;
protocol_version: 3
displayname_attribute: name
required_attributes:
userGroup: &quot;staff&quot;
@ -3478,6 +3480,16 @@ normally or via a kick or ban. Defaults to false.</p>
<pre><code class="language-yaml">forget_rooms_on_leave: false
</code></pre>
<hr />
<h3 id="exclude_rooms_from_sync"><a class="header" href="#exclude_rooms_from_sync"><code>exclude_rooms_from_sync</code></a></h3>
<p>A list of rooms to exclude from sync responses. This is useful for server
administrators wishing to group users into a room without these users being able
to see it from their client.</p>
<p>By default, no room is excluded.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">exclude_rooms_from_sync:
- !foo:example.com
</code></pre>
<hr />
<h2 id="opentracing"><a class="header" href="#opentracing">Opentracing</a></h2>
<p>Configuration options related to Opentracing support.</p>
<hr />