From dfb33d80ff700e2fd3a42c9df3527fe3ecd5752f Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Mon, 11 Nov 2019 22:59:01 +0000 Subject: [PATCH 1/5] ensure privacy preserving defaults for the room directory --- UPGRADE.rst | 16 ++++++++++++++++ changelog.d/6354.feature | 1 + synapse/config/server.py | 19 ++++++++++--------- 3 files changed, 27 insertions(+), 9 deletions(-) create mode 100644 changelog.d/6354.feature diff --git a/UPGRADE.rst b/UPGRADE.rst index 5ebf16a73e77..fbfb485c164b 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -75,6 +75,22 @@ for example: wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb +Upgrading to v1.5.2 +=================== + +In attempt to configure Synapse in a privacy preserving way, the default +behaviour of ``allow_public_rooms_without_auth`` and +``allow_public_rooms_over_federation`` has been inverted. This means that by +default, only authenticated users querying the Client/Server API will be able +to query the room directory, and relatedly that the server will not share +room directory information with other servers over federation. + +If your installation does not explicitly set these settings one way or the other +and you want either setting to be ``true`` they will need to be explicitly set +in ``homeserver.yaml`` + +For more details on the surrounding context see our `explainer +`_. Upgrading to v1.5.0 =================== diff --git a/changelog.d/6354.feature b/changelog.d/6354.feature new file mode 100644 index 000000000000..fed9db884bc6 --- /dev/null +++ b/changelog.d/6354.feature @@ -0,0 +1 @@ +Configure privacy preserving settings by default for the room directory. diff --git a/synapse/config/server.py b/synapse/config/server.py index d556df308d75..49eb9efb797f 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -99,7 +99,7 @@ def read_config(self, config, **kwargs): # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. self.require_auth_for_profile_requests = config.get( - "require_auth_for_profile_requests", False + "require_auth_for_profile_requests", True ) if "restrict_public_rooms_to_local_users" in config and ( @@ -121,12 +121,12 @@ def read_config(self, config, **kwargs): # If set to 'False', requires authentication to access the server's public # rooms directory through the client API. Defaults to 'True'. self.allow_public_rooms_without_auth = config.get( - "allow_public_rooms_without_auth", True + "allow_public_rooms_without_auth", False ) # If set to 'False', forbids any other homeserver to fetch the server's public # rooms directory via federation. Defaults to 'True'. self.allow_public_rooms_over_federation = config.get( - "allow_public_rooms_over_federation", True + "allow_public_rooms_over_federation", False ) default_room_version = config.get("default_room_version", DEFAULT_ROOM_VERSION) @@ -500,15 +500,16 @@ def generate_config_section( # #require_auth_for_profile_requests: true - # If set to 'false', requires authentication to access the server's public rooms - # directory through the client API. Defaults to 'true'. + # If set to 'true', removes the need for authentication to access the server's + # public rooms directory through the client API, meaning that anyone can + # query the room directory. Defaults to 'false'. # - #allow_public_rooms_without_auth: false + #allow_public_rooms_without_auth: true - # If set to 'false', forbids any other homeserver to fetch the server's public - # rooms directory via federation. Defaults to 'true'. + # If set to 'true', allows any other homeserver to fetch the server's public + # rooms directory via federation. Defaults to 'false'. # - #allow_public_rooms_over_federation: false + #allow_public_rooms_over_federation: true # The default room version for newly created rooms. # From 163c7d2d8002cab98eef9f0fbfc9482a26a9c794 Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Tue, 12 Nov 2019 09:54:41 +0000 Subject: [PATCH 2/5] clarity --- UPGRADE.rst | 17 +++++++++-------- docs/sample_config.yaml | 13 +++++++------ synapse/config/server.py | 13 +++++++------ 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/UPGRADE.rst b/UPGRADE.rst index fbfb485c164b..08591fdf2c5c 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -78,19 +78,20 @@ for example: Upgrading to v1.5.2 =================== -In attempt to configure Synapse in a privacy preserving way, the default -behaviour of ``allow_public_rooms_without_auth`` and -``allow_public_rooms_over_federation`` has been inverted. This means that by -default, only authenticated users querying the Client/Server API will be able -to query the room directory, and relatedly that the server will not share +In an attempt to configure Synapse in a privacy preserving way, the default +behaviours of ``allow_public_rooms_without_auth`` and +``allow_public_rooms_over_federation`` have been inverted. This means that by +default, only authenticated users querying the Client/Server API will be able +to query the room directory, and relatedly that the server will not share room directory information with other servers over federation. If your installation does not explicitly set these settings one way or the other -and you want either setting to be ``true`` they will need to be explicitly set -in ``homeserver.yaml`` +and you want either setting to be ``true`` then it will necessary to update +``homeserver.yaml`` accordingly. For more details on the surrounding context see our `explainer -`_. +`_. + Upgrading to v1.5.0 =================== diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index d2f4aff82697..8595417d84ba 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -54,15 +54,16 @@ pid_file: DATADIR/homeserver.pid # #require_auth_for_profile_requests: true -# If set to 'false', requires authentication to access the server's public rooms -# directory through the client API. Defaults to 'true'. +# If set to 'true', removes the need for authentication to access the server's +# public rooms directory through the client API, meaning that anyone can +# query the room directory. Defaults to 'false'. # -#allow_public_rooms_without_auth: false +#allow_public_rooms_without_auth: true -# If set to 'false', forbids any other homeserver to fetch the server's public -# rooms directory via federation. Defaults to 'true'. +# If set to 'true', allows any other homeserver to fetch the server's public +# rooms directory via federation. Defaults to 'false'. # -#allow_public_rooms_over_federation: false +#allow_public_rooms_over_federation: true # The default room version for newly created rooms. # diff --git a/synapse/config/server.py b/synapse/config/server.py index 49eb9efb797f..4e8c0c5c8cbc 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -99,7 +99,7 @@ def read_config(self, config, **kwargs): # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. self.require_auth_for_profile_requests = config.get( - "require_auth_for_profile_requests", True + "require_auth_for_profile_requests", False ) if "restrict_public_rooms_to_local_users" in config and ( @@ -118,13 +118,14 @@ def read_config(self, config, **kwargs): self.allow_public_rooms_without_auth = False self.allow_public_rooms_over_federation = False else: - # If set to 'False', requires authentication to access the server's public - # rooms directory through the client API. Defaults to 'True'. + # If set to 'true', removes the need for authentication to access the server's + # public rooms directory through the client API, meaning that anyone can + # query the room directory. Defaults to 'false'. self.allow_public_rooms_without_auth = config.get( "allow_public_rooms_without_auth", False ) - # If set to 'False', forbids any other homeserver to fetch the server's public - # rooms directory via federation. Defaults to 'True'. + # If set to 'true', allows any other homeserver to fetch the server's public + # rooms directory via federation. Defaults to 'false'. self.allow_public_rooms_over_federation = config.get( "allow_public_rooms_over_federation", False ) @@ -501,7 +502,7 @@ def generate_config_section( #require_auth_for_profile_requests: true # If set to 'true', removes the need for authentication to access the server's - # public rooms directory through the client API, meaning that anyone can + # public rooms directory through the client API, meaning that anyone can # query the room directory. Defaults to 'false'. # #allow_public_rooms_without_auth: true From c7b8dc4ebbc8b6a520f26e2a21bd78f77b86d001 Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Tue, 3 Dec 2019 17:54:26 +0000 Subject: [PATCH 3/5] ensure that room search over federation fails if allow_public_rooms_over_federation is False --- tests/federation/transport/test_server.py | 52 +++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 tests/federation/transport/test_server.py diff --git a/tests/federation/transport/test_server.py b/tests/federation/transport/test_server.py new file mode 100644 index 000000000000..2642498b8231 --- /dev/null +++ b/tests/federation/transport/test_server.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2019 Matrix.org Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from twisted.internet import defer + +from synapse.config.ratelimiting import FederationRateLimitConfig +from synapse.federation.transport import server +from synapse.util.ratelimitutils import FederationRateLimiter + +from tests import unittest +from tests.unittest import override_config + + +class RoomDirectoryFederationTests(unittest.HomeserverTestCase): + def prepare(self, reactor, clock, homeserver): + class Authenticator(object): + def authenticate_request(self, request, content): + return defer.succeed("otherserver.nottld") + + ratelimiter = FederationRateLimiter(clock, FederationRateLimitConfig()) + server.register_servlets( + homeserver, self.resource, Authenticator(), ratelimiter + ) + + @override_config({"allow_public_rooms_over_federation": False}) + def test_blocked_public_room_list_over_federation(self): + request, channel = self.make_request( + "GET", "/_matrix/federation/v1/publicRooms" + ) + self.render(request) + self.assertEquals(403, channel.code) + + @override_config({"allow_public_rooms_over_federation": True}) + def test_open_public_room_list_over_federation(self): + request, channel = self.make_request( + "GET", "/_matrix/federation/v1/publicRooms" + ) + self.render(request) + self.assertEquals(200, channel.code) From a29dd96e526b126ddb70f220af6cd5e5dece402c Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Tue, 3 Dec 2019 17:55:18 +0000 Subject: [PATCH 4/5] bump room version --- UPGRADE.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPGRADE.rst b/UPGRADE.rst index 08591fdf2c5c..36b59a6c42e9 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -75,7 +75,7 @@ for example: wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb -Upgrading to v1.5.2 +Upgrading to v1.7.0 =================== In an attempt to configure Synapse in a privacy preserving way, the default From 014e1574342d819b0b23f3bf6c84acf2b6d60e77 Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Tue, 3 Dec 2019 18:09:41 +0000 Subject: [PATCH 5/5] Apply suggestions from code review clarity Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> --- UPGRADE.rst | 2 +- tests/federation/transport/test_server.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/UPGRADE.rst b/UPGRADE.rst index 36b59a6c42e9..d9020f2663ae 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -87,7 +87,7 @@ room directory information with other servers over federation. If your installation does not explicitly set these settings one way or the other and you want either setting to be ``true`` then it will necessary to update -``homeserver.yaml`` accordingly. +your homeserver configuration file accordingly. For more details on the surrounding context see our `explainer `_. diff --git a/tests/federation/transport/test_server.py b/tests/federation/transport/test_server.py index 2642498b8231..27d83bb7d9b3 100644 --- a/tests/federation/transport/test_server.py +++ b/tests/federation/transport/test_server.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Copyright 2019 Matrix.org Foundation +# Copyright 2019 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License.