Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Support SAML in the user interactive authentication workflow. #7102

Merged
merged 10 commits into from
Apr 1, 2020

Conversation

clokep
Copy link
Member

@clokep clokep commented Mar 18, 2020

This aims to accomplish a portion of #5667:

  • Update validate_user_via_ui_auth to return m.login.sso for homeservers which use sso login
  • Implement a handler for /_matrix/client/r0/auth/m.login.sso/fallback/web which shows a confirmation page, and redirects to the SAML server.
  • Update the SAML return page handlers to behave differently for a UI auth flow, and:
    • Update the UI Auth session
    • Return the fallback completion page

TODO

This is currently based on #7115.

Testing

SAML

I was testing SAML by first generally following the directions at docs/dev/saml.md to create a user. Note that I also had to set the following in the config:

public_baseurl: http://localhost:8080/

Then to test the UI Auth workflow:

  1. Add a debug line so you can see what UI-Auth sessions are getting created in Synapse:
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -494,6 +494,7 @@ class AuthHandler(BaseHandler):
             while session_id is None or session_id in self.sessions:
                 session_id = stringutils.random_string(24)
             self.sessions[session_id] = {"id": session_id}
+            print("Created new session: %s" % session_id)
 
         return self.sessions[session_id]
 
  1. Restart Synapse to pick up the change.
  2. Go to the "User Details" page on https://capriza.github.io/samling/samling.html and click "Logout" (weirdly this doesn't show anything, refresh the page to ensure you're logged out).
  3. Perform an operation that dumps you into the UI Auth workflow (e.g. deleting a device).
  4. Check out the logs to get the session ID.
  5. Browse to http://localhost:8080/_matrix/client/r0/auth/org.matrix.login.sso/fallback/web?session=
  6. Read this, go through the SSO workflow.
  7. You should end up at a success page telling you to close the window.

Unfortunately at this point you're stuck since the client doesn't know the auth has completed.

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch 2 times, most recently from ff60017 to c79b150 Compare March 18, 2020 17:50
@clokep
Copy link
Member Author

clokep commented Mar 18, 2020

Some useful notes:

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch 4 times, most recently from a39b9a3 to 2769496 Compare March 19, 2020 19:32
@clokep
Copy link
Member Author

clokep commented Mar 19, 2020

Note that I don't think we have to worry about rate limiting in this code since the validation code handles this (in validate_user_via_ui_auth), specifically around:

# Check if we should be ratelimited due to too many previous failed attempts
self._failed_uia_attempts_ratelimiter.ratelimit(
user_id,
time_now_s=self._clock.time(),
rate_hz=self.hs.config.rc_login_failed_attempts.per_second,
burst_count=self.hs.config.rc_login_failed_attempts.burst_count,
update=False,
)
# build a list of supported flows
flows = [[login_type] for login_type in self._supported_login_types]
try:
result, params, _ = yield self.check_auth(flows, request_body, clientip)
except LoginError:
# Update the ratelimite to say we failed (`can_do_action` doesn't raise).
self._failed_uia_attempts_ratelimiter.can_do_action(
user_id,
time_now_s=self._clock.time(),
rate_hz=self.hs.config.rc_login_failed_attempts.per_second,
burst_count=self.hs.config.rc_login_failed_attempts.burst_count,
update=True,
)
raise

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch 2 times, most recently from d523496 to 4f883a2 Compare March 20, 2020 20:23
@clokep clokep requested a review from a team March 23, 2020 21:58
@clokep
Copy link
Member Author

clokep commented Mar 23, 2020

I think this is ready for some feedback. Note that the CAS code is untested, still trying to figure out a way to do that.

Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally looks like the right sort of thing to me!

synapse/handlers/auth.py Outdated Show resolved Hide resolved
synapse/handlers/auth.py Show resolved Hide resolved
synapse/handlers/auth.py Show resolved Hide resolved
synapse/handlers/saml_handler.py Outdated Show resolved Hide resolved
synapse/rest/client/v2_alpha/auth.py Outdated Show resolved Hide resolved
synapse/rest/client/v2_alpha/auth.py Outdated Show resolved Hide resolved
<body>
<div>
<p>
A client is trying to remove a device/add an email address/take over
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assuming that you know this text needs changing!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but thank you for marking it! 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any thoughts on how customizable we want this to be? Do we want the "reason" to be templated or static?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I understand the question. The "reason" is defined by the operation the client is requesting, so it needs to be substituted somehow?

It might be worth seeking some feedback in the "Write Club" room (#write-club-internal:matrix.org) for suggestions on what this page ought to look like.

synapse/handlers/saml_handler.py Outdated Show resolved Hide resolved
synapse/handlers/auth.py Outdated Show resolved Hide resolved
@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from 430fc3d to ac59964 Compare March 24, 2020 15:02
@clokep
Copy link
Member Author

clokep commented Mar 24, 2020

I completely rewrote the history of this branch to make it clearer (and removed the CAS support for this feature here). I'll do the CAS support in a separate branch since it ideally has some refactoring to go with it.

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from ac59964 to ef60b23 Compare March 24, 2020 15:08
@clokep clokep changed the title Support SSO in the user interactive authentication workflow. Support SAML in the user interactive authentication workflow. Mar 24, 2020
@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from ef60b23 to 0f91211 Compare March 24, 2020 17:09
@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from 0f91211 to a000f94 Compare March 26, 2020 19:09
@clokep clokep requested a review from richvdh March 26, 2020 20:39
@clokep
Copy link
Member Author

clokep commented Mar 26, 2020

@richvdh Setting review on this again to get your feedback in the comments. Not really ready for a full review again.

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from 392e0c3 to eb82002 Compare March 27, 2020 19:26
@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from eb82002 to 8b98b07 Compare March 30, 2020 13:33
@clokep clokep marked this pull request as ready for review March 30, 2020 13:34
@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from 8b98b07 to 31e570d Compare March 30, 2020 13:36
@clokep
Copy link
Member Author

clokep commented Mar 30, 2020

I was able to test this end-to-end with matrix-org/matrix-react-sdk#4292 and it worked well.

@clokep
Copy link
Member Author

clokep commented Mar 30, 2020

Looks like this needs a rebase actually.

@clokep clokep force-pushed the clokep/ui-interactive-auth-for-sso branch from 31e570d to 266e7d4 Compare March 30, 2020 14:03
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still need to fix up the template text.

lgtm otherwise.

synapse/handlers/auth.py Outdated Show resolved Hide resolved
@clokep clokep mentioned this pull request Mar 31, 2020
3 tasks
@clokep clokep requested a review from richvdh March 31, 2020 16:05
@clokep
Copy link
Member Author

clokep commented Mar 31, 2020

Requesting review on this for the implementation of the human readable descriptions.

Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm otherwise

synapse/rest/client/v2_alpha/register.py Outdated Show resolved Hide resolved
@clokep clokep merged commit b9930d2 into develop Apr 1, 2020
@clokep clokep deleted the clokep/ui-interactive-auth-for-sso branch April 1, 2020 12:48
anoadragon453 added a commit that referenced this pull request Apr 3, 2020
…ote_public_rooms_list_errors

* 'develop' of github.com:matrix-org/synapse: (79 commits)
  Reduce the number of calls to `resource.getrusage` (#7183)
  Remove some `run_in_background` calls in replication code (#7203)
  Revert "Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback""
  Revert "Revert "Improve the UX of the login fallback when using SSO (#7152)""
  Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback"
  Revert "Improve the UX of the login fallback when using SSO (#7152)"
  tweak changelog
  1.12.3
  Update docstring per review comments
  Fix device list update stream ids going backward (#7158)
  Fix the debian build in a better way. (#7212)
  Fix changelog wording
  1.12.2
  Pin Pillow>=4.3.0,<7.1.0 to fix dep issue
  1.12.1
  review comment
  1.12.1
  Support SAML in the user interactive authentication workflow. (#7102)
  Allow admins to create aliases when they are not in the room (#7191)
  Update postgres.md (#7119)
  ...
anoadragon453 added a commit that referenced this pull request Apr 3, 2020
…nc_is_server_admin_user_can_delete_alias

* 'develop' of github.com:matrix-org/synapse: (382 commits)
  Convert http.HTTPStatus objects to their int equivalent (#7188)
  Reduce the number of calls to `resource.getrusage` (#7183)
  Remove some `run_in_background` calls in replication code (#7203)
  Revert "Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback""
  Revert "Revert "Improve the UX of the login fallback when using SSO (#7152)""
  Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback"
  Revert "Improve the UX of the login fallback when using SSO (#7152)"
  tweak changelog
  1.12.3
  Update docstring per review comments
  Fix device list update stream ids going backward (#7158)
  Fix the debian build in a better way. (#7212)
  Fix changelog wording
  1.12.2
  Pin Pillow>=4.3.0,<7.1.0 to fix dep issue
  1.12.1
  review comment
  1.12.1
  Support SAML in the user interactive authentication workflow. (#7102)
  Allow admins to create aliases when they are not in the room (#7191)
  ...
anoadragon453 added a commit that referenced this pull request Apr 3, 2020
…benchmark-lrucache

* 'develop' of github.com:matrix-org/synapse: (484 commits)
  Convert http.HTTPStatus objects to their int equivalent (#7188)
  Reduce the number of calls to `resource.getrusage` (#7183)
  Remove some `run_in_background` calls in replication code (#7203)
  Revert "Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback""
  Revert "Revert "Improve the UX of the login fallback when using SSO (#7152)""
  Revert "Merge pull request #7153 from matrix-org/babolivier/sso_whitelist_login_fallback"
  Revert "Improve the UX of the login fallback when using SSO (#7152)"
  tweak changelog
  1.12.3
  Update docstring per review comments
  Fix device list update stream ids going backward (#7158)
  Fix the debian build in a better way. (#7212)
  Fix changelog wording
  1.12.2
  Pin Pillow>=4.3.0,<7.1.0 to fix dep issue
  1.12.1
  review comment
  1.12.1
  Support SAML in the user interactive authentication workflow. (#7102)
  Allow admins to create aliases when they are not in the room (#7191)
  ...
clokep added a commit that referenced this pull request May 19, 2020
Synapse 1.13.0 (2020-05-19)
===========================

This release brings some potential changes necessary for certain
configurations of Synapse:

* If your Synapse is configured to use SSO and have a custom
  `sso_redirect_confirm_template_dir` configuration option set, you will need
  to duplicate the new `sso_auth_confirm.html`, `sso_auth_success.html` and
  `sso_account_deactivated.html` templates into that directory.
* Synapse plugins using the `complete_sso_login` method of
  `synapse.module_api.ModuleApi` should instead switch to the async/await
  version, `complete_sso_login_async`, which includes additional checks. The
  former version is now deprecated.
* A bug was introduced in Synapse 1.4.0 which could cause the room directory
  to be incomplete or empty if Synapse was upgraded directly from v1.2.1 or
  earlier, to versions between v1.4.0 and v1.12.x.

Please review [UPGRADE.rst](https://github.com/matrix-org/synapse/blob/master/UPGRADE.rst)
for more details on these changes and for general upgrade guidance.

Notice of change to the default `git` branch for Synapse
--------------------------------------------------------

With the release of Synapse 1.13.0, the default `git` branch for Synapse has
changed to `develop`, which is the development tip. This is more consistent with
common practice and modern `git` usage.

The `master` branch, which tracks the latest release, is still available. It is
recommended that developers and distributors who have scripts which run builds
using the default branch of Synapse should therefore consider pinning their
scripts to `master`.

Features
--------

- Extend the `web_client_location` option to accept an absolute URL to use as a redirect. Adds a warning when running the web client on the same hostname as homeserver. Contributed by Martin Milata. ([\#7006](#7006))
- Set `Referrer-Policy` header to `no-referrer` on media downloads. ([\#7009](#7009))
- Add support for running replication over Redis when using workers. ([\#7040](#7040), [\#7325](#7325), [\#7352](#7352), [\#7401](#7401), [\#7427](#7427), [\#7439](#7439), [\#7446](#7446), [\#7450](#7450), [\#7454](#7454))
- Admin API `POST /_synapse/admin/v1/join/<roomIdOrAlias>` to join users to a room like `auto_join_rooms` for creation of users. ([\#7051](#7051))
- Add options to prevent users from changing their profile or associated 3PIDs. ([\#7096](#7096))
- Support SSO in the user interactive authentication workflow. ([\#7102](#7102), [\#7186](#7186), [\#7279](#7279), [\#7343](#7343))
- Allow server admins to define and enforce a password policy ([MSC2000](matrix-org/matrix-spec-proposals#2000)). ([\#7118](#7118))
- Improve the support for SSO authentication on the login fallback page. ([\#7152](#7152), [\#7235](#7235))
- Always whitelist the login fallback in the SSO configuration if `public_baseurl` is set. ([\#7153](#7153))
- Admin users are no longer required to be in a room to create an alias for it. ([\#7191](#7191))
- Require admin privileges to enable room encryption by default. This does not affect existing rooms. ([\#7230](#7230))
- Add a config option for specifying the value of the Accept-Language HTTP header when generating URL previews. ([\#7265](#7265))
- Allow `/requestToken` endpoints to hide the existence (or lack thereof) of 3PID associations on the homeserver. ([\#7315](#7315))
- Add a configuration setting to tweak the threshold for dummy events. ([\#7422](#7422))

Bugfixes
--------

- Don't attempt to use an invalid sqlite config if no database configuration is provided. Contributed by @nekatak. ([\#6573](#6573))
- Fix single-sign on with CAS systems: pass the same service URL when requesting the CAS ticket and when calling the `proxyValidate` URL. Contributed by @Naugrimm. ([\#6634](#6634))
- Fix missing field `default` when fetching user-defined push rules. ([\#6639](#6639))
- Improve error responses when accessing remote public room lists. ([\#6899](#6899), [\#7368](#7368))
- Transfer alias mappings on room upgrade. ([\#6946](#6946))
- Ensure that a user interactive authentication session is tied to a single request. ([\#7068](#7068), [\#7455](#7455))
- Fix a bug in the federation API which could cause occasional "Failed to get PDU" errors. ([\#7089](#7089))
- Return the proper error (`M_BAD_ALIAS`) when a non-existant canonical alias is provided. ([\#7109](#7109))
- Fix a bug which meant that groups updates were not correctly replicated between workers. ([\#7117](#7117))
- Fix starting workers when federation sending not split out. ([\#7133](#7133))
- Ensure `is_verified` is a boolean in responses to `GET /_matrix/client/r0/room_keys/keys`. Also warn the user if they forgot the `version` query param. ([\#7150](#7150))
- Fix error page being shown when a custom SAML handler attempted to redirect when processing an auth response. ([\#7151](#7151))
- Avoid importing `sqlite3` when using the postgres backend. Contributed by David Vo. ([\#7155](#7155))
- Fix excessive CPU usage by `prune_old_outbound_device_pokes` job. ([\#7159](#7159))
- Fix a bug which could cause outbound federation traffic to stop working if a client uploaded an incorrect e2e device signature. ([\#7177](#7177))
- Fix a bug which could cause incorrect 'cyclic dependency' error. ([\#7178](#7178))
- Fix a bug that could cause a user to be invited to a server notices (aka System Alerts) room without any notice being sent. ([\#7199](#7199))
- Fix some worker-mode replication handling not being correctly recorded in CPU usage stats. ([\#7203](#7203))
- Do not allow a deactivated user to login via SSO. ([\#7240](#7240), [\#7259](#7259))
- Fix --help command-line argument. ([\#7249](#7249))
- Fix room publish permissions not being checked on room creation. ([\#7260](#7260))
- Reject unknown session IDs during user interactive authentication instead of silently creating a new session. ([\#7268](#7268))
- Fix a SQL query introduced in Synapse 1.12.0 which could cause large amounts of logging to the postgres slow-query log. ([\#7274](#7274))
- Persist user interactive authentication sessions across workers and Synapse restarts. ([\#7302](#7302))
- Fixed backwards compatibility logic of the first value of `trusted_third_party_id_servers` being used for `account_threepid_delegates.email`, which occurs when the former, deprecated option is set and the latter is not. ([\#7316](#7316))
- Fix a bug where event updates might not be sent over replication to worker processes after the stream falls behind. ([\#7337](#7337), [\#7358](#7358))
- Fix bad error handling that would cause Synapse to crash if it's provided with a YAML configuration file that's either empty or doesn't parse into a key-value map. ([\#7341](#7341))
- Fix incorrect metrics reporting for `renew_attestations` background task. ([\#7344](#7344))
- Prevent non-federating rooms from appearing in responses to federated `POST /publicRoom` requests when a filter was included. ([\#7367](#7367))
- Fix a bug which would cause the room durectory to be incorrectly populated if Synapse was upgraded directly from v1.2.1 or earlier to v1.4.0 or later. Note that this fix does not apply retrospectively; see the [upgrade notes](UPGRADE.rst#upgrading-to-v1130) for more information. ([\#7387](#7387))
- Fix bug in `EventContext.deserialize`. ([\#7393](#7393))
- Fix a long-standing bug which could cause messages not to be sent over federation, when state events with state keys matching user IDs (such as custom user statuses) were received. ([\#7376](#7376))
- Restore compatibility with non-compliant clients during the user interactive authentication process, fixing a problem introduced in v1.13.0rc1. ([\#7483](#7483))
- Hash passwords as early as possible during registration. ([\#7523](#7523))

Improved Documentation
----------------------

- Update Debian installation instructions to recommend installing the `virtualenv` package instead of `python3-virtualenv`. ([\#6892](#6892))
- Improve the documentation for database configuration. ([\#6988](#6988))
- Improve the documentation of application service configuration files. ([\#7091](#7091))
- Update pre-built package name for FreeBSD. ([\#7107](#7107))
- Update postgres docs with login troubleshooting information. ([\#7119](#7119))
- Clean up INSTALL.md a bit. ([\#7141](#7141))
- Add documentation for running a local CAS server for testing. ([\#7147](#7147))
- Improve README.md by being explicit about public IP recommendation for TURN relaying. ([\#7167](#7167))
- Fix a small typo in the `metrics_flags` config option. ([\#7171](#7171))
- Update the contributed documentation on managing synapse workers with systemd, and bring it into the core distribution. ([\#7234](#7234))
- Add documentation to the `password_providers` config option. Add known password provider implementations to docs. ([\#7238](#7238), [\#7248](#7248))
- Modify suggested nginx reverse proxy configuration to match Synapse's default file upload size. Contributed by @ProCycleDev. ([\#7251](#7251))
- Documentation of media_storage_providers options updated to avoid misunderstandings. Contributed by Tristan Lins. ([\#7272](#7272))
- Add documentation on monitoring workers with Prometheus. ([\#7357](#7357))
- Clarify endpoint usage in the users admin api documentation. ([\#7361](#7361))

Deprecations and Removals
-------------------------

- Remove nonfunctional `captcha_bypass_secret` option from `homeserver.yaml`. ([\#7137](#7137))

Internal Changes
----------------

- Add benchmarks for LruCache. ([\#6446](#6446))
- Return total number of users and profile attributes in admin users endpoint. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#6881](#6881))
- Change device list streams to have one row per ID. ([\#7010](#7010))
- Remove concept of a non-limited stream. ([\#7011](#7011))
- Move catchup of replication streams logic to worker. ([\#7024](#7024), [\#7195](#7195), [\#7226](#7226), [\#7239](#7239), [\#7286](#7286), [\#7290](#7290), [\#7318](#7318), [\#7326](#7326), [\#7378](#7378), [\#7421](#7421))
- Convert some of synapse.rest.media to async/await. ([\#7110](#7110), [\#7184](#7184), [\#7241](#7241))
- De-duplicate / remove unused REST code for login and auth. ([\#7115](#7115))
- Convert `*StreamRow` classes to inner classes. ([\#7116](#7116))
- Clean up some LoggingContext code. ([\#7120](#7120), [\#7181](#7181), [\#7183](#7183), [\#7408](#7408), [\#7426](#7426))
- Add explicit `instance_id` for USER_SYNC commands and remove implicit `conn_id` usage. ([\#7128](#7128))
- Refactored the CAS authentication logic to a separate class. ([\#7136](#7136))
- Run replication streamers on workers. ([\#7146](#7146))
- Add tests for outbound device pokes. ([\#7157](#7157))
- Fix device list update stream ids going backward. ([\#7158](#7158))
- Use `stream.current_token()` and remove `stream_positions()`. ([\#7172](#7172))
- Move client command handling out of TCP protocol. ([\#7185](#7185))
- Move server command handling out of TCP protocol. ([\#7187](#7187))
- Fix consistency of HTTP status codes reported in log lines. ([\#7188](#7188))
- Only run one background database update at a time. ([\#7190](#7190))
- Remove sent outbound device list pokes from the database. ([\#7192](#7192))
- Add a background database update job to clear out duplicate `device_lists_outbound_pokes`. ([\#7193](#7193))
- Remove some extraneous debugging log lines. ([\#7207](#7207))
- Add explicit Python build tooling as dependencies for the snapcraft build. ([\#7213](#7213))
- Add typing information to federation server code. ([\#7219](#7219))
- Extend room admin api (`GET /_synapse/admin/v1/rooms`) with additional attributes. ([\#7225](#7225))
- Unblacklist '/upgrade creates a new room' sytest for workers. ([\#7228](#7228))
- Remove redundant checks on `daemonize` from synctl. ([\#7233](#7233))
- Upgrade jQuery to v3.4.1 on fallback login/registration pages. ([\#7236](#7236))
- Change log line that told user to implement onLogin/onRegister fallback js functions to a warning, instead of an info, so it's more visible. ([\#7237](#7237))
- Correct the parameters of a test fixture. Contributed by Isaiah Singletary. ([\#7243](#7243))
- Convert auth handler to async/await. ([\#7261](#7261))
- Add some unit tests for replication. ([\#7278](#7278))
- Improve typing annotations in `synapse.replication.tcp.streams.Stream`. ([\#7291](#7291))
- Reduce log verbosity of url cache cleanup tasks. ([\#7295](#7295))
- Fix sample SAML Service Provider configuration. Contributed by @frcl. ([\#7300](#7300))
- Fix StreamChangeCache to work with multiple entities changing on the same stream id. ([\#7303](#7303))
- Fix an incorrect import in IdentityHandler. ([\#7319](#7319))
- Reduce logging verbosity for successful federation requests. ([\#7321](#7321))
- Convert some federation handler code to async/await. ([\#7338](#7338))
- Fix collation for postgres for unit tests. ([\#7359](#7359))
- Convert RegistrationWorkerStore.is_server_admin and dependent code to async/await. ([\#7363](#7363))
- Add an `instance_name` to `RDATA` and `POSITION` replication commands. ([\#7364](#7364))
- Thread through instance name to replication client. ([\#7369](#7369))
- Convert synapse.server_notices to async/await. ([\#7394](#7394))
- Convert synapse.notifier to async/await. ([\#7395](#7395))
- Fix issues with the Python package manifest. ([\#7404](#7404))
- Prevent methods in `synapse.handlers.auth` from polling the homeserver config every request. ([\#7420](#7420))
- Speed up fetching device lists changes when handling `/sync` requests. ([\#7423](#7423))
- Run group attestation renewal in series rather than parallel for performance. ([\#7442](#7442))
- Fix linting errors in new version of Flake8. ([\#7470](#7470))
- Update the version of dh-virtualenv we use to build debs, and add focal to the list of target distributions. ([\#7526](#7526))
phil-flex pushed a commit to phil-flex/synapse that referenced this pull request Jun 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants