This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Show a confirmation page during user password reset #8004
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
2 times, most recently
from
a6e7042
to
e941331
Compare
richvdh
previously requested changes
Aug 3, 2020
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
from
a6ba7dd
to
6c092a8
Compare
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
2 times, most recently
from
a0dc2c0
to
8f752cf
Compare
Creates a new implementation-specific endpoint for accepting confirmation of password resets. This endpoint should be hit with the same parameters as the regular password reset submit_token endpoint. This endpoint will now complete the password resets, whereas the existing endpoint will now just show the confirmation template page.
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
from
8f752cf
to
3568e18
Compare
richvdh
previously requested changes
Aug 21, 2020
…sword_reset_confirmation * 'develop' of github.com:matrix-org/synapse: (22 commits) Update the test federation client to handle streaming responses (#8130) Do not propagate profile changes of shadow-banned users into rooms. (#8157) Make SlavedIdTracker.advance have same interface as MultiWriterIDGenerator (#8171) Convert simple_select_one and simple_select_one_onecol to async (#8162) Fix rate limiting unit tests. (#8167) Add functions to `MultiWriterIdGen` used by events stream (#8164) Do not allow send_nonmember_event to be called with shadow-banned users. (#8158) Changelog fixes 1.19.1rc1 Make StreamIdGen `get_next` and `get_next_mult` async (#8161) Wording fixes to 'name' user admin api filter (#8163) Fix missing double-backtick in RST document Search in columns 'name' and 'displayname' in the admin users endpoint (#7377) Add type hints for state. (#8140) Stop shadow-banned users from sending non-member events. (#8142) Allow capping a room's retention policy (#8104) Add healthcheck for default localhost 8008 port on /health endpoint. (#8147) Fix flaky shadow-ban tests. (#8152) Fix join ratelimiter breaking profile updates and idempotency (#8153) Do not apply ratelimiting on joins to appservices (#8139) ...
|
Rebased to fix CI failures. |
richvdh
previously requested changes
Aug 27, 2020
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
from
b976db4
to
76e9000
Compare
richvdh
previously requested changes
Sep 3, 2020
anoadragon453
added a commit
that referenced
this pull request
Sep 8, 2020
…omain whitelist (#8275) This is a config option ported over from DINUM's Sydent: matrix-org/sydent#285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to #8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
richvdh
previously requested changes
Sep 9, 2020
| @@ -0,0 +1,14 @@ | |||
| # -*- coding: utf-8 -*- | |||
There was a problem hiding this comment.
I'm not entirely convinced that internal is the right name here, though I must admit I'm struggling to come up with better alternatives.
There was a problem hiding this comment.
I've renamed it to synapse (which requires a modification to an import in synapse/rest/__init.py. Does this a) sound good b) seem sane?
Comment on lines
82
to
84
| respond_with_html( | ||
| request, 200, self._confirmation_email_template.render(**template_vars) | ||
| ) |
There was a problem hiding this comment.
you can instead:
Suggested change
| respond_with_html( | |
| request, 200, self._confirmation_email_template.render(**template_vars) | |
| ) | |
| return self._confirmation_email_template.render(**template_vars).encode("utf-8") |
There was a problem hiding this comment.
I suppose this method always returns HTTP 200, so we wouldn't use it with the POST handler?
There was a problem hiding this comment.
Ah, looks like we need to return 200, <bytes> actually.
There was a problem hiding this comment.
I've done that and done the same in the POST handler. Automatic and manual tests still work :)
anoadragon453
added a commit
to matrix-org/synapse-dinsic
that referenced
this pull request
Sep 9, 2020
…omain whitelist (#8275) This is a config option ported over from DINUM's Sydent: matrix-org/sydent#285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to matrix-org/synapse#8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
3 times, most recently
from
39ff352
to
87bdc6d
Compare
We needed to switch the admin import as else it tries to import relatively, and we end up importing the wrong module.
anoadragon453
force-pushed
the
anoa/password_reset_confirmation
branch
from
87bdc6d
to
c5af421
Compare
anoadragon453
added a commit
that referenced
this pull request
Sep 10, 2020
This PR adds a information about forwarding `/_synapse/client` endpoints through your reverse proxy. The first of these endpoints are introduced in #8004.
richvdh
added a commit
that referenced
this pull request
Oct 1, 2020
Synapse 1.21.0rc1 (2020-10-01) ============================== Features -------- - Require the user to confirm that their password should be reset after clicking the email confirmation link. ([\#8004](#8004)) - Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel. ([\#8217](#8217)) - Consolidate the SSO error template across all configuration. ([\#8248](#8248), [\#8405](#8405)) - Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. ([\#8275](#8275), [\#8417](#8417)) - Add experimental support for sharding event persister. ([\#8294](#8294), [\#8387](#8387), [\#8396](#8396), [\#8419](#8419)) - Add the room topic and avatar to the room details admin API. ([\#8305](#8305)) - Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. ([\#8306](#8306)) - Add `uk.half-shot.msc2778.login.application_service` login type to allow appservices to login. ([\#8320](#8320)) - Add a configuration option that allows existing users to log in with OpenID Connect. Contributed by @BBBSnowball and @OmmyZhang. ([\#8345](#8345)) - Add prometheus metrics for replication requests. ([\#8406](#8406)) - Support passing additional single sign-on parameters to the client. ([\#8413](#8413)) - Add experimental reporting of metrics on expensive rooms for state-resolution. ([\#8420](#8420)) - Add experimental prometheus metric to track numbers of "large" rooms for state resolutiom. ([\#8425](#8425)) - Add prometheus metrics to track federation delays. ([\#8430](#8430)) Bugfixes -------- - Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7. ([\#7124](#7124)) - Fix inconsistent handling of non-existent push rules, and stop tracking the `enabled` state of removed push rules. ([\#7796](#7796)) - Fix a longstanding bug when storing a media file with an empty `upload_name`. ([\#7905](#7905)) - Fix messages not being sent over federation until an event is sent into the same room. ([\#8230](#8230), [\#8247](#8247), [\#8258](#8258), [\#8272](#8272), [\#8322](#8322)) - Fix a longstanding bug where files that could not be thumbnailed would result in an Internal Server Error. ([\#8236](#8236), [\#8435](#8435)) - Upgrade minimum version of `canonicaljson` to version 1.4.0, to fix an unicode encoding issue. ([\#8262](#8262)) - Fix longstanding bug which could lead to incomplete database upgrades on SQLite. ([\#8265](#8265)) - Fix stack overflow when stderr is redirected to the logging system, and the logging system encounters an error. ([\#8268](#8268)) - Fix a bug which cause the logging system to report errors, if `DEBUG` was enabled and no `context` filter was applied. ([\#8278](#8278)) - Fix edge case where push could get delayed for a user until a later event was pushed. ([\#8287](#8287)) - Fix fetching malformed events from remote servers. ([\#8324](#8324)) - Fix `UnboundLocalError` from occuring when appservices send a malformed register request. ([\#8329](#8329)) - Don't send push notifications to expired user accounts. ([\#8353](#8353)) - Fix a regression in v1.19.0 with reactivating users through the admin API. ([\#8362](#8362)) - Fix a bug where during device registration the length of the device name wasn't limited. ([\#8364](#8364)) - Include `guest_access` in the fields that are checked for null bytes when updating `room_stats_state`. Broke in v1.7.2. ([\#8373](#8373)) - Fix theoretical race condition where events are not sent down `/sync` if the synchrotron worker is restarted without restarting other workers. ([\#8374](#8374)) - Fix a bug which could cause errors in rooms with malformed membership events, on servers using sqlite. ([\#8385](#8385)) - Fix "Re-starting finished log context" warning when receiving an event we already had over federation. ([\#8398](#8398)) - Fix incorrect handling of timeouts on outgoing HTTP requests. ([\#8400](#8400)) - Fix a regression in v1.20.0 in the `synapse_port_db` script regarding the `ui_auth_sessions_ips` table. ([\#8410](#8410)) - Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2. ([\#8414](#8414)) Improved Documentation ---------------------- - Add `/_synapse/client` to the reverse proxy documentation. ([\#8227](#8227)) - Add note to the reverse proxy settings documentation about disabling Apache's mod_security2. Contributed by Julian Fietkau (@jfietkau). ([\#8375](#8375)) - Improve description of `server_name` config option in `homserver.yaml`. ([\#8415](#8415)) Deprecations and Removals ------------------------- - Drop support for `prometheus_client` older than 0.4.0. ([\#8426](#8426)) Internal Changes ---------------- - Fix tests on distros which disable TLSv1.0. Contributed by @danc86. ([\#8208](#8208)) - Simplify the distributor code to avoid unnecessary work. ([\#8216](#8216)) - Remove the `populate_stats_process_rooms_2` background job and restore functionality to `populate_stats_process_rooms`. ([\#8243](#8243)) - Clean up type hints for `PaginationConfig`. ([\#8250](#8250), [\#8282](#8282)) - Track the latest event for every destination and room for catch-up after federation outage. ([\#8256](#8256)) - Fix non-user visible bug in implementation of `MultiWriterIdGenerator.get_current_token_for_writer`. ([\#8257](#8257)) - Switch to the JSON implementation from the standard library. ([\#8259](#8259)) - Add type hints to `synapse.util.async_helpers`. ([\#8260](#8260)) - Simplify tests that mock asynchronous functions. ([\#8261](#8261)) - Add type hints to `StreamToken` and `RoomStreamToken` classes. ([\#8279](#8279)) - Change `StreamToken.room_key` to be a `RoomStreamToken` instance. ([\#8281](#8281)) - Refactor notifier code to correctly use the max event stream position. ([\#8288](#8288)) - Use slotted classes where possible. ([\#8296](#8296)) - Support testing the local Synapse checkout against the [Complement homeserver test suite](https://github.com/matrix-org/complement/). ([\#8317](#8317)) - Update outdated usages of `metaclass` to python 3 syntax. ([\#8326](#8326)) - Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this. ([\#8330](#8330), [\#8377](#8377)) - Use the `admin_patterns` helper in additional locations. ([\#8331](#8331)) - Fix test logging to allow braces in log output. ([\#8335](#8335)) - Remove `__future__` imports related to Python 2 compatibility. ([\#8337](#8337)) - Simplify `super()` calls to Python 3 syntax. ([\#8344](#8344)) - Fix bad merge from `release-v1.20.0` branch to `develop`. ([\#8354](#8354)) - Factor out a `_send_dummy_event_for_room` method. ([\#8370](#8370)) - Improve logging of state resolution. ([\#8371](#8371)) - Add type annotations to `SimpleHttpClient`. ([\#8372](#8372)) - Refactor ID generators to use `async with` syntax. ([\#8383](#8383)) - Add `EventStreamPosition` type. ([\#8388](#8388)) - Create a mechanism for marking tests "logcontext clean". ([\#8399](#8399)) - A pair of tiny cleanups in the federation request code. ([\#8401](#8401)) - Add checks on startup that PostgreSQL sequences are consistent with their associated tables. ([\#8402](#8402)) - Do not include appservice users when calculating the total MAU for a server. ([\#8404](#8404)) - Typing fixes for `synapse.handlers.federation`. ([\#8422](#8422)) - Various refactors to simplify stream token handling. ([\#8423](#8423)) - Make stream token serializing/deserializing async. ([\#8427](#8427))
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Oct 17, 2020
Synapse 1.21.2 (2020-10-15) =========================== Debian packages and Docker images have been rebuilt using the latest versions of dependency libraries, including authlib 0.15.1. Please see bugfixes below. Security advisory ----------------- * HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks. All server administrators are encouraged to upgrade. ([\#8444](matrix-org/synapse#8444)) ([CVE-2020-26891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26891)) This fix was originally included in v1.21.0 but was missing a security advisory. This was reported by [Denis Kasak](https://github.com/dkasak). Bugfixes -------- - Fix rare bug where sending an event would fail due to a racey assertion. ([\#8530](matrix-org/synapse#8530)) - An updated version of the authlib dependency is included in the Docker and Debian images to fix an issue using OpenID Connect. See [\#8534](matrix-org/synapse#8534) for details. Synapse 1.21.1 (2020-10-13) =========================== This release fixes a regression in v1.21.0 that prevented debian packages from being built. It is otherwise identical to v1.21.0. Synapse 1.21.0 (2020-10-12) =========================== No significant changes since v1.21.0rc3. As [noted in v1.20.0](https://github.com/matrix-org/synapse/blob/release-v1.21.0/CHANGES.md#synapse-1200-2020-09-22), a future release will drop support for accessing Synapse's [Admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) under the `/_matrix/client/*` endpoint prefixes. At that point, the Admin API will only be accessible under `/_synapse/admin`. Synapse 1.21.0rc3 (2020-10-08) ============================== Bugfixes -------- - Fix duplication of events on high traffic servers, caused by PostgreSQL `could not serialize access due to concurrent update` errors. ([\#8456](matrix-org/synapse#8456)) Internal Changes ---------------- - Add Groovy Gorilla to the list of distributions we build `.deb`s for. ([\#8475](matrix-org/synapse#8475)) Synapse 1.21.0rc2 (2020-10-02) ============================== Features -------- - Convert additional templates from inline HTML to Jinja2 templates. ([\#8444](matrix-org/synapse#8444)) Bugfixes -------- - Fix a regression in v1.21.0rc1 which broke thumbnails of remote media. ([\#8438](matrix-org/synapse#8438)) - Do not expose the experimental `uk.half-shot.msc2778.login.application_service` flow in the login API, which caused a compatibility problem with Element iOS. ([\#8440](matrix-org/synapse#8440)) - Fix malformed log line in new federation "catch up" logic. ([\#8442](matrix-org/synapse#8442)) - Fix DB query on startup for negative streams which caused long start up times. Introduced in [\#8374](matrix-org/synapse#8374). ([\#8447](matrix-org/synapse#8447)) Synapse 1.21.0rc1 (2020-10-01) ============================== Features -------- - Require the user to confirm that their password should be reset after clicking the email confirmation link. ([\#8004](matrix-org/synapse#8004)) - Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel. ([\#8217](matrix-org/synapse#8217)) - Consolidate the SSO error template across all configuration. ([\#8248](matrix-org/synapse#8248), [\#8405](matrix-org/synapse#8405)) - Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. ([\#8275](matrix-org/synapse#8275), [\#8417](matrix-org/synapse#8417)) - Add experimental support for sharding event persister. ([\#8294](matrix-org/synapse#8294), [\#8387](matrix-org/synapse#8387), [\#8396](matrix-org/synapse#8396), [\#8419](matrix-org/synapse#8419)) - Add the room topic and avatar to the room details admin API. ([\#8305](matrix-org/synapse#8305)) - Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. ([\#8306](matrix-org/synapse#8306)) - Add `uk.half-shot.msc2778.login.application_service` login type to allow appservices to login. ([\#8320](matrix-org/synapse#8320)) - Add a configuration option that allows existing users to log in with OpenID Connect. Contributed by @BBBSnowball and @OmmyZhang. ([\#8345](matrix-org/synapse#8345)) - Add prometheus metrics for replication requests. ([\#8406](matrix-org/synapse#8406)) - Support passing additional single sign-on parameters to the client. ([\#8413](matrix-org/synapse#8413)) - Add experimental reporting of metrics on expensive rooms for state-resolution. ([\#8420](matrix-org/synapse#8420)) - Add experimental prometheus metric to track numbers of "large" rooms for state resolutiom. ([\#8425](matrix-org/synapse#8425)) - Add prometheus metrics to track federation delays. ([\#8430](matrix-org/synapse#8430)) Bugfixes -------- - Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7. ([\#7124](matrix-org/synapse#7124)) - Fix inconsistent handling of non-existent push rules, and stop tracking the `enabled` state of removed push rules. ([\#7796](matrix-org/synapse#7796)) - Fix a longstanding bug when storing a media file with an empty `upload_name`. ([\#7905](matrix-org/synapse#7905)) - Fix messages not being sent over federation until an event is sent into the same room. ([\#8230](matrix-org/synapse#8230), [\#8247](matrix-org/synapse#8247), [\#8258](matrix-org/synapse#8258), [\#8272](matrix-org/synapse#8272), [\#8322](matrix-org/synapse#8322)) - Fix a longstanding bug where files that could not be thumbnailed would result in an Internal Server Error. ([\#8236](matrix-org/synapse#8236), [\#8435](matrix-org/synapse#8435)) - Upgrade minimum version of `canonicaljson` to version 1.4.0, to fix an unicode encoding issue. ([\#8262](matrix-org/synapse#8262)) - Fix longstanding bug which could lead to incomplete database upgrades on SQLite. ([\#8265](matrix-org/synapse#8265)) - Fix stack overflow when stderr is redirected to the logging system, and the logging system encounters an error. ([\#8268](matrix-org/synapse#8268)) - Fix a bug which cause the logging system to report errors, if `DEBUG` was enabled and no `context` filter was applied. ([\#8278](matrix-org/synapse#8278)) - Fix edge case where push could get delayed for a user until a later event was pushed. ([\#8287](matrix-org/synapse#8287)) - Fix fetching malformed events from remote servers. ([\#8324](matrix-org/synapse#8324)) - Fix `UnboundLocalError` from occuring when appservices send a malformed register request. ([\#8329](matrix-org/synapse#8329)) - Don't send push notifications to expired user accounts. ([\#8353](matrix-org/synapse#8353)) - Fix a regression in v1.19.0 with reactivating users through the admin API. ([\#8362](matrix-org/synapse#8362)) - Fix a bug where during device registration the length of the device name wasn't limited. ([\#8364](matrix-org/synapse#8364)) - Include `guest_access` in the fields that are checked for null bytes when updating `room_stats_state`. Broke in v1.7.2. ([\#8373](matrix-org/synapse#8373)) - Fix theoretical race condition where events are not sent down `/sync` if the synchrotron worker is restarted without restarting other workers. ([\#8374](matrix-org/synapse#8374)) - Fix a bug which could cause errors in rooms with malformed membership events, on servers using sqlite. ([\#8385](matrix-org/synapse#8385)) - Fix "Re-starting finished log context" warning when receiving an event we already had over federation. ([\#8398](matrix-org/synapse#8398)) - Fix incorrect handling of timeouts on outgoing HTTP requests. ([\#8400](matrix-org/synapse#8400)) - Fix a regression in v1.20.0 in the `synapse_port_db` script regarding the `ui_auth_sessions_ips` table. ([\#8410](matrix-org/synapse#8410)) - Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2. ([\#8414](matrix-org/synapse#8414)) Improved Documentation ---------------------- - Add `/_synapse/client` to the reverse proxy documentation. ([\#8227](matrix-org/synapse#8227)) - Add note to the reverse proxy settings documentation about disabling Apache's mod_security2. Contributed by Julian Fietkau (@jfietkau). ([\#8375](matrix-org/synapse#8375)) - Improve description of `server_name` config option in `homserver.yaml`. ([\#8415](matrix-org/synapse#8415)) Deprecations and Removals ------------------------- - Drop support for `prometheus_client` older than 0.4.0. ([\#8426](matrix-org/synapse#8426)) Internal Changes ---------------- - Fix tests on distros which disable TLSv1.0. Contributed by @danc86. ([\#8208](matrix-org/synapse#8208)) - Simplify the distributor code to avoid unnecessary work. ([\#8216](matrix-org/synapse#8216)) - Remove the `populate_stats_process_rooms_2` background job and restore functionality to `populate_stats_process_rooms`. ([\#8243](matrix-org/synapse#8243)) - Clean up type hints for `PaginationConfig`. ([\#8250](matrix-org/synapse#8250), [\#8282](matrix-org/synapse#8282)) - Track the latest event for every destination and room for catch-up after federation outage. ([\#8256](matrix-org/synapse#8256)) - Fix non-user visible bug in implementation of `MultiWriterIdGenerator.get_current_token_for_writer`. ([\#8257](matrix-org/synapse#8257)) - Switch to the JSON implementation from the standard library. ([\#8259](matrix-org/synapse#8259)) - Add type hints to `synapse.util.async_helpers`. ([\#8260](matrix-org/synapse#8260)) - Simplify tests that mock asynchronous functions. ([\#8261](matrix-org/synapse#8261)) - Add type hints to `StreamToken` and `RoomStreamToken` classes. ([\#8279](matrix-org/synapse#8279)) - Change `StreamToken.room_key` to be a `RoomStreamToken` instance. ([\#8281](matrix-org/synapse#8281)) - Refactor notifier code to correctly use the max event stream position. ([\#8288](matrix-org/synapse#8288)) - Use slotted classes where possible. ([\#8296](matrix-org/synapse#8296)) - Support testing the local Synapse checkout against the [Complement homeserver test suite](https://github.com/matrix-org/complement/). ([\#8317](matrix-org/synapse#8317)) - Update outdated usages of `metaclass` to python 3 syntax. ([\#8326](matrix-org/synapse#8326)) - Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this. ([\#8330](matrix-org/synapse#8330), [\#8377](matrix-org/synapse#8377)) - Use the `admin_patterns` helper in additional locations. ([\#8331](matrix-org/synapse#8331)) - Fix test logging to allow braces in log output. ([\#8335](matrix-org/synapse#8335)) - Remove `__future__` imports related to Python 2 compatibility. ([\#8337](matrix-org/synapse#8337)) - Simplify `super()` calls to Python 3 syntax. ([\#8344](matrix-org/synapse#8344)) - Fix bad merge from `release-v1.20.0` branch to `develop`. ([\#8354](matrix-org/synapse#8354)) - Factor out a `_send_dummy_event_for_room` method. ([\#8370](matrix-org/synapse#8370)) - Improve logging of state resolution. ([\#8371](matrix-org/synapse#8371)) - Add type annotations to `SimpleHttpClient`. ([\#8372](matrix-org/synapse#8372)) - Refactor ID generators to use `async with` syntax. ([\#8383](matrix-org/synapse#8383)) - Add `EventStreamPosition` type. ([\#8388](matrix-org/synapse#8388)) - Create a mechanism for marking tests "logcontext clean". ([\#8399](matrix-org/synapse#8399)) - A pair of tiny cleanups in the federation request code. ([\#8401](matrix-org/synapse#8401)) - Add checks on startup that PostgreSQL sequences are consistent with their associated tables. ([\#8402](matrix-org/synapse#8402)) - Do not include appservice users when calculating the total MAU for a server. ([\#8404](matrix-org/synapse#8404)) - Typing fixes for `synapse.handlers.federation`. ([\#8422](matrix-org/synapse#8422)) - Various refactors to simplify stream token handling. ([\#8423](matrix-org/synapse#8423)) - Make stream token serializing/deserializing async. ([\#8427](matrix-org/synapse#8427))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. The base template looks like:
This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
Reviewable commit-by-commit.