uh

.buildkite/worker-blacklist

@@ -5,6 +5,8 @@ Message history can be paginated
 
 Can re-join room if re-invited
 
+/upgrade creates a new room
+
 The only membership state included in an initial sync is for all the senders in the timeline
 
 Local device key changes get to remote servers

CHANGES.md

@@ -1,44 +1,3 @@
-Next version
-============
-
-* Two new templates (`sso_auth_confirm.html` and `sso_account_deactivated.html`)
-  were added to Synapse. If your Synapse is configured to use SSO and a custom 
-  `sso_redirect_confirm_template_dir` configuration then these templates will
-  need to be duplicated into that directory.
-
-* Plugins using the `complete_sso_login` method of `synapse.module_api.ModuleApi`
-  should update to using the async/await version `complete_sso_login_async` which
-  includes additional checks. The non-async version is considered deprecated.
-
-Synapse 1.12.3 (2020-04-03)
-===========================
-
-- Remove the the pin to Pillow 7.0 which was introduced in Synapse 1.12.2, and
-correctly fix the issue with building the Debian packages. ([\#7212](https://github.com/matrix-org/synapse/issues/7212))
-
-Synapse 1.12.2 (2020-04-02)
-===========================
-
-This release works around [an issue](https://github.com/matrix-org/synapse/issues/7208) with building the debian packages.
-
-No other significant changes since 1.12.1.
-
-Synapse 1.12.1 (2020-04-02)
-===========================
-
-No significant changes since 1.12.1rc1.
-
-
-Synapse 1.12.1rc1 (2020-03-31)
-==============================
-
-Bugfixes
---------
-
-- Fix starting workers when federation sending not split out. ([\#7133](https://github.com/matrix-org/synapse/issues/7133)). Introduced in v1.12.0.
-- Avoid importing `sqlite3` when using the postgres backend. Contributed by David Vo. ([\#7155](https://github.com/matrix-org/synapse/issues/7155)). Introduced in v1.12.0rc1.
-- Fix a bug which could cause outbound federation traffic to stop working if a client uploaded an incorrect e2e device signature. ([\#7177](https://github.com/matrix-org/synapse/issues/7177)). Introduced in v1.11.0.
-
 Synapse 1.12.0 (2020-03-23)
 ===========================
 

INSTALL.md

@@ -36,7 +36,7 @@ that your email address is probably `user@example.com` rather than
 System requirements:
 
 - POSIX-compliant system (tested on Linux & OS X)
-- Python 3.5.2 or later, up to Python 3.8.
+- Python 3.5, 3.6, 3.7 or 3.8.
 - At least 1GB of free RAM if you want to join large public rooms like #matrix:matrix.org
 
 Synapse is written in Python but some of the libraries it uses are written in
@@ -112,7 +112,7 @@ Installing prerequisites on Ubuntu or Debian:
 ```
 sudo apt-get install build-essential python3-dev libffi-dev \
                      python3-pip python3-setuptools sqlite3 \
-                     libssl-dev virtualenv libjpeg-dev libxslt1-dev
+                     libssl-dev python3-virtualenv libjpeg-dev libxslt1-dev
 ```
 
 #### ArchLinux
@@ -393,8 +393,8 @@ so, you will need to edit `homeserver.yaml`, as follows:
   for having Synapse automatically provision and renew federation
   certificates through ACME can be found at [ACME.md](docs/ACME.md).
   Note that, as pointed out in that document, this feature will not
-  work with installs set up after November 2019.
-
+  work with installs set up after November 2019. 
+  
   If you are using your own certificate, be sure to use a `.pem` file that
   includes the full certificate chain including any intermediate certificates
   (for instance, if using certbot, use `fullchain.pem` as your certificate, not

changelog.d/6446.misc

@@ -1 +0,0 @@
-Add benchmarks for LruCache.

changelog.d/6573.bugfix

@@ -1 +0,0 @@
-Don't attempt to use an invalid sqlite config if no database configuration is provided. Contributed by @nekatak.

changelog.d/6639.bugfix

@@ -1 +0,0 @@
-Fix missing field `default` when fetching user-defined push rules.

changelog.d/6892.doc

@@ -1 +0,0 @@
-Update Debian installation instructions to recommend installing the `virtualenv` package instead of `python3-virtualenv`.

changelog.d/6899.bugfix

@@ -1 +0,0 @@
-Improve error responses when accessing remote public room lists.

changelog.d/6946.bugfix

@@ -1 +0,0 @@
-Transfer alias mappings on room upgrade.

changelog.d/7006.feature

@@ -1 +0,0 @@
-Extend the `web_client_location` option to accept an absolute URL to use as a redirect. Adds a warning when running the web client on the same hostname as homeserver. Contributed by Martin Milata.

changelog.d/7051.feature

@@ -1 +0,0 @@
-Admin API `POST /_synapse/admin/v1/join/<roomIdOrAlias>` to join users to a room like `auto_join_rooms` for creation of users.

changelog.d/7068.bugfix

@@ -1 +0,0 @@
-Ensure that a user inteactive authentication session is tied to a single request.

changelog.d/7096.feature

@@ -1 +0,0 @@
-Add options to prevent users from changing their profile or associated 3PIDs.

changelog.d/7102.feature

@@ -1 +0,0 @@
-Support SSO in the user interactive authentication workflow.

changelog.d/7118.feature

@@ -1 +0,0 @@
-Allow server admins to define and enforce a password policy (MSC2000).

changelog.d/7119.doc

@@ -1 +0,0 @@
-Update postgres docs with login troubleshooting information.

changelog.d/7128.misc

@@ -1 +0,0 @@
-Add explicit `instance_id` for USER_SYNC commands and remove implicit `conn_id` usage.

changelog.d/7136.misc

@@ -1 +0,0 @@
-Refactored the CAS authentication logic to a separate class.

changelog.d/7137.removal

@@ -1 +0,0 @@
-Remove nonfunctional `captcha_bypass_secret` option from `homeserver.yaml`.

changelog.d/7143.bugfix

@@ -0,0 +1 @@
+Prevent `sqlite3` module from being imported even when using the postgres backend.

changelog.d/7147.doc

@@ -1 +0,0 @@
-Add documentation for running a local CAS server for testing.

changelog.d/7150.bugfix

@@ -1 +0,0 @@
-Ensure `is_verified` is a boolean in responses to `GET /_matrix/client/r0/room_keys/keys`. Also warn the user if they forgot the `version` query param.

changelog.d/7151.bugfix

@@ -1 +0,0 @@
-Fix error page being shown when a custom SAML handler attempted to redirect when processing an auth response.

changelog.d/7152.feature

@@ -1 +0,0 @@
-Improve the support for SSO authentication on the login fallback page.

changelog.d/7153.feature

@@ -1 +0,0 @@
-Always whitelist the login fallback in the SSO configuration if `public_baseurl` is set.

changelog.d/7155.bugfix

@@ -1 +0,0 @@
-Avoid importing `sqlite3` when using the postgres backend. Contributed by David Vo.

changelog.d/7157.misc

@@ -1 +0,0 @@
-Add tests for outbound device pokes.

changelog.d/7158.misc

@@ -1 +0,0 @@
-Fix device list update stream ids going backward.

changelog.d/7159.bugfix

@@ -1 +0,0 @@
-Fix excessive CPU usage by `prune_old_outbound_device_pokes` job.

changelog.d/7160.feature

@@ -1 +0,0 @@
-Always send users their own device updates.

changelog.d/7167.doc

@@ -1 +0,0 @@
-Improve README.md by being explicit about public IP recommendation for TURN relaying.

changelog.d/7171.doc

@@ -1 +0,0 @@
-Fix a small typo in the `metrics_flags` config option.

changelog.d/7177.bugfix

@@ -1 +0,0 @@
-Fix a bug which could cause outbound federation traffic to stop working if a client uploaded an incorrect e2e device signature.

changelog.d/7178.bugfix

@@ -1 +0,0 @@
-Fix a bug which could cause incorrect 'cyclic dependency' error.

changelog.d/7181.misc

@@ -1 +0,0 @@
-Clean up some LoggingContext code.

changelog.d/7183.misc

@@ -1 +0,0 @@
-Clean up some LoggingContext code.

changelog.d/7184.misc

@@ -1 +0,0 @@
-Convert some of synapse.rest.media to async/await.

changelog.d/7185.misc

@@ -1 +0,0 @@
-Move client command handling out of TCP protocol.

changelog.d/7186.feature

@@ -1 +0,0 @@
-Support SSO in the user interactive authentication workflow.

changelog.d/7187.misc

@@ -1 +0,0 @@
-Move server command handling out of TCP protocol.

changelog.d/7188.misc

@@ -1 +0,0 @@
-Fix consistency of HTTP status codes reported in log lines.

changelog.d/7190.misc

@@ -1 +0,0 @@
-Only run one background database update at a time.

changelog.d/7191.feature

@@ -1 +0,0 @@
-Admin users are no longer required to be in a room to create an alias for it.

changelog.d/7192.misc

@@ -1 +0,0 @@
-Remove sent outbound device list pokes from the database.

changelog.d/7193.misc

@@ -1 +0,0 @@
-Add a background database update job to clear out duplicate `device_lists_outbound_pokes`.

changelog.d/7195.misc

@@ -1 +0,0 @@
-Move catchup of replication streams logic to worker.

changelog.d/7199.bugfix

@@ -1 +0,0 @@
-Fix a bug that could cause a user to be invited to a server notices (aka System Alerts) room without any notice being sent.

changelog.d/7203.bugfix

@@ -1 +0,0 @@
-Fix some worker-mode replication handling not being correctly recorded in CPU usage stats.

changelog.d/7207.misc

@@ -1 +0,0 @@
-Remove some extraneous debugging log lines.

changelog.d/7219.misc

@@ -1 +0,0 @@
-Add typing information to federation server code.

changelog.d/7226.misc

@@ -1 +0,0 @@
-Move catchup of replication streams logic to worker.

changelog.d/7228.misc

@@ -1 +0,0 @@
-Unblacklist '/upgrade creates a new room' sytest for workers.

changelog.d/7230.feature

@@ -1 +0,0 @@
-Require admin privileges to enable room encryption by default. This does not affect existing rooms.

changelog.d/7233.misc

@@ -1 +0,0 @@
-Remove redundant checks on `daemonize` from synctl.

changelog.d/7234.doc

@@ -1 +0,0 @@
-Update the contributed documentation on managing synapse workers with systemd, and bring it into the core distribution.

changelog.d/7235.feature

@@ -1 +0,0 @@
-Improve the support for SSO authentication on the login fallback page.

changelog.d/7236.misc

@@ -1 +0,0 @@
-Upgrade jQuery to v3.4.1 on fallback login/registration pages.

changelog.d/7237.misc

@@ -1 +0,0 @@
-Change log line that told user to implement onLogin/onRegister fallback js functions to a warning, instead of an info, so it's more visible.

changelog.d/7238.doc

@@ -1 +0,0 @@
-Add documentation to the `password_providers` config option. Add known password provider implementations to docs.

changelog.d/7240.bugfix

@@ -1 +0,0 @@
-Do not allow a deactivated user to login via SSO.

changelog.d/7241.misc

@@ -1 +0,0 @@
-Convert some of synapse.rest.media to async/await.

changelog.d/7243.misc

@@ -1 +0,0 @@
-Correct the parameters of a test fixture. Contributed by Isaiah Singletary.

changelog.d/7248.doc

@@ -1 +0,0 @@
-Add documentation to the `password_providers` config option. Add known password provider implementations to docs.

changelog.d/7249.bugfix

@@ -1 +0,0 @@
-Fix --help command-line argument.

changelog.d/7251.doc

@@ -1 +0,0 @@
-Modify suggested nginx reverse proxy configuration to match Synapse's default file upload size. Contributed by @ProCycleDev.

changelog.d/7255.bugfix

@@ -1 +0,0 @@
-Fix a bug that prevented cross-signing with users on worker-mode synapses.

changelog.d/7259.bugfix

@@ -1 +0,0 @@
- Do not allow a deactivated user to login via SSO.

changelog.d/7260.bugfix

@@ -1 +0,0 @@
-Fix room publish permissions not being checked on room creation.

changelog.d/7261.misc

@@ -1 +0,0 @@
-Convert auth handler to async/await.

changelog.d/7265.feature

@@ -1 +0,0 @@
-Add a config option for specifying the value of the Accept-Language HTTP header when generating URL previews.

changelog.d/7274.bugfix

@@ -1 +0,0 @@
-Fix a sql query introduced in Synapse 1.12.0 which could cause large amounts of logging to the postgres slow-query log.

changelog.d/7289.bugfix

@@ -1 +0,0 @@
-Fix a bug with cross-signing devices with remote users when they did not share a room with any user on the local homeserver.

changelog.d/7329.misc

@@ -1 +0,0 @@
-Move catchup of replication streams logic to worker.

contrib/systemd-with-workers/README.md

@@ -1,2 +1,150 @@
-The documentation for using systemd to manage synapse workers is now part of
-the main synapse distribution. See [docs/systemd-with-workers](../../docs/systemd-with-workers).
+# Setup Synapse with Workers and Systemd
+
+This is a setup for managing synapse with systemd including support for
+managing workers. It provides a `matrix-synapse`, as well as a
+`matrix-synapse-worker@` service for any workers you require. Additionally to
+group the required services it sets up a `matrix.target`. You can use this to
+automatically start any bot- or bridge-services. More on this in
+[Bots and Bridges](#bots-and-bridges).
+
+See the folder [system](system) for any service and target files.
+
+The folder [workers](workers) contains an example configuration for the
+`federation_reader` worker. Pay special attention to the name of the
+configuration file. In order to work with the `matrix-synapse-worker@.service`
+service, it needs to have the exact same name as the worker app.
+
+This setup expects neither the homeserver nor any workers to fork. Forking is
+handled by systemd.
+
+## Setup
+
+1. Adjust your matrix configs. Make sure that the worker config files have the
+exact same name as the worker app. Compare `matrix-synapse-worker@.service` for
+why. You can find an example worker config in the [workers](workers) folder. See
+below for relevant settings in the `homeserver.yaml`.
+2. Copy the `*.service` and `*.target` files in [system](system) to
+`/etc/systemd/system`.
+3. `systemctl enable matrix-synapse.service` this adds the homeserver
+app to the `matrix.target`
+4. *Optional.* `systemctl enable
+matrix-synapse-worker@federation_reader.service` this adds the federation_reader
+app to the `matrix-synapse.service`
+5. *Optional.* Repeat step 4 for any additional workers you require.
+6. *Optional.* Add any bots or bridges by enabling them.
+7. Start all matrix related services via `systemctl start matrix.target`
+8. *Optional.* Enable autostart of all matrix related services on system boot
+via `systemctl enable matrix.target`
+
+## Usage
+
+After you have setup you can use the following commands to manage your synapse
+installation:
+
+```
+# Start matrix-synapse, all workers and any enabled bots or bridges.
+systemctl start matrix.target
+
+# Restart matrix-synapse and all workers (not necessarily restarting bots
+# or bridges, see "Bots and Bridges")
+systemctl restart matrix-synapse.service
+
+# Stop matrix-synapse and all workers (not necessarily restarting bots
+# or bridges, see "Bots and Bridges")
+systemctl stop matrix-synapse.service
+
+# Restart a specific worker (i. e. federation_reader), the homeserver is
+# unaffected by this.
+systemctl restart matrix-synapse-worker@federation_reader.service
+
+# Add a new worker (assuming all configs are setup already)
+systemctl enable matrix-synapse-worker@federation_writer.service
+systemctl restart matrix-synapse.service
+```
+
+## The Configs
+
+Make sure the `worker_app` is set in the `homeserver.yaml` and it does not fork.
+
+```
+worker_app: synapse.app.homeserver 
+daemonize: false
+```
+
+None of the workers should fork, as forking is handled by systemd. Hence make
+sure this is present in all worker config files.
+
+```
+worker_daemonize: false
+```
+
+The config files of all workers are expected to be located in
+`/etc/matrix-synapse/workers`. If you want to use a different location you have
+to edit the provided `*.service` files accordingly.  
+
+## Bots and Bridges
+
+Most bots and bridges do not care if the homeserver goes down or is restarted.
+Depending on the implementation this may crash them though. So look up the docs
+or ask the community of the specific bridge or bot you want to run to make sure
+you choose the correct setup.
+
+Whichever configuration you choose, after the setup the following will enable
+automatically starting (and potentially restarting) your bot/bridge with the
+`matrix.target`.
+
+```
+systemctl enable <yourBotOrBridgeName>.service
+```
+
+**Note** that from an inactive synapse the bots/bridges will only be started with
+synapse if you start the `matrix.target`, not if you start the
+`matrix-synapse.service`. This is on purpose. Think of `matrix-synapse.service`
+as *just* synapse, but `matrix.target` being anything matrix related, including
+synapse and any and all enabled bots and bridges.
+
+### Start with synapse but ignore synapse going down
+
+If the bridge can handle shutdowns of the homeserver you'll want to install the
+service in the `matrix.target` and optionally add a
+`After=matrix-synapse.service` dependency to have the bot/bridge start after
+synapse on starting everything.
+
+In this case the service file should look like this.
+
+```
+[Unit]
+# ...
+# Optional, this will only ensure that if you start everything, synapse will
+# be started before the bot/bridge will be started.
+After=matrix-synapse.service
+
+[Service]
+# ...
+
+[Install]
+WantedBy=matrix.target
+```
+
+### Stop/restart when synapse stops/restarts
+
+If the bridge can't handle shutdowns of the homeserver you'll still want to
+install the service in the `matrix.target` but also have to specify the
+`After=matrix-synapse.service` *and* `BindsTo=matrix-synapse.service`
+dependencies to have the bot/bridge stop/restart with synapse.
+
+In this case the service file should look like this.
+
+```
+[Unit]
+# ...
+# Mandatory
+After=matrix-synapse.service
+BindsTo=matrix-synapse.service
+
+[Service]
+# ...
+
+[Install]
+WantedBy=matrix.target
+```

contrib/systemd-with-workers/system/matrix-synapse-worker@.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Synapse Matrix Worker
+After=matrix-synapse.service
+BindsTo=matrix-synapse.service
+
+[Service]
+Type=notify
+NotifyAccess=main
+User=matrix-synapse
+WorkingDirectory=/var/lib/matrix-synapse
+EnvironmentFile=/etc/default/matrix-synapse
+ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.%i --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+RestartSec=3
+SyslogIdentifier=matrix-synapse-%i
+
+[Install]
+WantedBy=matrix-synapse.service

contrib/systemd-with-workers/system/matrix-synapse.service

@@ -1,8 +1,5 @@
 [Unit]
-Description=Synapse master
-
-# This service should be restarted when the synapse target is restarted.
-PartOf=matrix-synapse.target
+Description=Synapse Matrix Homeserver
 
 [Service]
 Type=notify
@@ -18,4 +15,4 @@ RestartSec=3
 SyslogIdentifier=matrix-synapse
 
 [Install]
-WantedBy=matrix-synapse.target
+WantedBy=matrix.target

contrib/systemd-with-workers/system/matrix.target

@@ -0,0 +1,7 @@
+[Unit]
+Description=Contains matrix services like synapse, bridges and bots
+After=network.target
+AllowIsolate=no
+
+[Install]
+WantedBy=multi-user.target

contrib/systemd-with-workers/workers/federation_reader.yaml

@@ -10,4 +10,5 @@ worker_listeners:
       resources:
           - names: [federation]
 
+worker_daemonize: false
 worker_log_config: /etc/matrix-synapse/federation-reader-log.yaml

debian/changelog

@@ -1,32 +1,3 @@
-matrix-synapse-py3 (1.12.3ubuntu1) UNRELEASED; urgency=medium
-
-  * Add information about .well-known files to Debian installation scripts.
-
- -- Patrick Cloke <patrickc@matrix.org>  Mon, 06 Apr 2020 10:10:38 -0400
-
-matrix-synapse-py3 (1.12.3) stable; urgency=medium
-
-  [ Richard van der Hoff ]
-  * Update the Debian build scripts to handle the new installation paths
-   for the support libraries introduced by Pillow 7.1.1.
-
-  [ Synapse Packaging team ]
-  * New synapse release 1.12.3.
-
- -- Synapse Packaging team <packages@matrix.org>  Fri, 03 Apr 2020 10:55:03 +0100
-
-matrix-synapse-py3 (1.12.2) stable; urgency=medium
-
-  * New synapse release 1.12.2.
-
- -- Synapse Packaging team <packages@matrix.org>  Mon, 02 Apr 2020 19:02:17 +0000
-
-matrix-synapse-py3 (1.12.1) stable; urgency=medium
-
-  * New synapse release 1.12.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Mon, 02 Apr 2020 11:30:47 +0000
-
 matrix-synapse-py3 (1.12.0) stable; urgency=medium
 
   * New synapse release 1.12.0.

debian/po/templates.pot

@@ -1,14 +1,14 @@
 # SOME DESCRIPTIVE TITLE.
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the matrix-synapse-py3 package.
+# This file is distributed under the same license as the matrix-synapse package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: matrix-synapse-py3\n"
-"Report-Msgid-Bugs-To: matrix-synapse-py3@packages.debian.org\n"
-"POT-Creation-Date: 2020-04-06 16:39-0400\n"
+"Project-Id-Version: matrix-synapse\n"
+"Report-Msgid-Bugs-To: matrix-synapse@packages.debian.org\n"
+"POT-Creation-Date: 2017-02-21 07:51+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -28,10 +28,7 @@ msgstr ""
 #: ../templates:1001
 msgid ""
 "The name that this homeserver will appear as, to clients and other servers "
-"via federation. This is normally the public hostname of the server running "
-"synapse, but can be different if you set up delegation. Please refer to the "
-"delegation documentation in this case: https://github.com/matrix-org/synapse/"
-"blob/master/docs/delegate.md."
+"via federation. This name should match the SRV record published in DNS."
 msgstr ""
 
 #. Type: boolean

debian/rules

@@ -15,38 +15,17 @@ override_dh_installinit:
 # we don't really want to strip the symbols from our object files.
 override_dh_strip:
 
-# dh_shlibdeps calls dpkg-shlibdeps, which finds all the binary files
-# (executables and shared libs) in the package, and looks for the shared
-# libraries that they depend on. It then adds a dependency on the package that
-# contains that library to the package.
-#
-# We make two modifications to that process...
-#
 override_dh_shlibdeps:
-        # Firstly, postgres is not a hard dependency for us, so we want to make
-        # the things that psycopg2 depends on (such as libpq) be
-        # recommendations rather than hard dependencies. We do so by
-        # running dpkg-shlibdeps manually on psycopg2's libs.
-        #
+        # make the postgres package's dependencies a recommendation
+        # rather than a hard dependency.
 	find debian/$(PACKAGE_NAME)/ -path '*/site-packages/psycopg2/*.so' | \
 	    xargs dpkg-shlibdeps -Tdebian/$(PACKAGE_NAME).substvars \
 	        -pshlibs1 -dRecommends
 
-        # secondly, we exclude PIL's libraries from the process. They are known
-        # to be self-contained, but they have interdependencies and
-        # dpkg-shlibdeps doesn't know how to resolve them.
-        #
-        # As of Pillow 7.1.0, these libraries are in
-        # site-packages/Pillow.libs. Previously, they were in
-        # site-packages/PIL/.libs.
-        #
-        # (we also need to exclude psycopg2, of course, since we've already
-        # dealt with that.)
-        #
-	dh_shlibdeps \
-	    -X site-packages/PIL/.libs \
-	    -X site-packages/Pillow.libs \
-	    -X site-packages/psycopg2
+        # all the other dependencies can be normal 'Depends' requirements,
+        # except for PIL's, which is self-contained and which confuses
+        # dpkg-shlibdeps.
+	dh_shlibdeps -X site-packages/PIL/.libs -X site-packages/psycopg2
 
 override_dh_virtualenv:
 	./debian/build_virtualenv

debian/templates

@@ -2,10 +2,8 @@ Template: matrix-synapse/server-name
 Type: string
 _Description: Name of the server:
  The name that this homeserver will appear as, to clients and other
- servers via federation. This is normally the public hostname of the
- server running synapse, but can be different if you set up delegation.
- Please refer to the delegation documentation in this case:
- https://github.com/matrix-org/synapse/blob/master/docs/delegate.md.
+ servers via federation. This name should match the SRV record
+ published in DNS.
 
 Template: matrix-synapse/report-stats
 Type: boolean

docs/admin_api/room_membership.md

@@ -1,34 +0,0 @@
-# Edit Room Membership API
-
-This API allows an administrator to join an user account with a given `user_id`
-to a room with a given `room_id_or_alias`. You can only modify the membership of
-local users. The server administrator must be in the room and have permission to
-invite users.
-
-## Parameters
-
-The following parameters are available:
-
-* `user_id` - Fully qualified user: for example, `@user:server.com`.
-* `room_id_or_alias` - The room identifier or alias to join: for example,
-  `!636q39766251:server.com`.
-
-## Usage
-
-```
-POST /_synapse/admin/v1/join/<room_id_or_alias>
-
-{
-  "user_id": "@user:server.com"
-}
-```
-
-Including an `access_token` of a server admin.
-
-Response:
-
-```
-{
-  "room_id": "!636q39766251:server.com"
-}
-```

docs/dev/cas.md

@@ -1,64 +0,0 @@
-# How to test CAS as a developer without a server
-
-The [django-mama-cas](https://github.com/jbittel/django-mama-cas) project is an
-easy to run CAS implementation built on top of Django.
-
-## Prerequisites
-
-1. Create a new virtualenv: `python3 -m venv <your virtualenv>`
-2. Activate your virtualenv: `source /path/to/your/virtualenv/bin/activate`
-3. Install Django and django-mama-cas:
-   ```
-   python -m pip install "django<3" "django-mama-cas==2.4.0"
-   ```
-4. Create a Django project in the current directory:
-   ```
-   django-admin startproject cas_test .
-   ```
-5. Follow the [install directions](https://django-mama-cas.readthedocs.io/en/latest/installation.html#configuring) for django-mama-cas
-6. Setup the SQLite database: `python manage.py migrate`
-7. Create a user:
-   ```
-   python manage.py createsuperuser
-   ```
-   1. Use whatever you want as the username and password.
-   2. Leave the other fields blank.
-8. Use the built-in Django test server to serve the CAS endpoints on port 8000:
-   ```
-   python manage.py runserver
-   ```
-
-You should now have a Django project configured to serve CAS authentication with
-a single user created.
-
-## Configure Synapse (and Riot) to use CAS
-
-1. Modify your `homeserver.yaml` to enable CAS and point it to your locally
-   running Django test server:
-   ```yaml
-   cas_config:
-     enabled: true
-     server_url: "http://localhost:8000"
-     service_url: "http://localhost:8081"
-     #displayname_attribute: name
-     #required_attributes:
-     #    name: value
-   ```
-2. Restart Synapse.
-
-Note that the above configuration assumes the homeserver is running on port 8081
-and that the CAS server is on port 8000, both on localhost.
-
-## Testing the configuration
-
-Then in Riot:
-
-1. Visit the login page with a Riot pointing at your homeserver.
-2. Click the Single Sign-On button.
-3. Login using the credentials created with `createsuperuser`.
-4. You should be logged in.
-
-If you want to repeat this process you'll need to manually logout first:
-
-1. http://localhost:8000/admin/
-2. Click "logout" in the top right.

docs/dev/saml.md

@@ -18,13 +18,9 @@ To make Synapse (and therefore Riot) use it:
        metadata:
          local: ["samling.xml"]   
    ```
-5. Ensure that your `homeserver.yaml` has a setting for `public_baseurl`:
-   ```yaml
-   public_baseurl: http://localhost:8080/
-   ```
-6. Run `apt-get install xmlsec1` and `pip install --upgrade --force 'pysaml2>=4.5.0'` to ensure
+5. Run `apt-get install xmlsec1` and `pip install --upgrade --force 'pysaml2>=4.5.0'` to ensure
    the dependencies are installed and ready to go.
-7. Restart Synapse.
+6. Restart Synapse.
 
 Then in Riot:
 

docs/password_auth_providers.md

@@ -9,11 +9,7 @@ into Synapse, and provides a number of methods by which it can integrate
 with the authentication system.
 
 This document serves as a reference for those looking to implement their
-own password auth providers. Additionally, here is a list of known
-password auth provider module implementations:
-
-* [matrix-synapse-ldap3](https://github.com/matrix-org/matrix-synapse-ldap3/)
-* [matrix-synapse-shared-secret-auth](https://github.com/devture/matrix-synapse-shared-secret-auth)
+own password auth providers.
 
 ## Required methods
 

docs/postgres.md

@@ -61,33 +61,7 @@ Note that the PostgreSQL database *must* have the correct encoding set
 
 You may need to enable password authentication so `synapse_user` can
 connect to the database. See
-<https://www.postgresql.org/docs/current/auth-pg-hba-conf.html>.
-
-If you get an error along the lines of `FATAL:  Ident authentication failed for
-user "synapse_user"`, you may need to use an authentication method other than
-`ident`:
-
-* If the `synapse_user` user has a password, add the password to the `database:`
-  section of `homeserver.yaml`. Then add the following to `pg_hba.conf`:
-
-  ```
-  host    synapse     synapse_user    ::1/128     md5  # or `scram-sha-256` instead of `md5` if you use that
-  ```
-
-* If the `synapse_user` user does not have a password, then a password doesn't
-  have to be added to `homeserver.yaml`. But the following does need to be added
-  to `pg_hba.conf`:
-
-  ```
-  host    synapse     synapse_user    ::1/128     trust
-  ```
-
-Note that line order matters in `pg_hba.conf`, so make sure that if you do add a
-new line, it is inserted before:
-
-```
-host    all         all             ::1/128     ident
-```
+<https://www.postgresql.org/docs/11/auth-pg-hba-conf.html>.
 
 ### Fixing incorrect `COLLATE` or `CTYPE`
 

docs/reverse_proxy.md

@@ -42,9 +42,6 @@ the reverse proxy and the homeserver.
             location /_matrix {
                 proxy_pass http://localhost:8008;
                 proxy_set_header X-Forwarded-For $remote_addr;
-                # Nginx by default only allows file uploads up to 1M in size
-                # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
-                client_max_body_size 10M;
             }
         }
 

docs/sample_config.yaml

@@ -33,15 +33,10 @@ server_name: "SERVERNAME"
 #
 pid_file: DATADIR/homeserver.pid
 
-# The absolute URL to the web client which /_matrix/client will redirect
-# to if 'webclient' is configured under the 'listeners' configuration.
+# The path to the web client which will be served at /_matrix/client/
+# if 'webclient' is configured under the 'listeners' configuration.
 #
-# This option can be also set to the filesystem path to the web client
-# which will be served at /_matrix/client/ if 'webclient' is configured
-# under the 'listeners' configuration, however this is a security risk:
-# https://github.com/matrix-org/synapse#security-note
-#
-#web_client_location: https://riot.example.com/
+#web_client_location: "/path/to/web/root"
 
 # The public-facing base URL that clients use to access this HS
 # (not including _matrix/...). This is the same URL a user would
@@ -859,31 +854,6 @@ media_store_path: "DATADIR/media_store"
 #
 #max_spider_size: 10M
 
-# A list of values for the Accept-Language HTTP header used when
-# downloading webpages during URL preview generation. This allows
-# Synapse to specify the preferred languages that URL previews should
-# be in when communicating with remote servers.
-#
-# Each value is a IETF language tag; a 2-3 letter identifier for a
-# language, optionally followed by subtags separated by '-', specifying
-# a country or region variant.
-#
-# Multiple values can be provided, and a weight can be added to each by
-# using quality value syntax (;q=). '*' translates to any language.
-#
-# Defaults to "en".
-#
-# Example:
-#
-# url_preview_accept_language:
-#   - en-UK
-#   - en-US;q=0.9
-#   - fr;q=0.8
-#   - *;q=0.7
-#
-url_preview_accept_language:
-#   - en
-
 
 ## Captcha ##
 # See docs/CAPTCHA_SETUP for full details of configuring this.
@@ -902,6 +872,10 @@ url_preview_accept_language:
 #
 #enable_registration_captcha: false
 
+# A secret key used to bypass the captcha test entirely.
+#
+#captcha_bypass_secret: "YOUR_SECRET_HERE"
+
 # The API endpoint to use for verifying m.login.recaptcha responses.
 #
 #recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
@@ -1116,29 +1090,6 @@ account_threepid_delegates:
     #email: https://example.com     # Delegate email sending to example.com
     #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
 
-# Whether users are allowed to change their displayname after it has
-# been initially set. Useful when provisioning users based on the
-# contents of a third-party directory.
-#
-# Does not apply to server administrators. Defaults to 'true'
-#
-#enable_set_displayname: false
-
-# Whether users are allowed to change their avatar after it has been
-# initially set. Useful when provisioning users based on the contents
-# of a third-party directory.
-#
-# Does not apply to server administrators. Defaults to 'true'
-#
-#enable_set_avatar_url: false
-
-# Whether users can change the 3PIDs associated with their accounts
-# (email address and msisdn).
-#
-# Defaults to 'true'
-#
-#enable_3pid_changes: false
-
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #
@@ -1174,7 +1125,7 @@ account_threepid_delegates:
 # enabled by default, either for performance reasons or limited use.
 #
 metrics_flags:
-    # Publish synapse_federation_known_servers, a gauge of the number of
+    # Publish synapse_federation_known_servers, a g auge of the number of
     # servers this homeserver knows about, including itself. May cause
     # performance problems on large homeservers.
     #
@@ -1474,10 +1425,6 @@ sso:
     # phishing attacks from evil.site. To avoid this, include a slash after the
     # hostname: "https://my.client/".
     #
-    # If public_baseurl is set, then the login fallback page (used by clients
-    # that don't natively support the required login flows) is whitelisted in
-    # addition to any URLs in this list.
-    #
     # By default, this list is empty.
     #
     #client_whitelist:
@@ -1539,41 +1486,6 @@ password_config:
    #
    #pepper: "EVEN_MORE_SECRET"
 
-   # Define and enforce a password policy. Each parameter is optional.
-   # This is an implementation of MSC2000.
-   #
-   policy:
-      # Whether to enforce the password policy.
-      # Defaults to 'false'.
-      #
-      #enabled: true
-
-      # Minimum accepted length for a password.
-      # Defaults to 0.
-      #
-      #minimum_length: 15
-
-      # Whether a password must contain at least one digit.
-      # Defaults to 'false'.
-      #
-      #require_digit: true
-
-      # Whether a password must contain at least one symbol.
-      # A symbol is any character that's not a number or a letter.
-      # Defaults to 'false'.
-      #
-      #require_symbol: true
-
-      # Whether a password must contain at least one lowercase letter.
-      # Defaults to 'false'.
-      #
-      #require_lowercase: true
-
-      # Whether a password must contain at least one lowercase letter.
-      # Defaults to 'false'.
-      #
-      #require_uppercase: true
-
 
 # Configuration for sending emails from Synapse.
 #
@@ -1682,19 +1594,7 @@ email:
   #template_dir: "res/templates"
 
 
-# Password providers allow homeserver administrators to integrate
-# their Synapse installation with existing authentication methods
-# ex. LDAP, external tokens, etc.
-#
-# For more information and known implementations, please see
-# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md
-#
-# Note: instances wishing to use SAML or CAS authentication should
-# instead use the `saml2_config` or `cas_config` options,
-# respectively.
-#
-password_providers:
-#    # Example config for an LDAP auth provider
+#password_providers:
 #    - module: "ldap_auth_provider.LdapAuthProvider"
 #      config:
 #        enabled: true

docs/systemd-with-workers/README.md

@@ -1,67 +0,0 @@
-# Setting up Synapse with Workers and Systemd
-
-This is a setup for managing synapse with systemd, including support for
-managing workers. It provides a `matrix-synapse` service for the master, as
-well as a `matrix-synapse-worker@` service template for any workers you
-require. Additionally, to group the required services, it sets up a
-`matrix-synapse.target`.
-
-See the folder [system](system) for the systemd unit files.
-
-The folder [workers](workers) contains an example configuration for the
-`federation_reader` worker.
-
-## Synapse configuration files
-
-See [workers.md](../workers.md) for information on how to set up the
-configuration files and reverse-proxy correctly. You can find an example worker
-config in the [workers](workers) folder.
-
-Systemd manages daemonization itself, so ensure that none of the configuration
-files set either `daemonize` or `worker_daemonize`.
-
-The config files of all workers are expected to be located in
-`/etc/matrix-synapse/workers`. If you want to use a different location, edit
-the provided `*.service` files accordingly.
-
-There is no need for a separate configuration file for the master process.
-
-## Set up
-
-1. Adjust synapse configuration files as above.
-1. Copy the `*.service` and `*.target` files in [system](system) to
-`/etc/systemd/system`.
-1. Run `systemctl deamon-reload` to tell systemd to load the new unit files.
-1. Run `systemctl enable matrix-synapse.service`. This will configure the
-synapse master process to be started as part of the `matrix-synapse.target`
-target.
-1. For each worker process to be enabled, run `systemctl enable
-matrix-synapse-worker@<worker_name>.service`. For each `<worker_name>`, there
-should be a corresponding configuration file
-`/etc/matrix-synapse/workers/<worker_name>.yaml`.
-1. Start all the synapse processes with `systemctl start matrix-synapse.target`.
-1. Tell systemd to start synapse on boot with `systemctl enable matrix-synapse.target`/
-
-## Usage
-
-Once the services are correctly set up, you can use the following commands
-to manage your synapse installation:
-
-```sh
-# Restart Synapse master and all workers
-systemctl restart matrix-synapse.target
-
-# Stop Synapse and all workers
-systemctl stop matrix-synapse.target
-
-# Restart the master alone
-systemctl start matrix-synapse.service
-
-# Restart a specific worker (eg. federation_reader); the master is
-# unaffected by this.
-systemctl restart matrix-synapse-worker@federation_reader.service
-
-# Add a new worker (assuming all configs are set up already)
-systemctl enable matrix-synapse-worker@federation_writer.service
-systemctl restart matrix-synapse.target
-```

docs/systemd-with-workers/system/matrix-synapse-worker@.service

@@ -1,20 +0,0 @@
-[Unit]
-Description=Synapse %i
-
-# This service should be restarted when the synapse target is restarted.
-PartOf=matrix-synapse.target
-
-[Service]
-Type=notify
-NotifyAccess=main
-User=matrix-synapse
-WorkingDirectory=/var/lib/matrix-synapse
-EnvironmentFile=/etc/default/matrix-synapse
-ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-RestartSec=3
-SyslogIdentifier=matrix-synapse-%i
-
-[Install]
-WantedBy=matrix-synapse.target

docs/systemd-with-workers/system/matrix-synapse.target

@@ -1,6 +0,0 @@
-[Unit]
-Description=Synapse parent target
-After=network.target
-
-[Install]
-WantedBy=multi-user.target

docs/tcp_replication.md

@@ -198,12 +198,6 @@ Asks the server for the current position of all streams.
 
    A user has started or stopped syncing
 
-#### CLEAR_USER_SYNC (C)
-
-   The server should clear all associated user sync data from the worker.
-
-   This is used when a worker is shutting down.
-
 #### FEDERATION_ACK (C)
 
    Acknowledge receipt of some federation data

docs/turn-howto.md

@@ -11,13 +11,6 @@ TURN server.
 
 The following sections describe how to install [coturn](<https://github.com/coturn/coturn>) (which implements the TURN REST API) and integrate it with synapse.
 
-## Requirements
-
-For TURN relaying with `coturn` to work, it must be hosted on a server/endpoint with a public IP.
-
-Hosting TURN behind a NAT (even with appropriate port forwarding) is known to cause issues
-and to often not work.
-
 ## `coturn` Setup
 
 ### Initial installation

docs/workers.md

@@ -52,20 +52,24 @@ synapse process.)
 
 You then create a set of configs for the various worker processes.  These
 should be worker configuration files, and should be stored in a dedicated
-subdirectory, to allow synctl to manipulate them.
+subdirectory, to allow synctl to manipulate them. An additional configuration
+for the master synapse process will need to be created because the process will
+not be started automatically. That configuration should look like this:
+
+    worker_app: synapse.app.homeserver
+    daemonize: true
 
 Each worker configuration file inherits the configuration of the main homeserver
 configuration file.  You can then override configuration specific to that worker,
 e.g. the HTTP listener that it provides (if any); logging configuration; etc.
 You should minimise the number of overrides though to maintain a usable config.
 
-In the config file for each worker, you must specify the type of worker
-application (`worker_app`). The currently available worker applications are
-listed below. You must also specify the replication endpoints that it's talking
-to on the main synapse process.  `worker_replication_host` should specify the
-host of the main synapse, `worker_replication_port` should point to the TCP
-replication listener port and `worker_replication_http_port` should point to
-the HTTP replication port.
+You must specify the type of worker application (`worker_app`). The currently
+available worker applications are listed below. You must also specify the
+replication endpoints that it's talking to on the main synapse process.
+`worker_replication_host` should specify the host of the main synapse,
+`worker_replication_port` should point to the TCP replication listener port and
+`worker_replication_http_port` should point to the HTTP replication port.
 
 Currently, the `event_creator` and `federation_reader` workers require specifying
 `worker_replication_http_port`.
@@ -86,6 +90,8 @@ For instance:
          - names:
            - client
 
+    worker_daemonize: True
+    worker_pid_file: /home/matrix/synapse/synchrotron.pid
     worker_log_config: /home/matrix/synapse/config/synchrotron_log_config.yaml
 
 ...is a full configuration for a synchrotron worker instance, which will expose a
@@ -95,31 +101,7 @@ by the main synapse.
 Obviously you should configure your reverse-proxy to route the relevant
 endpoints to the worker (`localhost:8083` in the above example).
 
-Finally, you need to start your worker processes. This can be done with either
-`synctl` or your distribution's preferred service manager such as `systemd`. We
-recommend the use of `systemd` where available: for information on setting up
-`systemd` to start synapse workers, see
-[systemd-with-workers](systemd-with-workers). To use `synctl`, see below.
-
-### Using synctl
-
-If you want to use `synctl` to manage your synapse processes, you will need to
-create an an additional configuration file for the master synapse process. That
-configuration should look like this:
-
-```yaml
-worker_app: synapse.app.homeserver
-```
-
-Additionally, each worker app must be configured with the name of a "pid file",
-to which it will write its process ID when it starts. For example, for a
-synchrotron, you might write:
-
-```yaml
-worker_pid_file: /home/matrix/synapse/synchrotron.pid
-```
-
-Finally, to actually run your worker-based synapse, you must pass synctl the `-a`
+Finally, to actually run your worker-based synapse, you must pass synctl the -a
 commandline option to tell it to operate on all the worker configurations found
 in the given directory, e.g.:
 

synapse/__init__.py

@@ -36,7 +36,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.12.3"
+__version__ = "1.12.0"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when

synapse/api/constants.py

@@ -61,7 +61,6 @@ class LoginType(object):
     MSISDN = "m.login.msisdn"
     RECAPTCHA = "m.login.recaptcha"
     TERMS = "m.login.terms"
-    SSO = "org.matrix.login.sso"
     DUMMY = "m.login.dummy"
 
     # Only for C/S API v1

synapse/api/errors.py

@@ -64,13 +64,6 @@ class Codes(object):
     INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
     WRONG_ROOM_KEYS_VERSION = "M_WRONG_ROOM_KEYS_VERSION"
     EXPIRED_ACCOUNT = "ORG_MATRIX_EXPIRED_ACCOUNT"
-    PASSWORD_TOO_SHORT = "M_PASSWORD_TOO_SHORT"
-    PASSWORD_NO_DIGIT = "M_PASSWORD_NO_DIGIT"
-    PASSWORD_NO_UPPERCASE = "M_PASSWORD_NO_UPPERCASE"
-    PASSWORD_NO_LOWERCASE = "M_PASSWORD_NO_LOWERCASE"
-    PASSWORD_NO_SYMBOL = "M_PASSWORD_NO_SYMBOL"
-    PASSWORD_IN_DICTIONARY = "M_PASSWORD_IN_DICTIONARY"
-    WEAK_PASSWORD = "M_WEAK_PASSWORD"
     INVALID_SIGNATURE = "M_INVALID_SIGNATURE"
     USER_DEACTIVATED = "M_USER_DEACTIVATED"
     BAD_ALIAS = "M_BAD_ALIAS"
@@ -86,14 +79,7 @@ class CodeMessageException(RuntimeError):
 
     def __init__(self, code, msg):
         super(CodeMessageException, self).__init__("%d: %s" % (code, msg))
-
-        # Some calls to this method pass instances of http.HTTPStatus for `code`.
-        # While HTTPStatus is a subclass of int, it has magic __str__ methods
-        # which emit `HTTPStatus.FORBIDDEN` when converted to a str, instead of `403`.
-        # This causes inconsistency in our log lines.
-        #
-        # To eliminate this behaviour, we convert them to their integer equivalents here.
-        self.code = int(code)
+        self.code = code
         self.msg = msg
 
 
@@ -453,20 +439,6 @@ class IncompatibleRoomVersionError(SynapseError):
         return cs_error(self.msg, self.errcode, room_version=self._room_version)
 
 
-class PasswordRefusedError(SynapseError):
-    """A password has been refused, either during password reset/change or registration.
-    """
-
-    def __init__(
-        self,
-        msg="This password doesn't comply with the server's policy",
-        errcode=Codes.WEAK_PASSWORD,
-    ):
-        super(PasswordRefusedError, self).__init__(
-            code=400, msg=msg, errcode=errcode,
-        )
-
-
 class RequestSendFailed(RuntimeError):
     """Sending a HTTP request over federation failed due to not being able to
     talk to the remote server for some reason.

synapse/app/admin_cmd.py

@@ -43,6 +43,7 @@ from synapse.replication.slave.storage.push_rule import SlavedPushRuleStore
 from synapse.replication.slave.storage.receipts import SlavedReceiptsStore
 from synapse.replication.slave.storage.registration import SlavedRegistrationStore
 from synapse.replication.slave.storage.room import RoomStore
+from synapse.replication.tcp.client import ReplicationClientHandler
 from synapse.server import HomeServer
 from synapse.util.logcontext import LoggingContext
 from synapse.util.versionstring import get_version_string
@@ -78,6 +79,17 @@ class AdminCmdServer(HomeServer):
     def start_listening(self, listeners):
         pass
 
+    def build_tcp_replication(self):
+        return AdminCmdReplicationHandler(self)
+
+
+class AdminCmdReplicationHandler(ReplicationClientHandler):
+    async def on_rdata(self, stream_name, token, rows):
+        pass
+
+    def get_streams_to_replicate(self):
+        return {}
+
 
 @defer.inlineCallbacks
 def export_data_command(hs, args):

synapse/app/generic_worker.py

@@ -42,7 +42,7 @@ from synapse.handlers.presence import PresenceHandler, get_interested_parties
 from synapse.http.server import JsonResource
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.http.site import SynapseSite
-from synapse.logging.context import LoggingContext
+from synapse.logging.context import LoggingContext, run_in_background
 from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.replication.slave.storage._base import BaseSlavedStore, __func__
@@ -64,8 +64,7 @@ from synapse.replication.slave.storage.receipts import SlavedReceiptsStore
 from synapse.replication.slave.storage.registration import SlavedRegistrationStore
 from synapse.replication.slave.storage.room import RoomStore
 from synapse.replication.slave.storage.transactions import SlavedTransactionStore
-from synapse.replication.tcp.client import ReplicationDataHandler
-from synapse.replication.tcp.commands import ClearUserSyncsCommand
+from synapse.replication.tcp.client import ReplicationClientHandler
 from synapse.replication.tcp.streams import (
     AccountDataStream,
     DeviceListsStream,
@@ -125,6 +124,7 @@ from synapse.types import ReadReceipt
 from synapse.util.async_helpers import Linearizer
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.manhole import manhole
+from synapse.util.stringutils import random_string
 from synapse.util.versionstring import get_version_string
 
 logger = logging.getLogger("synapse.app.generic_worker")
@@ -233,7 +233,6 @@ class GenericWorkerPresence(object):
         self.user_to_num_current_syncs = {}
         self.clock = hs.get_clock()
         self.notifier = hs.get_notifier()
-        self.instance_id = hs.get_instance_id()
 
         active_presence = self.store.take_presence_startup_info()
         self.user_to_current_state = {state.user_id: state for state in active_presence}
@@ -246,24 +245,13 @@ class GenericWorkerPresence(object):
             self.send_stop_syncing, UPDATE_SYNCING_USERS_MS
         )
 
-        hs.get_reactor().addSystemEventTrigger(
-            "before",
-            "shutdown",
-            run_as_background_process,
-            "generic_presence.on_shutdown",
-            self._on_shutdown,
-        )
-
-    def _on_shutdown(self):
-        if self.hs.config.use_presence:
-            self.hs.get_tcp_replication().send_command(
-                ClearUserSyncsCommand(self.instance_id)
-            )
+        self.process_id = random_string(16)
+        logger.info("Presence process_id is %r", self.process_id)
 
     def send_user_sync(self, user_id, is_syncing, last_sync_ms):
         if self.hs.config.use_presence:
             self.hs.get_tcp_replication().send_user_sync(
-                self.instance_id, user_id, is_syncing, last_sync_ms
+                user_id, is_syncing, last_sync_ms
             )
 
     def mark_as_coming_online(self, user_id):
@@ -603,7 +591,7 @@ class GenericWorkerServer(HomeServer):
     def remove_pusher(self, app_id, push_key, user_id):
         self.get_tcp_replication().send_remove_pusher(app_id, push_key, user_id)
 
-    def build_replication_data_handler(self):
+    def build_tcp_replication(self):
         return GenericWorkerReplicationHandler(self)
 
     def build_presence_handler(self):
@@ -613,7 +601,7 @@ class GenericWorkerServer(HomeServer):
         return GenericWorkerTyping(self)
 
 
-class GenericWorkerReplicationHandler(ReplicationDataHandler):
+class GenericWorkerReplicationHandler(ReplicationClientHandler):
     def __init__(self, hs):
         super(GenericWorkerReplicationHandler, self).__init__(hs.get_datastore())
 
@@ -635,7 +623,7 @@ class GenericWorkerReplicationHandler(ReplicationDataHandler):
         await super(GenericWorkerReplicationHandler, self).on_rdata(
             stream_name, token, rows
         )
-        await self.process_and_notify(stream_name, token, rows)
+        run_in_background(self.process_and_notify, stream_name, token, rows)
 
     def get_streams_to_replicate(self):
         args = super(GenericWorkerReplicationHandler, self).get_streams_to_replicate()
@@ -644,12 +632,13 @@ class GenericWorkerReplicationHandler(ReplicationDataHandler):
             args.update(self.send_handler.stream_positions())
         return args
 
+    def get_currently_syncing_users(self):
+        return self.presence_handler.get_currently_syncing_users()
+
     async def process_and_notify(self, stream_name, token, rows):
         try:
             if self.send_handler:
-                await self.send_handler.process_replication_rows(
-                    stream_name, token, rows
-                )
+                self.send_handler.process_replication_rows(stream_name, token, rows)
 
             if stream_name == EventsStream.NAME:
                 # We shouldn't get multiple rows per token for events stream, so
@@ -781,12 +770,12 @@ class FederationSenderHandler(object):
     def stream_positions(self):
         return {"federation": self.federation_position}
 
-    async def process_replication_rows(self, stream_name, token, rows):
+    def process_replication_rows(self, stream_name, token, rows):
         # The federation stream contains things that we want to send out, e.g.
         # presence, typing, etc.
         if stream_name == "federation":
             send_queue.process_rows_for_federation(self.federation_sender, rows)
-            await self.update_token(token)
+            run_in_background(self.update_token, token)
 
         # We also need to poke the federation sender when new events happen
         elif stream_name == "events":
@@ -794,7 +783,9 @@ class FederationSenderHandler(object):
 
         # ... and when new receipts happen
         elif stream_name == ReceiptsStream.NAME:
-            await self._on_new_receipts(rows)
+            run_as_background_process(
+                "process_receipts_for_federation", self._on_new_receipts, rows
+            )
 
         # ... as well as device updates and messages
         elif stream_name == DeviceListsStream.NAME: