Bump version

https://forum.cloudron.io/topic/7285/request-include-s3-storage-module

CHANGELOG.md

@@ -421,3 +421,324 @@
 * Improve performance after joining a large room when presence is enabled. (#9910, #9916)
 * Support stable identifiers for MSC1772 Spaces. m.space.child events will now be taken into account when populating the experimental spaces summary response. Please see the upgrade notes if you have customised room_invite_state_types in your configuration. (#9915, #9966)
 * Improve performance of backfilling in large rooms. (#9935)
+
+[1.25.0]
+* Update Synapse to 1.35.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.35.0)
+* Add experimental support to allow a user who could join a restricted room to view it in the spaces summary. (#9922, #10007, #10038)
+* Reduce memory usage when joining very large rooms over federation. (#9958)
+* Add a configuration option which allows enabling opentracing by user id. (#9978)
+* Enable experimental support for MSC2946 (spaces summary API) and MSC3083 (restricted join rules) by default. (#10011)
+
+[1.25.1]
+* Update Synapse to 1.35.1
+* Fix a bug introduced in v1.35.0 where invite-only rooms would be shown to all users in a space, regardless of if the user had access to it. (#10109)
+
+[1.26.0]
+* Update Synapse to 1.36.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.36.0)
+
+[1.27.0]
+* Update Synapse to 1.38.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.38.0)
+* Implement refresh tokens as specified by MSC2918. (#9450)
+* Add support for evicting cache entries based on last access time. (#10205)
+* Omit empty fields from the /sync response. Contributed by @deepbluev7. (#10214)
+* Improve validation on federation send_{join,leave,knock} endpoints. (#10225, #10243)
+* Mark events received over federation which fail a spam check as "soft-failed". (#10263)
+* Add metrics for new inbound federation staging area. (#10284)
+* Add script to print information about recently registered users. (#10290)
+
+[1.27.1]
+* Update Synapse to 1.38.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.38.1)
+
+[1.28.0]
+* Update Synapse to 1.39.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.39.0)
+
+[1.29.0]
+* Update Synapse to 1.40.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.40.0)
+
+[1.30.0]
+* Update Synapse to 1.41.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.41.0)
+
+[1.30.1]
+* Send logs to the console
+* Fix postinstall message about federation
+
+[1.30.2]
+* Update Synapse to 1.41.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.41.1)
+* GHSA-3x4c-pq33-4w3q / CVE-2021-39164: Enumerating a private room's list of members and their display names.
+* GHSA-jj53-8fmw-f2w2 / CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members.
+
+[1.31.0]
+* Update Synapse to 1.42.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.42.0)
+* Support room version 9 from MSC3375. (#10747)
+* Add support for MSC3231: Token authenticated registration. Users can be required to submit a token during registration to authenticate themselves. Contributed by Callum Brown. (#10142)
+* Add support for MSC3283: Expose enable_set_displayname in capabilities. (#10452)
+* Port the PresenceRouter module interface to the new generic interface. (#10524)
+* Add pagination to the spaces summary based on updates to MSC2946. (#10613, #10725)
+
+[1.32.0]
+* Update Synapse to 1.43.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.43.0)
+
+[1.33.0]
+* Update Synapse to 1.44.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.44.0)
+* Only allow the MSC2716 /batch_send?chunk_id=xxx endpoint to connect to an already existing insertion event. (#10776)
+* Improve oEmbed URL previews by processing the author name, photo, and video information. (#10814, #10819)
+* Speed up responding with large JSON objects to requests. (#10868, #10905)
+* Add a user_may_create_room_with_invites spam checker callback to allow modules to allow or deny a room creation request based on the invites and/or 3PID invites it includes. (#10898)
+
+[1.34.0]
+* Update Synapse to 1.45.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.45.0)
+* Fix a long-standing bug when using multiple event persister workers where events were not correctly sent down /sync due to a race. (#11045)
+* Fix a bug introduced in Synapse 1.45.0rc1 where the user directory would stop updating if it processed an event from a user not in the users table. (#11053)
+* Fix a bug introduced in Synapse 1.44.0 when logging errors during oEmbed processing. (#11061)
+
+[1.34.1]
+* Update Synapse to 1.45.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.45.1)
+* Revert change to counting of deactivated users towards the monthly active users limit, introduced in 1.45.0rc1. (#11127)
+
+[1.35.0]
+* Update Synapse to 1.46.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.46.0)
+* Fix a bug introduced in v1.46.0rc1 where URL previews of some XML documents would fail. (#11196)
+
+[1.36.0]
+* Update Synapse to 1.47.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.47.0)
+* Fix a bug introduced in 1.47.0rc1 which caused worker processes to not halt startup in the presence of outstanding database migrations. (#11346)
+* Fix a bug introduced in 1.47.0rc1 which prevented the 'remove deleted devices from device_inbox column' background process from running when updating from a recent Synapse version. (#11303, #11353)
+
+[1.36.1]
+* Update Synapse to 1.47.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.47.1)
+* GHSA-3hfw-x7gx-437c / CVE-2021-41281: Path traversal when downloading remote media.
+
+[1.37.0]
+* Update Synapse to 1.48.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.48.0)
+
+[1.38.0]
+* Update Synapse to 1.49.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.49.0)
+
+[1.38.1]
+* Update Synapse to 1.49.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.49.2)
+
+[1.38.2]
+* Update Synapse to 1.50.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.50.1)
+
+[1.38.3]
+* Update Synapse to 1.50.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.50.2)
+* Fix a bug introduced in Synapse 1.40.0 that caused Synapse to fail to process incoming federation traffic after handling a large amount of events in a v1 room. (#11806)
+
+[1.38.4]
+* Update Synapse to 1.51.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.51.0)
+
+[1.38.5]
+* Update Synapse to 1.52.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.52.0)
+* Remove account data (including client config, push rules and ignored users) upon user deactivation. (#11621, #11788, #11789)
+* Add an admin API to reset connection timeouts for remote server. (#11639)
+* Add an admin API to get a list of rooms that federate with a given remote homeserver. (#11658)
+* Add a config flag to inhibit M_USER_IN_USE during registration. (#11743)
+* Add a module callback to set username at registration. (#11790)
+* Allow configuring a maximum file size as well as a list of allowed content types for avatars. (#11846)
+
+[1.38.6]
+* Update Synapse to 1.53.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.53.0)
+* Add experimental support for sending to-device messages to application services, as specified by MSC2409. (#11215, #11966)
+* Add a background database update to purge account data for deactivated users. (#11655)
+* Experimental support for MSC3666: including bundled aggregations in server side search results. (#11837)
+* Enable cache time-based expiry by default. The expiry_time config flag has been superseded by expire_caches and cache_entry_ttl. (#11849)
+* Add a callback to allow modules to allow or forbid a 3PID (email address, phone number) from being associated to a local account. (#11854)
+* Stabilize support and remove unstable endpoints for MSC3231. Clients must switch to the stable identifier and endpoint. See the upgrade notes for more information. (#11867)
+* Allow modules to retrieve the current instance's server name and worker name. (#11868)
+* Use a dedicated configurable rate limiter for 3PID invites. (#11892)
+* Support the stable API endpoint for MSC3283: new settings in /capabilities endpoint. (#11933, #11989)
+* Support the dir parameter on the /relations endpoint, per MSC3715. (#11941)
+* Experimental implementation of MSC3706: extensions to /send_join to support reduced response size. (#11967)
+
+[1.39.0]
+* Update Synapse to 1.54.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.54.0)
+* Fix a bug introduced in Synapse 1.54.0rc1 preventing the new module callbacks introduced in this release from being registered by modules. (#12141)
+* Fix a bug introduced in Synapse 1.54.0rc1 where runtime dependency version checks would mistakenly check development dependencies if they were present and would not accept pre-release versions of dependencies. (#12129, #12177)
+
+[1.40.0]
+* Update Synapse to 1.55.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.55.0)
+* Add third-party rules callbacks check_can_shutdown_room and check_can_deactivate_user. (#12028)
+* Improve performance of logging in for large accounts. (#12132)
+* Support the stable identifiers from MSC3440: threads. (#12151)
+* Add a new Jinja2 template filter to extract the local part of an email address. (#12212)
+
+[1.40.1]
+* Update Synapse to 1.55.2
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.55.2)
+
+[1.41.0]
+* Update Synapse to 1.57.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.57.0)
+
+[1.41.1]
+* Update Synapse to 1.57.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.57.1)
+
+[1.42.0]
+* Update Synapse to 1.58.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.58.0)
+* Implement MSC3383 for including the destination in server-to-server authentication headers. Contributed by @Bubu and @jcgruenhage for Famedly. (#11398)
+* Enable processing of device list updates asynchronously. (#12365, #12465)
+* Implement MSC2815 to allow room moderators to view redacted event content. Contributed by @tulir @ Beeper. (#12427)
+
+[1.43.0]
+* Update Synapse to 1.59.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.59.0)
+
+[1.43.1]
+* Update Synapse to 1.59.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.59.1)
+
+[1.44.0]
+* Update Synapse to 1.60.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.60.0)
+* Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. (#12883)
+* Explicitly close ijson coroutines once we are done with them, instead of leaving the garbage collector to close them. (#12875)
+* Improve URL previews by not including the content of media tags in the generated description. (#12887)
+
+[1.45.0]
+* Update Synapse to 1.61.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.61.0)
+* Add new media_retention options to the homeserver config for routinely cleaning up non-recently accessed media. (#12732, #12972, #12977)
+* Experimental support for MSC3772: Push rule for mutually related events. (#12740, #12859)
+* Update to the check_event_for_spam module callback: Deprecate the current callback signature, replace it with a new signature that is both less ambiguous (replacing booleans with explicit allow/block) and more powerful (ability to return explicit error codes). (#12808)
+* Add storage and module API methods to get monthly active users (and their corresponding appservices) within an optionally specified time range. (#12838, #12917)
+* Support the new error code ORG.MATRIX.MSC3823.USER_ACCOUNT_SUSPENDED from MSC3823. (#12845, #12923)
+* Add a configurable background job to delete stale devices. (#12855)
+* Improve URL previews for pages with empty elements. (#12951)
+* Allow updating a user's password using the admin API without logging out their devices. Contributed by @jcgruenhage. (#12952)
+
+[1.45.1]
+* Add s3 storage provider module
+
+[1.45.2]
+* Update Synapse to 1.61.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.61.1)
+* Linkify GHSA commit
+
+[1.46.0]
+* Update Synapse to 1.62.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.62.0)
+
+[1.47.0]
+* Update Synapse to 1.63.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.63.0)
+
+[1.47.1]
+* Update Synapse to 1.63.1
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.63.1)
+* Fix a bug introduced in Synapse 1.63.0 where push actions were incorrectly calculated for appservice users. This caused performance issues on servers with large numbers of appservices. (#13332)
+
+[1.48.0]
+* Update Synapse to 1.64.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.64.0)
+
+[1.49.0]
+* Update Synapse to 1.65.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.65.0)
+* Add support for stable prefixes for MSC2285 (private read receipts). (#13273)
+* Add new unstable error codes ORG.MATRIX.MSC3848.ALREADY_JOINED, ORG.MATRIX.MSC3848.NOT_JOINED, and ORG.MATRIX.MSC3848.INSUFFICIENT_POWER described in MSC3848. (#13343)
+* Use stable prefixes for MSC3827. (#13370)
+* Add a new module API method to translate a room alias into a room ID. (#13428)
+* Add a new module API method to create a room. (#13429)
+
+[1.49.1]
+* Add oidc module
+
+[1.49.2]
+* Update Synapse to 1.66.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.66.0)
+
+[1.50.0]
+* Update Synapse to 1.67.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.67.0)
+* Support setting the registration shared secret in a file, via a new `registration_shared_secret_path` configuration option.
+* Change the default startup behaviour so that any missing "additional" configuration files (signing key, etc) are generated automatically.
+* Improve performance of sending messages in rooms with thousands of local users.
+
+[1.51.0]
+* Update Synapse to 1.68.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.68.0)
+* Fix packaging to include Cargo.lock in sdist. (#13909)
+* Fix building from packaged sdist. Broken in v1.68.0rc1. (#13866)
+* Fix the release script not publishing binary wheels. (#13850)
+* Lower minimum supported rustc version to 1.58.1. (#13857)
+* Lock Rust dependencies' versions. (#13858)
+* Keep track of when we fail to process a pulled event over federation so we can intelligently back off in the future. (#13589, #13814)
+* Add an admin API endpoint to fetch messages within a particular window of time. (#13672)
+* Add an admin API endpoint to find a user based on their external ID in an auth provider. (#13810)
+* Cancel the processing of key query requests when they time out. (#13680)
+* Improve validation of request bodies for the following client-server API endpoints: /account/3pid/msisdn/requestToken, /org.matrix.msc3720/account_status, /account/3pid/add, /account/3pid/bind, /account/3pid/delete and /account/3pid/unbind. (#13687, #13736)
+* Document the timestamp when a user accepts the consent, if consent tracking is used. (#13741)
+* Add a listeners[x].request_id_header configuration option to specify which request header to extract and use as the request ID in order to correlate requests from a reverse proxy. (#13801)
+* Fix a bug introduced in Synapse 1.41.0 where the /hierarchy API returned non-standard information (a room_id field under each entry in children_state). (#13506)
+* Fix a long-standing bug where previously rejected events could end up in room state because they pass auth checks given the current state of the room. (#13723)
+* Fix a long-standing bug where Synapse fails to start if a signing key file contains an empty line. (#13738)
+* Fix a long-standing bug where Synapse would fail to handle malformed user IDs or room aliases gracefully in certain cases. (#13746)
+* Fix a long-standing bug where device lists would remain cached when remote users left and rejoined the last room shared with the local homeserver. (#13749, #13826)
+* Fix a long-standing bug that could cause stale caches in some rare cases on the first startup of Synapse with replication. (#13766)
+* Fix a long-standing spec compliance bug where Synapse would accept a trailing slash on the end of /get_missing_events federation requests. (#13789)
+* Delete associated data from event_failed_pull_attempts, insertion_events, insertion_event_extremities, insertion_event_extremities, insertion_event_extremities when purging the room. (#13825)
+
+[1.52.0]
+* Update Synapse to 1.69.0
+* [Full changelog](https://github.com/matrix-org/synapse/releases/tag/v1.69.0)
+* Fix poor performance of the event_push_backfill_thread_id background update, which was introduced in Synapse 1.68.0rc1. (#14172, #14181)
+* Fix an issue with Docker images causing the Rust dependencies to not be pinned correctly. Introduced in v1.68.0 (#14129)
+* Fix a bug introduced in Synapse 1.69.0rc1 which would cause registration replication requests to fail if the worker sending the request is not running Synapse 1.69. (#14135)
+* Fix error in background update when rotating existing notifications. Introduced in v1.69.0rc2. (#14138)
+* Allow application services to set the origin_server_ts of a state event by providing the query parameter ts in PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}, per MSC3316. Contributed by @lukasdenk. (#11866)
+* Allow server admins to require a manual approval process before new accounts can be used (using MSC3866). (#13556)
+* Exponentially backoff from backfilling the same event over and over. (#13635, #13936)
+* Add cache invalidation across workers to module API. (#13667, #13947)
+* Experimental implementation of MSC3882 to allow an existing device/session to generate a login token for use on a new device/session. (#13722, #13868)
+* Experimental support for thread-specific receipts (MSC3771). (#13782, #13893, #13932, #13937, #13939)
+* Add experimental support for MSC3881: Remotely toggle push notifications for another client. (#13799, #13831, #13860)
+* Keep track when an event pulled over federation fails its signature check so we can intelligently back-off in the future. (#13815)
+* Improve validation for the unspecced, internal-only _matrix/client/unstable/add_threepid/msisdn/submit_token endpoint. (#13832)
+* Faster remote room joins: record when we first partial-join to a room. (#13892)
+* Support a dir parameter on the /relations endpoint per MSC3715. (#13920)
+* Ask mail servers receiving emails from Synapse to not send automatic replies (e.g. out-of-office responses). (#13957)
+* Send push notifications for invites received over federation. (#13719, #14014)
+* Fix a long-standing bug where typing events would be accepted from remote servers not present in a room. Also fix a bug where incoming typing events would cause other incoming events to get stuck during a fast join. (#13830)
+* Fix a bug introduced in Synapse v1.53.0 where the experimental implementation of MSC3715 would give incorrect results when paginating forward. (#13840)
+* Fix access token leak to logs from proxy agent. (#13855)
+* Fix have_seen_event cache not being invalidated after we persist an event which causes inefficiency effects like extra /state federation calls. (#13863)
+* Faster room joins: Fix a bug introduced in 1.66.0 where an error would be logged when syncing after joining a room. (#13872)
+* Fix a bug introduced in 1.66.0 where some required fields in the pushrules sent to clients were not present anymore. Contributed by Nico. (#13904)
+* Fix packaging to include Cargo.lock in sdist. (#13909)
+* Fix a long-standing bug where device updates could cause delays sending out to-device messages over federation. (#13922)
+* Fix a bug introduced in v1.68.0 where Synapse would require setuptools_rust at runtime, even though the package is only required at build time. (#13952)
+* Fix a long-standing bug where POST /_matrix/client/v3/keys/query requests could result in excessively large SQL queries. (#13956)
+* Fix a performance regression in the get_users_in_room database query. Introduced in v1.67.0. (#13972)
+* Fix a bug introduced in v1.68.0 bug where Rust extension wasn't built in release mode when using poetry install. (#14009)
+* Do not return an unspecified original_event field when using the stable /relations endpoint. Introduced in Synapse v1.57.0. (#14025)
+* Correctly handle a race with device lists when a remote user leaves during a partial join. (#13885)
+* Correctly handle sending local device list updates to remote servers during a partial join. (#13934)
+

CloudronManifest.json

@@ -3,9 +3,10 @@
   "title": "Matrix Synapse",
   "author": "Matrix synapse authors",
   "description": "file://DESCRIPTION.md",
-  "changelog": "file://CHANGELOG",
+  "changelog": "file://CHANGELOG.md",
   "tagline": "Secure & decentralized communication",
-  "version": "1.24.0",
+  "version": "1.52.0",
+  "upstreamVersion": "1.69.0",
   "healthCheckPath": "/",
   "httpPort": 8008,
   "memoryLimit": 536870912,
@@ -13,7 +14,7 @@
     "localstorage": {},
     "ldap": {},
     "postgresql": {},
-    "sendmail": {},
+    "sendmail": { "supportsDisplayName": true },
     "turn": {}
   },
   "manifestVersion": 2,
@@ -28,9 +29,8 @@
     "https://screenshots.cloudron.io/org.matrix.synapse/2.png",
     "https://screenshots.cloudron.io/org.matrix.synapse/3.png"
   ],
-  "changelog": "file://CHANGELOG",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "5.3.0",
+  "minBoxVersion": "7.2.0",
   "forumUrl": "https://forum.cloudron.io/category/50/matrix-synapse-riot",
   "documentationUrl": "https://docs.cloudron.io/apps/synapse/",
   "optionalSso": true

DESCRIPTION.md

@@ -1,12 +1,10 @@
-This app packages Synapse <upstream>1.34.0</upstream>.
-
 **This package only provides the Matrix backend. A variety of clients are available
 [here](https://matrix.org/clients/). Riot is a popular web frontend for Matrix and
 is available as a separate app.**
 
-Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
+## About
 
-## Matrix
+Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
 
 Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard, which handle:
 
@@ -18,7 +16,7 @@ Matrix specifies a set of pragmatic RESTful HTTP JSON APIs as an open standard,
 * Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers, Facebook accounts to authenticate, identify and discover users on Matrix.
 * Placing 1:1 VoIP and Video calls
 
-## Synapse
+## What is Synapse?
 
 Synapse is a reference "homeserver" implementation of Matrix from the core development
 team at matrix.org, written in Python/Twisted.

Dockerfile

@@ -1,5 +1,5 @@
-FROM cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92
+FROM cloudron/base:3.2.0@sha256:ba1d566164a67c266782545ea9809dc611c4152e27686fd14060332dd88263ea
-
+ 
 RUN mkdir -p /app/pkg
 
 WORKDIR /app/code
@@ -9,13 +9,13 @@ RUN virtualenv -p python3 /app/code/env
 ENV VIRTUAL_ENV=/app/code/env
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
-ARG VERSION=v1.34.0
+ARG VERSION=v1.69.0
 
 # Synapse (https://github.com/matrix-org/synapse/blob/master/INSTALL.md)
 # lxml - required for previews
 RUN pip install --upgrade pip && \
     pip install --upgrade setuptools && \
-    pip install matrix-synapse==${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2
+    pip install matrix-synapse==${VERSION} psycopg2-binary python-ldap matrix-synapse-ldap3 lxml publicsuffix2 git+https://github.com/matrix-org/synapse-s3-storage-provider.git@ffd3fa477321608e57d27644197e721965e0e858 matrix-synapse[oidc]
 
 RUN ln -sf /app/data/index.html /app/code/env/lib/python3.8/site-packages/synapse/static/index.html
 

POSTINSTALL.md

@@ -1,8 +1,6 @@
 Account ids are created with the username and the second level domain under which the
 app is installed e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-DOMAIN`.
 
-For federation to work, the second level domain has to be configured to serve up the
+For federation to work, the delegation URI `https://$CLOUDRON-APP-DOMAIN/.well-known/matrix/server`
-`.well-known/domain.com/matrix` URI. See the 
+must be configured. See the [docs](https://docs.cloudron.io/apps/synapse/#post-installation) on how to do this.
-[federation docs](https://cloudron.io/documentation/apps/synapse/) on
-how to do this.
 

homeserver.yaml.template

@@ -72,6 +72,7 @@ federation_ip_range_blacklist:
   - 'fc00::/7'
 
 enable_registration: false
+enable_registration_without_verification: true
 registration_shared_secret: "somesecret"
 allow_guest_access: false
 

start.sh

@@ -22,7 +22,10 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
     cp /app/pkg/homeserver.yaml.template /app/data/configs/homeserver.yaml
     mv /app/data/configs/${server_name}.log.config /app/data/configs/log.config
     yq eval -i ".log_config=\"/app/data/configs/log.config\"" /app/data/configs/homeserver.yaml
-    yq eval -i ".handlers.file.filename=\"/run/synapse/homeserver.log\"" /app/data/configs/log.config
+
+    # delete default file and buffer handlers
+    yq eval -i "del(.handlers.file)" /app/data/configs/log.config
+    yq eval -i "del(.handlers.buffer)" /app/data/configs/log.config
 
     mv /app/data/configs/${server_name}.signing.key /app/data/configs/signing.key
 
@@ -35,9 +38,15 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
     if [[ -z "${CLOUDRON_LDAP_SERVER:-}" ]]; then
         yq eval -i ".enable_registration=true" /app/data/configs/homeserver.yaml
         yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml
+        # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
+        yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
     fi
 fi
 
+echo "==> Ensure we log to console"
+yq eval -i ".root.handlers=[\"console\"]" /app/data/configs/log.config
+yq eval -i ".loggers.twisted.handlers=[\"console\"]" /app/data/configs/log.config
+
 [[ ! -f /app/data/index.html ]] && cp /app/pkg/index.html /app/data/index.html
 
 echo "==> Configuring synapse"
@@ -54,7 +63,7 @@ yq eval -i ".email.smtp_host=\"${CLOUDRON_MAIL_SMTP_SERVER}\"" /app/data/configs
 yq eval -i ".email.smtp_port=${CLOUDRON_MAIL_SMTP_PORT}" /app/data/configs/homeserver.yaml
 yq eval -i ".email.smtp_user=\"${CLOUDRON_MAIL_SMTP_USERNAME}\"" /app/data/configs/homeserver.yaml
 yq eval -i ".email.smtp_pass=\"${CLOUDRON_MAIL_SMTP_PASSWORD}\"" /app/data/configs/homeserver.yaml
-yq eval -i ".email.notif_from=\"%(app)s <${CLOUDRON_MAIL_FROM}>\"" /app/data/configs/homeserver.yaml
+yq eval -i ".email.notif_from=\"${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Matrix} <${CLOUDRON_MAIL_FROM}>\"" /app/data/configs/homeserver.yaml
 
 # ldap
 if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
@@ -67,6 +76,8 @@ if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
 
 else
     yq eval -i ".password_config.localdb_enabled=true" /app/data/configs/homeserver.yaml
+    # just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
+    yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
 fi
 
 # turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)

test/package.json

@@ -9,11 +9,11 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^90.0.0",
+    "chromedriver": "^106.0.1",
     "expect.js": "^0.3.1",
-    "mocha": "^8.4.0",
+    "mocha": "^10.1.0",
     "selenium-server-standalone-jar": "^3.141.59",
-    "selenium-webdriver": "^3.6.0",
+    "selenium-webdriver": "^4.5.0",
-    "superagent": "^6.1.0"
+    "superagent": "^8.0.0"
   }
 }

test/test.js

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 
-/* jslint node:true */
+/* jshint esversion: 8 */
-/* global it:false */
+/* global describe */
-/* global xit:false */
+/* global before */
-/* global describe:false */
+/* global after */
-/* global before:false */
+/* global it */
-/* global after:false */
+/* global xit */
 
 'use strict';
 
@@ -15,47 +15,42 @@ var execSync = require('child_process').execSync,
     expect = require('expect.js'),
     path = require('path'),
     superagent = require('superagent'),
-    webdriver = require('selenium-webdriver');
+    { Builder, By, Key, until } = require('selenium-webdriver'),
-
+    { Options } = require('selenium-webdriver/chrome');
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Key = require('selenium-webdriver').Key;
 
 describe('Application life cycle test', function () {
     this.timeout(0);
-    var server, browser = new webdriver.Builder().forBrowser('chrome').build();
 
-    var LOCATION = 'test';
+    const LOCATION = 'test';
-    var app;
+    const TEST_TIMEOUT = 10000;
-    var username = process.env.USERNAME;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
-    var password = process.env.PASSWORD;
+
-    var TIMEOUT = process.env.TIMEOUT | 30000;
+    const username = process.env.USERNAME;
+    const password = process.env.PASSWORD;
+
+    var app, browser;
     var token, roomId;
 
-    before(function (done) {
+    before(function () {
-        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
+        if (!process.env.USERNAME) throw new Error('USERNAME env var not set');
-        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
+        if (!process.env.PASSWORD) throw new Error('PASSWORD env var not set');
 
-        var seleniumJar= require('selenium-server-standalone-jar');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
-        var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
-        server = new SeleniumServer(seleniumJar.path, { port: 4444 });
-        server.start();
-
-        done();
     });
 
-    after(function (done) {
+    after(function () {
         browser.quit();
-        server.stop();
-        done();
     });
 
-    function checkLandingPage(done) {
+    function getAppInfo() {
-        browser.get('https://' + app.fqdn).then(function () {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
-            return browser.wait(until.elementLocated(by.xpath('//h1[contains(text(),"Synapse is running")]')), TIMEOUT);
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
-        }).then(function () {
+        expect(app).to.be.an('object');
-            done();
+    }
-        });
+
+    async function checkLandingPage() {
+        await browser.get(`https://${app.fqdn}`);
+        await browser.wait(until.elementLocated(By.xpath('//h1[contains(text(),"Synapse is running")]')), TEST_TIMEOUT);
     }
 
     // https://matrix.org/docs/spec/client_server/latest#user-interactive-api-in-the-rest-api
@@ -82,7 +77,7 @@ describe('Application life cycle test', function () {
                 if (error) return done(error);
                 if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
 
-                console.log('registered user with id', result.user_id);
+                console.log('registered user with id', result.body.user_id);
 
                 done();
             });
@@ -141,22 +136,12 @@ describe('Application life cycle test', function () {
         });
     }
 
-    xit('build app', function () {
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
     // No SSO
-    it('install app (no sso)', function () {
+    it('install app (no sso)', function () { execSync('cloudron install --no-sso --location ' + LOCATION, EXEC_ARGS); });
-        execSync('cloudron install --no-sso --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
-    it('can get app information', function () {
+    it('can get app information', getAppInfo);
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
-    });
 
     it('check landing page', checkLandingPage);
     it('can register new user', registerUser);
@@ -165,22 +150,12 @@ describe('Application life cycle test', function () {
     it('create room', createRoom);
     it('check room', checkRoom);
 
-    it('uninstall app', function () {
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
     // SSO
-    it('install app', function () {
+    it('install app', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
-    it('can get app information', function () {
+    it('can get app information', getAppInfo);
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
-    });
 
     it('check landing page', checkLandingPage);
     it('can login', checkLogin);
@@ -188,28 +163,22 @@ describe('Application life cycle test', function () {
     it('create room', createRoom);
     it('check room', checkRoom);
 
-    it('can restart app', function (done) {
+    it('can restart app', function () { execSync('cloudron restart'); });
-        execSync('cloudron restart');
-        done();
-    });
 
     it('check landing page', checkLandingPage);
     it('check room', checkRoom);
 
-    it('backup app', function () {
+    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
     it('check landing page', checkLandingPage);
     it('check room', checkRoom);
 
     it('restore app', function () {
         const backups = JSON.parse(execSync('cloudron backup list --raw'));
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-        execSync('cloudron install --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+        getAppInfo();
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
-        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
 
     it('check landing page', checkLandingPage);
@@ -217,40 +186,29 @@ describe('Application life cycle test', function () {
 
     it('move to different location', function () {
         browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron configure --location ' + LOCATION + '2', EXEC_ARGS);
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+        getAppInfo();
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
     });
 
     it('check landing page', checkLandingPage);
     it('check room', checkRoom);
 
-    it('uninstall app', function () {
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
     // test update
-    it('can install app', function () {
+    it('can install app', function () { execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, EXEC_ARGS); });
-        execSync('cloudron install --appstore-id org.matrix.synapse --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+
-        var inspect = JSON.parse(execSync('cloudron inspect'));
+    it('can get app information', getAppInfo);
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-        expect(app).to.be.an('object');
-    });
 
     it('check landing page', checkLandingPage);
     it('can login', checkLogin);
     it('create room', createRoom);
     it('check room', checkRoom);
 
-    it('can update', function () {
+    it('can update', function () { execSync('cloudron update --app ' + LOCATION, EXEC_ARGS); });
-        execSync('cloudron update --app ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
 
     it('check landing page', checkLandingPage);
     it('check room', checkRoom);
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-});
 
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
+});