From 9490013de53e3f37ee43cfc325024820793755a4 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 11:22:49 +0100 Subject: [PATCH 01/13] clean ups to code surrounding v2 users admin api and setting display names --- docs/admin_api/user_admin_api.md | 5 +++-- synapse/handlers/profile.py | 4 ++-- synapse/storage/databases/main/profile.py | 16 ++++++++++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 86c29ab3800c..56066dcac5d2 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -118,9 +118,10 @@ Body parameters: - `password` - string, optional. If provided, the user's password is updated and all devices are logged out, unless `logout_devices` is set to `false`. -- `logout_devices` - bool, optional, defaults to `true`. If set to false, devices aren't +- `logout_devices` - bool, optional, defaults to `true`. If set to `false`, devices aren't logged out even when `password` is provided. -- `displayname` - string, optional, defaults to the value of `user_id`. +- `displayname` - string, optional. If set to an empty string (`""`), the user's display name + will be removed. - `threepids` - array, optional, allows setting the third-party IDs (email, msisdn) - `medium` - string. Kind of third-party ID, either `email` or `msisdn`. - `address` - string. Value of third-party ID. diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py index 983b9b66fb75..838bd2ac4738 100644 --- a/synapse/handlers/profile.py +++ b/synapse/handlers/profile.py @@ -170,8 +170,8 @@ async def set_displayname( displayname_to_set = None # If the admin changes the display name of a user, the requesting user cannot send - # the join event to update the displayname in the rooms. - # This must be done by the target user himself. + # the join event to update the display name in the rooms. + # This must be done by the target user themselves. if by_admin: requester = create_requester( target_user, diff --git a/synapse/storage/databases/main/profile.py b/synapse/storage/databases/main/profile.py index b109f8c07f1e..c4022d2427db 100644 --- a/synapse/storage/databases/main/profile.py +++ b/synapse/storage/databases/main/profile.py @@ -85,6 +85,14 @@ async def create_profile(self, user_id: UserID) -> None: async def set_profile_displayname( self, user_id: UserID, new_displayname: Optional[str] ) -> None: + """ + Set the display name of a user. + + Args: + user_id: The user's ID. + new_displayname: The new display name. If this is None, the user's display + name is removed. + """ user_localpart = user_id.localpart await self.db_pool.simple_upsert( table="profiles", @@ -99,6 +107,14 @@ async def set_profile_displayname( async def set_profile_avatar_url( self, user_id: UserID, new_avatar_url: Optional[str] ) -> None: + """ + Set the avatar of a user. + + Args: + user_id: The user's ID. + new_avatar_url: The new avatar URL. If this is None, the user's avatar is + removed. + """ user_localpart = user_id.localpart await self.db_pool.simple_upsert( table="profiles", From f7e25a15f52699c9dc4f0d07a0c27899e8cb7953 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 11:33:55 +0100 Subject: [PATCH 02/13] Clarify the 'threepids' option --- docs/admin_api/user_admin_api.md | 13 +++++++++---- synapse/util/msisdn.py | 6 +++++- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 56066dcac5d2..7d3583f78477 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -122,10 +122,15 @@ Body parameters: logged out even when `password` is provided. - `displayname` - string, optional. If set to an empty string (`""`), the user's display name will be removed. -- `threepids` - array, optional, allows setting the third-party IDs (email, msisdn) - - `medium` - string. Kind of third-party ID, either `email` or `msisdn`. - - `address` - string. Value of third-party ID. - belonging to a user. +- `threepids` - array, optional. If provided, the user's third-party IDs (email, msisdn) are + entirely replaced with the given list. Each item in the array is an object with the following + fields: + - `medium` - string, required. The type of third-party ID, either `email` or `msisdn` (phone number). + - `address` - string, required. The third-party ID itself, e.g. `alice@example.com` for `email` or + `447470274584` (for a phone number with country code "44") and `19254857364` (for a phone number + with country code "1") for `msisdn`. + Note: If a threepid is removed from a user via this option, Synapse will also attempt to remove + that threepid from any identity servers it is aware has a binding for it. - `external_ids` - array, optional. Allow setting the identifier of the external identity provider for SSO (Single sign-on). Details in the configuration manual under the sections [sso](../usage/configuration/config_documentation.md#sso) and [oidc_providers](../usage/configuration/config_documentation.md#oidc_providers). diff --git a/synapse/util/msisdn.py b/synapse/util/msisdn.py index 1046224f1598..3721a1558efa 100644 --- a/synapse/util/msisdn.py +++ b/synapse/util/msisdn.py @@ -22,12 +22,16 @@ def phone_number_to_msisdn(country: str, number: str) -> str: Takes an ISO-3166-1 2 letter country code and phone number and returns an msisdn representing the canonical version of that phone number. + + As an example, if `country` is "GB" and `number` is "7470674927", this + function will return "447470674927". + Args: country: ISO-3166-1 2 letter country code number: Phone number in a national or international format Returns: - The canonical form of the phone number, as an msisdn + The canonical form of the phone number, as an msisdn. Raises: SynapseError if the number could not be parsed. """ From 9090d57a9f8b39a9321b7d654ab64a6b21490e44 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 11:46:41 +0100 Subject: [PATCH 03/13] Clarify the 'external_ids' option --- docs/admin_api/user_admin_api.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 7d3583f78477..1513f6668b9b 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -132,12 +132,13 @@ Body parameters: Note: If a threepid is removed from a user via this option, Synapse will also attempt to remove that threepid from any identity servers it is aware has a binding for it. - `external_ids` - array, optional. Allow setting the identifier of the external identity - provider for SSO (Single sign-on). Details in the configuration manual under the + provider for SSO (Single sign-on). More details are in the configuration manual under the sections [sso](../usage/configuration/config_documentation.md#sso) and [oidc_providers](../usage/configuration/config_documentation.md#oidc_providers). - - `auth_provider` - string. ID of the external identity provider. Value of `idp_id` - in the homeserver configuration. Note that no error is raised if the provided - value is not in the homeserver configuration. - - `external_id` - string, user ID in the external identity provider. + - `auth_provider` - string, required. The unique, internal ID of the external identity provider. + The same as `idp_id` from the homeserver configuration. Note that no error is raised if the + provided value is not in the homeserver configuration. + - `external_id` - string, required. An identifier for the user in the external identity provider. + When the user logs in to the identity provider, this must be the unique ID that they map to. - `avatar_url` - string, optional, must be a [MXC URI](https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris). - `admin` - bool, optional, defaults to `false`. From e9510d24b837e956dd344191d9f4db9211e33257 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 11:48:18 +0100 Subject: [PATCH 04/13] Clarify 'avatar_url', and remove duplicate str-type check --- docs/admin_api/user_admin_api.md | 5 +++-- synapse/rest/admin/users.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 1513f6668b9b..2294f90057bf 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -122,6 +122,9 @@ Body parameters: logged out even when `password` is provided. - `displayname` - string, optional. If set to an empty string (`""`), the user's display name will be removed. +- `avatar_url` - string, optional. Must be a + [MXC URI](https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris). + If set to an empty string (`""`), the user's avatar is removed. - `threepids` - array, optional. If provided, the user's third-party IDs (email, msisdn) are entirely replaced with the given list. Each item in the array is an object with the following fields: @@ -139,8 +142,6 @@ Body parameters: provided value is not in the homeserver configuration. - `external_id` - string, required. An identifier for the user in the external identity provider. When the user logs in to the identity provider, this must be the unique ID that they map to. -- `avatar_url` - string, optional, must be a - [MXC URI](https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris). - `admin` - bool, optional, defaults to `false`. - `deactivated` - bool, optional. If unspecified, deactivation state will be left unchanged on existing accounts and set to `false` for new accounts. diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py index 331f22511618..932333ae5715 100644 --- a/synapse/rest/admin/users.py +++ b/synapse/rest/admin/users.py @@ -336,7 +336,7 @@ async def on_PUT( HTTPStatus.CONFLICT, "External id is already in use." ) - if "avatar_url" in body and isinstance(body["avatar_url"], str): + if "avatar_url" in body: await self.profile_handler.set_avatar_url( target_user, requester, body["avatar_url"], True ) From 32580f6e8747de79be2156073d8d3320a213b1d1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:36:09 +0100 Subject: [PATCH 05/13] Clarify 'admin' --- docs/admin_api/user_admin_api.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 2294f90057bf..5e4ffe7512b4 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -142,7 +142,8 @@ Body parameters: provided value is not in the homeserver configuration. - `external_id` - string, required. An identifier for the user in the external identity provider. When the user logs in to the identity provider, this must be the unique ID that they map to. -- `admin` - bool, optional, defaults to `false`. +- `admin` - bool, optional, defaults to `false`. Whether the user is a homeserver administrator, + granting them access to the Admin API, among other things. - `deactivated` - bool, optional. If unspecified, deactivation state will be left unchanged on existing accounts and set to `false` for new accounts. A user cannot be erased by deactivating with this API. For details on From de215466e6a8d0f468d36161dda56271666b3082 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:46:42 +0100 Subject: [PATCH 06/13] Clarify 'deactivated' --- docs/admin_api/user_admin_api.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 5e4ffe7512b4..96c7322e2ef9 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -144,10 +144,16 @@ Body parameters: When the user logs in to the identity provider, this must be the unique ID that they map to. - `admin` - bool, optional, defaults to `false`. Whether the user is a homeserver administrator, granting them access to the Admin API, among other things. -- `deactivated` - bool, optional. If unspecified, deactivation state will be left - unchanged on existing accounts and set to `false` for new accounts. - A user cannot be erased by deactivating with this API. For details on - deactivating users see [Deactivate Account](#deactivate-account). +- `deactivated` - bool, optional. If unspecified, deactivation state will be left unchanged. + + Note: the `password` field must also be set if both of the following are true: + - `deactivated` is set to `false` and the user was previously deactivated (you are reactivating this user) + - Users are allowed to set their password on this homeserver (both `password_config.enabled` and + `password_config.localdb_enabled` config options are set to `true`). + Users' passwords are wiped upon account deactivation, hence the need to set a new one here. + + Note: a user cannot be erased with this API. For more details on + deactivating and erasing users see [Deactivate Account](#deactivate-account). - `user_type` - string or null, optional. If provided, the user type will be adjusted. If `null` given, the user type will be cleared. Other allowed options are: `bot` and `support`. From 4a8aa25c2adac703cb77d4361ef5fd825a9ad54a Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:47:58 +0100 Subject: [PATCH 07/13] Clarify 'user_type' --- docs/admin_api/user_admin_api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 96c7322e2ef9..d026da558f0c 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -154,9 +154,9 @@ Body parameters: Note: a user cannot be erased with this API. For more details on deactivating and erasing users see [Deactivate Account](#deactivate-account). -- `user_type` - string or null, optional. If provided, the user type will be - adjusted. If `null` given, the user type will be cleared. Other - allowed options are: `bot` and `support`. +- `user_type` - string or null, optional. If not provided, the user type will be + not be changed. If `null` is given, the user type will be cleared. + Other allowed options are: `bot` and `support`. If the user already exists then optional parameters default to the current value. From 686ab8338c8d3f9310866c4aa22b19761a43bea2 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:48:32 +0100 Subject: [PATCH 08/13] Remove incorrect and redundant information --- docs/admin_api/user_admin_api.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index d026da558f0c..0137934bafb7 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -158,11 +158,6 @@ Body parameters: not be changed. If `null` is given, the user type will be cleared. Other allowed options are: `bot` and `support`. -If the user already exists then optional parameters default to the current value. - -In order to re-activate an account `deactivated` must be set to `false`. If -users do not login via single-sign-on, a new `password` must be provided. - ## List Accounts This API returns all local user accounts. From 8847d489183f8f1f38ee1ea2757749f9ec1ff878 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:51:43 +0100 Subject: [PATCH 09/13] Add 'logout_devices' field and example values to the example --- docs/admin_api/user_admin_api.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 0137934bafb7..360391b8b0ba 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -78,28 +78,29 @@ with a body of: ```json { "password": "user_password", - "displayname": "User", + "logout_devices": false, + "displayname": "Alice Marigold", + "avatar_url": "mxc://example.com/abcde12345", "threepids": [ { "medium": "email", - "address": "" + "address": "alice@example.com" }, { "medium": "email", - "address": "" + "address": "alice@domain.org" } ], "external_ids": [ { - "auth_provider": "", - "external_id": "" + "auth_provider": "example", + "external_id": "12345" }, { - "auth_provider": "", - "external_id": "" + "auth_provider": "example2", + "external_id": "abc54321" } ], - "avatar_url": "", "admin": false, "deactivated": false, "user_type": null From 5f91183efa5f9cc36262661146d7f66eb8e78d25 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:57:47 +0100 Subject: [PATCH 10/13] bold each parameter's type for readability --- docs/admin_api/user_admin_api.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 360391b8b0ba..e13db951fcd4 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -117,35 +117,35 @@ URL parameters: Body parameters: -- `password` - string, optional. If provided, the user's password is updated and all +- `password` - **string**, optional. If provided, the user's password is updated and all devices are logged out, unless `logout_devices` is set to `false`. -- `logout_devices` - bool, optional, defaults to `true`. If set to `false`, devices aren't +- `logout_devices` - **bool**, optional, defaults to `true`. If set to `false`, devices aren't logged out even when `password` is provided. -- `displayname` - string, optional. If set to an empty string (`""`), the user's display name +- `displayname` - **string**, optional. If set to an empty string (`""`), the user's display name will be removed. -- `avatar_url` - string, optional. Must be a +- `avatar_url` - **string**, optional. Must be a [MXC URI](https://matrix.org/docs/spec/client_server/r0.6.0#matrix-content-mxc-uris). If set to an empty string (`""`), the user's avatar is removed. -- `threepids` - array, optional. If provided, the user's third-party IDs (email, msisdn) are +- `threepids` - **array**, optional. If provided, the user's third-party IDs (email, msisdn) are entirely replaced with the given list. Each item in the array is an object with the following fields: - - `medium` - string, required. The type of third-party ID, either `email` or `msisdn` (phone number). - - `address` - string, required. The third-party ID itself, e.g. `alice@example.com` for `email` or + - `medium` - **string**, required. The type of third-party ID, either `email` or `msisdn` (phone number). + - `address` - **string**, required. The third-party ID itself, e.g. `alice@example.com` for `email` or `447470274584` (for a phone number with country code "44") and `19254857364` (for a phone number with country code "1") for `msisdn`. Note: If a threepid is removed from a user via this option, Synapse will also attempt to remove that threepid from any identity servers it is aware has a binding for it. -- `external_ids` - array, optional. Allow setting the identifier of the external identity +- `external_ids` - **array**, optional. Allow setting the identifier of the external identity provider for SSO (Single sign-on). More details are in the configuration manual under the sections [sso](../usage/configuration/config_documentation.md#sso) and [oidc_providers](../usage/configuration/config_documentation.md#oidc_providers). - - `auth_provider` - string, required. The unique, internal ID of the external identity provider. + - `auth_provider` - **string**, required. The unique, internal ID of the external identity provider. The same as `idp_id` from the homeserver configuration. Note that no error is raised if the provided value is not in the homeserver configuration. - - `external_id` - string, required. An identifier for the user in the external identity provider. + - `external_id` - **string**, required. An identifier for the user in the external identity provider. When the user logs in to the identity provider, this must be the unique ID that they map to. -- `admin` - bool, optional, defaults to `false`. Whether the user is a homeserver administrator, +- `admin` - **bool**, optional, defaults to `false`. Whether the user is a homeserver administrator, granting them access to the Admin API, among other things. -- `deactivated` - bool, optional. If unspecified, deactivation state will be left unchanged. +- `deactivated` - **bool**, optional. If unspecified, deactivation state will be left unchanged. Note: the `password` field must also be set if both of the following are true: - `deactivated` is set to `false` and the user was previously deactivated (you are reactivating this user) @@ -155,7 +155,7 @@ Body parameters: Note: a user cannot be erased with this API. For more details on deactivating and erasing users see [Deactivate Account](#deactivate-account). -- `user_type` - string or null, optional. If not provided, the user type will be +- `user_type` - **string** or null, optional. If not provided, the user type will be not be changed. If `null` is given, the user type will be cleared. Other allowed options are: `bot` and `support`. From 47feabac476ca8bfe5aa2f9a9c4fd603f9426d44 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:58:07 +0100 Subject: [PATCH 11/13] Clarify 'user_id' url parameter --- docs/admin_api/user_admin_api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index e13db951fcd4..61dbfd28ed0f 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -113,7 +113,7 @@ Returns HTTP status code: URL parameters: -- `user_id`: fully-qualified user id: for example, `@user:server.com`. +- `user_id` - A fully-qualified user id. For example, `@user:server.com`. Body parameters: From 66baa4bc76a4b9a1face555edca32b92ceeded1a Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 13:59:58 +0100 Subject: [PATCH 12/13] changelog --- changelog.d/15544.doc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/15544.doc diff --git a/changelog.d/15544.doc b/changelog.d/15544.doc new file mode 100644 index 000000000000..a6d1e969001a --- /dev/null +++ b/changelog.d/15544.doc @@ -0,0 +1 @@ +Clarify documentation of the "Create or modify account" Admin API. \ No newline at end of file From ad87f36d257b921a54bcd5be9e46229f24535cdc Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 5 May 2023 14:00:03 +0100 Subject: [PATCH 13/13] Fix title case --- docs/admin_api/user_admin_api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 61dbfd28ed0f..6b952ba3969b 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -62,7 +62,7 @@ URL parameters: - `user_id`: fully-qualified user id: for example, `@user:server.com`. -## Create or modify Account +## Create or modify account This API allows an administrator to create or modify a user account with a specific `user_id`.