comments

How did I flip that again??
Fix error code indentations and handling
2019-09-12 15:58:32 +01:00 · 2019-09-12 15:56:01 +01:00 · 2019-09-11 13:38:16 +01:00 · 2019-09-10 13:37:33 +01:00 · 2019-09-10 13:19:16 +01:00 · 2019-09-06 11:45:51 +01:00
202 changed files with 4728 additions and 2071 deletions
@@ -6,6 +6,7 @@ services:
    image: postgres:9.5
    environment:
      POSTGRES_PASSWORD: postgres
+    command: -c fsync=off

  testenv:
    image: python:3.5
@@ -16,6 +17,6 @@ services:
      SYNAPSE_POSTGRES_HOST: postgres
      SYNAPSE_POSTGRES_USER: postgres
      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /app
+    working_dir: /src
    volumes:
-      - ..:/app
+      - ..:/src
@@ -6,6 +6,7 @@ services:
    image: postgres:11
    environment:
      POSTGRES_PASSWORD: postgres
+    command: -c fsync=off

  testenv:
    image: python:3.7
@@ -16,6 +17,6 @@ services:
      SYNAPSE_POSTGRES_HOST: postgres
      SYNAPSE_POSTGRES_USER: postgres
      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /app
+    working_dir: /src
    volumes:
-      - ..:/app
+      - ..:/src
@@ -6,6 +6,7 @@ services:
    image: postgres:9.5
    environment:
      POSTGRES_PASSWORD: postgres
+    command: -c fsync=off

  testenv:
    image: python:3.7
@@ -16,6 +17,6 @@ services:
      SYNAPSE_POSTGRES_HOST: postgres
      SYNAPSE_POSTGRES_USER: postgres
      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /app
+    working_dir: /src
    volumes:
-      - ..:/app
+      - ..:/src
@@ -1,3 +1,18 @@
+# -*- coding: utf-8 -*-
+# Copyright 2019 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 import sys
 from tap.parser import Parser
 from tap.line import Result, Unknown, Diagnostic
@@ -27,7 +27,7 @@ git config --global user.name "A robot"

 # Fetch and merge. If it doesn't work, it will raise due to set -e.
 git fetch -u origin $GITBASE
-git merge --no-edit origin/$GITBASE
+git merge --no-edit --no-commit origin/$GITBASE

 # Show what we are after.
 git --no-pager show -s
@@ -1,240 +0,0 @@
-env:
-  CODECOV_TOKEN: "2dd7eb9b-0eda-45fe-a47c-9b5ac040045f"
-
-steps:
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e check_codestyle"
-    label: "\U0001F9F9 Check Style"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e packaging"
-    label: "\U0001F9F9 packaging"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e check_isort"
-    label: "\U0001F9F9 isort"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-
-  - command:
-      - "python -m pip install tox"
-      - "scripts-dev/check-newsfragment"
-    label: ":newspaper: Newsfile"
-    branches: "!master !develop !release-*"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-          propagate-environment: true
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e check-sampleconfig"
-    label: "\U0001F9F9 check-sample-config"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-
-  - wait
-
-
-  - command:
-      - "apt-get update && apt-get install -y python3.5 python3.5-dev python3-pip libxml2-dev libxslt-dev zlib1g-dev"
-      - "python3.5 -m pip install tox"
-      - "tox -e py35-old,codecov"
-    label: ":python: 3.5 / SQLite / Old Deps"
-    env:
-      TRIAL_FLAGS: "-j 2"
-    plugins:
-      - docker#v3.0.1:
-          image: "ubuntu:xenial"  # We use xenail to get an old sqlite and python
-          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e py35,codecov"
-    label: ":python: 3.5 / SQLite"
-    env:
-      TRIAL_FLAGS: "-j 2"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.5"
-          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e py36,codecov"
-    label: ":python: 3.6 / SQLite"
-    env:
-      TRIAL_FLAGS: "-j 2"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
-          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - command:
-      - "python -m pip install tox"
-      - "tox -e py37,codecov"
-    label: ":python: 3.7 / SQLite"
-    env:
-      TRIAL_FLAGS: "-j 2"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:3.7"
-          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: ":python: 3.5 / :postgres: 9.5"
-    agents:
-      queue: "medium"
-    env:
-      TRIAL_FLAGS: "-j 8"
-    command:
-      - "bash -c 'python -m pip install tox && python -m tox -e py35-postgres,codecov'"
-    plugins:
-      - docker-compose#v2.1.0:
-          run: testenv
-          config:
-            - .buildkite/docker-compose.py35.pg95.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: ":python: 3.7 / :postgres: 9.5"
-    agents:
-      queue: "medium"
-    env:
-      TRIAL_FLAGS: "-j 8"
-    command:
-      - "bash -c 'python -m pip install tox && python -m tox -e py37-postgres,codecov'"
-    plugins:
-      - docker-compose#v2.1.0:
-          run: testenv
-          config:
-            - .buildkite/docker-compose.py37.pg95.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: ":python: 3.7 / :postgres: 11"
-    agents:
-      queue: "medium"
-    env:
-      TRIAL_FLAGS: "-j 8"
-    command:
-      - "bash -c 'python -m pip install tox && python -m tox -e py37-postgres,codecov'"
-    plugins:
-      - docker-compose#v2.1.0:
-          run: testenv
-          config:
-            - .buildkite/docker-compose.py37.pg11.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-
-  - label: "SyTest - :python: 3.5 / SQLite / Monolith"
-    agents:
-      queue: "medium"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: "SyTest - :python: 3.5 / :postgres: 9.6 / Monolith"
-    agents:
-      queue: "medium"
-    env:
-      POSTGRES: "1"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: "SyTest - :python: 3.5 / :postgres: 9.6 / Workers"
-    agents:
-      queue: "medium"
-    env:
-      POSTGRES: "1"
-      WORKERS: "1"
-      BLACKLIST: "synapse-blacklist-with-workers"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash -c 'cat /src/sytest-blacklist /src/.buildkite/worker-blacklist > /src/synapse-blacklist-with-workers'"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
@@ -1,7 +1,8 @@
 [run]
 branch = True
 parallel = True
-include = synapse/*
+include=$TOP/synapse/*
+data_file = $TOP/.coverage

 [report]
 precision = 2
@@ -20,6 +20,7 @@ _trial_temp*/
 /*.signing.key
 /env/
 /homeserver*.yaml
+/logs
 /media_store/
 /uploads

@@ -29,8 +30,9 @@ _trial_temp*/
 /.vscode/

 # build products
-/.coverage*
 !/.coveragerc
+/.coverage*
+/.mypy_cache/
 /.tox
 /build/
 /coverage.*
@@ -38,4 +40,3 @@ _trial_temp*/
 /docs/build/
 /htmlcov
 /pip-wheel-metadata/
-
@@ -36,7 +36,7 @@ that your email address is probably `user@example.com` rather than
 System requirements:

 - POSIX-compliant system (tested on Linux & OS X)
- Python 3.5, 3.6, 3.7, or 2.7
+- Python 3.5, 3.6, or 3.7
 - At least 1GB of free RAM if you want to join large public rooms like #matrix:matrix.org

 Synapse is written in Python but some of the libraries it uses are written in
@@ -421,7 +421,7 @@ If Synapse is not configured with an SMTP server, password reset via email will

 The easiest way to create a new user is to do so from a client like [Riot](https://riot.im).

-Alternatively you can do so from the command line if you have installed via pip. 
+Alternatively you can do so from the command line if you have installed via pip.

 This can be done as follows:

@@ -0,0 +1 @@
+Lay the groundwork for structured logging output.
@@ -0,0 +1 @@
+Opentracing for device list updates.
@@ -0,0 +1 @@
+Add unstable support for MSC2197 (filtered search requests over federation), in order to allow upcoming room directory query performance improvements.
@@ -0,0 +1 @@
+Correctly retry all hosts returned from SRV when we fail to connect.
@@ -0,0 +1 @@
+Compatibility with v2 Identity Service APIs other than /lookup.
@@ -0,0 +1 @@
+Add support for config templating.
@@ -0,0 +1 @@
+Users with the type of "support" or "bot" are no longer required to consent.
@@ -0,0 +1 @@
+Let synctl accept a directory of config files.
@@ -0,0 +1 @@
+Add admin API endpoint for getting whether or not a user is a server administrator.
@@ -0,0 +1 @@
+Fix 404 for thumbnail download when `dynamic_thumbnails` is `false` and the thumbnail was dynamically generated. Fix reported by rkfg.
@@ -0,0 +1 @@
+Fix a cache-invalidation bug for worker-based deployments.
@@ -0,0 +1 @@
+Update Buildkite pipeline to use plugins instead of buildkite-agent commands.
@@ -0,0 +1 @@
+Add link in sample config to the logging config schema.
@@ -0,0 +1 @@
+Remove unnecessary parentheses in return statements.
@@ -0,0 +1 @@
+Remove unused jenkins/prepare_sytest.sh file.
@@ -0,0 +1 @@
+Move Buildkite pipeline config to the pipelines repo.
@@ -0,0 +1 @@
+Update INSTALL.md to say that Python 2 is no longer supported.
@@ -0,0 +1 @@
+Remove unnecessary return statements in the codebase which were the result of a regex run.
@@ -0,0 +1 @@
+Remove left-over methods from C/S registration API.
@@ -0,0 +1 @@
+Remove `bind_email` and `bind_msisdn` parameters from /register ala MSC2140.
@@ -0,0 +1 @@
+Fix admin API for listing media in a room not being available with an external media repo.
@@ -0,0 +1 @@
+Fix list media admin API always returning an error.
@@ -0,0 +1 @@
+Avoid changing UID/GID if they are already correct.
@@ -0,0 +1 @@
+Fix room and user stats tracking.
@@ -0,0 +1 @@
+Cleanup event auth type initialisation.
@@ -0,0 +1 @@
+Add POST /_matrix/client/r0/account/3pid/unbind endpoint from MSC2140 for unbinding a 3PID from an identity server without removing it from the homeserver user account.
@@ -0,0 +1 @@
+Include missing opentracing contexts in outbout replication requests.
@@ -0,0 +1 @@
+Add minimum opentracing for client servlets.
@@ -0,0 +1 @@
+Fix sending of EDUs when opentracing is enabled with an empty whitelist.
@@ -0,0 +1 @@
+Trace replication send times.
@@ -0,0 +1 @@
+Fix invalid references to None while opentracing if the log context slips.
@@ -0,0 +1 @@
+Give appropriate exit codes when synctl fails.
@@ -268,6 +268,7 @@ class SynapseCmd(cmd.Cmd):

    @defer.inlineCallbacks
    def _do_emailrequest(self, args):
+        # TODO: Update to use v2 Identity Service API endpoint
        url = (
            self._identityServerUrl()
            + "/_matrix/identity/api/v1/validate/email/requestToken"
@@ -302,6 +303,7 @@ class SynapseCmd(cmd.Cmd):

    @defer.inlineCallbacks
    def _do_emailvalidate(self, args):
+        # TODO: Update to use v2 Identity Service API endpoint
        url = (
            self._identityServerUrl()
            + "/_matrix/identity/api/v1/validate/email/submitToken"
@@ -330,6 +332,7 @@ class SynapseCmd(cmd.Cmd):

    @defer.inlineCallbacks
    def _do_3pidbind(self, args):
+        # TODO: Update to use v2 Identity Service API endpoint
        url = self._identityServerUrl() + "/_matrix/identity/api/v1/3pid/bind"

        json_res = yield self.http_client.do_request(
@@ -398,6 +401,7 @@ class SynapseCmd(cmd.Cmd):
    @defer.inlineCallbacks
    def _do_invite(self, roomid, userstring):
        if not userstring.startswith("@") and self._is_on("complete_usernames"):
+            # TODO: Update to use v2 Identity Service API endpoint
            url = self._identityServerUrl() + "/_matrix/identity/api/v1/lookup"

            json_res = yield self.http_client.do_request(
@@ -407,6 +411,7 @@ class SynapseCmd(cmd.Cmd):
            mxid = None

            if "mxid" in json_res and "signatures" in json_res:
+                # TODO: Update to use v2 Identity Service API endpoint
                url = (
                    self._identityServerUrl()
                    + "/_matrix/identity/api/v1/pubkey/ed25519"
@@ -17,7 +17,7 @@ By default, the image expects a single volume, located at ``/data``, that will h
 * the appservices configuration.

 You are free to use separate volumes depending on storage endpoints at your
-disposal. For instance, ``/data/media`` coud be stored on a large but low
+disposal. For instance, ``/data/media`` could be stored on a large but low
 performance hdd storage while other files could be stored on high performance
 endpoints.

@@ -27,8 +27,8 @@ configuration file there. Multiple application services are supported.

 ## Generating a configuration file

-The first step is to genearte a valid config file. To do this, you can run the
-image with the `generate` commandline option.
+The first step is to generate a valid config file. To do this, you can run the
+image with the `generate` command line option.

 You will need to specify values for the `SYNAPSE_SERVER_NAME` and
 `SYNAPSE_REPORT_STATS` environment variable, and mount a docker volume to store
@@ -59,7 +59,7 @@ The following environment variables are supported in `generate` mode:
 * `SYNAPSE_CONFIG_PATH`: path to the file to be generated. Defaults to
  `<SYNAPSE_CONFIG_DIR>/homeserver.yaml`.
 * `SYNAPSE_DATA_DIR`: where the generated config will put persistent data
-  such as the datatase and media store. Defaults to `/data`.
+  such as the database and media store. Defaults to `/data`.
 * `UID`, `GID`: the user id and group id to use for creating the data
  directories. Defaults to `991`, `991`.

@@ -115,7 +115,7 @@ not given).

 To migrate from a dynamic configuration file to a static one, run the docker
 container once with the environment variables set, and `migrate_config`
-commandline option. For example:
+command line option. For example:

 ```
 docker run -it --rm \
@@ -41,8 +41,8 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
        config_dir (str): where to put generated config files
        config_path (str): where to put the main config file
        environ (dict): environment dictionary
-        ownership (str): "<user>:<group>" string which will be used to set
-            ownership of the generated configs
+        ownership (str|None): "<user>:<group>" string which will be used to set
+            ownership of the generated configs. If None, ownership will not change.
    """
    for v in ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"):
        if v not in environ:
@@ -105,24 +105,24 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
    log("Generating log config file " + log_config_file)
    convert("/conf/log.config", log_config_file, environ)

-    subprocess.check_output(["chown", "-R", ownership, "/data"])
-
    # Hopefully we already have a signing key, but generate one if not.
-    subprocess.check_output(
-        [
-            "su-exec",
-            ownership,
-            "python",
-            "-m",
-            "synapse.app.homeserver",
-            "--config-path",
-            config_path,
-            # tell synapse to put generated keys in /data rather than /compiled
-            "--keys-directory",
-            config_dir,
-            "--generate-keys",
-        ]
-    )
+    args = [
+        "python",
+        "-m",
+        "synapse.app.homeserver",
+        "--config-path",
+        config_path,
+        # tell synapse to put generated keys in /data rather than /compiled
+        "--keys-directory",
+        config_dir,
+        "--generate-keys",
+    ]
+
+    if ownership is not None:
+        subprocess.check_output(["chown", "-R", ownership, "/data"])
+        args = ["su-exec", ownership] + args
+
+    subprocess.check_output(args)


 def run_generate_config(environ, ownership):
@@ -130,7 +130,7 @@ def run_generate_config(environ, ownership):

    Args:
        environ (dict): env var dict
-        ownership (str): "userid:groupid" arg for chmod
+        ownership (str|None): "userid:groupid" arg for chmod. If None, ownership will not change.

    Never returns.
    """
@@ -149,9 +149,6 @@ def run_generate_config(environ, ownership):
        log("Creating log config %s" % (log_config_file,))
        convert("/conf/log.config", log_config_file, environ)

-    # make sure that synapse has perms to write to the data dir.
-    subprocess.check_output(["chown", ownership, data_dir])
-
    args = [
        "python",
        "-m",
@@ -170,12 +167,33 @@ def run_generate_config(environ, ownership):
        "--open-private-ports",
    ]
    # log("running %s" % (args, ))
-    os.execv("/usr/local/bin/python", args)
+
+    if ownership is not None:
+        args = ["su-exec", ownership] + args
+        os.execv("/sbin/su-exec", args)
+
+        # make sure that synapse has perms to write to the data dir.
+        subprocess.check_output(["chown", ownership, data_dir])
+    else:
+        os.execv("/usr/local/bin/python", args)


 def main(args, environ):
    mode = args[1] if len(args) > 1 else None
-    ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
+    desired_uid = int(environ.get("UID", "991"))
+    desired_gid = int(environ.get("GID", "991"))
+    if (desired_uid == os.getuid()) and (desired_gid == os.getgid()):
+        ownership = None
+    else:
+        ownership = "{}:{}".format(desired_uid, desired_gid)
+
+    log(
+        "Container running as UserID %s:%s, ENV (or defaults) requests %s:%s"
+        % (os.getuid(), os.getgid(), desired_uid, desired_gid)
+    )
+
+    if ownership is None:
+        log("Will not perform chmod/su-exec as UserID already matches request")

    # In generate mode, generate a configuration and missing keys, then exit
    if mode == "generate":
@@ -227,16 +245,12 @@ def main(args, environ):

    log("Starting synapse with config file " + config_path)

-    args = [
-        "su-exec",
-        ownership,
-        "python",
-        "-m",
-        "synapse.app.homeserver",
-        "--config-path",
-        config_path,
-    ]
-    os.execv("/sbin/su-exec", args)
+    args = ["python", "-m", "synapse.app.homeserver", "--config-path", config_path]
+    if ownership is not None:
+        args = ["su-exec", ownership] + args
+        os.execv("/sbin/su-exec", args)
+    else:
+        os.execv("/usr/local/bin/python", args)


 if __name__ == "__main__":
@@ -86,6 +86,25 @@ with a body of:
 including an ``access_token`` of a server admin.


+Get whether a user is a server administrator or not
+===================================================
+
+
+The api is::
+
+    GET /_synapse/admin/v1/users/<user_id>/admin
+
+including an ``access_token`` of a server admin.
+
+A response body like the following is returned:
+
+.. code:: json
+
+    {
+        "admin": true
+    }
+
+
 Change whether a user is a server administrator or not
 ======================================================

@@ -0,0 +1,62 @@
+Room and User Statistics
+========================
+
+Synapse maintains room and user statistics (as well as a cache of room state),
+in various tables. These can be used for administrative purposes but are also
+used when generating the public room directory.
+
+
+# Synapse Developer Documentation
+
+## High-Level Concepts
+
+### Definitions
+
+* **subject**: Something we are tracking stats about – currently a room or user.
+* **current row**: An entry for a subject in the appropriate current statistics
+    table. Each subject can have only one.
+* **historical row**: An entry for a subject in the appropriate historical
+    statistics table. Each subject can have any number of these.
+
+### Overview
+
+Stats are maintained as time series. There are two kinds of column:
+
+* absolute columns – where the value is correct for the time given by `end_ts`
+    in the stats row. (Imagine a line graph for these values)
+    * They can also be thought of as 'gauges' in Prometheus, if you are familiar.
+* per-slice columns – where the value corresponds to how many of the occurrences
+    occurred within the time slice given by `(end_ts − bucket_size)…end_ts`
+    or `start_ts…end_ts`. (Imagine a histogram for these values)
+
+Stats are maintained in two tables (for each type): current and historical.
+
+Current stats correspond to the present values. Each subject can only have one
+entry.
+
+Historical stats correspond to values in the past. Subjects may have multiple
+entries.
+
+## Concepts around the management of stats
+
+### Current rows
+
+Current rows contain the most up-to-date statistics for a room.
+They only contain absolute columns
+
+### Historical rows
+
+Historical rows can always be considered to be valid for the time slice and
+end time specified.
+
+* historical rows will not exist for every time slice – they will be omitted
+    if there were no changes. In this case, the following assumptions can be
+    made to interpolate/recreate missing rows:
+    - absolute fields have the same values as in the preceding row
+    - per-slice fields are zero (`0`)
+* historical rows will not be retained forever – rows older than a configurable
+    time will be purged.
+
+#### Purge
+
+The purging of historical rows is not yet implemented.
@@ -205,9 +205,9 @@ listeners:
  #
  - port: 8008
    tls: false
-    bind_addresses: ['::1', '127.0.0.1']
    type: http
    x_forwarded: true
+    bind_addresses: ['::1', '127.0.0.1']

    resources:
      - names: [client, federation]
@@ -392,10 +392,10 @@ listeners:
 #    permission to listen on port 80.
 #
 acme:
-    # ACME support is disabled by default. Uncomment the following line
-    # (and tls_certificate_path and tls_private_key_path above) to enable it.
+    # ACME support is disabled by default. Set this to `true` and uncomment
+    # tls_certificate_path and tls_private_key_path above to enable it.
    #
-    #enabled: true
+    enabled: False

    # Endpoint to use to request certificates. If you only want to test,
    # use Let's Encrypt's staging url:
@@ -406,17 +406,17 @@ acme:
    # Port number to listen on for the HTTP-01 challenge. Change this if
    # you are forwarding connections through Apache/Nginx/etc.
    #
-    #port: 80
+    port: 80

    # Local addresses to listen on for incoming connections.
    # Again, you may want to change this if you are forwarding connections
    # through Apache/Nginx/etc.
    #
-    #bind_addresses: ['::', '0.0.0.0']
+    bind_addresses: ['::', '0.0.0.0']

    # How many days remaining on a certificate before it is renewed.
    #
-    #reprovision_threshold: 30
+    reprovision_threshold: 30

    # The domain that the certificate should be for. Normally this
    # should be the same as your Matrix domain (i.e., 'server_name'), but,
@@ -430,7 +430,7 @@ acme:
    #
    # If not set, defaults to your 'server_name'.
    #
-    #domain: matrix.example.com
+    domain: matrix.example.com

    # file to use for the account key. This will be generated if it doesn't
    # exist.
@@ -485,7 +485,8 @@ database:

 ## Logging ##

-# A yaml python logging config file
+# A yaml python logging config file as described by
+# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 #
 log_config: "CONFDIR/SERVERNAME.log.config"

@@ -0,0 +1,83 @@
+# Structured Logging
+
+A structured logging system can be useful when your logs are destined for a machine to parse and process. By maintaining its machine-readable characteristics, it enables more efficient searching and aggregations when consumed by software such as the "ELK stack".
+
+Synapse's structured logging system is configured via the file that Synapse's `log_config` config option points to. The file must be YAML and contain `structured: true`. It must contain a list of "drains" (places where logs go to).
+
+A structured logging configuration looks similar to the following:
+
+```yaml
+structured: true
+
+loggers:
+    synapse:
+        level: INFO
+    synapse.storage.SQL:
+        level: WARNING
+
+drains:
+    console:
+        type: console
+        location: stdout
+    file:
+        type: file_json
+        location: homeserver.log
+```
+
+The above logging config will set Synapse as 'INFO' logging level by default, with the SQL layer at 'WARNING', and will have two logging drains (to the console and to a file, stored as JSON).
+
+## Drain Types
+
+Drain types can be specified by the `type` key.
+
+### `console`
+
+Outputs human-readable logs to the console.
+
+Arguments:
+
+- `location`: Either `stdout` or `stderr`.
+
+### `console_json`
+
+Outputs machine-readable JSON logs to the console.
+
+Arguments:
+
+- `location`: Either `stdout` or `stderr`.
+
+### `console_json_terse`
+
+Outputs machine-readable JSON logs to the console, separated by newlines. This
+format is not designed to be read and re-formatted into human-readable text, but
+is optimal for a logging aggregation system.
+
+Arguments:
+
+- `location`: Either `stdout` or `stderr`.
+
+### `file`
+
+Outputs human-readable logs to a file.
+
+Arguments:
+
+- `location`: An absolute path to the file to log to.
+
+### `file_json`
+
+Outputs machine-readable logs to a file.
+
+Arguments:
+
+- `location`: An absolute path to the file to log to.
+
+### `network_json_terse`
+
+Delivers machine-readable JSON logs to a log aggregator over TCP. This is
+compatible with LogStash's TCP input with the codec set to `json_lines`.
+
+Arguments:
+
+- `host`: Hostname or IP address of the log aggregator.
+- `port`: Numerical port to contact on the host.
@@ -1,16 +0,0 @@
-#! /bin/bash
-
-set -eux
-
-cd "`dirname $0`/.."
-
-TOX_DIR=$WORKSPACE/.tox
-
-mkdir -p $TOX_DIR
-
-if ! [ $TOX_DIR -ef .tox ]; then
-    ln -s "$TOX_DIR" .tox
-fi
-
-# set up the virtualenv
-tox -e py27 --notest -v
@@ -276,25 +276,25 @@ class Auth(object):
            self.get_access_token_from_request(request)
        )
        if app_service is None:
-            return (None, None)
+            return None, None

        if app_service.ip_range_whitelist:
            ip_address = IPAddress(self.hs.get_ip_from_request(request))
            if ip_address not in app_service.ip_range_whitelist:
-                return (None, None)
+                return None, None

        if b"user_id" not in request.args:
-            return (app_service.sender, app_service)
+            return app_service.sender, app_service

        user_id = request.args[b"user_id"][0].decode("utf8")
        if app_service.sender == user_id:
-            return (app_service.sender, app_service)
+            return app_service.sender, app_service

        if not app_service.is_interested_in_user(user_id):
            raise AuthError(403, "Application service cannot masquerade as this user.")
        if not (yield self.store.get_user_by_id(user_id)):
            raise AuthError(403, "Application service has not registered this user")
-        return (user_id, app_service)
+        return user_id, app_service

    @defer.inlineCallbacks
    def get_user_by_access_token(self, token, rights="access"):
@@ -694,7 +694,7 @@ class Auth(object):
            #  * The user is a guest user, and has joined the room
            # else it will throw.
            member_event = yield self.check_user_was_in_room(room_id, user_id)
-            return (member_event.membership, member_event.event_id)
+            return member_event.membership, member_event.event_id
        except AuthError:
            visibility = yield self.state.get_current_state(
                room_id, EventTypes.RoomHistoryVisibility, ""
@@ -703,8 +703,7 @@ class Auth(object):
                visibility
                and visibility.content["history_visibility"] == "world_readable"
            ):
-                return (Membership.JOIN, None)
-                return
+                return Membership.JOIN, None
            raise AuthError(
                403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
            )
@@ -122,7 +122,8 @@ class UserTypes(object):
    """

    SUPPORT = "support"
-    ALL_USER_TYPES = (SUPPORT,)
+    BOT = "bot"
+    ALL_USER_TYPES = (SUPPORT, BOT)


 class RelationTypes(object):
@@ -36,18 +36,20 @@ from synapse.util.versionstring import get_version_string

 logger = logging.getLogger(__name__)

+# list of tuples of function, args list, kwargs dict
 _sighup_callbacks = []


-def register_sighup(func):
+def register_sighup(func, *args, **kwargs):
    """
    Register a function to be called when a SIGHUP occurs.

    Args:
        func (function): Function to be called when sent a SIGHUP signal.
-            Will be called with a single argument, the homeserver.
+            Will be called with a single default argument, the homeserver.
+        *args, **kwargs: args and kwargs to be passed to the target function.
    """
-    _sighup_callbacks.append(func)
+    _sighup_callbacks.append((func, args, kwargs))


 def start_worker_reactor(appname, config, run_command=reactor.run):
@@ -248,8 +250,8 @@ def start(hs, listeners=None):
                # we're not using systemd.
                sdnotify(b"RELOADING=1")

-                for i in _sighup_callbacks:
-                    i(hs)
+                for i, args, kwargs in _sighup_callbacks:
+                    i(hs, *args, **kwargs)

                sdnotify(b"READY=1")

@@ -227,8 +227,6 @@ def start(config_options):
    config.start_pushers = False
    config.send_federation = False

-    setup_logging(config, use_worker_options=True)
-
    synapse.events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -241,6 +239,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()

    # We use task.react as the basic run command as it correctly handles tearing
@@ -141,8 +141,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.appservice"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -167,6 +165,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ps, config, use_worker_options=True)
+
    ps.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ps, config.worker_listeners
@@ -179,8 +179,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.client_reader"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -193,6 +191,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -175,8 +175,6 @@ def start(config_options):

    assert config.worker_replication_http_port is not None

-    setup_logging(config, use_worker_options=True)
-
    # This should only be done on the user directory worker or the master
    config.update_user_directory = False

@@ -192,6 +190,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -160,8 +160,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.federation_reader"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -174,6 +172,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -171,8 +171,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.federation_sender"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -197,6 +195,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -70,12 +70,12 @@ class PresenceStatusStubServlet(RestServlet):
        except HttpResponseException as e:
            raise e.to_synapse_error()

-        return (200, result)
+        return 200, result

    @defer.inlineCallbacks
    def on_PUT(self, request, user_id):
        yield self.auth.get_user_by_req(request)
-        return (200, {})
+        return 200, {}


 class KeyUploadServlet(RestServlet):
@@ -126,11 +126,11 @@ class KeyUploadServlet(RestServlet):
                self.main_uri + request.uri.decode("ascii"), body, headers=headers
            )

-            return (200, result)
+            return 200, result
        else:
            # Just interested in counts.
            result = yield self.store.count_e2e_one_time_keys(user_id, device_id)
-            return (200, {"one_time_key_counts": result})
+            return 200, {"one_time_key_counts": result}


 class FrontendProxySlavedStore(
@@ -232,8 +232,6 @@ def start(config_options):

    assert config.worker_main_http_uri is not None

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -246,6 +244,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -341,8 +341,6 @@ def setup(config_options):
        # generating config files and shouldn't try to continue.
        sys.exit(0)

-    synapse.config.logger.setup_logging(config, use_worker_options=False)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -356,6 +354,8 @@ def setup(config_options):
        database_engine=database_engine,
    )

+    synapse.config.logger.setup_logging(hs, config, use_worker_options=False)
+
    logger.info("Preparing database: %s...", config.database_config["name"])

    try:
@@ -155,8 +155,6 @@ def start(config_options):
            "Please add ``enable_media_repo: false`` to the main config\n"
        )

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -169,6 +167,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -184,8 +184,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.pusher"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    if config.start_pushers:
@@ -210,6 +208,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ps, config, use_worker_options=True)
+
    ps.setup()

    def start():
@@ -435,8 +435,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.synchrotron"

-    setup_logging(config, use_worker_options=True)
-
    synapse.events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -450,6 +448,8 @@ def start(config_options):
        application_service_handler=SynchrotronApplicationService(),
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -197,8 +197,6 @@ def start(config_options):

    assert config.worker_app == "synapse.app.user_dir"

-    setup_logging(config, use_worker_options=True)
-
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    database_engine = create_engine(config.database_config)
@@ -223,6 +221,8 @@ def start(config_options):
        database_engine=database_engine,
    )

+    setup_logging(ss, config, use_worker_options=True)
+
    ss.setup()
    reactor.addSystemEventTrigger(
        "before", "startup", _base.start, ss, config.worker_listeners
@@ -107,7 +107,6 @@ class ApplicationServiceApi(SimpleHttpClient):
        except CodeMessageException as e:
            if e.code == 404:
                return False
-                return
            logger.warning("query_user to %s received %s", uri, e.code)
        except Exception as ex:
            logger.warning("query_user to %s threw exception %s", uri, ex)
@@ -127,7 +126,6 @@ class ApplicationServiceApi(SimpleHttpClient):
            logger.warning("query_alias to %s received %s", uri, e.code)
            if e.code == 404:
                return False
-                return
        except Exception as ex:
            logger.warning("query_alias to %s threw exception %s", uri, ex)
        return False
@@ -230,7 +228,6 @@ class ApplicationServiceApi(SimpleHttpClient):
            sent_transactions_counter.labels(service.id).inc()
            sent_events_counter.labels(service.id).inc(len(events))
            return True
-            return
        except CodeMessageException as e:
            logger.warning("push_bulk to %s received %s", uri, e.code)
        except Exception as ex:
@@ -13,8 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from ._base import ConfigError
+from ._base import ConfigError, find_config_files

-# export ConfigError if somebody does import *
+# export ConfigError and find_config_files if somebody does
+# import *
 # this is largely a fudge to stop PEP8 moaning about the import
-__all__ = ["ConfigError"]
+__all__ = ["ConfigError", "find_config_files"]
@@ -181,6 +181,11 @@ class Config(object):
        generate_secrets=False,
        report_stats=None,
        open_private_ports=False,
+        listeners=None,
+        database_conf=None,
+        tls_certificate_path=None,
+        tls_private_key_path=None,
+        acme_domain=None,
    ):
        """Build a default configuration file

@@ -207,6 +212,33 @@ class Config(object):
            open_private_ports (bool): True to leave private ports (such as the non-TLS
                HTTP listener) open to the internet.

+            listeners (list(dict)|None): A list of descriptions of the listeners
+                synapse should start with each of which specifies a port (str), a list of
+                resources (list(str)), tls (bool) and type (str). For example:
+                [{
+                    "port": 8448,
+                    "resources": [{"names": ["federation"]}],
+                    "tls": True,
+                    "type": "http",
+                },
+                {
+                    "port": 443,
+                    "resources": [{"names": ["client"]}],
+                    "tls": False,
+                    "type": "http",
+                }],
+
+
+            database (str|None): The database type to configure, either `psycog2`
+                or `sqlite3`.
+
+            tls_certificate_path (str|None): The path to the tls certificate.
+
+            tls_private_key_path (str|None): The path to the tls private key.
+
+            acme_domain (str|None): The domain acme will try to validate. If
+                specified acme will be enabled.
+
        Returns:
            str: the yaml config file
        """
@@ -220,6 +252,11 @@ class Config(object):
                generate_secrets=generate_secrets,
                report_stats=report_stats,
                open_private_ports=open_private_ports,
+                listeners=listeners,
+                database_conf=database_conf,
+                tls_certificate_path=tls_certificate_path,
+                tls_private_key_path=tls_private_key_path,
+                acme_domain=acme_domain,
            )
        )

@@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import os
+from textwrap import indent
+
+import yaml

 from ._base import Config

@@ -38,20 +41,28 @@ class DatabaseConfig(Config):

        self.set_databasepath(config.get("database_path"))

-    def generate_config_section(self, data_dir_path, **kwargs):
-        database_path = os.path.join(data_dir_path, "homeserver.db")
-        return (
-            """\
-        ## Database ##
-
-        database:
-          # The database engine name
+    def generate_config_section(self, data_dir_path, database_conf, **kwargs):
+        if not database_conf:
+            database_path = os.path.join(data_dir_path, "homeserver.db")
+            database_conf = (
+                """# The database engine name
          name: "sqlite3"
          # Arguments to pass to the engine
          args:
            # Path to the database
            database: "%(database_path)s"
+            """
+                % locals()
+            )
+        else:
+            database_conf = indent(yaml.dump(database_conf), " " * 10).lstrip()

+        return (
+            """\
+        ## Database ##
+
+        database:
+          %(database_conf)s
        # Number of events to cache in memory.
        #
        #event_cache_size: 10K
@@ -25,6 +25,10 @@ from twisted.logger import STDLibLogObserver, globalLogBeginner

 import synapse
 from synapse.app import _base as appbase
+from synapse.logging._structured import (
+    reload_structured_logging,
+    setup_structured_logging,
+)
 from synapse.logging.context import LoggingContextFilter
 from synapse.util.versionstring import get_version_string

@@ -85,7 +89,8 @@ class LoggingConfig(Config):
            """\
        ## Logging ##

-        # A yaml python logging config file
+        # A yaml python logging config file as described by
+        # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
        #
        log_config: "%(log_config)s"
        """
@@ -119,21 +124,10 @@ class LoggingConfig(Config):
                log_config_file.write(DEFAULT_LOG_CONFIG.substitute(log_file=log_file))


-def setup_logging(config, use_worker_options=False):
-    """ Set up python logging
-
-    Args:
-        config (LoggingConfig | synapse.config.workers.WorkerConfig):
-            configuration data
-
-        use_worker_options (bool): True to use the 'worker_log_config' option
-            instead of 'log_config'.
-
-        register_sighup (func | None): Function to call to register a
-            sighup handler.
+def _setup_stdlib_logging(config, log_config):
+    """
+    Set up Python stdlib logging.
    """
-    log_config = config.worker_log_config if use_worker_options else config.log_config
-
    if log_config is None:
        log_format = (
            "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s"
@@ -151,35 +145,10 @@ def setup_logging(config, use_worker_options=False):
        handler.addFilter(LoggingContextFilter(request=""))
        logger.addHandler(handler)
    else:
+        logging.config.dictConfig(log_config)

-        def load_log_config():
-            with open(log_config, "r") as f:
-                logging.config.dictConfig(yaml.safe_load(f))
-
-        def sighup(*args):
-            # it might be better to use a file watcher or something for this.
-            load_log_config()
-            logging.info("Reloaded log config from %s due to SIGHUP", log_config)
-
-        load_log_config()
-        appbase.register_sighup(sighup)
-
-    # make sure that the first thing we log is a thing we can grep backwards
-    # for
-    logging.warn("***** STARTING SERVER *****")
-    logging.warn("Server %s version %s", sys.argv[0], get_version_string(synapse))
-    logging.info("Server hostname: %s", config.server_name)
-
-    # It's critical to point twisted's internal logging somewhere, otherwise it
-    # stacks up and leaks kup to 64K object;
-    # see: https://twistedmatrix.com/trac/ticket/8164
-    #
-    # Routing to the python logging framework could be a performance problem if
-    # the handlers blocked for a long time as python.logging is a blocking API
-    # see https://twistedmatrix.com/documents/current/core/howto/logger.html
-    # filed as https://github.com/matrix-org/synapse/issues/1727
-    #
-    # However this may not be too much of a problem if we are just writing to a file.
+    # Route Twisted's native logging through to the standard library logging
+    # system.
    observer = STDLibLogObserver()

    def _log(event):
@@ -201,3 +170,54 @@ def setup_logging(config, use_worker_options=False):
    )
    if not config.no_redirect_stdio:
        print("Redirected stdout/stderr to logs")
+
+
+def _reload_stdlib_logging(*args, log_config=None):
+    logger = logging.getLogger("")
+
+    if not log_config:
+        logger.warn("Reloaded a blank config?")
+
+    logging.config.dictConfig(log_config)
+
+
+def setup_logging(hs, config, use_worker_options=False):
+    """
+    Set up the logging subsystem.
+
+    Args:
+        config (LoggingConfig | synapse.config.workers.WorkerConfig):
+            configuration data
+
+        use_worker_options (bool): True to use the 'worker_log_config' option
+            instead of 'log_config'.
+    """
+    log_config = config.worker_log_config if use_worker_options else config.log_config
+
+    def read_config(*args, callback=None):
+        if log_config is None:
+            return None
+
+        with open(log_config, "rb") as f:
+            log_config_body = yaml.safe_load(f.read())
+
+        if callback:
+            callback(log_config=log_config_body)
+            logging.info("Reloaded log config from %s due to SIGHUP", log_config)
+
+        return log_config_body
+
+    log_config_body = read_config()
+
+    if log_config_body and log_config_body.get("structured") is True:
+        setup_structured_logging(hs, config, log_config_body)
+        appbase.register_sighup(read_config, callback=reload_structured_logging)
+    else:
+        _setup_stdlib_logging(config, log_config_body)
+        appbase.register_sighup(read_config, callback=_reload_stdlib_logging)
+
+    # make sure that the first thing we log is a thing we can grep backwards
+    # for
+    logging.warn("***** STARTING SERVER *****")
+    logging.warn("Server %s version %s", sys.argv[0], get_version_string(synapse))
+    logging.info("Server hostname: %s", config.server_name)
@@ -17,8 +17,11 @@

 import logging
 import os.path
+import re
+from textwrap import indent

 import attr
+import yaml
 from netaddr import IPSet

 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
@@ -352,7 +355,7 @@ class ServerConfig(Config):
        return any(l["tls"] for l in self.listeners)

    def generate_config_section(
-        self, server_name, data_dir_path, open_private_ports, **kwargs
+        self, server_name, data_dir_path, open_private_ports, listeners, **kwargs
    ):
        _, bind_port = parse_and_validate_server_name(server_name)
        if bind_port is not None:
@@ -366,11 +369,68 @@ class ServerConfig(Config):
        # Bring DEFAULT_ROOM_VERSION into the local-scope for use in the
        # default config string
        default_room_version = DEFAULT_ROOM_VERSION
+        secure_listeners = []
+        unsecure_listeners = []
+        private_addresses = ["::1", "127.0.0.1"]
+        if listeners:
+            for listener in listeners:
+                if listener["tls"]:
+                    secure_listeners.append(listener)
+                else:
+                    # If we don't want open ports we need to bind the listeners
+                    # to some address other than 0.0.0.0. Here we chose to use
+                    # localhost.
+                    # If the addresses are already bound we won't overwrite them
+                    # however.
+                    if not open_private_ports:
+                        listener.setdefault("bind_addresses", private_addresses)

-        unsecure_http_binding = "port: %i\n            tls: false" % (unsecure_port,)
-        if not open_private_ports:
-            unsecure_http_binding += (
-                "\n            bind_addresses: ['::1', '127.0.0.1']"
+                    unsecure_listeners.append(listener)
+
+            secure_http_bindings = indent(
+                yaml.dump(secure_listeners), " " * 10
+            ).lstrip()
+
+            unsecure_http_bindings = indent(
+                yaml.dump(unsecure_listeners), " " * 10
+            ).lstrip()
+
+        if not unsecure_listeners:
+            unsecure_http_bindings = (
+                """- port: %(unsecure_port)s
+            tls: false
+            type: http
+            x_forwarded: true"""
+                % locals()
+            )
+
+            if not open_private_ports:
+                unsecure_http_bindings += (
+                    "\n            bind_addresses: ['::1', '127.0.0.1']"
+                )
+
+            unsecure_http_bindings += """
+
+            resources:
+              - names: [client, federation]
+                compress: false"""
+
+            if listeners:
+                # comment out this block
+                unsecure_http_bindings = "#" + re.sub(
+                    "\n {10}",
+                    lambda match: match.group(0) + "#",
+                    unsecure_http_bindings,
+                )
+
+        if not secure_listeners:
+            secure_http_bindings = (
+                """#- port: %(bind_port)s
+          #  type: http
+          #  tls: true
+          #  resources:
+          #    - names: [client, federation]"""
+                % locals()
            )

        return (
@@ -556,11 +616,7 @@ class ServerConfig(Config):
          # will also need to give Synapse a TLS key and certificate: see the TLS section
          # below.)
          #
-          #- port: %(bind_port)s
-          #  type: http
-          #  tls: true
-          #  resources:
-          #    - names: [client, federation]
+          %(secure_http_bindings)s

          # Unsecure HTTP listener: for when matrix traffic passes through a reverse proxy
          # that unwraps TLS.
@@ -568,13 +624,7 @@ class ServerConfig(Config):
          # If you plan to use a reverse proxy, please see
          # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
          #
-          - %(unsecure_http_binding)s
-            type: http
-            x_forwarded: true
-
-            resources:
-              - names: [client, federation]
-                compress: false
+          %(unsecure_http_bindings)s

            # example additional_resources:
            #
@@ -27,19 +27,16 @@ class StatsConfig(Config):

    def read_config(self, config, **kwargs):
        self.stats_enabled = True
-        self.stats_bucket_size = 86400
+        self.stats_bucket_size = 86400 * 1000
        self.stats_retention = sys.maxsize
        stats_config = config.get("stats", None)
        if stats_config:
            self.stats_enabled = stats_config.get("enabled", self.stats_enabled)
-            self.stats_bucket_size = (
-                self.parse_duration(stats_config.get("bucket_size", "1d")) / 1000
+            self.stats_bucket_size = self.parse_duration(
+                stats_config.get("bucket_size", "1d")
            )
-            self.stats_retention = (
-                self.parse_duration(
-                    stats_config.get("retention", "%ds" % (sys.maxsize,))
-                )
-                / 1000
+            self.stats_retention = self.parse_duration(
+                stats_config.get("retention", "%ds" % (sys.maxsize,))
            )

    def generate_config_section(self, config_dir_path, server_name, **kwargs):
@@ -239,12 +239,38 @@ class TlsConfig(Config):
                self.tls_fingerprints.append({"sha256": sha256_fingerprint})

    def generate_config_section(
-        self, config_dir_path, server_name, data_dir_path, **kwargs
+        self,
+        config_dir_path,
+        server_name,
+        data_dir_path,
+        tls_certificate_path,
+        tls_private_key_path,
+        acme_domain,
+        **kwargs
    ):
+        """If the acme_domain is specified acme will be enabled.
+        If the TLS paths are not specified the default will be certs in the
+        config directory"""
+
        base_key_name = os.path.join(config_dir_path, server_name)

-        tls_certificate_path = base_key_name + ".tls.crt"
-        tls_private_key_path = base_key_name + ".tls.key"
+        if bool(tls_certificate_path) != bool(tls_private_key_path):
+            raise ConfigError(
+                "Please specify both a cert path and a key path or neither."
+            )
+
+        tls_enabled = (
+            "" if tls_certificate_path and tls_private_key_path or acme_domain else "#"
+        )
+
+        if not tls_certificate_path:
+            tls_certificate_path = base_key_name + ".tls.crt"
+        if not tls_private_key_path:
+            tls_private_key_path = base_key_name + ".tls.key"
+
+        acme_enabled = bool(acme_domain)
+        acme_domain = "matrix.example.com"
+
        default_acme_account_file = os.path.join(data_dir_path, "acme_account.key")

        # this is to avoid the max line length. Sorrynotsorry
@@ -269,11 +295,11 @@ class TlsConfig(Config):
        # instance, if using certbot, use `fullchain.pem` as your certificate,
        # not `cert.pem`).
        #
-        #tls_certificate_path: "%(tls_certificate_path)s"
+        %(tls_enabled)stls_certificate_path: "%(tls_certificate_path)s"

        # PEM-encoded private key for TLS
        #
-        #tls_private_key_path: "%(tls_private_key_path)s"
+        %(tls_enabled)stls_private_key_path: "%(tls_private_key_path)s"

        # Whether to verify TLS server certificates for outbound federation requests.
        #
@@ -340,10 +366,10 @@ class TlsConfig(Config):
        #    permission to listen on port 80.
        #
        acme:
-            # ACME support is disabled by default. Uncomment the following line
-            # (and tls_certificate_path and tls_private_key_path above) to enable it.
+            # ACME support is disabled by default. Set this to `true` and uncomment
+            # tls_certificate_path and tls_private_key_path above to enable it.
            #
-            #enabled: true
+            enabled: %(acme_enabled)s

            # Endpoint to use to request certificates. If you only want to test,
            # use Let's Encrypt's staging url:
@@ -354,17 +380,17 @@ class TlsConfig(Config):
            # Port number to listen on for the HTTP-01 challenge. Change this if
            # you are forwarding connections through Apache/Nginx/etc.
            #
-            #port: 80
+            port: 80

            # Local addresses to listen on for incoming connections.
            # Again, you may want to change this if you are forwarding connections
            # through Apache/Nginx/etc.
            #
-            #bind_addresses: ['::', '0.0.0.0']
+            bind_addresses: ['::', '0.0.0.0']

            # How many days remaining on a certificate before it is renewed.
            #
-            #reprovision_threshold: 30
+            reprovision_threshold: 30

            # The domain that the certificate should be for. Normally this
            # should be the same as your Matrix domain (i.e., 'server_name'), but,
@@ -378,7 +404,7 @@ class TlsConfig(Config):
            #
            # If not set, defaults to your 'server_name'.
            #
-            #domain: matrix.example.com
+            domain: %(acme_domain)s

            # file to use for the account key. This will be generated if it doesn't
            # exist.
@@ -83,7 +83,7 @@ def compute_content_hash(event_dict, hash_algorithm):
    event_json_bytes = encode_canonical_json(event_dict)

    hashed = hash_algorithm(event_json_bytes)
-    return (hashed.name, hashed.digest())
+    return hashed.name, hashed.digest()


 def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
@@ -106,7 +106,7 @@ def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
    event_dict.pop("unsigned", None)
    event_json_bytes = encode_canonical_json(event_dict)
    hashed = hash_algorithm(event_json_bytes)
-    return (hashed.name, hashed.digest())
+    return hashed.name, hashed.digest()


 def compute_event_signature(event_dict, signature_name, signing_key):
@@ -637,11 +637,11 @@ def auth_types_for_event(event):
    if event.type == EventTypes.Create:
        return []

-    auth_types = []
-
-    auth_types.append((EventTypes.PowerLevels, ""))
-    auth_types.append((EventTypes.Member, event.sender))
-    auth_types.append((EventTypes.Create, ""))
+    auth_types = [
+        (EventTypes.PowerLevels, ""),
+        (EventTypes.Member, event.sender),
+        (EventTypes.Create, ""),
+    ]

    if event.type == EventTypes.Member:
        membership = event.content["membership"]
@@ -355,7 +355,7 @@ class FederationClient(FederationBase):

            auth_chain.sort(key=lambda e: e.depth)

-            return (pdus, auth_chain)
+            return pdus, auth_chain
        except HttpResponseException as e:
            if e.code == 400 or e.code == 404:
                logger.info("Failed to use get_room_state_ids API, falling back")
@@ -404,7 +404,7 @@ class FederationClient(FederationBase):

        signed_auth.sort(key=lambda e: e.depth)

-        return (signed_pdus, signed_auth)
+        return signed_pdus, signed_auth

    @defer.inlineCallbacks
    def get_events_from_store_or_dest(self, destination, room_id, event_ids):
@@ -429,7 +429,7 @@ class FederationClient(FederationBase):
            missing_events.discard(k)

        if not missing_events:
-            return (signed_events, failed_to_fetch)
+            return signed_events, failed_to_fetch

        logger.debug(
            "Fetching unknown state/auth events %s for room %s",
@@ -465,7 +465,7 @@ class FederationClient(FederationBase):
            # We removed all events we successfully fetched from `batch`
            failed_to_fetch.update(batch)

-        return (signed_events, failed_to_fetch)
+        return signed_events, failed_to_fetch

    @defer.inlineCallbacks
    @log_function
@@ -100,7 +100,7 @@ class FederationServer(FederationBase):

            res = self._transaction_from_pdus(pdus).get_dict()

-        return (200, res)
+        return 200, res

    @defer.inlineCallbacks
    @log_function
@@ -163,7 +163,7 @@ class FederationServer(FederationBase):
            yield self.transaction_actions.set_response(
                origin, transaction, 400, response
            )
-            return (400, response)
+            return 400, response

        received_pdus_counter.inc(len(transaction.pdus))

@@ -265,7 +265,7 @@ class FederationServer(FederationBase):
        logger.debug("Returning: %s", str(response))

        yield self.transaction_actions.set_response(origin, transaction, 200, response)
-        return (200, response)
+        return 200, response

    @defer.inlineCallbacks
    def received_edu(self, origin, edu_type, content):
@@ -298,7 +298,7 @@ class FederationServer(FederationBase):
                event_id,
            )

-        return (200, resp)
+        return 200, resp

    @defer.inlineCallbacks
    def on_state_ids_request(self, origin, room_id, event_id):
@@ -315,7 +315,7 @@ class FederationServer(FederationBase):
        state_ids = yield self.handler.get_state_ids_for_pdu(room_id, event_id)
        auth_chain_ids = yield self.store.get_auth_chain_ids(state_ids)

-        return (200, {"pdu_ids": state_ids, "auth_chain_ids": auth_chain_ids})
+        return 200, {"pdu_ids": state_ids, "auth_chain_ids": auth_chain_ids}

    @defer.inlineCallbacks
    def _on_context_state_request_compute(self, room_id, event_id):
@@ -345,15 +345,15 @@ class FederationServer(FederationBase):
        pdu = yield self.handler.get_persisted_pdu(origin, event_id)

        if pdu:
-            return (200, self._transaction_from_pdus([pdu]).get_dict())
+            return 200, self._transaction_from_pdus([pdu]).get_dict()
        else:
-            return (404, "")
+            return 404, ""

    @defer.inlineCallbacks
    def on_query_request(self, query_type, args):
        received_queries_counter.labels(query_type).inc()
        resp = yield self.registry.on_query(query_type, args)
-        return (200, resp)
+        return 200, resp

    @defer.inlineCallbacks
    def on_make_join_request(self, origin, room_id, user_id, supported_versions):
@@ -435,7 +435,7 @@ class FederationServer(FederationBase):

        logger.debug("on_send_leave_request: pdu sigs: %s", pdu.signatures)
        yield self.handler.on_send_leave_request(origin, pdu)
-        return (200, {})
+        return 200, {}

    @defer.inlineCallbacks
    def on_event_auth(self, origin, room_id, event_id):
@@ -446,7 +446,7 @@ class FederationServer(FederationBase):
            time_now = self._clock.time_msec()
            auth_pdus = yield self.handler.on_event_auth(event_id)
            res = {"auth_chain": [a.get_pdu_json(time_now) for a in auth_pdus]}
-        return (200, res)
+        return 200, res

    @defer.inlineCallbacks
    def on_query_auth_request(self, origin, content, room_id, event_id):
@@ -499,7 +499,7 @@ class FederationServer(FederationBase):
                "missing": ret.get("missing", []),
            }

-        return (200, send_content)
+        return 200, send_content

    @log_function
    def on_query_client_keys(self, origin, content):
@@ -26,6 +26,7 @@ from synapse.logging.opentracing import (
    set_tag,
    start_active_span_follows_from,
    tags,
+    whitelisted_homeserver,
 )
 from synapse.util.metrics import measure_func

@@ -59,9 +60,15 @@ class TransactionManager(object):
        # The span_contexts is a generator so that it won't be evaluated if
        # opentracing is disabled. (Yay speed!)

-        span_contexts = (
-            extract_text_map(json.loads(edu.get_context())) for edu in pending_edus
-        )
+        span_contexts = []
+        keep_destination = whitelisted_homeserver(destination)
+
+        for edu in pending_edus:
+            context = edu.get_context()
+            if context:
+                span_contexts.append(extract_text_map(json.loads(context)))
+            if keep_destination:
+                edu.strip_context()

        with start_active_span_follows_from("send_transaction", span_contexts):

@@ -327,21 +327,37 @@ class TransportLayerClient(object):
        include_all_networks=False,
        third_party_instance_id=None,
    ):
-        path = _create_v1_path("/publicRooms")
+        if search_filter:
+            # this uses MSC2197 (Search Filtering over Federation)
+            path = _create_v1_path("/publicRooms")

-        args = {"include_all_networks": "true" if include_all_networks else "false"}
-        if third_party_instance_id:
-            args["third_party_instance_id"] = (third_party_instance_id,)
-        if limit:
-            args["limit"] = [str(limit)]
-        if since_token:
-            args["since"] = [since_token]
+            data = {"include_all_networks": "true" if include_all_networks else "false"}
+            if third_party_instance_id:
+                data["third_party_instance_id"] = third_party_instance_id
+            if limit:
+                data["limit"] = str(limit)
+            if since_token:
+                data["since"] = since_token

-        # TODO(erikj): Actually send the search_filter across federation.
+            data["filter"] = search_filter

-        response = yield self.client.get_json(
-            destination=remote_server, path=path, args=args, ignore_backoff=True
-        )
+            response = yield self.client.post_json(
+                destination=remote_server, path=path, data=data, ignore_backoff=True
+            )
+        else:
+            path = _create_v1_path("/publicRooms")
+
+            args = {"include_all_networks": "true" if include_all_networks else "false"}
+            if third_party_instance_id:
+                args["third_party_instance_id"] = (third_party_instance_id,)
+            if limit:
+                args["limit"] = [str(limit)]
+            if since_token:
+                args["since"] = [since_token]
+
+            response = yield self.client.get_json(
+                destination=remote_server, path=path, args=args, ignore_backoff=True
+            )

        return response

@@ -342,7 +342,11 @@ class BaseFederationServlet(object):
                continue

            server.register_paths(
-                method, (pattern,), self._wrap(code), self.__class__.__name__
+                method,
+                (pattern,),
+                self._wrap(code),
+                self.__class__.__name__,
+                trace=False,
            )


@@ -770,6 +774,42 @@ class PublicRoomList(BaseFederationServlet):
        )
        return 200, data

+    async def on_POST(self, origin, content, query):
+        # This implements MSC2197 (Search Filtering over Federation)
+        if not self.allow_access:
+            raise FederationDeniedError(origin)
+
+        limit = int(content.get("limit", 100))
+        since_token = content.get("since", None)
+        search_filter = content.get("filter", None)
+
+        include_all_networks = content.get("include_all_networks", False)
+        third_party_instance_id = content.get("third_party_instance_id", None)
+
+        if include_all_networks:
+            network_tuple = None
+            if third_party_instance_id is not None:
+                raise SynapseError(
+                    400, "Can't use include_all_networks with an explicit network"
+                )
+        elif third_party_instance_id is None:
+            network_tuple = ThirdPartyInstanceID(None, None)
+        else:
+            network_tuple = ThirdPartyInstanceID.from_string(third_party_instance_id)
+
+        if search_filter is None:
+            logger.warning("Nonefilter")
+
+        data = await self.handler.get_local_public_room_list(
+            limit=limit,
+            since_token=since_token,
+            search_filter=search_filter,
+            network_tuple=network_tuple,
+            from_federation=True,
+        )
+
+        return 200, data
+

 class FederationVersionServlet(BaseFederationServlet):
    PATH = "/version"
@@ -41,6 +41,9 @@ class Edu(JsonEncodedObject):
    def get_context(self):
        return getattr(self, "content", {}).get("org.matrix.opentracing_context", "{}")

+    def strip_context(self):
+        getattr(self, "content", {})["org.matrix.opentracing_context"] = "{}"
+

 class Transaction(JsonEncodedObject):
    """ A transaction is a list of Pdus and Edus to be sent to a remote home
@@ -51,8 +51,8 @@ class AccountDataEventSource(object):
                    {"type": account_data_type, "content": content, "room_id": room_id}
                )

-        return (results, current_stream_id)
+        return results, current_stream_id

    @defer.inlineCallbacks
    def get_pagination_rows(self, user, config, key):
-        return ([], config.to_id)
+        return [], config.to_id
@@ -94,6 +94,15 @@ class AdminHandler(BaseHandler):

        return ret

+    def get_user_server_admin(self, user):
+        """
+        Get the admin bit on a user.
+
+        Args:
+            user_id (UserID): the (necessarily local) user to manipulate
+        """
+        return self.store.is_server_admin(user)
+
    def set_user_server_admin(self, user, admin):
        """
        Set the admin bit on a user.
@@ -294,12 +294,10 @@ class ApplicationServicesHandler(object):
            # we don't know if they are unknown or not since it isn't one of our
            # users. We can't poke ASes.
            return False
-            return

        user_info = yield self.store.get_user_by_id(user_id)
        if user_info:
            return False
-            return

        # user not found; could be the AS though, so check.
        services = self.store.get_app_services()
@@ -280,7 +280,7 @@ class AuthHandler(BaseHandler):
                    creds,
                    list(clientdict),
                )
-                return (creds, clientdict, session["id"])
+                return creds, clientdict, session["id"]

        ret = self._auth_dict_for_flows(flows, session)
        ret["completed"] = list(creds)
@@ -722,7 +722,7 @@ class AuthHandler(BaseHandler):
                known_login_type = True
                is_valid = yield provider.check_password(qualified_user_id, password)
                if is_valid:
-                    return (qualified_user_id, None)
+                    return qualified_user_id, None

            if not hasattr(provider, "get_supported_login_types") or not hasattr(
                provider, "check_auth"
@@ -766,7 +766,7 @@ class AuthHandler(BaseHandler):
            )

            if canonical_user_id:
-                return (canonical_user_id, None)
+                return canonical_user_id, None

        if not known_login_type:
            raise SynapseError(400, "Unknown login type %s" % login_type)
@@ -816,7 +816,7 @@ class AuthHandler(BaseHandler):
                        result = (result, None)
                    return result

-        return (None, None)
+        return None, None

    @defer.inlineCallbacks
    def _check_local_password(self, user_id, password):
@@ -25,6 +25,7 @@ from synapse.api.errors import (
    HttpResponseException,
    RequestSendFailed,
 )
+from synapse.logging.opentracing import log_kv, set_tag, trace
 from synapse.types import RoomStreamToken, get_domain_from_id
 from synapse.util import stringutils
 from synapse.util.async_helpers import Linearizer
@@ -45,6 +46,7 @@ class DeviceWorkerHandler(BaseHandler):
        self.state = hs.get_state_handler()
        self._auth_handler = hs.get_auth_handler()

+    @trace
    @defer.inlineCallbacks
    def get_devices_by_user(self, user_id):
        """
@@ -56,6 +58,7 @@ class DeviceWorkerHandler(BaseHandler):
            defer.Deferred: list[dict[str, X]]: info on each device
        """

+        set_tag("user_id", user_id)
        device_map = yield self.store.get_devices_by_user(user_id)

        ips = yield self.store.get_last_client_ip_by_device(user_id, device_id=None)
@@ -64,8 +67,10 @@ class DeviceWorkerHandler(BaseHandler):
        for device in devices:
            _update_device_from_client_ips(device, ips)

+        log_kv(device_map)
        return devices

+    @trace
    @defer.inlineCallbacks
    def get_device(self, user_id, device_id):
        """ Retrieve the given device
@@ -85,9 +90,14 @@ class DeviceWorkerHandler(BaseHandler):
            raise errors.NotFoundError
        ips = yield self.store.get_last_client_ip_by_device(user_id, device_id)
        _update_device_from_client_ips(device, ips)
+
+        set_tag("device", device)
+        set_tag("ips", ips)
+
        return device

    @measure_func("device.get_user_ids_changed")
+    @trace
    @defer.inlineCallbacks
    def get_user_ids_changed(self, user_id, from_token):
        """Get list of users that have had the devices updated, or have newly
@@ -97,6 +107,9 @@ class DeviceWorkerHandler(BaseHandler):
            user_id (str)
            from_token (StreamToken)
        """
+
+        set_tag("user_id", user_id)
+        set_tag("from_token", from_token)
        now_room_key = yield self.store.get_room_events_max_id()

        room_ids = yield self.store.get_rooms_for_user(user_id)
@@ -148,6 +161,9 @@ class DeviceWorkerHandler(BaseHandler):
            # special-case for an empty prev state: include all members
            # in the changed list
            if not event_ids:
+                log_kv(
+                    {"event": "encountered empty previous state", "room_id": room_id}
+                )
                for key, event_id in iteritems(current_state_ids):
                    etype, state_key = key
                    if etype != EventTypes.Member:
@@ -200,7 +216,11 @@ class DeviceWorkerHandler(BaseHandler):
            possibly_joined = []
            possibly_left = []

-        return {"changed": list(possibly_joined), "left": list(possibly_left)}
+        result = {"changed": list(possibly_joined), "left": list(possibly_left)}
+
+        log_kv(result)
+
+        return result


 class DeviceHandler(DeviceWorkerHandler):
@@ -267,6 +287,7 @@ class DeviceHandler(DeviceWorkerHandler):

        raise errors.StoreError(500, "Couldn't generate a device ID.")

+    @trace
    @defer.inlineCallbacks
    def delete_device(self, user_id, device_id):
        """ Delete the given device
@@ -284,6 +305,10 @@ class DeviceHandler(DeviceWorkerHandler):
        except errors.StoreError as e:
            if e.code == 404:
                # no match
+                set_tag("error", True)
+                log_kv(
+                    {"reason": "User doesn't have device id.", "device_id": device_id}
+                )
                pass
            else:
                raise
@@ -296,6 +321,7 @@ class DeviceHandler(DeviceWorkerHandler):

        yield self.notify_device_update(user_id, [device_id])

+    @trace
    @defer.inlineCallbacks
    def delete_all_devices_for_user(self, user_id, except_device_id=None):
        """Delete all of the user's devices
@@ -331,6 +357,8 @@ class DeviceHandler(DeviceWorkerHandler):
        except errors.StoreError as e:
            if e.code == 404:
                # no match
+                set_tag("error", True)
+                set_tag("reason", "User doesn't have that device id.")
                pass
            else:
                raise
@@ -371,6 +399,7 @@ class DeviceHandler(DeviceWorkerHandler):
            else:
                raise

+    @trace
    @measure_func("notify_device_update")
    @defer.inlineCallbacks
    def notify_device_update(self, user_id, device_ids):
@@ -386,6 +415,8 @@ class DeviceHandler(DeviceWorkerHandler):
            hosts.update(get_domain_from_id(u) for u in users_who_share_room)
            hosts.discard(self.server_name)

+        set_tag("target_hosts", hosts)
+
        position = yield self.store.add_device_change_to_streams(
            user_id, device_ids, list(hosts)
        )
@@ -405,6 +436,7 @@ class DeviceHandler(DeviceWorkerHandler):
            )
            for host in hosts:
                self.federation_sender.send_device_messages(host)
+                log_kv({"message": "sent device update to host", "host": host})

    @defer.inlineCallbacks
    def on_federation_query_user_devices(self, user_id):
@@ -451,12 +483,15 @@ class DeviceListUpdater(object):
            iterable=True,
        )

+    @trace
    @defer.inlineCallbacks
    def incoming_device_list_update(self, origin, edu_content):
        """Called on incoming device list update from federation. Responsible
        for parsing the EDU and adding to pending updates list.
        """

+        set_tag("origin", origin)
+        set_tag("edu_content", edu_content)
        user_id = edu_content.pop("user_id")
        device_id = edu_content.pop("device_id")
        stream_id = str(edu_content.pop("stream_id"))  # They may come as ints
@@ -471,12 +506,30 @@ class DeviceListUpdater(object):
                device_id,
                origin,
            )
+
+            set_tag("error", True)
+            log_kv(
+                {
+                    "message": "Got a device list update edu from a user and "
+                    "device which does not match the origin of the request.",
+                    "user_id": user_id,
+                    "device_id": device_id,
+                }
+            )
            return

        room_ids = yield self.store.get_rooms_for_user(user_id)
        if not room_ids:
            # We don't share any rooms with this user. Ignore update, as we
            # probably won't get any further updates.
+            set_tag("error", True)
+            log_kv(
+                {
+                    "message": "Got an update from a user for which "
+                    "we don't share any rooms",
+                    "other user_id": user_id,
+                }
+            )
            logger.warning(
                "Got device list update edu for %r/%r, but don't share a room",
                user_id,
@@ -578,6 +631,7 @@ class DeviceListUpdater(object):
            request:
            https://matrix.org/docs/spec/server_server/r0.1.2#get-matrix-federation-v1-user-devices-userid
        """
+        log_kv({"message": "Doing resync to update device list."})
        # Fetch all devices for the user.
        origin = get_domain_from_id(user_id)
        try:
@@ -594,13 +648,20 @@ class DeviceListUpdater(object):
            # eventually become consistent.
            return
        except FederationDeniedError as e:
+            set_tag("error", True)
+            log_kv({"reason": "FederationDeniedError"})
            logger.info(e)
            return
-        except Exception:
+        except Exception as e:
            # TODO: Remember that we are now out of sync and try again
            # later
+            set_tag("error", True)
+            log_kv(
+                {"message": "Exception raised by federation request", "exception": e}
+            )
            logger.exception("Failed to handle device list update for %s", user_id)
            return
+        log_kv({"result": result})
        stream_id = result["stream_id"]
        devices = result["devices"]

@@ -22,9 +22,9 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError
 from synapse.logging.opentracing import (
    get_active_span_text_map,
+    log_kv,
    set_tag,
    start_active_span,
-    whitelisted_homeserver,
 )
 from synapse.types import UserID, get_domain_from_id
 from synapse.util.stringutils import random_string
@@ -86,7 +86,8 @@ class DeviceMessageHandler(object):

    @defer.inlineCallbacks
    def send_device_message(self, sender_user_id, message_type, messages):
-
+        set_tag("number_of_messages", len(messages))
+        set_tag("sender", sender_user_id)
        local_messages = {}
        remote_messages = {}
        for user_id, by_device in messages.items():
@@ -119,11 +120,10 @@ class DeviceMessageHandler(object):
                    "sender": sender_user_id,
                    "type": message_type,
                    "message_id": message_id,
-                    "org.matrix.opentracing_context": json.dumps(context)
-                    if whitelisted_homeserver(destination)
-                    else None,
+                    "org.matrix.opentracing_context": json.dumps(context),
                }

+        log_kv({"local_messages": local_messages})
        stream_id = yield self.store.add_messages_to_device_inbox(
            local_messages, remote_edu_contents
        )
@@ -132,6 +132,7 @@ class DeviceMessageHandler(object):
            "to_device_key", stream_id, users=local_messages.keys()
        )

+        log_kv({"remote_messages": remote_messages})
        for destination in remote_messages.keys():
            # Enqueue a new federation transaction to send the new
            # device messages to each remote destination.
@@ -167,7 +167,6 @@ class EventHandler(BaseHandler):

        if not event:
            return None
-            return

        users = yield self.store.get_users_in_room(event.room_id)
        is_peeking = user.to_string() not in users
@@ -326,8 +326,9 @@ class FederationHandler(BaseHandler):
                    ours = yield self.store.get_state_groups_ids(room_id, seen)

                    # state_maps is a list of mappings from (type, state_key) to event_id
-                    # type: list[dict[tuple[str, str], str]]
-                    state_maps = list(ours.values())
+                    state_maps = list(
+                        ours.values()
+                    )  # type: list[dict[tuple[str, str], str]]

                    # we don't need this any more, let's delete it.
                    del ours
@@ -1427,7 +1428,7 @@ class FederationHandler(BaseHandler):
        assert event.user_id == user_id
        assert event.state_key == user_id
        assert event.room_id == room_id
-        return (origin, event, format_ver)
+        return origin, event, format_ver

    @defer.inlineCallbacks
    @log_function
@@ -61,21 +61,76 @@ class IdentityHandler(BaseHandler):
                return False
        return True

-    @defer.inlineCallbacks
-    def threepid_from_creds(self, creds):
-        if "id_server" in creds:
-            id_server = creds["id_server"]
-        elif "idServer" in creds:
-            id_server = creds["idServer"]
-        else:
-            raise SynapseError(400, "No id_server in creds")
+    def _extract_items_from_creds_dict(self, creds):
+        """
+        Retrieve entries from a "credentials" dictionary

-        if "client_secret" in creds:
-            client_secret = creds["client_secret"]
-        elif "clientSecret" in creds:
-            client_secret = creds["clientSecret"]
+        Args:
+            creds (dict[str, str]): Dictionary of credentials that contain the following keys:
+                * client_secret|clientSecret: A unique secret str provided by the client
+                * id_server|idServer: the domain of the identity server to query
+                * id_access_token: The access token to authenticate to the identity
+                    server with.
+
+        Returns:
+            tuple(str, str, str|None): A tuple containing the client_secret, the id_server,
+                and the id_access_token value if available.
+        """
+        client_secret = creds.get("client_secret") or creds.get("clientSecret")
+        if not client_secret:
+            raise SynapseError(
+                400, "No client_secret in creds", errcode=Codes.MISSING_PARAM
+            )
+
+        id_server = creds.get("id_server") or creds.get("idServer")
+        if not id_server:
+            raise SynapseError(
+                400, "No id_server in creds", errcode=Codes.MISSING_PARAM
+            )
+
+        id_access_token = creds.get("id_access_token")
+        return client_secret, id_server, id_access_token
+
+    @defer.inlineCallbacks
+    def threepid_from_creds(self, creds, use_v2=True):
+        """
+        Retrieve and validate a threepid identitier from a "credentials" dictionary
+
+        Args:
+            creds (dict[str, str]): Dictionary of credentials that contain the following keys:
+                * client_secret|clientSecret: A unique secret str provided by the client
+                * id_server|idServer: the domain of the identity server to query
+                * id_access_token: The access token to authenticate to the identity
+                    server with. Required if use_v2 is true
+            use_v2 (bool): Whether to use v2 Identity Service API endpoints
+
+        Returns:
+            Deferred[dict[str,str|int]|None]: A dictionary consisting of response params to
+                the /getValidated3pid endpoint of the Identity Service API, or None if the
+                threepid was not found
+        """
+        client_secret, id_server, id_access_token = self._extract_items_from_creds_dict(
+            creds
+        )
+
+        # If an id_access_token is not supplied, force usage of v1
+        if id_access_token is None:
+            use_v2 = False
+
+        query_params = {"sid": creds["sid"], "client_secret": client_secret}
+
+        # Decide which API endpoint URLs and query parameters to use
+        if use_v2:
+            url = "https://%s%s" % (
+                id_server,
+                "/_matrix/identity/v2/3pid/getValidated3pid",
+            )
+            query_params["id_access_token"] = id_access_token
        else:
-            raise SynapseError(400, "No client_secret in creds")
+            url = "https://%s%s" % (
+                id_server,
+                "/_matrix/identity/api/v1/3pid/getValidated3pid",
+            )

        if not self._should_trust_id_server(id_server):
            logger.warn(
@@ -85,43 +140,55 @@ class IdentityHandler(BaseHandler):
            return None

        try:
-            data = yield self.http_client.get_json(
-                "https://%s%s"
-                % (id_server, "/_matrix/identity/api/v1/3pid/getValidated3pid"),
-                {"sid": creds["sid"], "client_secret": client_secret},
-            )
+            data = yield self.http_client.get_json(url, query_params)
+            return data if "medium" in data else None
        except HttpResponseException as e:
-            logger.info("getValidated3pid failed with Matrix error: %r", e)
-            raise e.to_synapse_error()
+            if e.code != 404 or not use_v2:
+                # Generic failure
+                logger.info("getValidated3pid failed with Matrix error: %r", e)
+                raise e.to_synapse_error()

-        if "medium" in data:
-            return data
-        return None
+        # This identity server is too old to understand Identity Service API v2
+        # Attempt v1 endpoint
+        logger.info("Got 404 when POSTing JSON %s, falling back to v1 URL", url)
+        return (yield self.threepid_from_creds(creds, use_v2=False))

    @defer.inlineCallbacks
-    def bind_threepid(self, creds, mxid):
+    def bind_threepid(self, creds, mxid, use_v2=True):
+        """Bind a 3PID to an identity server
+
+        Args:
+            creds (dict[str, str]): Dictionary of credentials that contain the following keys:
+                * client_secret|clientSecret: A unique secret str provided by the client
+                * id_server|idServer: the domain of the identity server to query
+                * id_access_token: The access token to authenticate to the identity
+                    server with. Required if use_v2 is true
+            mxid (str): The MXID to bind the 3PID to
+            use_v2 (bool): Whether to use v2 Identity Service API endpoints
+
+        Returns:
+            Deferred[dict]: The response from the identity server
+        """
        logger.debug("binding threepid %r to %s", creds, mxid)
-        data = None

-        if "id_server" in creds:
-            id_server = creds["id_server"]
-        elif "idServer" in creds:
-            id_server = creds["idServer"]
-        else:
-            raise SynapseError(400, "No id_server in creds")
+        client_secret, id_server, id_access_token = self._extract_items_from_creds_dict(
+            creds
+        )

-        if "client_secret" in creds:
-            client_secret = creds["client_secret"]
-        elif "clientSecret" in creds:
-            client_secret = creds["clientSecret"]
+        # If an id_access_token is not supplied, force usage of v1
+        if id_access_token is None:
+            use_v2 = False
+
+        # Decide which API endpoint URLs to use
+        bind_data = {"sid": creds["sid"], "client_secret": client_secret, "mxid": mxid}
+        if use_v2:
+            bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,)
+            bind_data["id_access_token"] = id_access_token
        else:
-            raise SynapseError(400, "No client_secret in creds")
+            bind_url = "https://%s/_matrix/identity/api/v1/3pid/bind" % (id_server,)

        try:
-            data = yield self.http_client.post_json_get_json(
-                "https://%s%s" % (id_server, "/_matrix/identity/api/v1/3pid/bind"),
-                {"sid": creds["sid"], "client_secret": client_secret, "mxid": mxid},
-            )
+            data = yield self.http_client.post_json_get_json(bind_url, bind_data)
            logger.debug("bound threepid %r to %s", creds, mxid)

            # Remember where we bound the threepid
@@ -131,13 +198,23 @@ class IdentityHandler(BaseHandler):
                address=data["address"],
                id_server=id_server,
            )
+
+            return data
+        except HttpResponseException as e:
+            if e.code != 404 or not use_v2:
+                logger.error("3PID bind failed with Matrix error: %r", e)
+                raise e.to_synapse_error()
        except CodeMessageException as e:
            data = json.loads(e.msg)  # XXX WAT?
-        return data
+            return data
+
+        logger.info("Got 404 when POSTing JSON %s, falling back to v1 URL", bind_url)
+        return (yield self.bind_threepid(creds, mxid, use_v2=False))

    @defer.inlineCallbacks
    def try_unbind_threepid(self, mxid, threepid):
-        """Removes a binding from an identity server
+        """Attempt to remove a 3PID from an identity server, or if one is not provided, all
+        identity servers we're aware the binding is present on

        Args:
            mxid (str): Matrix user ID of binding to be removed
@@ -188,6 +265,8 @@ class IdentityHandler(BaseHandler):
            server doesn't support unbinding
        """
        url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
+        url_bytes = "/_matrix/identity/api/v1/3pid/unbind".encode("ascii")
+
        content = {
            "mxid": mxid,
            "threepid": {"medium": threepid["medium"], "address": threepid["address"]},
@@ -199,7 +278,7 @@ class IdentityHandler(BaseHandler):
        auth_headers = self.federation_http_client.build_auth_headers(
            destination=None,
            method="POST",
-            url_bytes="/_matrix/identity/api/v1/3pid/unbind".encode("ascii"),
+            url_bytes=url_bytes,
            content=content,
            destination_is=id_server,
        )
@@ -449,8 +449,7 @@ class InitialSyncHandler(BaseHandler):
            #  * The user is a guest user, and has joined the room
            # else it will throw.
            member_event = yield self.auth.check_user_was_in_room(room_id, user_id)
-            return (member_event.membership, member_event.event_id)
-            return
+            return member_event.membership, member_event.event_id
        except AuthError:
            visibility = yield self.state_handler.get_current_state(
                room_id, EventTypes.RoomHistoryVisibility, ""
@@ -459,8 +458,7 @@ class InitialSyncHandler(BaseHandler):
                visibility
                and visibility.content["history_visibility"] == "world_readable"
            ):
-                return (Membership.JOIN, None)
-                return
+                return Membership.JOIN, None
            raise AuthError(
                403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
            )
@@ -24,7 +24,7 @@ from twisted.internet import defer
 from twisted.internet.defer import succeed

 from synapse import event_auth
-from synapse.api.constants import EventTypes, Membership, RelationTypes
+from synapse.api.constants import EventTypes, Membership, RelationTypes, UserTypes
 from synapse.api.errors import (
    AuthError,
    Codes,
@@ -469,6 +469,9 @@ class EventCreationHandler(object):

        u = yield self.store.get_user_by_id(user_id)
        assert u is not None
+        if u["user_type"] in (UserTypes.SUPPORT, UserTypes.BOT):
+            # support and bot users are not required to consent
+            return
        if u["appservice_id"] is not None:
            # users registered by an appservice are exempt
            return
@@ -255,7 +255,7 @@ class PresenceHandler(object):
        self.unpersisted_users_changes = set()

        if unpersisted:
-            logger.info("Persisting %d upersisted presence updates", len(unpersisted))
+            logger.info("Persisting %d unpersisted presence updates", len(unpersisted))
            yield self.store.update_presence(
                [self.user_to_current_state[user_id] for user_id in unpersisted]
            )
@@ -1032,7 +1032,7 @@ class PresenceEventSource(object):
                #
                # Hence this guard where we just return nothing so that the sync
                # doesn't return. C.f. #5503.
-                return ([], max_token)
+                return [], max_token

            presence = self.get_presence_handler()
            stream_change_cache = self.store.presence_stream_cache
@@ -1279,7 +1279,7 @@ def get_interested_parties(store, states):
        # Always notify self
        users_to_states.setdefault(state.user_id, []).append(state)

-    return (room_ids_to_states, users_to_states)
+    return room_ids_to_states, users_to_states


@defer.inlineCallbacks
@@ -148,7 +148,7 @@ class ReceiptEventSource(object):
        to_key = yield self.get_current_key()

        if from_key == to_key:
-            return ([], to_key)
+            return [], to_key

        events = yield self.store.get_linearized_receipts_for_rooms(
            room_ids, from_key=from_key, to_key=to_key
@@ -24,13 +24,11 @@ from synapse.api.errors import (
    AuthError,
    Codes,
    ConsentNotGivenError,
-    InvalidCaptchaError,
    LimitExceededError,
    RegistrationError,
    SynapseError,
 )
 from synapse.config.server import is_threepid_reserved
-from synapse.http.client import CaptchaServerHttpClient
 from synapse.http.servlet import assert_params_in_dict
 from synapse.replication.http.login import RegisterDeviceReplicationServlet
 from synapse.replication.http.register import (
@@ -39,7 +37,6 @@ from synapse.replication.http.register import (
 )
 from synapse.types import RoomAlias, RoomID, UserID, create_requester
 from synapse.util.async_helpers import Linearizer
-from synapse.util.threepids import check_3pid_allowed

 from ._base import BaseHandler

@@ -59,7 +56,6 @@ class RegistrationHandler(BaseHandler):
        self._auth_handler = hs.get_auth_handler()
        self.profile_handler = hs.get_profile_handler()
        self.user_directory_handler = hs.get_user_directory_handler()
-        self.captcha_client = CaptchaServerHttpClient(hs)
        self.identity_handler = self.hs.get_handlers().identity_handler
        self.ratelimiter = hs.get_registration_ratelimiter()

@@ -362,70 +358,6 @@ class RegistrationHandler(BaseHandler):
        )
        return user_id

-    @defer.inlineCallbacks
-    def check_recaptcha(self, ip, private_key, challenge, response):
-        """
-        Checks a recaptcha is correct.
-
-        Used only by c/s api v1
-        """
-
-        captcha_response = yield self._validate_captcha(
-            ip, private_key, challenge, response
-        )
-        if not captcha_response["valid"]:
-            logger.info(
-                "Invalid captcha entered from %s. Error: %s",
-                ip,
-                captcha_response["error_url"],
-            )
-            raise InvalidCaptchaError(error_url=captcha_response["error_url"])
-        else:
-            logger.info("Valid captcha entered from %s", ip)
-
-    @defer.inlineCallbacks
-    def register_email(self, threepidCreds):
-        """
-        Registers emails with an identity server.
-
-        Used only by c/s api v1
-        """
-
-        for c in threepidCreds:
-            logger.info(
-                "validating threepidcred sid %s on id server %s",
-                c["sid"],
-                c["idServer"],
-            )
-            try:
-                threepid = yield self.identity_handler.threepid_from_creds(c)
-            except Exception:
-                logger.exception("Couldn't validate 3pid")
-                raise RegistrationError(400, "Couldn't validate 3pid")
-
-            if not threepid:
-                raise RegistrationError(400, "Couldn't validate 3pid")
-            logger.info(
-                "got threepid with medium '%s' and address '%s'",
-                threepid["medium"],
-                threepid["address"],
-            )
-
-            if not check_3pid_allowed(self.hs, threepid["medium"], threepid["address"]):
-                raise RegistrationError(403, "Third party identifier is not allowed")
-
-    @defer.inlineCallbacks
-    def bind_emails(self, user_id, threepidCreds):
-        """Links emails with a user ID and informs an identity server.
-
-        Used only by c/s api v1
-        """
-
-        # Now we have a matrix ID, bind it to the threepids we were given
-        for c in threepidCreds:
-            # XXX: This should be a deferred list, shouldn't it?
-            yield self.identity_handler.bind_threepid(c, user_id)
-
    def check_user_id_not_appservice_exclusive(self, user_id, allowed_appservice=None):
        # don't allow people to register the server notices mxid
        if self._server_notices_mxid is not None:
@@ -463,45 +395,8 @@ class RegistrationHandler(BaseHandler):
        self._next_generated_user_id += 1
        return str(id)

-    @defer.inlineCallbacks
-    def _validate_captcha(self, ip_addr, private_key, challenge, response):
-        """Validates the captcha provided.
-
-        Used only by c/s api v1
-
-        Returns:
-            dict: Containing 'valid'(bool) and 'error_url'(str) if invalid.
-
-        """
-        response = yield self._submit_captcha(ip_addr, private_key, challenge, response)
-        # parse Google's response. Lovely format..
-        lines = response.split("\n")
-        json = {
-            "valid": lines[0] == "true",
-            "error_url": "http://www.recaptcha.net/recaptcha/api/challenge?"
-            + "error=%s" % lines[1],
-        }
-        return json
-
-    @defer.inlineCallbacks
-    def _submit_captcha(self, ip_addr, private_key, challenge, response):
-        """
-        Used only by c/s api v1
-        """
-        data = yield self.captcha_client.post_urlencoded_get_raw(
-            "http://www.recaptcha.net:80/recaptcha/api/verify",
-            args={
-                "privatekey": private_key,
-                "remoteip": ip_addr,
-                "challenge": challenge,
-                "response": response,
-            },
-        )
-        return data
-
    @defer.inlineCallbacks
    def _join_user_to_room(self, requester, room_identifier):
-        room_id = None
        room_member_handler = self.hs.get_room_member_handler()
        if RoomID.is_valid(room_identifier):
            room_id = room_identifier
@@ -622,7 +517,7 @@ class RegistrationHandler(BaseHandler):
                initial_display_name=initial_display_name,
                is_guest=is_guest,
            )
-            return (r["device_id"], r["access_token"])
+            return r["device_id"], r["access_token"]

        valid_until_ms = None
        if self.session_lifetime is not None:
@@ -648,9 +543,7 @@ class RegistrationHandler(BaseHandler):
        return (device_id, access_token)

    @defer.inlineCallbacks
-    def post_registration_actions(
-        self, user_id, auth_result, access_token, bind_email, bind_msisdn
-    ):
+    def post_registration_actions(self, user_id, auth_result, access_token):
        """A user has completed registration

        Args:
@@ -659,18 +552,10 @@ class RegistrationHandler(BaseHandler):
                registered user.
            access_token (str|None): The access token of the newly logged in
                device, or None if `inhibit_login` enabled.
-            bind_email (bool): Whether to bind the email with the identity
-                server.
-            bind_msisdn (bool): Whether to bind the msisdn with the identity
-                server.
        """
        if self.hs.config.worker_app:
            yield self._post_registration_client(
-                user_id=user_id,
-                auth_result=auth_result,
-                access_token=access_token,
-                bind_email=bind_email,
-                bind_msisdn=bind_msisdn,
+                user_id=user_id, auth_result=auth_result, access_token=access_token
            )
            return

@@ -683,13 +568,11 @@ class RegistrationHandler(BaseHandler):
            ):
                yield self.store.upsert_monthly_active_user(user_id)

-            yield self._register_email_threepid(
-                user_id, threepid, access_token, bind_email
-            )
+            yield self._register_email_threepid(user_id, threepid, access_token)

        if auth_result and LoginType.MSISDN in auth_result:
            threepid = auth_result[LoginType.MSISDN]
-            yield self._register_msisdn_threepid(user_id, threepid, bind_msisdn)
+            yield self._register_msisdn_threepid(user_id, threepid)

        if auth_result and LoginType.TERMS in auth_result:
            yield self._on_user_consented(user_id, self.hs.config.user_consent_version)
@@ -708,14 +591,12 @@ class RegistrationHandler(BaseHandler):
        yield self.post_consent_actions(user_id)

    @defer.inlineCallbacks
-    def _register_email_threepid(self, user_id, threepid, token, bind_email):
+    def _register_email_threepid(self, user_id, threepid, token):
        """Add an email address as a 3pid identifier

        Also adds an email pusher for the email address, if configured in the
        HS config

-        Also optionally binds emails to the given user_id on the identity server
-
        Must be called on master.

        Args:
@@ -723,8 +604,6 @@ class RegistrationHandler(BaseHandler):
            threepid (object): m.login.email.identity auth response
            token (str|None): access_token for the user, or None if not logged
                in.
-            bind_email (bool): true if the client requested the email to be
-                bound at the identity server
        Returns:
            defer.Deferred:
        """
@@ -766,29 +645,15 @@ class RegistrationHandler(BaseHandler):
                data={},
            )

-        if bind_email:
-            logger.info("bind_email specified: binding")
-            logger.debug("Binding emails %s to %s" % (threepid, user_id))
-            yield self.identity_handler.bind_threepid(
-                threepid["threepid_creds"], user_id
-            )
-        else:
-            logger.info("bind_email not specified: not binding email")
-
    @defer.inlineCallbacks
-    def _register_msisdn_threepid(self, user_id, threepid, bind_msisdn):
+    def _register_msisdn_threepid(self, user_id, threepid):
        """Add a phone number as a 3pid identifier

-        Also optionally binds msisdn to the given user_id on the identity server
-
        Must be called on master.

        Args:
            user_id (str): id of user
            threepid (object): m.login.msisdn auth response
-            token (str): access_token for the user
-            bind_email (bool): true if the client requested the email to be
-                bound at the identity server
        Returns:
            defer.Deferred:
        """
@@ -804,12 +669,3 @@ class RegistrationHandler(BaseHandler):
        yield self._auth_handler.add_threepid(
            user_id, threepid["medium"], threepid["address"], threepid["validated_at"]
        )
-
-        if bind_msisdn:
-            logger.info("bind_msisdn specified: binding")
-            logger.debug("Binding msisdn %s to %s", threepid, user_id)
-            yield self.identity_handler.bind_threepid(
-                threepid["threepid_creds"], user_id
-            )
-        else:
-            logger.info("bind_msisdn not specified: not binding msisdn")
@@ -852,7 +852,6 @@ class RoomContextHandler(object):
        )
        if not event:
            return None
-            return

        filtered = yield (filter_evts([event]))
        if not filtered:
@@ -25,6 +25,7 @@ from unpaddedbase64 import decode_base64, encode_base64
 from twisted.internet import defer

 from synapse.api.constants import EventTypes, JoinRules
+from synapse.api.errors import Codes, HttpResponseException
 from synapse.types import ThirdPartyInstanceID
 from synapse.util.async_helpers import concurrently_execute
 from synapse.util.caches.descriptors import cachedInlineCallbacks
@@ -485,7 +486,33 @@ class RoomListHandler(BaseHandler):
            return {"chunk": [], "total_room_count_estimate": 0}

        if search_filter:
-            # We currently don't support searching across federation, so we have
+            # Searching across federation is defined in MSC2197.
+            # However, the remote homeserver may or may not actually support it.
+            # So we first try an MSC2197 remote-filtered search, then fall back
+            # to a locally-filtered search if we must.
+
+            try:
+                res = yield self._get_remote_list_cached(
+                    server_name,
+                    limit=limit,
+                    since_token=since_token,
+                    include_all_networks=include_all_networks,
+                    third_party_instance_id=third_party_instance_id,
+                    search_filter=search_filter,
+                )
+                return res
+            except HttpResponseException as hre:
+                syn_err = hre.to_synapse_error()
+                if hre.code in (404, 405) or syn_err.errcode in (
+                    Codes.UNRECOGNIZED,
+                    Codes.NOT_FOUND,
+                ):
+                    logger.debug("Falling back to locally-filtered /publicRooms")
+                else:
+                    raise  # Not an error that should trigger a fallback.
+
+            # if we reach this point, then we fall back to the situation where
+            # we currently don't support searching across federation, so we have
            # to do it manually without pagination
            limit = None
            since_token = None
@@ -903,7 +903,7 @@ class RoomMemberHandler(object):
        if not public_keys:
            public_keys.append(fallback_public_key)
        display_name = data["display_name"]
-        return (token, public_keys, fallback_public_key, display_name)
+        return token, public_keys, fallback_public_key, display_name

    @defer.inlineCallbacks
    def _is_host_in_room(self, current_state_ids):
@@ -962,9 +962,7 @@ class RoomMemberMasterHandler(RoomMemberHandler):
        )

        if complexity:
-            if complexity["v1"] > max_complexity:
-                return True
-            return False
+            return complexity["v1"] > max_complexity
        return None

    @defer.inlineCallbacks
@@ -980,10 +978,7 @@ class RoomMemberMasterHandler(RoomMemberHandler):
        max_complexity = self.hs.config.limit_remote_rooms.complexity
        complexity = yield self.store.get_room_complexity(room_id)

-        if complexity["v1"] > max_complexity:
-            return True
-
-        return False
+        return complexity["v1"] > max_complexity

    @defer.inlineCallbacks
    def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
@@ -14,15 +14,14 @@
 # limitations under the License.

 import logging
+from collections import Counter

 from twisted.internet import defer

-from synapse.api.constants import EventTypes, JoinRules, Membership
+from synapse.api.constants import EventTypes, Membership
 from synapse.handlers.state_deltas import StateDeltasHandler
 from synapse.metrics import event_processing_positions
 from synapse.metrics.background_process_metrics import run_as_background_process
-from synapse.types import UserID
-from synapse.util.metrics import Measure

 logger = logging.getLogger(__name__)

@@ -62,11 +61,10 @@ class StatsHandler(StateDeltasHandler):
    def notify_new_event(self):
        """Called when there may be more deltas to process
        """
-        if not self.hs.config.stats_enabled:
+        if not self.hs.config.stats_enabled or self._is_processing:
            return

-        if self._is_processing:
-            return
+        self._is_processing = True

        @defer.inlineCallbacks
        def process():
@@ -75,39 +73,72 @@ class StatsHandler(StateDeltasHandler):
            finally:
                self._is_processing = False

-        self._is_processing = True
        run_as_background_process("stats.notify_new_event", process)

    @defer.inlineCallbacks
    def _unsafe_process(self):
        # If self.pos is None then means we haven't fetched it from DB
        if self.pos is None:
-            self.pos = yield self.store.get_stats_stream_pos()
-
-        # If still None then the initial background update hasn't happened yet
-        if self.pos is None:
-            return None
+            self.pos = yield self.store.get_stats_positions()

        # Loop round handling deltas until we're up to date
+
        while True:
-            with Measure(self.clock, "stats_delta"):
-                deltas = yield self.store.get_current_state_deltas(self.pos)
-                if not deltas:
-                    return
+            deltas = yield self.store.get_current_state_deltas(self.pos)

-                logger.info("Handling %d state deltas", len(deltas))
-                yield self._handle_deltas(deltas)
+            if deltas:
+                logger.debug("Handling %d state deltas", len(deltas))
+                room_deltas, user_deltas = yield self._handle_deltas(deltas)

-                self.pos = deltas[-1]["stream_id"]
-                yield self.store.update_stats_stream_pos(self.pos)
+                max_pos = deltas[-1]["stream_id"]
+            else:
+                room_deltas = {}
+                user_deltas = {}
+                max_pos = yield self.store.get_room_max_stream_ordering()

-                event_processing_positions.labels("stats").set(self.pos)
+            # Then count deltas for total_events and total_event_bytes.
+            room_count, user_count = yield self.store.get_changes_room_total_events_and_bytes(
+                self.pos, max_pos
+            )
+
+            for room_id, fields in room_count.items():
+                room_deltas.setdefault(room_id, {}).update(fields)
+
+            for user_id, fields in user_count.items():
+                user_deltas.setdefault(user_id, {}).update(fields)
+
+            logger.debug("room_deltas: %s", room_deltas)
+            logger.debug("user_deltas: %s", user_deltas)
+
+            # Always call this so that we update the stats position.
+            yield self.store.bulk_update_stats_delta(
+                self.clock.time_msec(),
+                updates={"room": room_deltas, "user": user_deltas},
+                stream_id=max_pos,
+            )
+
+            event_processing_positions.labels("stats").set(max_pos)
+
+            if self.pos == max_pos:
+                break
+
+            self.pos = max_pos

    @defer.inlineCallbacks
    def _handle_deltas(self, deltas):
+        """Called with the state deltas to process
+
+        Returns:
+            Deferred[tuple[dict[str, Counter], dict[str, counter]]]
+            Resovles to two dicts, the room deltas and the user deltas,
+            mapping from room/user ID to changes in the various fields.
        """
-        Called with the state deltas to process
-        """
+
+        room_to_stats_deltas = {}
+        user_to_stats_deltas = {}
+
+        room_to_state_updates = {}
+
        for delta in deltas:
            typ = delta["type"]
            state_key = delta["state_key"]
@@ -115,11 +146,10 @@ class StatsHandler(StateDeltasHandler):
            event_id = delta["event_id"]
            stream_id = delta["stream_id"]
            prev_event_id = delta["prev_event_id"]
-            stream_pos = delta["stream_id"]

-            logger.debug("Handling: %r %r, %s", typ, state_key, event_id)
+            logger.debug("Handling: %r, %r %r, %s", room_id, typ, state_key, event_id)

-            token = yield self.store.get_earliest_token_for_room_stats(room_id)
+            token = yield self.store.get_earliest_token_for_stats("room", room_id)

            # If the earliest token to begin from is larger than our current
            # stream ID, skip processing this delta.
@@ -131,203 +161,130 @@ class StatsHandler(StateDeltasHandler):
                continue

            if event_id is None and prev_event_id is None:
-                # Errr...
+                logger.error(
+                    "event ID is None and so is the previous event ID. stream_id: %s",
+                    stream_id,
+                )
                continue

            event_content = {}

+            sender = None
            if event_id is not None:
                event = yield self.store.get_event(event_id, allow_none=True)
                if event:
                    event_content = event.content or {}
+                    sender = event.sender

-            # We use stream_pos here rather than fetch by event_id as event_id
-            # may be None
-            now = yield self.store.get_received_ts_by_stream_pos(stream_pos)
+            # All the values in this dict are deltas (RELATIVE changes)
+            room_stats_delta = room_to_stats_deltas.setdefault(room_id, Counter())

-            # quantise time to the nearest bucket
-            now = (now // 1000 // self.stats_bucket_size) * self.stats_bucket_size
+            room_state = room_to_state_updates.setdefault(room_id, {})
+
+            if prev_event_id is None:
+                # this state event doesn't overwrite another,
+                # so it is a new effective/current state event
+                room_stats_delta["current_state_events"] += 1

            if typ == EventTypes.Member:
                # we could use _get_key_change here but it's a bit inefficient
                # given we're not testing for a specific result; might as well
                # just grab the prev_membership and membership strings and
                # compare them.
-                prev_event_content = {}
+                # We take None rather than leave as a previous membership
+                # in the absence of a previous event because we do not want to
+                # reduce the leave count when a new-to-the-room user joins.
+                prev_membership = None
                if prev_event_id is not None:
                    prev_event = yield self.store.get_event(
                        prev_event_id, allow_none=True
                    )
                    if prev_event:
                        prev_event_content = prev_event.content
+                        prev_membership = prev_event_content.get(
+                            "membership", Membership.LEAVE
+                        )

                membership = event_content.get("membership", Membership.LEAVE)
-                prev_membership = prev_event_content.get("membership", Membership.LEAVE)

-                if prev_membership == membership:
-                    continue
-
-                if prev_membership == Membership.JOIN:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "joined_members", -1
-                    )
+                if prev_membership is None:
+                    logger.debug("No previous membership for this user.")
+                elif membership == prev_membership:
+                    pass  # noop
+                elif prev_membership == Membership.JOIN:
+                    room_stats_delta["joined_members"] -= 1
                elif prev_membership == Membership.INVITE:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "invited_members", -1
-                    )
+                    room_stats_delta["invited_members"] -= 1
                elif prev_membership == Membership.LEAVE:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "left_members", -1
-                    )
+                    room_stats_delta["left_members"] -= 1
                elif prev_membership == Membership.BAN:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "banned_members", -1
-                    )
+                    room_stats_delta["banned_members"] -= 1
                else:
-                    err = "%s is not a valid prev_membership" % (repr(prev_membership),)
-                    logger.error(err)
-                    raise ValueError(err)
+                    raise ValueError(
+                        "%r is not a valid prev_membership" % (prev_membership,)
+                    )

+                if membership == prev_membership:
+                    pass  # noop
                if membership == Membership.JOIN:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "joined_members", +1
-                    )
+                    room_stats_delta["joined_members"] += 1
                elif membership == Membership.INVITE:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "invited_members", +1
-                    )
+                    room_stats_delta["invited_members"] += 1
+
+                    if sender and self.is_mine_id(sender):
+                        user_to_stats_deltas.setdefault(sender, Counter())[
+                            "invites_sent"
+                        ] += 1
+
                elif membership == Membership.LEAVE:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "left_members", +1
-                    )
+                    room_stats_delta["left_members"] += 1
                elif membership == Membership.BAN:
-                    yield self.store.update_stats_delta(
-                        now, "room", room_id, "banned_members", +1
-                    )
+                    room_stats_delta["banned_members"] += 1
                else:
-                    err = "%s is not a valid membership" % (repr(membership),)
-                    logger.error(err)
-                    raise ValueError(err)
+                    raise ValueError("%r is not a valid membership" % (membership,))

                user_id = state_key
                if self.is_mine_id(user_id):
-                    # update user_stats as it's one of our users
-                    public = yield self._is_public_room(room_id)
+                    # this accounts for transitions like leave → ban and so on.
+                    has_changed_joinedness = (prev_membership == Membership.JOIN) != (
+                        membership == Membership.JOIN
+                    )

-                    if membership == Membership.LEAVE:
-                        yield self.store.update_stats_delta(
-                            now,
-                            "user",
-                            user_id,
-                            "public_rooms" if public else "private_rooms",
-                            -1,
-                        )
-                    elif membership == Membership.JOIN:
-                        yield self.store.update_stats_delta(
-                            now,
-                            "user",
-                            user_id,
-                            "public_rooms" if public else "private_rooms",
-                            +1,
-                        )
+                    if has_changed_joinedness:
+                        delta = +1 if membership == Membership.JOIN else -1
+
+                        user_to_stats_deltas.setdefault(user_id, Counter())[
+                            "joined_rooms"
+                        ] += delta
+
+                        room_stats_delta["local_users_in_room"] += delta

            elif typ == EventTypes.Create:
-                # Newly created room. Add it with all blank portions.
-                yield self.store.update_room_state(
-                    room_id,
-                    {
-                        "join_rules": None,
-                        "history_visibility": None,
-                        "encryption": None,
-                        "name": None,
-                        "topic": None,
-                        "avatar": None,
-                        "canonical_alias": None,
-                    },
-                )
-
+                room_state["is_federatable"] = event_content.get("m.federate", True)
+                if sender and self.is_mine_id(sender):
+                    user_to_stats_deltas.setdefault(sender, Counter())[
+                        "rooms_created"
+                    ] += 1
            elif typ == EventTypes.JoinRules:
-                yield self.store.update_room_state(
-                    room_id, {"join_rules": event_content.get("join_rule")}
-                )
-
-                is_public = yield self._get_key_change(
-                    prev_event_id, event_id, "join_rule", JoinRules.PUBLIC
-                )
-                if is_public is not None:
-                    yield self.update_public_room_stats(now, room_id, is_public)
-
+                room_state["join_rules"] = event_content.get("join_rule")
            elif typ == EventTypes.RoomHistoryVisibility:
-                yield self.store.update_room_state(
-                    room_id,
-                    {"history_visibility": event_content.get("history_visibility")},
+                room_state["history_visibility"] = event_content.get(
+                    "history_visibility"
                )
-
-                is_public = yield self._get_key_change(
-                    prev_event_id, event_id, "history_visibility", "world_readable"
-                )
-                if is_public is not None:
-                    yield self.update_public_room_stats(now, room_id, is_public)
-
            elif typ == EventTypes.Encryption:
-                yield self.store.update_room_state(
-                    room_id, {"encryption": event_content.get("algorithm")}
-                )
+                room_state["encryption"] = event_content.get("algorithm")
            elif typ == EventTypes.Name:
-                yield self.store.update_room_state(
-                    room_id, {"name": event_content.get("name")}
-                )
+                room_state["name"] = event_content.get("name")
            elif typ == EventTypes.Topic:
-                yield self.store.update_room_state(
-                    room_id, {"topic": event_content.get("topic")}
-                )
+                room_state["topic"] = event_content.get("topic")
            elif typ == EventTypes.RoomAvatar:
-                yield self.store.update_room_state(
-                    room_id, {"avatar": event_content.get("url")}
-                )
+                room_state["avatar"] = event_content.get("url")
            elif typ == EventTypes.CanonicalAlias:
-                yield self.store.update_room_state(
-                    room_id, {"canonical_alias": event_content.get("alias")}
-                )
+                room_state["canonical_alias"] = event_content.get("alias")
+            elif typ == EventTypes.GuestAccess:
+                room_state["guest_access"] = event_content.get("guest_access")

-    @defer.inlineCallbacks
-    def update_public_room_stats(self, ts, room_id, is_public):
-        """
-        Increment/decrement a user's number of public rooms when a room they are
-        in changes to/from public visibility.
+        for room_id, state in room_to_state_updates.items():
+            yield self.store.update_room_state(room_id, state)

-        Args:
-            ts (int): Timestamp in seconds
-            room_id (str)
-            is_public (bool)
-        """
-        # For now, blindly iterate over all local users in the room so that
-        # we can handle the whole problem of copying buckets over as needed
-        user_ids = yield self.store.get_users_in_room(room_id)
-
-        for user_id in user_ids:
-            if self.hs.is_mine(UserID.from_string(user_id)):
-                yield self.store.update_stats_delta(
-                    ts, "user", user_id, "public_rooms", +1 if is_public else -1
-                )
-                yield self.store.update_stats_delta(
-                    ts, "user", user_id, "private_rooms", -1 if is_public else +1
-                )
-
-    @defer.inlineCallbacks
-    def _is_public_room(self, room_id):
-        join_rules = yield self.state.get_current_state(room_id, EventTypes.JoinRules)
-        history_visibility = yield self.state.get_current_state(
-            room_id, EventTypes.RoomHistoryVisibility
-        )
-
-        if (join_rules and join_rules.content.get("join_rule") == JoinRules.PUBLIC) or (
-            (
-                history_visibility
-                and history_visibility.content.get("history_visibility")
-                == "world_readable"
-            )
-        ):
-            return True
-        else:
-            return False
+        return room_to_stats_deltas, user_to_stats_deltas
@@ -378,7 +378,7 @@ class SyncHandler(object):
                event_copy = {k: v for (k, v) in iteritems(event) if k != "room_id"}
                ephemeral_by_room.setdefault(room_id, []).append(event_copy)

-        return (now_token, ephemeral_by_room)
+        return now_token, ephemeral_by_room

    @defer.inlineCallbacks
    def _load_filtered_recents(
@@ -578,7 +578,6 @@ class SyncHandler(object):

        if not last_events:
            return None
-            return

        last_event = last_events[-1]
        state_ids = yield self.store.get_state_ids_for_event(
@@ -1332,7 +1331,7 @@ class SyncHandler(object):
                    )
                    if not tags_by_room:
                        logger.debug("no-oping sync")
-                        return ([], [], [], [])
+                        return [], [], [], []

        ignored_account_data = yield self.store.get_global_account_data_by_type_for_user(
            "m.ignored_user_list", user_id=user_id
@@ -1642,7 +1641,7 @@ class SyncHandler(object):
                )
            room_entries.append(entry)

-        return (room_entries, invited, newly_joined_rooms, newly_left_rooms)
+        return room_entries, invited, newly_joined_rooms, newly_left_rooms

    @defer.inlineCallbacks
    def _get_all_rooms(self, sync_result_builder, ignored_users):
@@ -1716,7 +1715,7 @@ class SyncHandler(object):
                    )
                )

-        return (room_entries, invited, [])
+        return room_entries, invited, []

    @defer.inlineCallbacks
    def _generate_room_entry(
@@ -319,4 +319,4 @@ class TypingNotificationEventSource(object):
        return self.get_typing_handler()._latest_room_serial

    def get_pagination_rows(self, user, pagination_config, key):
-        return ([], pagination_config.from_key)
+        return [], pagination_config.from_key
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jorik Schellekens	074e7b185f	comments	2019-09-12 15:58:32 +01:00
Jorik Schellekens	52135531cc	How did I flip that again??	2019-09-12 15:56:01 +01:00
Jorik Schellekens	83864cec6a	Fix error code indentations and handling	2019-09-11 13:38:16 +01:00
Jorik Schellekens	d910c4418e	Return boolean s instead of throwing an exception	2019-09-10 13:37:33 +01:00
Jorik Schellekens	f73a196ff2	typo Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2019-09-10 13:19:16 +01:00
Jorik Schellekens	06bae97015	newsfile	2019-09-06 11:45:51 +01:00
Jorik Schellekens	75483b6bf9	Exit 1 if all fail, else 4	2019-09-06 11:39:57 +01:00
Jorik Schellekens	9ee798e327	Return different error code if subset fails.	2019-09-06 11:33:07 +01:00
Jorik Schellekens	458040a081	Check in one place rather than two	2019-09-06 11:25:53 +01:00
Jorik Schellekens	38c2c5a215	Fix exit codes	2019-09-06 11:15:16 +01:00
Jorik Schellekens	f7c873a643	Trace how long it takes for the send trasaction to complete, including retrys (#5986 )	2019-09-05 17:44:55 +01:00
Jorik Schellekens	bc604e7f94	Gracefully handle log context slips and missing opentracing import errors. (#5988 )	2019-09-05 17:33:29 +01:00
Erik Johnston	1a6ae33309	Merge pull request #5984 from matrix-org/joriks/opentracing_link_send_to_edu_contexts Link the send loop with the edus contexts	2019-09-05 15:22:24 +01:00
Jorik Schellekens	ef20aa52eb	use access methods (duh..) Co-Authored-By: Erik Johnston <erik@matrix.org>	2019-09-05 15:07:17 +01:00
Jorik Schellekens	7093790fbc	Bugfix phrasing Co-Authored-By: Erik Johnston <erik@matrix.org>	2019-09-05 15:07:00 +01:00
Jorik Schellekens	5ade977d08	Opentracing context cannot be none	2019-09-05 15:06:13 +01:00
Jorik Schellekens	909827b422	Add opentracing to all client servlets (#5983 )	2019-09-05 14:46:04 +01:00
Jorik Schellekens	93bc9d73bf	newsfile	2019-09-05 14:45:07 +01:00
Jorik Schellekens	1d65292e94	Link the send loop with the edus contexts The contexts were being filtered too early so the send loop wasn't being linked to them unless the destination was whitelisted.	2019-09-05 14:42:37 +01:00
Andrew Morgan	a0d294c306	Switch to using v2 Identity Service APIs other than lookup (MSC 2140) (#5892 )	2019-09-05 14:31:22 +01:00
Jorik Schellekens	b9cfd3c375	Fix opentracing contexts missing from outbound replication requests (#5982 )	2019-09-05 14:22:15 +01:00
Andrew Morgan	90d17a3d28	Add POST /_matrix/client/r0/account/3pid/unbind (MSC2140) (#5980 ) Implements `POST /_matrix/client/r0/account/3pid/unbind` from [MSC2140](https://github.com/matrix-org/matrix-doc/blob/dbkr/tos_2/proposals/2140-terms-of-service-2.md#post-_matrixclientr0account3pidunbind).	2019-09-05 14:00:30 +01:00
Andrew Morgan	b736c6cd3a	Remove bind_email and bind_msisdn (#5964 ) Removes the `bind_email` and `bind_msisdn` parameters from the `/register` C/S API endpoint as per [MSC2140: Terms of Service for ISes and IMs](https://github.com/matrix-org/matrix-doc/pull/2140/files#diff-c03a26de5ac40fb532de19cb7fc2aaf7R107).	2019-09-04 18:24:23 +01:00
Andrew Morgan	b09d443632	Cleanup event auth type initialisation (#5975 ) Very small code cleanup.	2019-09-04 16:16:56 +01:00
Erik Johnston	6e834e94fc	Fix and refactor room and user stats (#5971 ) Previously the stats were not being correctly populated.	2019-09-04 13:04:27 +01:00
Andrew Morgan	ea128a3e8e	code cleanups	2019-09-03 21:05:06 +01:00
Travis Ralston	2f416fc997	Ensure the list media admin API is always available (#5966 ) * Ensure the list media admin API is always available This API is required for some external media repo implementations to operate (mostly for doing quarantine operations on a room). * changelog	2019-09-03 13:35:20 -06:00
Andrew Morgan	6b6086b8bf	Fix docstring	2019-09-03 20:00:09 +01:00
Andrew Morgan	a98b8583c6	Remove unnecessary variable declaration	2019-09-03 19:58:51 +01:00
Michael Kaye	894c1a5759	Docker packaging should not su-exec or chmod if already running as UID/GID (#5970 ) Adjust su-exec to only be used if needed. If UID == getuid() and GID == getgid() then we do not need to su-exec, and chmod will not work.	2019-09-03 16:36:01 +01:00
Travis Ralston	0eac7077c9	Ensure an auth instance is available to ListMediaInRoom (#5967 ) * Ensure an auth instance is available to ListMediaInRoom Fixes https://github.com/matrix-org/synapse/issues/5737 * Changelog	2019-09-03 09:01:30 -06:00
Matthew Hodgson	8401bcd206	fix typo	2019-09-03 12:44:14 +01:00
Andrew Morgan	2a44782666	Remove double return statements (#5962 ) Remove all the "double return" statements which were a result of us removing all the instances of ``` defer.returnValue(...) return ``` statements when we switched to python3 fully.	2019-09-03 11:42:45 +01:00
Jorik Schellekens	a90d16dabc	Opentrace device lists (#5853 ) Trace device list changes.	2019-09-03 10:21:30 +01:00
Andrew Morgan	36f34e6f3d	Remove unused methods from c/s api v1 in register.py (#5963 ) These methods were part of the v1 C/S API. Remove them as they are no longer used by any code paths.	2019-09-02 18:29:21 +01:00
L0ric0	ce7803b8b0	fix thumbnail storage location (#5915 ) * fix thumbnail storage location Signed-off-by: Lorenz Steinert <lorenz@steinerts.de> * Add changelog file. Signed-off-by: Lorenz Steinert <lorenz@steinerts.de> * Update Changelog Signed-off-by: Lorenz Steinert <lorenz@steinerts.de>	2019-09-02 12:18:41 +01:00
Aaron Raimist	cee00a3584	Update INSTALL.md to say that Python 2 is no longer supported (#5953 ) Signed-off-by: Aaron Raimist <aaron@raim.ist>	2019-09-02 11:27:39 +01:00
Andrew Morgan	2a012e8a04	Revert "Add m.id_access_token flag (#5930 )" (#5945 ) This reverts commit `4765f0cfd9`.	2019-08-30 17:13:37 +01:00
Andrew Morgan	4548d1f87e	Remove unnecessary parentheses around return statements (#5931 ) Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :)	2019-08-30 16:28:26 +01:00
Amber Brown	4fca313389	Move buildkite config to the pipelines repo (#5943 )	2019-08-31 01:01:57 +10:00
Andrew Morgan	4765f0cfd9	Add m.id_access_token flag (#5930 ) Adds a flag to `/versions`' `unstable_features` section indicating that this Synapse understands what an `id_access_token` is, as per https://github.com/matrix-org/synapse/issues/5927#issuecomment-523566043 Fixes #5927	2019-08-30 15:22:51 +01:00
Amber Brown	d19505a8c1	Removed unused jenkins/ folder and script (#5938 )	2019-08-30 23:13:16 +10:00
Andrew Morgan	3057095a5d	Revert "Use the v2 lookup API for 3PID invites (#5897 )" (#5937 ) This reverts commit `71fc04069a`. This broke 3PID invites as #5892 was required for it to work correctly.	2019-08-30 12:00:20 +01:00
Amber Brown	5625abe503	Fix buildkite pipeline plugin matrix-org/annotate using the wrong variable config	2019-08-30 15:06:40 +10:00
Amber Brown	e7011280c7	Fix coverage in sytest and use plugins for buildkite (#5922 )	2019-08-29 22:19:57 +10:00
Jorik Schellekens	92c1550f4a	Add a link to python's logging config schema (#5926 )	2019-08-28 19:08:32 +01:00
Will Hunt	c8fa620d7a	Merge pull request #5902 from matrix-org/hs/exempt-support-users-from-consent Exempt support users from consent	2019-08-28 16:31:40 +01:00
Jorik Schellekens	deca277d09	Let synctl use a config directory. (#5904 ) * Let synctl use a config directory.	2019-08-28 15:55:58 +01:00
Will Hunt	5798a134c0	Removing entry for 5903	2019-08-28 14:25:05 +01:00
Andrew Morgan	71fc04069a	Use the v2 lookup API for 3PID invites (#5897 ) Fixes https://github.com/matrix-org/synapse/issues/5861 Adds support for the v2 lookup API as defined in [MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134). Currently this is only used for 3PID invites. Sytest PR: https://github.com/matrix-org/sytest/pull/679	2019-08-28 14:59:26 +02:00
Jorik Schellekens	6d97843793	Config templating (#5900 ) Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org>	2019-08-28 13:12:22 +01:00
Amber Brown	7dc398586c	Implement a structured logging output system. (#5680 )	2019-08-28 21:18:53 +10:00
Richard van der Hoff	49ef8ec399	Fix a cache-invalidation bug for worker-based deployments (#5920 ) Some of the caches on worker processes were not being correctly invalidated when a room's state was changed in a way that did not affect the membership list of the room. We need to make sure we send out cache invalidations even when no memberships are changing.	2019-08-28 10:18:16 +01:00
reivilibre	a3f0635686	Merge pull request #5914 from matrix-org/rei/admin_getadmin Add GET method to admin API /users/@user:dom/admin	2019-08-28 09:44:22 +01:00
Victor Goff	1196ee32b3	Typographical corrections in docker/README (#5921 )	2019-08-28 09:34:49 +01:00
reivilibre	7ccc251415	Merge pull request #5859 from matrix-org/rei/msc2197 MSC2197 Search Filters over Federation	2019-08-28 09:00:21 +01:00
Erik Johnston	dfd10f5133	Merge pull request #5864 from matrix-org/erikj/reliable_lookups Refactor MatrixFederationAgent to retry SRV.	2019-08-27 16:54:06 +01:00
Erik Johnston	91caa5b430	Fix off by one error in SRV result shuffling	2019-08-27 13:56:42 +01:00
Olivier Wilkinson (reivilibre)	1b959b6977	Document GET method for retrieving admin bit of user in admin API Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-27 13:19:19 +01:00
Olivier Wilkinson (reivilibre)	c88a119259	Add GET method to admin API /users/@user:dom/admin Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-27 13:12:27 +01:00
Erik Johnston	fbb758a7ce	Fixup comments	2019-08-23 15:37:20 +01:00
Erik Johnston	e70f0081da	Fix logcontexts	2019-08-23 15:37:20 +01:00
Will Hunt	c998f25006	Apply suggestions from code review Co-Authored-By: Erik Johnston <erik@matrix.org>	2019-08-23 10:28:54 +01:00
Half-Shot	4a2d2c2b6f	Update changelog	2019-08-23 09:57:07 +01:00
Half-Shot	9ba32f6573	Exempt bot users	2019-08-23 09:56:31 +01:00
Half-Shot	ffa5b757c7	Merge branch 'hs/bot-user-type' into hs/exempt-support-users-from-consent	2019-08-23 09:55:57 +01:00
Half-Shot	971c980c6e	Add changelog	2019-08-23 09:53:48 +01:00
Half-Shot	d9b8cf81be	Add bot type	2019-08-23 09:52:09 +01:00
Half-Shot	0fb5189072	Fix registration test	2019-08-23 09:25:35 +01:00
Half-Shot	80793e813c	newsfile 5902	2019-08-23 09:20:31 +01:00
Half-Shot	ae38e0569f	Ignore consent for support users	2019-08-23 09:15:10 +01:00
Half-Shot	886eceba3e	Return user_type in get_user_by_id	2019-08-23 09:14:52 +01:00
Erik Johnston	1e4b4d85e7	Merge branch 'develop' of github.com:matrix-org/synapse into erikj/reliable_lookups	2019-08-22 13:41:57 +01:00
Erik Johnston	29763f01c6	Make changelog entry be a feature	2019-08-20 12:38:06 +01:00
Erik Johnston	74f016d343	Remove now unused pick_server_from_list	2019-08-20 12:37:08 +01:00
Erik Johnston	1f9df1cc7b	Fixup _sort_server_list to be slightly more efficient Also document that we are using the algorithm described in RFC2782 and ensure we handle zero weight correctly.	2019-08-20 12:36:11 +01:00
Erik Johnston	7777d353bf	Remove test debugs	2019-08-20 11:46:59 +01:00
Olivier Wilkinson (reivilibre)	502728777c	Newsfile on one line Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-20 08:49:53 +01:00
Olivier Wilkinson (reivilibre)	bb29bc2937	Use MSC2197 on stable prefix as it has almost finished FCP Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-20 08:49:31 +01:00
Erik Johnston	c03e3e8301	Newsfile	2019-08-15 15:43:22 +01:00
Erik Johnston	f299c5414c	Refactor MatrixFederationAgent to retry SRV. This refactors MatrixFederationAgent to move the SRV lookup into the endpoint code, this has two benefits: 1. Its easier to retry different host/ports in the same way as HostnameEndpoint. 2. We avoid SRV lookups if we have a free connection in the pool	2019-08-15 15:43:22 +01:00
Olivier Wilkinson (reivilibre)	a3df04a899	Newsfile Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-15 11:09:07 +01:00
Olivier Wilkinson (reivilibre)	2253b083d9	Add support for inbound MSC2197 requests on unstable Federation API Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-15 11:06:21 +01:00
Olivier Wilkinson (reivilibre)	6fadb560fc	Support MSC2197 outbound with unstable prefix Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>	2019-08-15 10:59:37 +01:00
				`@@ -0,0 +1 @@`
				`Lay the groundwork for structured logging output.`
				`@@ -0,0 +1 @@`
				`Add unstable support for MSC2197 (filtered search requests over federation), in order to allow upcoming room directory query performance improvements.`
				`@@ -0,0 +1 @@`
				`Correctly retry all hosts returned from SRV when we fail to connect.`
				`@@ -0,0 +1 @@`
				`Compatibility with v2 Identity Service APIs other than /lookup.`
				`@@ -0,0 +1 @@`
				`Users with the type of "support" or "bot" are no longer required to consent.`
				`@@ -0,0 +1 @@`
				`Let synctl accept a directory of config files.`
				`@@ -0,0 +1 @@`
				`Add admin API endpoint for getting whether or not a user is a server administrator.`
				`@@ -0,0 +1 @@`
				Fix 404 for thumbnail download when `dynamic_thumbnails` is `false` and the thumbnail was dynamically generated. Fix reported by rkfg.
				`@@ -0,0 +1 @@`
				`Fix a cache-invalidation bug for worker-based deployments.`