diff --git a/CHANGES.md b/CHANGES.md
index 60961bf38dbac1dfd59927168c3e0dfe0bbd8c4f..862524f2084ee61ca4bb73ef95b709e436ec0e08 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,12 +1,28 @@
-Synapse 1.69.0rc1 (2022-10-04)
+Synapse 1.69.0rc2 (2022-10-06)
==============================
-
Please note that legacy Prometheus metric names are now deprecated and will be removed in Synapse 1.73.0.
Server administrators should update their dashboards and alerting rules to avoid using the deprecated metric names.
See the [upgrade notes](https://matrix-org.github.io/synapse/v1.69/upgrade.html#upgrading-to-v1690) for more details.
+Deprecations and Removals
+-------------------------
+
+- Deprecate the `generate_short_term_login_token` method in favor of an async `create_login_token` method in the Module API. ([\#13842](https://github.com/matrix-org/synapse/issues/13842))
+
+
+Internal Changes
+----------------
+
+- Ensure Synapse v1.69 works with upcoming database changes in v1.70. ([\#14045](https://github.com/matrix-org/synapse/issues/14045))
+- Fix a bug introduced in Synapse v1.68.0 where messages could not be sent in rooms with non-integer `notifications` power level. ([\#14073](https://github.com/matrix-org/synapse/issues/14073))
+- Temporarily pin build-system requirements to workaround an incompatibility with poetry-core 1.3.0. This will be reverted before the v1.69.0 release proper, see [\#14079](https://github.com/matrix-org/synapse/issues/14079). ([\#14080](https://github.com/matrix-org/synapse/issues/14080))
+
+
+Synapse 1.69.0rc1 (2022-10-04)
+==============================
+
Features
--------
diff --git a/debian/changelog b/debian/changelog
index 0f4dd28081ec55c64cd6252eb13cf95486e083fd..b228ef35fcee47a468884d8298a826612e748a0e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.69.0~rc2) stable; urgency=medium
+
+ * New Synapse release 1.69.0rc2.
+
+ -- Synapse Packaging team <packages@matrix.org> Thu, 06 Oct 2022 14:45:00 +0100
+
matrix-synapse-py3 (1.69.0~rc1) stable; urgency=medium
* The man page for the hash_password script has been updated to reflect
diff --git a/docs/upgrade.md b/docs/upgrade.md
index 002ef7005985d5ee1b660789fbe3272314913cf6..b81385b1918316244255aa4dfa26f968c8671cfa 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -128,6 +128,39 @@ you may specify `enable_legacy_metrics: false` in your homeserver configuration.
A list of affected metrics is available on the [Metrics How-to page](https://matrix-org.github.io/synapse/v1.69/metrics-howto.html?highlight=metrics%20deprecated#renaming-of-metrics--deprecation-of-old-names-in-12).
+## Deprecation of the `generate_short_term_login_token` module API method
+
+The following method of the module API has been deprecated, and is scheduled to
+be remove in v1.71.0:
+
+```python
+def generate_short_term_login_token(
+ self,
+ user_id: str,
+ duration_in_ms: int = (2 * 60 * 1000),
+ auth_provider_id: str = "",
+ auth_provider_session_id: Optional[str] = None,
+) -> str:
+ ...
+```
+
+It has been replaced by an asynchronous equivalent:
+
+```python
+async def create_login_token(
+ self,
+ user_id: str,
+ duration_in_ms: int = (2 * 60 * 1000),
+ auth_provider_id: Optional[str] = None,
+ auth_provider_session_id: Optional[str] = None,
+) -> str:
+ ...
+```
+
+Synapse will log a warning when a module uses the deprecated method, to help
+administrators find modules using it.
+
+
# Upgrading to v1.68.0
Two changes announced in the upgrade notes for v1.67.0 have now landed in v1.68.0.
diff --git a/mypy.ini b/mypy.ini
index 64f9097206d1f8cab064635abfd077f3cf4477a1..34b4523e007e1d60eebda79ce29e9e77bcad5912 100644
--- a/mypy.ini
+++ b/mypy.ini
@@ -106,6 +106,9 @@ disallow_untyped_defs = False
[mypy-tests.handlers.test_user_directory]
disallow_untyped_defs = True
+[mypy-tests.push.test_bulk_push_rule_evaluator]
+disallow_untyped_defs = True
+
[mypy-tests.test_server]
disallow_untyped_defs = True
diff --git a/pyproject.toml b/pyproject.toml
index 121f25f3a2404610219937f70127b555846019b3..5e36baf40dc62fe985d2b8462129465fed630fbd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -57,7 +57,7 @@ manifest-path = "rust/Cargo.toml"
[tool.poetry]
name = "matrix-synapse"
-version = "1.69.0rc1"
+version = "1.69.0rc2"
description = "Homeserver for the Matrix decentralised comms protocol"
authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
license = "Apache-2.0"
@@ -307,7 +307,7 @@ twine = "*"
towncrier = ">=18.6.0rc1"
[build-system]
-requires = ["poetry-core>=1.0.0", "setuptools_rust>=1.3"]
+requires = ["poetry-core==1.2.0", "setuptools_rust==1.5.2"]
build-backend = "poetry.core.masonry.api"
diff --git a/synapse/module_api/__init__.py b/synapse/module_api/__init__.py
index b7b2d3b8c5b6413b307629cc03d5005a96aa3831..6a6ae208d15740fb1556d4c8b30c2ef039350a69 100644
--- a/synapse/module_api/__init__.py
+++ b/synapse/module_api/__init__.py
@@ -748,6 +748,40 @@ class ModuleApi:
)
)
+ async def create_login_token(
+ self,
+ user_id: str,
+ duration_in_ms: int = (2 * 60 * 1000),
+ auth_provider_id: Optional[str] = None,
+ auth_provider_session_id: Optional[str] = None,
+ ) -> str:
+ """Create a login token suitable for m.login.token authentication
+
+ Added in Synapse v1.69.0.
+
+ Args:
+ user_id: gives the ID of the user that the token is for
+
+ duration_in_ms: the time that the token will be valid for
+
+ auth_provider_id: the ID of the SSO IdP that the user used to authenticate
+ to get this token, if any. This is encoded in the token so that
+ /login can report stats on number of successful logins by IdP.
+
+ auth_provider_session_id: The session ID got during login from the SSO IdP,
+ if any.
+ """
+ # The deprecated `generate_short_term_login_token` method defaulted to an empty
+ # string for the `auth_provider_id` because of how the underlying macaroon was
+ # generated. This will change to a proper NULL-able field when the tokens get
+ # moved to the database.
+ return self._hs.get_macaroon_generator().generate_short_term_login_token(
+ user_id,
+ auth_provider_id or "",
+ auth_provider_session_id,
+ duration_in_ms,
+ )
+
def generate_short_term_login_token(
self,
user_id: str,
@@ -759,6 +793,9 @@ class ModuleApi:
Added in Synapse v1.9.0.
+ This was deprecated in Synapse v1.69.0 in favor of create_login_token, and will
+ be removed in Synapse 1.71.0.
+
Args:
user_id: gives the ID of the user that the token is for
@@ -768,6 +805,11 @@ class ModuleApi:
to get this token, if any. This is encoded in the token so that
/login can report stats on number of successful logins by IdP.
"""
+ logger.warn(
+ "A module configured on this server uses ModuleApi.generate_short_term_login_token(), "
+ "which is deprecated in favor of ModuleApi.create_login_token(), and will be removed in "
+ "Synapse 1.71.0",
+ )
return self._hs.get_macaroon_generator().generate_short_term_login_token(
user_id,
auth_provider_id,
diff --git a/synapse/push/bulk_push_rule_evaluator.py b/synapse/push/bulk_push_rule_evaluator.py
index f8c4dd74f09f3104f403a2840abb803e0f334a1f..eced182fd5715db839e9d5c4debd1acb87f8eb32 100644
--- a/synapse/push/bulk_push_rule_evaluator.py
+++ b/synapse/push/bulk_push_rule_evaluator.py
@@ -294,11 +294,18 @@ class BulkPushRuleEvaluator:
# the parent is part of a thread.
thread_id = await self.store.get_thread_id(relation.parent_id) or "main"
+ # It's possible that old room versions have non-integer power levels (floats or
+ # strings). Workaround this by explicitly converting to int.
+ notification_levels = power_levels.get("notifications", {})
+ if not event.room_version.msc3667_int_only_power_levels:
+ for user_id, level in notification_levels.items():
+ notification_levels[user_id] = int(level)
+
evaluator = PushRuleEvaluator(
_flatten_dict(event),
room_member_count,
sender_power_level,
- power_levels.get("notifications", {}),
+ notification_levels,
relations,
self._relations_match_enabled,
)
diff --git a/tests/push/test_bulk_push_rule_evaluator.py b/tests/push/test_bulk_push_rule_evaluator.py
new file mode 100644
index 0000000000000000000000000000000000000000..675d7df2ac458bf5ebb3642411b992d2aa773a08
--- /dev/null
+++ b/tests/push/test_bulk_push_rule_evaluator.py
@@ -0,0 +1,74 @@
+from unittest.mock import patch
+
+from synapse.api.room_versions import RoomVersions
+from synapse.push.bulk_push_rule_evaluator import BulkPushRuleEvaluator
+from synapse.rest import admin
+from synapse.rest.client import login, register, room
+from synapse.types import create_requester
+
+from tests import unittest
+
+
+class TestBulkPushRuleEvaluator(unittest.HomeserverTestCase):
+
+ servlets = [
+ admin.register_servlets_for_client_rest_resource,
+ room.register_servlets,
+ login.register_servlets,
+ register.register_servlets,
+ ]
+
+ def test_action_for_event_by_user_handles_noninteger_power_levels(self) -> None:
+ """We should convert floats and strings to integers before passing to Rust.
+
+ Reproduces #14060.
+
+ A lack of validation: the gift that keeps on giving.
+ """
+ # Create a new user and room.
+ alice = self.register_user("alice", "pass")
+ token = self.login(alice, "pass")
+
+ room_id = self.helper.create_room_as(
+ alice, room_version=RoomVersions.V9.identifier, tok=token
+ )
+
+ # Alter the power levels in that room to include stringy and floaty levels.
+ # We need to suppress the validation logic or else it will reject these dodgy
+ # values. (Presumably this validation was not always present.)
+ event_creation_handler = self.hs.get_event_creation_handler()
+ requester = create_requester(alice)
+ with patch("synapse.events.validator.validate_canonicaljson"), patch(
+ "synapse.events.validator.jsonschema.validate"
+ ):
+ self.helper.send_state(
+ room_id,
+ "m.room.power_levels",
+ {
+ "users": {alice: "100"}, # stringy
+ "notifications": {"room": 100.0}, # float
+ },
+ token,
+ state_key="",
+ )
+
+ # Create a new message event, and try to evaluate it under the dodgy
+ # power level event.
+ event, context = self.get_success(
+ event_creation_handler.create_event(
+ requester,
+ {
+ "type": "m.room.message",
+ "room_id": room_id,
+ "content": {
+ "msgtype": "m.text",
+ "body": "helo",
+ },
+ "sender": alice,
+ },
+ )
+ )
+
+ bulk_evaluator = BulkPushRuleEvaluator(self.hs)
+ # should not raise
+ self.get_success(bulk_evaluator.action_for_event_by_user(event, context))