changelog

Remove m.relates_to from events if the client set it to null
It appears as though Python only checks to see if the key exists in a dictionary, not necessarily for a useful value. This means that when clients submit (valid) requests with `m.relates_to: null` and Synapse later reads it, it gets a None reference error on access. This is the easier route than guarding all the places where it could be None.
2019-05-22 19:16:02 -06:00 · 2019-05-22 19:14:10 -06:00
536 changed files with 17244 additions and 35783 deletions
--- a/.buildkite/docker-compose.py27.pg94.yaml
+++ b/.buildkite/docker-compose.py27.pg94.yaml
@@ -0,0 +1,21 @@
+version: '3.1'
+
+services:
+
+  postgres:
+    image: postgres:9.4
+    environment:
+      POSTGRES_PASSWORD: postgres
+
+  testenv:
+    image: python:2.7
+    depends_on:
+      - postgres
+    env_file: .env
+    environment:
+      SYNAPSE_POSTGRES_HOST: postgres
+      SYNAPSE_POSTGRES_USER: postgres
+      SYNAPSE_POSTGRES_PASSWORD: postgres
+    working_dir: /app
+    volumes:
+      - ..:/app
--- a/.buildkite/docker-compose.py27.pg95.yaml
+++ b/.buildkite/docker-compose.py27.pg95.yaml
@@ -0,0 +1,21 @@
+version: '3.1'
+
+services:
+
+  postgres:
+    image: postgres:9.5
+    environment:
+      POSTGRES_PASSWORD: postgres
+
+  testenv:
+    image: python:2.7
+    depends_on:
+      - postgres
+    env_file: .env
+    environment:
+      SYNAPSE_POSTGRES_HOST: postgres
+      SYNAPSE_POSTGRES_USER: postgres
+      SYNAPSE_POSTGRES_PASSWORD: postgres
+    working_dir: /app
+    volumes:
+      - ..:/app
--- a/.buildkite/docker-compose.py35.pg94.yaml
+++ b/.buildkite/docker-compose.py35.pg94.yaml
@@ -0,0 +1,21 @@
+version: '3.1'
+
+services:
+
+  postgres:
+    image: postgres:9.4
+    environment:
+      POSTGRES_PASSWORD: postgres
+
+  testenv:
+    image: python:3.5
+    depends_on:
+      - postgres
+    env_file: .env
+    environment:
+      SYNAPSE_POSTGRES_HOST: postgres
+      SYNAPSE_POSTGRES_USER: postgres
+      SYNAPSE_POSTGRES_PASSWORD: postgres
+    working_dir: /app
+    volumes:
+      - ..:/app
--- a/.buildkite/format_tap.py
+++ b/.buildkite/format_tap.py
@@ -1,33 +0,0 @@
-import sys
-from tap.parser import Parser
-from tap.line import Result, Unknown, Diagnostic
-
-out = ["### TAP Output for " + sys.argv[2]]
-
-p = Parser()
-
-in_error = False
-
-for line in p.parse_file(sys.argv[1]):
-    if isinstance(line, Result):
-        if in_error:
-            out.append("")
-            out.append("</pre></code></details>")
-            out.append("")
-            out.append("----")
-            out.append("")
-        in_error = False
-
-        if not line.ok and not line.todo:
-            in_error = True
-
-            out.append("FAILURE Test #%d: ``%s``" % (line.number, line.description))
-            out.append("")
-            out.append("<details><summary>Show log</summary><code><pre>")
-
-    elif isinstance(line, Diagnostic) and in_error:
-        out.append(line.text)
-
-if out:
-    for line in out[:-3]:
-        print(line)
--- a/.buildkite/pipeline.yml
+++ b/.buildkite/pipeline.yml
@@ -2,11 +2,10 @@ env:
  CODECOV_TOKEN: "2dd7eb9b-0eda-45fe-a47c-9b5ac040045f"

 steps:
-
  - command:
      - "python -m pip install tox"
-      - "tox -e check_codestyle"
-    label: "\U0001F9F9 Check Style"
+      - "tox -e pep8"
+    label: "\U0001F9F9 PEP-8"
    plugins:
      - docker#v3.0.1:
          image: "python:3.6"
@@ -37,6 +36,8 @@ steps:
          image: "python:3.6"
          propagate-environment: true

+  - wait
+
  - command:
      - "python -m pip install tox"
      - "tox -e check-sampleconfig"
@@ -45,26 +46,16 @@ steps:
      - docker#v3.0.1:
          image: "python:3.6"

-  - wait
-
-
  - command:
-      - "apt-get update && apt-get install -y python3.5 python3.5-dev python3-pip libxml2-dev libxslt-dev zlib1g-dev"
-      - "python3.5 -m pip install tox"
-      - "tox -e py35-old,codecov"
-    label: ":python: 3.5 / SQLite / Old Deps"
+      - "python -m pip install tox"
+      - "tox -e py27,codecov"
+    label: ":python: 2.7 / SQLite"
    env:
      TRIAL_FLAGS: "-j 2"
    plugins:
      - docker#v3.0.1:
-          image: "ubuntu:xenial"  # We use xenail to get an old sqlite and python
+          image: "python:2.7"
          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2

  - command:
      - "python -m pip install tox"
@@ -76,12 +67,6 @@ steps:
      - docker#v3.0.1:
          image: "python:3.5"
          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2

  - command:
      - "python -m pip install tox"
@@ -93,12 +78,6 @@ steps:
      - docker#v3.0.1:
          image: "python:3.6"
          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2

  - command:
      - "python -m pip install tox"
@@ -110,18 +89,54 @@ steps:
      - docker#v3.0.1:
          image: "python:3.7"
          propagate-environment: true
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
+
+  - command:
+      - "python -m pip install tox"
+      - "tox -e py27-old,codecov"
+    label: ":python: 2.7 / SQLite / Old Deps"
+    env:
+      TRIAL_FLAGS: "-j 2"
+    plugins:
+      - docker#v3.0.1:
+          image: "python:2.7"
+          propagate-environment: true
+
+  - label: ":python: 2.7 / :postgres: 9.4"
+    env:
+      TRIAL_FLAGS: "-j 4"
+    command:
+      - "bash -c 'python -m pip install tox && python -m tox -e py27-postgres,codecov'"
+    plugins:
+      - docker-compose#v2.1.0:
+          run: testenv
+          config:
+            - .buildkite/docker-compose.py27.pg94.yaml
+
+  - label: ":python: 2.7 / :postgres: 9.5"
+    env:
+      TRIAL_FLAGS: "-j 4"
+    command:
+      - "bash -c 'python -m pip install tox && python -m tox -e py27-postgres,codecov'"
+    plugins:
+      - docker-compose#v2.1.0:
+          run: testenv
+          config:
+            - .buildkite/docker-compose.py27.pg95.yaml
+
+  - label: ":python: 3.5 / :postgres: 9.4"
+    env:
+      TRIAL_FLAGS: "-j 4"
+    command:
+      - "bash -c 'python -m pip install tox && python -m tox -e py35-postgres,codecov'"
+    plugins:
+      - docker-compose#v2.1.0:
+          run: testenv
+          config:
+            - .buildkite/docker-compose.py35.pg94.yaml

  - label: ":python: 3.5 / :postgres: 9.5"
-    agents:
-      queue: "medium"
    env:
-      TRIAL_FLAGS: "-j 8"
+      TRIAL_FLAGS: "-j 4"
    command:
      - "bash -c 'python -m pip install tox && python -m tox -e py35-postgres,codecov'"
    plugins:
@@ -129,18 +144,10 @@ steps:
          run: testenv
          config:
            - .buildkite/docker-compose.py35.pg95.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2

  - label: ":python: 3.7 / :postgres: 9.5"
-    agents:
-      queue: "medium"
    env:
-      TRIAL_FLAGS: "-j 8"
+      TRIAL_FLAGS: "-j 4"
    command:
      - "bash -c 'python -m pip install tox && python -m tox -e py37-postgres,codecov'"
    plugins:
@@ -148,18 +155,10 @@ steps:
          run: testenv
          config:
            - .buildkite/docker-compose.py37.pg95.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2

  - label: ":python: 3.7 / :postgres: 11"
-    agents:
-      queue: "medium"
    env:
-      TRIAL_FLAGS: "-j 8"
+      TRIAL_FLAGS: "-j 4"
    command:
      - "bash -c 'python -m pip install tox && python -m tox -e py37-postgres,codecov'"
    plugins:
@@ -167,74 +166,3 @@ steps:
          run: testenv
          config:
            - .buildkite/docker-compose.py37.pg11.yaml
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-
-  - label: "SyTest - :python: 3.5 / SQLite / Monolith"
-    agents:
-      queue: "medium"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: "SyTest - :python: 3.5 / :postgres: 9.6 / Monolith"
-    agents:
-      queue: "medium"
-    env:
-      POSTGRES: "1"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
-
-  - label: "SyTest - :python: 3.5 / :postgres: 9.6 / Workers"
-    agents:
-      queue: "medium"
-    env:
-      POSTGRES: "1"
-      WORKERS: "1"
-      BLACKLIST: "synapse-blacklist-with-workers"
-    command:
-      - "bash .buildkite/merge_base_branch.sh"
-      - "bash -c 'cat /src/sytest-blacklist /src/.buildkite/worker-blacklist > /src/synapse-blacklist-with-workers'"
-      - "bash /synapse_sytest.sh"
-    plugins:
-      - docker#v3.0.1:
-          image: "matrixdotorg/sytest-synapse:py35"
-          propagate-environment: true
-          always-pull: true
-          workdir: "/src"
-    retry:
-      automatic:
-        - exit_status: -1
-          limit: 2
-        - exit_status: 2
-          limit: 2
--- a/.buildkite/worker-blacklist
+++ b/.buildkite/worker-blacklist
@@ -1,30 +0,0 @@
-# This file serves as a blacklist for SyTest tests that we expect will fail in
-# Synapse when run under worker mode. For more details, see sytest-blacklist.
-
-Message history can be paginated
-
-Can re-join room if re-invited
-
-/upgrade creates a new room
-
-The only membership state included in an initial sync is for all the senders in the timeline
-
-Local device key changes get to remote servers
-
-If remote user leaves room we no longer receive device updates
-
-Forgotten room messages cannot be paginated
-
-Inbound federation can get public room list
-
-Members from the gap are included in gappy incr LL sync
-
-Leaves are present in non-gapped incremental syncs
-
-Old leaves are present in gapped incremental syncs
-
-User sees updates to presence from other users in the incremental sync.
-
-Gapped incremental syncs include all state changes
-
-Old members are included in gappy incr LL sync if they start speaking
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -4,23 +4,160 @@ jobs:
    machine: true
    steps:
      - checkout
-      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:${CIRCLE_TAG} -t matrixdotorg/synapse:${CIRCLE_TAG}-py3 .
+      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:${CIRCLE_TAG}-py2 .
+      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:${CIRCLE_TAG} -t matrixdotorg/synapse:${CIRCLE_TAG}-py3 --build-arg PYTHON_VERSION=3.6 .
      - run: docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD
      - run: docker push matrixdotorg/synapse:${CIRCLE_TAG}
+      - run: docker push matrixdotorg/synapse:${CIRCLE_TAG}-py2
      - run: docker push matrixdotorg/synapse:${CIRCLE_TAG}-py3
  dockerhubuploadlatest:
    machine: true
    steps:
      - checkout
-      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:latest -t matrixdotorg/synapse:latest-py3 .
+      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:latest-py2 .
+      - run: docker build -f docker/Dockerfile --label gitsha1=${CIRCLE_SHA1} -t matrixdotorg/synapse:latest -t matrixdotorg/synapse:latest-py3 --build-arg PYTHON_VERSION=3.6 .
      - run: docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD
      - run: docker push matrixdotorg/synapse:latest
+      - run: docker push matrixdotorg/synapse:latest-py2
      - run: docker push matrixdotorg/synapse:latest-py3
+  sytestpy2:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy2
+    working_directory: /src
+    steps:
+      - checkout
+      - run: /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy2postgres:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy2
+    working_directory: /src
+    steps:
+      - checkout
+      - run: POSTGRES=1 /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy2merged:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy2
+    working_directory: /src
+    steps:
+      - checkout
+      - run: bash .circleci/merge_base_branch.sh
+      - run: /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy2postgresmerged:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy2
+    working_directory: /src
+    steps:
+      - checkout
+      - run: bash .circleci/merge_base_branch.sh
+      - run: POSTGRES=1 /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+
+  sytestpy3:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy3
+    working_directory: /src
+    steps:
+      - checkout
+      - run: /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy3postgres:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy3
+    working_directory: /src
+    steps:
+      - checkout
+      - run: POSTGRES=1 /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy3merged:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy3
+    working_directory: /src
+    steps:
+      - checkout
+      - run: bash .circleci/merge_base_branch.sh
+      - run: /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs
+  sytestpy3postgresmerged:
+    docker:
+      - image: matrixdotorg/sytest-synapsepy3
+    working_directory: /src
+    steps:
+      - checkout
+      - run: bash .circleci/merge_base_branch.sh
+      - run: POSTGRES=1 /synapse_sytest.sh
+      - store_artifacts:
+          path: /logs
+          destination: logs
+      - store_test_results:
+          path: /logs

 workflows:
  version: 2
  build:
    jobs:
+      - sytestpy2:
+          filters:
+            branches:
+              only: /develop|master|release-.*/
+      - sytestpy2postgres:
+          filters:
+            branches:
+              only: /develop|master|release-.*/
+      - sytestpy3:
+          filters:
+            branches:
+              only: /develop|master|release-.*/
+      - sytestpy3postgres:
+          filters:
+            branches:
+              only: /develop|master|release-.*/
+      - sytestpy2merged:
+          filters:
+            branches:
+              ignore: /develop|master|release-.*/
+      - sytestpy2postgresmerged:
+          filters:
+            branches:
+              ignore: /develop|master|release-.*/
+      - sytestpy3merged:
+          filters:
+            branches:
+              ignore: /develop|master|release-.*/
+      - sytestpy3postgresmerged:
+          filters:
+            branches:
+              ignore: /develop|master|release-.*/
      - dockerhubuploadrelease:
          filters:
            tags:
--- a/.buildkite/merge_base_branch.sh
+++ b/.buildkite/merge_base_branch.sh
@@ -1,21 +1,22 @@
 #!/usr/bin/env bash

-set -ex
+set -e

-if [[ "$BUILDKITE_BRANCH" =~ ^(develop|master|dinsic|shhs|release-.*)$ ]]; then
-    echo "Not merging forward, as this is a release branch"
-    exit 0
-fi
+# CircleCI doesn't give CIRCLE_PR_NUMBER in the environment for non-forked PRs. Wonderful.
+# In this case, we just need to do some ~shell magic~ to strip it out of the PULL_REQUEST URL.
+echo 'export CIRCLE_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"' >> $BASH_ENV
+source $BASH_ENV

-if [[ -z $BUILDKITE_PULL_REQUEST_BASE_BRANCH ]]; then
-    echo "Not a pull request, or hasn't had a PR opened yet..."
+if [[ -z "${CIRCLE_PR_NUMBER}" ]]
+then
+    echo "Can't figure out what the PR number is! Assuming merge target is develop."

    # It probably hasn't had a PR opened yet. Since all PRs land on develop, we
    # can probably assume it's based on it and will be merged into it.
    GITBASE="develop"
 else
    # Get the reference, using the GitHub API
-    GITBASE=$BUILDKITE_PULL_REQUEST_BASE_BRANCH
+    GITBASE=`wget -O- https://api.github.com/repos/matrix-org/synapse/pulls/${CIRCLE_PR_NUMBER} | jq -r '.base.ref'`
 fi

 # Show what we are before
--- a/.codecov.yml
+++ b/.codecov.yml
@@ -1,4 +1,5 @@
-comment: off
+comment:
+  layout: "diff"

 coverage:
  status:
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,13 +1,9 @@
-# ignore everything by default
-*
-
-# things to include
-!docker
-!scripts
-!synapse
-!MANIFEST.in
-!README.rst
-!setup.py
-!synctl
-
-**/__pycache__
+Dockerfile
+.travis.yml
+.gitignore
+demo/etc
+tox.ini
+.git/*
+.tox/*
+debian/matrix-synapse/
+debian/matrix-synapse-*/
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +0,0 @@
-# One username per supported platform and one custom link
-patreon: matrixdotorg
-liberapay: matrixdotorg
-custom: https://paypal.me/matrixdotorg
--- a/.github/ISSUE_TEMPLATE/SUPPORT_REQUEST.md
+++ b/.github/ISSUE_TEMPLATE/SUPPORT_REQUEST.md
@@ -4,7 +4,6 @@ about: I need support for Synapse

 ---

-Please don't file github issues asking for support.
+# Please ask for support in [**#matrix:matrix.org**](https://matrix.to/#/#matrix:matrix.org)

-Instead, please join [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org)
-(from a matrix.org account if necessary), and ask there.
+## Don't file an issue as a support request.
--- a/.github/SUPPORT.md
+++ b/.github/SUPPORT.md
@@ -1,3 +1,3 @@
-[**#synapse:matrix.org**](https://matrix.to/#/#synapse:matrix.org) is the official support room for
-Synapse, and can be accessed by any client from https://matrix.org/docs/projects/try-matrix-now.html.
-Please ask for support there, rather than filing github issues.
+[**#matrix:matrix.org**](https://matrix.to/#/#matrix:matrix.org) is the official support room for Matrix, and can be accessed by any client from https://matrix.org/docs/projects/try-matrix-now.html 
+
+It can also be access via IRC bridge at irc://irc.freenode.net/matrix or on the web here: https://webchat.freenode.net/?channels=matrix
--- a/.gitignore
+++ b/.gitignore
@@ -16,7 +16,6 @@ _trial_temp*/
 /*.log
 /*.log.config
 /*.pid
-/.python-version
 /*.signing.key
 /env/
 /homeserver*.yaml
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -72,6 +72,3 @@ Jason Robinson <jasonr at matrix.org>

 Joseph Weston <joseph at weston.cloud>
 + Add admin API for querying HS version
-
-Benjamin Saunders <ben.e.saunders at gmail dot com>
- * Documentation improvements
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,496 +1,8 @@
-Synapse 1.3.1 (2019-08-17)
-==========================
-
-Features
--------
-
- Drop hard dependency on `sdnotify` python package. ([\#5871](https://github.com/matrix-org/synapse/issues/5871))
-
-
-Bugfixes
--------
-
- Fix startup issue (hang on ACME provisioning) due to ordering of Twisted reactor startup. Thanks to @chrismoos for supplying the fix. ([\#5867](https://github.com/matrix-org/synapse/issues/5867))
-
-
-Synapse 1.3.0 (2019-08-15)
-==========================
-
-Bugfixes
--------
-
- Fix 500 Internal Server Error on `publicRooms` when the public room list was
-  cached. ([\#5851](https://github.com/matrix-org/synapse/issues/5851))
-
-
-Synapse 1.3.0rc1 (2019-08-13)
-==========================
-
-Features
--------
-
- Use `M_USER_DEACTIVATED` instead of `M_UNKNOWN` for errcode when a deactivated user attempts to login. ([\#5686](https://github.com/matrix-org/synapse/issues/5686))
- Add sd_notify hooks to ease systemd integration and allows usage of Type=Notify. ([\#5732](https://github.com/matrix-org/synapse/issues/5732))
- Synapse will no longer serve any media repo admin endpoints when `enable_media_repo` is set to False in the configuration. If a media repo worker is used, the admin APIs relating to the media repo will be served from it instead. ([\#5754](https://github.com/matrix-org/synapse/issues/5754), [\#5848](https://github.com/matrix-org/synapse/issues/5848))
- Synapse can now be configured to not join remote rooms of a given "complexity" (currently, state events) over federation. This option can be used to prevent adverse performance on resource-constrained homeservers. ([\#5783](https://github.com/matrix-org/synapse/issues/5783))
- Allow defining HTML templates to serve the user on account renewal attempt when using the account validity feature. ([\#5807](https://github.com/matrix-org/synapse/issues/5807))
-
-
-Bugfixes
--------
-
- Fix UISIs during homeserver outage. ([\#5693](https://github.com/matrix-org/synapse/issues/5693), [\#5789](https://github.com/matrix-org/synapse/issues/5789))
- Fix stack overflow in server key lookup code. ([\#5724](https://github.com/matrix-org/synapse/issues/5724))
- start.sh no longer uses deprecated cli option. ([\#5725](https://github.com/matrix-org/synapse/issues/5725))
- Log when we receive an event receipt from an unexpected origin. ([\#5743](https://github.com/matrix-org/synapse/issues/5743))
- Fix debian packaging scripts to correctly build sid packages. ([\#5775](https://github.com/matrix-org/synapse/issues/5775))
- Correctly handle redactions of redactions. ([\#5788](https://github.com/matrix-org/synapse/issues/5788))
- Return 404 instead of 403 when accessing /rooms/{roomId}/event/{eventId} for an event without the appropriate permissions. ([\#5798](https://github.com/matrix-org/synapse/issues/5798))
- Fix check that tombstone is a state event in push rules. ([\#5804](https://github.com/matrix-org/synapse/issues/5804))
- Fix error when trying to login as a deactivated user when using a worker to handle login. ([\#5806](https://github.com/matrix-org/synapse/issues/5806))
- Fix bug where user `/sync` stream could get wedged in rare circumstances. ([\#5825](https://github.com/matrix-org/synapse/issues/5825))
- The purge_remote_media.sh script was fixed. ([\#5839](https://github.com/matrix-org/synapse/issues/5839))
-
-
-Deprecations and Removals
-------------------------
-
- Synapse now no longer accepts the `-v`/`--verbose`, `-f`/`--log-file`, or `--log-config` command line flags, and removes the deprecated `verbose` and `log_file` configuration file options. Users of these options should migrate their options into the dedicated log configuration. ([\#5678](https://github.com/matrix-org/synapse/issues/5678), [\#5729](https://github.com/matrix-org/synapse/issues/5729))
- Remove non-functional 'expire_access_token' setting. ([\#5782](https://github.com/matrix-org/synapse/issues/5782))
-
-
-Internal Changes
----------------
-
- Make Jaeger fully configurable. ([\#5694](https://github.com/matrix-org/synapse/issues/5694))
- Add precautionary measures to prevent future abuse of `window.opener` in default welcome page. ([\#5695](https://github.com/matrix-org/synapse/issues/5695))
- Reduce database IO usage by optimising queries for current membership. ([\#5706](https://github.com/matrix-org/synapse/issues/5706), [\#5738](https://github.com/matrix-org/synapse/issues/5738), [\#5746](https://github.com/matrix-org/synapse/issues/5746), [\#5752](https://github.com/matrix-org/synapse/issues/5752), [\#5770](https://github.com/matrix-org/synapse/issues/5770), [\#5774](https://github.com/matrix-org/synapse/issues/5774), [\#5792](https://github.com/matrix-org/synapse/issues/5792), [\#5793](https://github.com/matrix-org/synapse/issues/5793))
- Improve caching when fetching `get_filtered_current_state_ids`. ([\#5713](https://github.com/matrix-org/synapse/issues/5713))
- Don't accept opentracing data from clients. ([\#5715](https://github.com/matrix-org/synapse/issues/5715))
- Speed up PostgreSQL unit tests in CI. ([\#5717](https://github.com/matrix-org/synapse/issues/5717))
- Update the coding style document. ([\#5719](https://github.com/matrix-org/synapse/issues/5719))
- Improve database query performance when recording retry intervals for remote hosts. ([\#5720](https://github.com/matrix-org/synapse/issues/5720))
- Add a set of opentracing utils. ([\#5722](https://github.com/matrix-org/synapse/issues/5722))
- Cache result of get_version_string to reduce overhead of `/version` federation requests. ([\#5730](https://github.com/matrix-org/synapse/issues/5730))
- Return 'user_type' in admin API user endpoints results. ([\#5731](https://github.com/matrix-org/synapse/issues/5731))
- Don't package the sytest test blacklist file. ([\#5733](https://github.com/matrix-org/synapse/issues/5733))
- Replace uses of returnValue with plain return, as returnValue is not needed on Python 3. ([\#5736](https://github.com/matrix-org/synapse/issues/5736))
- Blacklist some flakey tests in worker mode. ([\#5740](https://github.com/matrix-org/synapse/issues/5740))
- Fix some error cases in the caching layer. ([\#5749](https://github.com/matrix-org/synapse/issues/5749))
- Add a prometheus metric for pending cache lookups. ([\#5750](https://github.com/matrix-org/synapse/issues/5750))
- Stop trying to fetch events with event_id=None. ([\#5753](https://github.com/matrix-org/synapse/issues/5753))
- Convert RedactionTestCase to modern test style. ([\#5768](https://github.com/matrix-org/synapse/issues/5768))
- Allow looping calls to be given arguments. ([\#5780](https://github.com/matrix-org/synapse/issues/5780))
- Set the logs emitted when checking typing and presence timeouts to DEBUG level, not INFO. ([\#5785](https://github.com/matrix-org/synapse/issues/5785))
- Remove DelayedCall debugging from the test suite, as it is no longer required in the vast majority of Synapse's tests. ([\#5787](https://github.com/matrix-org/synapse/issues/5787))
- Remove some spurious exceptions from the logs where we failed to talk to a remote server. ([\#5790](https://github.com/matrix-org/synapse/issues/5790))
- Improve performance when making `.well-known` requests by sharing the SSL options between requests. ([\#5794](https://github.com/matrix-org/synapse/issues/5794))
- Disable codecov GitHub comments on PRs. ([\#5796](https://github.com/matrix-org/synapse/issues/5796))
- Don't allow clients to send tombstone events that reference the room it's sent in. ([\#5801](https://github.com/matrix-org/synapse/issues/5801))
- Deny redactions of events sent in a different room. ([\#5802](https://github.com/matrix-org/synapse/issues/5802))
- Deny sending well known state types as non-state events. ([\#5805](https://github.com/matrix-org/synapse/issues/5805))
- Handle incorrectly encoded query params correctly by returning a 400. ([\#5808](https://github.com/matrix-org/synapse/issues/5808))
- Handle pusher being deleted during processing rather than logging an exception. ([\#5809](https://github.com/matrix-org/synapse/issues/5809))
- Return 502 not 500 when failing to reach any remote server. ([\#5810](https://github.com/matrix-org/synapse/issues/5810))
- Reduce global pauses in the events stream caused by expensive state resolution during persistence. ([\#5826](https://github.com/matrix-org/synapse/issues/5826))
- Add a lower bound to well-known lookup cache time to avoid repeated lookups. ([\#5836](https://github.com/matrix-org/synapse/issues/5836))
- Whitelist history visbility sytests in worker mode tests. ([\#5843](https://github.com/matrix-org/synapse/issues/5843))
-
-
-Synapse 1.2.1 (2019-07-26)
-==========================
-
-Security update
---------------
-
-This release includes *four* security fixes:
-
- Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. ([\#5767](https://github.com/matrix-org/synapse/issues/5767))
- Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Thanks to `@lrizika:matrix.org` for identifying and responsibly disclosing this issue. ([0f2ecb961](https://github.com/matrix-org/synapse/commit/0f2ecb961))
- Prevent an attack where users could be joined or parted from public rooms without their consent. Thanks to @dylangerdaly for identifying and responsibly disclosing this issue. ([\#5744](https://github.com/matrix-org/synapse/issues/5744))
- Fix a vulnerability where a federated server could spoof read-receipts from
-  users on other servers. Thanks to @dylangerdaly for identifying this issue too. ([\#5743](https://github.com/matrix-org/synapse/issues/5743))
-
-Additionally, the following fix was in Synapse **1.2.0**, but was not correctly
-identified during the original release:
-
- It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](https://github.com/matrix-org/synapse/issues/5701))
-
-Synapse 1.2.0 (2019-07-25)
-==========================
-
-No significant changes.
-
-
-Synapse 1.2.0rc2 (2019-07-24)
-=============================
-
-Bugfixes
--------
-
- Fix a regression introduced in v1.2.0rc1 which led to incorrect labels on some prometheus metrics. ([\#5734](https://github.com/matrix-org/synapse/issues/5734))
-
-
-Synapse 1.2.0rc1 (2019-07-22)
-=============================
-
-Security fixes
--------------
-
-This update included a security fix which was initially incorrectly flagged as
-a regular bug fix.
-
- It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](https://github.com/matrix-org/synapse/issues/5701))
-
-Features
--------
-
- Add support for opentracing. ([\#5544](https://github.com/matrix-org/synapse/issues/5544), [\#5712](https://github.com/matrix-org/synapse/issues/5712))
- Add ability to pull all locally stored events out of synapse that a particular user can see. ([\#5589](https://github.com/matrix-org/synapse/issues/5589))
- Add a basic admin command app to allow server operators to run Synapse admin commands separately from the main production instance. ([\#5597](https://github.com/matrix-org/synapse/issues/5597))
- Add `sender` and `origin_server_ts` fields to `m.replace`. ([\#5613](https://github.com/matrix-org/synapse/issues/5613))
- Add default push rule to ignore reactions. ([\#5623](https://github.com/matrix-org/synapse/issues/5623))
- Include the original event when asking for its relations. ([\#5626](https://github.com/matrix-org/synapse/issues/5626))
- Implement `session_lifetime` configuration option, after which access tokens will expire. ([\#5660](https://github.com/matrix-org/synapse/issues/5660))
- Return "This account has been deactivated" when a deactivated user tries to login. ([\#5674](https://github.com/matrix-org/synapse/issues/5674))
- Enable aggregations support by default ([\#5714](https://github.com/matrix-org/synapse/issues/5714))
-
-
-Bugfixes
--------
-
- Fix 'utime went backwards' errors on daemonization. ([\#5609](https://github.com/matrix-org/synapse/issues/5609))
- Various minor fixes to the federation request rate limiter. ([\#5621](https://github.com/matrix-org/synapse/issues/5621))
- Forbid viewing relations on an event once it has been redacted. ([\#5629](https://github.com/matrix-org/synapse/issues/5629))
- Fix requests to the `/store_invite` endpoint of identity servers being sent in the wrong format. ([\#5638](https://github.com/matrix-org/synapse/issues/5638))
- Fix newly-registered users not being able to lookup their own profile without joining a room. ([\#5644](https://github.com/matrix-org/synapse/issues/5644))
- Fix bug in #5626 that prevented the original_event field from actually having the contents of the original event in a call to `/relations`. ([\#5654](https://github.com/matrix-org/synapse/issues/5654))
- Fix 3PID bind requests being sent to identity servers as `application/x-form-www-urlencoded` data, which is deprecated. ([\#5658](https://github.com/matrix-org/synapse/issues/5658))
- Fix some problems with authenticating redactions in recent room versions. ([\#5699](https://github.com/matrix-org/synapse/issues/5699), [\#5700](https://github.com/matrix-org/synapse/issues/5700), [\#5707](https://github.com/matrix-org/synapse/issues/5707))
-
-
-Updates to the Docker image
---------------------------
-
- Base Docker image on a newer Alpine Linux version (3.8 -> 3.10). ([\#5619](https://github.com/matrix-org/synapse/issues/5619))
- Add missing space in default logging file format generated by the Docker image. ([\#5620](https://github.com/matrix-org/synapse/issues/5620))
-
-
-Improved Documentation
----------------------
-
- Add information about nginx normalisation to reverse_proxy.rst. Contributed by @skalarproduktraum - thanks! ([\#5397](https://github.com/matrix-org/synapse/issues/5397))
- --no-pep517 should be --no-use-pep517 in the documentation to setup the development environment. ([\#5651](https://github.com/matrix-org/synapse/issues/5651))
- Improvements to Postgres setup instructions. Contributed by @Lrizika - thanks! ([\#5661](https://github.com/matrix-org/synapse/issues/5661))
- Minor tweaks to postgres documentation. ([\#5675](https://github.com/matrix-org/synapse/issues/5675))
-
-
-Deprecations and Removals
-------------------------
-
- Remove support for the `invite_3pid_guest` configuration setting. ([\#5625](https://github.com/matrix-org/synapse/issues/5625))
-
-
-Internal Changes
----------------
-
- Move logging code out of `synapse.util` and into `synapse.logging`. ([\#5606](https://github.com/matrix-org/synapse/issues/5606), [\#5617](https://github.com/matrix-org/synapse/issues/5617))
- Add a blacklist file to the repo to blacklist certain sytests from failing CI. ([\#5611](https://github.com/matrix-org/synapse/issues/5611))
- Make runtime errors surrounding password reset emails much clearer. ([\#5616](https://github.com/matrix-org/synapse/issues/5616))
- Remove dead code for persiting outgoing federation transactions. ([\#5622](https://github.com/matrix-org/synapse/issues/5622))
- Add `lint.sh` to the scripts-dev folder which will run all linting steps required by CI. ([\#5627](https://github.com/matrix-org/synapse/issues/5627))
- Move RegistrationHandler.get_or_create_user to test code. ([\#5628](https://github.com/matrix-org/synapse/issues/5628))
- Add some more common python virtual-environment paths to the black exclusion list. ([\#5630](https://github.com/matrix-org/synapse/issues/5630))
- Some counter metrics exposed over Prometheus have been renamed, with the old names preserved for backwards compatibility and deprecated. See `docs/metrics-howto.rst` for details. ([\#5636](https://github.com/matrix-org/synapse/issues/5636))
- Unblacklist some user_directory sytests. ([\#5637](https://github.com/matrix-org/synapse/issues/5637))
- Factor out some redundant code in the login implementation. ([\#5639](https://github.com/matrix-org/synapse/issues/5639))
- Update ModuleApi to avoid register(generate_token=True). ([\#5640](https://github.com/matrix-org/synapse/issues/5640))
- Remove access-token support from `RegistrationHandler.register`, and rename it. ([\#5641](https://github.com/matrix-org/synapse/issues/5641))
- Remove access-token support from `RegistrationStore.register`, and rename it. ([\#5642](https://github.com/matrix-org/synapse/issues/5642))
- Improve logging for auto-join when a new user is created. ([\#5643](https://github.com/matrix-org/synapse/issues/5643))
- Remove unused and unnecessary check for FederationDeniedError in _exception_to_failure. ([\#5645](https://github.com/matrix-org/synapse/issues/5645))
- Fix a small typo in a code comment. ([\#5655](https://github.com/matrix-org/synapse/issues/5655))
- Clean up exception handling around client access tokens. ([\#5656](https://github.com/matrix-org/synapse/issues/5656))
- Add a mechanism for per-test homeserver configuration in the unit tests. ([\#5657](https://github.com/matrix-org/synapse/issues/5657))
- Inline issue_access_token. ([\#5659](https://github.com/matrix-org/synapse/issues/5659))
- Update the sytest BuildKite configuration to checkout Synapse in `/src`. ([\#5664](https://github.com/matrix-org/synapse/issues/5664))
- Add a `docker` type to the towncrier configuration. ([\#5673](https://github.com/matrix-org/synapse/issues/5673))
- Convert `synapse.federation.transport.server` to `async`. Might improve some stack traces. ([\#5689](https://github.com/matrix-org/synapse/issues/5689))
- Documentation for opentracing. ([\#5703](https://github.com/matrix-org/synapse/issues/5703))
-
-
-Synapse 1.1.0 (2019-07-04)
-==========================
-
-As of v1.1.0, Synapse no longer supports Python 2, nor Postgres version 9.4.
-See the [upgrade notes](UPGRADE.rst#upgrading-to-v110) for more details.
-
-This release also deprecates the use of environment variables to configure the
-docker image. See the [docker README](https://github.com/matrix-org/synapse/blob/release-v1.1.0/docker/README.md#legacy-dynamic-configuration-file-support)
-for more details.
-
-No changes since 1.1.0rc2.
-
-
-Synapse 1.1.0rc2 (2019-07-03)
-=============================
-
-Bugfixes
--------
-
- Fix regression in 1.1rc1 where OPTIONS requests to the media repo would fail. ([\#5593](https://github.com/matrix-org/synapse/issues/5593))
- Removed the `SYNAPSE_SMTP_*` docker container environment variables. Using these environment variables prevented the docker container from starting in Synapse v1.0, even though they didn't actually allow any functionality anyway. ([\#5596](https://github.com/matrix-org/synapse/issues/5596))
- Fix a number of "Starting txn from sentinel context" warnings. ([\#5605](https://github.com/matrix-org/synapse/issues/5605))
-
-
-Internal Changes
----------------
-
- Update github templates. ([\#5552](https://github.com/matrix-org/synapse/issues/5552))
-
-
-Synapse 1.1.0rc1 (2019-07-02)
-=============================
-
-As of v1.1.0, Synapse no longer supports Python 2, nor Postgres version 9.4.
-See the [upgrade notes](UPGRADE.rst#upgrading-to-v110) for more details.
-
-Features
--------
-
- Added possibilty to disable local password authentication. Contributed by Daniel Hoffend. ([\#5092](https://github.com/matrix-org/synapse/issues/5092))
- Add monthly active users to phonehome stats. ([\#5252](https://github.com/matrix-org/synapse/issues/5252))
- Allow expired user to trigger renewal email sending manually. ([\#5363](https://github.com/matrix-org/synapse/issues/5363))
- Statistics on forward extremities per room are now exposed via Prometheus. ([\#5384](https://github.com/matrix-org/synapse/issues/5384), [\#5458](https://github.com/matrix-org/synapse/issues/5458), [\#5461](https://github.com/matrix-org/synapse/issues/5461))
- Add --no-daemonize option to run synapse in the foreground, per issue #4130. Contributed by Soham Gumaste. ([\#5412](https://github.com/matrix-org/synapse/issues/5412), [\#5587](https://github.com/matrix-org/synapse/issues/5587))
- Fully support SAML2 authentication. Contributed by [Alexander Trost](https://github.com/galexrt) - thank you! ([\#5422](https://github.com/matrix-org/synapse/issues/5422))
- Allow server admins to define implementations of extra rules for allowing or denying incoming events. ([\#5440](https://github.com/matrix-org/synapse/issues/5440), [\#5474](https://github.com/matrix-org/synapse/issues/5474), [\#5477](https://github.com/matrix-org/synapse/issues/5477))
- Add support for handling pagination APIs on client reader worker. ([\#5505](https://github.com/matrix-org/synapse/issues/5505), [\#5513](https://github.com/matrix-org/synapse/issues/5513), [\#5531](https://github.com/matrix-org/synapse/issues/5531))
- Improve help and cmdline option names for --generate-config options. ([\#5512](https://github.com/matrix-org/synapse/issues/5512))
- Allow configuration of the path used for ACME account keys. ([\#5516](https://github.com/matrix-org/synapse/issues/5516), [\#5521](https://github.com/matrix-org/synapse/issues/5521), [\#5522](https://github.com/matrix-org/synapse/issues/5522))
- Add --data-dir and --open-private-ports options. ([\#5524](https://github.com/matrix-org/synapse/issues/5524))
- Split public rooms directory auth config in two settings, in order to manage client auth independently from the federation part of it. Obsoletes the "restrict_public_rooms_to_local_users" configuration setting. If "restrict_public_rooms_to_local_users" is set in the config, Synapse will act as if both new options are enabled, i.e. require authentication through the client API and deny federation requests. ([\#5534](https://github.com/matrix-org/synapse/issues/5534))
- The minimum TLS version used for outgoing federation requests can now be set with `federation_client_minimum_tls_version`. ([\#5550](https://github.com/matrix-org/synapse/issues/5550))
- Optimise devices changed query to not pull unnecessary rows from the database, reducing database load. ([\#5559](https://github.com/matrix-org/synapse/issues/5559))
- Add new metrics for number of forward extremities being persisted and number of state groups involved in resolution. ([\#5476](https://github.com/matrix-org/synapse/issues/5476))
-
-Bugfixes
--------
-
- Fix bug processing incoming events over federation if call to `/get_missing_events` fails. ([\#5042](https://github.com/matrix-org/synapse/issues/5042))
- Prevent more than one room upgrade happening simultaneously on the same room. ([\#5051](https://github.com/matrix-org/synapse/issues/5051))
- Fix a bug where running synapse_port_db would cause the account validity feature to fail because it didn't set the type of the email_sent column to boolean. ([\#5325](https://github.com/matrix-org/synapse/issues/5325))
- Warn about disabling email-based password resets when a reset occurs, and remove warning when someone attempts a phone-based reset. ([\#5387](https://github.com/matrix-org/synapse/issues/5387))
- Fix email notifications for unnamed rooms with multiple people. ([\#5388](https://github.com/matrix-org/synapse/issues/5388))
- Fix exceptions in federation reader worker caused by attempting to renew attestations, which should only happen on master worker. ([\#5389](https://github.com/matrix-org/synapse/issues/5389))
- Fix handling of failures fetching remote content to not log failures as exceptions. ([\#5390](https://github.com/matrix-org/synapse/issues/5390))
- Fix a bug where deactivated users could receive renewal emails if the account validity feature is on. ([\#5394](https://github.com/matrix-org/synapse/issues/5394))
- Fix missing invite state after exchanging 3PID invites over federaton. ([\#5464](https://github.com/matrix-org/synapse/issues/5464))
- Fix intermittent exceptions on Apple hardware. Also fix bug that caused database activity times to be under-reported in log lines. ([\#5498](https://github.com/matrix-org/synapse/issues/5498))
- Fix logging error when a tampered event is detected. ([\#5500](https://github.com/matrix-org/synapse/issues/5500))
- Fix bug where clients could tight loop calling `/sync` for a period. ([\#5507](https://github.com/matrix-org/synapse/issues/5507))
- Fix bug with `jinja2` preventing Synapse from starting. Users who had this problem should now simply need to run `pip install matrix-synapse`. ([\#5514](https://github.com/matrix-org/synapse/issues/5514))
- Fix a regression where homeservers on private IP addresses were incorrectly blacklisted. ([\#5523](https://github.com/matrix-org/synapse/issues/5523))
- Fixed m.login.jwt using unregistred user_id and added pyjwt>=1.6.4 as jwt conditional dependencies. Contributed by Pau Rodriguez-Estivill. ([\#5555](https://github.com/matrix-org/synapse/issues/5555), [\#5586](https://github.com/matrix-org/synapse/issues/5586))
- Fix a bug that would cause invited users to receive several emails for a single 3PID invite in case the inviter is rate limited. ([\#5576](https://github.com/matrix-org/synapse/issues/5576))
-
-
-Updates to the Docker image
---------------------------
- Add ability to change Docker containers [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) with the `TZ` variable. ([\#5383](https://github.com/matrix-org/synapse/issues/5383))
- Update docker image to use Python 3.7. ([\#5546](https://github.com/matrix-org/synapse/issues/5546))
- Deprecate the use of environment variables for configuration, and make the use of a static configuration the default. ([\#5561](https://github.com/matrix-org/synapse/issues/5561), [\#5562](https://github.com/matrix-org/synapse/issues/5562), [\#5566](https://github.com/matrix-org/synapse/issues/5566), [\#5567](https://github.com/matrix-org/synapse/issues/5567))
- Increase default log level for docker image to INFO. It can still be changed by editing the generated log.config file. ([\#5547](https://github.com/matrix-org/synapse/issues/5547))
- Send synapse logs to the docker logging system, by default. ([\#5565](https://github.com/matrix-org/synapse/issues/5565))
- Open the non-TLS port by default. ([\#5568](https://github.com/matrix-org/synapse/issues/5568))
- Fix failure to start under docker with SAML support enabled. ([\#5490](https://github.com/matrix-org/synapse/issues/5490))
- Use a sensible location for data files when generating a config file. ([\#5563](https://github.com/matrix-org/synapse/issues/5563))
-
-
-Deprecations and Removals
-------------------------
-
- Python 2.7 is no longer a supported platform. Synapse now requires Python 3.5+ to run. ([\#5425](https://github.com/matrix-org/synapse/issues/5425))
- PostgreSQL 9.4 is no longer supported. Synapse requires Postgres 9.5+ or above for Postgres support. ([\#5448](https://github.com/matrix-org/synapse/issues/5448))
- Remove support for cpu_affinity setting. ([\#5525](https://github.com/matrix-org/synapse/issues/5525))
-
-
-Improved Documentation
----------------------
- Improve README section on performance troubleshooting. ([\#4276](https://github.com/matrix-org/synapse/issues/4276))
- Add information about how to install and run `black` on the codebase to code_style.rst. ([\#5537](https://github.com/matrix-org/synapse/issues/5537))
- Improve install docs on choosing server_name. ([\#5558](https://github.com/matrix-org/synapse/issues/5558))
-
-
-Internal Changes
----------------
-
- Add logging to 3pid invite signature verification. ([\#5015](https://github.com/matrix-org/synapse/issues/5015))
- Update example haproxy config to a more compatible setup. ([\#5313](https://github.com/matrix-org/synapse/issues/5313))
- Track deactivated accounts in the database. ([\#5378](https://github.com/matrix-org/synapse/issues/5378), [\#5465](https://github.com/matrix-org/synapse/issues/5465), [\#5493](https://github.com/matrix-org/synapse/issues/5493))
- Clean up code for sending federation EDUs. ([\#5381](https://github.com/matrix-org/synapse/issues/5381))
- Add a sponsor button to the repo. ([\#5382](https://github.com/matrix-org/synapse/issues/5382), [\#5386](https://github.com/matrix-org/synapse/issues/5386))
- Don't log non-200 responses from federation queries as exceptions. ([\#5383](https://github.com/matrix-org/synapse/issues/5383))
- Update Python syntax in contrib/ to Python 3. ([\#5446](https://github.com/matrix-org/synapse/issues/5446))
- Update federation_client dev script to support `.well-known` and work with python3. ([\#5447](https://github.com/matrix-org/synapse/issues/5447))
- SyTest has been moved to Buildkite. ([\#5459](https://github.com/matrix-org/synapse/issues/5459))
- Demo script now uses python3. ([\#5460](https://github.com/matrix-org/synapse/issues/5460))
- Synapse can now handle RestServlets that return coroutines. ([\#5475](https://github.com/matrix-org/synapse/issues/5475), [\#5585](https://github.com/matrix-org/synapse/issues/5585))
- The demo servers talk to each other again. ([\#5478](https://github.com/matrix-org/synapse/issues/5478))
- Add an EXPERIMENTAL config option to try and periodically clean up extremities by sending dummy events. ([\#5480](https://github.com/matrix-org/synapse/issues/5480))
- Synapse's codebase is now formatted by `black`. ([\#5482](https://github.com/matrix-org/synapse/issues/5482))
- Some cleanups and sanity-checking in the CPU and database metrics. ([\#5499](https://github.com/matrix-org/synapse/issues/5499))
- Improve email notification logging. ([\#5502](https://github.com/matrix-org/synapse/issues/5502))
- Fix "Unexpected entry in 'full_schemas'" log warning. ([\#5509](https://github.com/matrix-org/synapse/issues/5509))
- Improve logging when generating config files. ([\#5510](https://github.com/matrix-org/synapse/issues/5510))
- Refactor and clean up Config parser for maintainability. ([\#5511](https://github.com/matrix-org/synapse/issues/5511))
- Make the config clearer in that email.template_dir is relative to the Synapse's root directory, not the `synapse/` folder within it. ([\#5543](https://github.com/matrix-org/synapse/issues/5543))
- Update v1.0.0 release changelog to include more information about changes to password resets. ([\#5545](https://github.com/matrix-org/synapse/issues/5545))
- Remove non-functioning check_event_hash.py dev script. ([\#5548](https://github.com/matrix-org/synapse/issues/5548))
- Synapse will now only allow TLS v1.2 connections when serving federation, if it terminates TLS. As Synapse's allowed ciphers were only able to be used in TLSv1.2 before, this does not change behaviour. ([\#5550](https://github.com/matrix-org/synapse/issues/5550))
- Logging when running GC collection on generation 0 is now at the DEBUG level, not INFO. ([\#5557](https://github.com/matrix-org/synapse/issues/5557))
- Reduce the amount of stuff we send in the docker context. ([\#5564](https://github.com/matrix-org/synapse/issues/5564))
- Point the reverse links in the Purge History contrib scripts at the intended location. ([\#5570](https://github.com/matrix-org/synapse/issues/5570))
-
-
-Synapse 1.0.0 (2019-06-11)
-==========================
-
-Bugfixes
--------
-
- Fix bug where attempting to send transactions with large number of EDUs can fail. ([\#5418](https://github.com/matrix-org/synapse/issues/5418))
-
-
-Improved Documentation
----------------------
-
- Expand the federation guide to include relevant content from the MSC1711 FAQ ([\#5419](https://github.com/matrix-org/synapse/issues/5419))
-
-
-Internal Changes
----------------
-
- Move password reset links to /_matrix/client/unstable namespace. ([\#5424](https://github.com/matrix-org/synapse/issues/5424))
-
-
-Synapse 1.0.0rc3 (2019-06-10)
-=============================
-
-Security: Fix authentication bug introduced in 1.0.0rc1. Please upgrade to rc3 immediately
-
-
-Synapse 1.0.0rc2 (2019-06-10)
-=============================
-
-Bugfixes
--------
-
- Remove redundant warning about key server response validation. ([\#5392](https://github.com/matrix-org/synapse/issues/5392))
- Fix bug where old keys stored in the database with a null valid until timestamp caused all verification requests for that key to fail. ([\#5415](https://github.com/matrix-org/synapse/issues/5415))
- Fix excessive memory using with default `federation_verify_certificates: true` configuration. ([\#5417](https://github.com/matrix-org/synapse/issues/5417))
-
-
-Synapse 1.0.0rc1 (2019-06-07)
-=============================
-
-Features
--------
-
- Synapse now more efficiently collates room statistics. ([\#4338](https://github.com/matrix-org/synapse/issues/4338), [\#5260](https://github.com/matrix-org/synapse/issues/5260), [\#5324](https://github.com/matrix-org/synapse/issues/5324))
- Add experimental support for relations (aka reactions and edits). ([\#5220](https://github.com/matrix-org/synapse/issues/5220))
- Ability to configure default room version. ([\#5223](https://github.com/matrix-org/synapse/issues/5223), [\#5249](https://github.com/matrix-org/synapse/issues/5249))
- Allow configuring a range for the account validity startup job. ([\#5276](https://github.com/matrix-org/synapse/issues/5276))
- CAS login will now hit the r0 API, not the deprecated v1 one. ([\#5286](https://github.com/matrix-org/synapse/issues/5286))
- Validate federation server TLS certificates by default (implements [MSC1711](https://github.com/matrix-org/matrix-doc/blob/master/proposals/1711-x509-for-federation.md)). ([\#5359](https://github.com/matrix-org/synapse/issues/5359))
- Update /_matrix/client/versions to reference support for r0.5.0. ([\#5360](https://github.com/matrix-org/synapse/issues/5360))
- Add a script to generate new signing-key files. ([\#5361](https://github.com/matrix-org/synapse/issues/5361))
- Update upgrade and installation guides ahead of 1.0. ([\#5371](https://github.com/matrix-org/synapse/issues/5371))
- Replace the `perspectives` configuration section with `trusted_key_servers`, and make validating the signatures on responses optional (since TLS will do this job for us). ([\#5374](https://github.com/matrix-org/synapse/issues/5374))
- Add ability to perform password reset via email without trusting the identity server. **As a result of this PR, password resets will now be disabled on the default configuration.**
-
-  Password reset emails are now sent from the homeserver by default, instead of the identity server. To enable this functionality, ensure `email` and `public_baseurl` config options are filled out.
-
-  If you would like to re-enable password resets being sent from the identity server (warning: this is dangerous! See [#5345](https://github.com/matrix-org/synapse/pull/5345)), set `email.trust_identity_server_for_password_resets` to true. ([\#5377](https://github.com/matrix-org/synapse/issues/5377))
- Set default room version to v4. ([\#5379](https://github.com/matrix-org/synapse/issues/5379))
-
-
-Bugfixes
--------
-
- Fixes client-server API not sending "m.heroes" to lazy-load /sync requests when a rooms name or its canonical alias are empty. Thanks to @dnaf for this work! ([\#5089](https://github.com/matrix-org/synapse/issues/5089))
- Prevent federation device list updates breaking when processing multiple updates at once. ([\#5156](https://github.com/matrix-org/synapse/issues/5156))
- Fix worker registration bug caused by ClientReaderSlavedStore being unable to see get_profileinfo. ([\#5200](https://github.com/matrix-org/synapse/issues/5200))
- Fix race when backfilling in rooms with worker mode. ([\#5221](https://github.com/matrix-org/synapse/issues/5221))
- Fix appservice timestamp massaging. ([\#5233](https://github.com/matrix-org/synapse/issues/5233))
- Ensure that server_keys fetched via a notary server are correctly signed. ([\#5251](https://github.com/matrix-org/synapse/issues/5251))
- Show the correct error when logging out and access token is missing. ([\#5256](https://github.com/matrix-org/synapse/issues/5256))
- Fix error code when there is an invalid parameter on /_matrix/client/r0/publicRooms ([\#5257](https://github.com/matrix-org/synapse/issues/5257))
- Fix error when downloading thumbnail with missing width/height parameter. ([\#5258](https://github.com/matrix-org/synapse/issues/5258))
- Fix schema update for account validity. ([\#5268](https://github.com/matrix-org/synapse/issues/5268))
- Fix bug where we leaked extremities when we soft failed events, leading to performance degradation. ([\#5274](https://github.com/matrix-org/synapse/issues/5274), [\#5278](https://github.com/matrix-org/synapse/issues/5278), [\#5291](https://github.com/matrix-org/synapse/issues/5291))
- Fix "db txn 'update_presence' from sentinel context" log messages. ([\#5275](https://github.com/matrix-org/synapse/issues/5275))
- Fix dropped logcontexts during high outbound traffic. ([\#5277](https://github.com/matrix-org/synapse/issues/5277))
- Fix a bug where it is not possible to get events in the federation format with the request `GET /_matrix/client/r0/rooms/{roomId}/messages`. ([\#5293](https://github.com/matrix-org/synapse/issues/5293))
- Fix performance problems with the rooms stats background update. ([\#5294](https://github.com/matrix-org/synapse/issues/5294))
- Fix noisy 'no key for server' logs. ([\#5300](https://github.com/matrix-org/synapse/issues/5300))
- Fix bug where a notary server would sometimes forget old keys. ([\#5307](https://github.com/matrix-org/synapse/issues/5307))
- Prevent users from setting huge displaynames and avatar URLs. ([\#5309](https://github.com/matrix-org/synapse/issues/5309))
- Fix handling of failures when processing incoming events where calling `/event_auth` on remote server fails. ([\#5317](https://github.com/matrix-org/synapse/issues/5317))
- Ensure that we have an up-to-date copy of the signing key when validating incoming federation requests. ([\#5321](https://github.com/matrix-org/synapse/issues/5321))
- Fix various problems which made the signing-key notary server time out for some requests. ([\#5333](https://github.com/matrix-org/synapse/issues/5333))
- Fix bug which would make certain operations (such as room joins) block for 20 minutes while attemoting to fetch verification keys. ([\#5334](https://github.com/matrix-org/synapse/issues/5334))
- Fix a bug where we could rapidly mark a server as unreachable even though it was only down for a few minutes. ([\#5335](https://github.com/matrix-org/synapse/issues/5335), [\#5340](https://github.com/matrix-org/synapse/issues/5340))
- Fix a bug where account validity renewal emails could only be sent when email notifs were enabled. ([\#5341](https://github.com/matrix-org/synapse/issues/5341))
- Fix failure when fetching batches of events during backfill, etc. ([\#5342](https://github.com/matrix-org/synapse/issues/5342))
- Add a new room version where the timestamps on events are checked against the validity periods on signing keys. ([\#5348](https://github.com/matrix-org/synapse/issues/5348), [\#5354](https://github.com/matrix-org/synapse/issues/5354))
- Fix room stats and presence background updates to correctly handle missing events. ([\#5352](https://github.com/matrix-org/synapse/issues/5352))
- Include left members in room summaries' heroes. ([\#5355](https://github.com/matrix-org/synapse/issues/5355))
- Fix `federation_custom_ca_list` configuration option. ([\#5362](https://github.com/matrix-org/synapse/issues/5362))
- Fix missing logcontext warnings on shutdown. ([\#5369](https://github.com/matrix-org/synapse/issues/5369))
-
-
-Improved Documentation
----------------------
-
- Fix docs on resetting the user directory. ([\#5282](https://github.com/matrix-org/synapse/issues/5282))
- Fix notes about ACME in the MSC1711 faq. ([\#5357](https://github.com/matrix-org/synapse/issues/5357))
-
-
-Internal Changes
----------------
-
- Synapse will now serve the experimental "room complexity" API endpoint. ([\#5216](https://github.com/matrix-org/synapse/issues/5216))
- The base classes for the v1 and v2_alpha REST APIs have been unified. ([\#5226](https://github.com/matrix-org/synapse/issues/5226), [\#5328](https://github.com/matrix-org/synapse/issues/5328))
- Simplifications and comments in do_auth. ([\#5227](https://github.com/matrix-org/synapse/issues/5227))
- Remove urllib3 pin as requests 2.22.0 has been released supporting urllib3 1.25.2. ([\#5230](https://github.com/matrix-org/synapse/issues/5230))
- Preparatory work for key-validity features. ([\#5232](https://github.com/matrix-org/synapse/issues/5232), [\#5234](https://github.com/matrix-org/synapse/issues/5234), [\#5235](https://github.com/matrix-org/synapse/issues/5235), [\#5236](https://github.com/matrix-org/synapse/issues/5236), [\#5237](https://github.com/matrix-org/synapse/issues/5237), [\#5244](https://github.com/matrix-org/synapse/issues/5244), [\#5250](https://github.com/matrix-org/synapse/issues/5250), [\#5296](https://github.com/matrix-org/synapse/issues/5296), [\#5299](https://github.com/matrix-org/synapse/issues/5299), [\#5343](https://github.com/matrix-org/synapse/issues/5343), [\#5347](https://github.com/matrix-org/synapse/issues/5347), [\#5356](https://github.com/matrix-org/synapse/issues/5356))
- Specify the type of reCAPTCHA key to use. ([\#5283](https://github.com/matrix-org/synapse/issues/5283))
- Improve sample config for monthly active user blocking. ([\#5284](https://github.com/matrix-org/synapse/issues/5284))
- Remove spurious debug from MatrixFederationHttpClient.get_json. ([\#5287](https://github.com/matrix-org/synapse/issues/5287))
- Improve logging for logcontext leaks. ([\#5288](https://github.com/matrix-org/synapse/issues/5288))
- Clarify that the admin change password API logs the user out. ([\#5303](https://github.com/matrix-org/synapse/issues/5303))
- New installs will now use the v54 full schema, rather than the full schema v14 and applying incremental updates to v54. ([\#5320](https://github.com/matrix-org/synapse/issues/5320))
- Improve docstrings on MatrixFederationClient. ([\#5332](https://github.com/matrix-org/synapse/issues/5332))
- Clean up FederationClient.get_events for clarity. ([\#5344](https://github.com/matrix-org/synapse/issues/5344))
- Various improvements to debug logging. ([\#5353](https://github.com/matrix-org/synapse/issues/5353))
- Don't run CI build checks until sample config check has passed. ([\#5370](https://github.com/matrix-org/synapse/issues/5370))
- Automatically retry buildkite builds (max twice) when an agent is lost. ([\#5380](https://github.com/matrix-org/synapse/issues/5380))
-
-
-Synapse 0.99.5.2 (2019-05-30)
-=============================
-
-Bugfixes
--------
-
- Fix bug where we leaked extremities when we soft failed events, leading to performance degradation. ([\#5274](https://github.com/matrix-org/synapse/issues/5274), [\#5278](https://github.com/matrix-org/synapse/issues/5278), [\#5291](https://github.com/matrix-org/synapse/issues/5291))
-
-
 Synapse 0.99.5.1 (2019-05-22)
 =============================

-0.99.5.1 supersedes 0.99.5 due to malformed debian changelog - no functional changes.
+No significant changes.
+

 Synapse 0.99.5 (2019-05-22)
 ===========================
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -30,19 +30,21 @@ use github's pull request workflow to review the contribution, and either ask
 you to make any refinements needed or merge it and make them ourselves. The
 changes will then land on master when we next do a release.

-We use `Buildkite <https://buildkite.com/matrix-dot-org/synapse>`_ for
-continuous integration.  Buildkite builds need to be authorised by a
-maintainer. If your change breaks the build, this will be shown in GitHub, so
-please keep an eye on the pull request for feedback.
+We use `CircleCI <https://circleci.com/gh/matrix-org>`_ and `Travis CI
+<https://travis-ci.org/matrix-org/synapse>`_ for continuous integration. All
+pull requests to synapse get automatically tested by Travis and CircleCI.
+If your change breaks the build, this will be shown in GitHub, so please
+keep an eye on the pull request for feedback.

 To run unit tests in a local development environment, you can use:

- ``tox -e py35`` (requires tox to be installed by ``pip install tox``)
-  for SQLite-backed Synapse on Python 3.5.
+- ``tox -e py27`` (requires tox to be installed by ``pip install tox``) for
+  SQLite-backed Synapse on Python 2.7.
+- ``tox -e py35`` for SQLite-backed Synapse on Python 3.5.
 - ``tox -e py36`` for SQLite-backed Synapse on Python 3.6.
- ``tox -e py36-postgres`` for PostgreSQL-backed Synapse on Python 3.6
+- ``tox -e py27-postgres`` for PostgreSQL-backed Synapse on Python 2.7
  (requires a running local PostgreSQL with access to create databases).
- ``./test_postgresql.sh`` for PostgreSQL-backed Synapse on Python 3.5
+- ``./test_postgresql.sh`` for PostgreSQL-backed Synapse on Python 2.7
  (requires Docker). Entirely self-contained, recommended if you don't want to
  set up PostgreSQL yourself.

@@ -69,21 +71,13 @@ All changes, even minor ones, need a corresponding changelog / newsfragment
 entry. These are managed by Towncrier
 (https://github.com/hawkowl/towncrier).

-To create a changelog entry, make a new file in the ``changelog.d`` file named
-in the format of ``PRnumber.type``. The type can be one of the following:
+To create a changelog entry, make a new file in the ``changelog.d``
+file named in the format of ``PRnumber.type``. The type can be
+one of ``feature``, ``bugfix``, ``removal`` (also used for
+deprecations), or ``misc`` (for internal-only changes).

-* ``feature``.
-* ``bugfix``.
-* ``docker`` (for updates to the Docker image).
-* ``doc`` (for updates to the documentation).
-* ``removal`` (also used for deprecations).
-* ``misc`` (for internal-only changes).
-
-The content of the file is your changelog entry, which should be a short
-description of your change in the same style as the rest of our `changelog
-<https://github.com/matrix-org/synapse/blob/master/CHANGES.md>`_. The file can
-contain Markdown formatting, and should end with a full stop ('.') for
-consistency.
+The content of the file is your changelog entry, which can contain Markdown
+formatting. The entry should end with a full stop ('.') for consistency.

 Adding credits to the changelog is encouraged, we value your
 contributions and would like to have you shouted out in the release notes!
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1,31 +1,13 @@
- [Choosing your server name](#choosing-your-server-name)
- [Installing Synapse](#installing-synapse)
-  - [Installing from source](#installing-from-source)
-    - [Platform-Specific Instructions](#platform-specific-instructions)
-    - [Troubleshooting Installation](#troubleshooting-installation)
-  - [Prebuilt packages](#prebuilt-packages)
- [Setting up Synapse](#setting-up-synapse)
-  - [TLS certificates](#tls-certificates)
-  - [Email](#email)
-  - [Registering a user](#registering-a-user)
-  - [Setting up a TURN server](#setting-up-a-turn-server)
-  - [URL previews](#url-previews)
-
-# Choosing your server name
-
-It is important to choose the name for your server before you install Synapse,
-because it cannot be changed later.
-
-The server name determines the "domain" part of user-ids for users on your
-server: these will all be of the format `@user:my.domain.name`. It also
-determines how other matrix servers will reach yours for federation.
-
-For a test configuration, set this to the hostname of your server. For a more
-production-ready setup, you will probably want to specify your domain
-(`example.com`) rather than a matrix-specific hostname here (in the same way
-that your email address is probably `user@example.com` rather than
-`user@email.example.com`) - but doing so may require more advanced setup: see
-[Setting up Federation](docs/federate.md).
+* [Installing Synapse](#installing-synapse)
+  * [Installing from source](#installing-from-source)
+    * [Platform-Specific Instructions](#platform-specific-instructions)
+    * [Troubleshooting Installation](#troubleshooting-installation)
+  * [Prebuilt packages](#prebuilt-packages)
+* [Setting up Synapse](#setting-up-synapse)
+  * [TLS certificates](#tls-certificates)
+  * [Registering a user](#registering-a-user)
+  * [Setting up a TURN server](#setting-up-a-turn-server)
+  * [URL previews](#url-previews)

 # Installing Synapse

@@ -81,7 +63,16 @@ python -m synapse.app.homeserver \
    --report-stats=[yes|no]
 ```

-... substituting an appropriate value for `--server-name`.
+... substituting an appropriate value for `--server-name`. The server name
+determines the "domain" part of user-ids for users on your server: these will
+all be of the format `@user:my.domain.name`. It also determines how other
+matrix servers will reach yours for Federation. For a test configuration,
+set this to the hostname of your server. For a more production-ready setup, you
+will probably want to specify your domain (`example.com`) rather than a
+matrix-specific hostname here (in the same way that your email address is
+probably `user@example.com` rather than `user@email.example.com`) - but
+doing so may require more advanced setup: see [Setting up Federation](docs/federate.md).
+Beware that the server name cannot be changed later.

 This command will generate you a config file that you can then customise, but it will
 also generate a set of keys for you. These keys will allow your Home Server to
@@ -94,6 +85,9 @@ different. See the
 [spec](https://matrix.org/docs/spec/server_server/latest.html#retrieving-server-keys)
 for more information on key management.)

+You will need to give Synapse a TLS certficate before it will start - see [TLS
+certificates](#tls-certificates).
+
 To actually run your new homeserver, pick a working directory for Synapse to
 run (e.g. `~/synapse`), and::

@@ -400,30 +394,17 @@ To configure Synapse to expose an HTTPS port, you will need to edit
  instance, if using certbot, use `fullchain.pem` as your certificate, not
  `cert.pem`).

-For a more detailed guide to configuring your server for federation, see
-[federate.md](docs/federate.md)
-
-
-## Email
-
-It is desirable for Synapse to have the capability to send email. For example,
-this is required to support the 'password reset' feature.
-
-To configure an SMTP server for Synapse, modify the configuration section
-headed ``email``, and be sure to have at least the ``smtp_host``, ``smtp_port``
-and ``notif_from`` fields filled out. You may also need to set ``smtp_user``,
-``smtp_pass``, and ``require_transport_security``.
-
-If Synapse is not configured with an SMTP server, password reset via email will
- be disabled by default.
+For those of you upgrading your TLS certificate in readiness for Synapse 1.0,
+please take a look at [our guide](docs/MSC1711_certificates_FAQ.md#configuring-certificates-for-compatibility-with-synapse-100).

 ## Registering a user

-The easiest way to create a new user is to do so from a client like [Riot](https://riot.im).
+You will need at least one user on your server in order to use a Matrix
+client. Users can be registered either via a Matrix client, or via a
+commandline script.

-Alternatively you can do so from the command line if you have installed via pip. 
-
-This can be done as follows:
+To get started, it is easiest to use the command line to register new
+users. This can be done as follows:

 ```
 $ source ~/synapse/env/bin/activate
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -9,19 +9,14 @@ include demo/*.py
 include demo/*.sh

 recursive-include synapse/storage/schema *.sql
-recursive-include synapse/storage/schema *.sql.postgres
-recursive-include synapse/storage/schema *.sql.sqlite
 recursive-include synapse/storage/schema *.py
-recursive-include synapse/storage/schema *.txt

 recursive-include docs *
 recursive-include scripts *
 recursive-include scripts-dev *
 recursive-include synapse *.pyi
+recursive-include tests *.pem
 recursive-include tests *.py
-include tests/http/ca.crt
-include tests/http/ca.key
-include tests/http/server.key

 recursive-include synapse/res *
 recursive-include synapse/static *.css
@@ -33,7 +28,6 @@ exclude Dockerfile
 exclude .dockerignore
 exclude test_postgresql.sh
 exclude .editorconfig
-exclude sytest-blacklist

 include pyproject.toml
 recursive-include changelog.d *
--- a/README.rst
+++ b/README.rst
@@ -272,7 +272,7 @@ to install using pip and a virtualenv::

    virtualenv -p python3 env
    source env/bin/activate
-    python -m pip install --no-use-pep517 -e .[all]
+    python -m pip install --no-pep-517 -e .[all]

 This will run a process of downloading and installing all the needed
 dependencies into a virtual env.
@@ -340,11 +340,8 @@ log lines and looking for any 'Processed request' lines which take more than
 a few seconds to execute. Please let us know at #synapse:matrix.org if
 you see this failure mode so we can help debug it, however.

-Help!! Synapse is slow and eats all my RAM/CPU!
-----------------------------------------------
-
-First, ensure you are running the latest version of Synapse, using Python 3
-with a PostgreSQL database.
+Help!! Synapse eats all my RAM!
+-------------------------------

 Synapse's architecture is quite RAM hungry currently - we deliberately
 cache a lot of recent room data and metadata in RAM in order to speed up
@@ -355,29 +352,14 @@ variable. The default is 0.5, which can be decreased to reduce RAM usage
 in memory constrained enviroments, or increased if performance starts to
 degrade.

-However, degraded performance due to a low cache factor, common on
-machines with slow disks, often leads to explosions in memory use due
-backlogged requests. In this case, reducing the cache factor will make
-things worse. Instead, try increasing it drastically. 2.0 is a good
-starting value.
-
 Using `libjemalloc <http://jemalloc.net/>`_ can also yield a significant
-improvement in overall memory use, and especially in terms of giving back
-RAM to the OS. To use it, the library must simply be put in the
-LD_PRELOAD environment variable when launching Synapse. On Debian, this
-can be done by installing the ``libjemalloc1`` package and adding this
-line to ``/etc/default/matrix-synapse``::
+improvement in overall amount, and especially in terms of giving back RAM
+to the OS. To use it, the library must simply be put in the LD_PRELOAD
+environment variable when launching Synapse. On Debian, this can be done
+by installing the ``libjemalloc1`` package and adding this line to
+``/etc/default/matrix-synapse``::

    LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1

 This can make a significant difference on Python 2.7 - it's unclear how
 much of an improvement it provides on Python 3.x.
-
-If you're encountering high CPU use by the Synapse process itself, you
-may be affected by a bug with presence tracking that leads to a
-massive excess of outgoing federation requests (see `discussion
-<https://github.com/matrix-org/synapse/issues/3971>`_). If metrics
-indicate that your server is also issuing far more outgoing federation
-requests than can be accounted for by your users' activity, this is a
-likely cause. The misbehavior can be worked around by setting
-``use_presence: false`` in the Synapse config file.
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -49,89 +49,6 @@ returned by the Client-Server API:
    # configured on port 443.
    curl -kv https://<host.name>/_matrix/client/versions 2>&1 | grep "Server:"

-Upgrading to v1.2.0
-===================
-
-Some counter metrics have been renamed, with the old names deprecated. See
-`the metrics documentation <docs/metrics-howto.rst#renaming-of-metrics--deprecation-of-old-names-in-12>`_
-for details.
-
-Upgrading to v1.1.0
-===================
-
-Synapse v1.1.0 removes support for older Python and PostgreSQL versions, as
-outlined in `our deprecation notice <https://matrix.org/blog/2019/04/08/synapse-deprecating-postgres-9-4-and-python-2-x>`_.
-
-Minimum Python Version
----------------------
-
-Synapse v1.1.0 has a minimum Python requirement of Python 3.5. Python 3.6 or
-Python 3.7 are recommended as they have improved internal string handling,
-significantly reducing memory usage.
-
-If you use current versions of the Matrix.org-distributed Debian packages or
-Docker images, action is not required.
-
-If you install Synapse in a Python virtual environment, please see "Upgrading to
-v0.34.0" for notes on setting up a new virtualenv under Python 3.
-
-Minimum PostgreSQL Version
--------------------------
-
-If using PostgreSQL under Synapse, you will need to use PostgreSQL 9.5 or above.
-Please see the
-`PostgreSQL documentation <https://www.postgresql.org/docs/11/upgrading.html>`_
-for more details on upgrading your database.
-
-Upgrading to v1.0
-=================
-
-Validation of TLS certificates
------------------------------
-
-Synapse v1.0 is the first release to enforce
-validation of TLS certificates for the federation API. It is therefore
-essential that your certificates are correctly configured. See the `FAQ
-<docs/MSC1711_certificates_FAQ.md>`_ for more information.
-
-Note, v1.0 installations will also no longer be able to federate with servers
-that have not correctly configured their certificates.
-
-In rare cases, it may be desirable to disable certificate checking: for
-example, it might be essential to be able to federate with a given legacy
-server in a closed federation. This can be done in one of two ways:-
-
-* Configure the global switch ``federation_verify_certificates`` to ``false``.
-* Configure a whitelist of server domains to trust via ``federation_certificate_verification_whitelist``.
-
-See the `sample configuration file <docs/sample_config.yaml>`_
-for more details on these settings.
-
-Email
-----
-When a user requests a password reset, Synapse will send an email to the
-user to confirm the request.
-
-Previous versions of Synapse delegated the job of sending this email to an
-identity server. If the identity server was somehow malicious or became
-compromised, it would be theoretically possible to hijack an account through
-this means.
-
-Therefore, by default, Synapse v1.0 will send the confirmation email itself. If
-Synapse is not configured with an SMTP server, password reset via email will be
-disabled.
-
-To configure an SMTP server for Synapse, modify the configuration section
-headed ``email``, and be sure to have at least the ``smtp_host``, ``smtp_port``
-and ``notif_from`` fields filled out. You may also need to set ``smtp_user``,
-``smtp_pass``, and ``require_transport_security``.
-
-If you are absolutely certain that you wish to continue using an identity
-server for password resets, set ``trust_identity_server_for_password_resets`` to ``true``.
-
-See the `sample configuration file <docs/sample_config.yaml>`_
-for more details on these settings.
-
 Upgrading to v0.99.0
 ====================

--- a/changelog.d/4338.feature
+++ b/changelog.d/4338.feature
@@ -0,0 +1 @@
+Synapse now more efficiently collates room statistics.
--- a/changelog.d/5200.bugfix
+++ b/changelog.d/5200.bugfix
@@ -0,0 +1 @@
+Fix worker registration bug caused by ClientReaderSlavedStore being unable to see get_profileinfo.
--- a/changelog.d/5230.misc
+++ b/changelog.d/5230.misc
@@ -0,0 +1 @@
+Remove urllib3 pin as requests 2.22.0 has been released supporting urllib3 1.25.2.
--- a/changelog.d/5232.misc
+++ b/changelog.d/5232.misc
@@ -0,0 +1 @@
+Run black on synapse.crypto.keyring.
--- a/changelog.d/5239.bugfix
+++ b/changelog.d/5239.bugfix
@@ -0,0 +1 @@
+Fix 500 Internal Server Error when sending an event with `m.relates_to: null`.
--- a/contrib/cmdclient/console.py
+++ b/contrib/cmdclient/console.py
@@ -15,7 +15,6 @@
 # limitations under the License.

 """ Starts a synapse client console. """
-from __future__ import print_function

 from twisted.internet import reactor, defer, threads
 from http import TwistedHttpClient
@@ -37,8 +36,9 @@ from signedjson.sign import verify_signed_json, SignatureVerifyException

 CONFIG_JSON = "cmdclient_config.json"

-TRUSTED_ID_SERVERS = ["localhost:8001"]
-
+TRUSTED_ID_SERVERS = [
+    'localhost:8001'
+]

 class SynapseCmd(cmd.Cmd):

@@ -58,7 +58,7 @@ class SynapseCmd(cmd.Cmd):
            "token": token,
            "verbose": "on",
            "complete_usernames": "on",
-            "send_delivery_receipts": "on",
+            "send_delivery_receipts": "on"
        }
        self.path_prefix = "/_matrix/client/api/v1"
        self.event_stream_token = "END"
@@ -109,7 +109,7 @@ class SynapseCmd(cmd.Cmd):
        by using $. E.g. 'config roomid room1' then 'raw get /rooms/$roomid'.
        """
        if len(line) == 0:
-            print(json.dumps(self.config, indent=4))
+            print json.dumps(self.config, indent=4)
            return

        try:
@@ -119,11 +119,12 @@ class SynapseCmd(cmd.Cmd):
            config_rules = [  # key, valid_values
                ("verbose", ["on", "off"]),
                ("complete_usernames", ["on", "off"]),
-                ("send_delivery_receipts", ["on", "off"]),
+                ("send_delivery_receipts", ["on", "off"])
            ]
            for key, valid_vals in config_rules:
                if key == args["key"] and args["val"] not in valid_vals:
-                    print("%s value must be one of %s" % (args["key"], valid_vals))
+                    print "%s value must be one of %s" % (args["key"],
+                                                          valid_vals)
                    return

            # toggle the http client verbosity
@@ -132,11 +133,11 @@ class SynapseCmd(cmd.Cmd):

            # assign the new config
            self.config[args["key"]] = args["val"]
-            print(json.dumps(self.config, indent=4))
+            print json.dumps(self.config, indent=4)

            save_config(self.config)
        except Exception as e:
-            print(e)
+            print e

    def do_register(self, line):
        """Registers for a new account: "register <userid> <noupdate>"
@@ -152,32 +153,33 @@ class SynapseCmd(cmd.Cmd):
            pwd = getpass.getpass("Type a password for this user: ")
            pwd2 = getpass.getpass("Retype the password: ")
            if pwd != pwd2 or len(pwd) == 0:
-                print("Password mismatch.")
+                print "Password mismatch."
                pwd = None
            else:
                password = pwd

-        body = {"type": "m.login.password"}
+        body = {
+            "type": "m.login.password"
+        }
        if "userid" in args:
            body["user"] = args["userid"]
        if password:
            body["password"] = password

-        reactor.callFromThread(self._do_register, body, "noupdate" not in args)
+        reactor.callFromThread(self._do_register, body,
+                               "noupdate" not in args)

    @defer.inlineCallbacks
    def _do_register(self, data, update_config):
        # check the registration flows
        url = self._url() + "/register"
        json_res = yield self.http_client.do_request("GET", url)
-        print(json.dumps(json_res, indent=4))
+        print json.dumps(json_res, indent=4)

        passwordFlow = None
        for flow in json_res["flows"]:
-            if flow["type"] == "m.login.recaptcha" or (
-                "stages" in flow and "m.login.recaptcha" in flow["stages"]
-            ):
-                print("Unable to register: Home server requires captcha.")
+            if flow["type"] == "m.login.recaptcha" or ("stages" in flow and "m.login.recaptcha" in flow["stages"]):
+                print "Unable to register: Home server requires captcha."
                return
            if flow["type"] == "m.login.password" and "stages" not in flow:
                passwordFlow = flow
@@ -187,7 +189,7 @@ class SynapseCmd(cmd.Cmd):
            return

        json_res = yield self.http_client.do_request("POST", url, data=data)
-        print(json.dumps(json_res, indent=4))
+        print json.dumps(json_res, indent=4)
        if update_config and "user_id" in json_res:
            self.config["user"] = json_res["user_id"]
            self.config["token"] = json_res["access_token"]
@@ -199,7 +201,9 @@ class SynapseCmd(cmd.Cmd):
        """
        try:
            args = self._parse(line, ["user_id"], force_keys=True)
-            can_login = threads.blockingCallFromThread(reactor, self._check_can_login)
+            can_login = threads.blockingCallFromThread(
+                reactor,
+                self._check_can_login)
            if can_login:
                p = getpass.getpass("Enter your password: ")
                user = args["user_id"]
@@ -207,25 +211,29 @@ class SynapseCmd(cmd.Cmd):
                    domain = self._domain()
                    if domain:
                        user = "@" + user + ":" + domain
-
+                
                reactor.callFromThread(self._do_login, user, p)
-                # print " got %s " % p
+                #print " got %s " % p
        except Exception as e:
-            print(e)
+            print e

    @defer.inlineCallbacks
    def _do_login(self, user, password):
        path = "/login"
-        data = {"user": user, "password": password, "type": "m.login.password"}
+        data = {
+            "user": user,
+            "password": password,
+            "type": "m.login.password"
+        }
        url = self._url() + path
        json_res = yield self.http_client.do_request("POST", url, data=data)
-        print(json_res)
+        print json_res

        if "access_token" in json_res:
            self.config["user"] = user
            self.config["token"] = json_res["access_token"]
            save_config(self.config)
-            print("Login successful.")
+            print "Login successful."

    @defer.inlineCallbacks
    def _check_can_login(self):
@@ -234,19 +242,18 @@ class SynapseCmd(cmd.Cmd):
        # submitting!
        url = self._url() + path
        json_res = yield self.http_client.do_request("GET", url)
-        print(json_res)
+        print json_res

        if "flows" not in json_res:
-            print("Failed to find any login flows.")
+            print "Failed to find any login flows."
            defer.returnValue(False)

-        flow = json_res["flows"][0]  # assume first is the one we want.
-        if "type" not in flow or "m.login.password" != flow["type"] or "stages" in flow:
+        flow = json_res["flows"][0] # assume first is the one we want.
+        if ("type" not in flow or "m.login.password" != flow["type"] or
+                "stages" in flow):
            fallback_url = self._url() + "/login/fallback"
-            print(
-                "Unable to login via the command line client. Please visit "
-                "%s to login." % fallback_url
-            )
+            print ("Unable to login via the command line client. Please visit "
+                "%s to login." % fallback_url)
            defer.returnValue(False)
        defer.returnValue(True)

@@ -256,33 +263,21 @@ class SynapseCmd(cmd.Cmd):
        <clientSecret> A string of characters generated when requesting an email that you'll supply in subsequent calls to identify yourself
        <sendAttempt> The number of times the user has requested an email. Leave this the same between requests to retry the request at the transport level. Increment it to request that the email be sent again.
        """
-        args = self._parse(line, ["address", "clientSecret", "sendAttempt"])
+        args = self._parse(line, ['address', 'clientSecret', 'sendAttempt'])

-        postArgs = {
-            "email": args["address"],
-            "clientSecret": args["clientSecret"],
-            "sendAttempt": args["sendAttempt"],
-        }
+        postArgs = {'email': args['address'], 'clientSecret': args['clientSecret'], 'sendAttempt': args['sendAttempt']}

        reactor.callFromThread(self._do_emailrequest, postArgs)

    @defer.inlineCallbacks
    def _do_emailrequest(self, args):
-        url = (
-            self._identityServerUrl()
-            + "/_matrix/identity/api/v1/validate/email/requestToken"
-        )
+        url = self._identityServerUrl()+"/_matrix/identity/api/v1/validate/email/requestToken"

-        json_res = yield self.http_client.do_request(
-            "POST",
-            url,
-            data=urllib.urlencode(args),
-            jsonreq=False,
-            headers={"Content-Type": ["application/x-www-form-urlencoded"]},
-        )
-        print(json_res)
-        if "sid" in json_res:
-            print("Token sent. Your session ID is %s" % (json_res["sid"]))
+        json_res = yield self.http_client.do_request("POST", url, data=urllib.urlencode(args), jsonreq=False,
+                                                     headers={'Content-Type': ['application/x-www-form-urlencoded']})
+        print json_res
+        if 'sid' in json_res:
+            print "Token sent. Your session ID is %s" % (json_res['sid'])

    def do_emailvalidate(self, line):
        """Validate and associate a third party ID
@@ -290,56 +285,39 @@ class SynapseCmd(cmd.Cmd):
        <token> The token sent to your third party identifier address
        <clientSecret> The same clientSecret you supplied in requestToken
        """
-        args = self._parse(line, ["sid", "token", "clientSecret"])
+        args = self._parse(line, ['sid', 'token', 'clientSecret'])

-        postArgs = {
-            "sid": args["sid"],
-            "token": args["token"],
-            "clientSecret": args["clientSecret"],
-        }
+        postArgs = { 'sid' : args['sid'], 'token' : args['token'], 'clientSecret': args['clientSecret'] }

        reactor.callFromThread(self._do_emailvalidate, postArgs)

    @defer.inlineCallbacks
    def _do_emailvalidate(self, args):
-        url = (
-            self._identityServerUrl()
-            + "/_matrix/identity/api/v1/validate/email/submitToken"
-        )
+        url = self._identityServerUrl()+"/_matrix/identity/api/v1/validate/email/submitToken"

-        json_res = yield self.http_client.do_request(
-            "POST",
-            url,
-            data=urllib.urlencode(args),
-            jsonreq=False,
-            headers={"Content-Type": ["application/x-www-form-urlencoded"]},
-        )
-        print(json_res)
+        json_res = yield self.http_client.do_request("POST", url, data=urllib.urlencode(args), jsonreq=False,
+                                                     headers={'Content-Type': ['application/x-www-form-urlencoded']})
+        print json_res

    def do_3pidbind(self, line):
        """Validate and associate a third party ID
        <sid> The session ID (sid) given to you in the response to requestToken
        <clientSecret> The same clientSecret you supplied in requestToken
        """
-        args = self._parse(line, ["sid", "clientSecret"])
+        args = self._parse(line, ['sid', 'clientSecret'])

-        postArgs = {"sid": args["sid"], "clientSecret": args["clientSecret"]}
-        postArgs["mxid"] = self.config["user"]
+        postArgs = { 'sid' : args['sid'], 'clientSecret': args['clientSecret'] }
+        postArgs['mxid'] = self.config["user"]

        reactor.callFromThread(self._do_3pidbind, postArgs)

    @defer.inlineCallbacks
    def _do_3pidbind(self, args):
-        url = self._identityServerUrl() + "/_matrix/identity/api/v1/3pid/bind"
+        url = self._identityServerUrl()+"/_matrix/identity/api/v1/3pid/bind"

-        json_res = yield self.http_client.do_request(
-            "POST",
-            url,
-            data=urllib.urlencode(args),
-            jsonreq=False,
-            headers={"Content-Type": ["application/x-www-form-urlencoded"]},
-        )
-        print(json_res)
+        json_res = yield self.http_client.do_request("POST", url, data=urllib.urlencode(args), jsonreq=False,
+                                                     headers={'Content-Type': ['application/x-www-form-urlencoded']})
+        print json_res

    def do_join(self, line):
        """Joins a room: "join <roomid>" """
@@ -347,7 +325,7 @@ class SynapseCmd(cmd.Cmd):
            args = self._parse(line, ["roomid"], force_keys=True)
            self._do_membership_change(args["roomid"], "join", self._usr())
        except Exception as e:
-            print(e)
+            print e

    def do_joinalias(self, line):
        try:
@@ -355,7 +333,7 @@ class SynapseCmd(cmd.Cmd):
            path = "/join/%s" % urllib.quote(args["roomname"])
            reactor.callFromThread(self._run_and_pprint, "POST", path, {})
        except Exception as e:
-            print(e)
+            print e

    def do_topic(self, line):
        """"topic [set|get] <roomid> [<newtopic>]"
@@ -365,24 +343,26 @@ class SynapseCmd(cmd.Cmd):
        try:
            args = self._parse(line, ["action", "roomid", "topic"])
            if "action" not in args or "roomid" not in args:
-                print("Must specify set|get and a room ID.")
+                print "Must specify set|get and a room ID."
                return
            if args["action"].lower() not in ["set", "get"]:
-                print("Must specify set|get, not %s" % args["action"])
+                print "Must specify set|get, not %s" % args["action"]
                return

            path = "/rooms/%s/topic" % urllib.quote(args["roomid"])

            if args["action"].lower() == "set":
                if "topic" not in args:
-                    print("Must specify a new topic.")
+                    print "Must specify a new topic."
                    return
-                body = {"topic": args["topic"]}
+                body = {
+                    "topic": args["topic"]
+                }
                reactor.callFromThread(self._run_and_pprint, "PUT", path, body)
            elif args["action"].lower() == "get":
                reactor.callFromThread(self._run_and_pprint, "GET", path)
        except Exception as e:
-            print(e)
+            print e

    def do_invite(self, line):
        """Invite a user to a room: "invite <userid> <roomid>" """
@@ -393,64 +373,49 @@ class SynapseCmd(cmd.Cmd):

            reactor.callFromThread(self._do_invite, args["roomid"], user_id)
        except Exception as e:
-            print(e)
+            print e

    @defer.inlineCallbacks
    def _do_invite(self, roomid, userstring):
-        if not userstring.startswith("@") and self._is_on("complete_usernames"):
-            url = self._identityServerUrl() + "/_matrix/identity/api/v1/lookup"
+        if (not userstring.startswith('@') and
+                    self._is_on("complete_usernames")):
+            url = self._identityServerUrl()+"/_matrix/identity/api/v1/lookup"

-            json_res = yield self.http_client.do_request(
-                "GET", url, qparams={"medium": "email", "address": userstring}
-            )
+            json_res = yield self.http_client.do_request("GET", url, qparams={'medium':'email','address':userstring})

            mxid = None

-            if "mxid" in json_res and "signatures" in json_res:
-                url = (
-                    self._identityServerUrl()
-                    + "/_matrix/identity/api/v1/pubkey/ed25519"
-                )
+            if 'mxid' in json_res and 'signatures' in json_res:
+                url = self._identityServerUrl()+"/_matrix/identity/api/v1/pubkey/ed25519"

                pubKey = None
                pubKeyObj = yield self.http_client.do_request("GET", url)
-                if "public_key" in pubKeyObj:
-                    pubKey = nacl.signing.VerifyKey(
-                        pubKeyObj["public_key"], encoder=nacl.encoding.HexEncoder
-                    )
+                if 'public_key' in pubKeyObj:
+                    pubKey = nacl.signing.VerifyKey(pubKeyObj['public_key'], encoder=nacl.encoding.HexEncoder)
                else:
-                    print("No public key found in pubkey response!")
+                    print "No public key found in pubkey response!"

                sigValid = False

                if pubKey:
-                    for signame in json_res["signatures"]:
+                    for signame in json_res['signatures']:
                        if signame not in TRUSTED_ID_SERVERS:
-                            print(
-                                "Ignoring signature from untrusted server %s"
-                                % (signame)
-                            )
+                            print "Ignoring signature from untrusted server %s" % (signame)
                        else:
                            try:
                                verify_signed_json(json_res, signame, pubKey)
                                sigValid = True
-                                print(
-                                    "Mapping %s -> %s correctly signed by %s"
-                                    % (userstring, json_res["mxid"], signame)
-                                )
+                                print "Mapping %s -> %s correctly signed by %s" % (userstring, json_res['mxid'], signame)
                                break
                            except SignatureVerifyException as e:
-                                print("Invalid signature from %s" % (signame))
-                                print(e)
+                                print "Invalid signature from %s" % (signame)
+                                print e

                if sigValid:
-                    print("Resolved 3pid %s to %s" % (userstring, json_res["mxid"]))
-                    mxid = json_res["mxid"]
+                    print "Resolved 3pid %s to %s" % (userstring, json_res['mxid'])
+                    mxid = json_res['mxid']
                else:
-                    print(
-                        "Got association for %s but couldn't verify signature"
-                        % (userstring)
-                    )
+                    print "Got association for %s but couldn't verify signature" % (userstring)

            if not mxid:
                mxid = "@" + userstring + ":" + self._domain()
@@ -463,17 +428,18 @@ class SynapseCmd(cmd.Cmd):
            args = self._parse(line, ["roomid"], force_keys=True)
            self._do_membership_change(args["roomid"], "leave", self._usr())
        except Exception as e:
-            print(e)
+            print e

    def do_send(self, line):
        """Sends a message. "send <roomid> <body>" """
        args = self._parse(line, ["roomid", "body"])
        txn_id = "txn%s" % int(time.time())
-        path = "/rooms/%s/send/m.room.message/%s" % (
-            urllib.quote(args["roomid"]),
-            txn_id,
-        )
-        body_json = {"msgtype": "m.text", "body": args["body"]}
+        path = "/rooms/%s/send/m.room.message/%s" % (urllib.quote(args["roomid"]),
+                                             txn_id)
+        body_json = {
+            "msgtype": "m.text",
+            "body": args["body"]
+        }
        reactor.callFromThread(self._run_and_pprint, "PUT", path, body_json)

    def do_list(self, line):
@@ -487,10 +453,10 @@ class SynapseCmd(cmd.Cmd):
        """
        args = self._parse(line, ["type", "roomid", "qp"])
        if not "type" in args or not "roomid" in args:
-            print("Must specify type and room ID.")
+            print "Must specify type and room ID."
            return
        if args["type"] not in ["members", "messages"]:
-            print("Unrecognised type: %s" % args["type"])
+            print "Unrecognised type: %s" % args["type"]
            return
        room_id = args["roomid"]
        path = "/rooms/%s/%s" % (urllib.quote(room_id), args["type"])
@@ -502,10 +468,11 @@ class SynapseCmd(cmd.Cmd):
                    key_value = key_value_str.split("=")
                    qp[key_value[0]] = key_value[1]
                except:
-                    print("Bad query param: %s" % key_value)
+                    print "Bad query param: %s" % key_value
                    return

-        reactor.callFromThread(self._run_and_pprint, "GET", path, query_params=qp)
+        reactor.callFromThread(self._run_and_pprint, "GET", path,
+                               query_params=qp)

    def do_create(self, line):
        """Creates a room.
@@ -541,22 +508,14 @@ class SynapseCmd(cmd.Cmd):
        args = self._parse(line, ["method", "path", "data"])
        # sanity check
        if "method" not in args or "path" not in args:
-            print("Must specify path and method.")
+            print "Must specify path and method."
            return

        args["method"] = args["method"].upper()
-        valid_methods = [
-            "PUT",
-            "GET",
-            "POST",
-            "DELETE",
-            "XPUT",
-            "XGET",
-            "XPOST",
-            "XDELETE",
-        ]
+        valid_methods = ["PUT", "GET", "POST", "DELETE",
+                         "XPUT", "XGET", "XPOST", "XDELETE"]
        if args["method"] not in valid_methods:
-            print("Unsupported method: %s" % args["method"])
+            print "Unsupported method: %s" % args["method"]
            return

        if "data" not in args:
@@ -565,7 +524,7 @@ class SynapseCmd(cmd.Cmd):
            try:
                args["data"] = json.loads(args["data"])
            except Exception as e:
-                print("Data is not valid JSON. %s" % e)
+                print "Data is not valid JSON. %s" % e
                return

        qp = {"access_token": self._tok()}
@@ -581,13 +540,10 @@ class SynapseCmd(cmd.Cmd):
            except:
                pass

-        reactor.callFromThread(
-            self._run_and_pprint,
-            args["method"],
-            args["path"],
-            args["data"],
-            query_params=qp,
-        )
+        reactor.callFromThread(self._run_and_pprint, args["method"],
+                                                     args["path"],
+                                                     args["data"],
+                                                     query_params=qp)

    def do_stream(self, line):
        """Stream data from the server: "stream <longpoll timeout ms>" """
@@ -597,29 +553,26 @@ class SynapseCmd(cmd.Cmd):
            try:
                timeout = int(args["timeout"])
            except ValueError:
-                print("Timeout must be in milliseconds.")
+                print "Timeout must be in milliseconds."
                return
        reactor.callFromThread(self._do_event_stream, timeout)

    @defer.inlineCallbacks
    def _do_event_stream(self, timeout):
        res = yield self.http_client.get_json(
-            self._url() + "/events",
-            {
-                "access_token": self._tok(),
-                "timeout": str(timeout),
-                "from": self.event_stream_token,
-            },
-        )
-        print(json.dumps(res, indent=4))
+                self._url() + "/events",
+                {
+                    "access_token": self._tok(),
+                    "timeout": str(timeout),
+                    "from": self.event_stream_token
+                })
+        print json.dumps(res, indent=4)

        if "chunk" in res:
            for event in res["chunk"]:
-                if (
-                    event["type"] == "m.room.message"
-                    and self._is_on("send_delivery_receipts")
-                    and event["user_id"] != self._usr()
-                ):  # not sent by us
+                if (event["type"] == "m.room.message" and
+                        self._is_on("send_delivery_receipts") and
+                        event["user_id"] != self._usr()):  # not sent by us
                    self._send_receipt(event, "d")

        # update the position in the stram
@@ -627,28 +580,18 @@ class SynapseCmd(cmd.Cmd):
            self.event_stream_token = res["end"]

    def _send_receipt(self, event, feedback_type):
-        path = "/rooms/%s/messages/%s/%s/feedback/%s/%s" % (
-            urllib.quote(event["room_id"]),
-            event["user_id"],
-            event["msg_id"],
-            self._usr(),
-            feedback_type,
-        )
+        path = ("/rooms/%s/messages/%s/%s/feedback/%s/%s" %
+               (urllib.quote(event["room_id"]), event["user_id"], event["msg_id"],
+                self._usr(), feedback_type))
        data = {}
-        reactor.callFromThread(
-            self._run_and_pprint,
-            "PUT",
-            path,
-            data=data,
-            alt_text="Sent receipt for %s" % event["msg_id"],
-        )
+        reactor.callFromThread(self._run_and_pprint, "PUT", path, data=data,
+                               alt_text="Sent receipt for %s" % event["msg_id"])

    def _do_membership_change(self, roomid, membership, userid):
-        path = "/rooms/%s/state/m.room.member/%s" % (
-            urllib.quote(roomid),
-            urllib.quote(userid),
-        )
-        data = {"membership": membership}
+        path = "/rooms/%s/state/m.room.member/%s" % (urllib.quote(roomid), urllib.quote(userid))
+        data = {
+            "membership": membership
+        }
        reactor.callFromThread(self._run_and_pprint, "PUT", path, data=data)

    def do_displayname(self, line):
@@ -701,20 +644,15 @@ class SynapseCmd(cmd.Cmd):
        for i, arg in enumerate(line_args):
            for config_key in self.config:
                if ("$" + config_key) in arg:
-                    arg = arg.replace("$" + config_key, self.config[config_key])
+                    arg = arg.replace("$" + config_key,
+                                      self.config[config_key])
            line_args[i] = arg

        return dict(zip(keys, line_args))

    @defer.inlineCallbacks
-    def _run_and_pprint(
-        self,
-        method,
-        path,
-        data=None,
-        query_params={"access_token": None},
-        alt_text=None,
-    ):
+    def _run_and_pprint(self, method, path, data=None,
+                        query_params={"access_token": None}, alt_text=None):
        """ Runs an HTTP request and pretty prints the output.

        Args:
@@ -727,31 +665,31 @@ class SynapseCmd(cmd.Cmd):
        if "access_token" in query_params:
            query_params["access_token"] = self._tok()

-        json_res = yield self.http_client.do_request(
-            method, url, data=data, qparams=query_params
-        )
+        json_res = yield self.http_client.do_request(method, url,
+                                                    data=data,
+                                                    qparams=query_params)
        if alt_text:
-            print(alt_text)
+            print alt_text
        else:
-            print(json.dumps(json_res, indent=4))
+            print json.dumps(json_res, indent=4)


 def save_config(config):
-    with open(CONFIG_JSON, "w") as out:
+    with open(CONFIG_JSON, 'w') as out:
        json.dump(config, out)


 def main(server_url, identity_server_url, username, token, config_path):
-    print("Synapse command line client")
-    print("===========================")
-    print("Server: %s" % server_url)
-    print("Type 'help' to get started.")
-    print("Close this console with CTRL+C then CTRL+D.")
+    print "Synapse command line client"
+    print "==========================="
+    print "Server: %s" % server_url
+    print "Type 'help' to get started."
+    print "Close this console with CTRL+C then CTRL+D."
    if not username or not token:
-        print("-  'register <username>' - Register an account")
-        print("-  'stream' - Connect to the event stream")
-        print("-  'create <roomid>' - Create a room")
-        print("-  'send <roomid> <message>' - Send a message")
+        print "-  'register <username>' - Register an account"
+        print "-  'stream' - Connect to the event stream"
+        print "-  'create <roomid>' - Create a room"
+        print "-  'send <roomid> <message>' - Send a message"
    http_client = TwistedHttpClient()

    # the command line client
@@ -761,13 +699,13 @@ def main(server_url, identity_server_url, username, token, config_path):
    global CONFIG_JSON
    CONFIG_JSON = config_path  # bit cheeky, but just overwrite the global
    try:
-        with open(config_path, "r") as config:
+        with open(config_path, 'r') as config:
            syn_cmd.config = json.load(config)
            try:
                http_client.verbose = "on" == syn_cmd.config["verbose"]
            except:
                pass
-            print("Loaded config from %s" % config_path)
+            print "Loaded config from %s" % config_path
    except:
        pass

@@ -778,37 +716,27 @@ def main(server_url, identity_server_url, username, token, config_path):
    reactor.run()


-if __name__ == "__main__":
+if __name__ == '__main__':
    parser = argparse.ArgumentParser("Starts a synapse client.")
    parser.add_argument(
-        "-s",
-        "--server",
-        dest="server",
-        default="http://localhost:8008",
-        help="The URL of the home server to talk to.",
-    )
+        "-s", "--server", dest="server", default="http://localhost:8008",
+        help="The URL of the home server to talk to.")
    parser.add_argument(
-        "-i",
-        "--identity-server",
-        dest="identityserver",
-        default="http://localhost:8090",
-        help="The URL of the identity server to talk to.",
-    )
+        "-i", "--identity-server", dest="identityserver", default="http://localhost:8090",
+        help="The URL of the identity server to talk to.")
    parser.add_argument(
-        "-u", "--username", dest="username", help="Your username on the server."
-    )
-    parser.add_argument("-t", "--token", dest="token", help="Your access token.")
+        "-u", "--username", dest="username",
+        help="Your username on the server.")
    parser.add_argument(
-        "-c",
-        "--config",
-        dest="config",
-        default=CONFIG_JSON,
-        help="The location of the config.json file to read from.",
-    )
+        "-t", "--token", dest="token",
+        help="Your access token.")
+    parser.add_argument(
+        "-c", "--config", dest="config", default=CONFIG_JSON,
+        help="The location of the config.json file to read from.")
    args = parser.parse_args()

    if not args.server:
-        print("You must supply a server URL to communicate with.")
+        print "You must supply a server URL to communicate with."
        parser.print_help()
        sys.exit(1)

--- a/contrib/cmdclient/http.py
+++ b/contrib/cmdclient/http.py
@@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from __future__ import print_function
 from twisted.web.client import Agent, readBody
 from twisted.web.http_headers import Headers
 from twisted.internet import defer, reactor
@@ -73,7 +72,9 @@ class TwistedHttpClient(HttpClient):
    @defer.inlineCallbacks
    def put_json(self, url, data):
        response = yield self._create_put_request(
-            url, data, headers_dict={"Content-Type": ["application/json"]}
+            url,
+            data,
+            headers_dict={"Content-Type": ["application/json"]}
        )
        body = yield readBody(response)
        defer.returnValue((response.code, body))
@@ -93,34 +94,40 @@ class TwistedHttpClient(HttpClient):
        """

        if "Content-Type" not in headers_dict:
-            raise defer.error(RuntimeError("Must include Content-Type header for PUTs"))
+            raise defer.error(
+                RuntimeError("Must include Content-Type header for PUTs"))

        return self._create_request(
-            "PUT", url, producer=_JsonProducer(json_data), headers_dict=headers_dict
+            "PUT",
+            url,
+            producer=_JsonProducer(json_data),
+            headers_dict=headers_dict
        )

    def _create_get_request(self, url, headers_dict={}):
        """ Wrapper of _create_request to issue a GET request
        """
-        return self._create_request("GET", url, headers_dict=headers_dict)
+        return self._create_request(
+            "GET",
+            url,
+            headers_dict=headers_dict
+        )

    @defer.inlineCallbacks
-    def do_request(
-        self, method, url, data=None, qparams=None, jsonreq=True, headers={}
-    ):
+    def do_request(self, method, url, data=None, qparams=None, jsonreq=True, headers={}):
        if qparams:
            url = "%s?%s" % (url, urllib.urlencode(qparams, True))

        if jsonreq:
            prod = _JsonProducer(data)
-            headers["Content-Type"] = ["application/json"]
+            headers['Content-Type'] = ["application/json"];
        else:
            prod = _RawProducer(data)

        if method in ["POST", "PUT"]:
-            response = yield self._create_request(
-                method, url, producer=prod, headers_dict=headers
-            )
+            response = yield self._create_request(method, url,
+                    producer=prod,
+                    headers_dict=headers)
        else:
            response = yield self._create_request(method, url)

@@ -134,24 +141,27 @@ class TwistedHttpClient(HttpClient):
        headers_dict["User-Agent"] = ["Synapse Cmd Client"]

        retries_left = 5
-        print("%s to %s with headers %s" % (method, url, headers_dict))
+        print "%s to %s with headers %s" % (method, url, headers_dict)
        if self.verbose and producer:
            if "password" in producer.data:
                temp = producer.data["password"]
                producer.data["password"] = "[REDACTED]"
-                print(json.dumps(producer.data, indent=4))
+                print json.dumps(producer.data, indent=4)
                producer.data["password"] = temp
            else:
-                print(json.dumps(producer.data, indent=4))
+                print json.dumps(producer.data, indent=4)

        while True:
            try:
                response = yield self.agent.request(
-                    method, url.encode("UTF8"), Headers(headers_dict), producer
+                    method,
+                    url.encode("UTF8"),
+                    Headers(headers_dict),
+                    producer
                )
                break
            except Exception as e:
-                print("uh oh: %s" % e)
+                print "uh oh: %s" % e
                if retries_left:
                    yield self.sleep(2 ** (5 - retries_left))
                    retries_left -= 1
@@ -159,8 +169,8 @@ class TwistedHttpClient(HttpClient):
                    raise e

        if self.verbose:
-            print("Status %s %s" % (response.code, response.phrase))
-            print(pformat(list(response.headers.getAllRawHeaders())))
+            print "Status %s %s" % (response.code, response.phrase)
+            print pformat(list(response.headers.getAllRawHeaders()))
        defer.returnValue(response)

    def sleep(self, seconds):
@@ -168,7 +178,6 @@ class TwistedHttpClient(HttpClient):
        reactor.callLater(seconds, d.callback, seconds)
        return d

-
 class _RawProducer(object):
    def __init__(self, data):
        self.data = data
@@ -185,11 +194,9 @@ class _RawProducer(object):
    def stopProducing(self):
        pass

-
 class _JsonProducer(object):
    """ Used by the twisted http client to create the HTTP body from json
    """
-
    def __init__(self, jsn):
        self.data = jsn
        self.body = json.dumps(jsn).encode("utf8")
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -1,9 +1,5 @@
 # Synapse Docker

-FIXME: this is out-of-date as of
-https://github.com/matrix-org/synapse/issues/5518. Contributions to bring it up
-to date would be welcome.
-
 ### Automated configuration

 It is recommended that you use Docker Compose to run your containers, including
--- a/contrib/example_log_config.yaml
+++ b/contrib/example_log_config.yaml
@@ -1,7 +1,7 @@
-# Example log_config file for synapse. To enable, point `log_config` to it in
+# Example log_config file for synapse. To enable, point `log_config` to it in 
 # `homeserver.yaml`, and restart synapse.
 #
-# This configuration will produce similar results to the defaults within
+# This configuration will produce similar results to the defaults within 
 # synapse, but can be edited to give more flexibility.

 version: 1
@@ -12,7 +12,7 @@ formatters:

 filters:
  context:
-    (): synapse.logging.context.LoggingContextFilter
+    (): synapse.util.logcontext.LoggingContextFilter
    request: ""

 handlers:
@@ -35,7 +35,7 @@ handlers:
 root:
    level: INFO
    handlers: [console] # to use file handler instead, switch to [file]
-
+    
 loggers:
    synapse:
        level: INFO
--- a/contrib/experiments/cursesio.py
+++ b/contrib/experiments/cursesio.py
@@ -19,13 +19,13 @@ from curses.ascii import isprint
 from twisted.internet import reactor


-class CursesStdIO:
+class CursesStdIO():
    def __init__(self, stdscr, callback=None):
        self.statusText = "Synapse test app -"
-        self.searchText = ""
+        self.searchText = ''
        self.stdscr = stdscr

-        self.logLine = ""
+        self.logLine = ''

        self.callback = callback

@@ -71,7 +71,8 @@ class CursesStdIO:
        i = 0
        index = len(self.lines) - 1
        while i < (self.rows - 3) and index >= 0:
-            self.stdscr.addstr(self.rows - 3 - i, 0, self.lines[index], curses.A_NORMAL)
+            self.stdscr.addstr(self.rows - 3 - i, 0, self.lines[index],
+                               curses.A_NORMAL)
            i = i + 1
            index = index - 1

@@ -84,13 +85,15 @@ class CursesStdIO:
            raise RuntimeError("TextTooLongError")

        self.stdscr.addstr(
-            self.rows - 2, 0, text + " " * (self.cols - len(text)), curses.A_STANDOUT
-        )
+            self.rows - 2, 0,
+            text + ' ' * (self.cols - len(text)),
+            curses.A_STANDOUT)

    def printLogLine(self, text):
        self.stdscr.addstr(
-            0, 0, text + " " * (self.cols - len(text)), curses.A_STANDOUT
-        )
+            0, 0,
+            text + ' ' * (self.cols - len(text)),
+            curses.A_STANDOUT)

    def doRead(self):
        """ Input is ready! """
@@ -102,7 +105,7 @@ class CursesStdIO:

        elif c == curses.KEY_ENTER or c == 10:
            text = self.searchText
-            self.searchText = ""
+            self.searchText = ''

            self.print_line(">> %s" % text)

@@ -119,13 +122,11 @@ class CursesStdIO:
                return
            self.searchText = self.searchText + chr(c)

-        self.stdscr.addstr(
-            self.rows - 1,
-            0,
-            self.searchText + (" " * (self.cols - len(self.searchText) - 2)),
-        )
+        self.stdscr.addstr(self.rows - 1, 0,
+                           self.searchText + (' ' * (
+                           self.cols - len(self.searchText) - 2)))

-        self.paintStatus(self.statusText + " %d" % len(self.searchText))
+        self.paintStatus(self.statusText + ' %d' % len(self.searchText))
        self.stdscr.move(self.rows - 1, len(self.searchText))
        self.stdscr.refresh()

@@ -142,6 +143,7 @@ class CursesStdIO:


 class Callback(object):
+
    def __init__(self, stdio):
        self.stdio = stdio

@@ -150,7 +152,7 @@ class Callback(object):


 def main(stdscr):
-    screen = CursesStdIO(stdscr)  # create Screen object
+    screen = CursesStdIO(stdscr)   # create Screen object

    callback = Callback(screen)

@@ -162,5 +164,5 @@ def main(stdscr):
    screen.close()


-if __name__ == "__main__":
+if __name__ == '__main__':
    curses.wrapper(main)
--- a/contrib/experiments/test_messaging.py
+++ b/contrib/experiments/test_messaging.py
@@ -28,7 +28,9 @@ Currently assumes the local address is localhost:<port>
 """


-from synapse.federation import ReplicationHandler
+from synapse.federation import (
+    ReplicationHandler
+)

 from synapse.federation.units import Pdu

@@ -36,7 +38,7 @@ from synapse.util import origin_from_ucid

 from synapse.app.homeserver import SynapseHomeServer

-# from synapse.logging.utils import log_function
+#from synapse.util.logutils import log_function

 from twisted.internet import reactor, defer
 from twisted.python import log
@@ -81,7 +83,7 @@ class InputOutput(object):
                room_name, = m.groups()
                self.print_line("%s joining %s" % (self.user, room_name))
                self.server.join_room(room_name, self.user, self.user)
-                # self.print_line("OK.")
+                #self.print_line("OK.")
                return

            m = re.match("^invite (\S+) (\S+)$", line)
@@ -90,7 +92,7 @@ class InputOutput(object):
                room_name, invitee = m.groups()
                self.print_line("%s invited to %s" % (invitee, room_name))
                self.server.invite_to_room(room_name, self.user, invitee)
-                # self.print_line("OK.")
+                #self.print_line("OK.")
                return

            m = re.match("^send (\S+) (.*)$", line)
@@ -99,7 +101,7 @@ class InputOutput(object):
                room_name, body = m.groups()
                self.print_line("%s send to %s" % (self.user, room_name))
                self.server.send_message(room_name, self.user, body)
-                # self.print_line("OK.")
+                #self.print_line("OK.")
                return

            m = re.match("^backfill (\S+)$", line)
@@ -123,6 +125,7 @@ class InputOutput(object):


 class IOLoggerHandler(logging.Handler):
+
    def __init__(self, io):
        logging.Handler.__init__(self)
        self.io = io
@@ -139,7 +142,6 @@ class Room(object):
    """ Used to store (in memory) the current membership state of a room, and
    which home servers we should send PDUs associated with the room to.
    """
-
    def __init__(self, room_name):
        self.room_name = room_name
        self.invited = set()
@@ -173,7 +175,6 @@ class HomeServer(ReplicationHandler):
    """ A very basic home server implentation that allows people to join a
    room and then invite other people.
    """
-
    def __init__(self, server_name, replication_layer, output):
        self.server_name = server_name
        self.replication_layer = replication_layer
@@ -196,27 +197,26 @@ class HomeServer(ReplicationHandler):
            elif pdu.content["membership"] == "invite":
                self._on_invite(pdu.origin, pdu.context, pdu.state_key)
        else:
-            self.output.print_line(
-                "#%s (unrec) %s = %s"
-                % (pdu.context, pdu.pdu_type, json.dumps(pdu.content))
+            self.output.print_line("#%s (unrec) %s = %s" %
+                (pdu.context, pdu.pdu_type, json.dumps(pdu.content))
            )

-    # def on_state_change(self, pdu):
-    ##self.output.print_line("#%s (state) %s *** %s" %
-    ##(pdu.context, pdu.state_key, pdu.pdu_type)
-    ##)
+    #def on_state_change(self, pdu):
+        ##self.output.print_line("#%s (state) %s *** %s" %
+                ##(pdu.context, pdu.state_key, pdu.pdu_type)
+            ##)

-    # if "joinee" in pdu.content:
-    # self._on_join(pdu.context, pdu.content["joinee"])
-    # elif "invitee" in pdu.content:
-    # self._on_invite(pdu.origin, pdu.context, pdu.content["invitee"])
+        #if "joinee" in pdu.content:
+            #self._on_join(pdu.context, pdu.content["joinee"])
+        #elif "invitee" in pdu.content:
+            #self._on_invite(pdu.origin, pdu.context, pdu.content["invitee"])

    def _on_message(self, pdu):
        """ We received a message
        """
-        self.output.print_line(
-            "#%s %s %s" % (pdu.context, pdu.content["sender"], pdu.content["body"])
-        )
+        self.output.print_line("#%s %s %s" %
+                (pdu.context, pdu.content["sender"], pdu.content["body"])
+            )

    def _on_join(self, context, joinee):
        """ Someone has joined a room, either a remote user or a local user
@@ -224,7 +224,9 @@ class HomeServer(ReplicationHandler):
        room = self._get_or_create_room(context)
        room.add_participant(joinee)

-        self.output.print_line("#%s %s %s" % (context, joinee, "*** JOINED"))
+        self.output.print_line("#%s %s %s" %
+                (context, joinee, "*** JOINED")
+            )

    def _on_invite(self, origin, context, invitee):
        """ Someone has been invited
@@ -232,7 +234,9 @@ class HomeServer(ReplicationHandler):
        room = self._get_or_create_room(context)
        room.add_invited(invitee)

-        self.output.print_line("#%s %s %s" % (context, invitee, "*** INVITED"))
+        self.output.print_line("#%s %s %s" %
+                (context, invitee, "*** INVITED")
+            )

        if not room.have_got_metadata and origin is not self.server_name:
            logger.debug("Get room state")
@@ -268,14 +272,14 @@ class HomeServer(ReplicationHandler):

        try:
            pdu = Pdu.create_new(
-                context=room_name,
-                pdu_type="sy.room.member",
-                is_state=True,
-                state_key=joinee,
-                content={"membership": "join"},
-                origin=self.server_name,
-                destinations=destinations,
-            )
+                    context=room_name,
+                    pdu_type="sy.room.member",
+                    is_state=True,
+                    state_key=joinee,
+                    content={"membership": "join"},
+                    origin=self.server_name,
+                    destinations=destinations,
+                )
            yield self.replication_layer.send_pdu(pdu)
        except Exception as e:
            logger.exception(e)
@@ -314,21 +318,21 @@ class HomeServer(ReplicationHandler):
        return self.replication_layer.backfill(dest, room_name, limit)

    def _get_room_remote_servers(self, room_name):
-        return [i for i in self.joined_rooms.setdefault(room_name).servers]
+        return [i for i in self.joined_rooms.setdefault(room_name,).servers]

    def _get_or_create_room(self, room_name):
        return self.joined_rooms.setdefault(room_name, Room(room_name))

    def get_servers_for_context(self, context):
        return defer.succeed(
-            self.joined_rooms.setdefault(context, Room(context)).servers
-        )
+                self.joined_rooms.setdefault(context, Room(context)).servers
+            )


 def main(stdscr):
    parser = argparse.ArgumentParser()
-    parser.add_argument("user", type=str)
-    parser.add_argument("-v", "--verbose", action="count")
+    parser.add_argument('user', type=str)
+    parser.add_argument('-v', '--verbose', action='count')
    args = parser.parse_args()

    user = args.user
@@ -338,9 +342,8 @@ def main(stdscr):

    root_logger = logging.getLogger()

-    formatter = logging.Formatter(
-        "%(asctime)s - %(name)s - %(lineno)d - " "%(levelname)s - %(message)s"
-    )
+    formatter = logging.Formatter('%(asctime)s - %(name)s - %(lineno)d - '
+            '%(levelname)s - %(message)s')
    if not os.path.exists("logs"):
        os.makedirs("logs")
    fh = logging.FileHandler("logs/%s" % user)
--- a/contrib/grafana/synapse.json
+++ b/contrib/grafana/synapse.json
--- a/contrib/graph/graph.py
+++ b/contrib/graph/graph.py
@@ -1,5 +1,3 @@
-from __future__ import print_function
-
 # Copyright 2014-2016 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -50,7 +48,7 @@ def make_graph(pdus, room, filename_prefix):
            c = colors.pop()
            color_map[o] = c
        except:
-            print("Run out of colours!")
+            print "Run out of colours!"
            color_map[o] = "black"

    graph = pydot.Dot(graph_name="Test")
@@ -59,9 +57,9 @@ def make_graph(pdus, room, filename_prefix):
        name = make_name(pdu.get("pdu_id"), pdu.get("origin"))
        pdu_map[name] = pdu

-        t = datetime.datetime.fromtimestamp(float(pdu["ts"]) / 1000).strftime(
-            "%Y-%m-%d %H:%M:%S,%f"
-        )
+        t = datetime.datetime.fromtimestamp(
+            float(pdu["ts"]) / 1000
+        ).strftime('%Y-%m-%d %H:%M:%S,%f')

        label = (
            "<"
@@ -81,7 +79,11 @@ def make_graph(pdus, room, filename_prefix):
            "depth": pdu.get("depth"),
        }

-        node = pydot.Node(name=name, label=label, color=color_map[pdu.get("origin")])
+        node = pydot.Node(
+            name=name,
+            label=label,
+            color=color_map[pdu.get("origin")]
+        )
        node_map[name] = node
        graph.add_node(node)

@@ -91,7 +93,7 @@ def make_graph(pdus, room, filename_prefix):
            end_name = make_name(i, o)

            if end_name not in node_map:
-                print("%s not in nodes" % end_name)
+                print "%s not in nodes" % end_name
                continue

            edge = pydot.Edge(node_map[start_name], node_map[end_name])
@@ -105,13 +107,14 @@ def make_graph(pdus, room, filename_prefix):

            if prev_state_name in node_map:
                state_edge = pydot.Edge(
-                    node_map[start_name], node_map[prev_state_name], style="dotted"
+                    node_map[start_name], node_map[prev_state_name],
+                    style='dotted'
                )
                graph.add_edge(state_edge)

-    graph.write("%s.dot" % filename_prefix, format="raw", prog="dot")
-    #    graph.write_png("%s.png" % filename_prefix, prog='dot')
-    graph.write_svg("%s.svg" % filename_prefix, prog="dot")
+    graph.write('%s.dot' % filename_prefix, format='raw', prog='dot')
+#    graph.write_png("%s.png" % filename_prefix, prog='dot')
+    graph.write_svg("%s.svg" % filename_prefix, prog='dot')


 def get_pdus(host, room):
@@ -127,14 +130,15 @@ def get_pdus(host, room):
 if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description="Generate a PDU graph for a given room by talking "
-        "to the given homeserver to get the list of PDUs. \n"
-        "Requires pydot."
+                    "to the given homeserver to get the list of PDUs. \n"
+                    "Requires pydot."
    )
    parser.add_argument(
-        "-p", "--prefix", dest="prefix", help="String to prefix output files with"
+        "-p", "--prefix", dest="prefix",
+        help="String to prefix output files with"
    )
-    parser.add_argument("host")
-    parser.add_argument("room")
+    parser.add_argument('host')
+    parser.add_argument('room')

    args = parser.parse_args()

--- a/contrib/graph/graph2.py
+++ b/contrib/graph/graph2.py
@@ -36,7 +36,10 @@ def make_graph(db_name, room_id, file_prefix, limit):
    args = [room_id]

    if limit:
-        sql += " ORDER BY topological_ordering DESC, stream_ordering DESC " "LIMIT ?"
+        sql += (
+            " ORDER BY topological_ordering DESC, stream_ordering DESC "
+            "LIMIT ?"
+        )

        args.append(limit)

@@ -53,8 +56,9 @@ def make_graph(db_name, room_id, file_prefix, limit):

    for event in events:
        c = conn.execute(
-            "SELECT state_group FROM event_to_state_groups " "WHERE event_id = ?",
-            (event.event_id,),
+            "SELECT state_group FROM event_to_state_groups "
+            "WHERE event_id = ?",
+            (event.event_id,)
        )

        res = c.fetchone()
@@ -65,7 +69,7 @@ def make_graph(db_name, room_id, file_prefix, limit):

        t = datetime.datetime.fromtimestamp(
            float(event.origin_server_ts) / 1000
-        ).strftime("%Y-%m-%d %H:%M:%S,%f")
+        ).strftime('%Y-%m-%d %H:%M:%S,%f')

        content = json.dumps(unfreeze(event.get_dict()["content"]))

@@ -89,7 +93,10 @@ def make_graph(db_name, room_id, file_prefix, limit):
            "state_group": state_group,
        }

-        node = pydot.Node(name=event.event_id, label=label)
+        node = pydot.Node(
+            name=event.event_id,
+            label=label,
+        )

        node_map[event.event_id] = node
        graph.add_node(node)
@@ -99,7 +106,10 @@ def make_graph(db_name, room_id, file_prefix, limit):
            try:
                end_node = node_map[prev_id]
            except:
-                end_node = pydot.Node(name=prev_id, label="<<b>%s</b>>" % (prev_id,))
+                end_node = pydot.Node(
+                    name=prev_id,
+                    label="<<b>%s</b>>" % (prev_id,),
+                )

                node_map[prev_id] = end_node
                graph.add_node(end_node)
@@ -111,33 +121,36 @@ def make_graph(db_name, room_id, file_prefix, limit):
        if len(event_ids) <= 1:
            continue

-        cluster = pydot.Cluster(str(group), label="<State Group: %s>" % (str(group),))
+        cluster = pydot.Cluster(
+            str(group),
+            label="<State Group: %s>" % (str(group),)
+        )

        for event_id in event_ids:
            cluster.add_node(node_map[event_id])

        graph.add_subgraph(cluster)

-    graph.write("%s.dot" % file_prefix, format="raw", prog="dot")
-    graph.write_svg("%s.svg" % file_prefix, prog="dot")
-
+    graph.write('%s.dot' % file_prefix, format='raw', prog='dot')
+    graph.write_svg("%s.svg" % file_prefix, prog='dot')

 if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description="Generate a PDU graph for a given room by talking "
-        "to the given homeserver to get the list of PDUs. \n"
-        "Requires pydot."
+                    "to the given homeserver to get the list of PDUs. \n"
+                    "Requires pydot."
    )
    parser.add_argument(
-        "-p",
-        "--prefix",
-        dest="prefix",
+        "-p", "--prefix", dest="prefix",
        help="String to prefix output files with",
-        default="graph_output",
+        default="graph_output"
    )
-    parser.add_argument("-l", "--limit", help="Only retrieve the last N events.")
-    parser.add_argument("db")
-    parser.add_argument("room")
+    parser.add_argument(
+        "-l", "--limit",
+        help="Only retrieve the last N events.",
+    )
+    parser.add_argument('db')
+    parser.add_argument('room')

    args = parser.parse_args()

--- a/contrib/graph/graph3.py
+++ b/contrib/graph/graph3.py
@@ -1,5 +1,3 @@
-from __future__ import print_function
-
 # Copyright 2016 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,22 +26,22 @@ from six import string_types


 def make_graph(file_name, room_id, file_prefix, limit):
-    print("Reading lines")
+    print "Reading lines"
    with open(file_name) as f:
        lines = f.readlines()

-    print("Read lines")
+    print "Read lines"

    events = [FrozenEvent(json.loads(line)) for line in lines]

-    print("Loaded events.")
+    print "Loaded events."

    events.sort(key=lambda e: e.depth)

-    print("Sorted events")
+    print "Sorted events"

    if limit:
-        events = events[-int(limit) :]
+        events = events[-int(limit):]

    node_map = {}

@@ -52,12 +50,12 @@ def make_graph(file_name, room_id, file_prefix, limit):
    for event in events:
        t = datetime.datetime.fromtimestamp(
            float(event.origin_server_ts) / 1000
-        ).strftime("%Y-%m-%d %H:%M:%S,%f")
+        ).strftime('%Y-%m-%d %H:%M:%S,%f')

        content = json.dumps(unfreeze(event.get_dict()["content"]), indent=4)
        content = content.replace("\n", "<br/>\n")

-        print(content)
+        print content
        content = []
        for key, value in unfreeze(event.get_dict()["content"]).items():
            if value is None:
@@ -68,16 +66,15 @@ def make_graph(file_name, room_id, file_prefix, limit):
                value = json.dumps(value)

            content.append(
-                "<b>%s</b>: %s,"
-                % (
-                    cgi.escape(key, quote=True).encode("ascii", "xmlcharrefreplace"),
-                    cgi.escape(value, quote=True).encode("ascii", "xmlcharrefreplace"),
+                "<b>%s</b>: %s," % (
+                    cgi.escape(key, quote=True).encode("ascii", 'xmlcharrefreplace'),
+                    cgi.escape(value, quote=True).encode("ascii", 'xmlcharrefreplace'),
                )
            )

        content = "<br/>\n".join(content)

-        print(content)
+        print content

        label = (
            "<"
@@ -97,19 +94,25 @@ def make_graph(file_name, room_id, file_prefix, limit):
            "depth": event.depth,
        }

-        node = pydot.Node(name=event.event_id, label=label)
+        node = pydot.Node(
+            name=event.event_id,
+            label=label,
+        )

        node_map[event.event_id] = node
        graph.add_node(node)

-    print("Created Nodes")
+    print "Created Nodes"

    for event in events:
        for prev_id, _ in event.prev_events:
            try:
                end_node = node_map[prev_id]
            except:
-                end_node = pydot.Node(name=prev_id, label="<<b>%s</b>>" % (prev_id,))
+                end_node = pydot.Node(
+                    name=prev_id,
+                    label="<<b>%s</b>>" % (prev_id,),
+                )

                node_map[prev_id] = end_node
                graph.add_node(end_node)
@@ -117,33 +120,33 @@ def make_graph(file_name, room_id, file_prefix, limit):
            edge = pydot.Edge(node_map[event.event_id], end_node)
            graph.add_edge(edge)

-    print("Created edges")
+    print "Created edges"

-    graph.write("%s.dot" % file_prefix, format="raw", prog="dot")
+    graph.write('%s.dot' % file_prefix, format='raw', prog='dot')

-    print("Created Dot")
+    print "Created Dot"

-    graph.write_svg("%s.svg" % file_prefix, prog="dot")
-
-    print("Created svg")
+    graph.write_svg("%s.svg" % file_prefix, prog='dot')

+    print "Created svg"

 if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description="Generate a PDU graph for a given room by reading "
-        "from a file with line deliminated events. \n"
-        "Requires pydot."
+                    "from a file with line deliminated events. \n"
+                    "Requires pydot."
    )
    parser.add_argument(
-        "-p",
-        "--prefix",
-        dest="prefix",
+        "-p", "--prefix", dest="prefix",
        help="String to prefix output files with",
-        default="graph_output",
+        default="graph_output"
    )
-    parser.add_argument("-l", "--limit", help="Only retrieve the last N events.")
-    parser.add_argument("event_file")
-    parser.add_argument("room")
+    parser.add_argument(
+        "-l", "--limit",
+        help="Only retrieve the last N events.",
+    )
+    parser.add_argument('event_file')
+    parser.add_argument('room')

    args = parser.parse_args()

--- a/contrib/jitsimeetbridge/jitsimeetbridge.py
+++ b/contrib/jitsimeetbridge/jitsimeetbridge.py
@@ -8,9 +8,8 @@ we set the remote SDP at which point the stream ends. Our video never gets to
 the bridge.

 Requires:
-npm install jquery jsdom
+npm install jquery jsdom 
 """
-from __future__ import print_function

 import gevent
 import grequests
@@ -20,25 +19,24 @@ import urllib
 import subprocess
 import time

-# ACCESS_TOKEN="" #
+#ACCESS_TOKEN="" #

-MATRIXBASE = "https://matrix.org/_matrix/client/api/v1/"
-MYUSERNAME = "@davetest:matrix.org"
+MATRIXBASE = 'https://matrix.org/_matrix/client/api/v1/'
+MYUSERNAME = '@davetest:matrix.org'

-HTTPBIND = "https://meet.jit.si/http-bind"
-# HTTPBIND = 'https://jitsi.vuc.me/http-bind'
-# ROOMNAME = "matrix"
+HTTPBIND = 'https://meet.jit.si/http-bind'
+#HTTPBIND = 'https://jitsi.vuc.me/http-bind'
+#ROOMNAME = "matrix"
 ROOMNAME = "pibble"

-HOST = "guest.jit.si"
-# HOST="jitsi.vuc.me"
+HOST="guest.jit.si"
+#HOST="jitsi.vuc.me"

-TURNSERVER = "turn.guest.jit.si"
-# TURNSERVER="turn.jitsi.vuc.me"
-
-ROOMDOMAIN = "meet.jit.si"
-# ROOMDOMAIN="conference.jitsi.vuc.me"
+TURNSERVER="turn.guest.jit.si"
+#TURNSERVER="turn.jitsi.vuc.me"

+ROOMDOMAIN="meet.jit.si"
+#ROOMDOMAIN="conference.jitsi.vuc.me"

 class TrivialMatrixClient:
    def __init__(self, access_token):
@@ -47,50 +45,38 @@ class TrivialMatrixClient:

    def getEvent(self):
        while True:
-            url = (
-                MATRIXBASE
-                + "events?access_token="
-                + self.access_token
-                + "&timeout=60000"
-            )
+            url = MATRIXBASE+'events?access_token='+self.access_token+"&timeout=60000"
            if self.token:
-                url += "&from=" + self.token
+                url += "&from="+self.token
            req = grequests.get(url)
            resps = grequests.map([req])
            obj = json.loads(resps[0].content)
-            print("incoming from matrix", obj)
-            if "end" not in obj:
+            print "incoming from matrix",obj
+            if 'end' not in obj:
                continue
-            self.token = obj["end"]
-            if len(obj["chunk"]):
-                return obj["chunk"][0]
+            self.token = obj['end']
+            if len(obj['chunk']):
+                return obj['chunk'][0]

    def joinRoom(self, roomId):
-        url = MATRIXBASE + "rooms/" + roomId + "/join?access_token=" + self.access_token
-        print(url)
-        headers = {"Content-Type": "application/json"}
-        req = grequests.post(url, headers=headers, data="{}")
+        url = MATRIXBASE+'rooms/'+roomId+'/join?access_token='+self.access_token
+        print url
+        headers={ 'Content-Type': 'application/json' }
+        req = grequests.post(url, headers=headers, data='{}')
        resps = grequests.map([req])
        obj = json.loads(resps[0].content)
-        print("response: ", obj)
+        print "response: ",obj

    def sendEvent(self, roomId, evType, event):
-        url = (
-            MATRIXBASE
-            + "rooms/"
-            + roomId
-            + "/send/"
-            + evType
-            + "?access_token="
-            + self.access_token
-        )
-        print(url)
-        print(json.dumps(event))
-        headers = {"Content-Type": "application/json"}
+        url = MATRIXBASE+'rooms/'+roomId+'/send/'+evType+'?access_token='+self.access_token
+        print url
+        print json.dumps(event)
+        headers={ 'Content-Type': 'application/json' }
        req = grequests.post(url, headers=headers, data=json.dumps(event))
        resps = grequests.map([req])
        obj = json.loads(resps[0].content)
-        print("response: ", obj)
+        print "response: ",obj
+


 xmppClients = {}
@@ -99,40 +85,39 @@ xmppClients = {}
 def matrixLoop():
    while True:
        ev = matrixCli.getEvent()
-        print(ev)
-        if ev["type"] == "m.room.member":
-            print("membership event")
-            if ev["membership"] == "invite" and ev["state_key"] == MYUSERNAME:
-                roomId = ev["room_id"]
-                print("joining room %s" % (roomId))
+        print ev
+        if ev['type'] == 'm.room.member':
+            print 'membership event'
+            if ev['membership'] == 'invite' and ev['state_key'] == MYUSERNAME:
+                roomId = ev['room_id']
+                print "joining room %s" % (roomId)
                matrixCli.joinRoom(roomId)
-        elif ev["type"] == "m.room.message":
-            if ev["room_id"] in xmppClients:
-                print("already have a bridge for that user, ignoring")
+        elif ev['type'] == 'm.room.message':
+            if ev['room_id'] in xmppClients:
+                print "already have a bridge for that user, ignoring"
                continue
-            print("got message, connecting")
-            xmppClients[ev["room_id"]] = TrivialXmppClient(ev["room_id"], ev["user_id"])
-            gevent.spawn(xmppClients[ev["room_id"]].xmppLoop)
-        elif ev["type"] == "m.call.invite":
-            print("Incoming call")
-            # sdp = ev['content']['offer']['sdp']
-            # print "sdp: %s" % (sdp)
-            # xmppClients[ev['room_id']] = TrivialXmppClient(ev['room_id'], ev['user_id'])
-            # gevent.spawn(xmppClients[ev['room_id']].xmppLoop)
-        elif ev["type"] == "m.call.answer":
-            print("Call answered")
-            sdp = ev["content"]["answer"]["sdp"]
-            if ev["room_id"] not in xmppClients:
-                print("We didn't have a call for that room")
+            print "got message, connecting"
+            xmppClients[ev['room_id']] = TrivialXmppClient(ev['room_id'], ev['user_id'])
+            gevent.spawn(xmppClients[ev['room_id']].xmppLoop)
+        elif ev['type'] == 'm.call.invite':
+            print "Incoming call"
+            #sdp = ev['content']['offer']['sdp']
+            #print "sdp: %s" % (sdp)
+            #xmppClients[ev['room_id']] = TrivialXmppClient(ev['room_id'], ev['user_id'])
+            #gevent.spawn(xmppClients[ev['room_id']].xmppLoop)
+        elif ev['type'] == 'm.call.answer':
+            print "Call answered"
+            sdp = ev['content']['answer']['sdp']
+            if ev['room_id'] not in xmppClients:
+                print "We didn't have a call for that room"
                continue
            # should probably check call ID too
-            xmppCli = xmppClients[ev["room_id"]]
+            xmppCli = xmppClients[ev['room_id']]
            xmppCli.sendAnswer(sdp)
-        elif ev["type"] == "m.call.hangup":
-            if ev["room_id"] in xmppClients:
-                xmppClients[ev["room_id"]].stop()
-                del xmppClients[ev["room_id"]]
-
+        elif ev['type'] == 'm.call.hangup':
+            if ev['room_id'] in xmppClients:
+                xmppClients[ev['room_id']].stop()
+                del xmppClients[ev['room_id']]

 class TrivialXmppClient:
    def __init__(self, matrixRoom, userId):
@@ -146,155 +131,130 @@ class TrivialXmppClient:

    def nextRid(self):
        self.rid += 1
-        return "%d" % (self.rid)
+        return '%d' % (self.rid)

    def sendIq(self, xml):
-        fullXml = (
-            "<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' sid='%s'>%s</body>"
-            % (self.nextRid(), self.sid, xml)
-        )
-        # print "\t>>>%s" % (fullXml)
+        fullXml = "<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' sid='%s'>%s</body>" % (self.nextRid(), self.sid, xml)
+        #print "\t>>>%s" % (fullXml)
        return self.xmppPoke(fullXml)

    def xmppPoke(self, xml):
-        headers = {"Content-Type": "application/xml"}
+        headers = {'Content-Type': 'application/xml'}
        req = grequests.post(HTTPBIND, verify=False, headers=headers, data=xml)
        resps = grequests.map([req])
        obj = BeautifulSoup(resps[0].content)
        return obj

    def sendAnswer(self, answer):
-        print("sdp from matrix client", answer)
-        p = subprocess.Popen(
-            ["node", "unjingle/unjingle.js", "--sdp"],
-            stdin=subprocess.PIPE,
-            stdout=subprocess.PIPE,
-        )
+        print "sdp from matrix client",answer
+        p = subprocess.Popen(['node', 'unjingle/unjingle.js', '--sdp'], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
        jingle, out_err = p.communicate(answer)
        jingle = jingle % {
-            "tojid": self.callfrom,
-            "action": "session-accept",
-            "initiator": self.callfrom,
-            "responder": self.jid,
-            "sid": self.callsid,
+            'tojid': self.callfrom,
+            'action': 'session-accept',
+            'initiator': self.callfrom,
+            'responder': self.jid,
+            'sid': self.callsid
        }
-        print("answer jingle from sdp", jingle)
+        print "answer jingle from sdp",jingle
        res = self.sendIq(jingle)
-        print("reply from answer: ", res)
+        print "reply from answer: ",res

        self.ssrcs = {}
        jingleSoup = BeautifulSoup(jingle)
-        for cont in jingleSoup.iq.jingle.findAll("content"):
+        for cont in jingleSoup.iq.jingle.findAll('content'):
            if cont.description:
-                self.ssrcs[cont["name"]] = cont.description["ssrc"]
-        print("my ssrcs:", self.ssrcs)
+                self.ssrcs[cont['name']] = cont.description['ssrc']
+        print "my ssrcs:",self.ssrcs

-        gevent.joinall([gevent.spawn(self.advertiseSsrcs)])
+        gevent.joinall([
+                gevent.spawn(self.advertiseSsrcs)
+        ])

    def advertiseSsrcs(self):
-        time.sleep(7)
-        print("SSRC spammer started")
+                time.sleep(7)
+        print "SSRC spammer started"
        while self.running:
-            ssrcMsg = (
-                "<presence to='%(tojid)s' xmlns='jabber:client'><x xmlns='http://jabber.org/protocol/muc'/><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://jitsi.org/jitsimeet' ver='0WkSdhFnAUxrz4ImQQLdB80GFlE='/><nick xmlns='http://jabber.org/protocol/nick'>%(nick)s</nick><stats xmlns='http://jitsi.org/jitmeet/stats'><stat name='bitrate_download' value='175'/><stat name='bitrate_upload' value='176'/><stat name='packetLoss_total' value='0'/><stat name='packetLoss_download' value='0'/><stat name='packetLoss_upload' value='0'/></stats><media xmlns='http://estos.de/ns/mjs'><source type='audio' ssrc='%(assrc)s' direction='sendre'/><source type='video' ssrc='%(vssrc)s' direction='sendre'/></media></presence>"
-                % {
-                    "tojid": "%s@%s/%s" % (ROOMNAME, ROOMDOMAIN, self.shortJid),
-                    "nick": self.userId,
-                    "assrc": self.ssrcs["audio"],
-                    "vssrc": self.ssrcs["video"],
-                }
-            )
+            ssrcMsg = "<presence to='%(tojid)s' xmlns='jabber:client'><x xmlns='http://jabber.org/protocol/muc'/><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://jitsi.org/jitsimeet' ver='0WkSdhFnAUxrz4ImQQLdB80GFlE='/><nick xmlns='http://jabber.org/protocol/nick'>%(nick)s</nick><stats xmlns='http://jitsi.org/jitmeet/stats'><stat name='bitrate_download' value='175'/><stat name='bitrate_upload' value='176'/><stat name='packetLoss_total' value='0'/><stat name='packetLoss_download' value='0'/><stat name='packetLoss_upload' value='0'/></stats><media xmlns='http://estos.de/ns/mjs'><source type='audio' ssrc='%(assrc)s' direction='sendre'/><source type='video' ssrc='%(vssrc)s' direction='sendre'/></media></presence>" % { 'tojid': "%s@%s/%s" % (ROOMNAME, ROOMDOMAIN, self.shortJid), 'nick': self.userId, 'assrc': self.ssrcs['audio'], 'vssrc': self.ssrcs['video'] }
            res = self.sendIq(ssrcMsg)
-            print("reply from ssrc announce: ", res)
+            print "reply from ssrc announce: ",res
            time.sleep(10)

+
+
    def xmppLoop(self):
        self.matrixCallId = time.time()
-        res = self.xmppPoke(
-            "<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' to='%s' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>"
-            % (self.nextRid(), HOST)
-        )
+        res = self.xmppPoke("<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' to='%s' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>" % (self.nextRid(), HOST))

-        print(res)
-        self.sid = res.body["sid"]
-        print("sid %s" % (self.sid))
+        print res
+        self.sid = res.body['sid']
+        print "sid %s" % (self.sid)

-        res = self.sendIq(
-            "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'/>"
-        )
+        res = self.sendIq("<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'/>")

-        res = self.xmppPoke(
-            "<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' sid='%s' to='%s' xml:lang='en' xmpp:restart='true' xmlns:xmpp='urn:xmpp:xbosh'/>"
-            % (self.nextRid(), self.sid, HOST)
-        )
+        res = self.xmppPoke("<body rid='%s' xmlns='http://jabber.org/protocol/httpbind' sid='%s' to='%s' xml:lang='en' xmpp:restart='true' xmlns:xmpp='urn:xmpp:xbosh'/>" % (self.nextRid(), self.sid, HOST))

-        res = self.sendIq(
-            "<iq type='set' id='_bind_auth_2' xmlns='jabber:client'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/></iq>"
-        )
-        print(res)
+        res = self.sendIq("<iq type='set' id='_bind_auth_2' xmlns='jabber:client'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/></iq>")
+        print res

        self.jid = res.body.iq.bind.jid.string
-        print("jid: %s" % (self.jid))
-        self.shortJid = self.jid.split("-")[0]
+        print "jid: %s" % (self.jid)
+        self.shortJid = self.jid.split('-')[0]

-        res = self.sendIq(
-            "<iq type='set' id='_session_auth_2' xmlns='jabber:client'><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/></iq>"
-        )
+        res = self.sendIq("<iq type='set' id='_session_auth_2' xmlns='jabber:client'><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/></iq>")

-        # randomthing = res.body.iq['to']
-        # whatsitpart = randomthing.split('-')[0]
+        #randomthing = res.body.iq['to']
+        #whatsitpart = randomthing.split('-')[0]

-        # print "other random bind thing: %s" % (randomthing)
+        #print "other random bind thing: %s" % (randomthing)

        # advertise preence to the jitsi room, with our nick
-        res = self.sendIq(
-            "<iq type='get' to='%s' xmlns='jabber:client' id='1:sendIQ'><services xmlns='urn:xmpp:extdisco:1'><service host='%s'/></services></iq><presence to='%s@%s/d98f6c40' xmlns='jabber:client'><x xmlns='http://jabber.org/protocol/muc'/><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://jitsi.org/jitsimeet' ver='0WkSdhFnAUxrz4ImQQLdB80GFlE='/><nick xmlns='http://jabber.org/protocol/nick'>%s</nick></presence>"
-            % (HOST, TURNSERVER, ROOMNAME, ROOMDOMAIN, self.userId)
-        )
-        self.muc = {"users": []}
-        for p in res.body.findAll("presence"):
+        res = self.sendIq("<iq type='get' to='%s' xmlns='jabber:client' id='1:sendIQ'><services xmlns='urn:xmpp:extdisco:1'><service host='%s'/></services></iq><presence to='%s@%s/d98f6c40' xmlns='jabber:client'><x xmlns='http://jabber.org/protocol/muc'/><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://jitsi.org/jitsimeet' ver='0WkSdhFnAUxrz4ImQQLdB80GFlE='/><nick xmlns='http://jabber.org/protocol/nick'>%s</nick></presence>" % (HOST, TURNSERVER, ROOMNAME, ROOMDOMAIN, self.userId))
+        self.muc = {'users': []}
+        for p in res.body.findAll('presence'):
            u = {}
-            u["shortJid"] = p["from"].split("/")[1]
+            u['shortJid'] = p['from'].split('/')[1]
            if p.c and p.c.nick:
-                u["nick"] = p.c.nick.string
-            self.muc["users"].append(u)
-        print("muc: ", self.muc)
+                u['nick'] = p.c.nick.string
+            self.muc['users'].append(u)
+        print "muc: ",self.muc

        # wait for stuff
        while True:
-            print("waiting...")
+            print "waiting..."
            res = self.sendIq("")
-            print("got from stream: ", res)
+            print "got from stream: ",res
            if res.body.iq:
-                jingles = res.body.iq.findAll("jingle")
+                jingles = res.body.iq.findAll('jingle')
                if len(jingles):
-                    self.callfrom = res.body.iq["from"]
+                    self.callfrom = res.body.iq['from']
                    self.handleInvite(jingles[0])
-            elif "type" in res.body and res.body["type"] == "terminate":
+            elif 'type' in res.body and res.body['type'] == 'terminate':
                self.running = False
                del xmppClients[self.matrixRoom]
-                return
+                        return

    def handleInvite(self, jingle):
-        self.initiator = jingle["initiator"]
-        self.callsid = jingle["sid"]
-        p = subprocess.Popen(
-            ["node", "unjingle/unjingle.js", "--jingle"],
-            stdin=subprocess.PIPE,
-            stdout=subprocess.PIPE,
-        )
-        print("raw jingle invite", str(jingle))
+        self.initiator = jingle['initiator']
+        self.callsid = jingle['sid']
+        p = subprocess.Popen(['node', 'unjingle/unjingle.js', '--jingle'], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
+        print "raw jingle invite",str(jingle)
        sdp, out_err = p.communicate(str(jingle))
-        print("transformed remote offer sdp", sdp)
+        print "transformed remote offer sdp",sdp
        inviteEvent = {
-            "offer": {"type": "offer", "sdp": sdp},
-            "call_id": self.matrixCallId,
-            "version": 0,
-            "lifetime": 30000,
+            'offer': {
+                'type': 'offer',
+                'sdp': sdp
+            },
+            'call_id': self.matrixCallId,
+            'version': 0,
+            'lifetime': 30000
        }
-        matrixCli.sendEvent(self.matrixRoom, "m.call.invite", inviteEvent)
+        matrixCli.sendEvent(self.matrixRoom, 'm.call.invite', inviteEvent)

+matrixCli = TrivialMatrixClient(ACCESS_TOKEN)

-matrixCli = TrivialMatrixClient(ACCESS_TOKEN)  # Undefined name
+gevent.joinall([
+    gevent.spawn(matrixLoop)
+])

-gevent.joinall([gevent.spawn(matrixLoop)])
--- a/contrib/purge_api/README.md
+++ b/contrib/purge_api/README.md
@@ -3,7 +3,7 @@ Purge history API examples

 # `purge_history.sh`

-A bash file, that uses the [purge history API](/docs/admin_api/purge_history_api.rst) to 
+A bash file, that uses the [purge history API](/docs/admin_api/README.rst) to 
 purge all messages in a list of rooms up to a certain event. You can select a 
 timeframe or a number of messages that you want to keep in the room.

@@ -12,5 +12,5 @@ the script.

 # `purge_remote_media.sh`

-A bash file, that uses the [purge history API](/docs/admin_api/purge_history_api.rst) to 
+A bash file, that uses the [purge history API](/docs/admin_api/README.rst) to 
 purge all old cached remote media.
--- a/contrib/purge_api/purge_remote_media.sh
+++ b/contrib/purge_api/purge_remote_media.sh
@@ -51,4 +51,4 @@ TOKEN=$(sql "SELECT token FROM access_tokens WHERE user_id='$ADMIN' ORDER BY id
 # finally start pruning media:
 ###############################################################################
 set -x # for debugging the generated string
-curl --header "Authorization: Bearer $TOKEN" -X POST "$API_URL/admin/purge_media_cache/?before_ts=$UNIX_TIMESTAMP"
+curl --header "Authorization: Bearer $TOKEN" -v POST "$API_URL/admin/purge_media_cache/?before_ts=$UNIX_TIMESTAMP"
--- a/contrib/scripts/kick_users.py
+++ b/contrib/scripts/kick_users.py
@@ -1,40 +1,34 @@
 #!/usr/bin/env python
-from __future__ import print_function
 from argparse import ArgumentParser
 import json
 import requests
 import sys
 import urllib

-try:
-    raw_input
-except NameError:  # Python 3
-    raw_input = input
-
-
 def _mkurl(template, kws):
    for key in kws:
        template = template.replace(key, kws[key])
    return template

-
 def main(hs, room_id, access_token, user_id_prefix, why):
    if not why:
        why = "Automated kick."
-    print(
-        "Kicking members on %s in room %s matching %s" % (hs, room_id, user_id_prefix)
-    )
+    print "Kicking members on %s in room %s matching %s" % (hs, room_id, user_id_prefix)
    room_state_url = _mkurl(
        "$HS/_matrix/client/api/v1/rooms/$ROOM/state?access_token=$TOKEN",
-        {"$HS": hs, "$ROOM": room_id, "$TOKEN": access_token},
+        {
+            "$HS": hs,
+            "$ROOM": room_id,
+            "$TOKEN": access_token
+        }
    )
-    print("Getting room state => %s" % room_state_url)
+    print "Getting room state => %s" % room_state_url
    res = requests.get(room_state_url)
-    print("HTTP %s" % res.status_code)
+    print "HTTP %s" % res.status_code
    state_events = res.json()
    if "error" in state_events:
-        print("FATAL")
-        print(state_events)
+        print "FATAL"
+        print state_events
        return

    kick_list = []
@@ -50,40 +44,47 @@ def main(hs, room_id, access_token, user_id_prefix, why):
            kick_list.append(event["state_key"])

    if len(kick_list) == 0:
-        print("No user IDs match the prefix '%s'" % user_id_prefix)
+        print "No user IDs match the prefix '%s'" % user_id_prefix
        return

-    print("The following user IDs will be kicked from %s" % room_name)
+    print "The following user IDs will be kicked from %s" % room_name
    for uid in kick_list:
-        print(uid)
+        print uid
    doit = raw_input("Continue? [Y]es\n")
-    if len(doit) > 0 and doit.lower() == "y":
-        print("Kicking members...")
+    if len(doit) > 0 and doit.lower() == 'y':
+        print "Kicking members..."
        # encode them all
        kick_list = [urllib.quote(uid) for uid in kick_list]
        for uid in kick_list:
            kick_url = _mkurl(
                "$HS/_matrix/client/api/v1/rooms/$ROOM/state/m.room.member/$UID?access_token=$TOKEN",
-                {"$HS": hs, "$UID": uid, "$ROOM": room_id, "$TOKEN": access_token},
+                {
+                    "$HS": hs,
+                    "$UID": uid,
+                    "$ROOM": room_id,
+                    "$TOKEN": access_token
+                }
            )
-            kick_body = {"membership": "leave", "reason": why}
-            print("Kicking %s" % uid)
+            kick_body = {
+                "membership": "leave",
+                "reason": why
+            }
+            print "Kicking %s" % uid
            res = requests.put(kick_url, data=json.dumps(kick_body))
            if res.status_code != 200:
-                print("ERROR: HTTP %s" % res.status_code)
+                print "ERROR: HTTP %s" % res.status_code
            if res.json().get("error"):
-                print("ERROR: JSON %s" % res.json())
-
+                print "ERROR: JSON %s" % res.json()
+            
+    

 if __name__ == "__main__":
    parser = ArgumentParser("Kick members in a room matching a certain user ID prefix.")
-    parser.add_argument("-u", "--user-id", help="The user ID prefix e.g. '@irc_'")
-    parser.add_argument("-t", "--token", help="Your access_token")
-    parser.add_argument("-r", "--room", help="The room ID to kick members in")
-    parser.add_argument(
-        "-s", "--homeserver", help="The base HS url e.g. http://matrix.org"
-    )
-    parser.add_argument("-w", "--why", help="Reason for the kick. Optional.")
+    parser.add_argument("-u","--user-id",help="The user ID prefix e.g. '@irc_'")
+    parser.add_argument("-t","--token",help="Your access_token")
+    parser.add_argument("-r","--room",help="The room ID to kick members in")
+    parser.add_argument("-s","--homeserver",help="The base HS url e.g. http://matrix.org")
+    parser.add_argument("-w","--why",help="Reason for the kick. Optional.")
    args = parser.parse_args()
    if not args.room or not args.token or not args.user_id or not args.homeserver:
        parser.print_help()
--- a/contrib/systemd-with-workers/system/matrix-synapse-worker@.service
+++ b/contrib/systemd-with-workers/system/matrix-synapse-worker@.service
@@ -4,8 +4,7 @@ After=matrix-synapse.service
 BindsTo=matrix-synapse.service

 [Service]
-Type=notify
-NotifyAccess=main
+Type=simple
 User=matrix-synapse
 WorkingDirectory=/var/lib/matrix-synapse
 EnvironmentFile=/etc/default/matrix-synapse
--- a/contrib/systemd-with-workers/system/matrix-synapse.service
+++ b/contrib/systemd-with-workers/system/matrix-synapse.service
@@ -2,8 +2,7 @@
 Description=Synapse Matrix Homeserver

 [Service]
-Type=notify
-NotifyAccess=main
+Type=simple
 User=matrix-synapse
 WorkingDirectory=/var/lib/matrix-synapse
 EnvironmentFile=/etc/default/matrix-synapse
--- a/contrib/systemd/log_config.yaml
+++ b/contrib/systemd/log_config.yaml
@@ -8,7 +8,7 @@ formatters:

 filters:
    context:
-        (): synapse.logging.context.LoggingContextFilter
+        (): synapse.util.logcontext.LoggingContextFilter
        request: ""

 handlers:
--- a/contrib/systemd/matrix-synapse.service
+++ b/contrib/systemd/matrix-synapse.service
@@ -14,9 +14,7 @@
 Description=Synapse Matrix homeserver

 [Service]
-Type=notify
-NotifyAccess=main
-ExecReload=/bin/kill -HUP $MAINPID
+Type=simple
 Restart=on-abort

 User=synapse
--- a/debian/build_virtualenv
+++ b/debian/build_virtualenv
@@ -43,7 +43,7 @@ dh_virtualenv \
    --preinstall="mock" \
    --extra-pip-arg="--no-cache-dir" \
    --extra-pip-arg="--compile" \
-    --extras="all,systemd"
+    --extras="all"

 PACKAGE_BUILD_DIR="debian/matrix-synapse-py3"
 VIRTUALENV_DIR="${PACKAGE_BUILD_DIR}${DH_VIRTUALENV_INSTALL_ROOT}/matrix-synapse"
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,54 +1,3 @@
-matrix-synapse-py3 (1.3.1) stable; urgency=medium
-
-  * New synapse release 1.3.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Sat, 17 Aug 2019 09:15:49 +0100
-
-matrix-synapse-py3 (1.3.0) stable; urgency=medium
-
-  [ Andrew Morgan ]
-  * Remove libsqlite3-dev from required build dependencies.
-
-  [ Synapse Packaging team ]
-  * New synapse release 1.3.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 15 Aug 2019 12:04:23 +0100
-
-matrix-synapse-py3 (1.2.0) stable; urgency=medium
-
-  [ Amber Brown ]
-  * Update logging config defaults to match API changes in Synapse.
-
-  [ Richard van der Hoff ]
-  * Add Recommends and Depends for some libraries which you probably want.
-
-  [ Synapse Packaging team ]
-  * New synapse release 1.2.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 25 Jul 2019 14:10:07 +0100
-
-matrix-synapse-py3 (1.1.0) stable; urgency=medium
-
-  [ Silke Hofstra ]
-  * Include systemd-python to allow logging to the systemd journal.
-
-  [ Synapse Packaging team ]
-  * New synapse release 1.1.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 04 Jul 2019 11:43:41 +0100
-
-matrix-synapse-py3 (1.0.0) stable; urgency=medium
-
-  * New synapse release 1.0.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 11 Jun 2019 17:09:53 +0100
-
-matrix-synapse-py3 (0.99.5.2) stable; urgency=medium
-
-  * New synapse release 0.99.5.2.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 30 May 2019 16:28:07 +0100
-
 matrix-synapse-py3 (0.99.5.1) stable; urgency=medium

  * New synapse release 0.99.5.1.
--- a/debian/control
+++ b/debian/control
@@ -2,13 +2,10 @@ Source: matrix-synapse-py3
 Section: contrib/python
 Priority: extra
 Maintainer: Synapse Packaging team <packages@matrix.org>
-# keep this list in sync with the build dependencies in docker/Dockerfile-dhvirtualenv.
 Build-Depends:
 debhelper (>= 9),
 dh-systemd,
 dh-virtualenv (>= 1.1),
- libsystemd-dev,
- libpq-dev,
 lsb-release,
 python3-dev,
 python3,
@@ -31,12 +28,9 @@ Depends:
 debconf,
 python3-distutils|libpython3-stdlib (<< 3.6),
 ${misc:Depends},
- ${shlibs:Depends},
 ${synapse:pydepends},
 # some of our scripts use perl, but none of them are important,
 # so we put perl:Depends in Suggests rather than Depends.
-Recommends:
- ${shlibs1:Recommends},
 Suggests:
 sqlite3,
 ${perl:Depends},
--- a/debian/log.yaml
+++ b/debian/log.yaml
@@ -7,7 +7,7 @@ formatters:

 filters:
  context:
-    (): synapse.logging.context.LoggingContextFilter
+    (): synapse.util.logcontext.LoggingContextFilter
    request: ""

 handlers:
--- a/debian/rules
+++ b/debian/rules
@@ -3,29 +3,15 @@
 # Build Debian package using https://github.com/spotify/dh-virtualenv
 #

-# assume we only have one package
-PACKAGE_NAME:=`dh_listpackages`
-
 override_dh_systemd_enable:
 	dh_systemd_enable --name=matrix-synapse

 override_dh_installinit:
 	dh_installinit --name=matrix-synapse

-# we don't really want to strip the symbols from our object files.
 override_dh_strip:

 override_dh_shlibdeps:
-        # make the postgres package's dependencies a recommendation
-        # rather than a hard dependency.
-	find debian/$(PACKAGE_NAME)/ -path '*/site-packages/psycopg2/*.so' | \
-	    xargs dpkg-shlibdeps -Tdebian/$(PACKAGE_NAME).substvars \
-	        -pshlibs1 -dRecommends
-
-        # all the other dependencies can be normal 'Depends' requirements,
-        # except for PIL's, which is self-contained and which confuses
-        # dpkg-shlibdeps.
-	dh_shlibdeps -X site-packages/PIL/.libs -X site-packages/psycopg2

 override_dh_virtualenv:
 	./debian/build_virtualenv
--- a/demo/README
+++ b/demo/README
@@ -1,13 +1,9 @@
-DO NOT USE THESE DEMO SERVERS IN PRODUCTION
-
 Requires you to have done:
    python setup.py develop


-The demo start.sh will start three synapse servers on ports 8080, 8081 and 8082, with host names localhost:$port. This can be easily changed to `hostname`:$port in start.sh if required.
-
-To enable the servers to communicate untrusted ssl certs are used. In order to do this the servers do not check the certs
-and are configured in a highly insecure way. Do not use these configuration files in production.
+The demo start.sh will start three synapse servers on ports 8080, 8081 and 8082, with host names localhost:$port. This can be easily changed to `hostname`:$port in start.sh if required. 
+It will also start a web server on port 8000 pointed at the webclient.

 stop.sh will stop the synapse servers and the webclient.

--- a/demo/start.sh
+++ b/demo/start.sh
@@ -21,76 +21,14 @@ for port in 8080 8081 8082; do
    pushd demo/$port

    #rm $DIR/etc/$port.config
-    python3 -m synapse.app.homeserver \
+    python -m synapse.app.homeserver \
        --generate-config \
        -H "localhost:$https_port" \
        --config-path "$DIR/etc/$port.config" \
        --report-stats no

-    if ! grep -F "Customisation made by demo/start.sh" -q  $DIR/etc/$port.config; then
-        printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config
-
-        echo 'enable_registration: true' >> $DIR/etc/$port.config
-
-        # Warning, this heredoc depends on the interaction of tabs and spaces. Please don't
-        # accidentaly bork me with your fancy settings.
-		listeners=$(cat <<-PORTLISTENERS
-		# Configure server to listen on both $https_port and $port
-		# This overides some of the default settings above
-		listeners:
-		  - port: $https_port
-		    type: http
-		    tls: true
-		    resources:
-		      - names: [client, federation]
-
-		  - port: $port
-		    tls: false
-		    bind_addresses: ['::1', '127.0.0.1']
-		    type: http
-		    x_forwarded: true
-		    resources:
-		      - names: [client, federation]
-		        compress: false
-		PORTLISTENERS
-		)
-        echo "${listeners}" >> $DIR/etc/$port.config
-
-        # Disable tls for the servers
-        printf '\n\n# Disable tls on the servers.' >> $DIR/etc/$port.config
-        echo '# DO NOT USE IN PRODUCTION' >> $DIR/etc/$port.config
-        echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> $DIR/etc/$port.config
-        echo 'federation_verify_certificates: false' >> $DIR/etc/$port.config
-
-        # Set tls paths
-        echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> $DIR/etc/$port.config
-        echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config
-
-        # Generate tls keys
-        openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost\:$https_port.tls.key -out $DIR/etc/localhost\:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix"
-
-        # Ignore keys from the trusted keys server
-        echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config
-        echo 'trusted_key_servers:' >> $DIR/etc/$port.config
-        echo '  - server_name: "matrix.org"' >> $DIR/etc/$port.config
-        echo '    accept_keys_insecurely: true' >> $DIR/etc/$port.config
-
-        # Reduce the blacklist
-        blacklist=$(cat <<-BLACK
-		# Set the blacklist so that it doesn't include 127.0.0.1
-		federation_ip_range_blacklist:
-		  - '10.0.0.0/8'
-		  - '172.16.0.0/12'
-		  - '192.168.0.0/16'
-		  - '100.64.0.0/10'
-		  - '169.254.0.0/16'
-		  - '::1/128'
-		  - 'fe80::/64'
-		  - 'fc00::/7'
-		BLACK
-		)
-        echo "${blacklist}" >> $DIR/etc/$port.config
-    fi
+    printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config
+    echo 'enable_registration: true' >> $DIR/etc/$port.config

    # Check script parameters
    if [ $# -eq 1 ]; then
@@ -117,9 +55,10 @@ for port in 8080 8081 8082; do
        echo "report_stats: false" >> $DIR/etc/$port.config
    fi

-    python3 -m synapse.app.homeserver \
+    python -m synapse.app.homeserver \
        --config-path "$DIR/etc/$port.config" \
        -D \
+        -vv \

    popd
 done
--- a/demo/webserver.py
+++ b/demo/webserver.py
@@ -6,25 +6,23 @@ import cgi, logging

 from daemonize import Daemonize

-
 class SimpleHTTPRequestHandlerWithPOST(SimpleHTTPServer.SimpleHTTPRequestHandler):
    UPLOAD_PATH = "upload"

    """
    Accept all post request as file upload
    """
-
    def do_POST(self):

        path = os.path.join(self.UPLOAD_PATH, os.path.basename(self.path))
-        length = self.headers["content-length"]
+        length = self.headers['content-length']
        data = self.rfile.read(int(length))

-        with open(path, "wb") as fh:
+        with open(path, 'wb') as fh:
            fh.write(data)

        self.send_response(200)
-        self.send_header("Content-Type", "application/json")
+        self.send_header('Content-Type', 'application/json')
        self.end_headers()

        # Return the absolute path of the uploaded file
@@ -35,25 +33,30 @@ def setup():
    parser = argparse.ArgumentParser()
    parser.add_argument("directory")
    parser.add_argument("-p", "--port", dest="port", type=int, default=8080)
-    parser.add_argument("-P", "--pid-file", dest="pid", default="web.pid")
+    parser.add_argument('-P', "--pid-file", dest="pid", default="web.pid")
    args = parser.parse_args()

    # Get absolute path to directory to serve, as daemonize changes to '/'
    os.chdir(args.directory)
    dr = os.getcwd()

-    httpd = BaseHTTPServer.HTTPServer(("", args.port), SimpleHTTPRequestHandlerWithPOST)
+    httpd = BaseHTTPServer.HTTPServer(
+        ('', args.port),
+        SimpleHTTPRequestHandlerWithPOST
+    )

    def run():
        os.chdir(dr)
        httpd.serve_forever()

    daemon = Daemonize(
-        app="synapse-webclient", pid=args.pid, action=run, auto_close_fds=False
-    )
+            app="synapse-webclient",
+            pid=args.pid,
+            action=run,
+            auto_close_fds=False,
+        )

    daemon.start()

-
-if __name__ == "__main__":
+if __name__ == '__main__':
    setup()
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,12 +11,12 @@
 #    docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.6 .
 #

-ARG PYTHON_VERSION=3.7
+ARG PYTHON_VERSION=2

 ###
 ### Stage 0: builder
 ###
-FROM docker.io/python:${PYTHON_VERSION}-alpine3.10 as builder
+FROM docker.io/python:${PYTHON_VERSION}-alpine3.8 as builder

 # install the OS build deps

@@ -55,9 +55,8 @@ RUN pip install --prefix="/install" --no-warn-script-location \
 ### Stage 1: runtime
 ###

-FROM docker.io/python:${PYTHON_VERSION}-alpine3.10
+FROM docker.io/python:${PYTHON_VERSION}-alpine3.8

-# xmlsec is required for saml support
 RUN apk add --no-cache --virtual .runtime_deps \
        libffi \
        libjpeg-turbo \
@@ -65,9 +64,7 @@ RUN apk add --no-cache --virtual .runtime_deps \
        libxslt \
        libpq \
        zlib \
-        su-exec \
-        tzdata \
-        xmlsec
+        su-exec

 COPY --from=builder /install /usr/local
 COPY ./docker/start.py /start.py
--- a/docker/Dockerfile-dhvirtualenv
+++ b/docker/Dockerfile-dhvirtualenv
@@ -42,15 +42,7 @@ RUN cd dh-virtualenv-1.1 && dpkg-buildpackage -us -uc -b
 ###
 FROM ${distro}

-# Get the distro we want to pull from as a dynamic build variable
-# (We need to define it in each build stage)
-ARG distro=""
-ENV distro ${distro}
-
 # Install the build dependencies
-#
-# NB: keep this list in sync with the list of build-deps in debian/control
-# TODO: it would be nice to do that automatically.
 RUN apt-get update -qq -o Acquire::Languages=none \
    && env DEBIAN_FRONTEND=noninteractive apt-get install \
        -yqq --no-install-recommends -o Dpkg::Options::=--force-unsafe-io \
--- a/docker/Dockerfile-pgtests
+++ b/docker/Dockerfile-pgtests
@@ -3,10 +3,10 @@
 FROM matrixdotorg/sytest:latest

 # The Sytest image doesn't come with python, so install that
-RUN apt-get update && apt-get -qq install -y python3 python3-dev python3-pip
+RUN apt-get -qq install -y python python-dev python-pip

 # We need tox to run the tests in run_pg_tests.sh
-RUN python3 -m pip install tox
+RUN pip install tox

 ADD run_pg_tests.sh /pg_tests.sh
 ENTRYPOINT /pg_tests.sh
--- a/docker/README.md
+++ b/docker/README.md
@@ -6,11 +6,39 @@ postgres database.

 The image also does *not* provide a TURN server.

+## Run
+
+### Using docker-compose (easier)
+
+This image is designed to run either with an automatically generated
+configuration file or with a custom configuration that requires manual editing.
+
+An easy way to make use of this image is via docker-compose. See the
+[contrib/docker](../contrib/docker) section of the synapse project for
+examples.
+
+### Without Compose (harder)
+
+If you do not wish to use Compose, you may still run this image using plain
+Docker commands. Note that the following is just a guideline and you may need
+to add parameters to the docker run command to account for the network situation
+with your postgres database.
+
+```
+docker run \
+    -d \
+    --name synapse \
+    --mount type=volume,src=synapse-data,dst=/data \
+    -e SYNAPSE_SERVER_NAME=my.matrix.host \
+    -e SYNAPSE_REPORT_STATS=yes \
+    -p 8448:8448 \
+    matrixdotorg/synapse:latest
+```
+
 ## Volumes

-By default, the image expects a single volume, located at ``/data``, that will hold:
+The image expects a single volume, located at ``/data``, that will hold:

-* configuration files;
 * temporary files during uploads;
 * uploaded media and thumbnails;
 * the SQLite database if you do not configure postgres;
@@ -25,106 +53,129 @@ In order to setup an application service, simply create an ``appservices``
 directory in the data volume and write the application service Yaml
 configuration file there. Multiple application services are supported.

-## Generating a configuration file
+## TLS certificates

-The first step is to genearte a valid config file. To do this, you can run the
-image with the `generate` commandline option.
+Synapse requires a valid TLS certificate. You can do one of the following:

-You will need to specify values for the `SYNAPSE_SERVER_NAME` and
-`SYNAPSE_REPORT_STATS` environment variable, and mount a docker volume to store
-the configuration on. For example:
+ * Provide your own certificate and key (as
+   `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.crt` and
+   `${DATA_PATH}/${SYNAPSE_SERVER_NAME}.tls.key`, or elsewhere by providing an
+   entire config as `${SYNAPSE_CONFIG_PATH}`). In this case, you should forward
+   traffic to port 8448 in the container, for example with `-p 443:8448`.
+
+ * Use a reverse proxy to terminate incoming TLS, and forward the plain http
+   traffic to port 8008 in the container. In this case you should set `-e
+   SYNAPSE_NO_TLS=1`.
+
+ * Use the ACME (Let's Encrypt) support built into Synapse. This requires
+   `${SYNAPSE_SERVER_NAME}` port 80 to be forwarded to port 8009 in the
+   container, for example with `-p 80:8009`. To enable it in the docker
+   container, set `-e SYNAPSE_ACME=1`.
+
+If you don't do any of these, Synapse will fail to start with an error similar to:
+
+    synapse.config._base.ConfigError: Error accessing file '/data/<server_name>.tls.crt' (config for tls_certificate): No such file or directory
+
+## Environment
+
+Unless you specify a custom path for the configuration file, a very generic
+file will be generated, based on the following environment settings.
+These are a good starting point for setting up your own deployment.
+
+Global settings:
+
+* ``UID``, the user id Synapse will run as [default 991]
+* ``GID``, the group id Synapse will run as [default 991]
+* ``SYNAPSE_CONFIG_PATH``, path to a custom config file
+
+If ``SYNAPSE_CONFIG_PATH`` is set, you should generate a configuration file
+then customize it manually: see [Generating a config
+file](#generating-a-config-file).
+
+Otherwise, a dynamic configuration file will be used.
+
+### Environment variables used to build a dynamic configuration file
+
+The following environment variables are used to build the configuration file
+when ``SYNAPSE_CONFIG_PATH`` is not set.
+
+* ``SYNAPSE_SERVER_NAME`` (mandatory), the server public hostname.
+* ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
+  statistics reporting back to the Matrix project which helps us to get funding.
+* `SYNAPSE_NO_TLS`, (accepts `true`, `false`, `on`, `off`, `1`, `0`, `yes`, `no`]): disable
+  TLS in Synapse (use this if you run your own TLS-capable reverse proxy). Defaults
+  to `false` (ie, TLS is enabled by default).
+* ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
+  the Synapse instance.
+* ``SYNAPSE_ALLOW_GUEST``, set this variable to allow guest joining this server.
+* ``SYNAPSE_EVENT_CACHE_SIZE``, the event cache size [default `10K`].
+* ``SYNAPSE_RECAPTCHA_PUBLIC_KEY``, set this variable to the recaptcha public
+  key in order to enable recaptcha upon registration.
+* ``SYNAPSE_RECAPTCHA_PRIVATE_KEY``, set this variable to the recaptcha private
+  key in order to enable recaptcha upon registration.
+* ``SYNAPSE_TURN_URIS``, set this variable to the coma-separated list of TURN
+  uris to enable TURN for this homeserver.
+* ``SYNAPSE_TURN_SECRET``, set this to the TURN shared secret if required.
+* ``SYNAPSE_MAX_UPLOAD_SIZE``, set this variable to change the max upload size
+  [default `10M`].
+* ``SYNAPSE_ACME``: set this to enable the ACME certificate renewal support.
+
+Shared secrets, that will be initialized to random values if not set:
+
+* ``SYNAPSE_REGISTRATION_SHARED_SECRET``, secret for registrering users if
+  registration is disable.
+* ``SYNAPSE_MACAROON_SECRET_KEY`` secret for signing access tokens
+  to the server.
+
+Database specific values (will use SQLite if not set):
+
+* `POSTGRES_DB` - The database name for the synapse postgres
+  database. [default: `synapse`]
+* `POSTGRES_HOST` - The host of the postgres database if you wish to use
+  postgresql instead of sqlite3. [default: `db` which is useful when using a
+  container on the same docker network in a compose file where the postgres
+  service is called `db`]
+* `POSTGRES_PASSWORD` - The password for the synapse postgres database. **If
+  this is set then postgres will be used instead of sqlite3.** [default: none]
+  **NOTE**: You are highly encouraged to use postgresql! Please use the compose
+  file to make it easier to deploy.
+* `POSTGRES_USER` - The user for the synapse postgres database. [default:
+  `synapse`]
+
+Mail server specific values (will not send emails if not set):
+
+* ``SYNAPSE_SMTP_HOST``, hostname to the mail server.
+* ``SYNAPSE_SMTP_PORT``, TCP port for accessing the mail server [default
+  ``25``].
+* ``SYNAPSE_SMTP_USER``, username for authenticating against the mail server if
+  any.
+* ``SYNAPSE_SMTP_PASSWORD``, password for authenticating against the mail
+  server if any.
+
+### Generating a config file
+
+It is possible to generate a basic configuration file for use with
+`SYNAPSE_CONFIG_PATH` using the `generate` commandline option. You will need to
+specify values for `SYNAPSE_CONFIG_PATH`, `SYNAPSE_SERVER_NAME` and
+`SYNAPSE_REPORT_STATS`, and mount a docker volume to store the data on. For
+example:

 ```
 docker run -it --rm \
    --mount type=volume,src=synapse-data,dst=/data \
+    -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml \
    -e SYNAPSE_SERVER_NAME=my.matrix.host \
    -e SYNAPSE_REPORT_STATS=yes \
    matrixdotorg/synapse:latest generate
 ```

-For information on picking a suitable server name, see
-https://github.com/matrix-org/synapse/blob/master/INSTALL.md.
-
-The above command will generate a `homeserver.yaml` in (typically)
-`/var/lib/docker/volumes/synapse-data/_data`. You should check this file, and
-customise it to your needs.
-
-The following environment variables are supported in `generate` mode:
-
-* `SYNAPSE_SERVER_NAME` (mandatory): the server public hostname.
-* `SYNAPSE_REPORT_STATS` (mandatory, `yes` or `no`): whether to enable
-  anonymous statistics reporting.
-* `SYNAPSE_CONFIG_DIR`: where additional config files (such as the log config
-  and event signing key) will be stored. Defaults to `/data`.
-* `SYNAPSE_CONFIG_PATH`: path to the file to be generated. Defaults to
-  `<SYNAPSE_CONFIG_DIR>/homeserver.yaml`.
-* `SYNAPSE_DATA_DIR`: where the generated config will put persistent data
-  such as the datatase and media store. Defaults to `/data`.
-* `UID`, `GID`: the user id and group id to use for creating the data
-  directories. Defaults to `991`, `991`.
-
-## Running synapse
-
-Once you have a valid configuration file, you can start synapse as follows:
+This will generate a `homeserver.yaml` in (typically)
+`/var/lib/docker/volumes/synapse-data/_data`, which you can then customise and
+use with:

 ```
 docker run -d --name synapse \
    --mount type=volume,src=synapse-data,dst=/data \
-    -p 8008:8008 \
+    -e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml \
    matrixdotorg/synapse:latest
 ```
-
-You can then check that it has started correctly with:
-
-```
-docker logs synapse
-```
-
-If all is well, you should now be able to connect to http://localhost:8008 and
-see a confirmation message.
-
-The following environment variables are supported in run mode:
-
-* `SYNAPSE_CONFIG_DIR`: where additional config files are stored. Defaults to
-  `/data`.
-* `SYNAPSE_CONFIG_PATH`: path to the config file. Defaults to
-  `<SYNAPSE_CONFIG_DIR>/homeserver.yaml`.
-* `UID`, `GID`: the user and group id to run Synapse as. Defaults to `991`, `991`.
-* `TZ`: the [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) the container will run with. Defaults to `UTC`.
-
-## TLS support
-
-The default configuration exposes a single HTTP port: http://localhost:8008. It
-is suitable for local testing, but for any practical use, you will either need
-to use a reverse proxy, or configure Synapse to expose an HTTPS port.
-
-For documentation on using a reverse proxy, see
-https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst.
-
-For more information on enabling TLS support in synapse itself, see
-https://github.com/matrix-org/synapse/blob/master/INSTALL.md#tls-certificates. Of
-course, you will need to expose the TLS port from the container with a `-p`
-argument to `docker run`.
-
-## Legacy dynamic configuration file support
-
-For backwards-compatibility only, the docker image supports creating a dynamic
-configuration file based on environment variables. This is now deprecated, but
-is enabled when the `SYNAPSE_SERVER_NAME` variable is set (and `generate` is
-not given).
-
-To migrate from a dynamic configuration file to a static one, run the docker
-container once with the environment variables set, and `migrate_config`
-commandline option. For example:
-
-```
-docker run -it --rm \
-    --mount type=volume,src=synapse-data,dst=/data \
-    -e SYNAPSE_SERVER_NAME=my.matrix.host \
-    -e SYNAPSE_REPORT_STATS=yes \
-    matrixdotorg/synapse:latest migrate_config
-```
-
-This will generate the same configuration file as the legacy mode used, but
-will store it in `/data/homeserver.yaml` instead of a temporary location. You
-can then use it as shown above at [Running synapse](#running-synapse).
--- a/docker/build_debian.sh
+++ b/docker/build_debian.sh
@@ -4,8 +4,7 @@

 set -ex

-# Get the codename from distro env
-DIST=`cut -d ':' -f2 <<< $distro`
+DIST=`lsb_release -c -s`

 # we get a read-only copy of the source: make a writeable copy
 cp -aT /synapse/source /synapse/build
--- a/docker/conf/homeserver.yaml
+++ b/docker/conf/homeserver.yaml
@@ -21,7 +21,7 @@ server_name: "{{ SYNAPSE_SERVER_NAME }}"
 pid_file: /homeserver.pid
 web_client: False
 soft_file_limit: 0
-log_config: "{{ SYNAPSE_LOG_CONFIG }}"
+log_config: "/compiled/log.config"

 ## Ports ##

@@ -207,3 +207,22 @@ perspectives:

 password_config:
   enabled: true
+
+{% if SYNAPSE_SMTP_HOST %}
+email:
+   enable_notifs: false
+   smtp_host: "{{ SYNAPSE_SMTP_HOST }}"
+   smtp_port: {{ SYNAPSE_SMTP_PORT or "25" }}
+   smtp_user: "{{ SYNAPSE_SMTP_USER }}"
+   smtp_pass: "{{ SYNAPSE_SMTP_PASSWORD }}"
+   require_transport_security: False
+   notif_from: "{{ SYNAPSE_SMTP_FROM or "hostmaster@" + SYNAPSE_SERVER_NAME }}"
+   app_name: Matrix
+   # if template_dir is unset, uses the example templates that are part of
+   # the Synapse distribution.
+   #template_dir: res/templates
+   notif_template_html: notif_mail.html
+   notif_template_text: notif_mail.txt
+   notif_for_new_users: True
+   riot_base_url: "https://{{ SYNAPSE_SERVER_NAME }}"
+{% endif %}
--- a/docker/conf/log.config
+++ b/docker/conf/log.config
@@ -2,11 +2,11 @@ version: 1

 formatters:
  precise:
-   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'

 filters:
  context:
-    (): synapse.logging.context.LoggingContextFilter
+    (): synapse.util.logcontext.LoggingContextFilter
    request: ""

 handlers:
@@ -16,11 +16,14 @@ handlers:
    filters: [context]

 loggers:
+    synapse:
+        level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}
+
    synapse.storage.SQL:
        # beware: increasing this to DEBUG will make synapse log sensitive
        # information such as access tokens.
-        level: INFO
+        level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}

 root:
-    level: {{ SYNAPSE_LOG_LEVEL or "INFO" }}
+    level: {{ SYNAPSE_LOG_LEVEL or "WARNING" }}
    handlers: [console]
--- a/docker/run_pg_tests.sh
+++ b/docker/run_pg_tests.sh
@@ -17,4 +17,4 @@ su -c '/usr/lib/postgresql/9.6/bin/pg_ctl -w -D /var/lib/postgresql/data start'
 # Run the tests
 cd /src
 export TRIAL_FLAGS="-j 4"
-tox --workdir=/tmp -e py35-postgres
+tox --workdir=/tmp -e py27-postgres
--- a/docker/start.py
+++ b/docker/start.py
@@ -1,243 +1,89 @@
 #!/usr/local/bin/python

-import codecs
-import glob
-import os
-import subprocess
-import sys
-
 import jinja2
-
+import os
+import sys
+import subprocess
+import glob
+import codecs

 # Utility functions
-def log(txt):
-    print(txt, file=sys.stderr)
+convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))

+def check_arguments(environ, args):
+    for argument in args:
+        if argument not in environ:
+            print("Environment variable %s is mandatory, exiting." % argument)
+            sys.exit(2)

-def error(txt):
-    log(txt)
-    sys.exit(2)
-
-
-def convert(src, dst, environ):
-    """Generate a file from a template
-
-    Args:
-        src (str): path to input file
-        dst (str): path to file to write
-        environ (dict): environment dictionary, for replacement mappings.
-    """
-    with open(src) as infile:
-        template = infile.read()
-    rendered = jinja2.Template(template).render(**environ)
-    with open(dst, "w") as outfile:
-        outfile.write(rendered)
-
-
-def generate_config_from_template(config_dir, config_path, environ, ownership):
-    """Generate a homeserver.yaml from environment variables
-
-    Args:
-        config_dir (str): where to put generated config files
-        config_path (str): where to put the main config file
-        environ (dict): environment dictionary
-        ownership (str): "<user>:<group>" string which will be used to set
-            ownership of the generated configs
-    """
-    for v in ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"):
-        if v not in environ:
-            error(
-                "Environment variable '%s' is mandatory when generating a config file."
-                % (v,)
-            )
-
-    # populate some params from data files (if they exist, else create new ones)
-    environ = environ.copy()
-    secrets = {
-        "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
-        "macaroon": "SYNAPSE_MACAROON_SECRET_KEY",
-    }
-
+def generate_secrets(environ, secrets):
    for name, secret in secrets.items():
        if secret not in environ:
            filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
-
-            # if the file already exists, load in the existing value; otherwise,
-            # generate a new secret and write it to a file
-
            if os.path.exists(filename):
-                log("Reading %s from %s" % (secret, filename))
-                with open(filename) as handle:
-                    value = handle.read()
+                with open(filename) as handle: value = handle.read()
            else:
-                log("Generating a random secret for {}".format(secret))
+                print("Generating a random secret for {}".format(name))
                value = codecs.encode(os.urandom(32), "hex").decode()
-                with open(filename, "w") as handle:
-                    handle.write(value)
+                with open(filename, "w") as handle: handle.write(value)
            environ[secret] = value

-    environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
-    if not os.path.exists(config_dir):
-        os.mkdir(config_dir)
+# Prepare the configuration
+mode = sys.argv[1] if len(sys.argv) > 1 else None
+environ = os.environ.copy()
+ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
+args = ["python", "-m", "synapse.app.homeserver"]

-    # Convert SYNAPSE_NO_TLS to boolean if exists
-    if "SYNAPSE_NO_TLS" in environ:
-        tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
-        if tlsanswerstring in ("true", "on", "1", "yes"):
-            environ["SYNAPSE_NO_TLS"] = True
-        else:
-            if tlsanswerstring in ("false", "off", "0", "no"):
-                environ["SYNAPSE_NO_TLS"] = False
-            else:
-                error(
-                    'Environment variable "SYNAPSE_NO_TLS" found but value "'
-                    + tlsanswerstring
-                    + '" unrecognized; exiting.'
-                )
-
-    if "SYNAPSE_LOG_CONFIG" not in environ:
-        environ["SYNAPSE_LOG_CONFIG"] = config_dir + "/log.config"
-
-    log("Generating synapse config file " + config_path)
-    convert("/conf/homeserver.yaml", config_path, environ)
-
-    log_config_file = environ["SYNAPSE_LOG_CONFIG"]
-    log("Generating log config file " + log_config_file)
-    convert("/conf/log.config", log_config_file, environ)
-
-    subprocess.check_output(["chown", "-R", ownership, "/data"])
-
-    # Hopefully we already have a signing key, but generate one if not.
-    subprocess.check_output(
-        [
-            "su-exec",
-            ownership,
-            "python",
-            "-m",
-            "synapse.app.homeserver",
-            "--config-path",
-            config_path,
-            # tell synapse to put generated keys in /data rather than /compiled
-            "--keys-directory",
-            config_dir,
-            "--generate-keys",
-        ]
-    )
-
-
-def run_generate_config(environ, ownership):
-    """Run synapse with a --generate-config param to generate a template config file
-
-    Args:
-        environ (dict): env var dict
-        ownership (str): "userid:groupid" arg for chmod
-
-    Never returns.
-    """
-    for v in ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"):
-        if v not in environ:
-            error("Environment variable '%s' is mandatory in `generate` mode." % (v,))
-
-    server_name = environ["SYNAPSE_SERVER_NAME"]
-    config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
-    config_path = environ.get("SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml")
-    data_dir = environ.get("SYNAPSE_DATA_DIR", "/data")
-
-    # create a suitable log config from our template
-    log_config_file = "%s/%s.log.config" % (config_dir, server_name)
-    if not os.path.exists(log_config_file):
-        log("Creating log config %s" % (log_config_file,))
-        convert("/conf/log.config", log_config_file, environ)
-
-    # make sure that synapse has perms to write to the data dir.
-    subprocess.check_output(["chown", ownership, data_dir])
-
-    args = [
-        "python",
-        "-m",
-        "synapse.app.homeserver",
-        "--server-name",
-        server_name,
-        "--report-stats",
-        environ["SYNAPSE_REPORT_STATS"],
-        "--config-path",
-        config_path,
-        "--config-directory",
-        config_dir,
-        "--data-directory",
-        data_dir,
-        "--generate-config",
-        "--open-private-ports",
+# In generate mode, generate a configuration, missing keys, then exit
+if mode == "generate":
+    check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH"))
+    args += [
+        "--server-name", environ["SYNAPSE_SERVER_NAME"],
+        "--report-stats", environ["SYNAPSE_REPORT_STATS"],
+        "--config-path", environ["SYNAPSE_CONFIG_PATH"],
+        "--generate-config"
    ]
-    # log("running %s" % (args, ))
    os.execv("/usr/local/bin/python", args)

-
-def main(args, environ):
-    mode = args[1] if len(args) > 1 else None
-    ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
-
-    # In generate mode, generate a configuration and missing keys, then exit
-    if mode == "generate":
-        return run_generate_config(environ, ownership)
-
-    if mode == "migrate_config":
-        # generate a config based on environment vars.
-        config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
-        config_path = environ.get(
-            "SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml"
-        )
-        return generate_config_from_template(
-            config_dir, config_path, environ, ownership
-        )
-
-    if mode is not None:
-        error("Unknown execution mode '%s'" % (mode,))
-
-    if "SYNAPSE_SERVER_NAME" in environ:
-        # backwards-compatibility generate-a-config-on-the-fly mode
-        if "SYNAPSE_CONFIG_PATH" in environ:
-            error(
-                "SYNAPSE_SERVER_NAME and SYNAPSE_CONFIG_PATH are mutually exclusive "
-                "except in `generate` or `migrate_config` mode."
-            )
+# In normal mode, generate missing keys if any, then run synapse
+else:
+    if "SYNAPSE_CONFIG_PATH" in environ:
+        config_path = environ["SYNAPSE_CONFIG_PATH"]
+    else:
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
+        generate_secrets(environ, {
+            "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
+            "macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
+        })
+        environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
+        if not os.path.exists("/compiled"): os.mkdir("/compiled")

        config_path = "/compiled/homeserver.yaml"
-        log(
-            "Generating config file '%s' on-the-fly from environment variables.\n"
-            "Note that this mode is deprecated. You can migrate to a static config\n"
-            "file by running with 'migrate_config'. See the README for more details."
-            % (config_path,)
-        )
+        
+        # Convert SYNAPSE_NO_TLS to boolean if exists
+        if "SYNAPSE_NO_TLS" in environ:
+            tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
+            if tlsanswerstring in ("true", "on", "1", "yes"):
+                environ["SYNAPSE_NO_TLS"] = True
+            else:
+                if tlsanswerstring in ("false", "off", "0", "no"):
+                    environ["SYNAPSE_NO_TLS"] = False
+                else:
+                    print("Environment variable \"SYNAPSE_NO_TLS\" found but value \"" + tlsanswerstring + "\" unrecognized; exiting.")
+                    sys.exit(2)

-        generate_config_from_template("/compiled", config_path, environ, ownership)
-    else:
-        config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
-        config_path = environ.get(
-            "SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml"
-        )
-        if not os.path.exists(config_path):
-            error(
-                "Config file '%s' does not exist. You should either create a new "
-                "config file by running with the `generate` argument (and then edit "
-                "the resulting file before restarting) or specify the path to an "
-                "existing config file with the SYNAPSE_CONFIG_PATH variable."
-                % (config_path,)
-            )
+        convert("/conf/homeserver.yaml", config_path, environ)
+        convert("/conf/log.config", "/compiled/log.config", environ)
+        subprocess.check_output(["chown", "-R", ownership, "/data"])

-    log("Starting synapse with config file " + config_path)

-    args = [
-        "su-exec",
-        ownership,
-        "python",
-        "-m",
-        "synapse.app.homeserver",
-        "--config-path",
-        config_path,
+    args += [
+        "--config-path", config_path,
+
+        # tell synapse to put any generated keys in /data rather than /compiled
+        "--keys-directory", "/data",
    ]
-    os.execv("/sbin/su-exec", args)

-
-if __name__ == "__main__":
-    main(sys.argv, os.environ)
+    # Generate missing keys and start synapse
+    subprocess.check_output(args + ["--generate-keys"])
+    os.execv("/sbin/su-exec", ["su-exec", ownership] + args)
--- a/docs/CAPTCHA_SETUP.rst
+++ b/docs/CAPTCHA_SETUP.rst
@@ -7,7 +7,6 @@ Requires a public/private key pair from:

 https://developers.google.com/recaptcha/

-Must be a reCAPTCHA v2 key using the "I'm not a robot" Checkbox option

 Setting ReCaptcha Keys
 ----------------------
--- a/docs/MSC1711_certificates_FAQ.md
+++ b/docs/MSC1711_certificates_FAQ.md
@@ -1,22 +1,5 @@
 # MSC1711 Certificates FAQ

-## Historical Note
-This document was originally written to guide server admins through the upgrade
-path towards Synapse 1.0. Specifically,
-[MSC1711](https://github.com/matrix-org/matrix-doc/blob/master/proposals/1711-x509-for-federation.md)
-required that all servers present valid TLS certificates on their federation
-API. Admins were encouraged to achieve compliance from version 0.99.0 (released
-in February 2019) ahead of version 1.0 (released June 2019) enforcing the
-certificate checks.
-
-Much of what follows is now outdated since most admins will have already
-upgraded, however it may be of use to those with old installs returning to the
-project.
-
-If you are setting up a server from scratch you almost certainly should look at
-the [installation guide](../INSTALL.md) instead.
-
-## Introduction
 The goal of Synapse 0.99.0 is to act as a stepping stone to Synapse 1.0.0. It
 supports the r0.1 release of the server to server specification, but is
 compatible with both the legacy Matrix federation behaviour (pre-r0.1) as well
@@ -85,14 +68,16 @@ Admins should upgrade and configure a valid CA cert. Homeservers that require a
 .well-known entry (see below), should retain their SRV record and use it
 alongside their .well-known record.

-**10th June 2019  - Synapse 1.0.0 is released**
+**>= 5th March 2019  - Synapse 1.0.0 is released**

-1.0.0 is scheduled for release on 10th June. In
+1.0.0 will land no sooner than 1 month after 0.99.0, leaving server admins one
+month after 5th February to upgrade to 0.99.0 and deploy their certificates. In
 accordance with the the [S2S spec](https://matrix.org/docs/spec/server_server/r0.1.0.html)
 1.0.0 will enforce certificate validity. This means that any homeserver without a
 valid certificate after this point will no longer be able to federate with
 1.0.0 servers.

+
 ## Configuring certificates for compatibility with Synapse 1.0.0

 ### If you do not currently have an SRV record
@@ -160,11 +145,12 @@ You can do this with a `.well-known` file as follows:
 1. Keep the SRV record in place - it is needed for backwards compatibility
    with Synapse 0.34 and earlier.

-  2. Give Synapse a certificate corresponding to the target domain
-    (`customer.example.net` in the above example). You can either use Synapse's
-    built-in [ACME support](./ACME.md) for this (via the `domain` parameter in
-    the `acme` section), or acquire a certificate yourself and give it to
-    Synapse via `tls_certificate_path` and `tls_private_key_path`.
+ 2. Give synapse a certificate corresponding to the target domain
+    (`customer.example.net` in the above example). Currently Synapse's ACME
+    support [does not support
+    this](https://github.com/matrix-org/synapse/issues/4552), so you will have
+    to acquire a certificate yourself and give it to Synapse via
+    `tls_certificate_path` and `tls_private_key_path`.

 3. Restart Synapse to ensure the new certificate is loaded.

--- a/docs/admin_api/user_admin_api.rst
+++ b/docs/admin_api/user_admin_api.rst
@@ -69,7 +69,7 @@ An empty body may be passed for backwards compatibility.
 Reset password
 ==============

-Changes the password of another user. This will automatically log the user out of all their devices.
+Changes the password of another user.

 The api is::

--- a/docs/code_style.rst
+++ b/docs/code_style.rst
@@ -1,73 +1,73 @@
-Code Style
-==========
+- Everything should comply with PEP8. Code should pass
+  ``pep8 --max-line-length=100`` without any warnings.

-Formatting tools
----------------
+- **Indenting**:

-The Synapse codebase uses a number of code formatting tools in order to
-quickly and automatically check for formatting (and sometimes logical) errors
-in code.
+  - NEVER tabs. 4 spaces to indent.

-The necessary tools are detailed below.
+  - follow PEP8; either hanging indent or multiline-visual indent depending
+    on the size and shape of the arguments and what makes more sense to the
+    author. In other words, both this::

- **black**
+      print("I am a fish %s" % "moo")

-  The Synapse codebase uses `black <https://pypi.org/project/black/>`_ as an
-  opinionated code formatter, ensuring all comitted code is properly
-  formatted.
+    and this::

-  First install ``black`` with::
+      print("I am a fish %s" %
+            "moo")

-    pip install --upgrade black
+    and this::

-  Have ``black`` auto-format your code (it shouldn't change any functionality)
-  with::
+        print(
+            "I am a fish %s" %
+            "moo",
+        )

-    black . --exclude="\.tox|build|env"
+    ...are valid, although given each one takes up 2x more vertical space than
+    the previous, it's up to the author's discretion as to which layout makes
+    most sense for their function invocation.  (e.g. if they want to add
+    comments per-argument, or put expressions in the arguments, or group
+    related arguments together, or want to deliberately extend or preserve
+    vertical/horizontal space)

- **flake8**
+- **Line length**:

-  ``flake8`` is a code checking tool. We require code to pass ``flake8`` before being merged into the codebase.
+  Max line length is 79 chars (with flexibility to overflow by a "few chars" if
+  the overflowing content is not semantically significant and avoids an
+  explosion of vertical whitespace).

-  Install ``flake8`` with::
-
-    pip install --upgrade flake8
-
-  Check all application and test code with::
-
-    flake8 synapse tests
-
- **isort**
-
-  ``isort`` ensures imports are nicely formatted, and can suggest and
-  auto-fix issues such as double-importing.
-
-  Install ``isort`` with::
-
-    pip install --upgrade isort
-
-  Auto-fix imports with::
-
-    isort -rc synapse tests
-
-  ``-rc`` means to recursively search the given directories.
-
-It's worth noting that modern IDEs and text editors can run these tools
-automatically on save. It may be worth looking into whether this
-functionality is supported in your editor for a more convenient development
-workflow. It is not, however, recommended to run ``flake8`` on save as it
-takes a while and is very resource intensive.
-
-General rules
-------------
+  Use parentheses instead of ``\`` for line continuation where ever possible
+  (which is pretty much everywhere).

 - **Naming**:

  - Use camel case for class and type names
  - Use underscores for functions and variables.

- **Docstrings**: should follow the `google code style
-  <https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings>`_.
+- Use double quotes ``"foo"`` rather than single quotes ``'foo'``.
+
+- **Blank lines**:
+
+  - There should be max a single new line between:
+
+    - statements
+    - functions in a class
+
+  - There should be two new lines between:
+
+    - definitions in a module (e.g., between different classes)
+
+- **Whitespace**:
+
+  There should be spaces where spaces should be and not where there shouldn't
+  be:
+
+  - a single space after a comma
+  - a single space before and after for '=' when used as assignment
+  - no spaces before and after for '=' for default values and keyword arguments.
+
+- **Comments**: should follow the `google code style
+  <http://google.github.io/styleguide/pyguide.html?showone=Comments#Comments>`_.
  This is so that we can generate documentation with `sphinx
  <http://sphinxcontrib-napoleon.readthedocs.org/en/latest/>`_. See the
  `examples
@@ -76,9 +76,7 @@ General rules

 - **Imports**:

-  - Imports should be sorted by ``isort`` as described above.
-
-  - Prefer to import classes and functions rather than packages or modules.
+  - Prefer to import classes and functions than packages or modules.

    Example::

@@ -97,84 +95,25 @@ General rules
    This goes against the advice in the Google style guide, but it means that
    errors in the name are caught early (at import time).

+  - Multiple imports from the same package can be combined onto one line::
+
+      from synapse.types import GroupID, RoomID, UserID
+
+    An effort should be made to keep the individual imports in alphabetical
+    order.
+
+    If the list becomes long, wrap it with parentheses and split it over
+    multiple lines.
+
+  - As per `PEP-8 <https://www.python.org/dev/peps/pep-0008/#imports>`_,
+    imports should be grouped in the following order, with a blank line between
+    each group:
+
+    1. standard library imports
+    2. related third party imports
+    3. local application/library specific imports
+
+  - Imports within each group should be sorted alphabetically by module name.
+
  - Avoid wildcard imports (``from synapse.types import *``) and relative
    imports (``from .types import UserID``).
-
-Configuration file format
-------------------------
-
-The `sample configuration file <./sample_config.yaml>`_ acts as a reference to
-Synapse's configuration options for server administrators. Remember that many
-readers will be unfamiliar with YAML and server administration in general, so
-that it is important that the file be as easy to understand as possible, which
-includes following a consistent format.
-
-Some guidelines follow:
-
-* Sections should be separated with a heading consisting of a single line
-  prefixed and suffixed with ``##``. There should be **two** blank lines
-  before the section header, and **one** after.
-
-* Each option should be listed in the file with the following format:
-
-  * A comment describing the setting. Each line of this comment should be
-    prefixed with a hash (``#``) and a space.
-
-    The comment should describe the default behaviour (ie, what happens if
-    the setting is omitted), as well as what the effect will be if the
-    setting is changed.
-
-    Often, the comment end with something like "uncomment the
-    following to \<do action>".
-
-  * A line consisting of only ``#``.
-
-  * A commented-out example setting, prefixed with only ``#``.
-
-    For boolean (on/off) options, convention is that this example should be
-    the *opposite* to the default (so the comment will end with "Uncomment
-    the following to enable [or disable] \<feature\>." For other options,
-    the example should give some non-default value which is likely to be
-    useful to the reader.
-
-* There should be a blank line between each option.
-
-* Where several settings are grouped into a single dict, *avoid* the
-  convention where the whole block is commented out, resulting in comment
-  lines starting ``# #``, as this is hard to read and confusing to
-  edit. Instead, leave the top-level config option uncommented, and follow
-  the conventions above for sub-options. Ensure that your code correctly
-  handles the top-level option being set to ``None`` (as it will be if no
-  sub-options are enabled).
-
-* Lines should be wrapped at 80 characters.
-
-Example::
-
-    ## Frobnication ##
-
-    # The frobnicator will ensure that all requests are fully frobnicated.
-    # To enable it, uncomment the following.
-    #
-    #frobnicator_enabled: true
-
-    # By default, the frobnicator will frobnicate with the default frobber.
-    # The following will make it use an alternative frobber.
-    #
-    #frobincator_frobber: special_frobber
-
-    # Settings for the frobber
-    #
-    frobber:
-       # frobbing speed. Defaults to 1.
-       #
-       #speed: 10
-
-       # frobbing distance. Defaults to 1000.
-       #
-       #distance: 100
-
-Note that the sample configuration is generated from the synapse code and is
-maintained by a script, ``scripts-dev/generate_sample_config``. Making sure
-that the output from this script matches the desired format is left as an
-exercise for the reader!
--- a/docs/federate.md
+++ b/docs/federate.md
@@ -14,9 +14,9 @@ up and will work provided you set the ``server_name`` to match your
 machine's public DNS hostname, and provide Synapse with a TLS certificate
 which is valid for your ``server_name``.

-Once federation has been configured, you should be able to join a room over
-federation. A good place to start is ``#synapse:matrix.org`` - a room for
-Synapse admins.
+Once you have completed the steps necessary to federate, you should be able to 
+join a room via federation. (A good place to start is ``#synapse:matrix.org`` - a 
+room for Synapse admins.)


 ## Delegation
@@ -98,77 +98,6 @@ _matrix._tcp.<server_name>``. In our example, we would expect this:
 Note that the target of a SRV record cannot be an alias (CNAME record): it has to point
 directly to the server hosting the synapse instance.

-### Delegation FAQ
-#### When do I need a SRV record or .well-known URI?
-
-If your homeserver listens on the default federation port (8448), and your
-`server_name` points to the host that your homeserver runs on, you do not need an SRV
-record or `.well-known/matrix/server` URI.
-
-For instance, if you registered `example.com` and pointed its DNS A record at a
-fresh server, you could install Synapse on that host,
-giving it a `server_name` of `example.com`, and once [ACME](acme.md) support is enabled,
-it would automatically generate a valid TLS certificate for you via Let's Encrypt
-and no SRV record or .well-known URI would be needed.
-
-This is the common case, although you can add an SRV record or
-`.well-known/matrix/server` URI for completeness if you wish.
-
-**However**, if your server does not listen on port 8448, or if your `server_name`
-does not point to the host that your homeserver runs on, you will need to let
-other servers know how to find it. The way to do this is via .well-known or an
-SRV record.
-
-#### I have created a .well-known URI. Do I still need an SRV record?
-
-As of Synapse 0.99, Synapse will first check for the existence of a .well-known
-URI and follow any delegation it suggests. It will only then check for the
-existence of an SRV record.
-
-That means that the SRV record will often be redundant. However, you should
-remember that there may still be older versions of Synapse in the federation
-which do not understand .well-known URIs, so if you removed your SRV record
-you would no longer be able to federate with them.
-
-It is therefore best to leave the SRV record in place for now. Synapse 0.34 and
-earlier will follow the SRV record (and not care about the invalid
-certificate). Synapse 0.99 and later will follow the .well-known URI, with the
-correct certificate chain.
-
-#### Can I manage my own certificates rather than having Synapse renew certificates itself?
-
-Yes, you are welcome to manage your certificates yourself. Synapse will only
-attempt to obtain certificates from Let's Encrypt if you configure it to do
-so.The only requirement is that there is a valid TLS cert present for
-federation end points.
-
-#### Do you still recommend against using a reverse proxy on the federation port?
-
-We no longer actively recommend against using a reverse proxy. Many admins will
-find it easier to direct federation traffic to a reverse proxy and manage their
-own TLS certificates, and this is a supported configuration.
-
-See [reverse_proxy.rst](reverse_proxy.rst) for information on setting up a
-reverse proxy.
-
-#### Do I still need to give my TLS certificates to Synapse if I am using a reverse proxy?
-
-Practically speaking, this is no longer necessary.
-
-If you are using a reverse proxy for all of your TLS traffic, then you can set
-`no_tls: True` in the Synapse config. In that case, the only reason Synapse
-needs the certificate is to populate a legacy `tls_fingerprints` field in the
-federation API. This is ignored by Synapse 0.99.0 and later, and the only time
-pre-0.99 Synapses will check it is when attempting to fetch the server keys -
-and generally this is delegated via `matrix.org`, which will be running a modern
-version of Synapse.
-
-#### Do I need the same certificate for the client and federation port?
-
-No. There is nothing stopping you from using different certificates,
-particularly if you are using a reverse proxy. However, Synapse will use the
-same certificate on any ports where TLS is configured.
-
 ## Troubleshooting

 You can use the [federation tester](
--- a/docs/log_contexts.rst
+++ b/docs/log_contexts.rst
@@ -1,4 +1,4 @@
-Log Contexts
+Log contexts
 ============

 .. contents::
@@ -12,7 +12,7 @@ record.
 Logcontexts are also used for CPU and database accounting, so that we can track
 which requests were responsible for high CPU use or database activity.

-The ``synapse.logging.context`` module provides a facilities for managing the
+The ``synapse.util.logcontext`` module provides a facilities for managing the
 current log context (as well as providing the ``LoggingContextFilter`` class).

 Deferreds make the whole thing complicated, so this document describes how it
@@ -27,19 +27,19 @@ found them:

 .. code:: python

-    from synapse.logging import context         # omitted from future snippets
+    from synapse.util import logcontext         # omitted from future snippets

    def handle_request(request_id):
-        request_context = context.LoggingContext()
+        request_context = logcontext.LoggingContext()

-        calling_context = context.LoggingContext.current_context()
-        context.LoggingContext.set_current_context(request_context)
+        calling_context = logcontext.LoggingContext.current_context()
+        logcontext.LoggingContext.set_current_context(request_context)
        try:
            request_context.request = request_id
            do_request_handling()
            logger.debug("finished")
        finally:
-            context.LoggingContext.set_current_context(calling_context)
+            logcontext.LoggingContext.set_current_context(calling_context)

    def do_request_handling():
        logger.debug("phew")  # this will be logged against request_id
@@ -51,7 +51,7 @@ written much more succinctly as:
 .. code:: python

    def handle_request(request_id):
-        with context.LoggingContext() as request_context:
+        with logcontext.LoggingContext() as request_context:
            request_context.request = request_id
            do_request_handling()
            logger.debug("finished")
@@ -74,7 +74,7 @@ blocking operation, and returns a deferred:

    @defer.inlineCallbacks
    def handle_request(request_id):
-        with context.LoggingContext() as request_context:
+        with logcontext.LoggingContext() as request_context:
            request_context.request = request_id
            yield do_request_handling()
            logger.debug("finished")
@@ -148,7 +148,7 @@ call any other functions.
        d = more_stuff()
        result = yield d            # also fine, of course

-        return result
+        defer.returnValue(result)

    def nonInlineCallbacksFun():
        logger.debug("just a wrapper really")
@@ -179,7 +179,7 @@ though, we need to make up a new Deferred, or we get a Deferred back from
 external code. We need to make it follow our rules.

 The easy way to do it is with a combination of ``defer.inlineCallbacks``, and
-``context.PreserveLoggingContext``. Suppose we want to implement ``sleep``,
+``logcontext.PreserveLoggingContext``. Suppose we want to implement ``sleep``,
 which returns a deferred which will run its callbacks after a given number of
 seconds. That might look like:

@@ -204,13 +204,13 @@ That doesn't follow the rules, but we can fix it by wrapping it with
 This technique works equally for external functions which return deferreds,
 or deferreds we have made ourselves.

-You can also use ``context.make_deferred_yieldable``, which just does the
+You can also use ``logcontext.make_deferred_yieldable``, which just does the
 boilerplate for you, so the above could be written:

 .. code:: python

    def sleep(seconds):
-        return context.make_deferred_yieldable(get_sleep_deferred(seconds))
+        return logcontext.make_deferred_yieldable(get_sleep_deferred(seconds))


 Fire-and-forget
@@ -279,7 +279,7 @@ Obviously that option means that the operations done in
 that might be fixed by setting a different logcontext via a ``with
 LoggingContext(...)`` in ``background_operation``).

-The second option is to use ``context.run_in_background``, which wraps a
+The second option is to use ``logcontext.run_in_background``, which wraps a
 function so that it doesn't reset the logcontext even when it returns an
 incomplete deferred, and adds a callback to the returned deferred to reset the
 logcontext. In other words, it turns a function that follows the Synapse rules
@@ -293,7 +293,7 @@ It can be used like this:
    def do_request_handling():
        yield foreground_operation()

-        context.run_in_background(background_operation)
+        logcontext.run_in_background(background_operation)

        # this will now be logged against the request context
        logger.debug("Request handling complete")
@@ -332,7 +332,7 @@ gathered:
            result = yield defer.gatherResults([d1, d2])

 In this case particularly, though, option two, of using
-``context.preserve_fn`` almost certainly makes more sense, so that
+``logcontext.preserve_fn`` almost certainly makes more sense, so that
 ``operation1`` and ``operation2`` are both logged against the original
 logcontext. This looks like:

@@ -340,8 +340,8 @@ logcontext. This looks like:

    @defer.inlineCallbacks
    def do_request_handling():
-        d1 = context.preserve_fn(operation1)()
-        d2 = context.preserve_fn(operation2)()
+        d1 = logcontext.preserve_fn(operation1)()
+        d2 = logcontext.preserve_fn(operation2)()

        with PreserveLoggingContext():
            result = yield defer.gatherResults([d1, d2])
@@ -381,7 +381,7 @@ off the background process, and then leave the ``with`` block to wait for it:
 .. code:: python

    def handle_request(request_id):
-        with context.LoggingContext() as request_context:
+        with logcontext.LoggingContext() as request_context:
            request_context.request = request_id
            d = do_request_handling()

@@ -414,7 +414,7 @@ runs its callbacks in the original logcontext, all is happy.

 The business of a Deferred which runs its callbacks in the original logcontext
 isn't hard to achieve — we have it today, in the shape of
-``context._PreservingContextDeferred``:
+``logcontext._PreservingContextDeferred``:

 .. code:: python

--- a/docs/metrics-howto.rst
+++ b/docs/metrics-howto.rst
@@ -59,108 +59,6 @@ How to monitor Synapse metrics using Prometheus
   Restart Prometheus.


-Renaming of metrics & deprecation of old names in 1.2
-----------------------------------------------------
-
-Synapse 1.2 updates the Prometheus metrics to match the naming convention of the
-upstream ``prometheus_client``. The old names are considered deprecated and will
-be removed in a future version of Synapse.
-
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-|                                  New Name                                   |                               Old Name                                |
-+=============================================================================+=======================================================================+
-| python_gc_objects_collected_total                                           | python_gc_objects_collected                                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| python_gc_objects_uncollectable_total                                       | python_gc_objects_uncollectable                                       |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| python_gc_collections_total                                                 | python_gc_collections                                                 |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| process_cpu_seconds_total                                                   | process_cpu_seconds                                                   |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_client_sent_transactions_total                           | synapse_federation_client_sent_transactions                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_client_events_processed_total                            | synapse_federation_client_events_processed                            |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_event_processing_loop_count_total                                   | synapse_event_processing_loop_count                                   |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_event_processing_loop_room_count_total                              | synapse_event_processing_loop_room_count                              |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_count_total                                      | synapse_util_metrics_block_count                                      |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_time_seconds_total                               | synapse_util_metrics_block_time_seconds                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_ru_utime_seconds_total                           | synapse_util_metrics_block_ru_utime_seconds                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_ru_stime_seconds_total                           | synapse_util_metrics_block_ru_stime_seconds                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_db_txn_count_total                               | synapse_util_metrics_block_db_txn_count                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_db_txn_duration_seconds_total                    | synapse_util_metrics_block_db_txn_duration_seconds                    |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_util_metrics_block_db_sched_duration_seconds_total                  | synapse_util_metrics_block_db_sched_duration_seconds                  |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_start_count_total                                | synapse_background_process_start_count                                |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_ru_utime_seconds_total                           | synapse_background_process_ru_utime_seconds                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_ru_stime_seconds_total                           | synapse_background_process_ru_stime_seconds                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_db_txn_count_total                               | synapse_background_process_db_txn_count                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_db_txn_duration_seconds_total                    | synapse_background_process_db_txn_duration_seconds                    |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_background_process_db_sched_duration_seconds_total                  | synapse_background_process_db_sched_duration_seconds                  |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_storage_events_persisted_events_total                               | synapse_storage_events_persisted_events                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_storage_events_persisted_events_sep_total                           | synapse_storage_events_persisted_events_sep                           |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_storage_events_state_delta_total                                    | synapse_storage_events_state_delta                                    |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_storage_events_state_delta_single_event_total                       | synapse_storage_events_state_delta_single_event                       |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_storage_events_state_delta_reuse_delta_total                        | synapse_storage_events_state_delta_reuse_delta                        |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_server_received_pdus_total                               | synapse_federation_server_received_pdus                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_server_received_edus_total                               | synapse_federation_server_received_edus                               |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_notified_presence_total                            | synapse_handler_presence_notified_presence                            |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_federation_presence_out_total                      | synapse_handler_presence_federation_presence_out                      |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_presence_updates_total                             | synapse_handler_presence_presence_updates                             |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_timers_fired_total                                 | synapse_handler_presence_timers_fired                                 |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_federation_presence_total                          | synapse_handler_presence_federation_presence                          |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handler_presence_bump_active_time_total                             | synapse_handler_presence_bump_active_time                             |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_client_sent_edus_total                                   | synapse_federation_client_sent_edus                                   |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_client_sent_pdu_destinations_count_total                 | synapse_federation_client_sent_pdu_destinations:count                 |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_federation_client_sent_pdu_destinations_total                       | synapse_federation_client_sent_pdu_destinations:total                 |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_handlers_appservice_events_processed_total                          | synapse_handlers_appservice_events_processed                          |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_notifier_notified_events_total                                      | synapse_notifier_notified_events                                      |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total | synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter_total   | synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter   |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_http_httppusher_http_pushes_processed_total                         | synapse_http_httppusher_http_pushes_processed                         |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_http_httppusher_http_pushes_failed_total                            | synapse_http_httppusher_http_pushes_failed                            |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_http_httppusher_badge_updates_processed_total                       | synapse_http_httppusher_badge_updates_processed                       |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-| synapse_http_httppusher_badge_updates_failed_total                          | synapse_http_httppusher_badge_updates_failed                          |
-+-----------------------------------------------------------------------------+-----------------------------------------------------------------------+
-
-
 Removal of deprecated metrics & time based counters becoming histograms in 0.31.0
 ---------------------------------------------------------------------------------

--- a/docs/opentracing.rst
+++ b/docs/opentracing.rst
@@ -1,100 +0,0 @@
-===========
-OpenTracing
-===========
-
-Background
----------
-
-OpenTracing is a semi-standard being adopted by a number of distributed tracing
-platforms. It is a common api for facilitating vendor-agnostic tracing
-instrumentation. That is, we can use the OpenTracing api and select one of a
-number of tracer implementations to do the heavy lifting in the background.
-Our current selected implementation is Jaeger.
-
-OpenTracing is a tool which gives an insight into the causal relationship of
-work done in and between servers. The servers each track events and report them
-to a centralised server - in Synapse's case: Jaeger. The basic unit used to
-represent events is the span. The span roughly represents a single piece of work
-that was done and the time at which it occurred. A span can have child spans,
-meaning that the work of the child had to be completed for the parent span to
-complete, or it can have follow-on spans which represent work that is undertaken
-as a result of the parent but is not depended on by the parent to in order to
-finish.
-
-Since this is undertaken in a distributed environment a request to another
-server, such as an RPC or a simple GET, can be considered a span (a unit or
-work) for the local server. This causal link is what OpenTracing aims to
-capture and visualise. In order to do this metadata about the local server's
-span, i.e the 'span context', needs to be included with the request to the
-remote.
-
-It is up to the remote server to decide what it does with the spans
-it creates. This is called the sampling policy and it can be configured
-through Jaeger's settings.
-
-For OpenTracing concepts see 
-https://opentracing.io/docs/overview/what-is-tracing/.
-
-For more information about Jaeger's implementation see
-https://www.jaegertracing.io/docs/
-
-=====================
-Seting up OpenTracing
-=====================
-
-To receive OpenTracing spans, start up a Jaeger server. This can be done
-using docker like so:
-
-.. code-block:: bash
-
-   docker run -d --name jaeger
-     -p 6831:6831/udp \
-     -p 6832:6832/udp \
-     -p 5778:5778 \
-     -p 16686:16686 \
-     -p 14268:14268 \
-     jaegertracing/all-in-one:1.13
-
-Latest documentation is probably at
-https://www.jaegertracing.io/docs/1.13/getting-started/
-
-
-Enable OpenTracing in Synapse
-----------------------------
-
-OpenTracing is not enabled by default. It must be enabled in the homeserver
-config by uncommenting the config options under ``opentracing`` as shown in
-the `sample config <./sample_config.yaml>`_. For example:
-
-.. code-block:: yaml
-
-  opentracing:
-    tracer_enabled: true
-    homeserver_whitelist:
-      - "mytrustedhomeserver.org"
-      - "*.myotherhomeservers.com"
-
-Homeserver whitelisting
-----------------------
-
-The homeserver whitelist is configured using regular expressions. A list of regular
-expressions can be given and their union will be compared when propagating any
-spans contexts to another homeserver. 
-
-Though it's mostly safe to send and receive span contexts to and from
-untrusted users since span contexts are usually opaque ids it can lead to
-two problems, namely:
-
- If the span context is marked as sampled by the sending homeserver the receiver will
-  sample it. Therefore two homeservers with wildly different sampling policies
-  could incur higher sampling counts than intended.
- Sending servers can attach arbitrary data to spans, known as 'baggage'. For safety this has been disabled in Synapse
-  but that doesn't prevent another server sending you baggage which will be logged
-  to OpenTracing's logs.
-
-==================
-Configuring Jaeger
-==================
-
-Sampling strategies can be set as in this document:
-https://www.jaegertracing.io/docs/1.13/sampling/
--- a/docs/postgres.rst
+++ b/docs/postgres.rst
@@ -1,7 +1,7 @@
 Using Postgres
 --------------

-Postgres version 9.5 or later is known to work.
+Postgres version 9.4 or later is known to work.

 Install postgres client libraries
 =================================
@@ -11,14 +11,12 @@ a postgres database.

 * If you are using the `matrix.org debian/ubuntu
  packages <../INSTALL.md#matrixorg-packages>`_,
-  the necessary python library will already be installed, but you will need to
-  ensure the low-level postgres library is installed, which you can do with
-  ``apt install libpq5``.
+  the necessary libraries will already be installed.

 * For other pre-built packages, please consult the documentation from the
  relevant package.

-* If you installed synapse `in a virtualenv
+* If you installed synapse `in a virtualenv 
  <../INSTALL.md#installing-from-source>`_, you can install the library with::

      ~/synapse/env/bin/pip install matrix-synapse[postgres]
@@ -36,14 +34,9 @@ Assuming your PostgreSQL database user is called ``postgres``, create a user
   su - postgres
   createuser --pwprompt synapse_user

-Before you can authenticate with the ``synapse_user``, you must create a
-database that it can access. To create a database, first connect to the database
-with your database user::
-
-   su - postgres
-   psql
-
-and then run::
+The PostgreSQL database used *must* have the correct encoding set, otherwise it
+would not be able to store UTF8 strings. To create a database with the correct
+encoding use, e.g.::

   CREATE DATABASE synapse
    ENCODING 'UTF8'
@@ -53,13 +46,7 @@ and then run::
    OWNER synapse_user;

 This would create an appropriate database named ``synapse`` owned by the
-``synapse_user`` user (which must already have been created as above).
-
-Note that the PostgreSQL database *must* have the correct encoding set (as
-shown above), otherwise it will not be able to store UTF8 strings.
-
-You may need to enable password authentication so ``synapse_user`` can connect
-to the database. See https://www.postgresql.org/docs/11/auth-pg-hba-conf.html.
+``synapse_user`` user (which must already exist).

 Tuning Postgres
 ===============
--- a/docs/reverse_proxy.rst
+++ b/docs/reverse_proxy.rst
@@ -48,8 +48,6 @@ Let's assume that we expect clients to connect to our server at
              proxy_set_header X-Forwarded-For $remote_addr;
          }
      }
-      
-  Do not add a `/` after the port in `proxy_pass`, otherwise nginx will canonicalise/normalise the URI.

 * Caddy::

@@ -91,10 +89,8 @@ Let's assume that we expect clients to connect to our server at
        bind :::443 v4v6 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1

        # Matrix client traffic
-        acl matrix-host hdr(host) -i matrix.example.com
-        acl matrix-path path_beg /_matrix
-
-        use_backend matrix if matrix-host matrix-path
+        acl matrix hdr(host) -i matrix.example.com
+        use_backend matrix if matrix

      frontend matrix-federation
        bind :::8448 v4v6 ssl crt /etc/ssl/haproxy/synapse.pem alpn h2,http/1.1
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -23,6 +23,29 @@ server_name: "SERVERNAME"
 #
 pid_file: DATADIR/homeserver.pid

+# CPU affinity mask. Setting this restricts the CPUs on which the
+# process will be scheduled. It is represented as a bitmask, with the
+# lowest order bit corresponding to the first logical CPU and the
+# highest order bit corresponding to the last logical CPU. Not all CPUs
+# may exist on a given system but a mask may specify more CPUs than are
+# present.
+#
+# For example:
+#    0x00000001  is processor #0,
+#    0x00000003  is processors #0 and #1,
+#    0xFFFFFFFF  is all processors (#0 through #31).
+#
+# Pinning a Python process to a single CPU is desirable, because Python
+# is inherently single-threaded due to the GIL, and can suffer a
+# 30-40% slowdown due to cache blow-out and thread context switching
+# if the scheduler happens to schedule the underlying threads across
+# different cores. See
+# https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/.
+#
+# This setting requires the affinity package to be installed!
+#
+#cpu_affinity: 0xFFFFFFFF
+
 # The path to the web client which will be served at /_matrix/client/
 # if 'webclient' is configured under the 'listeners' configuration.
 #
@@ -54,25 +77,11 @@ pid_file: DATADIR/homeserver.pid
 #
 #require_auth_for_profile_requests: true

-# If set to 'false', requires authentication to access the server's public rooms
-# directory through the client API. Defaults to 'true'.
+# If set to 'true', requires authentication to access the server's
+# public rooms directory through the client API, and forbids any other
+# homeserver to fetch it via federation. Defaults to 'false'.
 #
-#allow_public_rooms_without_auth: false
-
-# If set to 'false', forbids any other homeserver to fetch the server's public
-# rooms directory via federation. Defaults to 'true'.
-#
-#allow_public_rooms_over_federation: false
-
-# The default room version for newly created rooms.
-#
-# Known room versions are listed here:
-# https://matrix.org/docs/spec/#complete-list-of-room-versions
-#
-# For example, for room version 1, default_room_version should be set
-# to "1".
-#
-#default_room_version: "4"
+#restrict_public_rooms_to_local_users: true

 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
@@ -213,7 +222,7 @@ listeners:
      - names: [client, federation]
        compress: false

-    # example additional_resources:
+    # example additonal_resources:
    #
    #additional_resources:
    #  "/_matrix/my/custom/endpoint":
@@ -242,22 +251,6 @@ listeners:

 # Monthly Active User Blocking
 #
-# Used in cases where the admin or server owner wants to limit to the
-# number of monthly active users.
-#
-# 'limit_usage_by_mau' disables/enables monthly active user blocking. When
-# anabled and a limit is reached the server returns a 'ResourceLimitError'
-# with error type Codes.RESOURCE_LIMIT_EXCEEDED
-#
-# 'max_mau_value' is the hard limit of monthly active users above which
-# the server will start blocking user actions.
-#
-# 'mau_trial_days' is a means to add a grace period for active users. It
-# means that users must be active for this number of days before they
-# can be considered active and guards against the case where lots of users
-# sign up in a short space of time never to return after their initial
-# session.
-#
 #limit_usage_by_mau: False
 #max_mau_value: 50
 #mau_trial_days: 2
@@ -278,23 +271,6 @@ listeners:
 # Used by phonehome stats to group together related servers.
 #server_context: context

-# Resource-constrained Homeserver Settings
-#
-# If limit_remote_rooms.enabled is True, the room complexity will be
-# checked before a user joins a new remote room. If it is above
-# limit_remote_rooms.complexity, it will disallow joining or
-# instantly leave.
-#
-# limit_remote_rooms.complexity_error can be set to customise the text
-# displayed to the user when a room above the complexity threshold has
-# its join cancelled.
-#
-# Uncomment the below lines to enable:
-#limit_remote_rooms:
-#  enabled: True
-#  complexity: 1.0
-#  complexity_error: "This room is too complex."
-
 # Whether to require a user to be in the room to add an alias to it.
 # Defaults to 'true'.
 #
@@ -327,21 +303,12 @@ listeners:
 #
 #tls_private_key_path: "CONFDIR/SERVERNAME.tls.key"

-# Whether to verify TLS server certificates for outbound federation requests.
+# Whether to verify TLS certificates when sending federation traffic.
 #
-# Defaults to `true`. To disable certificate verification, uncomment the
-# following line.
+# This currently defaults to `false`, however this will change in
+# Synapse 1.0 when valid federation certificates will be required.
 #
-#federation_verify_certificates: false
-
-# The minimum TLS version that will be used for outbound federation requests.
-#
-# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
-# that setting this value higher than `1.2` will prevent federation to most
-# of the public Matrix network: only configure it to `1.3` if you have an
-# entirely private federation setup and you can ensure TLS 1.3 support.
-#
-#federation_client_minimum_tls_version: 1.2
+#federation_verify_certificates: true

 # Skip federation certificate verification on the following whitelist
 # of domains.
@@ -432,13 +399,6 @@ acme:
    #
    #domain: matrix.example.com

-    # file to use for the account key. This will be generated if it doesn't
-    # exist.
-    #
-    # If unspecified, we will use CONFDIR/client.key.
-    #
-    account_key_file: DATADIR/acme_account.key
-
 # List of allowed TLS fingerprints for this server to publish along
 # with the signing keys for this server. Other matrix servers that
 # make HTTPS requests to this server will check that the TLS
@@ -565,13 +525,6 @@ log_config: "CONFDIR/SERVERNAME.log.config"



-## Media Store ##
-
-# Enable the media store service in the Synapse master. Uncomment the
-# following if you are using a separate media store worker.
-#
-#enable_media_repo: false
-
 # Directory where uploaded images and attachments are stored.
 #
 media_store_path: "DATADIR/media_store"
@@ -800,36 +753,13 @@ uploads_path: "DATADIR/uploads"
 # This means that, if a validity period is set, and Synapse is restarted (it will
 # then derive an expiration date from the current validity period), and some time
 # after that the validity period changes and Synapse is restarted, the users'
-# expiration dates won't be updated unless their account is manually renewed. This
-# date will be randomly selected within a range [now + period - d ; now + period],
-# where d is equal to 10% of the validity period.
+# expiration dates won't be updated unless their account is manually renewed.
 #
 #account_validity:
 #  enabled: True
 #  period: 6w
 #  renew_at: 1w
 #  renew_email_subject: "Renew your %(app)s account"
-#  # Directory in which Synapse will try to find the HTML files to serve to the
-#  # user when trying to renew an account. Optional, defaults to
-#  # synapse/res/templates.
-#  template_dir: "res/templates"
-#  # HTML to be displayed to the user after they successfully renewed their
-#  # account. Optional.
-#  account_renewed_html_path: "account_renewed.html"
-#  # HTML to be displayed when the user tries to renew an account with an invalid
-#  # renewal token. Optional.
-#  invalid_token_html_path: "invalid_token.html"
-
-# Time that a user's session remains valid for, after they log in.
-#
-# Note that this is not currently compatible with guest logins.
-#
-# Note also that this is calculated at login time: changes are not applied
-# retrospectively to users who have already logged in.
-#
-# By default, this is infinite.
-#
-#session_lifetime: 24h

 # The user must provide all of the below types of 3PID when registering.
 #
@@ -959,6 +889,10 @@ uploads_path: "DATADIR/uploads"
 #
 # macaroon_secret_key: <PRIVATE STRING>

+# Used to enable access token expiration.
+#
+#expire_access_token: False
+
 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values. Must be specified for the User Consent
 # forms to work.
@@ -990,43 +924,12 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"

 # The trusted servers to download signing keys from.
 #
-# When we need to fetch a signing key, each server is tried in parallel.
-#
-# Normally, the connection to the key server is validated via TLS certificates.
-# Additional security can be provided by configuring a `verify key`, which
-# will make synapse check that the response is signed by that key.
-#
-# This setting supercedes an older setting named `perspectives`. The old format
-# is still supported for backwards-compatibility, but it is deprecated.
-#
-# Options for each entry in the list include:
-#
-#    server_name: the name of the server. required.
-#
-#    verify_keys: an optional map from key id to base64-encoded public key.
-#       If specified, we will check that the response is signed by at least
-#       one of the given keys.
-#
-#    accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
-#       and federation_verify_certificates is not `true`, synapse will refuse
-#       to start, because this would allow anyone who can spoof DNS responses
-#       to masquerade as the trusted key server. If you know what you are doing
-#       and are sure that your network environment provides a secure connection
-#       to the key server, you can set this to `true` to override this
-#       behaviour.
-#
-# An example configuration might look like:
-#
-#trusted_key_servers:
-#  - server_name: "my_trusted_server.example.com"
-#    verify_keys:
-#      "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
-#  - server_name: "my_other_trusted_server.example.com"
-#
-# The default configuration is:
-#
-#trusted_key_servers:
-#  - server_name: "matrix.org"
+#perspectives:
+#  servers:
+#    "matrix.org":
+#      verify_keys:
+#        "ed25519:auto":
+#          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"


 # Enable SAML2 for registration and login. Uses pysaml2.
@@ -1038,12 +941,6 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 # so it is not normally necessary to specify them unless you need to
 # override them.
 #
-# Once SAML support is enabled, a metadata file will be exposed at
-# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
-# use to configure your SAML IdP with. Alternatively, you can manually configure
-# the IdP to use an ACS location of
-# https://<server>:<port>/_matrix/saml2/authn_response.
-#
 #saml2_config:
 #  sp_config:
 #    # point this to the IdP's metadata. You can use either a local file or
@@ -1053,15 +950,7 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 #      remote:
 #        - url: https://our_idp/metadata.xml
 #
-#    # By default, the user has to go to our login page first. If you'd like to
-#    # allow IdP-initiated login, set 'allow_unsolicited: True' in a
-#    # 'service.sp' section:
-#    #
-#    #service:
-#    #  sp:
-#    #    allow_unsolicited: True
-#
-#    # The examples below are just used to generate our metadata xml, and you
+#    # The rest of sp_config is just used to generate our metadata xml, and you
 #    # may well not need it, depending on your setup. Alternatively you
 #    # may need a whole lot more detail - see the pysaml2 docs!
 #
@@ -1084,12 +973,6 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 #  # separate pysaml2 configuration file:
 #  #
 #  config_path: "CONFDIR/sp_conf.py"
-#
-#  # the lifetime of a SAML session. This defines how long a user has to
-#  # complete the authentication process, if allow_unsolicited is unset.
-#  # The default is 5 minutes.
-#  #
-#  # saml_session_lifetime: 5m



@@ -1116,12 +999,6 @@ password_config:
   #
   #enabled: false

-   # Uncomment to disable authentication against the local password
-   # database. This is ignored if `enabled` is false, and is only useful
-   # if you have other password_providers.
-   #
-   #localdb_enabled: false
-
   # Uncomment and change to a secret random string for extra security.
   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
   #
@@ -1129,8 +1006,10 @@ password_config:



-# Enable sending emails for password resets, notification events or
-# account expiry notices
+# Enable sending emails for notification events or expiry notices
+# Defining a custom URL for Riot is only needed if email notifications
+# should contain links to a self-hosted installation of Riot; when set
+# the "app_name" setting is ignored.
 #
 # If your SMTP server requires authentication, the optional smtp_user &
 # smtp_pass variables should be used
@@ -1138,72 +1017,22 @@ password_config:
 #email:
 #   enable_notifs: false
 #   smtp_host: "localhost"
-#   smtp_port: 25 # SSL: 465, STARTTLS: 587
+#   smtp_port: 25
 #   smtp_user: "exampleusername"
 #   smtp_pass: "examplepassword"
 #   require_transport_security: False
 #   notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>"
 #   app_name: Matrix
-#
-#   # Enable email notifications by default
-#   #
-#   notif_for_new_users: True
-#
-#   # Defining a custom URL for Riot is only needed if email notifications
-#   # should contain links to a self-hosted installation of Riot; when set
-#   # the "app_name" setting is ignored
-#   #
-#   riot_base_url: "http://localhost/riot"
-#
-#   # Enable sending password reset emails via the configured, trusted
-#   # identity servers
-#   #
-#   # IMPORTANT! This will give a malicious or overtaken identity server
-#   # the ability to reset passwords for your users! Make absolutely sure
-#   # that you want to do this! It is strongly recommended that password
-#   # reset emails be sent by the homeserver instead
-#   #
-#   # If this option is set to false and SMTP options have not been
-#   # configured, resetting user passwords via email will be disabled
-#   #
-#   #trust_identity_server_for_password_resets: false
-#
-#   # Configure the time that a validation email or text message code
-#   # will expire after sending
-#   #
-#   # This is currently used for password resets
-#   #
-#   #validation_token_lifetime: 1h
-#
-#   # Template directory. All template files should be stored within this
-#   # directory. If not set, default templates from within the Synapse
-#   # package will be used
-#   #
-#   # For the list of default templates, please see
-#   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
-#   #
+#   # if template_dir is unset, uses the example templates that are part of
+#   # the Synapse distribution.
 #   #template_dir: res/templates
-#
-#   # Templates for email notifications
-#   #
 #   notif_template_html: notif_mail.html
 #   notif_template_text: notif_mail.txt
-#
-#   # Templates for account expiry notices
-#   #
+#   # Templates for account expiry notices.
 #   expiry_template_html: notice_expiry.html
 #   expiry_template_text: notice_expiry.txt
-#
-#   # Templates for password reset emails sent by the homeserver
-#   #
-#   #password_reset_template_html: password_reset.html
-#   #password_reset_template_text: password_reset.txt
-#
-#   # Templates for password reset success and failure pages that a user
-#   # will see after attempting to reset their password
-#   #
-#   #password_reset_template_success_html: password_reset_success.html
-#   #password_reset_template_failure_html: password_reset_failure.html
+#   notif_for_new_users: True
+#   riot_base_url: "http://localhost/riot"


 #password_providers:
@@ -1264,9 +1093,9 @@ password_config:
 #
 # 'search_all_users' defines whether to search all users visible to your HS
 # when searching the user directory, rather than limiting to users visible
-# in public rooms.  Defaults to false.  If you set it True, you'll have to
-# rebuild the user_directory search indexes, see
-# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md
+# in public rooms.  Defaults to false.  If you set it True, you'll have to run
+# UPDATE user_directory_stream_pos SET stream_id = NULL;
+# on your database to tell it to rebuild the user_directory search indexes.
 #
 #user_directory:
 #  enabled: true
@@ -1423,56 +1252,3 @@ password_config:
 #    alias: "*"
 #    room_id: "*"
 #    action: allow
-
-
-# Server admins can define a Python module that implements extra rules for
-# allowing or denying incoming events. In order to work, this module needs to
-# override the methods defined in synapse/events/third_party_rules.py.
-#
-# This feature is designed to be used in closed federations only, where each
-# participating server enforces the same rules.
-#
-#third_party_event_rules:
-#  module: "my_custom_project.SuperRulesSet"
-#  config:
-#    example_option: 'things'
-
-
-## Opentracing ##
-
-# These settings enable opentracing, which implements distributed tracing.
-# This allows you to observe the causal chains of events across servers
-# including requests, key lookups etc., across any server running
-# synapse or any other other services which supports opentracing
-# (specifically those implemented with Jaeger).
-#
-opentracing:
-    # tracing is disabled by default. Uncomment the following line to enable it.
-    #
-    #enabled: true
-
-    # The list of homeservers we wish to send and receive span contexts and span baggage.
-    # See docs/opentracing.rst
-    # This is a list of regexes which are matched against the server_name of the
-    # homeserver.
-    #
-    # By defult, it is empty, so no servers are matched.
-    #
-    #homeserver_whitelist:
-    #  - ".*"
-
-    # Jaeger can be configured to sample traces at different rates.
-    # All configuration options provided by Jaeger can be set here.
-    # Jaeger's configuration mostly related to trace sampling which
-    # is documented here:
-    # https://www.jaegertracing.io/docs/1.13/sampling/.
-    #
-    #jaeger_config:
-    #  sampler:
-    #    type: const
-    #    param: 1
-
-    #  Logging whether spans were started and reported
-    #
-    #  logging:
-    #    false
--- a/docs/sphinx/conf.py
+++ b/docs/sphinx/conf.py
@@ -18,220 +18,226 @@ import os
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
-sys.path.insert(0, os.path.abspath(".."))
+sys.path.insert(0, os.path.abspath('..'))

 # -- General configuration ------------------------------------------------

 # If your documentation needs a minimal Sphinx version, state it here.
-# needs_sphinx = '1.0'
+#needs_sphinx = '1.0'

 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
-    "sphinx.ext.autodoc",
-    "sphinx.ext.intersphinx",
-    "sphinx.ext.coverage",
-    "sphinx.ext.ifconfig",
-    "sphinxcontrib.napoleon",
+    'sphinx.ext.autodoc',
+    'sphinx.ext.intersphinx',
+    'sphinx.ext.coverage',
+    'sphinx.ext.ifconfig',
+    'sphinxcontrib.napoleon',
 ]

 # Add any paths that contain templates here, relative to this directory.
-templates_path = ["_templates"]
+templates_path = ['_templates']

 # The suffix of source filenames.
-source_suffix = ".rst"
+source_suffix = '.rst'

 # The encoding of source files.
-# source_encoding = 'utf-8-sig'
+#source_encoding = 'utf-8-sig'

 # The master toctree document.
-master_doc = "index"
+master_doc = 'index'

 # General information about the project.
-project = "Synapse"
-copyright = (
-    "Copyright 2014-2017 OpenMarket Ltd, 2017 Vector Creations Ltd, 2017 New Vector Ltd"
-)
+project = u'Synapse'
+copyright = u'Copyright 2014-2017 OpenMarket Ltd, 2017 Vector Creations Ltd, 2017 New Vector Ltd'

 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = "1.0"
+version = '1.0'
 # The full version, including alpha/beta/rc tags.
-release = "1.0"
+release = '1.0'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
-# language = None
+#language = None

 # There are two options for replacing |today|: either, you set today to some
 # non-false value, then it is used:
-# today = ''
+#today = ''
 # Else, today_fmt is used as the format for a strftime call.
-# today_fmt = '%B %d, %Y'
+#today_fmt = '%B %d, %Y'

 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
-exclude_patterns = ["_build"]
+exclude_patterns = ['_build']

 # The reST default role (used for this markup: `text`) to use for all
 # documents.
-# default_role = None
+#default_role = None

 # If true, '()' will be appended to :func: etc. cross-reference text.
-# add_function_parentheses = True
+#add_function_parentheses = True

 # If true, the current module name will be prepended to all description
 # unit titles (such as .. function::).
-# add_module_names = True
+#add_module_names = True

 # If true, sectionauthor and moduleauthor directives will be shown in the
 # output. They are ignored by default.
-# show_authors = False
+#show_authors = False

 # The name of the Pygments (syntax highlighting) style to use.
-pygments_style = "sphinx"
+pygments_style = 'sphinx'

 # A list of ignored prefixes for module index sorting.
-# modindex_common_prefix = []
+#modindex_common_prefix = []

 # If true, keep warnings as "system message" paragraphs in the built documents.
-# keep_warnings = False
+#keep_warnings = False


 # -- Options for HTML output ----------------------------------------------

 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
-html_theme = "default"
+html_theme = 'default'

 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
 # documentation.
-# html_theme_options = {}
+#html_theme_options = {}

 # Add any paths that contain custom themes here, relative to this directory.
-# html_theme_path = []
+#html_theme_path = []

 # The name for this set of Sphinx documents.  If None, it defaults to
 # "<project> v<release> documentation".
-# html_title = None
+#html_title = None

 # A shorter title for the navigation bar.  Default is the same as html_title.
-# html_short_title = None
+#html_short_title = None

 # The name of an image file (relative to this directory) to place at the top
 # of the sidebar.
-# html_logo = None
+#html_logo = None

 # The name of an image file (within the static path) to use as favicon of the
 # docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
 # pixels large.
-# html_favicon = None
+#html_favicon = None

 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ["_static"]
+html_static_path = ['_static']

 # Add any extra paths that contain custom files (such as robots.txt or
 # .htaccess) here, relative to this directory. These files are copied
 # directly to the root of the documentation.
-# html_extra_path = []
+#html_extra_path = []

 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
 # using the given strftime format.
-# html_last_updated_fmt = '%b %d, %Y'
+#html_last_updated_fmt = '%b %d, %Y'

 # If true, SmartyPants will be used to convert quotes and dashes to
 # typographically correct entities.
-# html_use_smartypants = True
+#html_use_smartypants = True

 # Custom sidebar templates, maps document names to template names.
-# html_sidebars = {}
+#html_sidebars = {}

 # Additional templates that should be rendered to pages, maps page names to
 # template names.
-# html_additional_pages = {}
+#html_additional_pages = {}

 # If false, no module index is generated.
-# html_domain_indices = True
+#html_domain_indices = True

 # If false, no index is generated.
-# html_use_index = True
+#html_use_index = True

 # If true, the index is split into individual pages for each letter.
-# html_split_index = False
+#html_split_index = False

 # If true, links to the reST sources are added to the pages.
-# html_show_sourcelink = True
+#html_show_sourcelink = True

 # If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
-# html_show_sphinx = True
+#html_show_sphinx = True

 # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
-# html_show_copyright = True
+#html_show_copyright = True

 # If true, an OpenSearch description file will be output, and all pages will
 # contain a <link> tag referring to it.  The value of this option must be the
 # base URL from which the finished HTML is served.
-# html_use_opensearch = ''
+#html_use_opensearch = ''

 # This is the file name suffix for HTML files (e.g. ".xhtml").
-# html_file_suffix = None
+#html_file_suffix = None

 # Output file base name for HTML help builder.
-htmlhelp_basename = "Synapsedoc"
+htmlhelp_basename = 'Synapsedoc'


 # -- Options for LaTeX output ---------------------------------------------

 latex_elements = {
-    # The paper size ('letterpaper' or 'a4paper').
-    #'papersize': 'letterpaper',
-    # The font size ('10pt', '11pt' or '12pt').
-    #'pointsize': '10pt',
-    # Additional stuff for the LaTeX preamble.
-    #'preamble': '',
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
 }

 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
-latex_documents = [("index", "Synapse.tex", "Synapse Documentation", "TNG", "manual")]
+latex_documents = [
+  ('index', 'Synapse.tex', u'Synapse Documentation',
+   u'TNG', 'manual'),
+]

 # The name of an image file (relative to this directory) to place at the top of
 # the title page.
-# latex_logo = None
+#latex_logo = None

 # For "manual" documents, if this is true, then toplevel headings are parts,
 # not chapters.
-# latex_use_parts = False
+#latex_use_parts = False

 # If true, show page references after internal links.
-# latex_show_pagerefs = False
+#latex_show_pagerefs = False

 # If true, show URL addresses after external links.
-# latex_show_urls = False
+#latex_show_urls = False

 # Documents to append as an appendix to all manuals.
-# latex_appendices = []
+#latex_appendices = []

 # If false, no module index is generated.
-# latex_domain_indices = True
+#latex_domain_indices = True


 # -- Options for manual page output ---------------------------------------

 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
-man_pages = [("index", "synapse", "Synapse Documentation", ["TNG"], 1)]
+man_pages = [
+    ('index', 'synapse', u'Synapse Documentation',
+     [u'TNG'], 1)
+]

 # If true, show URL addresses after external links.
-# man_show_urls = False
+#man_show_urls = False


 # -- Options for Texinfo output -------------------------------------------
@@ -240,32 +246,26 @@ man_pages = [("index", "synapse", "Synapse Documentation", ["TNG"], 1)]
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
-    (
-        "index",
-        "Synapse",
-        "Synapse Documentation",
-        "TNG",
-        "Synapse",
-        "One line description of project.",
-        "Miscellaneous",
-    )
+  ('index', 'Synapse', u'Synapse Documentation',
+   u'TNG', 'Synapse', 'One line description of project.',
+   'Miscellaneous'),
 ]

 # Documents to append as an appendix to all manuals.
-# texinfo_appendices = []
+#texinfo_appendices = []

 # If false, no module index is generated.
-# texinfo_domain_indices = True
+#texinfo_domain_indices = True

 # How to display URL addresses: 'footnote', 'no', or 'inline'.
-# texinfo_show_urls = 'footnote'
+#texinfo_show_urls = 'footnote'

 # If true, do not generate a @detailmenu in the "Top" node's menu.
-# texinfo_no_detailmenu = False
+#texinfo_no_detailmenu = False


 # Example configuration for intersphinx: refer to the Python standard library.
-intersphinx_mapping = {"http://docs.python.org/": None}
+intersphinx_mapping = {'http://docs.python.org/': None}

 napoleon_include_special_with_doc = True
 napoleon_use_ivar = True
--- a/docs/user_directory.md
+++ b/docs/user_directory.md
@@ -7,7 +7,11 @@ who are present in a publicly viewable room present on the server.

 The directory info is stored in various tables, which can (typically after
 DB corruption) get stale or out of sync.  If this happens, for now the
-solution to fix it is to execute the SQL here
-https://github.com/matrix-org/synapse/blob/master/synapse/storage/schema/delta/53/user_dir_populate.sql
-and then restart synapse. This should then start a background task to
+quickest solution to fix it is:
+
+```
+UPDATE user_directory_stream_pos SET stream_id = NULL;
+```
+
+and restart the synapse, which should then start a background task to
 flush the current tables and regenerate the directory.
--- a/docs/workers.rst
+++ b/docs/workers.rst
@@ -206,13 +206,6 @@ Handles the media repository. It can handle all endpoints starting with::

    /_matrix/media/

-And the following regular expressions matching media-specific administration
-APIs::
-
-    ^/_synapse/admin/v1/purge_media_cache$
-    ^/_synapse/admin/v1/room/.*/media$
-    ^/_synapse/admin/v1/quarantine_media/.*$
-
 You should also set ``enable_media_repo: False`` in the shared configuration
 file to stop the main synapse running background jobs related to managing the
 media repository.
@@ -246,13 +239,6 @@ be routed to the same instance::

    ^/_matrix/client/(r0|unstable)/register$

-Pagination requests can also be handled, but all requests with the same path
-room must be routed to the same instance. Additionally, care must be taken to
-ensure that the purge history admin API is not used while pagination requests
-for the room are in flight::
-
-    ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/messages$
-

 ``synapse.app.user_dir``
 ~~~~~~~~~~~~~~~~~~~~~~~~
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -14,11 +14,6 @@
        name = "Bugfixes"
        showcontent = true

-    [[tool.towncrier.type]]
-        directory = "docker"
-        name = "Updates to the Docker image"
-        showcontent = true
-
    [[tool.towncrier.type]]
        directory = "doc"
        name = "Improved Documentation"
@@ -33,24 +28,3 @@
        directory = "misc"
        name = "Internal Changes"
        showcontent = true
-
-[tool.black]
-target-version = ['py34']
-exclude = '''
-
-(
-  /(
-      \.eggs         # exclude a few common directories in the
-    | \.git          # root of the project
-    | \.tox
-    | \.venv
-    | \.env
-    | env
-    | _build
-    | _trial_temp.*
-    | build
-    | dist
-    | debian
-  )/
-)
-'''
--- a/scripts-dev/check_auth.py
+++ b/scripts-dev/check_auth.py
@@ -39,11 +39,11 @@ def check_auth(auth, auth_chain, events):
        print("Success:", e.event_id, e.type, e.state_key)


-if __name__ == "__main__":
+if __name__ == '__main__':
    parser = argparse.ArgumentParser()

    parser.add_argument(
-        "json", nargs="?", type=argparse.FileType("r"), default=sys.stdin
+        'json', nargs='?', type=argparse.FileType('r'), default=sys.stdin
    )

    args = parser.parse_args()
--- a/scripts-dev/check_event_hash.py
+++ b/scripts-dev/check_event_hash.py
@@ -0,0 +1,54 @@
+import argparse
+import hashlib
+import json
+import logging
+import sys
+
+from unpaddedbase64 import encode_base64
+
+from synapse.crypto.event_signing import (
+    check_event_content_hash,
+    compute_event_reference_hash,
+)
+
+
+class dictobj(dict):
+    def __init__(self, *args, **kargs):
+        dict.__init__(self, *args, **kargs)
+        self.__dict__ = self
+
+    def get_dict(self):
+        return dict(self)
+
+    def get_full_dict(self):
+        return dict(self)
+
+    def get_pdu_json(self):
+        return dict(self)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "input_json", nargs="?", type=argparse.FileType('r'), default=sys.stdin
+    )
+    args = parser.parse_args()
+    logging.basicConfig()
+
+    event_json = dictobj(json.load(args.input_json))
+
+    algorithms = {"sha256": hashlib.sha256}
+
+    for alg_name in event_json.hashes:
+        if check_event_content_hash(event_json, algorithms[alg_name]):
+            print("PASS content hash %s" % (alg_name,))
+        else:
+            print("FAIL content hash %s" % (alg_name,))
+
+    for algorithm in algorithms.values():
+        name, h_bytes = compute_event_reference_hash(event_json, algorithm)
+        print("Reference hash %s: %s" % (name, encode_base64(h_bytes)))
+
+
+if __name__ == "__main__":
+    main()
--- a/scripts-dev/check_signature.py
+++ b/scripts-dev/check_signature.py
@@ -1,3 +1,4 @@
+
 import argparse
 import json
 import logging
@@ -39,7 +40,7 @@ def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("signature_name")
    parser.add_argument(
-        "input_json", nargs="?", type=argparse.FileType("r"), default=sys.stdin
+        "input_json", nargs="?", type=argparse.FileType('r'), default=sys.stdin
    )

    args = parser.parse_args()
@@ -68,5 +69,5 @@ def main():
            print("FAIL %s" % (key_id,))


-if __name__ == "__main__":
+if __name__ == '__main__':
    main()
--- a/scripts-dev/convert_server_keys.py
+++ b/scripts-dev/convert_server_keys.py
@@ -116,5 +116,5 @@ def main():
    connection.commit()


-if __name__ == "__main__":
+if __name__ == '__main__':
    main()
--- a/scripts-dev/definitions.py
+++ b/scripts-dev/definitions.py
@@ -19,10 +19,10 @@ class DefinitionVisitor(ast.NodeVisitor):
        self.names = {}
        self.attrs = set()
        self.definitions = {
-            "def": self.functions,
-            "class": self.classes,
-            "names": self.names,
-            "attrs": self.attrs,
+            'def': self.functions,
+            'class': self.classes,
+            'names': self.names,
+            'attrs': self.attrs,
        }

    def visit_Name(self, node):
@@ -47,23 +47,23 @@ class DefinitionVisitor(ast.NodeVisitor):


 def non_empty(defs):
-    functions = {name: non_empty(f) for name, f in defs["def"].items()}
-    classes = {name: non_empty(f) for name, f in defs["class"].items()}
+    functions = {name: non_empty(f) for name, f in defs['def'].items()}
+    classes = {name: non_empty(f) for name, f in defs['class'].items()}
    result = {}
    if functions:
-        result["def"] = functions
+        result['def'] = functions
    if classes:
-        result["class"] = classes
-    names = defs["names"]
+        result['class'] = classes
+    names = defs['names']
    uses = []
-    for name in names.get("Load", ()):
-        if name not in names.get("Param", ()) and name not in names.get("Store", ()):
+    for name in names.get('Load', ()):
+        if name not in names.get('Param', ()) and name not in names.get('Store', ()):
            uses.append(name)
-    uses.extend(defs["attrs"])
+    uses.extend(defs['attrs'])
    if uses:
-        result["uses"] = uses
-    result["names"] = names
-    result["attrs"] = defs["attrs"]
+        result['uses'] = uses
+    result['names'] = names
+    result['attrs'] = defs['attrs']
    return result


@@ -81,33 +81,33 @@ def definitions_in_file(filepath):


 def defined_names(prefix, defs, names):
-    for name, funcs in defs.get("def", {}).items():
-        names.setdefault(name, {"defined": []})["defined"].append(prefix + name)
+    for name, funcs in defs.get('def', {}).items():
+        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
        defined_names(prefix + name + ".", funcs, names)

-    for name, funcs in defs.get("class", {}).items():
-        names.setdefault(name, {"defined": []})["defined"].append(prefix + name)
+    for name, funcs in defs.get('class', {}).items():
+        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
        defined_names(prefix + name + ".", funcs, names)


 def used_names(prefix, item, defs, names):
-    for name, funcs in defs.get("def", {}).items():
+    for name, funcs in defs.get('def', {}).items():
        used_names(prefix + name + ".", name, funcs, names)

-    for name, funcs in defs.get("class", {}).items():
+    for name, funcs in defs.get('class', {}).items():
        used_names(prefix + name + ".", name, funcs, names)

-    path = prefix.rstrip(".")
-    for used in defs.get("uses", ()):
+    path = prefix.rstrip('.')
+    for used in defs.get('uses', ()):
        if used in names:
            if item:
-                names[item].setdefault("uses", []).append(used)
-            names[used].setdefault("used", {}).setdefault(item, []).append(path)
+                names[item].setdefault('uses', []).append(used)
+            names[used].setdefault('used', {}).setdefault(item, []).append(path)


-if __name__ == "__main__":
+if __name__ == '__main__':

-    parser = argparse.ArgumentParser(description="Find definitions.")
+    parser = argparse.ArgumentParser(description='Find definitions.')
    parser.add_argument(
        "--unused", action="store_true", help="Only list unused definitions"
    )
@@ -119,7 +119,7 @@ if __name__ == "__main__":
    )
    parser.add_argument(
        "directories",
-        nargs="+",
+        nargs='+',
        metavar="DIR",
        help="Directories to search for definitions",
    )
@@ -164,7 +164,7 @@ if __name__ == "__main__":
            continue
        if ignore and any(pattern.match(name) for pattern in ignore):
            continue
-        if args.unused and definition.get("used"):
+        if args.unused and definition.get('used'):
            continue
        result[name] = definition

@@ -196,9 +196,9 @@ if __name__ == "__main__":
                continue
            result[name] = definition

-    if args.format == "yaml":
+    if args.format == 'yaml':
        yaml.dump(result, sys.stdout, default_flow_style=False)
-    elif args.format == "dot":
+    elif args.format == 'dot':
        print("digraph {")
        for name, entry in result.items():
            print(name)
--- a/scripts-dev/federation_client.py
+++ b/scripts-dev/federation_client.py
@@ -21,8 +21,7 @@ import argparse
 import base64
 import json
 import sys
-
-from six.moves.urllib import parse as urlparse
+from urlparse import urlparse, urlunparse

 import nacl.signing
 import requests
@@ -63,7 +62,7 @@ def encode_canonical_json(value):
        # Encode code-points outside of ASCII as UTF-8 rather than \u escapes
        ensure_ascii=False,
        # Remove unecessary white space.
-        separators=(",", ":"),
+        separators=(',', ':'),
        # Sort the keys of dictionaries.
        sort_keys=True,
        # Encode the resulting unicode as UTF-8 bytes.
@@ -145,8 +144,8 @@ def request_json(method, origin_name, origin_key, destination, path, content):
    authorization_headers = []

    for key, sig in signed_json["signatures"][origin_name].items():
-        header = 'X-Matrix origin=%s,key="%s",sig="%s"' % (origin_name, key, sig)
-        authorization_headers.append(header.encode("ascii"))
+        header = "X-Matrix origin=%s,key=\"%s\",sig=\"%s\"" % (origin_name, key, sig)
+        authorization_headers.append(bytes(header))
        print("Authorization: %s" % header, file=sys.stderr)

    dest = "matrix://%s%s" % (destination, path)
@@ -161,7 +160,11 @@ def request_json(method, origin_name, origin_key, destination, path, content):
        headers["Content-Type"] = "application/json"

    result = s.request(
-        method=method, url=dest, headers=headers, verify=False, data=content
+        method=method,
+        url=dest,
+        headers=headers,
+        verify=False,
+        data=content,
    )
    sys.stderr.write("Status Code: %d\n" % (result.status_code,))
    return result.json()
@@ -237,18 +240,18 @@ def main():


 def read_args_from_config(args):
-    with open(args.config, "r") as fh:
+    with open(args.config, 'r') as fh:
        config = yaml.safe_load(fh)
        if not args.server_name:
-            args.server_name = config["server_name"]
+            args.server_name = config['server_name']
        if not args.signing_key_path:
-            args.signing_key_path = config["signing_key_path"]
+            args.signing_key_path = config['signing_key_path']


 class MatrixConnectionAdapter(HTTPAdapter):
    @staticmethod
-    def lookup(s, skip_well_known=False):
-        if s[-1] == "]":
+    def lookup(s):
+        if s[-1] == ']':
            # ipv6 literal (with no port)
            return s, 8448

@@ -260,49 +263,19 @@ class MatrixConnectionAdapter(HTTPAdapter):
                raise ValueError("Invalid host:port '%s'" % s)
            return out[0], port

-        # try a .well-known lookup
-        if not skip_well_known:
-            well_known = MatrixConnectionAdapter.get_well_known(s)
-            if well_known:
-                return MatrixConnectionAdapter.lookup(well_known, skip_well_known=True)
-
        try:
            srv = srvlookup.lookup("matrix", "tcp", s)[0]
            return srv.host, srv.port
        except Exception:
            return s, 8448

-    @staticmethod
-    def get_well_known(server_name):
-        uri = "https://%s/.well-known/matrix/server" % (server_name,)
-        print("fetching %s" % (uri,), file=sys.stderr)
-
-        try:
-            resp = requests.get(uri)
-            if resp.status_code != 200:
-                print("%s gave %i" % (uri, resp.status_code), file=sys.stderr)
-                return None
-
-            parsed_well_known = resp.json()
-            if not isinstance(parsed_well_known, dict):
-                raise Exception("not a dict")
-            if "m.server" not in parsed_well_known:
-                raise Exception("Missing key 'm.server'")
-            new_name = parsed_well_known["m.server"]
-            print("well-known lookup gave %s" % (new_name,), file=sys.stderr)
-            return new_name
-
-        except Exception as e:
-            print("Invalid response from %s: %s" % (uri, e), file=sys.stderr)
-        return None
-
    def get_connection(self, url, proxies=None):
-        parsed = urlparse.urlparse(url)
+        parsed = urlparse(url)

        (host, port) = self.lookup(parsed.netloc)
        netloc = "%s:%d" % (host, port)
        print("Connecting to %s" % (netloc,), file=sys.stderr)
-        url = urlparse.urlunparse(
+        url = urlunparse(
            ("https", netloc, parsed.path, parsed.params, parsed.query, parsed.fragment)
        )
        return super(MatrixConnectionAdapter, self).get_connection(url, proxies)
--- a/scripts-dev/hash_history.py
+++ b/scripts-dev/hash_history.py
@@ -79,5 +79,5 @@ def main():
    conn.commit()


-if __name__ == "__main__":
+if __name__ == '__main__':
    main()
--- a/scripts-dev/lint.sh
+++ b/scripts-dev/lint.sh
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# Runs linting scripts over the local Synapse checkout
-# isort - sorts import statements
-# flake8 - lints and finds mistakes
-# black - opinionated code formatter
-
-set -e
-
-isort -y -rc synapse tests scripts-dev scripts
-flake8 synapse tests
-python3 -m black synapse tests scripts-dev scripts
--- a/scripts-dev/list_url_patterns.py
+++ b/scripts-dev/list_url_patterns.py
@@ -20,7 +20,9 @@ class CallVisitor(ast.NodeVisitor):
        else:
            return

-        if name == "client_patterns":
+        if name == "client_path_patterns":
+            PATTERNS_V1.append(node.args[0].s)
+        elif name == "client_v2_patterns":
            PATTERNS_V2.append(node.args[0].s)


@@ -35,11 +37,11 @@ def find_patterns_in_file(filepath):
        find_patterns_in_code(f.read())


-parser = argparse.ArgumentParser(description="Find url patterns.")
+parser = argparse.ArgumentParser(description='Find url patterns.')

 parser.add_argument(
    "directories",
-    nargs="+",
+    nargs='+',
    metavar="DIR",
    help="Directories to search for definitions",
 )
--- a/scripts-dev/tail-synapse.py
+++ b/scripts-dev/tail-synapse.py
@@ -63,5 +63,5 @@ def main():
            streams[update.name] = update.position


-if __name__ == "__main__":
+if __name__ == '__main__':
    main()
--- a/scripts/generate_config
+++ b/scripts/generate_config
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python

 import argparse
 import shutil
--- a/scripts/generate_signing_key.py
+++ b/scripts/generate_signing_key.py
@@ -1,37 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# Copyright 2019 The Matrix.org Foundation C.I.C.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-import argparse
-import sys
-
-from signedjson.key import generate_signing_key, write_signing_keys
-
-from synapse.util.stringutils import random_string
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser()
-
-    parser.add_argument(
-        "-o",
-        "--output_file",
-        type=argparse.FileType("w"),
-        default=sys.stdout,
-        help="Where to write the output to",
-    )
-    args = parser.parse_args()
-
-    key_id = "a_" + random_string(4)
-    key = (generate_signing_key(key_id),)
-    write_signing_keys(args.output_file, key)
--- a/scripts/move_remote_media_to_new_store.py
+++ b/scripts/move_remote_media_to_new_store.py
@@ -50,7 +50,7 @@ def main(src_repo, dest_repo):
    dest_paths = MediaFilePaths(dest_repo)
    for line in sys.stdin:
        line = line.strip()
-        parts = line.split("|")
+        parts = line.split('|')
        if len(parts) != 2:
            print("Unable to parse input line %s" % line, file=sys.stderr)
            exit(1)
@@ -107,7 +107,7 @@ if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
    )
-    parser.add_argument("-v", action="store_true", help="enable debug logging")
+    parser.add_argument("-v", action='store_true', help='enable debug logging')
    parser.add_argument("src_repo", help="Path to source content repo")
    parser.add_argument("dest_repo", help="Path to source content repo")
    args = parser.parse_args()
--- a/scripts/synapse_port_db
+++ b/scripts/synapse_port_db
@@ -54,7 +54,6 @@ BOOLEAN_COLUMNS = {
    "group_roles": ["is_public"],
    "local_group_membership": ["is_publicised", "is_admin"],
    "e2e_room_keys": ["is_verified"],
-    "account_validity": ["email_sent"],
 }


--- a/setup.cfg
+++ b/setup.cfg
@@ -15,17 +15,18 @@ ignore =
    tox.ini

 [flake8]
+max-line-length = 90
+
 # see https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
 # for error codes. The ones we ignore are:
 #  W503: line break before binary operator
 #  W504: line break after binary operator
 #  E203: whitespace before ':' (which is contrary to pep8?)
 #  E731: do not assign a lambda expression, use a def
-#  E501: Line too long (black enforces this for us)
-ignore=W503,W504,E203,E731,E501
+ignore=W503,W504,E203,E731

 [isort]
-line_length = 88
+line_length = 89
 not_skip = __init__.py
 sections=FUTURE,STDLIB,COMPAT,THIRDPARTY,TWISTED,FIRSTPARTY,TESTS,LOCALFOLDER
 default_section=THIRDPARTY
--- a/setup.py
+++ b/setup.py
@@ -60,12 +60,9 @@ class TestCommand(Command):
        pass

    def run(self):
-        print(
-            """Synapse's tests cannot be run via setup.py. To run them, try:
+        print ("""Synapse's tests cannot be run via setup.py. To run them, try:
     PYTHONPATH="." trial tests
-"""
-        )
-
+""")

 def read_file(path_segments):
    """Read a file from the package. Takes a list of strings to join to
@@ -87,9 +84,9 @@ version = exec_file(("synapse", "__init__.py"))["__version__"]
 dependencies = exec_file(("synapse", "python_dependencies.py"))
 long_description = read_file(("README.rst",))

-REQUIREMENTS = dependencies["REQUIREMENTS"]
-CONDITIONAL_REQUIREMENTS = dependencies["CONDITIONAL_REQUIREMENTS"]
-ALL_OPTIONAL_REQUIREMENTS = dependencies["ALL_OPTIONAL_REQUIREMENTS"]
+REQUIREMENTS = dependencies['REQUIREMENTS']
+CONDITIONAL_REQUIREMENTS = dependencies['CONDITIONAL_REQUIREMENTS']
+ALL_OPTIONAL_REQUIREMENTS = dependencies['ALL_OPTIONAL_REQUIREMENTS']

 # Make `pip install matrix-synapse[all]` install all the optional dependencies.
 CONDITIONAL_REQUIREMENTS["all"] = list(ALL_OPTIONAL_REQUIREMENTS)
@@ -105,16 +102,6 @@ setup(
    include_package_data=True,
    zip_safe=False,
    long_description=long_description,
-    python_requires="~=3.5",
-    classifiers=[
-        "Development Status :: 5 - Production/Stable",
-        "Topic :: Communications :: Chat",
-        "License :: OSI Approved :: Apache Software License",
-        "Programming Language :: Python :: 3 :: Only",
-        "Programming Language :: Python :: 3.5",
-        "Programming Language :: Python :: 3.6",
-        "Programming Language :: Python :: 3.7",
-    ],
    scripts=["synctl"] + glob.glob("scripts/*"),
-    cmdclass={"test": TestCommand},
+    cmdclass={'test': TestCommand},
 )
--- a/synapse/init.py
+++ b/synapse/init.py
@@ -17,22 +17,14 @@
 """ This is a reference implementation of a Matrix home server.
 """

-import sys
-
-# Check that we're not running on an unsupported Python version.
-if sys.version_info < (3, 5):
-    print("Synapse requires Python 3.5 or above.")
-    sys.exit(1)
-
 try:
    from twisted.internet import protocol
    from twisted.internet.protocol import Factory
    from twisted.names.dns import DNSDatagramProtocol
-
    protocol.Factory.noisy = False
    Factory.noisy = False
    DNSDatagramProtocol.noisy = False
 except ImportError:
    pass

-__version__ = "1.3.1"
+__version__ = "0.99.5.1"
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@@ -57,18 +57,18 @@ def request_registration(

    nonce = r.json()["nonce"]

-    mac = hmac.new(key=shared_secret.encode("utf8"), digestmod=hashlib.sha1)
+    mac = hmac.new(key=shared_secret.encode('utf8'), digestmod=hashlib.sha1)

-    mac.update(nonce.encode("utf8"))
+    mac.update(nonce.encode('utf8'))
    mac.update(b"\x00")
-    mac.update(user.encode("utf8"))
+    mac.update(user.encode('utf8'))
    mac.update(b"\x00")
-    mac.update(password.encode("utf8"))
+    mac.update(password.encode('utf8'))
    mac.update(b"\x00")
    mac.update(b"admin" if admin else b"notadmin")
    if user_type:
        mac.update(b"\x00")
-        mac.update(user_type.encode("utf8"))
+        mac.update(user_type.encode('utf8'))

    mac = mac.hexdigest()

@@ -134,9 +134,8 @@ def register_new_user(user, password, server_location, shared_secret, admin, use
        else:
            admin = False

-    request_registration(
-        user, password, server_location, shared_secret, bool(admin), user_type
-    )
+    request_registration(user, password, server_location, shared_secret,
+                         bool(admin), user_type)


 def main():
@@ -190,7 +189,7 @@ def main():
    group.add_argument(
        "-c",
        "--config",
-        type=argparse.FileType("r"),
+        type=argparse.FileType('r'),
        help="Path to server config file. Used to read in shared secret.",
    )

@@ -201,7 +200,7 @@ def main():
    parser.add_argument(
        "server_url",
        default="https://localhost:8448",
-        nargs="?",
+        nargs='?',
        help="URL to use to talk to the home server. Defaults to "
        " 'https://localhost:8448'.",
    )
@@ -221,9 +220,8 @@ def main():
    if args.admin or args.no_admin:
        admin = args.admin

-    register_new_user(
-        args.user, args.password, args.server_url, secret, admin, args.user_type
-    )
+    register_new_user(args.user, args.password, args.server_url, secret,
+                      admin, args.user_type)


 if __name__ == "__main__":
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -25,13 +25,7 @@ from twisted.internet import defer
 import synapse.types
 from synapse import event_auth
 from synapse.api.constants import EventTypes, JoinRules, Membership
-from synapse.api.errors import (
-    AuthError,
-    Codes,
-    InvalidClientTokenError,
-    MissingClientTokenError,
-    ResourceLimitError,
-)
+from synapse.api.errors import AuthError, Codes, ResourceLimitError
 from synapse.config.server import is_threepid_reserved
 from synapse.types import UserID
 from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache
@@ -42,11 +36,8 @@ logger = logging.getLogger(__name__)


 AuthEventTypes = (
-    EventTypes.Create,
-    EventTypes.Member,
-    EventTypes.PowerLevels,
-    EventTypes.JoinRules,
-    EventTypes.RoomHistoryVisibility,
+    EventTypes.Create, EventTypes.Member, EventTypes.PowerLevels,
+    EventTypes.JoinRules, EventTypes.RoomHistoryVisibility,
    EventTypes.ThirdPartyInvite,
 )

@@ -63,12 +54,12 @@ class Auth(object):
    FIXME: This class contains a mix of functions for authenticating users
    of our client-server API and authenticating events added to room graphs.
    """
-
    def __init__(self, hs):
        self.hs = hs
        self.clock = hs.get_clock()
        self.store = hs.get_datastore()
        self.state = hs.get_state_handler()
+        self.TOKEN_NOT_FOUND_HTTP_STATUS = 401

        self.token_cache = LruCache(CACHE_SIZE_FACTOR * 10000)
        register_cache("cache", "token_cache", self.token_cache)
@@ -79,12 +70,15 @@ class Auth(object):
    def check_from_context(self, room_version, event, context, do_sig_check=True):
        prev_state_ids = yield context.get_prev_state_ids(self.store)
        auth_events_ids = yield self.compute_auth_events(
-            event, prev_state_ids, for_verification=True
+            event, prev_state_ids, for_verification=True,
        )
        auth_events = yield self.store.get_events(auth_events_ids)
-        auth_events = {(e.type, e.state_key): e for e in itervalues(auth_events)}
+        auth_events = {
+            (e.type, e.state_key): e for e in itervalues(auth_events)
+        }
        self.check(
-            room_version, event, auth_events=auth_events, do_sig_check=do_sig_check
+            room_version, event,
+            auth_events=auth_events, do_sig_check=do_sig_check,
        )

    def check(self, room_version, event, auth_events, do_sig_check=True):
@@ -121,14 +115,19 @@ class Auth(object):
            the room.
        """
        if current_state:
-            member = current_state.get((EventTypes.Member, user_id), None)
+            member = current_state.get(
+                (EventTypes.Member, user_id),
+                None
+            )
        else:
            member = yield self.state.get_current_state(
-                room_id=room_id, event_type=EventTypes.Member, state_key=user_id
+                room_id=room_id,
+                event_type=EventTypes.Member,
+                state_key=user_id
            )

        self._check_joined_room(member, user_id, room_id)
-        return member
+        defer.returnValue(member)

    @defer.inlineCallbacks
    def check_user_was_in_room(self, room_id, user_id):
@@ -144,31 +143,37 @@ class Auth(object):
            the room. This will be the leave event if they have left the room.
        """
        member = yield self.state.get_current_state(
-            room_id=room_id, event_type=EventTypes.Member, state_key=user_id
+            room_id=room_id,
+            event_type=EventTypes.Member,
+            state_key=user_id
        )
        membership = member.membership if member else None

        if membership not in (Membership.JOIN, Membership.LEAVE):
-            raise AuthError(403, "User %s not in room %s" % (user_id, room_id))
+            raise AuthError(403, "User %s not in room %s" % (
+                user_id, room_id
+            ))

        if membership == Membership.LEAVE:
            forgot = yield self.store.did_forget(user_id, room_id)
            if forgot:
-                raise AuthError(403, "User %s not in room %s" % (user_id, room_id))
+                raise AuthError(403, "User %s not in room %s" % (
+                    user_id, room_id
+                ))

-        return member
+        defer.returnValue(member)

    @defer.inlineCallbacks
    def check_host_in_room(self, room_id, host):
        with Measure(self.clock, "check_host_in_room"):
            latest_event_ids = yield self.store.is_host_joined(room_id, host)
-            return latest_event_ids
+            defer.returnValue(latest_event_ids)

    def _check_joined_room(self, member, user_id, room_id):
        if not member or member.membership != Membership.JOIN:
-            raise AuthError(
-                403, "User %s not in room %s (%s)" % (user_id, room_id, repr(member))
-            )
+            raise AuthError(403, "User %s not in room %s (%s)" % (
+                user_id, room_id, repr(member)
+            ))

    def can_federate(self, event, auth_events):
        creation_event = auth_events.get((EventTypes.Create, ""))
@@ -179,32 +184,27 @@ class Auth(object):
        return event_auth.get_public_keys(invite_event)

    @defer.inlineCallbacks
-    def get_user_by_req(
-        self, request, allow_guest=False, rights="access", allow_expired=False
-    ):
+    def get_user_by_req(self, request, allow_guest=False, rights="access"):
        """ Get a registered user's ID.

        Args:
            request - An HTTP request with an access_token query parameter.
-            allow_expired - Whether to allow the request through even if the account is
-                expired. If true, Synapse will still require an access token to be
-                provided but won't check if the account it belongs to has expired. This
-                works thanks to /login delivering access tokens regardless of accounts'
-                expiration.
        Returns:
            defer.Deferred: resolves to a ``synapse.types.Requester`` object
        Raises:
-            InvalidClientCredentialsError if no user by that token exists or the token
-                is invalid.
-            AuthError if access is denied for the user in the access token
+            AuthError if no user by that token exists or the token is invalid.
        """
+        # Can optionally look elsewhere in the request (e.g. headers)
        try:
            ip_addr = self.hs.get_ip_from_request(request)
            user_agent = request.requestHeaders.getRawHeaders(
-                b"User-Agent", default=[b""]
-            )[0].decode("ascii", "surrogateescape")
+                b"User-Agent",
+                default=[b""]
+            )[0].decode('ascii', 'surrogateescape')

-            access_token = self.get_access_token_from_request(request)
+            access_token = self.get_access_token_from_request(
+                request, self.TOKEN_NOT_FOUND_HTTP_STATUS
+            )

            user_id, app_service = yield self._get_appservice_user_id(request)
            if user_id:
@@ -219,7 +219,9 @@ class Auth(object):
                        device_id="dummy-device",  # stubbed
                    )

-                return synapse.types.create_requester(user_id, app_service=app_service)
+                defer.returnValue(
+                    synapse.types.create_requester(user_id, app_service=app_service)
+                )

            user_info = yield self.get_user_by_access_token(access_token, rights)
            user = user_info["user"]
@@ -227,15 +229,14 @@ class Auth(object):
            is_guest = user_info["is_guest"]

            # Deny the request if the user account has expired.
-            if self._account_validity.enabled and not allow_expired:
+            if self._account_validity.enabled:
                user_id = user.to_string()
                expiration_ts = yield self.store.get_expiration_ts_for_user(user_id)
-                if (
-                    expiration_ts is not None
-                    and self.clock.time_msec() >= expiration_ts
-                ):
+                if expiration_ts is not None and self.clock.time_msec() >= expiration_ts:
                    raise AuthError(
-                        403, "User account has expired", errcode=Codes.EXPIRED_ACCOUNT
+                        403,
+                        "User account has expired",
+                        errcode=Codes.EXPIRED_ACCOUNT,
                    )

            # device_id may not be present if get_user_by_access_token has been
@@ -253,44 +254,53 @@ class Auth(object):

            if is_guest and not allow_guest:
                raise AuthError(
-                    403,
-                    "Guest access not allowed",
-                    errcode=Codes.GUEST_ACCESS_FORBIDDEN,
+                    403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
                )

            request.authenticated_entity = user.to_string()

-            return synapse.types.create_requester(
-                user, token_id, is_guest, device_id, app_service=app_service
+            defer.returnValue(synapse.types.create_requester(
+                user, token_id, is_guest, device_id, app_service=app_service)
            )
        except KeyError:
-            raise MissingClientTokenError()
+            raise AuthError(
+                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
+                errcode=Codes.MISSING_TOKEN
+            )

    @defer.inlineCallbacks
    def _get_appservice_user_id(self, request):
        app_service = self.store.get_app_service_by_token(
-            self.get_access_token_from_request(request)
+            self.get_access_token_from_request(
+                request, self.TOKEN_NOT_FOUND_HTTP_STATUS
+            )
        )
        if app_service is None:
-            return (None, None)
+            defer.returnValue((None, None))

        if app_service.ip_range_whitelist:
            ip_address = IPAddress(self.hs.get_ip_from_request(request))
            if ip_address not in app_service.ip_range_whitelist:
-                return (None, None)
+                defer.returnValue((None, None))

        if b"user_id" not in request.args:
-            return (app_service.sender, app_service)
+            defer.returnValue((app_service.sender, app_service))

-        user_id = request.args[b"user_id"][0].decode("utf8")
+        user_id = request.args[b"user_id"][0].decode('utf8')
        if app_service.sender == user_id:
-            return (app_service.sender, app_service)
+            defer.returnValue((app_service.sender, app_service))

        if not app_service.is_interested_in_user(user_id):
-            raise AuthError(403, "Application service cannot masquerade as this user.")
+            raise AuthError(
+                403,
+                "Application service cannot masquerade as this user."
+            )
        if not (yield self.store.get_user_by_id(user_id)):
-            raise AuthError(403, "Application service has not registered this user")
-        return (user_id, app_service)
+            raise AuthError(
+                403,
+                "Application service has not registered this user"
+            )
+        defer.returnValue((user_id, app_service))

    @defer.inlineCallbacks
    def get_user_by_access_token(self, token, rights="access"):
@@ -307,26 +317,14 @@ class Auth(object):
               `token_id` (int|None): access token id. May be None if guest
               `device_id` (str|None): device corresponding to access token
        Raises:
-            InvalidClientCredentialsError if no user by that token exists or the token
-                is invalid.
+            AuthError if no user by that token exists or the token is invalid.
        """

        if rights == "access":
            # first look in the database
            r = yield self._look_up_user_by_access_token(token)
            if r:
-                valid_until_ms = r["valid_until_ms"]
-                if (
-                    valid_until_ms is not None
-                    and valid_until_ms < self.clock.time_msec()
-                ):
-                    # there was a valid access token, but it has expired.
-                    # soft-logout the user.
-                    raise InvalidClientTokenError(
-                        msg="Access token has expired", soft_logout=True
-                    )
-
-                return r
+                defer.returnValue(r)

        # otherwise it needs to be a valid macaroon
        try:
@@ -337,7 +335,11 @@ class Auth(object):
                if not guest:
                    # non-guest access tokens must be in the database
                    logger.warning("Unrecognised access token - not in store.")
-                    raise InvalidClientTokenError()
+                    raise AuthError(
+                        self.TOKEN_NOT_FOUND_HTTP_STATUS,
+                        "Unrecognised access token.",
+                        errcode=Codes.UNKNOWN_TOKEN,
+                    )

                # Guest access tokens are not stored in the database (there can
                # only be one access token per guest, anyway).
@@ -352,10 +354,16 @@ class Auth(object):
                # guest tokens.
                stored_user = yield self.store.get_user_by_id(user_id)
                if not stored_user:
-                    raise InvalidClientTokenError("Unknown user_id %s" % user_id)
+                    raise AuthError(
+                        self.TOKEN_NOT_FOUND_HTTP_STATUS,
+                        "Unknown user_id %s" % user_id,
+                        errcode=Codes.UNKNOWN_TOKEN
+                    )
                if not stored_user["is_guest"]:
-                    raise InvalidClientTokenError(
-                        "Guest access token used for regular user"
+                    raise AuthError(
+                        self.TOKEN_NOT_FOUND_HTTP_STATUS,
+                        "Guest access token used for regular user",
+                        errcode=Codes.UNKNOWN_TOKEN
                    )
                ret = {
                    "user": user,
@@ -374,7 +382,7 @@ class Auth(object):
                }
            else:
                raise RuntimeError("Unknown rights setting %s", rights)
-            return ret
+            defer.returnValue(ret)
        except (
            _InvalidMacaroonException,
            pymacaroons.exceptions.MacaroonException,
@@ -382,7 +390,10 @@ class Auth(object):
            ValueError,
        ) as e:
            logger.warning("Invalid macaroon in auth: %s %s", type(e), e)
-            raise InvalidClientTokenError("Invalid macaroon passed.")
+            raise AuthError(
+                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Invalid macaroon passed.",
+                errcode=Codes.UNKNOWN_TOKEN
+            )

    def _parse_and_validate_macaroon(self, token, rights="access"):
        """Takes a macaroon and tries to parse and validate it. This is cached
@@ -410,16 +421,25 @@ class Auth(object):
        try:
            user_id = self.get_user_id_from_macaroon(macaroon)

+            has_expiry = False
            guest = False
            for caveat in macaroon.caveats:
-                if caveat.caveat_id == "guest = true":
+                if caveat.caveat_id.startswith("time "):
+                    has_expiry = True
+                elif caveat.caveat_id == "guest = true":
                    guest = True

-            self.validate_macaroon(macaroon, rights, user_id=user_id)
+            self.validate_macaroon(
+                macaroon, rights, self.hs.config.expire_access_token,
+                user_id=user_id,
+            )
        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
-            raise InvalidClientTokenError("Invalid macaroon passed.")
+            raise AuthError(
+                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Invalid macaroon passed.",
+                errcode=Codes.UNKNOWN_TOKEN
+            )

-        if rights == "access":
+        if not has_expiry and rights == "access":
            self.token_cache[token] = (user_id, guest)

        return user_id, guest
@@ -436,16 +456,18 @@ class Auth(object):
            (str) user id

        Raises:
-            InvalidClientCredentialsError if there is no user_id caveat in the
-                macaroon
+            AuthError if there is no user_id caveat in the macaroon
        """
        user_prefix = "user_id = "
        for caveat in macaroon.caveats:
            if caveat.caveat_id.startswith(user_prefix):
-                return caveat.caveat_id[len(user_prefix) :]
-        raise InvalidClientTokenError("No user caveat in macaroon")
+                return caveat.caveat_id[len(user_prefix):]
+        raise AuthError(
+            self.TOKEN_NOT_FOUND_HTTP_STATUS, "No user caveat in macaroon",
+            errcode=Codes.UNKNOWN_TOKEN
+        )

-    def validate_macaroon(self, macaroon, type_string, user_id):
+    def validate_macaroon(self, macaroon, type_string, verify_expiry, user_id):
        """
        validate that a Macaroon is understood by and was signed by this server.

@@ -453,6 +475,7 @@ class Auth(object):
            macaroon(pymacaroons.Macaroon): The macaroon to validate
            type_string(str): The kind of token required (e.g. "access",
                              "delete_pusher")
+            verify_expiry(bool): Whether to verify whether the macaroon has expired.
            user_id (str): The user_id required
        """
        v = pymacaroons.Verifier()
@@ -465,7 +488,19 @@ class Auth(object):
        v.satisfy_exact("type = " + type_string)
        v.satisfy_exact("user_id = %s" % user_id)
        v.satisfy_exact("guest = true")
-        v.satisfy_general(self._verify_expiry)
+
+        # verify_expiry should really always be True, but there exist access
+        # tokens in the wild which expire when they should not, so we can't
+        # enforce expiry yet (so we have to allow any caveat starting with
+        # 'time < ' in access tokens).
+        #
+        # On the other hand, short-term login tokens (as used by CAS login, for
+        # example) have an expiry time which we do want to enforce.
+
+        if verify_expiry:
+            v.satisfy_general(self._verify_expiry)
+        else:
+            v.satisfy_general(lambda c: c.startswith("time < "))

        # access_tokens include a nonce for uniqueness: any value is acceptable
        v.satisfy_general(lambda c: c.startswith("nonce = "))
@@ -476,7 +511,7 @@ class Auth(object):
        prefix = "time < "
        if not caveat.startswith(prefix):
            return False
-        expiry = int(caveat[len(prefix) :])
+        expiry = int(caveat[len(prefix):])
        now = self.hs.get_clock().time_msec()
        return now < expiry

@@ -484,7 +519,7 @@ class Auth(object):
    def _look_up_user_by_access_token(self, token):
        ret = yield self.store.get_user_by_access_token(token)
        if not ret:
-            return None
+            defer.returnValue(None)

        # we use ret.get() below because *lots* of unit tests stub out
        # get_user_by_access_token in a way where it only returns a couple of
@@ -494,18 +529,28 @@ class Auth(object):
            "token_id": ret.get("token_id", None),
            "is_guest": False,
            "device_id": ret.get("device_id"),
-            "valid_until_ms": ret.get("valid_until_ms"),
        }
-        return user_info
+        defer.returnValue(user_info)

    def get_appservice_by_req(self, request):
-        token = self.get_access_token_from_request(request)
-        service = self.store.get_app_service_by_token(token)
-        if not service:
-            logger.warn("Unrecognised appservice access token.")
-            raise InvalidClientTokenError()
-        request.authenticated_entity = service.sender
-        return defer.succeed(service)
+        try:
+            token = self.get_access_token_from_request(
+                request, self.TOKEN_NOT_FOUND_HTTP_STATUS
+            )
+            service = self.store.get_app_service_by_token(token)
+            if not service:
+                logger.warn("Unrecognised appservice access token.")
+                raise AuthError(
+                    self.TOKEN_NOT_FOUND_HTTP_STATUS,
+                    "Unrecognised access token.",
+                    errcode=Codes.UNKNOWN_TOKEN
+                )
+            request.authenticated_entity = service.sender
+            return defer.succeed(service)
+        except KeyError:
+            raise AuthError(
+                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token."
+            )

    def is_server_admin(self, user):
        """ Check if the given user is a local server admin.
@@ -521,23 +566,23 @@ class Auth(object):
    @defer.inlineCallbacks
    def compute_auth_events(self, event, current_state_ids, for_verification=False):
        if event.type == EventTypes.Create:
-            return []
+            defer.returnValue([])

        auth_ids = []

-        key = (EventTypes.PowerLevels, "")
+        key = (EventTypes.PowerLevels, "", )
        power_level_event_id = current_state_ids.get(key)

        if power_level_event_id:
            auth_ids.append(power_level_event_id)

-        key = (EventTypes.JoinRules, "")
+        key = (EventTypes.JoinRules, "", )
        join_rule_event_id = current_state_ids.get(key)

-        key = (EventTypes.Member, event.sender)
+        key = (EventTypes.Member, event.sender, )
        member_event_id = current_state_ids.get(key)

-        key = (EventTypes.Create, "")
+        key = (EventTypes.Create, "", )
        create_event_id = current_state_ids.get(key)
        if create_event_id:
            auth_ids.append(create_event_id)
@@ -563,7 +608,7 @@ class Auth(object):
                    auth_ids.append(member_event_id)

                if for_verification:
-                    key = (EventTypes.Member, event.state_key)
+                    key = (EventTypes.Member, event.state_key, )
                    existing_event_id = current_state_ids.get(key)
                    if existing_event_id:
                        auth_ids.append(existing_event_id)
@@ -572,7 +617,7 @@ class Auth(object):
                if "third_party_invite" in event.content:
                    key = (
                        EventTypes.ThirdPartyInvite,
-                        event.content["third_party_invite"]["signed"]["token"],
+                        event.content["third_party_invite"]["signed"]["token"]
                    )
                    third_party_invite_id = current_state_ids.get(key)
                    if third_party_invite_id:
@@ -582,7 +627,22 @@ class Auth(object):
            if member_event.content["membership"] == Membership.JOIN:
                auth_ids.append(member_event.event_id)

-        return auth_ids
+        defer.returnValue(auth_ids)
+
+    def check_redaction(self, room_version, event, auth_events):
+        """Check whether the event sender is allowed to redact the target event.
+
+        Returns:
+            True if the the sender is allowed to redact the target event if the
+                target event was created by them.
+            False if the sender is allowed to redact the target event with no
+                further checks.
+
+        Raises:
+            AuthError if the event sender is definitely not allowed to redact
+                the target event.
+        """
+        return event_auth.check_redaction(room_version, event, auth_events)

    @defer.inlineCallbacks
    def check_can_change_room_list(self, room_id, user):
@@ -596,7 +656,7 @@ class Auth(object):

        is_admin = yield self.is_server_admin(user)
        if is_admin:
-            return True
+            defer.returnValue(True)

        user_id = user.to_string()
        yield self.check_joined_room(room_id, user_id)
@@ -613,7 +673,7 @@ class Auth(object):
            auth_events[(EventTypes.PowerLevels, "")] = power_level_event

        send_level = event_auth.get_send_level(
-            EventTypes.Aliases, "", power_level_event
+            EventTypes.Aliases, "", power_level_event,
        )
        user_level = event_auth.get_user_power_level(user_id, auth_events)

@@ -621,7 +681,7 @@ class Auth(object):
            raise AuthError(
                403,
                "This server requires you to be a moderator in the room to"
-                " edit its room list entry",
+                " edit its room list entry"
            )

    @staticmethod
@@ -636,16 +696,20 @@ class Auth(object):
        return bool(query_params) or bool(auth_headers)

    @staticmethod
-    def get_access_token_from_request(request):
+    def get_access_token_from_request(request, token_not_found_http_status=401):
        """Extracts the access_token from the request.

        Args:
            request: The http request.
+            token_not_found_http_status(int): The HTTP status code to set in the
+                AuthError if the token isn't found. This is used in some of the
+                legacy APIs to change the status code to 403 from the default of
+                401 since some of the old clients depended on auth errors returning
+                403.
        Returns:
            unicode: The access_token
        Raises:
-            MissingClientTokenError: If there isn't a single access_token in the
-                request
+            AuthError: If there isn't an access_token in the request.
        """

        auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
@@ -654,22 +718,36 @@ class Auth(object):
            # Try the get the access_token from a "Authorization: Bearer"
            # header
            if query_params is not None:
-                raise MissingClientTokenError(
-                    "Mixing Authorization headers and access_token query parameters."
+                raise AuthError(
+                    token_not_found_http_status,
+                    "Mixing Authorization headers and access_token query parameters.",
+                    errcode=Codes.MISSING_TOKEN,
                )
            if len(auth_headers) > 1:
-                raise MissingClientTokenError("Too many Authorization headers.")
+                raise AuthError(
+                    token_not_found_http_status,
+                    "Too many Authorization headers.",
+                    errcode=Codes.MISSING_TOKEN,
+                )
            parts = auth_headers[0].split(b" ")
            if parts[0] == b"Bearer" and len(parts) == 2:
-                return parts[1].decode("ascii")
+                return parts[1].decode('ascii')
            else:
-                raise MissingClientTokenError("Invalid Authorization header.")
+                raise AuthError(
+                    token_not_found_http_status,
+                    "Invalid Authorization header.",
+                    errcode=Codes.MISSING_TOKEN,
+                )
        else:
            # Try to get the access_token from the query params.
            if not query_params:
-                raise MissingClientTokenError()
+                raise AuthError(
+                    token_not_found_http_status,
+                    "Missing access token.",
+                    errcode=Codes.MISSING_TOKEN
+                )

-            return query_params[0].decode("ascii")
+            return query_params[0].decode('ascii')

    @defer.inlineCallbacks
    def check_in_room_or_world_readable(self, room_id, user_id):
@@ -690,16 +768,16 @@ class Auth(object):
            #  * The user is a guest user, and has joined the room
            # else it will throw.
            member_event = yield self.check_user_was_in_room(room_id, user_id)
-            return (member_event.membership, member_event.event_id)
+            defer.returnValue((member_event.membership, member_event.event_id))
        except AuthError:
            visibility = yield self.state.get_current_state(
                room_id, EventTypes.RoomHistoryVisibility, ""
            )
            if (
-                visibility
-                and visibility.content["history_visibility"] == "world_readable"
+                visibility and
+                visibility.content["history_visibility"] == "world_readable"
            ):
-                return (Membership.JOIN, None)
+                defer.returnValue((Membership.JOIN, None))
                return
            raise AuthError(
                403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
@@ -731,11 +809,10 @@ class Auth(object):

        if self.hs.config.hs_disabled:
            raise ResourceLimitError(
-                403,
-                self.hs.config.hs_disabled_message,
+                403, self.hs.config.hs_disabled_message,
                errcode=Codes.RESOURCE_LIMIT_EXCEEDED,
                admin_contact=self.hs.config.admin_contact,
-                limit_type=self.hs.config.hs_disabled_limit_type,
+                limit_type=self.hs.config.hs_disabled_limit_type
            )
        if self.hs.config.limit_usage_by_mau is True:
            assert not (user_id and threepid)
@@ -760,9 +837,8 @@ class Auth(object):
            current_mau = yield self.store.get_monthly_active_count()
            if current_mau >= self.hs.config.max_mau_value:
                raise ResourceLimitError(
-                    403,
-                    "Monthly Active User Limit Exceeded",
+                    403, "Monthly Active User Limit Exceeded",
                    admin_contact=self.hs.config.admin_contact,
                    errcode=Codes.RESOURCE_LIMIT_EXCEEDED,
-                    limit_type="monthly_active_user",
+                    limit_type="monthly_active_user"
                )
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -18,7 +18,7 @@
 """Contains constants from the specification."""

 # the "depth" field on events is limited to 2**63 - 1
-MAX_DEPTH = 2 ** 63 - 1
+MAX_DEPTH = 2**63 - 1

 # the maximum length for a room alias is 255 characters
 MAX_ALIAS_LENGTH = 255
@@ -30,41 +30,39 @@ MAX_USERID_LENGTH = 255
 class Membership(object):

    """Represents the membership states of a user in a room."""
-
-    INVITE = "invite"
-    JOIN = "join"
-    KNOCK = "knock"
-    LEAVE = "leave"
-    BAN = "ban"
+    INVITE = u"invite"
+    JOIN = u"join"
+    KNOCK = u"knock"
+    LEAVE = u"leave"
+    BAN = u"ban"
    LIST = (INVITE, JOIN, KNOCK, LEAVE, BAN)


 class PresenceState(object):
    """Represents the presence state of a user."""
-
-    OFFLINE = "offline"
-    UNAVAILABLE = "unavailable"
-    ONLINE = "online"
+    OFFLINE = u"offline"
+    UNAVAILABLE = u"unavailable"
+    ONLINE = u"online"


 class JoinRules(object):
-    PUBLIC = "public"
-    KNOCK = "knock"
-    INVITE = "invite"
-    PRIVATE = "private"
+    PUBLIC = u"public"
+    KNOCK = u"knock"
+    INVITE = u"invite"
+    PRIVATE = u"private"


 class LoginType(object):
-    PASSWORD = "m.login.password"
-    EMAIL_IDENTITY = "m.login.email.identity"
-    MSISDN = "m.login.msisdn"
-    RECAPTCHA = "m.login.recaptcha"
-    TERMS = "m.login.terms"
-    DUMMY = "m.login.dummy"
+    PASSWORD = u"m.login.password"
+    EMAIL_IDENTITY = u"m.login.email.identity"
+    MSISDN = u"m.login.msisdn"
+    RECAPTCHA = u"m.login.recaptcha"
+    TERMS = u"m.login.terms"
+    DUMMY = u"m.login.dummy"

    # Only for C/S API v1
-    APPLICATION_SERVICE = "m.login.application_service"
-    SHARED_SECRET = "org.matrix.login.shared_secret"
+    APPLICATION_SERVICE = u"m.login.application_service"
+    SHARED_SECRET = u"org.matrix.login.shared_secret"


 class EventTypes(object):
@@ -120,7 +118,6 @@ class UserTypes(object):
    """Allows for user type specific behaviour. With the benefit of hindsight
    'admin' and 'guest' users should also be UserTypes. Normal users are type None
    """
-
    SUPPORT = "support"
    ALL_USER_TYPES = (SUPPORT,)

@@ -128,7 +125,6 @@ class UserTypes(object):
 class RelationTypes(object):
    """The types of relations known to this server.
    """
-
    ANNOTATION = "m.annotation"
    REPLACE = "m.replace"
    REFERENCE = "m.reference"
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -61,7 +61,6 @@ class Codes(object):
    INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
    WRONG_ROOM_KEYS_VERSION = "M_WRONG_ROOM_KEYS_VERSION"
    EXPIRED_ACCOUNT = "ORG_MATRIX_EXPIRED_ACCOUNT"
-    USER_DEACTIVATED = "M_USER_DEACTIVATED"


 class CodeMessageException(RuntimeError):
@@ -71,7 +70,6 @@ class CodeMessageException(RuntimeError):
        code (int): HTTP error code
        msg (str): string describing the error
    """
-
    def __init__(self, code, msg):
        super(CodeMessageException, self).__init__("%d: %s" % (code, msg))
        self.code = code
@@ -85,7 +83,6 @@ class SynapseError(CodeMessageException):
    Attributes:
        errcode (str): Matrix error code e.g 'M_FORBIDDEN'
    """
-
    def __init__(self, code, msg, errcode=Codes.UNKNOWN):
        """Constructs a synapse error.

@@ -98,7 +95,10 @@ class SynapseError(CodeMessageException):
        self.errcode = errcode

    def error_dict(self):
-        return cs_error(self.msg, self.errcode)
+        return cs_error(
+            self.msg,
+            self.errcode,
+        )


 class ProxiedRequestError(SynapseError):
@@ -107,23 +107,27 @@ class ProxiedRequestError(SynapseError):
    Attributes:
        errcode (str): Matrix error code e.g 'M_FORBIDDEN'
    """
-
    def __init__(self, code, msg, errcode=Codes.UNKNOWN, additional_fields=None):
-        super(ProxiedRequestError, self).__init__(code, msg, errcode)
+        super(ProxiedRequestError, self).__init__(
+            code, msg, errcode
+        )
        if additional_fields is None:
            self._additional_fields = {}
        else:
            self._additional_fields = dict(additional_fields)

    def error_dict(self):
-        return cs_error(self.msg, self.errcode, **self._additional_fields)
+        return cs_error(
+            self.msg,
+            self.errcode,
+            **self._additional_fields
+        )


 class ConsentNotGivenError(SynapseError):
    """The error returned to the client when the user has not consented to the
    privacy policy.
    """
-
    def __init__(self, msg, consent_uri):
        """Constructs a ConsentNotGivenError

@@ -132,33 +136,22 @@ class ConsentNotGivenError(SynapseError):
            consent_url (str): The URL where the user can give their consent
        """
        super(ConsentNotGivenError, self).__init__(
-            code=http_client.FORBIDDEN, msg=msg, errcode=Codes.CONSENT_NOT_GIVEN
+            code=http_client.FORBIDDEN,
+            msg=msg,
+            errcode=Codes.CONSENT_NOT_GIVEN
        )
        self._consent_uri = consent_uri

    def error_dict(self):
-        return cs_error(self.msg, self.errcode, consent_uri=self._consent_uri)
-
-
-class UserDeactivatedError(SynapseError):
-    """The error returned to the client when the user attempted to access an
-    authenticated endpoint, but the account has been deactivated.
-    """
-
-    def __init__(self, msg):
-        """Constructs a UserDeactivatedError
-
-        Args:
-            msg (str): The human-readable error message
-        """
-        super(UserDeactivatedError, self).__init__(
-            code=http_client.FORBIDDEN, msg=msg, errcode=Codes.USER_DEACTIVATED
+        return cs_error(
+            self.msg,
+            self.errcode,
+            consent_uri=self._consent_uri
        )


 class RegistrationError(SynapseError):
    """An error raised when a registration event fails."""
-
    pass


@@ -197,17 +190,15 @@ class InteractiveAuthIncompleteError(Exception):
        result (dict): the server response to the request, which should be
            passed back to the client
    """
-
    def __init__(self, result):
        super(InteractiveAuthIncompleteError, self).__init__(
-            "Interactive auth not yet complete"
+            "Interactive auth not yet complete",
        )
        self.result = result


 class UnrecognizedRequestError(SynapseError):
    """An error indicating we don't understand the request you're trying to make"""
-
    def __init__(self, *args, **kwargs):
        if "errcode" not in kwargs:
            kwargs["errcode"] = Codes.UNRECOGNIZED
@@ -216,20 +207,25 @@ class UnrecognizedRequestError(SynapseError):
            message = "Unrecognized request"
        else:
            message = args[0]
-        super(UnrecognizedRequestError, self).__init__(400, message, **kwargs)
+        super(UnrecognizedRequestError, self).__init__(
+            400,
+            message,
+            **kwargs
+        )


 class NotFoundError(SynapseError):
    """An error indicating we can't find the thing you asked for"""
-
    def __init__(self, msg="Not found", errcode=Codes.NOT_FOUND):
-        super(NotFoundError, self).__init__(404, msg, errcode=errcode)
+        super(NotFoundError, self).__init__(
+            404,
+            msg,
+            errcode=errcode
+        )


 class AuthError(SynapseError):
-    """An error raised when there was a problem authorising an event, and at various
-    other poorly-defined times.
-    """
+    """An error raised when there was a problem authorising an event."""

    def __init__(self, *args, **kwargs):
        if "errcode" not in kwargs:
@@ -237,51 +233,13 @@ class AuthError(SynapseError):
        super(AuthError, self).__init__(*args, **kwargs)


-class InvalidClientCredentialsError(SynapseError):
-    """An error raised when there was a problem with the authorisation credentials
-    in a client request.
-
-    https://matrix.org/docs/spec/client_server/r0.5.0#using-access-tokens:
-
-    When credentials are required but missing or invalid, the HTTP call will
-    return with a status of 401 and the error code, M_MISSING_TOKEN or
-    M_UNKNOWN_TOKEN respectively.
-    """
-
-    def __init__(self, msg, errcode):
-        super().__init__(code=401, msg=msg, errcode=errcode)
-
-
-class MissingClientTokenError(InvalidClientCredentialsError):
-    """Raised when we couldn't find the access token in a request"""
-
-    def __init__(self, msg="Missing access token"):
-        super().__init__(msg=msg, errcode="M_MISSING_TOKEN")
-
-
-class InvalidClientTokenError(InvalidClientCredentialsError):
-    """Raised when we didn't understand the access token in a request"""
-
-    def __init__(self, msg="Unrecognised access token", soft_logout=False):
-        super().__init__(msg=msg, errcode="M_UNKNOWN_TOKEN")
-        self._soft_logout = soft_logout
-
-    def error_dict(self):
-        d = super().error_dict()
-        d["soft_logout"] = self._soft_logout
-        return d
-
-
 class ResourceLimitError(SynapseError):
    """
    Any error raised when there is a problem with resource usage.
    For instance, the monthly active user limit for the server has been exceeded
    """
-
    def __init__(
-        self,
-        code,
-        msg,
+        self, code, msg,
        errcode=Codes.RESOURCE_LIMIT_EXCEEDED,
        admin_contact=None,
        limit_type=None,
@@ -295,7 +253,7 @@ class ResourceLimitError(SynapseError):
            self.msg,
            self.errcode,
            admin_contact=self.admin_contact,
-            limit_type=self.limit_type,
+            limit_type=self.limit_type
        )


@@ -310,7 +268,6 @@ class EventSizeError(SynapseError):

 class EventStreamError(SynapseError):
    """An error raised when there a problem with the event stream."""
-
    def __init__(self, *args, **kwargs):
        if "errcode" not in kwargs:
            kwargs["errcode"] = Codes.BAD_PAGINATION
@@ -319,53 +276,47 @@ class EventStreamError(SynapseError):

 class LoginError(SynapseError):
    """An error raised when there was a problem logging in."""
-
    pass


 class StoreError(SynapseError):
    """An error raised when there was a problem storing some data."""
-
    pass


 class InvalidCaptchaError(SynapseError):
-    def __init__(
-        self,
-        code=400,
-        msg="Invalid captcha.",
-        error_url=None,
-        errcode=Codes.CAPTCHA_INVALID,
-    ):
+    def __init__(self, code=400, msg="Invalid captcha.", error_url=None,
+                 errcode=Codes.CAPTCHA_INVALID):
        super(InvalidCaptchaError, self).__init__(code, msg, errcode)
        self.error_url = error_url

    def error_dict(self):
-        return cs_error(self.msg, self.errcode, error_url=self.error_url)
+        return cs_error(
+            self.msg,
+            self.errcode,
+            error_url=self.error_url,
+        )


 class LimitExceededError(SynapseError):
    """A client has sent too many requests and is being throttled.
    """
-
-    def __init__(
-        self,
-        code=429,
-        msg="Too Many Requests",
-        retry_after_ms=None,
-        errcode=Codes.LIMIT_EXCEEDED,
-    ):
+    def __init__(self, code=429, msg="Too Many Requests", retry_after_ms=None,
+                 errcode=Codes.LIMIT_EXCEEDED):
        super(LimitExceededError, self).__init__(code, msg, errcode)
        self.retry_after_ms = retry_after_ms

    def error_dict(self):
-        return cs_error(self.msg, self.errcode, retry_after_ms=self.retry_after_ms)
+        return cs_error(
+            self.msg,
+            self.errcode,
+            retry_after_ms=self.retry_after_ms,
+        )


 class RoomKeysVersionError(SynapseError):
    """A client has tried to upload to a non-current version of the room_keys store
    """
-
    def __init__(self, current_version):
        """
        Args:
@@ -380,7 +331,6 @@ class RoomKeysVersionError(SynapseError):
 class UnsupportedRoomVersionError(SynapseError):
    """The client's request to create a room used a room version that the server does
    not support."""
-
    def __init__(self):
        super(UnsupportedRoomVersionError, self).__init__(
            code=400,
@@ -389,34 +339,28 @@ class UnsupportedRoomVersionError(SynapseError):
        )


-class ThreepidValidationError(SynapseError):
-    """An error raised when there was a problem authorising an event."""
-
-    def __init__(self, *args, **kwargs):
-        if "errcode" not in kwargs:
-            kwargs["errcode"] = Codes.FORBIDDEN
-        super(ThreepidValidationError, self).__init__(*args, **kwargs)
-
-
 class IncompatibleRoomVersionError(SynapseError):
    """A server is trying to join a room whose version it does not support.

    Unlike UnsupportedRoomVersionError, it is specific to the case of the make_join
    failing.
    """
-
    def __init__(self, room_version):
        super(IncompatibleRoomVersionError, self).__init__(
            code=400,
            msg="Your homeserver does not support the features required to "
-            "join this room",
+                "join this room",
            errcode=Codes.INCOMPATIBLE_ROOM_VERSION,
        )

        self._room_version = room_version

    def error_dict(self):
-        return cs_error(self.msg, self.errcode, room_version=self._room_version)
+        return cs_error(
+            self.msg,
+            self.errcode,
+            room_version=self._room_version,
+        )


 class RequestSendFailed(RuntimeError):
@@ -427,11 +371,11 @@ class RequestSendFailed(RuntimeError):
    networking (e.g. DNS failures, connection timeouts etc), versus unexpected
    errors (like programming errors).
    """
-
    def __init__(self, inner_exception, can_retry):
        super(RequestSendFailed, self).__init__(
-            "Failed to send request: %s: %s"
-            % (type(inner_exception).__name__, inner_exception)
+            "Failed to send request: %s: %s" % (
+                type(inner_exception).__name__, inner_exception,
+            )
        )
        self.inner_exception = inner_exception
        self.can_retry = can_retry
@@ -475,7 +419,7 @@ class FederationError(RuntimeError):
        self.affected = affected
        self.source = source

-        msg = "%s %s: %s" % (level, code, reason)
+        msg = "%s %s: %s" % (level, code, reason,)
        super(FederationError, self).__init__(msg)

    def get_dict(self):
@@ -495,7 +439,6 @@ class HttpResponseException(CodeMessageException):
    Attributes:
        response (bytes): body of response
    """
-
    def __init__(self, code, msg, response):
        """

@@ -534,7 +477,7 @@ class HttpResponseException(CodeMessageException):
        if not isinstance(j, dict):
            j = {}

-        errcode = j.pop("errcode", Codes.UNKNOWN)
-        errmsg = j.pop("error", self.msg)
+        errcode = j.pop('errcode', Codes.UNKNOWN)
+        errmsg = j.pop('error', self.msg)

        return ProxiedRequestError(self.code, errmsg, errcode, j)
--- a/synapse/api/filtering.py
+++ b/synapse/api/filtering.py
@@ -28,55 +28,117 @@ FILTER_SCHEMA = {
    "additionalProperties": False,
    "type": "object",
    "properties": {
-        "limit": {"type": "number"},
-        "senders": {"$ref": "#/definitions/user_id_array"},
-        "not_senders": {"$ref": "#/definitions/user_id_array"},
+        "limit": {
+            "type": "number"
+        },
+        "senders": {
+            "$ref": "#/definitions/user_id_array"
+        },
+        "not_senders": {
+            "$ref": "#/definitions/user_id_array"
+        },
        # TODO: We don't limit event type values but we probably should...
        # check types are valid event types
-        "types": {"type": "array", "items": {"type": "string"}},
-        "not_types": {"type": "array", "items": {"type": "string"}},
-    },
+        "types": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
+        "not_types": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        }
+    }
 }

 ROOM_FILTER_SCHEMA = {
    "additionalProperties": False,
    "type": "object",
    "properties": {
-        "not_rooms": {"$ref": "#/definitions/room_id_array"},
-        "rooms": {"$ref": "#/definitions/room_id_array"},
-        "ephemeral": {"$ref": "#/definitions/room_event_filter"},
-        "include_leave": {"type": "boolean"},
-        "state": {"$ref": "#/definitions/room_event_filter"},
-        "timeline": {"$ref": "#/definitions/room_event_filter"},
-        "account_data": {"$ref": "#/definitions/room_event_filter"},
-    },
+        "not_rooms": {
+            "$ref": "#/definitions/room_id_array"
+        },
+        "rooms": {
+            "$ref": "#/definitions/room_id_array"
+        },
+        "ephemeral": {
+            "$ref": "#/definitions/room_event_filter"
+        },
+        "include_leave": {
+            "type": "boolean"
+        },
+        "state": {
+            "$ref": "#/definitions/room_event_filter"
+        },
+        "timeline": {
+            "$ref": "#/definitions/room_event_filter"
+        },
+        "account_data": {
+            "$ref": "#/definitions/room_event_filter"
+        },
+    }
 }

 ROOM_EVENT_FILTER_SCHEMA = {
    "additionalProperties": False,
    "type": "object",
    "properties": {
-        "limit": {"type": "number"},
-        "senders": {"$ref": "#/definitions/user_id_array"},
-        "not_senders": {"$ref": "#/definitions/user_id_array"},
-        "types": {"type": "array", "items": {"type": "string"}},
-        "not_types": {"type": "array", "items": {"type": "string"}},
-        "rooms": {"$ref": "#/definitions/room_id_array"},
-        "not_rooms": {"$ref": "#/definitions/room_id_array"},
-        "contains_url": {"type": "boolean"},
-        "lazy_load_members": {"type": "boolean"},
-        "include_redundant_members": {"type": "boolean"},
-    },
+        "limit": {
+            "type": "number"
+        },
+        "senders": {
+            "$ref": "#/definitions/user_id_array"
+        },
+        "not_senders": {
+            "$ref": "#/definitions/user_id_array"
+        },
+        "types": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
+        "not_types": {
+            "type": "array",
+            "items": {
+                "type": "string"
+            }
+        },
+        "rooms": {
+            "$ref": "#/definitions/room_id_array"
+        },
+        "not_rooms": {
+            "$ref": "#/definitions/room_id_array"
+        },
+        "contains_url": {
+            "type": "boolean"
+        },
+        "lazy_load_members": {
+            "type": "boolean"
+        },
+        "include_redundant_members": {
+            "type": "boolean"
+        },
+    }
 }

 USER_ID_ARRAY_SCHEMA = {
    "type": "array",
-    "items": {"type": "string", "format": "matrix_user_id"},
+    "items": {
+        "type": "string",
+        "format": "matrix_user_id"
+    }
 }

 ROOM_ID_ARRAY_SCHEMA = {
    "type": "array",
-    "items": {"type": "string", "format": "matrix_room_id"},
+    "items": {
+        "type": "string",
+        "format": "matrix_room_id"
+    }
 }

 USER_FILTER_SCHEMA = {
@@ -88,13 +150,22 @@ USER_FILTER_SCHEMA = {
        "user_id_array": USER_ID_ARRAY_SCHEMA,
        "filter": FILTER_SCHEMA,
        "room_filter": ROOM_FILTER_SCHEMA,
-        "room_event_filter": ROOM_EVENT_FILTER_SCHEMA,
+        "room_event_filter": ROOM_EVENT_FILTER_SCHEMA
    },
    "properties": {
-        "presence": {"$ref": "#/definitions/filter"},
-        "account_data": {"$ref": "#/definitions/filter"},
-        "room": {"$ref": "#/definitions/room_filter"},
-        "event_format": {"type": "string", "enum": ["client", "federation"]},
+        "presence": {
+            "$ref": "#/definitions/filter"
+        },
+        "account_data": {
+            "$ref": "#/definitions/filter"
+        },
+        "room": {
+            "$ref": "#/definitions/room_filter"
+        },
+        "event_format": {
+            "type": "string",
+            "enum": ["client", "federation"]
+        },
        "event_fields": {
            "type": "array",
            "items": {
@@ -106,25 +177,26 @@ USER_FILTER_SCHEMA = {
                #
                # Note that because this is a regular expression, we have to escape
                # each backslash in the pattern.
-                "pattern": r"^((?!\\\\).)*$",
-            },
-        },
+                "pattern": r"^((?!\\\\).)*$"
+            }
+        }
    },
-    "additionalProperties": False,
+    "additionalProperties": False
 }


-@FormatChecker.cls_checks("matrix_room_id")
+@FormatChecker.cls_checks('matrix_room_id')
 def matrix_room_id_validator(room_id_str):
    return RoomID.from_string(room_id_str)


-@FormatChecker.cls_checks("matrix_user_id")
+@FormatChecker.cls_checks('matrix_user_id')
 def matrix_user_id_validator(user_id_str):
    return UserID.from_string(user_id_str)


 class Filtering(object):
+
    def __init__(self, hs):
        super(Filtering, self).__init__()
        self.store = hs.get_datastore()
@@ -132,7 +204,7 @@ class Filtering(object):
    @defer.inlineCallbacks
    def get_user_filter(self, user_localpart, filter_id):
        result = yield self.store.get_user_filter(user_localpart, filter_id)
-        return FilterCollection(result)
+        defer.returnValue(FilterCollection(result))

    def add_user_filter(self, user_localpart, user_filter):
        self.check_valid_filter(user_filter)
@@ -156,9 +228,8 @@ class Filtering(object):
        # individual top-level key e.g. public_user_data. Filters are made of
        # many definitions.
        try:
-            jsonschema.validate(
-                user_filter_json, USER_FILTER_SCHEMA, format_checker=FormatChecker()
-            )
+            jsonschema.validate(user_filter_json, USER_FILTER_SCHEMA,
+                                format_checker=FormatChecker())
        except jsonschema.ValidationError as e:
            raise SynapseError(400, str(e))

@@ -169,9 +240,10 @@ class FilterCollection(object):

        room_filter_json = self._filter_json.get("room", {})

-        self._room_filter = Filter(
-            {k: v for k, v in room_filter_json.items() if k in ("rooms", "not_rooms")}
-        )
+        self._room_filter = Filter({
+            k: v for k, v in room_filter_json.items()
+            if k in ("rooms", "not_rooms")
+        })

        self._room_timeline_filter = Filter(room_filter_json.get("timeline", {}))
        self._room_state_filter = Filter(room_filter_json.get("state", {}))
@@ -180,7 +252,9 @@ class FilterCollection(object):
        self._presence_filter = Filter(filter_json.get("presence", {}))
        self._account_data = Filter(filter_json.get("account_data", {}))

-        self.include_leave = filter_json.get("room", {}).get("include_leave", False)
+        self.include_leave = filter_json.get("room", {}).get(
+            "include_leave", False
+        )
        self.event_fields = filter_json.get("event_fields", [])
        self.event_format = filter_json.get("event_format", "client")

@@ -225,22 +299,22 @@ class FilterCollection(object):

    def blocks_all_presence(self):
        return (
-            self._presence_filter.filters_all_types()
-            or self._presence_filter.filters_all_senders()
+            self._presence_filter.filters_all_types() or
+            self._presence_filter.filters_all_senders()
        )

    def blocks_all_room_ephemeral(self):
        return (
-            self._room_ephemeral_filter.filters_all_types()
-            or self._room_ephemeral_filter.filters_all_senders()
-            or self._room_ephemeral_filter.filters_all_rooms()
+            self._room_ephemeral_filter.filters_all_types() or
+            self._room_ephemeral_filter.filters_all_senders() or
+            self._room_ephemeral_filter.filters_all_rooms()
        )

    def blocks_all_room_timeline(self):
        return (
-            self._room_timeline_filter.filters_all_types()
-            or self._room_timeline_filter.filters_all_senders()
-            or self._room_timeline_filter.filters_all_rooms()
+            self._room_timeline_filter.filters_all_types() or
+            self._room_timeline_filter.filters_all_senders() or
+            self._room_timeline_filter.filters_all_rooms()
        )


@@ -301,7 +375,12 @@ class Filter(object):
            # check if there is a string url field in the content for filtering purposes
            contains_url = isinstance(content.get("url"), text_type)

-        return self.check_fields(room_id, sender, ev_type, contains_url)
+        return self.check_fields(
+            room_id,
+            sender,
+            ev_type,
+            contains_url,
+        )

    def check_fields(self, room_id, sender, event_type, contains_url):
        """Checks whether the filter matches the given event fields.
@@ -312,7 +391,7 @@ class Filter(object):
        literal_keys = {
            "rooms": lambda v: room_id == v,
            "senders": lambda v: sender == v,
-            "types": lambda v: _matches_wildcard(event_type, v),
+            "types": lambda v: _matches_wildcard(event_type, v)
        }

        for name, match_func in literal_keys.items():
--- a/synapse/api/ratelimiting.py
+++ b/synapse/api/ratelimiting.py
@@ -44,25 +44,29 @@ class Ratelimiter(object):
        """
        self.prune_message_counts(time_now_s)
        message_count, time_start, _ignored = self.message_counts.get(
-            key, (0.0, time_now_s, None)
+            key, (0., time_now_s, None),
        )
        time_delta = time_now_s - time_start
        sent_count = message_count - time_delta * rate_hz
        if sent_count < 0:
            allowed = True
            time_start = time_now_s
-            message_count = 1.0
-        elif sent_count > burst_count - 1.0:
+            message_count = 1.
+        elif sent_count > burst_count - 1.:
            allowed = False
        else:
            allowed = True
            message_count += 1

        if update:
-            self.message_counts[key] = (message_count, time_start, rate_hz)
+            self.message_counts[key] = (
+                message_count, time_start, rate_hz
+            )

        if rate_hz > 0:
-            time_allowed = time_start + (message_count - burst_count + 1) / rate_hz
+            time_allowed = (
+                time_start + (message_count - burst_count + 1) / rate_hz
+            )
            if time_allowed < time_now_s:
                time_allowed = time_now_s
        else:
@@ -72,7 +76,9 @@ class Ratelimiter(object):

    def prune_message_counts(self, time_now_s):
        for key in list(self.message_counts.keys()):
-            message_count, time_start, rate_hz = self.message_counts[key]
+            message_count, time_start, rate_hz = (
+                self.message_counts[key]
+            )
            time_delta = time_now_s - time_start
            if message_count - time_delta * rate_hz > 0:
                break
@@ -86,5 +92,5 @@ class Ratelimiter(object):

        if not allowed:
            raise LimitExceededError(
-                retry_after_ms=int(1000 * (time_allowed - time_now_s))
+                retry_after_ms=int(1000 * (time_allowed - time_now_s)),
            )
--- a/synapse/api/room_versions.py
+++ b/synapse/api/room_versions.py
@@ -19,10 +19,9 @@ class EventFormatVersions(object):
    """This is an internal enum for tracking the version of the event format,
    independently from the room version.
    """
-
-    V1 = 1  # $id:server event id format
-    V2 = 2  # MSC1659-style $hash event id format: introduced for room v3
-    V3 = 3  # MSC1884-style $hash format: introduced for room v4
+    V1 = 1   # $id:server event id format
+    V2 = 2   # MSC1659-style $hash event id format: introduced for room v3
+    V3 = 3   # MSC1884-style $hash format: introduced for room v4


 KNOWN_EVENT_FORMAT_VERSIONS = {
@@ -34,9 +33,8 @@ KNOWN_EVENT_FORMAT_VERSIONS = {

 class StateResolutionVersions(object):
    """Enum to identify the state resolution algorithms"""
-
-    V1 = 1  # room v1 state res
-    V2 = 2  # MSC1442 state res: room v2 and later
+    V1 = 1   # room v1 state res
+    V2 = 2   # MSC1442 state res: room v2 and later


 class RoomDisposition(object):
@@ -48,11 +46,10 @@ class RoomDisposition(object):
 class RoomVersion(object):
    """An object which describes the unique attributes of a room version."""

-    identifier = attr.ib()  # str; the identifier for this version
-    disposition = attr.ib()  # str; one of the RoomDispositions
-    event_format = attr.ib()  # int; one of the EventFormatVersions
-    state_res = attr.ib()  # int; one of the StateResolutionVersions
-    enforce_key_validity = attr.ib()  # bool
+    identifier = attr.ib()      # str; the identifier for this version
+    disposition = attr.ib()     # str; one of the RoomDispositions
+    event_format = attr.ib()    # int; one of the EventFormatVersions
+    state_res = attr.ib()       # int; one of the StateResolutionVersions


 class RoomVersions(object):
@@ -61,45 +58,43 @@ class RoomVersions(object):
        RoomDisposition.STABLE,
        EventFormatVersions.V1,
        StateResolutionVersions.V1,
-        enforce_key_validity=False,
+    )
+    STATE_V2_TEST = RoomVersion(
+        "state-v2-test",
+        RoomDisposition.UNSTABLE,
+        EventFormatVersions.V1,
+        StateResolutionVersions.V2,
    )
    V2 = RoomVersion(
        "2",
        RoomDisposition.STABLE,
        EventFormatVersions.V1,
        StateResolutionVersions.V2,
-        enforce_key_validity=False,
    )
    V3 = RoomVersion(
        "3",
        RoomDisposition.STABLE,
        EventFormatVersions.V2,
        StateResolutionVersions.V2,
-        enforce_key_validity=False,
    )
    V4 = RoomVersion(
        "4",
        RoomDisposition.STABLE,
        EventFormatVersions.V3,
        StateResolutionVersions.V2,
-        enforce_key_validity=False,
-    )
-    V5 = RoomVersion(
-        "5",
-        RoomDisposition.STABLE,
-        EventFormatVersions.V3,
-        StateResolutionVersions.V2,
-        enforce_key_validity=True,
    )


+# the version we will give rooms which are created on this server
+DEFAULT_ROOM_VERSION = RoomVersions.V1
+
+
 KNOWN_ROOM_VERSIONS = {
-    v.identifier: v
-    for v in (
+    v.identifier: v for v in (
        RoomVersions.V1,
        RoomVersions.V2,
        RoomVersions.V3,
+        RoomVersions.STATE_V2_TEST,
        RoomVersions.V4,
-        RoomVersions.V5,
    )
-}  # type: dict[str, RoomVersion]
+}   # type: dict[str, RoomVersion]
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`Synapse now more efficiently collates room statistics.`
				`@@ -0,0 +1 @@`
				`Fix worker registration bug caused by ClientReaderSlavedStore being unable to see get_profileinfo.`
				`@@ -0,0 +1 @@`
				`Remove urllib3 pin as requests 2.22.0 has been released supporting urllib3 1.25.2.`
				`@@ -0,0 +1 @@`
				Fix 500 Internal Server Error when sending an event with `m.relates_to: null`.