Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Give public_baseurl a default value (#9159)
Browse files Browse the repository at this point in the history
  • Loading branch information
richvdh authored Jan 20, 2021
1 parent fa842a9 commit fa50e4b
Show file tree
Hide file tree
Showing 14 changed files with 48 additions and 83 deletions.
1 change: 1 addition & 0 deletions changelog.d/9159.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Give the `public_baseurl` a default value, if it is not explicitly set in the configuration file.
31 changes: 17 additions & 14 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,16 @@ pid_file: DATADIR/homeserver.pid
#
#web_client_location: https://riot.example.com/

# The public-facing base URL that clients use to access this HS
# (not including _matrix/...). This is the same URL a user would
# enter into the 'custom HS URL' field on their client. If you
# use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy.
# The public-facing base URL that clients use to access this Homeserver (not
# including _matrix/...). This is the same URL a user might enter into the
# 'Custom Homeserver URL' field on their client. If you use Synapse with a
# reverse proxy, this should be the URL to reach Synapse via the proxy.
# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
# 'listeners' below).
#
# If this is left unset, it defaults to 'https://<server_name>/'. (Note that
# that will not work unless you configure Synapse or a reverse-proxy to listen
# on port 443.)
#
#public_baseurl: https://example.com/

Expand Down Expand Up @@ -1150,8 +1155,9 @@ account_validity:
# send an email to the account's email address with a renewal link. By
# default, no such emails are sent.
#
# If you enable this setting, you will also need to fill out the 'email' and
# 'public_baseurl' configuration sections.
# If you enable this setting, you will also need to fill out the 'email'
# configuration section. You should also check that 'public_baseurl' is set
# correctly.
#
#renew_at: 1w

Expand Down Expand Up @@ -1242,8 +1248,7 @@ account_validity:
# The identity server which we suggest that clients should use when users log
# in on this server.
#
# (By default, no suggestion is made, so it is left up to the client.
# This setting is ignored unless public_baseurl is also set.)
# (By default, no suggestion is made, so it is left up to the client.)
#
#default_identity_server: https://matrix.org

Expand All @@ -1268,8 +1273,6 @@ account_validity:
# by the Matrix Identity Service API specification:
# https://matrix.org/docs/spec/identity_service/latest
#
# If a delegate is specified, the config option public_baseurl must also be filled out.
#
account_threepid_delegates:
#email: https://example.com # Delegate email sending to example.com
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
Expand Down Expand Up @@ -1901,9 +1904,9 @@ sso:
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
# The login fallback page (used by clients that don't natively support the
# required login flows) is automatically whitelisted in addition to any URLs
# in this list.
#
# By default, this list is empty.
#
Expand Down
2 changes: 0 additions & 2 deletions synapse/api/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@ def __init__(self, hs_config):
"""
if hs_config.form_secret is None:
raise ConfigError("form_secret not set in config")
if hs_config.public_baseurl is None:
raise ConfigError("public_baseurl not set in config")

self._hmac_secret = hs_config.form_secret.encode("utf-8")
self._public_baseurl = hs_config.public_baseurl
Expand Down
11 changes: 6 additions & 5 deletions synapse/config/_base.py
Original file line number Diff line number Diff line change
Expand Up @@ -252,11 +252,12 @@ def read_templates(
env = jinja2.Environment(loader=loader, autoescape=autoescape)

# Update the environment with our custom filters
env.filters.update({"format_ts": _format_ts_filter})
if self.public_baseurl:
env.filters.update(
{"mxc_to_http": _create_mxc_to_http_filter(self.public_baseurl)}
)
env.filters.update(
{
"format_ts": _format_ts_filter,
"mxc_to_http": _create_mxc_to_http_filter(self.public_baseurl),
}
)

for filename in filenames:
# Load the template
Expand Down
8 changes: 0 additions & 8 deletions synapse/config/emailconfig.py
Original file line number Diff line number Diff line change
Expand Up @@ -166,11 +166,6 @@ def read_config(self, config, **kwargs):
if not self.email_notif_from:
missing.append("email.notif_from")

# public_baseurl is required to build password reset and validation links that
# will be emailed to users
if config.get("public_baseurl") is None:
missing.append("public_baseurl")

if missing:
raise ConfigError(
MISSING_PASSWORD_RESET_CONFIG_ERROR % (", ".join(missing),)
Expand Down Expand Up @@ -269,9 +264,6 @@ def read_config(self, config, **kwargs):
if not self.email_notif_from:
missing.append("email.notif_from")

if config.get("public_baseurl") is None:
missing.append("public_baseurl")

if missing:
raise ConfigError(
"email.enable_notifs is True but required keys are missing: %s"
Expand Down
2 changes: 0 additions & 2 deletions synapse/config/oidc_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,6 @@ def read_config(self, config, **kwargs):
raise ConfigError(e.message) from e

public_baseurl = self.public_baseurl
if public_baseurl is None:
raise ConfigError("oidc_config requires a public_baseurl to be set")
self.oidc_callback_url = public_baseurl + "_synapse/oidc/callback"

@property
Expand Down
21 changes: 4 additions & 17 deletions synapse/config/registration.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,6 @@ def __init__(self, config, synapse_config):

self.startup_job_max_delta = self.period * 10.0 / 100.0

if self.renew_by_email_enabled:
if "public_baseurl" not in synapse_config:
raise ConfigError("Can't send renewal emails without 'public_baseurl'")

template_dir = config.get("template_dir")

if not template_dir:
Expand Down Expand Up @@ -109,13 +105,6 @@ def read_config(self, config, **kwargs):
account_threepid_delegates = config.get("account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get("email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn")
if self.account_threepid_delegate_msisdn and not self.public_baseurl:
raise ConfigError(
"The configuration option `public_baseurl` is required if "
"`account_threepid_delegate.msisdn` is set, such that "
"clients know where to submit validation tokens to. Please "
"configure `public_baseurl`."
)

self.default_identity_server = config.get("default_identity_server")
self.allow_guest_access = config.get("allow_guest_access", False)
Expand Down Expand Up @@ -240,8 +229,9 @@ def generate_config_section(self, generate_secrets=False, **kwargs):
# send an email to the account's email address with a renewal link. By
# default, no such emails are sent.
#
# If you enable this setting, you will also need to fill out the 'email' and
# 'public_baseurl' configuration sections.
# If you enable this setting, you will also need to fill out the 'email'
# configuration section. You should also check that 'public_baseurl' is set
# correctly.
#
#renew_at: 1w
Expand Down Expand Up @@ -332,8 +322,7 @@ def generate_config_section(self, generate_secrets=False, **kwargs):
# The identity server which we suggest that clients should use when users log
# in on this server.
#
# (By default, no suggestion is made, so it is left up to the client.
# This setting is ignored unless public_baseurl is also set.)
# (By default, no suggestion is made, so it is left up to the client.)
#
#default_identity_server: https://matrix.org
Expand All @@ -358,8 +347,6 @@ def generate_config_section(self, generate_secrets=False, **kwargs):
# by the Matrix Identity Service API specification:
# https://matrix.org/docs/spec/identity_service/latest
#
# If a delegate is specified, the config option public_baseurl must also be filled out.
#
account_threepid_delegates:
#email: https://example.com # Delegate email sending to example.com
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
Expand Down
2 changes: 0 additions & 2 deletions synapse/config/saml2_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -189,8 +189,6 @@ def _default_saml_config_dict(
import saml2

public_baseurl = self.public_baseurl
if public_baseurl is None:
raise ConfigError("saml2_config requires a public_baseurl to be set")

if self.saml2_grandfathered_mxid_source_attribute:
optional_attributes.add(self.saml2_grandfathered_mxid_source_attribute)
Expand Down
24 changes: 15 additions & 9 deletions synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,11 @@ def read_config(self, config, **kwargs):
self.print_pidfile = config.get("print_pidfile")
self.user_agent_suffix = config.get("user_agent_suffix")
self.use_frozen_dicts = config.get("use_frozen_dicts", False)
self.public_baseurl = config.get("public_baseurl")
self.public_baseurl = config.get("public_baseurl") or "https://%s/" % (
self.server_name,
)
if self.public_baseurl[-1] != "/":
self.public_baseurl += "/"

# Whether to enable user presence.
self.use_presence = config.get("use_presence", True)
Expand Down Expand Up @@ -317,9 +321,6 @@ def read_config(self, config, **kwargs):
# Always blacklist 0.0.0.0, ::
self.federation_ip_range_blacklist.update(["0.0.0.0", "::"])

if self.public_baseurl is not None:
if self.public_baseurl[-1] != "/":
self.public_baseurl += "/"
self.start_pushers = config.get("start_pushers", True)

# (undocumented) option for torturing the worker-mode replication a bit,
Expand Down Expand Up @@ -740,11 +741,16 @@ def generate_config_section(
#
#web_client_location: https://riot.example.com/
# The public-facing base URL that clients use to access this HS
# (not including _matrix/...). This is the same URL a user would
# enter into the 'custom HS URL' field on their client. If you
# use synapse with a reverse proxy, this should be the URL to reach
# synapse via the proxy.
# The public-facing base URL that clients use to access this Homeserver (not
# including _matrix/...). This is the same URL a user might enter into the
# 'Custom Homeserver URL' field on their client. If you use Synapse with a
# reverse proxy, this should be the URL to reach Synapse via the proxy.
# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
# 'listeners' below).
#
# If this is left unset, it defaults to 'https://<server_name>/'. (Note that
# that will not work unless you configure Synapse or a reverse-proxy to listen
# on port 443.)
#
#public_baseurl: https://example.com/
Expand Down
13 changes: 5 additions & 8 deletions synapse/config/sso.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,8 @@ def read_config(self, config, **kwargs):
# gracefully to the client). This would make it pointless to ask the user for
# confirmation, since the URL the confirmation page would be showing wouldn't be
# the client's.
# public_baseurl is an optional setting, so we only add the fallback's URL to the
# list if it's provided (because we can't figure out what that URL is otherwise).
if self.public_baseurl:
login_fallback_url = self.public_baseurl + "_matrix/static/client/login"
self.sso_client_whitelist.append(login_fallback_url)
login_fallback_url = self.public_baseurl + "_matrix/static/client/login"
self.sso_client_whitelist.append(login_fallback_url)

def generate_config_section(self, **kwargs):
return """\
Expand All @@ -86,9 +83,9 @@ def generate_config_section(self, **kwargs):
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
# The login fallback page (used by clients that don't natively support the
# required login flows) is automatically whitelisted in addition to any URLs
# in this list.
#
# By default, this list is empty.
#
Expand Down
2 changes: 0 additions & 2 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -476,8 +476,6 @@ async def requestMsisdnToken(
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")

assert self.hs.config.public_baseurl

# we need to tell the client to send the token back to us, since it doesn't
# otherwise know where to send it, so add submit_url response parameter
# (see also MSC2078)
Expand Down
4 changes: 0 additions & 4 deletions synapse/rest/well_known.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,6 @@ def __init__(self, hs):
self._config = hs.config

def get_well_known(self):
# if we don't have a public_baseurl, we can't help much here.
if self._config.public_baseurl is None:
return None

result = {"m.homeserver": {"base_url": self._config.public_baseurl}}

if self._config.default_identity_server:
Expand Down
9 changes: 0 additions & 9 deletions tests/rest/test_well_known.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,3 @@ def test_well_known(self):
"m.identity_server": {"base_url": "https://testis"},
},
)

def test_well_known_no_public_baseurl(self):
self.hs.config.public_baseurl = None

channel = self.make_request(
"GET", "/.well-known/matrix/client", shorthand=False
)

self.assertEqual(channel.code, 404)
1 change: 0 additions & 1 deletion tests/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,6 @@ def default_config(name, parse=False):
"remote": {"per_second": 10000, "burst_count": 10000},
},
"saml2_enabled": False,
"public_baseurl": None,
"default_identity_server": None,
"key_refresh_interval": 24 * 60 * 60 * 1000,
"old_signing_keys": {},
Expand Down

0 comments on commit fa50e4b

Please sign in to comment.