Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove the requirement to authenticate for /admin/server_version. #5122

Merged
merged 3 commits into from May 7, 2019

Conversation

3 participants
@richvdh
Copy link
Member

commented May 1, 2019

This endpoint isn't much use for its intended purpose if you first need to
get yourself an admin's auth token.

I've restricted it to the /_synapse/admin path to make it a bit easier to
lock down for those concerned about exposing this information. I don't
imagine anyone is using it in anger currently.

Based on #5120.

@richvdh richvdh requested a review from matrix-org/synapse-core May 1, 2019

@richvdh richvdh added this to In progress in Homeserver Task Board via automation May 1, 2019

@richvdh richvdh force-pushed the rav/deauth_versions branch from b2d3274 to b6ec1c2 May 6, 2019

@codecov

This comment has been minimized.

Copy link

commented May 6, 2019

Codecov Report

Merging #5122 into develop will decrease coverage by 0.04%.
The diff coverage is 42.42%.

@@             Coverage Diff             @@
##           develop    #5122      +/-   ##
===========================================
- Coverage    61.69%   61.65%   -0.05%     
===========================================
  Files          336      335       -1     
  Lines        34551    34500      -51     
  Branches      5674     5669       -5     
===========================================
- Hits         21317    21270      -47     
+ Misses       11706    11704       -2     
+ Partials      1528     1526       -2
@codecov

This comment has been minimized.

Copy link

commented May 6, 2019

Codecov Report

Merging #5122 into develop will decrease coverage by 0.01%.
The diff coverage is 80%.

@@             Coverage Diff             @@
##           develop    #5122      +/-   ##
===========================================
- Coverage    61.69%   61.68%   -0.02%     
===========================================
  Files          336      336              
  Lines        34551    34549       -2     
  Branches      5674     5674              
===========================================
- Hits         21317    21312       -5     
- Misses       11706    11708       +2     
- Partials      1528     1529       +1

richvdh added some commits May 6, 2019

Remove the requirement to authenticate for /admin/server_version.
This endpoint isn't much use for its intended purpose if you first need to get
yourself an admin's auth token.

I've restricted it to the `/_synapse/admin` path to make it a bit easier to
lock down for those concerned about exposing this information. I don't imagine
anyone is using it in anger currently.

@richvdh richvdh force-pushed the rav/deauth_versions branch from fc5c9cf to cf016d3 May 6, 2019

@richvdh richvdh merged commit 59e2d26 into develop May 7, 2019

24 checks passed

buildkite/synapse Build #1257 passed (13 minutes, 13 seconds)
Details
buildkite/synapse/check-sample-config Passed (1 minute, 12 seconds)
Details
buildkite/synapse/isort Passed (15 seconds)
Details
buildkite/synapse/newspaper-newsfile Passed (17 seconds)
Details
buildkite/synapse/packaging Passed (19 seconds)
Details
buildkite/synapse/pep-8 Passed (54 seconds)
Details
buildkite/synapse/pipeline Passed (2 seconds)
Details
buildkite/synapse/python-2-dot-7-slash-postgres-9-dot-4 Passed (11 minutes, 19 seconds)
Details
buildkite/synapse/python-2-dot-7-slash-postgres-9-dot-5 Passed (11 minutes, 21 seconds)
Details
buildkite/synapse/python-2-dot-7-slash-sqlite Passed (6 minutes, 20 seconds)
Details
buildkite/synapse/python-2-dot-7-slash-sqlite-slash-old-deps Passed (7 minutes, 41 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-postgres-9-dot-4 Passed (12 minutes, 8 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-postgres-9-dot-5 Passed (12 minutes, 6 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-sqlite Passed (7 minutes, 9 seconds)
Details
buildkite/synapse/python-3-dot-6-slash-sqlite Passed (7 minutes, 5 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-11 Passed (12 minutes, 4 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-9-dot-5 Passed (12 minutes, 2 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-sqlite Passed (7 minutes, 4 seconds)
Details
ci/circleci: sytestpy2merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy2postgresmerged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3postgresmerged Your tests passed on CircleCI!
Details
codecov/patch 80% of diff hit (target 0%)
Details
codecov/project 61.68% (target 0%)
Details

Homeserver Task Board automation moved this from In progress to Done May 7, 2019

@richvdh richvdh deleted the rav/deauth_versions branch May 7, 2019

anoadragon453 added a commit that referenced this pull request May 10, 2019

Merge branch 'develop' into anoa/blacklist_ip_ranges
* develop: (45 commits)
  URL preview blacklisting fixes (#5155)
  Revert 085ae34
  Add a DUMMY stage to captcha-only registration flow
  Make Prometheus snippet less confusing on the metrics collection doc (#4288)
  Set syslog identifiers in systemd units (#5023)
  Run Black on the tests again (#5170)
  Add AllowEncodedSlashes to apache (#5068)
  remove instructions for jessie installation (#5164)
  Run `black` on per_destination_queue
  Limit the number of EDUs in transactions to 100 as expected by receiver (#5138)
  Fix bogus imports in tests (#5154)
  add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
  Do checks on aliases for incoming m.room.aliases events (#5128)
  Remove the requirement to authenticate for /admin/server_version. (#5122)
  Fix spelling in server notices admin API docs (#5142)
  Fix sample config
  0.99.3.2
  include disco in deb build target list
  changelog
  Debian: we now need libpq-dev.
  ...
@RicoNosa

This comment has been minimized.

Copy link

commented May 22, 2019

So, since 0.99.4 the API should be here /_synapse/admin/v1/server_version and doesn't require admin token right ?
It was working fine with the old path in 0.99.3.2 (+admin token)
But now I get the nginx 404 not found page.

`<html>
    <head>
        <title>404 Not Found</title>
    </head>
    <body bgcolor="white">
        <center>
            <h1>404 Not Found</h1>
        </center>
        <hr>
        <center>nginx/1.10.3</center>
    </body>
</html>`

Tried :

  • old path + token
  • old path without token
  • new path + token
  • new path without token

Plus,
While /_matrix/client/r0/admin/whois/ is still working, /_synapse/admin/v1/whois/ is not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.