diff --git a/.ci/latest_deps_build_failed_issue_template.md b/.ci/latest_deps_build_failed_issue_template.md
new file mode 100644
index 000000000000..0525402503fd
--- /dev/null
+++ b/.ci/latest_deps_build_failed_issue_template.md
@@ -0,0 +1,4 @@
+---
+title: CI run against latest deps is failing
+---
+See https://github.com/{{env.GITHUB_REPOSITORY}}/actions/runs/{{env.GITHUB_RUN_ID}}
diff --git a/.dockerignore b/.dockerignore
index a236760cf1fd..7809863ef328 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -8,8 +8,4 @@
!pyproject.toml
!poetry.lock
-# TODO: remove these once we have moved over to using poetry-core in pyproject.toml
-!MANIFEST.in
-!setup.py
-
**/__pycache__
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 124b17458f45..d20d30c0353c 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -34,32 +34,24 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- # TODO: consider using https://github.com/docker/metadata-action instead of this
- # custom magic
- name: Calculate docker image tag
id: set-tag
- run: |
- case "${GITHUB_REF}" in
- refs/heads/develop)
- tag=develop
- ;;
- refs/heads/master|refs/heads/main)
- tag=latest
- ;;
- refs/tags/*)
- tag=${GITHUB_REF#refs/tags/}
- ;;
- *)
- tag=${GITHUB_SHA}
- ;;
- esac
- echo "::set-output name=tag::$tag"
+ uses: docker/metadata-action@master
+ with:
+ images: matrixdotorg/synapse
+ flavor: |
+ latest=false
+ tags: |
+ type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }}
+ type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+ type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+ type=pep440,pattern={{raw}}
- name: Build and push all platforms
uses: docker/build-push-action@v2
with:
push: true
labels: "gitsha1=${{ github.sha }}"
- tags: "matrixdotorg/synapse:${{ steps.set-tag.outputs.tag }}"
+ tags: "${{ steps.set-tag.outputs.tags }}"
file: "docker/Dockerfile"
platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/latest_deps.yml b/.github/workflows/latest_deps.yml
new file mode 100644
index 000000000000..c537a5a60f9f
--- /dev/null
+++ b/.github/workflows/latest_deps.yml
@@ -0,0 +1,159 @@
+# People who are freshly `pip install`ing from PyPI will pull in the latest versions of
+# dependencies which match the broad requirements. Since most CI runs are against
+# the locked poetry environment, run specifically against the latest dependencies to
+# know if there's an upcoming breaking change.
+#
+# As an overview this workflow:
+# - checks out develop,
+# - installs from source, pulling in the dependencies like a fresh `pip install` would, and
+# - runs mypy and test suites in that checkout.
+#
+# Based on the twisted trunk CI job.
+
+name: Latest dependencies
+
+on:
+ schedule:
+ - cron: 0 7 * * *
+ workflow_dispatch:
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+jobs:
+ mypy:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ # The dev dependencies aren't exposed in the wheel metadata (at least with current
+ # poetry-core versions), so we install with poetry.
+ - uses: matrix-org/setup-python-poetry@v1
+ with:
+ python-version: "3.x"
+ poetry-version: "1.2.0b1"
+ extras: "all"
+ # Dump installed versions for debugging.
+ - run: poetry run pip list > before.txt
+ # Upgrade all runtime dependencies only. This is intended to mimic a fresh
+ # `pip install matrix-synapse[all]` as closely as possible.
+ - run: poetry update --no-dev
+ - run: poetry run pip list > after.txt && (diff -u before.txt after.txt || true)
+ - name: Remove warn_unused_ignores from mypy config
+ run: sed '/warn_unused_ignores = True/d' -i mypy.ini
+ - run: poetry run mypy
+ trial:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ include:
+ - database: "sqlite"
+ - database: "postgres"
+ postgres-version: "14"
+
+ steps:
+ - uses: actions/checkout@v2
+ - run: sudo apt-get -qq install xmlsec1
+ - name: Set up PostgreSQL ${{ matrix.postgres-version }}
+ if: ${{ matrix.postgres-version }}
+ run: |
+ docker run -d -p 5432:5432 \
+ -e POSTGRES_PASSWORD=postgres \
+ -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
+ postgres:${{ matrix.postgres-version }}
+ - uses: actions/setup-python@v2
+ with:
+ python-version: "3.x"
+ - run: pip install .[all,test]
+ - name: Await PostgreSQL
+ if: ${{ matrix.postgres-version }}
+ timeout-minutes: 2
+ run: until pg_isready -h localhost; do sleep 1; done
+ - run: python -m twisted.trial --jobs=2 tests
+ env:
+ SYNAPSE_POSTGRES: ${{ matrix.database == 'postgres' || '' }}
+ SYNAPSE_POSTGRES_HOST: localhost
+ SYNAPSE_POSTGRES_USER: postgres
+ SYNAPSE_POSTGRES_PASSWORD: postgres
+ - name: Dump logs
+ # Logs are most useful when the command fails, always include them.
+ if: ${{ always() }}
+ # Note: Dumps to workflow logs instead of using actions/upload-artifact
+ # This keeps logs colocated with failing jobs
+ # It also ignores find's exit code; this is a best effort affair
+ run: >-
+ find _trial_temp -name '*.log'
+ -exec echo "::group::{}" \;
+ -exec cat {} \;
+ -exec echo "::endgroup::" \;
+ || true
+
+
+ sytest:
+ runs-on: ubuntu-latest
+ container:
+ image: matrixdotorg/sytest-synapse:testing
+ volumes:
+ - ${{ github.workspace }}:/src
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - sytest-tag: focal
+
+ - sytest-tag: focal
+ postgres: postgres
+ workers: workers
+ redis: redis
+ env:
+ POSTGRES: ${{ matrix.postgres && 1}}
+ WORKERS: ${{ matrix.workers && 1 }}
+ REDIS: ${{ matrix.redis && 1 }}
+ BLACKLIST: ${{ matrix.workers && 'synapse-blacklist-with-workers' }}
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Ensure sytest runs `pip install`
+ # Delete the lockfile so sytest will `pip install` rather than `poetry install`
+ run: rm /src/poetry.lock
+ working-directory: /src
+ - name: Prepare test blacklist
+ run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
+ - name: Run SyTest
+ run: /bootstrap.sh synapse
+ working-directory: /src
+ - name: Summarise results.tap
+ if: ${{ always() }}
+ run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
+ - name: Upload SyTest logs
+ uses: actions/upload-artifact@v2
+ if: ${{ always() }}
+ with:
+ name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.*, ', ') }})
+ path: |
+ /logs/results.tap
+ /logs/**/*.log*
+
+
+ # TODO: run complement (as with twisted trunk, see #12473).
+
+ # open an issue if the build fails, so we know about it.
+ open-issue:
+ if: failure()
+ needs:
+ # TODO: should mypy be included here? It feels more brittle than the other two.
+ - mypy
+ - trial
+ - sytest
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - uses: JasonEtco/create-an-issue@5d9504915f79f9cc6d791934b8ef34f2353dd74d # v2.5.0, 2020-12-06
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ update_existing: true
+ filename: .ci/latest_deps_build_failed_issue_template.md
+
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7946b76dba8c..efa35b71df18 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -15,18 +15,14 @@ jobs:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- - run: pip install -e .
+ - run: pip install .
- run: scripts-dev/generate_sample_config.sh --check
- run: scripts-dev/config-lint.sh
lint:
- # This does a vanilla `poetry install` - no extras. I'm slightly anxious
- # that we might skip some typechecks on code that uses extras. However,
- # I think the right way to fix this is to mark any extras needed for
- # typechecking as development dependencies. To detect this, we ought to
- # turn up mypy's strictness: disallow unknown imports and be accept fewer
- # uses of `Any`.
uses: "matrix-org/backend-meta/.github/workflows/python-poetry-ci.yml@v1"
+ with:
+ typechecking-extras: "all"
lint-crlf:
runs-on: ubuntu-latest
diff --git a/.github/workflows/twisted_trunk.yml b/.github/workflows/twisted_trunk.yml
index 8fc1affb7746..5f0671f3503a 100644
--- a/.github/workflows/twisted_trunk.yml
+++ b/.github/workflows/twisted_trunk.yml
@@ -24,6 +24,8 @@ jobs:
poetry remove twisted
poetry add --extras tls git+https://github.com/twisted/twisted.git#trunk
poetry install --no-interaction --extras "all test"
+ - name: Remove warn_unused_ignores from mypy config
+ run: sed '/warn_unused_ignores = True/d' -i mypy.ini
- run: poetry run mypy
trial:
diff --git a/.gitignore b/.gitignore
index c011cd27a4df..e58affb24125 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,8 +15,7 @@ _trial_temp*/
.DS_Store
__pycache__/
-# We do want the poetry lockfile. TODO: is there a good reason for ignoring
-# '*.lock' above? If not, let's nuke it.
+# We do want the poetry lockfile.
!poetry.lock
# stuff that is likely to exist when you run a server locally
diff --git a/CHANGES.md b/CHANGES.md
index 748f6833ca2c..e10ac0314abf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,9 +1,273 @@
-Synapse 1.57.0rc1 (2022-04-12)
+Synapse 1.59.1 (2022-05-18)
+===========================
+
+This release fixes a long-standing issue which could prevent Synapse's user directory for updating properly.
+
+Bugfixes
+----------------
+
+- Fix a long-standing bug where the user directory background process would fail to make forward progress if a user included a null codepoint in their display name or avatar. Contributed by Nick @ Beeper. ([\#12762](https://github.com/matrix-org/synapse/issues/12762))
+
+
+Synapse 1.59.0 (2022-05-17)
+===========================
+
+Synapse 1.59 makes several changes that server administrators should be aware of:
+
+- Device name lookup over federation is now disabled by default. ([\#12616](https://github.com/matrix-org/synapse/issues/12616))
+- The `synapse.app.appservice` and `synapse.app.user_dir` worker application types are now deprecated. ([\#12452](https://github.com/matrix-org/synapse/issues/12452), [\#12654](https://github.com/matrix-org/synapse/issues/12654))
+
+See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1590) for more details.
+
+Additionally, this release removes the non-standard `m.login.jwt` login type from Synapse. It can be replaced with `org.matrix.login.jwt` for identical behaviour. This is only used if `jwt_config.enabled` is set to `true` in the configuration. ([\#12597](https://github.com/matrix-org/synapse/issues/12597))
+
+
+Bugfixes
+--------
+
+- Fix DB performance regression introduced in Synapse 1.59.0rc2. ([\#12745](https://github.com/matrix-org/synapse/issues/12745))
+
+
+Synapse 1.59.0rc2 (2022-05-16)
+==============================
+
+Note: this release candidate includes a performance regression which can cause database disruption. Other release candidates in the v1.59.0 series are not affected, and a fix will be included in the v1.59.0 final release.
+
+Bugfixes
+--------
+
+- Fix a bug introduced in Synapse 1.58.0 where `/sync` would fail if the most recent event in a room was rejected. ([\#12729](https://github.com/matrix-org/synapse/issues/12729))
+
+
+Synapse 1.59.0rc1 (2022-05-10)
+==============================
+
+Features
+--------
+
+- Support [MSC3266](https://github.com/matrix-org/matrix-doc/pull/3266) room summaries over federation. ([\#11507](https://github.com/matrix-org/synapse/issues/11507))
+- Implement [changes](https://github.com/matrix-org/matrix-spec-proposals/pull/2285/commits/4a77139249c2e830aec3c7d6bd5501a514d1cc27) to [MSC2285 (hidden read receipts)](https://github.com/matrix-org/matrix-spec-proposals/pull/2285). Contributed by @SimonBrandner. ([\#12168](https://github.com/matrix-org/synapse/issues/12168), [\#12635](https://github.com/matrix-org/synapse/issues/12635), [\#12636](https://github.com/matrix-org/synapse/issues/12636), [\#12670](https://github.com/matrix-org/synapse/issues/12670))
+- Extend the [module API](https://github.com/matrix-org/synapse/blob/release-v1.59/synapse/module_api/__init__.py) to allow modules to change actions for existing push rules of local users. ([\#12406](https://github.com/matrix-org/synapse/issues/12406))
+- Add the `notify_appservices_from_worker` configuration option (superseding `notify_appservices`) to allow a generic worker to be designated as the worker to send traffic to Application Services. ([\#12452](https://github.com/matrix-org/synapse/issues/12452))
+- Add the `update_user_directory_from_worker` configuration option (superseding `update_user_directory`) to allow a generic worker to be designated as the worker to update the user directory. ([\#12654](https://github.com/matrix-org/synapse/issues/12654))
+- Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid. ([\#12526](https://github.com/matrix-org/synapse/issues/12526))
+- Implement [MSC3786](https://github.com/matrix-org/matrix-spec-proposals/pull/3786): Add a default push rule to ignore `m.room.server_acl` events. ([\#12601](https://github.com/matrix-org/synapse/issues/12601))
+- Add new `mau_appservice_trial_days` configuration option to specify a different trial period for users registered via an appservice. ([\#12619](https://github.com/matrix-org/synapse/issues/12619))
+
+
+Bugfixes
+--------
+
+- Fix a bug introduced in Synapse 1.48.0 where the latest thread reply provided failed to include the proper bundled aggregations. ([\#12273](https://github.com/matrix-org/synapse/issues/12273))
+- Fix a bug introduced in Synapse 1.22.0 where attempting to send a large amount of read receipts to an application service all at once would result in duplicate content and abnormally high memory usage. Contributed by Brad & Nick @ Beeper. ([\#12544](https://github.com/matrix-org/synapse/issues/12544))
+- Fix a bug introduced in Synapse 1.57.0 which could cause `Failed to calculate hosts in room` errors to be logged for outbound federation. ([\#12570](https://github.com/matrix-org/synapse/issues/12570))
+- Fix a long-standing bug where status codes would almost always get logged as `200!`, irrespective of the actual status code, when clients disconnect before a request has finished processing. ([\#12580](https://github.com/matrix-org/synapse/issues/12580))
+- Fix race when persisting an event and deleting a room that could lead to outbound federation breaking. ([\#12594](https://github.com/matrix-org/synapse/issues/12594))
+- Fix a bug introduced in Synapse 1.53.0 where bundled aggregations for annotations/edits were incorrectly calculated. ([\#12633](https://github.com/matrix-org/synapse/issues/12633))
+- Fix a long-standing bug where rooms containing power levels with string values could not be upgraded. ([\#12657](https://github.com/matrix-org/synapse/issues/12657))
+- Prevent memory leak from reoccurring when presence is disabled. ([\#12656](https://github.com/matrix-org/synapse/issues/12656))
+
+
+Updates to the Docker image
+---------------------------
+
+- Explicitly opt-in to using [BuildKit-specific features](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md) in the Dockerfile. This fixes issues with building images in some GitLab CI environments. ([\#12541](https://github.com/matrix-org/synapse/issues/12541))
+- Update the "Build docker images" GitHub Actions workflow to use `docker/metadata-action` to generate docker image tags, instead of a custom shell script. Contributed by @henryclw. ([\#12573](https://github.com/matrix-org/synapse/issues/12573))
+
+
+Improved Documentation
+----------------------
+
+- Update SQL statements and replace use of old table `user_stats_historical` in docs for Synapse Admins. ([\#12536](https://github.com/matrix-org/synapse/issues/12536))
+- Add missing linebreak to `pipx` install instructions. ([\#12579](https://github.com/matrix-org/synapse/issues/12579))
+- Add information about the TCP replication module to docs. ([\#12621](https://github.com/matrix-org/synapse/issues/12621))
+- Fixes to the formatting of `README.rst`. ([\#12627](https://github.com/matrix-org/synapse/issues/12627))
+- Fix docs on how to run specific Complement tests using the `complement.sh` test runner. ([\#12664](https://github.com/matrix-org/synapse/issues/12664))
+
+
+Deprecations and Removals
+-------------------------
+
+- Remove unstable identifiers from [MSC3069](https://github.com/matrix-org/matrix-doc/pull/3069). ([\#12596](https://github.com/matrix-org/synapse/issues/12596))
+- Remove the unspecified `m.login.jwt` login type and the unstable `uk.half-shot.msc2778.login.application_service` from
+ [MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778). ([\#12597](https://github.com/matrix-org/synapse/issues/12597))
+- Synapse now requires at least Python 3.7.1 (up from 3.7.0), for compatibility with the latest Twisted trunk. ([\#12613](https://github.com/matrix-org/synapse/issues/12613))
+
+
+Internal Changes
+----------------
+
+- Use supervisord to supervise Postgres and Caddy in the Complement image to reduce restart time. ([\#12480](https://github.com/matrix-org/synapse/issues/12480))
+- Immediately retry any requests that have backed off when a server comes back online. ([\#12500](https://github.com/matrix-org/synapse/issues/12500))
+- Use `make_awaitable` instead of `defer.succeed` for return values of mocks in tests. ([\#12505](https://github.com/matrix-org/synapse/issues/12505))
+- Consistently check if an object is a `frozendict`. ([\#12564](https://github.com/matrix-org/synapse/issues/12564))
+- Protect module callbacks with read semantics against cancellation. ([\#12568](https://github.com/matrix-org/synapse/issues/12568))
+- Improve comments and error messages around access tokens. ([\#12577](https://github.com/matrix-org/synapse/issues/12577))
+- Improve docstrings for the receipts store. ([\#12581](https://github.com/matrix-org/synapse/issues/12581))
+- Use constants for read-receipts in tests. ([\#12582](https://github.com/matrix-org/synapse/issues/12582))
+- Log status code of cancelled requests as 499 and avoid logging stack traces for them. ([\#12587](https://github.com/matrix-org/synapse/issues/12587), [\#12663](https://github.com/matrix-org/synapse/issues/12663))
+- Remove special-case for `twisted` logger from default log config. ([\#12589](https://github.com/matrix-org/synapse/issues/12589))
+- Use `getClientAddress` instead of the deprecated `getClientIP`. ([\#12599](https://github.com/matrix-org/synapse/issues/12599))
+- Add link to documentation in Grafana Dashboard. ([\#12602](https://github.com/matrix-org/synapse/issues/12602))
+- Reduce log spam when running multiple event persisters. ([\#12610](https://github.com/matrix-org/synapse/issues/12610))
+- Add extra debug logging to federation sender. ([\#12614](https://github.com/matrix-org/synapse/issues/12614))
+- Prevent remote homeservers from requesting local user device names by default. ([\#12616](https://github.com/matrix-org/synapse/issues/12616))
+- Add a consistency check on events which we read from the database. ([\#12620](https://github.com/matrix-org/synapse/issues/12620))
+- Remove use of the `constantly` library and switch to enums for `EventRedactBehaviour`. Contributed by @andrewdoh. ([\#12624](https://github.com/matrix-org/synapse/issues/12624))
+- Remove unused code related to receipts. ([\#12632](https://github.com/matrix-org/synapse/issues/12632))
+- Minor improvements to the scripts for running Synapse in worker mode under Complement. ([\#12637](https://github.com/matrix-org/synapse/issues/12637))
+- Move `pympler` back in to the `all` extras. ([\#12652](https://github.com/matrix-org/synapse/issues/12652))
+- Fix spelling of `M_UNRECOGNIZED` in comments. ([\#12665](https://github.com/matrix-org/synapse/issues/12665))
+- Release script: confirm the commit to be tagged before tagging. ([\#12556](https://github.com/matrix-org/synapse/issues/12556))
+- Fix a typo in the announcement text generated by the Synapse release development script. ([\#12612](https://github.com/matrix-org/synapse/issues/12612))
+
+### Typechecking
+
+- Fix scripts-dev to pass typechecking. ([\#12356](https://github.com/matrix-org/synapse/issues/12356))
+- Add some type hints to datastore. ([\#12485](https://github.com/matrix-org/synapse/issues/12485))
+- Remove unused `# type: ignore`s. ([\#12531](https://github.com/matrix-org/synapse/issues/12531))
+- Allow unused `# type: ignore` comments in bleeding edge CI jobs. ([\#12576](https://github.com/matrix-org/synapse/issues/12576))
+- Remove redundant lines of config from `mypy.ini`. ([\#12608](https://github.com/matrix-org/synapse/issues/12608))
+- Update to mypy 0.950. ([\#12650](https://github.com/matrix-org/synapse/issues/12650))
+- Use `Concatenate` to better annotate `_do_execute`. ([\#12666](https://github.com/matrix-org/synapse/issues/12666))
+- Use `ParamSpec` to refine type hints. ([\#12667](https://github.com/matrix-org/synapse/issues/12667))
+- Fix mypy against latest pillow stubs. ([\#12671](https://github.com/matrix-org/synapse/issues/12671))
+
+Synapse 1.58.1 (2022-05-05)
+===========================
+
+This patch release includes a fix to the Debian packages, installing the
+`systemd` and `cache_memory` extra package groups, which were incorrectly
+omitted in v1.58.0. This primarily prevented Synapse from starting
+when the `systemd.journal.JournalHandler` log handler was configured.
+See [#12631](https://github.com/matrix-org/synapse/issues/12631) for further information.
+
+Otherwise, no significant changes since 1.58.0.
+
+
+Synapse 1.58.0 (2022-05-03)
+===========================
+
+As of this release, the groups/communities feature in Synapse is now disabled by default. See [\#11584](https://github.com/matrix-org/synapse/issues/11584) for details. As mentioned in [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1580), this feature will be removed in Synapse 1.61.
+
+No significant changes since 1.58.0rc2.
+
+
+Synapse 1.58.0rc2 (2022-04-26)
==============================
+This release candidate fixes bugs related to Synapse 1.58.0rc1's logic for handling device list updates.
+
+Bugfixes
+--------
+
+- Fix a bug introduced in Synapse 1.58.0rc1 where the main process could consume excessive amounts of CPU and memory while handling sentry logging failures. ([\#12554](https://github.com/matrix-org/synapse/issues/12554))
+- Fix a bug introduced in Synapse 1.58.0rc1 where opentracing contexts were not correctly sent to whitelisted remote servers with device lists updates. ([\#12555](https://github.com/matrix-org/synapse/issues/12555))
+
+
+Internal Changes
+----------------
+
+- Reduce unnecessary work when handling remote device list updates. ([\#12557](https://github.com/matrix-org/synapse/issues/12557))
+
+
+Synapse 1.58.0rc1 (2022-04-26)
+==============================
+
+Features
+--------
+
+- Implement [MSC3383](https://github.com/matrix-org/matrix-spec-proposals/pull/3383) for including the destination in server-to-server authentication headers. Contributed by @Bubu and @jcgruenhage for Famedly. ([\#11398](https://github.com/matrix-org/synapse/issues/11398))
+- Docker images and Debian packages from matrix.org now contain a locked set of Python dependencies, greatly improving build reproducibility. ([Board](https://github.com/orgs/matrix-org/projects/54), [\#11537](https://github.com/matrix-org/synapse/issues/11537))
+- Enable processing of device list updates asynchronously. ([\#12365](https://github.com/matrix-org/synapse/issues/12365), [\#12465](https://github.com/matrix-org/synapse/issues/12465))
+- Implement [MSC2815](https://github.com/matrix-org/matrix-spec-proposals/pull/2815) to allow room moderators to view redacted event content. Contributed by @tulir @ Beeper. ([\#12427](https://github.com/matrix-org/synapse/issues/12427))
+- Build Debian packages for Ubuntu 22.04 "Jammy Jellyfish". ([\#12543](https://github.com/matrix-org/synapse/issues/12543))
+
+
+Bugfixes
+--------
+
+- Prevent a sync request from removing a user's busy presence status. ([\#12213](https://github.com/matrix-org/synapse/issues/12213))
+- Fix bug with incremental sync missing events when rejoining/backfilling. Contributed by Nick @ Beeper. ([\#12319](https://github.com/matrix-org/synapse/issues/12319))
+- Fix a long-standing bug which incorrectly caused `GET /_matrix/client/v3/rooms/{roomId}/event/{eventId}` to return edited events rather than the original. ([\#12476](https://github.com/matrix-org/synapse/issues/12476))
+- Fix a bug introduced in Synapse 1.27.0 where the admin API for [deleting forward extremities](https://github.com/matrix-org/synapse/blob/erikj/fix_delete_event_response_count/docs/admin_api/rooms.md#deleting-forward-extremities) would always return a count of 1, no matter how many extremities were deleted. ([\#12496](https://github.com/matrix-org/synapse/issues/12496))
+- Fix a long-standing bug where the image thumbnails embedded into email notifications were broken. ([\#12510](https://github.com/matrix-org/synapse/issues/12510))
+- Fix a bug in the implementation of [MSC3202](https://github.com/matrix-org/matrix-spec-proposals/pull/3202) where Synapse would use the field name `device_unused_fallback_keys`, rather than `device_unused_fallback_key_types`. ([\#12520](https://github.com/matrix-org/synapse/issues/12520))
+- Fix a bug introduced in Synapse 0.99.3 which could cause Synapse to consume large amounts of RAM when back-paginating in a large room. ([\#12522](https://github.com/matrix-org/synapse/issues/12522))
+
+
+Improved Documentation
+----------------------
+
+- Fix rendering of the documentation site when using the 'print' feature. ([\#12340](https://github.com/matrix-org/synapse/issues/12340))
+- Add a manual documenting config file options. ([\#12368](https://github.com/matrix-org/synapse/issues/12368), [\#12527](https://github.com/matrix-org/synapse/issues/12527))
+- Update documentation to reflect that both the `run_background_tasks_on` option and the options for moving stream writers off of the main process are no longer experimental. ([\#12451](https://github.com/matrix-org/synapse/issues/12451))
+- Update worker documentation and replace old `federation_reader` with `generic_worker`. ([\#12457](https://github.com/matrix-org/synapse/issues/12457))
+- Strongly recommend [Poetry](https://python-poetry.org/) for development. ([\#12475](https://github.com/matrix-org/synapse/issues/12475))
+- Add some example configurations for workers and update architectural diagram. ([\#12492](https://github.com/matrix-org/synapse/issues/12492))
+- Fix a broken link in `README.rst`. ([\#12495](https://github.com/matrix-org/synapse/issues/12495))
+- Add HAProxy delegation example with CORS headers to docs. ([\#12501](https://github.com/matrix-org/synapse/issues/12501))
+- Remove extraneous comma in User Admin API's device deletion section so that the example JSON is actually valid and works. Contributed by @olmari. ([\#12533](https://github.com/matrix-org/synapse/issues/12533))
+
+
+Deprecations and Removals
+-------------------------
+
+- The groups/communities feature in Synapse is now disabled by default. ([\#12344](https://github.com/matrix-org/synapse/issues/12344))
+- Remove unstable identifiers from [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440). ([\#12382](https://github.com/matrix-org/synapse/issues/12382))
+
+
+Internal Changes
+----------------
+
+- Preparation for faster-room-join work: start a background process to resynchronise the room state after a room join. ([\#12394](https://github.com/matrix-org/synapse/issues/12394))
+- Preparation for faster-room-join work: Implement a tracking mechanism to allow functions to wait for full room state to arrive. ([\#12399](https://github.com/matrix-org/synapse/issues/12399))
+- Remove an unstable identifier from [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083). ([\#12395](https://github.com/matrix-org/synapse/issues/12395))
+- Run CI in the locked [Poetry](https://python-poetry.org/) environment, and remove corresponding `tox` jobs. ([\#12425](https://github.com/matrix-org/synapse/issues/12425), [\#12434](https://github.com/matrix-org/synapse/issues/12434), [\#12438](https://github.com/matrix-org/synapse/issues/12438), [\#12441](https://github.com/matrix-org/synapse/issues/12441), [\#12449](https://github.com/matrix-org/synapse/issues/12449), [\#12478](https://github.com/matrix-org/synapse/issues/12478), [\#12514](https://github.com/matrix-org/synapse/issues/12514), [\#12472](https://github.com/matrix-org/synapse/issues/12472))
+- Change Mutual Rooms' `unstable_features` flag to `uk.half-shot.msc2666.mutual_rooms` which matches the current iteration of [MSC2666](https://github.com/matrix-org/matrix-spec-proposals/pull/2666). ([\#12445](https://github.com/matrix-org/synapse/issues/12445))
+- Fix typo in the release script help string. ([\#12450](https://github.com/matrix-org/synapse/issues/12450))
+- Fix a minor typo in the Debian changelogs generated by the release script. ([\#12497](https://github.com/matrix-org/synapse/issues/12497))
+- Reintroduce the list of targets to the linter script, to avoid linting unwanted local-only directories during development. ([\#12455](https://github.com/matrix-org/synapse/issues/12455))
+- Limit length of `device_id` to less than 512 characters. ([\#12454](https://github.com/matrix-org/synapse/issues/12454))
+- Dockerfile-workers: reduce the amount we install in the image. ([\#12464](https://github.com/matrix-org/synapse/issues/12464))
+- Dockerfile-workers: give the master its own log config. ([\#12466](https://github.com/matrix-org/synapse/issues/12466))
+- complement-synapse-workers: factor out separate entry point script. ([\#12467](https://github.com/matrix-org/synapse/issues/12467))
+- Back out experimental implementation of [MSC2314](https://github.com/matrix-org/matrix-spec-proposals/pull/2314). ([\#12474](https://github.com/matrix-org/synapse/issues/12474))
+- Fix grammatical error in federation error response when the room version of a room is unknown. ([\#12483](https://github.com/matrix-org/synapse/issues/12483))
+- Remove unnecessary configuration overrides in tests. ([\#12511](https://github.com/matrix-org/synapse/issues/12511))
+- Refactor the relations code for clarity. ([\#12519](https://github.com/matrix-org/synapse/issues/12519))
+- Add type hints so `docker` and `stubs` directories pass `mypy --disallow-untyped-defs`. ([\#12528](https://github.com/matrix-org/synapse/issues/12528))
+- Update `delay_cancellation` to accept any awaitable, rather than just `Deferred`s. ([\#12468](https://github.com/matrix-org/synapse/issues/12468))
+- Handle cancellation in `EventsWorkerStore._get_events_from_cache_or_db`. ([\#12529](https://github.com/matrix-org/synapse/issues/12529))
+
+
+Synapse 1.57.1 (2022-04-20)
+===========================
+
+This is a patch release that only affects the Docker image. It is only of interest to administrators using [the LDAP module][LDAPModule] to authenticate their users.
+If you have already upgraded to Synapse 1.57.0 without problem, then you have no need to upgrade to this patch release.
+
+[LDAPModule]: https://github.com/matrix-org/matrix-synapse-ldap3
+
+
+Updates to the Docker image
+---------------------------
+
+- Include version 0.2.0 of the Synapse LDAP Auth Provider module in the Docker image. This matches the version that was present in the Docker image for Synapse v1.56.0. ([\#12512](https://github.com/matrix-org/synapse/issues/12512))
+
+
+Synapse 1.57.0 (2022-04-19)
+===========================
+
This version includes a [change](https://github.com/matrix-org/synapse/pull/12209) to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs.
-See the [upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1570) for more details.
+See the [upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#upgrading-to-v1570) for more details.
+
+No significant changes since 1.57.0rc1.
+
+
+Synapse 1.57.0rc1 (2022-04-12)
+==============================
Features
--------
diff --git a/MANIFEST.in b/MANIFEST.in
deleted file mode 100644
index d744c090acde..000000000000
--- a/MANIFEST.in
+++ /dev/null
@@ -1,54 +0,0 @@
-include LICENSE
-include VERSION
-include *.rst
-include *.md
-include demo/README
-include demo/demo.tls.dh
-include demo/*.py
-include demo/*.sh
-
-include synapse/py.typed
-recursive-include synapse/storage *.sql
-recursive-include synapse/storage *.sql.postgres
-recursive-include synapse/storage *.sql.sqlite
-recursive-include synapse/storage *.py
-recursive-include synapse/storage *.txt
-recursive-include synapse/storage *.md
-
-recursive-include docs *
-recursive-include scripts-dev *
-recursive-include synapse *.pyi
-recursive-include tests *.py
-recursive-include tests *.pem
-recursive-include tests *.p8
-recursive-include tests *.crt
-recursive-include tests *.key
-
-recursive-include synapse/res *
-recursive-include synapse/static *.css
-recursive-include synapse/static *.gif
-recursive-include synapse/static *.html
-recursive-include synapse/static *.js
-
-exclude .codecov.yml
-exclude .coveragerc
-exclude .dockerignore
-exclude .editorconfig
-exclude Dockerfile
-exclude mypy.ini
-exclude sytest-blacklist
-exclude test_postgresql.sh
-
-include book.toml
-include pyproject.toml
-recursive-include changelog.d *
-
-include .flake8
-prune .circleci
-prune .github
-prune .ci
-prune contrib
-prune debian
-prune demo/etc
-prune docker
-prune stubs
diff --git a/README.rst b/README.rst
index 595fb5ff62a6..219e32de8ea4 100644
--- a/README.rst
+++ b/README.rst
@@ -55,7 +55,7 @@ solutions. The hope is for Matrix to act as the building blocks for a new
generation of fully open and interoperable messaging and VoIP apps for the
internet.
-Synapse is a Matrix "homeserver" implementation developed by the matrix.org core
+Synapse is a Matrix "homeserver" implementation developed by the matrix.org core
team, written in Python 3/Twisted.
In Matrix, every user runs one or more Matrix clients, which connect through to
@@ -293,39 +293,42 @@ directory of your choice::
git clone https://github.com/matrix-org/synapse.git
cd synapse
-Synapse has a number of external dependencies, that are easiest
-to install using pip and a virtualenv::
+Synapse has a number of external dependencies. We maintain a fixed development
+environment using `Poetry `_. First, install poetry. We recommend::
- python3 -m venv ./env
- source ./env/bin/activate
- pip install -e ".[all,dev]"
+ pip install --user pipx
+ pipx install poetry
-This will run a process of downloading and installing all the needed
-dependencies into a virtual env. If any dependencies fail to install,
-try installing the failing modules individually::
+as described `here `_.
+(See `poetry's installation docs `_
+for other installation methods.) Then ask poetry to create a virtual environment
+from the project and install Synapse's dependencies::
+
+ poetry install --extras "all test"
- pip install -e "module-name"
+This will run a process of downloading and installing all the needed
+dependencies into a virtual env.
-We recommend using the demo which starts 3 federated instances running on ports `8080` - `8082`
+We recommend using the demo which starts 3 federated instances running on ports `8080` - `8082`::
- ./demo/start.sh
+ poetry run ./demo/start.sh
-(to stop, you can use `./demo/stop.sh`)
+(to stop, you can use ``poetry run ./demo/stop.sh``)
-See the [demo documentation](https://matrix-org.github.io/synapse/develop/development/demo.html)
+See the `demo documentation `_
for more information.
If you just want to start a single instance of the app and run it directly::
# Create the homeserver.yaml config once
- python -m synapse.app.homeserver \
+ poetry run synapse_homeserver \
--server-name my.domain.name \
--config-path homeserver.yaml \
--generate-config \
--report-stats=[yes|no]
# Start the app
- python -m synapse.app.homeserver --config-path homeserver.yaml
+ poetry run synapse_homeserver --config-path homeserver.yaml
Running the unit tests
@@ -334,7 +337,7 @@ Running the unit tests
After getting up and running, you may wish to run Synapse's unit tests to
check that everything is installed correctly::
- trial tests
+ poetry run trial tests
This should end with a 'PASSED' result (note that exact numbers will
differ)::
diff --git a/changelog.d/12213.bugfix b/changelog.d/12213.bugfix
deleted file mode 100644
index 9278e3a9c163..000000000000
--- a/changelog.d/12213.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Prevent a sync request from removing a user's busy presence status.
diff --git a/changelog.d/12319.bugfix b/changelog.d/12319.bugfix
deleted file mode 100644
index a50191feaaaf..000000000000
--- a/changelog.d/12319.bugfix
+++ /dev/null
@@ -1 +0,0 @@
-Fix bug with incremental sync missing events when rejoining/backfilling. Contributed by Nick @ Beeper.
diff --git a/changelog.d/12340.doc b/changelog.d/12340.doc
deleted file mode 100644
index 8354f2259e0c..000000000000
--- a/changelog.d/12340.doc
+++ /dev/null
@@ -1 +0,0 @@
-Fix rendering of the documentation site when using the 'print' feature.
diff --git a/changelog.d/12344.removal b/changelog.d/12344.removal
deleted file mode 100644
index ecefa76d8ea5..000000000000
--- a/changelog.d/12344.removal
+++ /dev/null
@@ -1 +0,0 @@
-The groups/communities feature in Synapse has been disabled by default.
diff --git a/changelog.d/12365.feature b/changelog.d/12365.feature
deleted file mode 100644
index 642dea966c44..000000000000
--- a/changelog.d/12365.feature
+++ /dev/null
@@ -1 +0,0 @@
-Enable processing of device list updates asynchronously.
diff --git a/changelog.d/12382.removal b/changelog.d/12382.removal
deleted file mode 100644
index eb91186340f7..000000000000
--- a/changelog.d/12382.removal
+++ /dev/null
@@ -1 +0,0 @@
-Remove unstable identifiers from [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440).
diff --git a/changelog.d/12394.misc b/changelog.d/12394.misc
deleted file mode 100644
index 69109fcc37d3..000000000000
--- a/changelog.d/12394.misc
+++ /dev/null
@@ -1 +0,0 @@
-Preparation for faster-room-join work: start a background process to resynchronise the room state after a room join.
diff --git a/changelog.d/12395.misc b/changelog.d/12395.misc
deleted file mode 100644
index 0a2123b2942a..000000000000
--- a/changelog.d/12395.misc
+++ /dev/null
@@ -1 +0,0 @@
-Remove an unstable identifier from [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083).
diff --git a/changelog.d/12425.misc b/changelog.d/12425.misc
deleted file mode 100644
index 3b076be0bd52..000000000000
--- a/changelog.d/12425.misc
+++ /dev/null
@@ -1 +0,0 @@
-Run twisted trunk CI job in the locked poetry environment.
diff --git a/changelog.d/12434.misc b/changelog.d/12434.misc
deleted file mode 100644
index 88dab428d245..000000000000
--- a/changelog.d/12434.misc
+++ /dev/null
@@ -1 +0,0 @@
-Run lints under poetry in CI, and remove corresponding tox lint jobs.
diff --git a/changelog.d/12438.misc b/changelog.d/12438.misc
deleted file mode 100644
index f2c07a56da14..000000000000
--- a/changelog.d/12438.misc
+++ /dev/null
@@ -1 +0,0 @@
-Run "main" trial tests under `poetry`.
diff --git a/changelog.d/12441.misc b/changelog.d/12441.misc
deleted file mode 100644
index c2619f16540b..000000000000
--- a/changelog.d/12441.misc
+++ /dev/null
@@ -1 +0,0 @@
-Bump twisted version in `poetry.lock` to work around [pip bug #9644](https://github.com/pypa/pip/issues/9644).
diff --git a/changelog.d/12445.misc b/changelog.d/12445.misc
deleted file mode 100644
index 954248115a0d..000000000000
--- a/changelog.d/12445.misc
+++ /dev/null
@@ -1 +0,0 @@
-Change Mutual Rooms' `unstable_features` flag to `uk.half-shot.msc2666.mutual_rooms` which matches the current MSC iteration.
\ No newline at end of file
diff --git a/changelog.d/12449.misc b/changelog.d/12449.misc
deleted file mode 100644
index 03e08aace427..000000000000
--- a/changelog.d/12449.misc
+++ /dev/null
@@ -1 +0,0 @@
-Use `poetry` to manage the virtualenv in debian packages.
diff --git a/changelog.d/12450.misc b/changelog.d/12450.misc
deleted file mode 100644
index 4b1c8cba875f..000000000000
--- a/changelog.d/12450.misc
+++ /dev/null
@@ -1 +0,0 @@
-Fix typo in the release script help string.
diff --git a/changelog.d/12451.doc b/changelog.d/12451.doc
deleted file mode 100644
index c8b23c128539..000000000000
--- a/changelog.d/12451.doc
+++ /dev/null
@@ -1 +0,0 @@
-Update documentation to reflect that both the `run_background_tasks_on` option and the options for moving stream writers off of the main process are no longer experimental.
diff --git a/changelog.d/12454.misc b/changelog.d/12454.misc
deleted file mode 100644
index cb7ff74b4c8f..000000000000
--- a/changelog.d/12454.misc
+++ /dev/null
@@ -1 +0,0 @@
-Limit length of device_id to less than 512 characters.
diff --git a/changelog.d/12455.misc b/changelog.d/12455.misc
deleted file mode 100644
index 9b19945673e4..000000000000
--- a/changelog.d/12455.misc
+++ /dev/null
@@ -1 +0,0 @@
-Reintroduce the list of targets to the linter script, to avoid linting unwanted local-only directories during development.
diff --git a/changelog.d/12457.doc b/changelog.d/12457.doc
deleted file mode 100644
index a4871622cf76..000000000000
--- a/changelog.d/12457.doc
+++ /dev/null
@@ -1 +0,0 @@
-Update worker documentation and replace old `federation_reader` with `generic_worker`.
\ No newline at end of file
diff --git a/changelog.d/12464.misc b/changelog.d/12464.misc
deleted file mode 100644
index 7a8cc6ba512c..000000000000
--- a/changelog.d/12464.misc
+++ /dev/null
@@ -1 +0,0 @@
-Dockerfile-workers: reduce the amount we install in the image.
diff --git a/changelog.d/12465.feature b/changelog.d/12465.feature
deleted file mode 100644
index 642dea966c44..000000000000
--- a/changelog.d/12465.feature
+++ /dev/null
@@ -1 +0,0 @@
-Enable processing of device list updates asynchronously.
diff --git a/changelog.d/12466.misc b/changelog.d/12466.misc
deleted file mode 100644
index b0c2c950fe55..000000000000
--- a/changelog.d/12466.misc
+++ /dev/null
@@ -1 +0,0 @@
-Dockerfile-workers: give the master its own log config.
diff --git a/changelog.d/12467.misc b/changelog.d/12467.misc
deleted file mode 100644
index fbf415f7072b..000000000000
--- a/changelog.d/12467.misc
+++ /dev/null
@@ -1 +0,0 @@
-complement-synapse-workers: factor out separate entry point script.
diff --git a/contrib/grafana/synapse.json b/contrib/grafana/synapse.json
index 2c839c30d036..819426b8ea2b 100644
--- a/contrib/grafana/synapse.json
+++ b/contrib/grafana/synapse.json
@@ -66,6 +66,18 @@
],
"title": "Dashboards",
"type": "dashboards"
+ },
+ {
+ "asDropdown": false,
+ "icon": "external link",
+ "includeVars": false,
+ "keepTime": false,
+ "tags": [],
+ "targetBlank": true,
+ "title": "Synapse Documentation",
+ "tooltip": "Open Documentation",
+ "type": "link",
+ "url": "https://matrix-org.github.io/synapse/latest/"
}
],
"panels": [
@@ -10889,4 +10901,4 @@
"title": "Synapse",
"uid": "000000012",
"version": 100
-}
\ No newline at end of file
+}
diff --git a/debian/build_virtualenv b/debian/build_virtualenv
index b068792592d6..f1ec60916325 100755
--- a/debian/build_virtualenv
+++ b/debian/build_virtualenv
@@ -37,7 +37,11 @@ python3 -m venv "$TEMP_VENV"
source "$TEMP_VENV/bin/activate"
pip install -U pip
pip install poetry==1.2.0b1
-poetry export --extras all --extras test -o exported_requirements.txt
+poetry export \
+ --extras all \
+ --extras test \
+ --extras systemd \
+ -o exported_requirements.txt
deactivate
rm -rf "$TEMP_VENV"
diff --git a/debian/changelog b/debian/changelog
index fdbc92df6bb4..dda342a630db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,68 @@
-matrix-synapse-py3 (1.58.0+nmu1) UNRELEASED; urgency=medium
+matrix-synapse-py3 (1.59.1) stable; urgency=medium
+
+ * New Synapse release 1.59.1.
+
+ -- Synapse Packaging team Wed, 18 May 2022 11:41:46 +0100
+
+matrix-synapse-py3 (1.59.0) stable; urgency=medium
+
+ * New Synapse release 1.59.0.
+
+ -- Synapse Packaging team Tue, 17 May 2022 10:26:50 +0100
+
+matrix-synapse-py3 (1.59.0~rc2) stable; urgency=medium
+
+ * New Synapse release 1.59.0rc2.
+
+ -- Synapse Packaging team Mon, 16 May 2022 12:52:15 +0100
+
+matrix-synapse-py3 (1.59.0~rc1) stable; urgency=medium
+
+ * Adjust how the `exported-requirements.txt` file is generated as part of
+ the process of building these packages. This affects the package
+ maintainers only; end-users are unaffected.
+ * New Synapse release 1.59.0rc1.
+
+ -- Synapse Packaging team Tue, 10 May 2022 10:45:08 +0100
+
+matrix-synapse-py3 (1.58.1) stable; urgency=medium
+
+ * Include python dependencies from the `systemd` and `cache_memory` extras package groups, which
+ were incorrectly omitted from the 1.58.0 package.
+ * New Synapse release 1.58.1.
+
+ -- Synapse Packaging team Thu, 05 May 2022 14:58:23 +0100
+
+matrix-synapse-py3 (1.58.0) stable; urgency=medium
+
+ * New Synapse release 1.58.0.
+
+ -- Synapse Packaging team Tue, 03 May 2022 10:52:58 +0100
+
+matrix-synapse-py3 (1.58.0~rc2) stable; urgency=medium
+
+ * New Synapse release 1.58.0rc2.
+
+ -- Synapse Packaging team Tue, 26 Apr 2022 17:14:56 +0100
+
+matrix-synapse-py3 (1.58.0~rc1) stable; urgency=medium
- * Non-maintainer upload.
* Use poetry to manage the bundled virtualenv included with this package.
+ * New Synapse release 1.58.0rc1.
+
+ -- Synapse Packaging team Tue, 26 Apr 2022 11:15:20 +0100
+
+matrix-synapse-py3 (1.57.1) stable; urgency=medium
+
+ * New synapse release 1.57.1.
+
+ -- Synapse Packaging team Wed, 20 Apr 2022 15:27:21 +0100
+
+matrix-synapse-py3 (1.57.0) stable; urgency=medium
+
+ * New synapse release 1.57.0.
- -- Synapse Packaging Team Wed, 30 Mar 2022 12:21:43 +0100
+ -- Synapse Packaging team Tue, 19 Apr 2022 10:58:42 +0100
matrix-synapse-py3 (1.57.0~rc1) stable; urgency=medium
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 07da57553a3e..ffbaa8766752 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
# Dockerfile to build the matrixdotorg/synapse docker images.
#
# Note that it uses features which are only available in BuildKit - see
@@ -59,7 +60,7 @@ RUN --mount=type=cache,target=/root/.cache/pip \
WORKDIR /synapse
# Copy just what we need to run `poetry export`...
-COPY pyproject.toml poetry.lock README.rst /synapse/
+COPY pyproject.toml poetry.lock /synapse/
RUN /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt
@@ -101,9 +102,7 @@ RUN pip install --prefix="/install" --no-warn-script-location /synapse/synapse/a
RUN pip install --prefix="/install" --no-warn-script-location /synapse/synapse/chagai
RUN pip install --prefix="/install" --no-warn-script-location locationsharinglib
# ... and what we need to `pip install`.
-# TODO: once pyproject.toml declares poetry-core as its build system, we'll need to copy
-# pyproject.toml here, ditching setup.py and MANIFEST.in.
-COPY setup.py MANIFEST.in README.rst /synapse/
+COPY pyproject.toml README.rst /synapse/
RUN pip install --prefix="/install" --no-warn-script-location /synapse/synapse/auto_accept
RUN pip install --prefix="/install" --no-warn-script-location /synapse/synapse/chagai
diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers
index 9ccb2b22a750..24b03585f9a2 100644
--- a/docker/Dockerfile-workers
+++ b/docker/Dockerfile-workers
@@ -20,6 +20,9 @@ RUN rm /etc/nginx/sites-enabled/default
# Copy Synapse worker, nginx and supervisord configuration template files
COPY ./docker/conf-workers/* /conf/
+# Copy a script to prefix log lines with the supervisor program name
+COPY ./docker/prefix-log /usr/local/bin/
+
# Expose nginx listener port
EXPOSE 8080/tcp
diff --git a/docker/complement/SynapseWorkers.Dockerfile b/docker/complement/SynapseWorkers.Dockerfile
index 65df2d114d58..9a4438e7303b 100644
--- a/docker/complement/SynapseWorkers.Dockerfile
+++ b/docker/complement/SynapseWorkers.Dockerfile
@@ -34,13 +34,16 @@ WORKDIR /data
# Copy the caddy config
COPY conf-workers/caddy.complement.json /root/caddy.json
+COPY conf-workers/postgres.supervisord.conf /etc/supervisor/conf.d/postgres.conf
+COPY conf-workers/caddy.supervisord.conf /etc/supervisor/conf.d/caddy.conf
+
# Copy the entrypoint
COPY conf-workers/start-complement-synapse-workers.sh /
# Expose caddy's listener ports
EXPOSE 8008 8448
-ENTRYPOINT /start-complement-synapse-workers.sh
+ENTRYPOINT ["/start-complement-synapse-workers.sh"]
# Update the healthcheck to have a shorter check interval
HEALTHCHECK --start-period=5s --interval=1s --timeout=1s \
diff --git a/docker/complement/conf-workers/caddy.supervisord.conf b/docker/complement/conf-workers/caddy.supervisord.conf
new file mode 100644
index 000000000000..d9ddb51dac46
--- /dev/null
+++ b/docker/complement/conf-workers/caddy.supervisord.conf
@@ -0,0 +1,7 @@
+[program:caddy]
+command=/usr/local/bin/prefix-log /root/caddy run --config /root/caddy.json
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
diff --git a/docker/complement/conf-workers/postgres.supervisord.conf b/docker/complement/conf-workers/postgres.supervisord.conf
new file mode 100644
index 000000000000..5608342d1a9e
--- /dev/null
+++ b/docker/complement/conf-workers/postgres.supervisord.conf
@@ -0,0 +1,16 @@
+[program:postgres]
+command=/usr/local/bin/prefix-log /usr/bin/pg_ctlcluster 13 main start --foreground
+
+# Lower priority number = starts first
+priority=1
+
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+# Use 'Fast Shutdown' mode which aborts current transactions and closes connections quickly.
+# (Default (TERM) is 'Smart Shutdown' which stops accepting new connections but
+# lets existing connections close gracefully.)
+stopsignal=INT
diff --git a/docker/complement/conf-workers/start-complement-synapse-workers.sh b/docker/complement/conf-workers/start-complement-synapse-workers.sh
index 2c1e05bd6221..b9a6b55bbe8e 100755
--- a/docker/complement/conf-workers/start-complement-synapse-workers.sh
+++ b/docker/complement/conf-workers/start-complement-synapse-workers.sh
@@ -12,12 +12,6 @@ function log {
# Replace the server name in the caddy config
sed -i "s/{{ server_name }}/${SERVER_NAME}/g" /root/caddy.json
-log "starting postgres"
-pg_ctlcluster 13 main start
-
-log "starting caddy"
-/root/caddy start --config /root/caddy.json
-
# Set the server name of the homeserver
export SYNAPSE_SERVER_NAME=${SERVER_NAME}
diff --git a/docker/complement/conf/homeserver.yaml b/docker/complement/conf/homeserver.yaml
index c9d6a312401a..174f87f52ee0 100644
--- a/docker/complement/conf/homeserver.yaml
+++ b/docker/complement/conf/homeserver.yaml
@@ -103,8 +103,10 @@ experimental_features:
spaces_enabled: true
# Enable history backfilling support
msc2716_enabled: true
- # server-side support for partial state in /send_join
+ # server-side support for partial state in /send_join responses
msc3706_enabled: true
+ # client-side support for partial state in /send_join responses
+ faster_joins: true
# Enable jump to date endpoint
msc3030_enabled: true
diff --git a/docker/conf-workers/supervisord.conf.j2 b/docker/conf-workers/supervisord.conf.j2
index 408ef727879d..ca1f7aef8e3f 100644
--- a/docker/conf-workers/supervisord.conf.j2
+++ b/docker/conf-workers/supervisord.conf.j2
@@ -9,7 +9,7 @@ user=root
files = /etc/supervisor/conf.d/*.conf
[program:nginx]
-command=/usr/sbin/nginx -g "daemon off;"
+command=/usr/local/bin/prefix-log /usr/sbin/nginx -g "daemon off;"
priority=500
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
@@ -19,7 +19,7 @@ username=www-data
autorestart=true
[program:redis]
-command=/usr/bin/redis-server /etc/redis/redis.conf --daemonize no
+command=/usr/local/bin/prefix-log /usr/bin/redis-server /etc/redis/redis.conf --daemonize no
priority=1
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
@@ -29,7 +29,7 @@ username=redis
autorestart=true
[program:synapse_main]
-command=/usr/local/bin/python -m synapse.app.homeserver --config-path="{{ main_config_path }}" --config-path=/conf/workers/shared.yaml
+command=/usr/local/bin/prefix-log /usr/local/bin/python -m synapse.app.homeserver --config-path="{{ main_config_path }}" --config-path=/conf/workers/shared.yaml
priority=10
# Log startup failures to supervisord's stdout/err
# Regular synapse logs will still go in the configured data directory
diff --git a/docker/conf/log.config b/docker/conf/log.config
index 7a216a36a046..dc8c70befd40 100644
--- a/docker/conf/log.config
+++ b/docker/conf/log.config
@@ -2,11 +2,7 @@ version: 1
formatters:
precise:
-{% if worker_name %}
- format: '%(asctime)s - worker:{{ worker_name }} - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-{% else %}
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
-{% endif %}
handlers:
{% if LOG_FILE_PATH %}
diff --git a/docker/configure_workers_and_start.py b/docker/configure_workers_and_start.py
index 23cac18e8dbd..b2b7938ae801 100755
--- a/docker/configure_workers_and_start.py
+++ b/docker/configure_workers_and_start.py
@@ -29,7 +29,7 @@
import os
import subprocess
import sys
-from typing import Any, Dict, Mapping, Set
+from typing import Any, Dict, List, Mapping, MutableMapping, NoReturn, Set
import jinja2
import yaml
@@ -69,10 +69,10 @@
"worker_extra_conf": "enable_media_repo: true",
},
"appservice": {
- "app": "synapse.app.appservice",
+ "app": "synapse.app.generic_worker",
"listener_resources": [],
"endpoint_patterns": [],
- "shared_extra_conf": {"notify_appservices": False},
+ "shared_extra_conf": {"notify_appservices_from_worker": "appservice"},
"worker_extra_conf": "",
},
"federation_sender": {
@@ -171,7 +171,7 @@
# Templates for sections that may be inserted multiple times in config files
SUPERVISORD_PROCESS_CONFIG_BLOCK = """
[program:synapse_{name}]
-command=/usr/local/bin/python -m {app} \
+command=/usr/local/bin/prefix-log /usr/local/bin/python -m {app} \
--config-path="{config_path}" \
--config-path=/conf/workers/shared.yaml \
--config-path=/conf/workers/{name}.yaml
@@ -201,7 +201,7 @@
# Utility functions
-def log(txt: str):
+def log(txt: str) -> None:
"""Log something to the stdout.
Args:
@@ -210,7 +210,7 @@ def log(txt: str):
print(txt)
-def error(txt: str):
+def error(txt: str) -> NoReturn:
"""Log something and exit with an error code.
Args:
@@ -220,7 +220,7 @@ def error(txt: str):
sys.exit(2)
-def convert(src: str, dst: str, **template_vars):
+def convert(src: str, dst: str, **template_vars: object) -> None:
"""Generate a file from a template
Args:
@@ -290,7 +290,7 @@ def add_sharding_to_shared_config(
shared_config.setdefault("media_instance_running_background_jobs", worker_name)
-def generate_base_homeserver_config():
+def generate_base_homeserver_config() -> None:
"""Starts Synapse and generates a basic homeserver config, which will later be
modified for worker support.
@@ -302,12 +302,14 @@ def generate_base_homeserver_config():
subprocess.check_output(["/usr/local/bin/python", "/start.py", "migrate_config"])
-def generate_worker_files(environ, config_path: str, data_dir: str):
+def generate_worker_files(
+ environ: Mapping[str, str], config_path: str, data_dir: str
+) -> None:
"""Read the desired list of workers from environment variables and generate
shared homeserver, nginx and supervisord configs.
Args:
- environ: _Environ[str]
+ environ: os.environ instance.
config_path: The location of the generated Synapse main worker config file.
data_dir: The location of the synapse data directory. Where log and
user-facing config files live.
@@ -369,13 +371,13 @@ def generate_worker_files(environ, config_path: str, data_dir: str):
nginx_locations = {}
# Read the desired worker configuration from the environment
- worker_types = environ.get("SYNAPSE_WORKER_TYPES")
- if worker_types is None:
+ worker_types_env = environ.get("SYNAPSE_WORKER_TYPES")
+ if worker_types_env is None:
# No workers, just the main process
worker_types = []
else:
# Split type names by comma
- worker_types = worker_types.split(",")
+ worker_types = worker_types_env.split(",")
# Create the worker configuration directory if it doesn't already exist
os.makedirs("/conf/workers", exist_ok=True)
@@ -547,7 +549,7 @@ def generate_worker_log_config(
return log_config_filepath
-def main(args, environ):
+def main(args: List[str], environ: MutableMapping[str, str]) -> None:
config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
config_path = environ.get("SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml")
data_dir = environ.get("SYNAPSE_DATA_DIR", "/data")
diff --git a/docker/prefix-log b/docker/prefix-log
new file mode 100755
index 000000000000..0e26a4f19d33
--- /dev/null
+++ b/docker/prefix-log
@@ -0,0 +1,12 @@
+#!/bin/bash
+#
+# Prefixes all lines on stdout and stderr with the process name (as determined by
+# the SUPERVISOR_PROCESS_NAME env var, which is automatically set by Supervisor).
+#
+# Usage:
+# prefix-log command [args...]
+#
+
+exec 1> >(awk '{print "'"${SUPERVISOR_PROCESS_NAME}"' | "$0}' >&1)
+exec 2> >(awk '{print "'"${SUPERVISOR_PROCESS_NAME}"' | "$0}' >&2)
+exec "$@"
diff --git a/docker/start.py b/docker/start.py
index ac62bbc8baf9..4ac8f034777f 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -6,27 +6,28 @@
import platform
import subprocess
import sys
+from typing import Any, Dict, List, Mapping, MutableMapping, NoReturn, Optional
import jinja2
# Utility functions
-def log(txt):
+def log(txt: str) -> None:
print(txt, file=sys.stderr)
-def error(txt):
+def error(txt: str) -> NoReturn:
log(txt)
sys.exit(2)
-def convert(src, dst, environ):
+def convert(src: str, dst: str, environ: Mapping[str, object]) -> None:
"""Generate a file from a template
Args:
- src (str): path to input file
- dst (str): path to file to write
- environ (dict): environment dictionary, for replacement mappings.
+ src: path to input file
+ dst: path to file to write
+ environ: environment dictionary, for replacement mappings.
"""
with open(src) as infile:
template = infile.read()
@@ -35,25 +36,30 @@ def convert(src, dst, environ):
outfile.write(rendered)
-def generate_config_from_template(config_dir, config_path, environ, ownership):
+def generate_config_from_template(
+ config_dir: str,
+ config_path: str,
+ os_environ: Mapping[str, str],
+ ownership: Optional[str],
+) -> None:
"""Generate a homeserver.yaml from environment variables
Args:
- config_dir (str): where to put generated config files
- config_path (str): where to put the main config file
- environ (dict): environment dictionary
- ownership (str|None): ":" string which will be used to set
+ config_dir: where to put generated config files
+ config_path: where to put the main config file
+ os_environ: environment mapping
+ ownership: ":" string which will be used to set
ownership of the generated configs. If None, ownership will not change.
"""
for v in ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"):
- if v not in environ:
+ if v not in os_environ:
error(
"Environment variable '%s' is mandatory when generating a config file."
% (v,)
)
# populate some params from data files (if they exist, else create new ones)
- environ = environ.copy()
+ environ: Dict[str, Any] = dict(os_environ)
secrets = {
"registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
"macaroon": "SYNAPSE_MACAROON_SECRET_KEY",
@@ -127,12 +133,12 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
subprocess.check_output(args)
-def run_generate_config(environ, ownership):
+def run_generate_config(environ: Mapping[str, str], ownership: Optional[str]) -> None:
"""Run synapse with a --generate-config param to generate a template config file
Args:
- environ (dict): env var dict
- ownership (str|None): "userid:groupid" arg for chmod. If None, ownership will not change.
+ environ: env vars from `os.enrivon`.
+ ownership: "userid:groupid" arg for chmod. If None, ownership will not change.
Never returns.
"""
@@ -178,7 +184,7 @@ def run_generate_config(environ, ownership):
os.execv(sys.executable, args)
-def main(args, environ):
+def main(args: List[str], environ: MutableMapping[str, str]) -> None:
mode = args[1] if len(args) > 1 else "run"
# if we were given an explicit user to switch to, do so
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 6aa48e191999..65570cefbe1b 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -17,6 +17,7 @@
# Usage
- [Federation](federate.md)
- [Configuration](usage/configuration/README.md)
+ - [Configuration Manual](usage/configuration/config_documentation.md)
- [Homeserver Sample Config File](usage/configuration/homeserver_sample_config.md)
- [Logging Sample Config File](usage/configuration/logging_sample_config.md)
- [Structured Logging](structured_logging.md)
diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md
index 4076fcab65f1..c8794299e790 100644
--- a/docs/admin_api/user_admin_api.md
+++ b/docs/admin_api/user_admin_api.md
@@ -804,7 +804,7 @@ POST /_synapse/admin/v2/users//delete_devices
"devices": [
"QBUAZIFURK",
"AUIECTSRND"
- ],
+ ]
}
```
diff --git a/docs/development/contributing_guide.md b/docs/development/contributing_guide.md
index 0d9cf6019607..d356c72bf780 100644
--- a/docs/development/contributing_guide.md
+++ b/docs/development/contributing_guide.md
@@ -48,19 +48,28 @@ can find many good git tutorials on the web.
# 4. Install the dependencies
-Once you have installed Python 3 and added the source, please open a terminal and
-setup a *virtualenv*, as follows:
+Synapse uses the [poetry](https://python-poetry.org/) project to manage its dependencies
+and development environment. Once you have installed Python 3 and added the
+source, you should install `poetry`.
+Of their installation methods, we recommend
+[installing `poetry` using `pipx`](https://python-poetry.org/docs/#installing-with-pipx),
+
+```shell
+pip install --user pipx
+pipx install poetry
+```
+
+but see poetry's [installation instructions](https://python-poetry.org/docs/#installation)
+for other installation methods.
+
+Next, open a terminal and install dependencies as follows:
```sh
cd path/where/you/have/cloned/the/repository
-python3 -m venv ./env
-source ./env/bin/activate
-pip install wheel
-pip install -e ".[all,dev]"
-pip install tox
+poetry install --extras all
```
-This will install the developer dependencies for the project.
+This will install the runtime and developer dependencies for the project.
# 5. Get in touch.
@@ -117,11 +126,10 @@ The linters look at your code and do two things:
- ensure that your code follows the coding style adopted by the project;
- catch a number of errors in your code.
-The linter takes no time at all to run as soon as you've [downloaded the dependencies into your python virtual environment](#4-install-the-dependencies).
+The linter takes no time at all to run as soon as you've [downloaded the dependencies](#4-install-the-dependencies).
```sh
-source ./env/bin/activate
-./scripts-dev/lint.sh
+poetry run ./scripts-dev/lint.sh
```
Note that this script *will modify your files* to fix styling errors.
@@ -131,15 +139,13 @@ If you wish to restrict the linters to only the files changed since the last com
(much faster!), you can instead run:
```sh
-source ./env/bin/activate
-./scripts-dev/lint.sh -d
+poetry run ./scripts-dev/lint.sh -d
```
Or if you know exactly which files you wish to lint, you can instead run:
```sh
-source ./env/bin/activate
-./scripts-dev/lint.sh path/to/file1.py path/to/file2.py path/to/folder
+poetry run ./scripts-dev/lint.sh path/to/file1.py path/to/file2.py path/to/folder
```
## Run the unit tests (Twisted trial).
@@ -148,16 +154,14 @@ The unit tests run parts of Synapse, including your changes, to see if anything
was broken. They are slower than the linters but will typically catch more errors.
```sh
-source ./env/bin/activate
-trial tests
+poetry run trial tests
```
If you wish to only run *some* unit tests, you may specify
another module instead of `tests` - or a test class or a method:
```sh
-source ./env/bin/activate
-trial tests.rest.admin.test_room tests.handlers.test_admin.ExfiltrateData.test_invite
+poetry run trial tests.rest.admin.test_room tests.handlers.test_admin.ExfiltrateData.test_invite
```
If your tests fail, you may wish to look at the logs (the default log level is `ERROR`):
@@ -169,7 +173,7 @@ less _trial_temp/test.log
To increase the log level for the tests, set `SYNAPSE_TEST_LOG_LEVEL`:
```sh
-SYNAPSE_TEST_LOG_LEVEL=DEBUG trial tests
+SYNAPSE_TEST_LOG_LEVEL=DEBUG poetry run trial tests
```
By default, tests will use an in-memory SQLite database for test data. For additional
@@ -180,7 +184,7 @@ database state to be stored in a file named `test.db` under the trial process'
working directory. Typically, this ends up being `_trial_temp/test.db`. For example:
```sh
-SYNAPSE_TEST_PERSIST_SQLITE_DB=1 trial tests
+SYNAPSE_TEST_PERSIST_SQLITE_DB=1 poetry run trial tests
```
The database file can then be inspected with:
@@ -266,13 +270,13 @@ COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh
To run a specific test file, you can pass the test name at the end of the command. The name passed comes from the naming structure in your Complement tests. If you're unsure of the name, you can do a full run and copy it from the test output:
```sh
-COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory
+COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages
```
To run a specific test, you can specify the whole name structure:
```sh
-COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh TestBackfillingHistory/parallel/Backfilled_historical_events_resolve_with_proper_state_in_correct_order
+COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages/parallel/Historical_events_resolve_in_the_correct_order
```
diff --git a/docs/development/dependencies.md b/docs/development/dependencies.md
new file mode 100644
index 000000000000..8ef7d357d8cd
--- /dev/null
+++ b/docs/development/dependencies.md
@@ -0,0 +1,239 @@
+# Managing dependencies with Poetry
+
+This is a quick cheat sheet for developers on how to use [`poetry`](https://python-poetry.org/).
+
+# Background
+
+Synapse uses a variety of third-party Python packages to function as a homeserver.
+Some of these are direct dependencies, listed in `pyproject.toml` under the
+`[tool.poetry.dependencies]` section. The rest are transitive dependencies (the
+things that our direct dependencies themselves depend on, and so on recursively.)
+
+We maintain a locked list of all our dependencies (transitive included) so that
+we can track exactly which version of each dependency appears in a given release.
+See [here](https://github.com/matrix-org/synapse/issues/11537#issue-1074469665)
+for discussion of why we wanted this for Synapse. We chose to use
+[`poetry`](https://python-poetry.org/) to manage this locked list; see
+[this comment](https://github.com/matrix-org/synapse/issues/11537#issuecomment-1015975819)
+for the reasoning.
+
+The locked dependencies get included in our "self-contained" releases: namely,
+our docker images and our debian packages. We also use the locked dependencies
+in development and our continuous integration.
+
+Separately, our "broad" dependencies—the version ranges specified in
+`pyproject.toml`—are included as metadata in our "sdists" and "wheels" [uploaded
+to PyPI](https://pypi.org/project/matrix-synapse). Installing from PyPI or from
+the Synapse source tree directly will _not_ use the locked dependencies; instead,
+they'll pull in the latest version of each package available at install time.
+
+## Example dependency
+
+An example may help. We have a broad dependency on
+[`phonenumbers`](https://pypi.org/project/phonenumbers/), as declared in
+this snippet from pyproject.toml [as of Synapse 1.57](
+https://github.com/matrix-org/synapse/blob/release-v1.57/pyproject.toml#L133
+):
+
+```toml
+[tool.poetry.dependencies]
+# ...
+phonenumbers = ">=8.2.0"
+```
+
+In our lockfile this is
+[pinned]( https://github.com/matrix-org/synapse/blob/dfc7646504cef3e4ff396c36089e1c6f1b1634de/poetry.lock#L679-L685)
+to version 8.12.44, even though
+[newer versions are available](https://pypi.org/project/phonenumbers/#history).
+
+```toml
+[[package]]
+name = "phonenumbers"
+version = "8.12.44"
+description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers."
+category = "main"
+optional = false
+python-versions = "*"
+```
+
+The lockfile also includes a
+[cryptographic checksum](https://github.com/matrix-org/synapse/blob/release-v1.57/poetry.lock#L2178-L2181)
+of the sdists and wheels provided for this version of `phonenumbers`.
+
+```toml
+[metadata.files]
+# ...
+phonenumbers = [
+ {file = "phonenumbers-8.12.44-py2.py3-none-any.whl", hash = "sha256:cc1299cf37b309ecab6214297663ab86cb3d64ae37fd5b88e904fe7983a874a6"},
+ {file = "phonenumbers-8.12.44.tar.gz", hash = "sha256:26cfd0257d1704fe2f88caff2caabb70d16a877b1e65b6aae51f9fbbe10aa8ce"},
+]
+```
+
+We can see this pinned version inside the docker image for that release:
+
+```
+$ docker pull matrixdotorg/synapse:v1.57.0
+...
+$ docker run --entrypoint pip matrixdotorg/synapse:v1.57.0 show phonenumbers
+Name: phonenumbers
+Version: 8.12.44
+Summary: Python version of Google's common library for parsing, formatting, storing and validating international phone numbers.
+Home-page: https://github.com/daviddrysdale/python-phonenumbers
+Author: David Drysdale
+Author-email: dmd@lurklurk.org
+License: Apache License 2.0
+Location: /usr/local/lib/python3.9/site-packages
+Requires:
+Required-by: matrix-synapse
+```
+
+Whereas the wheel metadata just contains the broad dependencies:
+
+```
+$ cd /tmp
+$ wget https://files.pythonhosted.org/packages/ca/5e/d722d572cc5b3092402b783d6b7185901b444427633bd8a6b00ea0dd41b7/matrix_synapse-1.57.0rc1-py3-none-any.whl
+...
+$ unzip -c matrix_synapse-1.57.0rc1-py3-none-any.whl matrix_synapse-1.57.0rc1.dist-info/METADATA | grep phonenumbers
+Requires-Dist: phonenumbers (>=8.2.0)
+```
+
+# Tooling recommendation: direnv
+
+[`direnv`](https://direnv.net/) is a tool for activating environments in your
+shell inside a given directory. Its support for poetry is unofficial (a
+community wiki recipe only), but works solidly in our experience. We thoroughly
+recommend it for daily use. To use it:
+
+1. [Install `direnv`](https://direnv.net/docs/installation.html) - it's likely
+ packaged for your system already.
+2. Teach direnv about poetry. The [shell config here](https://github.com/direnv/direnv/wiki/Python#poetry)
+ needs to be added to `~/.config/direnv/direnvrc` (or more generally `$XDG_CONFIG_HOME/direnv/direnvrc`).
+3. Mark the synapse checkout as a poetry project: `echo layout poetry > .envrc`.
+4. Convince yourself that you trust this `.envrc` configuration and project.
+ Then formally confirm this to `direnv` by running `direnv allow`.
+
+Then whenever you navigate to the synapse checkout, you should be able to run
+e.g. `mypy` instead of `poetry run mypy`; `python` instead of
+`poetry run python`; and your shell commands will automatically run in the
+context of poetry's venv, without having to run `poetry shell` beforehand.
+
+
+# How do I...
+
+## ...reset my venv to the locked environment?
+
+```shell
+poetry install --extras all --remove-untracked
+```
+
+## ...run a command in the `poetry` virtualenv?
+
+Use `poetry run cmd args` when you need the python virtualenv context.
+To avoid typing `poetry run` all the time, you can run `poetry shell`
+to start a new shell in the poetry virtualenv context. Within `poetry shell`,
+`python`, `pip`, `mypy`, `trial`, etc. are all run inside the project virtualenv
+and isolated from the rest o the system.
+
+Roughly speaking, the translation from a traditional virtualenv is:
+- `env/bin/activate` -> `poetry shell`, and
+- `deactivate` -> close the terminal (Ctrl-D, `exit`, etc.)
+
+See also the direnv recommendation above, which makes `poetry run` and
+`poetry shell` unnecessary.
+
+
+## ...inspect the `poetry` virtualenv?
+
+Some suggestions:
+
+```shell
+# Current env only
+poetry env info
+# All envs: this allows you to have e.g. a poetry managed venv for Python 3.7,
+# and another for Python 3.10.
+poetry env list --full-path
+poetry run pip list
+```
+
+Note that `poetry show` describes the abstract *lock file* rather than your
+on-disk environment. With that said, `poetry show --tree` can sometimes be
+useful.
+
+
+## ...add a new dependency?
+
+Either:
+- manually update `pyproject.toml`; then `poetry lock --no-update`; or else
+- `poetry add packagename`. See `poetry add --help`; note the `--dev`,
+ `--extras` and `--optional` flags in particular.
+ - **NB**: this specifies the new package with a version given by a "caret bound". This won't get forced to its lowest version in the old deps CI job: see [this TODO](https://github.com/matrix-org/synapse/blob/4e1374373857f2f7a911a31c50476342d9070681/.ci/scripts/test_old_deps.sh#L35-L39).
+
+Include the updated `pyproject.toml` and `poetry.lock` files in your commit.
+
+## ...remove a dependency?
+
+This is not done often and is untested, but
+
+```shell
+poetry remove packagename
+```
+
+ought to do the trick. Alternatively, manually update `pyproject.toml` and
+`poetry lock --no-update`. Include the updated `pyproject.toml` and poetry.lock`
+files in your commit.
+
+## ...update the version range for an existing dependency?
+
+Best done by manually editing `pyproject.toml`, then `poetry lock --no-update`.
+Include the updated `pyproject.toml` and `poetry.lock` in your commit.
+
+## ...update a dependency in the locked environment?
+
+Use
+
+```shell
+poetry update packagename
+```
+
+to use the latest version of `packagename` in the locked environment, without
+affecting the broad dependencies listed in the wheel.
+
+There doesn't seem to be a way to do this whilst locking a _specific_ version of
+`packagename`. We can workaround this (crudely) as follows:
+
+```shell
+poetry add packagename==1.2.3
+# This should update pyproject.lock.
+
+# Now undo the changes to pyproject.toml. For example
+# git restore pyproject.toml
+
+# Get poetry to recompute the content-hash of pyproject.toml without changing
+# the locked package versions.
+poetry lock --no-update
+```
+
+Either way, include the updated `poetry.lock` file in your commit.
+
+## ...export a `requirements.txt` file?
+
+```shell
+poetry export --extras all
+```
+
+Be wary of bugs in `poetry export` and `pip install -r requirements.txt`.
+
+Note: `poetry export` will be made a plugin in Poetry 1.2. Additional config may
+be required.
+
+## ...build a test wheel?
+
+I usually use
+
+```shell
+poetry run pip install build && poetry run python -m build
+```
+
+because [`build`](https://github.com/pypa/build) is a standardish tool which
+doesn't require poetry. (It's what we use in CI too). However, you could try
+`poetry build` too.
diff --git a/docs/jwt.md b/docs/jwt.md
index 32f58cc0cbbf..346daf78ad1e 100644
--- a/docs/jwt.md
+++ b/docs/jwt.md
@@ -17,9 +17,6 @@ follows:
}
```
-Note that the login type of `m.login.jwt` is supported, but is deprecated. This
-will be removed in a future version of Synapse.
-
The `token` field should include the JSON web token with the following claims:
* A claim that encodes the local part of the user ID is required. By default,
diff --git a/docs/replication.md b/docs/replication.md
index e82df0de8a30..108da9a065d8 100644
--- a/docs/replication.md
+++ b/docs/replication.md
@@ -35,3 +35,8 @@ See [the TCP replication documentation](tcp_replication.md).
There are read-only version of the synapse storage layer in
`synapse/replication/slave/storage` that use the response of the
replication API to invalidate their caches.
+
+### The TCP Replication Module
+Information about how the tcp replication module is structured, including how
+the classes interact, can be found in
+`synapse/replication/tcp/__init__.py`
diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md
index 5a0c847951a6..69caa8a73ee8 100644
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -206,6 +206,28 @@ backend matrix
server matrix 127.0.0.1:8008
```
+
+[Delegation](delegate.md) example:
+```
+frontend https
+ acl matrix-well-known-client-path path /.well-known/matrix/client
+ acl matrix-well-known-server-path path /.well-known/matrix/server
+ use_backend matrix-well-known-client if matrix-well-known-client-path
+ use_backend matrix-well-known-server if matrix-well-known-server-path
+
+backend matrix-well-known-client
+ http-after-response set-header Access-Control-Allow-Origin "*"
+ http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+ http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+ http-request return status 200 content-type application/json string '{"m.homeserver":{"base_url":"https://matrix.example.com"},"m.identity_server":{"base_url":"https://identity.example.com"}}'
+
+backend matrix-well-known-server
+ http-after-response set-header Access-Control-Allow-Origin "*"
+ http-after-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+ http-after-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+ http-request return status 200 content-type application/json string '{"m.server":"matrix.example.com:443"}'
+```
+
### Relayd
```
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index b8d8c0dbf0a1..a803b8261dcd 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -407,6 +407,11 @@ manhole_settings:
# sign up in a short space of time never to return after their initial
# session.
#
+# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
+# applies a different trial number if the user was registered by an appservice.
+# A value of 0 means no trial days are applied. Appservices not listed in this
+# dictionary use the value of `mau_trial_days` instead.
+#
# 'mau_limit_alerting' is a means of limiting client side alerting
# should the mau limit be reached. This is useful for small instances
# where the admin has 5 mau seats (say) for 5 specific people and no
@@ -417,6 +422,8 @@ manhole_settings:
#max_mau_value: 50
#mau_trial_days: 2
#mau_limit_alerting: false
+#mau_appservice_trial_days:
+# "appservice-id": 1
# If enabled, the metrics for the number of monthly active users will
# be populated, however no one will be limited. If limit_usage_by_mau
@@ -709,11 +716,11 @@ retention:
#
#allow_profile_lookup_over_federation: false
-# Uncomment to disable device display name lookup over federation. By default, the
-# Federation API allows other homeservers to obtain device display names of any user
-# on this homeserver. Defaults to 'true'.
+# Uncomment to allow device display name lookup over federation. By default, the
+# Federation API prevents other homeservers from obtaining the display names of
+# user devices on this homeserver. Defaults to 'false'.
#
-#allow_device_name_lookup_over_federation: false
+#allow_device_name_lookup_over_federation: true
## Caching ##
@@ -1323,6 +1330,12 @@ oembed:
#
#registration_requires_token: true
+# Allow users to submit a token during registration to bypass any required 3pid
+# steps configured in `registrations_require_3pid`.
+# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
+#
+#enable_registration_token_3pid_bypass: false
+
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
diff --git a/docs/sample_log_config.yaml b/docs/sample_log_config.yaml
index 2485ad25edfc..3065a0e2d986 100644
--- a/docs/sample_log_config.yaml
+++ b/docs/sample_log_config.yaml
@@ -62,13 +62,6 @@ loggers:
# information such as access tokens.
level: INFO
- twisted:
- # We send the twisted logging directly to the file handler,
- # to work around https://github.com/matrix-org/synapse/issues/3471
- # when using "buffer" logger. Use "console" to log to stderr instead.
- handlers: [file]
- propagate: false
-
root:
level: INFO
diff --git a/docs/systemd-with-workers/workers/background_worker.yaml b/docs/systemd-with-workers/workers/background_worker.yaml
new file mode 100644
index 000000000000..9fbfbda7db94
--- /dev/null
+++ b/docs/systemd-with-workers/workers/background_worker.yaml
@@ -0,0 +1,8 @@
+worker_app: synapse.app.generic_worker
+worker_name: background_worker
+
+# The replication listener on the main synapse process.
+worker_replication_host: 127.0.0.1
+worker_replication_http_port: 9093
+
+worker_log_config: /etc/matrix-synapse/background-worker-log.yaml
diff --git a/docs/systemd-with-workers/workers/event_persister.yaml b/docs/systemd-with-workers/workers/event_persister.yaml
new file mode 100644
index 000000000000..9bc6997bad99
--- /dev/null
+++ b/docs/systemd-with-workers/workers/event_persister.yaml
@@ -0,0 +1,23 @@
+worker_app: synapse.app.generic_worker
+worker_name: event_persister1
+
+# The replication listener on the main synapse process.
+worker_replication_host: 127.0.0.1
+worker_replication_http_port: 9093
+
+worker_listeners:
+ - type: http
+ port: 8034
+ resources:
+ - names: [replication]
+
+ # Enable listener if this stream writer handles endpoints for the `typing` or
+ # `to_device` streams. Uses a different port to the `replication` listener to
+ # avoid exposing the `replication` listener publicly.
+ #
+ #- type: http
+ # port: 8035
+ # resources:
+ # - names: [client]
+
+worker_log_config: /etc/matrix-synapse/event-persister-log.yaml
diff --git a/docs/systemd-with-workers/workers/generic_worker.yaml b/docs/systemd-with-workers/workers/generic_worker.yaml
index 8561e2cda59c..a82f9c161f81 100644
--- a/docs/systemd-with-workers/workers/generic_worker.yaml
+++ b/docs/systemd-with-workers/workers/generic_worker.yaml
@@ -1,12 +1,13 @@
worker_app: synapse.app.generic_worker
worker_name: generic_worker1
+# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
- port: 8011
+ port: 8083
resources:
- names: [client, federation]
diff --git a/docs/turn-howto.md b/docs/turn-howto.md
index 3a2cd04e36a9..37a311ad9cc7 100644
--- a/docs/turn-howto.md
+++ b/docs/turn-howto.md
@@ -302,14 +302,14 @@ Here are a few things to try:
(Understanding the output is beyond the scope of this document!)
- * You can test your Matrix homeserver TURN setup with https://test.voip.librepush.net/.
+ * You can test your Matrix homeserver TURN setup with .
Note that this test is not fully reliable yet, so don't be discouraged if
the test fails.
[Here](https://github.com/matrix-org/voip-tester) is the github repo of the
source of the tester, where you can file bug reports.
* There is a WebRTC test tool at
- https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/. To
+ . To
use it, you will need a username/password for your TURN server. You can
either:
diff --git a/docs/upgrade.md b/docs/upgrade.md
index d5516dfc99b7..fa4b3ef5902d 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -19,32 +19,36 @@ this document.
packages](setup/installation.md#prebuilt-packages), you will need to follow the
normal process for upgrading those packages.
+- If Synapse was installed using pip then upgrade to the latest
+ version by running:
+
+ ```bash
+ pip install --upgrade matrix-synapse
+ ```
+
- If Synapse was installed from source, then:
- 1. Activate the virtualenv before upgrading. For example, if
- Synapse is installed in a virtualenv in `~/synapse/env` then
+ 1. Obtain the latest version of the source code. Git users can run
+ `git pull` to do this.
+
+ 2. If you're running Synapse in a virtualenv, make sure to activate it before
+ upgrading. For example, if Synapse is installed in a virtualenv in `~/synapse/env` then
run:
```bash
source ~/synapse/env/bin/activate
+ pip install --upgrade .
```
+ Include any relevant extras between square brackets, e.g. `pip install --upgrade ".[postgres,oidc]"`.
- 2. If Synapse was installed using pip then upgrade to the latest
- version by running:
-
- ```bash
- pip install --upgrade matrix-synapse
- ```
-
- If Synapse was installed using git then upgrade to the latest
- version by running:
-
+ 3. If you're using `poetry` to manage a Synapse installation, run:
```bash
- git pull
- pip install --upgrade .
+ poetry install
```
+ Include any relevant extras with `--extras`, e.g. `poetry install --extras postgres --extras oidc`.
+ It's probably easiest to run `poetry install --extras all`.
- 3. Restart Synapse:
+ 4. Restart Synapse:
```bash
synctl restart
@@ -85,6 +89,50 @@ process, for example:
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
```
+# Upgrading to v1.59.0
+
+## Device name lookup over federation has been disabled by default
+
+The names of user devices are no longer visible to users on other homeservers by default.
+Device IDs are unaffected, as these are necessary to facilitate end-to-end encryption.
+
+To re-enable this functionality, set the
+[`allow_device_name_lookup_over_federation`](https://matrix-org.github.io/synapse/v1.59/usage/configuration/config_documentation.html#federation)
+homeserver config option to `true`.
+
+
+## Deprecation of the `synapse.app.appservice` and `synapse.app.user_dir` worker application types
+
+The `synapse.app.appservice` worker application type allowed you to configure a
+single worker to use to notify application services of new events, as long
+as this functionality was disabled on the main process with `notify_appservices: False`.
+Further, the `synapse.app.user_dir` worker application type allowed you to configure
+a single worker to be responsible for updating the user directory, as long as this
+was disabled on the main process with `update_user_directory: False`.
+
+To unify Synapse's worker types, the `synapse.app.appservice` worker application
+type and the `notify_appservices` configuration option have been deprecated.
+The `synapse.app.user_dir` worker application type and `update_user_directory`
+configuration option have also been deprecated.
+
+To get the same functionality as was provided by the deprecated options, it's now recommended that the `synapse.app.generic_worker`
+worker application type is used and that the `notify_appservices_from_worker` and/or
+`update_user_directory_from_worker` options are set to the name of a worker.
+
+For the time being, the old options can be used alongside the new options to make
+it easier to transition between the two configurations, however please note that:
+
+- the options must not contradict each other (otherwise Synapse won't start); and
+- the `notify_appservices` and `update_user_directory` options will be removed in a future release of Synapse.
+
+Please see the [*Notifying Application Services*][v1_59_notify_ases_from] and
+[*Updating the User Directory*][v1_59_update_user_dir] sections of the worker
+documentation for more information.
+
+[v1_59_notify_ases_from]: workers.md#notifying-application-services
+[v1_59_update_user_dir]: workers.md#updating-the-user-directory
+
+
# Upgrading to v1.58.0
## Groups/communities feature has been disabled by default
@@ -92,6 +140,7 @@ process, for example:
The non-standard groups/communities feature in Synapse has been disabled by default
and will be removed in Synapse v1.61.0.
+
# Upgrading to v1.57.0
## Changes to database schema for application services
@@ -103,7 +152,7 @@ worker for application service traffic, **it must be stopped** when the database
without any risk of reusing transaction IDs.
Deployments which do not use separate worker processes can be upgraded as normal. Similarly,
-deployments where no applciation services are in use can be upgraded as normal.
+deployments where no application services are in use can be upgraded as normal.
Recovering from an incorrect upgrade
diff --git a/docs/usage/administration/request_log.md b/docs/usage/administration/request_log.md
index 316304c7348a..adb5f4f5f353 100644
--- a/docs/usage/administration/request_log.md
+++ b/docs/usage/administration/request_log.md
@@ -28,7 +28,7 @@ See the following for how to decode the dense data available from the default lo
| NNNN | Total time waiting for response to DB queries across all parallel DB work from this request |
| OOOO | Count of DB transactions performed |
| PPPP | Response body size |
-| QQQQ | Response status code (prefixed with ! if the socket was closed before the response was generated) |
+| QQQQ | Response status code
Suffixed with `!` if the socket was closed before the response was generated.
A `499!` status code indicates that Synapse also cancelled request processing after the socket was closed.
|
| RRRR | Request |
| SSSS | User-agent |
| TTTT | Events fetched from DB to service this request (note that this does not include events fetched from the cache) |
diff --git a/docs/usage/administration/useful_sql_for_admins.md b/docs/usage/administration/useful_sql_for_admins.md
index d4aada3272d0..f3b97f957677 100644
--- a/docs/usage/administration/useful_sql_for_admins.md
+++ b/docs/usage/administration/useful_sql_for_admins.md
@@ -1,7 +1,10 @@
## Some useful SQL queries for Synapse Admins
## Size of full matrix db
-`SELECT pg_size_pretty( pg_database_size( 'matrix' ) );`
+```sql
+SELECT pg_size_pretty( pg_database_size( 'matrix' ) );
+```
+
### Result example:
```
pg_size_pretty
@@ -9,39 +12,19 @@ pg_size_pretty
6420 MB
(1 row)
```
-## Show top 20 larger rooms by state events count
-```sql
-SELECT r.name, s.room_id, s.current_state_events
- FROM room_stats_current s
- LEFT JOIN room_stats_state r USING (room_id)
- ORDER BY current_state_events DESC
- LIMIT 20;
-```
-
-and by state_group_events count:
-```sql
-SELECT rss.name, s.room_id, count(s.room_id) FROM state_groups_state s
-LEFT JOIN room_stats_state rss USING (room_id)
-GROUP BY s.room_id, rss.name
-ORDER BY count(s.room_id) DESC
-LIMIT 20;
-```
-plus same, but with join removed for performance reasons:
-```sql
-SELECT s.room_id, count(s.room_id) FROM state_groups_state s
-GROUP BY s.room_id
-ORDER BY count(s.room_id) DESC
-LIMIT 20;
-```
## Show top 20 larger tables by row count
```sql
-SELECT relname, n_live_tup as rows
- FROM pg_stat_user_tables
+SELECT relname, n_live_tup AS "rows"
+ FROM pg_stat_user_tables
ORDER BY n_live_tup DESC
LIMIT 20;
```
-This query is quick, but may be very approximate, for exact number of rows use `SELECT COUNT(*) FROM `.
+This query is quick, but may be very approximate, for exact number of rows use:
+```sql
+SELECT COUNT(*) FROM ;
+```
+
### Result example:
```
state_groups_state - 161687170
@@ -66,46 +49,19 @@ device_lists_stream - 326903
user_directory_search - 316433
```
-## Show top 20 rooms by new events count in last 1 day:
-```sql
-SELECT e.room_id, r.name, COUNT(e.event_id) cnt FROM events e
-LEFT JOIN room_stats_state r USING (room_id)
-WHERE e.origin_server_ts >= DATE_PART('epoch', NOW() - INTERVAL '1 day') * 1000 GROUP BY e.room_id, r.name ORDER BY cnt DESC LIMIT 20;
-```
-
-## Show top 20 users on homeserver by sent events (messages) at last month:
-```sql
-SELECT user_id, SUM(total_events)
- FROM user_stats_historical
- WHERE TO_TIMESTAMP(end_ts/1000) AT TIME ZONE 'UTC' > date_trunc('day', now() - interval '1 month')
- GROUP BY user_id
- ORDER BY SUM(total_events) DESC
- LIMIT 20;
-```
-
-## Show last 100 messages from needed user, with room names:
-```sql
-SELECT e.room_id, r.name, e.event_id, e.type, e.content, j.json FROM events e
- LEFT JOIN event_json j USING (room_id)
- LEFT JOIN room_stats_state r USING (room_id)
- WHERE sender = '@LOGIN:example.com'
- AND e.type = 'm.room.message'
- ORDER BY stream_ordering DESC
- LIMIT 100;
-```
-
## Show top 20 larger tables by storage size
```sql
SELECT nspname || '.' || relname AS "relation",
- pg_size_pretty(pg_total_relation_size(C.oid)) AS "total_size"
- FROM pg_class C
- LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace)
+ pg_size_pretty(pg_total_relation_size(c.oid)) AS "total_size"
+ FROM pg_class c
+ LEFT JOIN pg_namespace n ON (n.oid = c.relnamespace)
WHERE nspname NOT IN ('pg_catalog', 'information_schema')
- AND C.relkind <> 'i'
+ AND c.relkind <> 'i'
AND nspname !~ '^pg_toast'
- ORDER BY pg_total_relation_size(C.oid) DESC
+ ORDER BY pg_total_relation_size(c.oid) DESC
LIMIT 20;
```
+
### Result example:
```
public.state_groups_state - 27 GB
@@ -130,8 +86,93 @@ public.device_lists_remote_cache - 124 MB
public.state_group_edges - 122 MB
```
+## Show top 20 larger rooms by state events count
+You get the same information when you use the
+[admin API](../../admin_api/rooms.md#list-room-api)
+and set parameter `order_by=state_events`.
+
+```sql
+SELECT r.name, s.room_id, s.current_state_events
+ FROM room_stats_current s
+ LEFT JOIN room_stats_state r USING (room_id)
+ ORDER BY current_state_events DESC
+ LIMIT 20;
+```
+
+and by state_group_events count:
+```sql
+SELECT rss.name, s.room_id, COUNT(s.room_id)
+ FROM state_groups_state s
+ LEFT JOIN room_stats_state rss USING (room_id)
+ GROUP BY s.room_id, rss.name
+ ORDER BY COUNT(s.room_id) DESC
+ LIMIT 20;
+```
+
+plus same, but with join removed for performance reasons:
+```sql
+SELECT s.room_id, COUNT(s.room_id)
+ FROM state_groups_state s
+ GROUP BY s.room_id
+ ORDER BY COUNT(s.room_id) DESC
+ LIMIT 20;
+```
+
+## Show top 20 rooms by new events count in last 1 day:
+```sql
+SELECT e.room_id, r.name, COUNT(e.event_id) cnt
+ FROM events e
+ LEFT JOIN room_stats_state r USING (room_id)
+ WHERE e.origin_server_ts >= DATE_PART('epoch', NOW() - INTERVAL '1 day') * 1000
+ GROUP BY e.room_id, r.name
+ ORDER BY cnt DESC
+ LIMIT 20;
+```
+
+## Show top 20 users on homeserver by sent events (messages) at last month:
+Caution. This query does not use any indexes, can be slow and create load on the database.
+```sql
+SELECT COUNT(*), sender
+ FROM events
+ WHERE (type = 'm.room.encrypted' OR type = 'm.room.message')
+ AND origin_server_ts >= DATE_PART('epoch', NOW() - INTERVAL '1 month') * 1000
+ GROUP BY sender
+ ORDER BY COUNT(*) DESC
+ LIMIT 20;
+```
+
+## Show last 100 messages from needed user, with room names:
+```sql
+SELECT e.room_id, r.name, e.event_id, e.type, e.content, j.json
+ FROM events e
+ LEFT JOIN event_json j USING (room_id)
+ LEFT JOIN room_stats_state r USING (room_id)
+ WHERE sender = '@LOGIN:example.com'
+ AND e.type = 'm.room.message'
+ ORDER BY stream_ordering DESC
+ LIMIT 100;
+```
+
## Show rooms with names, sorted by events in this rooms
-`echo "select event_json.room_id,room_stats_state.name from event_json,room_stats_state where room_stats_state.room_id=event_json.room_id" | psql synapse | sort | uniq -c | sort -n`
+
+**Sort and order with bash**
+```bash
+echo "SELECT event_json.room_id, room_stats_state.name FROM event_json, room_stats_state \
+WHERE room_stats_state.room_id = event_json.room_id" | psql -d synapse -h localhost -U synapse_user -t \
+| sort | uniq -c | sort -n
+```
+Documentation for `psql` command line parameters: https://www.postgresql.org/docs/current/app-psql.html
+
+**Sort and order with SQL**
+```sql
+SELECT COUNT(*), event_json.room_id, room_stats_state.name
+ FROM event_json, room_stats_state
+ WHERE room_stats_state.room_id = event_json.room_id
+ GROUP BY event_json.room_id, room_stats_state.name
+ ORDER BY COUNT(*) DESC
+ LIMIT 50;
+```
+
### Result example:
```
9459 !FPUfgzXYWTKgIrwKxW:matrix.org | This Week in Matrix
@@ -145,12 +186,22 @@ public.state_group_edges - 122 MB
```
## Lookup room state info by list of room_id
+You get the same information when you use the
+[admin API](../../admin_api/rooms.md#room-details-api).
```sql
-SELECT rss.room_id, rss.name, rss.canonical_alias, rss.topic, rss.encryption, rsc.joined_members, rsc.local_users_in_room, rss.join_rules
-FROM room_stats_state rss
-LEFT JOIN room_stats_current rsc USING (room_id)
-WHERE room_id IN (WHERE room_id IN (
- '!OGEhHVWSdvArJzumhm:matrix.org',
- '!YTvKGNlinIzlkMTVRl:matrix.org'
-)
-```
\ No newline at end of file
+SELECT rss.room_id, rss.name, rss.canonical_alias, rss.topic, rss.encryption,
+ rsc.joined_members, rsc.local_users_in_room, rss.join_rules
+ FROM room_stats_state rss
+ LEFT JOIN room_stats_current rsc USING (room_id)
+ WHERE room_id IN ( WHERE room_id IN (
+ '!OGEhHVWSdvArJzumhm:matrix.org',
+ '!YTvKGNlinIzlkMTVRl:matrix.org'
+ );
+```
+
+## Show users and devices that have not been online for a while
+```sql
+SELECT user_id, device_id, user_agent, TO_TIMESTAMP(last_seen / 1000) AS "last_seen"
+ FROM devices
+ WHERE last_seen < DATE_PART('epoch', NOW() - INTERVAL '3 month') * 1000;
+```
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
new file mode 100644
index 000000000000..21dad0ac41e2
--- /dev/null
+++ b/docs/usage/configuration/config_documentation.md
@@ -0,0 +1,3468 @@
+# Configuring Synapse
+
+This is intended as a guide to the Synapse configuration. The behavior of a Synapse instance can be modified
+through the many configuration settings documented here — each config option is explained,
+including what the default is, how to change the default and what sort of behaviour the setting governs.
+Also included is an example configuration for each setting. If you don't want to spend a lot of time
+thinking about options, the config as generated sets sensible defaults for all values. Do note however that the
+database defaults to SQLite, which is not recommended for production usage. You can read more on this subject
+[here](../../setup/installation.md#using-postgresql).
+
+## Config Conventions
+
+Configuration options that take a time period can be set using a number
+followed by a letter. Letters have the following meanings:
+
+* `s` = second
+* `m` = minute
+* `h` = hour
+* `d` = day
+* `w` = week
+* `y` = year
+
+For example, setting `redaction_retention_period: 5m` would remove redacted
+messages from the database after 5 minutes, rather than 5 months.
+
+### YAML
+The configuration file is a [YAML](https://yaml.org/) file, which means that certain syntax rules
+apply if you want your config file to be read properly. A few helpful things to know:
+* `#` before any option in the config will comment out that setting and either a default (if available) will
+ be applied or Synapse will ignore the setting. Thus, in example #1 below, the setting will be read and
+ applied, but in example #2 the setting will not be read and a default will be applied.
+
+ Example #1:
+ ```yaml
+ pid_file: DATADIR/homeserver.pid
+ ```
+ Example #2:
+ ```yaml
+ #pid_file: DATADIR/homeserver.pid
+ ```
+* Indentation matters! The indentation before a setting
+ will determine whether a given setting is read as part of another
+ setting, or considered on its own. Thus, in example #1, the `enabled` setting
+ is read as a sub-option of the `presence` setting, and will be properly applied.
+
+ However, the lack of indentation before the `enabled` setting in example #2 means
+ that when reading the config, Synapse will consider both `presence` and `enabled` as
+ different settings. In this case, `presence` has no value, and thus a default applied, and `enabled`
+ is an option that Synapse doesn't recognize and thus ignores.
+
+ Example #1:
+ ```yaml
+ presence:
+ enabled: false
+ ```
+ Example #2:
+ ```yaml
+ presence:
+ enabled: false
+ ```
+ In this manual, all top-level settings (ones with no indentation) are identified
+ at the beginning of their section (i.e. "Config option: `example_setting`") and
+ the sub-options, if any, are identified and listed in the body of the section.
+ In addition, each setting has an example of its usage, with the proper indentation
+ shown.
+
+## Contents
+[Modules](#modules)
+
+[Server](#server)
+
+[Homeserver Blocking](#homeserver-blocking)
+
+[TLS](#tls)
+
+[Federation](#federation)
+
+[Caching](#caching)
+
+[Database](#database)
+
+[Logging](#logging)
+
+[Ratelimiting](#ratelimiting)
+
+[Media Store](#media-store)
+
+[Captcha](#captcha)
+
+[TURN](#turn)
+
+[Registration](#registration)
+
+[API Configuration](#api-configuration)
+
+[Signing Keys](#signing-keys)
+
+[Single Sign On Integration](#single-sign-on-integration)
+
+[Push](#push)
+
+[Rooms](#rooms)
+
+[Opentracing](#opentracing)
+
+[Workers](#workers)
+
+[Background Updates](#background-updates)
+
+## Modules
+
+Server admins can expand Synapse's functionality with external modules.
+
+See [here](../../modules/index.md) for more
+documentation on how to configure or create custom modules for Synapse.
+
+
+---
+Config option: `modules`
+
+Use the `module` sub-option to add modules under this option to extend functionality.
+The `module` setting then has a sub-option, `config`, which can be used to define some configuration
+for the `module`.
+
+Defaults to none.
+
+Example configuration:
+```yaml
+modules:
+ - module: my_super_module.MySuperClass
+ config:
+ do_thing: true
+ - module: my_other_super_module.SomeClass
+ config: {}
+```
+---
+## Server ##
+
+Define your homeserver name and other base options.
+
+---
+Config option: `server_name`
+
+This sets the public-facing domain of the server.
+
+The `server_name` name will appear at the end of usernames and room addresses
+created on your server. For example if the `server_name` was example.com,
+usernames on your server would be in the format `@user:example.com`
+
+In most cases you should avoid using a matrix specific subdomain such as
+matrix.example.com or synapse.example.com as the `server_name` for the same
+reasons you wouldn't use user@email.example.com as your email address.
+See [here](../../delegate.md)
+for information on how to host Synapse on a subdomain while preserving
+a clean `server_name`.
+
+The `server_name` cannot be changed later so it is important to
+configure this correctly before you start Synapse. It should be all
+lowercase and may contain an explicit port.
+
+There is no default for this option.
+
+Example configuration #1:
+```yaml
+server_name: matrix.org
+```
+Example configuration #2:
+```yaml
+server_name: localhost:8080
+```
+---
+Config option: `pid_file`
+
+When running Synapse as a daemon, the file to store the pid in. Defaults to none.
+
+Example configuration:
+```yaml
+pid_file: DATADIR/homeserver.pid
+```
+---
+Config option: `web_client_location`
+
+The absolute URL to the web client which `/` will redirect to. Defaults to none.
+
+Example configuration:
+```yaml
+web_client_location: https://riot.example.com/
+```
+---
+Config option: `public_baseurl`
+
+The public-facing base URL that clients use to access this Homeserver (not
+including _matrix/...). This is the same URL a user might enter into the
+'Custom Homeserver URL' field on their client. If you use Synapse with a
+reverse proxy, this should be the URL to reach Synapse via the proxy.
+Otherwise, it should be the URL to reach Synapse's client HTTP listener (see
+'listeners' below).
+
+Defaults to `https:///`.
+
+Example configuration:
+```yaml
+public_baseurl: https://example.com/
+```
+---
+Config option: `serve_server_wellknown`
+
+By default, other servers will try to reach our server on port 8448, which can
+be inconvenient in some environments.
+
+Provided `https:///` on port 443 is routed to Synapse, this
+option configures Synapse to serve a file at `https:///.well-known/matrix/server`.
+This will tell other servers to send traffic to port 443 instead.
+
+This option currently defaults to false.
+
+See https://matrix-org.github.io/synapse/latest/delegate.html for more
+information.
+
+Example configuration:
+```yaml
+serve_server_wellknown: true
+```
+---
+Config option: `soft_file_limit`
+
+Set the soft limit on the number of file descriptors synapse can use.
+Zero is used to indicate synapse should set the soft limit to the hard limit.
+Defaults to 0.
+
+Example configuration:
+```yaml
+soft_file_limit: 3
+```
+---
+Config option: `presence`
+
+Presence tracking allows users to see the state (e.g online/offline)
+of other local and remote users. Set the `enabled` sub-option to false to
+disable presence tracking on this homeserver. Defaults to true.
+This option replaces the previous top-level 'use_presence' option.
+
+Example configuration:
+```yaml
+presence:
+ enabled: false
+```
+---
+Config option: `require_auth_for_profile_requests`
+
+Whether to require authentication to retrieve profile data (avatars, display names) of other
+users through the client API. Defaults to false. Note that profile data is also available
+via the federation API, unless `allow_profile_lookup_over_federation` is set to false.
+
+Example configuration:
+```yaml
+require_auth_for_profile_requests: true
+```
+---
+Config option: `limit_profile_requests_to_users_who_share_rooms`
+
+Use this option to require a user to share a room with another user in order
+to retrieve their profile information. Only checked on Client-Server
+requests. Profile requests from other servers should be checked by the
+requesting server. Defaults to false.
+
+Example configuration:
+```yaml
+limit_profile_requests_to_users_who_share_rooms: true
+```
+---
+Config option: `include_profile_data_on_invite`
+
+Use this option to prevent a user's profile data from being retrieved and
+displayed in a room until they have joined it. By default, a user's
+profile data is included in an invite event, regardless of the values
+of the above two settings, and whether or not the users share a server.
+Defaults to true.
+
+Example configuration:
+```yaml
+include_profile_data_on_invite: false
+```
+---
+Config option: `allow_public_rooms_without_auth`
+
+If set to true, removes the need for authentication to access the server's
+public rooms directory through the client API, meaning that anyone can
+query the room directory. Defaults to false.
+
+Example configuration:
+```yaml
+allow_public_rooms_without_auth: true
+```
+---
+Config option: `allow_public_rooms_without_auth`
+
+If set to true, allows any other homeserver to fetch the server's public
+rooms directory via federation. Defaults to false.
+
+Example configuration:
+```yaml
+allow_public_rooms_over_federation: true
+```
+---
+Config option: `default_room_version`
+
+The default room version for newly created rooms on this server.
+
+Known room versions are listed [here](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
+
+For example, for room version 1, `default_room_version` should be set
+to "1".
+
+Currently defaults to "9".
+
+Example configuration:
+```yaml
+default_room_version: "8"
+```
+---
+Config option: `gc_thresholds`
+
+The garbage collection threshold parameters to pass to `gc.set_threshold`, if defined.
+Defaults to none.
+
+Example configuration:
+```yaml
+gc_thresholds: [700, 10, 10]
+```
+---
+Config option: `gc_min_interval`
+
+The minimum time in seconds between each GC for a generation, regardless of
+the GC thresholds. This ensures that we don't do GC too frequently. A value of `[1s, 10s, 30s]`
+indicates that a second must pass between consecutive generation 0 GCs, etc.
+
+Defaults to `[1s, 10s, 30s]`.
+
+Example configuration:
+```yaml
+gc_min_interval: [0.5s, 30s, 1m]
+```
+---
+Config option: `filter_timeline_limit`
+
+Set the limit on the returned events in the timeline in the get
+and sync operations. Defaults to 100. A value of -1 means no upper limit.
+
+
+Example configuration:
+```yaml
+filter_timeline_limit: 5000
+```
+---
+Config option: `block_non_admin_invites`
+
+Whether room invites to users on this server should be blocked
+(except those sent by local server admins). Defaults to false.
+
+Example configuration:
+```yaml
+block_non_admin_invites: true
+```
+---
+Config option: `enable_search`
+
+If set to false, new messages will not be indexed for searching and users
+will receive errors when searching for messages. Defaults to true.
+
+Example configuration:
+```yaml
+enable_search: false
+```
+---
+Config option: `ip_range_blacklist`
+
+This option prevents outgoing requests from being sent to the specified blacklisted IP address
+CIDR ranges. If this option is not specified then it defaults to private IP
+address ranges (see the example below).
+
+The blacklist applies to the outbound requests for federation, identity servers,
+push servers, and for checking key validity for third-party invite events.
+
+(0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+listed here, since they correspond to unroutable addresses.)
+
+This option replaces `federation_ip_range_blacklist` in Synapse v1.25.0.
+
+Note: The value is ignored when an HTTP proxy is in use.
+
+Example configuration:
+```yaml
+ip_range_blacklist:
+ - '127.0.0.0/8'
+ - '10.0.0.0/8'
+ - '172.16.0.0/12'
+ - '192.168.0.0/16'
+ - '100.64.0.0/10'
+ - '192.0.0.0/24'
+ - '169.254.0.0/16'
+ - '192.88.99.0/24'
+ - '198.18.0.0/15'
+ - '192.0.2.0/24'
+ - '198.51.100.0/24'
+ - '203.0.113.0/24'
+ - '224.0.0.0/4'
+ - '::1/128'
+ - 'fe80::/10'
+ - 'fc00::/7'
+ - '2001:db8::/32'
+ - 'ff00::/8'
+ - 'fec0::/10'
+```
+---
+Config option: `ip_range_whitelist`
+
+List of IP address CIDR ranges that should be allowed for federation,
+identity servers, push servers, and for checking key validity for
+third-party invite events. This is useful for specifying exceptions to
+wide-ranging blacklisted target IP ranges - e.g. for communication with
+a push server only visible in your network.
+
+This whitelist overrides `ip_range_blacklist` and defaults to an empty
+list.
+
+Example configuration:
+```yaml
+ip_range_whitelist:
+ - '192.168.1.1'
+```
+---
+Config option: `listeners`
+
+List of ports that Synapse should listen on, their purpose and their
+configuration.
+
+Sub-options for each listener include:
+
+* `port`: the TCP port to bind to.
+
+* `bind_addresses`: a list of local addresses to listen on. The default is
+ 'all local interfaces'.
+
+* `type`: the type of listener. Normally `http`, but other valid options are:
+
+ * `manhole`: (see the docs [here](../../manhole.md)),
+
+ * `metrics`: (see the docs [here](../../metrics-howto.md)),
+
+ * `replication`: (see the docs [here](../../workers.md)).
+
+* `tls`: set to true to enable TLS for this listener. Will use the TLS key/cert specified in tls_private_key_path / tls_certificate_path.
+
+* `x_forwarded`: Only valid for an 'http' listener. Set to true to use the X-Forwarded-For header as the client IP. Useful when Synapse is
+ behind a reverse-proxy.
+
+* `resources`: Only valid for an 'http' listener. A list of resources to host
+ on this port. Sub-options for each resource are:
+
+ * `names`: a list of names of HTTP resources. See below for a list of valid resource names.
+
+ * `compress`: set to true to enable HTTP compression for this resource.
+
+* `additional_resources`: Only valid for an 'http' listener. A map of
+ additional endpoints which should be loaded via dynamic modules.
+
+Valid resource names are:
+
+* `client`: the client-server API (/_matrix/client), and the synapse admin API (/_synapse/admin). Also implies 'media' and 'static'.
+
+* `consent`: user consent forms (/_matrix/consent). See [here](../../consent_tracking.md) for more.
+
+* `federation`: the server-server API (/_matrix/federation). Also implies `media`, `keys`, `openid`
+
+* `keys`: the key discovery API (/_matrix/keys).
+
+* `media`: the media API (/_matrix/media).
+
+* `metrics`: the metrics interface. See [here](../../metrics-howto.md).
+
+* `openid`: OpenID authentication. See [here](../../openid.md).
+
+* `replication`: the HTTP replication API (/_synapse/replication). See [here](../../workers.md).
+
+* `static`: static resources under synapse/static (/_matrix/static). (Mostly useful for 'fallback authentication'.)
+
+Example configuration #1:
+```yaml
+listeners:
+ # TLS-enabled listener: for when matrix traffic is sent directly to synapse.
+ #
+ # (Note that you will also need to give Synapse a TLS key and certificate: see the TLS section
+ # below.)
+ #
+ - port: 8448
+ type: http
+ tls: true
+ resources:
+ - names: [client, federation]
+```
+Example configuration #2:
+```yaml
+listeners:
+ # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
+ # that unwraps TLS.
+ #
+ # If you plan to use a reverse proxy, please see
+ # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
+ #
+ - port: 8008
+ tls: false
+ type: http
+ x_forwarded: true
+ bind_addresses: ['::1', '127.0.0.1']
+
+ resources:
+ - names: [client, federation]
+ compress: false
+
+ # example additional_resources:
+ additional_resources:
+ "/_matrix/my/custom/endpoint":
+ module: my_module.CustomRequestHandler
+ config: {}
+
+ # Turn on the twisted ssh manhole service on localhost on the given
+ # port.
+ - port: 9000
+ bind_addresses: ['::1', '127.0.0.1']
+ type: manhole
+```
+---
+Config option: `manhole_settings`
+
+Connection settings for the manhole. You can find more information
+on the manhole [here](../../manhole.md). Manhole sub-options include:
+* `username` : the username for the manhole. This defaults to 'matrix'.
+* `password`: The password for the manhole. This defaults to 'rabbithole'.
+* `ssh_priv_key_path` and `ssh_pub_key_path`: The private and public SSH key pair used to encrypt the manhole traffic.
+ If these are left unset, then hardcoded and non-secret keys are used,
+ which could allow traffic to be intercepted if sent over a public network.
+
+Example configuration:
+```yaml
+manhole_settings:
+ username: manhole
+ password: mypassword
+ ssh_priv_key_path: CONFDIR/id_rsa
+ ssh_pub_key_path: CONFDIR/id_rsa.pub
+```
+---
+Config option: `dummy_events_threshold`
+
+Forward extremities can build up in a room due to networking delays between
+homeservers. Once this happens in a large room, calculation of the state of
+that room can become quite expensive. To mitigate this, once the number of
+forward extremities reaches a given threshold, Synapse will send an
+`org.matrix.dummy_event` event, which will reduce the forward extremities
+in the room.
+
+This setting defines the threshold (i.e. number of forward extremities in the room) at which dummy events are sent.
+The default value is 10.
+
+Example configuration:
+```yaml
+dummy_events_threshold: 5
+```
+---
+## Homeserver blocking ##
+Useful options for Synapse admins.
+
+---
+
+Config option: `admin_contact`
+
+How to reach the server admin, used in `ResourceLimitError`. Defaults to none.
+
+Example configuration:
+```yaml
+admin_contact: 'mailto:admin@server.com'
+```
+---
+Config option: `hs_disabled` and `hs_disabled_message`
+
+Blocks users from connecting to the homeserver and provides a human-readable reason
+why the connection was blocked. Defaults to false.
+
+Example configuration:
+```yaml
+hs_disabled: true
+hs_disabled_message: 'Reason for why the HS is blocked'
+```
+---
+Config option: `limit_usage_by_mau`
+
+This option disables/enables monthly active user blocking. Used in cases where the admin or
+server owner wants to limit to the number of monthly active users. When enabled and a limit is
+reached the server returns a `ResourceLimitError` with error type `Codes.RESOURCE_LIMIT_EXCEEDED`.
+Defaults to false. If this is enabled, a value for `max_mau_value` must also be set.
+
+Example configuration:
+```yaml
+limit_usage_by_mau: true
+```
+---
+Config option: `max_mau_value`
+
+This option sets the hard limit of monthly active users above which the server will start
+blocking user actions if `limit_usage_by_mau` is enabled. Defaults to 0.
+
+Example configuration:
+```yaml
+max_mau_value: 50
+```
+---
+Config option: `mau_trial_days`
+
+The option `mau_trial_days` is a means to add a grace period for active users. It
+means that users must be active for the specified number of days before they
+can be considered active and guards against the case where lots of users
+sign up in a short space of time never to return after their initial
+session. Defaults to 0.
+
+Example configuration:
+```yaml
+mau_trial_days: 5
+```
+---
+Config option: `mau_appservice_trial_days`
+
+The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but applies a different
+trial number if the user was registered by an appservice. A value
+of 0 means no trial days are applied. Appservices not listed in this dictionary
+use the value of `mau_trial_days` instead.
+
+Example configuration:
+```yaml
+mau_appservice_trial_days:
+ my_appservice_id: 3
+ another_appservice_id: 6
+```
+---
+Config option: `mau_limit_alerting`
+
+The option `mau_limit_alerting` is a means of limiting client-side alerting
+should the mau limit be reached. This is useful for small instances
+where the admin has 5 mau seats (say) for 5 specific people and no
+interest increasing the mau limit further. Defaults to true, which
+means that alerting is enabled.
+
+Example configuration:
+```yaml
+mau_limit_alerting: false
+```
+---
+Config option: `mau_stats_only`
+
+If enabled, the metrics for the number of monthly active users will
+be populated, however no one will be limited based on these numbers. If `limit_usage_by_mau`
+is true, this is implied to be true. Defaults to false.
+
+Example configuration:
+```yaml
+mau_stats_only: true
+```
+---
+Config option: `mau_limit_reserved_threepids`
+
+Sometimes the server admin will want to ensure certain accounts are
+never blocked by mau checking. These accounts are specified by this option.
+Defaults to none. Add accounts by specifying the `medium` and `address` of the
+reserved threepid (3rd party identifier).
+
+Example configuration:
+```yaml
+mau_limit_reserved_threepids:
+ - medium: 'email'
+ address: 'reserved_user@example.com'
+```
+---
+Config option: `server_context`
+
+This option is used by phonehome stats to group together related servers.
+Defaults to none.
+
+Example configuration:
+```yaml
+server_context: context
+```
+---
+Config option: `limit_remote_rooms`
+
+When this option is enabled, the room "complexity" will be checked before a user
+joins a new remote room. If it is above the complexity limit, the server will
+disallow joining, or will instantly leave. This is useful for homeservers that are
+resource-constrained. Options for this setting include:
+* `enabled`: whether this check is enabled. Defaults to false.
+* `complexity`: the limit above which rooms cannot be joined. The default is 1.0.
+* `complexity_error`: override the error which is returned when the room is too complex with a
+ custom message.
+* `admins_can_join`: allow server admins to join complex rooms. Default is false.
+
+Room complexity is an arbitrary measure based on factors such as the number of
+users in the room.
+
+Example configuration:
+```yaml
+limit_remote_rooms:
+ enabled: true
+ complexity: 0.5
+ complexity_error: "I can't let you do that, Dave."
+ admins_can_join: true
+```
+---
+Config option: `require_membership_for_aliases`
+
+Whether to require a user to be in the room to add an alias to it.
+Defaults to true.
+
+Example configuration:
+```yaml
+require_membership_for_aliases: false
+```
+---
+Config option: `allow_per_room_profiles`
+
+Whether to allow per-room membership profiles through the sending of membership
+events with profile information that differs from the target's global profile.
+Defaults to true.
+
+Example configuration:
+```yaml
+allow_per_room_profiles: false
+```
+---
+Config option: `max_avatar_size`
+
+The largest permissible file size in bytes for a user avatar. Defaults to no restriction.
+Use M for MB and K for KB.
+
+Note that user avatar changes will not work if this is set without using Synapse's media repository.
+
+Example configuration:
+```yaml
+max_avatar_size: 10M
+```
+---
+Config option: `allowed_avatar_mimetypes`
+
+The MIME types allowed for user avatars. Defaults to no restriction.
+
+Note that user avatar changes will not work if this is set without
+using Synapse's media repository.
+
+Example configuration:
+```yaml
+allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"]
+```
+---
+Config option: `redaction_retention_period`
+
+How long to keep redacted events in unredacted form in the database. After
+this period redacted events get replaced with their redacted form in the DB.
+
+Defaults to `7d`. Set to `null` to disable.
+
+Example configuration:
+```yaml
+redaction_retention_period: 28d
+```
+---
+Config option: `user_ips_max_age`
+
+How long to track users' last seen time and IPs in the database.
+
+Defaults to `28d`. Set to `null` to disable clearing out of old rows.
+
+Example configuration:
+```yaml
+user_ips_max_age: 14d
+```
+---
+Config option: `request_token_inhibit_3pid_errors`
+
+Inhibits the `/requestToken` endpoints from returning an error that might leak
+information about whether an e-mail address is in use or not on this
+homeserver. Defaults to false.
+Note that for some endpoints the error situation is the e-mail already being
+used, and for others the error is entering the e-mail being unused.
+If this option is enabled, instead of returning an error, these endpoints will
+act as if no error happened and return a fake session ID ('sid') to clients.
+
+Example configuration:
+```yaml
+request_token_inhibit_3pid_errors: true
+```
+---
+Config option: `next_link_domain_whitelist`
+
+A list of domains that the domain portion of `next_link` parameters
+must match.
+
+This parameter is optionally provided by clients while requesting
+validation of an email or phone number, and maps to a link that
+users will be automatically redirected to after validation
+succeeds. Clients can make use this parameter to aid the validation
+process.
+
+The whitelist is applied whether the homeserver or an identity server is handling validation.
+
+The default value is no whitelist functionality; all domains are
+allowed. Setting this value to an empty list will instead disallow
+all domains.
+
+Example configuration:
+```yaml
+next_link_domain_whitelist: ["matrix.org"]
+```
+---
+Config option: `templates` and `custom_template_directory`
+
+These options define templates to use when generating email or HTML page contents.
+The `custom_template_directory` determines which directory Synapse will try to
+find template files in to use to generate email or HTML page contents.
+If not set, or a file is not found within the template directory, a default
+template from within the Synapse package will be used.
+
+See [here](../../templates.md) for more
+information about using custom templates.
+
+Example configuration:
+```yaml
+templates:
+ custom_template_directory: /path/to/custom/templates/
+```
+---
+Config option: `retention`
+
+This option and the associated options determine message retention policy at the
+server level.
+
+Room admins and mods can define a retention period for their rooms using the
+`m.room.retention` state event, and server admins can cap this period by setting
+the `allowed_lifetime_min` and `allowed_lifetime_max` config options.
+
+If this feature is enabled, Synapse will regularly look for and purge events
+which are older than the room's maximum retention period. Synapse will also
+filter events received over federation so that events that should have been
+purged are ignored and not stored again.
+
+The message retention policies feature is disabled by default.
+
+This setting has the following sub-options:
+* `default_policy`: Default retention policy. If set, Synapse will apply it to rooms that lack the
+ 'm.room.retention' state event. This option is further specified by the
+ `min_lifetime` and `max_lifetime` sub-options associated with it. Note that the
+ value of `min_lifetime` doesn't matter much because Synapse doesn't take it into account yet.
+
+* `allowed_lifetime_min` and `allowed_lifetime_max`: Retention policy limits. If
+ set, and the state of a room contains a `m.room.retention` event in its state
+ which contains a `min_lifetime` or a `max_lifetime` that's out of these bounds,
+ Synapse will cap the room's policy to these limits when running purge jobs.
+
+* `purge_jobs` and the associated `shortest_max_lifetime` and `longest_max_lifetime` sub-options:
+ Server admins can define the settings of the background jobs purging the
+ events whose lifetime has expired under the `purge_jobs` section.
+
+ If no configuration is provided for this option, a single job will be set up to delete
+ expired events in every room daily.
+
+ Each job's configuration defines which range of message lifetimes the job
+ takes care of. For example, if `shortest_max_lifetime` is '2d' and
+ `longest_max_lifetime` is '3d', the job will handle purging expired events in
+ rooms whose state defines a `max_lifetime` that's both higher than 2 days, and
+ lower than or equal to 3 days. Both the minimum and the maximum value of a
+ range are optional, e.g. a job with no `shortest_max_lifetime` and a
+ `longest_max_lifetime` of '3d' will handle every room with a retention policy
+ whose `max_lifetime` is lower than or equal to three days.
+
+ The rationale for this per-job configuration is that some rooms might have a
+ retention policy with a low `max_lifetime`, where history needs to be purged
+ of outdated messages on a more frequent basis than for the rest of the rooms
+ (e.g. every 12h), but not want that purge to be performed by a job that's
+ iterating over every room it knows, which could be heavy on the server.
+
+ If any purge job is configured, it is strongly recommended to have at least
+ a single job with neither `shortest_max_lifetime` nor `longest_max_lifetime`
+ set, or one job without `shortest_max_lifetime` and one job without
+ `longest_max_lifetime` set. Otherwise some rooms might be ignored, even if
+ `allowed_lifetime_min` and `allowed_lifetime_max` are set, because capping a
+ room's policy to these values is done after the policies are retrieved from
+ Synapse's database (which is done using the range specified in a purge job's
+ configuration).
+
+Example configuration:
+```yaml
+retention:
+ enabled: true
+ default_policy:
+ min_lifetime: 1d
+ max_lifetime: 1y
+ allowed_lifetime_min: 1d
+ allowed_lifetime_max: 1y
+ purge_jobs:
+ - longest_max_lifetime: 3d
+ interval: 12h
+ - shortest_max_lifetime: 3d
+ interval: 1d
+```
+---
+## TLS ##
+
+Options related to TLS.
+
+---
+Config option: `tls_certificate_path`
+
+This option specifies a PEM-encoded X509 certificate for TLS.
+This certificate, as of Synapse 1.0, will need to be a valid and verifiable
+certificate, signed by a recognised Certificate Authority. Defaults to none.
+
+Be sure to use a `.pem` file that includes the full certificate chain including
+any intermediate certificates (for instance, if using certbot, use
+`fullchain.pem` as your certificate, not `cert.pem`).
+
+Example configuration:
+```yaml
+tls_certificate_path: "CONFDIR/SERVERNAME.tls.crt"
+```
+---
+Config option: `tls_private_key_path`
+
+PEM-encoded private key for TLS. Defaults to none.
+
+Example configuration:
+```yaml
+tls_private_key_path: "CONFDIR/SERVERNAME.tls.key"
+```
+---
+Config option: `federation_verify_certificates`
+Whether to verify TLS server certificates for outbound federation requests.
+
+Defaults to true. To disable certificate verification, set the option to false.
+
+Example configuration:
+```yaml
+federation_verify_certificates: false
+```
+---
+Config option: `federation_client_minimum_tls_version`
+
+The minimum TLS version that will be used for outbound federation requests.
+
+Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
+that setting this value higher than `1.2` will prevent federation to most
+of the public Matrix network: only configure it to `1.3` if you have an
+entirely private federation setup and you can ensure TLS 1.3 support.
+
+Example configuration:
+```yaml
+federation_client_minimum_tls_version: 1.2
+```
+---
+Config option: `federation_certificate_verification_whitelist`
+
+Skip federation certificate verification on a given whitelist
+of domains.
+
+This setting should only be used in very specific cases, such as
+federation over Tor hidden services and similar. For private networks
+of homeservers, you likely want to use a private CA instead.
+
+Only effective if `federation_verify_certicates` is `true`.
+
+Example configuration:
+```yaml
+federation_certificate_verification_whitelist:
+ - lon.example.com
+ - "*.domain.com"
+ - "*.onion"
+```
+---
+Config option: `federation_custom_ca_list`
+
+List of custom certificate authorities for federation traffic.
+
+This setting should only normally be used within a private network of
+homeservers.
+
+Note that this list will replace those that are provided by your
+operating environment. Certificates must be in PEM format.
+
+Example configuration:
+```yaml
+federation_custom_ca_list:
+ - myCA1.pem
+ - myCA2.pem
+ - myCA3.pem
+```
+---
+## Federation ##
+
+Options related to federation.
+
+---
+Config option: `federation_domain_whitelist`
+
+Restrict federation to the given whitelist of domains.
+N.B. we recommend also firewalling your federation listener to limit
+inbound federation traffic as early as possible, rather than relying
+purely on this application-layer restriction. If not specified, the
+default is to whitelist everything.
+
+Example configuration:
+```yaml
+federation_domain_whitelist:
+ - lon.example.com
+ - nyc.example.com
+ - syd.example.com
+```
+---
+Config option: `federation_metrics_domains`
+
+Report prometheus metrics on the age of PDUs being sent to and received from
+the given domains. This can be used to give an idea of "delay" on inbound
+and outbound federation, though be aware that any delay can be due to problems
+at either end or with the intermediate network.
+
+By default, no domains are monitored in this way.
+
+Example configuration:
+```yaml
+federation_metrics_domains:
+ - matrix.org
+ - example.com
+```
+---
+Config option: `allow_profile_lookup_over_federation`
+
+Set to false to disable profile lookup over federation. By default, the
+Federation API allows other homeservers to obtain profile data of any user
+on this homeserver.
+
+Example configuration:
+```yaml
+allow_profile_lookup_over_federation: false
+```
+---
+Config option: `allow_device_name_lookup_over_federation`
+
+Set this option to true to allow device display name lookup over federation. By default, the
+Federation API prevents other homeservers from obtaining the display names of any user devices
+on this homeserver.
+
+Example configuration:
+```yaml
+allow_device_name_lookup_over_federation: true
+```
+---
+## Caching ##
+
+Options related to caching
+
+---
+Config option: `event_cache_size`
+
+The number of events to cache in memory. Not affected by
+`caches.global_factor`. Defaults to 10K.
+
+Example configuration:
+```yaml
+event_cache_size: 15K
+```
+---
+Config option: `cache` and associated values
+
+A cache 'factor' is a multiplier that can be applied to each of
+Synapse's caches in order to increase or decrease the maximum
+number of entries that can be stored.
+
+Caching can be configured through the following sub-options:
+
+* `global_factor`: Controls the global cache factor, which is the default cache factor
+ for all caches if a specific factor for that cache is not otherwise
+ set.
+
+ This can also be set by the `SYNAPSE_CACHE_FACTOR` environment
+ variable. Setting by environment variable takes priority over
+ setting through the config file.
+
+ Defaults to 0.5, which will halve the size of all caches.
+
+* `per_cache_factors`: A dictionary of cache name to cache factor for that individual
+ cache. Overrides the global cache factor for a given cache.
+
+ These can also be set through environment variables comprised
+ of `SYNAPSE_CACHE_FACTOR_` + the name of the cache in capital
+ letters and underscores. Setting by environment variable
+ takes priority over setting through the config file.
+ Ex. `SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0`
+
+ Some caches have '*' and other characters that are not
+ alphanumeric or underscores. These caches can be named with or
+ without the special characters stripped. For example, to specify
+ the cache factor for `*stateGroupCache*` via an environment
+ variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
+
+* `expire_caches`: Controls whether cache entries are evicted after a specified time
+ period. Defaults to true. Set to false to disable this feature. Note that never expiring
+ caches may result in excessive memory usage.
+
+* `cache_entry_ttl`: If `expire_caches` is enabled, this flag controls how long an entry can
+ be in a cache without having been accessed before being evicted.
+ Defaults to 30m.
+
+* `sync_response_cache_duration`: Controls how long the results of a /sync request are
+ cached for after a successful response is returned. A higher duration can help clients
+ with intermittent connections, at the cost of higher memory usage.
+ By default, this is zero, which means that sync responses are not cached
+ at all.
+
+
+Example configuration:
+```yaml
+caches:
+ global_factor: 1.0
+ per_cache_factors:
+ get_users_who_share_room_with_user: 2.0
+ expire_caches: false
+ sync_response_cache_duration: 2m
+```
+---
+## Database ##
+Config options related to database settings.
+
+---
+Config option: `database`
+
+The `database` setting defines the database that synapse uses to store all of
+its data.
+
+Associated sub-options:
+
+* `name`: this option specifies the database engine to use: either `sqlite3` (for SQLite)
+ or `psycopg2` (for PostgreSQL). If no name is specified Synapse will default to SQLite.
+
+* `txn_limit` gives the maximum number of transactions to run per connection
+ before reconnecting. Defaults to 0, which means no limit.
+
+* `allow_unsafe_locale` is an option specific to Postgres. Under the default behavior, Synapse will refuse to
+ start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended)
+ by setting `allow_unsafe_locale` to true. Note that doing so may corrupt your database. You can find more information
+ [here](../../postgres.md#fixing-incorrect-collate-or-ctype) and [here](https://wiki.postgresql.org/wiki/Locale_data_changes).
+
+* `args` gives options which are passed through to the database engine,
+ except for options starting with `cp_`, which are used to configure the Twisted
+ connection pool. For a reference to valid arguments, see:
+ * for [sqlite](https://docs.python.org/3/library/sqlite3.html#sqlite3.connect)
+ * for [postgres](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS)
+ * for [the connection pool](https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__)
+
+For more information on using Synapse with Postgres,
+see [here](../../postgres.md).
+
+Example SQLite configuration:
+```
+database:
+ name: sqlite3
+ args:
+ database: /path/to/homeserver.db
+```
+
+Example Postgres configuration:
+```
+database:
+ name: psycopg2
+ txn_limit: 10000
+ args:
+ user: synapse_user
+ password: secretpassword
+ database: synapse
+ host: localhost
+ port: 5432
+ cp_min: 5
+ cp_max: 10
+```
+---
+## Logging ##
+Config options related to logging.
+
+---
+Config option: `log_config`
+
+This option specifies a yaml python logging config file as described [here](https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema).
+
+Example configuration:
+```yaml
+log_config: "CONFDIR/SERVERNAME.log.config"
+```
+---
+## Ratelimiting ##
+Options related to ratelimiting in Synapse.
+
+Each ratelimiting configuration is made of two parameters:
+ - `per_second`: number of requests a client can send per second.
+ - `burst_count`: number of requests a client can send before being throttled.
+---
+Config option: `rc_message`
+
+
+Ratelimiting settings for client messaging.
+
+This is a ratelimiting option for messages that ratelimits sending based on the account the client
+is using. It defaults to: `per_second: 0.2`, `burst_count: 10`.
+
+Example configuration:
+```yaml
+rc_message:
+ per_second: 0.5
+ burst_count: 15
+```
+---
+Config option: `rc_registration`
+
+This option ratelimits registration requests based on the client's IP address.
+It defaults to `per_second: 0.17`, `burst_count: 3`.
+
+Example configuration:
+```yaml
+rc_registration:
+ per_second: 0.15
+ burst_count: 2
+```
+---
+Config option: `rc_registration_token_validity`
+
+This option checks the validity of registration tokens that ratelimits requests based on
+the client's IP address.
+Defaults to `per_second: 0.1`, `burst_count: 5`.
+
+Example configuration:
+```yaml
+rc_registration_token_validity:
+ per_second: 0.3
+ burst_count: 6
+```
+---
+Config option: `rc_login`
+
+This option specifies several limits for login:
+* `address` ratelimits login requests based on the client's IP
+ address. Defaults to `per_second: 0.17`, `burst_count: 3`.
+
+* `account` ratelimits login requests based on the account the
+ client is attempting to log into. Defaults to `per_second: 0.17`,
+ `burst_count: 3`.
+
+* `failted_attempts` ratelimits login requests based on the account the
+ client is attempting to log into, based on the amount of failed login
+ attempts for this account. Defaults to `per_second: 0.17`, `burst_count: 3`.
+
+Example configuration:
+```yaml
+rc_login:
+ address:
+ per_second: 0.15
+ burst_count: 5
+ account:
+ per_second: 0.18
+ burst_count: 4
+ failed_attempts:
+ per_second: 0.19
+ burst_count: 7
+```
+---
+Config option: `rc_admin_redaction`
+
+This option sets ratelimiting redactions by room admins. If this is not explicitly
+set then it uses the same ratelimiting as per `rc_message`. This is useful
+to allow room admins to deal with abuse quickly.
+
+Example configuration:
+```yaml
+rc_admin_redaction:
+ per_second: 1
+ burst_count: 50
+```
+---
+Config option: `rc_joins`
+
+This option allows for ratelimiting number of rooms a user can join. This setting has the following sub-options:
+
+* `local`: ratelimits when users are joining rooms the server is already in.
+ Defaults to `per_second: 0.1`, `burst_count: 10`.
+
+* `remote`: ratelimits when users are trying to join rooms not on the server (which
+ can be more computationally expensive than restricting locally). Defaults to
+ `per_second: 0.01`, `burst_count: 10`
+
+Example configuration:
+```yaml
+rc_joins:
+ local:
+ per_second: 0.2
+ burst_count: 15
+ remote:
+ per_second: 0.03
+ burst_count: 12
+```
+---
+Config option: `rc_3pid_validation`
+
+This option ratelimits how often a user or IP can attempt to validate a 3PID.
+Defaults to `per_second: 0.003`, `burst_count: 5`.
+
+Example configuration:
+```yaml
+rc_3pid_validation:
+ per_second: 0.003
+ burst_count: 5
+```
+---
+Config option: `rc_invites`
+
+This option sets ratelimiting how often invites can be sent in a room or to a
+specific user. `per_room` defaults to `per_second: 0.3`, `burst_count: 10` and
+`per_user` defaults to `per_second: 0.003`, `burst_count: 5`.
+
+Example configuration:
+```yaml
+rc_invites:
+ per_room:
+ per_second: 0.5
+ burst_count: 5
+ per_user:
+ per_second: 0.004
+ burst_count: 3
+```
+---
+Config option: `rc_third_party_invite`
+
+This option ratelimits 3PID invites (i.e. invites sent to a third-party ID
+such as an email address or a phone number) based on the account that's
+sending the invite. Defaults to `per_second: 0.2`, `burst_count: 10`.
+
+Example configuration:
+```yaml
+rc_third_party_invite:
+ per_second: 0.2
+ burst_count: 10
+```
+---
+Config option: `rc_federation`
+
+Defines limits on federation requests.
+
+The `rc_federation` configuration has the following sub-options:
+* `window_size`: window size in milliseconds. Defaults to 1000.
+* `sleep_limit`: number of federation requests from a single server in
+ a window before the server will delay processing the request. Defaults to 10.
+* `sleep_delay`: duration in milliseconds to delay processing events
+ from remote servers by if they go over the sleep limit. Defaults to 500.
+* `reject_limit`: maximum number of concurrent federation requests
+ allowed from a single server. Defaults to 50.
+* `concurrent`: number of federation requests to concurrently process
+ from a single server. Defaults to 3.
+
+Example configuration:
+```yaml
+rc_federation:
+ window_size: 750
+ sleep_limit: 15
+ sleep_delay: 400
+ reject_limit: 40
+ concurrent: 5
+```
+---
+Config option: `federation_rr_transactions_per_room_per_second`
+
+Sets outgoing federation transaction frequency for sending read-receipts,
+per-room.
+
+If we end up trying to send out more read-receipts, they will get buffered up
+into fewer transactions. Defaults to 50.
+
+Example configuration:
+```yaml
+federation_rr_transactions_per_room_per_second: 40
+```
+---
+## Media Store ##
+Config options relating to Synapse media store.
+
+---
+Config option: `enable_media_repo`
+
+Enable the media store service in the Synapse master. Defaults to true.
+Set to false if you are using a separate media store worker.
+
+Example configuration:
+```yaml
+enable_media_repo: false
+```
+---
+Config option: `media_store_path`
+
+Directory where uploaded images and attachments are stored.
+
+Example configuration:
+```yaml
+media_store_path: "DATADIR/media_store"
+```
+---
+Config option: `media_storage_providers`
+
+Media storage providers allow media to be stored in different
+locations. Defaults to none. Associated sub-options are:
+* `module`: type of resource, e.g. `file_system`.
+* `store_local`: whether to store newly uploaded local files
+* `store_remote`: whether to store newly downloaded local files
+* `store_synchronous`: whether to wait for successful storage for local uploads
+* `config`: sets a path to the resource through the `directory` option
+
+Example configuration:
+```yaml
+media_storage_providers:
+ - module: file_system
+ store_local: false
+ store_remote: false
+ store_synchronous: false
+ config:
+ directory: /mnt/some/other/directory
+```
+---
+Config option: `max_upload_size`
+
+The largest allowed upload size in bytes.
+
+If you are using a reverse proxy you may also need to set this value in
+your reverse proxy's config. Defaults to 50M. Notably Nginx has a small max body size by default.
+See [here](../../reverse_proxy.md) for more on using a reverse proxy with Synapse.
+
+Example configuration:
+```yaml
+max_upload_size: 60M
+```
+---
+Config option: `max_image_pixels`
+
+Maximum number of pixels that will be thumbnailed. Defaults to 32M.
+
+Example configuration:
+```yaml
+max_image_pixels: 35M
+```
+---
+Config option: `dynamic_thumbnails`
+
+Whether to generate new thumbnails on the fly to precisely match
+the resolution requested by the client. If true then whenever
+a new resolution is requested by the client the server will
+generate a new thumbnail. If false the server will pick a thumbnail
+from a precalculated list. Defaults to false.
+
+Example configuration:
+```yaml
+dynamic_thumbnails: true
+```
+---
+Config option: `thumbnail_sizes`
+
+List of thumbnails to precalculate when an image is uploaded. Associated sub-options are:
+* `width`
+* `height`
+* `method`: i.e. `crop`, `scale`, etc.
+
+Example configuration:
+```yaml
+thumbnail_sizes:
+ - width: 32
+ height: 32
+ method: crop
+ - width: 96
+ height: 96
+ method: crop
+ - width: 320
+ height: 240
+ method: scale
+ - width: 640
+ height: 480
+ method: scale
+ - width: 800
+ height: 600
+ method: scale
+```
+Config option: `url_preview_enabled`
+
+This setting determines whether the preview URL API is enabled.
+It is disabled by default. Set to true to enable. If enabled you must specify a
+`url_preview_ip_range_blacklist` blacklist.
+
+Example configuration:
+```yaml
+url_preview_enabled: true
+```
+---
+Config option: `url_preview_ip_range_blacklist`
+
+List of IP address CIDR ranges that the URL preview spider is denied
+from accessing. There are no defaults: you must explicitly
+specify a list for URL previewing to work. You should specify any
+internal services in your network that you do not want synapse to try
+to connect to, otherwise anyone in any Matrix room could cause your
+synapse to issue arbitrary GET requests to your internal services,
+causing serious security issues.
+
+(0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
+listed here, since they correspond to unroutable addresses.)
+
+This must be specified if `url_preview_enabled` is set. It is recommended that
+you use the following example list as a starting point.
+
+Note: The value is ignored when an HTTP proxy is in use.
+
+Example configuration:
+```yaml
+url_preview_ip_range_blacklist:
+ - '127.0.0.0/8'
+ - '10.0.0.0/8'
+ - '172.16.0.0/12'
+ - '192.168.0.0/16'
+ - '100.64.0.0/10'
+ - '192.0.0.0/24'
+ - '169.254.0.0/16'
+ - '192.88.99.0/24'
+ - '198.18.0.0/15'
+ - '192.0.2.0/24'
+ - '198.51.100.0/24'
+ - '203.0.113.0/24'
+ - '224.0.0.0/4'
+ - '::1/128'
+ - 'fe80::/10'
+ - 'fc00::/7'
+ - '2001:db8::/32'
+ - 'ff00::/8'
+ - 'fec0::/10'
+```
+----
+Config option: `url_preview_ip_range_whitelist`
+
+This option sets a list of IP address CIDR ranges that the URL preview spider is allowed
+to access even if they are specified in `url_preview_ip_range_blacklist`.
+This is useful for specifying exceptions to wide-ranging blacklisted
+target IP ranges - e.g. for enabling URL previews for a specific private
+website only visible in your network. Defaults to none.
+
+Example configuration:
+```yaml
+url_preview_ip_range_whitelist:
+ - '192.168.1.1'
+```
+---
+Config option: `url_preview_url_blacklist`
+
+Optional list of URL matches that the URL preview spider is
+denied from accessing. You should use `url_preview_ip_range_blacklist`
+in preference to this, otherwise someone could define a public DNS
+entry that points to a private IP address and circumvent the blacklist.
+This is more useful if you know there is an entire shape of URL that
+you know that will never want synapse to try to spider.
+
+Each list entry is a dictionary of url component attributes as returned
+by urlparse.urlsplit as applied to the absolute form of the URL. See
+[here](https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit) for more
+information. Some examples are:
+
+* `username`
+* `netloc`
+* `scheme`
+* `path`
+
+The values of the dictionary are treated as a filename match pattern
+applied to that component of URLs, unless they start with a ^ in which
+case they are treated as a regular expression match. If all the
+specified component matches for a given list item succeed, the URL is
+blacklisted.
+
+Example configuration:
+```yaml
+url_preview_url_blacklist:
+ # blacklist any URL with a username in its URI
+ - username: '*'
+
+ # blacklist all *.google.com URLs
+ - netloc: 'google.com'
+ - netloc: '*.google.com'
+
+ # blacklist all plain HTTP URLs
+ - scheme: 'http'
+
+ # blacklist http(s)://www.acme.com/foo
+ - netloc: 'www.acme.com'
+ path: '/foo'
+
+ # blacklist any URL with a literal IPv4 address
+ - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+```
+---
+Config option: `max_spider_size`
+
+The largest allowed URL preview spidering size in bytes. Defaults to 10M.
+
+Example configuration:
+```yaml
+max_spider_size: 8M
+```
+---
+Config option: `url_preview_language`
+
+A list of values for the Accept-Language HTTP header used when
+downloading webpages during URL preview generation. This allows
+Synapse to specify the preferred languages that URL previews should
+be in when communicating with remote servers.
+
+Each value is a IETF language tag; a 2-3 letter identifier for a
+language, optionally followed by subtags separated by '-', specifying
+a country or region variant.
+
+Multiple values can be provided, and a weight can be added to each by
+using quality value syntax (;q=). '*' translates to any language.
+
+Defaults to "en".
+
+Example configuration:
+```yaml
+ url_preview_accept_language:
+ - en-UK
+ - en-US;q=0.9
+ - fr;q=0.8
+ - *;q=0.7
+```
+----
+Config option: `oembed`
+
+oEmbed allows for easier embedding content from a website. It can be
+used for generating URLs previews of services which support it. A default list of oEmbed providers
+is included with Synapse. Set `disable_default_providers` to true to disable using
+these default oEmbed URLs. Use `additional_providers` to specify additional files with oEmbed configuration (each
+should be in the form of providers.json). By default this list is empty.
+
+Example configuration:
+```yaml
+oembed:
+ disable_default_providers: true
+ additional_providers:
+ - oembed/my_providers.json
+```
+---
+## Captcha ##
+
+See [here](../../CAPTCHA_SETUP.md) for full details on setting up captcha.
+
+---
+Config option: `recaptcha_public_key`
+
+This homeserver's ReCAPTCHA public key. Must be specified if `enable_registration_captcha` is
+enabled.
+
+Example configuration:
+```yaml
+recaptcha_public_key: "YOUR_PUBLIC_KEY"
+```
+---
+Config option: `recaptcha_private_key`
+
+This homeserver's ReCAPTCHA private key. Must be specified if `enable_registration_captcha` is
+enabled.
+
+Example configuration:
+```yaml
+recaptcha_private_key: "YOUR_PRIVATE_KEY"
+```
+---
+Config option: `enable_registration_captcha`
+
+Set to true to enable ReCaptcha checks when registering, preventing signup
+unless a captcha is answered. Requires a valid ReCaptcha public/private key.
+Defaults to false.
+
+Example configuration:
+```yaml
+enable_registration_captcha: true
+```
+---
+Config option: `recaptcha_siteverify_api`
+
+The API endpoint to use for verifying `m.login.recaptcha` responses.
+Defaults to `https://www.recaptcha.net/recaptcha/api/siteverify`.
+
+Example configuration:
+```yaml
+recaptcha_siteverify_api: "https://my.recaptcha.site"
+```
+---
+## TURN ##
+Options related to adding a TURN server to Synapse.
+
+---
+Config option: `turn_uris`
+
+The public URIs of the TURN server to give to clients.
+
+Example configuration:
+```yaml
+turn_uris: [turn:example.org]
+```
+---
+Config option: `turn_shared_secret`
+
+The shared secret used to compute passwords for the TURN server.
+
+Example configuration:
+```yaml
+turn_shared_secret: "YOUR_SHARED_SECRET"
+```
+----
+Config options: `turn_username` and `turn_password`
+
+The Username and password if the TURN server needs them and does not use a token.
+
+Example configuration:
+```yaml
+turn_username: "TURNSERVER_USERNAME"
+turn_password: "TURNSERVER_PASSWORD"
+```
+---
+Config option: `turn_user_lifetime`
+
+How long generated TURN credentials last. Defaults to 1h.
+
+Example configuration:
+```yaml
+turn_user_lifetime: 2h
+```
+---
+Config option: `turn_allow_guests`
+
+Whether guests should be allowed to use the TURN server. This defaults to true, otherwise
+VoIP will be unreliable for guests. However, it does introduce a slight security risk as
+it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA).
+
+Example configuration:
+```yaml
+turn_allow_guests: false
+```
+---
+## Registration ##
+
+Registration can be rate-limited using the parameters in the [Ratelimiting](#ratelimiting) section of this manual.
+
+---
+Config option: `enable_registration`
+
+Enable registration for new users. Defaults to false. It is highly recommended that if you enable registration,
+you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
+without any verification, you must also set `enable_registration_without_verification` to true.
+
+Example configuration:
+```yaml
+enable_registration: true
+```
+---
+Config option: `enable_registration_without_verification`
+Enable registration without email or captcha verification. Note: this option is *not* recommended,
+as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+unless `enable_registration` is also enabled.
+
+Example configuration:
+```yaml
+enable_registration_without_verification: true
+```
+---
+Config option: `session_lifetime`
+
+Time that a user's session remains valid for, after they log in.
+
+Note that this is not currently compatible with guest logins.
+
+Note also that this is calculated at login time: changes are not applied retrospectively to users who have already
+logged in.
+
+By default, this is infinite.
+
+Example configuration:
+```yaml
+session_lifetime: 24h
+```
+----
+Config option: `refresh_access_token_lifetime`
+
+Time that an access token remains valid for, if the session is using refresh tokens.
+
+For more information about refresh tokens, please see the [manual](user_authentication/refresh_tokens.md).
+
+Note that this only applies to clients which advertise support for refresh tokens.
+
+Note also that this is calculated at login time and refresh time: changes are not applied to
+existing sessions until they are refreshed.
+
+By default, this is 5 minutes.
+
+Example configuration:
+```yaml
+refreshable_access_token_lifetime: 10m
+```
+---
+Config option: `refresh_token_lifetime: 24h`
+
+Time that a refresh token remains valid for (provided that it is not
+exchanged for another one first).
+This option can be used to automatically log-out inactive sessions.
+Please see the manual for more information.
+
+Note also that this is calculated at login time and refresh time:
+changes are not applied to existing sessions until they are refreshed.
+
+By default, this is infinite.
+
+Example configuration:
+```yaml
+refresh_token_lifetime: 24h
+```
+---
+Config option: `nonrefreshable_access_token_lifetime`
+
+Time that an access token remains valid for, if the session is NOT
+using refresh tokens.
+
+Please note that not all clients support refresh tokens, so setting
+this to a short value may be inconvenient for some users who will
+then be logged out frequently.
+
+Note also that this is calculated at login time: changes are not applied
+retrospectively to existing sessions for users that have already logged in.
+
+By default, this is infinite.
+
+Example configuration:
+```yaml
+nonrefreshable_access_token_lifetime: 24h
+```
+---
+Config option: `registrations_require_3pid`
+
+If this is set, the user must provide all of the specified types of 3PID when registering.
+
+Example configuration:
+```yaml
+registrations_require_3pid:
+ - email
+ - msisdn
+```
+---
+Config option: `disable_msisdn_registration`
+
+Explicitly disable asking for MSISDNs from the registration
+flow (overrides `registrations_require_3pid` if MSISDNs are set as required).
+
+Example configuration:
+```yaml
+disable_msisdn_registration: true
+```
+---
+Config option: `allowed_local_3pids`
+
+Mandate that users are only allowed to associate certain formats of
+3PIDs with accounts on this server, as specified by the `medium` and `pattern` sub-options.
+
+Example configuration:
+```yaml
+allowed_local_3pids:
+ - medium: email
+ pattern: '^[^@]+@matrix\.org$'
+ - medium: email
+ pattern: '^[^@]+@vector\.im$'
+ - medium: msisdn
+ pattern: '\+44'
+```
+---
+Config option: `enable_3pid_lookup`
+
+Enable 3PIDs lookup requests to identity servers from this server. Defaults to true.
+
+Example configuration:
+```yaml
+enable_3pid_lookup: false
+```
+---
+Config option: `registration_requires_token`
+
+Require users to submit a token during registration.
+Tokens can be managed using the admin [API](../administration/admin_api/registration_tokens.md).
+Note that `enable_registration` must be set to true.
+Disabling this option will not delete any tokens previously generated.
+Defaults to false. Set to true to enable.
+
+Example configuration:
+```yaml
+registration_requires_token: true
+```
+---
+Config option: `registration_shared_secret`
+
+If set, allows registration of standard or admin accounts by anyone who
+has the shared secret, even if registration is otherwise disabled.
+
+Example configuration:
+```yaml
+registration_shared_secret:
+```
+---
+Config option: `bcrypt_rounds`
+
+Set the number of bcrypt rounds used to generate password hash.
+Larger numbers increase the work factor needed to generate the hash.
+The default number is 12 (which equates to 2^12 rounds).
+N.B. that increasing this will exponentially increase the time required
+to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
+Example configuration:
+```yaml
+bcrypt_rounds: 14
+```
+---
+Config option: `allow_guest_access`
+
+Allows users to register as guests without a password/email/etc, and
+participate in rooms hosted on this server which have been made
+accessible to anonymous users. Defaults to false.
+
+Example configuration:
+```yaml
+allow_guest_access: true
+```
+---
+Config option: `default_identity_server`
+
+The identity server which we suggest that clients should use when users log
+in on this server.
+
+(By default, no suggestion is made, so it is left up to the client.
+This setting is ignored unless `public_baseurl` is also explicitly set.)
+
+Example configuration:
+```yaml
+default_identity_server: https://matrix.org
+```
+---
+Config option: `account_threepid_delegates`
+
+Handle threepid (email/phone etc) registration and password resets through a set of
+*trusted* identity servers. Note that this allows the configured identity server to
+reset passwords for accounts!
+
+Be aware that if `email` is not set, and SMTP options have not been
+configured in the email config block, registration and user password resets via
+email will be globally disabled.
+
+Additionally, if `msisdn` is not set, registration and password resets via msisdn
+will be disabled regardless, and users will not be able to associate an msisdn
+identifier to their account. This is due to Synapse currently not supporting
+any method of sending SMS messages on its own.
+
+To enable using an identity server for operations regarding a particular third-party
+identifier type, set the value to the URL of that identity server as shown in the
+examples below.
+
+Servers handling the these requests must answer the `/requestToken` endpoints defined
+by the Matrix Identity Service API [specification](https://matrix.org/docs/spec/identity_service/latest).
+
+Example configuration:
+```yaml
+account_threepid_delegates:
+ email: https://example.com # Delegate email sending to example.com
+ msisdn: http://localhost:8090 # Delegate SMS sending to this local process
+```
+---
+Config option: `enable_set_displayname`
+
+Whether users are allowed to change their displayname after it has
+been initially set. Useful when provisioning users based on the
+contents of a third-party directory.
+
+Does not apply to server administrators. Defaults to true.
+
+Example configuration:
+```yaml
+enable_set_displayname: false
+```
+---
+Config option: `enable_set_avatar_url`
+
+Whether users are allowed to change their avatar after it has been
+initially set. Useful when provisioning users based on the contents
+of a third-party directory.
+
+Does not apply to server administrators. Defaults to true.
+
+Example configuration:
+```yaml
+enable_set_avatar_url: false
+```
+---
+Config option: `enable_3pid_changes`
+
+Whether users can change the third-party IDs associated with their accounts
+(email address and msisdn).
+
+Defaults to true.
+
+Example configuration:
+```yaml
+enable_3pid_changes: false
+```
+---
+Config option: `auto_join_rooms`
+
+Users who register on this homeserver will automatically be joined
+to the rooms listed under this option.
+
+By default, any room aliases included in this list will be created
+as a publicly joinable room when the first user registers for the
+homeserver. If the room already exists, make certain it is a publicly joinable
+room, i.e. the join rule of the room must be set to 'public'. You can find more options
+relating to auto-joining rooms below.
+
+Example configuration:
+```yaml
+auto_join_rooms:
+ - "#exampleroom:example.com"
+ - "#anotherexampleroom:example.com"
+```
+---
+Config option: `autocreate_auto_join_rooms`
+
+Where `auto_join_rooms` are specified, setting this flag ensures that
+the rooms exist by creating them when the first user on the
+homeserver registers.
+
+By default the auto-created rooms are publicly joinable from any federated
+server. Use the `autocreate_auto_join_rooms_federated` and
+`autocreate_auto_join_room_preset` settings to customise this behaviour.
+
+Setting to false means that if the rooms are not manually created,
+users cannot be auto-joined since they do not exist.
+
+Defaults to true.
+
+Example configuration:
+```yaml
+autocreate_auto_join_rooms: false
+```
+---
+Config option: `autocreate_auto_join_rooms_federated`
+
+Whether the rooms listen in `auto_join_rooms` that are auto-created are available
+via federation. Only has an effect if `autocreate_auto_join_rooms` is true.
+
+Note that whether a room is federated cannot be modified after
+creation.
+
+Defaults to true: the room will be joinable from other servers.
+Set to false to prevent users from other homeservers from
+joining these rooms.
+
+Example configuration:
+```yaml
+autocreate_auto_join_rooms_federated: false
+```
+---
+Config option: `autocreate_auto_join_room_preset`
+
+The room preset to use when auto-creating one of `auto_join_rooms`. Only has an
+effect if `autocreate_auto_join_rooms` is true.
+
+Possible values for this option are:
+* "public_chat": the room is joinable by anyone, including
+ federated servers if `autocreate_auto_join_rooms_federated` is true (the default).
+* "private_chat": an invitation is required to join these rooms.
+* "trusted_private_chat": an invitation is required to join this room and the invitee is
+ assigned a power level of 100 upon joining the room.
+
+If a value of "private_chat" or "trusted_private_chat" is used then
+`auto_join_mxid_localpart` must also be configured.
+
+Defaults to "public_chat".
+
+Example configuration:
+```yaml
+autocreate_auto_join_room_preset: private_chat
+```
+---
+Config option: `auto_join_mxid_localpart`
+
+The local part of the user id which is used to create `auto_join_rooms` if
+`autocreate_auto_join_rooms` is true. If this is not provided then the
+initial user account that registers will be used to create the rooms.
+
+The user id is also used to invite new users to any auto-join rooms which
+are set to invite-only.
+
+It *must* be configured if `autocreate_auto_join_room_preset` is set to
+"private_chat" or "trusted_private_chat".
+
+Note that this must be specified in order for new users to be correctly
+invited to any auto-join rooms which have been set to invite-only (either
+at the time of creation or subsequently).
+
+Note that, if the room already exists, this user must be joined and
+have the appropriate permissions to invite new members.
+
+Example configuration:
+```yaml
+auto_join_mxid_localpart: system
+```
+---
+Config option: `auto_join_rooms_for_guests`
+
+When `auto_join_rooms` is specified, setting this flag to false prevents
+guest accounts from being automatically joined to the rooms.
+
+Defaults to true.
+
+Example configuration:
+```yaml
+auto_join_rooms_for_guests: false
+```
+---
+Config option: `inhibit_user_in_use_error`
+
+Whether to inhibit errors raised when registering a new account if the user ID
+already exists. If turned on, requests to `/register/available` will always
+show a user ID as available, and Synapse won't raise an error when starting
+a registration with a user ID that already exists. However, Synapse will still
+raise an error if the registration completes and the username conflicts.
+
+Defaults to false.
+
+Example configuration:
+```yaml
+inhibit_user_in_use_error: true
+```
+---
+## Metrics ###
+Config options related to metrics.
+
+---
+Config option: `enable_metrics`
+
+Set to true to enable collection and rendering of performance metrics.
+Defaults to false.
+
+Example configuration:
+```yaml
+enable_metrics: true
+```
+---
+Config option: `sentry`
+
+Use this option to enable sentry integration. Provide the DSN assigned to you by sentry
+with the `dsn` setting.
+
+NOTE: While attempts are made to ensure that the logs don't contain
+any sensitive information, this cannot be guaranteed. By enabling
+this option the sentry server may therefore receive sensitive
+information, and it in turn may then disseminate sensitive information
+through insecure notification channels if so configured.
+
+Example configuration:
+```yaml
+sentry:
+ dsn: "..."
+```
+---
+Config option: `metrics_flags`
+
+Flags to enable Prometheus metrics which are not suitable to be
+enabled by default, either for performance reasons or limited use.
+Currently the only option is `known_servers`, which publishes
+`synapse_federation_known_servers`, a gauge of the number of
+servers this homeserver knows about, including itself. May cause
+performance problems on large homeservers.
+
+Example configuration:
+```yaml
+metrics_flags:
+ known_servers: true
+```
+---
+Config option: `report_stats`
+
+Whether or not to report anonymized homeserver usage statistics. This is originally
+set when generating the config. Set this option to true or false to change the current
+behavior.
+
+Example configuration:
+```yaml
+report_stats: true
+```
+---
+Config option: `report_stats_endpoint`
+
+The endpoint to report the anonymized homeserver usage statistics to.
+Defaults to https://matrix.org/report-usage-stats/push
+
+Example configuration:
+```yaml
+report_stats_endpoint: https://example.com/report-usage-stats/push
+```
+---
+## API Configuration ##
+Config settings related to the client/server API
+
+---
+Config option: `room_prejoin_state:`
+
+Controls for the state that is shared with users who receive an invite
+to a room. By default, the following state event types are shared with users who
+receive invites to the room:
+- m.room.join_rules
+- m.room.canonical_alias
+- m.room.avatar
+- m.room.encryption
+- m.room.name
+- m.room.create
+- m.room.topic
+
+To change the default behavior, use the following sub-options:
+* `disable_default_event_types`: set to true to disable the above defaults. If this
+ is enabled, only the event types listed in `additional_event_types` are shared.
+ Defaults to false.
+* `additional_event_types`: Additional state event types to share with users when they are invited
+ to a room. By default, this list is empty (so only the default event types are shared).
+
+Example configuration:
+```yaml
+room_prejoin_state:
+ disable_default_event_types: true
+ additional_event_types:
+ - org.example.custom.event.type
+ - m.room.join_rules
+```
+---
+Config option: `track_puppeted_user_ips`
+
+We record the IP address of clients used to access the API for various
+reasons, including displaying it to the user in the "Where you're signed in"
+dialog.
+
+By default, when puppeting another user via the admin API, the client IP
+address is recorded against the user who created the access token (ie, the
+admin user), and *not* the puppeted user.
+
+Set this option to true to also record the IP address against the puppeted
+user. (This also means that the puppeted user will count as an "active" user
+for the purpose of monthly active user tracking - see `limit_usage_by_mau` etc
+above.)
+
+Example configuration:
+```yaml
+track_puppeted_user_ips: true
+```
+---
+Config option: `app_service_config_files`
+
+A list of application service config files to use.
+
+Example configuration:
+```yaml
+app_service_config_files:
+ - app_service_1.yaml
+ - app_service_2.yaml
+```
+---
+Config option: `track_appservice_user_ips`
+
+Defaults to false. Set to true to enable tracking of application service IP addresses.
+Implicitly enables MAU tracking for application service users.
+
+Example configuration:
+```yaml
+track_appservice_user_ips: true
+```
+---
+Config option: `macaroon_secret_key`
+
+A secret which is used to sign access tokens. If none is specified,
+the `registration_shared_secret` is used, if one is given; otherwise,
+a secret key is derived from the signing key.
+
+Example configuration:
+```yaml
+macaroon_secret_key:
+```
+---
+Config option: `form_secret`
+
+A secret which is used to calculate HMACs for form values, to stop
+falsification of values. Must be specified for the User Consent
+forms to work.
+
+Example configuration:
+```yaml
+form_secret:
+```
+---
+## Signing Keys ##
+Config options relating to signing keys
+
+---
+Config option: `signing_key_path`
+
+Path to the signing key to sign messages with.
+
+Example configuration:
+```yaml
+signing_key_path: "CONFDIR/SERVERNAME.signing.key"
+```
+---
+Config option: `old_signing_keys`
+
+The keys that the server used to sign messages with but won't use
+to sign new messages. For each key, `key` should be the base64-encoded public key, and
+`expired_ts`should be the time (in milliseconds since the unix epoch) that
+it was last used.
+
+It is possible to build an entry from an old `signing.key` file using the
+`export_signing_key` script which is provided with synapse.
+
+Example configuration:
+```yaml
+old_signing_keys:
+ "ed25519:id": { key: "base64string", expired_ts: 123456789123 }
+```
+---
+Config option: `key_refresh_interval`
+
+How long key response published by this server is valid for.
+Used to set the `valid_until_ts` in `/key/v2` APIs.
+Determines how quickly servers will query to check which keys
+are still valid. Defaults to 1d.
+
+Example configuration:
+```yaml
+key_refresh_interval: 2d
+```
+---
+Config option: `trusted_key_servers:`
+
+The trusted servers to download signing keys from.
+
+When we need to fetch a signing key, each server is tried in parallel.
+
+Normally, the connection to the key server is validated via TLS certificates.
+Additional security can be provided by configuring a `verify key`, which
+will make synapse check that the response is signed by that key.
+
+This setting supercedes an older setting named `perspectives`. The old format
+is still supported for backwards-compatibility, but it is deprecated.
+
+`trusted_key_servers` defaults to matrix.org, but using it will generate a
+warning on start-up. To suppress this warning, set
+`suppress_key_server_warning` to true.
+
+Options for each entry in the list include:
+* `server_name`: the name of the server. Required.
+* `verify_keys`: an optional map from key id to base64-encoded public key.
+ If specified, we will check that the response is signed by at least
+ one of the given keys.
+* `accept_keys_insecurely`: a boolean. Normally, if `verify_keys` is unset,
+ and `federation_verify_certificates` is not `true`, synapse will refuse
+ to start, because this would allow anyone who can spoof DNS responses
+ to masquerade as the trusted key server. If you know what you are doing
+ and are sure that your network environment provides a secure connection
+ to the key server, you can set this to `true` to override this behaviour.
+
+Example configuration #1:
+```yaml
+trusted_key_servers:
+ - server_name: "my_trusted_server.example.com"
+ verify_keys:
+ "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
+ - server_name: "my_other_trusted_server.example.com"
+```
+Example configuration #2:
+```yaml
+trusted_key_servers:
+ - server_name: "matrix.org"
+```
+---
+Config option: `suppress_key_server_warning`
+
+Set the following to true to disable the warning that is emitted when the
+`trusted_key_servers` include 'matrix.org'. See above.
+
+Example configuration:
+```yaml
+suppress_key_server_warning: true
+```
+---
+Config option: `key_server_signing_keys_path`
+
+The signing keys to use when acting as a trusted key server. If not specified
+defaults to the server signing key.
+
+Can contain multiple keys, one per line.
+
+Example configuration:
+```yaml
+key_server_signing_keys_path: "key_server_signing_keys.key"
+```
+---
+## Single sign-on integration ##
+
+The following settings can be used to make Synapse use a single sign-on
+provider for authentication, instead of its internal password database.
+
+You will probably also want to set the following options to false to
+disable the regular login/registration flows:
+ * `enable_registration`
+ * `password_config.enabled`
+
+You will also want to investigate the settings under the "sso" configuration
+section below.
+
+---
+Config option: `saml2_config`
+
+Enable SAML2 for registration and login. Uses pysaml2. To learn more about pysaml and
+to find a full list options for configuring pysaml, read the docs [here](https://pysaml2.readthedocs.io/en/latest/).
+
+At least one of `sp_config` or `config_path` must be set in this section to
+enable SAML login. You can either put your entire pysaml config inline using the `sp_config`
+option, or you can specify a path to a psyaml config file with the sub-option `config_path`.
+This setting has the following sub-options:
+
+* `sp_config`: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config.
+ Default values will be used for the `entityid` and `service` settings,
+ so it is not normally necessary to specify them unless you need to
+ override them. Here are a few useful sub-options for configuring pysaml:
+ * `metadata`: Point this to the IdP's metadata. You must provide either a local
+ file via the `local` attribute or (preferably) a URL via the
+ `remote` attribute.
+ * `accepted_time_diff: 3`: Allowed clock difference in seconds between the homeserver and IdP.
+ Defaults to 0.
+ * `service`: By default, the user has to go to our login page first. If you'd like
+ to allow IdP-initiated login, set `allow_unsolicited` to true under `sp` in the `service`
+ section.
+* `config_path`: specify a separate pysaml2 configuration file thusly:
+ `config_path: "CONFDIR/sp_conf.py"`
+* `saml_session_lifetime`: The lifetime of a SAML session. This defines how long a user has to
+ complete the authentication process, if `allow_unsolicited` is unset. The default is 15 minutes.
+* `user_mapping_provider`: Using this option, an external module can be provided as a
+ custom solution to mapping attributes returned from a saml provider onto a matrix user. The
+ `user_mapping_provider` has the following attributes:
+ * `module`: The custom module's class.
+ * `config`: Custom configuration values for the module. Use the values provided in the
+ example if you are using the built-in user_mapping_provider, or provide your own
+ config values for a custom class if you are using one. This section will be passed as a Python
+ dictionary to the module's `parse_config` method. The built-in provider takes the following two
+ options:
+ * `mxid_source_attribute`: The SAML attribute (after mapping via the attribute maps) to use
+ to derive the Matrix ID from. It is 'uid' by default. Note: This used to be configured by the
+ `saml2_config.mxid_source_attribute option`. If that is still defined, its value will be used instead.
+ * `mxid_mapping`: The mapping system to use for mapping the saml attribute onto a
+ matrix ID. Options include: `hexencode` (which maps unpermitted characters to '=xx')
+ and `dotreplace` (which replaces unpermitted characters with '.').
+ The default is `hexencode`. Note: This used to be configured by the
+ `saml2_config.mxid_mapping option`. If that is still defined, its value will be used instead.
+* `grandfathered_mxid_source_attribute`: In previous versions of synapse, the mapping from SAML attribute to
+ MXID was always calculated dynamically rather than stored in a table. For backwards- compatibility, we will look for `user_ids`
+ matching such a pattern before creating a new account. This setting controls the SAML attribute which will be used for this
+ backwards-compatibility lookup. Typically it should be 'uid', but if the attribute maps are changed, it may be necessary to change it.
+ The default is 'uid'.
+* `attribute_requirements`: It is possible to configure Synapse to only allow logins if SAML attributes
+ match particular values. The requirements can be listed under
+ `attribute_requirements` as shown in the example. All of the listed attributes must
+ match for the login to be permitted.
+* `idp_entityid`: If the metadata XML contains multiple IdP entities then the `idp_entityid`
+ option must be set to the entity to redirect users to.
+ Most deployments only have a single IdP entity and so should omit this option.
+
+
+Once SAML support is enabled, a metadata file will be exposed at
+`https://:/_synapse/client/saml2/metadata.xml`, which you may be able to
+use to configure your SAML IdP with. Alternatively, you can manually configure
+the IdP to use an ACS location of
+`https://:/_synapse/client/saml2/authn_response`.
+
+Example configuration:
+```yaml
+saml2_config:
+ sp_config:
+ metadata:
+ local: ["saml2/idp.xml"]
+ remote:
+ - url: https://our_idp/metadata.xml
+ accepted_time_diff: 3
+
+ service:
+ sp:
+ allow_unsolicited: true
+
+ # The examples below are just used to generate our metadata xml, and you
+ # may well not need them, depending on your setup. Alternatively you
+ # may need a whole lot more detail - see the pysaml2 docs!
+ description: ["My awesome SP", "en"]
+ name: ["Test SP", "en"]
+
+ ui_info:
+ display_name:
+ - lang: en
+ text: "Display Name is the descriptive name of your service."
+ description:
+ - lang: en
+ text: "Description should be a short paragraph explaining the purpose of the service."
+ information_url:
+ - lang: en
+ text: "https://example.com/terms-of-service"
+ privacy_statement_url:
+ - lang: en
+ text: "https://example.com/privacy-policy"
+ keywords:
+ - lang: en
+ text: ["Matrix", "Element"]
+ logo:
+ - lang: en
+ text: "https://example.com/logo.svg"
+ width: "200"
+ height: "80"
+
+ organization:
+ name: Example com
+ display_name:
+ - ["Example co", "en"]
+ url: "http://example.com"
+
+ contact_person:
+ - given_name: Bob
+ sur_name: "the Sysadmin"
+ email_address": ["admin@example.com"]
+ contact_type": technical
+
+ saml_session_lifetime: 5m
+
+ user_mapping_provider:
+ # Below options are intended for the built-in provider, they should be
+ # changed if using a custom module.
+ config:
+ mxid_source_attribute: displayName
+ mxid_mapping: dotreplace
+
+ grandfathered_mxid_source_attribute: upn
+
+ attribute_requirements:
+ - attribute: userGroup
+ value: "staff"
+ - attribute: department
+ value: "sales"
+
+ idp_entityid: 'https://our_idp/entityid'
+```
+---
+Config option: `oidc_providers`
+
+List of OpenID Connect (OIDC) / OAuth 2.0 identity providers, for registration
+and login. See [here](../../openid.md)
+for information on how to configure these options.
+
+For backwards compatibility, it is also possible to configure a single OIDC
+provider via an `oidc_config` setting. This is now deprecated and admins are
+advised to migrate to the `oidc_providers` format. (When doing that migration,
+use `oidc` for the `idp_id` to ensure that existing users continue to be
+recognised.)
+
+Options for each entry include:
+* `idp_id`: a unique identifier for this identity provider. Used internally
+ by Synapse; should be a single word such as 'github'.
+ Note that, if this is changed, users authenticating via that provider
+ will no longer be recognised as the same user!
+ (Use "oidc" here if you are migrating from an old `oidc_config` configuration.)
+
+* `idp_name`: A user-facing name for this identity provider, which is used to
+ offer the user a choice of login mechanisms.
+
+* `idp_icon`: An optional icon for this identity provider, which is presented
+ by clients and Synapse's own IdP picker page. If given, must be an
+ MXC URI of the format mxc:///. (An easy way to
+ obtain such an MXC URI is to upload an image to an (unencrypted) room
+ and then copy the "url" from the source of the event.)
+
+* `idp_brand`: An optional brand for this identity provider, allowing clients
+ to style the login flow according to the identity provider in question.
+ See the [spec](https://spec.matrix.org/latest/) for possible options here.
+
+* `discover`: set to false to disable the use of the OIDC discovery mechanism
+ to discover endpoints. Defaults to true.
+
+* `issuer`: Required. The OIDC issuer. Used to validate tokens and (if discovery
+ is enabled) to discover the provider's endpoints.
+
+* `client_id`: Required. oauth2 client id to use.
+
+* `client_secret`: oauth2 client secret to use. May be omitted if
+ `client_secret_jwt_key` is given, or if `client_auth_method` is 'none'.
+
+* `client_secret_jwt_key`: Alternative to client_secret: details of a key used
+ to create a JSON Web Token to be used as an OAuth2 client secret. If
+ given, must be a dictionary with the following properties:
+
+ * `key`: a pem-encoded signing key. Must be a suitable key for the
+ algorithm specified. Required unless `key_file` is given.
+
+ * `key_file`: the path to file containing a pem-encoded signing key file.
+ Required unless `key` is given.
+
+ * `jwt_header`: a dictionary giving properties to include in the JWT
+ header. Must include the key `alg`, giving the algorithm used to
+ sign the JWT, such as "ES256", using the JWA identifiers in
+ RFC7518.
+
+ * `jwt_payload`: an optional dictionary giving properties to include in
+ the JWT payload. Normally this should include an `iss` key.
+
+* `client_auth_method`: auth method to use when exchanging the token. Valid
+ values are `client_secret_basic` (default), `client_secret_post` and
+ `none`.
+
+* `scopes`: list of scopes to request. This should normally include the "openid"
+ scope. Defaults to ["openid"].
+
+* `authorization_endpoint`: the oauth2 authorization endpoint. Required if
+ provider discovery is disabled.
+
+* `token_endpoint`: the oauth2 token endpoint. Required if provider discovery is
+ disabled.
+
+* `userinfo_endpoint`: the OIDC userinfo endpoint. Required if discovery is
+ disabled and the 'openid' scope is not requested.
+
+* `jwks_uri`: URI where to fetch the JWKS. Required if discovery is disabled and
+ the 'openid' scope is used.
+
+* `skip_verification`: set to 'true' to skip metadata verification. Use this if
+ you are connecting to a provider that is not OpenID Connect compliant.
+ Defaults to false. Avoid this in production.
+
+* `user_profile_method`: Whether to fetch the user profile from the userinfo
+ endpoint, or to rely on the data returned in the id_token from the `token_endpoint`.
+ Valid values are: `auto` or `userinfo_endpoint`.
+ Defaults to `auto`, which uses the userinfo endpoint if `openid` is
+ not included in `scopes`. Set to `userinfo_endpoint` to always use the
+ userinfo endpoint.
+
+* `allow_existing_users`: set to true to allow a user logging in via OIDC to
+ match a pre-existing account instead of failing. This could be used if
+ switching from password logins to OIDC. Defaults to false.
+
+* `user_mapping_provider`: Configuration for how attributes returned from a OIDC
+ provider are mapped onto a matrix user. This setting has the following
+ sub-properties:
+
+ * `module`: The class name of a custom mapping module. Default is
+ `synapse.handlers.oidc.JinjaOidcMappingProvider`.
+ See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers
+ for information on implementing a custom mapping provider.
+
+ * `config`: Configuration for the mapping provider module. This section will
+ be passed as a Python dictionary to the user mapping provider
+ module's `parse_config` method.
+
+ For the default provider, the following settings are available:
+
+ * subject_claim: name of the claim containing a unique identifier
+ for the user. Defaults to 'sub', which OpenID Connect
+ compliant providers should provide.
+
+ * `localpart_template`: Jinja2 template for the localpart of the MXID.
+ If this is not set, the user will be prompted to choose their
+ own username (see the documentation for the `sso_auth_account_details.html`
+ template). This template can use the `localpart_from_email` filter.
+
+ * `confirm_localpart`: Whether to prompt the user to validate (or
+ change) the generated localpart (see the documentation for the
+ 'sso_auth_account_details.html' template), instead of
+ registering the account right away.
+
+ * `display_name_template`: Jinja2 template for the display name to set
+ on first login. If unset, no displayname will be set.
+
+ * `email_template`: Jinja2 template for the email address of the user.
+ If unset, no email address will be added to the account.
+
+ * `extra_attributes`: a map of Jinja2 templates for extra attributes
+ to send back to the client during login. Note that these are non-standard and clients will ignore them
+ without modifications.
+
+ When rendering, the Jinja2 templates are given a 'user' variable,
+ which is set to the claims returned by the UserInfo Endpoint and/or
+ in the ID Token.
+
+
+It is possible to configure Synapse to only allow logins if certain attributes
+match particular values in the OIDC userinfo. The requirements can be listed under
+`attribute_requirements` as shown here:
+```yaml
+attribute_requirements:
+ - attribute: family_name
+ value: "Stephensson"
+ - attribute: groups
+ value: "admin"
+```
+All of the listed attributes must match for the login to be permitted. Additional attributes can be added to
+userinfo by expanding the `scopes` section of the OIDC config to retrieve
+additional information from the OIDC provider.
+
+If the OIDC claim is a list, then the attribute must match any value in the list.
+Otherwise, it must exactly match the value of the claim. Using the example
+above, the `family_name` claim MUST be "Stephensson", but the `groups`
+claim MUST contain "admin".
+
+Example configuration:
+```yaml
+oidc_providers:
+ # Generic example
+ #
+ - idp_id: my_idp
+ idp_name: "My OpenID provider"
+ idp_icon: "mxc://example.com/mediaid"
+ discover: false
+ issuer: "https://accounts.example.com/"
+ client_id: "provided-by-your-issuer"
+ client_secret: "provided-by-your-issuer"
+ client_auth_method: client_secret_post
+ scopes: ["openid", "profile"]
+ authorization_endpoint: "https://accounts.example.com/oauth2/auth"
+ token_endpoint: "https://accounts.example.com/oauth2/token"
+ userinfo_endpoint: "https://accounts.example.com/userinfo"
+ jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
+ skip_verification: true
+ user_mapping_provider:
+ config:
+ subject_claim: "id"
+ localpart_template: "{{ user.login }}"
+ display_name_template: "{{ user.name }}"
+ email_template: "{{ user.email }}"
+ attribute_requirements:
+ - attribute: userGroup
+ value: "synapseUsers"
+```
+---
+Config option: `cas_config`
+
+Enable Central Authentication Service (CAS) for registration and login.
+Has the following sub-options:
+* `enabled`: Set this to true to enable authorization against a CAS server.
+ Defaults to false.
+* `server_url`: The URL of the CAS authorization endpoint.
+* `displayname_attribute`: The attribute of the CAS response to use as the display name.
+ If no name is given here, no displayname will be set.
+* `required_attributes`: It is possible to configure Synapse to only allow logins if CAS attributes
+ match particular values. All of the keys given below must exist
+ and the values must match the given value. Alternately if the given value
+ is `None` then any value is allowed (the attribute just must exist).
+ All of the listed attributes must match for the login to be permitted.
+
+Example configuration:
+```yaml
+cas_config:
+ enabled: true
+ server_url: "https://cas-server.com"
+ displayname_attribute: name
+ required_attributes:
+ userGroup: "staff"
+ department: None
+```
+---
+Config option: `sso`
+
+Additional settings to use with single-sign on systems such as OpenID Connect,
+SAML2 and CAS.
+
+Server admins can configure custom templates for pages related to SSO. See
+[here](../../templates.md) for more information.
+
+Options include:
+* `client_whitelist`: A list of client URLs which are whitelisted so that the user does not
+ have to confirm giving access to their account to the URL. Any client
+ whose URL starts with an entry in the following list will not be subject
+ to an additional confirmation step after the SSO login is completed.
+ WARNING: An entry such as "https://my.client" is insecure, because it
+ will also match "https://my.client.evil.site", exposing your users to
+ phishing attacks from evil.site. To avoid this, include a slash after the
+ hostname: "https://my.client/".
+ The login fallback page (used by clients that don't natively support the
+ required login flows) is whitelisted in addition to any URLs in this list.
+ By default, this list contains only the login fallback page.
+* `update_profile_information`: Use this setting to keep a user's profile fields in sync with information from
+ the identity provider. Currently only syncing the displayname is supported. Fields
+ are checked on every SSO login, and are updated if necessary.
+ Note that enabling this option will override user profile information,
+ regardless of whether users have opted-out of syncing that
+ information when first signing in. Defaults to false.
+
+
+Example configuration:
+```yaml
+sso:
+ client_whitelist:
+ - https://riot.im/develop
+ - https://my.custom.client/
+ update_profile_information: true
+```
+---
+Config option: `jwt_config`
+
+JSON web token integration. The following settings can be used to make
+Synapse JSON web tokens for authentication, instead of its internal
+password database.
+
+Each JSON Web Token needs to contain a "sub" (subject) claim, which is
+used as the localpart of the mxid.
+
+Additionally, the expiration time ("exp"), not before time ("nbf"),
+and issued at ("iat") claims are validated if present.
+
+Note that this is a non-standard login type and client support is
+expected to be non-existent.
+
+See [here](../../jwt.md) for more.
+
+Additional sub-options for this setting include:
+* `enabled`: Set to true to enable authorization using JSON web
+ tokens. Defaults to false.
+* `secret`: This is either the private shared secret or the public key used to
+ decode the contents of the JSON web token. Required if `enabled` is set to true.
+* `algorithm`: The algorithm used to sign the JSON web token. Supported algorithms are listed at
+ https://pyjwt.readthedocs.io/en/latest/algorithms.html Required if `enabled` is set to true.
+* `subject_claim`: Name of the claim containing a unique identifier for the user.
+ Optional, defaults to `sub`.
+* `issuer`: The issuer to validate the "iss" claim against. Optional. If provided the
+ "iss" claim will be required and validated for all JSON web tokens.
+* `audiences`: A list of audiences to validate the "aud" claim against. Optional.
+ If provided the "aud" claim will be required and validated for all JSON web tokens.
+ Note that if the "aud" claim is included in a JSON web token then
+ validation will fail without configuring audiences.
+
+Example configuration:
+```yaml
+jwt_config:
+ enabled: true
+ secret: "provided-by-your-issuer"
+ algorithm: "provided-by-your-issuer"
+ subject_claim: "name_of_claim"
+ issuer: "provided-by-your-issuer"
+ audiences:
+ - "provided-by-your-issuer"
+```
+---
+Config option: `password_config`
+
+Use this setting to enable password-based logins.
+
+This setting has the following sub-options:
+* `enabled`: Defaults to true.
+* `localdb_enabled`: Set to false to disable authentication against the local password
+ database. This is ignored if `enabled` is false, and is only useful
+ if you have other `password_providers`. Defaults to true.
+* `pepper`: Set the value here to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
+ DO NOT CHANGE THIS AFTER INITIAL SETUP!
+* `policy`: Define and enforce a password policy, such as minimum lengths for passwords, etc.
+ Each parameter is optional. This is an implementation of MSC2000. Parameters are as follows:
+ * `enabled`: Defaults to false. Set to true to enable.
+ * `minimum_length`: Minimum accepted length for a password. Defaults to 0.
+ * `require_digit`: Whether a password must contain at least one digit.
+ Defaults to false.
+ * `require_symbol`: Whether a password must contain at least one symbol.
+ A symbol is any character that's not a number or a letter. Defaults to false.
+ * `require_lowercase`: Whether a password must contain at least one lowercase letter.
+ Defaults to false.
+ * `require_uppercase`: Whether a password must contain at least one uppercase letter.
+ Defaults to false.
+
+
+Example configuration:
+```yaml
+password_config:
+ enabled: false
+ localdb_enabled: false
+ pepper: "EVEN_MORE_SECRET"
+
+ policy:
+ enabled: true
+ minimum_length: 15
+ require_digit: true
+ require_symbol: true
+ require_lowercase: true
+ require_uppercase: true
+```
+---
+Config option: `ui_auth`
+
+The amount of time to allow a user-interactive authentication session to be active.
+
+This defaults to 0, meaning the user is queried for their credentials
+before every action, but this can be overridden to allow a single
+validation to be re-used. This weakens the protections afforded by
+the user-interactive authentication process, by allowing for multiple
+(and potentially different) operations to use the same validation session.
+
+This is ignored for potentially "dangerous" operations (including
+deactivating an account, modifying an account password, and
+adding a 3PID).
+
+Use the `session_timeout` sub-option here to change the time allowed for credential validation.
+
+Example configuration:
+```yaml
+ui_auth:
+ session_timeout: "15s"
+```
+---
+Config option: `email`
+
+Configuration for sending emails from Synapse.
+
+Server admins can configure custom templates for email content. See
+[here](../../templates.md) for more information.
+
+This setting has the following sub-options:
+* `smtp_host`: The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
+* `smtp_port`: The port on the mail server for outgoing SMTP. Defaults to 25.
+* `smtp_user` and `smtp_pass`: Username/password for authentication to the SMTP server. By default, no
+ authentication is attempted.
+* `require_transport_security`: Set to true to require TLS transport security for SMTP.
+ By default, Synapse will connect over plain text, and will then switch to
+ TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
+ Synapse will refuse to connect unless the server supports STARTTLS.
+* `enable_tls`: By default, if the server supports TLS, it will be used, and the server
+ must present a certificate that is valid for 'smtp_host'. If this option
+ is set to false, TLS will not be used.
+* `notif_from`: defines the "From" address to use when sending emails.
+ It must be set if email sending is enabled. The placeholder '%(app)s' will be replaced by the application name,
+ which is normally set in `app_name`, but may be overridden by the
+ Matrix client application. Note that the placeholder must be written '%(app)s', including the
+ trailing 's'.
+* `app_name`: `app_name` defines the default value for '%(app)s' in `notif_from` and email
+ subjects. It defaults to 'Matrix'.
+* `enable_notifs`: Set to true to enable sending emails for messages that the user
+ has missed. Disabled by default.
+* `notif_for_new_users`: Set to false to disable automatic subscription to email
+ notifications for new users. Enabled by default.
+* `client_base_url`: Custom URL for client links within the email notifications. By default
+ links will be based on "https://matrix.to". (This setting used to be called `riot_base_url`;
+ the old name is still supported for backwards-compatibility but is now deprecated.)
+* `validation_token_lifetime`: Configures the time that a validation email will expire after sending.
+ Defaults to 1h.
+* `invite_client_location`: The web client location to direct users to during an invite. This is passed
+ to the identity server as the `org.matrix.web_client_location` key. Defaults
+ to unset, giving no guidance to the identity server.
+* `subjects`: Subjects to use when sending emails from Synapse. The placeholder '%(app)s' will
+ be replaced with the value of the `app_name` setting, or by a value dictated by the Matrix client application.
+ In addition, each subject can use the following placeholders: '%(person)s', which will be replaced by the displayname
+ of the user(s) that sent the message(s), e.g. "Alice and Bob", and '%(room)s', which will be replaced by the name of the room the
+ message(s) have been sent to, e.g. "My super room". In addition, emails related to account administration will
+ can use the '%(server_name)s' placeholder, which will be replaced by the value of the
+ `server_name` setting in your Synapse configuration.
+
+ Here is a list of subjects for notification emails that can be set:
+ * `message_from_person_in_room`: Subject to use to notify about one message from one or more user(s) in a
+ room which has a name. Defaults to "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
+ * `message_from_person`: Subject to use to notify about one message from one or more user(s) in a
+ room which doesn't have a name. Defaults to "[%(app)s] You have a message on %(app)s from %(person)s..."
+ * `messages_from_person`: Subject to use to notify about multiple messages from one or more users in
+ a room which doesn't have a name. Defaults to "[%(app)s] You have messages on %(app)s from %(person)s..."
+ * `messages_in_room`: Subject to use to notify about multiple messages in a room which has a
+ name. Defaults to "[%(app)s] You have messages on %(app)s in the %(room)s room..."
+ * `messages_in_room_and_others`: Subject to use to notify about multiple messages in multiple rooms.
+ Defaults to "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
+ * `messages_from_person_and_others`: Subject to use to notify about multiple messages from multiple persons in
+ multiple rooms. This is similar to the setting above except it's used when
+ the room in which the notification was triggered has no name. Defaults to
+ "[%(app)s] You have messages on %(app)s from %(person)s and others..."
+ * `invite_from_person_to_room`: Subject to use to notify about an invite to a room which has a name.
+ Defaults to "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
+ * `invite_from_person`: Subject to use to notify about an invite to a room which doesn't have a
+ name. Defaults to "[%(app)s] %(person)s has invited you to chat on %(app)s..."
+ * `password_reset`: Subject to use when sending a password reset email. Defaults to "[%(server_name)s] Password reset"
+ * `email_validation`: Subject to use when sending a verification email to assert an address's
+ ownership. Defaults to "[%(server_name)s] Validate your email"
+
+Example configuration:
+```yaml
+email:
+ smtp_host: mail.server
+ smtp_port: 587
+ smtp_user: "exampleusername"
+ smtp_pass: "examplepassword"
+ require_transport_security: true
+ enable_tls: false
+ notif_from: "Your Friendly %(app)s homeserver "
+ app_name: my_branded_matrix_server
+ enable_notifs: true
+ notif_for_new_users: false
+ client_base_url: "http://localhost/riot"
+ validation_token_lifetime: 15m
+ invite_client_location: https://app.element.io
+
+ subjects:
+ message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
+ message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
+ messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
+ messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
+ messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
+ messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
+ invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
+ invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
+ password_reset: "[%(server_name)s] Password reset"
+ email_validation: "[%(server_name)s] Validate your email"
+```
+---
+## Push ##
+Configuration settings related to push notifications
+
+---
+Config option: `push`
+
+This setting defines options for push notifications.
+
+This option has a number of sub-options. They are as follows:
+* `include_content`: Clients requesting push notifications can either have the body of
+ the message sent in the notification poke along with other details
+ like the sender, or just the event ID and room ID (`event_id_only`).
+ If clients choose the to have the body sent, this option controls whether the
+ notification request includes the content of the event (other details
+ like the sender are still included). If `event_id_only` is enabled, it
+ has no effect.
+ For modern android devices the notification content will still appear
+ because it is loaded by the app. iPhone, however will send a
+ notification saying only that a message arrived and who it came from.
+ Defaults to true. Set to false to only include the event ID and room ID in push notification payloads.
+* `group_unread_count_by_room: false`: When a push notification is received, an unread count is also sent.
+ This number can either be calculated as the number of unread messages for the user, or the number of *rooms* the
+ user has unread messages in. Defaults to true, meaning push clients will see the number of
+ rooms with unread messages in them. Set to false to instead send the number
+ of unread messages.
+
+Example configuration:
+```yaml
+push:
+ include_content: false
+ group_unread_count_by_room: false
+```
+---
+## Rooms ##
+Config options relating to rooms.
+
+---
+Config option: `encryption_enabled_by_default`
+
+Controls whether locally-created rooms should be end-to-end encrypted by
+default.
+
+Possible options are "all", "invite", and "off". They are defined as:
+
+* "all": any locally-created room
+* "invite": any room created with the `private_chat` or `trusted_private_chat`
+ room creation presets
+* "off": this option will take no effect
+
+The default value is "off".
+
+Note that this option will only affect rooms created after it is set. It
+will also not affect rooms created by other servers.
+
+Example configuration:
+```yaml
+encryption_enabled_by_default_for_room_type: invite
+```
+---
+Config option: `enable_group_creation`
+
+Set to true to allow non-server-admin users to create groups on this server
+
+Example configuration:
+```yaml
+enable_group_creation: true
+```
+---
+Config option: `group_creation_prefix`
+
+If enabled/present, non-server admins can only create groups with local parts
+starting with this prefix.
+
+Example configuration:
+```yaml
+group_creation_prefix: "unofficial_"
+```
+---
+Config option: `user_directory`
+
+This setting defines options related to the user directory.
+
+This option has the following sub-options:
+* `enabled`: Defines whether users can search the user directory. If false then
+ empty responses are returned to all queries. Defaults to true.
+* `search_all_users`: Defines whether to search all users visible to your HS when searching
+ the user directory. If false, search results will only contain users
+ visible in public rooms and users sharing a room with the requester.
+ Defaults to false.
+ NB. If you set this to true, and the last time the user_directory search
+ indexes were (re)built was before Synapse 1.44, you'll have to
+ rebuild the indexes in order to search through all known users.
+ These indexes are built the first time Synapse starts; admins can
+ manually trigger a rebuild via API following the instructions at
+ https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
+ Set to true to return search results containing all known users, even if that
+ user does not share a room with the requester.
+* `prefer_local_users`: Defines whether to prefer local users in search query results.
+ If set to true, local users are more likely to appear above remote users when searching the
+ user directory. Defaults to false.
+
+Example configuration:
+```yaml
+user_directory:
+ enabled: false
+ search_all_users: true
+ prefer_local_users: true
+```
+---
+Config option: `user_consent`
+
+For detailed instructions on user consent configuration, see [here](../../consent_tracking.md).
+
+Parts of this section are required if enabling the `consent` resource under
+`listeners`, in particular `template_dir` and `version`. # TODO: link `listeners`
+
+* `template_dir`: gives the location of the templates for the HTML forms.
+ This directory should contain one subdirectory per language (eg, `en`, `fr`),
+ and each language directory should contain the policy document (named as
+ .html) and a success page (success.html).
+
+* `version`: specifies the 'current' version of the policy document. It defines
+ the version to be served by the consent resource if there is no 'v'
+ parameter.
+
+* `server_notice_content`: if enabled, will send a user a "Server Notice"
+ asking them to consent to the privacy policy. The `server_notices` section ##TODO: link
+ must also be configured for this to work. Notices will *not* be sent to
+ guest users unless `send_server_notice_to_guests` is set to true.
+
+* `block_events_error`, if set, will block any attempts to send events
+ until the user consents to the privacy policy. The value of the setting is
+ used as the text of the error.
+
+* `require_at_registration`, if enabled, will add a step to the registration
+ process, similar to how captcha works. Users will be required to accept the
+ policy before their account is created.
+
+* `policy_name` is the display name of the policy users will see when registering
+ for an account. Has no effect unless `require_at_registration` is enabled.
+ Defaults to "Privacy Policy".
+
+Example configuration:
+```yaml
+user_consent:
+ template_dir: res/templates/privacy
+ version: 1.0
+ server_notice_content:
+ msgtype: m.text
+ body: >-
+ To continue using this homeserver you must review and agree to the
+ terms and conditions at %(consent_uri)s
+ send_server_notice_to_guests: true
+ block_events_error: >-
+ To continue using this homeserver you must review and agree to the
+ terms and conditions at %(consent_uri)s
+ require_at_registration: false
+ policy_name: Privacy Policy
+```
+---
+Config option: `stats`
+
+Settings for local room and user statistics collection. See [here](../../room_and_user_statistics.md)
+for more.
+
+* `enabled`: Set to false to disable room and user statistics. Note that doing
+ so may cause certain features (such as the room directory) not to work
+ correctly. Defaults to true.
+
+Example configuration:
+```yaml
+stats:
+ enabled: false
+```
+---
+Config option: `server_notices`
+
+Use this setting to enable a room which can be used to send notices
+from the server to users. It is a special room which users cannot leave; notices
+in the room come from a special "notices" user id.
+
+If you use this setting, you *must* define the `system_mxid_localpart`
+sub-setting, which defines the id of the user which will be used to send the
+notices.
+
+Sub-options for this setting include:
+* `system_mxid_display_name`: set the display name of the "notices" user
+* `system_mxid_avatar_url`: set the avatar for the "notices" user
+* `room_name`: set the room name of the server notices room
+
+Example configuration:
+```yaml
+server_notices:
+ system_mxid_localpart: notices
+ system_mxid_display_name: "Server Notices"
+ system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
+ room_name: "Server Notices"
+```
+---
+Config option: `enable_room_list_search`
+
+Set to false to disable searching the public room list. When disabled
+blocks searching local and remote room lists for local and remote
+users by always returning an empty list for all queries. Defaults to true.
+
+Example configuration:
+```yaml
+enable_room_list_search: false
+```
+---
+Config option: `alias_creation`
+
+The `alias_creation` option controls who is allowed to create aliases
+on this server.
+
+The format of this option is a list of rules that contain globs that
+match against user_id, room_id and the new alias (fully qualified with
+server name). The action in the first rule that matches is taken,
+which can currently either be "allow" or "deny".
+
+Missing user_id/room_id/alias fields default to "*".
+
+If no rules match the request is denied. An empty list means no one
+can create aliases.
+
+Options for the rules include:
+* `user_id`: Matches against the creator of the alias. Defaults to "*".
+* `alias`: Matches against the alias being created. Defaults to "*".
+* `room_id`: Matches against the room ID the alias is being pointed at. Defaults to "*"
+* `action`: Whether to "allow" or "deny" the request if the rule matches. Defaults to allow.
+
+Example configuration:
+```yaml
+alias_creation_rules:
+ - user_id: "bad_user"
+ alias: "spammy_alias"
+ room_id: "*"
+ action: deny
+```
+---
+Config options: `room_list_publication_rules`
+
+The `room_list_publication_rules` option controls who can publish and
+which rooms can be published in the public room list.
+
+The format of this option is the same as that for
+`alias_creation_rules`.
+
+If the room has one or more aliases associated with it, only one of
+the aliases needs to match the alias rule. If there are no aliases
+then only rules with `alias: *` match.
+
+If no rules match the request is denied. An empty list means no one
+can publish rooms.
+
+Options for the rules include:
+* `user_id`: Matches against the creator of the alias. Defaults to "*".
+* `alias`: Matches against any current local or canonical aliases associated with the room. Defaults to "*".
+* `room_id`: Matches against the room ID being published. Defaults to "*".
+* `action`: Whether to "allow" or "deny" the request if the rule matches. Defaults to allow.
+
+Example configuration:
+```yaml
+room_list_publication_rules:
+ - user_id: "*"
+ alias: "*"
+ room_id: "*"
+ action: allow
+```
+---
+## Opentracing ##
+Configuration options related to Opentracing support.
+
+---
+Config option: `opentracing`
+
+These settings enable and configure opentracing, which implements distributed tracing.
+This allows you to observe the causal chains of events across servers
+including requests, key lookups etc., across any server running
+synapse or any other services which support opentracing
+(specifically those implemented with Jaeger).
+
+Sub-options include:
+* `enabled`: whether tracing is enabled. Set to true to enable. Disabled by default.
+* `homeserver_whitelist`: The list of homeservers we wish to send and receive span contexts and span baggage.
+ See [here](../../opentracing.md) for more.
+ This is a list of regexes which are matched against the `server_name` of the homeserver.
+ By default, it is empty, so no servers are matched.
+* `force_tracing_for_users`: # A list of the matrix IDs of users whose requests will always be traced,
+ even if the tracing system would otherwise drop the traces due to probabilistic sampling.
+ By default, the list is empty.
+* `jaeger_config`: Jaeger can be configured to sample traces at different rates.
+ All configuration options provided by Jaeger can be set here. Jaeger's configuration is
+ mostly related to trace sampling which is documented [here](https://www.jaegertracing.io/docs/latest/sampling/).
+
+Example configuration:
+```yaml
+opentracing:
+ enabled: true
+ homeserver_whitelist:
+ - ".*"
+ force_tracing_for_users:
+ - "@user1:server_name"
+ - "@user2:server_name"
+
+ jaeger_config:
+ sampler:
+ type: const
+ param: 1
+ logging:
+ false
+```
+---
+## Workers ##
+Configuration options related to workers.
+
+---
+Config option: `send_federation`
+
+Controls sending of outbound federation transactions on the main process.
+Set to false if using a federation sender worker. Defaults to true.
+
+Example configuration:
+```yaml
+send_federation: false
+```
+---
+Config option: `federation_sender_instances`
+
+It is possible to run multiple federation sender workers, in which case the
+work is balanced across them. Use this setting to list the senders.
+
+This configuration setting must be shared between all federation sender workers, and if
+changed all federation sender workers must be stopped at the same time and then
+started, to ensure that all instances are running with the same config (otherwise
+events may be dropped).
+
+Example configuration:
+```yaml
+federation_sender_instances:
+ - federation_sender1
+```
+---
+Config option: `instance_map`
+
+When using workers this should be a map from worker name to the
+HTTP replication listener of the worker, if configured.
+
+Example configuration:
+```yaml
+instance_map:
+ worker1:
+ host: localhost
+ port: 8034
+```
+---
+Config option: `stream_writers`
+
+Experimental: When using workers you can define which workers should
+handle event persistence and typing notifications. Any worker
+specified here must also be in the `instance_map`.
+
+Example configuration:
+```yaml
+stream_writers:
+ events: worker1
+ typing: worker1
+```
+---
+Config option: `run_background_task_on`
+
+The worker that is used to run background tasks (e.g. cleaning up expired
+data). If not provided this defaults to the main process.
+
+Example configuration:
+```yaml
+run_background_tasks_on: worker1
+```
+---
+Config option: `worker_replication_secret`
+
+A shared secret used by the replication APIs to authenticate HTTP requests
+from workers.
+
+By default this is unused and traffic is not authenticated.
+
+Example configuration:
+```yaml
+worker_replication_secret: "secret_secret"
+```
+Config option: `redis`
+
+Configuration for Redis when using workers. This *must* be enabled when
+using workers (unless using old style direct TCP configuration).
+This setting has the following sub-options:
+* `enabled`: whether to use Redis support. Defaults to false.
+* `host` and `port`: Optional host and port to use to connect to redis. Defaults to
+ localhost and 6379
+* `password`: Optional password if configured on the Redis instance.
+
+Example configuration:
+```yaml
+redis:
+ enabled: true
+ host: localhost
+ port: 6379
+ password:
+```
+## Background Updates ##
+Configuration settings related to background updates.
+
+---
+Config option: `background_updates`
+
+Background updates are database updates that are run in the background in batches.
+The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to
+sleep can all be configured. This is helpful to speed up or slow down the updates.
+This setting has the following sub-options:
+* `background_update_duration_ms`: How long in milliseconds to run a batch of background updates for. Defaults to 100.
+ Set a different time to change the default.
+* `sleep_enabled`: Whether to sleep between updates. Defaults to true. Set to false to change the default.
+* `sleep_duration_ms`: If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000.
+ Set a duration to change the default.
+* `min_batch_size`: Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1.
+ Set a size to change the default.
+* `default_batch_size`: The batch size to use for the first iteration of a new background update. The default is 100.
+ Set a size to change the default.
+
+Example configuration:
+```yaml
+background_updates:
+ background_update_duration_ms: 500
+ sleep_enabled: false
+ sleep_duration_ms: 300
+ min_batch_size: 10
+ default_batch_size: 50
+```
diff --git a/docs/workers.md b/docs/workers.md
index 858411b15ec3..553792d2384c 100644
--- a/docs/workers.md
+++ b/docs/workers.md
@@ -138,20 +138,7 @@ as the `listeners` option in the shared config.
For example:
```yaml
-worker_app: synapse.app.generic_worker
-worker_name: worker1
-
-# The replication listener on the main synapse process.
-worker_replication_host: 127.0.0.1
-worker_replication_http_port: 9093
-
-worker_listeners:
- - type: http
- port: 8083
- resources:
- - names: [client, federation]
-
-worker_log_config: /home/matrix/synapse/config/worker1_log_config.yaml
+{{#include systemd-with-workers/workers/generic_worker.yaml}}
```
...is a full configuration for a generic worker instance, which will expose a
@@ -363,6 +350,12 @@ stream_writers:
events: event_persister1
```
+An example for a stream writer instance:
+
+```yaml
+{{#include systemd-with-workers/workers/event_persister.yaml}}
+```
+
Some of the streams have associated endpoints which, for maximum efficiency, should
be routed to the workers handling that stream. See below for the currently supported
streams and the endpoints associated with them:
@@ -433,9 +426,49 @@ the shared configuration would include:
run_background_tasks_on: background_worker
```
-You might also wish to investigate the `update_user_directory` and
+You might also wish to investigate the `update_user_directory_from_worker` and
`media_instance_running_background_jobs` settings.
+An example for a dedicated background worker instance:
+
+```yaml
+{{#include systemd-with-workers/workers/background_worker.yaml}}
+```
+
+#### Updating the User Directory
+
+You can designate one generic worker to update the user directory.
+
+Specify its name in the shared configuration as follows:
+
+```yaml
+update_user_directory_from_worker: worker_name
+```
+
+This work cannot be load-balanced; please ensure the main process is restarted
+after setting this option in the shared configuration!
+
+This style of configuration supersedes the legacy `synapse.app.user_dir`
+worker application type.
+
+
+#### Notifying Application Services
+
+You can designate one generic worker to send output traffic to Application Services.
+
+Specify its name in the shared configuration as follows:
+
+```yaml
+notify_appservices_from_worker: worker_name
+```
+
+This work cannot be load-balanced; please ensure the main process is restarted
+after setting this option in the shared configuration!
+
+This style of configuration supersedes the legacy `synapse.app.appservice`
+worker application type.
+
+
### `synapse.app.pusher`
Handles sending push notifications to sygnal and email. Doesn't handle any
@@ -454,6 +487,9 @@ pusher_instances:
### `synapse.app.appservice`
+**Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
+`notify_appservices_from_worker` option instead.](#notifying-application-services)
+
Handles sending output traffic to Application Services. Doesn't handle any
REST endpoints itself, but you should set `notify_appservices: False` in the
shared configuration file to stop the main synapse sending appservice notifications.
@@ -521,6 +557,9 @@ Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for
### `synapse.app.user_dir`
+**Deprecated as of Synapse v1.59.** [Use `synapse.app.generic_worker` with the
+`update_user_directory_from_worker` option instead.](#updating-the-user-directory)
+
Handles searches in the user directory. It can handle REST endpoints matching
the following regular expressions:
@@ -615,14 +654,14 @@ The following shows an example setup using Redis and a reverse proxy:
| Main | | Generic | | Generic | | Event |
| Process | | Worker 1 | | Worker 2 | | Persister |
+--------------+ +--------------+ +--------------+ +--------------+
- ^ ^ | ^ | | ^ | ^ ^
- | | | | | | | | | |
- | | | | | HTTP | | | | |
- | +----------+<--|---|---------+ | | | |
- | | +-------------|-->+----------+ |
- | | | |
- | | | |
- v v v v
-====================================================================
+ ^ ^ | ^ | | ^ | | ^ ^
+ | | | | | | | | | | |
+ | | | | | HTTP | | | | | |
+ | +----------+<--|---|---------+<--|---|---------+ | |
+ | | +-------------|-->+-------------+ |
+ | | | |
+ | | | |
+ v v v v
+======================================================================
Redis pub/sub channel
```
diff --git a/mypy.ini b/mypy.ini
index 5246f987c009..ba0de419f5ea 100644
--- a/mypy.ini
+++ b/mypy.ini
@@ -7,13 +7,13 @@ show_error_codes = True
show_traceback = True
mypy_path = stubs
warn_unreachable = True
+warn_unused_ignores = True
local_partial_types = True
no_implicit_optional = True
files =
docker/,
scripts-dev/,
- setup.py,
synapse/,
tests/
@@ -24,10 +24,6 @@ files =
# https://docs.python.org/3/library/re.html#re.X
exclude = (?x)
^(
- |scripts-dev/build_debian_packages.py
- |scripts-dev/federation_client.py
- |scripts-dev/release.py
-
|synapse/storage/databases/__init__.py
|synapse/storage/databases/main/cache.py
|synapse/storage/databases/main/devices.py
@@ -135,6 +131,11 @@ disallow_untyped_defs = True
[mypy-synapse.metrics.*]
disallow_untyped_defs = True
+[mypy-synapse.metrics._reactor_metrics]
+# This module imports select.epoll. That exists on Linux, but doesn't on macOS.
+# See https://github.com/matrix-org/synapse/pull/11771.
+warn_unused_ignores = False
+
[mypy-synapse.module_api.*]
disallow_untyped_defs = True
@@ -234,69 +235,32 @@ disallow_untyped_defs = True
;; The `typeshed` project maintains stubs here:
;; https://github.com/python/typeshed/tree/master/stubs
;; and for each package `foo` there's a corresponding `types-foo` package on PyPI,
-;; which we can pull in as a dev dependency by adding to `setup.py`'s
-;; `CONDITIONAL_REQUIREMENTS["mypy"]` list.
+;; which we can pull in as a dev dependency by adding to `pyproject.toml`'s
+;; `[tool.poetry.dev-dependencies]` list.
[mypy-authlib.*]
ignore_missing_imports = True
-[mypy-bcrypt]
-ignore_missing_imports = True
-
[mypy-canonicaljson]
ignore_missing_imports = True
-[mypy-constantly]
-ignore_missing_imports = True
-
-[mypy-daemonize]
-ignore_missing_imports = True
-
-[mypy-h11]
-ignore_missing_imports = True
-
-[mypy-hiredis]
-ignore_missing_imports = True
-
-[mypy-hyperlink]
-ignore_missing_imports = True
-
[mypy-ijson.*]
ignore_missing_imports = True
-[mypy-importlib_metadata.*]
-ignore_missing_imports = True
-
-[mypy-jaeger_client.*]
-ignore_missing_imports = True
-
-[mypy-josepy.*]
-ignore_missing_imports = True
-
-[mypy-jwt.*]
-ignore_missing_imports = True
-
[mypy-lxml]
ignore_missing_imports = True
[mypy-msgpack]
ignore_missing_imports = True
-[mypy-nacl.*]
-ignore_missing_imports = True
-
+# Note: WIP stubs available at
+# https://github.com/microsoft/python-type-stubs/tree/64934207f523ad6b611e6cfe039d85d7175d7d0d/netaddr
[mypy-netaddr]
ignore_missing_imports = True
[mypy-parameterized.*]
ignore_missing_imports = True
-[mypy-phonenumbers.*]
-ignore_missing_imports = True
-
-[mypy-prometheus_client.*]
-ignore_missing_imports = True
-
[mypy-pymacaroons.*]
ignore_missing_imports = True
@@ -309,23 +273,14 @@ ignore_missing_imports = True
[mypy-saml2.*]
ignore_missing_imports = True
-[mypy-sentry_sdk]
-ignore_missing_imports = True
-
[mypy-service_identity.*]
ignore_missing_imports = True
-[mypy-signedjson.*]
+[mypy-srvlookup.*]
ignore_missing_imports = True
[mypy-treq.*]
ignore_missing_imports = True
-[mypy-twisted.*]
-ignore_missing_imports = True
-
-[mypy-zope]
-ignore_missing_imports = True
-
[mypy-incremental.*]
ignore_missing_imports = True
diff --git a/poetry.lock b/poetry.lock
index a9f3e61015c8..49a912a58962 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,11 +1,3 @@
-[[package]]
-name = "appdirs"
-version = "1.4.4"
-description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
-category = "dev"
-optional = false
-python-versions = "*"
-
[[package]]
name = "attrs"
version = "21.4.0"
@@ -49,17 +41,6 @@ six = "*"
[package.extras]
visualize = ["graphviz (>0.5.1)", "Twisted (>=16.1.1)"]
-[[package]]
-name = "baron"
-version = "0.10.1"
-description = "Full Syntax Tree for python to make writing refactoring code a realist task"
-category = "dev"
-optional = false
-python-versions = "*"
-
-[package.dependencies]
-rply = "*"
-
[[package]]
name = "bcrypt"
version = "3.2.0"
@@ -328,14 +309,15 @@ smmap = ">=3.0.1,<6"
[[package]]
name = "gitpython"
-version = "3.1.14"
-description = "Python Git Library"
+version = "3.1.27"
+description = "GitPython is a python library used to interact with Git repositories"
category = "dev"
optional = false
-python-versions = ">=3.4"
+python-versions = ">=3.7"
[package.dependencies]
gitdb = ">=4.0.1,<5"
+typing-extensions = {version = ">=3.7.4.3", markers = "python_version < \"3.8\""}
[[package]]
name = "hiredis"
@@ -558,17 +540,20 @@ test = ["tox", "twisted", "aiounittest"]
[[package]]
name = "matrix-synapse-ldap3"
-version = "0.1.5"
+version = "0.2.0"
description = "An LDAP3 auth provider for Synapse"
category = "main"
optional = true
-python-versions = "*"
+python-versions = ">=3.7"
[package.dependencies]
ldap3 = ">=2.8"
-service_identity = "*"
+service-identity = "*"
Twisted = ">=15.1.0"
+[package.extras]
+dev = ["matrix-synapse", "tox", "ldaptor", "mypy (==0.910)", "types-setuptools", "black (==21.9b0)", "flake8 (==4.0.1)", "isort (==5.9.3)"]
+
[[package]]
name = "mccabe"
version = "0.6.1"
@@ -587,7 +572,7 @@ python-versions = "*"
[[package]]
name = "mypy"
-version = "0.931"
+version = "0.950"
description = "Optional static typing for Python"
category = "dev"
optional = false
@@ -595,13 +580,14 @@ python-versions = ">=3.6"
[package.dependencies]
mypy-extensions = ">=0.4.3"
-tomli = ">=1.1.0"
+tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
typed-ast = {version = ">=1.4.0,<2", markers = "python_version < \"3.8\""}
typing-extensions = ">=3.10"
[package.extras]
dmypy = ["psutil (>=4.0)"]
python2 = ["typed-ast (>=1.4.0,<2)"]
+reports = ["lxml"]
[[package]]
name = "mypy-extensions"
@@ -613,14 +599,14 @@ python-versions = "*"
[[package]]
name = "mypy-zope"
-version = "0.3.5"
+version = "0.3.7"
description = "Plugin for mypy to support zope interfaces"
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
-mypy = "0.931"
+mypy = "0.950"
"zope.interface" = "*"
"zope.schema" = "*"
@@ -981,20 +967,6 @@ Pygments = ">=2.5.1"
[package.extras]
md = ["cmarkgfm (>=0.8.0)"]
-[[package]]
-name = "redbaron"
-version = "0.9.2"
-description = "Abstraction on top of baron, a FST for python to make writing refactoring code a realistic task"
-category = "dev"
-optional = false
-python-versions = "*"
-
-[package.dependencies]
-baron = ">=0.7"
-
-[package.extras]
-notebook = ["pygments"]
-
[[package]]
name = "requests"
version = "2.27.1"
@@ -1035,17 +1007,6 @@ python-versions = ">=3.7"
[package.extras]
idna2008 = ["idna"]
-[[package]]
-name = "rply"
-version = "0.7.8"
-description = "A pure Python Lex/Yacc that works with RPython"
-category = "dev"
-optional = false
-python-versions = "*"
-
-[package.dependencies]
-appdirs = "*"
-
[[package]]
name = "secretstorage"
version = "3.3.1"
@@ -1060,7 +1021,7 @@ jeepney = ">=0.6"
[[package]]
name = "sentry-sdk"
-version = "1.5.7"
+version = "1.5.11"
description = "Python client for Sentry (https://sentry.io)"
category = "main"
optional = true
@@ -1356,6 +1317,14 @@ category = "dev"
optional = false
python-versions = "*"
+[[package]]
+name = "types-commonmark"
+version = "0.9.2"
+description = "Typing stubs for commonmark"
+category = "dev"
+optional = false
+python-versions = "*"
+
[[package]]
name = "types-cryptography"
version = "3.3.15"
@@ -1402,7 +1371,7 @@ python-versions = "*"
[[package]]
name = "types-pillow"
-version = "9.0.6"
+version = "9.0.15"
description = "Typing stubs for Pillow"
category = "dev"
optional = false
@@ -1577,7 +1546,7 @@ docs = ["sphinx", "repoze.sphinx.autointerface"]
test = ["zope.i18nmessageid", "zope.testing", "zope.testrunner"]
[extras]
-all = ["matrix-synapse-ldap3", "psycopg2", "psycopg2cffi", "psycopg2cffi-compat", "pysaml2", "authlib", "lxml", "sentry-sdk", "jaeger-client", "opentracing", "pyjwt", "txredisapi", "hiredis"]
+all = ["matrix-synapse-ldap3", "psycopg2", "psycopg2cffi", "psycopg2cffi-compat", "pysaml2", "authlib", "lxml", "sentry-sdk", "jaeger-client", "opentracing", "pyjwt", "txredisapi", "hiredis", "Pympler"]
cache_memory = ["Pympler"]
jwt = ["pyjwt"]
matrix-synapse-ldap3 = ["matrix-synapse-ldap3"]
@@ -1593,14 +1562,10 @@ url_preview = ["lxml"]
[metadata]
lock-version = "1.1"
-python-versions = "^3.7"
-content-hash = "964ad29eaf7fd02749a4e735818f3bc0ba729c2f4b9e3213f0daa02643508b16"
+python-versions = "^3.7.1"
+content-hash = "d39d5ac5d51c014581186b7691999b861058b569084c525523baf70b77f292b1"
[metadata.files]
-appdirs = [
- {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"},
- {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"},
-]
attrs = [
{file = "attrs-21.4.0-py2.py3-none-any.whl", hash = "sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4"},
{file = "attrs-21.4.0.tar.gz", hash = "sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"},
@@ -1613,10 +1578,6 @@ automat = [
{file = "Automat-20.2.0-py2.py3-none-any.whl", hash = "sha256:b6feb6455337df834f6c9962d6ccf771515b7d939bca142b29c20c2376bc6111"},
{file = "Automat-20.2.0.tar.gz", hash = "sha256:7979803c74610e11ef0c0d68a2942b152df52da55336e0c9d58daf1831cbdf33"},
]
-baron = [
- {file = "baron-0.10.1-py2.py3-none-any.whl", hash = "sha256:befb33f4b9e832c7cd1e3cf0eafa6dd3cb6ed4cb2544245147c019936f4e0a8a"},
- {file = "baron-0.10.1.tar.gz", hash = "sha256:af822ad44d4eb425c8516df4239ac4fdba9fdb398ef77e4924cd7c9b4045bc2f"},
-]
bcrypt = [
{file = "bcrypt-3.2.0-cp36-abi3-macosx_10_10_universal2.whl", hash = "sha256:b589229207630484aefe5899122fb938a5b017b0f4349f769b8c13e78d99a8fd"},
{file = "bcrypt-3.2.0-cp36-abi3-macosx_10_9_x86_64.whl", hash = "sha256:c95d4cbebffafcdd28bd28bb4e25b31c50f6da605c81ffd9ad8a3d1b2ab7b1b6"},
@@ -1815,8 +1776,8 @@ gitdb = [
{file = "gitdb-4.0.9.tar.gz", hash = "sha256:bac2fd45c0a1c9cf619e63a90d62bdc63892ef92387424b855792a6cabe789aa"},
]
gitpython = [
- {file = "GitPython-3.1.14-py3-none-any.whl", hash = "sha256:3283ae2fba31c913d857e12e5ba5f9a7772bbc064ae2bb09efafa71b0dd4939b"},
- {file = "GitPython-3.1.14.tar.gz", hash = "sha256:be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61"},
+ {file = "GitPython-3.1.27-py3-none-any.whl", hash = "sha256:5b68b000463593e05ff2b261acff0ff0972df8ab1b70d3cdbd41b546c8b8fc3d"},
+ {file = "GitPython-3.1.27.tar.gz", hash = "sha256:1c885ce809e8ba2d88a29befeb385fcea06338d3640712b59ca623c220bb5704"},
]
hiredis = [
{file = "hiredis-2.0.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:b4c8b0bc5841e578d5fb32a16e0c305359b987b850a06964bd5a62739d688048"},
@@ -2085,7 +2046,8 @@ matrix-common = [
{file = "matrix_common-1.1.0.tar.gz", hash = "sha256:a8238748afc2b37079818367fed5156f355771b07c8ff0a175934f47e0ff3276"},
]
matrix-synapse-ldap3 = [
- {file = "matrix-synapse-ldap3-0.1.5.tar.gz", hash = "sha256:9fdf8df7c8ec756642aa0fea53b31c0b2f1924f70d7f049a2090b523125456fe"},
+ {file = "matrix-synapse-ldap3-0.2.0.tar.gz", hash = "sha256:91a0715b43a41ec3033244174fca20846836da98fda711fb01687f7199eecd2e"},
+ {file = "matrix_synapse_ldap3-0.2.0-py3-none-any.whl", hash = "sha256:0128ca7c3058987adc2e8a88463bb46879915bfd3d373309632813b353e30f9f"},
]
mccabe = [
{file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
@@ -2128,34 +2090,37 @@ msgpack = [
{file = "msgpack-1.0.3.tar.gz", hash = "sha256:51fdc7fb93615286428ee7758cecc2f374d5ff363bdd884c7ea622a7a327a81e"},
]
mypy = [
- {file = "mypy-0.931-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:3c5b42d0815e15518b1f0990cff7a705805961613e701db60387e6fb663fe78a"},
- {file = "mypy-0.931-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c89702cac5b302f0c5d33b172d2b55b5df2bede3344a2fbed99ff96bddb2cf00"},
- {file = "mypy-0.931-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:300717a07ad09525401a508ef5d105e6b56646f7942eb92715a1c8d610149714"},
- {file = "mypy-0.931-cp310-cp310-win_amd64.whl", hash = "sha256:7b3f6f557ba4afc7f2ce6d3215d5db279bcf120b3cfd0add20a5d4f4abdae5bc"},
- {file = "mypy-0.931-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:1bf752559797c897cdd2c65f7b60c2b6969ffe458417b8d947b8340cc9cec08d"},
- {file = "mypy-0.931-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:4365c60266b95a3f216a3047f1d8e3f895da6c7402e9e1ddfab96393122cc58d"},
- {file = "mypy-0.931-cp36-cp36m-win_amd64.whl", hash = "sha256:1b65714dc296a7991000b6ee59a35b3f550e0073411ac9d3202f6516621ba66c"},
- {file = "mypy-0.931-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:e839191b8da5b4e5d805f940537efcaa13ea5dd98418f06dc585d2891d228cf0"},
- {file = "mypy-0.931-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:50c7346a46dc76a4ed88f3277d4959de8a2bd0a0fa47fa87a4cde36fe247ac05"},
- {file = "mypy-0.931-cp37-cp37m-win_amd64.whl", hash = "sha256:d8f1ff62f7a879c9fe5917b3f9eb93a79b78aad47b533911b853a757223f72e7"},
- {file = "mypy-0.931-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:f9fe20d0872b26c4bba1c1be02c5340de1019530302cf2dcc85c7f9fc3252ae0"},
- {file = "mypy-0.931-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:1b06268df7eb53a8feea99cbfff77a6e2b205e70bf31743e786678ef87ee8069"},
- {file = "mypy-0.931-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8c11003aaeaf7cc2d0f1bc101c1cc9454ec4cc9cb825aef3cafff8a5fdf4c799"},
- {file = "mypy-0.931-cp38-cp38-win_amd64.whl", hash = "sha256:d9d2b84b2007cea426e327d2483238f040c49405a6bf4074f605f0156c91a47a"},
- {file = "mypy-0.931-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:ff3bf387c14c805ab1388185dd22d6b210824e164d4bb324b195ff34e322d166"},
- {file = "mypy-0.931-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5b56154f8c09427bae082b32275a21f500b24d93c88d69a5e82f3978018a0266"},
- {file = "mypy-0.931-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8ca7f8c4b1584d63c9a0f827c37ba7a47226c19a23a753d52e5b5eddb201afcd"},
- {file = "mypy-0.931-cp39-cp39-win_amd64.whl", hash = "sha256:74f7eccbfd436abe9c352ad9fb65872cc0f1f0a868e9d9c44db0893440f0c697"},
- {file = "mypy-0.931-py3-none-any.whl", hash = "sha256:1171f2e0859cfff2d366da2c7092b06130f232c636a3f7301e3feb8b41f6377d"},
- {file = "mypy-0.931.tar.gz", hash = "sha256:0038b21890867793581e4cb0d810829f5fd4441aa75796b53033af3aa30430ce"},
+ {file = "mypy-0.950-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cf9c261958a769a3bd38c3e133801ebcd284ffb734ea12d01457cb09eacf7d7b"},
+ {file = "mypy-0.950-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b5b5bd0ffb11b4aba2bb6d31b8643902c48f990cc92fda4e21afac658044f0c0"},
+ {file = "mypy-0.950-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:5e7647df0f8fc947388e6251d728189cfadb3b1e558407f93254e35abc026e22"},
+ {file = "mypy-0.950-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:eaff8156016487c1af5ffa5304c3e3fd183edcb412f3e9c72db349faf3f6e0eb"},
+ {file = "mypy-0.950-cp310-cp310-win_amd64.whl", hash = "sha256:563514c7dc504698fb66bb1cf897657a173a496406f1866afae73ab5b3cdb334"},
+ {file = "mypy-0.950-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:dd4d670eee9610bf61c25c940e9ade2d0ed05eb44227275cce88701fee014b1f"},
+ {file = "mypy-0.950-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:ca75ecf2783395ca3016a5e455cb322ba26b6d33b4b413fcdedfc632e67941dc"},
+ {file = "mypy-0.950-cp36-cp36m-win_amd64.whl", hash = "sha256:6003de687c13196e8a1243a5e4bcce617d79b88f83ee6625437e335d89dfebe2"},
+ {file = "mypy-0.950-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:4c653e4846f287051599ed8f4b3c044b80e540e88feec76b11044ddc5612ffed"},
+ {file = "mypy-0.950-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:e19736af56947addedce4674c0971e5dceef1b5ec7d667fe86bcd2b07f8f9075"},
+ {file = "mypy-0.950-cp37-cp37m-win_amd64.whl", hash = "sha256:ef7beb2a3582eb7a9f37beaf38a28acfd801988cde688760aea9e6cc4832b10b"},
+ {file = "mypy-0.950-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:0112752a6ff07230f9ec2f71b0d3d4e088a910fdce454fdb6553e83ed0eced7d"},
+ {file = "mypy-0.950-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ee0a36edd332ed2c5208565ae6e3a7afc0eabb53f5327e281f2ef03a6bc7687a"},
+ {file = "mypy-0.950-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:77423570c04aca807508a492037abbd72b12a1fb25a385847d191cd50b2c9605"},
+ {file = "mypy-0.950-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:5ce6a09042b6da16d773d2110e44f169683d8cc8687e79ec6d1181a72cb028d2"},
+ {file = "mypy-0.950-cp38-cp38-win_amd64.whl", hash = "sha256:5b231afd6a6e951381b9ef09a1223b1feabe13625388db48a8690f8daa9b71ff"},
+ {file = "mypy-0.950-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:0384d9f3af49837baa92f559d3fa673e6d2652a16550a9ee07fc08c736f5e6f8"},
+ {file = "mypy-0.950-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1fdeb0a0f64f2a874a4c1f5271f06e40e1e9779bf55f9567f149466fc7a55038"},
+ {file = "mypy-0.950-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:61504b9a5ae166ba5ecfed9e93357fd51aa693d3d434b582a925338a2ff57fd2"},
+ {file = "mypy-0.950-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:a952b8bc0ae278fc6316e6384f67bb9a396eb30aced6ad034d3a76120ebcc519"},
+ {file = "mypy-0.950-cp39-cp39-win_amd64.whl", hash = "sha256:eaea21d150fb26d7b4856766e7addcf929119dd19fc832b22e71d942835201ef"},
+ {file = "mypy-0.950-py3-none-any.whl", hash = "sha256:a4d9898f46446bfb6405383b57b96737dcfd0a7f25b748e78ef3e8c576bba3cb"},
+ {file = "mypy-0.950.tar.gz", hash = "sha256:1b333cfbca1762ff15808a0ef4f71b5d3eed8528b23ea1c3fb50543c867d68de"},
]
mypy-extensions = [
{file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"},
{file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"},
]
mypy-zope = [
- {file = "mypy-zope-0.3.5.tar.gz", hash = "sha256:489e7da1c2af887f2cfe3496995fc247f296512b495b57817edddda9d22308f3"},
- {file = "mypy_zope-0.3.5-py3-none-any.whl", hash = "sha256:3bd0cc9a3e5933b02931af4b214ba32a4f4ff98adb30c979ce733857db91a18b"},
+ {file = "mypy-zope-0.3.7.tar.gz", hash = "sha256:9da171e78e8ef7ac8922c86af1a62f1b7f3244f121020bd94a2246bc3f33c605"},
+ {file = "mypy_zope-0.3.7-py3-none-any.whl", hash = "sha256:9c7637d066e4d1bafa0651abc091c752009769098043b236446e6725be2bc9c2"},
]
netaddr = [
{file = "netaddr-0.8.0-py2.py3-none-any.whl", hash = "sha256:9666d0232c32d2656e5e5f8d735f58fd6c7457ce52fc21c98d45f2af78f990ac"},
@@ -2408,10 +2373,6 @@ readme-renderer = [
{file = "readme_renderer-33.0-py3-none-any.whl", hash = "sha256:f02cee0c4de9636b5a62b6be50c9742427ba1b956aad1d938bfb087d0d72ccdf"},
{file = "readme_renderer-33.0.tar.gz", hash = "sha256:e3b53bc84bd6af054e4cc1fe3567dc1ae19f554134221043a3f8c674e22209db"},
]
-redbaron = [
- {file = "redbaron-0.9.2-py2.py3-none-any.whl", hash = "sha256:d01032b6a848b5521a8d6ef72486315c2880f420956870cdd742e2b5a09b9bab"},
- {file = "redbaron-0.9.2.tar.gz", hash = "sha256:472d0739ca6b2240bb2278ae428604a75472c9c12e86c6321e8c016139c0132f"},
-]
requests = [
{file = "requests-2.27.1-py2.py3-none-any.whl", hash = "sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"},
{file = "requests-2.27.1.tar.gz", hash = "sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"},
@@ -2424,17 +2385,13 @@ rfc3986 = [
{file = "rfc3986-2.0.0-py2.py3-none-any.whl", hash = "sha256:50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd"},
{file = "rfc3986-2.0.0.tar.gz", hash = "sha256:97aacf9dbd4bfd829baad6e6309fa6573aaf1be3f6fa735c8ab05e46cecb261c"},
]
-rply = [
- {file = "rply-0.7.8-py2.py3-none-any.whl", hash = "sha256:28ffd11d656c48aeb8c508eb382acd6a0bd906662624b34388751732a27807e7"},
- {file = "rply-0.7.8.tar.gz", hash = "sha256:2a808ac25a4580a9991fc304d64434e299a8fc75760574492f242cbb5bb301c9"},
-]
secretstorage = [
{file = "SecretStorage-3.3.1-py3-none-any.whl", hash = "sha256:422d82c36172d88d6a0ed5afdec956514b189ddbfb72fefab0c8a1cee4eaf71f"},
{file = "SecretStorage-3.3.1.tar.gz", hash = "sha256:fd666c51a6bf200643495a04abb261f83229dcb6fd8472ec393df7ffc8b6f195"},
]
sentry-sdk = [
- {file = "sentry-sdk-1.5.7.tar.gz", hash = "sha256:aa52da941c56b5a76fd838f8e9e92a850bf893a9eb1e33ffce6c21431d07ee30"},
- {file = "sentry_sdk-1.5.7-py2.py3-none-any.whl", hash = "sha256:411a8495bd18cf13038e5749e4710beb4efa53da6351f67b4c2f307c2d9b6d49"},
+ {file = "sentry-sdk-1.5.11.tar.gz", hash = "sha256:6c01d9d0b65935fd275adc120194737d1df317dce811e642cbf0394d0d37a007"},
+ {file = "sentry_sdk-1.5.11-py2.py3-none-any.whl", hash = "sha256:c17179183cac614e900cbd048dab03f49a48e2820182ec686c25e7ce46f8548f"},
]
service-identity = [
{file = "service-identity-21.1.0.tar.gz", hash = "sha256:6e6c6086ca271dc11b033d17c3a8bea9f24ebff920c587da090afc9519419d34"},
@@ -2644,6 +2601,10 @@ types-bleach = [
{file = "types-bleach-4.1.4.tar.gz", hash = "sha256:2d30c2c4fb6854088ac636471352c9a51bf6c089289800d2a8060820a01cd43a"},
{file = "types_bleach-4.1.4-py3-none-any.whl", hash = "sha256:edffe173ed6d7b6f3543036a96204a9319c3bf6c3645917b14274e43f000cc9b"},
]
+types-commonmark = [
+ {file = "types-commonmark-0.9.2.tar.gz", hash = "sha256:b894b67750c52fd5abc9a40a9ceb9da4652a391d75c1b480bba9cef90f19fc86"},
+ {file = "types_commonmark-0.9.2-py3-none-any.whl", hash = "sha256:56f20199a1f9a2924443211a0ef97f8b15a8a956a7f4e9186be6950bf38d6d02"},
+]
types-cryptography = [
{file = "types-cryptography-3.3.15.tar.gz", hash = "sha256:a7983a75a7b88a18f88832008f0ef140b8d1097888ec1a0824ec8fb7e105273b"},
{file = "types_cryptography-3.3.15-py3-none-any.whl", hash = "sha256:d9b0dd5465d7898d400850e7f35e5518aa93a7e23d3e11757cd81b4777089046"},
@@ -2665,8 +2626,8 @@ types-opentracing = [
{file = "types_opentracing-2.4.7-py3-none-any.whl", hash = "sha256:861fb8103b07cf717f501dd400cb274ca9992552314d4d6c7a824b11a215e512"},
]
types-pillow = [
- {file = "types-Pillow-9.0.6.tar.gz", hash = "sha256:79b350b1188c080c27558429f1e119e69c9f020b877a82df761d9283070e0185"},
- {file = "types_Pillow-9.0.6-py3-none-any.whl", hash = "sha256:bd1e0a844fc718398aa265bf50fcad550fc520cc54f80e5ffeb7b3226b3cc507"},
+ {file = "types-Pillow-9.0.15.tar.gz", hash = "sha256:d2e385fe5c192e75970f18accce69f5c2a9f186f3feb578a9b91cd6fdf64211d"},
+ {file = "types_Pillow-9.0.15-py3-none-any.whl", hash = "sha256:c9646595dfafdf8b63d4b1443292ead17ee0fc7b18a143e497b68e0ea2dc1eb6"},
]
types-psycopg2 = [
{file = "types-psycopg2-2.9.9.tar.gz", hash = "sha256:4f9d4d52eeb343dc00fd5ed4f1513a8a5c18efba0a072eb82706d15cf4f20a2e"},
diff --git a/pyproject.toml b/pyproject.toml
index 2a3637a7f02f..5a5a2eaba73d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -54,7 +54,7 @@ skip_gitignore = true
[tool.poetry]
name = "matrix-synapse"
-version = "1.56.0"
+version = "1.59.1"
description = "Homeserver for the Matrix decentralised comms protocol"
authors = ["Matrix.org Team and Contributors "]
license = "Apache-2.0"
@@ -100,7 +100,7 @@ synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
update_synapse_database = "synapse._scripts.update_synapse_database:main"
[tool.poetry.dependencies]
-python = "^3.7"
+python = "^3.7.1"
# Mandatory Dependencies
# ----------------------
@@ -142,8 +142,10 @@ netaddr = ">=0.7.18"
# add a lower bound to the Jinja2 dependency.
Jinja2 = ">=3.0"
bleach = ">=1.4.3"
-# We use `ParamSpec`, which was added in `typing-extensions` 3.10.0.0.
-typing-extensions = ">=3.10.0"
+# We use `ParamSpec` and `Concatenate`, which were added in `typing-extensions` 3.10.0.0.
+# Additionally we need https://github.com/python/typing/pull/817 to allow types to be
+# generic over ParamSpecs.
+typing-extensions = ">=3.10.0.1"
# We enforce that we have a `cryptography` version that bundles an `openssl`
# with the latest security patches.
cryptography = ">=3.4.7"
@@ -231,10 +233,11 @@ all = [
"jaeger-client", "opentracing",
# jwt
"pyjwt",
- #redis
- "txredisapi", "hiredis"
+ # redis
+ "txredisapi", "hiredis",
+ # cache_memory
+ "pympler",
# omitted:
- # - cache_memory: this is an experimental option
# - test: it's useful to have this separate from dev deps in the olddeps job
# - systemd: this is a system-based requirement
]
@@ -248,9 +251,10 @@ flake8-bugbear = "==21.3.2"
flake8 = "*"
# Typechecking
-mypy = "==0.931"
-mypy-zope = "==0.3.5"
+mypy = "*"
+mypy-zope = "*"
types-bleach = ">=4.1.0"
+types-commonmark = ">=0.9.2"
types-jsonschema = ">=3.2.0"
types-opentracing = ">=2.4.2"
types-Pillow = ">=8.3.4"
@@ -270,8 +274,8 @@ idna = ">=2.5"
# The following are used by the release script
click = "==8.1.0"
-redbaron = "==0.9.2"
-GitPython = "==3.1.14"
+# GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
+GitPython = ">=3.1.20"
commonmark = "==0.9.1"
pygithub = "==1.55"
# The following are executed as commands by the release script.
@@ -280,5 +284,5 @@ twine = "*"
towncrier = ">=18.6.0rc1"
[build-system]
-requires = ["setuptools"]
-build-backend = "setuptools.build_meta"
+requires = ["poetry-core>=1.0.0"]
+build-backend = "poetry.core.masonry.api"
diff --git a/scripts-dev/build_debian_packages.py b/scripts-dev/build_debian_packages.py
index 7ff96a1ee6fe..38564893e95b 100755
--- a/scripts-dev/build_debian_packages.py
+++ b/scripts-dev/build_debian_packages.py
@@ -17,7 +17,8 @@
import sys
import threading
from concurrent.futures import ThreadPoolExecutor
-from typing import Optional, Sequence
+from types import FrameType
+from typing import Collection, Optional, Sequence, Set
DISTS = (
"debian:buster", # oldstable: EOL 2022-08
@@ -26,6 +27,7 @@
"debian:sid",
"ubuntu:focal", # 20.04 LTS (our EOL forced by Py38 on 2024-10-14)
"ubuntu:impish", # 21.10 (EOL 2022-07)
+ "ubuntu:jammy", # 22.04 LTS (EOL 2027-04)
)
DESC = """\
@@ -40,15 +42,17 @@
class Builder(object):
def __init__(
- self, redirect_stdout=False, docker_build_args: Optional[Sequence[str]] = None
+ self,
+ redirect_stdout: bool = False,
+ docker_build_args: Optional[Sequence[str]] = None,
):
self.redirect_stdout = redirect_stdout
self._docker_build_args = tuple(docker_build_args or ())
- self.active_containers = set()
+ self.active_containers: Set[str] = set()
self._lock = threading.Lock()
self._failed = False
- def run_build(self, dist, skip_tests=False):
+ def run_build(self, dist: str, skip_tests: bool = False) -> None:
"""Build deb for a single distribution"""
if self._failed:
@@ -62,7 +66,7 @@ def run_build(self, dist, skip_tests=False):
self._failed = True
raise
- def _inner_build(self, dist, skip_tests=False):
+ def _inner_build(self, dist: str, skip_tests: bool = False) -> None:
tag = dist.split(":", 1)[1]
# Make the dir where the debs will live.
@@ -137,7 +141,7 @@ def _inner_build(self, dist, skip_tests=False):
stdout.close()
print("Completed build of %s" % (dist,))
- def kill_containers(self):
+ def kill_containers(self) -> None:
with self._lock:
active = list(self.active_containers)
@@ -155,8 +159,10 @@ def kill_containers(self):
self.active_containers.remove(c)
-def run_builds(builder, dists, jobs=1, skip_tests=False):
- def sig(signum, _frame):
+def run_builds(
+ builder: Builder, dists: Collection[str], jobs: int = 1, skip_tests: bool = False
+) -> None:
+ def sig(signum: int, _frame: Optional[FrameType]) -> None:
print("Caught SIGINT")
builder.kill_containers()
diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index d34e9f355483..190df6909a6a 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -43,6 +43,8 @@ fi
# Build the base Synapse image from the local checkout
docker build -t matrixdotorg/synapse -f "docker/Dockerfile" .
+extra_test_args=()
+
# If we're using workers, modify the docker files slightly.
if [[ -n "$WORKERS" ]]; then
# Build the workers docker image (from the base Synapse image).
@@ -52,7 +54,14 @@ if [[ -n "$WORKERS" ]]; then
COMPLEMENT_DOCKERFILE=SynapseWorkers.Dockerfile
# And provide some more configuration to complement.
- export COMPLEMENT_SPAWN_HS_TIMEOUT_SECS=60
+
+ # It can take quite a while to spin up a worker-mode Synapse for the first
+ # time (the main problem is that we start 14 python processes for each test,
+ # and complement likes to do two of them in parallel).
+ export COMPLEMENT_SPAWN_HS_TIMEOUT_SECS=120
+
+ # ... and it takes longer than 10m to run the whole suite.
+ extra_test_args+=("-timeout=60m")
else
export COMPLEMENT_BASE_IMAGE=complement-synapse
COMPLEMENT_DOCKERFILE=Dockerfile
@@ -64,4 +73,4 @@ docker build -t $COMPLEMENT_BASE_IMAGE -f "docker/complement/$COMPLEMENT_DOCKERF
# Run the tests!
echo "Images built; running complement"
cd "$COMPLEMENT_DIR"
-go test -v -tags synapse_blacklist,msc2716,msc3030 -count=1 "$@" ./tests/...
+go test -v -tags synapse_blacklist,msc2716,msc3030,faster_joins -count=1 "${extra_test_args[@]}" "$@" ./tests/...
diff --git a/scripts-dev/federation_client.py b/scripts-dev/federation_client.py
index c72e19f61d62..763dd02c477e 100755
--- a/scripts-dev/federation_client.py
+++ b/scripts-dev/federation_client.py
@@ -38,7 +38,7 @@
import base64
import json
import sys
-from typing import Any, Optional
+from typing import Any, Dict, Optional, Tuple
from urllib import parse as urlparse
import requests
@@ -47,13 +47,14 @@
import srvlookup
import yaml
from requests.adapters import HTTPAdapter
+from urllib3 import HTTPConnectionPool
# uncomment the following to enable debug logging of http requests
# from httplib import HTTPConnection
# HTTPConnection.debuglevel = 1
-def encode_base64(input_bytes):
+def encode_base64(input_bytes: bytes) -> str:
"""Encode bytes as a base64 string without any padding."""
input_len = len(input_bytes)
@@ -63,7 +64,7 @@ def encode_base64(input_bytes):
return output_string
-def encode_canonical_json(value):
+def encode_canonical_json(value: object) -> bytes:
return json.dumps(
value,
# Encode code-points outside of ASCII as UTF-8 rather than \u escapes
@@ -124,8 +125,13 @@ def request(
authorization_headers = []
for key, sig in signed_json["signatures"][origin_name].items():
- header = 'X-Matrix origin=%s,key="%s",sig="%s"' % (origin_name, key, sig)
- authorization_headers.append(header.encode("ascii"))
+ header = 'X-Matrix origin=%s,key="%s",sig="%s",destination="%s"' % (
+ origin_name,
+ key,
+ sig,
+ destination,
+ )
+ authorization_headers.append(header)
print("Authorization: %s" % header, file=sys.stderr)
dest = "matrix://%s%s" % (destination, path)
@@ -134,7 +140,10 @@ def request(
s = requests.Session()
s.mount("matrix://", MatrixConnectionAdapter())
- headers = {"Host": destination, "Authorization": authorization_headers[0]}
+ headers: Dict[str, str] = {
+ "Host": destination,
+ "Authorization": authorization_headers[0],
+ }
if method == "POST":
headers["Content-Type"] = "application/json"
@@ -149,7 +158,7 @@ def request(
)
-def main():
+def main() -> None:
parser = argparse.ArgumentParser(
description="Signs and sends a federation request to a matrix homeserver"
)
@@ -207,6 +216,7 @@ def main():
if not args.server_name or not args.signing_key:
read_args_from_config(args)
+ assert isinstance(args.signing_key, str)
algorithm, version, key_base64 = args.signing_key.split()
key = signedjson.key.decode_signing_key_base64(algorithm, version, key_base64)
@@ -228,7 +238,7 @@ def main():
print("")
-def read_args_from_config(args):
+def read_args_from_config(args: argparse.Namespace) -> None:
with open(args.config, "r") as fh:
config = yaml.safe_load(fh)
@@ -245,7 +255,7 @@ def read_args_from_config(args):
class MatrixConnectionAdapter(HTTPAdapter):
@staticmethod
- def lookup(s, skip_well_known=False):
+ def lookup(s: str, skip_well_known: bool = False) -> Tuple[str, int]:
if s[-1] == "]":
# ipv6 literal (with no port)
return s, 8448
@@ -271,7 +281,7 @@ def lookup(s, skip_well_known=False):
return s, 8448
@staticmethod
- def get_well_known(server_name):
+ def get_well_known(server_name: str) -> Optional[str]:
uri = "https://%s/.well-known/matrix/server" % (server_name,)
print("fetching %s" % (uri,), file=sys.stderr)
@@ -294,7 +304,9 @@ def get_well_known(server_name):
print("Invalid response from %s: %s" % (uri, e), file=sys.stderr)
return None
- def get_connection(self, url, proxies=None):
+ def get_connection(
+ self, url: str, proxies: Optional[Dict[str, str]] = None
+ ) -> HTTPConnectionPool:
parsed = urlparse.urlparse(url)
(host, port) = self.lookup(parsed.netloc)
diff --git a/scripts-dev/lint.sh b/scripts-dev/lint.sh
index 91a704d98247..377348b107ea 100755
--- a/scripts-dev/lint.sh
+++ b/scripts-dev/lint.sh
@@ -91,7 +91,7 @@ else
files=(
"synapse" "docker" "tests"
"scripts-dev"
- "contrib" "setup.py" "synmark" "stubs" ".ci"
+ "contrib" "synmark" "stubs" ".ci"
)
fi
fi
diff --git a/scripts-dev/mypy_synapse_plugin.py b/scripts-dev/mypy_synapse_plugin.py
index 1217e148747d..c775865212ee 100644
--- a/scripts-dev/mypy_synapse_plugin.py
+++ b/scripts-dev/mypy_synapse_plugin.py
@@ -16,7 +16,7 @@
can crop up, e.g the cache descriptors.
"""
-from typing import Callable, Optional
+from typing import Callable, Optional, Type
from mypy.nodes import ARG_NAMED_OPT
from mypy.plugin import MethodSigContext, Plugin
@@ -94,7 +94,7 @@ def cached_function_method_signature(ctx: MethodSigContext) -> CallableType:
return signature
-def plugin(version: str):
+def plugin(version: str) -> Type[SynapsePlugin]:
# This is the entry point of the plugin, and let's us deal with the fact
# that the mypy plugin interface is *not* stable by looking at the version
# string.
diff --git a/scripts-dev/release.py b/scripts-dev/release.py
index 518eaf417cfe..0031ba3e4b2f 100755
--- a/scripts-dev/release.py
+++ b/scripts-dev/release.py
@@ -25,19 +25,20 @@
import urllib.request
from os import path
from tempfile import TemporaryDirectory
-from typing import List, Optional, Tuple
+from typing import Any, List, Optional, cast
import attr
import click
import commonmark
import git
-import redbaron
from click.exceptions import ClickException
from github import Github
from packaging import version
-def run_until_successful(command, *args, **kwargs):
+def run_until_successful(
+ command: str, *args: Any, **kwargs: Any
+) -> subprocess.CompletedProcess:
while True:
completed_process = subprocess.run(command, *args, **kwargs)
exit_code = completed_process.returncode
@@ -51,7 +52,7 @@ def run_until_successful(command, *args, **kwargs):
@click.group()
-def cli():
+def cli() -> None:
"""An interactive script to walk through the parts of creating a release.
Requires the dev dependencies be installed, which can be done via:
@@ -82,25 +83,19 @@ def cli():
@cli.command()
-def prepare():
+def prepare() -> None:
"""Do the initial stages of creating a release, including creating release
branch, updating changelog and pushing to GitHub.
"""
# Make sure we're in a git repo.
- try:
- repo = git.Repo()
- except git.InvalidGitRepositoryError:
- raise click.ClickException("Not in Synapse repo.")
-
- if repo.is_dirty():
- raise click.ClickException("Uncommitted changes exist.")
+ repo = get_repo_and_check_clean_checkout()
click.secho("Updating git repo...")
repo.remote().fetch()
# Get the current version and AST from root Synapse module.
- current_version, parsed_synapse_ast, version_node = parse_version_from_module()
+ current_version = get_package_version()
# Figure out what sort of release we're doing and calcuate the new version.
rc = click.confirm("RC", default=True)
@@ -162,22 +157,21 @@ def prepare():
click.get_current_context().abort()
# Switch to the release branch.
- parsed_new_version = version.parse(new_version)
+ # Cast safety: parse() won't return a version.LegacyVersion from our
+ # version string format.
+ parsed_new_version = cast(version.Version, version.parse(new_version))
# We assume for debian changelogs that we only do RCs or full releases.
assert not parsed_new_version.is_devrelease
assert not parsed_new_version.is_postrelease
- release_branch_name = (
- f"release-v{parsed_new_version.major}.{parsed_new_version.minor}"
- )
+ release_branch_name = get_release_branch_name(parsed_new_version)
release_branch = find_ref(repo, release_branch_name)
if release_branch:
if release_branch.is_remote():
# If the release branch only exists on the remote we check it out
# locally.
repo.git.checkout(release_branch_name)
- release_branch = repo.active_branch
else:
# If a branch doesn't exist we create one. We ask which one branch it
# should be based off, defaulting to sensible values depending on the
@@ -199,25 +193,25 @@ def prepare():
click.get_current_context().abort()
# Check out the base branch and ensure it's up to date
- repo.head.reference = base_branch
+ repo.head.set_reference(base_branch, "check out the base branch")
repo.head.reset(index=True, working_tree=True)
if not base_branch.is_remote():
update_branch(repo)
# Create the new release branch
- release_branch = repo.create_head(release_branch_name, commit=base_branch)
+ # Type ignore will no longer be needed after GitPython 3.1.28.
+ # See https://github.com/gitpython-developers/GitPython/pull/1419
+ repo.create_head(release_branch_name, commit=base_branch) # type: ignore[arg-type]
- # Switch to the release branch and ensure its up to date.
+ # Switch to the release branch and ensure it's up to date.
repo.git.checkout(release_branch_name)
update_branch(repo)
- # Update the `__version__` variable and write it back to the file.
- version_node.value = '"' + new_version + '"'
- with open("synapse/__init__.py", "w") as f:
- f.write(parsed_synapse_ast.dumps())
+ # Update the version specified in pyproject.toml.
+ subprocess.check_output(["poetry", "version", new_version])
# Generate changelogs.
- generate_and_write_changelog(current_version)
+ generate_and_write_changelog(current_version, new_version)
# Generate debian changelogs
if parsed_new_version.pre is not None:
@@ -230,7 +224,7 @@ def prepare():
debian_version = new_version
run_until_successful(
- f'dch -M -v {debian_version} "New synapse release {debian_version}."',
+ f'dch -M -v {debian_version} "New Synapse release {new_version}."',
shell=True,
)
run_until_successful('dch -M -r -D stable ""', shell=True)
@@ -268,35 +262,43 @@ def prepare():
@cli.command()
@click.option("--gh-token", envvar=["GH_TOKEN", "GITHUB_TOKEN"])
-def tag(gh_token: Optional[str]):
+def tag(gh_token: Optional[str]) -> None:
"""Tags the release and generates a draft GitHub release"""
# Make sure we're in a git repo.
- try:
- repo = git.Repo()
- except git.InvalidGitRepositoryError:
- raise click.ClickException("Not in Synapse repo.")
-
- if repo.is_dirty():
- raise click.ClickException("Uncommitted changes exist.")
+ repo = get_repo_and_check_clean_checkout()
click.secho("Updating git repo...")
repo.remote().fetch()
# Find out the version and tag name.
- current_version, _, _ = parse_version_from_module()
+ current_version = get_package_version()
tag_name = f"v{current_version}"
# Check we haven't released this version.
if tag_name in repo.tags:
raise click.ClickException(f"Tag {tag_name} already exists!\n")
+ # Check we're on the right release branch
+ release_branch = get_release_branch_name(current_version)
+ if repo.active_branch.name != release_branch:
+ click.echo(
+ f"Need to be on the release branch ({release_branch}) before tagging. "
+ f"Currently on ({repo.active_branch.name})."
+ )
+ click.get_current_context().abort()
+
# Get the appropriate changelogs and tag.
changes = get_changes_for_version(current_version)
click.echo_via_pager(changes)
if click.confirm("Edit text?", default=False):
- changes = click.edit(changes, require_save=False)
+ edited_changes = click.edit(changes, require_save=False)
+ # This assert is for mypy's benefit. click's docs are a little unclear, but
+ # when `require_save=False`, not saving the temp file in the editor returns
+ # the original string.
+ assert edited_changes is not None
+ changes = edited_changes
repo.create_tag(tag_name, message=changes, sign=True)
@@ -350,22 +352,16 @@ def tag(gh_token: Optional[str]):
@cli.command()
@click.option("--gh-token", envvar=["GH_TOKEN", "GITHUB_TOKEN"], required=True)
-def publish(gh_token: str):
- """Publish release."""
+def publish(gh_token: str) -> None:
+ """Publish release on GitHub."""
# Make sure we're in a git repo.
- try:
- repo = git.Repo()
- except git.InvalidGitRepositoryError:
- raise click.ClickException("Not in Synapse repo.")
-
- if repo.is_dirty():
- raise click.ClickException("Uncommitted changes exist.")
+ get_repo_and_check_clean_checkout()
- current_version, _, _ = parse_version_from_module()
+ current_version = get_package_version()
tag_name = f"v{current_version}"
- if not click.confirm(f"Publish {tag_name}?", default=True):
+ if not click.confirm(f"Publish release {tag_name} on GitHub?", default=True):
return
# Publish the draft release
@@ -393,12 +389,19 @@ def publish(gh_token: str):
@cli.command()
-def upload():
+def upload() -> None:
"""Upload release to pypi."""
- current_version, _, _ = parse_version_from_module()
+ current_version = get_package_version()
tag_name = f"v{current_version}"
+ # Check we have the right tag checked out.
+ repo = get_repo_and_check_clean_checkout()
+ tag = repo.tag(f"refs/tags/{tag_name}")
+ if repo.head.commit != tag.commit:
+ click.echo("Tag {tag_name} (tag.commit) is not currently checked out!")
+ click.get_current_context().abort()
+
pypi_asset_names = [
f"matrix_synapse-{current_version}-py3-none-any.whl",
f"matrix-synapse-{current_version}.tar.gz",
@@ -421,17 +424,17 @@ def upload():
@cli.command()
-def announce():
+def announce() -> None:
"""Generate markdown to announce the release."""
- current_version, _, _ = parse_version_from_module()
+ current_version = get_package_version()
tag_name = f"v{current_version}"
click.echo(
f"""
Hi everyone. Synapse {current_version} has just been released.
-[notes](https://github.com/matrix-org/synapse/releases/tag/{tag_name}) |\
+[notes](https://github.com/matrix-org/synapse/releases/tag/{tag_name}) | \
[docker](https://hub.docker.com/r/matrixdotorg/synapse/tags?name={tag_name}) | \
[debs](https://packages.matrix.org/debian/) | \
[pypi](https://pypi.org/project/matrix-synapse/{current_version}/)"""
@@ -455,53 +458,43 @@ def announce():
)
-def parse_version_from_module() -> Tuple[
- version.Version, redbaron.RedBaron, redbaron.Node
-]:
- # Parse the AST and load the `__version__` node so that we can edit it
- # later.
- with open("synapse/__init__.py") as f:
- red = redbaron.RedBaron(f.read())
-
- version_node = None
- for node in red:
- if node.type != "assignment":
- continue
-
- if node.target.type != "name":
- continue
-
- if node.target.value != "__version__":
- continue
+def get_package_version() -> version.Version:
+ version_string = subprocess.check_output(["poetry", "version", "--short"]).decode(
+ "utf-8"
+ )
+ return version.Version(version_string)
- version_node = node
- break
- if not version_node:
- print("Failed to find '__version__' definition in synapse/__init__.py")
- sys.exit(1)
+def get_release_branch_name(version_number: version.Version) -> str:
+ return f"release-v{version_number.major}.{version_number.minor}"
- # Parse the current version.
- current_version = version.parse(version_node.value.value.strip('"'))
- assert isinstance(current_version, version.Version)
- return current_version, red, version_node
+def get_repo_and_check_clean_checkout() -> git.Repo:
+ """Get the project repo and check it's not got any uncommitted changes."""
+ try:
+ repo = git.Repo()
+ except git.InvalidGitRepositoryError:
+ raise click.ClickException("Not in Synapse repo.")
+ if repo.is_dirty():
+ raise click.ClickException("Uncommitted changes exist.")
+ return repo
def find_ref(repo: git.Repo, ref_name: str) -> Optional[git.HEAD]:
"""Find the branch/ref, looking first locally then in the remote."""
- if ref_name in repo.refs:
- return repo.refs[ref_name]
+ if ref_name in repo.references:
+ return repo.references[ref_name]
elif ref_name in repo.remote().refs:
return repo.remote().refs[ref_name]
else:
return None
-def update_branch(repo: git.Repo):
+def update_branch(repo: git.Repo) -> None:
"""Ensure branch is up to date if it has a remote"""
- if repo.active_branch.tracking_branch():
- repo.git.merge(repo.active_branch.tracking_branch().name)
+ tracking_branch = repo.active_branch.tracking_branch()
+ if tracking_branch:
+ repo.git.merge(tracking_branch.name)
def get_changes_for_version(wanted_version: version.Version) -> str:
@@ -565,11 +558,15 @@ class VersionSection:
return "\n".join(version_changelog)
-def generate_and_write_changelog(current_version: version.Version):
+def generate_and_write_changelog(
+ current_version: version.Version, new_version: str
+) -> None:
# We do this by getting a draft so that we can edit it before writing to the
# changelog.
result = run_until_successful(
- "python3 -m towncrier --draft", shell=True, capture_output=True
+ f"python3 -m towncrier build --draft --version {new_version}",
+ shell=True,
+ capture_output=True,
)
new_changes = result.stdout.decode("utf-8")
new_changes = new_changes.replace(
@@ -585,8 +582,8 @@ def generate_and_write_changelog(current_version: version.Version):
f.write(existing_content)
# Remove all the news fragments
- for f in glob.iglob("changelog.d/*.*"):
- os.remove(f)
+ for filename in glob.iglob("changelog.d/*.*"):
+ os.remove(filename)
if __name__ == "__main__":
diff --git a/scripts-dev/sign_json.py b/scripts-dev/sign_json.py
index 945954310610..bb217799fbcc 100755
--- a/scripts-dev/sign_json.py
+++ b/scripts-dev/sign_json.py
@@ -27,7 +27,7 @@
from synapse.util import json_encoder
-def main():
+def main() -> None:
parser = argparse.ArgumentParser(
description="""Adds a signature to a JSON object.
diff --git a/setup.cfg b/setup.cfg
deleted file mode 100644
index 6213f3265b59..000000000000
--- a/setup.cfg
+++ /dev/null
@@ -1,9 +0,0 @@
-[check-manifest]
-ignore =
- .git-blame-ignore-revs
- contrib
- contrib/*
- docs/*
- pylint.cfg
- tox.ini
-
diff --git a/setup.py b/setup.py
deleted file mode 100755
index ecd30247ed6b..000000000000
--- a/setup.py
+++ /dev/null
@@ -1,183 +0,0 @@
-#!/usr/bin/env python
-
-# Copyright 2014-2017 OpenMarket Ltd
-# Copyright 2017 Vector Creations Ltd
-# Copyright 2017-2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-import os
-from typing import Any, Dict
-
-from setuptools import Command, find_packages, setup
-
-here = os.path.abspath(os.path.dirname(__file__))
-
-
-# Some notes on `setup.py test`:
-#
-# Once upon a time we used to try to make `setup.py test` run `tox` to run the
-# tests. That's a bad idea for three reasons:
-#
-# 1: `setup.py test` is supposed to find out whether the tests work in the
-# *current* environmentt, not whatever tox sets up.
-# 2: Empirically, trying to install tox during the test run wasn't working ("No
-# module named virtualenv").
-# 3: The tox documentation advises against it[1].
-#
-# Even further back in time, we used to use setuptools_trial [2]. That has its
-# own set of issues: for instance, it requires installation of Twisted to build
-# an sdist (because the recommended mode of usage is to add it to
-# `setup_requires`). That in turn means that in order to successfully run tox
-# you have to have the python header files installed for whichever version of
-# python tox uses (which is python3 on recent ubuntus, for example).
-#
-# So, for now at least, we stick with what appears to be the convention among
-# Twisted projects, and don't attempt to do anything when someone runs
-# `setup.py test`; instead we direct people to run `trial` directly if they
-# care.
-#
-# [1]: http://tox.readthedocs.io/en/2.5.0/example/basic.html#integration-with-setup-py-test-command
-# [2]: https://pypi.python.org/pypi/setuptools_trial
-class TestCommand(Command):
- def initialize_options(self):
- pass
-
- def finalize_options(self):
- pass
-
- def run(self):
- print(
- """Synapse's tests cannot be run via setup.py. To run them, try:
- PYTHONPATH="." trial tests
-"""
- )
-
-
-def read_file(path_segments):
- """Read a file from the package. Takes a list of strings to join to
- make the path"""
- file_path = os.path.join(here, *path_segments)
- with open(file_path) as f:
- return f.read()
-
-
-def exec_file(path_segments):
- """Execute a single python file to get the variables defined in it"""
- result: Dict[str, Any] = {}
- code = read_file(path_segments)
- exec(code, result)
- return result
-
-
-version = exec_file(("synapse", "__init__.py"))["__version__"]
-dependencies = exec_file(("synapse", "python_dependencies.py"))
-long_description = read_file(("README.rst",))
-
-REQUIREMENTS = dependencies["REQUIREMENTS"]
-CONDITIONAL_REQUIREMENTS = dependencies["CONDITIONAL_REQUIREMENTS"]
-ALL_OPTIONAL_REQUIREMENTS = dependencies["ALL_OPTIONAL_REQUIREMENTS"]
-
-# Make `pip install matrix-synapse[all]` install all the optional dependencies.
-CONDITIONAL_REQUIREMENTS["all"] = list(ALL_OPTIONAL_REQUIREMENTS)
-
-# Developer dependencies should not get included in "all".
-#
-# We pin black so that our tests don't start failing on new releases.
-CONDITIONAL_REQUIREMENTS["lint"] = [
- "isort==5.7.0",
- "black==22.3.0",
- "flake8-comprehensions",
- "flake8-bugbear==21.3.2",
- "flake8",
-]
-
-CONDITIONAL_REQUIREMENTS["mypy"] = [
- "mypy==0.931",
- "mypy-zope==0.3.5",
- "types-bleach>=4.1.0",
- "types-jsonschema>=3.2.0",
- "types-opentracing>=2.4.2",
- "types-Pillow>=8.3.4",
- "types-psycopg2>=2.9.9",
- "types-pyOpenSSL>=20.0.7",
- "types-PyYAML>=5.4.10",
- "types-requests>=2.26.0",
- "types-setuptools>=57.4.0",
-]
-
-# Dependencies which are exclusively required by unit test code. This is
-# NOT a list of all modules that are necessary to run the unit tests.
-# Tests assume that all optional dependencies are installed.
-#
-# parameterized_class decorator was introduced in parameterized 0.7.0
-CONDITIONAL_REQUIREMENTS["test"] = ["parameterized>=0.7.0", "idna>=2.5"]
-
-CONDITIONAL_REQUIREMENTS["dev"] = (
- CONDITIONAL_REQUIREMENTS["lint"]
- + CONDITIONAL_REQUIREMENTS["mypy"]
- + CONDITIONAL_REQUIREMENTS["test"]
- + [
- # The following are used by the release script
- "click==8.1.0",
- "redbaron==0.9.2",
- "GitPython==3.1.14",
- "commonmark==0.9.1",
- "pygithub==1.55",
- # The following are executed as commands by the release script.
- "twine",
- "towncrier",
- ]
-)
-
-setup(
- name="matrix-synapse",
- version=version,
- packages=find_packages(exclude=["tests", "tests.*"]),
- description="Reference homeserver for the Matrix decentralised comms protocol",
- install_requires=REQUIREMENTS,
- extras_require=CONDITIONAL_REQUIREMENTS,
- include_package_data=True,
- zip_safe=False,
- long_description=long_description,
- long_description_content_type="text/x-rst",
- python_requires="~=3.7",
- entry_points={
- "console_scripts": [
- # Application
- "synapse_homeserver = synapse.app.homeserver:main",
- "synapse_worker = synapse.app.generic_worker:main",
- "synctl = synapse._scripts.synctl:main",
- # Scripts
- "export_signing_key = synapse._scripts.export_signing_key:main",
- "generate_config = synapse._scripts.generate_config:main",
- "generate_log_config = synapse._scripts.generate_log_config:main",
- "generate_signing_key = synapse._scripts.generate_signing_key:main",
- "hash_password = synapse._scripts.hash_password:main",
- "register_new_matrix_user = synapse._scripts.register_new_matrix_user:main",
- "synapse_port_db = synapse._scripts.synapse_port_db:main",
- "synapse_review_recent_signups = synapse._scripts.review_recent_signups:main",
- "update_synapse_database = synapse._scripts.update_synapse_database:main",
- ]
- },
- classifiers=[
- "Development Status :: 5 - Production/Stable",
- "Topic :: Communications :: Chat",
- "License :: OSI Approved :: Apache Software License",
- "Programming Language :: Python :: 3 :: Only",
- "Programming Language :: Python :: 3.7",
- "Programming Language :: Python :: 3.8",
- "Programming Language :: Python :: 3.9",
- "Programming Language :: Python :: 3.10",
- ],
- cmdclass={"test": TestCommand},
-)
diff --git a/stubs/sortedcontainers/sorteddict.pyi b/stubs/sortedcontainers/sorteddict.pyi
index 344d55cce118..7c399ab38d5e 100644
--- a/stubs/sortedcontainers/sorteddict.pyi
+++ b/stubs/sortedcontainers/sorteddict.pyi
@@ -85,12 +85,19 @@ class SortedDict(Dict[_KT, _VT]):
def popitem(self, index: int = ...) -> Tuple[_KT, _VT]: ...
def peekitem(self, index: int = ...) -> Tuple[_KT, _VT]: ...
def setdefault(self, key: _KT, default: Optional[_VT] = ...) -> _VT: ...
- @overload
- def update(self, __map: Mapping[_KT, _VT], **kwargs: _VT) -> None: ...
- @overload
- def update(self, __iterable: Iterable[Tuple[_KT, _VT]], **kwargs: _VT) -> None: ...
- @overload
- def update(self, **kwargs: _VT) -> None: ...
+ # Mypy now reports the first overload as an error, because typeshed widened the type
+ # of `__map` to its internal `_typeshed.SupportsKeysAndGetItem` type in
+ # https://github.com/python/typeshed/pull/6653
+ # Since sorteddicts don't change the signature of `update` from that of `dict`, we
+ # let the stubs for `update` inherit from the stubs for `dict`. (I suspect we could
+ # do the same for many othe methods.) We leave the stubs commented to better track
+ # how this file has evolved from the original stubs.
+ # @overload
+ # def update(self, __map: Mapping[_KT, _VT], **kwargs: _VT) -> None: ...
+ # @overload
+ # def update(self, __iterable: Iterable[Tuple[_KT, _VT]], **kwargs: _VT) -> None: ...
+ # @overload
+ # def update(self, **kwargs: _VT) -> None: ...
def __reduce__(
self,
) -> Tuple[
@@ -103,7 +110,7 @@ class SortedDict(Dict[_KT, _VT]):
self,
start: Optional[int] = ...,
stop: Optional[int] = ...,
- reverse=bool,
+ reverse: bool = ...,
) -> Iterator[_KT]: ...
def bisect_left(self, value: _KT) -> int: ...
def bisect_right(self, value: _KT) -> int: ...
@@ -115,9 +122,7 @@ class SortedKeysView(KeysView[_KT_co], Sequence[_KT_co]):
def __getitem__(self, index: slice) -> List[_KT_co]: ...
def __delitem__(self, index: Union[int, slice]) -> None: ...
-class SortedItemsView( # type: ignore
- ItemsView[_KT_co, _VT_co], Sequence[Tuple[_KT_co, _VT_co]]
-):
+class SortedItemsView(ItemsView[_KT_co, _VT_co], Sequence[Tuple[_KT_co, _VT_co]]):
def __iter__(self) -> Iterator[Tuple[_KT_co, _VT_co]]: ...
@overload
def __getitem__(self, index: int) -> Tuple[_KT_co, _VT_co]: ...
diff --git a/stubs/sortedcontainers/sortedlist.pyi b/stubs/sortedcontainers/sortedlist.pyi
index f80a3a72ce04..403897e3919e 100644
--- a/stubs/sortedcontainers/sortedlist.pyi
+++ b/stubs/sortedcontainers/sortedlist.pyi
@@ -81,7 +81,7 @@ class SortedList(MutableSequence[_T]):
self,
start: Optional[int] = ...,
stop: Optional[int] = ...,
- reverse=bool,
+ reverse: bool = ...,
) -> Iterator[_T]: ...
def _islice(
self,
@@ -153,14 +153,14 @@ class SortedKeyList(SortedList[_T]):
maximum: Optional[int] = ...,
inclusive: Tuple[bool, bool] = ...,
reverse: bool = ...,
- ): ...
+ ) -> Iterator[_T]: ...
def irange_key(
self,
min_key: Optional[Any] = ...,
max_key: Optional[Any] = ...,
inclusive: Tuple[bool, bool] = ...,
reserve: bool = ...,
- ): ...
+ ) -> Iterator[_T]: ...
def bisect_left(self, value: _T) -> int: ...
def bisect_right(self, value: _T) -> int: ...
def bisect(self, value: _T) -> int: ...
diff --git a/stubs/sortedcontainers/sortedset.pyi b/stubs/sortedcontainers/sortedset.pyi
index f9c290838678..43c860f4221e 100644
--- a/stubs/sortedcontainers/sortedset.pyi
+++ b/stubs/sortedcontainers/sortedset.pyi
@@ -103,7 +103,7 @@ class SortedSet(MutableSet[_T], Sequence[_T]):
self,
start: Optional[int] = ...,
stop: Optional[int] = ...,
- reverse=bool,
+ reverse: bool = ...,
) -> Iterator[_T]: ...
def irange(
self,
diff --git a/stubs/txredisapi.pyi b/stubs/txredisapi.pyi
index 2d8ca018fbfc..695a2307c2c5 100644
--- a/stubs/txredisapi.pyi
+++ b/stubs/txredisapi.pyi
@@ -18,6 +18,8 @@ from typing import Any, List, Optional, Type, Union
from twisted.internet import protocol
from twisted.internet.defer import Deferred
+from twisted.internet.interfaces import IAddress
+from twisted.python.failure import Failure
class RedisProtocol(protocol.Protocol):
def publish(self, channel: str, message: bytes) -> "Deferred[None]": ...
@@ -34,11 +36,14 @@ class RedisProtocol(protocol.Protocol):
def get(self, key: str) -> "Deferred[Any]": ...
class SubscriberProtocol(RedisProtocol):
- def __init__(self, *args, **kwargs): ...
+ def __init__(self, *args: object, **kwargs: object): ...
password: Optional[str]
- def subscribe(self, channels: Union[str, List[str]]): ...
- def connectionMade(self): ...
- def connectionLost(self, reason): ...
+ def subscribe(self, channels: Union[str, List[str]]) -> "Deferred[None]": ...
+ def connectionMade(self) -> None: ...
+ # type-ignore: twisted.internet.protocol.Protocol provides a default argument for
+ # `reason`. txredisapi's LineReceiver Protocol doesn't. But that's fine: it's what's
+ # actually specified in twisted.internet.interfaces.IProtocol.
+ def connectionLost(self, reason: Failure) -> None: ... # type: ignore[override]
def lazyConnection(
host: str = ...,
@@ -74,7 +79,7 @@ class RedisFactory(protocol.ReconnectingClientFactory):
replyTimeout: Optional[int] = None,
convertNumbers: Optional[int] = True,
): ...
- def buildProtocol(self, addr) -> RedisProtocol: ...
+ def buildProtocol(self, addr: IAddress) -> RedisProtocol: ...
class SubscriberFactory(RedisFactory):
def __init__(self) -> None: ...
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 7cdd9213660c..161394175939 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -20,6 +20,8 @@
import os
import sys
+from matrix_common.versionstring import get_distribution_version_string
+
# Check that we're not running on an unsupported Python version.
if sys.version_info < (3, 7):
print("Synapse requires Python 3.7 or above.")
@@ -68,7 +70,7 @@
except ImportError:
pass
-__version__ = "1.57.0rc1"
+__version__ = get_distribution_version_string("matrix-synapse")
if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
# We import here so that we don't have to install a bunch of deps when
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 01c32417d862..931750668ea2 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -187,7 +187,7 @@ async def _wrapped_get_user_by_req(
Once get_user_by_req has set up the opentracing span, this does the actual work.
"""
try:
- ip_addr = request.getClientIP()
+ ip_addr = request.getClientAddress().host
user_agent = get_request_user_agent(request)
access_token = self.get_access_token_from_request(request)
@@ -356,7 +356,7 @@ async def _get_appservice_user_id_and_device_id(
return None, None, None
if app_service.ip_range_whitelist:
- ip_address = IPAddress(request.getClientIP())
+ ip_address = IPAddress(request.getClientAddress().host)
if ip_address not in app_service.ip_range_whitelist:
return None, None, None
@@ -417,7 +417,8 @@ async def get_user_by_access_token(
"""
if rights == "access":
- # first look in the database
+ # First look in the database to see if the access token is present
+ # as an opaque token.
r = await self.store.get_user_by_access_token(token)
if r:
valid_until_ms = r.valid_until_ms
@@ -434,7 +435,8 @@ async def get_user_by_access_token(
return r
- # otherwise it needs to be a valid macaroon
+ # If the token isn't found in the database, then it could still be a
+ # macaroon, so we check that here.
try:
user_id, guest = self._parse_and_validate_macaroon(token, rights)
@@ -482,8 +484,12 @@ async def get_user_by_access_token(
TypeError,
ValueError,
) as e:
- logger.warning("Invalid macaroon in auth: %s %s", type(e), e)
- raise InvalidClientTokenError("Invalid macaroon passed.")
+ logger.warning(
+ "Invalid access token in auth: %s %s.",
+ type(e),
+ e,
+ )
+ raise InvalidClientTokenError("Invalid access token passed.")
def _parse_and_validate_macaroon(
self, token: str, rights: str = "access"
@@ -504,10 +510,7 @@ def _parse_and_validate_macaroon(
try:
macaroon = pymacaroons.Macaroon.deserialize(token)
except Exception: # deserialize can throw more-or-less anything
- # doesn't look like a macaroon: treat it as an opaque token which
- # must be in the database.
- # TODO: it would be nice to get rid of this, but apparently some
- # people use access tokens which aren't macaroons
+ # The access token doesn't look like a macaroon.
raise _InvalidMacaroonException()
try:
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 0172eb60b8dc..0ccd4c95581e 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -255,7 +255,5 @@ class GuestAccess:
class ReceiptTypes:
READ: Final = "m.read"
-
-
-class ReadReceiptEventFields:
- MSC2285_HIDDEN: Final = "org.matrix.msc2285.hidden"
+ READ_PRIVATE: Final = "org.matrix.msc2285.read.private"
+ FULLY_READ: Final = "m.fully_read"
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index e92db29f6dc6..cb3b7323d568 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -79,6 +79,8 @@ class Codes:
UNABLE_AUTHORISE_JOIN = "M_UNABLE_TO_AUTHORISE_JOIN"
UNABLE_TO_GRANT_JOIN = "M_UNABLE_TO_GRANT_JOIN"
+ UNREDACTED_CONTENT_DELETED = "FI.MAU.MSC2815_UNREDACTED_CONTENT_DELETED"
+
class CodeMessageException(RuntimeError):
"""An exception with integer code and message string attributes.
@@ -483,6 +485,22 @@ def __init__(self, inner_exception: BaseException, can_retry: bool):
self.can_retry = can_retry
+class UnredactedContentDeletedError(SynapseError):
+ def __init__(self, content_keep_ms: Optional[int] = None):
+ super().__init__(
+ 404,
+ "The content for that event has already been erased from the database",
+ errcode=Codes.UNREDACTED_CONTENT_DELETED,
+ )
+ self.content_keep_ms = content_keep_ms
+
+ def error_dict(self) -> "JsonDict":
+ extra = {}
+ if self.content_keep_ms is not None:
+ extra = {"fi.mau.msc2815.content_keep_ms": self.content_keep_ms}
+ return cs_error(self.msg, self.errcode, **extra)
+
+
def cs_error(msg: str, code: str = Codes.UNKNOWN, **kwargs: Any) -> "JsonDict":
"""Utility method for constructing an error response for client-server
interactions.
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index 37321f913399..3623c1724ded 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -38,6 +38,7 @@
from cryptography.utils import CryptographyDeprecationWarning
from matrix_common.versionstring import get_distribution_version_string
+from typing_extensions import ParamSpec
import twisted
from twisted.internet import defer, error, reactor as _reactor
@@ -48,7 +49,6 @@
from twisted.protocols.tls import TLSMemoryBIOFactory
from twisted.python.threadpool import ThreadPool
-import synapse
from synapse.api.constants import MAX_PDU_SIZE
from synapse.app import check_bind_error
from synapse.app.phone_stats_home import start_phone_stats_home
@@ -60,6 +60,7 @@
from synapse.events.third_party_rules import load_legacy_third_party_event_rules
from synapse.handlers.auth import load_legacy_password_auth_providers
from synapse.logging.context import PreserveLoggingContext
+from synapse.logging.opentracing import init_tracer
from synapse.metrics import install_gc_manager, register_threadpool
from synapse.metrics.background_process_metrics import wrap_as_background_process
from synapse.metrics.jemalloc import setup_jemalloc_stats
@@ -81,11 +82,12 @@
# list of tuples of function, args list, kwargs dict
_sighup_callbacks: List[
- Tuple[Callable[..., None], Tuple[Any, ...], Dict[str, Any]]
+ Tuple[Callable[..., None], Tuple[object, ...], Dict[str, object]]
] = []
+P = ParamSpec("P")
-def register_sighup(func: Callable[..., None], *args: Any, **kwargs: Any) -> None:
+def register_sighup(func: Callable[P, None], *args: P.args, **kwargs: P.kwargs) -> None:
"""
Register a function to be called when a SIGHUP occurs.
@@ -93,7 +95,9 @@ def register_sighup(func: Callable[..., None], *args: Any, **kwargs: Any) -> Non
func: Function to be called when sent a SIGHUP signal.
*args, **kwargs: args and kwargs to be passed to the target function.
"""
- _sighup_callbacks.append((func, args, kwargs))
+ # This type-ignore should be redundant once we use a mypy release with
+ # https://github.com/python/mypy/pull/12668.
+ _sighup_callbacks.append((func, args, kwargs)) # type: ignore[arg-type]
def start_worker_reactor(
@@ -214,7 +218,9 @@ def redirect_stdio_to_logs() -> None:
print("Redirected stdout/stderr to logs")
-def register_start(cb: Callable[..., Awaitable], *args: Any, **kwargs: Any) -> None:
+def register_start(
+ cb: Callable[P, Awaitable], *args: P.args, **kwargs: P.kwargs
+) -> None:
"""Register a callback with the reactor, to be called once it is running
This can be used to initialise parts of the system which require an asynchronous
@@ -431,7 +437,7 @@ def run_sighup(*args: Any, **kwargs: Any) -> None:
refresh_certificate(hs)
# Start the tracer
- synapse.logging.opentracing.init_tracer(hs) # type: ignore[attr-defined] # noqa
+ init_tracer(hs) # noqa
# Instantiate the modules so they can register their web resources to the module API
# before we start the listeners.
diff --git a/synapse/app/admin_cmd.py b/synapse/app/admin_cmd.py
index 2b0d92cbaedc..2a4c2e59cda3 100644
--- a/synapse/app/admin_cmd.py
+++ b/synapse/app/admin_cmd.py
@@ -210,7 +210,7 @@ def start(config_options: List[str]) -> None:
config.logging.no_redirect_stdio = True
# Explicitly disable background processes
- config.server.update_user_directory = False
+ config.worker.should_update_user_directory = False
config.worker.run_background_tasks = False
config.worker.start_pushers = False
config.worker.pusher_shard_config.instances = []
diff --git a/synapse/app/generic_worker.py b/synapse/app/generic_worker.py
index 1865c671f41c..2a9480a5c161 100644
--- a/synapse/app/generic_worker.py
+++ b/synapse/app/generic_worker.py
@@ -441,38 +441,6 @@ def start(config_options: List[str]) -> None:
"synapse.app.user_dir",
)
- if config.worker.worker_app == "synapse.app.appservice":
- if config.appservice.notify_appservices:
- sys.stderr.write(
- "\nThe appservices must be disabled in the main synapse process"
- "\nbefore they can be run in a separate worker."
- "\nPlease add ``notify_appservices: false`` to the main config"
- "\n"
- )
- sys.exit(1)
-
- # Force the appservice to start since they will be disabled in the main config
- config.appservice.notify_appservices = True
- else:
- # For other worker types we force this to off.
- config.appservice.notify_appservices = False
-
- if config.worker.worker_app == "synapse.app.user_dir":
- if config.server.update_user_directory:
- sys.stderr.write(
- "\nThe update_user_directory must be disabled in the main synapse process"
- "\nbefore they can be run in a separate worker."
- "\nPlease add ``update_user_directory: false`` to the main config"
- "\n"
- )
- sys.exit(1)
-
- # Force the pushers to start since they will be disabled in the main config
- config.server.update_user_directory = True
- else:
- # For other worker types we force this to off.
- config.server.update_user_directory = False
-
synapse.events.USE_FROZEN_DICTS = config.server.use_frozen_dicts
synapse.util.caches.TRACK_MEMORY_USAGE = config.caches.track_memory_usage
diff --git a/synapse/appservice/__init__.py b/synapse/appservice/__init__.py
index d23d9221bc5b..a610fb785d38 100644
--- a/synapse/appservice/__init__.py
+++ b/synapse/appservice/__init__.py
@@ -42,7 +42,7 @@
# user ID -> {device ID -> {algorithm -> count}}
TransactionOneTimeKeyCounts = Dict[str, Dict[str, Dict[str, int]]]
-# Type for the `device_unused_fallback_keys` field in an appservice transaction
+# Type for the `device_unused_fallback_key_types` field in an appservice transaction
# user ID -> {device ID -> [algorithm]}
TransactionUnusedFallbackKeys = Dict[str, Dict[str, List[str]]]
diff --git a/synapse/appservice/api.py b/synapse/appservice/api.py
index 0cdbb04bfbe3..d19f8dd996b2 100644
--- a/synapse/appservice/api.py
+++ b/synapse/appservice/api.py
@@ -17,6 +17,7 @@
from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, Tuple
from prometheus_client import Counter
+from typing_extensions import TypeGuard
from synapse.api.constants import EventTypes, Membership, ThirdPartyEntityKind
from synapse.api.errors import CodeMessageException
@@ -66,7 +67,7 @@ def _is_valid_3pe_metadata(info: JsonDict) -> bool:
return True
-def _is_valid_3pe_result(r: JsonDict, field: str) -> bool:
+def _is_valid_3pe_result(r: object, field: str) -> TypeGuard[JsonDict]:
if not isinstance(r, dict):
return False
@@ -278,7 +279,7 @@ async def push_bulk(
] = one_time_key_counts
if unused_fallback_keys:
body[
- "org.matrix.msc3202.device_unused_fallback_keys"
+ "org.matrix.msc3202.device_unused_fallback_key_types"
] = unused_fallback_keys
if device_list_summary:
body["org.matrix.msc3202.device_lists"] = {
diff --git a/synapse/config/appservice.py b/synapse/config/appservice.py
index 720b90a28386..24498e794433 100644
--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@@ -33,7 +33,6 @@ class AppServiceConfig(Config):
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.app_service_config_files = config.get("app_service_config_files", [])
- self.notify_appservices = config.get("notify_appservices", True)
self.track_appservice_user_ips = config.get("track_appservice_user_ips", False)
def generate_config_section(cls, **kwargs: Any) -> str:
@@ -56,7 +55,8 @@ def load_appservices(
) -> List[ApplicationService]:
"""Returns a list of Application Services from the config files."""
if not isinstance(config_files, list):
- logger.warning("Expected %s to be a list of AS config files.", config_files)
+ # type-ignore: this function gets arbitrary json value; we do use this path.
+ logger.warning("Expected %s to be a list of AS config files.", config_files) # type: ignore[unreachable]
return []
# Dicts of value -> filename
diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index 979059e72386..b20d949689ec 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -32,7 +32,7 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
# MSC2716 (importing historical messages)
self.msc2716_enabled: bool = experimental.get("msc2716_enabled", False)
- # MSC2285 (hidden read receipts)
+ # MSC2285 (private read receipts)
self.msc2285_enabled: bool = experimental.get("msc2285_enabled", False)
# MSC3244 (room version capabilities)
@@ -78,3 +78,9 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
# MSC2654: Unread counts
self.msc2654_enabled: bool = experimental.get("msc2654_enabled", False)
+
+ # MSC2815 (allow room moderators to view redacted event content)
+ self.msc2815_enabled: bool = experimental.get("msc2815_enabled", False)
+
+ # MSC3786 (Add a default push rule to ignore m.room.server_acl events)
+ self.msc3786_enabled: bool = experimental.get("msc3786_enabled", False)
diff --git a/synapse/config/federation.py b/synapse/config/federation.py
index 0e74f7078455..f83f93c0ef11 100644
--- a/synapse/config/federation.py
+++ b/synapse/config/federation.py
@@ -46,7 +46,7 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
)
self.allow_device_name_lookup_over_federation = config.get(
- "allow_device_name_lookup_over_federation", True
+ "allow_device_name_lookup_over_federation", False
)
def generate_config_section(self, **kwargs: Any) -> str:
@@ -81,11 +81,11 @@ def generate_config_section(self, **kwargs: Any) -> str:
#
#allow_profile_lookup_over_federation: false
- # Uncomment to disable device display name lookup over federation. By default, the
- # Federation API allows other homeservers to obtain device display names of any user
- # on this homeserver. Defaults to 'true'.
+ # Uncomment to allow device display name lookup over federation. By default, the
+ # Federation API prevents other homeservers from obtaining the display names of
+ # user devices on this homeserver. Defaults to 'false'.
#
- #allow_device_name_lookup_over_federation: false
+ #allow_device_name_lookup_over_federation: true
"""
diff --git a/synapse/config/logger.py b/synapse/config/logger.py
index 99db9e1e3910..470b8b44929c 100644
--- a/synapse/config/logger.py
+++ b/synapse/config/logger.py
@@ -110,13 +110,6 @@
# information such as access tokens.
level: INFO
- twisted:
- # We send the twisted logging directly to the file handler,
- # to work around https://github.com/matrix-org/synapse/issues/3471
- # when using "buffer" logger. Use "console" to log to stderr instead.
- handlers: [file]
- propagate: false
-
root:
level: INFO
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 39e9acb62a90..d2d0425e62cb 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -43,6 +43,9 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.registration_requires_token = config.get(
"registration_requires_token", False
)
+ self.enable_registration_token_3pid_bypass = config.get(
+ "enable_registration_token_3pid_bypass", False
+ )
self.registration_shared_secret = config.get("registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
@@ -309,6 +312,12 @@ def generate_config_section(
#
#registration_requires_token: true
+ # Allow users to submit a token during registration to bypass any required 3pid
+ # steps configured in `registrations_require_3pid`.
+ # Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
+ #
+ #enable_registration_token_3pid_bypass: false
+
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
diff --git a/synapse/config/server.py b/synapse/config/server.py
index d771045b522a..005a3ee48ce4 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -186,7 +186,7 @@ def generate_ip_set(
class HttpResourceConfig:
names: List[str] = attr.ib(
factory=list,
- validator=attr.validators.deep_iterable(attr.validators.in_(KNOWN_RESOURCES)), # type: ignore
+ validator=attr.validators.deep_iterable(attr.validators.in_(KNOWN_RESOURCES)),
)
compress: bool = attr.ib(
default=False,
@@ -231,9 +231,7 @@ class ManholeConfig:
class LimitRemoteRoomsConfig:
enabled: bool = attr.ib(validator=attr.validators.instance_of(bool), default=False)
complexity: Union[float, int] = attr.ib(
- validator=attr.validators.instance_of(
- (float, int) # type: ignore[arg-type] # noqa
- ),
+ validator=attr.validators.instance_of((float, int)), # noqa
default=1.0,
)
complexity_error: str = attr.ib(
@@ -321,10 +319,6 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.presence_router_config,
) = load_module(presence_router_config, ("presence", "presence_router"))
- # Whether to update the user directory or not. This should be set to
- # false only if we are updating the user directory in a worker
- self.update_user_directory = config.get("update_user_directory", True)
-
# whether to enable the media repository endpoints. This should be set
# to false if the media repository is running as a separate endpoint;
# doing so ensures that we will not run cache cleanup jobs on the
@@ -415,6 +409,7 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
)
self.mau_trial_days = config.get("mau_trial_days", 0)
+ self.mau_appservice_trial_days = config.get("mau_appservice_trial_days", {})
self.mau_limit_alerting = config.get("mau_limit_alerting", True)
# How long to keep redacted events in the database in unredacted form
@@ -1107,6 +1102,11 @@ def generate_config_section(
# sign up in a short space of time never to return after their initial
# session.
#
+ # The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but
+ # applies a different trial number if the user was registered by an appservice.
+ # A value of 0 means no trial days are applied. Appservices not listed in this
+ # dictionary use the value of `mau_trial_days` instead.
+ #
# 'mau_limit_alerting' is a means of limiting client side alerting
# should the mau limit be reached. This is useful for small instances
# where the admin has 5 mau seats (say) for 5 specific people and no
@@ -1117,6 +1117,8 @@ def generate_config_section(
#max_mau_value: 50
#mau_trial_days: 2
#mau_limit_alerting: false
+ #mau_appservice_trial_days:
+ # "appservice-id": 1
# If enabled, the metrics for the number of monthly active users will
# be populated, however no one will be limited. If limit_usage_by_mau
diff --git a/synapse/config/workers.py b/synapse/config/workers.py
index a5479dfca98b..e1569b3c14f9 100644
--- a/synapse/config/workers.py
+++ b/synapse/config/workers.py
@@ -14,7 +14,8 @@
# limitations under the License.
import argparse
-from typing import Any, List, Union
+import logging
+from typing import Any, Dict, List, Union
import attr
@@ -42,6 +43,13 @@
Please add ``start_pushers: false`` to the main config
"""
+_DEPRECATED_WORKER_DUTY_OPTION_USED = """
+The '%s' configuration option is deprecated and will be removed in a future
+Synapse version. Please use ``%s: name_of_worker`` instead.
+"""
+
+logger = logging.getLogger(__name__)
+
def _instance_to_list_converter(obj: Union[str, List[str]]) -> List[str]:
"""Helper for allowing parsing a string or list of strings to a config
@@ -296,6 +304,112 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.worker_name is None and background_tasks_instance == "master"
) or self.worker_name == background_tasks_instance
+ self.should_notify_appservices = self._should_this_worker_perform_duty(
+ config,
+ legacy_master_option_name="notify_appservices",
+ legacy_worker_app_name="synapse.app.appservice",
+ new_option_name="notify_appservices_from_worker",
+ )
+
+ self.should_update_user_directory = self._should_this_worker_perform_duty(
+ config,
+ legacy_master_option_name="update_user_directory",
+ legacy_worker_app_name="synapse.app.user_dir",
+ new_option_name="update_user_directory_from_worker",
+ )
+
+ def _should_this_worker_perform_duty(
+ self,
+ config: Dict[str, Any],
+ legacy_master_option_name: str,
+ legacy_worker_app_name: str,
+ new_option_name: str,
+ ) -> bool:
+ """
+ Figures out whether this worker should perform a certain duty.
+
+ This function is temporary and is only to deal with the complexity
+ of allowing old, transitional and new configurations all at once.
+
+ Contradictions between the legacy and new part of a transitional configuration
+ will lead to a ConfigError.
+
+ Parameters:
+ config: The config dictionary
+ legacy_master_option_name: The name of a legacy option, whose value is boolean,
+ specifying whether it's the master that should handle a certain duty.
+ e.g. "notify_appservices"
+ legacy_worker_app_name: The name of a legacy Synapse worker application
+ that would traditionally perform this duty.
+ e.g. "synapse.app.appservice"
+ new_option_name: The name of the new option, whose value is the name of a
+ designated worker to perform the duty.
+ e.g. "notify_appservices_from_worker"
+ """
+
+ # None means 'unspecified'; True means 'run here' and False means
+ # 'don't run here'.
+ new_option_should_run_here = None
+ if new_option_name in config:
+ designated_worker = config[new_option_name] or "master"
+ new_option_should_run_here = (
+ designated_worker == "master" and self.worker_name is None
+ ) or designated_worker == self.worker_name
+
+ legacy_option_should_run_here = None
+ if legacy_master_option_name in config:
+ run_on_master = bool(config[legacy_master_option_name])
+
+ legacy_option_should_run_here = (
+ self.worker_name is None and run_on_master
+ ) or (self.worker_app == legacy_worker_app_name and not run_on_master)
+
+ # Suggest using the new option instead.
+ logger.warning(
+ _DEPRECATED_WORKER_DUTY_OPTION_USED,
+ legacy_master_option_name,
+ new_option_name,
+ )
+
+ if self.worker_app == legacy_worker_app_name and config.get(
+ legacy_master_option_name, True
+ ):
+ # As an extra bit of complication, we need to check that the
+ # specialised worker is only used if the legacy config says the
+ # master isn't performing the duties.
+ raise ConfigError(
+ f"Cannot use deprecated worker app type '{legacy_worker_app_name}' whilst deprecated option '{legacy_master_option_name}' is not set to false.\n"
+ f"Consider setting `worker_app: synapse.app.generic_worker` and using the '{new_option_name}' option instead.\n"
+ f"The '{new_option_name}' option replaces '{legacy_master_option_name}'."
+ )
+
+ if new_option_should_run_here is None and legacy_option_should_run_here is None:
+ # Neither option specified; the fallback behaviour is to run on the main process
+ return self.worker_name is None
+
+ if (
+ new_option_should_run_here is not None
+ and legacy_option_should_run_here is not None
+ ):
+ # Both options specified; ensure they match!
+ if new_option_should_run_here != legacy_option_should_run_here:
+ update_worker_type = (
+ " and set worker_app: synapse.app.generic_worker"
+ if self.worker_app == legacy_worker_app_name
+ else ""
+ )
+ # If the values conflict, we suggest the admin removes the legacy option
+ # for simplicity.
+ raise ConfigError(
+ f"Conflicting configuration options: {legacy_master_option_name} (legacy), {new_option_name} (new).\n"
+ f"Suggestion: remove {legacy_master_option_name}{update_worker_type}.\n"
+ )
+
+ # We've already validated that these aren't conflicting; now just see if
+ # either is True.
+ # (By this point, these are either the same value or only one is not None.)
+ return bool(new_option_should_run_here or legacy_option_should_run_here)
+
def generate_config_section(self, **kwargs: Any) -> str:
return """\
## Workers ##
diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
index 9acb3c0cc454..c238376caf62 100644
--- a/synapse/events/__init__.py
+++ b/synapse/events/__init__.py
@@ -213,10 +213,17 @@ def is_outlier(self) -> bool:
return self.outlier
def is_out_of_band_membership(self) -> bool:
- """Whether this is an out of band membership, like an invite or an invite
- rejection. This is needed as those events are marked as outliers, but
- they still need to be processed as if they're new events (e.g. updating
- invite state in the database, relaying to clients, etc).
+ """Whether this event is an out-of-band membership.
+
+ OOB memberships are a special case of outlier events: they are membership events
+ for federated rooms that we aren't full members of. Examples include invites
+ received over federation, and rejections for such invites.
+
+ The concept of an OOB membership is needed because these events need to be
+ processed as if they're new regular events (e.g. updating membership state in
+ the database, relaying to clients via /sync, etc) despite being outliers.
+
+ See also https://matrix-org.github.io/synapse/develop/development/room-dag-concepts.html#out-of-band-membership-events.
(Added in synapse 0.99.0, so may be unreliable for events received before that)
"""
diff --git a/synapse/events/presence_router.py b/synapse/events/presence_router.py
index a58f313e8b1c..bb4a6bd9574a 100644
--- a/synapse/events/presence_router.py
+++ b/synapse/events/presence_router.py
@@ -22,11 +22,16 @@
List,
Optional,
Set,
+ TypeVar,
Union,
)
+from typing_extensions import ParamSpec
+
+from twisted.internet.defer import CancelledError
+
from synapse.api.presence import UserPresenceState
-from synapse.util.async_helpers import maybe_awaitable
+from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
if TYPE_CHECKING:
from synapse.server import HomeServer
@@ -40,6 +45,10 @@
logger = logging.getLogger(__name__)
+P = ParamSpec("P")
+R = TypeVar("R")
+
+
def load_legacy_presence_router(hs: "HomeServer") -> None:
"""Wrapper that loads a presence router module configured using the old
configuration, and registers the hooks they implement.
@@ -63,13 +72,15 @@ def load_legacy_presence_router(hs: "HomeServer") -> None:
# All methods that the module provides should be async, but this wasn't enforced
# in the old module system, so we wrap them if needed
- def async_wrapper(f: Optional[Callable]) -> Optional[Callable[..., Awaitable]]:
+ def async_wrapper(
+ f: Optional[Callable[P, R]]
+ ) -> Optional[Callable[P, Awaitable[R]]]:
# f might be None if the callback isn't implemented by the module. In this
# case we don't want to register a callback at all so we return None.
if f is None:
return None
- def run(*args: Any, **kwargs: Any) -> Awaitable:
+ def run(*args: P.args, **kwargs: P.kwargs) -> Awaitable[R]:
# Assertion required because mypy can't prove we won't change `f`
# back to `None`. See
# https://mypy.readthedocs.io/en/latest/common_issues.html#narrowing-and-inner-functions
@@ -80,7 +91,7 @@ def run(*args: Any, **kwargs: Any) -> Awaitable:
return run
# Register the hooks through the module API.
- hooks = {
+ hooks: Dict[str, Optional[Callable[..., Any]]] = {
hook: async_wrapper(getattr(presence_router, hook, None))
for hook in presence_router_methods
}
@@ -147,7 +158,11 @@ async def get_users_for_states(
# run all the callbacks for get_users_for_states and combine the results
for callback in self._get_users_for_states_callbacks:
try:
- result = await callback(state_updates)
+ # Note: result is an object here, because we don't trust modules to
+ # return the types they're supposed to.
+ result: object = await delay_cancellation(callback(state_updates))
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
continue
@@ -199,7 +214,9 @@ async def get_interested_users(self, user_id: str) -> Union[Set[str], str]:
# run all the callbacks for get_interested_users and combine the results
for callback in self._get_interested_users_callbacks:
try:
- result = await callback(user_id)
+ result = await delay_cancellation(callback(user_id))
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
continue
diff --git a/synapse/events/spamcheck.py b/synapse/events/spamcheck.py
index cd80fcf9d13a..3b6795d40f6b 100644
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@@ -31,7 +31,7 @@
from synapse.rest.media.v1.media_storage import ReadableFileWrapper
from synapse.spam_checker_api import RegistrationBehaviour
from synapse.types import RoomAlias, UserProfile
-from synapse.util.async_helpers import maybe_awaitable
+from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
if TYPE_CHECKING:
import synapse.events
@@ -255,7 +255,7 @@ async def check_event_for_spam(
will be used as the error message returned to the user.
"""
for callback in self._check_event_for_spam_callbacks:
- res: Union[bool, str] = await callback(event)
+ res: Union[bool, str] = await delay_cancellation(callback(event))
if res:
return res
@@ -276,7 +276,10 @@ async def user_may_join_room(
Whether the user may join the room
"""
for callback in self._user_may_join_room_callbacks:
- if await callback(user_id, room_id, is_invited) is False:
+ may_join_room = await delay_cancellation(
+ callback(user_id, room_id, is_invited)
+ )
+ if may_join_room is False:
return False
return True
@@ -297,7 +300,10 @@ async def user_may_invite(
True if the user may send an invite, otherwise False
"""
for callback in self._user_may_invite_callbacks:
- if await callback(inviter_userid, invitee_userid, room_id) is False:
+ may_invite = await delay_cancellation(
+ callback(inviter_userid, invitee_userid, room_id)
+ )
+ if may_invite is False:
return False
return True
@@ -322,7 +328,10 @@ async def user_may_send_3pid_invite(
True if the user may send the invite, otherwise False
"""
for callback in self._user_may_send_3pid_invite_callbacks:
- if await callback(inviter_userid, medium, address, room_id) is False:
+ may_send_3pid_invite = await delay_cancellation(
+ callback(inviter_userid, medium, address, room_id)
+ )
+ if may_send_3pid_invite is False:
return False
return True
@@ -339,7 +348,8 @@ async def user_may_create_room(self, userid: str) -> bool:
True if the user may create a room, otherwise False
"""
for callback in self._user_may_create_room_callbacks:
- if await callback(userid) is False:
+ may_create_room = await delay_cancellation(callback(userid))
+ if may_create_room is False:
return False
return True
@@ -359,7 +369,10 @@ async def user_may_create_room_alias(
True if the user may create a room alias, otherwise False
"""
for callback in self._user_may_create_room_alias_callbacks:
- if await callback(userid, room_alias) is False:
+ may_create_room_alias = await delay_cancellation(
+ callback(userid, room_alias)
+ )
+ if may_create_room_alias is False:
return False
return True
@@ -377,7 +390,8 @@ async def user_may_publish_room(self, userid: str, room_id: str) -> bool:
True if the user may publish the room, otherwise False
"""
for callback in self._user_may_publish_room_callbacks:
- if await callback(userid, room_id) is False:
+ may_publish_room = await delay_cancellation(callback(userid, room_id))
+ if may_publish_room is False:
return False
return True
@@ -400,7 +414,7 @@ async def check_username_for_spam(self, user_profile: UserProfile) -> bool:
for callback in self._check_username_for_spam_callbacks:
# Make a copy of the user profile object to ensure the spam checker cannot
# modify it.
- if await callback(user_profile.copy()):
+ if await delay_cancellation(callback(user_profile.copy())):
return True
return False
@@ -428,7 +442,7 @@ async def check_registration_for_spam(
"""
for callback in self._check_registration_for_spam_callbacks:
- behaviour = await (
+ behaviour = await delay_cancellation(
callback(email_threepid, username, request_info, auth_provider_id)
)
assert isinstance(behaviour, RegistrationBehaviour)
@@ -472,7 +486,7 @@ async def check_media_file_for_spam(
"""
for callback in self._check_media_file_for_spam_callbacks:
- spam = await callback(file_wrapper, file_info)
+ spam = await delay_cancellation(callback(file_wrapper, file_info))
if spam:
return True
diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py
index ef68e2028220..9f4ff9799c00 100644
--- a/synapse/events/third_party_rules.py
+++ b/synapse/events/third_party_rules.py
@@ -14,12 +14,14 @@
import logging
from typing import TYPE_CHECKING, Any, Awaitable, Callable, List, Optional, Tuple
+from twisted.internet.defer import CancelledError
+
from synapse.api.errors import ModuleFailedException, SynapseError
from synapse.events import EventBase
from synapse.events.snapshot import EventContext
from synapse.storage.roommember import ProfileInfo
from synapse.types import Requester, StateMap
-from synapse.util.async_helpers import maybe_awaitable
+from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
if TYPE_CHECKING:
from synapse.server import HomeServer
@@ -263,7 +265,11 @@ async def check_event_allowed(
for callback in self._check_event_allowed_callbacks:
try:
- res, replacement_data = await callback(event, state_events)
+ res, replacement_data = await delay_cancellation(
+ callback(event, state_events)
+ )
+ except CancelledError:
+ raise
except SynapseError as e:
# FIXME: Being able to throw SynapseErrors is relied upon by
# some modules. PR #10386 accidentally broke this ability.
@@ -333,8 +339,13 @@ async def check_threepid_can_be_invited(
for callback in self._check_threepid_can_be_invited_callbacks:
try:
- if await callback(medium, address, state_events) is False:
+ threepid_can_be_invited = await delay_cancellation(
+ callback(medium, address, state_events)
+ )
+ if threepid_can_be_invited is False:
return False
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
@@ -361,8 +372,13 @@ async def check_visibility_can_be_modified(
for callback in self._check_visibility_can_be_modified_callbacks:
try:
- if await callback(room_id, state_events, new_visibility) is False:
+ visibility_can_be_modified = await delay_cancellation(
+ callback(room_id, state_events, new_visibility)
+ )
+ if visibility_can_be_modified is False:
return False
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
@@ -400,8 +416,11 @@ async def check_can_shutdown_room(self, user_id: str, room_id: str) -> bool:
"""
for callback in self._check_can_shutdown_room_callbacks:
try:
- if await callback(user_id, room_id) is False:
+ can_shutdown_room = await delay_cancellation(callback(user_id, room_id))
+ if can_shutdown_room is False:
return False
+ except CancelledError:
+ raise
except Exception as e:
logger.exception(
"Failed to run module API callback %s: %s", callback, e
@@ -422,8 +441,13 @@ async def check_can_deactivate_user(
"""
for callback in self._check_can_deactivate_user_callbacks:
try:
- if await callback(user_id, by_admin) is False:
+ can_deactivate_user = await delay_cancellation(
+ callback(user_id, by_admin)
+ )
+ if can_deactivate_user is False:
return False
+ except CancelledError:
+ raise
except Exception as e:
logger.exception(
"Failed to run module API callback %s: %s", callback, e
diff --git a/synapse/events/utils.py b/synapse/events/utils.py
index 43c3241fb0d1..ac91c5eb57d0 100644
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@@ -22,12 +22,12 @@
Iterable,
List,
Mapping,
+ MutableMapping,
Optional,
Union,
)
import attr
-from frozendict import frozendict
from synapse.api.constants import EventContentFields, EventTypes, RelationTypes
from synapse.api.errors import Codes, SynapseError
@@ -204,7 +204,9 @@ def _copy_field(src: JsonDict, dst: JsonDict, field: List[str]) -> None:
key_to_move = field.pop(-1)
sub_dict = src
for sub_field in field: # e.g. sub_field => "content"
- if sub_field in sub_dict and type(sub_dict[sub_field]) in [dict, frozendict]:
+ if sub_field in sub_dict and isinstance(
+ sub_dict[sub_field], collections.abc.Mapping
+ ):
sub_dict = sub_dict[sub_field]
else:
return
@@ -402,6 +404,7 @@ def serialize_event(
*,
config: SerializeEventConfig = _DEFAULT_SERIALIZE_EVENT_CONFIG,
bundle_aggregations: Optional[Dict[str, "BundledAggregations"]] = None,
+ apply_edits: bool = True,
) -> JsonDict:
"""Serializes a single event.
@@ -409,10 +412,10 @@ def serialize_event(
event: The event being serialized.
time_now: The current time in milliseconds
config: Event serialization config
- bundle_aggregations: Whether to include the bundled aggregations for this
- event. Only applies to non-state events. (State events never include
- bundled aggregations.)
-
+ bundle_aggregations: A map from event_id to the aggregations to be bundled
+ into the event.
+ apply_edits: Whether the content of the event should be modified to reflect
+ any replacement in `bundle_aggregations[].replace`.
Returns:
The serialized event
"""
@@ -424,14 +427,14 @@ def serialize_event(
# Check if there are any bundled aggregations to include with the event.
if bundle_aggregations:
- event_aggregations = bundle_aggregations.get(event.event_id)
- if event_aggregations:
+ if event.event_id in bundle_aggregations:
self._inject_bundled_aggregations(
event,
time_now,
config,
- bundle_aggregations[event.event_id],
+ bundle_aggregations,
serialized_event,
+ apply_edits=apply_edits,
)
return serialized_event
@@ -468,31 +471,49 @@ def _inject_bundled_aggregations(
event: EventBase,
time_now: int,
config: SerializeEventConfig,
- aggregations: "BundledAggregations",
+ bundled_aggregations: Dict[str, "BundledAggregations"],
serialized_event: JsonDict,
+ apply_edits: bool,
) -> None:
"""Potentially injects bundled aggregations into the unsigned portion of the serialized event.
Args:
event: The event being serialized.
time_now: The current time in milliseconds
- aggregations: The bundled aggregation to serialize.
- serialized_event: The serialized event which may be modified.
config: Event serialization config
+ bundled_aggregations: Bundled aggregations to be injected.
+ A map from event_id to aggregation data. Must contain at least an
+ entry for `event`.
+ While serializing the bundled aggregations this map may be searched
+ again for additional events in a recursive manner.
+ serialized_event: The serialized event which may be modified.
+ apply_edits: Whether the content of the event should be modified to reflect
+ any replacement in `aggregations.replace`.
"""
+
+ # We have already checked that aggregations exist for this event.
+ event_aggregations = bundled_aggregations[event.event_id]
+
+ # The JSON dictionary to be added under the unsigned property of the event
+ # being serialized.
serialized_aggregations = {}
- if aggregations.annotations:
- serialized_aggregations[RelationTypes.ANNOTATION] = aggregations.annotations
+ if event_aggregations.annotations:
+ serialized_aggregations[
+ RelationTypes.ANNOTATION
+ ] = event_aggregations.annotations
- if aggregations.references:
- serialized_aggregations[RelationTypes.REFERENCE] = aggregations.references
+ if event_aggregations.references:
+ serialized_aggregations[
+ RelationTypes.REFERENCE
+ ] = event_aggregations.references
- if aggregations.replace:
- # If there is an edit, apply it to the event.
- edit = aggregations.replace
- self._apply_edit(event, serialized_event, edit)
+ if event_aggregations.replace:
+ # If there is an edit, optionally apply it to the event.
+ edit = event_aggregations.replace
+ if apply_edits:
+ self._apply_edit(event, serialized_event, edit)
# Include information about it in the relations dict.
serialized_aggregations[RelationTypes.REPLACE] = {
@@ -501,19 +522,16 @@ def _inject_bundled_aggregations(
"sender": edit.sender,
}
- # If this event is the start of a thread, include a summary of the replies.
- if aggregations.thread:
- thread = aggregations.thread
+ # Include any threaded replies to this event.
+ if event_aggregations.thread:
+ thread = event_aggregations.thread
- # Don't bundle aggregations as this could recurse forever.
- serialized_latest_event = serialize_event(
- thread.latest_event, time_now, config=config
+ serialized_latest_event = self.serialize_event(
+ thread.latest_event,
+ time_now,
+ config=config,
+ bundle_aggregations=bundled_aggregations,
)
- # Manually apply an edit, if one exists.
- if thread.latest_edit:
- self._apply_edit(
- thread.latest_event, serialized_latest_event, thread.latest_edit
- )
thread_summary = {
"latest_event": serialized_latest_event,
@@ -563,10 +581,20 @@ def serialize_events(
]
-def copy_power_levels_contents(
- old_power_levels: Mapping[str, Union[int, Mapping[str, int]]]
+_PowerLevel = Union[str, int]
+
+
+def copy_and_fixup_power_levels_contents(
+ old_power_levels: Mapping[str, Union[_PowerLevel, Mapping[str, _PowerLevel]]]
) -> Dict[str, Union[int, Dict[str, int]]]:
- """Copy the content of a power_levels event, unfreezing frozendicts along the way
+ """Copy the content of a power_levels event, unfreezing frozendicts along the way.
+
+ We accept as input power level values which are strings, provided they represent an
+ integer, e.g. `"`100"` instead of 100. Such strings are converted to integers
+ in the returned dictionary (hence "fixup" in the function name).
+
+ Note that future room versions will outlaw such stringy power levels (see
+ https://github.com/matrix-org/matrix-spec/issues/853).
Raises:
TypeError if the input does not look like a valid power levels event content
@@ -575,29 +603,47 @@ def copy_power_levels_contents(
raise TypeError("Not a valid power-levels content: %r" % (old_power_levels,))
power_levels: Dict[str, Union[int, Dict[str, int]]] = {}
- for k, v in old_power_levels.items():
-
- if isinstance(v, int):
- power_levels[k] = v
- continue
+ for k, v in old_power_levels.items():
if isinstance(v, collections.abc.Mapping):
h: Dict[str, int] = {}
power_levels[k] = h
for k1, v1 in v.items():
- # we should only have one level of nesting
- if not isinstance(v1, int):
- raise TypeError(
- "Invalid power_levels value for %s.%s: %r" % (k, k1, v1)
- )
- h[k1] = v1
- continue
+ _copy_power_level_value_as_integer(v1, h, k1)
- raise TypeError("Invalid power_levels value for %s: %r" % (k, v))
+ else:
+ _copy_power_level_value_as_integer(v, power_levels, k)
return power_levels
+def _copy_power_level_value_as_integer(
+ old_value: object,
+ power_levels: MutableMapping[str, Any],
+ key: str,
+) -> None:
+ """Set `power_levels[key]` to the integer represented by `old_value`.
+
+ :raises TypeError: if `old_value` is not an integer, nor a base-10 string
+ representation of an integer.
+ """
+ if isinstance(old_value, int):
+ power_levels[key] = old_value
+ return
+
+ if isinstance(old_value, str):
+ try:
+ parsed_value = int(old_value, base=10)
+ except ValueError:
+ # Fall through to the final TypeError.
+ pass
+ else:
+ power_levels[key] = parsed_value
+ return
+
+ raise TypeError(f"Invalid power_levels value for {key}: {old_value}")
+
+
def validate_canonicaljson(value: Any) -> None:
"""
Ensure that the JSON object is valid according to the rules of canonical JSON.
@@ -617,7 +663,7 @@ def validate_canonicaljson(value: Any) -> None:
# Note that Infinity, -Infinity, and NaN are also considered floats.
raise SynapseError(400, "Bad JSON value: float", Codes.BAD_JSON)
- elif isinstance(value, (dict, frozendict)):
+ elif isinstance(value, collections.abc.Mapping):
for v in value.values():
validate_canonicaljson(v)
diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py
index 6a59cb4b713e..17eff60909a2 100644
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -618,7 +618,7 @@ def _is_unknown_endpoint(
#
# Dendrite returns a 404 (with a body of "404 page not found");
# Conduit returns a 404 (with no body); and Synapse returns a 400
- # with M_UNRECOGNISED.
+ # with M_UNRECOGNIZED.
#
# This needs to be rather specific as some endpoints truly do return 404
# errors.
@@ -1426,6 +1426,8 @@ async def send_request(
room = res.get("room")
if not isinstance(room, dict):
raise InvalidResponseError("'room' must be a dict")
+ if room.get("room_id") != room_id:
+ raise InvalidResponseError("wrong room returned in hierarchy response")
# Validate children_state of the room.
children_state = room.pop("children_state", [])
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index e67af6463fc7..884b5d60b4f9 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -268,8 +268,8 @@ async def on_incoming_transaction(
transaction_id=transaction_id,
destination=destination,
origin=origin,
- origin_server_ts=transaction_data.get("origin_server_ts"), # type: ignore
- pdus=transaction_data.get("pdus"), # type: ignore
+ origin_server_ts=transaction_data.get("origin_server_ts"), # type: ignore[arg-type]
+ pdus=transaction_data.get("pdus"),
edus=transaction_data.get("edus"),
)
@@ -515,7 +515,7 @@ async def _process_edu(edu_dict: JsonDict) -> None:
)
async def on_room_state_request(
- self, origin: str, room_id: str, event_id: Optional[str]
+ self, origin: str, room_id: str, event_id: str
) -> Tuple[int, JsonDict]:
origin_host, _ = parse_server_name(origin)
await self.check_server_matches_acl(origin_host, room_id)
@@ -530,18 +530,13 @@ async def on_room_state_request(
# - but that's non-trivial to get right, and anyway somewhat defeats
# the point of the linearizer.
async with self._server_linearizer.queue((origin, room_id)):
- resp: JsonDict = dict(
- await self._state_resp_cache.wrap(
- (room_id, event_id),
- self._on_context_state_request_compute,
- room_id,
- event_id,
- )
+ resp = await self._state_resp_cache.wrap(
+ (room_id, event_id),
+ self._on_context_state_request_compute,
+ room_id,
+ event_id,
)
- room_version = await self.store.get_room_version_id(room_id)
- resp["room_version"] = room_version
-
return 200, resp
async def on_state_ids_request(
@@ -574,14 +569,11 @@ async def _on_state_ids_request_compute(
return {"pdu_ids": state_ids, "auth_chain_ids": list(auth_chain_ids)}
async def _on_context_state_request_compute(
- self, room_id: str, event_id: Optional[str]
+ self, room_id: str, event_id: str
) -> Dict[str, list]:
pdus: Collection[EventBase]
- if event_id:
- event_ids = await self.handler.get_state_ids_for_pdu(room_id, event_id)
- pdus = await self.store.get_events_as_list(event_ids)
- else:
- pdus = (await self.state.get_current_state(room_id)).values()
+ event_ids = await self.handler.get_state_ids_for_pdu(room_id, event_id)
+ pdus = await self.store.get_events_as_list(event_ids)
auth_chain = await self.store.get_auth_chain(
room_id, [pdu.event_id for pdu in pdus]
diff --git a/synapse/federation/sender/__init__.py b/synapse/federation/sender/__init__.py
index 30e2421efc6d..6d2f46318bea 100644
--- a/synapse/federation/sender/__init__.py
+++ b/synapse/federation/sender/__init__.py
@@ -343,9 +343,16 @@ async def _process_event_queue_loop(self) -> None:
last_token, self._last_poked_id, limit=100
)
- logger.debug("Handling %s -> %s", last_token, next_token)
+ logger.debug(
+ "Handling %i -> %i: %i events to send (current id %i)",
+ last_token,
+ next_token,
+ len(events),
+ self._last_poked_id,
+ )
if not events and next_token >= self._last_poked_id:
+ logger.debug("All events processed")
break
async def handle_event(event: EventBase) -> None:
@@ -353,9 +360,53 @@ async def handle_event(event: EventBase) -> None:
send_on_behalf_of = event.internal_metadata.get_send_on_behalf_of()
is_mine = self.is_mine_id(event.sender)
if not is_mine and send_on_behalf_of is None:
+ logger.debug("Not sending remote-origin event %s", event)
+ return
+
+ # We also want to not send out-of-band membership events.
+ #
+ # OOB memberships are used in three (and a half) situations:
+ #
+ # (1) invite events which we have received over federation. Those
+ # will have a `sender` on a different server, so will be
+ # skipped by the "is_mine" test above anyway.
+ #
+ # (2) rejections of invites to federated rooms - either remotely
+ # or locally generated. (Such rejections are normally
+ # created via federation, in which case the remote server is
+ # responsible for sending out the rejection. If that fails,
+ # we'll create a leave event locally, but that's only really
+ # for the benefit of the invited user - we don't have enough
+ # information to send it out over federation).
+ #
+ # (2a) rescinded knocks. These are identical to rejected invites.
+ #
+ # (3) knock events which we have sent over federation. As with
+ # invite rejections, the remote server should send them out to
+ # the federation.
+ #
+ # So, in all the above cases, we want to ignore such events.
+ #
+ # OOB memberships are always(?) outliers anyway, so if we *don't*
+ # ignore them, we'll get an exception further down when we try to
+ # fetch the membership list for the room.
+ #
+ # Arguably, we could equivalently ignore all outliers here, since
+ # in theory the only way for an outlier with a local `sender` to
+ # exist is by being an OOB membership (via one of (2), (2a) or (3)
+ # above).
+ #
+ if event.internal_metadata.is_out_of_band_membership():
+ logger.debug("Not sending OOB membership event %s", event)
return
+ # Finally, there are some other events that we should not send out
+ # until someone asks for them. They are explicitly flagged as such
+ # with `proactively_send: False`.
if not event.internal_metadata.should_proactively_send():
+ logger.debug(
+ "Not sending event with proactively_send=false: %s", event
+ )
return
destinations: Optional[Set[str]] = None
@@ -419,7 +470,10 @@ async def handle_event(event: EventBase) -> None:
"federation_sender"
).observe((now - ts) / 1000)
- async def handle_room_events(events: Iterable[EventBase]) -> None:
+ async def handle_room_events(events: List[EventBase]) -> None:
+ logger.debug(
+ "Handling %i events in room %s", len(events), events[0].room_id
+ )
with Measure(self.clock, "handle_room_events"):
for event in events:
await handle_event(event)
@@ -438,6 +492,7 @@ async def handle_room_events(events: Iterable[EventBase]) -> None:
)
)
+ logger.debug("Successfully handled up to %i", next_token)
await self.store.update_federation_out_pos("events", next_token)
if events:
diff --git a/synapse/federation/transport/client.py b/synapse/federation/transport/client.py
index 1421050b9a53..9ce06dfa28ba 100644
--- a/synapse/federation/transport/client.py
+++ b/synapse/federation/transport/client.py
@@ -229,21 +229,21 @@ async def send_transaction(
"""
logger.debug(
"send_data dest=%s, txid=%s",
- transaction.destination, # type: ignore
- transaction.transaction_id, # type: ignore
+ transaction.destination,
+ transaction.transaction_id,
)
- if transaction.destination == self.server_name: # type: ignore
+ if transaction.destination == self.server_name:
raise RuntimeError("Transport layer cannot send to itself!")
# FIXME: This is only used by the tests. The actual json sent is
# generated by the json_data_callback.
json_data = transaction.get_dict()
- path = _create_v1_path("/send/%s", transaction.transaction_id) # type: ignore
+ path = _create_v1_path("/send/%s", transaction.transaction_id)
return await self.client.put_json(
- transaction.destination, # type: ignore
+ transaction.destination,
path=path,
data=json_data,
json_data_callback=json_data_callback,
diff --git a/synapse/federation/transport/server/_base.py b/synapse/federation/transport/server/_base.py
index 2529dee613aa..d629a3ecb5dd 100644
--- a/synapse/federation/transport/server/_base.py
+++ b/synapse/federation/transport/server/_base.py
@@ -16,7 +16,8 @@
import logging
import re
import time
-from typing import TYPE_CHECKING, Any, Awaitable, Callable, Optional, Tuple, cast
+from http import HTTPStatus
+from typing import TYPE_CHECKING, Any, Awaitable, Callable, Dict, Optional, Tuple, cast
from synapse.api.errors import Codes, FederationDeniedError, SynapseError
from synapse.api.urls import FEDERATION_V1_PREFIX
@@ -86,15 +87,24 @@ async def authenticate_request(
if not auth_headers:
raise NoAuthenticationError(
- 401, "Missing Authorization headers", Codes.UNAUTHORIZED
+ HTTPStatus.UNAUTHORIZED,
+ "Missing Authorization headers",
+ Codes.UNAUTHORIZED,
)
for auth in auth_headers:
if auth.startswith(b"X-Matrix"):
- (origin, key, sig) = _parse_auth_header(auth)
+ (origin, key, sig, destination) = _parse_auth_header(auth)
json_request["origin"] = origin
json_request["signatures"].setdefault(origin, {})[key] = sig
+ # if the origin_server sent a destination along it needs to match our own server_name
+ if destination is not None and destination != self.server_name:
+ raise AuthenticationError(
+ HTTPStatus.UNAUTHORIZED,
+ "Destination mismatch in auth header",
+ Codes.UNAUTHORIZED,
+ )
if (
self.federation_domain_whitelist is not None
and origin not in self.federation_domain_whitelist
@@ -103,7 +113,9 @@ async def authenticate_request(
if origin is None or not json_request["signatures"]:
raise NoAuthenticationError(
- 401, "Missing Authorization headers", Codes.UNAUTHORIZED
+ HTTPStatus.UNAUTHORIZED,
+ "Missing Authorization headers",
+ Codes.UNAUTHORIZED,
)
await self.keyring.verify_json_for_server(
@@ -142,13 +154,14 @@ async def reset_retry_timings(self, origin: str) -> None:
logger.exception("Error resetting retry timings on %s", origin)
-def _parse_auth_header(header_bytes: bytes) -> Tuple[str, str, str]:
+def _parse_auth_header(header_bytes: bytes) -> Tuple[str, str, str, Optional[str]]:
"""Parse an X-Matrix auth header
Args:
header_bytes: header value
Returns:
+ origin, key id, signature, destination.
origin, key id, signature.
Raises:
@@ -157,7 +170,9 @@ def _parse_auth_header(header_bytes: bytes) -> Tuple[str, str, str]:
try:
header_str = header_bytes.decode("utf-8")
params = header_str.split(" ")[1].split(",")
- param_dict = {k: v for k, v in (kv.split("=", maxsplit=1) for kv in params)}
+ param_dict: Dict[str, str] = {
+ k: v for k, v in [param.split("=", maxsplit=1) for param in params]
+ }
def strip_quotes(value: str) -> str:
if value.startswith('"'):
@@ -172,7 +187,15 @@ def strip_quotes(value: str) -> str:
key = strip_quotes(param_dict["key"])
sig = strip_quotes(param_dict["sig"])
- return origin, key, sig
+
+ # get the destination server_name from the auth header if it exists
+ destination = param_dict.get("destination")
+ if destination is not None:
+ destination = strip_quotes(destination)
+ else:
+ destination = None
+
+ return origin, key, sig, destination
except Exception as e:
logger.warning(
"Error parsing auth header '%s': %s",
@@ -180,7 +203,7 @@ def strip_quotes(value: str) -> str:
e,
)
raise AuthenticationError(
- 400, "Malformed Authorization header", Codes.UNAUTHORIZED
+ HTTPStatus.BAD_REQUEST, "Malformed Authorization header", Codes.UNAUTHORIZED
)
diff --git a/synapse/federation/transport/server/federation.py b/synapse/federation/transport/server/federation.py
index aed3d5069ca1..6fbc7b5f15a7 100644
--- a/synapse/federation/transport/server/federation.py
+++ b/synapse/federation/transport/server/federation.py
@@ -160,7 +160,7 @@ async def on_GET(
return await self.handler.on_room_state_request(
origin,
room_id,
- parse_string_from_args(query, "event_id", None, required=False),
+ parse_string_from_args(query, "event_id", None, required=True),
)
diff --git a/synapse/handlers/account_validity.py b/synapse/handlers/account_validity.py
index 05a138410e25..33e45e3a1136 100644
--- a/synapse/handlers/account_validity.py
+++ b/synapse/handlers/account_validity.py
@@ -23,6 +23,7 @@
from synapse.metrics.background_process_metrics import wrap_as_background_process
from synapse.types import UserID
from synapse.util import stringutils
+from synapse.util.async_helpers import delay_cancellation
if TYPE_CHECKING:
from synapse.server import HomeServer
@@ -150,7 +151,7 @@ async def is_user_expired(self, user_id: str) -> bool:
Whether the user has expired.
"""
for callback in self._is_user_expired_callbacks:
- expired = await callback(user_id)
+ expired = await delay_cancellation(callback(user_id))
if expired is not None:
return expired
diff --git a/synapse/handlers/appservice.py b/synapse/handlers/appservice.py
index 1b5784050621..85bd5e47682b 100644
--- a/synapse/handlers/appservice.py
+++ b/synapse/handlers/appservice.py
@@ -59,7 +59,7 @@ def __init__(self, hs: "HomeServer"):
self.scheduler = hs.get_application_service_scheduler()
self.started_scheduler = False
self.clock = hs.get_clock()
- self.notify_appservices = hs.config.appservice.notify_appservices
+ self.notify_appservices = hs.config.worker.should_notify_appservices
self.event_sources = hs.get_event_sources()
self._msc2409_to_device_messages_enabled = (
hs.config.experimental.msc2409_to_device_messages_enabled
@@ -416,7 +416,7 @@ async def _handle_typing(
return typing
async def _handle_receipts(
- self, service: ApplicationService, new_token: Optional[int]
+ self, service: ApplicationService, new_token: int
) -> List[JsonDict]:
"""
Return the latest read receipts that the given application service should receive.
@@ -447,7 +447,7 @@ async def _handle_receipts(
receipts_source = self.event_sources.sources.receipt
receipts, _ = await receipts_source.get_new_events_as(
- service=service, from_key=from_key
+ service=service, from_key=from_key, to_key=new_token
)
return receipts
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 86991d26ce79..1b9050ea96c8 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -41,6 +41,7 @@
import unpaddedbase64
from pymacaroons.exceptions import MacaroonVerificationFailedException
+from twisted.internet.defer import CancelledError
from twisted.web.server import Request
from synapse.api.constants import LoginType
@@ -67,7 +68,7 @@
from synapse.storage.roommember import ProfileInfo
from synapse.types import JsonDict, Requester, UserID
from synapse.util import stringutils as stringutils
-from synapse.util.async_helpers import maybe_awaitable
+from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
from synapse.util.macaroons import get_value_from_macaroon, satisfy_expiry
from synapse.util.msisdn import phone_number_to_msisdn
from synapse.util.stringutils import base62_encode
@@ -481,7 +482,7 @@ async def check_ui_auth(
sid = authdict["session"]
# Convert the URI and method to strings.
- uri = request.uri.decode("utf-8") # type: ignore
+ uri = request.uri.decode("utf-8")
method = request.method.decode("utf-8")
# If there's no session ID, create a new session.
@@ -551,7 +552,7 @@ async def check_ui_auth(
await self.store.set_ui_auth_clientdict(sid, clientdict)
user_agent = get_request_user_agent(request)
- clientip = request.getClientIP()
+ clientip = request.getClientAddress().host
await self.store.add_user_agent_ip_to_ui_auth_session(
session.session_id, user_agent, clientip
@@ -2202,7 +2203,11 @@ async def check_auth(
# other than None (i.e. until a callback returns a success)
for callback in self.auth_checker_callbacks[login_type]:
try:
- result = await callback(username, login_type, login_dict)
+ result = await delay_cancellation(
+ callback(username, login_type, login_dict)
+ )
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
continue
@@ -2263,7 +2268,9 @@ async def check_3pid_auth(
for callback in self.check_3pid_auth_callbacks:
try:
- result = await callback(medium, address, password)
+ result = await delay_cancellation(callback(medium, address, password))
+ except CancelledError:
+ raise
except Exception as e:
logger.warning("Failed to run module API callback %s: %s", callback, e)
continue
@@ -2345,7 +2352,7 @@ async def get_username_for_registration(
"""
for callback in self.get_username_for_registration_callbacks:
try:
- res = await callback(uia_results, params)
+ res = await delay_cancellation(callback(uia_results, params))
if isinstance(res, str):
return res
@@ -2359,6 +2366,8 @@ async def get_username_for_registration(
callback,
res,
)
+ except CancelledError:
+ raise
except Exception as e:
logger.error(
"Module raised an exception in get_username_for_registration: %s",
@@ -2388,7 +2397,7 @@ async def get_displayname_for_registration(
"""
for callback in self.get_displayname_for_registration_callbacks:
try:
- res = await callback(uia_results, params)
+ res = await delay_cancellation(callback(uia_results, params))
if isinstance(res, str):
return res
@@ -2402,6 +2411,8 @@ async def get_displayname_for_registration(
callback,
res,
)
+ except CancelledError:
+ raise
except Exception as e:
logger.error(
"Module raised an exception in get_displayname_for_registration: %s",
@@ -2429,7 +2440,7 @@ async def is_3pid_allowed(
"""
for callback in self.is_3pid_allowed_callbacks:
try:
- res = await callback(medium, address, registration)
+ res = await delay_cancellation(callback(medium, address, registration))
if res is False:
return res
@@ -2443,6 +2454,8 @@ async def is_3pid_allowed(
callback,
res,
)
+ except CancelledError:
+ raise
except Exception as e:
logger.error("Module raised an exception in is_3pid_allowed: %s", e)
raise SynapseError(code=500, msg="Internal Server Error")
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py
index 3c0fc756d46b..a91b1ee4d5f4 100644
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@@ -505,8 +505,9 @@ async def notify_device_update(
"device_list_key", position, users={user_id}, rooms=room_ids
)
- # We may need to do some processing asynchronously.
- self._handle_new_device_update_async()
+ # We may need to do some processing asynchronously for local user IDs.
+ if self.hs.is_mine_id(user_id):
+ self._handle_new_device_update_async()
async def notify_user_signature_update(
self, from_user_id: str, user_ids: List[str]
@@ -683,9 +684,12 @@ async def _handle_new_device_update_async(self) -> None:
self.federation_sender.send_device_messages(
host, immediate=False
)
- log_kv(
- {"message": "sent device update to host", "host": host}
- )
+ # TODO: when called, this isn't in a logging context.
+ # This leads to log spam, sentry event spam, and massive
+ # memory usage. See #12552.
+ # log_kv(
+ # {"message": "sent device update to host", "host": host}
+ # )
if current_stream_id != stream_id:
# Clear the set of hosts we've already sent to as we're
diff --git a/synapse/handlers/events.py b/synapse/handlers/events.py
index e89c4df31466..82a5aac3dda6 100644
--- a/synapse/handlers/events.py
+++ b/synapse/handlers/events.py
@@ -21,6 +21,7 @@
from synapse.events import EventBase
from synapse.events.utils import SerializeEventConfig
from synapse.handlers.presence import format_user_presence_state
+from synapse.storage.databases.main.events_worker import EventRedactBehaviour
from synapse.streams.config import PaginationConfig
from synapse.types import JsonDict, UserID
from synapse.visibility import filter_events_for_client
@@ -141,7 +142,11 @@ def __init__(self, hs: "HomeServer"):
self.storage = hs.get_storage()
async def get_event(
- self, user: UserID, room_id: Optional[str], event_id: str
+ self,
+ user: UserID,
+ room_id: Optional[str],
+ event_id: str,
+ show_redacted: bool = False,
) -> Optional[EventBase]:
"""Retrieve a single specified event.
@@ -150,6 +155,7 @@ async def get_event(
room_id: The expected room id. We'll return None if the
event's room does not match.
event_id: The event ID to obtain.
+ show_redacted: Should the full content of redacted events be returned?
Returns:
An event, or None if there is no event matching this ID.
Raises:
@@ -157,7 +163,12 @@ async def get_event(
AuthError if the user does not have the rights to inspect this
event.
"""
- event = await self.store.get_event(event_id, check_room_id=room_id)
+ redact_behaviour = (
+ EventRedactBehaviour.as_is if show_redacted else EventRedactBehaviour.redact
+ )
+ event = await self.store.get_event(
+ event_id, check_room_id=room_id, redact_behaviour=redact_behaviour
+ )
if not event:
return None
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 1434e99056cb..38dc5b1f6edf 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1,4 +1,4 @@
-# Copyright 2014-2021 The Matrix.org Foundation C.I.C.
+# Copyright 2014-2022 The Matrix.org Foundation C.I.C.
# Copyright 2020 Sorunome
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -15,10 +15,14 @@
"""Contains handlers for federation events."""
+import enum
+import itertools
import logging
+from enum import Enum
from http import HTTPStatus
from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, Tuple, Union
+import attr
from signedjson.key import decode_verify_key_bytes
from signedjson.sign import verify_signed_json
from unpaddedbase64 import decode_base64
@@ -92,6 +96,24 @@ def get_domains_from_state(state: StateMap[EventBase]) -> List[Tuple[str, int]]:
return sorted(joined_domains.items(), key=lambda d: d[1])
+class _BackfillPointType(Enum):
+ # a regular backwards extremity (ie, an event which we don't yet have, but which
+ # is referred to by other events in the DAG)
+ BACKWARDS_EXTREMITY = enum.auto()
+
+ # an MSC2716 "insertion event"
+ INSERTION_PONT = enum.auto()
+
+
+@attr.s(slots=True, auto_attribs=True, frozen=True)
+class _BackfillPoint:
+ """A potential point we might backfill from"""
+
+ event_id: str
+ depth: int
+ type: _BackfillPointType
+
+
class FederationHandler:
"""Handles general incoming federation requests
@@ -157,89 +179,51 @@ async def maybe_backfill(
async def _maybe_backfill_inner(
self, room_id: str, current_depth: int, limit: int
) -> bool:
- oldest_events_with_depth = (
- await self.store.get_oldest_event_ids_with_depth_in_room(room_id)
- )
+ backwards_extremities = [
+ _BackfillPoint(event_id, depth, _BackfillPointType.BACKWARDS_EXTREMITY)
+ for event_id, depth in await self.store.get_oldest_event_ids_with_depth_in_room(
+ room_id
+ )
+ ]
- insertion_events_to_be_backfilled: Dict[str, int] = {}
+ insertion_events_to_be_backfilled: List[_BackfillPoint] = []
if self.hs.config.experimental.msc2716_enabled:
- insertion_events_to_be_backfilled = (
- await self.store.get_insertion_event_backward_extremities_in_room(
+ insertion_events_to_be_backfilled = [
+ _BackfillPoint(event_id, depth, _BackfillPointType.INSERTION_PONT)
+ for event_id, depth in await self.store.get_insertion_event_backward_extremities_in_room(
room_id
)
- )
+ ]
logger.debug(
- "_maybe_backfill_inner: extremities oldest_events_with_depth=%s insertion_events_to_be_backfilled=%s",
- oldest_events_with_depth,
+ "_maybe_backfill_inner: backwards_extremities=%s insertion_events_to_be_backfilled=%s",
+ backwards_extremities,
insertion_events_to_be_backfilled,
)
- if not oldest_events_with_depth and not insertion_events_to_be_backfilled:
+ if not backwards_extremities and not insertion_events_to_be_backfilled:
logger.debug("Not backfilling as no extremeties found.")
return False
- # We only want to paginate if we can actually see the events we'll get,
- # as otherwise we'll just spend a lot of resources to get redacted
- # events.
- #
- # We do this by filtering all the backwards extremities and seeing if
- # any remain. Given we don't have the extremity events themselves, we
- # need to actually check the events that reference them.
- #
- # *Note*: the spec wants us to keep backfilling until we reach the start
- # of the room in case we are allowed to see some of the history. However
- # in practice that causes more issues than its worth, as a) its
- # relatively rare for there to be any visible history and b) even when
- # there is its often sufficiently long ago that clients would stop
- # attempting to paginate before backfill reached the visible history.
- #
- # TODO: If we do do a backfill then we should filter the backwards
- # extremities to only include those that point to visible portions of
- # history.
- #
- # TODO: Correctly handle the case where we are allowed to see the
- # forward event but not the backward extremity, e.g. in the case of
- # initial join of the server where we are allowed to see the join
- # event but not anything before it. This would require looking at the
- # state *before* the event, ignoring the special casing certain event
- # types have.
-
- forward_event_ids = await self.store.get_successor_events(
- list(oldest_events_with_depth)
- )
-
- extremities_events = await self.store.get_events(
- forward_event_ids,
- redact_behaviour=EventRedactBehaviour.AS_IS,
- get_prev_content=False,
+ # we now have a list of potential places to backpaginate from. We prefer to
+ # start with the most recent (ie, max depth), so let's sort the list.
+ sorted_backfill_points: List[_BackfillPoint] = sorted(
+ itertools.chain(
+ backwards_extremities,
+ insertion_events_to_be_backfilled,
+ ),
+ key=lambda e: -int(e.depth),
)
- # We set `check_history_visibility_only` as we might otherwise get false
- # positives from users having been erased.
- filtered_extremities = await filter_events_for_server(
- self.storage,
- self.server_name,
- list(extremities_events.values()),
- redact=False,
- check_history_visibility_only=True,
- )
logger.debug(
- "_maybe_backfill_inner: filtered_extremities %s", filtered_extremities
+ "_maybe_backfill_inner: room_id: %s: current_depth: %s, limit: %s, "
+ "backfill points (%d): %s",
+ room_id,
+ current_depth,
+ limit,
+ len(sorted_backfill_points),
+ sorted_backfill_points,
)
- if not filtered_extremities and not insertion_events_to_be_backfilled:
- return False
-
- extremities = {
- **oldest_events_with_depth,
- # TODO: insertion_events_to_be_backfilled is currently skipping the filtered_extremities checks
- **insertion_events_to_be_backfilled,
- }
-
- # Check if we reached a point where we should start backfilling.
- sorted_extremeties_tuple = sorted(extremities.items(), key=lambda e: -int(e[1]))
- max_depth = sorted_extremeties_tuple[0][1]
-
# If we're approaching an extremity we trigger a backfill, otherwise we
# no-op.
#
@@ -249,6 +233,11 @@ async def _maybe_backfill_inner(
# chose more than one times the limit in case of failure, but choosing a
# much larger factor will result in triggering a backfill request much
# earlier than necessary.
+ #
+ # XXX: shouldn't we do this *after* the filter by depth below? Again, we don't
+ # care about events that have happened after our current position.
+ #
+ max_depth = sorted_backfill_points[0].depth
if current_depth - 2 * limit > max_depth:
logger.debug(
"Not backfilling as we don't need to. %d < %d - 2 * %d",
@@ -265,31 +254,98 @@ async def _maybe_backfill_inner(
# 2. we have likely previously tried and failed to backfill from that
# extremity, so to avoid getting "stuck" requesting the same
# backfill repeatedly we drop those extremities.
- filtered_sorted_extremeties_tuple = [
- t for t in sorted_extremeties_tuple if int(t[1]) <= current_depth
- ]
-
- logger.debug(
- "room_id: %s, backfill: current_depth: %s, limit: %s, max_depth: %s, extrems (%d): %s filtered_sorted_extremeties_tuple: %s",
- room_id,
- current_depth,
- limit,
- max_depth,
- len(sorted_extremeties_tuple),
- sorted_extremeties_tuple,
- filtered_sorted_extremeties_tuple,
- )
-
+ #
# However, we need to check that the filtered extremities are non-empty.
# If they are empty then either we can a) bail or b) still attempt to
# backfill. We opt to try backfilling anyway just in case we do get
# relevant events.
- if filtered_sorted_extremeties_tuple:
- sorted_extremeties_tuple = filtered_sorted_extremeties_tuple
+ #
+ filtered_sorted_backfill_points = [
+ t for t in sorted_backfill_points if t.depth <= current_depth
+ ]
+ if filtered_sorted_backfill_points:
+ logger.debug(
+ "_maybe_backfill_inner: backfill points before current depth: %s",
+ filtered_sorted_backfill_points,
+ )
+ sorted_backfill_points = filtered_sorted_backfill_points
+ else:
+ logger.debug(
+ "_maybe_backfill_inner: all backfill points are *after* current depth. Backfilling anyway."
+ )
+
+ # For performance's sake, we only want to paginate from a particular extremity
+ # if we can actually see the events we'll get. Otherwise, we'd just spend a lot
+ # of resources to get redacted events. We check each extremity in turn and
+ # ignore those which users on our server wouldn't be able to see.
+ #
+ # Additionally, we limit ourselves to backfilling from at most 5 extremities,
+ # for two reasons:
+ #
+ # - The check which determines if we can see an extremity's events can be
+ # expensive (we load the full state for the room at each of the backfill
+ # points, or (worse) their successors)
+ # - We want to avoid the server-server API request URI becoming too long.
+ #
+ # *Note*: the spec wants us to keep backfilling until we reach the start
+ # of the room in case we are allowed to see some of the history. However,
+ # in practice that causes more issues than its worth, as (a) it's
+ # relatively rare for there to be any visible history and (b) even when
+ # there is it's often sufficiently long ago that clients would stop
+ # attempting to paginate before backfill reached the visible history.
- # We don't want to specify too many extremities as it causes the backfill
- # request URI to be too long.
- extremities = dict(sorted_extremeties_tuple[:5])
+ extremities_to_request: List[str] = []
+ for bp in sorted_backfill_points:
+ if len(extremities_to_request) >= 5:
+ break
+
+ # For regular backwards extremities, we don't have the extremity events
+ # themselves, so we need to actually check the events that reference them -
+ # their "successor" events.
+ #
+ # TODO: Correctly handle the case where we are allowed to see the
+ # successor event but not the backward extremity, e.g. in the case of
+ # initial join of the server where we are allowed to see the join
+ # event but not anything before it. This would require looking at the
+ # state *before* the event, ignoring the special casing certain event
+ # types have.
+ if bp.type == _BackfillPointType.INSERTION_PONT:
+ event_ids_to_check = [bp.event_id]
+ else:
+ event_ids_to_check = await self.store.get_successor_events(bp.event_id)
+
+ events_to_check = await self.store.get_events_as_list(
+ event_ids_to_check,
+ redact_behaviour=EventRedactBehaviour.as_is,
+ get_prev_content=False,
+ )
+
+ # We set `check_history_visibility_only` as we might otherwise get false
+ # positives from users having been erased.
+ filtered_extremities = await filter_events_for_server(
+ self.storage,
+ self.server_name,
+ events_to_check,
+ redact=False,
+ check_history_visibility_only=True,
+ )
+ if filtered_extremities:
+ extremities_to_request.append(bp.event_id)
+ else:
+ logger.debug(
+ "_maybe_backfill_inner: skipping extremity %s as it would not be visible",
+ bp,
+ )
+
+ if not extremities_to_request:
+ logger.debug(
+ "_maybe_backfill_inner: found no extremities which would be visible"
+ )
+ return False
+
+ logger.debug(
+ "_maybe_backfill_inner: extremities_to_request %s", extremities_to_request
+ )
# Now we need to decide which hosts to hit first.
@@ -309,7 +365,7 @@ async def try_backfill(domains: List[str]) -> bool:
for dom in domains:
try:
await self._federation_event_handler.backfill(
- dom, room_id, limit=100, extremities=extremities
+ dom, room_id, limit=100, extremities=extremities_to_request
)
# If this succeeded then we probably already have the
# appropriate stuff.
@@ -1438,7 +1494,7 @@ async def _sync_partial_state_room(
events = await self.store.get_events_as_list(
batch,
- redact_behaviour=EventRedactBehaviour.AS_IS,
+ redact_behaviour=EventRedactBehaviour.as_is,
allow_rejected=True,
)
for event in events:
diff --git a/synapse/handlers/federation_event.py b/synapse/handlers/federation_event.py
index 32bf02818c54..6cf927e4ff7b 100644
--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@@ -515,6 +515,7 @@ async def update_state_for_partial_state_event(
)
return
await self._store.update_state_for_partial_state_event(event, context)
+ self._state_store.notify_event_un_partial_stated(event.event_id)
async def backfill(
self, dest: str, room_id: str, limit: int, extremities: Collection[str]
@@ -859,7 +860,7 @@ async def _resolve_state_at_missing_prevs(
evs = await self._store.get_events(
list(state_map.values()),
get_prev_content=False,
- redact_behaviour=EventRedactBehaviour.AS_IS,
+ redact_behaviour=EventRedactBehaviour.as_is,
)
event_map.update(evs)
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index c183e9c46523..9bca2bc4b24e 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -92,7 +92,7 @@ async def ratelimit_request_token_requests(
"""
await self._3pid_validation_ratelimiter_ip.ratelimit(
- None, (medium, request.getClientIP())
+ None, (medium, request.getClientAddress().host)
)
await self._3pid_validation_ratelimiter_address.ratelimit(
None, (medium, address)
diff --git a/synapse/handlers/initial_sync.py b/synapse/handlers/initial_sync.py
index a7db8feb57eb..7b94770f9722 100644
--- a/synapse/handlers/initial_sync.py
+++ b/synapse/handlers/initial_sync.py
@@ -143,7 +143,7 @@ async def _snapshot_all_rooms(
to_key=int(now_token.receipt_key),
)
if self.hs.config.experimental.msc2285_enabled:
- receipt = ReceiptEventSource.filter_out_hidden(receipt, user_id)
+ receipt = ReceiptEventSource.filter_out_private(receipt, user_id)
tags_by_room = await self.store.get_tags_for_user(user_id)
@@ -449,7 +449,7 @@ async def get_receipts() -> List[JsonDict]:
if not receipts:
return []
if self.hs.config.experimental.msc2285_enabled:
- receipts = ReceiptEventSource.filter_out_hidden(receipts, user_id)
+ receipts = ReceiptEventSource.filter_out_private(receipts, user_id)
return receipts
presence, receipts, (messages, token) = await make_deferred_yieldable(
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index 1b092e900eb5..c28b792e6fe2 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1407,7 +1407,7 @@ async def persist_and_notify_client_event(
original_event = await self.store.get_event(
event.redacts,
- redact_behaviour=EventRedactBehaviour.AS_IS,
+ redact_behaviour=EventRedactBehaviour.as_is,
get_prev_content=False,
allow_rejected=False,
allow_none=True,
@@ -1427,7 +1427,7 @@ async def persist_and_notify_client_event(
# Validate a newly added alias or newly added alt_aliases.
original_alias = None
- original_alt_aliases: List[str] = []
+ original_alt_aliases: object = []
original_event_id = event.unsigned.get("replaces_state")
if original_event_id:
@@ -1455,6 +1455,7 @@ async def persist_and_notify_client_event(
# If the old version of alt_aliases is of an unknown form,
# completely replace it.
if not isinstance(original_alt_aliases, (list, tuple)):
+ # TODO: check that the original_alt_aliases' entries are all strings
original_alt_aliases = []
# Check that each alias is currently valid.
@@ -1504,7 +1505,7 @@ async def persist_and_notify_client_event(
original_event = await self.store.get_event(
event.redacts,
- redact_behaviour=EventRedactBehaviour.AS_IS,
+ redact_behaviour=EventRedactBehaviour.as_is,
get_prev_content=False,
allow_rejected=False,
allow_none=True,
diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
index 724b9cfcb4bb..f6ffb7d18d91 100644
--- a/synapse/handlers/oidc.py
+++ b/synapse/handlers/oidc.py
@@ -966,7 +966,7 @@ async def oidc_response_to_user_attributes(failures: int) -> UserAttributes:
"Mapping provider does not support de-duplicating Matrix IDs"
)
- attributes = await self._user_mapping_provider.map_user_attributes( # type: ignore
+ attributes = await self._user_mapping_provider.map_user_attributes(
userinfo, token
)
diff --git a/synapse/handlers/presence.py b/synapse/handlers/presence.py
index d078162c2938..268481ec1963 100644
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@@ -659,27 +659,28 @@ def __init__(self, hs: "HomeServer"):
)
now = self.clock.time_msec()
- for state in self.user_to_current_state.values():
- self.wheel_timer.insert(
- now=now, obj=state.user_id, then=state.last_active_ts + IDLE_TIMER
- )
- self.wheel_timer.insert(
- now=now,
- obj=state.user_id,
- then=state.last_user_sync_ts + SYNC_ONLINE_TIMEOUT,
- )
- if self.is_mine_id(state.user_id):
+ if self._presence_enabled:
+ for state in self.user_to_current_state.values():
self.wheel_timer.insert(
- now=now,
- obj=state.user_id,
- then=state.last_federation_update_ts + FEDERATION_PING_INTERVAL,
+ now=now, obj=state.user_id, then=state.last_active_ts + IDLE_TIMER
)
- else:
self.wheel_timer.insert(
now=now,
obj=state.user_id,
- then=state.last_federation_update_ts + FEDERATION_TIMEOUT,
+ then=state.last_user_sync_ts + SYNC_ONLINE_TIMEOUT,
)
+ if self.is_mine_id(state.user_id):
+ self.wheel_timer.insert(
+ now=now,
+ obj=state.user_id,
+ then=state.last_federation_update_ts + FEDERATION_PING_INTERVAL,
+ )
+ else:
+ self.wheel_timer.insert(
+ now=now,
+ obj=state.user_id,
+ then=state.last_federation_update_ts + FEDERATION_TIMEOUT,
+ )
# Set of users who have presence in the `user_to_current_state` that
# have not yet been persisted
@@ -804,6 +805,13 @@ async def _update_states(
This is currently used to bump the max presence stream ID without changing any
user's presence (see PresenceHandler.add_users_to_send_full_presence_to).
"""
+ if not self._presence_enabled:
+ # We shouldn't get here if presence is disabled, but we check anyway
+ # to ensure that we don't a) send out presence federation and b)
+ # don't add things to the wheel timer that will never be handled.
+ logger.warning("Tried to update presence states when presence is disabled")
+ return
+
now = self.clock.time_msec()
with Measure(self.clock, "presence_update_states"):
@@ -1229,6 +1237,10 @@ async def set_state(
):
raise SynapseError(400, "Invalid presence state")
+ # If presence is disabled, no-op
+ if not self.hs.config.server.use_presence:
+ return
+
user_id = target_user.to_string()
prev_state = await self.current_state_for_user(user_id)
diff --git a/synapse/handlers/push_rules.py b/synapse/handlers/push_rules.py
new file mode 100644
index 000000000000..2599160bcc00
--- /dev/null
+++ b/synapse/handlers/push_rules.py
@@ -0,0 +1,138 @@
+# Copyright 2022 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from typing import TYPE_CHECKING, List, Optional, Union
+
+import attr
+
+from synapse.api.errors import SynapseError, UnrecognizedRequestError
+from synapse.push.baserules import BASE_RULE_IDS
+from synapse.storage.push_rule import RuleNotFoundException
+from synapse.types import JsonDict
+
+if TYPE_CHECKING:
+ from synapse.server import HomeServer
+
+
+@attr.s(slots=True, frozen=True, auto_attribs=True)
+class RuleSpec:
+ scope: str
+ template: str
+ rule_id: str
+ attr: Optional[str]
+
+
+class PushRulesHandler:
+ """A class to handle changes in push rules for users."""
+
+ def __init__(self, hs: "HomeServer"):
+ self._notifier = hs.get_notifier()
+ self._main_store = hs.get_datastores().main
+
+ async def set_rule_attr(
+ self, user_id: str, spec: RuleSpec, val: Union[bool, JsonDict]
+ ) -> None:
+ """Set an attribute (enabled or actions) on an existing push rule.
+
+ Notifies listeners (e.g. sync handler) of the change.
+
+ Args:
+ user_id: the user for which to modify the push rule.
+ spec: the spec of the push rule to modify.
+ val: the value to change the attribute to.
+
+ Raises:
+ RuleNotFoundException if the rule being modified doesn't exist.
+ SynapseError(400) if the value is malformed.
+ UnrecognizedRequestError if the attribute to change is unknown.
+ InvalidRuleException if we're trying to change the actions on a rule but
+ the provided actions aren't compliant with the spec.
+ """
+ if spec.attr not in ("enabled", "actions"):
+ # for the sake of potential future expansion, shouldn't report
+ # 404 in the case of an unknown request so check it corresponds to
+ # a known attribute first.
+ raise UnrecognizedRequestError()
+
+ namespaced_rule_id = f"global/{spec.template}/{spec.rule_id}"
+ rule_id = spec.rule_id
+ is_default_rule = rule_id.startswith(".")
+ if is_default_rule:
+ if namespaced_rule_id not in BASE_RULE_IDS:
+ raise RuleNotFoundException("Unknown rule %r" % (namespaced_rule_id,))
+ if spec.attr == "enabled":
+ if isinstance(val, dict) and "enabled" in val:
+ val = val["enabled"]
+ if not isinstance(val, bool):
+ # Legacy fallback
+ # This should *actually* take a dict, but many clients pass
+ # bools directly, so let's not break them.
+ raise SynapseError(400, "Value for 'enabled' must be boolean")
+ await self._main_store.set_push_rule_enabled(
+ user_id, namespaced_rule_id, val, is_default_rule
+ )
+ elif spec.attr == "actions":
+ if not isinstance(val, dict):
+ raise SynapseError(400, "Value must be a dict")
+ actions = val.get("actions")
+ if not isinstance(actions, list):
+ raise SynapseError(400, "Value for 'actions' must be dict")
+ check_actions(actions)
+ rule_id = spec.rule_id
+ is_default_rule = rule_id.startswith(".")
+ if is_default_rule:
+ if namespaced_rule_id not in BASE_RULE_IDS:
+ raise RuleNotFoundException(
+ "Unknown rule %r" % (namespaced_rule_id,)
+ )
+ await self._main_store.set_push_rule_actions(
+ user_id, namespaced_rule_id, actions, is_default_rule
+ )
+ else:
+ raise UnrecognizedRequestError()
+
+ self.notify_user(user_id)
+
+ def notify_user(self, user_id: str) -> None:
+ """Notify listeners about a push rule change.
+
+ Args:
+ user_id: the user ID the change is for.
+ """
+ stream_id = self._main_store.get_max_push_rules_stream_id()
+ self._notifier.on_new_event("push_rules_key", stream_id, users=[user_id])
+
+
+def check_actions(actions: List[Union[str, JsonDict]]) -> None:
+ """Check if the given actions are spec compliant.
+
+ Args:
+ actions: the actions to check.
+
+ Raises:
+ InvalidRuleException if the rules aren't compliant with the spec.
+ """
+ if not isinstance(actions, list):
+ raise InvalidRuleException("No actions found")
+
+ for a in actions:
+ if a in ["notify", "dont_notify", "coalesce"]:
+ pass
+ elif isinstance(a, dict) and "set_tweak" in a:
+ pass
+ else:
+ raise InvalidRuleException("Unrecognised action %s" % a)
+
+
+class InvalidRuleException(Exception):
+ pass
diff --git a/synapse/handlers/receipts.py b/synapse/handlers/receipts.py
index 6250bb3bdf2b..43d615357b3c 100644
--- a/synapse/handlers/receipts.py
+++ b/synapse/handlers/receipts.py
@@ -14,7 +14,7 @@
import logging
from typing import TYPE_CHECKING, Iterable, List, Optional, Tuple
-from synapse.api.constants import ReadReceiptEventFields, ReceiptTypes
+from synapse.api.constants import ReceiptTypes
from synapse.appservice import ApplicationService
from synapse.streams import EventSource
from synapse.types import JsonDict, ReadReceipt, UserID, get_domain_from_id
@@ -112,7 +112,7 @@ async def _handle_new_receipts(self, receipts: List[ReadReceipt]) -> bool:
)
if not res:
- # res will be None if this read receipt is 'old'
+ # res will be None if this receipt is 'old'
continue
stream_id, max_persisted_id = res
@@ -138,7 +138,7 @@ async def _handle_new_receipts(self, receipts: List[ReadReceipt]) -> bool:
return True
async def received_client_receipt(
- self, room_id: str, receipt_type: str, user_id: str, event_id: str, hidden: bool
+ self, room_id: str, receipt_type: str, user_id: str, event_id: str
) -> None:
"""Called when a client tells us a local user has read up to the given
event_id in the room.
@@ -148,16 +148,14 @@ async def received_client_receipt(
receipt_type=receipt_type,
user_id=user_id,
event_ids=[event_id],
- data={"ts": int(self.clock.time_msec()), "hidden": hidden},
+ data={"ts": int(self.clock.time_msec())},
)
is_new = await self._handle_new_receipts([receipt])
if not is_new:
return
- if self.federation_sender and not (
- self.hs.config.experimental.msc2285_enabled and hidden
- ):
+ if self.federation_sender and receipt_type != ReceiptTypes.READ_PRIVATE:
await self.federation_sender.send_read_receipt(receipt)
@@ -167,46 +165,37 @@ def __init__(self, hs: "HomeServer"):
self.config = hs.config
@staticmethod
- def filter_out_hidden(events: List[JsonDict], user_id: str) -> List[JsonDict]:
+ def filter_out_private(events: List[JsonDict], user_id: str) -> List[JsonDict]:
+ """
+ This method takes in what is returned by
+ get_linearized_receipts_for_rooms() and goes through read receipts
+ filtering out m.read.private receipts if they were not sent by the
+ current user.
+ """
+
visible_events = []
- # filter out hidden receipts the user shouldn't see
+ # filter out private receipts the user shouldn't see
for event in events:
content = event.get("content", {})
new_event = event.copy()
new_event["content"] = {}
- for event_id in content.keys():
- event_content = content.get(event_id, {})
- m_read = event_content.get(ReceiptTypes.READ, {})
-
- # If m_read is missing copy over the original event_content as there is nothing to process here
- if not m_read:
- new_event["content"][event_id] = event_content.copy()
- continue
-
- new_users = {}
- for rr_user_id, user_rr in m_read.items():
- try:
- hidden = user_rr.get("hidden")
- except AttributeError:
- # Due to https://github.com/matrix-org/synapse/issues/10376
- # there are cases where user_rr is a string, in those cases
- # we just ignore the read receipt
- continue
-
- if hidden is not True or rr_user_id == user_id:
- new_users[rr_user_id] = user_rr.copy()
- # If hidden has a value replace hidden with the correct prefixed key
- if hidden is not None:
- new_users[rr_user_id].pop("hidden")
- new_users[rr_user_id][
- ReadReceiptEventFields.MSC2285_HIDDEN
- ] = hidden
-
- # Set new users unless empty
- if len(new_users.keys()) > 0:
- new_event["content"][event_id] = {ReceiptTypes.READ: new_users}
+ for event_id, event_content in content.items():
+ receipt_event = {}
+ for receipt_type, receipt_content in event_content.items():
+ if receipt_type == ReceiptTypes.READ_PRIVATE:
+ user_rr = receipt_content.get(user_id, None)
+ if user_rr:
+ receipt_event[ReceiptTypes.READ_PRIVATE] = {
+ user_id: user_rr.copy()
+ }
+ else:
+ receipt_event[receipt_type] = receipt_content.copy()
+
+ # Only include the receipt event if it is non-empty.
+ if receipt_event:
+ new_event["content"][event_id] = receipt_event
# Append new_event to visible_events unless empty
if len(new_event["content"].keys()) > 0:
@@ -234,18 +223,19 @@ async def get_new_events(
)
if self.config.experimental.msc2285_enabled:
- events = ReceiptEventSource.filter_out_hidden(events, user.to_string())
+ events = ReceiptEventSource.filter_out_private(events, user.to_string())
return events, to_key
async def get_new_events_as(
- self, from_key: int, service: ApplicationService
+ self, from_key: int, to_key: int, service: ApplicationService
) -> Tuple[List[JsonDict], int]:
"""Returns a set of new read receipt events that an appservice
may be interested in.
Args:
from_key: the stream position at which events should be fetched from
+ to_key: the stream position up to which events should be fetched to
service: The appservice which may be interested
Returns:
@@ -255,7 +245,6 @@ async def get_new_events_as(
* The current read receipt stream token.
"""
from_key = int(from_key)
- to_key = self.get_current_key()
if from_key == to_key:
return [], to_key
diff --git a/synapse/handlers/relations.py b/synapse/handlers/relations.py
index 0be231957750..c2754ec918de 100644
--- a/synapse/handlers/relations.py
+++ b/synapse/handlers/relations.py
@@ -11,6 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+import collections.abc
import logging
from typing import (
TYPE_CHECKING,
@@ -24,7 +25,6 @@
)
import attr
-from frozendict import frozendict
from synapse.api.constants import RelationTypes
from synapse.api.errors import SynapseError
@@ -44,8 +44,6 @@
class _ThreadAggregation:
# The latest event in the thread.
latest_event: EventBase
- # The latest edit to the latest event in the thread.
- latest_edit: Optional[EventBase]
# The total number of events in the thread.
count: int
# True if the current user has sent an event to the thread.
@@ -256,64 +254,6 @@ async def get_annotations_for_event(
return filtered_results
- async def _get_bundled_aggregation_for_event(
- self, event: EventBase, ignored_users: FrozenSet[str]
- ) -> Optional[BundledAggregations]:
- """Generate bundled aggregations for an event.
-
- Note that this does not use a cache, but depends on cached methods.
-
- Args:
- event: The event to calculate bundled aggregations for.
- ignored_users: The users ignored by the requesting user.
-
- Returns:
- The bundled aggregations for an event, if bundled aggregations are
- enabled and the event can have bundled aggregations.
- """
-
- # Do not bundle aggregations for an event which represents an edit or an
- # annotation. It does not make sense for them to have related events.
- relates_to = event.content.get("m.relates_to")
- if isinstance(relates_to, (dict, frozendict)):
- relation_type = relates_to.get("rel_type")
- if relation_type in (RelationTypes.ANNOTATION, RelationTypes.REPLACE):
- return None
-
- event_id = event.event_id
- room_id = event.room_id
-
- # The bundled aggregations to include, a mapping of relation type to a
- # type-specific value. Some types include the direct return type here
- # while others need more processing during serialization.
- aggregations = BundledAggregations()
-
- annotations = await self.get_annotations_for_event(
- event_id, room_id, ignored_users=ignored_users
- )
- if annotations:
- aggregations.annotations = {"chunk": annotations}
-
- references, next_token = await self.get_relations_for_event(
- event_id,
- event,
- room_id,
- RelationTypes.REFERENCE,
- ignored_users=ignored_users,
- )
- if references:
- aggregations.references = {
- "chunk": [{"event_id": event.event_id} for event in references]
- }
-
- if next_token:
- aggregations.references["next_batch"] = await next_token.to_string(
- self._main_store
- )
-
- # Store the bundled aggregations in the event metadata for later use.
- return aggregations
-
async def get_threads_for_events(
self, event_ids: Collection[str], user_id: str, ignored_users: FrozenSet[str]
) -> Dict[str, _ThreadAggregation]:
@@ -353,7 +293,7 @@ async def get_threads_for_events(
for event_id, summary in summaries.items():
if summary:
- thread_count, latest_thread_event, edit = summary
+ thread_count, latest_thread_event = summary
# Subtract off the count of any ignored users.
for ignored_user in ignored_users:
@@ -398,7 +338,6 @@ async def get_threads_for_events(
results[event_id] = _ThreadAggregation(
latest_event=latest_thread_event,
- latest_edit=edit,
count=thread_count,
# If there's a thread summary it must also exist in the
# participated dictionary.
@@ -417,15 +356,37 @@ async def get_bundled_aggregations(
user_id: The user requesting the bundled aggregations.
Returns:
- A map of event ID to the bundled aggregation for the event. Not all
- events may have bundled aggregations in the results.
+ A map of event ID to the bundled aggregations for the event.
+
+ Not all requested events may exist in the results (if they don't have
+ bundled aggregations).
+
+ The results may include additional events which are related to the
+ requested events.
"""
- # De-duplicate events by ID to handle the same event requested multiple times.
- #
- # State events do not get bundled aggregations.
- events_by_id = {
- event.event_id: event for event in events if not event.is_state()
- }
+ # De-duplicated events by ID to handle the same event requested multiple times.
+ events_by_id = {}
+ # A map of event ID to the relation in that event, if there is one.
+ relations_by_id: Dict[str, str] = {}
+ for event in events:
+ # State events do not get bundled aggregations.
+ if event.is_state():
+ continue
+
+ relates_to = event.content.get("m.relates_to")
+ relation_type = None
+ if isinstance(relates_to, collections.abc.Mapping):
+ relation_type = relates_to.get("rel_type")
+ # An event which is a replacement (ie edit) or annotation (ie,
+ # reaction) may not have any other event related to it.
+ if relation_type in (RelationTypes.ANNOTATION, RelationTypes.REPLACE):
+ continue
+
+ # The event should get bundled aggregations.
+ events_by_id[event.event_id] = event
+ # Track the event's relation information for later.
+ if isinstance(relation_type, str):
+ relations_by_id[event.event_id] = relation_type
# event ID -> bundled aggregation in non-serialized form.
results: Dict[str, BundledAggregations] = {}
@@ -433,13 +394,60 @@ async def get_bundled_aggregations(
# Fetch any ignored users of the requesting user.
ignored_users = await self._main_store.ignored_users(user_id)
+ # Threads are special as the latest event of a thread might cause additional
+ # events to be fetched. Thus, we check those first!
+
+ # Fetch thread summaries (but only for the directly requested events).
+ threads = await self.get_threads_for_events(
+ # It is not valid to start a thread on an event which itself relates to another event.
+ [eid for eid in events_by_id.keys() if eid not in relations_by_id],
+ user_id,
+ ignored_users,
+ )
+ for event_id, thread in threads.items():
+ results.setdefault(event_id, BundledAggregations()).thread = thread
+
+ # If the latest event in a thread is not already being fetched,
+ # add it. This ensures that the bundled aggregations for the
+ # latest thread event is correct.
+ latest_thread_event = thread.latest_event
+ if latest_thread_event and latest_thread_event.event_id not in events_by_id:
+ events_by_id[latest_thread_event.event_id] = latest_thread_event
+ # Keep relations_by_id in sync with events_by_id:
+ #
+ # We know that the latest event in a thread has a thread relation
+ # (as that is what makes it part of the thread).
+ relations_by_id[latest_thread_event.event_id] = RelationTypes.THREAD
+
# Fetch other relations per event.
for event in events_by_id.values():
- event_result = await self._get_bundled_aggregation_for_event(
- event, ignored_users
+ # Fetch any annotations (ie, reactions) to bundle with this event.
+ annotations = await self.get_annotations_for_event(
+ event.event_id, event.room_id, ignored_users=ignored_users
+ )
+ if annotations:
+ results.setdefault(
+ event.event_id, BundledAggregations()
+ ).annotations = {"chunk": annotations}
+
+ # Fetch any references to bundle with this event.
+ references, next_token = await self.get_relations_for_event(
+ event.event_id,
+ event,
+ event.room_id,
+ RelationTypes.REFERENCE,
+ ignored_users=ignored_users,
)
- if event_result:
- results[event.event_id] = event_result
+ if references:
+ aggregations = results.setdefault(event.event_id, BundledAggregations())
+ aggregations.references = {
+ "chunk": [{"event_id": ev.event_id} for ev in references]
+ }
+
+ if next_token:
+ aggregations.references["next_batch"] = await next_token.to_string(
+ self._main_store
+ )
# Fetch any edits (but not for redacted events).
#
@@ -455,10 +463,4 @@ async def get_bundled_aggregations(
for event_id, edit in edits.items():
results.setdefault(event_id, BundledAggregations()).replace = edit
- threads = await self.get_threads_for_events(
- events_by_id.keys(), user_id, ignored_users
- )
- for event_id, thread in threads.items():
- results.setdefault(event_id, BundledAggregations()).thread = thread
-
return results
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index b31f00b517a9..604eb6ec154a 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -57,7 +57,7 @@
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion
from synapse.event_auth import validate_event_for_room_version
from synapse.events import EventBase
-from synapse.events.utils import copy_power_levels_contents
+from synapse.events.utils import copy_and_fixup_power_levels_contents
from synapse.federation.federation_client import InvalidResponseError
from synapse.handlers.federation import get_domains_from_state
from synapse.handlers.relations import BundledAggregations
@@ -337,13 +337,13 @@ async def _update_upgraded_room_pls(
# 50, but if the default PL in a room is 50 or more, then we set the
# required PL above that.
- pl_content = dict(old_room_pl_state.content)
- users_default = int(pl_content.get("users_default", 0))
+ pl_content = copy_and_fixup_power_levels_contents(old_room_pl_state.content)
+ users_default: int = pl_content.get("users_default", 0) # type: ignore[assignment]
restricted_level = max(users_default + 1, 50)
updated = False
for v in ("invite", "events_default"):
- current = int(pl_content.get(v, 0))
+ current: int = pl_content.get(v, 0) # type: ignore[assignment]
if current < restricted_level:
logger.debug(
"Setting level for %s in %s to %i (was %i)",
@@ -380,7 +380,9 @@ async def _update_upgraded_room_pls(
"state_key": "",
"room_id": new_room_id,
"sender": requester.user.to_string(),
- "content": old_room_pl_state.content,
+ "content": copy_and_fixup_power_levels_contents(
+ old_room_pl_state.content
+ ),
},
ratelimit=False,
)
@@ -471,7 +473,7 @@ async def clone_existing_room(
# dict so we can't just copy.deepcopy it.
initial_state[
(EventTypes.PowerLevels, "")
- ] = power_levels = copy_power_levels_contents(
+ ] = power_levels = copy_and_fixup_power_levels_contents(
initial_state[(EventTypes.PowerLevels, "")]
)
diff --git a/synapse/handlers/room_batch.py b/synapse/handlers/room_batch.py
index 78e299d3a5c5..29de7e5bed10 100644
--- a/synapse/handlers/room_batch.py
+++ b/synapse/handlers/room_batch.py
@@ -54,7 +54,7 @@ async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int:
# it has a larger `depth` but before the successor event because the `stream_ordering`
# is negative before the successor event.
successor_event_ids = await self.store.get_successor_events(
- [most_recent_prev_event_id]
+ most_recent_prev_event_id
)
# If we can't find any successor events, then it's a forward extremity of
diff --git a/synapse/handlers/room_summary.py b/synapse/handlers/room_summary.py
index 486145f48aca..ff24ec806357 100644
--- a/synapse/handlers/room_summary.py
+++ b/synapse/handlers/room_summary.py
@@ -105,6 +105,7 @@ def __init__(self, hs: "HomeServer"):
hs.get_clock(),
"get_room_hierarchy",
)
+ self._msc3266_enabled = hs.config.experimental.msc3266_enabled
async def get_room_hierarchy(
self,
@@ -630,7 +631,7 @@ async def _is_local_room_accessible(
return False
async def _is_remote_room_accessible(
- self, requester: str, room_id: str, room: JsonDict
+ self, requester: Optional[str], room_id: str, room: JsonDict
) -> bool:
"""
Calculate whether the room received over federation should be shown to the requester.
@@ -645,7 +646,8 @@ async def _is_remote_room_accessible(
due to an invite, etc.
Args:
- requester: The user requesting the summary.
+ requester: The user requesting the summary. If not passed only world
+ readability is checked.
room_id: The room ID returned over federation.
room: The summary of the room returned over federation.
@@ -659,6 +661,8 @@ async def _is_remote_room_accessible(
or room.get("world_readable") is True
):
return True
+ elif not requester:
+ return False
# Check if the user is a member of any of the allowed rooms from the response.
allowed_rooms = room.get("allowed_room_ids")
@@ -715,6 +719,10 @@ async def _build_room_entry(self, room_id: str, for_federation: bool) -> JsonDic
"room_type": create_event.content.get(EventContentFields.ROOM_TYPE),
}
+ if self._msc3266_enabled:
+ entry["im.nheko.summary.version"] = stats["version"]
+ entry["im.nheko.summary.encryption"] = stats["encryption"]
+
# Federation requests need to provide additional information so the
# requested server is able to filter the response appropriately.
if for_federation:
@@ -812,9 +820,45 @@ async def get_room_summary(
room_summary["membership"] = membership or "leave"
else:
- # TODO federation API, descoped from initial unstable implementation
- # as MSC needs more maturing on that side.
- raise SynapseError(400, "Federation is not currently supported.")
+ # Reuse the hierarchy query over federation
+ if remote_room_hosts is None:
+ raise SynapseError(400, "Missing via to query remote room")
+
+ (
+ room_entry,
+ children_room_entries,
+ inaccessible_children,
+ ) = await self._summarize_remote_room_hierarchy(
+ _RoomQueueEntry(room_id, remote_room_hosts),
+ suggested_only=True,
+ )
+
+ # The results over federation might include rooms that we, as the
+ # requesting server, are allowed to see, but the requesting user is
+ # not permitted to see.
+ #
+ # Filter the returned results to only what is accessible to the user.
+ if not room_entry or not await self._is_remote_room_accessible(
+ requester, room_entry.room_id, room_entry.room
+ ):
+ raise NotFoundError("Room not found or is not accessible")
+
+ room = dict(room_entry.room)
+ room.pop("allowed_room_ids", None)
+
+ # If there was a requester, add their membership.
+ # We keep the membership in the local membership table unless the
+ # room is purged even for remote rooms.
+ if requester:
+ (
+ membership,
+ _,
+ ) = await self._store.get_local_current_membership_for_user_in_room(
+ requester, room_id
+ )
+ room["membership"] = membership or "leave"
+
+ return room
return room_summary
diff --git a/synapse/handlers/search.py b/synapse/handlers/search.py
index 102dd4b57dea..5619f8f50e03 100644
--- a/synapse/handlers/search.py
+++ b/synapse/handlers/search.py
@@ -357,7 +357,7 @@ async def _search(
itertools.chain(
# The events_before and events_after for each context.
itertools.chain.from_iterable(
- itertools.chain(context["events_before"], context["events_after"]) # type: ignore[arg-type]
+ itertools.chain(context["events_before"], context["events_after"])
for context in contexts.values()
),
# The returned events.
@@ -373,10 +373,10 @@ async def _search(
for context in contexts.values():
context["events_before"] = self._event_serializer.serialize_events(
- context["events_before"], time_now, bundle_aggregations=aggregations # type: ignore[arg-type]
+ context["events_before"], time_now, bundle_aggregations=aggregations
)
context["events_after"] = self._event_serializer.serialize_events(
- context["events_after"], time_now, bundle_aggregations=aggregations # type: ignore[arg-type]
+ context["events_after"], time_now, bundle_aggregations=aggregations
)
results = [
diff --git a/synapse/handlers/sso.py b/synapse/handlers/sso.py
index e4fe94e557ad..1e171f3f7115 100644
--- a/synapse/handlers/sso.py
+++ b/synapse/handlers/sso.py
@@ -468,7 +468,7 @@ async def complete_sso_login_request(
auth_provider_id,
remote_user_id,
get_request_user_agent(request),
- request.getClientIP(),
+ request.getClientAddress().host,
)
new_user = True
elif self._sso_update_profile_information:
@@ -928,7 +928,7 @@ async def register_sso_user(self, request: Request, session_id: str) -> None:
session.auth_provider_id,
session.remote_user_id,
get_request_user_agent(request),
- request.getClientIP(),
+ request.getClientAddress().host,
)
logger.info(
diff --git a/synapse/handlers/sync.py b/synapse/handlers/sync.py
index 5125126a807c..2c555a66d066 100644
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@@ -1045,7 +1045,7 @@ async def unread_notifs_for_room_id(
last_unread_event_id = await self.store.get_last_receipt_event_id_for_user(
user_id=sync_config.user.to_string(),
room_id=room_id,
- receipt_type=ReceiptTypes.READ,
+ receipt_types=(ReceiptTypes.READ, ReceiptTypes.READ_PRIVATE),
)
return await self.store.get_unread_event_push_actions_by_room_for_user(
diff --git a/synapse/handlers/ui_auth/checkers.py b/synapse/handlers/ui_auth/checkers.py
index 472b029af3f6..05cebb5d4d89 100644
--- a/synapse/handlers/ui_auth/checkers.py
+++ b/synapse/handlers/ui_auth/checkers.py
@@ -256,7 +256,9 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"):
super().__init__(hs)
self.hs = hs
- self._enabled = bool(hs.config.registration.registration_requires_token)
+ self._enabled = bool(
+ hs.config.registration.registration_requires_token
+ ) or bool(hs.config.registration.enable_registration_token_3pid_bypass)
self.store = hs.get_datastores().main
def is_enabled(self) -> bool:
diff --git a/synapse/handlers/user_directory.py b/synapse/handlers/user_directory.py
index 048fd4bb8225..74f7fdfe6ce5 100644
--- a/synapse/handlers/user_directory.py
+++ b/synapse/handlers/user_directory.py
@@ -60,7 +60,7 @@ def __init__(self, hs: "HomeServer"):
self.clock = hs.get_clock()
self.notifier = hs.get_notifier()
self.is_mine_id = hs.is_mine_id
- self.update_user_directory = hs.config.server.update_user_directory
+ self.update_user_directory = hs.config.worker.should_update_user_directory
self.search_all_users = hs.config.userdirectory.user_directory_search_all_users
self.spam_checker = hs.get_spam_checker()
# The current position in the current_state_delta stream
diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
index 5097b3ca5796..c2ec3caa0ea8 100644
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -73,7 +73,7 @@
from synapse.logging.opentracing import set_tag, start_active_span, tags
from synapse.types import JsonDict
from synapse.util import json_decoder
-from synapse.util.async_helpers import timeout_deferred
+from synapse.util.async_helpers import AwakenableSleeper, timeout_deferred
from synapse.util.metrics import Measure
if TYPE_CHECKING:
@@ -353,6 +353,13 @@ def schedule(x):
self._cooperator = Cooperator(scheduler=schedule)
+ self._sleeper = AwakenableSleeper(self.reactor)
+
+ def wake_destination(self, destination: str) -> None:
+ """Called when the remote server may have come back online."""
+
+ self._sleeper.wake(destination)
+
async def _send_request_with_optional_trailing_slash(
self,
request: MatrixFederationRequest,
@@ -474,6 +481,8 @@ async def _send_request(
self._store,
backoff_on_404=backoff_on_404,
ignore_backoff=ignore_backoff,
+ notifier=self.hs.get_notifier(),
+ replication_client=self.hs.get_replication_command_handler(),
)
method_bytes = request.method.encode("ascii")
@@ -664,7 +673,9 @@ async def _send_request(
delay,
)
- await self.clock.sleep(delay)
+ # Sleep for the calculated delay, or wake up immediately
+ # if we get notified that the server is back up.
+ await self._sleeper.sleep(request.destination, delay * 1000)
retries_left -= 1
else:
raise
@@ -704,6 +715,9 @@ def build_auth_headers(
Returns:
A list of headers to be added as "Authorization:" headers
"""
+ if destination is None and destination_is is None:
+ raise ValueError("destination and destination_is cannot both be None!")
+
request: JsonDict = {
"method": method.decode("ascii"),
"uri": url_bytes.decode("ascii"),
@@ -726,8 +740,13 @@ def build_auth_headers(
for key, sig in request["signatures"][self.server_name].items():
auth_headers.append(
(
- 'X-Matrix origin=%s,key="%s",sig="%s"'
- % (self.server_name, key, sig)
+ 'X-Matrix origin=%s,key="%s",sig="%s",destination="%s"'
+ % (
+ self.server_name,
+ key,
+ sig,
+ request.get("destination") or request["destination_is"],
+ )
).encode("ascii")
)
return auth_headers
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 31ca84188975..657bffcddd88 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -43,6 +43,7 @@
from zope.interface import implementer
from twisted.internet import defer, interfaces
+from twisted.internet.defer import CancelledError
from twisted.python import failure
from twisted.web import resource
from twisted.web.server import NOT_DONE_YET, Request
@@ -82,6 +83,14 @@