Add rudimentary API for promoting/demoting other people in a group

For https://github.com/matrix-org/synapse/issues/2855 (initial)

CHANGES.md

@@ -12,16 +12,6 @@ from Synapse as most users have updated their client. Further context can be
 found at [\#6766](https://github.com/matrix-org/synapse/issues/6766).
 
 
-Synapse 1.19.1rc1 (2020-08-25)
-==============================
-
-Bugfixes
---------
-
-- Fix a bug introduced in v1.19.0 where appservices with ratelimiting disabled would still be ratelimited when joining rooms. ([\#8139](https://github.com/matrix-org/synapse/issues/8139))
-- Fix a bug introduced in v1.19.0 that would cause e.g. profile updates to fail due to incorrect application of rate limits on join requests. ([\#8153](https://github.com/matrix-org/synapse/issues/8153))
-
-
 Synapse 1.19.0 (2020-08-17)
 ===========================
 

changelog.d/7377.misc

@@ -1 +0,0 @@
-Add filter `name` to the `/users` admin API, which filters by user ID or displayname. Contributed by Awesome Technologies Innovationslabor GmbH.

changelog.d/7438.feature

@@ -1 +0,0 @@
-Support `identifier` dictionary fields in User-Interactive Authentication flows. Relax requirement of the `user` parameter.

changelog.d/7991.misc

@@ -1 +0,0 @@
-Don't fail `/submit_token` requests on incorrect session ID if `request_token_inhibit_3pid_errors` is turned on.

changelog.d/8034.feature

@@ -1 +0,0 @@
-Add support for shadow-banning users (ignoring any message send requests).

changelog.d/8071.misc

@@ -1 +0,0 @@
-Convert various parts of the codebase to async/await.

changelog.d/8095.feature

@@ -1 +0,0 @@
-Add support for shadow-banning users (ignoring any message send requests).

changelog.d/8104.bugfix

@@ -1 +0,0 @@
-Fix a bug introduced in v1.7.2 impacting message retention policies that would allow federated homeservers to dictate a retention period that's lower than the configured minimum allowed duration in the configuration file.

changelog.d/8106.bugfix

@@ -1 +0,0 @@
-Fix a long-standing bug where invalid JSON would be accepted by Synapse.

changelog.d/8110.bugfix

@@ -1 +0,0 @@
-Fix a bug introduced in Synapse 1.12.0 which could cause `/sync` requests to fail with a 404 if you had a very old outstanding room invite.

changelog.d/8113.misc

@@ -1 +0,0 @@
-Separate `get_current_token` into two since there are two different use cases for it.

changelog.d/8116.feature

@@ -1 +0,0 @@
-Iteratively encode JSON to avoid blocking the reactor.

changelog.d/8119.misc

@@ -1 +0,0 @@
-Convert various parts of the codebase to async/await.

changelog.d/8120.doc

@@ -1 +0,0 @@
-Updated documentation to note that Synapse does not follow `HTTP 308` redirects due to an upstream library not supporting them. Contributed by Ryan Cole.

changelog.d/8121.misc

@@ -1 +0,0 @@
-Convert various parts of the codebase to async/await.

changelog.d/8123.misc

@@ -1 +0,0 @@
-Remove `ChainedIdGenerator`.

changelog.d/8124.misc

@@ -1 +0,0 @@
-Reduce the amount of whitespace in JSON stored and sent in responses.

changelog.d/8127.misc

@@ -1 +0,0 @@
-Add type hints to `synapse.storage.database`.

changelog.d/8129.bugfix

@@ -1 +0,0 @@
-Return a proper error code when the rooms of an invalid group are requested.

changelog.d/8131.bugfix

@@ -1 +0,0 @@
-Fix a bug which could cause a leaked postgres connection if synapse was set to daemonize.

changelog.d/8132.misc

@@ -1 +0,0 @@
-Micro-optimisations to get_auth_chain_ids.

changelog.d/8133.misc

@@ -1 +0,0 @@
-Convert various parts of the codebase to async/await.

changelog.d/8135.bugfix

@@ -1 +0,0 @@
-Clarify the error code if a user tries to register with a numeric ID. This bug was introduced in v1.15.0.

changelog.d/8139.bugfix

@@ -1 +0,0 @@
-Fixes a bug where appservices with ratelimiting disabled would still be ratelimited when joining rooms. This bug was introduced in v1.19.0. 

changelog.d/8140.misc

@@ -1 +0,0 @@
-Add type hints to `synapse.state`.

changelog.d/8142.feature

@@ -1 +0,0 @@
-Add support for shadow-banning users (ignoring any message send requests).

changelog.d/8147.docker

@@ -1 +0,0 @@
-Added curl for healthcheck support and readme updates for the change. Contributed by @maquis196.

changelog.d/8152.feature

@@ -1 +0,0 @@
-Add support for shadow-banning users (ignoring any message send requests).

changelog.d/8158.feature

@@ -1 +0,0 @@
- Add support for shadow-banning users (ignoring any message send requests).

changelog.d/8161.misc

@@ -1 +0,0 @@
-Refactor `StreamIdGenerator` and `MultiWriterIdGenerator` to have the same interface.

changelog.d/8163.misc

@@ -1 +0,0 @@
-Add filter `name` to the `/users` admin API, which filters by user ID or displayname. Contributed by Awesome Technologies Innovationslabor GmbH.

changelog.d/8164.misc

@@ -1 +0,0 @@
-Add functions to `MultiWriterIdGen` used by events stream.

docker/Dockerfile

@@ -55,7 +55,6 @@ RUN pip install --prefix="/install" --no-warn-script-location \
 FROM docker.io/python:${PYTHON_VERSION}-slim
 
 RUN apt-get update && apt-get install -y \
-    curl \
     libpq5 \
     xmlsec1 \
     gosu \
@@ -70,6 +69,3 @@ VOLUME ["/data"]
 EXPOSE 8008/tcp 8009/tcp 8448/tcp
 
 ENTRYPOINT ["/start.py"]
-
-HEALTHCHECK --interval=1m --timeout=5s \
-  CMD curl -fSs http://localhost:8008/health || exit 1

docker/README.md

@@ -162,32 +162,3 @@ docker build -t matrixdotorg/synapse -f docker/Dockerfile .
 
 You can choose to build a different docker image by changing the value of the `-f` flag to
 point to another Dockerfile.
-
-## Disabling the healthcheck
-
-If you are using a non-standard port or tls inside docker you can disable the healthcheck
-whilst running the above `docker run` commands. 
-
-```
-   --no-healthcheck
-```
-## Setting custom healthcheck on docker run
-
-If you wish to point the healthcheck at a different port with docker command, add the following
-
-```
-  --health-cmd 'curl -fSs http://localhost:1234/health'
-```
-
-## Setting the healthcheck in docker-compose file
-
-You can add the following to set a custom healthcheck in a docker compose file.
-You will need version >2.1 for this to work. 
-
-```
-healthcheck:
-  test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
-  interval: 1m
-  timeout: 10s
-  retries: 3
-```

docs/admin_api/user_admin_api.rst

@@ -108,7 +108,7 @@ The api is::
 
     GET /_synapse/admin/v2/users?from=0&limit=10&guests=false
 
-To use it, you will need to authenticate by providing an ``access_token`` for a
+To use it, you will need to authenticate by providing an `access_token` for a
 server admin: see `README.rst <README.rst>`_.
 
 The parameter ``from`` is optional but used for pagination, denoting the
@@ -119,11 +119,8 @@ from a previous call.
 The parameter ``limit`` is optional but is used for pagination, denoting the
 maximum number of items to return in this call. Defaults to ``100``.
 
-The parameter ``user_id`` is optional and filters to only return users with user IDs
-that contain this value. This parameter is ignored when using the ``name`` parameter.
-
-The parameter ``name`` is optional and filters to only return users with user ID localparts
-**or** displaynames that contain this value.
+The parameter ``user_id`` is optional and filters to only users with user IDs
+that contain this value.
 
 The parameter ``guests`` is optional and if ``false`` will **exclude** guest users.
 Defaults to ``true`` to include guest users.

docs/federate.md

@@ -47,18 +47,6 @@ you invite them to. This can be caused by an incorrectly-configured reverse
 proxy: see [reverse_proxy.md](<reverse_proxy.md>) for instructions on how to correctly
 configure a reverse proxy.
 
-### Known issues
-
-**HTTP `308 Permanent Redirect` redirects are not followed**: Due to missing features
-in the HTTP library used by Synapse, 308 redirects are currently not followed by
-federating servers, which can cause `M_UNKNOWN` or `401 Unauthorized` errors. This
-may affect users who are redirecting apex-to-www (e.g. `example.com` -> `www.example.com`),
-and especially users of the Kubernetes *Nginx Ingress* module, which uses 308 redirect
-codes by default. For those Kubernetes users, [this Stackoverflow post](https://stackoverflow.com/a/52617528/5096871) 
-might be helpful. For other users, switching to a `301 Moved Permanently` code may be
-an option. 308 redirect codes will be supported properly in a future
-release of Synapse.
-
 ## Running a demo federation of Synapses
 
 If you want to get up and running quickly with a trio of homeservers in a

docs/sample_config.yaml

@@ -378,10 +378,11 @@ retention:
   #  min_lifetime: 1d
   #  max_lifetime: 1y
 
-  # Retention policy limits. If set, and the state of a room contains a
-  # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
-  # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
-  # to these limits when running purge jobs.
+  # Retention policy limits. If set, a user won't be able to send a
+  # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
+  # that's not within this range. This is especially useful in closed federations,
+  # in which server admins can make sure every federating server applies the same
+  # rules.
   #
   #allowed_lifetime_min: 1d
   #allowed_lifetime_max: 1y
@@ -407,19 +408,12 @@ retention:
   # (e.g. every 12h), but not want that purge to be performed by a job that's
   # iterating over every room it knows, which could be heavy on the server.
   #
-  # If any purge job is configured, it is strongly recommended to have at least
-  # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
-  # set, or one job without 'shortest_max_lifetime' and one job without
-  # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
-  # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
-  # room's policy to these values is done after the policies are retrieved from
-  # Synapse's database (which is done using the range specified in a purge job's
-  # configuration).
-  #
   #purge_jobs:
-  #  - longest_max_lifetime: 3d
+  #  - shortest_max_lifetime: 1d
+  #    longest_max_lifetime: 3d
   #    interval: 12h
   #  - shortest_max_lifetime: 3d
+  #    longest_max_lifetime: 1y
   #    interval: 1d
 
 # Inhibits the /requestToken endpoints from returning an error that might leak

stubs/frozendict.pyi

@@ -1,47 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2020 The Matrix.org Foundation C.I.C.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Stub for frozendict.
-
-from typing import (
-    Any,
-    Hashable,
-    Iterable,
-    Iterator,
-    Mapping,
-    overload,
-    Tuple,
-    TypeVar,
-)
-
-_KT = TypeVar("_KT", bound=Hashable)  # Key type.
-_VT = TypeVar("_VT")  # Value type.
-
-class frozendict(Mapping[_KT, _VT]):
-    @overload
-    def __init__(self, **kwargs: _VT) -> None: ...
-    @overload
-    def __init__(self, __map: Mapping[_KT, _VT], **kwargs: _VT) -> None: ...
-    @overload
-    def __init__(
-        self, __iterable: Iterable[Tuple[_KT, _VT]], **kwargs: _VT
-    ) -> None: ...
-    def __getitem__(self, key: _KT) -> _VT: ...
-    def __contains__(self, key: Any) -> bool: ...
-    def copy(self, **add_or_replace: Any) -> frozendict: ...
-    def __iter__(self) -> Iterator[_KT]: ...
-    def __len__(self) -> int: ...
-    def __repr__(self) -> str: ...
-    def __hash__(self) -> int: ...

synapse/__init__.py

@@ -48,7 +48,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.19.1rc1"
+__version__ = "1.19.0"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when

synapse/api/errors.py

@@ -21,9 +21,9 @@ import typing
 from http import HTTPStatus
 from typing import Dict, List, Optional, Union
 
-from twisted.web import http
+from canonicaljson import json
 
-from synapse.util import json_decoder
+from twisted.web import http
 
 if typing.TYPE_CHECKING:
     from synapse.types import JsonDict
@@ -593,7 +593,7 @@ class HttpResponseException(CodeMessageException):
         # try to parse the body as json, to get better errcode/msg, but
         # default to M_UNKNOWN with the HTTP status as the error text
         try:
-            j = json_decoder.decode(self.response.decode("utf-8"))
+            j = json.loads(self.response.decode("utf-8"))
         except ValueError:
             j = {}
 
@@ -604,11 +604,3 @@ class HttpResponseException(CodeMessageException):
         errmsg = j.pop("error", self.msg)
 
         return ProxiedRequestError(self.code, errmsg, errcode, j)
-
-
-class ShadowBanError(Exception):
-    """
-    Raised when a shadow-banned user attempts to perform an action.
-
-    This should be caught and a proper "fake" success response sent to the user.
-    """

synapse/api/ratelimiting.py

@@ -17,7 +17,6 @@ from collections import OrderedDict
 from typing import Any, Optional, Tuple
 
 from synapse.api.errors import LimitExceededError
-from synapse.types import Requester
 from synapse.util import Clock
 
 
@@ -44,42 +43,6 @@ class Ratelimiter(object):
         #   * The rate_hz of this particular entry. This can vary per request
         self.actions = OrderedDict()  # type: OrderedDict[Any, Tuple[float, int, float]]
 
-    def can_requester_do_action(
-        self,
-        requester: Requester,
-        rate_hz: Optional[float] = None,
-        burst_count: Optional[int] = None,
-        update: bool = True,
-        _time_now_s: Optional[int] = None,
-    ) -> Tuple[bool, float]:
-        """Can the requester perform the action?
-
-        Args:
-            requester: The requester to key off when rate limiting. The user property
-                will be used.
-            rate_hz: The long term number of actions that can be performed in a second.
-                Overrides the value set during instantiation if set.
-            burst_count: How many actions that can be performed before being limited.
-                Overrides the value set during instantiation if set.
-            update: Whether to count this check as performing the action
-            _time_now_s: The current time. Optional, defaults to the current time according
-                to self.clock. Only used by tests.
-
-        Returns:
-            A tuple containing:
-                * A bool indicating if they can perform the action now
-                * The reactor timestamp for when the action can be performed next.
-                  -1 if rate_hz is less than or equal to zero
-        """
-        # Disable rate limiting of users belonging to any AS that is configured
-        # not to be rate limited in its registration file (rate_limited: true|false).
-        if requester.app_service and not requester.app_service.is_rate_limited():
-            return True, -1.0
-
-        return self.can_do_action(
-            requester.user.to_string(), rate_hz, burst_count, update, _time_now_s
-        )
-
     def can_do_action(
         self,
         key: Any,

synapse/config/server.py

@@ -961,10 +961,11 @@ class ServerConfig(Config):
           #  min_lifetime: 1d
           #  max_lifetime: 1y
 
-          # Retention policy limits. If set, and the state of a room contains a
-          # 'm.room.retention' event in its state which contains a 'min_lifetime' or a
-          # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
-          # to these limits when running purge jobs.
+          # Retention policy limits. If set, a user won't be able to send a
+          # 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
+          # that's not within this range. This is especially useful in closed federations,
+          # in which server admins can make sure every federating server applies the same
+          # rules.
           #
           #allowed_lifetime_min: 1d
           #allowed_lifetime_max: 1y
@@ -990,19 +991,12 @@ class ServerConfig(Config):
           # (e.g. every 12h), but not want that purge to be performed by a job that's
           # iterating over every room it knows, which could be heavy on the server.
           #
-          # If any purge job is configured, it is strongly recommended to have at least
-          # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
-          # set, or one job without 'shortest_max_lifetime' and one job without
-          # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
-          # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
-          # room's policy to these values is done after the policies are retrieved from
-          # Synapse's database (which is done using the range specified in a purge job's
-          # configuration).
-          #
           #purge_jobs:
-          #  - longest_max_lifetime: 3d
+          #  - shortest_max_lifetime: 1d
+          #    longest_max_lifetime: 3d
           #    interval: 12h
           #  - shortest_max_lifetime: 3d
+          #    longest_max_lifetime: 1y
           #    interval: 1d
 
         # Inhibits the /requestToken endpoints from returning an error that might leak

synapse/crypto/keyring.py

@@ -757,8 +757,9 @@ class ServerKeyFetcher(BaseV2KeyFetcher):
             except Exception:
                 logger.exception("Error getting keys %s from %s", key_ids, server_name)
 
-        await yieldable_gather_results(get_key, keys_to_fetch.items())
-        return results
+        return await yieldable_gather_results(
+            get_key, keys_to_fetch.items()
+        ).addCallback(lambda _: results)
 
     async def get_server_verify_key_v2_direct(self, server_name, key_ids):
         """
@@ -768,7 +769,7 @@ class ServerKeyFetcher(BaseV2KeyFetcher):
             key_ids (iterable[str]):
 
         Returns:
-            dict[str, FetchKeyResult]: map from key ID to lookup result
+            Deferred[dict[str, FetchKeyResult]]: map from key ID to lookup result
 
         Raises:
             KeyLookupError if there was a problem making the lookup

synapse/event_auth.py

@@ -47,7 +47,7 @@ def check(
     Args:
         room_version_obj: the version of the room
         event: the event being checked.
-        auth_events: the existing room state.
+        auth_events (dict: event-key -> event): the existing room state.
 
     Raises:
         AuthError if the checks fail

synapse/events/__init__.py

@@ -133,8 +133,6 @@ class _EventInternalMetadata(object):
         rejection. This is needed as those events are marked as outliers, but
         they still need to be processed as if they're new events (e.g. updating
         invite state in the database, relaying to clients, etc).
-
-        (Added in synapse 0.99.0, so may be unreliable for events received before that)
         """
         return self._dict.get("out_of_band_membership", False)
 

synapse/events/spamcheck.py

@@ -15,10 +15,9 @@
 # limitations under the License.
 
 import inspect
-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any, Dict, List
 
-from synapse.spam_checker_api import RegistrationBehaviour, SpamCheckerApi
-from synapse.types import Collection
+from synapse.spam_checker_api import SpamCheckerApi
 
 MYPY = False
 if MYPY:
@@ -161,33 +160,3 @@ class SpamChecker(object):
                     return True
 
         return False
-
-    def check_registration_for_spam(
-        self,
-        email_threepid: Optional[dict],
-        username: Optional[str],
-        request_info: Collection[Tuple[str, str]],
-    ) -> RegistrationBehaviour:
-        """Checks if we should allow the given registration request.
-
-        Args:
-            email_threepid: The email threepid used for registering, if any
-            username: The request user name, if any
-            request_info: List of tuples of user agent and IP that
-                were used during the registration process.
-
-        Returns:
-            Enum for how the request should be handled
-        """
-
-        for spam_checker in self.spam_checkers:
-            # For backwards compatibility, only run if the method exists on the
-            # spam checker
-            checker = getattr(spam_checker, "check_registration_for_spam", None)
-            if checker:
-                behaviour = checker(email_threepid, username, request_info)
-                assert isinstance(behaviour, RegistrationBehaviour)
-                if behaviour != RegistrationBehaviour.ALLOW:
-                    return behaviour
-
-        return RegistrationBehaviour.ALLOW

synapse/events/validator.py

@@ -74,14 +74,15 @@ class EventValidator(object):
                         )
 
         if event.type == EventTypes.Retention:
-            self._validate_retention(event)
+            self._validate_retention(event, config)
 
-    def _validate_retention(self, event):
+    def _validate_retention(self, event, config):
         """Checks that an event that defines the retention policy for a room respects the
-        format enforced by the spec.
+        boundaries imposed by the server's administrator.
 
         Args:
             event (FrozenEvent): The event to validate.
+            config (Config): The homeserver's configuration.
         """
         min_lifetime = event.content.get("min_lifetime")
         max_lifetime = event.content.get("max_lifetime")
@@ -94,6 +95,32 @@ class EventValidator(object):
                     errcode=Codes.BAD_JSON,
                 )
 
+            if (
+                config.retention_allowed_lifetime_min is not None
+                and min_lifetime < config.retention_allowed_lifetime_min
+            ):
+                raise SynapseError(
+                    code=400,
+                    msg=(
+                        "'min_lifetime' can't be lower than the minimum allowed"
+                        " value enforced by the server's administrator"
+                    ),
+                    errcode=Codes.BAD_JSON,
+                )
+
+            if (
+                config.retention_allowed_lifetime_max is not None
+                and min_lifetime > config.retention_allowed_lifetime_max
+            ):
+                raise SynapseError(
+                    code=400,
+                    msg=(
+                        "'min_lifetime' can't be greater than the maximum allowed"
+                        " value enforced by the server's administrator"
+                    ),
+                    errcode=Codes.BAD_JSON,
+                )
+
         if max_lifetime is not None:
             if not isinstance(max_lifetime, int):
                 raise SynapseError(
@@ -102,6 +129,32 @@ class EventValidator(object):
                     errcode=Codes.BAD_JSON,
                 )
 
+            if (
+                config.retention_allowed_lifetime_min is not None
+                and max_lifetime < config.retention_allowed_lifetime_min
+            ):
+                raise SynapseError(
+                    code=400,
+                    msg=(
+                        "'max_lifetime' can't be lower than the minimum allowed value"
+                        " enforced by the server's administrator"
+                    ),
+                    errcode=Codes.BAD_JSON,
+                )
+
+            if (
+                config.retention_allowed_lifetime_max is not None
+                and max_lifetime > config.retention_allowed_lifetime_max
+            ):
+                raise SynapseError(
+                    code=400,
+                    msg=(
+                        "'max_lifetime' can't be greater than the maximum allowed"
+                        " value enforced by the server's administrator"
+                    ),
+                    errcode=Codes.BAD_JSON,
+                )
+
         if (
             min_lifetime is not None
             and max_lifetime is not None

synapse/federation/federation_server.py

@@ -28,6 +28,7 @@ from typing import (
     Union,
 )
 
+from canonicaljson import json
 from prometheus_client import Counter, Histogram
 
 from twisted.internet import defer
@@ -62,7 +63,7 @@ from synapse.replication.http.federation import (
     ReplicationGetQueryRestServlet,
 )
 from synapse.types import JsonDict, get_domain_from_id
-from synapse.util import glob_to_regex, json_decoder, unwrapFirstError
+from synapse.util import glob_to_regex, unwrapFirstError
 from synapse.util.async_helpers import Linearizer, concurrently_execute
 from synapse.util.caches.response_cache import ResponseCache
 
@@ -550,7 +551,7 @@ class FederationServer(FederationBase):
             for device_id, keys in device_keys.items():
                 for key_id, json_str in keys.items():
                     json_result.setdefault(user_id, {})[device_id] = {
-                        key_id: json_decoder.decode(json_str)
+                        key_id: json.loads(json_str)
                     }
 
         logger.info(

synapse/federation/sender/__init__.py

@@ -329,10 +329,10 @@ class FederationSender(object):
         room_id = receipt.room_id
 
         # Work out which remote servers should be poked and poke them.
-        domains_set = await self.state.get_current_hosts_in_room(room_id)
+        domains = await self.state.get_current_hosts_in_room(room_id)
         domains = [
             d
-            for d in domains_set
+            for d in domains
             if d != self.server_name
             and self._federation_shard_config.should_handle(self._instance_name, d)
         ]

synapse/federation/sender/transaction_manager.py

@@ -15,6 +15,8 @@
 import logging
 from typing import TYPE_CHECKING, List, Tuple
 
+from canonicaljson import json
+
 from synapse.api.errors import HttpResponseException
 from synapse.events import EventBase
 from synapse.federation.persistence import TransactionActions
@@ -26,7 +28,6 @@ from synapse.logging.opentracing import (
     tags,
     whitelisted_homeserver,
 )
-from synapse.util import json_decoder
 from synapse.util.metrics import measure_func
 
 if TYPE_CHECKING:
@@ -70,7 +71,7 @@ class TransactionManager(object):
         for edu in pending_edus:
             context = edu.get_context()
             if context:
-                span_contexts.append(extract_text_map(json_decoder.decode(context)))
+                span_contexts.append(extract_text_map(json.loads(context)))
             if keep_destination:
                 edu.strip_context()
 

synapse/groups/groups_server.py

@@ -719,6 +719,27 @@ class GroupsServerHandler(GroupsServerWorkerHandler):
 
         raise NotImplementedError()
 
+    async def change_user_admin_in_group(
+        self, group_id, user_id, want_admin, requester_user_id, content
+    ):
+        """Promotes or demotes a user in a group.
+        """
+
+        await self.check_group_is_ours(group_id, requester_user_id, and_exists=True)
+
+        if requester_user_id == user_id:
+            raise SynapseError(400, "User cannot target themselves")
+
+        is_admin = await self.store.is_user_admin_in_group(
+            group_id, requester_user_id
+        )
+        if not is_admin:
+            raise SynapseError(403, "User is not admin in group")
+
+        await self.store.change_user_admin_in_group(group_id, user_id, want_admin)
+
+        return {}
+
     async def remove_user_from_group(
         self, group_id, user_id, requester_user_id, content
     ):

synapse/handlers/auth.py

@@ -38,14 +38,12 @@ from synapse.api.ratelimiting import Ratelimiter
 from synapse.handlers.ui_auth import INTERACTIVE_AUTH_CHECKERS
 from synapse.handlers.ui_auth.checkers import UserInteractiveAuthChecker
 from synapse.http.server import finish_request, respond_with_html
-from synapse.http.servlet import assert_params_in_dict
 from synapse.http.site import SynapseRequest
 from synapse.logging.context import defer_to_thread
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.module_api import ModuleApi
 from synapse.types import Requester, UserID
 from synapse.util import stringutils as stringutils
-from synapse.util.msisdn import phone_number_to_msisdn
 from synapse.util.threepids import canonicalise_email
 
 from ._base import BaseHandler
@@ -53,82 +51,6 @@ from ._base import BaseHandler
 logger = logging.getLogger(__name__)
 
 
-def client_dict_convert_legacy_fields_to_identifier(
-    submission: Dict[str, Union[str, Dict]]
-):
-    """
-    Convert a legacy-formatted login submission to an identifier dict.
-
-    Legacy login submissions (used in both login and user-interactive authentication)
-    provide user-identifying information at the top-level instead of in an `indentifier`
-    property. This is now deprecated and replaced with identifiers:
-    https://matrix.org/docs/spec/client_server/r0.6.1#identifier-types
-
-    Args:
-        submission: The client dict to convert. Passed by reference and modified
-
-    Raises:
-        SynapseError: If the format of the client dict is invalid
-    """
-    if "user" in submission:
-        submission["identifier"] = {"type": "m.id.user", "user": submission.pop("user")}
-
-    if "medium" in submission and "address" in submission:
-        submission["identifier"] = {
-            "type": "m.id.thirdparty",
-            "medium": submission.pop("medium"),
-            "address": submission.pop("address"),
-        }
-
-    # We've converted valid, legacy login submissions to an identifier. If the
-    # dict still doesn't have an identifier, it's invalid
-    assert_params_in_dict(submission, required=["identifier"])
-
-    # Ensure the identifier has a type
-    if "type" not in submission["identifier"]:
-        raise SynapseError(
-            400, "'identifier' dict has no key 'type'", errcode=Codes.MISSING_PARAM,
-        )
-
-
-def login_id_phone_to_thirdparty(identifier: Dict[str, str]) -> Dict[str, str]:
-    """Convert a phone login identifier type to a generic threepid identifier.
-
-    Args:
-        identifier: Login identifier dict of type 'm.id.phone'
-
-    Returns:
-        An equivalent m.id.thirdparty identifier dict.
-    """
-    if "type" not in identifier:
-        raise SynapseError(
-            400, "Invalid phone-type identifier", errcode=Codes.MISSING_PARAM
-        )
-
-    if "country" not in identifier or (
-        # XXX: We used to require `number` instead of `phone`. The spec
-        # defines `phone`. So accept both
-        "phone" not in identifier
-        and "number" not in identifier
-    ):
-        raise SynapseError(
-            400, "Invalid phone-type identifier", errcode=Codes.INVALID_PARAM
-        )
-
-    # Accept both "phone" and "number" as valid keys in m.id.phone
-    phone_number = identifier.get("phone", identifier.get("number"))
-
-    # Convert user-provided phone number to a consistent representation
-    msisdn = phone_number_to_msisdn(identifier["country"], phone_number)
-
-    # Return the new dictionary
-    return {
-        "type": "m.id.thirdparty",
-        "medium": "msisdn",
-        "address": msisdn,
-    }
-
-
 class AuthHandler(BaseHandler):
     SESSION_EXPIRE_MS = 48 * 60 * 60 * 1000
 
@@ -397,7 +319,7 @@ class AuthHandler(BaseHandler):
             # otherwise use whatever was last provided.
             #
             # This was designed to allow the client to omit the parameters
-            # and just supply the session in subsequent calls. So it splits
+            # and just supply the session in subsequent calls so it split
             # auth between devices by just sharing the session, (eg. so you
             # could continue registration from your phone having clicked the
             # email auth link on there). It's probably too open to abuse
@@ -442,14 +364,6 @@ class AuthHandler(BaseHandler):
             # authentication flow.
             await self.store.set_ui_auth_clientdict(sid, clientdict)
 
-        user_agent = request.requestHeaders.getRawHeaders(b"User-Agent", default=[b""])[
-            0
-        ].decode("ascii", "surrogateescape")
-
-        await self.store.add_user_agent_ip_to_ui_auth_session(
-            session.session_id, user_agent, clientip
-        )
-
         if not authdict:
             raise InteractiveAuthIncompleteError(
                 session.session_id, self._auth_dict_for_flows(flows, session.session_id)
@@ -602,129 +516,16 @@ class AuthHandler(BaseHandler):
             res = await checker.check_auth(authdict, clientip=clientip)
             return res
 
-        # We don't have a checker for the auth type provided by the client
-        # Assume that it is `m.login.password`.
-        if login_type != LoginType.PASSWORD:
-            raise SynapseError(
-                400, "Unknown authentication type", errcode=Codes.INVALID_PARAM,
-            )
+        # build a v1-login-style dict out of the authdict and fall back to the
+        # v1 code
+        user_id = authdict.get("user")
 
-        password = authdict.get("password")
-        if password is None:
-            raise SynapseError(
-                400,
-                "Missing parameter for m.login.password dict: 'password'",
-                errcode=Codes.INVALID_PARAM,
-            )
-
-        # Retrieve the user ID using details provided in the authdict
-
-        # Deprecation notice: Clients used to be able to simply provide a
-        # `user` field which pointed to a user_id or localpart. This has
-        # been deprecated in favour of an `identifier` key, which is a
-        # dictionary providing information on how to identify a single
-        # user.
-        # https://matrix.org/docs/spec/client_server/r0.6.1#identifier-types
-        #
-        # We convert old-style dicts to new ones here
-        client_dict_convert_legacy_fields_to_identifier(authdict)
-
-        # Extract a user ID from the values in the identifier
-        username = await self.username_from_identifier(authdict["identifier"], password)
-
-        if username is None:
-            raise SynapseError(400, "Valid username not found")
-
-        # Now that we've found the username, validate that the password is correct
-        canonical_id, _ = await self.validate_login(username, authdict)
+        if user_id is None:
+            raise SynapseError(400, "", Codes.MISSING_PARAM)
 
+        (canonical_id, callback) = await self.validate_login(user_id, authdict)
         return canonical_id
 
-    async def username_from_identifier(
-        self, identifier: Dict[str, str], password: Optional[str] = None
-    ) -> Optional[str]:
-        """Given a dictionary containing an identifier from a client, extract the
-        possibly unqualified username of the user that it identifies. Does *not*
-        guarantee that the user exists.
-
-        If this identifier dict contains a threepid, we attempt to ask password
-        auth providers about it or, failing that, look up an associated user in
-        the database.
-
-        Args:
-            identifier: The identifier dictionary provided by the client
-            password: The user provided password if one exists. Used for asking
-                password auth providers for usernames from 3pid+password combos.
-
-        Returns:
-            A username if one was found, or None otherwise
-
-        Raises:
-            SynapseError: If the identifier dict is invalid
-        """
-
-        # Convert phone type identifiers to generic threepid identifiers, which
-        # will be handled in the next step
-        if identifier["type"] == "m.id.phone":
-            identifier = login_id_phone_to_thirdparty(identifier)
-
-        # Convert a threepid identifier to an user identifier
-        if identifier["type"] == "m.id.thirdparty":
-            address = identifier.get("address")
-            medium = identifier.get("medium")
-
-            if not medium or not address:
-                # An error would've already been raised in
-                # `login_id_thirdparty_from_phone` if the original submission
-                # was a phone identifier
-                raise SynapseError(
-                    400, "Invalid thirdparty identifier", errcode=Codes.INVALID_PARAM,
-                )
-
-            if medium == "email":
-                # For emails, transform the address to lowercase.
-                # We store all email addresses as lowercase in the DB.
-                # (See add_threepid in synapse/handlers/auth.py)
-                address = address.lower()
-
-            # Check for auth providers that support 3pid login types
-            if password is not None:
-                canonical_user_id, _ = await self.check_password_provider_3pid(
-                    medium, address, password,
-                )
-                if canonical_user_id:
-                    # Authentication through password provider and 3pid succeeded
-                    return canonical_user_id
-
-            # Check local store
-            user_id = await self.hs.get_datastore().get_user_id_by_threepid(
-                medium, address
-            )
-            if not user_id:
-                # We were unable to find a user_id that belonged to the threepid returned
-                # by the password auth provider
-                return None
-
-            identifier = {"type": "m.id.user", "user": user_id}
-
-        # By this point, the identifier should be a `m.id.user`: if it's anything
-        # else, we haven't understood it.
-        if identifier["type"] != "m.id.user":
-            raise SynapseError(
-                400, "Unknown login identifier type", errcode=Codes.INVALID_PARAM,
-            )
-
-        # User identifiers have a "user" key
-        user = identifier.get("user")
-        if user is None:
-            raise SynapseError(
-                400,
-                "User identifier is missing 'user' key",
-                errcode=Codes.INVALID_PARAM,
-            )
-
-        return user
-
     def _get_params_recaptcha(self) -> dict:
         return {"public_key": self.hs.config.recaptcha_public_key}
 
@@ -889,8 +690,7 @@ class AuthHandler(BaseHandler):
         m.login.password auth types.
 
         Args:
-            username: a localpart or fully qualified user ID - what is provided by the
-                client
+            username: username supplied by the user
             login_submission: the whole of the login submission
                 (including 'type' and other relevant fields)
         Returns:
@@ -902,10 +702,10 @@ class AuthHandler(BaseHandler):
             LoginError if there was an authentication problem.
         """
 
-        # We need a fully qualified User ID for some method calls here
-        qualified_user_id = username
-        if not qualified_user_id.startswith("@"):
-            qualified_user_id = UserID(qualified_user_id, self.hs.hostname).to_string()
+        if username.startswith("@"):
+            qualified_user_id = username
+        else:
+            qualified_user_id = UserID(username, self.hs.hostname).to_string()
 
         login_type = login_submission.get("type")
         known_login_type = False

synapse/handlers/cas_handler.py

@@ -35,7 +35,6 @@ class CasHandler:
     """
 
     def __init__(self, hs):
-        self.hs = hs
         self._hostname = hs.hostname
         self._auth_handler = hs.get_auth_handler()
         self._registration_handler = hs.get_registration_handler()
@@ -211,16 +210,8 @@ class CasHandler:
 
         else:
             if not registered_user_id:
-                # Pull out the user-agent and IP from the request.
-                user_agent = request.requestHeaders.getRawHeaders(
-                    b"User-Agent", default=[b""]
-                )[0].decode("ascii", "surrogateescape")
-                ip_address = self.hs.get_ip_from_request(request)
-
                 registered_user_id = await self._registration_handler.register_user(
-                    localpart=localpart,
-                    default_display_name=user_display_name,
-                    user_agent_ips=(user_agent, ip_address),
+                    localpart=localpart, default_display_name=user_display_name
                 )
 
             await self._auth_handler.complete_sso_login(

synapse/handlers/devicemessage.py

@@ -16,6 +16,8 @@
 import logging
 from typing import Any, Dict
 
+from canonicaljson import json
+
 from synapse.api.errors import SynapseError
 from synapse.logging.context import run_in_background
 from synapse.logging.opentracing import (
@@ -25,7 +27,6 @@ from synapse.logging.opentracing import (
     start_active_span,
 )
 from synapse.types import UserID, get_domain_from_id
-from synapse.util import json_encoder
 from synapse.util.stringutils import random_string
 
 logger = logging.getLogger(__name__)
@@ -173,7 +174,7 @@ class DeviceMessageHandler(object):
                     "sender": sender_user_id,
                     "type": message_type,
                     "message_id": message_id,
-                    "org.matrix.opentracing_context": json_encoder.encode(context),
+                    "org.matrix.opentracing_context": json.dumps(context),
                 }
 
         log_kv({"local_messages": local_messages})

synapse/handlers/directory.py

@@ -23,7 +23,6 @@ from synapse.api.errors import (
     CodeMessageException,
     Codes,
     NotFoundError,
-    ShadowBanError,
     StoreError,
     SynapseError,
 )
@@ -200,8 +199,6 @@ class DirectoryHandler(BaseHandler):
 
         try:
             await self._update_canonical_alias(requester, user_id, room_id, room_alias)
-        except ShadowBanError as e:
-            logger.info("Failed to update alias events due to shadow-ban: %s", e)
         except AuthError as e:
             logger.info("Failed to update alias events: %s", e)
 
@@ -295,9 +292,6 @@ class DirectoryHandler(BaseHandler):
         """
         Send an updated canonical alias event if the removed alias was set as
         the canonical alias or listed in the alt_aliases field.
-
-        Raises:
-            ShadowBanError if the requester has been shadow-banned.
         """
         alias_event = await self.state.get_current_state(
             room_id, EventTypes.CanonicalAlias, ""

synapse/handlers/e2e_keys.py

@@ -19,7 +19,7 @@ import logging
 from typing import Dict, List, Optional, Tuple
 
 import attr
-from canonicaljson import encode_canonical_json
+from canonicaljson import encode_canonical_json, json
 from signedjson.key import VerifyKey, decode_verify_key_bytes
 from signedjson.sign import SignatureVerifyException, verify_signed_json
 from unpaddedbase64 import decode_base64
@@ -35,7 +35,7 @@ from synapse.types import (
     get_domain_from_id,
     get_verify_key_from_cross_signing_key,
 )
-from synapse.util import json_decoder, unwrapFirstError
+from synapse.util import unwrapFirstError
 from synapse.util.async_helpers import Linearizer
 from synapse.util.caches.expiringcache import ExpiringCache
 from synapse.util.retryutils import NotRetryingDestination
@@ -404,7 +404,7 @@ class E2eKeysHandler(object):
             for device_id, keys in device_keys.items():
                 for key_id, json_bytes in keys.items():
                     json_result.setdefault(user_id, {})[device_id] = {
-                        key_id: json_decoder.decode(json_bytes)
+                        key_id: json.loads(json_bytes)
                     }
 
         @trace
@@ -1186,7 +1186,7 @@ def _exception_to_failure(e):
 
 
 def _one_time_keys_match(old_key_json, new_key):
-    old_key = json_decoder.decode(old_key_json)
+    old_key = json.loads(old_key_json)
 
     # if either is a string rather than an object, they must match exactly
     if not isinstance(old_key, dict) or not isinstance(new_key, dict):

synapse/handlers/federation.py

@@ -1777,7 +1777,9 @@ class FederationHandler(BaseHandler):
         """Returns the state at the event. i.e. not including said event.
         """
 
-        event = await self.store.get_event(event_id, check_room_id=room_id)
+        event = await self.store.get_event(
+            event_id, allow_none=False, check_room_id=room_id
+        )
 
         state_groups = await self.state_store.get_state_groups(room_id, [event_id])
 
@@ -1803,7 +1805,9 @@ class FederationHandler(BaseHandler):
     async def get_state_ids_for_pdu(self, room_id: str, event_id: str) -> List[str]:
         """Returns the state at the event. i.e. not including said event.
         """
-        event = await self.store.get_event(event_id, check_room_id=room_id)
+        event = await self.store.get_event(
+            event_id, allow_none=False, check_room_id=room_id
+        )
 
         state_groups = await self.state_store.get_state_groups_ids(room_id, [event_id])
 
@@ -2134,10 +2138,10 @@ class FederationHandler(BaseHandler):
             )
             state_sets = list(state_sets.values())
             state_sets.append(state)
-            current_states = await self.state_handler.resolve_events(
+            current_state_ids = await self.state_handler.resolve_events(
                 room_version, state_sets, event
             )
-            current_state_ids = {k: e.event_id for k, e in current_states.items()}
+            current_state_ids = {k: e.event_id for k, e in current_state_ids.items()}
         else:
             current_state_ids = await self.state_handler.get_current_state_ids(
                 event.room_id, latest_event_ids=extrem_ids
@@ -2149,13 +2153,11 @@ class FederationHandler(BaseHandler):
 
         # Now check if event pass auth against said current state
         auth_types = auth_types_for_event(event)
-        current_state_ids_list = [
-            e for k, e in current_state_ids.items() if k in auth_types
-        ]
+        current_state_ids = [e for k, e in current_state_ids.items() if k in auth_types]
 
-        auth_events_map = await self.store.get_events(current_state_ids_list)
+        current_auth_events = await self.store.get_events(current_state_ids)
         current_auth_events = {
-            (e.type, e.state_key): e for e in auth_events_map.values()
+            (e.type, e.state_key): e for e in current_auth_events.values()
         }
 
         try:
@@ -2171,7 +2173,9 @@ class FederationHandler(BaseHandler):
         if not in_room:
             raise AuthError(403, "Host not in room.")
 
-        event = await self.store.get_event(event_id, check_room_id=room_id)
+        event = await self.store.get_event(
+            event_id, allow_none=False, check_room_id=room_id
+        )
 
         # Just go through and process each event in `remote_auth_chain`. We
         # don't want to fall into the trap of `missing` being wrong.

synapse/handlers/groups_local.py

@@ -461,6 +461,25 @@ class GroupsLocalHandler(GroupsLocalWorkerHandler):
 
         return {"state": "invite", "user_profile": user_profile}
 
+    async def change_user_admin_in_group(
+        self, group_id, user_id, want_admin, requester_user_id, content
+    ):
+        """Promotes or demotes a user in a group.
+        """
+
+        if not self.is_mine_id(user_id):
+            raise SynapseError(400, "User not on this server")
+
+        # TODO: We should probably support federation, but this is fine for now
+        if not self.is_mine_id(group_id):
+            raise SynapseError(400, "Group not on this server")
+
+        res = await self.groups_server_handler.change_user_admin_in_group(
+            group_id, user_id, want_admin, requester_user_id, content
+        )
+
+        return res
+
     async def remove_user_from_group(
         self, group_id, user_id, requester_user_id, content
     ):

synapse/handlers/identity.py

@@ -21,6 +21,8 @@ import logging
 import urllib.parse
 from typing import Awaitable, Callable, Dict, List, Optional, Tuple
 
+from canonicaljson import json
+
 from twisted.internet.error import TimeoutError
 
 from synapse.api.errors import (
@@ -32,7 +34,6 @@ from synapse.api.errors import (
 from synapse.config.emailconfig import ThreepidBehaviour
 from synapse.http.client import SimpleHttpClient
 from synapse.types import JsonDict, Requester
-from synapse.util import json_decoder
 from synapse.util.hash import sha256_and_url_safe_base64
 from synapse.util.stringutils import assert_valid_client_secret, random_string
 
@@ -176,7 +177,7 @@ class IdentityHandler(BaseHandler):
         except TimeoutError:
             raise SynapseError(500, "Timed out contacting identity server")
         except CodeMessageException as e:
-            data = json_decoder.decode(e.msg)  # XXX WAT?
+            data = json.loads(e.msg)  # XXX WAT?
             return data
 
         logger.info("Got 404 when POSTing JSON %s, falling back to v1 URL", bind_url)

synapse/handlers/message.py

@@ -15,10 +15,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import logging
-import random
 from typing import TYPE_CHECKING, Dict, List, Optional, Tuple
 
-from canonicaljson import encode_canonical_json
+from canonicaljson import encode_canonical_json, json
 
 from twisted.internet.interfaces import IDelayedCall
 
@@ -35,7 +34,6 @@ from synapse.api.errors import (
     Codes,
     ConsentNotGivenError,
     NotFoundError,
-    ShadowBanError,
     SynapseError,
 )
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
@@ -57,7 +55,6 @@ from synapse.types import (
     UserID,
     create_requester,
 )
-from synapse.util import json_decoder
 from synapse.util.async_helpers import Linearizer
 from synapse.util.frozenutils import frozendict_json_encoder
 from synapse.util.metrics import measure_func
@@ -647,35 +644,24 @@ class EventCreationHandler(object):
         event: EventBase,
         context: EventContext,
         ratelimit: bool = True,
-        ignore_shadow_ban: bool = False,
     ) -> int:
         """
         Persists and notifies local clients and federation of an event.
 
         Args:
-            requester: The requester sending the event.
-            event: The event to send.
-            context: The context of the event.
+            requester
+            event the event to send.
+            context: the context of the event.
             ratelimit: Whether to rate limit this send.
-            ignore_shadow_ban: True if shadow-banned users should be allowed to
-                send this event.
 
         Return:
             The stream_id of the persisted event.
-
-        Raises:
-            ShadowBanError if the requester has been shadow-banned.
         """
         if event.type == EventTypes.Member:
             raise SynapseError(
                 500, "Tried to send member event through non-member codepath"
             )
 
-        if not ignore_shadow_ban and requester.shadow_banned:
-            # We randomly sleep a bit just to annoy the requester.
-            await self.clock.sleep(random.randint(1, 10))
-            raise ShadowBanError()
-
         user = UserID.from_string(event.sender)
 
         assert self.hs.is_mine(user), "User must be our own: %s" % (user,)
@@ -729,28 +715,12 @@ class EventCreationHandler(object):
         event_dict: dict,
         ratelimit: bool = True,
         txn_id: Optional[str] = None,
-        ignore_shadow_ban: bool = False,
     ) -> Tuple[EventBase, int]:
         """
         Creates an event, then sends it.
 
         See self.create_event and self.send_nonmember_event.
-
-        Args:
-            requester: The requester sending the event.
-            event_dict: An entire event.
-            ratelimit: Whether to rate limit this send.
-            txn_id: The transaction ID.
-            ignore_shadow_ban: True if shadow-banned users should be allowed to
-                send this event.
-
-        Raises:
-            ShadowBanError if the requester has been shadow-banned.
         """
-        if not ignore_shadow_ban and requester.shadow_banned:
-            # We randomly sleep a bit just to annoy the requester.
-            await self.clock.sleep(random.randint(1, 10))
-            raise ShadowBanError()
 
         # We limit the number of concurrent event sends in a room so that we
         # don't fork the DAG too much. If we don't limit then we can end up in
@@ -769,11 +739,7 @@ class EventCreationHandler(object):
                 raise SynapseError(403, spam_error, Codes.FORBIDDEN)
 
             stream_id = await self.send_nonmember_event(
-                requester,
-                event,
-                context,
-                ratelimit=ratelimit,
-                ignore_shadow_ban=ignore_shadow_ban,
+                requester, event, context, ratelimit=ratelimit
             )
         return event, stream_id
 
@@ -898,7 +864,7 @@ class EventCreationHandler(object):
         # Ensure that we can round trip before trying to persist in db
         try:
             dump = frozendict_json_encoder.encode(event.content)
-            json_decoder.decode(dump)
+            json.loads(dump)
         except Exception:
             logger.exception("Failed to encode content: %r", event.content)
             raise
@@ -994,7 +960,7 @@ class EventCreationHandler(object):
                     allow_none=True,
                 )
 
-                is_admin_redaction = bool(
+                is_admin_redaction = (
                     original_event and event.sender != original_event.sender
                 )
 
@@ -1114,8 +1080,8 @@ class EventCreationHandler(object):
             auth_events_ids = self.auth.compute_auth_events(
                 event, prev_state_ids, for_verification=True
             )
-            auth_events_map = await self.store.get_events(auth_events_ids)
-            auth_events = {(e.type, e.state_key): e for e in auth_events_map.values()}
+            auth_events = await self.store.get_events(auth_events_ids)
+            auth_events = {(e.type, e.state_key): e for e in auth_events.values()}
 
             room_version = await self.store.get_room_version_id(event.room_id)
             room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
@@ -1213,14 +1179,8 @@ class EventCreationHandler(object):
 
                     event.internal_metadata.proactively_send = False
 
-                    # Since this is a dummy-event it is OK if it is sent by a
-                    # shadow-banned user.
                     await self.send_nonmember_event(
-                        requester,
-                        event,
-                        context,
-                        ratelimit=False,
-                        ignore_shadow_ban=True,
+                        requester, event, context, ratelimit=False
                     )
                     dummy_event_sent = True
                     break

synapse/handlers/oidc_handler.py

@@ -12,6 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import json
 import logging
 from typing import TYPE_CHECKING, Dict, Generic, List, Optional, Tuple, TypeVar
 from urllib.parse import urlencode
@@ -38,7 +39,6 @@ from synapse.http.server import respond_with_html
 from synapse.http.site import SynapseRequest
 from synapse.logging.context import make_deferred_yieldable
 from synapse.types import UserID, map_username_to_mxid_localpart
-from synapse.util import json_decoder
 
 if TYPE_CHECKING:
     from synapse.server import HomeServer
@@ -93,7 +93,6 @@ class OidcHandler:
     """
 
     def __init__(self, hs: "HomeServer"):
-        self.hs = hs
         self._callback_url = hs.config.oidc_callback_url  # type: str
         self._scopes = hs.config.oidc_scopes  # type: List[str]
         self._client_auth = ClientAuth(
@@ -368,7 +367,7 @@ class OidcHandler:
             # and check for an error field. If not, we respond with a generic
             # error message.
             try:
-                resp = json_decoder.decode(resp_body.decode("utf-8"))
+                resp = json.loads(resp_body.decode("utf-8"))
                 error = resp["error"]
                 description = resp.get("error_description", error)
             except (ValueError, KeyError):
@@ -385,7 +384,7 @@ class OidcHandler:
 
         # Since it is a not a 5xx code, body should be a valid JSON. It will
         # raise if not.
-        resp = json_decoder.decode(resp_body.decode("utf-8"))
+        resp = json.loads(resp_body.decode("utf-8"))
 
         if "error" in resp:
             error = resp["error"]
@@ -690,17 +689,9 @@ class OidcHandler:
                 self._render_error(request, "invalid_token", str(e))
                 return
 
-        # Pull out the user-agent and IP from the request.
-        user_agent = request.requestHeaders.getRawHeaders(b"User-Agent", default=[b""])[
-            0
-        ].decode("ascii", "surrogateescape")
-        ip_address = self.hs.get_ip_from_request(request)
-
         # Call the mapper to register/login the user
         try:
-            user_id = await self._map_userinfo_to_user(
-                userinfo, token, user_agent, ip_address
-            )
+            user_id = await self._map_userinfo_to_user(userinfo, token)
         except MappingException as e:
             logger.exception("Could not map user")
             self._render_error(request, "mapping_error", str(e))
@@ -837,9 +828,7 @@ class OidcHandler:
         now = self._clock.time_msec()
         return now < expiry
 
-    async def _map_userinfo_to_user(
-        self, userinfo: UserInfo, token: Token, user_agent: str, ip_address: str
-    ) -> str:
+    async def _map_userinfo_to_user(self, userinfo: UserInfo, token: Token) -> str:
         """Maps a UserInfo object to a mxid.
 
         UserInfo should have a claim that uniquely identifies users. This claim
@@ -854,8 +843,6 @@ class OidcHandler:
         Args:
             userinfo: an object representing the user
             token: a dict with the tokens obtained from the provider
-            user_agent: The user agent of the client making the request.
-            ip_address: The IP address of the client making the request.
 
         Raises:
             MappingException: if there was an error while mapping some properties
@@ -912,9 +899,7 @@ class OidcHandler:
         # It's the first time this user is logging in and the mapped mxid was
         # not taken, register the user
         registered_user_id = await self._registration_handler.register_user(
-            localpart=localpart,
-            default_display_name=attributes["display_name"],
-            user_agent_ips=(user_agent, ip_address),
+            localpart=localpart, default_display_name=attributes["display_name"],
         )
 
         await self._datastore.record_user_external_id(

synapse/handlers/pagination.py

@@ -82,9 +82,6 @@ class PaginationHandler(object):
 
         self._retention_default_max_lifetime = hs.config.retention_default_max_lifetime
 
-        self._retention_allowed_lifetime_min = hs.config.retention_allowed_lifetime_min
-        self._retention_allowed_lifetime_max = hs.config.retention_allowed_lifetime_max
-
         if hs.config.retention_enabled:
             # Run the purge jobs described in the configuration file.
             for job in hs.config.retention_purge_jobs:
@@ -114,7 +111,7 @@ class PaginationHandler(object):
                 the range to handle (inclusive). If None, it means that the range has no
                 upper limit.
         """
-        # We want the storage layer to include rooms with no retention policy in its
+        # We want the storage layer to to include rooms with no retention policy in its
         # return value only if a default retention policy is defined in the server's
         # configuration and that policy's 'max_lifetime' is either lower (or equal) than
         # max_ms or higher than min_ms (or both).
@@ -155,32 +152,13 @@ class PaginationHandler(object):
                 )
                 continue
 
-            # If max_lifetime is None, it means that the room has no retention policy.
-            # Given we only retrieve such rooms when there's a default retention policy
-            # defined in the server's configuration, we can safely assume that's the
-            # case and use it for this room.
-            max_lifetime = (
-                retention_policy["max_lifetime"] or self._retention_default_max_lifetime
-            )
+            max_lifetime = retention_policy["max_lifetime"]
 
-            # Cap the effective max_lifetime to be within the range allowed in the
-            # config.
-            # We do this in two steps:
-            #   1. Make sure it's higher or equal to the minimum allowed value, and if
-            #      it's not replace it with that value. This is because the server
-            #      operator can be required to not delete information before a given
-            #      time, e.g. to comply with freedom of information laws.
-            #   2. Make sure the resulting value is lower or equal to the maximum allowed
-            #      value, and if it's not replace it with that value. This is because the
-            #      server operator can be required to delete any data after a specific
-            #      amount of time.
-            if self._retention_allowed_lifetime_min is not None:
-                max_lifetime = max(self._retention_allowed_lifetime_min, max_lifetime)
-
-            if self._retention_allowed_lifetime_max is not None:
-                max_lifetime = min(max_lifetime, self._retention_allowed_lifetime_max)
-
-            logger.debug("[purge] max_lifetime for room %s: %s", room_id, max_lifetime)
+            if max_lifetime is None:
+                # If max_lifetime is None, it means that include_null equals True,
+                # therefore we can safely assume that there is a default policy defined
+                # in the server's configuration.
+                max_lifetime = self._retention_default_max_lifetime
 
             # Figure out what token we should start purging at.
             ts = self.clock.time_msec() - max_lifetime

synapse/handlers/presence.py

@@ -40,7 +40,7 @@ from synapse.metrics import LaterGauge
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.state import StateHandler
 from synapse.storage.databases.main import DataStore
-from synapse.types import Collection, JsonDict, UserID, get_domain_from_id
+from synapse.types import JsonDict, UserID, get_domain_from_id
 from synapse.util.async_helpers import Linearizer
 from synapse.util.caches.descriptors import cached
 from synapse.util.metrics import Measure
@@ -1318,7 +1318,7 @@ async def get_interested_parties(
 
 async def get_interested_remotes(
     store: DataStore, states: List[UserPresenceState], state_handler: StateHandler
-) -> List[Tuple[Collection[str], List[UserPresenceState]]]:
+) -> List[Tuple[List[str], List[UserPresenceState]]]:
     """Given a list of presence states figure out which remote servers
     should be sent which.
 
@@ -1334,7 +1334,7 @@ async def get_interested_remotes(
         each tuple the list of UserPresenceState should be sent to each
         destination
     """
-    hosts_and_states = []  # type: List[Tuple[Collection[str], List[UserPresenceState]]]
+    hosts_and_states = []
 
     # First we look up the rooms each user is in (as well as any explicit
     # subscriptions), then for each distinct room we look up the remote

synapse/handlers/register.py

@@ -26,7 +26,6 @@ from synapse.replication.http.register import (
     ReplicationPostRegisterActionsServlet,
     ReplicationRegisterServlet,
 )
-from synapse.spam_checker_api import RegistrationBehaviour
 from synapse.storage.state import StateFilter
 from synapse.types import RoomAlias, UserID, create_requester
 
@@ -53,8 +52,6 @@ class RegistrationHandler(BaseHandler):
         self.macaroon_gen = hs.get_macaroon_generator()
         self._server_notices_mxid = hs.config.server_notices_mxid
 
-        self.spam_checker = hs.get_spam_checker()
-
         if hs.config.worker_app:
             self._register_client = ReplicationRegisterServlet.make_client(hs)
             self._register_device_client = RegisterDeviceReplicationServlet.make_client(
@@ -127,9 +124,7 @@ class RegistrationHandler(BaseHandler):
             try:
                 int(localpart)
                 raise SynapseError(
-                    400,
-                    "Numeric user IDs are reserved for guest users.",
-                    errcode=Codes.INVALID_USERNAME,
+                    400, "Numeric user IDs are reserved for guest users."
                 )
             except ValueError:
                 pass
@@ -147,7 +142,7 @@ class RegistrationHandler(BaseHandler):
         address=None,
         bind_emails=[],
         by_admin=False,
-        user_agent_ips=None,
+        shadow_banned=False,
     ):
         """Registers a new client on the server.
 
@@ -165,8 +160,7 @@ class RegistrationHandler(BaseHandler):
             bind_emails (List[str]): list of emails to bind to this account.
             by_admin (bool): True if this registration is being made via the
               admin api, otherwise False.
-            user_agent_ips (List[(str, str)]): Tuples of IP addresses and user-agents used
-                during the registration process.
+            shadow_banned (bool): Shadow-ban the created user.
         Returns:
             str: user_id
         Raises:
@@ -174,24 +168,6 @@ class RegistrationHandler(BaseHandler):
         """
         self.check_registration_ratelimit(address)
 
-        result = self.spam_checker.check_registration_for_spam(
-            threepid, localpart, user_agent_ips or [],
-        )
-
-        if result == RegistrationBehaviour.DENY:
-            logger.info(
-                "Blocked registration of %r", localpart,
-            )
-            # We return a 429 to make it not obvious that they've been
-            # denied.
-            raise SynapseError(429, "Rate limited")
-
-        shadow_banned = result == RegistrationBehaviour.SHADOW_BAN
-        if shadow_banned:
-            logger.info(
-                "Shadow banning registration of %r", localpart,
-            )
-
         # do not check_auth_blocking if the call is coming through the Admin API
         if not by_admin:
             await self.auth.check_auth_blocking(threepid=threepid)

synapse/handlers/room.py

@@ -20,7 +20,6 @@
 import itertools
 import logging
 import math
-import random
 import string
 from collections import OrderedDict
 from typing import TYPE_CHECKING, Any, Awaitable, Dict, List, Optional, Tuple
@@ -136,9 +135,6 @@ class RoomCreationHandler(BaseHandler):
 
         Returns:
             the new room id
-
-        Raises:
-            ShadowBanError if the requester is shadow-banned.
         """
         await self.ratelimit(requester)
 
@@ -174,15 +170,6 @@ class RoomCreationHandler(BaseHandler):
     async def _upgrade_room(
         self, requester: Requester, old_room_id: str, new_version: RoomVersion
     ):
-        """
-        Args:
-            requester: the user requesting the upgrade
-            old_room_id: the id of the room to be replaced
-            new_versions: the version to upgrade the room to
-
-        Raises:
-            ShadowBanError if the requester is shadow-banned.
-        """
         user_id = requester.user.to_string()
 
         # start by allocating a new room id
@@ -269,9 +256,6 @@ class RoomCreationHandler(BaseHandler):
             old_room_id: the id of the room to be replaced
             new_room_id: the id of the replacement room
             old_room_state: the state map for the old room
-
-        Raises:
-            ShadowBanError if the requester is shadow-banned.
         """
         old_room_pl_event_id = old_room_state.get((EventTypes.PowerLevels, ""))
 
@@ -642,7 +626,6 @@ class RoomCreationHandler(BaseHandler):
             if mapping:
                 raise SynapseError(400, "Room alias already taken", Codes.ROOM_IN_USE)
 
-        invite_3pid_list = config.get("invite_3pid", [])
         invite_list = config.get("invite", [])
         for i in invite_list:
             try:
@@ -651,14 +634,6 @@ class RoomCreationHandler(BaseHandler):
             except Exception:
                 raise SynapseError(400, "Invalid user_id: %s" % (i,))
 
-        if (invite_list or invite_3pid_list) and requester.shadow_banned:
-            # We randomly sleep a bit just to annoy the requester.
-            await self.clock.sleep(random.randint(1, 10))
-
-            # Allow the request to go through, but remove any associated invites.
-            invite_3pid_list = []
-            invite_list = []
-
         await self.event_creation_handler.assert_accepted_privacy_policy(requester)
 
         power_level_content_override = config.get("power_level_content_override")
@@ -673,6 +648,8 @@ class RoomCreationHandler(BaseHandler):
                 % (user_id,),
             )
 
+        invite_3pid_list = config.get("invite_3pid", [])
+
         visibility = config.get("visibility", None)
         is_public = visibility == "public"
 
@@ -767,8 +744,6 @@ class RoomCreationHandler(BaseHandler):
             if is_direct:
                 content["is_direct"] = is_direct
 
-            # Note that update_membership with an action of "invite" can raise a
-            # ShadowBanError, but this was handled above by emptying invite_list.
             _, last_stream_id = await self.room_member_handler.update_membership(
                 requester,
                 UserID.from_string(invitee),
@@ -783,8 +758,6 @@ class RoomCreationHandler(BaseHandler):
             id_access_token = invite_3pid.get("id_access_token")  # optional
             address = invite_3pid["address"]
             medium = invite_3pid["medium"]
-            # Note that do_3pid_invite can raise a  ShadowBanError, but this was
-            # handled above by emptying invite_3pid_list.
             last_stream_id = await self.hs.get_room_member_handler().do_3pid_invite(
                 room_id,
                 requester.user,
@@ -844,13 +817,11 @@ class RoomCreationHandler(BaseHandler):
         async def send(etype: str, content: JsonDict, **kwargs) -> int:
             event = create(etype, content, **kwargs)
             logger.debug("Sending %s in new room", etype)
-            # Allow these events to be sent even if the user is shadow-banned to
-            # allow the room creation to complete.
             (
                 _,
                 last_stream_id,
             ) = await self.event_creation_handler.create_and_send_nonmember_event(
-                creator, event, ratelimit=False, ignore_shadow_ban=True,
+                creator, event, ratelimit=False
             )
             return last_stream_id
 

synapse/handlers/room_member.py

@@ -15,21 +15,14 @@
 
 import abc
 import logging
-import random
 from http import HTTPStatus
-from typing import TYPE_CHECKING, Iterable, List, Optional, Tuple, Union
+from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, Tuple, Union
 
 from unpaddedbase64 import encode_base64
 
 from synapse import types
 from synapse.api.constants import MAX_DEPTH, EventTypes, Membership
-from synapse.api.errors import (
-    AuthError,
-    Codes,
-    LimitExceededError,
-    ShadowBanError,
-    SynapseError,
-)
+from synapse.api.errors import AuthError, Codes, LimitExceededError, SynapseError
 from synapse.api.ratelimiting import Ratelimiter
 from synapse.api.room_versions import EventFormatVersions
 from synapse.crypto.event_signing import compute_event_reference_hash
@@ -38,15 +31,7 @@ from synapse.events.builder import create_local_event_from_event_dict
 from synapse.events.snapshot import EventContext
 from synapse.events.validator import EventValidator
 from synapse.storage.roommember import RoomsForUser
-from synapse.types import (
-    Collection,
-    JsonDict,
-    Requester,
-    RoomAlias,
-    RoomID,
-    StateMap,
-    UserID,
-)
+from synapse.types import Collection, JsonDict, Requester, RoomAlias, RoomID, UserID
 from synapse.util.async_helpers import Linearizer
 from synapse.util.distributor import user_joined_room, user_left_room
 
@@ -225,40 +210,24 @@ class RoomMemberHandler(object):
             _, stream_id = await self.store.get_event_ordering(duplicate.event_id)
             return duplicate.event_id, stream_id
 
-        prev_state_ids = await context.get_prev_state_ids()
-
-        prev_member_event_id = prev_state_ids.get((EventTypes.Member, user_id), None)
-
-        newly_joined = False
-        if event.membership == Membership.JOIN:
-            newly_joined = True
-            if prev_member_event_id:
-                prev_member_event = await self.store.get_event(prev_member_event_id)
-                newly_joined = prev_member_event.membership != Membership.JOIN
-
-            # Only rate-limit if the user actually joined the room, otherwise we'll end
-            # up blocking profile updates.
-            if newly_joined:
-                time_now_s = self.clock.time()
-                (
-                    allowed,
-                    time_allowed,
-                ) = self._join_rate_limiter_local.can_requester_do_action(requester)
-
-                if not allowed:
-                    raise LimitExceededError(
-                        retry_after_ms=int(1000 * (time_allowed - time_now_s))
-                    )
-
         stream_id = await self.event_creation_handler.handle_new_client_event(
             requester, event, context, extra_users=[target], ratelimit=ratelimit,
         )
 
-        if event.membership == Membership.JOIN and newly_joined:
+        prev_state_ids = await context.get_prev_state_ids()
+
+        prev_member_event_id = prev_state_ids.get((EventTypes.Member, user_id), None)
+
+        if event.membership == Membership.JOIN:
             # Only fire user_joined_room if the user has actually joined the
             # room. Don't bother if the user is just changing their profile
             # info.
-            await self._user_joined_room(target, room_id)
+            newly_joined = True
+            if prev_member_event_id:
+                prev_member_event = await self.store.get_event(prev_member_event_id)
+                newly_joined = prev_member_event.membership != Membership.JOIN
+            if newly_joined:
+                await self._user_joined_room(target, room_id)
         elif event.membership == Membership.LEAVE:
             if prev_member_event_id:
                 prev_member_event = await self.store.get_event(prev_member_event_id)
@@ -316,31 +285,6 @@ class RoomMemberHandler(object):
         content: Optional[dict] = None,
         require_consent: bool = True,
     ) -> Tuple[str, int]:
-        """Update a user's membership in a room.
-
-        Params:
-            requester: The user who is performing the update.
-            target: The user whose membership is being updated.
-            room_id: The room ID whose membership is being updated.
-            action: The membership change, see synapse.api.constants.Membership.
-            txn_id: The transaction ID, if given.
-            remote_room_hosts: Remote servers to send the update to.
-            third_party_signed: Information from a 3PID invite.
-            ratelimit: Whether to rate limit the request.
-            content: The content of the created event.
-            require_consent: Whether consent is required.
-
-        Returns:
-            A tuple of the new event ID and stream ID.
-
-        Raises:
-            ShadowBanError if a shadow-banned requester attempts to send an invite.
-        """
-        if action == Membership.INVITE and requester.shadow_banned:
-            # We randomly sleep a bit just to annoy the requester.
-            await self.clock.sleep(random.randint(1, 10))
-            raise ShadowBanError()
-
         key = (room_id,)
 
         with (await self.member_linearizer.queue(key)):
@@ -513,12 +457,22 @@ class RoomMemberHandler(object):
                     # so don't really fit into the general auth process.
                     raise AuthError(403, "Guest access not allowed")
 
-            if not is_host_in_room:
+            if is_host_in_room:
                 time_now_s = self.clock.time()
-                (
-                    allowed,
-                    time_allowed,
-                ) = self._join_rate_limiter_remote.can_requester_do_action(requester,)
+                allowed, time_allowed = self._join_rate_limiter_local.can_do_action(
+                    requester.user.to_string(),
+                )
+
+                if not allowed:
+                    raise LimitExceededError(
+                        retry_after_ms=int(1000 * (time_allowed - time_now_s))
+                    )
+
+            else:
+                time_now_s = self.clock.time()
+                allowed, time_allowed = self._join_rate_limiter_remote.can_do_action(
+                    requester.user.to_string(),
+                )
 
                 if not allowed:
                     raise LimitExceededError(
@@ -750,7 +704,9 @@ class RoomMemberHandler(object):
                 if prev_member_event.membership == Membership.JOIN:
                     await self._user_left_room(target_user, room_id)
 
-    async def _can_guest_join(self, current_state_ids: StateMap[str]) -> bool:
+    async def _can_guest_join(
+        self, current_state_ids: Dict[Tuple[str, str], str]
+    ) -> bool:
         """
         Returns whether a guest can join a room based on its current state.
         """
@@ -760,7 +716,7 @@ class RoomMemberHandler(object):
 
         guest_access = await self.store.get_event(guest_access_id)
 
-        return bool(
+        return (
             guest_access
             and guest_access.content
             and "guest_access" in guest_access.content
@@ -817,25 +773,6 @@ class RoomMemberHandler(object):
         txn_id: Optional[str],
         id_access_token: Optional[str] = None,
     ) -> int:
-        """Invite a 3PID to a room.
-
-        Args:
-            room_id: The room to invite the 3PID to.
-            inviter: The user sending the invite.
-            medium: The 3PID's medium.
-            address: The 3PID's address.
-            id_server: The identity server to use.
-            requester: The user making the request.
-            txn_id: The transaction ID this is part of, or None if this is not
-                part of a transaction.
-            id_access_token: The optional identity server access token.
-
-        Returns:
-             The new stream ID.
-
-        Raises:
-            ShadowBanError if the requester has been shadow-banned.
-        """
         if self.config.block_non_admin_invites:
             is_requester_admin = await self.auth.is_server_admin(requester.user)
             if not is_requester_admin:
@@ -843,11 +780,6 @@ class RoomMemberHandler(object):
                     403, "Invites have been disabled on this server", Codes.FORBIDDEN
                 )
 
-        if requester.shadow_banned:
-            # We randomly sleep a bit just to annoy the requester.
-            await self.clock.sleep(random.randint(1, 10))
-            raise ShadowBanError()
-
         # We need to rate limit *before* we send out any 3PID invites, so we
         # can't just rely on the standard ratelimiting of events.
         await self.base_handler.ratelimit(requester)
@@ -872,8 +804,6 @@ class RoomMemberHandler(object):
         )
 
         if invitee:
-            # Note that update_membership with an action of "invite" can raise
-            # a ShadowBanError, but this was done above already.
             _, stream_id = await self.update_membership(
                 requester, UserID.from_string(invitee), room_id, "invite", txn_id=txn_id
             )
@@ -979,7 +909,9 @@ class RoomMemberHandler(object):
         )
         return stream_id
 
-    async def _is_host_in_room(self, current_state_ids: StateMap[str]) -> bool:
+    async def _is_host_in_room(
+        self, current_state_ids: Dict[Tuple[str, str], str]
+    ) -> bool:
         # Have we just created the room, and is this about to be the very
         # first member event?
         create_event_id = current_state_ids.get(("m.room.create", ""))
@@ -1110,7 +1042,7 @@ class RoomMemberMasterHandler(RoomMemberHandler):
                 return event_id, stream_id
 
             # The room is too large. Leave.
-            requester = types.create_requester(user, None, False, False, None)
+            requester = types.create_requester(user, None, False, None)
             await self.update_membership(
                 requester=requester, target=user, room_id=room_id, action="leave"
             )

synapse/handlers/saml_handler.py

@@ -54,7 +54,6 @@ class Saml2SessionData:
 
 class SamlHandler:
     def __init__(self, hs: "synapse.server.HomeServer"):
-        self.hs = hs
         self._saml_client = Saml2Client(hs.config.saml2_sp_config)
         self._auth = hs.get_auth()
         self._auth_handler = hs.get_auth_handler()
@@ -134,14 +133,8 @@ class SamlHandler:
         # the dict.
         self.expire_sessions()
 
-        # Pull out the user-agent and IP from the request.
-        user_agent = request.requestHeaders.getRawHeaders(b"User-Agent", default=[b""])[
-            0
-        ].decode("ascii", "surrogateescape")
-        ip_address = self.hs.get_ip_from_request(request)
-
         user_id, current_session = await self._map_saml_response_to_user(
-            resp_bytes, relay_state, user_agent, ip_address
+            resp_bytes, relay_state
         )
 
         # Complete the interactive auth session or the login.
@@ -154,11 +147,7 @@ class SamlHandler:
             await self._auth_handler.complete_sso_login(user_id, request, relay_state)
 
     async def _map_saml_response_to_user(
-        self,
-        resp_bytes: str,
-        client_redirect_url: str,
-        user_agent: str,
-        ip_address: str,
+        self, resp_bytes: str, client_redirect_url: str
     ) -> Tuple[str, Optional[Saml2SessionData]]:
         """
         Given a sample response, retrieve the cached session and user for it.
@@ -166,8 +155,6 @@ class SamlHandler:
         Args:
             resp_bytes: The SAML response.
             client_redirect_url: The redirect URL passed in by the client.
-            user_agent: The user agent of the client making the request.
-            ip_address: The IP address of the client making the request.
 
         Returns:
              Tuple of the user ID and SAML session associated with this response.
@@ -304,7 +291,6 @@ class SamlHandler:
                 localpart=localpart,
                 default_display_name=displayname,
                 bind_emails=emails,
-                user_agent_ips=(user_agent, ip_address),
             )
 
             await self._datastore.record_user_external_id(

synapse/handlers/ui_auth/checkers.py

@@ -16,12 +16,13 @@
 import logging
 from typing import Any
 
+from canonicaljson import json
+
 from twisted.web.client import PartialDownloadError
 
 from synapse.api.constants import LoginType
 from synapse.api.errors import Codes, LoginError, SynapseError
 from synapse.config.emailconfig import ThreepidBehaviour
-from synapse.util import json_decoder
 
 logger = logging.getLogger(__name__)
 
@@ -116,7 +117,7 @@ class RecaptchaAuthChecker(UserInteractiveAuthChecker):
         except PartialDownloadError as pde:
             # Twisted is silly
             data = pde.response
-            resp_body = json_decoder.decode(data.decode("utf-8"))
+            resp_body = json.loads(data.decode("utf-8"))
 
         if "success" in resp_body:
             # Note that we do NOT check the hostname here: we explicitly

synapse/http/client.py

@@ -19,7 +19,7 @@ import urllib
 from io import BytesIO
 
 import treq
-from canonicaljson import encode_canonical_json
+from canonicaljson import encode_canonical_json, json
 from netaddr import IPAddress
 from prometheus_client import Counter
 from zope.interface import implementer, provider
@@ -47,7 +47,6 @@ from synapse.http import (
 from synapse.http.proxyagent import ProxyAgent
 from synapse.logging.context import make_deferred_yieldable
 from synapse.logging.opentracing import set_tag, start_active_span, tags
-from synapse.util import json_decoder
 from synapse.util.async_helpers import timeout_deferred
 
 logger = logging.getLogger(__name__)
@@ -392,7 +391,7 @@ class SimpleHttpClient(object):
         body = await make_deferred_yieldable(readBody(response))
 
         if 200 <= response.code < 300:
-            return json_decoder.decode(body.decode("utf-8"))
+            return json.loads(body.decode("utf-8"))
         else:
             raise HttpResponseException(
                 response.code, response.phrase.decode("ascii", errors="replace"), body
@@ -434,7 +433,7 @@ class SimpleHttpClient(object):
         body = await make_deferred_yieldable(readBody(response))
 
         if 200 <= response.code < 300:
-            return json_decoder.decode(body.decode("utf-8"))
+            return json.loads(body.decode("utf-8"))
         else:
             raise HttpResponseException(
                 response.code, response.phrase.decode("ascii", errors="replace"), body
@@ -464,7 +463,7 @@ class SimpleHttpClient(object):
             actual_headers.update(headers)
 
         body = await self.get_raw(uri, args, headers=headers)
-        return json_decoder.decode(body.decode("utf-8"))
+        return json.loads(body.decode("utf-8"))
 
     async def put_json(self, uri, json_body, args={}, headers=None):
         """ Puts some json to the given URI.
@@ -507,7 +506,7 @@ class SimpleHttpClient(object):
         body = await make_deferred_yieldable(readBody(response))
 
         if 200 <= response.code < 300:
-            return json_decoder.decode(body.decode("utf-8"))
+            return json.loads(body.decode("utf-8"))
         else:
             raise HttpResponseException(
                 response.code, response.phrase.decode("ascii", errors="replace"), body

synapse/http/federation/well_known_resolver.py

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import json
 import logging
 import random
 import time
@@ -25,7 +26,7 @@ from twisted.web.http import stringToDatetime
 from twisted.web.http_headers import Headers
 
 from synapse.logging.context import make_deferred_yieldable
-from synapse.util import Clock, json_decoder
+from synapse.util import Clock
 from synapse.util.caches.ttlcache import TTLCache
 from synapse.util.metrics import Measure
 
@@ -180,7 +181,7 @@ class WellKnownResolver(object):
             if response.code != 200:
                 raise Exception("Non-200 response %s" % (response.code,))
 
-            parsed_body = json_decoder.decode(body.decode("utf-8"))
+            parsed_body = json.loads(body.decode("utf-8"))
             logger.info("Response from .well-known: %s", parsed_body)
 
             result = parsed_body["m.server"].encode("ascii")

synapse/http/server.py

@@ -500,7 +500,7 @@ class RootOptionsRedirectResource(OptionsResource, RootRedirect):
     pass
 
 
-@implementer(interfaces.IPushProducer)
+@implementer(interfaces.IPullProducer)
 class _ByteProducer:
     """
     Iteratively write bytes to the request.
@@ -515,64 +515,52 @@ class _ByteProducer:
     ):
         self._request = request
         self._iterator = iterator
-        self._paused = False
 
-        # Register the producer and start producing data.
-        self._request.registerProducer(self, True)
-        self.resumeProducing()
+    def start(self) -> None:
+        self._request.registerProducer(self, False)
 
     def _send_data(self, data: List[bytes]) -> None:
         """
-        Send a list of bytes as a chunk of a response.
+        Send a list of strings as a response to the request.
         """
         if not data:
             return
         self._request.write(b"".join(data))
 
-    def pauseProducing(self) -> None:
-        self._paused = True
-
     def resumeProducing(self) -> None:
         # We've stopped producing in the meantime (note that this might be
         # re-entrant after calling write).
         if not self._request:
             return
 
-        self._paused = False
+        # Get the next chunk and write it to the request.
+        #
+        # The output of the JSON encoder is coalesced until min_chunk_size is
+        # reached. (This is because JSON encoders produce a very small output
+        # per iteration.)
+        #
+        # Note that buffer stores a list of bytes (instead of appending to
+        # bytes) to hopefully avoid many allocations.
+        buffer = []
+        buffered_bytes = 0
+        while buffered_bytes < self.min_chunk_size:
+            try:
+                data = next(self._iterator)
+                buffer.append(data)
+                buffered_bytes += len(data)
+            except StopIteration:
+                # The entire JSON object has been serialized, write any
+                # remaining data, finalize the producer and the request, and
+                # clean-up any references.
+                self._send_data(buffer)
+                self._request.unregisterProducer()
+                self._request.finish()
+                self.stopProducing()
+                return
 
-        # Write until there's backpressure telling us to stop.
-        while not self._paused:
-            # Get the next chunk and write it to the request.
-            #
-            # The output of the JSON encoder is buffered and coalesced until
-            # min_chunk_size is reached. This is because JSON encoders produce
-            # very small output per iteration and the Request object converts
-            # each call to write() to a separate chunk. Without this there would
-            # be an explosion in bytes written (e.g. b"{" becoming "1\r\n{\r\n").
-            #
-            # Note that buffer stores a list of bytes (instead of appending to
-            # bytes) to hopefully avoid many allocations.
-            buffer = []
-            buffered_bytes = 0
-            while buffered_bytes < self.min_chunk_size:
-                try:
-                    data = next(self._iterator)
-                    buffer.append(data)
-                    buffered_bytes += len(data)
-                except StopIteration:
-                    # The entire JSON object has been serialized, write any
-                    # remaining data, finalize the producer and the request, and
-                    # clean-up any references.
-                    self._send_data(buffer)
-                    self._request.unregisterProducer()
-                    self._request.finish()
-                    self.stopProducing()
-                    return
-
-            self._send_data(buffer)
+        self._send_data(buffer)
 
     def stopProducing(self) -> None:
-        # Clear a circular reference.
         self._request = None
 
 
@@ -632,7 +620,8 @@ def respond_with_json(
     if send_cors:
         set_cors_headers(request)
 
-    _ByteProducer(request, encoder(json_object))
+    producer = _ByteProducer(request, encoder(json_object))
+    producer.start()
     return NOT_DONE_YET
 
 

synapse/http/servlet.py

@@ -17,8 +17,9 @@
 
 import logging
 
+from canonicaljson import json
+
 from synapse.api.errors import Codes, SynapseError
-from synapse.util import json_decoder
 
 logger = logging.getLogger(__name__)
 
@@ -214,7 +215,7 @@ def parse_json_value_from_request(request, allow_empty_body=False):
         return None
 
     try:
-        content = json_decoder.decode(content_bytes.decode("utf-8"))
+        content = json.loads(content_bytes.decode("utf-8"))
     except Exception as e:
         logger.warning("Unable to parse JSON: %s", e)
         raise SynapseError(400, "Content not JSON.", errcode=Codes.NOT_JSON)

synapse/logging/opentracing.py

@@ -172,11 +172,11 @@ from functools import wraps
 from typing import TYPE_CHECKING, Dict, Optional, Type
 
 import attr
+from canonicaljson import json
 
 from twisted.internet import defer
 
 from synapse.config import ConfigError
-from synapse.util import json_decoder, json_encoder
 
 if TYPE_CHECKING:
     from synapse.http.site import SynapseRequest
@@ -499,9 +499,7 @@ def start_active_span_from_edu(
     if opentracing is None:
         return _noop_context_manager()
 
-    carrier = json_decoder.decode(edu_content.get("context", "{}")).get(
-        "opentracing", {}
-    )
+    carrier = json.loads(edu_content.get("context", "{}")).get("opentracing", {})
     context = opentracing.tracer.extract(opentracing.Format.TEXT_MAP, carrier)
     _references = [
         opentracing.child_of(span_context_from_string(x))
@@ -692,7 +690,7 @@ def active_span_context_as_string():
         opentracing.tracer.inject(
             opentracing.tracer.active_span, opentracing.Format.TEXT_MAP, carrier
         )
-    return json_encoder.encode(carrier)
+    return json.dumps(carrier)
 
 
 @only_if_tracing
@@ -701,7 +699,7 @@ def span_context_from_string(carrier):
     Returns:
         The active span context decoded from a string.
     """
-    carrier = json_decoder.decode(carrier)
+    carrier = json.loads(carrier)
     return opentracing.tracer.extract(opentracing.Format.TEXT_MAP, carrier)
 
 

synapse/metrics/background_process_metrics.py

@@ -175,7 +175,7 @@ def run_as_background_process(desc: str, func, *args, **kwargs):
     It returns a Deferred which completes when the function completes, but it doesn't
     follow the synapse logcontext rules, which makes it appropriate for passing to
     clock.looping_call and friends (or for firing-and-forgetting in the middle of a
-    normal synapse async function).
+    normal synapse inlineCallbacks function).
 
     Args:
         desc: a description for this background process type

synapse/module_api/__init__.py

@@ -167,10 +167,8 @@ class ModuleApi(object):
             external_id: id on that system
             user_id: complete mxid that it is mapped to
         """
-        return defer.ensureDeferred(
-            self._store.record_user_external_id(
-                auth_provider_id, remote_user_id, registered_user_id
-            )
+        return self._store.record_user_external_id(
+            auth_provider_id, remote_user_id, registered_user_id
         )
 
     def generate_short_term_login_token(
@@ -225,9 +223,7 @@ class ModuleApi(object):
         Returns:
             Deferred[object]: result of func
         """
-        return defer.ensureDeferred(
-            self._store.db_pool.runInteraction(desc, func, *args, **kwargs)
-        )
+        return self._store.db_pool.runInteraction(desc, func, *args, **kwargs)
 
     def complete_sso_login(
         self, registered_user_id: str, request: SynapseRequest, client_redirect_url: str

synapse/replication/slave/storage/_slaved_id_tracker.py

@@ -33,11 +33,3 @@ class SlavedIdTracker(object):
             int
         """
         return self._current
-
-    def get_current_token_for_writer(self, instance_name: str) -> int:
-        """Returns the position of the given writer.
-
-        For streams with single writers this is equivalent to
-        `get_current_token`.
-        """
-        return self.get_current_token()

synapse/replication/slave/storage/push_rule.py

@@ -14,7 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from synapse.replication.slave.storage._slaved_id_tracker import SlavedIdTracker
 from synapse.replication.tcp.streams import PushRulesStream
 from synapse.storage.databases.main.push_rule import PushRulesWorkerStore
 
@@ -22,13 +21,16 @@ from .events import SlavedEventStore
 
 
 class SlavedPushRuleStore(SlavedEventStore, PushRulesWorkerStore):
+    def get_push_rules_stream_token(self):
+        return (
+            self._push_rules_stream_id_gen.get_current_token(),
+            self._stream_id_gen.get_current_token(),
+        )
+
     def get_max_push_rules_stream_id(self):
         return self._push_rules_stream_id_gen.get_current_token()
 
     def process_replication_rows(self, stream_name, instance_name, token, rows):
-        # We assert this for the benefit of mypy
-        assert isinstance(self._push_rules_stream_id_gen, SlavedIdTracker)
-
         if stream_name == PushRulesStream.NAME:
             self._push_rules_stream_id_gen.advance(token)
             for row in rows:

synapse/replication/tcp/commands.py

@@ -21,7 +21,9 @@ import abc
 import logging
 from typing import Tuple, Type
 
-from synapse.util import json_decoder, json_encoder
+from canonicaljson import json
+
+from synapse.util import json_encoder as _json_encoder
 
 logger = logging.getLogger(__name__)
 
@@ -123,7 +125,7 @@ class RdataCommand(Command):
             stream_name,
             instance_name,
             None if token == "batch" else int(token),
-            json_decoder.decode(row_json),
+            json.loads(row_json),
         )
 
     def to_line(self):
@@ -132,7 +134,7 @@ class RdataCommand(Command):
                 self.stream_name,
                 self.instance_name,
                 str(self.token) if self.token is not None else "batch",
-                json_encoder.encode(self.row),
+                _json_encoder.encode(self.row),
             )
         )
 
@@ -357,7 +359,7 @@ class UserIpCommand(Command):
     def from_line(cls, line):
         user_id, jsn = line.split(" ", 1)
 
-        access_token, ip, user_agent, device_id, last_seen = json_decoder.decode(jsn)
+        access_token, ip, user_agent, device_id, last_seen = json.loads(jsn)
 
         return cls(user_id, access_token, ip, user_agent, device_id, last_seen)
 
@@ -365,7 +367,7 @@ class UserIpCommand(Command):
         return (
             self.user_id
             + " "
-            + json_encoder.encode(
+            + _json_encoder.encode(
                 (
                     self.access_token,
                     self.ip,

synapse/replication/tcp/streams/_base.py

@@ -352,7 +352,7 @@ class PushRulesStream(Stream):
         )
 
     def _current_token(self, instance_name: str) -> int:
-        push_rules_token = self.store.get_max_push_rules_stream_id()
+        push_rules_token, _ = self.store.get_push_rules_stream_token()
         return push_rules_token
 
 
@@ -405,7 +405,7 @@ class CachesStream(Stream):
         store = hs.get_datastore()
         super().__init__(
             hs.get_instance_name(),
-            store.get_cache_stream_token_for_writer,
+            store.get_cache_stream_token,
             store.get_all_updated_caches,
         )
 

synapse/rest/admin/rooms.py

@@ -316,9 +316,6 @@ class JoinRoomAliasServlet(RestServlet):
         join_rules_event = room_state.get((EventTypes.JoinRules, ""))
         if join_rules_event:
             if not (join_rules_event.content.get("join_rule") == JoinRules.PUBLIC):
-                # update_membership with an action of "invite" can raise a
-                # ShadowBanError. This is not handled since it is assumed that
-                # an admin isn't going to call this API with a shadow-banned user.
                 await self.room_member_handler.update_membership(
                     requester=requester,
                     target=fake_requester.user,

synapse/rest/admin/users.py

@@ -73,7 +73,6 @@ class UsersRestServletV2(RestServlet):
     The parameters `from` and `limit` are required only for pagination.
     By default, a `limit` of 100 is used.
     The parameter `user_id` can be used to filter by user id.
-    The parameter `name` can be used to filter by user id or display name.
     The parameter `guests` can be used to exclude guest users.
     The parameter `deactivated` can be used to include deactivated users.
     """
@@ -90,12 +89,11 @@ class UsersRestServletV2(RestServlet):
         start = parse_integer(request, "from", default=0)
         limit = parse_integer(request, "limit", default=100)
         user_id = parse_string(request, "user_id", default=None)
-        name = parse_string(request, "name", default=None)
         guests = parse_boolean(request, "guests", default=True)
         deactivated = parse_boolean(request, "deactivated", default=False)
 
         users, total = await self.store.get_users_paginate(
-            start, limit, user_id, name, guests, deactivated
+            start, limit, user_id, guests, deactivated
         )
         ret = {"users": users, "total": total}
         if len(users) >= limit:

synapse/rest/client/v1/login.py

@@ -18,7 +18,6 @@ from typing import Awaitable, Callable, Dict, Optional
 
 from synapse.api.errors import Codes, LoginError, SynapseError
 from synapse.api.ratelimiting import Ratelimiter
-from synapse.handlers.auth import client_dict_convert_legacy_fields_to_identifier
 from synapse.http.server import finish_request
 from synapse.http.servlet import (
     RestServlet,
@@ -29,11 +28,56 @@ from synapse.http.site import SynapseRequest
 from synapse.rest.client.v2_alpha._base import client_patterns
 from synapse.rest.well_known import WellKnownBuilder
 from synapse.types import JsonDict, UserID
+from synapse.util.msisdn import phone_number_to_msisdn
 from synapse.util.threepids import canonicalise_email
 
 logger = logging.getLogger(__name__)
 
 
+def login_submission_legacy_convert(submission):
+    """
+    If the input login submission is an old style object
+    (ie. with top-level user / medium / address) convert it
+    to a typed object.
+    """
+    if "user" in submission:
+        submission["identifier"] = {"type": "m.id.user", "user": submission["user"]}
+        del submission["user"]
+
+    if "medium" in submission and "address" in submission:
+        submission["identifier"] = {
+            "type": "m.id.thirdparty",
+            "medium": submission["medium"],
+            "address": submission["address"],
+        }
+        del submission["medium"]
+        del submission["address"]
+
+
+def login_id_thirdparty_from_phone(identifier):
+    """
+    Convert a phone login identifier type to a generic threepid identifier
+    Args:
+        identifier(dict): Login identifier dict of type 'm.id.phone'
+
+    Returns: Login identifier dict of type 'm.id.threepid'
+    """
+    if "country" not in identifier or (
+        # The specification requires a "phone" field, while Synapse used to require a "number"
+        # field. Accept both for backwards compatibility.
+        "phone" not in identifier
+        and "number" not in identifier
+    ):
+        raise SynapseError(400, "Invalid phone-type identifier")
+
+    # Accept both "phone" and "number" as valid keys in m.id.phone
+    phone_number = identifier.get("phone", identifier["number"])
+
+    msisdn = phone_number_to_msisdn(identifier["country"], phone_number)
+
+    return {"type": "m.id.thirdparty", "medium": "msisdn", "address": msisdn}
+
+
 class LoginRestServlet(RestServlet):
     PATTERNS = client_patterns("/login$", v1=True)
     CAS_TYPE = "m.login.cas"
@@ -123,8 +167,7 @@ class LoginRestServlet(RestServlet):
                 result = await self._do_token_login(login_submission)
             else:
                 result = await self._do_other_login(login_submission)
-        except KeyError as e:
-            logger.debug("KeyError during login: %s", e)
+        except KeyError:
             raise SynapseError(400, "Missing JSON keys.")
 
         well_known_data = self._well_known_builder.get_well_known()
@@ -151,14 +194,27 @@ class LoginRestServlet(RestServlet):
             login_submission.get("address"),
             login_submission.get("user"),
         )
-        # Convert deprecated authdict formats to the current scheme
-        client_dict_convert_legacy_fields_to_identifier(login_submission)
+        login_submission_legacy_convert(login_submission)
+
+        if "identifier" not in login_submission:
+            raise SynapseError(400, "Missing param: identifier")
+
+        identifier = login_submission["identifier"]
+        if "type" not in identifier:
+            raise SynapseError(400, "Login identifier has no type")
+
+        # convert phone type identifiers to generic threepids
+        if identifier["type"] == "m.id.phone":
+            identifier = login_id_thirdparty_from_phone(identifier)
+
+        # convert threepid identifiers to user IDs
+        if identifier["type"] == "m.id.thirdparty":
+            address = identifier.get("address")
+            medium = identifier.get("medium")
+
+            if medium is None or address is None:
+                raise SynapseError(400, "Invalid thirdparty identifier")
 
-        # Check whether this attempt uses a threepid, if so, check if our failed attempt
-        # ratelimiter allows another attempt at this time
-        medium = login_submission.get("medium")
-        address = login_submission.get("address")
-        if medium and address:
             # For emails, canonicalise the address.
             # We store all email addresses canonicalised in the DB.
             # (See add_threepid in synapse/handlers/auth.py)
@@ -168,41 +224,74 @@ class LoginRestServlet(RestServlet):
                 except ValueError as e:
                     raise SynapseError(400, str(e))
 
+            # We also apply account rate limiting using the 3PID as a key, as
+            # otherwise using 3PID bypasses the ratelimiting based on user ID.
             self._failed_attempts_ratelimiter.ratelimit((medium, address), update=False)
 
-        # Extract a localpart or user ID from the values in the identifier
-        username = await self.auth_handler.username_from_identifier(
-            login_submission["identifier"], login_submission.get("password")
-        )
+            # Check for login providers that support 3pid login types
+            (
+                canonical_user_id,
+                callback_3pid,
+            ) = await self.auth_handler.check_password_provider_3pid(
+                medium, address, login_submission["password"]
+            )
+            if canonical_user_id:
+                # Authentication through password provider and 3pid succeeded
 
-        if not username:
-            if medium and address:
-                # The user attempted to login via threepid and failed
-                # Record this failed attempt using the threepid as a key, as otherwise
-                # the user could bypass the ratelimiter by not providing a username
-                self._failed_attempts_ratelimiter.can_do_action(
-                    (medium, address.lower())
+                result = await self._complete_login(
+                    canonical_user_id, login_submission, callback_3pid
                 )
+                return result
 
-                raise LoginError(403, "Unauthorized threepid", errcode=Codes.FORBIDDEN)
+            # No password providers were able to handle this 3pid
+            # Check local store
+            user_id = await self.hs.get_datastore().get_user_id_by_threepid(
+                medium, address
+            )
+            if not user_id:
+                logger.warning(
+                    "unknown 3pid identifier medium %s, address %r", medium, address
+                )
+                # We mark that we've failed to log in here, as
+                # `check_password_provider_3pid` might have returned `None` due
+                # to an incorrect password, rather than the account not
+                # existing.
+                #
+                # If it returned None but the 3PID was bound then we won't hit
+                # this code path, which is fine as then the per-user ratelimit
+                # will kick in below.
+                self._failed_attempts_ratelimiter.can_do_action((medium, address))
+                raise LoginError(403, "", errcode=Codes.FORBIDDEN)
 
-            # The login failed for another reason
-            raise LoginError(403, "Invalid login", errcode=Codes.FORBIDDEN)
+            identifier = {"type": "m.id.user", "user": user_id}
 
-        # We were able to extract a username successfully
-        # Check if we've hit the failed ratelimit for this user ID
-        self._failed_attempts_ratelimiter.ratelimit(username.lower(), update=False)
+        # by this point, the identifier should be an m.id.user: if it's anything
+        # else, we haven't understood it.
+        if identifier["type"] != "m.id.user":
+            raise SynapseError(400, "Unknown login identifier type")
+        if "user" not in identifier:
+            raise SynapseError(400, "User identifier is missing 'user' key")
+
+        if identifier["user"].startswith("@"):
+            qualified_user_id = identifier["user"]
+        else:
+            qualified_user_id = UserID(identifier["user"], self.hs.hostname).to_string()
+
+        # Check if we've hit the failed ratelimit (but don't update it)
+        self._failed_attempts_ratelimiter.ratelimit(
+            qualified_user_id.lower(), update=False
+        )
 
         try:
             canonical_user_id, callback = await self.auth_handler.validate_login(
-                username, login_submission
+                identifier["user"], login_submission
             )
         except LoginError:
             # The user has failed to log in, so we need to update the rate
             # limiter. Using `can_do_action` avoids us raising a ratelimit
-            # exception and masking the LoginError. This just records the attempt.
-            # The actual rate-limiting happens above
-            self._failed_attempts_ratelimiter.can_do_action(username.lower())
+            # exception and masking the LoginError. The actual ratelimiting
+            # should have happened above.
+            self._failed_attempts_ratelimiter.can_do_action(qualified_user_id.lower())
             raise
 
         result = await self._complete_login(
@@ -220,7 +309,7 @@ class LoginRestServlet(RestServlet):
         create_non_existent_users: bool = False,
     ) -> Dict[str, str]:
         """Called when we've successfully authed the user and now need to
-        actually log them in (e.g. create devices). This gets called on
+        actually login them in (e.g. create devices). This gets called on
         all successful logins.
 
         Applies the ratelimiting for successful login attempts against an

synapse/rest/client/v1/push_rule.py

@@ -159,7 +159,7 @@ class PushRuleRestServlet(RestServlet):
         return 200, {}
 
     def notify_user(self, user_id):
-        stream_id = self.store.get_max_push_rules_stream_id()
+        stream_id, _ = self.store.get_push_rules_stream_token()
         self.notifier.on_new_event("push_rules_key", stream_id, users=[user_id])
 
     async def set_rule_attr(self, user_id, spec, val):

synapse/rest/client/v1/room.py

@@ -21,13 +21,14 @@ import re
 from typing import List, Optional
 from urllib import parse as urlparse
 
+from canonicaljson import json
+
 from synapse.api.constants import EventTypes, Membership
 from synapse.api.errors import (
     AuthError,
     Codes,
     HttpResponseException,
     InvalidClientCredentialsError,
-    ShadowBanError,
     SynapseError,
 )
 from synapse.api.filtering import Filter
@@ -45,8 +46,6 @@ from synapse.rest.client.v2_alpha._base import client_patterns
 from synapse.storage.state import StateFilter
 from synapse.streams.config import PaginationConfig
 from synapse.types import RoomAlias, RoomID, StreamToken, ThirdPartyInstanceID, UserID
-from synapse.util import json_decoder
-from synapse.util.stringutils import random_string
 
 MYPY = False
 if MYPY:
@@ -201,26 +200,23 @@ class RoomStateEventRestServlet(TransactionRestServlet):
         if state_key is not None:
             event_dict["state_key"] = state_key
 
-        try:
-            if event_type == EventTypes.Member:
-                membership = content.get("membership", None)
-                event_id, _ = await self.room_member_handler.update_membership(
-                    requester,
-                    target=UserID.from_string(state_key),
-                    room_id=room_id,
-                    action=membership,
-                    content=content,
-                )
-            else:
-                (
-                    event,
-                    _,
-                ) = await self.event_creation_handler.create_and_send_nonmember_event(
-                    requester, event_dict, txn_id=txn_id
-                )
-                event_id = event.event_id
-        except ShadowBanError:
-            event_id = "$" + random_string(43)
+        if event_type == EventTypes.Member:
+            membership = content.get("membership", None)
+            event_id, _ = await self.room_member_handler.update_membership(
+                requester,
+                target=UserID.from_string(state_key),
+                room_id=room_id,
+                action=membership,
+                content=content,
+            )
+        else:
+            (
+                event,
+                _,
+            ) = await self.event_creation_handler.create_and_send_nonmember_event(
+                requester, event_dict, txn_id=txn_id
+            )
+            event_id = event.event_id
 
         set_tag("event_id", event_id)
         ret = {"event_id": event_id}
@@ -253,19 +249,12 @@ class RoomSendEventRestServlet(TransactionRestServlet):
         if b"ts" in request.args and requester.app_service:
             event_dict["origin_server_ts"] = parse_integer(request, "ts", 0)
 
-        try:
-            (
-                event,
-                _,
-            ) = await self.event_creation_handler.create_and_send_nonmember_event(
-                requester, event_dict, txn_id=txn_id
-            )
-            event_id = event.event_id
-        except ShadowBanError:
-            event_id = "$" + random_string(43)
+        event, _ = await self.event_creation_handler.create_and_send_nonmember_event(
+            requester, event_dict, txn_id=txn_id
+        )
 
-        set_tag("event_id", event_id)
-        return 200, {"event_id": event_id}
+        set_tag("event_id", event.event_id)
+        return 200, {"event_id": event.event_id}
 
     def on_GET(self, request, room_id, event_type, txn_id):
         return 200, "Not implemented"
@@ -530,9 +519,7 @@ class RoomMessageListRestServlet(RestServlet):
         filter_str = parse_string(request, b"filter", encoding="utf-8")
         if filter_str:
             filter_json = urlparse.unquote(filter_str)
-            event_filter = Filter(
-                json_decoder.decode(filter_json)
-            )  # type: Optional[Filter]
+            event_filter = Filter(json.loads(filter_json))  # type: Optional[Filter]
             if (
                 event_filter
                 and event_filter.filter_json.get("event_format", "client")
@@ -644,9 +631,7 @@ class RoomEventContextServlet(RestServlet):
         filter_str = parse_string(request, b"filter", encoding="utf-8")
         if filter_str:
             filter_json = urlparse.unquote(filter_str)
-            event_filter = Filter(
-                json_decoder.decode(filter_json)
-            )  # type: Optional[Filter]
+            event_filter = Filter(json.loads(filter_json))  # type: Optional[Filter]
         else:
             event_filter = None
 
@@ -731,20 +716,16 @@ class RoomMembershipRestServlet(TransactionRestServlet):
             content = {}
 
         if membership_action == "invite" and self._has_3pid_invite_keys(content):
-            try:
-                await self.room_member_handler.do_3pid_invite(
-                    room_id,
-                    requester.user,
-                    content["medium"],
-                    content["address"],
-                    content["id_server"],
-                    requester,
-                    txn_id,
-                    content.get("id_access_token"),
-                )
-            except ShadowBanError:
-                # Pretend the request succeeded.
-                pass
+            await self.room_member_handler.do_3pid_invite(
+                room_id,
+                requester.user,
+                content["medium"],
+                content["address"],
+                content["id_server"],
+                requester,
+                txn_id,
+                content.get("id_access_token"),
+            )
             return 200, {}
 
         target = requester.user
@@ -756,19 +737,15 @@ class RoomMembershipRestServlet(TransactionRestServlet):
         if "reason" in content:
             event_content = {"reason": content["reason"]}
 
-        try:
-            await self.room_member_handler.update_membership(
-                requester=requester,
-                target=target,
-                room_id=room_id,
-                action=membership_action,
-                txn_id=txn_id,
-                third_party_signed=content.get("third_party_signed", None),
-                content=event_content,
-            )
-        except ShadowBanError:
-            # Pretend the request succeeded.
-            pass
+        await self.room_member_handler.update_membership(
+            requester=requester,
+            target=target,
+            room_id=room_id,
+            action=membership_action,
+            txn_id=txn_id,
+            third_party_signed=content.get("third_party_signed", None),
+            content=event_content,
+        )
 
         return_value = {}
 
@@ -806,27 +783,20 @@ class RoomRedactEventRestServlet(TransactionRestServlet):
         requester = await self.auth.get_user_by_req(request)
         content = parse_json_object_from_request(request)
 
-        try:
-            (
-                event,
-                _,
-            ) = await self.event_creation_handler.create_and_send_nonmember_event(
-                requester,
-                {
-                    "type": EventTypes.Redaction,
-                    "content": content,
-                    "room_id": room_id,
-                    "sender": requester.user.to_string(),
-                    "redacts": event_id,
-                },
-                txn_id=txn_id,
-            )
-            event_id = event.event_id
-        except ShadowBanError:
-            event_id = "$" + random_string(43)
+        event, _ = await self.event_creation_handler.create_and_send_nonmember_event(
+            requester,
+            {
+                "type": EventTypes.Redaction,
+                "content": content,
+                "room_id": room_id,
+                "sender": requester.user.to_string(),
+                "redacts": event_id,
+            },
+            txn_id=txn_id,
+        )
 
-        set_tag("event_id", event_id)
-        return 200, {"event_id": event_id}
+        set_tag("event_id", event.event_id)
+        return 200, {"event_id": event.event_id}
 
     def on_PUT(self, request, room_id, event_id, txn_id):
         set_tag("txn_id", txn_id)

synapse/rest/client/v2_alpha/account.py

@@ -15,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import logging
-import random
 from http import HTTPStatus
 
 from synapse.api.constants import LoginType
@@ -110,9 +109,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
             if self.config.request_token_inhibit_3pid_errors:
                 # Make the client think the operation succeeded. See the rationale in the
                 # comments for request_token_inhibit_3pid_errors.
-                # Also wait for some random amount of time between 100ms and 1s to make it
-                # look like we did something.
-                await self.hs.clock.sleep(random.randint(1, 10) / 10)
                 return 200, {"sid": random_string(16)}
 
             raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
@@ -452,9 +448,6 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
             if self.config.request_token_inhibit_3pid_errors:
                 # Make the client think the operation succeeded. See the rationale in the
                 # comments for request_token_inhibit_3pid_errors.
-                # Also wait for some random amount of time between 100ms and 1s to make it
-                # look like we did something.
-                await self.hs.clock.sleep(random.randint(1, 10) / 10)
                 return 200, {"sid": random_string(16)}
 
             raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
@@ -523,9 +516,6 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
             if self.hs.config.request_token_inhibit_3pid_errors:
                 # Make the client think the operation succeeded. See the rationale in the
                 # comments for request_token_inhibit_3pid_errors.
-                # Also wait for some random amount of time between 100ms and 1s to make it
-                # look like we did something.
-                await self.hs.clock.sleep(random.randint(1, 10) / 10)
                 return 200, {"sid": random_string(16)}
 
             raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)

synapse/rest/client/v2_alpha/groups.py

@@ -16,7 +16,6 @@
 
 import logging
 
-from synapse.api.errors import SynapseError
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.types import GroupID
 
@@ -326,9 +325,6 @@ class GroupRoomServlet(RestServlet):
         requester = await self.auth.get_user_by_req(request, allow_guest=True)
         requester_user_id = requester.user.to_string()
 
-        if not GroupID.is_valid(group_id):
-            raise SynapseError(400, "%s was not legal group ID" % (group_id,))
-
         result = await self.groups_handler.get_rooms_in_group(
             group_id, requester_user_id
         )
@@ -552,6 +548,31 @@ class GroupAdminUsersKickServlet(RestServlet):
 
         return 200, result
 
+class GroupAdminChangeAdminServlet(RestServlet):
+    """Promote or demote a user in the group
+    """
+
+    PATTERNS = client_patterns(
+        "/groups/(?P<group_id>[^/]*)/admin/users/admins/(?P<user_id>[^/]*)$"
+    )
+
+    def __init__(self, hs):
+        super(GroupAdminChangeAdminServlet, self).__init__()
+        self.auth = hs.get_auth()
+        self.clock = hs.get_clock()
+        self.groups_handler = hs.get_groups_local_handler()
+
+    async def on_POST(self, request, group_id, user_id):
+        requester = await self.auth.get_user_by_req(request)
+        requester_user_id = requester.user.to_string()
+
+        content = parse_json_object_from_request(request)
+        want_admin = content["is_admin"]
+        result = await self.groups_handler.change_user_admin_in_group(
+            group_id, user_id, want_admin, requester_user_id, content
+        )
+
+        return 200, result
 
 class GroupSelfLeaveServlet(RestServlet):
     """Leave a joined group
@@ -726,6 +747,7 @@ def register_servlets(hs, http_server):
     GroupAdminRoomsConfigServlet(hs).register(http_server)
     GroupAdminUsersInviteServlet(hs).register(http_server)
     GroupAdminUsersKickServlet(hs).register(http_server)
+    GroupAdminChangeAdminServlet(hs).register(http_server)
     GroupSelfLeaveServlet(hs).register(http_server)
     GroupSelfJoinServlet(hs).register(http_server)
     GroupSelfAcceptInviteServlet(hs).register(http_server)

synapse/rest/client/v2_alpha/register.py

@@ -16,7 +16,6 @@
 
 import hmac
 import logging
-import random
 from typing import List, Union
 
 import synapse
@@ -132,9 +131,6 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
             if self.hs.config.request_token_inhibit_3pid_errors:
                 # Make the client think the operation succeeded. See the rationale in the
                 # comments for request_token_inhibit_3pid_errors.
-                # Also wait for some random amount of time between 100ms and 1s to make it
-                # look like we did something.
-                await self.hs.clock.sleep(random.randint(1, 10) / 10)
                 return 200, {"sid": random_string(16)}
 
             raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
@@ -207,9 +203,6 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
             if self.hs.config.request_token_inhibit_3pid_errors:
                 # Make the client think the operation succeeded. See the rationale in the
                 # comments for request_token_inhibit_3pid_errors.
-                # Also wait for some random amount of time between 100ms and 1s to make it
-                # look like we did something.
-                await self.hs.clock.sleep(random.randint(1, 10) / 10)
                 return 200, {"sid": random_string(16)}
 
             raise SynapseError(
@@ -598,17 +591,12 @@ class RegisterRestServlet(RestServlet):
                                 Codes.THREEPID_IN_USE,
                             )
 
-            entries = await self.store.get_user_agents_ips_to_ui_auth_session(
-                session_id
-            )
-
             registered_user_id = await self.registration_handler.register_user(
                 localpart=desired_username,
                 password_hash=password_hash,
                 guest_access_token=guest_access_token,
                 threepid=threepid,
                 address=client_addr,
-                user_agent_ips=entries,
             )
             # Necessary due to auth checks prior to the threepid being
             # written to the db

synapse/rest/client/v2_alpha/relations.py

@@ -22,7 +22,7 @@ any time to reflect changes in the MSC.
 import logging
 
 from synapse.api.constants import EventTypes, RelationTypes
-from synapse.api.errors import ShadowBanError, SynapseError
+from synapse.api.errors import SynapseError
 from synapse.http.servlet import (
     RestServlet,
     parse_integer,
@@ -35,7 +35,6 @@ from synapse.storage.relations import (
     PaginationChunk,
     RelationPaginationToken,
 )
-from synapse.util.stringutils import random_string
 
 from ._base import client_patterns
 
@@ -112,18 +111,11 @@ class RelationSendServlet(RestServlet):
             "sender": requester.user.to_string(),
         }
 
-        try:
-            (
-                event,
-                _,
-            ) = await self.event_creation_handler.create_and_send_nonmember_event(
-                requester, event_dict=event_dict, txn_id=txn_id
-            )
-            event_id = event.event_id
-        except ShadowBanError:
-            event_id = "$" + random_string(43)
+        event, _ = await self.event_creation_handler.create_and_send_nonmember_event(
+            requester, event_dict=event_dict, txn_id=txn_id
+        )
 
-        return 200, {"event_id": event_id}
+        return 200, {"event_id": event.event_id}
 
 
 class RelationPaginationServlet(RestServlet):

synapse/rest/client/v2_alpha/room_upgrade_rest_servlet.py

@@ -15,14 +15,13 @@
 
 import logging
 
-from synapse.api.errors import Codes, ShadowBanError, SynapseError
+from synapse.api.errors import Codes, SynapseError
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
 from synapse.http.servlet import (
     RestServlet,
     assert_params_in_dict,
     parse_json_object_from_request,
 )
-from synapse.util import stringutils
 
 from ._base import client_patterns
 
@@ -63,6 +62,7 @@ class RoomUpgradeRestServlet(RestServlet):
 
         content = parse_json_object_from_request(request)
         assert_params_in_dict(content, ("new_version",))
+        new_version = content["new_version"]
 
         new_version = KNOWN_ROOM_VERSIONS.get(content["new_version"])
         if new_version is None:
@@ -72,13 +72,9 @@ class RoomUpgradeRestServlet(RestServlet):
                 Codes.UNSUPPORTED_ROOM_VERSION,
             )
 
-        try:
-            new_room_id = await self._room_creation_handler.upgrade_room(
-                requester, room_id, new_version
-            )
-        except ShadowBanError:
-            # Generate a random room ID.
-            new_room_id = stringutils.random_string(18)
+        new_room_id = await self._room_creation_handler.upgrade_room(
+            requester, room_id, new_version
+        )
 
         ret = {"replacement_room": new_room_id}
 

synapse/rest/client/v2_alpha/sync.py

@@ -16,6 +16,8 @@
 import itertools
 import logging
 
+from canonicaljson import json
+
 from synapse.api.constants import PresenceState
 from synapse.api.errors import Codes, StoreError, SynapseError
 from synapse.api.filtering import DEFAULT_FILTER_COLLECTION, FilterCollection
@@ -27,7 +29,6 @@ from synapse.handlers.presence import format_user_presence_state
 from synapse.handlers.sync import SyncConfig
 from synapse.http.servlet import RestServlet, parse_boolean, parse_integer, parse_string
 from synapse.types import StreamToken
-from synapse.util import json_decoder
 
 from ._base import client_patterns, set_timeline_upper_limit
 
@@ -124,7 +125,7 @@ class SyncRestServlet(RestServlet):
             filter_collection = DEFAULT_FILTER_COLLECTION
         elif filter_id.startswith("{"):
             try:
-                filter_object = json_decoder.decode(filter_id)
+                filter_object = json.loads(filter_id)
                 set_timeline_upper_limit(
                     filter_object, self.hs.config.filter_timeline_limit
                 )

synapse/rest/key/v2/remote_key_resource.py

@@ -15,19 +15,19 @@
 import logging
 from typing import Dict, Set
 
+from canonicaljson import json
 from signedjson.sign import sign_json
 
 from synapse.api.errors import Codes, SynapseError
 from synapse.crypto.keyring import ServerKeyFetcher
 from synapse.http.server import DirectServeJsonResource, respond_with_json
 from synapse.http.servlet import parse_integer, parse_json_object_from_request
-from synapse.util import json_decoder
 
 logger = logging.getLogger(__name__)
 
 
 class RemoteKey(DirectServeJsonResource):
-    """HTTP resource for retrieving the TLS certificate and NACL signature
+    """HTTP resource for retreiving the TLS certificate and NACL signature
     verification keys for a collection of servers. Checks that the reported
     X.509 TLS certificate matches the one used in the HTTPS connection. Checks
     that the NACL signature for the remote server is valid. Returns a dict of
@@ -209,15 +209,13 @@ class RemoteKey(DirectServeJsonResource):
                     # Cast to bytes since postgresql returns a memoryview.
                     json_results.add(bytes(result["key_json"]))
 
-        # If there is a cache miss, request the missing keys, then recurse (and
-        # ensure the result is sent).
         if cache_misses and query_remote_on_cache_miss:
             await self.fetcher.get_keys(cache_misses)
             await self.query_keys(request, query, query_remote_on_cache_miss=False)
         else:
             signed_keys = []
             for key_json in json_results:
-                key_json = json_decoder.decode(key_json.decode("utf-8"))
+                key_json = json.loads(key_json.decode("utf-8"))
                 for signing_key in self.config.key_server_signing_keys:
                     key_json = sign_json(key_json, self.config.server_name, signing_key)
 

synapse/rest/well_known.py

@@ -13,12 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import json
 import logging
 
 from twisted.web.resource import Resource
 
 from synapse.http.server import set_cors_headers
-from synapse.util import json_encoder
 
 logger = logging.getLogger(__name__)
 
@@ -67,4 +67,4 @@ class WellKnownResource(Resource):
 
         logger.debug("returning: %s", r)
         request.setHeader(b"Content-Type", b"application/json")
-        return json_encoder.encode(r).encode("utf-8")
+        return json.dumps(r).encode("utf-8")

synapse/spam_checker_api/__init__.py

@@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import logging
-from enum import Enum
 
 from twisted.internet import defer
 
@@ -26,16 +25,6 @@ if MYPY:
 logger = logging.getLogger(__name__)
 
 
-class RegistrationBehaviour(Enum):
-    """
-    Enum to define whether a registration request should allowed, denied, or shadow-banned.
-    """
-
-    ALLOW = "allow"
-    SHADOW_BAN = "shadow_ban"
-    DENY = "deny"
-
-
 class SpamCheckerApi(object):
     """A proxy object that gets passed to spam checkers so they can get
     access to rooms and other relevant information.
@@ -59,10 +48,8 @@ class SpamCheckerApi(object):
             twisted.internet.defer.Deferred[list(synapse.events.FrozenEvent)]:
                 The filtered state events in the room.
         """
-        state_ids = yield defer.ensureDeferred(
-            self._store.get_filtered_current_state_ids(
-                room_id=room_id, state_filter=StateFilter.from_types(types)
-            )
+        state_ids = yield self._store.get_filtered_current_state_ids(
+            room_id=room_id, state_filter=StateFilter.from_types(types)
         )
-        state = yield defer.ensureDeferred(self._store.get_events(state_ids.values()))
+        state = yield self._store.get_events(state_ids.values())
         return state.values()

synapse/state/__init__.py

@@ -16,22 +16,11 @@
 
 import logging
 from collections import namedtuple
-from typing import (
-    Awaitable,
-    Dict,
-    Iterable,
-    List,
-    Optional,
-    Sequence,
-    Set,
-    Union,
-    overload,
-)
+from typing import Awaitable, Dict, Iterable, List, Optional, Set
 
 import attr
 from frozendict import frozendict
 from prometheus_client import Histogram
-from typing_extensions import Literal
 
 from synapse.api.constants import EventTypes
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, StateResolutionVersions
@@ -41,7 +30,7 @@ from synapse.logging.utils import log_function
 from synapse.state import v1, v2
 from synapse.storage.databases.main.events_worker import EventRedactBehaviour
 from synapse.storage.roommember import ProfileInfo
-from synapse.types import Collection, StateMap
+from synapse.types import StateMap
 from synapse.util import Clock
 from synapse.util.async_helpers import Linearizer
 from synapse.util.caches.expiringcache import ExpiringCache
@@ -79,14 +68,8 @@ def _gen_state_id():
 class _StateCacheEntry(object):
     __slots__ = ["state", "state_group", "state_id", "prev_group", "delta_ids"]
 
-    def __init__(
-        self,
-        state: StateMap[str],
-        state_group: Optional[int],
-        prev_group: Optional[int] = None,
-        delta_ids: Optional[StateMap[str]] = None,
-    ):
-        # A map from (type, state_key) to event_id.
+    def __init__(self, state, state_group, prev_group=None, delta_ids=None):
+        # dict[(str, str), str] map  from (type, state_key) to event_id
         self.state = frozendict(state)
 
         # the ID of a state group if one and only one is involved.
@@ -124,49 +107,24 @@ class StateHandler(object):
         self.hs = hs
         self._state_resolution_handler = hs.get_state_resolution_handler()
 
-    @overload
     async def get_current_state(
-        self,
-        room_id: str,
-        event_type: Literal[None] = None,
-        state_key: str = "",
-        latest_event_ids: Optional[List[str]] = None,
-    ) -> StateMap[EventBase]:
-        ...
-
-    @overload
-    async def get_current_state(
-        self,
-        room_id: str,
-        event_type: str,
-        state_key: str = "",
-        latest_event_ids: Optional[List[str]] = None,
-    ) -> Optional[EventBase]:
-        ...
-
-    async def get_current_state(
-        self,
-        room_id: str,
-        event_type: Optional[str] = None,
-        state_key: str = "",
-        latest_event_ids: Optional[List[str]] = None,
-    ) -> Union[Optional[EventBase], StateMap[EventBase]]:
-        """Retrieves the current state for the room. This is done by
+        self, room_id, event_type=None, state_key="", latest_event_ids=None
+    ):
+        """ Retrieves the current state for the room. This is done by
         calling `get_latest_events_in_room` to get the leading edges of the
         event graph and then resolving any of the state conflicts.
 
         This is equivalent to getting the state of an event that were to send
         next before receiving any new events.
 
-        Returns:
-            If `event_type` is specified, then the method returns only the one
-            event (or None) with that `event_type` and `state_key`.
+        If `event_type` is specified, then the method returns only the one
+        event (or None) with that `event_type` and `state_key`.
 
-            Otherwise, a map from (type, state_key) to event.
+        Returns:
+            map from (type, state_key) to event
         """
         if not latest_event_ids:
             latest_event_ids = await self.store.get_latest_event_ids_in_room(room_id)
-        assert latest_event_ids is not None
 
         logger.debug("calling resolve_state_groups from get_current_state")
         ret = await self.resolve_state_groups_for_events(room_id, latest_event_ids)
@@ -182,30 +140,34 @@ class StateHandler(object):
         state_map = await self.store.get_events(
             list(state.values()), get_prev_content=False
         )
-        return {
+        state = {
             key: state_map[e_id] for key, e_id in state.items() if e_id in state_map
         }
 
-    async def get_current_state_ids(
-        self, room_id: str, latest_event_ids: Optional[Iterable[str]] = None
-    ) -> StateMap[str]:
+        return state
+
+    async def get_current_state_ids(self, room_id, latest_event_ids=None):
         """Get the current state, or the state at a set of events, for a room
 
         Args:
-            room_id:
-            latest_event_ids: if given, the forward extremities to resolve. If
-                None, we look them up from the database (via a cache).
+            room_id (str):
+
+            latest_event_ids (iterable[str]|None): if given, the forward
+                extremities to resolve. If None, we look them up from the
+                database (via a cache)
 
         Returns:
-            the state dict, mapping from (event_type, state_key) -> event_id
+            Deferred[dict[(str, str), str)]]: the state dict, mapping from
+                (event_type, state_key) -> event_id
         """
         if not latest_event_ids:
             latest_event_ids = await self.store.get_latest_event_ids_in_room(room_id)
-        assert latest_event_ids is not None
 
         logger.debug("calling resolve_state_groups from get_current_state_ids")
         ret = await self.resolve_state_groups_for_events(room_id, latest_event_ids)
-        return dict(ret.state)
+        state = ret.state
+
+        return state
 
     async def get_current_users_in_room(
         self, room_id: str, latest_event_ids: Optional[List[str]] = None
@@ -221,34 +183,32 @@ class StateHandler(object):
         """
         if not latest_event_ids:
             latest_event_ids = await self.store.get_latest_event_ids_in_room(room_id)
-        assert latest_event_ids is not None
-
         logger.debug("calling resolve_state_groups from get_current_users_in_room")
         entry = await self.resolve_state_groups_for_events(room_id, latest_event_ids)
-        return await self.store.get_joined_users_from_state(room_id, entry)
+        joined_users = await self.store.get_joined_users_from_state(room_id, entry)
+        return joined_users
 
-    async def get_current_hosts_in_room(self, room_id: str) -> Set[str]:
+    async def get_current_hosts_in_room(self, room_id):
         event_ids = await self.store.get_latest_event_ids_in_room(room_id)
         return await self.get_hosts_in_room_at_events(room_id, event_ids)
 
-    async def get_hosts_in_room_at_events(
-        self, room_id: str, event_ids: List[str]
-    ) -> Set[str]:
+    async def get_hosts_in_room_at_events(self, room_id, event_ids):
         """Get the hosts that were in a room at the given event ids
 
         Args:
-            room_id:
-            event_ids:
+            room_id (str):
+            event_ids (list[str]):
 
         Returns:
-            The hosts in the room at the given events
+            Deferred[list[str]]: the hosts in the room at the given events
         """
         entry = await self.resolve_state_groups_for_events(room_id, event_ids)
-        return await self.store.get_joined_hosts(room_id, entry)
+        joined_hosts = await self.store.get_joined_hosts(room_id, entry)
+        return joined_hosts
 
     async def compute_event_context(
         self, event: EventBase, old_state: Optional[Iterable[EventBase]] = None
-    ) -> EventContext:
+    ):
         """Build an EventContext structure for the event.
 
         This works out what the current state should be for the event, and
@@ -261,7 +221,7 @@ class StateHandler(object):
                 when receiving an event from federation where we don't have the
                 prev events for, e.g. when backfilling.
         Returns:
-            The event context.
+            synapse.events.snapshot.EventContext:
         """
 
         if event.internal_metadata.is_outlier():
@@ -315,7 +275,7 @@ class StateHandler(object):
                 event.room_id, event.prev_event_ids()
             )
 
-            state_ids_before_event = dict(entry.state)
+            state_ids_before_event = entry.state
             state_group_before_event = entry.state_group
             state_group_before_event_prev_group = entry.prev_group
             deltas_to_state_group_before_event = entry.delta_ids
@@ -386,18 +346,19 @@ class StateHandler(object):
         )
 
     @measure_func()
-    async def resolve_state_groups_for_events(
-        self, room_id: str, event_ids: Iterable[str]
-    ) -> _StateCacheEntry:
+    async def resolve_state_groups_for_events(self, room_id, event_ids):
         """ Given a list of event_ids this method fetches the state at each
         event, resolves conflicts between them and returns them.
 
         Args:
-            room_id
-            event_ids
+            room_id (str)
+            event_ids (list[str])
+            explicit_room_version (str|None): If set uses the the given room
+                version to choose the resolution algorithm. If None, then
+                checks the database for room version.
 
         Returns:
-            The resolved state
+            Deferred[_StateCacheEntry]: resolved state
         """
         logger.debug("resolve_state_groups event_ids %s", event_ids)
 
@@ -433,12 +394,7 @@ class StateHandler(object):
         )
         return result
 
-    async def resolve_events(
-        self,
-        room_version: str,
-        state_sets: Collection[Iterable[EventBase]],
-        event: EventBase,
-    ) -> StateMap[EventBase]:
+    async def resolve_events(self, room_version, state_sets, event):
         logger.info(
             "Resolving state for %s with %d groups", event.room_id, len(state_sets)
         )
@@ -458,7 +414,9 @@ class StateHandler(object):
                 state_res_store=StateResolutionStore(self.store),
             )
 
-        return {key: state_map[ev_id] for key, ev_id in new_state.items()}
+        new_state = {key: state_map[ev_id] for key, ev_id in new_state.items()}
+
+        return new_state
 
 
 class StateResolutionHandler(object):
@@ -486,12 +444,7 @@ class StateResolutionHandler(object):
 
     @log_function
     async def resolve_state_groups(
-        self,
-        room_id: str,
-        room_version: str,
-        state_groups_ids: Dict[int, StateMap[str]],
-        event_map: Optional[Dict[str, EventBase]],
-        state_res_store: "StateResolutionStore",
+        self, room_id, room_version, state_groups_ids, event_map, state_res_store
     ):
         """Resolves conflicts between a set of state groups
 
@@ -499,13 +452,13 @@ class StateResolutionHandler(object):
         not be called for a single state group
 
         Args:
-            room_id: room we are resolving for (used for logging and sanity checks)
-            room_version: version of the room
-            state_groups_ids:
-                A map from state group id to the state in that state group
+            room_id (str): room we are resolving for (used for logging and sanity checks)
+            room_version (str): version of the room
+            state_groups_ids (dict[int, dict[(str, str), str]]):
+                 map from state group id to the state in that state group
                 (where 'state' is a map from state key to event id)
 
-            event_map:
+            event_map(dict[str,FrozenEvent]|None):
                 a dict from event_id to event, for any events that we happen to
                 have in flight (eg, those currently being persisted). This will be
                 used as a starting point fof finding the state we need; any missing
@@ -513,10 +466,10 @@ class StateResolutionHandler(object):
 
                 If None, all events will be fetched via state_res_store.
 
-            state_res_store
+            state_res_store (StateResolutionStore)
 
         Returns:
-            The resolved state
+            _StateCacheEntry: resolved state
         """
         logger.debug("resolve_state_groups state_groups %s", state_groups_ids.keys())
 
@@ -577,22 +530,21 @@ class StateResolutionHandler(object):
             return cache
 
 
-def _make_state_cache_entry(
-    new_state: StateMap[str], state_groups_ids: Dict[int, StateMap[str]]
-) -> _StateCacheEntry:
+def _make_state_cache_entry(new_state, state_groups_ids):
     """Given a resolved state, and a set of input state groups, pick one to base
     a new state group on (if any), and return an appropriately-constructed
     _StateCacheEntry.
 
     Args:
-        new_state: resolved state map (mapping from (type, state_key) to event_id)
+        new_state (dict[(str, str), str]): resolved state map (mapping from
+           (type, state_key) to event_id)
 
-        state_groups_ids:
-            map from state group id to the state in that state group (where
-            'state' is a map from state key to event id)
+        state_groups_ids (dict[int, dict[(str, str), str]]):
+                 map from state group id to the state in that state group
+                (where 'state' is a map from state key to event id)
 
     Returns:
-        The cache entry.
+        _StateCacheEntry
     """
     # if the new state matches any of the input state groups, we can
     # use that state group again. Otherwise we will generate a state_id
@@ -633,7 +585,7 @@ def resolve_events_with_store(
     clock: Clock,
     room_id: str,
     room_version: str,
-    state_sets: Sequence[StateMap[str]],
+    state_sets: List[StateMap[str]],
     event_map: Optional[Dict[str, EventBase]],
     state_res_store: "StateResolutionStore",
 ) -> Awaitable[StateMap[str]]:
@@ -681,17 +633,15 @@ class StateResolutionStore(object):
 
     store = attr.ib()
 
-    def get_events(
-        self, event_ids: Iterable[str], allow_rejected: bool = False
-    ) -> Awaitable[Dict[str, EventBase]]:
+    def get_events(self, event_ids, allow_rejected=False):
         """Get events from the database
 
         Args:
-            event_ids: The event_ids of the events to fetch
-            allow_rejected: If True return rejected events.
+            event_ids (list): The event_ids of the events to fetch
+            allow_rejected (bool): If True return rejected events.
 
         Returns:
-            An awaitable which resolves to a dict from event_id to event.
+            Deferred[dict[str, FrozenEvent]]: Dict from event_id to event.
         """
 
         return self.store.get_events(
@@ -701,9 +651,7 @@ class StateResolutionStore(object):
             allow_rejected=allow_rejected,
         )
 
-    def get_auth_chain_difference(
-        self, state_sets: List[Set[str]]
-    ) -> Awaitable[Set[str]]:
+    def get_auth_chain_difference(self, state_sets: List[Set[str]]):
         """Given sets of state events figure out the auth chain difference (as
         per state res v2 algorithm).
 
@@ -712,7 +660,7 @@ class StateResolutionStore(object):
         chain.
 
         Returns:
-            An awaitable that resolves to a set of event IDs.
+            Deferred[Set[str]]: Set of event IDs.
         """
 
         return self.store.get_auth_chain_difference(state_sets)

synapse/state/v1.py

@@ -15,17 +15,7 @@
 
 import hashlib
 import logging
-from typing import (
-    Awaitable,
-    Callable,
-    Dict,
-    Iterable,
-    List,
-    Optional,
-    Sequence,
-    Set,
-    Tuple,
-)
+from typing import Awaitable, Callable, Dict, List, Optional
 
 from synapse import event_auth
 from synapse.api.constants import EventTypes
@@ -42,10 +32,10 @@ POWER_KEY = (EventTypes.PowerLevels, "")
 
 async def resolve_events_with_store(
     room_id: str,
-    state_sets: Sequence[StateMap[str]],
+    state_sets: List[StateMap[str]],
     event_map: Optional[Dict[str, EventBase]],
-    state_map_factory: Callable[[Iterable[str]], Awaitable[Dict[str, EventBase]]],
-) -> StateMap[str]:
+    state_map_factory: Callable[[List[str]], Awaitable],
+):
     """
     Args:
         room_id: the room we are working in
@@ -66,7 +56,8 @@ async def resolve_events_with_store(
             an Awaitable that resolves to a dict of event_id to event.
 
     Returns:
-        A map from (type, state_key) to event_id.
+        Deferred[dict[(str, str), str]]:
+            a map from (type, state_key) to event_id.
     """
     if len(state_sets) == 1:
         return state_sets[0]
@@ -84,8 +75,8 @@ async def resolve_events_with_store(
         "Asking for %d/%d conflicted events", len(needed_events), needed_event_count
     )
 
-    # A map from state event id to event. Only includes the state events which
-    # are in conflict (and those in event_map).
+    # dict[str, FrozenEvent]: a map from state event id to event. Only includes
+    # the state events which are in conflict (and those in event_map)
     state_map = await state_map_factory(needed_events)
     if event_map is not None:
         state_map.update(event_map)
@@ -100,6 +91,8 @@ async def resolve_events_with_store(
 
     # get the ids of the auth events which allow us to authenticate the
     # conflicted state, picking only from the unconflicting state.
+    #
+    # dict[(str, str), str]: a map from state key to event id
     auth_events = _create_auth_events_from_maps(
         unconflicted_state, conflicted_state, state_map
     )
@@ -129,30 +122,29 @@ async def resolve_events_with_store(
     )
 
 
-def _seperate(
-    state_sets: Iterable[StateMap[str]],
-) -> Tuple[StateMap[str], StateMap[Set[str]]]:
+def _seperate(state_sets):
     """Takes the state_sets and figures out which keys are conflicted and
     which aren't. i.e., which have multiple different event_ids associated
     with them in different state sets.
 
     Args:
-        state_sets:
+        state_sets(iterable[dict[(str, str), str]]):
             List of dicts of (type, state_key) -> event_id, which are the
             different state groups to resolve.
 
     Returns:
-        A tuple of (unconflicted_state, conflicted_state), where:
+        (dict[(str, str), str], dict[(str, str), set[str]]):
+            A tuple of (unconflicted_state, conflicted_state), where:
 
-        unconflicted_state is a dict mapping (type, state_key)->event_id
-        for unconflicted state keys.
+            unconflicted_state is a dict mapping (type, state_key)->event_id
+            for unconflicted state keys.
 
-        conflicted_state is a dict mapping (type, state_key) to a set of
-        event ids for conflicted state keys.
+            conflicted_state is a dict mapping (type, state_key) to a set of
+            event ids for conflicted state keys.
     """
     state_set_iterator = iter(state_sets)
     unconflicted_state = dict(next(state_set_iterator))
-    conflicted_state = {}  # type: StateMap[Set[str]]
+    conflicted_state = {}
 
     for state_set in state_set_iterator:
         for key, value in state_set.items():
@@ -179,21 +171,7 @@ def _seperate(
     return unconflicted_state, conflicted_state
 
 
-def _create_auth_events_from_maps(
-    unconflicted_state: StateMap[str],
-    conflicted_state: StateMap[Set[str]],
-    state_map: Dict[str, EventBase],
-) -> StateMap[str]:
-    """
-
-    Args:
-        unconflicted_state: The unconflicted state map.
-        conflicted_state: The conflicted state map.
-        state_map:
-
-    Returns:
-        A map from state key to event id.
-    """
+def _create_auth_events_from_maps(unconflicted_state, conflicted_state, state_map):
     auth_events = {}
     for event_ids in conflicted_state.values():
         for event_id in event_ids:
@@ -201,17 +179,14 @@ def _create_auth_events_from_maps(
                 keys = event_auth.auth_types_for_event(state_map[event_id])
                 for key in keys:
                     if key not in auth_events:
-                        auth_event_id = unconflicted_state.get(key, None)
-                        if auth_event_id:
-                            auth_events[key] = auth_event_id
+                        event_id = unconflicted_state.get(key, None)
+                        if event_id:
+                            auth_events[key] = event_id
     return auth_events
 
 
 def _resolve_with_state(
-    unconflicted_state_ids: StateMap[str],
-    conflicted_state_ids: StateMap[Set[str]],
-    auth_event_ids: StateMap[str],
-    state_map: Dict[str, EventBase],
+    unconflicted_state_ids, conflicted_state_ids, auth_event_ids, state_map
 ):
     conflicted_state = {}
     for key, event_ids in conflicted_state_ids.items():
@@ -240,9 +215,7 @@ def _resolve_with_state(
     return new_state
 
 
-def _resolve_state_events(
-    conflicted_state: StateMap[List[EventBase]], auth_events: StateMap[EventBase]
-) -> StateMap[EventBase]:
+def _resolve_state_events(conflicted_state, auth_events):
     """ This is where we actually decide which of the conflicted state to
     use.
 
@@ -282,9 +255,7 @@ def _resolve_state_events(
     return resolved_state
 
 
-def _resolve_auth_events(
-    events: List[EventBase], auth_events: StateMap[EventBase]
-) -> EventBase:
+def _resolve_auth_events(events, auth_events):
     reverse = list(reversed(_ordered_events(events)))
 
     auth_keys = {
@@ -318,9 +289,7 @@ def _resolve_auth_events(
     return event
 
 
-def _resolve_normal_events(
-    events: List[EventBase], auth_events: StateMap[EventBase]
-) -> EventBase:
+def _resolve_normal_events(events, auth_events):
     for event in _ordered_events(events):
         try:
             # The signatures have already been checked at this point
@@ -340,7 +309,7 @@ def _resolve_normal_events(
     return event
 
 
-def _ordered_events(events: Iterable[EventBase]) -> List[EventBase]:
+def _ordered_events(events):
     def key_func(e):
         # we have to use utf-8 rather than ascii here because it turns out we allow
         # people to send us events with non-ascii event IDs :/

synapse/state/v2.py

@@ -16,21 +16,7 @@
 import heapq
 import itertools
 import logging
-from typing import (
-    Any,
-    Callable,
-    Dict,
-    Generator,
-    Iterable,
-    List,
-    Optional,
-    Sequence,
-    Set,
-    Tuple,
-    overload,
-)
-
-from typing_extensions import Literal
+from typing import Dict, List, Optional
 
 import synapse.state
 from synapse import event_auth
@@ -54,10 +40,10 @@ async def resolve_events_with_store(
     clock: Clock,
     room_id: str,
     room_version: str,
-    state_sets: Sequence[StateMap[str]],
+    state_sets: List[StateMap[str]],
     event_map: Optional[Dict[str, EventBase]],
     state_res_store: "synapse.state.StateResolutionStore",
-) -> StateMap[str]:
+):
     """Resolves the state using the v2 state resolution algorithm
 
     Args:
@@ -77,7 +63,8 @@ async def resolve_events_with_store(
         state_res_store:
 
     Returns:
-        A map from (type, state_key) to event_id.
+        Deferred[dict[(str, str), str]]:
+            a map from (type, state_key) to event_id.
     """
 
     logger.debug("Computing conflicted state")
@@ -184,23 +171,18 @@ async def resolve_events_with_store(
     return resolved_state
 
 
-async def _get_power_level_for_sender(
-    room_id: str,
-    event_id: str,
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-) -> int:
+async def _get_power_level_for_sender(room_id, event_id, event_map, state_res_store):
     """Return the power level of the sender of the given event according to
     their auth events.
 
     Args:
-        room_id
-        event_id
-        event_map
-        state_res_store
+        room_id (str)
+        event_id (str)
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
 
     Returns:
-        The power level.
+        Deferred[int]
     """
     event = await _get_event(room_id, event_id, event_map, state_res_store)
 
@@ -235,21 +217,17 @@ async def _get_power_level_for_sender(
         return int(level)
 
 
-async def _get_auth_chain_difference(
-    state_sets: Sequence[StateMap[str]],
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-) -> Set[str]:
+async def _get_auth_chain_difference(state_sets, event_map, state_res_store):
     """Compare the auth chains of each state set and return the set of events
     that only appear in some but not all of the auth chains.
 
     Args:
-        state_sets
-        event_map
-        state_res_store
+        state_sets (list)
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
 
     Returns:
-        Set of event IDs
+        Deferred[set[str]]: Set of event IDs
     """
 
     difference = await state_res_store.get_auth_chain_difference(
@@ -259,19 +237,17 @@ async def _get_auth_chain_difference(
     return difference
 
 
-def _seperate(
-    state_sets: Iterable[StateMap[str]],
-) -> Tuple[StateMap[str], StateMap[Set[str]]]:
+def _seperate(state_sets):
     """Return the unconflicted and conflicted state. This is different than in
     the original algorithm, as this defines a key to be conflicted if one of
     the state sets doesn't have that key.
 
     Args:
-        state_sets
+        state_sets (list)
 
     Returns:
-        A tuple of unconflicted and conflicted state. The conflicted state dict
-        is a map from type/state_key to set of event IDs
+        tuple[dict, dict]: A tuple of unconflicted and conflicted state. The
+        conflicted state dict is a map from type/state_key to set of event IDs
     """
     unconflicted_state = {}
     conflicted_state = {}
@@ -284,20 +260,18 @@ def _seperate(
             event_ids.discard(None)
             conflicted_state[key] = event_ids
 
-    # mypy doesn't understand that discarding None above means that conflicted
-    # state is StateMap[Set[str]], not StateMap[Set[Optional[Str]]].
-    return unconflicted_state, conflicted_state  # type: ignore
+    return unconflicted_state, conflicted_state
 
 
-def _is_power_event(event: EventBase) -> bool:
+def _is_power_event(event):
     """Return whether or not the event is a "power event", as defined by the
     v2 state resolution algorithm
 
     Args:
-        event
+        event (FrozenEvent)
 
     Returns:
-        True if the event is a power event.
+        boolean
     """
     if (event.type, event.state_key) in (
         (EventTypes.PowerLevels, ""),
@@ -314,23 +288,19 @@ def _is_power_event(event: EventBase) -> bool:
 
 
 async def _add_event_and_auth_chain_to_graph(
-    graph: Dict[str, Set[str]],
-    room_id: str,
-    event_id: str,
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-    auth_diff: Set[str],
-) -> None:
+    graph, room_id, event_id, event_map, state_res_store, auth_diff
+):
     """Helper function for _reverse_topological_power_sort that add the event
     and its auth chain (that is in the auth diff) to the graph
 
     Args:
-        graph: A map from event ID to the events auth event IDs
-        room_id: the room we are working in
-        event_id: Event to add to the graph
-        event_map
-        state_res_store
-        auth_diff: Set of event IDs that are in the auth difference.
+        graph (dict[str, set[str]]): A map from event ID to the events auth
+            event IDs
+        room_id (str): the room we are working in
+        event_id (str): Event to add to the graph
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
+        auth_diff (set[str]): Set of event IDs that are in the auth difference.
     """
 
     state = [event_id]
@@ -348,29 +318,24 @@ async def _add_event_and_auth_chain_to_graph(
 
 
 async def _reverse_topological_power_sort(
-    clock: Clock,
-    room_id: str,
-    event_ids: Iterable[str],
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-    auth_diff: Set[str],
-) -> List[str]:
+    clock, room_id, event_ids, event_map, state_res_store, auth_diff
+):
     """Returns a list of the event_ids sorted by reverse topological ordering,
     and then by power level and origin_server_ts
 
     Args:
-        clock
-        room_id: the room we are working in
-        event_ids: The events to sort
-        event_map
-        state_res_store
-        auth_diff: Set of event IDs that are in the auth difference.
+        clock (Clock)
+        room_id (str): the room we are working in
+        event_ids (list[str]): The events to sort
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
+        auth_diff (set[str]): Set of event IDs that are in the auth difference.
 
     Returns:
-        The sorted list
+        Deferred[list[str]]: The sorted list
     """
 
-    graph = {}  # type: Dict[str, Set[str]]
+    graph = {}
     for idx, event_id in enumerate(event_ids, start=1):
         await _add_event_and_auth_chain_to_graph(
             graph, room_id, event_id, event_map, state_res_store, auth_diff
@@ -407,28 +372,22 @@ async def _reverse_topological_power_sort(
 
 
 async def _iterative_auth_checks(
-    clock: Clock,
-    room_id: str,
-    room_version: str,
-    event_ids: List[str],
-    base_state: StateMap[str],
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-) -> StateMap[str]:
+    clock, room_id, room_version, event_ids, base_state, event_map, state_res_store
+):
     """Sequentially apply auth checks to each event in given list, updating the
     state as it goes along.
 
     Args:
-        clock
-        room_id
-        room_version
-        event_ids: Ordered list of events to apply auth checks to
-        base_state: The set of state to start with
-        event_map
-        state_res_store
+        clock (Clock)
+        room_id (str)
+        room_version (str)
+        event_ids (list[str]): Ordered list of events to apply auth checks to
+        base_state (StateMap[str]): The set of state to start with
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
 
     Returns:
-        Returns the final updated state
+        Deferred[StateMap[str]]: Returns the final updated state
     """
     resolved_state = base_state.copy()
     room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
@@ -480,26 +439,21 @@ async def _iterative_auth_checks(
 
 
 async def _mainline_sort(
-    clock: Clock,
-    room_id: str,
-    event_ids: List[str],
-    resolved_power_event_id: Optional[str],
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-) -> List[str]:
+    clock, room_id, event_ids, resolved_power_event_id, event_map, state_res_store
+):
     """Returns a sorted list of event_ids sorted by mainline ordering based on
     the given event resolved_power_event_id
 
     Args:
-        clock
-        room_id: room we're working in
-        event_ids: Events to sort
-        resolved_power_event_id: The final resolved power level event ID
-        event_map
-        state_res_store
+        clock (Clock)
+        room_id (str): room we're working in
+        event_ids (list[str]): Events to sort
+        resolved_power_event_id (str): The final resolved power level event ID
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
 
     Returns:
-        The sorted list
+        Deferred[list[str]]: The sorted list
     """
     if not event_ids:
         # It's possible for there to be no event IDs here to sort, so we can
@@ -551,90 +505,59 @@ async def _mainline_sort(
 
 
 async def _get_mainline_depth_for_event(
-    event: EventBase,
-    mainline_map: Dict[str, int],
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-) -> int:
+    event, mainline_map, event_map, state_res_store
+):
     """Get the mainline depths for the given event based on the mainline map
 
     Args:
-        event
-        mainline_map: Map from event_id to mainline depth for events in the mainline.
-        event_map
-        state_res_store
+        event (FrozenEvent)
+        mainline_map (dict[str, int]): Map from event_id to mainline depth for
+            events in the mainline.
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
 
     Returns:
-        The mainline depth
+        Deferred[int]
     """
 
     room_id = event.room_id
-    tmp_event = event  # type: Optional[EventBase]
 
     # We do an iterative search, replacing `event with the power level in its
     # auth events (if any)
-    while tmp_event:
+    while event:
         depth = mainline_map.get(event.event_id)
         if depth is not None:
             return depth
 
-        auth_events = tmp_event.auth_event_ids()
-        tmp_event = None
+        auth_events = event.auth_event_ids()
+        event = None
 
         for aid in auth_events:
             aev = await _get_event(
                 room_id, aid, event_map, state_res_store, allow_none=True
             )
             if aev and (aev.type, aev.state_key) == (EventTypes.PowerLevels, ""):
-                tmp_event = aev
+                event = aev
                 break
 
     # Didn't find a power level auth event, so we just return 0
     return 0
 
 
-@overload
-async def _get_event(
-    room_id: str,
-    event_id: str,
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-    allow_none: Literal[False] = False,
-) -> EventBase:
-    ...
-
-
-@overload
-async def _get_event(
-    room_id: str,
-    event_id: str,
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-    allow_none: Literal[True],
-) -> Optional[EventBase]:
-    ...
-
-
-async def _get_event(
-    room_id: str,
-    event_id: str,
-    event_map: Dict[str, EventBase],
-    state_res_store: "synapse.state.StateResolutionStore",
-    allow_none: bool = False,
-) -> Optional[EventBase]:
+async def _get_event(room_id, event_id, event_map, state_res_store, allow_none=False):
     """Helper function to look up event in event_map, falling back to looking
     it up in the store
 
     Args:
-        room_id
-        event_id
-        event_map
-        state_res_store
-        allow_none: if the event is not found, return None rather than raising
+        room_id (str)
+        event_id (str)
+        event_map (dict[str,FrozenEvent])
+        state_res_store (StateResolutionStore)
+        allow_none (bool): if the event is not found, return None rather than raising
             an exception
 
     Returns:
-        The event, or none if the event does not exist (and allow_none is True).
+        Deferred[Optional[FrozenEvent]]
     """
     if event_id not in event_map:
         events = await state_res_store.get_events([event_id], allow_rejected=True)
@@ -654,9 +577,7 @@ async def _get_event(
     return event
 
 
-def lexicographical_topological_sort(
-    graph: Dict[str, Set[str]], key: Callable[[str], Any]
-) -> Generator[str, None, None]:
+def lexicographical_topological_sort(graph, key):
     """Performs a lexicographic reverse topological sort on the graph.
 
     This returns a reverse topological sort (i.e. if node A references B then B
@@ -666,20 +587,20 @@ def lexicographical_topological_sort(
     NOTE: `graph` is modified during the sort.
 
     Args:
-        graph: A representation of the graph where each node is a key in the
-            dict and its value are the nodes edges.
-        key: A function that takes a node and returns a value that is comparable
-            and used to order nodes
+        graph (dict[str, set[str]]): A representation of the graph where each
+            node is a key in the dict and its value are the nodes edges.
+        key (func): A function that takes a node and returns a value that is
+            comparable and used to order nodes
 
     Yields:
-        The next node in the topological sort
+        str: The next node in the topological sort
     """
 
     # Note, this is basically Kahn's algorithm except we look at nodes with no
     # outgoing edges, c.f.
     # https://en.wikipedia.org/wiki/Topological_sorting#Kahn's_algorithm
     outdegree_map = graph
-    reverse_graph = {}  # type: Dict[str, Set[str]]
+    reverse_graph = {}
 
     # Lists of nodes with zero out degree. Is actually a tuple of
     # `(key(node), node)` so that sorting does the right thing

synapse/storage/_base.py

@@ -19,11 +19,12 @@ import random
 from abc import ABCMeta
 from typing import Any, Optional
 
+from canonicaljson import json
+
 from synapse.storage.database import LoggingTransaction  # noqa: F401
 from synapse.storage.database import make_in_list_sql_clause  # noqa: F401
 from synapse.storage.database import DatabasePool
 from synapse.types import Collection, get_domain_from_id
-from synapse.util import json_decoder
 
 logger = logging.getLogger(__name__)
 
@@ -98,13 +99,13 @@ def db_to_json(db_content):
     if isinstance(db_content, memoryview):
         db_content = db_content.tobytes()
 
-    # Decode it to a Unicode string before feeding it to the JSON decoder, since
+    # Decode it to a Unicode string before feeding it to json.loads, since
     # Python 3.5 does not support deserializing bytes.
     if isinstance(db_content, (bytes, bytearray)):
         db_content = db_content.decode("utf8")
 
     try:
-        return json_decoder.decode(db_content)
+        return json.loads(db_content)
     except Exception:
         logging.warning("Tried to decode '%r' as JSON and failed", db_content)
         raise

synapse/storage/background_updates.py

@@ -16,8 +16,9 @@
 import logging
 from typing import Optional
 
+from canonicaljson import json
+
 from synapse.metrics.background_process_metrics import run_as_background_process
-from synapse.util import json_encoder
 
 from . import engines
 
@@ -456,7 +457,7 @@ class BackgroundUpdater(object):
             progress(dict): The progress of the update.
         """
 
-        progress_json = json_encoder.encode(progress)
+        progress_json = json.dumps(progress)
 
         self.db_pool.simple_update_one_txn(
             txn,

synapse/storage/databases/__init__.py

@@ -87,21 +87,12 @@ class Databases(object):
 
                 logger.info("Database %r prepared", db_name)
 
-            # Closing the context manager doesn't close the connection.
-            # psycopg will close the connection when the object gets GCed, but *only*
-            # if the PID is the same as when the connection was opened [1], and
-            # it may not be if we fork in the meantime.
-            #
-            # [1]: https://github.com/psycopg/psycopg2/blob/2_8_5/psycopg/connection_type.c#L1378
-
-            db_conn.close()
-
         # Sanity check that we have actually configured all the required stores.
         if not main:
             raise Exception("No 'main' data store configured")
 
         if not state:
-            raise Exception("No 'state' data store configured")
+            raise Exception("No 'main' data store configured")
 
         # We use local variables here to ensure that the databases do not have
         # optional types.