Add some rest-level unit tests of new 'published' room creation config key

Fix logging description name in get_published_rooms()
Rename store_room()'s is_public parameter to published; default it from the badly-named "visiblity" parameter but allow a new "published" to override it
2015-06-18 15:05:26 +01:00 · 2015-06-18 15:00:50 +01:00 · 2015-06-18 14:27:23 +01:00 · 2015-06-18 14:15:20 +01:00 · 2015-06-18 14:07:41 +01:00 · 2015-06-18 14:00:23 +01:00
235 changed files with 5414 additions and 15982 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -42,7 +42,3 @@ build/

 localhost-800*/
 static/client/register/register_config.js
-.tox
-
-env/
-*.config
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -38,16 +38,3 @@ Brabo <brabo at riseup.net>

 Ivan Shapovalov <intelfx100 at gmail.com>
 * contrib/systemd: a sample systemd unit file and a logger configuration
-
-Eric Myhre <hash at exultant.us>
- * Fix bug where ``media_store_path`` config option was ignored by v0 content
-   repository API.
-
-Muthu Subramanian <muthu.subramanian.karunanidhi at ericsson.com>
- * Add SAML2 support for registration and login.
-
-Steven Hammerton <steven.hammerton at openmarket.com>
- * Add CAS support for registration and login.
-
-Mads Robin Christensen <mads at v42 dot dk>
- * CentOS 7 installation instructions.
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,284 +1,3 @@
-Changes in synapse v0.12.0-rc2 (2015-12-14)
-===========================================
-
-* Add caches for whether rooms have been forgotten by a user (PR #434)
-* Remove instructions to use ``--process-dependency-link`` since all of the
-  dependencies of synapse are on PyPI (PR #436)
-* Parallelise the processing of ``/sync`` requests (PR #437)
-* Fix race updating presence in ``/events`` (PR #444)
-* Fix bug back-populating search results (PR #441)
-* Fix bug calculating state in ``/sync`` requests (PR #442)
-
-Changes in synapse v0.12.0-rc1 (2015-12-10)
-===========================================
-
-* Host the client APIs released as r0 by
-  https://matrix.org/docs/spec/r0.0.0/client_server.html
-  on paths prefixed by ``/_matrix/client/r0``. (PR #430, PR #415, PR #400)
-* Updates the client APIs to match r0 of the matrix specification.
-
-  * All APIs return events in the new event format, old APIs also include
-    the fields needed to parse the event using the old format for
-    compatibility. (PR #402)
-  * Search results are now given as a JSON array rather than
-    a JSON object (PR #405)
-  * Miscellaneous changes to search (PR #403, PR #406, PR #412)
-  * Filter JSON objects may now be passed as query parameters to ``/sync``
-    (PR #431)
-  * Fix implementation of ``/admin/whois`` (PR #418)
-  * Only include the rooms that user has left in ``/sync`` if the client
-    requests them in the filter (PR #423)
-  * Don't push for ``m.room.message`` by default (PR #411)
-  * Add API for setting per account user data (PR #392)
-  * Allow users to forget rooms (PR #385)
-
-* Performance improvements and monitoring:
-
-  * Add per-request counters for CPU time spent on the main python thread.
-    (PR #421, PR #420)
-  * Add per-request counters for time spent in the database (PR #429)
-  * Make state updates in the C+S API idempotent (PR #416)
-  * Only fire ``user_joined_room`` if the user has actually joined. (PR #410)
-  * Reuse a single http client, rather than creating new ones (PR #413)
-
-* Fixed a bug upgrading from older versions of synapse on postgresql (PR #417)
-
-Changes in synapse v0.11.1 (2015-11-20)
-=======================================
-
-* Add extra options to search API (PR #394)
-* Fix bug where we did not correctly cap federation retry timers. This meant it
-  could take several hours for servers to start talking to ressurected servers,
-  even when they were receiving traffic from them (PR #393)
-* Don't advertise login token flow unless CAS is enabled. This caused issues
-  where some clients would always use the fallback API if they did not
-  recognize all login flows (PR #391)
-* Change /v2 sync API to rename ``private_user_data`` to ``account_data``
-  (PR #386)
-* Change /v2 sync API to remove the ``event_map`` and rename keys in ``rooms``
-  object (PR #389)
-
-Changes in synapse v0.11.0-r2 (2015-11-19)
-==========================================
-
-* Fix bug in database port script (PR #387)
-
-Changes in synapse v0.11.0-r1 (2015-11-18)
-==========================================
-
-* Retry and fail federation requests more aggressively for requests that block
-  client side requests (PR #384)
-
-Changes in synapse v0.11.0 (2015-11-17)
-=======================================
-
-* Change CAS login API (PR #349)
-
-Changes in synapse v0.11.0-rc2 (2015-11-13)
-===========================================
-
-* Various changes to /sync API response format (PR #373)
-* Fix regression when setting display name in newly joined room over
-  federation (PR #368)
-* Fix problem where /search was slow when using SQLite (PR #366)
-
-Changes in synapse v0.11.0-rc1 (2015-11-11)
-===========================================
-
-* Add Search API (PR #307, #324, #327, #336, #350, #359)
-* Add 'archived' state to v2 /sync API (PR #316)
-* Add ability to reject invites (PR #317)
-* Add config option to disable password login (PR #322)
-* Add the login fallback API (PR #330)
-* Add room context API (PR #334)
-* Add room tagging support (PR #335)
-* Update v2 /sync API to match spec (PR #305, #316, #321, #332, #337, #341)
-* Change retry schedule for application services (PR #320)
-* Change retry schedule for remote servers (PR #340)
-* Fix bug where we hosted static content in the incorrect place (PR #329)
-* Fix bug where we didn't increment retry interval for remote servers (PR #343)
-
-Changes in synapse v0.10.1-rc1 (2015-10-15)
-===========================================
-
-* Add support for CAS, thanks to Steven Hammerton (PR #295, #296)
-* Add support for using macaroons for ``access_token`` (PR #256, #229)
-* Add support for ``m.room.canonical_alias`` (PR #287)
-* Add support for viewing the history of rooms that they have left. (PR #276,
-  #294)
-* Add support for refresh tokens (PR #240)
-* Add flag on creation which disables federation of the room (PR #279)
-* Add some room state to invites. (PR #275)
-* Atomically persist events when joining a room over federation (PR #283)
-* Change default history visibility for private rooms (PR #271)
-* Allow users to redact their own sent events (PR #262)
-* Use tox for tests (PR #247)
-* Split up syutil into separate libraries (PR #243)
-
-Changes in synapse v0.10.0-r2 (2015-09-16)
-==========================================
-
-* Fix bug where we always fetched remote server signing keys instead of using
-  ones in our cache.
-* Fix adding threepids to an existing account.
-* Fix bug with invinting over federation where remote server was already in
-  the room. (PR #281, SYN-392)
-
-Changes in synapse v0.10.0-r1 (2015-09-08)
-==========================================
-
-* Fix bug with python packaging
-
-Changes in synapse v0.10.0 (2015-09-03)
-=======================================
-
-No change from release candidate.
-
-Changes in synapse v0.10.0-rc6 (2015-09-02)
-===========================================
-
-* Remove some of the old database upgrade scripts.
-* Fix database port script to work with newly created sqlite databases.
-
-Changes in synapse v0.10.0-rc5 (2015-08-27)
-===========================================
-
-* Fix bug that broke downloading files with ascii filenames across federation.
-
-Changes in synapse v0.10.0-rc4 (2015-08-27)
-===========================================
-
-* Allow UTF-8 filenames for upload. (PR #259)
-
-Changes in synapse v0.10.0-rc3 (2015-08-25)
-===========================================
-
-* Add ``--keys-directory`` config option to specify where files such as
-  certs and signing keys should be stored in, when using ``--generate-config``
-  or ``--generate-keys``. (PR #250)
-* Allow ``--config-path`` to specify a directory, causing synapse to use all
-  \*.yaml files in the directory as config files. (PR #249)
-* Add ``web_client_location`` config option to specify static files to be
-  hosted by synapse under ``/_matrix/client``. (PR #245)
-* Add helper utility to synapse to read and parse the config files and extract
-  the value of a given key. For example::
-
-    $ python -m synapse.config read server_name -c homeserver.yaml
-    localhost
-
-  (PR #246)
-
-
-Changes in synapse v0.10.0-rc2 (2015-08-24)
-===========================================
-
-* Fix bug where we incorrectly populated the ``event_forward_extremities``
-  table, resulting in problems joining large remote rooms (e.g.
-  ``#matrix:matrix.org``)
-* Reduce the number of times we wake up pushers by not listening for presence
-  or typing events, reducing the CPU cost of each pusher.
-
-
-Changes in synapse v0.10.0-rc1 (2015-08-21)
-===========================================
-
-Also see v0.9.4-rc1 changelog, which has been amalgamated into this release.
-
-General:
-
-* Upgrade to Twisted 15 (PR #173)
-* Add support for serving and fetching encryption keys over federation.
-  (PR #208)
-* Add support for logging in with email address (PR #234)
-* Add support for new ``m.room.canonical_alias`` event. (PR #233)
-* Change synapse to treat user IDs case insensitively during registration and
-  login. (If two users already exist with case insensitive matching user ids,
-  synapse will continue to require them to specify their user ids exactly.)
-* Error if a user tries to register with an email already in use. (PR #211)
-* Add extra and improve existing caches  (PR #212, #219, #226, #228)
-* Batch various storage request (PR #226, #228)
-* Fix bug where we didn't correctly log the entity that triggered the request
-  if the request came in via an application service (PR #230)
-* Fix bug where we needlessly regenerated the full list of rooms an AS is
-  interested in. (PR #232)
-* Add support for AS's to use v2_alpha registration API (PR #210)
-
-
-Configuration:
-
-* Add ``--generate-keys`` that will generate any missing cert and key files in
-  the configuration files. This is equivalent to running ``--generate-config``
-  on an existing configuration file. (PR #220)
-* ``--generate-config`` now no longer requires a ``--server-name`` parameter
-  when used on existing configuration files. (PR #220)
-* Add ``--print-pidfile`` flag that controls the printing of the pid to stdout
-  of the demonised process. (PR #213)
-
-Media Repository:
-
-* Fix bug where we picked a lower resolution image than requested. (PR #205)
-* Add support for specifying if a the media repository should dynamically
-  thumbnail images or not. (PR #206)
-
-Metrics:
-
-* Add statistics from the reactor to the metrics API. (PR #224, #225)
-
-Demo Homeservers:
-
-* Fix starting the demo homeservers without rate-limiting enabled. (PR #182)
-* Fix enabling registration on demo homeservers (PR #223)
-
-
-Changes in synapse v0.9.4-rc1 (2015-07-21)
-==========================================
-
-General:
-
-* Add basic implementation of receipts. (SPEC-99)
-* Add support for configuration presets in room creation API. (PR  #203)
-* Add auth event that limits the visibility of history for new users.
-  (SPEC-134)
-* Add SAML2 login/registration support. (PR  #201. Thanks Muthu Subramanian!)
-* Add client side key management APIs for end to end encryption. (PR #198)
-* Change power level semantics so that you cannot kick, ban or change power
-  levels of users that have equal or greater power level than you. (SYN-192)
-* Improve performance by bulk inserting events where possible. (PR #193)
-* Improve performance by bulk verifying signatures where possible. (PR #194)
-
-
-Configuration:
-
-* Add support for including TLS certificate chains.
-
-Media Repository:
-
-* Add Content-Disposition headers to content repository responses. (SYN-150)
-
-
-Changes in synapse v0.9.3 (2015-07-01)
-======================================
-
-No changes from v0.9.3 Release Candidate 1.
-
-Changes in synapse v0.9.3-rc1 (2015-06-23)
-==========================================
-
-General:
-
-* Fix a memory leak in the notifier. (SYN-412)
-* Improve performance of room initial sync. (SYN-418)
-* General improvements to logging.
-* Remove ``access_token`` query params from ``INFO`` level logging.
-
-Configuration:
-
-* Add support for specifying and configuring multiple listeners. (SYN-389)
-
-Application services:
-
-* Fix bug where synapse failed to send user queries to application services.
-
 Changes in synapse v0.9.2-r2 (2015-06-15)
 =========================================

--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -3,23 +3,13 @@ include LICENSE
 include VERSION
 include *.rst
 include demo/README
-include demo/demo.tls.dh
-include demo/*.py
-include demo/*.sh

 recursive-include synapse/storage/schema *.sql
 recursive-include synapse/storage/schema *.py

+recursive-include demo *.dh
+recursive-include demo *.py
+recursive-include demo *.sh
 recursive-include docs *
 recursive-include scripts *
-recursive-include scripts-dev *
 recursive-include tests *.py
-
-recursive-include synapse/static *.css
-recursive-include synapse/static *.gif
-recursive-include synapse/static *.html
-recursive-include synapse/static *.js
-
-exclude jenkins.sh
-
-prune demo/etc
--- a/README.rst
+++ b/README.rst
@@ -7,7 +7,7 @@ Matrix is an ambitious new ecosystem for open federated Instant Messaging and
 VoIP.  The basics you need to know to get up and running are:

 - Everything in Matrix happens in a room.  Rooms are distributed and do not
-  exist on any single server.  Rooms can be located using convenience aliases
+  exist on any single server.  Rooms can be located using convenience aliases 
  like ``#matrix:matrix.org`` or ``#test:localhost:8448``.

 - Matrix user IDs look like ``@matthew:matrix.org`` (although in the future
@@ -20,10 +20,10 @@ The overall architecture is::
             https://somewhere.org/_matrix      https://elsewhere.net/_matrix

 ``#matrix:matrix.org`` is the official support room for Matrix, and can be
-accessed by any client from https://matrix.org/blog/try-matrix-now or via IRC
-bridge at irc://irc.freenode.net/matrix.
+accessed by the web client at http://matrix.org/beta or via an IRC bridge at
+irc://irc.freenode.net/matrix.

-Synapse is currently in rapid development, but as of version 0.5 we believe it
+Synapse is currently in rapid development, but as of version 0.5 we believe it 
 is sufficiently stable to be run as an internet-facing service for real usage!

 About Matrix
@@ -77,14 +77,14 @@ Meanwhile, iOS and Android SDKs and clients are available from:
 - https://github.com/matrix-org/matrix-android-sdk

 We'd like to invite you to join #matrix:matrix.org (via
-https://matrix.org/blog/try-matrix-now), run a homeserver, take a look at the
-Matrix spec at https://matrix.org/docs/spec and API docs at
-https://matrix.org/docs/api, experiment with the APIs and the demo clients, and
-report any bugs via https://matrix.org/jira.
+https://matrix.org/beta), run a homeserver, take a look at the Matrix spec at
+https://matrix.org/docs/spec and API docs at https://matrix.org/docs/api,
+experiment with the APIs and the demo clients, and report any bugs via
+https://matrix.org/jira.

 Thanks for using Matrix!

-[1] End-to-end encryption is currently in development - see https://matrix.org/git/olm
+[1] End-to-end encryption is currently in development

 Synapse Installation
 ====================
@@ -94,7 +94,6 @@ Synapse is the reference python/twisted Matrix homeserver implementation.
 System requirements:
 - POSIX-compliant system (tested on Linux & OS X)
 - Python 2.7
- At least 512 MB RAM.

 Synapse is written in python but some of the libraries is uses are written in
 C. So before we can install synapse itself we need a working C compiler and the
@@ -102,60 +101,41 @@ header files for python C extensions.

 Installing prerequisites on Ubuntu or Debian::

-    sudo apt-get install build-essential python2.7-dev libffi-dev \
-                         python-pip python-setuptools sqlite3 \
-                         libssl-dev python-virtualenv libjpeg-dev
-
+    $ sudo apt-get install build-essential python2.7-dev libffi-dev \
+                           python-pip python-setuptools sqlite3 \
+                           libssl-dev python-virtualenv libjpeg-dev
+                           
 Installing prerequisites on ArchLinux::

-    sudo pacman -S base-devel python2 python-pip \
-                   python-setuptools python-virtualenv sqlite3
-
-Installing prerequisites on CentOS 7::
-
-    sudo yum install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
-                     lcms2-devel libwebp-devel tcl-devel tk-devel \
-                     python-virtualenv libffi-devel openssl-devel
-    sudo yum groupinstall "Development Tools"
-
+    $ sudo pacman -S base-devel python2 python-pip \
+                     python-setuptools python-virtualenv sqlite3

 Installing prerequisites on Mac OS X::

-    xcode-select --install
-    sudo easy_install pip
-    sudo pip install virtualenv
-
+    $ xcode-select --install
+    $ sudo pip install virtualenv
+    
 To install the synapse homeserver run::

-    virtualenv -p python2.7 ~/.synapse
-    source ~/.synapse/bin/activate
-    pip install --upgrade setuptools
-    pip install https://github.com/matrix-org/synapse/tarball/master
+    $ virtualenv -p python2.7 ~/.synapse
+    $ source ~/.synapse/bin/activate
+    $ pip install --process-dependency-links https://github.com/matrix-org/synapse/tarball/master

 This installs synapse, along with the libraries it uses, into a virtual
-environment under ``~/.synapse``.  Feel free to pick a different directory
-if you prefer.
-
-In case of problems, please see the _Troubleshooting section below.
+environment under ``~/.synapse``.

 Alternatively, Silvio Fricke has contributed a Dockerfile to automate the
 above in Docker at https://registry.hub.docker.com/u/silviof/docker-matrix/.

-Another alternative is to install via apt from http://matrix.org/packages/debian/.
-Note that these packages do not include  a client - choose one from
-https://matrix.org/blog/try-matrix-now/ (or build your own with 
-https://github.com/matrix-org/matrix-js-sdk/). 
-
 To set up your homeserver, run (in your virtualenv, as before)::

-    cd ~/.synapse
-    python -m synapse.app.homeserver \
+    $ cd ~/.synapse
+    $ python -m synapse.app.homeserver \
        --server-name machine.my.domain.name \
        --config-path homeserver.yaml \
-        --generate-config \
-        --report-stats=[yes|no]
+        --generate-config

-...substituting your host and domain name as appropriate.
+Substituting your host and domain name as appropriate.

 This will generate you a config file that you can then customise, but it will
 also generate a set of keys for you. These keys will allow your Home Server to
@@ -168,11 +148,10 @@ key in the <server name>.signing.key file (the second word, which by default is

 By default, registration of new users is disabled. You can either enable
 registration in the config by specifying ``enable_registration: true``
-(it is then recommended to also set up CAPTCHA - see docs/CAPTCHA_SETUP), or
+(it is then recommended to also set up CAPTCHA), or
 you can use the command line to register new users::

    $ source ~/.synapse/bin/activate
-    $ synctl start # if not already running
    $ register_new_matrix_user -c homeserver.yaml https://localhost:8448
    New user localpart: erikj
    Password:
@@ -182,16 +161,6 @@ you can use the command line to register new users::
 For reliable VoIP calls to be routed via this homeserver, you MUST configure
 a TURN server.  See docs/turn-howto.rst for details.

-Running Synapse
-===============
-
-To actually run your new homeserver, pick a working directory for Synapse to
-run (e.g. ``~/.synapse``), and::
-
-    cd ~/.synapse
-    source ./bin/activate
-    synctl start
-
 Using PostgreSQL
 ================

@@ -201,19 +170,29 @@ traditionally used for convenience and simplicity.

 The advantages of Postgres include:

-* significant performance improvements due to the superior threading and
-  caching model, smarter query optimiser
-* allowing the DB to be run on separate hardware
-* allowing basic active/backup high-availability with a "hot spare" synapse
-  pointing at the same DB master, as well as enabling DB replication in
-  synapse itself.
-
+ * significant performance improvements due to the superior threading and
+   caching model, smarter query optimiser
+ * allowing the DB to be run on separate hardware
+ * allowing basic active/backup high-availability with a "hot spare" synapse
+   pointing at the same DB master, as well as enabling DB replication in
+   synapse itself.
+   
 The only disadvantage is that the code is relatively new as of April 2015 and
 may have a few regressions relative to SQLite.

 For information on how to install and use PostgreSQL, please see
 `docs/postgres.rst <docs/postgres.rst>`_.

+Running Synapse
+===============
+
+To actually run your new homeserver, pick a working directory for Synapse to run 
+(e.g. ``~/.synapse``), and::
+
+    $ cd ~/.synapse
+    $ source ./bin/activate
+    $ synctl start
+
 Platform Specific Instructions
 ==============================

@@ -230,49 +209,48 @@ defaults to python 3, but synapse currently assumes python 2.7 by default:

 pip may be outdated (6.0.7-1 and needs to be upgraded to 6.0.8-1 )::

-    sudo pip2.7 install --upgrade pip
-
+    $ sudo pip2.7 install --upgrade pip
+    
 You also may need to explicitly specify python 2.7 again during the install
 request::

-    pip2.7 install https://github.com/matrix-org/synapse/tarball/master
-
+    $ pip2.7 install --process-dependency-links \
+        https://github.com/matrix-org/synapse/tarball/master
+    
 If you encounter an error with lib bcrypt causing an Wrong ELF Class:
 ELFCLASS32 (x64 Systems), you may need to reinstall py-bcrypt to correctly
 compile it under the right architecture. (This should not be needed if
 installing under virtualenv)::

-    sudo pip2.7 uninstall py-bcrypt
-    sudo pip2.7 install py-bcrypt
-
+    $ sudo pip2.7 uninstall py-bcrypt
+    $ sudo pip2.7 install py-bcrypt
+    
 During setup of Synapse you need to call python2.7 directly again::

-    cd ~/.synapse
-    python2.7 -m synapse.app.homeserver \
+    $ cd ~/.synapse
+    $ python2.7 -m synapse.app.homeserver \
      --server-name machine.my.domain.name \
      --config-path homeserver.yaml \
      --generate-config
-
+        
 ...substituting your host and domain name as appropriate.

 Windows Install
 ---------------
 Synapse can be installed on Cygwin. It requires the following Cygwin packages:

- gcc
- git
- libffi-devel
- openssl (and openssl-devel, python-openssl)
- python
- python-setuptools
+ - gcc
+ - git
+ - libffi-devel
+ - openssl (and openssl-devel, python-openssl)
+ - python
+ - python-setuptools

 The content repository requires additional packages and will be unable to process
 uploads without them:
-
- libjpeg8
- libjpeg8-devel
- zlib
-
+ - libjpeg8
+ - libjpeg8-devel
+ - zlib
 If you choose to install Synapse without these packages, you will need to reinstall
 ``pillow`` for changes to be applied, e.g. ``pip uninstall pillow`` ``pip install
 pillow --user``
@@ -294,37 +272,33 @@ Troubleshooting
 Troubleshooting Installation
 ----------------------------

-Synapse requires pip 1.7 or later, so if your OS provides too old a version you
+Synapse requires pip 1.7 or later, so if your OS provides too old a version and 
+you get errors about ``error: no such option: --process-dependency-links`` you 
 may need to manually upgrade it::

-    sudo pip install --upgrade pip
-
-Installing may fail with ``mock requires setuptools>=17.1. Aborting installation``.
-You can fix this by upgrading setuptools::
-
-    pip install --upgrade setuptools
+    $ sudo pip install --upgrade pip

 If pip crashes mid-installation for reason (e.g. lost terminal), pip may
 refuse to run until you remove the temporary installation directory it
 created. To reset the installation::

-    rm -rf /tmp/pip_install_matrix
+    $ rm -rf /tmp/pip_install_matrix

-pip seems to leak *lots* of memory during installation.  For instance, a Linux
-host with 512MB of RAM may run out of memory whilst installing Twisted.  If this
-happens, you will have to individually install the dependencies which are
+pip seems to leak *lots* of memory during installation.  For instance, a Linux 
+host with 512MB of RAM may run out of memory whilst installing Twisted.  If this 
+happens, you will have to individually install the dependencies which are 
 failing, e.g.::

-    pip install twisted
+    $ pip install twisted

-On OS X, if you encounter clang: error: unknown argument: '-mno-fused-madd' you
+On OSX, if you encounter clang: error: unknown argument: '-mno-fused-madd' you
 will need to export CFLAGS=-Qunused-arguments.

 Troubleshooting Running
 -----------------------

-If synapse fails with ``missing "sodium.h"`` crypto errors, you may need
-to manually upgrade PyNaCL, as synapse uses NaCl (http://nacl.cr.yp.to/) for
+If synapse fails with ``missing "sodium.h"`` crypto errors, you may need 
+to manually upgrade PyNaCL, as synapse uses NaCl (http://nacl.cr.yp.to/) for 
 encryption and digital signatures.
 Unfortunately PyNACL currently has a few issues
 (https://github.com/pyca/pynacl/issues/53) and
@@ -333,11 +307,10 @@ correctly, causing all tests to fail with errors about missing "sodium.h". To
 fix try re-installing from PyPI or directly from
 (https://github.com/pyca/pynacl)::

-    # Install from PyPI
-    pip install --user --upgrade --force pynacl
-
-    # Install from github
-    pip install --user https://github.com/pyca/pynacl/tarball/master
+    $ # Install from PyPI
+    $ pip install --user --upgrade --force pynacl
+    $ # Install from github
+    $ pip install --user https://github.com/pyca/pynacl/tarball/master

 ArchLinux
 ~~~~~~~~~
@@ -345,8 +318,8 @@ ArchLinux
 If running `$ synctl start` fails with 'returned non-zero exit status 1',
 you will need to explicitly call Python2.7 - either running as::

-    python2.7 -m synapse.app.homeserver --daemonize -c homeserver.yaml
-
+    $ python2.7 -m synapse.app.homeserver --daemonize -c homeserver.yaml
+    
 ...or by editing synctl with the correct python executable.

 Synapse Development
@@ -355,16 +328,16 @@ Synapse Development
 To check out a synapse for development, clone the git repo into a working
 directory of your choice::

-    git clone https://github.com/matrix-org/synapse.git
-    cd synapse
+    $ git clone https://github.com/matrix-org/synapse.git
+    $ cd synapse

 Synapse has a number of external dependencies, that are easiest
 to install using pip and a virtualenv::

-    virtualenv env
-    source env/bin/activate
-    python synapse/python_dependencies.py | xargs -n1 pip install
-    pip install setuptools_trial mock
+    $ virtualenv env
+    $ source env/bin/activate
+    $ python synapse/python_dependencies.py | xargs -n1 pip install
+    $ pip install setuptools_trial mock

 This will run a process of downloading and installing all the needed
 dependencies into a virtual env.
@@ -372,7 +345,7 @@ dependencies into a virtual env.
 Once this is done, you may wish to run Synapse's unit tests, to
 check that everything is installed as it should be::

-    python setup.py test
+    $ python setup.py test

 This should end with a 'PASSED' result::

@@ -384,11 +357,14 @@ This should end with a 'PASSED' result::
 Upgrading an existing Synapse
 =============================

-The instructions for upgrading synapse are in `UPGRADE.rst`_.
-Please check these instructions as upgrading may require extra steps for some
-versions of synapse.
+IMPORTANT: Before upgrading an existing synapse to a new version, please
+refer to UPGRADE.rst for any additional instructions.
+
+Otherwise, simply re-install the new codebase over the current one - e.g.
+by ``pip install --process-dependency-links
+https://github.com/matrix-org/synapse/tarball/master``
+if using pip, or by ``git pull`` if running off a git working copy.

-.. _UPGRADE.rst: UPGRADE.rst

 Setting up Federation
 =====================
@@ -410,11 +386,11 @@ IDs:
 For the first form, simply pass the required hostname (of the machine) as the
 --server-name parameter::

-    python -m synapse.app.homeserver \
+    $ python -m synapse.app.homeserver \
        --server-name machine.my.domain.name \
        --config-path homeserver.yaml \
        --generate-config
-    python -m synapse.app.homeserver --config-path homeserver.yaml
+    $ python -m synapse.app.homeserver --config-path homeserver.yaml

 Alternatively, you can run ``synctl start`` to guide you through the process.

@@ -431,17 +407,13 @@ record would then look something like::
 At this point, you should then run the homeserver with the hostname of this
 SRV record, as that is the name other machines will expect it to have::

-    python -m synapse.app.homeserver \
+    $ python -m synapse.app.homeserver \
        --server-name YOURDOMAIN \
        --config-path homeserver.yaml \
        --generate-config
-    python -m synapse.app.homeserver --config-path homeserver.yaml
+    $ python -m synapse.app.homeserver --config-path homeserver.yaml


-If you've already generated the config file, you need to edit the "server_name"
-in you  ```homeserver.yaml``` file. If you've already started Synapse and a
-database has been created, you will have to recreate the database.
-
 You may additionally want to pass one or more "-v" options, in order to
 increase the verbosity of logging output; at least for initial testing.

@@ -453,8 +425,8 @@ private federation (``localhost:8080``, ``localhost:8081`` and
 ``localhost:8082``) which you can then access through the webclient running at
 http://localhost:8080. Simply run::

-    demo/start.sh
-
+    $ demo/start.sh
+    
 This is mainly useful just for development purposes.

 Running The Demo Web Client
@@ -517,7 +489,7 @@ time.
 Where's the spec?!
 ==================

-The source of the matrix spec lives at https://github.com/matrix-org/matrix-doc.
+The source of the matrix spec lives at https://github.com/matrix-org/matrix-doc.  
 A recent HTML snapshot of this lives at http://matrix.org/docs/spec


@@ -527,10 +499,10 @@ Building Internal API Documentation
 Before building internal API documentation install sphinx and
 sphinxcontrib-napoleon::

-    pip install sphinx
-    pip install sphinxcontrib-napoleon
+    $ pip install sphinx
+    $ pip install sphinxcontrib-napoleon

 Building internal API documentation::

-    python setup.py build_sphinx
+    $ python setup.py build_sphinx

--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -1,49 +1,3 @@
-Upgrading Synapse
-=================
-
-Before upgrading check if any special steps are required to upgrade from the
-what you currently have installed to current version of synapse. The extra
-instructions that may be required are listed later in this document.
-
-If synapse was installed in a virtualenv then active that virtualenv before
-upgrading. If synapse is installed in a virtualenv in ``~/.synapse/`` then run:
-
-.. code:: bash
-
-    source ~/.synapse/bin/activate
-
-If synapse was installed using pip then upgrade to the latest version by
-running:
-
-.. code:: bash
-
-    pip install --upgrade --process-dependency-links https://github.com/matrix-org/synapse/tarball/master
-
-If synapse was installed using git then upgrade to the latest version by
-running:
-
-.. code:: bash
-
-    # Pull the latest version of the master branch.
-    git pull
-    # Update the versions of synapse's python dependencies.
-    python synapse/python_dependencies.py | xargs -n1 pip install
-
-
-Upgrading to v0.11.0
-====================
-
-This release includes the option to send anonymous usage stats to matrix.org,
-and requires that administrators explictly opt in or out by setting the
-``report_stats`` option to either ``true`` or ``false``.
-
-We would really appreciate it if you could help our project out by reporting
-anonymized usage statistics from your homeserver. Only very basic aggregate
-data (e.g. number of users) will be reported, but it helps us to track the
-growth of the Matrix community, and helps us to make Matrix a success, as well
-as to convince other networks that they should peer with us.
-
-
 Upgrading to v0.9.0
 ===================

--- a/contrib/vertobot/bot.pl
+++ b/contrib/vertobot/bot.pl
@@ -126,26 +126,12 @@ sub on_unknown_event
        if (!$bridgestate->{$room_id}->{gathered_candidates}) {
            $bridgestate->{$room_id}->{gathered_candidates} = 1;
            my $offer = $bridgestate->{$room_id}->{offer};
-            my $candidate_block = {
-                audio => '',
-                video => '',
-            };
+            my $candidate_block = "";
            foreach (@{$event->{content}->{candidates}}) {
-                if ($_->{sdpMid}) {
-                    $candidate_block->{$_->{sdpMid}} .= "a=" . $_->{candidate} . "\r\n";
-                }
-                else {
-                    $candidate_block->{audio} .= "a=" . $_->{candidate} . "\r\n";
-                    $candidate_block->{video} .= "a=" . $_->{candidate} . "\r\n";
-                }
+                $candidate_block .= "a=" . $_->{candidate} . "\r\n";
            }
-
-            # XXX: assumes audio comes first
-            #$offer =~ s/(a=rtcp-mux[\r\n]+)/$1$candidate_block->{audio}/;
-            #$offer =~ s/(a=rtcp-mux[\r\n]+)/$1$candidate_block->{video}/;
-
-            $offer =~ s/(m=video)/$candidate_block->{audio}$1/;
-            $offer =~ s/(.$)/$1\n$candidate_block->{video}$1/;
+            # XXX: collate using the right m= line - for now assume audio call
+            $offer =~ s/(a=rtcp.*[\r\n]+)/$1$candidate_block/;
            
            my $f = send_verto_json_request("verto.invite", {
                "sdp" => $offer,
@@ -186,18 +172,22 @@ sub on_room_message
    warn "[Matrix] in $room_id: $from: " . $content->{body} . "\n";    
 }

+my $verto_connecting = $loop->new_future;
+$bot_verto->connect(
+    %{ $CONFIG{"verto-bot"} },
+    on_connect_error => sub { die "Cannot connect to verto - $_[-1]" },
+    on_resolve_error => sub { die "Cannot resolve to verto - $_[-1]" },        
+)->then( sub { 
+    warn("[Verto] connected to websocket");
+    $verto_connecting->done($bot_verto) if not $verto_connecting->is_done;
+});
+
 Future->needs_all(
    $bot_matrix->login( %{ $CONFIG{"matrix-bot"} } )->then( sub {
        $bot_matrix->start;
    }),
    
-    $bot_verto->connect(
-        %{ $CONFIG{"verto-bot"} },
-        on_connect_error => sub { die "Cannot connect to verto - $_[-1]" },
-        on_resolve_error => sub { die "Cannot resolve to verto - $_[-1]" },        
-    )->on_done( sub { 
-        warn("[Verto] connected to websocket");
-    }),
+    $verto_connecting,
 )->get;

 $loop->attach_signal(
--- a/contrib/vertobot/cpanfile
+++ b/contrib/vertobot/cpanfile
@@ -11,4 +11,7 @@ requires 'YAML', 0;
 requires 'JSON', 0;
 requires 'Getopt::Long', 0;

+on 'test' => sub {
+	requires 'Test::More', '>= 0.98';
+};

--- a/demo/clean.sh
+++ b/demo/clean.sh
@@ -11,9 +11,7 @@ if [ -f $PID_FILE ]; then
    exit 1
 fi

-for port in 8080 8081 8082; do
-    rm -rf $DIR/$port
-    rm -rf $DIR/media_store.$port
-done
+find "$DIR" -name "*.log" -delete
+find "$DIR" -name "*.db" -delete

 rm -rf $DIR/etc
--- a/demo/start.sh
+++ b/demo/start.sh
@@ -8,6 +8,14 @@ cd "$DIR/.."

 mkdir -p demo/etc

+# Check the --no-rate-limit param
+PARAMS=""
+if [ $# -eq 1 ]; then
+    if [ $1 = "--no-rate-limit" ]; then
+	    PARAMS="--rc-messages-per-second 1000 --rc-message-burst-count 1000"
+    fi
+fi
+
 export PYTHONPATH=$(readlink -f $(pwd))


@@ -23,27 +31,9 @@ for port in 8080 8081 8082; do
    #rm $DIR/etc/$port.config
    python -m synapse.app.homeserver \
        --generate-config \
+        --enable_registration \
        -H "localhost:$https_port" \
        --config-path "$DIR/etc/$port.config" \
-        --report-stats no
-
-    # Check script parameters
-    if [ $# -eq 1 ]; then
-        if [ $1 = "--no-rate-limit" ]; then
-            # Set high limits in config file to disable rate limiting
-            perl -p -i -e 's/rc_messages_per_second.*/rc_messages_per_second: 1000/g' $DIR/etc/$port.config
-            perl -p -i -e 's/rc_message_burst_count.*/rc_message_burst_count: 1000/g' $DIR/etc/$port.config
-        fi
-    fi
-
-    perl -p -i -e 's/^enable_registration:.*/enable_registration: true/g' $DIR/etc/$port.config
-
-    if ! grep -F "full_twisted_stacktraces" -q  $DIR/etc/$port.config; then
-        echo "full_twisted_stacktraces: true" >> $DIR/etc/$port.config
-    fi
-    if ! grep -F "report_stats" -q  $DIR/etc/$port.config ; then
-        echo "report_stats: false" >> $DIR/etc/$port.config
-    fi

    python -m synapse.app.homeserver \
        --config-path "$DIR/etc/$port.config" \
--- a/docs/postgres.rst
+++ b/docs/postgres.rst
@@ -18,8 +18,8 @@ encoding use, e.g.::
 This would create an appropriate database named ``synapse`` owned by the
 ``synapse_user`` user (which must already exist).

-Set up client in Debian/Ubuntu
-===========================
+Set up client
+=============

 Postgres support depends on the postgres python connector ``psycopg2``. In the
 virtual env::
@@ -27,19 +27,6 @@ virtual env::
    sudo apt-get install libpq-dev
    pip install psycopg2

-Set up client in RHEL/CentOs 7
-==============================
-
-Make sure you have the appropriate version of postgres-devel installed. For a
-postgres 9.4, use the postgres 9.4 packages from
-[here](https://wiki.postgresql.org/wiki/YUM_Installation).
-
-As with Debian/Ubuntu, postgres support depends on the postgres python connector
-``psycopg2``. In the virtual env::
-
-    sudo yum install postgresql-devel libpqxx-devel.x86_64
-    export PATH=/usr/pgsql-9.4/bin/:$PATH
-    pip install psycopg2

 Synapse config
 ==============
@@ -68,8 +55,9 @@ Porting from SQLite
 Overview
 ~~~~~~~~

-The script ``synapse_port_db`` allows porting an existing synapse server
-backed by SQLite to using PostgreSQL. This is done in as a two phase process:
+The script ``port_from_sqlite_to_postgres.py`` allows porting an existing
+synapse server backed by SQLite to using PostgreSQL. This is done in as a two
+phase process:

 1. Copy the existing SQLite database to a separate location (while the server
   is down) and running the port script against that offline database.
@@ -98,7 +86,8 @@ Assuming your new config file (as described in the section *Synapse config*)
 is named ``homeserver-postgres.yaml`` and the SQLite snapshot is at
 ``homeserver.db.snapshot`` then simply run::

-    synapse_port_db --sqlite-database homeserver.db.snapshot \
+    python scripts/port_from_sqlite_to_postgres.py \
+        --sqlite-database homeserver.db.snapshot \
        --postgres-config homeserver-postgres.yaml

 The flag ``--curses`` displays a coloured curses progress UI.
@@ -111,7 +100,8 @@ To complete the conversion shut down the synapse server and run the port
 script one last time, e.g. if the SQLite database is at  ``homeserver.db``
 run::

-    synapse_port_db --sqlite-database homeserver.db \
+    python scripts/port_from_sqlite_to_postgres.py \
+        --sqlite-database homeserver.db \
        --postgres-config database_config.yaml

 Once that has completed, change the synapse config to point at the PostgreSQL
--- a/jenkins.sh
+++ b/jenkins.sh
@@ -1,70 +0,0 @@
-#!/bin/bash -eu
-
-export PYTHONDONTWRITEBYTECODE=yep
-
-# Output test results as junit xml
-export TRIAL_FLAGS="--reporter=subunit"
-export TOXSUFFIX="| subunit-1to2 | subunit2junitxml --no-passthrough --output-to=results.xml"
-
-# Output coverage to coverage.xml
-export DUMP_COVERAGE_COMMAND="coverage xml -o coverage.xml"
-
-# Output flake8 violations to violations.flake8.log
-# Don't exit with non-0 status code on Jenkins,
-# so that the build steps continue and a later step can decided whether to
-# UNSTABLE or FAILURE this build.
-export PEP8SUFFIX="--output-file=violations.flake8.log || echo flake8 finished with status code \$?"
-
-tox
-
-: ${GIT_BRANCH:="origin/$(git rev-parse --abbrev-ref HEAD)"}
-
-set +u
-. .tox/py27/bin/activate
-set -u
-
-if [[ ! -e .sytest-base ]]; then
-  git clone https://github.com/matrix-org/sytest.git .sytest-base --mirror
-else
-  (cd .sytest-base; git fetch)
-fi
-
-rm -rf sytest
-git clone .sytest-base sytest --shared
-cd sytest
-
-git checkout "${GIT_BRANCH}" || (echo >&2 "No ref ${GIT_BRANCH} found, falling back to develop" ; git checkout develop)
-
-: ${PERL5LIB:=$WORKSPACE/perl5/lib/perl5}
-: ${PERL_MB_OPT:=--install_base=$WORKSPACE/perl5}
-: ${PERL_MM_OPT:=INSTALL_BASE=$WORKSPACE/perl5}
-export PERL5LIB PERL_MB_OPT PERL_MM_OPT
-
-./install-deps.pl
-
-: ${PORT_BASE:=8000}
-
-echo >&2 "Running sytest with SQLite3";
-./run-tests.pl -O tap --synapse-directory .. --all --port-base $PORT_BASE > results-sqlite3.tap
-
-RUN_POSTGRES=""
-
-for port in $(($PORT_BASE + 1)) $(($PORT_BASE + 2)); do
-    if psql synapse_jenkins_$port <<< ""; then
-        RUN_POSTGRES=$RUN_POSTGRES:$port
-        cat > localhost-$port/database.yaml << EOF
-name: psycopg2
-args:
-    database: synapse_jenkins_$port
-EOF
-    fi
-done
-
-# Run if both postgresql databases exist
-if test $RUN_POSTGRES = ":$(($PORT_BASE + 1)):$(($PORT_BASE + 2))"; then
-    echo >&2 "Running sytest with PostgreSQL";
-    pip install psycopg2
-    ./run-tests.pl -O tap --synapse-directory .. --all --port-base $PORT_BASE > results-postgresql.tap
-else
-    echo >&2 "Skipping running sytest with PostgreSQL, $RUN_POSTGRES"
-fi
--- a/scripts-dev/check_auth.py
+++ b/scripts-dev/check_auth.py
@@ -56,9 +56,10 @@ if __name__ == '__main__':

    js = json.load(args.json)

+
    auth = Auth(Mock())
    check_auth(
        auth,
        [FrozenEvent(d) for d in js["auth_chain"]],
-        [FrozenEvent(d) for d in js.get("pdus", [])],
+        [FrozenEvent(d) for d in js["pdus"]],
    )
--- a/scripts-dev/check_event_hash.py
+++ b/scripts-dev/check_event_hash.py
@@ -1,5 +1,5 @@
 from synapse.crypto.event_signing import *
-from unpaddedbase64 import encode_base64
+from syutil.base64util import encode_base64

 import argparse
 import hashlib
--- a/scripts-dev/check_signature.py
+++ b/scripts-dev/check_signature.py
@@ -1,7 +1,9 @@

-from signedjson.sign import verify_signed_json
-from signedjson.key import decode_verify_key_bytes, write_signing_keys
-from unpaddedbase64 import decode_base64
+from syutil.crypto.jsonsign import verify_signed_json
+from syutil.crypto.signing_key import (
+    decode_verify_key_bytes, write_signing_keys
+)
+from syutil.base64util import decode_base64

 import urllib2
 import json
--- a/scripts-dev/convert_server_keys.py
+++ b/scripts-dev/convert_server_keys.py
@@ -4,10 +4,10 @@ import sys
 import json
 import time
 import hashlib
-from unpaddedbase64 import encode_base64
-from signedjson.key import read_signing_keys
-from signedjson.sign import sign_json
-from canonicaljson import encode_canonical_json
+from syutil.base64util import encode_base64
+from syutil.crypto.signing_key import read_signing_keys
+from syutil.crypto.jsonsign import sign_json
+from syutil.jsonutil import encode_canonical_json


 def select_v1_keys(connection):
--- a/scripts-dev/definitions.py
+++ b/scripts-dev/definitions.py
@@ -1,175 +0,0 @@
-#! /usr/bin/python
-
-import ast
-import yaml
-
-class DefinitionVisitor(ast.NodeVisitor):
-    def __init__(self):
-        super(DefinitionVisitor, self).__init__()
-        self.functions = {}
-        self.classes = {}
-        self.names = {}
-        self.attrs = set()
-        self.definitions = {
-            'def': self.functions,
-            'class': self.classes,
-            'names': self.names,
-            'attrs': self.attrs,
-        }
-
-    def visit_Name(self, node):
-        self.names.setdefault(type(node.ctx).__name__, set()).add(node.id)
-
-    def visit_Attribute(self, node):
-        self.attrs.add(node.attr)
-        for child in ast.iter_child_nodes(node):
-            self.visit(child)
-
-    def visit_ClassDef(self, node):
-        visitor = DefinitionVisitor()
-        self.classes[node.name] = visitor.definitions
-        for child in ast.iter_child_nodes(node):
-            visitor.visit(child)
-
-    def visit_FunctionDef(self, node):
-        visitor = DefinitionVisitor()
-        self.functions[node.name] = visitor.definitions
-        for child in ast.iter_child_nodes(node):
-            visitor.visit(child)
-
-
-def non_empty(defs):
-    functions = {name: non_empty(f) for name, f in defs['def'].items()}
-    classes = {name: non_empty(f) for name, f in defs['class'].items()}
-    result = {}
-    if functions: result['def'] = functions
-    if classes: result['class'] = classes
-    names = defs['names']
-    uses = []
-    for name in names.get('Load', ()):
-        if name not in names.get('Param', ()) and name not in names.get('Store', ()):
-            uses.append(name)
-    uses.extend(defs['attrs'])
-    if uses: result['uses'] = uses
-    result['names'] = names
-    result['attrs'] = defs['attrs']
-    return result
-
-
-def definitions_in_code(input_code):
-    input_ast = ast.parse(input_code)
-    visitor = DefinitionVisitor()
-    visitor.visit(input_ast)
-    definitions = non_empty(visitor.definitions)
-    return definitions
-
-
-def definitions_in_file(filepath):
-    with open(filepath) as f:
-        return definitions_in_code(f.read())
-
-
-def defined_names(prefix, defs, names):
-    for name, funcs in defs.get('def', {}).items():
-        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
-        defined_names(prefix + name + ".", funcs, names)
-
-    for name, funcs in defs.get('class', {}).items():
-        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
-        defined_names(prefix + name + ".", funcs, names)
-
-
-def used_names(prefix, item, defs, names):
-    for name, funcs in defs.get('def', {}).items():
-        used_names(prefix + name + ".", name, funcs, names)
-
-    for name, funcs in defs.get('class', {}).items():
-        used_names(prefix + name + ".", name, funcs, names)
-
-    for used in defs.get('uses', ()):
-        if used in names:
-            names[used].setdefault('used', {}).setdefault(item, []).append(prefix.rstrip('.'))
-
-
-if __name__ == '__main__':
-    import sys, os, argparse, re
-
-    parser = argparse.ArgumentParser(description='Find definitions.')
-    parser.add_argument(
-        "--unused", action="store_true", help="Only list unused definitions"
-    )
-    parser.add_argument(
-        "--ignore", action="append", metavar="REGEXP", help="Ignore a pattern"
-    )
-    parser.add_argument(
-        "--pattern", action="append", metavar="REGEXP",
-        help="Search for a pattern"
-    )
-    parser.add_argument(
-        "directories", nargs='+', metavar="DIR",
-        help="Directories to search for definitions"
-    )
-    parser.add_argument(
-        "--referrers", default=0, type=int,
-        help="Include referrers up to the given depth"
-    )
-    parser.add_argument(
-        "--format", default="yaml",
-        help="Output format, one of 'yaml' or 'dot'"
-    )
-    args = parser.parse_args()
-
-    definitions = {}
-    for directory in args.directories:
-        for root, dirs, files in os.walk(directory):
-            for filename in files:
-                if filename.endswith(".py"):
-                    filepath = os.path.join(root, filename)
-                    definitions[filepath] = definitions_in_file(filepath)
-
-    names = {}
-    for filepath, defs in definitions.items():
-        defined_names(filepath + ":", defs, names)
-
-    for filepath, defs in definitions.items():
-        used_names(filepath + ":", None, defs, names)
-
-    patterns = [re.compile(pattern) for pattern in args.pattern or ()]
-    ignore = [re.compile(pattern) for pattern in args.ignore or ()]
-
-    result = {}
-    for name, definition in names.items():
-        if patterns and not any(pattern.match(name) for pattern in patterns):
-            continue
-        if ignore and any(pattern.match(name) for pattern in ignore):
-            continue
-        if args.unused and definition.get('used'):
-            continue
-        result[name] = definition
-
-    referrer_depth = args.referrers
-    referrers = set()
-    while referrer_depth:
-        referrer_depth -= 1
-        for entry in result.values():
-            for used_by in entry.get("used", ()):
-                referrers.add(used_by)
-        for name, definition in names.items():
-            if not name in referrers:
-                continue
-            if ignore and any(pattern.match(name) for pattern in ignore):
-                continue
-            result[name] = definition
-
-    if args.format == 'yaml':
-        yaml.dump(result, sys.stdout, default_flow_style=False)
-    elif args.format == 'dot':
-        print "digraph {"
-        for name, entry in result.items():
-            print name
-            for used_by in entry.get("used", ()):
-                if used_by in result:
-                    print used_by, "->", name
-        print "}"
-    else:
-        raise ValueError("Unknown format %r" % (args.format))
--- a/scripts-dev/hash_history.py
+++ b/scripts-dev/hash_history.py
@@ -6,8 +6,8 @@ from synapse.crypto.event_signing import (
    add_event_pdu_content_hash, compute_pdu_event_reference_hash
 )
 from synapse.api.events.utils import prune_pdu
-from unpaddedbase64 import encode_base64, decode_base64
-from canonicaljson import encode_canonical_json
+from syutil.base64util import encode_base64, decode_base64
+from syutil.jsonutil import encode_canonical_json
 import sqlite3
 import sys

--- a/scripts/database-prepare-for-0.0.1.sh
+++ b/scripts/database-prepare-for-0.0.1.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# This is will prepare a synapse database for running with v0.0.1 of synapse. 
+# It will store all the user information, but will *delete* all messages and
+# room data.
+
+set -e
+
+cp "$1" "$1.bak"
+
+DUMP=$(sqlite3 "$1" << 'EOF'
+.dump users
+.dump access_tokens
+.dump presence
+.dump profiles
+EOF
+)
+
+rm "$1"
+
+sqlite3 "$1" <<< "$DUMP" 
--- a/scripts/database-prepare-for-0.5.0.sh
+++ b/scripts/database-prepare-for-0.5.0.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# This is will prepare a synapse database for running with v0.5.0 of synapse. 
+# It will store all the user information, but will *delete* all messages and
+# room data.
+
+set -e
+
+cp "$1" "$1.bak"
+
+DUMP=$(sqlite3 "$1" << 'EOF'
+.dump users
+.dump access_tokens
+.dump presence
+.dump profiles
+EOF
+)
+
+rm "$1"
+
+sqlite3 "$1" <<< "$DUMP" 
--- a/scripts/port_from_sqlite_to_postgres.py
+++ b/scripts/port_from_sqlite_to_postgres.py
@@ -29,7 +29,7 @@ import traceback
 import yaml


-logger = logging.getLogger("synapse_port_db")
+logger = logging.getLogger("port_from_sqlite_to_postgres")


 BOOLEAN_COLUMNS = {
@@ -68,7 +68,6 @@ APPEND_ONLY_TABLES = [
    "state_groups_state",
    "event_to_state_groups",
    "rejections",
-    "event_search",
 ]


@@ -96,6 +95,8 @@ class Store(object):
    _simple_update_one = SQLBaseStore.__dict__["_simple_update_one"]
    _simple_update_one_txn = SQLBaseStore.__dict__["_simple_update_one_txn"]

+    _execute_and_decode = SQLBaseStore.__dict__["_execute_and_decode"]
+
    def runInteraction(self, desc, func, *args, **kwargs):
        def r(conn):
            try:
@@ -230,51 +231,19 @@ class Porter(object):
            if rows:
                next_chunk = rows[-1][0] + 1

-                if table == "event_search":
-                    # We have to treat event_search differently since it has a
-                    # different structure in the two different databases.
-                    def insert(txn):
-                        sql = (
-                            "INSERT INTO event_search (event_id, room_id, key, sender, vector)"
-                            " VALUES (?,?,?,?,to_tsvector('english', ?))"
-                        )
+                self._convert_rows(table, headers, rows)

-                        rows_dict = [
-                            dict(zip(headers, row))
-                            for row in rows
-                        ]
+                def insert(txn):
+                    self.postgres_store.insert_many_txn(
+                        txn, table, headers[1:], rows
+                    )

-                        txn.executemany(sql, [
-                            (
-                                row["event_id"],
-                                row["room_id"],
-                                row["key"],
-                                row["sender"],
-                                row["value"],
-                            )
-                            for row in rows_dict
-                        ])
-
-                        self.postgres_store._simple_update_one_txn(
-                            txn,
-                            table="port_from_sqlite3",
-                            keyvalues={"table_name": table},
-                            updatevalues={"rowid": next_chunk},
-                        )
-                else:
-                    self._convert_rows(table, headers, rows)
-
-                    def insert(txn):
-                        self.postgres_store.insert_many_txn(
-                            txn, table, headers[1:], rows
-                        )
-
-                        self.postgres_store._simple_update_one_txn(
-                            txn,
-                            table="port_from_sqlite3",
-                            keyvalues={"table_name": table},
-                            updatevalues={"rowid": next_chunk},
-                        )
+                    self.postgres_store._simple_update_one_txn(
+                        txn,
+                        table="port_from_sqlite3",
+                        keyvalues={"table_name": table},
+                        updatevalues={"rowid": next_chunk},
+                    )

                yield self.postgres_store.execute(insert)

@@ -443,17 +412,14 @@ class Porter(object):
        self._convert_rows("sent_transactions", headers, rows)

        inserted_rows = len(rows)
-        if inserted_rows:
-            max_inserted_rowid = max(r[0] for r in rows)
+        max_inserted_rowid = max(r[0] for r in rows)

-            def insert(txn):
-                self.postgres_store.insert_many_txn(
-                    txn, "sent_transactions", headers[1:], rows
-                )
+        def insert(txn):
+            self.postgres_store.insert_many_txn(
+                txn, "sent_transactions", headers[1:], rows
+            )

-            yield self.postgres_store.execute(insert)
-        else:
-            max_inserted_rowid = 0
+        yield self.postgres_store.execute(insert)

        def get_start_id(txn):
            txn.execute(
--- a/scripts/upgrade_db_to_v0.6.0.py
+++ b/scripts/upgrade_db_to_v0.6.0.py
@@ -0,0 +1,331 @@
+#!/usr/bin/env python
+from synapse.storage import SCHEMA_VERSION, read_schema
+from synapse.storage._base import SQLBaseStore
+from synapse.storage.signatures import SignatureStore
+from synapse.storage.event_federation import EventFederationStore
+
+from syutil.base64util import encode_base64, decode_base64
+
+from synapse.crypto.event_signing import compute_event_signature
+
+from synapse.events.builder import EventBuilder
+from synapse.events.utils import prune_event
+
+from synapse.crypto.event_signing import check_event_content_hash
+
+from syutil.crypto.jsonsign import (
+    verify_signed_json, SignatureVerifyException,
+)
+from syutil.crypto.signing_key import decode_verify_key_bytes
+
+from syutil.jsonutil import encode_canonical_json
+
+import argparse
+# import dns.resolver
+import hashlib
+import httplib
+import json
+import sqlite3
+import syutil
+import urllib2
+
+
+delta_sql = """
+CREATE TABLE IF NOT EXISTS event_json(
+    event_id TEXT NOT NULL,
+    room_id TEXT NOT NULL,
+    internal_metadata NOT NULL,
+    json BLOB NOT NULL,
+    CONSTRAINT ev_j_uniq UNIQUE (event_id)
+);
+
+CREATE INDEX IF NOT EXISTS event_json_id ON event_json(event_id);
+CREATE INDEX IF NOT EXISTS event_json_room_id ON event_json(room_id);
+
+PRAGMA user_version = 10;
+"""
+
+
+class Store(object):
+    _get_event_signatures_txn = SignatureStore.__dict__["_get_event_signatures_txn"]
+    _get_event_content_hashes_txn = SignatureStore.__dict__["_get_event_content_hashes_txn"]
+    _get_event_reference_hashes_txn = SignatureStore.__dict__["_get_event_reference_hashes_txn"]
+    _get_prev_event_hashes_txn = SignatureStore.__dict__["_get_prev_event_hashes_txn"]
+    _get_prev_events_and_state = EventFederationStore.__dict__["_get_prev_events_and_state"]
+    _get_auth_events = EventFederationStore.__dict__["_get_auth_events"]
+    cursor_to_dict = SQLBaseStore.__dict__["cursor_to_dict"]
+    _simple_select_onecol_txn = SQLBaseStore.__dict__["_simple_select_onecol_txn"]
+    _simple_select_list_txn = SQLBaseStore.__dict__["_simple_select_list_txn"]
+    _simple_insert_txn = SQLBaseStore.__dict__["_simple_insert_txn"]
+
+    def _generate_event_json(self, txn, rows):
+        events = []
+        for row in rows:
+            d = dict(row)
+
+            d.pop("stream_ordering", None)
+            d.pop("topological_ordering", None)
+            d.pop("processed", None)
+
+            if "origin_server_ts" not in d:
+                d["origin_server_ts"] = d.pop("ts", 0)
+            else:
+                d.pop("ts", 0)
+
+            d.pop("prev_state", None)
+            d.update(json.loads(d.pop("unrecognized_keys")))
+
+            d["sender"] = d.pop("user_id")
+
+            d["content"] = json.loads(d["content"])
+
+            if "age_ts" not in d:
+                # For compatibility
+                d["age_ts"] = d.get("origin_server_ts", 0)
+
+            d.setdefault("unsigned", {})["age_ts"] = d.pop("age_ts")
+
+            outlier = d.pop("outlier", False)
+
+            # d.pop("membership", None)
+
+            d.pop("state_hash", None)
+
+            d.pop("replaces_state", None)
+
+            b = EventBuilder(d)
+            b.internal_metadata.outlier = outlier
+
+            events.append(b)
+
+        for i, ev in enumerate(events):
+            signatures = self._get_event_signatures_txn(
+                txn, ev.event_id,
+            )
+
+            ev.signatures = {
+                n: {
+                    k: encode_base64(v) for k, v in s.items()
+                }
+                for n, s in signatures.items()
+            }
+
+            hashes = self._get_event_content_hashes_txn(
+                txn, ev.event_id,
+            )
+
+            ev.hashes = {
+                k: encode_base64(v) for k, v in hashes.items()
+            }
+
+            prevs = self._get_prev_events_and_state(txn, ev.event_id)
+
+            ev.prev_events = [
+                (e_id, h)
+                for e_id, h, is_state in prevs
+                if is_state == 0
+            ]
+
+            # ev.auth_events = self._get_auth_events(txn, ev.event_id)
+
+            hashes = dict(ev.auth_events)
+
+            for e_id, hash in ev.prev_events:
+                if e_id in hashes and not hash:
+                    hash.update(hashes[e_id])
+            #
+            # if hasattr(ev, "state_key"):
+            #     ev.prev_state = [
+            #         (e_id, h)
+            #         for e_id, h, is_state in prevs
+            #         if is_state == 1
+            #     ]
+
+        return [e.build() for e in events]
+
+
+store = Store()
+
+
+# def get_key(server_name):
+#     print "Getting keys for: %s" % (server_name,)
+#     targets = []
+#     if ":" in server_name:
+#         target, port = server_name.split(":")
+#         targets.append((target, int(port)))
+#     try:
+#         answers = dns.resolver.query("_matrix._tcp." + server_name, "SRV")
+#         for srv in answers:
+#             targets.append((srv.target, srv.port))
+#     except dns.resolver.NXDOMAIN:
+#         targets.append((server_name, 8448))
+#     except:
+#         print "Failed to lookup keys for %s" % (server_name,)
+#         return {}
+#
+#     for target, port in targets:
+#         url = "https://%s:%i/_matrix/key/v1" % (target, port)
+#         try:
+#             keys = json.load(urllib2.urlopen(url, timeout=2))
+#             verify_keys = {}
+#             for key_id, key_base64 in keys["verify_keys"].items():
+#                 verify_key = decode_verify_key_bytes(
+#                     key_id, decode_base64(key_base64)
+#                 )
+#                 verify_signed_json(keys, server_name, verify_key)
+#                 verify_keys[key_id] = verify_key
+#             print "Got keys for: %s" % (server_name,)
+#             return verify_keys
+#         except urllib2.URLError:
+#             pass
+#         except urllib2.HTTPError:
+#             pass
+#         except httplib.HTTPException:
+#             pass
+#
+#     print "Failed to get keys for %s" % (server_name,)
+#     return {}
+
+
+def reinsert_events(cursor, server_name, signing_key):
+    print "Running delta: v10"
+
+    cursor.executescript(delta_sql)
+
+    cursor.execute(
+        "SELECT * FROM events ORDER BY rowid ASC"
+    )
+
+    print "Getting events..."
+
+    rows = store.cursor_to_dict(cursor)
+
+    events = store._generate_event_json(cursor, rows)
+
+    print "Got events from DB."
+
+    algorithms = {
+        "sha256": hashlib.sha256,
+    }
+
+    key_id = "%s:%s" % (signing_key.alg, signing_key.version)
+    verify_key = signing_key.verify_key
+    verify_key.alg = signing_key.alg
+    verify_key.version = signing_key.version
+
+    server_keys = {
+        server_name: {
+            key_id: verify_key
+        }
+    }
+
+    i = 0
+    N = len(events)
+
+    for event in events:
+        if i % 100 == 0:
+            print "Processed: %d/%d events" % (i,N,)
+        i += 1
+
+        # for alg_name in event.hashes:
+        #     if check_event_content_hash(event, algorithms[alg_name]):
+        #         pass
+        #     else:
+        #         pass
+        #         print "FAIL content hash %s %s" % (alg_name, event.event_id, )
+
+        have_own_correctly_signed = False
+        for host, sigs in event.signatures.items():
+            pruned = prune_event(event)
+
+            for key_id in sigs:
+                if host not in server_keys:
+                    server_keys[host] = {}  # get_key(host)
+                if key_id in server_keys[host]:
+                    try:
+                        verify_signed_json(
+                            pruned.get_pdu_json(),
+                            host,
+                            server_keys[host][key_id]
+                        )
+
+                        if host == server_name:
+                            have_own_correctly_signed = True
+                    except SignatureVerifyException:
+                        print "FAIL signature check %s %s" % (
+                            key_id, event.event_id
+                        )
+
+        # TODO: Re sign with our own server key
+        if not have_own_correctly_signed:
+            sigs = compute_event_signature(event, server_name, signing_key)
+            event.signatures.update(sigs)
+
+            pruned = prune_event(event)
+
+            for key_id in event.signatures[server_name]:
+                verify_signed_json(
+                    pruned.get_pdu_json(),
+                    server_name,
+                    server_keys[server_name][key_id]
+                )
+
+        event_json = encode_canonical_json(
+            event.get_dict()
+        ).decode("UTF-8")
+
+        metadata_json = encode_canonical_json(
+            event.internal_metadata.get_dict()
+        ).decode("UTF-8")
+
+        store._simple_insert_txn(
+            cursor,
+            table="event_json",
+            values={
+                "event_id": event.event_id,
+                "room_id": event.room_id,
+                "internal_metadata": metadata_json,
+                "json": event_json,
+            },
+            or_replace=True,
+        )
+
+
+def main(database, server_name, signing_key):
+    conn = sqlite3.connect(database)
+    cursor = conn.cursor()
+
+    # Do other deltas:
+    cursor.execute("PRAGMA user_version")
+    row = cursor.fetchone()
+
+    if row and row[0]:
+        user_version = row[0]
+        # Run every version since after the current version.
+        for v in range(user_version + 1, 10):
+            print "Running delta: %d" % (v,)
+            sql_script = read_schema("delta/v%d" % (v,))
+            cursor.executescript(sql_script)
+
+    reinsert_events(cursor, server_name, signing_key)
+
+    conn.commit()
+
+    print "Success!"
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument("database")
+    parser.add_argument("server_name")
+    parser.add_argument(
+        "signing_key", type=argparse.FileType('r'),
+    )
+    args = parser.parse_args()
+
+    signing_key = syutil.crypto.signing_key.read_signing_keys(
+        args.signing_key
+    )
+
+    main(args.database, args.server_name, signing_key[0])
--- a/setup.cfg
+++ b/setup.cfg
@@ -3,6 +3,9 @@ source-dir = docs/sphinx
 build-dir  = docs/build
 all_files  = 1

+[aliases]
+test = trial
+
 [trial]
 test_suite = tests

@@ -13,6 +16,3 @@ ignore =
    docs/*
    pylint.cfg
    tox.ini
-
-[flake8]
-max-line-length = 90
--- a/setup.py
+++ b/setup.py
@@ -16,8 +16,7 @@

 import glob
 import os
-from setuptools import setup, find_packages, Command
-import sys
+from setuptools import setup, find_packages


 here = os.path.abspath(os.path.dirname(__file__))
@@ -38,39 +37,6 @@ def exec_file(path_segments):
    exec(code, result)
    return result

-
-class Tox(Command):
-    user_options = [('tox-args=', 'a', "Arguments to pass to tox")]
-
-    def initialize_options(self):
-        self.tox_args = None
-
-    def finalize_options(self):
-        self.test_args = []
-        self.test_suite = True
-
-    def run(self):
-        #import here, cause outside the eggs aren't loaded
-        try:
-            import tox
-        except ImportError:
-            try:
-                self.distribution.fetch_build_eggs("tox")
-                import tox
-            except:
-                raise RuntimeError(
-                    "The tests need 'tox' to run. Please install 'tox'."
-                )
-        import shlex
-        args = self.tox_args
-        if args:
-            args = shlex.split(self.tox_args)
-        else:
-            args = []
-        errno = tox.cmdline(args=args)
-        sys.exit(errno)
-
-
 version = exec_file(("synapse", "__init__.py"))["__version__"]
 dependencies = exec_file(("synapse", "python_dependencies.py"))
 long_description = read_file(("README.rst",))
@@ -81,10 +47,14 @@ setup(
    packages=find_packages(exclude=["tests", "tests.*"]),
    description="Reference Synapse Home Server",
    install_requires=dependencies['requirements'](include_conditional=True).keys(),
-    dependency_links=dependencies["DEPENDENCY_LINKS"].values(),
+    setup_requires=[
+        "Twisted==14.0.2", # Here to override setuptools_trial's dependency on Twisted>=2.4.0
+        "setuptools_trial",
+        "mock"
+    ],
+    dependency_links=dependencies["DEPENDENCY_LINKS"],
    include_package_data=True,
    zip_safe=False,
    long_description=long_description,
    scripts=["synctl"] + glob.glob("scripts/*"),
-    cmdclass={'test': Tox},
 )
--- a/synapse/static/client/register/index.html
+++ b/synapse/static/client/register/index.html
--- a/synapse/static/client/login/js/jquery-2.1.3.min.js
+++ b/synapse/static/client/login/js/jquery-2.1.3.min.js
--- a/synapse/static/client/register/js/recaptcha_ajax.js
+++ b/synapse/static/client/register/js/recaptcha_ajax.js
--- a/synapse/static/client/register/js/register.js
+++ b/synapse/static/client/register/js/register.js
--- a/synapse/static/client/register/register_config.sample.js
+++ b/synapse/static/client/register/register_config.sample.js
--- a/synapse/static/client/register/style.css
+++ b/synapse/static/client/register/style.css
--- a/synapse/init.py
+++ b/synapse/init.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """

-__version__ = "0.12.0-rc2"
+__version__ = "0.9.2-r2"
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -14,28 +14,22 @@
 # limitations under the License.

 """This module contains classes for authenticating the user."""
-from canonicaljson import encode_canonical_json
-from signedjson.key import decode_verify_key_bytes
-from signedjson.sign import verify_signed_json, SignatureVerifyException

 from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership, JoinRules
-from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
-from synapse.types import RoomID, UserID, EventID
+from synapse.api.errors import AuthError, Codes, SynapseError
 from synapse.util.logutils import log_function
-from unpaddedbase64 import decode_base64
+from synapse.types import UserID, ClientInfo

 import logging
-import pymacaroons

 logger = logging.getLogger(__name__)


 AuthEventTypes = (
    EventTypes.Create, EventTypes.Member, EventTypes.PowerLevels,
-    EventTypes.JoinRules, EventTypes.RoomHistoryVisibility,
-    EventTypes.ThirdPartyInvite,
+    EventTypes.JoinRules,
 )


@@ -46,27 +40,13 @@ class Auth(object):
        self.store = hs.get_datastore()
        self.state = hs.get_state_handler()
        self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
-        self._KNOWN_CAVEAT_PREFIXES = set([
-            "gen = ",
-            "guest = ",
-            "type = ",
-            "time < ",
-            "user_id = ",
-        ])

    def check(self, event, auth_events):
        """ Checks if this event is correctly authed.

-        Args:
-            event: the event being checked.
-            auth_events (dict: event-key -> event): the existing room state.
-
-
        Returns:
            True if the auth checks pass.
        """
-        self.check_size_limits(event)
-
        try:
            if not hasattr(event, "room_id"):
                raise AuthError(500, "Event has no room_id: %s" % event)
@@ -80,23 +60,6 @@ class Auth(object):
                # FIXME
                return True

-            creation_event = auth_events.get((EventTypes.Create, ""), None)
-
-            if not creation_event:
-                raise SynapseError(
-                    403,
-                    "Room %r does not exist" % (event.room_id,)
-                )
-
-            creating_domain = RoomID.from_string(event.room_id).domain
-            originating_domain = UserID.from_string(event.sender).domain
-            if creating_domain != originating_domain:
-                if not self.can_federate(event, auth_events):
-                    raise AuthError(
-                        403,
-                        "This room has been marked as unfederatable."
-                    )
-
            # FIXME: Temp hack
            if event.type == EventTypes.Aliases:
                return True
@@ -123,7 +86,7 @@ class Auth(object):
                self._check_power_levels(event, auth_events)

            if event.type == EventTypes.Redaction:
-                self.check_redaction(event, auth_events)
+                self._check_redaction(event, auth_events)

            logger.debug("Allowing! %s", event)
        except AuthError as e:
@@ -134,39 +97,8 @@ class Auth(object):
            logger.info("Denying! %s", event)
            raise

-    def check_size_limits(self, event):
-        def too_big(field):
-            raise EventSizeError("%s too large" % (field,))
-
-        if len(event.user_id) > 255:
-            too_big("user_id")
-        if len(event.room_id) > 255:
-            too_big("room_id")
-        if event.is_state() and len(event.state_key) > 255:
-            too_big("state_key")
-        if len(event.type) > 255:
-            too_big("type")
-        if len(event.event_id) > 255:
-            too_big("event_id")
-        if len(encode_canonical_json(event.get_pdu_json())) > 65536:
-            too_big("event")
-
    @defer.inlineCallbacks
    def check_joined_room(self, room_id, user_id, current_state=None):
-        """Check if the user is currently joined in the room
-        Args:
-            room_id(str): The room to check.
-            user_id(str): The user to check.
-            current_state(dict): Optional map of the current state of the room.
-                If provided then that map is used to check whether they are a
-                member of the room. Otherwise the current membership is
-                loaded from the database.
-        Raises:
-            AuthError if the user is not in the room.
-        Returns:
-            A deferred membership event for the user if the user is in
-            the room.
-        """
        if current_state:
            member = current_state.get(
                (EventTypes.Member, user_id),
@@ -182,40 +114,6 @@ class Auth(object):
        self._check_joined_room(member, user_id, room_id)
        defer.returnValue(member)

-    @defer.inlineCallbacks
-    def check_user_was_in_room(self, room_id, user_id):
-        """Check if the user was in the room at some point.
-        Args:
-            room_id(str): The room to check.
-            user_id(str): The user to check.
-        Raises:
-            AuthError if the user was never in the room.
-        Returns:
-            A deferred membership event for the user if the user was in the
-            room. This will be the join event if they are currently joined to
-            the room. This will be the leave event if they have left the room.
-        """
-        member = yield self.state.get_current_state(
-            room_id=room_id,
-            event_type=EventTypes.Member,
-            state_key=user_id
-        )
-        membership = member.membership if member else None
-
-        if membership not in (Membership.JOIN, Membership.LEAVE):
-            raise AuthError(403, "User %s not in room %s" % (
-                user_id, room_id
-            ))
-
-        if membership == Membership.LEAVE:
-            forgot = yield self.store.did_forget(user_id, room_id)
-            if forgot:
-                raise AuthError(403, "User %s not in room %s" % (
-                    user_id, room_id
-                ))
-
-        defer.returnValue(member)
-
    @defer.inlineCallbacks
    def check_host_in_room(self, room_id, host):
        curr_state = yield self.state.get_current_state(room_id)
@@ -250,11 +148,6 @@ class Auth(object):
                user_id, room_id, repr(member)
            ))

-    def can_federate(self, event, auth_events):
-        creation_event = auth_events.get((EventTypes.Create, ""))
-
-        return creation_event.content.get("m.federate", True) is True
-
    @log_function
    def is_membership_change_allowed(self, event, auth_events):
        membership = event.content["membership"]
@@ -270,15 +163,6 @@ class Auth(object):

        target_user_id = event.state_key

-        creating_domain = RoomID.from_string(event.room_id).domain
-        target_domain = UserID.from_string(target_user_id).domain
-        if creating_domain != target_domain:
-            if not self.can_federate(event, auth_events):
-                raise AuthError(
-                    403,
-                    "This room has been marked as unfederatable."
-                )
-
        # get info about the caller
        key = (EventTypes.Member, event.user_id, )
        caller = auth_events.get(key)
@@ -303,9 +187,6 @@ class Auth(object):
            join_rule = JoinRules.INVITE

        user_level = self._get_user_power_level(event.user_id, auth_events)
-        target_level = self._get_user_power_level(
-            target_user_id, auth_events
-        )

        # FIXME (erikj): What should we do here as the default?
        ban_level = self._get_named_level(auth_events, "ban", 50)
@@ -324,17 +205,8 @@ class Auth(object):
            }
        )

-        if Membership.INVITE == membership and "third_party_invite" in event.content:
-            if not self._verify_third_party_invite(event, auth_events):
-                raise AuthError(403, "You are not invited to this room.")
-            return True
-
        if Membership.JOIN != membership:
-            if (caller_invited
-                    and Membership.LEAVE == membership
-                    and target_user_id == event.user_id):
-                return True
-
+            # JOIN is the only action you can perform if you're not in the room
            if not caller_in_room:  # caller isn't joined
                raise AuthError(
                    403,
@@ -386,78 +258,18 @@ class Auth(object):
            elif target_user_id != event.user_id:
                kick_level = self._get_named_level(auth_events, "kick", 50)

-                if user_level < kick_level or user_level <= target_level:
+                if user_level < kick_level:
                    raise AuthError(
                        403, "You cannot kick user %s." % target_user_id
                    )
        elif Membership.BAN == membership:
-            if user_level < ban_level or user_level <= target_level:
+            if user_level < ban_level:
                raise AuthError(403, "You don't have permission to ban")
        else:
            raise AuthError(500, "Unknown membership %s" % membership)

        return True

-    def _verify_third_party_invite(self, event, auth_events):
-        """
-        Validates that the invite event is authorized by a previous third-party invite.
-
-        Checks that the public key, and keyserver, match those in the third party invite,
-        and that the invite event has a signature issued using that public key.
-
-        Args:
-            event: The m.room.member join event being validated.
-            auth_events: All relevant previous context events which may be used
-                for authorization decisions.
-
-        Return:
-            True if the event fulfills the expectations of a previous third party
-            invite event.
-        """
-        if "third_party_invite" not in event.content:
-            return False
-        if "signed" not in event.content["third_party_invite"]:
-            return False
-        signed = event.content["third_party_invite"]["signed"]
-        for key in {"mxid", "token"}:
-            if key not in signed:
-                return False
-
-        token = signed["token"]
-
-        invite_event = auth_events.get(
-            (EventTypes.ThirdPartyInvite, token,)
-        )
-        if not invite_event:
-            return False
-
-        if event.user_id != invite_event.user_id:
-            return False
-        try:
-            public_key = invite_event.content["public_key"]
-            if signed["mxid"] != event.state_key:
-                return False
-            if signed["token"] != token:
-                return False
-            for server, signature_block in signed["signatures"].items():
-                for key_name, encoded_signature in signature_block.items():
-                    if not key_name.startswith("ed25519:"):
-                        return False
-                    verify_key = decode_verify_key_bytes(
-                        key_name,
-                        decode_base64(public_key)
-                    )
-                    verify_signed_json(signed, server, verify_key)
-
-                    # We got the public key from the invite, so we know that the
-                    # correct server signed the signed bundle.
-                    # The caller is responsible for checking that the signing
-                    # server has not revoked that public key.
-                    return True
-            return False
-        except (KeyError, SignatureVerifyException,):
-            return False
-
    def _get_power_level_event(self, auth_events):
        key = (EventTypes.PowerLevels, "", )
        return auth_events.get(key)
@@ -496,15 +308,15 @@ class Auth(object):
            return default

    @defer.inlineCallbacks
-    def get_user_by_req(self, request, allow_guest=False):
+    def get_user_by_req(self, request):
        """ Get a registered user's ID.

        Args:
            request - An HTTP request with an access_token query parameter.
        Returns:
-            tuple of:
-                UserID (str)
-                Access token ID (str)
+            tuple : of UserID and device string:
+                User ID object of the user making the request
+                Client ID object of the client instance the user is using
        Raises:
            AuthError if no user by that token exists or the token is invalid.
        """
@@ -532,17 +344,17 @@ class Auth(object):
                if not user_id:
                    raise KeyError

-                request.authenticated_entity = user_id
-
-                defer.returnValue((UserID.from_string(user_id), "", False))
+                defer.returnValue(
+                    (UserID.from_string(user_id), ClientInfo("", ""))
+                )
                return
            except KeyError:
-                pass  # normal users won't have the user_id query parameter set.
+                pass  # normal users won't have this query parameter set

-            user_info = yield self._get_user_by_access_token(access_token)
+            user_info = yield self.get_user_by_token(access_token)
            user = user_info["user"]
+            device_id = user_info["device_id"]
            token_id = user_info["token_id"]
-            is_guest = user_info["is_guest"]

            ip_addr = self.hs.get_ip_from_request(request)
            user_agent = request.requestHeaders.getRawHeaders(
@@ -553,18 +365,12 @@ class Auth(object):
                self.store.insert_client_ip(
                    user=user,
                    access_token=access_token,
+                    device_id=user_info["device_id"],
                    ip=ip_addr,
                    user_agent=user_agent
                )

-            if is_guest and not allow_guest:
-                raise AuthError(
-                    403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
-                )
-
-            request.authenticated_entity = user.to_string()
-
-            defer.returnValue((user, token_id, is_guest,))
+            defer.returnValue((user, ClientInfo(device_id, token_id)))
        except KeyError:
            raise AuthError(
                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
@@ -572,133 +378,30 @@ class Auth(object):
            )

    @defer.inlineCallbacks
-    def _get_user_by_access_token(self, token):
+    def get_user_by_token(self, token):
        """ Get a registered user's ID.

        Args:
            token (str): The access token to get the user by.
        Returns:
-            dict : dict that includes the user and the ID of their access token.
+            dict : dict that includes the user, device_id, and whether the
+                user is a server admin.
        Raises:
            AuthError if no user by that token exists or the token is invalid.
        """
-        try:
-            ret = yield self._get_user_from_macaroon(token)
-        except AuthError:
-            # TODO(daniel): Remove this fallback when all existing access tokens
-            # have been re-issued as macaroons.
-            ret = yield self._look_up_user_by_access_token(token)
-        defer.returnValue(ret)
-
-    @defer.inlineCallbacks
-    def _get_user_from_macaroon(self, macaroon_str):
-        try:
-            macaroon = pymacaroons.Macaroon.deserialize(macaroon_str)
-            self.validate_macaroon(macaroon, "access", False)
-
-            user_prefix = "user_id = "
-            user = None
-            guest = False
-            for caveat in macaroon.caveats:
-                if caveat.caveat_id.startswith(user_prefix):
-                    user = UserID.from_string(caveat.caveat_id[len(user_prefix):])
-                elif caveat.caveat_id == "guest = true":
-                    guest = True
-
-            if user is None:
-                raise AuthError(
-                    self.TOKEN_NOT_FOUND_HTTP_STATUS, "No user caveat in macaroon",
-                    errcode=Codes.UNKNOWN_TOKEN
-                )
-
-            if guest:
-                ret = {
-                    "user": user,
-                    "is_guest": True,
-                    "token_id": None,
-                }
-            else:
-                # This codepath exists so that we can actually return a
-                # token ID, because we use token IDs in place of device
-                # identifiers throughout the codebase.
-                # TODO(daniel): Remove this fallback when device IDs are
-                # properly implemented.
-                ret = yield self._look_up_user_by_access_token(macaroon_str)
-                if ret["user"] != user:
-                    logger.error(
-                        "Macaroon user (%s) != DB user (%s)",
-                        user,
-                        ret["user"]
-                    )
-                    raise AuthError(
-                        self.TOKEN_NOT_FOUND_HTTP_STATUS,
-                        "User mismatch in macaroon",
-                        errcode=Codes.UNKNOWN_TOKEN
-                    )
-            defer.returnValue(ret)
-        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
-            raise AuthError(
-                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Invalid macaroon passed.",
-                errcode=Codes.UNKNOWN_TOKEN
-            )
-
-    def validate_macaroon(self, macaroon, type_string, verify_expiry):
-        """
-        validate that a Macaroon is understood by and was signed by this server.
-
-        Args:
-            macaroon(pymacaroons.Macaroon): The macaroon to validate
-            type_string(str): The kind of token this is (e.g. "access", "refresh")
-            verify_expiry(bool): Whether to verify whether the macaroon has expired.
-                This should really always be True, but no clients currently implement
-                token refresh, so we can't enforce expiry yet.
-        """
-        v = pymacaroons.Verifier()
-        v.satisfy_exact("gen = 1")
-        v.satisfy_exact("type = " + type_string)
-        v.satisfy_general(lambda c: c.startswith("user_id = "))
-        v.satisfy_exact("guest = true")
-        if verify_expiry:
-            v.satisfy_general(self._verify_expiry)
-        else:
-            v.satisfy_general(lambda c: c.startswith("time < "))
-
-        v.verify(macaroon, self.hs.config.macaroon_secret_key)
-
-        v = pymacaroons.Verifier()
-        v.satisfy_general(self._verify_recognizes_caveats)
-        v.verify(macaroon, self.hs.config.macaroon_secret_key)
-
-    def _verify_expiry(self, caveat):
-        prefix = "time < "
-        if not caveat.startswith(prefix):
-            return False
-        expiry = int(caveat[len(prefix):])
-        now = self.hs.get_clock().time_msec()
-        return now < expiry
-
-    def _verify_recognizes_caveats(self, caveat):
-        first_space = caveat.find(" ")
-        if first_space < 0:
-            return False
-        second_space = caveat.find(" ", first_space + 1)
-        if second_space < 0:
-            return False
-        return caveat[:second_space + 1] in self._KNOWN_CAVEAT_PREFIXES
-
-    @defer.inlineCallbacks
-    def _look_up_user_by_access_token(self, token):
-        ret = yield self.store.get_user_by_access_token(token)
+        ret = yield self.store.get_user_by_token(token)
        if not ret:
            raise AuthError(
                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Unrecognised access token.",
                errcode=Codes.UNKNOWN_TOKEN
            )
        user_info = {
+            "admin": bool(ret.get("admin", False)),
+            "device_id": ret.get("device_id"),
            "user": UserID.from_string(ret.get("name")),
            "token_id": ret.get("token_id", None),
-            "is_guest": False,
        }
+
        defer.returnValue(user_info)

    @defer.inlineCallbacks
@@ -712,7 +415,6 @@ class Auth(object):
                    "Unrecognised access token.",
                    errcode=Codes.UNKNOWN_TOKEN
                )
-            request.authenticated_entity = service.sender
            defer.returnValue(service)
        except KeyError:
            raise AuthError(
@@ -773,16 +475,6 @@ class Auth(object):
            else:
                if member_event:
                    auth_ids.append(member_event.event_id)
-
-            if e_type == Membership.INVITE:
-                if "third_party_invite" in event.content:
-                    key = (
-                        EventTypes.ThirdPartyInvite,
-                        event.content["third_party_invite"]["token"]
-                    )
-                    third_party_invite = current_state.get(key)
-                    if third_party_invite:
-                        auth_ids.append(third_party_invite.event_id)
        elif member_event:
            if member_event.content["membership"] == Membership.JOIN:
                auth_ids.append(member_event.event_id)
@@ -824,54 +516,36 @@ class Auth(object):

        # Check state_key
        if hasattr(event, "state_key"):
-            if event.state_key.startswith("@"):
-                if event.state_key != event.user_id:
-                    raise AuthError(
-                        403,
-                        "You are not allowed to set others state"
-                    )
-                else:
-                    sender_domain = UserID.from_string(
-                        event.user_id
-                    ).domain
-
-                    if sender_domain != event.state_key:
+            if not event.state_key.startswith("_"):
+                if event.state_key.startswith("@"):
+                    if event.state_key != event.user_id:
                        raise AuthError(
                            403,
                            "You are not allowed to set others state"
                        )
+                    else:
+                        sender_domain = UserID.from_string(
+                            event.user_id
+                        ).domain
+
+                        if sender_domain != event.state_key:
+                            raise AuthError(
+                                403,
+                                "You are not allowed to set others state"
+                            )

        return True

-    def check_redaction(self, event, auth_events):
-        """Check whether the event sender is allowed to redact the target event.
-
-        Returns:
-            True if the the sender is allowed to redact the target event if the
-            target event was created by them.
-            False if the sender is allowed to redact the target event with no
-            further checks.
-
-        Raises:
-            AuthError if the event sender is definitely not allowed to redact
-            the target event.
-        """
+    def _check_redaction(self, event, auth_events):
        user_level = self._get_user_power_level(event.user_id, auth_events)

        redact_level = self._get_named_level(auth_events, "redact", 50)

-        if user_level >= redact_level:
-            return False
-
-        redacter_domain = EventID.from_string(event.event_id).domain
-        redactee_domain = EventID.from_string(event.redacts).domain
-        if redacter_domain == redactee_domain:
-            return True
-
-        raise AuthError(
-            403,
-            "You don't have permission to redact events"
-        )
+        if user_level < redact_level:
+            raise AuthError(
+                403,
+                "You don't have permission to redact events"
+            )

    def _check_power_levels(self, event, auth_events):
        user_list = event.content.get("users", {})
@@ -897,26 +571,25 @@ class Auth(object):

        # Check other levels:
        levels_to_check = [
-            ("users_default", None),
-            ("events_default", None),
-            ("state_default", None),
-            ("ban", None),
-            ("redact", None),
-            ("kick", None),
-            ("invite", None),
+            ("users_default", []),
+            ("events_default", []),
+            ("ban", []),
+            ("redact", []),
+            ("kick", []),
+            ("invite", []),
        ]

        old_list = current_state.content.get("users")
        for user in set(old_list.keys() + user_list.keys()):
            levels_to_check.append(
-                (user, "users")
+                (user, ["users"])
            )

        old_list = current_state.content.get("events")
        new_list = event.content.get("events")
        for ev_id in set(old_list.keys() + new_list.keys()):
            levels_to_check.append(
-                (ev_id, "events")
+                (ev_id, ["events"])
            )

        old_state = current_state.content
@@ -924,10 +597,12 @@ class Auth(object):

        for level_to_check, dir in levels_to_check:
            old_loc = old_state
+            for d in dir:
+                old_loc = old_loc.get(d, {})
+
            new_loc = new_state
-            if dir:
-                old_loc = old_loc.get(dir, {})
-                new_loc = new_loc.get(dir, {})
+            for d in dir:
+                new_loc = new_loc.get(d, {})

            if level_to_check in old_loc:
                old_level = int(old_loc[level_to_check])
@@ -943,14 +618,6 @@ class Auth(object):
                if new_level == old_level:
                    continue

-            if dir == "users" and level_to_check != event.user_id:
-                if old_level == user_level:
-                    raise AuthError(
-                        403,
-                        "You don't have permission to remove ops level equal "
-                        "to your own"
-                    )
-
            if old_level > user_level or new_level > user_level:
                raise AuthError(
                    403,
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -27,6 +27,16 @@ class Membership(object):
    LIST = (INVITE, JOIN, KNOCK, LEAVE, BAN)


+class Feedback(object):
+
+    """Represents the types of feedback a user can send in response to a
+    message."""
+
+    DELIVERED = u"delivered"
+    READ = u"read"
+    LIST = (DELIVERED, READ)
+
+
 class PresenceState(object):
    """Represents the presence state of a user."""
    OFFLINE = u"offline"
@@ -63,12 +73,7 @@ class EventTypes(object):
    PowerLevels = "m.room.power_levels"
    Aliases = "m.room.aliases"
    Redaction = "m.room.redaction"
-    ThirdPartyInvite = "m.room.third_party_invite"
-
-    RoomHistoryVisibility = "m.room.history_visibility"
-    CanonicalAlias = "m.room.canonical_alias"
-    RoomAvatar = "m.room.avatar"
-    GuestAccess = "m.room.guest_access"
+    Feedback = "m.room.message.feedback"

    # These are used for validation
    Message = "m.room.message"
@@ -80,9 +85,3 @@ class RejectedReason(object):
    AUTH_ERROR = "auth_error"
    REPLACED = "replaced"
    NOT_ANCESTOR = "not_ancestor"
-
-
-class RoomCreationPreset(object):
-    PRIVATE_CHAT = "private_chat"
-    PUBLIC_CHAT = "public_chat"
-    TRUSTED_PRIVATE_CHAT = "trusted_private_chat"
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -33,7 +33,6 @@ class Codes(object):
    NOT_FOUND = "M_NOT_FOUND"
    MISSING_TOKEN = "M_MISSING_TOKEN"
    UNKNOWN_TOKEN = "M_UNKNOWN_TOKEN"
-    GUEST_ACCESS_FORBIDDEN = "M_GUEST_ACCESS_FORBIDDEN"
    LIMIT_EXCEEDED = "M_LIMIT_EXCEEDED"
    CAPTCHA_NEEDED = "M_CAPTCHA_NEEDED"
    CAPTCHA_INVALID = "M_CAPTCHA_INVALID"
@@ -41,13 +40,13 @@ class Codes(object):
    TOO_LARGE = "M_TOO_LARGE"
    EXCLUSIVE = "M_EXCLUSIVE"
    THREEPID_AUTH_FAILED = "M_THREEPID_AUTH_FAILED"
-    THREEPID_IN_USE = "THREEPID_IN_USE"


 class CodeMessageException(RuntimeError):
    """An exception with integer code and message string attributes."""

    def __init__(self, code, msg):
+        logger.info("%s: %s, %s", type(self).__name__, code, msg)
        super(CodeMessageException, self).__init__("%d: %s" % (code, msg))
        self.code = code
        self.msg = msg
@@ -77,6 +76,11 @@ class SynapseError(CodeMessageException):
        )


+class RoomError(SynapseError):
+    """An error raised when a room event fails."""
+    pass
+
+
 class RegistrationError(SynapseError):
    """An error raised when a registration event fails."""
    pass
@@ -120,15 +124,6 @@ class AuthError(SynapseError):
        super(AuthError, self).__init__(*args, **kwargs)


-class EventSizeError(SynapseError):
-    """An error raised when an event is too big."""
-
-    def __init__(self, *args, **kwargs):
-        if "errcode" not in kwargs:
-            kwargs["errcode"] = Codes.TOO_LARGE
-        super(EventSizeError, self).__init__(413, *args, **kwargs)
-
-
 class EventStreamError(SynapseError):
    """An error raised when there a problem with the event stream."""
    def __init__(self, *args, **kwargs):
--- a/synapse/api/filtering.py
+++ b/synapse/api/filtering.py
@@ -24,7 +24,7 @@ class Filtering(object):

    def get_user_filter(self, user_localpart, filter_id):
        result = self.store.get_user_filter(user_localpart, filter_id)
-        result.addCallback(FilterCollection)
+        result.addCallback(Filter)
        return result

    def add_user_filter(self, user_localpart, user_filter):
@@ -50,11 +50,11 @@ class Filtering(object):
        # many definitions.

        top_level_definitions = [
-            "presence", "account_data"
+            "public_user_data", "private_user_data", "server_data"
        ]

        room_level_definitions = [
-            "state", "timeline", "ephemeral", "account_data"
+            "state", "events", "ephemeral"
        ]

        for key in top_level_definitions:
@@ -114,145 +114,116 @@ class Filtering(object):
                    if not isinstance(event_type, basestring):
                        raise SynapseError(400, "Event type should be a string")

+        if "format" in definition:
+            event_format = definition["format"]
+            if event_format not in ["federation", "events"]:
+                raise SynapseError(400, "Invalid format: %s" % (event_format,))

-class FilterCollection(object):
-    def __init__(self, filter_json):
-        self.filter_json = filter_json
+        if "select" in definition:
+            event_select_list = definition["select"]
+            for select_key in event_select_list:
+                if select_key not in ["event_id", "origin_server_ts",
+                                      "thread_id", "content", "content.body"]:
+                    raise SynapseError(400, "Bad select: %s" % (select_key,))

-        self.room_timeline_filter = Filter(
-            self.filter_json.get("room", {}).get("timeline", {})
-        )
-
-        self.room_state_filter = Filter(
-            self.filter_json.get("room", {}).get("state", {})
-        )
-
-        self.room_ephemeral_filter = Filter(
-            self.filter_json.get("room", {}).get("ephemeral", {})
-        )
-
-        self.room_account_data = Filter(
-            self.filter_json.get("room", {}).get("account_data", {})
-        )
-
-        self.presence_filter = Filter(
-            self.filter_json.get("presence", {})
-        )
-
-        self.account_data = Filter(
-            self.filter_json.get("account_data", {})
-        )
-
-        self.include_leave = self.filter_json.get("room", {}).get(
-            "include_leave", False
-        )
-
-    def timeline_limit(self):
-        return self.room_timeline_filter.limit()
-
-    def presence_limit(self):
-        return self.presence_filter.limit()
-
-    def ephemeral_limit(self):
-        return self.room_ephemeral_filter.limit()
-
-    def filter_presence(self, events):
-        return self.presence_filter.filter(events)
-
-    def filter_account_data(self, events):
-        return self.account_data.filter(events)
-
-    def filter_room_state(self, events):
-        return self.room_state_filter.filter(events)
-
-    def filter_room_timeline(self, events):
-        return self.room_timeline_filter.filter(events)
-
-    def filter_room_ephemeral(self, events):
-        return self.room_ephemeral_filter.filter(events)
-
-    def filter_room_account_data(self, events):
-        return self.room_account_data.filter(events)
+        if ("bundle_updates" in definition and
+                type(definition["bundle_updates"]) != bool):
+            raise SynapseError(400, "Bad bundle_updates: expected bool.")


 class Filter(object):
    def __init__(self, filter_json):
        self.filter_json = filter_json

-    def check(self, event):
-        """Checks whether the filter matches the given event.
+    def filter_public_user_data(self, events):
+        return self._filter_on_key(events, ["public_user_data"])

+    def filter_private_user_data(self, events):
+        return self._filter_on_key(events, ["private_user_data"])
+
+    def filter_room_state(self, events):
+        return self._filter_on_key(events, ["room", "state"])
+
+    def filter_room_events(self, events):
+        return self._filter_on_key(events, ["room", "events"])
+
+    def filter_room_ephemeral(self, events):
+        return self._filter_on_key(events, ["room", "ephemeral"])
+
+    def _filter_on_key(self, events, keys):
+        filter_json = self.filter_json
+        if not filter_json:
+            return events
+
+        try:
+            # extract the right definition from the filter
+            definition = filter_json
+            for key in keys:
+                definition = definition[key]
+            return self._filter_with_definition(events, definition)
+        except KeyError:
+            # return all events if definition isn't specified.
+            return events
+
+    def _filter_with_definition(self, events, definition):
+        return [e for e in events if self._passes_definition(definition, e)]
+
+    def _passes_definition(self, definition, event):
+        """Check if the event passes through the given definition.
+
+        Args:
+            definition(dict): The definition to check against.
+            event(Event): The event to check.
        Returns:
-            bool: True if the event matches
+            True if the event passes through the filter.
        """
-        if isinstance(event, dict):
-            return self.check_fields(
-                event.get("room_id", None),
-                event.get("sender", None),
-                event.get("type", None),
-            )
-        else:
-            return self.check_fields(
-                getattr(event, "room_id", None),
-                getattr(event, "sender", None),
-                event.type,
-            )
+        # Algorithm notes:
+        # For each key in the definition, check the event meets the criteria:
+        #   * For types: Literal match or prefix match (if ends with wildcard)
+        #   * For senders/rooms: Literal match only
+        #   * "not_" checks take presedence (e.g. if "m.*" is in both 'types'
+        #     and 'not_types' then it is treated as only being in 'not_types')

-    def check_fields(self, room_id, sender, event_type):
-        """Checks whether the filter matches the given event fields.
-
-        Returns:
-            bool: True if the event fields match
-        """
-        literal_keys = {
-            "rooms": lambda v: room_id == v,
-            "senders": lambda v: sender == v,
-            "types": lambda v: _matches_wildcard(event_type, v)
-        }
-
-        for name, match_func in literal_keys.items():
-            not_name = "not_%s" % (name,)
-            disallowed_values = self.filter_json.get(not_name, [])
-            if any(map(match_func, disallowed_values)):
+        # room checks
+        if hasattr(event, "room_id"):
+            room_id = event.room_id
+            allow_rooms = definition.get("rooms", None)
+            reject_rooms = definition.get("not_rooms", None)
+            if reject_rooms and room_id in reject_rooms:
+                return False
+            if allow_rooms and room_id not in allow_rooms:
                return False

-            allowed_values = self.filter_json.get(name, None)
-            if allowed_values is not None:
-                if not any(map(match_func, allowed_values)):
+        # sender checks
+        if hasattr(event, "sender"):
+            # Should we be including event.state_key for some event types?
+            sender = event.sender
+            allow_senders = definition.get("senders", None)
+            reject_senders = definition.get("not_senders", None)
+            if reject_senders and sender in reject_senders:
+                return False
+            if allow_senders and sender not in allow_senders:
+                return False
+
+        # type checks
+        if "not_types" in definition:
+            for def_type in definition["not_types"]:
+                if self._event_matches_type(event, def_type):
                    return False
+        if "types" in definition:
+            included = False
+            for def_type in definition["types"]:
+                if self._event_matches_type(event, def_type):
+                    included = True
+                    break
+            if not included:
+                return False

        return True

-    def filter_rooms(self, room_ids):
-        """Apply the 'rooms' filter to a given list of rooms.
-
-        Args:
-            room_ids (list): A list of room_ids.
-
-        Returns:
-            list: A list of room_ids that match the filter
-        """
-        room_ids = set(room_ids)
-
-        disallowed_rooms = set(self.filter_json.get("not_rooms", []))
-        room_ids -= disallowed_rooms
-
-        allowed_rooms = self.filter_json.get("rooms", None)
-        if allowed_rooms is not None:
-            room_ids &= set(allowed_rooms)
-
-        return room_ids
-
-    def filter(self, events):
-        return filter(self.check, events)
-
-    def limit(self):
-        return self.filter_json.get("limit", 10)
-
-
-def _matches_wildcard(actual_value, filter_value):
-    if filter_value.endswith("*"):
-        type_prefix = filter_value[:-1]
-        return actual_value.startswith(type_prefix)
-    else:
-        return actual_value == filter_value
+    def _event_matches_type(self, event, def_type):
+        if def_type.endswith("*"):
+            type_prefix = def_type[:-1]
+            return event.type.startswith(type_prefix)
+        else:
+            return event.type == def_type
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -15,39 +15,27 @@
 # limitations under the License.

 import sys
-from synapse.rest import ClientRestResource
-
 sys.dont_write_bytecode = True
-from synapse.python_dependencies import (
-    check_requirements, DEPENDENCY_LINKS, MissingRequirementError
-)
+from synapse.python_dependencies import check_requirements

 if __name__ == '__main__':
-    try:
-        check_requirements()
-    except MissingRequirementError as e:
-        message = "\n".join([
-            "Missing Requirement: %s" % (e.message,),
-            "To install run:",
-            "    pip install --upgrade --force \"%s\"" % (e.dependency,),
-            "",
-        ])
-        sys.stderr.writelines(message)
-        sys.exit(1)
+    check_requirements()

 from synapse.storage.engines import create_engine, IncorrectDatabaseSetup
-from synapse.storage import are_all_users_on_domain
-from synapse.storage.prepare_database import UpgradeDatabaseException
+from synapse.storage import (
+    are_all_users_on_domain, UpgradeDatabaseException,
+)

 from synapse.server import HomeServer


-from twisted.internet import reactor, task, defer
+from twisted.internet import reactor
 from twisted.application import service
 from twisted.enterprise import adbapi
 from twisted.web.resource import Resource, EncodingResourceWrapper
 from twisted.web.static import File
 from twisted.web.server import Site, GzipEncoderFactory, Request
+from twisted.web.http import proxiedLogFormatter, combinedLogFormatter
 from synapse.http.server import JsonResource, RootRedirect
 from synapse.rest.media.v0.content_repository import ContentRepoResource
 from synapse.rest.media.v1.media_repository import MediaRepositoryResource
@@ -55,13 +43,15 @@ from synapse.rest.key.v1.server_key_resource import LocalKey
 from synapse.rest.key.v2 import KeyApiV2Resource
 from synapse.http.matrixfederationclient import MatrixFederationHttpClient
 from synapse.api.urls import (
-    FEDERATION_PREFIX, WEB_CLIENT_PREFIX, CONTENT_REPO_PREFIX,
-    SERVER_KEY_PREFIX, MEDIA_PREFIX, STATIC_PREFIX,
+    CLIENT_PREFIX, FEDERATION_PREFIX, WEB_CLIENT_PREFIX, CONTENT_REPO_PREFIX,
+    SERVER_KEY_PREFIX, MEDIA_PREFIX, CLIENT_V2_ALPHA_PREFIX, STATIC_PREFIX,
    SERVER_KEY_V2_PREFIX,
 )
 from synapse.config.homeserver import HomeServerConfig
 from synapse.crypto import context_factory
 from synapse.util.logcontext import LoggingContext
+from synapse.rest.client.v1 import ClientV1RestResource
+from synapse.rest.client.v2_alpha import ClientV2AlphaRestResource
 from synapse.metrics.resource import MetricsResource, METRICS_PREFIX

 from synapse import events
@@ -71,18 +61,21 @@ import twisted.manhole.telnet

 import synapse

-import contextlib
 import logging
 import os
-import re
 import resource
 import subprocess
-import time


 logger = logging.getLogger("synapse.app.homeserver")


+class GzipFile(File):
+    def getChild(self, path, request):
+        child = File.getChild(self, path, request)
+        return EncodingResourceWrapper(child, [GzipEncoderFactory()])
+
+
 def gz_wrap(r):
    return EncodingResourceWrapper(r, [GzipEncoderFactory()])

@@ -92,50 +85,34 @@ class SynapseHomeServer(HomeServer):
    def build_http_client(self):
        return MatrixFederationHttpClient(self)

-    def build_client_resource(self):
-        return ClientRestResource(self)
+    def build_resource_for_client(self):
+        return ClientV1RestResource(self)
+
+    def build_resource_for_client_v2_alpha(self):
+        return ClientV2AlphaRestResource(self)

    def build_resource_for_federation(self):
        return JsonResource(self)

    def build_resource_for_web_client(self):
-        webclient_path = self.get_config().web_client_location
-        if not webclient_path:
-            try:
-                import syweb
-            except ImportError:
-                quit_with_error(
-                    "Could not find a webclient.\n\n"
-                    "Please either install the matrix-angular-sdk or configure\n"
-                    "the location of the source to serve via the configuration\n"
-                    "option `web_client_location`\n\n"
-                    "To install the `matrix-angular-sdk` via pip, run:\n\n"
-                    "    pip install '%(dep)s'\n"
-                    "\n"
-                    "You can also disable hosting of the webclient via the\n"
-                    "configuration option `web_client`\n"
-                    % {"dep": DEPENDENCY_LINKS["matrix-angular-sdk"]}
-                )
-            syweb_path = os.path.dirname(syweb.__file__)
-            webclient_path = os.path.join(syweb_path, "webclient")
+        import syweb
+        syweb_path = os.path.dirname(syweb.__file__)
+        webclient_path = os.path.join(syweb_path, "webclient")
        # GZip is disabled here due to
        # https://twistedmatrix.com/trac/ticket/7678
        # (It can stay enabled for the API resources: they call
        # write() with the whole body and then finish() straight
        # after and so do not trigger the bug.
-        # GzipFile was removed in commit 184ba09
        # return GzipFile(webclient_path)  # TODO configurable?
        return File(webclient_path)  # TODO configurable?

    def build_resource_for_static_content(self):
        # This is old and should go away: not going to bother adding gzip
-        return File(
-            os.path.join(os.path.dirname(synapse.__file__), "static")
-        )
+        return File("static")

    def build_resource_for_content_repo(self):
        return ContentRepoResource(
-            self, self.config.uploads_path, self.auth, self.content_addr
+            self, self.upload_dir, self.auth, self.content_addr
        )

    def build_resource_for_media_repository(self):
@@ -165,7 +142,6 @@ class SynapseHomeServer(HomeServer):
        port = listener_config["port"]
        bind_address = listener_config.get("bind_address", "")
        tls = listener_config.get("tls", False)
-        site_tag = listener_config.get("tag", port)

        if tls and config.no_tls:
            return
@@ -176,15 +152,16 @@ class SynapseHomeServer(HomeServer):
        for res in listener_config["resources"]:
            for name in res["names"]:
                if name == "client":
-                    client_resource = self.get_client_resource()
                    if res["compress"]:
-                        client_resource = gz_wrap(client_resource)
+                        client_v1 = gz_wrap(self.get_resource_for_client())
+                        client_v2 = gz_wrap(self.get_resource_for_client_v2_alpha())
+                    else:
+                        client_v1 = self.get_resource_for_client()
+                        client_v2 = self.get_resource_for_client_v2_alpha()

                    resources.update({
-                        "/_matrix/client/api/v1": client_resource,
-                        "/_matrix/client/r0": client_resource,
-                        "/_matrix/client/unstable": client_resource,
-                        "/_matrix/client/v2_alpha": client_resource,
+                        CLIENT_PREFIX: client_v1,
+                        CLIENT_V2_ALPHA_PREFIX: client_v2,
                    })

                if name == "federation":
@@ -220,20 +197,18 @@ class SynapseHomeServer(HomeServer):
            reactor.listenSSL(
                port,
                SynapseSite(
-                    "synapse.access.https.%s" % (site_tag,),
-                    site_tag,
+                    "synapse.access.https",
                    listener_config,
                    root_resource,
                ),
-                self.tls_server_context_factory,
+                self.tls_context_factory,
                interface=bind_address
            )
        else:
            reactor.listenTCP(
                port,
                SynapseSite(
-                    "synapse.access.http.%s" % (site_tag,),
-                    site_tag,
+                    "synapse.access.https",
                    listener_config,
                    root_resource,
                ),
@@ -279,10 +254,11 @@ class SynapseHomeServer(HomeServer):

 def quit_with_error(error_string):
    message_lines = error_string.split("\n")
-    line_length = max([len(l) for l in message_lines if len(l) < 80]) + 2
+    line_length = max([len(l) for l in message_lines]) + 2
    sys.stderr.write("*" * line_length + '\n')
    for line in message_lines:
-        sys.stderr.write(" %s\n" % (line.rstrip(),))
+        if line.strip():
+            sys.stderr.write(" %s\n" % (line.strip(),))
    sys.stderr.write("*" * line_length + '\n')
    sys.exit(1)

@@ -345,7 +321,7 @@ def get_version_string():
                )
            ).encode("ascii")
    except Exception as e:
-        logger.info("Failed to check for git repository: %s", e)
+        logger.warn("Failed to check for git repository: %s", e)

    return ("Synapse/%s" % (synapse.__version__,)).encode("ascii")

@@ -369,6 +345,7 @@ def setup(config_options):
    Args:
        config_options_options: The options passed to Synapse. Usually
            `sys.argv[1:]`.
+        should_run (bool): Whether to start the reactor.

    Returns:
        HomeServer
@@ -391,22 +368,23 @@ def setup(config_options):

    events.USE_FROZEN_DICTS = config.use_frozen_dicts

-    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_context_factory = context_factory.ServerContextFactory(config)

    database_engine = create_engine(config.database_config["name"])
    config.database_config["args"]["cp_openfun"] = database_engine.on_new_connection

    hs = SynapseHomeServer(
        config.server_name,
+        upload_dir=os.path.abspath("uploads"),
        db_config=config.database_config,
-        tls_server_context_factory=tls_server_context_factory,
+        tls_context_factory=tls_context_factory,
        config=config,
        content_addr=config.content_addr,
        version_string=version_string,
        database_engine=database_engine,
    )

-    logger.info("Preparing database: %s...", config.database_config['name'])
+    logger.info("Preparing database: %r...", config.database_config)

    try:
        db_conn = database_engine.module.connect(
@@ -428,14 +406,13 @@ def setup(config_options):
        )
        sys.exit(1)

-    logger.info("Database prepared in %s.", config.database_config['name'])
+    logger.info("Database prepared in %r.", config.database_config)

    hs.start_listening()

    hs.get_pusherpool().start()
    hs.get_state_handler().start_caching()
    hs.get_datastore().start_profiling()
-    hs.get_datastore().start_doing_background_updates()
    hs.get_replication_layer().start_get_pdu_cache()

    return hs
@@ -456,85 +433,9 @@ class SynapseService(service.Service):
        return self._port.stopListening()


-class SynapseRequest(Request):
-    def __init__(self, site, *args, **kw):
-        Request.__init__(self, *args, **kw)
-        self.site = site
-        self.authenticated_entity = None
-        self.start_time = 0
-
-    def __repr__(self):
-        # We overwrite this so that we don't log ``access_token``
-        return '<%s at 0x%x method=%s uri=%s clientproto=%s site=%s>' % (
-            self.__class__.__name__,
-            id(self),
-            self.method,
-            self.get_redacted_uri(),
-            self.clientproto,
-            self.site.site_tag,
-        )
-
-    def get_redacted_uri(self):
-        return re.sub(
-            r'(\?.*access_token=)[^&]*(.*)$',
-            r'\1<redacted>\2',
-            self.uri
-        )
-
-    def get_user_agent(self):
-        return self.requestHeaders.getRawHeaders("User-Agent", [None])[-1]
-
-    def started_processing(self):
-        self.site.access_logger.info(
-            "%s - %s - Received request: %s %s",
-            self.getClientIP(),
-            self.site.site_tag,
-            self.method,
-            self.get_redacted_uri()
-        )
-        self.start_time = int(time.time() * 1000)
-
-    def finished_processing(self):
-
-        try:
-            context = LoggingContext.current_context()
-            ru_utime, ru_stime = context.get_resource_usage()
-            db_txn_count = context.db_txn_count
-            db_txn_duration = context.db_txn_duration
-        except:
-            ru_utime, ru_stime = (0, 0)
-            db_txn_count, db_txn_duration = (0, 0)
-
-        self.site.access_logger.info(
-            "%s - %s - {%s}"
-            " Processed request: %dms (%dms, %dms) (%dms/%d)"
-            " %sB %s \"%s %s %s\" \"%s\"",
-            self.getClientIP(),
-            self.site.site_tag,
-            self.authenticated_entity,
-            int(time.time() * 1000) - self.start_time,
-            int(ru_utime * 1000),
-            int(ru_stime * 1000),
-            int(db_txn_duration * 1000),
-            int(db_txn_count),
-            self.sentLength,
-            self.code,
-            self.method,
-            self.get_redacted_uri(),
-            self.clientproto,
-            self.get_user_agent(),
-        )
-
-    @contextlib.contextmanager
-    def processing(self):
-        self.started_processing()
-        yield
-        self.finished_processing()
-
-
-class XForwardedForRequest(SynapseRequest):
+class XForwardedForRequest(Request):
    def __init__(self, *args, **kw):
-        SynapseRequest.__init__(self, *args, **kw)
+        Request.__init__(self, *args, **kw)

    """
    Add a layer on top of another request that only uses the value of an
@@ -550,16 +451,8 @@ class XForwardedForRequest(SynapseRequest):
            b"x-forwarded-for", [b"-"])[0].split(b",")[0].strip()


-class SynapseRequestFactory(object):
-    def __init__(self, site, x_forwarded_for):
-        self.site = site
-        self.x_forwarded_for = x_forwarded_for
-
-    def __call__(self, *args, **kwargs):
-        if self.x_forwarded_for:
-            return XForwardedForRequest(self.site, *args, **kwargs)
-        else:
-            return SynapseRequest(self.site, *args, **kwargs)
+def XForwardedFactory(*args, **kwargs):
+    return XForwardedForRequest(*args, **kwargs)


 class SynapseSite(Site):
@@ -567,17 +460,18 @@ class SynapseSite(Site):
    Subclass of a twisted http Site that does access logging with python's
    standard logging
    """
-    def __init__(self, logger_name, site_tag, config, resource, *args, **kwargs):
+    def __init__(self, logger_name, config, resource, *args, **kwargs):
        Site.__init__(self, resource, *args, **kwargs)
-
-        self.site_tag = site_tag
-
-        proxied = config.get("x_forwarded", False)
-        self.requestFactory = SynapseRequestFactory(self, proxied)
+        if config.get("x_forwarded", False):
+            self.requestFactory = XForwardedFactory
+            self._log_formatter = proxiedLogFormatter
+        else:
+            self._log_formatter = combinedLogFormatter
        self.access_logger = logging.getLogger(logger_name)

    def log(self, request):
-        pass
+        line = self._log_formatter(self._logDateTime, request)
+        self.access_logger.info(line)


 def create_resource_tree(desired_tree, redirect_root_to_web_client=True):
@@ -684,42 +578,6 @@ def run(hs):
        ThreadPool._worker = profile(ThreadPool._worker)
        reactor.run = profile(reactor.run)

-    start_time = hs.get_clock().time()
-
-    @defer.inlineCallbacks
-    def phone_stats_home():
-        now = int(hs.get_clock().time())
-        uptime = int(now - start_time)
-        if uptime < 0:
-            uptime = 0
-
-        stats = {}
-        stats["homeserver"] = hs.config.server_name
-        stats["timestamp"] = now
-        stats["uptime_seconds"] = uptime
-        stats["total_users"] = yield hs.get_datastore().count_all_users()
-
-        all_rooms = yield hs.get_datastore().get_rooms(False)
-        stats["total_room_count"] = len(all_rooms)
-
-        stats["daily_active_users"] = yield hs.get_datastore().count_daily_users()
-        daily_messages = yield hs.get_datastore().count_daily_messages()
-        if daily_messages is not None:
-            stats["daily_messages"] = daily_messages
-
-        logger.info("Reporting stats to matrix.org: %s" % (stats,))
-        try:
-            yield hs.get_simple_http_client().put_json(
-                "https://matrix.org/report-usage-stats/push",
-                stats
-            )
-        except Exception as e:
-            logger.warn("Error reporting stats: %s", e)
-
-    if hs.config.report_stats:
-        phone_home_task = task.LoopingCall(phone_stats_home)
-        phone_home_task.start(60 * 60 * 24, now=False)
-
    def in_thread():
        with LoggingContext("run"):
            change_resource_limit(hs.config.soft_file_limit)
@@ -727,8 +585,7 @@ def run(hs):

    if hs.config.daemonize:

-        if hs.config.print_pidfile:
-            print hs.config.pid_file
+        print hs.config.pid_file

        daemon = Daemonize(
            app="synapse-homeserver",
--- a/synapse/app/synctl.py
+++ b/synapse/app/synctl.py
@@ -16,67 +16,57 @@

 import sys
 import os
-import os.path
 import subprocess
 import signal
 import yaml

 SYNAPSE = ["python", "-B", "-m", "synapse.app.homeserver"]

+CONFIGFILE = "homeserver.yaml"
+
 GREEN = "\x1b[1;32m"
-RED = "\x1b[1;31m"
 NORMAL = "\x1b[m"

+if not os.path.exists(CONFIGFILE):
+    sys.stderr.write(
+        "No config file found\n"
+        "To generate a config file, run '%s -c %s --generate-config"
+        " --server-name=<server name>'\n" % (
+            " ".join(SYNAPSE), CONFIGFILE
+        )
+    )
+    sys.exit(1)

-def start(configfile):
+CONFIG = yaml.load(open(CONFIGFILE))
+PIDFILE = CONFIG["pid_file"]
+
+
+def start():
    print "Starting ...",
    args = SYNAPSE
-    args.extend(["--daemonize", "-c", configfile])
-
-    try:
-        subprocess.check_call(args)
-        print GREEN + "started" + NORMAL
-    except subprocess.CalledProcessError as e:
-        print (
-            RED +
-            "error starting (exit code: %d); see above for logs" % e.returncode +
-            NORMAL
-        )
+    args.extend(["--daemonize", "-c", CONFIGFILE])
+    subprocess.check_call(args)
+    print GREEN + "started" + NORMAL


-def stop(pidfile):
-    if os.path.exists(pidfile):
-        pid = int(open(pidfile).read())
+def stop():
+    if os.path.exists(PIDFILE):
+        pid = int(open(PIDFILE).read())
        os.kill(pid, signal.SIGTERM)
        print GREEN + "stopped" + NORMAL


 def main():
-    configfile = sys.argv[2] if len(sys.argv) == 3 else "homeserver.yaml"
-
-    if not os.path.exists(configfile):
-        sys.stderr.write(
-            "No config file found\n"
-            "To generate a config file, run '%s -c %s --generate-config"
-            " --server-name=<server name>'\n" % (
-                " ".join(SYNAPSE), configfile
-            )
-        )
-        sys.exit(1)
-
-    config = yaml.load(open(configfile))
-    pidfile = config["pid_file"]
-
    action = sys.argv[1] if sys.argv[1:] else "usage"
    if action == "start":
-        start(configfile)
+        start()
    elif action == "stop":
-        stop(pidfile)
+        stop()
    elif action == "restart":
-        stop(pidfile)
-        start(configfile)
+        stop()
+        start()
    else:
-        sys.stderr.write("Usage: %s [start|stop|restart] [configfile]\n" % (sys.argv[0],))
+        sys.stderr.write("Usage: %s [start|stop|restart]\n" % (sys.argv[0],))
        sys.exit(1)


--- a/synapse/appservice/scheduler.py
+++ b/synapse/appservice/scheduler.py
@@ -224,8 +224,8 @@ class _Recoverer(object):
        self.clock.call_later((2 ** self.backoff_counter), self.retry)

    def _backoff(self):
-        # cap the backoff to be around 8.5min => (2^9) = 512 secs
-        if self.backoff_counter < 9:
+        # cap the backoff to be around 18h => (2^16) = 65536 secs
+        if self.backoff_counter < 16:
            self.backoff_counter += 1
        self.recover()

--- a/synapse/config/main.py
+++ b/synapse/config/main.py
@@ -1,30 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if __name__ == "__main__":
-    import sys
-    from homeserver import HomeServerConfig
-
-    action = sys.argv[1]
-
-    if action == "read":
-        key = sys.argv[2]
-        config = HomeServerConfig.load_config("", sys.argv[3:])
-
-        print getattr(config, key)
-        sys.exit(0)
-    else:
-        sys.stderr.write("Unknown command %r\n" % (action,))
-        sys.exit(1)
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@@ -14,7 +14,6 @@
 # limitations under the License.

 import argparse
-import errno
 import os
 import yaml
 import sys
@@ -25,29 +24,8 @@ class ConfigError(Exception):
    pass


-# We split these messages out to allow packages to override with package
-# specific instructions.
-MISSING_REPORT_STATS_CONFIG_INSTRUCTIONS = """\
-Please opt in or out of reporting anonymized homeserver usage statistics, by
-setting the `report_stats` key in your config file to either True or False.
-"""
-
-MISSING_REPORT_STATS_SPIEL = """\
-We would really appreciate it if you could help our project out by reporting
-anonymized usage statistics from your homeserver. Only very basic aggregate
-data (e.g. number of users) will be reported, but it helps us to track the
-growth of the Matrix community, and helps us to make Matrix a success, as well
-as to convince other networks that they should peer with us.
-
-Thank you.
-"""
-
-MISSING_SERVER_NAME = """\
-Missing mandatory `server_name` config option.
-"""
-
-
 class Config(object):
+
    @staticmethod
    def parse_size(value):
        if isinstance(value, int) or isinstance(value, long):
@@ -103,11 +81,8 @@ class Config(object):
    @classmethod
    def ensure_directory(cls, dir_path):
        dir_path = cls.abspath(dir_path)
-        try:
+        if not os.path.exists(dir_path):
            os.makedirs(dir_path)
-        except OSError, e:
-            if e.errno != errno.EEXIST:
-                raise
        if not os.path.isdir(dir_path):
            raise ConfigError(
                "%s is not a directory" % (dir_path,)
@@ -136,14 +111,11 @@ class Config(object):
                results.append(getattr(cls, name)(self, *args, **kargs))
        return results

-    def generate_config(self, config_dir_path, server_name, report_stats=None):
+    def generate_config(self, config_dir_path, server_name):
        default_config = "# vim:ft=yaml\n"

        default_config += "\n\n".join(dedent(conf) for conf in self.invoke_all(
-            "default_config",
-            config_dir_path=config_dir_path,
-            server_name=server_name,
-            report_stats=report_stats,
+            "default_config", config_dir_path, server_name
        ))

        config = yaml.load(default_config)
@@ -159,120 +131,71 @@ class Config(object):
            "-c", "--config-path",
            action="append",
            metavar="CONFIG_FILE",
-            help="Specify config file. Can be given multiple times and"
-                 " may specify directories containing *.yaml files."
+            help="Specify config file"
        )
        config_parser.add_argument(
            "--generate-config",
            action="store_true",
            help="Generate a config file for the server name"
        )
-        config_parser.add_argument(
-            "--report-stats",
-            action="store",
-            help="Stuff",
-            choices=["yes", "no"]
-        )
-        config_parser.add_argument(
-            "--generate-keys",
-            action="store_true",
-            help="Generate any missing key files then exit"
-        )
-        config_parser.add_argument(
-            "--keys-directory",
-            metavar="DIRECTORY",
-            help="Used with 'generate-*' options to specify where files such as"
-                 " certs and signing keys should be stored in, unless explicitly"
-                 " specified in the config."
-        )
        config_parser.add_argument(
            "-H", "--server-name",
            help="The server name to generate a config file for"
        )
        config_args, remaining_args = config_parser.parse_known_args(argv)

-        generate_keys = config_args.generate_keys
-
-        config_files = []
-        if config_args.config_path:
-            for config_path in config_args.config_path:
-                if os.path.isdir(config_path):
-                    # We accept specifying directories as config paths, we search
-                    # inside that directory for all files matching *.yaml, and then
-                    # we apply them in *sorted* order.
-                    files = []
-                    for entry in os.listdir(config_path):
-                        entry_path = os.path.join(config_path, entry)
-                        if not os.path.isfile(entry_path):
-                            print (
-                                "Found subdirectory in config directory: %r. IGNORING."
-                            ) % (entry_path, )
-                            continue
-
-                        if not entry.endswith(".yaml"):
-                            print (
-                                "Found file in config directory that does not"
-                                " end in '.yaml': %r. IGNORING."
-                            ) % (entry_path, )
-                            continue
-
-                        files.append(entry_path)
-
-                    config_files.extend(sorted(files))
-                else:
-                    config_files.append(config_path)
-
        if config_args.generate_config:
-            if config_args.report_stats is None:
-                config_parser.error(
-                    "Please specify either --report-stats=yes or --report-stats=no\n\n" +
-                    MISSING_REPORT_STATS_SPIEL
-                )
-            if not config_files:
+            if not config_args.config_path:
                config_parser.error(
                    "Must supply a config file.\nA config file can be automatically"
                    " generated using \"--generate-config -H SERVER_NAME"
                    " -c CONFIG-FILE\""
                )
-            (config_path,) = config_files
-            if not os.path.exists(config_path):
-                if config_args.keys_directory:
-                    config_dir_path = config_args.keys_directory
-                else:
-                    config_dir_path = os.path.dirname(config_path)
-                config_dir_path = os.path.abspath(config_dir_path)

-                server_name = config_args.server_name
-                if not server_name:
-                    print "Must specify a server_name to a generate config for."
-                    sys.exit(1)
-                if not os.path.exists(config_dir_path):
-                    os.makedirs(config_dir_path)
-                with open(config_path, "wb") as config_file:
-                    config_bytes, config = obj.generate_config(
-                        config_dir_path=config_dir_path,
-                        server_name=server_name,
-                        report_stats=(config_args.report_stats == "yes"),
+            config_dir_path = os.path.dirname(config_args.config_path[0])
+            config_dir_path = os.path.abspath(config_dir_path)
+
+            server_name = config_args.server_name
+            if not server_name:
+                print "Must specify a server_name to a generate config for."
+                sys.exit(1)
+            (config_path,) = config_args.config_path
+            if not os.path.exists(config_dir_path):
+                os.makedirs(config_dir_path)
+            if os.path.exists(config_path):
+                print "Config file %r already exists" % (config_path,)
+                yaml_config = cls.read_config_file(config_path)
+                yaml_name = yaml_config["server_name"]
+                if server_name != yaml_name:
+                    print (
+                        "Config file %r has a different server_name: "
+                        " %r != %r" % (config_path, server_name, yaml_name)
                    )
-                    obj.invoke_all("generate_files", config)
-                    config_file.write(config_bytes)
-                print (
-                    "A config file has been generated in %r for server name"
-                    " %r with corresponding SSL keys and self-signed"
-                    " certificates. Please review this file and customise it"
-                    " to your needs."
-                ) % (config_path, server_name)
-                print (
-                    "If this server name is incorrect, you will need to"
-                    " regenerate the SSL certificates"
+                    sys.exit(1)
+                config_bytes, config = obj.generate_config(
+                    config_dir_path, server_name
                )
+                config.update(yaml_config)
+                print "Generating any missing keys for %r" % (server_name,)
+                obj.invoke_all("generate_files", config)
                sys.exit(0)
-            else:
+            with open(config_path, "wb") as config_file:
+                config_bytes, config = obj.generate_config(
+                    config_dir_path, server_name
+                )
+                obj.invoke_all("generate_files", config)
+                config_file.write(config_bytes)
                print (
-                    "Config file %r already exists. Generating any missing key"
-                    " files."
-                ) % (config_path,)
-                generate_keys = True
+                    "A config file has been generated in %s for server name"
+                    " '%s' with corresponding SSL keys and self-signed"
+                    " certificates. Please review this file and customise it to"
+                    " your needs."
+                ) % (config_path, server_name)
+            print (
+                "If this server name is incorrect, you will need to regenerate"
+                " the SSL certificates"
+            )
+            sys.exit(0)

        parser = argparse.ArgumentParser(
            parents=[config_parser],
@@ -283,44 +206,25 @@ class Config(object):
        obj.invoke_all("add_arguments", parser)
        args = parser.parse_args(remaining_args)

-        if not config_files:
+        if not config_args.config_path:
            config_parser.error(
                "Must supply a config file.\nA config file can be automatically"
                " generated using \"--generate-config -H SERVER_NAME"
                " -c CONFIG-FILE\""
            )

-        if config_args.keys_directory:
-            config_dir_path = config_args.keys_directory
-        else:
-            config_dir_path = os.path.dirname(config_args.config_path[-1])
+        config_dir_path = os.path.dirname(config_args.config_path[0])
        config_dir_path = os.path.abspath(config_dir_path)

        specified_config = {}
-        for config_file in config_files:
-            yaml_config = cls.read_config_file(config_file)
+        for config_path in config_args.config_path:
+            yaml_config = cls.read_config_file(config_path)
            specified_config.update(yaml_config)

-        if "server_name" not in specified_config:
-            sys.stderr.write("\n" + MISSING_SERVER_NAME + "\n")
-            sys.exit(1)
-
        server_name = specified_config["server_name"]
-        _, config = obj.generate_config(
-            config_dir_path=config_dir_path,
-            server_name=server_name
-        )
+        _, config = obj.generate_config(config_dir_path, server_name)
        config.pop("log_config")
        config.update(specified_config)
-        if "report_stats" not in config:
-            sys.stderr.write(
-                "\n" + MISSING_REPORT_STATS_CONFIG_INSTRUCTIONS + "\n" +
-                MISSING_REPORT_STATS_SPIEL + "\n")
-            sys.exit(1)
-
-        if generate_keys:
-            obj.invoke_all("generate_files", config)
-            sys.exit(0)

        obj.invoke_all("read_config", config)

--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@@ -20,7 +20,7 @@ class AppServiceConfig(Config):
    def read_config(self, config):
        self.app_service_config_files = config.get("app_service_config_files", [])

-    def default_config(cls, **kwargs):
+    def default_config(cls, config_dir_path, server_name):
        return """\
        # A list of application service config file to use
        app_service_config_files: []
--- a/synapse/config/captcha.py
+++ b/synapse/config/captcha.py
@@ -24,15 +24,15 @@ class CaptchaConfig(Config):
        self.captcha_bypass_secret = config.get("captcha_bypass_secret")
        self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]

-    def default_config(self, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        return """\
        ## Captcha ##

        # This Home Server's ReCAPTCHA public key.
-        recaptcha_private_key: "YOUR_PRIVATE_KEY"
+        recaptcha_private_key: "YOUR_PUBLIC_KEY"

        # This Home Server's ReCAPTCHA private key.
-        recaptcha_public_key: "YOUR_PUBLIC_KEY"
+        recaptcha_public_key: "YOUR_PRIVATE_KEY"

        # Enables ReCaptcha checks when registering, preventing signup
        # unless a captcha is answered. Requires a valid ReCaptcha
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@@ -1,47 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from ._base import Config
-
-
-class CasConfig(Config):
-    """Cas Configuration
-
-    cas_server_url: URL of CAS server
-    """
-
-    def read_config(self, config):
-        cas_config = config.get("cas_config", None)
-        if cas_config:
-            self.cas_enabled = cas_config.get("enabled", True)
-            self.cas_server_url = cas_config["server_url"]
-            self.cas_service_url = cas_config["service_url"]
-            self.cas_required_attributes = cas_config.get("required_attributes", {})
-        else:
-            self.cas_enabled = False
-            self.cas_server_url = None
-            self.cas_service_url = None
-            self.cas_required_attributes = {}
-
-    def default_config(self, config_dir_path, server_name, **kwargs):
-        return """
-        # Enable CAS for registration and login.
-        #cas_config:
-        #   enabled: true
-        #   server_url: "https://cas-server.com"
-        #   service_url: "https://homesever.domain.com:8448"
-        #   #required_attributes:
-        #   #    name: value
-        """
--- a/synapse/config/database.py
+++ b/synapse/config/database.py
@@ -45,7 +45,7 @@ class DatabaseConfig(Config):

        self.set_databasepath(config.get("database_path"))

-    def default_config(self, **kwargs):
+    def default_config(self, config, config_dir_path):
        database_path = self.abspath("homeserver.db")
        return """\
        # Database configuration
--- a/synapse/config/homeserver.py
+++ b/synapse/config/homeserver.py
@@ -25,16 +25,12 @@ from .registration import RegistrationConfig
 from .metrics import MetricsConfig
 from .appservice import AppServiceConfig
 from .key import KeyConfig
-from .saml2 import SAML2Config
-from .cas import CasConfig
-from .password import PasswordConfig


 class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig,
                       RatelimitConfig, ContentRepositoryConfig, CaptchaConfig,
-                       VoipConfig, RegistrationConfig, MetricsConfig,
-                       AppServiceConfig, KeyConfig, SAML2Config, CasConfig,
-                       PasswordConfig,):
+                       VoipConfig, RegistrationConfig,
+                       MetricsConfig, AppServiceConfig, KeyConfig,):
    pass


--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -13,17 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-from ._base import Config, ConfigError
-
-from synapse.util.stringutils import random_string
-from signedjson.key import (
-    generate_signing_key, is_signing_algorithm_supported,
-    decode_signing_key_base64, decode_verify_key_bytes,
-    read_signing_keys, write_signing_keys, NACL_ED25519
-)
-from unpaddedbase64 import decode_base64
-
 import os
+from ._base import Config, ConfigError
+import syutil.crypto.signing_key
+from syutil.crypto.signing_key import (
+    is_signing_algorithm_supported, decode_verify_key_bytes
+)
+from syutil.base64util import decode_base64
+from synapse.util.stringutils import random_string


 class KeyConfig(Config):
@@ -40,7 +37,7 @@ class KeyConfig(Config):
            config["perspectives"]
        )

-    def default_config(self, config_dir_path, server_name, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        base_key_name = os.path.join(config_dir_path, server_name)
        return """\
        ## Signing Keys ##
@@ -86,7 +83,9 @@ class KeyConfig(Config):
    def read_signing_key(self, signing_key_path):
        signing_keys = self.read_file(signing_key_path, "signing_key")
        try:
-            return read_signing_keys(signing_keys.splitlines(True))
+            return syutil.crypto.signing_key.read_signing_keys(
+                signing_keys.splitlines(True)
+            )
        except Exception:
            raise ConfigError(
                "Error reading signing_key."
@@ -113,18 +112,22 @@ class KeyConfig(Config):
        if not os.path.exists(signing_key_path):
            with open(signing_key_path, "w") as signing_key_file:
                key_id = "a_" + random_string(4)
-                write_signing_keys(
-                    signing_key_file, (generate_signing_key(key_id),),
+                syutil.crypto.signing_key.write_signing_keys(
+                    signing_key_file,
+                    (syutil.crypto.signing_key.generate_signing_key(key_id),),
                )
        else:
            signing_keys = self.read_file(signing_key_path, "signing_key")
            if len(signing_keys.split("\n")[0].split()) == 1:
                # handle keys in the old format.
                key_id = "a_" + random_string(4)
-                key = decode_signing_key_base64(
-                    NACL_ED25519, key_id, signing_keys.split("\n")[0]
+                key = syutil.crypto.signing_key.decode_signing_key_base64(
+                    syutil.crypto.signing_key.NACL_ED25519,
+                    key_id,
+                    signing_keys.split("\n")[0]
                )
                with open(signing_key_path, "w") as signing_key_file:
-                    write_signing_keys(
-                        signing_key_file, (key,),
+                    syutil.crypto.signing_key.write_signing_keys(
+                        signing_key_file,
+                        (key,),
                    )
--- a/synapse/config/logger.py
+++ b/synapse/config/logger.py
@@ -21,8 +21,6 @@ import logging.config
 import yaml
 from string import Template
 import os
-import signal
-from synapse.util.debug import debug_deferreds


 DEFAULT_LOG_CONFIG = Template("""
@@ -70,10 +68,8 @@ class LoggingConfig(Config):
        self.verbosity = config.get("verbose", 0)
        self.log_config = self.abspath(config.get("log_config"))
        self.log_file = self.abspath(config.get("log_file"))
-        if config.get("full_twisted_stacktraces"):
-            debug_deferreds()

-    def default_config(self, config_dir_path, server_name, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        log_file = self.abspath("homeserver.log")
        log_config = self.abspath(
            os.path.join(config_dir_path, server_name + ".log.config")
@@ -87,11 +83,6 @@ class LoggingConfig(Config):

        # A yaml python logging config file
        log_config: "%(log_config)s"
-
-        # Stop twisted from discarding the stack traces of exceptions in
-        # deferreds by waiting a reactor tick before running a deferred's
-        # callbacks.
-        # full_twisted_stacktraces: true
        """ % locals()

    def read_arguments(self, args):
@@ -151,19 +142,6 @@ class LoggingConfig(Config):
                handler = logging.handlers.RotatingFileHandler(
                    self.log_file, maxBytes=(1000 * 1000 * 100), backupCount=3
                )
-
-                def sighup(signum, stack):
-                    logger.info("Closing log file due to SIGHUP")
-                    handler.doRollover()
-                    logger.info("Opened new log file due to SIGHUP")
-
-                # TODO(paul): obviously this is a terrible mechanism for
-                #   stealing SIGHUP, because it means no other part of synapse
-                #   can use it instead. If we want to catch SIGHUP anywhere
-                #   else as well, I'd suggest we find a nicer way to broadcast
-                #   it around.
-                if getattr(signal, "SIGHUP"):
-                    signal.signal(signal.SIGHUP, sighup)
            else:
                handler = logging.StreamHandler()
            handler.setFormatter(formatter)
--- a/synapse/config/metrics.py
+++ b/synapse/config/metrics.py
@@ -19,15 +19,13 @@ from ._base import Config
 class MetricsConfig(Config):
    def read_config(self, config):
        self.enable_metrics = config["enable_metrics"]
-        self.report_stats = config.get("report_stats", None)
        self.metrics_port = config.get("metrics_port")
        self.metrics_bind_host = config.get("metrics_bind_host", "127.0.0.1")

-    def default_config(self, report_stats=None, **kwargs):
-        suffix = "" if report_stats is None else "report_stats: %(report_stats)s\n"
-        return ("""\
+    def default_config(self, config_dir_path, server_name):
+        return """\
        ## Metrics ###

        # Enable collection and rendering of performance metrics
        enable_metrics: False
-        """ + suffix) % locals()
+        """
--- a/synapse/config/password.py
+++ b/synapse/config/password.py
@@ -1,32 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from ._base import Config
-
-
-class PasswordConfig(Config):
-    """Password login configuration
-    """
-
-    def read_config(self, config):
-        password_config = config.get("password_config", {})
-        self.password_enabled = password_config.get("enabled", True)
-
-    def default_config(self, config_dir_path, server_name, **kwargs):
-        return """
-        # Enable password for login.
-        password_config:
-           enabled: true
-        """
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@@ -27,7 +27,7 @@ class RatelimitConfig(Config):
        self.federation_rc_reject_limit = config["federation_rc_reject_limit"]
        self.federation_rc_concurrent = config["federation_rc_concurrent"]

-    def default_config(self, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        return """\
        ## Ratelimiting ##

--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -32,13 +32,9 @@ class RegistrationConfig(Config):
            )

        self.registration_shared_secret = config.get("registration_shared_secret")
-        self.macaroon_secret_key = config.get("macaroon_secret_key")
-        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
-        self.allow_guest_access = config.get("allow_guest_access", False)

-    def default_config(self, **kwargs):
+    def default_config(self, config_dir, server_name):
        registration_shared_secret = random_string_with_symbols(50)
-        macaroon_secret_key = random_string_with_symbols(50)
        return """\
        ## Registration ##

@@ -48,18 +44,6 @@ class RegistrationConfig(Config):
        # If set, allows registration by anyone who also has the shared
        # secret, even if registration is otherwise disabled.
        registration_shared_secret: "%(registration_shared_secret)s"
-
-        macaroon_secret_key: "%(macaroon_secret_key)s"
-
-        # Set the number of bcrypt rounds used to generate password hash.
-        # Larger numbers increase the work factor needed to generate the hash.
-        # The default number of rounds is 12.
-        bcrypt_rounds: 12
-
-        # Allows users to register as guests without a password/email/etc, and
-        # participate in rooms hosted on this server which have been made
-        # accessible to anonymous users.
-        allow_guest_access: False
        """ % locals()

    def add_arguments(self, parser):
--- a/synapse/config/repository.py
+++ b/synapse/config/repository.py
@@ -14,39 +14,6 @@
 # limitations under the License.

 from ._base import Config
-from collections import namedtuple
-
-ThumbnailRequirement = namedtuple(
-    "ThumbnailRequirement", ["width", "height", "method", "media_type"]
-)
-
-
-def parse_thumbnail_requirements(thumbnail_sizes):
-    """ Takes a list of dictionaries with "width", "height", and "method" keys
-    and creates a map from image media types to the thumbnail size, thumnailing
-    method, and thumbnail media type to precalculate
-
-    Args:
-        thumbnail_sizes(list): List of dicts with "width", "height", and
-            "method" keys
-    Returns:
-        Dictionary mapping from media type string to list of
-        ThumbnailRequirement tuples.
-    """
-    requirements = {}
-    for size in thumbnail_sizes:
-        width = size["width"]
-        height = size["height"]
-        method = size["method"]
-        jpeg_thumbnail = ThumbnailRequirement(width, height, method, "image/jpeg")
-        png_thumbnail = ThumbnailRequirement(width, height, method, "image/png")
-        requirements.setdefault("image/jpeg", []).append(jpeg_thumbnail)
-        requirements.setdefault("image/gif", []).append(png_thumbnail)
-        requirements.setdefault("image/png", []).append(png_thumbnail)
-    return {
-        media_type: tuple(thumbnails)
-        for media_type, thumbnails in requirements.items()
-    }


 class ContentRepositoryConfig(Config):
@@ -54,47 +21,16 @@ class ContentRepositoryConfig(Config):
        self.max_upload_size = self.parse_size(config["max_upload_size"])
        self.max_image_pixels = self.parse_size(config["max_image_pixels"])
        self.media_store_path = self.ensure_directory(config["media_store_path"])
-        self.uploads_path = self.ensure_directory(config["uploads_path"])
-        self.dynamic_thumbnails = config["dynamic_thumbnails"]
-        self.thumbnail_requirements = parse_thumbnail_requirements(
-            config["thumbnail_sizes"]
-        )

-    def default_config(self, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        media_store = self.default_path("media_store")
-        uploads_path = self.default_path("uploads")
        return """
        # Directory where uploaded images and attachments are stored.
        media_store_path: "%(media_store)s"

-        # Directory where in-progress uploads are stored.
-        uploads_path: "%(uploads_path)s"
-
        # The largest allowed upload size in bytes
        max_upload_size: "10M"

        # Maximum number of pixels that will be thumbnailed
        max_image_pixels: "32M"
-
-        # Whether to generate new thumbnails on the fly to precisely match
-        # the resolution requested by the client. If true then whenever
-        # a new resolution is requested by the client the server will
-        # generate a new thumbnail. If false the server will pick a thumbnail
-        # from a precalcualted list.
-        dynamic_thumbnails: false
-
-        # List of thumbnail to precalculate when an image is uploaded.
-        thumbnail_sizes:
-        - width: 32
-          height: 32
-          method: crop
-        - width: 96
-          height: 96
-          method: crop
-        - width: 320
-          height: 240
-          method: scale
-        - width: 640
-          height: 480
-          method: scale
        """ % locals()
--- a/synapse/config/saml2.py
+++ b/synapse/config/saml2.py
@@ -1,55 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 Ericsson
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from ._base import Config
-
-
-class SAML2Config(Config):
-    """SAML2 Configuration
-    Synapse uses pysaml2 libraries for providing SAML2 support
-
-    config_path:      Path to the sp_conf.py configuration file
-    idp_redirect_url: Identity provider URL which will redirect
-                      the user back to /login/saml2 with proper info.
-
-    sp_conf.py file is something like:
-    https://github.com/rohe/pysaml2/blob/master/example/sp-repoze/sp_conf.py.example
-
-    More information: https://pythonhosted.org/pysaml2/howto/config.html
-    """
-
-    def read_config(self, config):
-        saml2_config = config.get("saml2_config", None)
-        if saml2_config:
-            self.saml2_enabled = saml2_config.get("enabled", True)
-            self.saml2_config_path = saml2_config["config_path"]
-            self.saml2_idp_redirect_url = saml2_config["idp_redirect_url"]
-        else:
-            self.saml2_enabled = False
-            self.saml2_config_path = None
-            self.saml2_idp_redirect_url = None
-
-    def default_config(self, config_dir_path, server_name, **kwargs):
-        return """
-        # Enable SAML2 for registration and login. Uses pysaml2
-        # config_path:      Path to the sp_conf.py configuration file
-        # idp_redirect_url: Identity provider URL which will redirect
-        #                   the user back to /login/saml2 with proper info.
-        # See pysaml2 docs for format of config.
-        #saml2_config:
-        #   enabled: true
-        #   config_path: "%s/sp_conf.py"
-        #   idp_redirect_url: "http://%s/idp"
-        """ % (config_dir_path, server_name)
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -22,11 +22,8 @@ class ServerConfig(Config):
        self.server_name = config["server_name"]
        self.pid_file = self.abspath(config.get("pid_file"))
        self.web_client = config["web_client"]
-        self.web_client_location = config.get("web_client_location", None)
        self.soft_file_limit = config["soft_file_limit"]
        self.daemonize = config.get("daemonize")
-        self.print_pidfile = config.get("print_pidfile")
-        self.user_agent_suffix = config.get("user_agent_suffix")
        self.use_frozen_dicts = config.get("use_frozen_dicts", True)

        self.listeners = config.get("listeners", [])
@@ -118,7 +115,7 @@ class ServerConfig(Config):

        self.content_addr = content_addr

-    def default_config(self, server_name, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        if ":" in server_name:
            bind_port = int(server_name.split(":")[1])
            unsecure_port = bind_port - 400
@@ -133,7 +130,6 @@ class ServerConfig(Config):
        # The domain name of the server, with optional explicit port.
        # This is used by remote servers to connect to this server,
        # e.g. matrix.org, localhost:8080, etc.
-        # This is also the last part of your UserID.
        server_name: "%(server_name)s"

        # When running as a daemon, the file to store the pid in
@@ -212,18 +208,12 @@ class ServerConfig(Config):
            self.manhole = args.manhole
        if args.daemonize is not None:
            self.daemonize = args.daemonize
-        if args.print_pidfile is not None:
-            self.print_pidfile = args.print_pidfile

    def add_arguments(self, parser):
        server_group = parser.add_argument_group("server")
        server_group.add_argument("-D", "--daemonize", action='store_true',
                                  default=None,
                                  help="Daemonize the home server")
-        server_group.add_argument("--print-pidfile", action='store_true',
-                                  default=None,
-                                  help="Print the path to the pidfile just"
-                                  " before daemonizing")
        server_group.add_argument("--manhole", metavar="PORT", dest="manhole",
                                  type=int,
                                  help="Turn on the twisted telnet manhole"
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -27,7 +27,6 @@ class TlsConfig(Config):
        self.tls_certificate = self.read_tls_certificate(
            config.get("tls_certificate_path")
        )
-        self.tls_certificate_file = config.get("tls_certificate_path")

        self.no_tls = config.get("no_tls", False)

@@ -42,15 +41,7 @@ class TlsConfig(Config):
            config.get("tls_dh_params_path"), "tls_dh_params"
        )

-        # This config option applies to non-federation HTTP clients
-        # (e.g. for talking to recaptcha, identity servers, and such)
-        # It should never be used in production, and is intended for
-        # use only when running tests.
-        self.use_insecure_ssl_client_just_for_testing_do_not_use = config.get(
-            "use_insecure_ssl_client_just_for_testing_do_not_use"
-        )
-
-    def default_config(self, config_dir_path, server_name, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        base_key_name = os.path.join(config_dir_path, server_name)

        tls_certificate_path = base_key_name + ".tls.crt"
@@ -58,11 +49,7 @@ class TlsConfig(Config):
        tls_dh_params_path = base_key_name + ".tls.dh"

        return """\
-        # PEM encoded X509 certificate for TLS.
-        # You can replace the self-signed certificate that synapse
-        # autogenerates on launch with your own SSL certificate + key pair
-        # if you like.  Any required intermediary certificates can be
-        # appended after the primary certificate in hierarchical order.
+        # PEM encoded X509 certificate for TLS
        tls_certificate_path: "%(tls_certificate_path)s"

        # PEM encoded private key for TLS
@@ -104,7 +91,7 @@ class TlsConfig(Config):
                )

        if not os.path.exists(tls_certificate_path):
-            with open(tls_certificate_path, "w") as certificate_file:
+            with open(tls_certificate_path, "w") as certifcate_file:
                cert = crypto.X509()
                subject = cert.get_subject()
                subject.CN = config["server_name"]
@@ -119,7 +106,7 @@ class TlsConfig(Config):

                cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)

-                certificate_file.write(cert_pem)
+                certifcate_file.write(cert_pem)

        if not os.path.exists(tls_dh_params_path):
            if GENERATE_DH_PARAMS:
--- a/synapse/config/voip.py
+++ b/synapse/config/voip.py
@@ -22,7 +22,7 @@ class VoipConfig(Config):
        self.turn_shared_secret = config["turn_shared_secret"]
        self.turn_user_lifetime = self.parse_duration(config["turn_user_lifetime"])

-    def default_config(self, **kwargs):
+    def default_config(self, config_dir_path, server_name):
        return """\
        ## Turn ##

--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -35,9 +35,9 @@ class ServerContextFactory(ssl.ContextFactory):
            _ecCurve = _OpenSSLECCurve(_defaultCurveName)
            _ecCurve.addECKeyToContext(context)
        except:
-            logger.exception("Failed to enable elliptic curve for TLS")
+            logger.exception("Failed to enable eliptic curve for TLS")
        context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
-        context.use_certificate_chain_file(config.tls_certificate_file)
+        context.use_certificate(config.tls_certificate)

        if not config.no_tls:
            context.use_privatekey(config.tls_private_key)
--- a/synapse/crypto/event_signing.py
+++ b/synapse/crypto/event_signing.py
@@ -15,12 +15,11 @@
 # limitations under the License.


-from synapse.api.errors import SynapseError, Codes
 from synapse.events.utils import prune_event
-
-from canonicaljson import encode_canonical_json
-from unpaddedbase64 import encode_base64, decode_base64
-from signedjson.sign import sign_json
+from syutil.jsonutil import encode_canonical_json
+from syutil.base64util import encode_base64, decode_base64
+from syutil.crypto.jsonsign import sign_json
+from synapse.api.errors import SynapseError, Codes

 import hashlib
 import logging
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -14,24 +14,22 @@
 # limitations under the License.

 from synapse.crypto.keyclient import fetch_server_key
-from synapse.api.errors import SynapseError, Codes
-from synapse.util.retryutils import get_retry_limiter
-from synapse.util import unwrapFirstError
-from synapse.util.async import ObservableDeferred
-
 from twisted.internet import defer
-
-from signedjson.sign import (
+from syutil.crypto.jsonsign import (
    verify_signed_json, signature_ids, sign_json, encode_canonical_json
 )
-from signedjson.key import (
+from syutil.crypto.signing_key import (
    is_signing_algorithm_supported, decode_verify_key_bytes
 )
-from unpaddedbase64 import decode_base64, encode_base64
+from syutil.base64util import decode_base64, encode_base64
+from synapse.api.errors import SynapseError, Codes
+
+from synapse.util.retryutils import get_retry_limiter
+
+from synapse.util.async import ObservableDeferred

 from OpenSSL import crypto

-from collections import namedtuple
 import urllib
 import hashlib
 import logging
@@ -40,9 +38,6 @@ import logging
 logger = logging.getLogger(__name__)


-KeyGroup = namedtuple("KeyGroup", ("server_name", "group_id", "key_ids"))
-
-
 class Keyring(object):
    def __init__(self, hs):
        self.store = hs.get_datastore()
@@ -54,352 +49,165 @@ class Keyring(object):

        self.key_downloads = {}

+    @defer.inlineCallbacks
    def verify_json_for_server(self, server_name, json_object):
-        return self.verify_json_objects_for_server(
-            [(server_name, json_object)]
-        )[0]
-
-    def verify_json_objects_for_server(self, server_and_json):
-        """Bulk verfies signatures of json objects, bulk fetching keys as
-        necessary.
-
-        Args:
-            server_and_json (list): List of pairs of (server_name, json_object)
-
-        Returns:
-            list of deferreds indicating success or failure to verify each
-            json object's signature for the given server_name.
-        """
-        group_id_to_json = {}
-        group_id_to_group = {}
-        group_ids = []
-
-        next_group_id = 0
-        deferreds = {}
-
-        for server_name, json_object in server_and_json:
-            logger.debug("Verifying for %s", server_name)
-            group_id = next_group_id
-            next_group_id += 1
-            group_ids.append(group_id)
-
-            key_ids = signature_ids(json_object, server_name)
-            if not key_ids:
-                deferreds[group_id] = defer.fail(SynapseError(
-                    400,
-                    "Not signed with a supported algorithm",
-                    Codes.UNAUTHORIZED,
-                ))
-            else:
-                deferreds[group_id] = defer.Deferred()
-
-            group = KeyGroup(server_name, group_id, key_ids)
-
-            group_id_to_group[group_id] = group
-            group_id_to_json[group_id] = json_object
-
-        @defer.inlineCallbacks
-        def handle_key_deferred(group, deferred):
-            server_name = group.server_name
-            try:
-                _, _, key_id, verify_key = yield deferred
-            except IOError as e:
-                logger.warn(
-                    "Got IOError when downloading keys for %s: %s %s",
-                    server_name, type(e).__name__, str(e.message),
-                )
-                raise SynapseError(
-                    502,
-                    "Error downloading keys for %s" % (server_name,),
-                    Codes.UNAUTHORIZED,
-                )
-            except Exception as e:
-                logger.exception(
-                    "Got Exception when downloading keys for %s: %s %s",
-                    server_name, type(e).__name__, str(e.message),
-                )
-                raise SynapseError(
-                    401,
-                    "No key for %s with id %s" % (server_name, key_ids),
-                    Codes.UNAUTHORIZED,
-                )
-
-            json_object = group_id_to_json[group.group_id]
-
-            try:
-                verify_signed_json(json_object, server_name, verify_key)
-            except:
-                raise SynapseError(
-                    401,
-                    "Invalid signature for server %s with key %s:%s" % (
-                        server_name, verify_key.alg, verify_key.version
-                    ),
-                    Codes.UNAUTHORIZED,
-                )
-
-        server_to_deferred = {
-            server_name: defer.Deferred()
-            for server_name, _ in server_and_json
-        }
-
-        # We want to wait for any previous lookups to complete before
-        # proceeding.
-        wait_on_deferred = self.wait_for_previous_lookups(
-            [server_name for server_name, _ in server_and_json],
-            server_to_deferred,
-        )
-
-        # Actually start fetching keys.
-        wait_on_deferred.addBoth(
-            lambda _: self.get_server_verify_keys(group_id_to_group, deferreds)
-        )
-
-        # When we've finished fetching all the keys for a given server_name,
-        # resolve the deferred passed to `wait_for_previous_lookups` so that
-        # any lookups waiting will proceed.
-        server_to_gids = {}
-
-        def remove_deferreds(res, server_name, group_id):
-            server_to_gids[server_name].discard(group_id)
-            if not server_to_gids[server_name]:
-                d = server_to_deferred.pop(server_name, None)
-                if d:
-                    d.callback(None)
-            return res
-
-        for g_id, deferred in deferreds.items():
-            server_name = group_id_to_group[g_id].server_name
-            server_to_gids.setdefault(server_name, set()).add(g_id)
-            deferred.addBoth(remove_deferreds, server_name, g_id)
-
-        # Pass those keys to handle_key_deferred so that the json object
-        # signatures can be verified
-        return [
-            handle_key_deferred(
-                group_id_to_group[g_id],
-                deferreds[g_id],
+        logger.debug("Verifying for %s", server_name)
+        key_ids = signature_ids(json_object, server_name)
+        if not key_ids:
+            raise SynapseError(
+                400,
+                "Not signed with a supported algorithm",
+                Codes.UNAUTHORIZED,
+            )
+        try:
+            verify_key = yield self.get_server_verify_key(server_name, key_ids)
+        except IOError as e:
+            logger.warn(
+                "Got IOError when downloading keys for %s: %s %s",
+                server_name, type(e).__name__, str(e.message),
+            )
+            raise SynapseError(
+                502,
+                "Error downloading keys for %s" % (server_name,),
+                Codes.UNAUTHORIZED,
+            )
+        except Exception as e:
+            logger.warn(
+                "Got Exception when downloading keys for %s: %s %s",
+                server_name, type(e).__name__, str(e.message),
+            )
+            raise SynapseError(
+                401,
+                "No key for %s with id %s" % (server_name, key_ids),
+                Codes.UNAUTHORIZED,
+            )
+
+        try:
+            verify_signed_json(json_object, server_name, verify_key)
+        except:
+            raise SynapseError(
+                401,
+                "Invalid signature for server %s with key %s:%s" % (
+                    server_name, verify_key.alg, verify_key.version
+                ),
+                Codes.UNAUTHORIZED,
            )
-            for g_id in group_ids
-        ]

    @defer.inlineCallbacks
-    def wait_for_previous_lookups(self, server_names, server_to_deferred):
-        """Waits for any previous key lookups for the given servers to finish.
-
+    def get_server_verify_key(self, server_name, key_ids):
+        """Finds a verification key for the server with one of the key ids.
+        Trys to fetch the key from a trusted perspective server first.
        Args:
-            server_names (list): list of server_names we want to lookup
-            server_to_deferred (dict): server_name to deferred which gets
-                resolved once we've finished looking up keys for that server
+            server_name(str): The name of the server to fetch a key for.
+            keys_ids (list of str): The key_ids to check for.
        """
-        while True:
-            wait_on = [
-                self.key_downloads[server_name]
-                for server_name in server_names
-                if server_name in self.key_downloads
-            ]
-            if wait_on:
-                yield defer.DeferredList(wait_on)
-            else:
-                break
+        cached = yield self.store.get_server_verify_keys(server_name, key_ids)

-        for server_name, deferred in server_to_deferred.items():
-            d = ObservableDeferred(deferred)
-            self.key_downloads[server_name] = d
+        if cached:
+            defer.returnValue(cached[0])
+            return

-            def rm(r, server_name):
-                self.key_downloads.pop(server_name, None)
-                return r
+        download = self.key_downloads.get(server_name)

-            d.addBoth(rm, server_name)
+        if download is None:
+            download = self._get_server_verify_key_impl(server_name, key_ids)
+            download = ObservableDeferred(
+                download,
+                consumeErrors=True
+            )
+            self.key_downloads[server_name] = download

-    def get_server_verify_keys(self, group_id_to_group, group_id_to_deferred):
-        """Takes a dict of KeyGroups and tries to find at least one key for
-        each group.
-        """
+            @download.addBoth
+            def callback(ret):
+                del self.key_downloads[server_name]
+                return ret

-        # These are functions that produce keys given a list of key ids
-        key_fetch_fns = (
-            self.get_keys_from_store,  # First try the local store
-            self.get_keys_from_perspectives,  # Then try via perspectives
-            self.get_keys_from_server,  # Then try directly
-        )
-
-        @defer.inlineCallbacks
-        def do_iterations():
-            merged_results = {}
-
-            missing_keys = {}
-            for group in group_id_to_group.values():
-                missing_keys.setdefault(group.server_name, set()).union(group.key_ids)
-
-            for fn in key_fetch_fns:
-                results = yield fn(missing_keys.items())
-                merged_results.update(results)
-
-                # We now need to figure out which groups we have keys for
-                # and which we don't
-                missing_groups = {}
-                for group in group_id_to_group.values():
-                    for key_id in group.key_ids:
-                        if key_id in merged_results[group.server_name]:
-                            group_id_to_deferred[group.group_id].callback((
-                                group.group_id,
-                                group.server_name,
-                                key_id,
-                                merged_results[group.server_name][key_id],
-                            ))
-                            break
-                    else:
-                        missing_groups.setdefault(
-                            group.server_name, []
-                        ).append(group)
-
-                if not missing_groups:
-                    break
-
-                missing_keys = {
-                    server_name: set(
-                        key_id for group in groups for key_id in group.key_ids
-                    )
-                    for server_name, groups in missing_groups.items()
-                }
-
-            for group in missing_groups.values():
-                group_id_to_deferred[group.group_id].errback(SynapseError(
-                    401,
-                    "No key for %s with id %s" % (
-                        group.server_name, group.key_ids,
-                    ),
-                    Codes.UNAUTHORIZED,
-                ))
-
-        def on_err(err):
-            for deferred in group_id_to_deferred.values():
-                if not deferred.called:
-                    deferred.errback(err)
-
-        do_iterations().addErrback(on_err)
-
-        return group_id_to_deferred
+        r = yield download.observe()
+        defer.returnValue(r)

    @defer.inlineCallbacks
-    def get_keys_from_store(self, server_name_and_key_ids):
-        res = yield defer.gatherResults(
-            [
-                self.store.get_server_verify_keys(
-                    server_name, key_ids
-                ).addCallback(lambda ks, server: (server, ks), server_name)
-                for server_name, key_ids in server_name_and_key_ids
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
+    def _get_server_verify_key_impl(self, server_name, key_ids):
+        keys = None

-        defer.returnValue(dict(res))
-
-    @defer.inlineCallbacks
-    def get_keys_from_perspectives(self, server_name_and_key_ids):
        @defer.inlineCallbacks
        def get_key(perspective_name, perspective_keys):
            try:
                result = yield self.get_server_verify_key_v2_indirect(
-                    server_name_and_key_ids, perspective_name, perspective_keys
+                    server_name, key_ids, perspective_name, perspective_keys
                )
                defer.returnValue(result)
            except Exception as e:
-                logger.exception(
-                    "Unable to get key from %r: %s %s",
-                    perspective_name,
+                logging.info(
+                    "Unable to getting key %r for %r from %r: %s %s",
+                    key_ids, server_name, perspective_name,
                    type(e).__name__, str(e.message),
                )
-                defer.returnValue({})

-        results = yield defer.gatherResults(
-            [
-                get_key(p_name, p_keys)
-                for p_name, p_keys in self.perspective_servers.items()
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
+        perspective_results = yield defer.gatherResults([
+            get_key(p_name, p_keys)
+            for p_name, p_keys in self.perspective_servers.items()
+        ])

-        union_of_keys = {}
-        for result in results:
-            for server_name, keys in result.items():
-                union_of_keys.setdefault(server_name, {}).update(keys)
+        for results in perspective_results:
+            if results is not None:
+                keys = results

-        defer.returnValue(union_of_keys)
+        limiter = yield get_retry_limiter(
+            server_name,
+            self.clock,
+            self.store,
+        )

-    @defer.inlineCallbacks
-    def get_keys_from_server(self, server_name_and_key_ids):
-        @defer.inlineCallbacks
-        def get_key(server_name, key_ids):
-            limiter = yield get_retry_limiter(
-                server_name,
-                self.clock,
-                self.store,
-            )
-            with limiter:
-                keys = None
+        with limiter:
+            if not keys:
                try:
                    keys = yield self.get_server_verify_key_v2_direct(
                        server_name, key_ids
                    )
                except Exception as e:
-                    logger.info(
+                    logging.info(
                        "Unable to getting key %r for %r directly: %s %s",
                        key_ids, server_name,
                        type(e).__name__, str(e.message),
                    )

-                if not keys:
-                    keys = yield self.get_server_verify_key_v1_direct(
-                        server_name, key_ids
-                    )
+            if not keys:
+                keys = yield self.get_server_verify_key_v1_direct(
+                    server_name, key_ids
+                )

-                    keys = {server_name: keys}
-
-            defer.returnValue(keys)
-
-        results = yield defer.gatherResults(
-            [
-                get_key(server_name, key_ids)
-                for server_name, key_ids in server_name_and_key_ids
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
-
-        merged = {}
-        for result in results:
-            merged.update(result)
-
-        defer.returnValue({
-            server_name: keys
-            for server_name, keys in merged.items()
-            if keys
-        })
+        for key_id in key_ids:
+            if key_id in keys:
+                defer.returnValue(keys[key_id])
+                return
+        raise ValueError("No verification key found for given key ids")

    @defer.inlineCallbacks
-    def get_server_verify_key_v2_indirect(self, server_names_and_key_ids,
+    def get_server_verify_key_v2_indirect(self, server_name, key_ids,
                                          perspective_name,
                                          perspective_keys):
-        # TODO(mark): Set the minimum_valid_until_ts to that needed by
-        # the events being validated or the current time if validating
-        # an incoming request.
-        query_response = yield self.client.post_json(
-            destination=perspective_name,
-            path=b"/_matrix/key/v2/query",
-            data={
-                u"server_keys": {
-                    server_name: {
-                        key_id: {
-                            u"minimum_valid_until_ts": 0
-                        } for key_id in key_ids
-                    }
-                    for server_name, key_ids in server_names_and_key_ids
-                }
-            },
-            long_retries=True,
+        limiter = yield get_retry_limiter(
+            perspective_name, self.clock, self.store
        )

+        with limiter:
+            # TODO(mark): Set the minimum_valid_until_ts to that needed by
+            # the events being validated or the current time if validating
+            # an incoming request.
+            query_response = yield self.client.post_json(
+                destination=perspective_name,
+                path=b"/_matrix/key/v2/query",
+                data={
+                    u"server_keys": {
+                        server_name: {
+                            key_id: {
+                                u"minimum_valid_until_ts": 0
+                            } for key_id in key_ids
+                        }
+                    }
+                },
+            )
+
        keys = {}

        responses = query_response["server_keys"]
@@ -435,29 +243,23 @@ class Keyring(object):
                    " server %r" % (perspective_name,)
                )

-            processed_response = yield self.process_v2_response(
-                perspective_name, response
+            response_keys = yield self.process_v2_response(
+                server_name, perspective_name, response
            )

-            for server_name, response_keys in processed_response.items():
-                keys.setdefault(server_name, {}).update(response_keys)
+            keys.update(response_keys)

-        yield defer.gatherResults(
-            [
-                self.store_keys(
-                    server_name=server_name,
-                    from_server=perspective_name,
-                    verify_keys=response_keys,
-                )
-                for server_name, response_keys in keys.items()
-            ],
-            consumeErrors=True
-        ).addErrback(unwrapFirstError)
+        yield self.store_keys(
+            server_name=server_name,
+            from_server=perspective_name,
+            verify_keys=keys,
+        )

        defer.returnValue(keys)

    @defer.inlineCallbacks
    def get_server_verify_key_v2_direct(self, server_name, key_ids):
+
        keys = {}

        for requested_key_id in key_ids:
@@ -465,7 +267,7 @@ class Keyring(object):
                continue

            (response, tls_certificate) = yield fetch_server_key(
-                server_name, self.hs.tls_server_context_factory,
+                server_name, self.hs.tls_context_factory,
                path=(b"/_matrix/key/v2/server/%s" % (
                    urllib.quote(requested_key_id),
                )).encode("ascii"),
@@ -493,30 +295,25 @@ class Keyring(object):
                raise ValueError("TLS certificate not allowed by fingerprints")

            response_keys = yield self.process_v2_response(
+                server_name=server_name,
                from_server=server_name,
-                requested_ids=[requested_key_id],
+                requested_id=requested_key_id,
                response_json=response,
            )

            keys.update(response_keys)

-        yield defer.gatherResults(
-            [
-                self.store_keys(
-                    server_name=key_server_name,
-                    from_server=server_name,
-                    verify_keys=verify_keys,
-                )
-                for key_server_name, verify_keys in keys.items()
-            ],
-            consumeErrors=True
-        ).addErrback(unwrapFirstError)
+        yield self.store_keys(
+            server_name=server_name,
+            from_server=server_name,
+            verify_keys=keys,
+        )

        defer.returnValue(keys)

    @defer.inlineCallbacks
-    def process_v2_response(self, from_server, response_json,
-                            requested_ids=[]):
+    def process_v2_response(self, server_name, from_server, response_json,
+                            requested_id=None):
        time_now_ms = self.clock.time_msec()
        response_keys = {}
        verify_keys = {}
@@ -538,8 +335,6 @@ class Keyring(object):
                verify_key.time_added = time_now_ms
                old_verify_keys[key_id] = verify_key

-        results = {}
-        server_name = response_json["server_name"]
        for key_id in response_json["signatures"].get(server_name, {}):
            if key_id not in response_json["verify_keys"]:
                raise ValueError(
@@ -562,31 +357,28 @@ class Keyring(object):
        signed_key_json_bytes = encode_canonical_json(signed_key_json)
        ts_valid_until_ms = signed_key_json[u"valid_until_ts"]

-        updated_key_ids = set(requested_ids)
+        updated_key_ids = set()
+        if requested_id is not None:
+            updated_key_ids.add(requested_id)
        updated_key_ids.update(verify_keys)
        updated_key_ids.update(old_verify_keys)

        response_keys.update(verify_keys)
        response_keys.update(old_verify_keys)

-        yield defer.gatherResults(
-            [
-                self.store.store_server_keys_json(
-                    server_name=server_name,
-                    key_id=key_id,
-                    from_server=server_name,
-                    ts_now_ms=time_now_ms,
-                    ts_expires_ms=ts_valid_until_ms,
-                    key_json_bytes=signed_key_json_bytes,
-                )
-                for key_id in updated_key_ids
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
+        for key_id in updated_key_ids:
+            yield self.store.store_server_keys_json(
+                server_name=server_name,
+                key_id=key_id,
+                from_server=server_name,
+                ts_now_ms=time_now_ms,
+                ts_expires_ms=ts_valid_until_ms,
+                key_json_bytes=signed_key_json_bytes,
+            )

-        results[server_name] = response_keys
+        defer.returnValue(response_keys)

-        defer.returnValue(results)
+        raise ValueError("No verification key found for given key ids")

    @defer.inlineCallbacks
    def get_server_verify_key_v1_direct(self, server_name, key_ids):
@@ -599,7 +391,7 @@ class Keyring(object):
        # Try to fetch the key from the remote server.

        (response, tls_certificate) = yield fetch_server_key(
-            server_name, self.hs.tls_server_context_factory
+            server_name, self.hs.tls_context_factory
        )

        # Check the response.
@@ -670,13 +462,8 @@ class Keyring(object):
        Returns:
            A deferred that completes when the keys are stored.
        """
-        # TODO(markjh): Store whether the keys have expired.
-        yield defer.gatherResults(
-            [
-                self.store.store_server_verify_key(
-                    server_name, server_name, key.time_added, key
-                )
-                for key_id, key in verify_keys.items()
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
+        for key_id, key in verify_keys.items():
+            # TODO(markjh): Store whether the keys have expired.
+            yield self.store.store_server_verify_key(
+                server_name, server_name, key.time_added, key
+            )
--- a/synapse/events/init.py
+++ b/synapse/events/init.py
@@ -90,7 +90,7 @@ class EventBase(object):
        d = dict(self._event_dict)
        d.update({
            "signatures": self.signatures,
-            "unsigned": dict(self.unsigned),
+            "unsigned": self.unsigned,
        })

        return d
@@ -109,9 +109,6 @@ class EventBase(object):
            pdu_json.setdefault("unsigned", {})["age"] = int(age)
            del pdu_json["unsigned"]["age_ts"]

-        # This may be a frozen event
-        pdu_json["unsigned"].pop("redacted_because", None)
-
        return pdu_json

    def __set__(self, instance, value):
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@@ -66,6 +66,7 @@ def prune_event(event):
            "users_default",
            "events",
            "events_default",
+            "events_default",
            "state_default",
            "ban",
            "kick",
@@ -73,8 +74,6 @@ def prune_event(event):
        )
    elif event_type == EventTypes.Aliases:
        add_fields("aliases")
-    elif event_type == EventTypes.RoomHistoryVisibility:
-        add_fields("history_visibility")

    allowed_fields = {
        k: v
@@ -100,20 +99,19 @@ def format_event_raw(d):


 def format_event_for_client_v1(d):
-    d = format_event_for_client_v2(d)
+    d["user_id"] = d.pop("sender", None)

-    sender = d.get("sender")
-    if sender is not None:
-        d["user_id"] = sender
-
-    copy_keys = (
-        "age", "redacted_because", "replaces_state", "prev_content",
-        "invite_room_state",
-    )
-    for key in copy_keys:
+    move_keys = ("age", "redacted_because", "replaces_state", "prev_content")
+    for key in move_keys:
        if key in d["unsigned"]:
            d[key] = d["unsigned"][key]

+    drop_keys = (
+        "auth_events", "prev_events", "hashes", "signatures", "depth",
+        "unsigned", "origin", "prev_state"
+    )
+    for key in drop_keys:
+        d.pop(key, None)
    return d


@@ -127,9 +125,10 @@ def format_event_for_client_v2(d):
    return d


-def format_event_for_client_v2_without_room_id(d):
+def format_event_for_client_v2_without_event_id(d):
    d = format_event_for_client_v2(d)
    d.pop("room_id", None)
+    d.pop("event_id", None)
    return d


@@ -151,8 +150,7 @@ def serialize_event(e, time_now_ms, as_client_event=True,

    if "redacted_because" in e.unsigned:
        d["unsigned"]["redacted_because"] = serialize_event(
-            e.unsigned["redacted_because"], time_now_ms,
-            event_format=event_format
+            e.unsigned["redacted_because"], time_now_ms
        )

    if token_id is not None:
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -32,8 +32,7 @@ logger = logging.getLogger(__name__)

 class FederationBase(object):
    @defer.inlineCallbacks
-    def _check_sigs_and_hash_and_fetch(self, origin, pdus, outlier=False,
-                                       include_none=False):
+    def _check_sigs_and_hash_and_fetch(self, origin, pdus, outlier=False):
        """Takes a list of PDUs and checks the signatures and hashs of each
        one. If a PDU fails its signature check then we check if we have it in
        the database and if not then request if from the originating server of
@@ -51,108 +50,84 @@ class FederationBase(object):
        Returns:
            Deferred : A list of PDUs that have valid signatures and hashes.
        """
-        deferreds = self._check_sigs_and_hashes(pdus)

-        def callback(pdu):
-            return pdu
+        signed_pdus = []

-        def errback(failure, pdu):
-            failure.trap(SynapseError)
-            return None
+        @defer.inlineCallbacks
+        def do(pdu):
+            try:
+                new_pdu = yield self._check_sigs_and_hash(pdu)
+                signed_pdus.append(new_pdu)
+            except SynapseError:
+                # FIXME: We should handle signature failures more gracefully.

-        def try_local_db(res, pdu):
-            if not res:
                # Check local db.
-                return self.store.get_event(
+                new_pdu = yield self.store.get_event(
                    pdu.event_id,
                    allow_rejected=True,
                    allow_none=True,
                )
-            return res
+                if new_pdu:
+                    signed_pdus.append(new_pdu)
+                    return

-        def try_remote(res, pdu):
-            if not res and pdu.origin != origin:
-                return self.get_pdu(
-                    destinations=[pdu.origin],
-                    event_id=pdu.event_id,
-                    outlier=outlier,
-                    timeout=10000,
-                ).addErrback(lambda e: None)
-            return res
+                # Check pdu.origin
+                if pdu.origin != origin:
+                    try:
+                        new_pdu = yield self.get_pdu(
+                            destinations=[pdu.origin],
+                            event_id=pdu.event_id,
+                            outlier=outlier,
+                            timeout=10000,
+                        )
+
+                        if new_pdu:
+                            signed_pdus.append(new_pdu)
+                            return
+                    except:
+                        pass

-        def warn(res, pdu):
-            if not res:
                logger.warn(
                    "Failed to find copy of %s with valid signature",
                    pdu.event_id,
                )
-            return res

-        for pdu, deferred in zip(pdus, deferreds):
-            deferred.addCallbacks(
-                callback, errback, errbackArgs=[pdu]
-            ).addCallback(
-                try_local_db, pdu
-            ).addCallback(
-                try_remote, pdu
-            ).addCallback(
-                warn, pdu
-            )
-
-        valid_pdus = yield defer.gatherResults(
-            deferreds,
+        yield defer.gatherResults(
+            [do(pdu) for pdu in pdus],
            consumeErrors=True
        ).addErrback(unwrapFirstError)

-        if include_none:
-            defer.returnValue(valid_pdus)
-        else:
-            defer.returnValue([p for p in valid_pdus if p])
+        defer.returnValue(signed_pdus)

+    @defer.inlineCallbacks
    def _check_sigs_and_hash(self, pdu):
-        return self._check_sigs_and_hashes([pdu])[0]
-
-    def _check_sigs_and_hashes(self, pdus):
-        """Throws a SynapseError if a PDU does not have the correct
+        """Throws a SynapseError if the PDU does not have the correct
        signatures.

        Returns:
            FrozenEvent: Either the given event or it redacted if it failed the
            content hash check.
        """
+        # Check signatures are correct.
+        redacted_event = prune_event(pdu)
+        redacted_pdu_json = redacted_event.get_pdu_json()

-        redacted_pdus = [
-            prune_event(pdu)
-            for pdu in pdus
-        ]
-
-        deferreds = self.keyring.verify_json_objects_for_server([
-            (p.origin, p.get_pdu_json())
-            for p in redacted_pdus
-        ])
-
-        def callback(_, pdu, redacted):
-            if not check_event_content_hash(pdu):
-                logger.warn(
-                    "Event content has been tampered, redacting %s: %s",
-                    pdu.event_id, pdu.get_pdu_json()
-                )
-                return redacted
-            return pdu
-
-        def errback(failure, pdu):
-            failure.trap(SynapseError)
+        try:
+            yield self.keyring.verify_json_for_server(
+                pdu.origin, redacted_pdu_json
+            )
+        except SynapseError:
            logger.warn(
                "Signature check failed for %s",
                pdu.event_id,
            )
-            return failure
+            raise

-        for deferred, pdu, redacted in zip(deferreds, pdus, redacted_pdus):
-            deferred.addCallbacks(
-                callback, errback,
-                callbackArgs=[pdu, redacted],
-                errbackArgs=[pdu],
+        if not check_event_content_hash(pdu):
+            logger.warn(
+                "Event content has been tampered, redacting.",
+                pdu.event_id,
            )
+            defer.returnValue(redacted_event)

-        return deferreds
+        defer.returnValue(pdu)
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -17,21 +17,19 @@
 from twisted.internet import defer

 from .federation_base import FederationBase
-from synapse.api.constants import Membership
 from .units import Edu

 from synapse.api.errors import (
    CodeMessageException, HttpResponseException, SynapseError,
 )
 from synapse.util import unwrapFirstError
-from synapse.util.caches.expiringcache import ExpiringCache
+from synapse.util.expiringcache import ExpiringCache
 from synapse.util.logutils import log_function
 from synapse.events import FrozenEvent
 import synapse.metrics

 from synapse.util.retryutils import get_retry_limiter, NotRetryingDestination

-import copy
 import itertools
 import logging
 import random
@@ -135,36 +133,6 @@ class FederationClient(FederationBase):
            destination, query_type, args, retry_on_dns_fail=retry_on_dns_fail
        )

-    @log_function
-    def query_client_keys(self, destination, content):
-        """Query device keys for a device hosted on a remote server.
-
-        Args:
-            destination (str): Domain name of the remote homeserver
-            content (dict): The query content.
-
-        Returns:
-            a Deferred which will eventually yield a JSON object from the
-            response
-        """
-        sent_queries_counter.inc("client_device_keys")
-        return self.transport_layer.query_client_keys(destination, content)
-
-    @log_function
-    def claim_client_keys(self, destination, content):
-        """Claims one-time keys for a device hosted on a remote server.
-
-        Args:
-            destination (str): Domain name of the remote homeserver
-            content (dict): The query content.
-
-        Returns:
-            a Deferred which will eventually yield a JSON object from the
-            response
-        """
-        sent_queries_counter.inc("client_one_time_keys")
-        return self.transport_layer.claim_client_keys(destination, content)
-
    @defer.inlineCallbacks
    @log_function
    def backfill(self, dest, context, limit, extremities):
@@ -199,7 +167,7 @@ class FederationClient(FederationBase):

        # FIXME: We should handle signature failures more gracefully.
        pdus[:] = yield defer.gatherResults(
-            self._check_sigs_and_hashes(pdus),
+            [self._check_sigs_and_hash(pdu) for pdu in pdus],
            consumeErrors=True,
        ).addErrback(unwrapFirstError)

@@ -262,7 +230,7 @@ class FederationClient(FederationBase):
                        pdu = pdu_list[0]

                        # Check signatures are correct.
-                        pdu = yield self._check_sigs_and_hashes([pdu])[0]
+                        pdu = yield self._check_sigs_and_hash(pdu)

                        break

@@ -357,55 +325,16 @@ class FederationClient(FederationBase):
        defer.returnValue(signed_auth)

    @defer.inlineCallbacks
-    def make_membership_event(self, destinations, room_id, user_id, membership,
-                              content={},):
-        """
-        Creates an m.room.member event, with context, without participating in the room.
-
-        Does so by asking one of the already participating servers to create an
-        event with proper context.
-
-        Note that this does not append any events to any graphs.
-
-        Args:
-            destinations (str): Candidate homeservers which are probably
-                participating in the room.
-            room_id (str): The room in which the event will happen.
-            user_id (str): The user whose membership is being evented.
-            membership (str): The "membership" property of the event. Must be
-                one of "join" or "leave".
-            content (object): Any additional data to put into the content field
-                of the event.
-        Return:
-            A tuple of (origin (str), event (object)) where origin is the remote
-            homeserver which generated the event.
-        """
-        valid_memberships = {Membership.JOIN, Membership.LEAVE}
-        if membership not in valid_memberships:
-            raise RuntimeError(
-                "make_membership_event called with membership='%s', must be one of %s" %
-                (membership, ",".join(valid_memberships))
-            )
+    def make_join(self, destinations, room_id, user_id):
        for destination in destinations:
-            if destination == self.server_name:
-                continue
-
            try:
-                ret = yield self.transport_layer.make_membership_event(
-                    destination, room_id, user_id, membership
+                ret = yield self.transport_layer.make_join(
+                    destination, room_id, user_id
                )

                pdu_dict = ret["event"]

-                logger.debug("Got response to make_%s: %s", membership, pdu_dict)
-
-                pdu_dict["content"].update(content)
-
-                # The protoevent received over the JSON wire may not have all
-                # the required fields. Lets just gloss over that because
-                # there's some we never care about
-                if "prev_state" not in pdu_dict:
-                    pdu_dict["prev_state"] = []
+                logger.debug("Got response to make_join: %s", pdu_dict)

                defer.returnValue(
                    (destination, self.event_from_pdu_json(pdu_dict))
@@ -415,8 +344,8 @@ class FederationClient(FederationBase):
                raise
            except Exception as e:
                logger.warn(
-                    "Failed to make_%s via %s: %s",
-                    membership, destination, e.message
+                    "Failed to make_join via %s: %s",
+                    destination, e.message
                )

        raise RuntimeError("Failed to send to any server.")
@@ -424,9 +353,6 @@ class FederationClient(FederationBase):
    @defer.inlineCallbacks
    def send_join(self, destinations, pdu):
        for destination in destinations:
-            if destination == self.server_name:
-                continue
-
            try:
                time_now = self._clock.time_msec()
                _, content = yield self.transport_layer.send_join(
@@ -448,39 +374,17 @@ class FederationClient(FederationBase):
                    for p in content.get("auth_chain", [])
                ]

-                pdus = {
-                    p.event_id: p
-                    for p in itertools.chain(state, auth_chain)
-                }
-
-                valid_pdus = yield self._check_sigs_and_hash_and_fetch(
-                    destination, pdus.values(),
-                    outlier=True,
-                )
-
-                valid_pdus_map = {
-                    p.event_id: p
-                    for p in valid_pdus
-                }
-
-                # NB: We *need* to copy to ensure that we don't have multiple
-                # references being passed on, as that causes... issues.
-                signed_state = [
-                    copy.copy(valid_pdus_map[p.event_id])
-                    for p in state
-                    if p.event_id in valid_pdus_map
-                ]
-
-                signed_auth = [
-                    valid_pdus_map[p.event_id]
-                    for p in auth_chain
-                    if p.event_id in valid_pdus_map
-                ]
-
-                # NB: We *need* to copy to ensure that we don't have multiple
-                # references being passed on, as that causes... issues.
-                for s in signed_state:
-                    s.internal_metadata = copy.deepcopy(s.internal_metadata)
+                signed_state, signed_auth = yield defer.gatherResults(
+                    [
+                        self._check_sigs_and_hash_and_fetch(
+                            destination, state, outlier=True
+                        ),
+                        self._check_sigs_and_hash_and_fetch(
+                            destination, auth_chain, outlier=True
+                        )
+                    ],
+                    consumeErrors=True
+                ).addErrback(unwrapFirstError)

                auth_chain.sort(key=lambda e: e.depth)

@@ -492,7 +396,7 @@ class FederationClient(FederationBase):
            except CodeMessageException:
                raise
            except Exception as e:
-                logger.exception(
+                logger.warn(
                    "Failed to send_join via %s: %s",
                    destination, e.message
                )
@@ -522,33 +426,6 @@ class FederationClient(FederationBase):

        defer.returnValue(pdu)

-    @defer.inlineCallbacks
-    def send_leave(self, destinations, pdu):
-        for destination in destinations:
-            if destination == self.server_name:
-                continue
-
-            try:
-                time_now = self._clock.time_msec()
-                _, content = yield self.transport_layer.send_leave(
-                    destination=destination,
-                    room_id=pdu.room_id,
-                    event_id=pdu.event_id,
-                    content=pdu.get_pdu_json(time_now),
-                )
-
-                logger.debug("Got content: %s", content)
-                defer.returnValue(None)
-            except CodeMessageException:
-                raise
-            except Exception as e:
-                logger.exception(
-                    "Failed to send_leave via %s: %s",
-                    destination, e.message
-                )
-
-        raise RuntimeError("Failed to send to any server.")
-
    @defer.inlineCallbacks
    def query_auth(self, destination, room_id, event_id, local_auth):
        """
@@ -707,26 +584,3 @@ class FederationClient(FederationBase):
        event.internal_metadata.outlier = outlier

        return event
-
-    @defer.inlineCallbacks
-    def forward_third_party_invite(self, destinations, room_id, event_dict):
-        for destination in destinations:
-            if destination == self.server_name:
-                continue
-
-            try:
-                yield self.transport_layer.exchange_third_party_invite(
-                    destination=destination,
-                    room_id=room_id,
-                    event_dict=event_dict,
-                )
-                defer.returnValue(None)
-            except CodeMessageException:
-                raise
-            except Exception as e:
-                logger.exception(
-                    "Failed to send_third_party_invite via %s: %s",
-                    destination, e.message
-                )
-
-        raise RuntimeError("Failed to send to any server.")
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -27,7 +27,6 @@ from synapse.api.errors import FederationError, SynapseError

 from synapse.crypto.event_signing import compute_event_signature

-import simplejson as json
 import logging


@@ -254,20 +253,6 @@ class FederationServer(FederationBase):
            ],
        }))

-    @defer.inlineCallbacks
-    def on_make_leave_request(self, room_id, user_id):
-        pdu = yield self.handler.on_make_leave_request(room_id, user_id)
-        time_now = self._clock.time_msec()
-        defer.returnValue({"event": pdu.get_pdu_json(time_now)})
-
-    @defer.inlineCallbacks
-    def on_send_leave_request(self, origin, content):
-        logger.debug("on_send_leave_request: content: %s", content)
-        pdu = self.event_from_pdu_json(content)
-        logger.debug("on_send_leave_request: pdu sigs: %s", pdu.signatures)
-        yield self.handler.on_send_leave_request(origin, pdu)
-        defer.returnValue((200, {}))
-
    @defer.inlineCallbacks
    def on_event_auth(self, origin, room_id, event_id):
        time_now = self._clock.time_msec()
@@ -327,48 +312,6 @@ class FederationServer(FederationBase):
            (200, send_content)
        )

-    @defer.inlineCallbacks
-    @log_function
-    def on_query_client_keys(self, origin, content):
-        query = []
-        for user_id, device_ids in content.get("device_keys", {}).items():
-            if not device_ids:
-                query.append((user_id, None))
-            else:
-                for device_id in device_ids:
-                    query.append((user_id, device_id))
-
-        results = yield self.store.get_e2e_device_keys(query)
-
-        json_result = {}
-        for user_id, device_keys in results.items():
-            for device_id, json_bytes in device_keys.items():
-                json_result.setdefault(user_id, {})[device_id] = json.loads(
-                    json_bytes
-                )
-
-        defer.returnValue({"device_keys": json_result})
-
-    @defer.inlineCallbacks
-    @log_function
-    def on_claim_client_keys(self, origin, content):
-        query = []
-        for user_id, device_keys in content.get("one_time_keys", {}).items():
-            for device_id, algorithm in device_keys.items():
-                query.append((user_id, device_id, algorithm))
-
-        results = yield self.store.claim_e2e_one_time_keys(query)
-
-        json_result = {}
-        for user_id, device_keys in results.items():
-            for device_id, keys in device_keys.items():
-                for key_id, json_bytes in keys.items():
-                    json_result.setdefault(user_id, {})[device_id] = {
-                        key_id: json.loads(json_bytes)
-                    }
-
-        defer.returnValue({"one_time_keys": json_result})
-
    @defer.inlineCallbacks
    @log_function
    def on_get_missing_events(self, origin, room_id, earliest_events,
@@ -543,15 +486,3 @@ class FederationServer(FederationBase):
        event.internal_metadata.outlier = outlier

        return event
-
-    @defer.inlineCallbacks
-    def exchange_third_party_invite(self, invite):
-        ret = yield self.handler.exchange_third_party_invite(invite)
-        defer.returnValue(ret)
-
-    @defer.inlineCallbacks
-    def on_exchange_third_party_invite_request(self, origin, room_id, event_dict):
-        ret = yield self.handler.on_exchange_third_party_invite_request(
-            origin, room_id, event_dict
-        )
-        defer.returnValue(ret)
--- a/synapse/federation/transaction_queue.py
+++ b/synapse/federation/transaction_queue.py
@@ -202,7 +202,6 @@ class TransactionQueue(object):
    @defer.inlineCallbacks
    @log_function
    def _attempt_new_transaction(self, destination):
-        # list of (pending_pdu, deferred, order)
        if destination in self.pending_transactions:
            # XXX: pending_transactions can get stuck on by a never-ending
            # request at which point pending_pdus_by_dest just keeps growing.
@@ -214,6 +213,9 @@ class TransactionQueue(object):
            )
            return

+        logger.debug("TX [%s] _attempt_new_transaction", destination)
+
+        # list of (pending_pdu, deferred, order)
        pending_pdus = self.pending_pdus_by_dest.pop(destination, [])
        pending_edus = self.pending_edus_by_dest.pop(destination, [])
        pending_failures = self.pending_failures_by_dest.pop(destination, [])
@@ -226,22 +228,20 @@ class TransactionQueue(object):
            logger.debug("TX [%s] Nothing to send", destination)
            return

+        # Sort based on the order field
+        pending_pdus.sort(key=lambda t: t[2])
+
+        pdus = [x[0] for x in pending_pdus]
+        edus = [x[0] for x in pending_edus]
+        failures = [x[0].get_dict() for x in pending_failures]
+        deferreds = [
+            x[1]
+            for x in pending_pdus + pending_edus + pending_failures
+        ]
+
        try:
            self.pending_transactions[destination] = 1

-            logger.debug("TX [%s] _attempt_new_transaction", destination)
-
-            # Sort based on the order field
-            pending_pdus.sort(key=lambda t: t[2])
-
-            pdus = [x[0] for x in pending_pdus]
-            edus = [x[0] for x in pending_edus]
-            failures = [x[0].get_dict() for x in pending_failures]
-            deferreds = [
-                x[1]
-                for x in pending_pdus + pending_edus + pending_failures
-            ]
-
            txn_id = str(self._next_txn_id)

            limiter = yield get_retry_limiter(
--- a/synapse/federation/transport/client.py
+++ b/synapse/federation/transport/client.py
@@ -14,7 +14,6 @@
 # limitations under the License.

 from twisted.internet import defer
-from synapse.api.constants import Membership

 from synapse.api.urls import FEDERATION_PREFIX as PREFIX
 from synapse.util.logutils import log_function
@@ -136,7 +135,6 @@ class TransportLayerClient(object):
            path=PREFIX + "/send/%s/" % transaction.transaction_id,
            data=json_data,
            json_data_callback=json_data_callback,
-            long_retries=True,
        )

        logger.debug(
@@ -162,19 +160,13 @@ class TransportLayerClient(object):

    @defer.inlineCallbacks
    @log_function
-    def make_membership_event(self, destination, room_id, user_id, membership):
-        valid_memberships = {Membership.JOIN, Membership.LEAVE}
-        if membership not in valid_memberships:
-            raise RuntimeError(
-                "make_membership_event called with membership='%s', must be one of %s" %
-                (membership, ",".join(valid_memberships))
-            )
-        path = PREFIX + "/make_%s/%s/%s" % (membership, room_id, user_id)
+    def make_join(self, destination, room_id, user_id, retry_on_dns_fail=True):
+        path = PREFIX + "/make_join/%s/%s" % (room_id, user_id)

        content = yield self.client.get_json(
            destination=destination,
            path=path,
-            retry_on_dns_fail=True,
+            retry_on_dns_fail=retry_on_dns_fail,
        )

        defer.returnValue(content)
@@ -192,19 +184,6 @@ class TransportLayerClient(object):

        defer.returnValue(response)

-    @defer.inlineCallbacks
-    @log_function
-    def send_leave(self, destination, room_id, event_id, content):
-        path = PREFIX + "/send_leave/%s/%s" % (room_id, event_id)
-
-        response = yield self.client.put_json(
-            destination=destination,
-            path=path,
-            data=content,
-        )
-
-        defer.returnValue(response)
-
    @defer.inlineCallbacks
    @log_function
    def send_invite(self, destination, room_id, event_id, content):
@@ -218,19 +197,6 @@ class TransportLayerClient(object):

        defer.returnValue(response)

-    @defer.inlineCallbacks
-    @log_function
-    def exchange_third_party_invite(self, destination, room_id, event_dict):
-        path = PREFIX + "/exchange_third_party_invite/%s" % (room_id,)
-
-        response = yield self.client.put_json(
-            destination=destination,
-            path=path,
-            data=event_dict,
-        )
-
-        defer.returnValue(response)
-
    @defer.inlineCallbacks
    @log_function
    def get_event_auth(self, destination, room_id, event_id):
@@ -256,76 +222,6 @@ class TransportLayerClient(object):

        defer.returnValue(content)

-    @defer.inlineCallbacks
-    @log_function
-    def query_client_keys(self, destination, query_content):
-        """Query the device keys for a list of user ids hosted on a remote
-        server.
-
-        Request:
-            {
-              "device_keys": {
-                "<user_id>": ["<device_id>"]
-            } }
-
-        Response:
-            {
-              "device_keys": {
-                "<user_id>": {
-                  "<device_id>": {...}
-            } } }
-
-        Args:
-            destination(str): The server to query.
-            query_content(dict): The user ids to query.
-        Returns:
-            A dict containg the device keys.
-        """
-        path = PREFIX + "/user/keys/query"
-
-        content = yield self.client.post_json(
-            destination=destination,
-            path=path,
-            data=query_content,
-        )
-        defer.returnValue(content)
-
-    @defer.inlineCallbacks
-    @log_function
-    def claim_client_keys(self, destination, query_content):
-        """Claim one-time keys for a list of devices hosted on a remote server.
-
-        Request:
-            {
-              "one_time_keys": {
-                "<user_id>": {
-                    "<device_id>": "<algorithm>"
-            } } }
-
-        Response:
-            {
-              "device_keys": {
-                "<user_id>": {
-                  "<device_id>": {
-                    "<algorithm>:<key_id>": "<key_base64>"
-            } } } }
-
-        Args:
-            destination(str): The server to query.
-            query_content(dict): The user ids to query.
-        Returns:
-            A dict containg the one-time keys.
-        """
-
-        path = PREFIX + "/user/keys/claim"
-
-        content = yield self.client.post_json(
-            destination=destination,
-            path=path,
-            data=query_content,
-        )
-        defer.returnValue(content)
-
    @defer.inlineCallbacks
    @log_function
    def get_missing_events(self, destination, room_id, earliest_events,
--- a/synapse/federation/transport/server.py
+++ b/synapse/federation/transport/server.py
@@ -94,7 +94,6 @@ class TransportLayerServer(object):
        yield self.keyring.verify_json_for_server(origin, json_request)

        logger.info("Request from %s", origin)
-        request.authenticated_entity = origin

        defer.returnValue((origin, content))

@@ -165,7 +164,7 @@ class BaseFederationServlet(object):
            if code is None:
                continue

-            server.register_paths(method, (pattern,), self._wrap(code))
+            server.register_path(method, pattern, self._wrap(code))


 class FederationSendServlet(BaseFederationServlet):
@@ -296,24 +295,6 @@ class FederationMakeJoinServlet(BaseFederationServlet):
        defer.returnValue((200, content))


-class FederationMakeLeaveServlet(BaseFederationServlet):
-    PATH = "/make_leave/([^/]*)/([^/]*)"
-
-    @defer.inlineCallbacks
-    def on_GET(self, origin, content, query, context, user_id):
-        content = yield self.handler.on_make_leave_request(context, user_id)
-        defer.returnValue((200, content))
-
-
-class FederationSendLeaveServlet(BaseFederationServlet):
-    PATH = "/send_leave/([^/]*)/([^/]*)"
-
-    @defer.inlineCallbacks
-    def on_PUT(self, origin, content, query, room_id, txid):
-        content = yield self.handler.on_send_leave_request(origin, content)
-        defer.returnValue((200, content))
-
-
 class FederationEventAuthServlet(BaseFederationServlet):
    PATH = "/event_auth/([^/]*)/([^/]*)"

@@ -343,35 +324,6 @@ class FederationInviteServlet(BaseFederationServlet):
        defer.returnValue((200, content))


-class FederationThirdPartyInviteExchangeServlet(BaseFederationServlet):
-    PATH = "/exchange_third_party_invite/([^/]*)"
-
-    @defer.inlineCallbacks
-    def on_PUT(self, origin, content, query, room_id):
-        content = yield self.handler.on_exchange_third_party_invite_request(
-            origin, room_id, content
-        )
-        defer.returnValue((200, content))
-
-
-class FederationClientKeysQueryServlet(BaseFederationServlet):
-    PATH = "/user/keys/query"
-
-    @defer.inlineCallbacks
-    def on_POST(self, origin, content, query):
-        response = yield self.handler.on_query_client_keys(origin, content)
-        defer.returnValue((200, response))
-
-
-class FederationClientKeysClaimServlet(BaseFederationServlet):
-    PATH = "/user/keys/claim"
-
-    @defer.inlineCallbacks
-    def on_POST(self, origin, content, query):
-        response = yield self.handler.on_claim_client_keys(origin, content)
-        defer.returnValue((200, response))
-
-
 class FederationQueryAuthServlet(BaseFederationServlet):
    PATH = "/query_auth/([^/]*)/([^/]*)"

@@ -407,30 +359,6 @@ class FederationGetMissingEventsServlet(BaseFederationServlet):
        defer.returnValue((200, content))


-class On3pidBindServlet(BaseFederationServlet):
-    PATH = "/3pid/onbind"
-
-    @defer.inlineCallbacks
-    def on_POST(self, request):
-        content_bytes = request.content.read()
-        content = json.loads(content_bytes)
-        if "invites" in content:
-            last_exception = None
-            for invite in content["invites"]:
-                try:
-                    yield self.handler.exchange_third_party_invite(invite)
-                except Exception as e:
-                    last_exception = e
-            if last_exception:
-                raise last_exception
-        defer.returnValue((200, {}))
-
-    # Avoid doing remote HS authorization checks which are done by default by
-    # BaseFederationServlet.
-    def _wrap(self, code):
-        return code
-
-
 SERVLET_CLASSES = (
    FederationPullServlet,
    FederationEventServlet,
@@ -438,16 +366,10 @@ SERVLET_CLASSES = (
    FederationBackfillServlet,
    FederationQueryServlet,
    FederationMakeJoinServlet,
-    FederationMakeLeaveServlet,
    FederationEventServlet,
    FederationSendJoinServlet,
-    FederationSendLeaveServlet,
    FederationInviteServlet,
    FederationQueryAuthServlet,
    FederationGetMissingEventsServlet,
    FederationEventAuthServlet,
-    FederationClientKeysQueryServlet,
-    FederationClientKeysClaimServlet,
-    FederationThirdPartyInviteExchangeServlet,
-    On3pidBindServlet,
 )
--- a/synapse/handlers/init.py
+++ b/synapse/handlers/init.py
@@ -17,11 +17,12 @@ from synapse.appservice.scheduler import AppServiceScheduler
 from synapse.appservice.api import ApplicationServiceApi
 from .register import RegistrationHandler
 from .room import (
-    RoomCreationHandler, RoomMemberHandler, RoomListHandler, RoomContextHandler,
+    RoomCreationHandler, RoomMemberHandler, RoomListHandler
 )
 from .message import MessageHandler
 from .events import EventStreamHandler, EventHandler
 from .federation import FederationHandler
+from .login import LoginHandler
 from .profile import ProfileHandler
 from .presence import PresenceHandler
 from .directory import DirectoryHandler
@@ -31,8 +32,6 @@ from .appservice import ApplicationServicesHandler
 from .sync import SyncHandler
 from .auth import AuthHandler
 from .identity import IdentityHandler
-from .receipts import ReceiptsHandler
-from .search import SearchHandler


 class Handlers(object):
@@ -54,10 +53,10 @@ class Handlers(object):
        self.profile_handler = ProfileHandler(hs)
        self.presence_handler = PresenceHandler(hs)
        self.room_list_handler = RoomListHandler(hs)
+        self.login_handler = LoginHandler(hs)
        self.directory_handler = DirectoryHandler(hs)
        self.typing_notification_handler = TypingNotificationHandler(hs)
        self.admin_handler = AdminHandler(hs)
-        self.receipts_handler = ReceiptsHandler(hs)
        asapi = ApplicationServiceApi(hs)
        self.appservice_handler = ApplicationServicesHandler(
            hs, asapi, AppServiceScheduler(
@@ -69,5 +68,3 @@ class Handlers(object):
        self.sync_handler = SyncHandler(hs)
        self.auth_handler = AuthHandler(hs)
        self.identity_handler = IdentityHandler(hs)
-        self.search_handler = SearchHandler(hs)
-        self.room_context_handler = RoomContextHandler(hs)
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -15,10 +15,10 @@

 from twisted.internet import defer

-from synapse.api.errors import LimitExceededError, SynapseError, AuthError
+from synapse.api.errors import LimitExceededError, SynapseError
 from synapse.crypto.event_signing import add_hashes_and_signatures
 from synapse.api.constants import Membership, EventTypes
-from synapse.types import UserID, RoomAlias
+from synapse.types import UserID

 from synapse.util.logcontext import PreserveLoggingContext

@@ -29,12 +29,6 @@ logger = logging.getLogger(__name__)


 class BaseHandler(object):
-    """
-    Common base class for the event handlers.
-
-    :type store: synapse.storage.events.StateStore
-    :type state_handler: synapse.state.StateHandler
-    """

    def __init__(self, hs):
        self.store = hs.get_datastore()
@@ -51,82 +45,6 @@ class BaseHandler(object):

        self.event_builder_factory = hs.get_event_builder_factory()

-    @defer.inlineCallbacks
-    def _filter_events_for_client(self, user_id, events, is_guest=False,
-                                  require_all_visible_for_guests=True):
-        # Assumes that user has at some point joined the room if not is_guest.
-
-        def allowed(event, membership, visibility):
-            if visibility == "world_readable":
-                return True
-
-            if is_guest:
-                return False
-
-            if membership == Membership.JOIN:
-                return True
-
-            if event.type == EventTypes.RoomHistoryVisibility:
-                return not is_guest
-
-            if visibility == "shared":
-                return True
-            elif visibility == "joined":
-                return membership == Membership.JOIN
-            elif visibility == "invited":
-                return membership == Membership.INVITE
-
-            return True
-
-        event_id_to_state = yield self.store.get_state_for_events(
-            frozenset(e.event_id for e in events),
-            types=(
-                (EventTypes.RoomHistoryVisibility, ""),
-                (EventTypes.Member, user_id),
-            )
-        )
-
-        events_to_return = []
-        for event in events:
-            state = event_id_to_state[event.event_id]
-
-            membership_event = state.get((EventTypes.Member, user_id), None)
-            if membership_event:
-                was_forgotten_at_event = yield self.store.was_forgotten_at(
-                    membership_event.state_key,
-                    membership_event.room_id,
-                    membership_event.event_id
-                )
-                if was_forgotten_at_event:
-                    membership = None
-                else:
-                    membership = membership_event.membership
-            else:
-                membership = None
-
-            visibility_event = state.get((EventTypes.RoomHistoryVisibility, ""), None)
-            if visibility_event:
-                visibility = visibility_event.content.get("history_visibility", "shared")
-            else:
-                visibility = "shared"
-
-            should_include = allowed(event, membership, visibility)
-            if should_include:
-                events_to_return.append(event)
-
-        if (require_all_visible_for_guests
-                and is_guest
-                and len(events_to_return) < len(events)):
-            # This indicates that some events in the requested range were not
-            # visible to guest users. To be safe, we reject the entire request,
-            # so that we don't have to worry about interpreting visibility
-            # boundaries.
-            raise AuthError(403, "User %s does not have permission" % (
-                user_id
-            ))
-
-        defer.returnValue(events_to_return)
-
    def ratelimit(self, user_id):
        time_now = self.clock.time()
        allowed, time_allowed = self.ratelimiter.send_message(
@@ -189,81 +107,29 @@ class BaseHandler(object):
        if not suppress_auth:
            self.auth.check(event, auth_events=context.current_state)

-        yield self.maybe_kick_guest_users(event, context.current_state.values())
-
-        if event.type == EventTypes.CanonicalAlias:
-            # Check the alias is acually valid (at this time at least)
-            room_alias_str = event.content.get("alias", None)
-            if room_alias_str:
-                room_alias = RoomAlias.from_string(room_alias_str)
-                directory_handler = self.hs.get_handlers().directory_handler
-                mapping = yield directory_handler.get_association(room_alias)
-
-                if mapping["room_id"] != event.room_id:
-                    raise SynapseError(
-                        400,
-                        "Room alias %s does not point to the room" % (
-                            room_alias_str,
-                        )
-                    )
+        (event_stream_id, max_stream_id) = yield self.store.persist_event(
+            event, context=context
+        )

        federation_handler = self.hs.get_handlers().federation_handler

        if event.type == EventTypes.Member:
            if event.content["membership"] == Membership.INVITE:
-                event.unsigned["invite_room_state"] = [
-                    {
-                        "type": e.type,
-                        "state_key": e.state_key,
-                        "content": e.content,
-                        "sender": e.sender,
-                    }
-                    for k, e in context.current_state.items()
-                    if e.type in (
-                        EventTypes.JoinRules,
-                        EventTypes.CanonicalAlias,
-                        EventTypes.RoomAvatar,
-                        EventTypes.Name,
-                    )
-                ]
-
                invitee = UserID.from_string(event.state_key)
                if not self.hs.is_mine(invitee):
                    # TODO: Can we add signature from remote server in a nicer
                    # way? If we have been invited by a remote server, we need
                    # to get them to sign the event.
-
                    returned_invite = yield federation_handler.send_invite(
                        invitee.domain,
                        event,
                    )

-                    event.unsigned.pop("room_state", None)
-
                    # TODO: Make sure the signatures actually are correct.
                    event.signatures.update(
                        returned_invite.signatures
                    )

-        if event.type == EventTypes.Redaction:
-            if self.auth.check_redaction(event, auth_events=context.current_state):
-                original_event = yield self.store.get_event(
-                    event.redacts,
-                    check_redacted=False,
-                    get_prev_content=False,
-                    allow_rejected=False,
-                    allow_none=False
-                )
-                if event.user_id != original_event.user_id:
-                    raise AuthError(
-                        403,
-                        "You don't have permission to redact events"
-                    )
-
-        (event_stream_id, max_stream_id) = yield self.store.persist_event(
-            event, context=context
-        )
-
        destinations = set(extra_destinations)
        for k, s in context.current_state.items():
            try:
@@ -292,64 +158,6 @@ class BaseHandler(object):

        notify_d.addErrback(log_failure)

-        # If invite, remove room_state from unsigned before sending.
-        event.unsigned.pop("invite_room_state", None)
-
        federation_handler.handle_new_event(
            event, destinations=destinations,
        )
-
-    @defer.inlineCallbacks
-    def maybe_kick_guest_users(self, event, current_state):
-        # Technically this function invalidates current_state by changing it.
-        # Hopefully this isn't that important to the caller.
-        if event.type == EventTypes.GuestAccess:
-            guest_access = event.content.get("guest_access", "forbidden")
-            if guest_access != "can_join":
-                yield self.kick_guest_users(current_state)
-
-    @defer.inlineCallbacks
-    def kick_guest_users(self, current_state):
-        for member_event in current_state:
-            try:
-                if member_event.type != EventTypes.Member:
-                    continue
-
-                if not self.hs.is_mine(UserID.from_string(member_event.state_key)):
-                    continue
-
-                if member_event.content["membership"] not in {
-                    Membership.JOIN,
-                    Membership.INVITE
-                }:
-                    continue
-
-                if (
-                    "kind" not in member_event.content
-                    or member_event.content["kind"] != "guest"
-                ):
-                    continue
-
-                # We make the user choose to leave, rather than have the
-                # event-sender kick them. This is partially because we don't
-                # need to worry about power levels, and partially because guest
-                # users are a concept which doesn't hugely work over federation,
-                # and having homeservers have their own users leave keeps more
-                # of that decision-making and control local to the guest-having
-                # homeserver.
-                message_handler = self.hs.get_handlers().message_handler
-                yield message_handler.create_and_send_event(
-                    {
-                        "type": EventTypes.Member,
-                        "state_key": member_event.state_key,
-                        "content": {
-                            "membership": Membership.LEAVE,
-                            "kind": "guest"
-                        },
-                        "room_id": member_event.room_id,
-                        "sender": member_event.state_key
-                    },
-                    ratelimit=False,
-                )
-            except Exception as e:
-                logger.warn("Error kicking guest user: %s" % (e,))
--- a/synapse/handlers/account_data.py
+++ b/synapse/handlers/account_data.py
@@ -1,65 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from twisted.internet import defer
-
-
-class AccountDataEventSource(object):
-    def __init__(self, hs):
-        self.store = hs.get_datastore()
-
-    def get_current_key(self, direction='f'):
-        return self.store.get_max_account_data_stream_id()
-
-    @defer.inlineCallbacks
-    def get_new_events(self, user, from_key, **kwargs):
-        user_id = user.to_string()
-        last_stream_id = from_key
-
-        current_stream_id = yield self.store.get_max_account_data_stream_id()
-
-        results = []
-        tags = yield self.store.get_updated_tags(user_id, last_stream_id)
-
-        for room_id, room_tags in tags.items():
-            results.append({
-                "type": "m.tag",
-                "content": {"tags": room_tags},
-                "room_id": room_id,
-            })
-
-        account_data, room_account_data = (
-            yield self.store.get_updated_account_data_for_user(user_id, last_stream_id)
-        )
-
-        for account_data_type, content in account_data.items():
-            results.append({
-                "type": account_data_type,
-                "content": content,
-            })
-
-        for room_id, account_data in room_account_data.items():
-            for account_data_type, content in account_data.items():
-                results.append({
-                    "type": account_data_type,
-                    "content": content,
-                    "room_id": room_id,
-                })
-
-        defer.returnValue((results, current_stream_id))
-
-    @defer.inlineCallbacks
-    def get_pagination_rows(self, user, config, key):
-        defer.returnValue(([], config.to_id))
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@@ -30,27 +30,33 @@ class AdminHandler(BaseHandler):

    @defer.inlineCallbacks
    def get_whois(self, user):
-        connections = []
+        res = yield self.store.get_user_ip_and_agents(user)

-        sessions = yield self.store.get_user_ip_and_agents(user)
-        for session in sessions:
-            connections.append({
-                "ip": session["ip"],
-                "last_seen": session["last_seen"],
-                "user_agent": session["user_agent"],
+        d = {}
+        for r in res:
+            device = d.setdefault(r["device_id"], {})
+            session = device.setdefault(r["access_token"], [])
+            session.append({
+                "ip": r["ip"],
+                "user_agent": r["user_agent"],
+                "last_seen": r["last_seen"],
            })

        ret = {
            "user_id": user.to_string(),
-            "devices": {
-                "": {
+            "devices": [
+                {
+                    "device_id": k,
                    "sessions": [
                        {
-                            "connections": connections,
+                            # "access_token": x, TODO (erikj)
+                            "connections": y,
                        }
+                        for x, y in v.items()
                    ]
-                },
-            },
+                }
+                for k, v in d.items()
+            ],
        }

        defer.returnValue(ret)
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -18,14 +18,14 @@ from twisted.internet import defer
 from ._base import BaseHandler
 from synapse.api.constants import LoginType
 from synapse.types import UserID
-from synapse.api.errors import AuthError, LoginError, Codes
+from synapse.api.errors import LoginError, Codes
+from synapse.http.client import SimpleHttpClient
 from synapse.util.async import run_on_reactor

 from twisted.web.client import PartialDownloadError

 import logging
 import bcrypt
-import pymacaroons
 import simplejson

 import synapse.util.stringutils as stringutils
@@ -44,29 +44,20 @@ class AuthHandler(BaseHandler):
            LoginType.EMAIL_IDENTITY: self._check_email_identity,
            LoginType.DUMMY: self._check_dummy_auth,
        }
-        self.bcrypt_rounds = hs.config.bcrypt_rounds
        self.sessions = {}
-        self.INVALID_TOKEN_HTTP_STATUS = 401

    @defer.inlineCallbacks
-    def check_auth(self, flows, clientdict, clientip):
+    def check_auth(self, flows, clientdict, clientip=None):
        """
        Takes a dictionary sent by the client in the login / registration
        protocol and handles the login flow.

-        As a side effect, this function fills in the 'creds' key on the user's
-        session with a map, which maps each auth-type (str) to the relevant
-        identity authenticated by that auth-type (mostly str, but for captcha, bool).
-
        Args:
-            flows (list): A list of login flows. Each flow is an ordered list of
-                          strings representing auth-types. At least one full
-                          flow must be completed in order for auth to be successful.
-            clientdict: The dictionary from the client root level, not the
-                        'auth' key: this method prompts for auth if none is sent.
-            clientip (str): The IP address of the client.
+            flows: list of list of stages
+            authdict: The dictionary from the client root level, not the
+                      'auth' key: this method prompts for auth if none is sent.
        Returns:
-            A tuple of (authed, dict, dict) where authed is true if the client
+            A tuple of authed, dict, dict where authed is true if the client
            has successfully completed an auth flow. If it is true, the first
            dict contains the authenticated credentials of each stage.

@@ -84,7 +75,7 @@ class AuthHandler(BaseHandler):
            del clientdict['auth']
            if 'session' in authdict:
                sid = authdict['session']
-        session = self._get_session_info(sid)
+        sess = self._get_session_info(sid)

        if len(clientdict) > 0:
            # This was designed to allow the client to omit the parameters
@@ -94,21 +85,20 @@ class AuthHandler(BaseHandler):
            # email auth link on there). It's probably too open to abuse
            # because it lets unauthenticated clients store arbitrary objects
            # on a home server.
-            # Revisit: Assumimg the REST APIs do sensible validation, the data
-            # isn't arbintrary.
-            session['clientdict'] = clientdict
-            self._save_session(session)
-        elif 'clientdict' in session:
-            clientdict = session['clientdict']
+            # sess['clientdict'] = clientdict
+            # self._save_session(sess)
+            pass
+        elif 'clientdict' in sess:
+            clientdict = sess['clientdict']

        if not authdict:
            defer.returnValue(
-                (False, self._auth_dict_for_flows(flows, session), clientdict)
+                (False, self._auth_dict_for_flows(flows, sess), clientdict)
            )

-        if 'creds' not in session:
-            session['creds'] = {}
-        creds = session['creds']
+        if 'creds' not in sess:
+            sess['creds'] = {}
+        creds = sess['creds']

        # check auth type currently being presented
        if 'type' in authdict:
@@ -117,15 +107,15 @@ class AuthHandler(BaseHandler):
            result = yield self.checkers[authdict['type']](authdict, clientip)
            if result:
                creds[authdict['type']] = result
-                self._save_session(session)
+                self._save_session(sess)

        for f in flows:
            if len(set(f) - set(creds.keys())) == 0:
                logger.info("Auth completed with creds: %r", creds)
-                self._remove_session(session)
+                self._remove_session(sess)
                defer.returnValue((True, creds, clientdict))

-        ret = self._auth_dict_for_flows(flows, session)
+        ret = self._auth_dict_for_flows(flows, sess)
        ret['completed'] = creds.keys()
        defer.returnValue((False, ret, clientdict))

@@ -159,14 +149,22 @@ class AuthHandler(BaseHandler):
        if "user" not in authdict or "password" not in authdict:
            raise LoginError(400, "", Codes.MISSING_PARAM)

-        user_id = authdict["user"]
+        user = authdict["user"]
        password = authdict["password"]
-        if not user_id.startswith('@'):
-            user_id = UserID.create(user_id, self.hs.hostname).to_string()
+        if not user.startswith('@'):
+            user = UserID.create(user, self.hs.hostname).to_string()

-        user_id, password_hash = yield self._find_user_id_and_pwd_hash(user_id)
-        self._check_password(user_id, password, password_hash)
-        defer.returnValue(user_id)
+        user_info = yield self.store.get_user_by_id(user_id=user)
+        if not user_info:
+            logger.warn("Attempted to login as %s but they do not exist", user)
+            raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
+
+        stored_hash = user_info["password_hash"]
+        if bcrypt.checkpw(password, stored_hash):
+            defer.returnValue(user)
+        else:
+            logger.warn("Failed password login for user %s", user)
+            raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)

    @defer.inlineCallbacks
    def _check_recaptcha(self, authdict, clientip):
@@ -188,7 +186,7 @@ class AuthHandler(BaseHandler):
        # TODO: get this from the homeserver rather than creating a new one for
        # each request
        try:
-            client = self.hs.get_simple_http_client()
+            client = SimpleHttpClient(self.hs)
            resp_body = yield client.post_urlencoded_get_json(
                self.hs.config.recaptcha_siteverify_api,
                args={
@@ -270,183 +268,6 @@ class AuthHandler(BaseHandler):

        return self.sessions[session_id]

-    @defer.inlineCallbacks
-    def login_with_password(self, user_id, password):
-        """
-        Authenticates the user with their username and password.
-
-        Used only by the v1 login API.
-
-        Args:
-            user_id (str): User ID
-            password (str): Password
-        Returns:
-            A tuple of:
-              The user's ID.
-              The access token for the user's session.
-              The refresh token for the user's session.
-        Raises:
-            StoreError if there was a problem storing the token.
-            LoginError if there was an authentication problem.
-        """
-        user_id, password_hash = yield self._find_user_id_and_pwd_hash(user_id)
-        self._check_password(user_id, password, password_hash)
-
-        logger.info("Logging in user %s", user_id)
-        access_token = yield self.issue_access_token(user_id)
-        refresh_token = yield self.issue_refresh_token(user_id)
-        defer.returnValue((user_id, access_token, refresh_token))
-
-    @defer.inlineCallbacks
-    def get_login_tuple_for_user_id(self, user_id):
-        """
-        Gets login tuple for the user with the given user ID.
-        The user is assumed to have been authenticated by some other
-        machanism (e.g. CAS)
-
-        Args:
-            user_id (str): User ID
-        Returns:
-            A tuple of:
-              The user's ID.
-              The access token for the user's session.
-              The refresh token for the user's session.
-        Raises:
-            StoreError if there was a problem storing the token.
-            LoginError if there was an authentication problem.
-        """
-        user_id, ignored = yield self._find_user_id_and_pwd_hash(user_id)
-
-        logger.info("Logging in user %s", user_id)
-        access_token = yield self.issue_access_token(user_id)
-        refresh_token = yield self.issue_refresh_token(user_id)
-        defer.returnValue((user_id, access_token, refresh_token))
-
-    @defer.inlineCallbacks
-    def does_user_exist(self, user_id):
-        try:
-            yield self._find_user_id_and_pwd_hash(user_id)
-            defer.returnValue(True)
-        except LoginError:
-            defer.returnValue(False)
-
-    @defer.inlineCallbacks
-    def _find_user_id_and_pwd_hash(self, user_id):
-        """Checks to see if a user with the given id exists. Will check case
-        insensitively, but will throw if there are multiple inexact matches.
-
-        Returns:
-            tuple: A 2-tuple of `(canonical_user_id, password_hash)`
-        """
-        user_infos = yield self.store.get_users_by_id_case_insensitive(user_id)
-        if not user_infos:
-            logger.warn("Attempted to login as %s but they do not exist", user_id)
-            raise LoginError(403, "", errcode=Codes.FORBIDDEN)
-
-        if len(user_infos) > 1:
-            if user_id not in user_infos:
-                logger.warn(
-                    "Attempted to login as %s but it matches more than one user "
-                    "inexactly: %r",
-                    user_id, user_infos.keys()
-                )
-                raise LoginError(403, "", errcode=Codes.FORBIDDEN)
-
-            defer.returnValue((user_id, user_infos[user_id]))
-        else:
-            defer.returnValue(user_infos.popitem())
-
-    def _check_password(self, user_id, password, stored_hash):
-        """Checks that user_id has passed password, raises LoginError if not."""
-        if not self.validate_hash(password, stored_hash):
-            logger.warn("Failed password login for user %s", user_id)
-            raise LoginError(403, "", errcode=Codes.FORBIDDEN)
-
-    @defer.inlineCallbacks
-    def issue_access_token(self, user_id):
-        access_token = self.generate_access_token(user_id)
-        yield self.store.add_access_token_to_user(user_id, access_token)
-        defer.returnValue(access_token)
-
-    @defer.inlineCallbacks
-    def issue_refresh_token(self, user_id):
-        refresh_token = self.generate_refresh_token(user_id)
-        yield self.store.add_refresh_token_to_user(user_id, refresh_token)
-        defer.returnValue(refresh_token)
-
-    def generate_access_token(self, user_id, extra_caveats=None):
-        extra_caveats = extra_caveats or []
-        macaroon = self._generate_base_macaroon(user_id)
-        macaroon.add_first_party_caveat("type = access")
-        now = self.hs.get_clock().time_msec()
-        expiry = now + (60 * 60 * 1000)
-        macaroon.add_first_party_caveat("time < %d" % (expiry,))
-        for caveat in extra_caveats:
-            macaroon.add_first_party_caveat(caveat)
-        return macaroon.serialize()
-
-    def generate_refresh_token(self, user_id):
-        m = self._generate_base_macaroon(user_id)
-        m.add_first_party_caveat("type = refresh")
-        # Important to add a nonce, because otherwise every refresh token for a
-        # user will be the same.
-        m.add_first_party_caveat("nonce = %s" % (
-            stringutils.random_string_with_symbols(16),
-        ))
-        return m.serialize()
-
-    def generate_short_term_login_token(self, user_id):
-        macaroon = self._generate_base_macaroon(user_id)
-        macaroon.add_first_party_caveat("type = login")
-        now = self.hs.get_clock().time_msec()
-        expiry = now + (2 * 60 * 1000)
-        macaroon.add_first_party_caveat("time < %d" % (expiry,))
-        return macaroon.serialize()
-
-    def validate_short_term_login_token_and_get_user_id(self, login_token):
-        try:
-            macaroon = pymacaroons.Macaroon.deserialize(login_token)
-            auth_api = self.hs.get_auth()
-            auth_api.validate_macaroon(macaroon, "login", True)
-            return self._get_user_from_macaroon(macaroon)
-        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
-            raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN)
-
-    def _generate_base_macaroon(self, user_id):
-        macaroon = pymacaroons.Macaroon(
-            location=self.hs.config.server_name,
-            identifier="key",
-            key=self.hs.config.macaroon_secret_key)
-        macaroon.add_first_party_caveat("gen = 1")
-        macaroon.add_first_party_caveat("user_id = %s" % (user_id,))
-        return macaroon
-
-    def _get_user_from_macaroon(self, macaroon):
-        user_prefix = "user_id = "
-        for caveat in macaroon.caveats:
-            if caveat.caveat_id.startswith(user_prefix):
-                return caveat.caveat_id[len(user_prefix):]
-        raise AuthError(
-            self.INVALID_TOKEN_HTTP_STATUS, "No user_id found in token",
-            errcode=Codes.UNKNOWN_TOKEN
-        )
-
-    @defer.inlineCallbacks
-    def set_password(self, user_id, newpassword):
-        password_hash = self.hash(newpassword)
-
-        yield self.store.user_set_password_hash(user_id, password_hash)
-        yield self.store.user_delete_access_tokens(user_id)
-        yield self.hs.get_pusherpool().remove_pushers_by_user(user_id)
-        yield self.store.flush_user(user_id)
-
-    @defer.inlineCallbacks
-    def add_threepid(self, user_id, medium, address, validated_at):
-        yield self.store.user_add_threepid(
-            user_id, medium, address, validated_at,
-            self.hs.get_clock().time_msec()
-        )
-
    def _save_session(self, session):
        # TODO: Persistent storage
        logger.debug("Saving session %s", session)
@@ -455,26 +276,3 @@ class AuthHandler(BaseHandler):
    def _remove_session(self, session):
        logger.debug("Removing session %s", session)
        del self.sessions[session["id"]]
-
-    def hash(self, password):
-        """Computes a secure hash of password.
-
-        Args:
-            password (str): Password to hash.
-
-        Returns:
-            Hashed password (str).
-        """
-        return bcrypt.hashpw(password, bcrypt.gensalt(self.bcrypt_rounds))
-
-    def validate_hash(self, password, stored_hash):
-        """Validates that self.hash(password) == stored_hash.
-
-        Args:
-            password (str): Password to hash.
-            stored_hash (str): Expected hash value.
-
-        Returns:
-            Whether self.hash(password) == stored_hash (bool).
-        """
-        return bcrypt.checkpw(password, stored_hash)
--- a/synapse/handlers/events.py
+++ b/synapse/handlers/events.py
@@ -28,18 +28,6 @@ import random
 logger = logging.getLogger(__name__)


-def started_user_eventstream(distributor, user):
-    return distributor.fire("started_user_eventstream", user)
-
-
-def stopped_user_eventstream(distributor, user):
-    return distributor.fire("stopped_user_eventstream", user)
-
-
-def user_joined_room(distributor, user, room_id):
-    return distributor.fire("user_joined_room", user, room_id)
-
-
 class EventStreamHandler(BaseHandler):

    def __init__(self, hs):
@@ -58,75 +46,31 @@ class EventStreamHandler(BaseHandler):

        self.notifier = hs.get_notifier()

-    @defer.inlineCallbacks
-    def started_stream(self, user):
-        """Tells the presence handler that we have started an eventstream for
-        the user:
-
-        Args:
-            user (User): The user who started a stream.
-        Returns:
-            A deferred that completes once their presence has been updated.
-        """
-        if user not in self._streams_per_user:
-            # Make sure we set the streams per user to 1 here rather than
-            # setting it to zero and incrementing the value below.
-            # Otherwise this may race with stopped_stream causing the
-            # user to be erased from the map before we have a chance
-            # to increment it.
-            self._streams_per_user[user] = 1
-            if user in self._stop_timer_per_user:
-                try:
-                    self.clock.cancel_call_later(
-                        self._stop_timer_per_user.pop(user)
-                    )
-                except:
-                    logger.exception("Failed to cancel event timer")
-            else:
-                yield started_user_eventstream(self.distributor, user)
-        else:
-            self._streams_per_user[user] += 1
-
-    def stopped_stream(self, user):
-        """If there are no streams for a user this starts a timer that will
-        notify the presence handler that we haven't got an event stream for
-        the user unless the user starts a new stream in 30 seconds.
-
-        Args:
-            user (User): The user who stopped a stream.
-        """
-        self._streams_per_user[user] -= 1
-        if not self._streams_per_user[user]:
-            del self._streams_per_user[user]
-
-            # 30 seconds of grace to allow the client to reconnect again
-            #   before we think they're gone
-            def _later():
-                logger.debug("_later stopped_user_eventstream %s", user)
-
-                self._stop_timer_per_user.pop(user, None)
-
-                return stopped_user_eventstream(self.distributor, user)
-
-            logger.debug("Scheduling _later: for %s", user)
-            self._stop_timer_per_user[user] = (
-                self.clock.call_later(30, _later)
-            )
-
    @defer.inlineCallbacks
    @log_function
    def get_stream(self, auth_user_id, pagin_config, timeout=0,
-                   as_client_event=True, affect_presence=True,
-                   only_room_events=False, room_id=None, is_guest=False):
-        """Fetches the events stream for a given user.
-
-        If `only_room_events` is `True` only room events will be returned.
-        """
+                   as_client_event=True, affect_presence=True):
        auth_user = UserID.from_string(auth_user_id)

        try:
            if affect_presence:
-                yield self.started_stream(auth_user)
+                if auth_user not in self._streams_per_user:
+                    self._streams_per_user[auth_user] = 0
+                    if auth_user in self._stop_timer_per_user:
+                        try:
+                            self.clock.cancel_call_later(
+                                self._stop_timer_per_user.pop(auth_user)
+                            )
+                        except:
+                            logger.exception("Failed to cancel event timer")
+                    else:
+                        yield self.distributor.fire(
+                            "started_user_eventstream", auth_user
+                        )
+                self._streams_per_user[auth_user] += 1
+
+            rm_handler = self.hs.get_handlers().room_member_handler
+            room_ids = yield rm_handler.get_joined_rooms_for_user(auth_user)

            if timeout:
                # If they've set a timeout set a minimum limit.
@@ -136,13 +80,8 @@ class EventStreamHandler(BaseHandler):
                # thundering herds on restart.
                timeout = random.randint(int(timeout*0.9), int(timeout*1.1))

-            if is_guest:
-                yield user_joined_room(self.distributor, auth_user, room_id)
-
            events, tokens = yield self.notifier.get_events_for(
-                auth_user, pagin_config, timeout,
-                only_room_events=only_room_events,
-                is_guest=is_guest, guest_room_id=room_id
+                auth_user, room_ids, pagin_config, timeout
            )

            time_now = self.clock.time_msec()
@@ -161,7 +100,27 @@ class EventStreamHandler(BaseHandler):

        finally:
            if affect_presence:
-                self.stopped_stream(auth_user)
+                self._streams_per_user[auth_user] -= 1
+                if not self._streams_per_user[auth_user]:
+                    del self._streams_per_user[auth_user]
+
+                    # 10 seconds of grace to allow the client to reconnect again
+                    #   before we think they're gone
+                    def _later():
+                        logger.debug(
+                            "_later stopped_user_eventstream %s", auth_user
+                        )
+
+                        self._stop_timer_per_user.pop(auth_user, None)
+
+                        return self.distributor.fire(
+                            "stopped_user_eventstream", auth_user
+                        )
+
+                    logger.debug("Scheduling _later: for %s", auth_user)
+                    self._stop_timer_per_user[auth_user] = (
+                        self.clock.call_later(30, _later)
+                    )


 class EventHandler(BaseHandler):
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -21,7 +21,6 @@ from synapse.api.errors import (
    AuthError, FederationError, StoreError, CodeMessageException, SynapseError,
 )
 from synapse.api.constants import EventTypes, Membership, RejectedReason
-from synapse.events.validator import EventValidator
 from synapse.util import unwrapFirstError
 from synapse.util.logcontext import PreserveLoggingContext
 from synapse.util.logutils import log_function
@@ -32,8 +31,6 @@ from synapse.crypto.event_signing import (
 )
 from synapse.types import UserID

-from synapse.events.utils import prune_event
-
 from synapse.util.retryutils import NotRetryingDestination

 from twisted.internet import defer
@@ -41,13 +38,10 @@ from twisted.internet import defer
 import itertools
 import logging

+
 logger = logging.getLogger(__name__)


-def user_joined_room(distributor, user, room_id):
-    return distributor.fire("user_joined_room", user, room_id)
-
-
 class FederationHandler(BaseHandler):
    """Handles events that originated from federation.
        Responsible for:
@@ -62,18 +56,22 @@ class FederationHandler(BaseHandler):
    def __init__(self, hs):
        super(FederationHandler, self).__init__(hs)

-        self.hs = hs
-
-        self.distributor.observe("user_joined_room", self.user_joined_room)
+        self.distributor.observe(
+            "user_joined_room",
+            self._on_user_joined
+        )

        self.waiting_for_join_list = {}

        self.store = hs.get_datastore()
        self.replication_layer = hs.get_replication_layer()
        self.state_handler = hs.get_state_handler()
+        # self.auth_handler = gs.get_auth_handler()
        self.server_name = hs.hostname
        self.keyring = hs.get_keyring()

+        self.lock_manager = hs.get_room_lock_manager()
+
        self.replication_layer.set_handler(self)

        # When joining a room we need to queue any events for that room up
@@ -125,72 +123,57 @@ class FederationHandler(BaseHandler):
        )
        if not is_in_room and not event.internal_metadata.is_outlier():
            logger.debug("Got event for room we're not in.")
+            current_state = state

-            try:
-                event_stream_id, max_stream_id = yield self._persist_auth_tree(
-                    auth_chain, state, event
-                )
-            except AuthError as e:
-                raise FederationError(
-                    "ERROR",
-                    e.code,
-                    e.msg,
-                    affected=event.event_id,
-                )
+        event_ids = set()
+        if state:
+            event_ids |= {e.event_id for e in state}
+        if auth_chain:
+            event_ids |= {e.event_id for e in auth_chain}

-        else:
-            event_ids = set()
-            if state:
-                event_ids |= {e.event_id for e in state}
-            if auth_chain:
-                event_ids |= {e.event_id for e in auth_chain}
+        seen_ids = set(
+            (yield self.store.have_events(event_ids)).keys()
+        )

-            seen_ids = set(
-                (yield self.store.have_events(event_ids)).keys()
-            )
+        if state and auth_chain is not None:
+            # If we have any state or auth_chain given to us by the replication
+            # layer, then we should handle them (if we haven't before.)
+            for e in itertools.chain(auth_chain, state):
+                if e.event_id in seen_ids:
+                    continue

-            if state and auth_chain is not None:
-                # If we have any state or auth_chain given to us by the replication
-                # layer, then we should handle them (if we haven't before.)
-
-                event_infos = []
-
-                for e in itertools.chain(auth_chain, state):
-                    if e.event_id in seen_ids:
-                        continue
-                    e.internal_metadata.outlier = True
+                e.internal_metadata.outlier = True
+                try:
                    auth_ids = [e_id for e_id, _ in e.auth_events]
                    auth = {
                        (e.type, e.state_key): e for e in auth_chain
-                        if e.event_id in auth_ids or e.type == EventTypes.Create
+                        if e.event_id in auth_ids
                    }
-                    event_infos.append({
-                        "event": e,
-                        "auth_events": auth,
-                    })
+                    yield self._handle_new_event(
+                        origin, e, auth_events=auth
+                    )
                    seen_ids.add(e.event_id)
+                except:
+                    logger.exception(
+                        "Failed to handle state event %s",
+                        e.event_id,
+                    )

-                yield self._handle_new_events(
-                    origin,
-                    event_infos,
-                    outliers=True
-                )
-
-            try:
-                context, event_stream_id, max_stream_id = yield self._handle_new_event(
-                    origin,
-                    event,
-                    state=state,
-                    backfilled=backfilled,
-                    current_state=current_state,
-                )
-            except AuthError as e:
-                raise FederationError(
-                    "ERROR",
-                    e.code,
-                    e.msg,
-                    affected=event.event_id,
-                )
+        try:
+            _, event_stream_id, max_stream_id = yield self._handle_new_event(
+                origin,
+                event,
+                state=state,
+                backfilled=backfilled,
+                current_state=current_state,
+            )
+        except AuthError as e:
+            raise FederationError(
+                "ERROR",
+                e.code,
+                e.msg,
+                affected=event.event_id,
+            )

        # if we're receiving valid events from an origin,
        # it's probably a good idea to mark it as not in retry-state
@@ -206,7 +189,7 @@ class FederationHandler(BaseHandler):
                yield self.store.store_room(
                    room_id=event.room_id,
                    room_creator_user_id="",
-                    is_public=False,
+                    published=False,
                )
            except StoreError:
                logger.exception("Failed to store room.")
@@ -234,62 +217,10 @@ class FederationHandler(BaseHandler):

        if event.type == EventTypes.Member:
            if event.membership == Membership.JOIN:
-                prev_state = context.current_state.get((event.type, event.state_key))
-                if not prev_state or prev_state.membership != Membership.JOIN:
-                    # Only fire user_joined_room if the user has acutally
-                    # joined the room. Don't bother if the user is just
-                    # changing their profile info.
-                    user = UserID.from_string(event.state_key)
-                    yield user_joined_room(self.distributor, user, event.room_id)
-
-    @defer.inlineCallbacks
-    def _filter_events_for_server(self, server_name, room_id, events):
-        event_to_state = yield self.store.get_state_for_events(
-            frozenset(e.event_id for e in events),
-            types=(
-                (EventTypes.RoomHistoryVisibility, ""),
-                (EventTypes.Member, None),
-            )
-        )
-
-        def redact_disallowed(event, state):
-            if not state:
-                return event
-
-            history = state.get((EventTypes.RoomHistoryVisibility, ''), None)
-            if history:
-                visibility = history.content.get("history_visibility", "shared")
-                if visibility in ["invited", "joined"]:
-                    # We now loop through all state events looking for
-                    # membership states for the requesting server to determine
-                    # if the server is either in the room or has been invited
-                    # into the room.
-                    for ev in state.values():
-                        if ev.type != EventTypes.Member:
-                            continue
-                        try:
-                            domain = UserID.from_string(ev.state_key).domain
-                        except:
-                            continue
-
-                        if domain != server_name:
-                            continue
-
-                        memtype = ev.membership
-                        if memtype == Membership.JOIN:
-                            return event
-                        elif memtype == Membership.INVITE:
-                            if visibility == "invited":
-                                return event
-                    else:
-                        return prune_event(event)
-
-            return event
-
-        defer.returnValue([
-            redact_disallowed(e, event_to_state[e.event_id])
-            for e in events
-        ])
+                user = UserID.from_string(event.state_key)
+                yield self.distributor.fire(
+                    "user_joined_room", user=user, room_id=event.room_id
+                )

    @log_function
    @defer.inlineCallbacks
@@ -361,29 +292,38 @@ class FederationHandler(BaseHandler):
        ).addErrback(unwrapFirstError)
        auth_events.update({a.event_id: a for a in results})

-        ev_infos = []
-        for a in auth_events.values():
-            if a.event_id in seen_events:
-                continue
-            ev_infos.append({
-                "event": a,
-                "auth_events": {
-                    (auth_events[a_id].type, auth_events[a_id].state_key):
-                    auth_events[a_id]
-                    for a_id, _ in a.auth_events
-                }
-            })
+        yield defer.gatherResults(
+            [
+                self._handle_new_event(
+                    dest, a,
+                    auth_events={
+                        (auth_events[a_id].type, auth_events[a_id].state_key):
+                        auth_events[a_id]
+                        for a_id, _ in a.auth_events
+                    },
+                )
+                for a in auth_events.values()
+                if a.event_id not in seen_events
+            ],
+            consumeErrors=True,
+        ).addErrback(unwrapFirstError)

-        for e_id in events_to_state:
-            ev_infos.append({
-                "event": event_map[e_id],
-                "state": events_to_state[e_id],
-                "auth_events": {
-                    (auth_events[a_id].type, auth_events[a_id].state_key):
-                    auth_events[a_id]
-                    for a_id, _ in event_map[e_id].auth_events
-                }
-            })
+        yield defer.gatherResults(
+            [
+                self._handle_new_event(
+                    dest, event_map[e_id],
+                    state=events_to_state[e_id],
+                    backfilled=True,
+                    auth_events={
+                        (auth_events[a_id].type, auth_events[a_id].state_key):
+                        auth_events[a_id]
+                        for a_id, _ in event_map[e_id].auth_events
+                    },
+                )
+                for e_id in events_to_state
+            ],
+            consumeErrors=True
+        ).addErrback(unwrapFirstError)

        events.sort(key=lambda e: e.depth)

@@ -391,14 +331,10 @@ class FederationHandler(BaseHandler):
            if event in events_to_state:
                continue

-            ev_infos.append({
-                "event": event,
-            })
-
-        yield self._handle_new_events(
-            dest, ev_infos,
-            backfilled=True,
-        )
+            yield self._handle_new_event(
+                dest, event,
+                backfilled=True,
+            )

        defer.returnValue(events)

@@ -517,7 +453,7 @@ class FederationHandler(BaseHandler):
        event_ids = list(extremities.keys())

        states = yield defer.gatherResults([
-            self.state_handler.resolve_state_groups(room_id, [e])
+            self.state_handler.resolve_state_groups([e])
            for e in event_ids
        ])
        states = dict(zip(event_ids, [s[1] for s in states]))
@@ -568,7 +504,7 @@ class FederationHandler(BaseHandler):

    @log_function
    @defer.inlineCallbacks
-    def do_invite_join(self, target_hosts, room_id, joinee, content):
+    def do_invite_join(self, target_hosts, room_id, joinee, content, snapshot):
        """ Attempts to join the `joinee` to the room `room_id` via the
        server `target_host`.

@@ -584,19 +520,49 @@ class FederationHandler(BaseHandler):

        yield self.store.clean_room_for_join(room_id)

-        origin, event = yield self._make_and_verify_event(
+        origin, pdu = yield self.replication_layer.make_join(
            target_hosts,
            room_id,
-            joinee,
-            "join",
-            content,
+            joinee
        )

+        logger.debug("Got response to make_join: %s", pdu)
+
+        event = pdu
+
+        # We should assert some things.
+        # FIXME: Do this in a nicer way
+        assert(event.type == EventTypes.Member)
+        assert(event.user_id == joinee)
+        assert(event.state_key == joinee)
+        assert(event.room_id == room_id)
+
+        event.internal_metadata.outlier = False
+
        self.room_queues[room_id] = []
+
+        builder = self.event_builder_factory.new(
+            unfreeze(event.get_pdu_json())
+        )
+
        handled_events = set()

        try:
-            new_event = self._sign_event(event)
+            builder.event_id = self.event_builder_factory.create_event_id()
+            builder.origin = self.hs.hostname
+            builder.content = content
+
+            if not hasattr(event, "signatures"):
+                builder.signatures = {}
+
+            add_hashes_and_signatures(
+                builder,
+                self.hs.hostname,
+                self.hs.config.signing_key[0],
+            )
+
+            new_event = builder.build()
+
            # Try the host we successfully got a response to /make_join/
            # request first.
            try:
@@ -604,7 +570,11 @@ class FederationHandler(BaseHandler):
                target_hosts.insert(0, origin)
            except ValueError:
                pass
-            ret = yield self.replication_layer.send_join(target_hosts, new_event)
+
+            ret = yield self.replication_layer.send_join(
+                target_hosts,
+                new_event
+            )

            origin = ret["origin"]
            state = ret["state"]
@@ -624,14 +594,51 @@ class FederationHandler(BaseHandler):
                yield self.store.store_room(
                    room_id=room_id,
                    room_creator_user_id="",
-                    is_public=False
+                    published=False,
                )
            except:
                # FIXME
                pass

-            event_stream_id, max_stream_id = yield self._persist_auth_tree(
-                auth_chain, state, event
+            yield self._handle_auth_events(
+                origin, [e for e in auth_chain if e.event_id != event.event_id]
+            )
+
+            @defer.inlineCallbacks
+            def handle_state(e):
+                if e.event_id == event.event_id:
+                    return
+
+                e.internal_metadata.outlier = True
+                try:
+                    auth_ids = [e_id for e_id, _ in e.auth_events]
+                    auth = {
+                        (e.type, e.state_key): e for e in auth_chain
+                        if e.event_id in auth_ids
+                    }
+                    yield self._handle_new_event(
+                        origin, e, auth_events=auth
+                    )
+                except:
+                    logger.exception(
+                        "Failed to handle state event %s",
+                        e.event_id,
+                    )
+
+            yield defer.DeferredList([handle_state(e) for e in state])
+
+            auth_ids = [e_id for e_id, _ in event.auth_events]
+            auth_events = {
+                (e.type, e.state_key): e for e in auth_chain
+                if e.event_id in auth_ids
+            }
+
+            _, event_stream_id, max_stream_id = yield self._handle_new_event(
+                origin,
+                new_event,
+                state=state,
+                current_state=state,
+                auth_events=auth_events,
            )

            with PreserveLoggingContext():
@@ -668,14 +675,12 @@ class FederationHandler(BaseHandler):
    @log_function
    def on_make_join_request(self, room_id, user_id):
        """ We've received a /make_join/ request, so we create a partial
-        join event for the room and return that. We do *not* persist or
+        join event for the room and return that. We don *not* persist or
        process it until the other server has signed it and sent it back.
        """
-        event_content = {"membership": Membership.JOIN}
-
        builder = self.event_builder_factory.new({
            "type": EventTypes.Member,
-            "content": event_content,
+            "content": {"membership": Membership.JOIN},
            "room_id": room_id,
            "sender": user_id,
            "state_key": user_id,
@@ -737,7 +742,9 @@ class FederationHandler(BaseHandler):
        if event.type == EventTypes.Member:
            if event.content["membership"] == Membership.JOIN:
                user = UserID.from_string(event.state_key)
-                yield user_joined_room(self.distributor, user, event.room_id)
+                yield self.distributor.fire(
+                    "user_joined_room", user=user, room_id=event.room_id
+                )

        new_pdu = event

@@ -818,168 +825,6 @@ class FederationHandler(BaseHandler):

        defer.returnValue(event)

-    @defer.inlineCallbacks
-    def do_remotely_reject_invite(self, target_hosts, room_id, user_id):
-        origin, event = yield self._make_and_verify_event(
-            target_hosts,
-            room_id,
-            user_id,
-            "leave"
-        )
-        signed_event = self._sign_event(event)
-
-        # Try the host we successfully got a response to /make_join/
-        # request first.
-        try:
-            target_hosts.remove(origin)
-            target_hosts.insert(0, origin)
-        except ValueError:
-            pass
-
-        yield self.replication_layer.send_leave(
-            target_hosts,
-            signed_event
-        )
-        defer.returnValue(None)
-
-    @defer.inlineCallbacks
-    def _make_and_verify_event(self, target_hosts, room_id, user_id, membership,
-                               content={},):
-        origin, pdu = yield self.replication_layer.make_membership_event(
-            target_hosts,
-            room_id,
-            user_id,
-            membership,
-            content,
-        )
-
-        logger.debug("Got response to make_%s: %s", membership, pdu)
-
-        event = pdu
-
-        # We should assert some things.
-        # FIXME: Do this in a nicer way
-        assert(event.type == EventTypes.Member)
-        assert(event.user_id == user_id)
-        assert(event.state_key == user_id)
-        assert(event.room_id == room_id)
-        defer.returnValue((origin, event))
-
-    def _sign_event(self, event):
-        event.internal_metadata.outlier = False
-
-        builder = self.event_builder_factory.new(
-            unfreeze(event.get_pdu_json())
-        )
-
-        builder.event_id = self.event_builder_factory.create_event_id()
-        builder.origin = self.hs.hostname
-
-        if not hasattr(event, "signatures"):
-            builder.signatures = {}
-
-        add_hashes_and_signatures(
-            builder,
-            self.hs.hostname,
-            self.hs.config.signing_key[0],
-        )
-
-        return builder.build()
-
-    @defer.inlineCallbacks
-    @log_function
-    def on_make_leave_request(self, room_id, user_id):
-        """ We've received a /make_leave/ request, so we create a partial
-        join event for the room and return that. We do *not* persist or
-        process it until the other server has signed it and sent it back.
-        """
-        builder = self.event_builder_factory.new({
-            "type": EventTypes.Member,
-            "content": {"membership": Membership.LEAVE},
-            "room_id": room_id,
-            "sender": user_id,
-            "state_key": user_id,
-        })
-
-        event, context = yield self._create_new_client_event(
-            builder=builder,
-        )
-
-        self.auth.check(event, auth_events=context.current_state)
-
-        defer.returnValue(event)
-
-    @defer.inlineCallbacks
-    @log_function
-    def on_send_leave_request(self, origin, pdu):
-        """ We have received a leave event for a room. Fully process it."""
-        event = pdu
-
-        logger.debug(
-            "on_send_leave_request: Got event: %s, signatures: %s",
-            event.event_id,
-            event.signatures,
-        )
-
-        event.internal_metadata.outlier = False
-
-        context, event_stream_id, max_stream_id = yield self._handle_new_event(
-            origin, event
-        )
-
-        logger.debug(
-            "on_send_leave_request: After _handle_new_event: %s, sigs: %s",
-            event.event_id,
-            event.signatures,
-        )
-
-        extra_users = []
-        if event.type == EventTypes.Member:
-            target_user_id = event.state_key
-            target_user = UserID.from_string(target_user_id)
-            extra_users.append(target_user)
-
-        with PreserveLoggingContext():
-            d = self.notifier.on_new_room_event(
-                event, event_stream_id, max_stream_id, extra_users=extra_users
-            )
-
-        def log_failure(f):
-            logger.warn(
-                "Failed to notify about %s: %s",
-                event.event_id, f.value
-            )
-
-        d.addErrback(log_failure)
-
-        new_pdu = event
-
-        destinations = set()
-
-        for k, s in context.current_state.items():
-            try:
-                if k[0] == EventTypes.Member:
-                    if s.content["membership"] == Membership.LEAVE:
-                        destinations.add(
-                            UserID.from_string(s.state_key).domain
-                        )
-            except:
-                logger.warn(
-                    "Failed to get destination from event %s", s.event_id
-                )
-
-        destinations.discard(origin)
-
-        logger.debug(
-            "on_send_leave_request: Sending event: %s, signatures: %s",
-            event.event_id,
-            event.signatures,
-        )
-
-        self.replication_layer.send_pdu(new_pdu, destinations)
-
-        defer.returnValue(None)
-
    @defer.inlineCallbacks
    def get_state_for_pdu(self, origin, room_id, event_id, do_auth=True):
        yield run_on_reactor()
@@ -990,7 +835,7 @@ class FederationHandler(BaseHandler):
                raise AuthError(403, "Host not in room.")

        state_groups = yield self.store.get_state_groups(
-            room_id, [event_id]
+            [event_id]
        )

        if state_groups:
@@ -1037,8 +882,6 @@ class FederationHandler(BaseHandler):
            limit
        )

-        events = yield self._filter_events_for_server(origin, room_id, events)
-
        defer.returnValue(events)

    @defer.inlineCallbacks
@@ -1084,7 +927,7 @@ class FederationHandler(BaseHandler):
        return self.store.get_min_depth(context)

    @log_function
-    def user_joined_room(self, user, room_id):
+    def _on_user_joined(self, user, room_id):
        waiters = self.waiting_for_join_list.get(
            (user.to_string(), room_id),
            []
@@ -1097,120 +940,11 @@ class FederationHandler(BaseHandler):
    def _handle_new_event(self, origin, event, state=None, backfilled=False,
                          current_state=None, auth_events=None):

-        outlier = event.internal_metadata.is_outlier()
-
-        context = yield self._prep_event(
-            origin, event,
-            state=state,
-            auth_events=auth_events,
+        logger.debug(
+            "_handle_new_event: %s, sigs: %s",
+            event.event_id, event.signatures,
        )

-        event_stream_id, max_stream_id = yield self.store.persist_event(
-            event,
-            context=context,
-            backfilled=backfilled,
-            is_new_state=(not outlier and not backfilled),
-            current_state=current_state,
-        )
-
-        defer.returnValue((context, event_stream_id, max_stream_id))
-
-    @defer.inlineCallbacks
-    def _handle_new_events(self, origin, event_infos, backfilled=False,
-                           outliers=False):
-        contexts = yield defer.gatherResults(
-            [
-                self._prep_event(
-                    origin,
-                    ev_info["event"],
-                    state=ev_info.get("state"),
-                    auth_events=ev_info.get("auth_events"),
-                )
-                for ev_info in event_infos
-            ]
-        )
-
-        yield self.store.persist_events(
-            [
-                (ev_info["event"], context)
-                for ev_info, context in itertools.izip(event_infos, contexts)
-            ],
-            backfilled=backfilled,
-            is_new_state=(not outliers and not backfilled),
-        )
-
-    @defer.inlineCallbacks
-    def _persist_auth_tree(self, auth_events, state, event):
-        """Checks the auth chain is valid (and passes auth checks) for the
-        state and event. Then persists the auth chain and state atomically.
-        Persists the event seperately.
-
-        Returns:
-            2-tuple of (event_stream_id, max_stream_id) from the persist_event
-            call for `event`
-        """
-        events_to_context = {}
-        for e in itertools.chain(auth_events, state):
-            ctx = yield self.state_handler.compute_event_context(
-                e, outlier=True,
-            )
-            events_to_context[e.event_id] = ctx
-            e.internal_metadata.outlier = True
-
-        event_map = {
-            e.event_id: e
-            for e in auth_events
-        }
-
-        create_event = None
-        for e in auth_events:
-            if (e.type, e.state_key) == (EventTypes.Create, ""):
-                create_event = e
-                break
-
-        for e in itertools.chain(auth_events, state, [event]):
-            auth_for_e = {
-                (event_map[e_id].type, event_map[e_id].state_key): event_map[e_id]
-                for e_id, _ in e.auth_events
-            }
-            if create_event:
-                auth_for_e[(EventTypes.Create, "")] = create_event
-
-            try:
-                self.auth.check(e, auth_events=auth_for_e)
-            except AuthError as err:
-                logger.warn(
-                    "Rejecting %s because %s",
-                    e.event_id, err.msg
-                )
-
-                if e == event:
-                    raise
-                events_to_context[e.event_id].rejected = RejectedReason.AUTH_ERROR
-
-        yield self.store.persist_events(
-            [
-                (e, events_to_context[e.event_id])
-                for e in itertools.chain(auth_events, state)
-            ],
-            is_new_state=False,
-        )
-
-        new_event_context = yield self.state_handler.compute_event_context(
-            event, old_state=state, outlier=False,
-        )
-
-        event_stream_id, max_stream_id = yield self.store.persist_event(
-            event, new_event_context,
-            backfilled=False,
-            is_new_state=True,
-            current_state=state,
-        )
-
-        defer.returnValue((event_stream_id, max_stream_id))
-
-    @defer.inlineCallbacks
-    def _prep_event(self, origin, event, state=None, auth_events=None):
        outlier = event.internal_metadata.is_outlier()

        context = yield self.state_handler.compute_event_context(
@@ -1220,6 +954,13 @@ class FederationHandler(BaseHandler):
        if not auth_events:
            auth_events = context.current_state

+        logger.debug(
+            "_handle_new_event: %s, auth_events: %s",
+            event.event_id, auth_events,
+        )
+
+        is_new_state = not outlier
+
        # This is a hack to fix some old rooms where the initial join event
        # didn't reference the create event in its auth events.
        if event.type == EventTypes.Member and not event.auth_events:
@@ -1243,11 +984,26 @@ class FederationHandler(BaseHandler):

            context.rejected = RejectedReason.AUTH_ERROR

-        if event.type == EventTypes.GuestAccess:
-            full_context = yield self.store.get_current_state(room_id=event.room_id)
-            yield self.maybe_kick_guest_users(event, full_context)
+            # FIXME: Don't store as rejected with AUTH_ERROR if we haven't
+            # seen all the auth events.
+            yield self.store.persist_event(
+                event,
+                context=context,
+                backfilled=backfilled,
+                is_new_state=False,
+                current_state=current_state,
+            )
+            raise

-        defer.returnValue(context)
+        event_stream_id, max_stream_id = yield self.store.persist_event(
+            event,
+            context=context,
+            backfilled=backfilled,
+            is_new_state=(is_new_state and not backfilled),
+            current_state=current_state,
+        )
+
+        defer.returnValue((context, event_stream_id, max_stream_id))

    @defer.inlineCallbacks
    def on_query_auth(self, origin, event_id, remote_auth_chain, rejects,
@@ -1310,24 +1066,14 @@ class FederationHandler(BaseHandler):
    @log_function
    def do_auth(self, origin, event, context, auth_events):
        # Check if we have all the auth events.
-        current_state = set(e.event_id for e in auth_events.values())
+        have_events = yield self.store.have_events(
+            [e_id for e_id, _ in event.auth_events]
+        )
+
        event_auth_events = set(e_id for e_id, _ in event.auth_events)
-
-        if event_auth_events - current_state:
-            have_events = yield self.store.have_events(
-                event_auth_events - current_state
-            )
-        else:
-            have_events = {}
-
-        have_events.update({
-            e.event_id: ""
-            for e in auth_events.values()
-        })
-
        seen_events = set(have_events.keys())

-        missing_auth = event_auth_events - seen_events - current_state
+        missing_auth = event_auth_events - seen_events

        if missing_auth:
            logger.info("Missing auth: %s", missing_auth)
@@ -1352,7 +1098,7 @@ class FederationHandler(BaseHandler):
                        auth_ids = [e_id for e_id, _ in e.auth_events]
                        auth = {
                            (e.type, e.state_key): e for e in remote_auth_chain
-                            if e.event_id in auth_ids or e.type == EventTypes.Create
+                            if e.event_id in auth_ids
                        }
                        e.internal_metadata.outlier = True

@@ -1470,7 +1216,6 @@ class FederationHandler(BaseHandler):
                                (e.type, e.state_key): e
                                for e in result["auth_chain"]
                                if e.event_id in auth_ids
-                                or event.type == EventTypes.Create
                            }
                            ev.internal_metadata.outlier = True

@@ -1645,73 +1390,50 @@ class FederationHandler(BaseHandler):
        })

    @defer.inlineCallbacks
-    @log_function
-    def exchange_third_party_invite(self, invite):
-        sender = invite["sender"]
-        room_id = invite["room_id"]
+    def _handle_auth_events(self, origin, auth_events):
+        auth_ids_to_deferred = {}

-        event_dict = {
-            "type": EventTypes.Member,
-            "content": {
-                "membership": Membership.INVITE,
-                "third_party_invite": invite,
-            },
-            "room_id": room_id,
-            "sender": sender,
-            "state_key": invite["mxid"],
-        }
+        def process_auth_ev(ev):
+            auth_ids = [e_id for e_id, _ in ev.auth_events]

-        if (yield self.auth.check_host_in_room(room_id, self.hs.hostname)):
-            builder = self.event_builder_factory.new(event_dict)
-            EventValidator().validate_new(builder)
-            event, context = yield self._create_new_client_event(builder=builder)
-            self.auth.check(event, context.current_state)
-            yield self._validate_keyserver(event, auth_events=context.current_state)
-            member_handler = self.hs.get_handlers().room_member_handler
-            yield member_handler.change_membership(event, context)
-        else:
-            destinations = set([x.split(":", 1)[-1] for x in (sender, room_id)])
-            yield self.replication_layer.forward_third_party_invite(
-                destinations,
-                room_id,
-                event_dict,
-            )
+            prev_ds = [
+                auth_ids_to_deferred[i]
+                for i in auth_ids
+                if i in auth_ids_to_deferred
+            ]

-    @defer.inlineCallbacks
-    @log_function
-    def on_exchange_third_party_invite_request(self, origin, room_id, event_dict):
-        builder = self.event_builder_factory.new(event_dict)
+            d = defer.Deferred()

-        event, context = yield self._create_new_client_event(
-            builder=builder,
-        )
+            auth_ids_to_deferred[ev.event_id] = d

-        self.auth.check(event, auth_events=context.current_state)
-        yield self._validate_keyserver(event, auth_events=context.current_state)
+            @defer.inlineCallbacks
+            def f(*_):
+                ev.internal_metadata.outlier = True

-        returned_invite = yield self.send_invite(origin, event)
-        # TODO: Make sure the signatures actually are correct.
-        event.signatures.update(returned_invite.signatures)
-        member_handler = self.hs.get_handlers().room_member_handler
-        yield member_handler.change_membership(event, context)
+                try:
+                    auth = {
+                        (e.type, e.state_key): e for e in auth_events
+                        if e.event_id in auth_ids
+                    }

-    @defer.inlineCallbacks
-    def _validate_keyserver(self, event, auth_events):
-        token = event.content["third_party_invite"]["signed"]["token"]
+                    yield self._handle_new_event(
+                        origin, ev, auth_events=auth
+                    )
+                except:
+                    logger.exception(
+                        "Failed to handle auth event %s",
+                        ev.event_id,
+                    )

-        invite_event = auth_events.get(
-            (EventTypes.ThirdPartyInvite, token,)
-        )
+                d.callback(None)

-        try:
-            response = yield self.hs.get_simple_http_client().get_json(
-                invite_event.content["key_validity_url"],
-                {"public_key": invite_event.content["public_key"]}
-            )
-        except Exception:
-            raise SynapseError(
-                502,
-                "Third party certificate could not be checked"
-            )
-        if "valid" not in response or not response["valid"]:
-            raise AuthError(403, "Third party certificate was invalid")
+            if prev_ds:
+                dx = defer.DeferredList(prev_ds)
+                dx.addBoth(f)
+            else:
+                f()
+
+        for e in auth_events:
+            process_auth_ev(e)
+
+        yield defer.DeferredList(auth_ids_to_deferred.values())
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -20,6 +20,7 @@ from synapse.api.errors import (
    CodeMessageException
 )
 from ._base import BaseHandler
+from synapse.http.client import SimpleHttpClient
 from synapse.util.async import run_on_reactor
 from synapse.api.errors import SynapseError

@@ -34,15 +35,16 @@ class IdentityHandler(BaseHandler):
    def __init__(self, hs):
        super(IdentityHandler, self).__init__(hs)

-        self.http_client = hs.get_simple_http_client()
-
    @defer.inlineCallbacks
    def threepid_from_creds(self, creds):
        yield run_on_reactor()

+        # TODO: get this from the homeserver rather than creating a new one for
+        # each request
+        http_client = SimpleHttpClient(self.hs)
        # XXX: make this configurable!
        # trustedIdServers = ['matrix.org', 'localhost:8090']
-        trustedIdServers = ['matrix.org', 'vector.im']
+        trustedIdServers = ['matrix.org']

        if 'id_server' in creds:
            id_server = creds['id_server']
@@ -65,7 +67,7 @@ class IdentityHandler(BaseHandler):

        data = {}
        try:
-            data = yield self.http_client.get_json(
+            data = yield http_client.get_json(
                "https://%s%s" % (
                    id_server,
                    "/_matrix/identity/api/v1/3pid/getValidated3pid"
@@ -83,6 +85,7 @@ class IdentityHandler(BaseHandler):
    def bind_threepid(self, creds, mxid):
        yield run_on_reactor()
        logger.debug("binding threepid %r to %s", creds, mxid)
+        http_client = SimpleHttpClient(self.hs)
        data = None

        if 'id_server' in creds:
@@ -100,7 +103,7 @@ class IdentityHandler(BaseHandler):
            raise SynapseError(400, "No client_secret in creds")

        try:
-            data = yield self.http_client.post_urlencoded_get_json(
+            data = yield http_client.post_urlencoded_get_json(
                "https://%s%s" % (
                    id_server, "/_matrix/identity/api/v1/3pid/bind"
                ),
@@ -114,27 +117,3 @@ class IdentityHandler(BaseHandler):
        except CodeMessageException as e:
            data = json.loads(e.msg)
        defer.returnValue(data)
-
-    @defer.inlineCallbacks
-    def requestEmailToken(self, id_server, email, client_secret, send_attempt, **kwargs):
-        yield run_on_reactor()
-
-        params = {
-            'email': email,
-            'client_secret': client_secret,
-            'send_attempt': send_attempt,
-        }
-        params.update(kwargs)
-
-        try:
-            data = yield self.http_client.post_urlencoded_get_json(
-                "https://%s%s" % (
-                    id_server,
-                    "/_matrix/identity/api/v1/validate/email/requestToken"
-                ),
-                params
-            )
-            defer.returnValue(data)
-        except CodeMessageException as e:
-            logger.info("Proxied requestToken failed: %r", e)
-            raise e
--- a/synapse/handlers/login.py
+++ b/synapse/handlers/login.py
@@ -0,0 +1,83 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014, 2015 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.internet import defer
+
+from ._base import BaseHandler
+from synapse.api.errors import LoginError, Codes
+
+import bcrypt
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class LoginHandler(BaseHandler):
+
+    def __init__(self, hs):
+        super(LoginHandler, self).__init__(hs)
+        self.hs = hs
+
+    @defer.inlineCallbacks
+    def login(self, user, password):
+        """Login as the specified user with the specified password.
+
+        Args:
+            user (str): The user ID.
+            password (str): The password.
+        Returns:
+            The newly allocated access token.
+        Raises:
+            StoreError if there was a problem storing the token.
+            LoginError if there was an authentication problem.
+        """
+        # TODO do this better, it can't go in __init__ else it cyclic loops
+        if not hasattr(self, "reg_handler"):
+            self.reg_handler = self.hs.get_handlers().registration_handler
+
+        # pull out the hash for this user if they exist
+        user_info = yield self.store.get_user_by_id(user_id=user)
+        if not user_info:
+            logger.warn("Attempted to login as %s but they do not exist", user)
+            raise LoginError(403, "", errcode=Codes.FORBIDDEN)
+
+        stored_hash = user_info["password_hash"]
+        if bcrypt.checkpw(password, stored_hash):
+            # generate an access token and store it.
+            token = self.reg_handler._generate_token(user)
+            logger.info("Adding token %s for user %s", token, user)
+            yield self.store.add_access_token_to_user(user, token)
+            defer.returnValue(token)
+        else:
+            logger.warn("Failed password login for user %s", user)
+            raise LoginError(403, "", errcode=Codes.FORBIDDEN)
+
+    @defer.inlineCallbacks
+    def set_password(self, user_id, newpassword, token_id=None):
+        password_hash = bcrypt.hashpw(newpassword, bcrypt.gensalt())
+
+        yield self.store.user_set_password_hash(user_id, password_hash)
+        yield self.store.user_delete_access_tokens_apart_from(user_id, token_id)
+        yield self.hs.get_pusherpool().remove_pushers_by_user_access_token(
+            user_id, token_id
+        )
+        yield self.store.flush_user(user_id)
+
+    @defer.inlineCallbacks
+    def add_threepid(self, user_id, medium, address, validated_at):
+        yield self.store.user_add_threepid(
+            user_id, medium, address, validated_at,
+            self.hs.get_clock().time_msec()
+        )
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -16,27 +16,21 @@
 from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership
-from synapse.api.errors import SynapseError, AuthError, Codes
+from synapse.api.errors import RoomError, SynapseError
 from synapse.streams.config import PaginationConfig
 from synapse.events.utils import serialize_event
 from synapse.events.validator import EventValidator
 from synapse.util import unwrapFirstError
 from synapse.util.logcontext import PreserveLoggingContext
-from synapse.types import UserID, RoomStreamToken, StreamToken
+from synapse.types import UserID, RoomStreamToken

 from ._base import BaseHandler

-from canonicaljson import encode_canonical_json
-
 import logging

 logger = logging.getLogger(__name__)


-def collect_presencelike_data(distributor, user, content):
-    return distributor.fire("collect_presencelike_data", user, content)
-
-
 class MessageHandler(BaseHandler):

    def __init__(self, hs):
@@ -77,64 +71,34 @@ class MessageHandler(BaseHandler):

    @defer.inlineCallbacks
    def get_messages(self, user_id=None, room_id=None, pagin_config=None,
-                     as_client_event=True, is_guest=False):
+                     feedback=False, as_client_event=True):
        """Get messages in a room.

        Args:
            user_id (str): The user requesting messages.
            room_id (str): The room they want messages from.
            pagin_config (synapse.api.streams.PaginationConfig): The pagination
-                config rules to apply, if any.
+            config rules to apply, if any.
+            feedback (bool): True to get compressed feedback with the messages
            as_client_event (bool): True to get events in client-server format.
-            is_guest (bool): Whether the requesting user is a guest (as opposed
-                to a fully registered user).
        Returns:
            dict: Pagination API results
        """
+        yield self.auth.check_joined_room(room_id, user_id)
+
        data_source = self.hs.get_event_sources().sources["room"]

-        if pagin_config.from_token:
-            room_token = pagin_config.from_token.room_key
-        else:
+        if not pagin_config.from_token:
            pagin_config.from_token = (
                yield self.hs.get_event_sources().get_current_token(
                    direction='b'
                )
            )
-            room_token = pagin_config.from_token.room_key

-        room_token = RoomStreamToken.parse(room_token)
+        room_token = RoomStreamToken.parse(pagin_config.from_token.room_key)
        if room_token.topological is None:
            raise SynapseError(400, "Invalid token")

-        pagin_config.from_token = pagin_config.from_token.copy_and_replace(
-            "room_key", str(room_token)
-        )
-
-        source_config = pagin_config.get_source_config("room")
-
-        if not is_guest:
-            member_event = yield self.auth.check_user_was_in_room(room_id, user_id)
-            if member_event.membership == Membership.LEAVE:
-                # If they have left the room then clamp the token to be before
-                # they left the room.
-                # If they're a guest, we'll just 403 them if they're asking for
-                # events they can't see.
-                leave_token = yield self.store.get_topological_token_for_event(
-                    member_event.event_id
-                )
-                leave_token = RoomStreamToken.parse(leave_token)
-                if leave_token.topological < room_token.topological:
-                    source_config.from_key = str(leave_token)
-
-                if source_config.direction == "f":
-                    if source_config.to_key is None:
-                        source_config.to_key = str(leave_token)
-                    else:
-                        to_token = RoomStreamToken.parse(source_config.to_key)
-                        if leave_token.topological < to_token.topological:
-                            source_config.to_key = str(leave_token)
-
        yield self.hs.get_handlers().federation_handler.maybe_backfill(
            room_id, room_token.topological
        )
@@ -142,28 +106,18 @@ class MessageHandler(BaseHandler):
        user = UserID.from_string(user_id)

        events, next_key = yield data_source.get_pagination_rows(
-            user, source_config, room_id
+            user, pagin_config.get_source_config("room"), room_id
        )

        next_token = pagin_config.from_token.copy_and_replace(
            "room_key", next_key
        )

-        if not events:
-            defer.returnValue({
-                "chunk": [],
-                "start": pagin_config.from_token.to_string(),
-                "end": next_token.to_string(),
-            })
-
-        events = yield self._filter_events_for_client(user_id, events, is_guest=is_guest)
-
        time_now = self.clock.time_msec()

        chunk = {
            "chunk": [
-                serialize_event(e, time_now, as_client_event)
-                for e in events
+                serialize_event(e, time_now, as_client_event) for e in events
            ],
            "start": pagin_config.from_token.to_string(),
            "end": next_token.to_string(),
@@ -173,7 +127,7 @@ class MessageHandler(BaseHandler):

    @defer.inlineCallbacks
    def create_and_send_event(self, event_dict, ratelimit=True,
-                              token_id=None, txn_id=None, is_guest=False):
+                              client=None, txn_id=None):
        """ Given a dict from a client, create and handle a new event.

        Creates an FrozenEvent object, filling out auth_events, prev_events,
@@ -201,12 +155,17 @@ class MessageHandler(BaseHandler):
            if membership == Membership.JOIN:
                joinee = UserID.from_string(builder.state_key)
                # If event doesn't include a display name, add one.
-                yield collect_presencelike_data(
-                    self.distributor, joinee, builder.content
+                yield self.distributor.fire(
+                    "collect_presencelike_data",
+                    joinee,
+                    builder.content
                )

-        if token_id is not None:
-            builder.internal_metadata.token_id = token_id
+        if client is not None:
+            if client.token_id is not None:
+                builder.internal_metadata.token_id = client.token_id
+            if client.device_id is not None:
+                builder.internal_metadata.device_id = client.device_id

        if txn_id is not None:
            builder.internal_metadata.txn_id = txn_id
@@ -215,19 +174,9 @@ class MessageHandler(BaseHandler):
            builder=builder,
        )

-        if event.is_state():
-            prev_state = context.current_state.get((event.type, event.state_key))
-            if prev_state and event.user_id == prev_state.user_id:
-                prev_content = encode_canonical_json(prev_state.content)
-                next_content = encode_canonical_json(event.content)
-                if prev_content == next_content:
-                    # Duplicate suppression for state updates with same sender
-                    # and content.
-                    defer.returnValue(prev_state)
-
        if event.type == EventTypes.Member:
            member_handler = self.hs.get_handlers().room_member_handler
-            yield member_handler.change_membership(event, context, is_guest=is_guest)
+            yield member_handler.change_membership(event, context)
        else:
            yield self.handle_new_client_event(
                event=event,
@@ -243,7 +192,7 @@ class MessageHandler(BaseHandler):

    @defer.inlineCallbacks
    def get_room_data(self, user_id=None, room_id=None,
-                      event_type=None, state_key="", is_guest=False):
+                      event_type=None, state_key=""):
        """ Get data from a room.

        Args:
@@ -253,55 +202,29 @@ class MessageHandler(BaseHandler):
        Raises:
            SynapseError if something went wrong.
        """
-        membership, membership_event_id = yield self._check_in_room_or_world_readable(
-            room_id, user_id, is_guest
+        have_joined = yield self.auth.check_joined_room(room_id, user_id)
+        if not have_joined:
+            raise RoomError(403, "User not in room.")
+
+        data = yield self.state_handler.get_current_state(
+            room_id, event_type, state_key
        )
-
-        if membership == Membership.JOIN:
-            data = yield self.state_handler.get_current_state(
-                room_id, event_type, state_key
-            )
-        elif membership == Membership.LEAVE:
-            key = (event_type, state_key)
-            room_state = yield self.store.get_state_for_events(
-                [membership_event_id], [key]
-            )
-            data = room_state[membership_event_id].get(key)
-
        defer.returnValue(data)

    @defer.inlineCallbacks
-    def _check_in_room_or_world_readable(self, room_id, user_id, is_guest):
-        try:
-            # check_user_was_in_room will return the most recent membership
-            # event for the user if:
-            #  * The user is a non-guest user, and was ever in the room
-            #  * The user is a guest user, and has joined the room
-            # else it will throw.
-            member_event = yield self.auth.check_user_was_in_room(room_id, user_id)
-            defer.returnValue((member_event.membership, member_event.event_id))
-            return
-        except AuthError, auth_error:
-            visibility = yield self.state_handler.get_current_state(
-                room_id, EventTypes.RoomHistoryVisibility, ""
-            )
-            if (
-                visibility and
-                visibility.content["history_visibility"] == "world_readable"
-            ):
-                defer.returnValue((Membership.JOIN, None))
-                return
-            if not is_guest:
-                raise auth_error
-            raise AuthError(
-                403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
-            )
+    def get_feedback(self, event_id):
+        # yield self.auth.check_joined_room(room_id, user_id)
+
+        # Pull out the feedback from the db
+        fb = yield self.store.get_feedback(event_id)
+
+        if fb:
+            defer.returnValue(fb)
+        defer.returnValue(None)

    @defer.inlineCallbacks
-    def get_state_events(self, user_id, room_id, is_guest=False):
-        """Retrieve all state events for a given room. If the user is
-        joined to the room then return the current state. If the user has
-        left the room return the state events from when they left.
+    def get_state_events(self, user_id, room_id):
+        """Retrieve all state events for a given room.

        Args:
            user_id(str): The user requesting state events.
@@ -309,26 +232,18 @@ class MessageHandler(BaseHandler):
        Returns:
            A list of dicts representing state events. [{}, {}, {}]
        """
-        membership, membership_event_id = yield self._check_in_room_or_world_readable(
-            room_id, user_id, is_guest
-        )
-
-        if membership == Membership.JOIN:
-            room_state = yield self.state_handler.get_current_state(room_id)
-        elif membership == Membership.LEAVE:
-            room_state = yield self.store.get_state_for_events(
-                [membership_event_id], None
-            )
-            room_state = room_state[membership_event_id]
+        yield self.auth.check_joined_room(room_id, user_id)

+        # TODO: This is duplicating logic from snapshot_all_rooms
+        current_state = yield self.state_handler.get_current_state(room_id)
        now = self.clock.time_msec()
        defer.returnValue(
-            [serialize_event(c, now) for c in room_state.values()]
+            [serialize_event(c, now) for c in current_state.values()]
        )

    @defer.inlineCallbacks
    def snapshot_all_rooms(self, user_id=None, pagin_config=None,
-                           as_client_event=True, include_archived=False):
+                           feedback=False, as_client_event=True):
        """Retrieve a snapshot of all rooms the user is invited or has joined.

        This snapshot may include messages for all rooms where the user is
@@ -338,20 +253,17 @@ class MessageHandler(BaseHandler):
            user_id (str): The ID of the user making the request.
            pagin_config (synapse.api.streams.PaginationConfig): The pagination
            config used to determine how many messages *PER ROOM* to return.
+            feedback (bool): True to get feedback along with these messages.
            as_client_event (bool): True to get events in client-server format.
-            include_archived (bool): True to get rooms that the user has left
        Returns:
            A list of dicts with "room_id" and "membership" keys for all rooms
            the user is currently invited or joined in on. Rooms where the user
            is joined on, may return a "messages" key with messages, depending
            on the specified PaginationConfig.
        """
-        memberships = [Membership.INVITE, Membership.JOIN]
-        if include_archived:
-            memberships.append(Membership.LEAVE)
-
        room_list = yield self.store.get_rooms_for_user_where_membership_is(
-            user_id=user_id, membership_list=memberships
+            user_id=user_id,
+            membership_list=[Membership.INVITE, Membership.JOIN]
        )

        user = UserID.from_string(user_id)
@@ -366,18 +278,7 @@ class MessageHandler(BaseHandler):
            user, pagination_config.get_source_config("presence"), None
        )

-        receipt_stream = self.hs.get_event_sources().sources["receipt"]
-        receipt, _ = yield receipt_stream.get_pagination_rows(
-            user, pagination_config.get_source_config("receipt"), None
-        )
-
-        tags_by_room = yield self.store.get_tags_for_user(user_id)
-
-        account_data, account_data_by_room = (
-            yield self.store.get_account_data_for_user(user_id)
-        )
-
-        public_room_ids = yield self.store.get_public_room_ids()
+        published_room_ids = yield self.store.get_published_room_ids()

        limit = pagin_config.limit
        if limit is None:
@@ -389,53 +290,33 @@ class MessageHandler(BaseHandler):
                "room_id": event.room_id,
                "membership": event.membership,
                "visibility": (
-                    "public" if event.room_id in public_room_ids
+                    # TODO(paul): This should be specified as "published"
+                    "public" if event.room_id in published_room_ids
                    else "private"
                ),
            }

            if event.membership == Membership.INVITE:
-                time_now = self.clock.time_msec()
                d["inviter"] = event.sender

-                invite_event = yield self.store.get_event(event.event_id)
-                d["invite"] = serialize_event(invite_event, time_now, as_client_event)
-
            rooms_ret.append(d)

-            if event.membership not in (Membership.JOIN, Membership.LEAVE):
+            if event.membership != Membership.JOIN:
                return
-
            try:
-                if event.membership == Membership.JOIN:
-                    room_end_token = now_token.room_key
-                    deferred_room_state = self.state_handler.get_current_state(
-                        event.room_id
-                    )
-                elif event.membership == Membership.LEAVE:
-                    room_end_token = "s%d" % (event.stream_ordering,)
-                    deferred_room_state = self.store.get_state_for_events(
-                        [event.event_id], None
-                    )
-                    deferred_room_state.addCallback(
-                        lambda states: states[event.event_id]
-                    )
-
                (messages, token), current_state = yield defer.gatherResults(
                    [
                        self.store.get_recent_events_for_room(
                            event.room_id,
                            limit=limit,
-                            end_token=room_end_token,
+                            end_token=now_token.room_key,
+                        ),
+                        self.state_handler.get_current_state(
+                            event.room_id
                        ),
-                        deferred_room_state,
                    ]
                ).addErrback(unwrapFirstError)

-                messages = yield self._filter_events_for_client(
-                    user_id, messages
-                )
-
                start_token = now_token.copy_and_replace("room_key", token[0])
                end_token = now_token.copy_and_replace("room_key", token[1])
                time_now = self.clock.time_msec()
@@ -453,156 +334,34 @@ class MessageHandler(BaseHandler):
                    serialize_event(c, time_now, as_client_event)
                    for c in current_state.values()
                ]
-
-                account_data_events = []
-                tags = tags_by_room.get(event.room_id)
-                if tags:
-                    account_data_events.append({
-                        "type": "m.tag",
-                        "content": {"tags": tags},
-                    })
-
-                account_data = account_data_by_room.get(event.room_id, {})
-                for account_data_type, content in account_data.items():
-                    account_data_events.append({
-                        "type": account_data_type,
-                        "content": content,
-                    })
-
-                d["account_data"] = account_data_events
            except:
                logger.exception("Failed to get snapshot")

-        # Only do N rooms at once
-        n = 5
-        d_list = [handle_room(e) for e in room_list]
-        for i in range(0, len(d_list), n):
-            yield defer.gatherResults(
-                d_list[i:i + n],
-                consumeErrors=True
-            ).addErrback(unwrapFirstError)
-
-        account_data_events = []
-        for account_data_type, content in account_data.items():
-            account_data_events.append({
-                "type": account_data_type,
-                "content": content,
-            })
+        yield defer.gatherResults(
+            [handle_room(e) for e in room_list],
+            consumeErrors=True
+        ).addErrback(unwrapFirstError)

        ret = {
            "rooms": rooms_ret,
            "presence": presence,
-            "account_data": account_data_events,
-            "receipts": receipt,
-            "end": now_token.to_string(),
+            "end": now_token.to_string()
        }

        defer.returnValue(ret)

    @defer.inlineCallbacks
-    def room_initial_sync(self, user_id, room_id, pagin_config=None, is_guest=False):
-        """Capture the a snapshot of a room. If user is currently a member of
-        the room this will be what is currently in the room. If the user left
-        the room this will be what was in the room when they left.
-
-        Args:
-            user_id(str): The user to get a snapshot for.
-            room_id(str): The room to get a snapshot of.
-            pagin_config(synapse.streams.config.PaginationConfig):
-                The pagination config used to determine how many messages to
-                return.
-        Raises:
-            AuthError if the user wasn't in the room.
-        Returns:
-            A JSON serialisable dict with the snapshot of the room.
-        """
-
-        membership, member_event_id = yield self._check_in_room_or_world_readable(
-            room_id,
-            user_id,
-            is_guest
-        )
-
-        if membership == Membership.JOIN:
-            result = yield self._room_initial_sync_joined(
-                user_id, room_id, pagin_config, membership, is_guest
-            )
-        elif membership == Membership.LEAVE:
-            result = yield self._room_initial_sync_parted(
-                user_id, room_id, pagin_config, membership, member_event_id, is_guest
-            )
-
-        account_data_events = []
-        tags = yield self.store.get_tags_for_room(user_id, room_id)
-        if tags:
-            account_data_events.append({
-                "type": "m.tag",
-                "content": {"tags": tags},
-            })
-
-        account_data = yield self.store.get_account_data_for_room(user_id, room_id)
-        for account_data_type, content in account_data.items():
-            account_data_events.append({
-                "type": account_data_type,
-                "content": content,
-            })
-
-        result["account_data"] = account_data_events
-
-        defer.returnValue(result)
-
-    @defer.inlineCallbacks
-    def _room_initial_sync_parted(self, user_id, room_id, pagin_config,
-                                  membership, member_event_id, is_guest):
-        room_state = yield self.store.get_state_for_events(
-            [member_event_id], None
-        )
-
-        room_state = room_state[member_event_id]
-
-        limit = pagin_config.limit if pagin_config else None
-        if limit is None:
-            limit = 10
-
-        stream_token = yield self.store.get_stream_token_for_event(
-            member_event_id
-        )
-
-        messages, token = yield self.store.get_recent_events_for_room(
-            room_id,
-            limit=limit,
-            end_token=stream_token
-        )
-
-        messages = yield self._filter_events_for_client(
-            user_id, messages, is_guest=is_guest
-        )
-
-        start_token = StreamToken(token[0], 0, 0, 0, 0)
-        end_token = StreamToken(token[1], 0, 0, 0, 0)
-
-        time_now = self.clock.time_msec()
-
-        defer.returnValue({
-            "membership": membership,
-            "room_id": room_id,
-            "messages": {
-                "chunk": [serialize_event(m, time_now) for m in messages],
-                "start": start_token.to_string(),
-                "end": end_token.to_string(),
-            },
-            "state": [serialize_event(s, time_now) for s in room_state.values()],
-            "presence": [],
-            "receipts": [],
-        })
-
-    @defer.inlineCallbacks
-    def _room_initial_sync_joined(self, user_id, room_id, pagin_config,
-                                  membership, is_guest):
+    def room_initial_sync(self, user_id, room_id, pagin_config=None,
+                          feedback=False):
        current_state = yield self.state.get_current_state(
            room_id=room_id,
        )

+        yield self.auth.check_joined_room(
+            room_id, user_id,
+            current_state=current_state
+        )
+
        # TODO(paul): I wish I was called with user objects not user_id
        #   strings...
        auth_user = UserID.from_string(user_id)
@@ -614,12 +373,23 @@ class MessageHandler(BaseHandler):
            for x in current_state.values()
        ]

+        member_event = current_state.get((EventTypes.Member, user_id,))
+
        now_token = yield self.hs.get_event_sources().get_current_token()

        limit = pagin_config.limit if pagin_config else None
        if limit is None:
            limit = 10

+        messages, token = yield self.store.get_recent_events_for_room(
+            room_id,
+            limit=limit,
+            end_token=now_token.room_key,
+        )
+
+        start_token = now_token.copy_and_replace("room_key", token[0])
+        end_token = now_token.copy_and_replace("room_key", token[1])
+
        room_members = [
            m for m in current_state.values()
            if m.type == EventTypes.Member
@@ -627,50 +397,24 @@ class MessageHandler(BaseHandler):
        ]

        presence_handler = self.hs.get_handlers().presence_handler
-
-        @defer.inlineCallbacks
-        def get_presence():
-            states = yield presence_handler.get_states(
-                target_users=[UserID.from_string(m.user_id) for m in room_members],
-                auth_user=auth_user,
-                as_event=True,
-                check_auth=False,
-            )
-
-            defer.returnValue(states.values())
-
-        @defer.inlineCallbacks
-        def get_receipts():
-            receipts_handler = self.hs.get_handlers().receipts_handler
-            receipts = yield receipts_handler.get_receipts_for_room(
-                room_id,
-                now_token.receipt_key
-            )
-            defer.returnValue(receipts)
-
-        presence, receipts, (messages, token) = yield defer.gatherResults(
-            [
-                get_presence(),
-                get_receipts(),
-                self.store.get_recent_events_for_room(
-                    room_id,
-                    limit=limit,
-                    end_token=now_token.room_key,
+        presence = []
+        for m in room_members:
+            try:
+                member_presence = yield presence_handler.get_state(
+                    target_user=UserID.from_string(m.user_id),
+                    auth_user=auth_user,
+                    as_event=True,
+                )
+                presence.append(member_presence)
+            except SynapseError:
+                logger.exception(
+                    "Failed to get member presence of %r", m.user_id
                )
-            ],
-            consumeErrors=True,
-        ).addErrback(unwrapFirstError)
-
-        messages = yield self._filter_events_for_client(
-            user_id, messages, is_guest=is_guest, require_all_visible_for_guests=False
-        )
-
-        start_token = now_token.copy_and_replace("room_key", token[0])
-        end_token = now_token.copy_and_replace("room_key", token[1])

        time_now = self.clock.time_msec()

-        ret = {
+        defer.returnValue({
+            "membership": member_event.membership,
            "room_id": room_id,
            "messages": {
                "chunk": [serialize_event(m, time_now) for m in messages],
@@ -678,10 +422,5 @@ class MessageHandler(BaseHandler):
                "end": end_token.to_string(),
            },
            "state": state,
-            "presence": presence,
-            "receipts": receipts,
-        }
-        if not is_guest:
-            ret["membership"] = membership
-
-        defer.returnValue(ret)
+            "presence": presence
+        })
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@@ -62,14 +62,6 @@ def partitionbool(l, func):
    return ret.get(True, []), ret.get(False, [])


-def user_presence_changed(distributor, user, statuscache):
-    return distributor.fire("user_presence_changed", user, statuscache)
-
-
-def collect_presencelike_data(distributor, user, content):
-    return distributor.fire("collect_presencelike_data", user, content)
-
-
 class PresenceHandler(BaseHandler):

    STATE_LEVELS = {
@@ -199,38 +191,24 @@ class PresenceHandler(BaseHandler):
        defer.returnValue(False)

    @defer.inlineCallbacks
-    def get_state(self, target_user, auth_user, as_event=False, check_auth=True):
-        """Get the current presence state of the given user.
-
-        Args:
-            target_user (UserID): The user whose presence we want
-            auth_user (UserID): The user requesting the presence, used for
-                checking if said user is allowed to see the persence of the
-                `target_user`
-            as_event (bool): Format the return as an event or not?
-            check_auth (bool): Perform the auth checks or not?
-
-        Returns:
-            dict: The presence state of the `target_user`, whose format depends
-            on the `as_event` argument.
-        """
+    def get_state(self, target_user, auth_user, as_event=False):
        if self.hs.is_mine(target_user):
-            if check_auth:
-                visible = yield self.is_presence_visible(
-                    observer_user=auth_user,
-                    observed_user=target_user
-                )
+            visible = yield self.is_presence_visible(
+                observer_user=auth_user,
+                observed_user=target_user
+            )

-                if not visible:
-                    raise SynapseError(404, "Presence information not visible")
+            if not visible:
+                raise SynapseError(404, "Presence information not visible")
+            state = yield self.store.get_presence_state(target_user.localpart)
+            if "mtime" in state:
+                del state["mtime"]
+            state["presence"] = state.pop("state")

            if target_user in self._user_cachemap:
-                state = self._user_cachemap[target_user].get_state()
-            else:
-                state = yield self.store.get_presence_state(target_user.localpart)
-                if "mtime" in state:
-                    del state["mtime"]
-                state["presence"] = state.pop("state")
+                cached_state = self._user_cachemap[target_user].get_state()
+                if "last_active" in cached_state:
+                    state["last_active"] = cached_state["last_active"]
        else:
            # TODO(paul): Have remote server send us permissions set
            state = self._get_or_offline_usercache(target_user).get_state()
@@ -254,81 +232,6 @@ class PresenceHandler(BaseHandler):
        else:
            defer.returnValue(state)

-    @defer.inlineCallbacks
-    def get_states(self, target_users, auth_user, as_event=False, check_auth=True):
-        """A batched version of the `get_state` method that accepts a list of
-        `target_users`
-
-        Args:
-            target_users (list): The list of UserID's whose presence we want
-            auth_user (UserID): The user requesting the presence, used for
-                checking if said user is allowed to see the persence of the
-                `target_users`
-            as_event (bool): Format the return as an event or not?
-            check_auth (bool): Perform the auth checks or not?
-
-        Returns:
-            dict: A mapping from user -> presence_state
-        """
-        local_users, remote_users = partitionbool(
-            target_users,
-            lambda u: self.hs.is_mine(u)
-        )
-
-        if check_auth:
-            for user in local_users:
-                visible = yield self.is_presence_visible(
-                    observer_user=auth_user,
-                    observed_user=user
-                )
-
-                if not visible:
-                    raise SynapseError(404, "Presence information not visible")
-
-        results = {}
-        if local_users:
-            for user in local_users:
-                if user in self._user_cachemap:
-                    results[user] = self._user_cachemap[user].get_state()
-
-            local_to_user = {u.localpart: u for u in local_users}
-
-            states = yield self.store.get_presence_states(
-                [u.localpart for u in local_users if u not in results]
-            )
-
-            for local_part, state in states.items():
-                if state is None:
-                    continue
-                res = {"presence": state["state"]}
-                if "status_msg" in state and state["status_msg"]:
-                    res["status_msg"] = state["status_msg"]
-                results[local_to_user[local_part]] = res
-
-        for user in remote_users:
-            # TODO(paul): Have remote server send us permissions set
-            results[user] = self._get_or_offline_usercache(user).get_state()
-
-        for state in results.values():
-            if "last_active" in state:
-                state["last_active_ago"] = int(
-                    self.clock.time_msec() - state.pop("last_active")
-                )
-
-        if as_event:
-            for user, state in results.items():
-                content = state
-                content["user_id"] = user.to_string()
-
-                if "last_active" in content:
-                    content["last_active_ago"] = int(
-                        self._clock.time_msec() - content.pop("last_active")
-                    )
-
-                results[user] = {"type": "m.presence", "content": content}
-
-        defer.returnValue(results)
-
    @defer.inlineCallbacks
    @log_function
    def set_state(self, target_user, auth_user, state):
@@ -369,7 +272,9 @@ class PresenceHandler(BaseHandler):
        yield self.store.set_presence_state(
            target_user.localpart, state_to_store
        )
-        yield collect_presencelike_data(self.distributor, target_user, state)
+        yield self.distributor.fire(
+            "collect_presencelike_data", target_user, state
+        )

        if now_level > was_level:
            state["last_active"] = self.clock.time_msec()
@@ -384,7 +289,7 @@ class PresenceHandler(BaseHandler):

        # TODO(paul): perform a presence push as part of start/stop poll so
        #   we don't have to do this all the time
-        yield self.changed_presencelike_data(target_user, state)
+        self.changed_presencelike_data(target_user, state)

    def bump_presence_active_time(self, user, now=None):
        if now is None:
@@ -428,12 +333,12 @@ class PresenceHandler(BaseHandler):
    @log_function
    def started_user_eventstream(self, user):
        # TODO(paul): Use "last online" state
-        return self.set_state(user, user, {"presence": PresenceState.ONLINE})
+        self.set_state(user, user, {"presence": PresenceState.ONLINE})

    @log_function
    def stopped_user_eventstream(self, user):
        # TODO(paul): Save current state as "last online" state
-        return self.set_state(user, user, {"presence": PresenceState.OFFLINE})
+        self.set_state(user, user, {"presence": PresenceState.OFFLINE})

    @defer.inlineCallbacks
    def user_joined_room(self, user, room_id):
@@ -473,7 +378,7 @@ class PresenceHandler(BaseHandler):
            )

    @defer.inlineCallbacks
-    def send_presence_invite(self, observer_user, observed_user):
+    def send_invite(self, observer_user, observed_user):
        """Request the presence of a local or remote user for a local user"""
        if not self.hs.is_mine(observer_user):
            raise SynapseError(400, "User is not hosted on this Home Server")
@@ -884,7 +789,7 @@ class PresenceHandler(BaseHandler):
            room_ids=room_ids,
            statuscache=statuscache,
        )
-        yield user_presence_changed(self.distributor, user, statuscache)
+        yield self.distributor.fire("user_presence_changed", user, statuscache)

    @defer.inlineCallbacks
    def incoming_presence(self, origin, content):
@@ -956,8 +861,7 @@ class PresenceHandler(BaseHandler):
                )
                while len(self._remote_offline_serials) > MAX_OFFLINE_SERIALS:
                    self._remote_offline_serials.pop()  # remove the oldest
-                if user in self._user_cachemap:
-                    del self._user_cachemap[user]
+                del self._user_cachemap[user]
            else:
                # Remove the user from remote_offline_serials now that they're
                # no longer offline
@@ -1088,7 +992,7 @@ class PresenceHandler(BaseHandler):
            room_ids([str]): List of room_ids to notify.
        """
        with PreserveLoggingContext():
-            self.notifier.on_new_event(
+            self.notifier.on_new_user_event(
                "presence_key",
                self._user_cachemap_latest_serial,
                users_to_push,
@@ -1122,7 +1026,9 @@ class PresenceHandler(BaseHandler):
                    self._user_cachemap[user].get_state()["last_active"]
                )

-            yield collect_presencelike_data(self.distributor, user, state)
+            yield self.distributor.fire(
+                "collect_presencelike_data", user, state
+            )

        if "last_active" in state:
            state = dict(state)
@@ -1147,9 +1053,8 @@ class PresenceEventSource(object):

    @defer.inlineCallbacks
    @log_function
-    def get_new_events(self, user, from_key, room_ids=None, **kwargs):
+    def get_new_events_for_user(self, user, from_key, limit):
        from_key = int(from_key)
-        room_ids = room_ids or []

        presence = self.hs.get_handlers().presence_handler
        cachemap = presence._user_cachemap
@@ -1167,6 +1072,7 @@ class PresenceEventSource(object):
            user_ids_to_check |= set(
                UserID.from_string(p["observed_user_id"]) for p in presence_list
            )
+        room_ids = yield presence.get_joined_rooms_for_user(user)
        for room_id in set(room_ids) & set(presence._room_serials):
            if presence._room_serials[room_id] > from_key:
                joined = yield presence.get_joined_users_for_room_id(room_id)
@@ -1268,11 +1174,6 @@ class UserPresenceCache(object):
        self.state = {"presence": PresenceState.OFFLINE}
        self.serial = None

-    def __repr__(self):
-        return "UserPresenceCache(state=%r, serial=%r)" % (
-            self.state, self.serial
-        )
-
    def update(self, state, serial):
        assert("mtime_age" not in state)

--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -28,14 +28,6 @@ import logging
 logger = logging.getLogger(__name__)


-def changed_presencelike_data(distributor, user, state):
-    return distributor.fire("changed_presencelike_data", user, state)
-
-
-def collect_presencelike_data(distributor, user, content):
-    return distributor.fire("collect_presencelike_data", user, content)
-
-
 class ProfileHandler(BaseHandler):

    def __init__(self, hs):
@@ -103,9 +95,11 @@ class ProfileHandler(BaseHandler):
            target_user.localpart, new_displayname
        )

-        yield changed_presencelike_data(self.distributor, target_user, {
-            "displayname": new_displayname,
-        })
+        yield self.distributor.fire(
+            "changed_presencelike_data", target_user, {
+                "displayname": new_displayname,
+            }
+        )

        yield self._update_join_states(target_user)

@@ -150,9 +144,11 @@ class ProfileHandler(BaseHandler):
            target_user.localpart, new_avatar_url
        )

-        yield changed_presencelike_data(self.distributor, target_user, {
-            "avatar_url": new_avatar_url,
-        })
+        yield self.distributor.fire(
+            "changed_presencelike_data", target_user, {
+                "avatar_url": new_avatar_url,
+            }
+        )

        yield self._update_join_states(target_user)

@@ -212,7 +208,9 @@ class ProfileHandler(BaseHandler):
                "membership": Membership.JOIN,
            }

-            yield collect_presencelike_data(self.distributor, user, content)
+            yield self.distributor.fire(
+                "collect_presencelike_data", user, content
+            )

            msg_handler = self.hs.get_handlers().message_handler
            try:
--- a/synapse/handlers/receipts.py
+++ b/synapse/handlers/receipts.py
@@ -1,202 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from ._base import BaseHandler
-
-from twisted.internet import defer
-
-from synapse.util.logcontext import PreserveLoggingContext
-
-import logging
-
-
-logger = logging.getLogger(__name__)
-
-
-class ReceiptsHandler(BaseHandler):
-    def __init__(self, hs):
-        super(ReceiptsHandler, self).__init__(hs)
-
-        self.hs = hs
-        self.federation = hs.get_replication_layer()
-        self.federation.register_edu_handler(
-            "m.receipt", self._received_remote_receipt
-        )
-        self.clock = self.hs.get_clock()
-
-        self._receipt_cache = None
-
-    @defer.inlineCallbacks
-    def received_client_receipt(self, room_id, receipt_type, user_id,
-                                event_id):
-        """Called when a client tells us a local user has read up to the given
-        event_id in the room.
-        """
-        receipt = {
-            "room_id": room_id,
-            "receipt_type": receipt_type,
-            "user_id": user_id,
-            "event_ids": [event_id],
-            "data": {
-                "ts": int(self.clock.time_msec()),
-            }
-        }
-
-        is_new = yield self._handle_new_receipts([receipt])
-
-        if is_new:
-            self._push_remotes([receipt])
-
-    @defer.inlineCallbacks
-    def _received_remote_receipt(self, origin, content):
-        """Called when we receive an EDU of type m.receipt from a remote HS.
-        """
-        receipts = [
-            {
-                "room_id": room_id,
-                "receipt_type": receipt_type,
-                "user_id": user_id,
-                "event_ids": user_values["event_ids"],
-                "data": user_values.get("data", {}),
-            }
-            for room_id, room_values in content.items()
-            for receipt_type, users in room_values.items()
-            for user_id, user_values in users.items()
-        ]
-
-        yield self._handle_new_receipts(receipts)
-
-    @defer.inlineCallbacks
-    def _handle_new_receipts(self, receipts):
-        """Takes a list of receipts, stores them and informs the notifier.
-        """
-        for receipt in receipts:
-            room_id = receipt["room_id"]
-            receipt_type = receipt["receipt_type"]
-            user_id = receipt["user_id"]
-            event_ids = receipt["event_ids"]
-            data = receipt["data"]
-
-            res = yield self.store.insert_receipt(
-                room_id, receipt_type, user_id, event_ids, data
-            )
-
-            if not res:
-                # res will be None if this read receipt is 'old'
-                defer.returnValue(False)
-
-            stream_id, max_persisted_id = res
-
-            with PreserveLoggingContext():
-                self.notifier.on_new_event(
-                    "receipt_key", max_persisted_id, rooms=[room_id]
-                )
-
-            defer.returnValue(True)
-
-    @defer.inlineCallbacks
-    def _push_remotes(self, receipts):
-        """Given a list of receipts, works out which remote servers should be
-        poked and pokes them.
-        """
-        # TODO: Some of this stuff should be coallesced.
-        for receipt in receipts:
-            room_id = receipt["room_id"]
-            receipt_type = receipt["receipt_type"]
-            user_id = receipt["user_id"]
-            event_ids = receipt["event_ids"]
-            data = receipt["data"]
-
-            remotedomains = set()
-
-            rm_handler = self.hs.get_handlers().room_member_handler
-            yield rm_handler.fetch_room_distributions_into(
-                room_id, localusers=None, remotedomains=remotedomains
-            )
-
-            logger.debug("Sending receipt to: %r", remotedomains)
-
-            for domain in remotedomains:
-                self.federation.send_edu(
-                    destination=domain,
-                    edu_type="m.receipt",
-                    content={
-                        room_id: {
-                            receipt_type: {
-                                user_id: {
-                                    "event_ids": event_ids,
-                                    "data": data,
-                                }
-                            }
-                        },
-                    },
-                )
-
-    @defer.inlineCallbacks
-    def get_receipts_for_room(self, room_id, to_key):
-        """Gets all receipts for a room, upto the given key.
-        """
-        result = yield self.store.get_linearized_receipts_for_room(
-            room_id,
-            to_key=to_key,
-        )
-
-        if not result:
-            defer.returnValue([])
-
-        defer.returnValue(result)
-
-
-class ReceiptEventSource(object):
-    def __init__(self, hs):
-        self.store = hs.get_datastore()
-
-    @defer.inlineCallbacks
-    def get_new_events(self, from_key, room_ids, **kwargs):
-        from_key = int(from_key)
-        to_key = yield self.get_current_key()
-
-        if from_key == to_key:
-            defer.returnValue(([], to_key))
-
-        events = yield self.store.get_linearized_receipts_for_rooms(
-            room_ids,
-            from_key=from_key,
-            to_key=to_key,
-        )
-
-        defer.returnValue((events, to_key))
-
-    def get_current_key(self, direction='f'):
-        return self.store.get_max_receipt_stream_id()
-
-    @defer.inlineCallbacks
-    def get_pagination_rows(self, user, config, key):
-        to_key = int(config.from_key)
-
-        if config.to_key:
-            from_key = int(config.to_key)
-        else:
-            from_key = None
-
-        rooms = yield self.store.get_rooms_for_user(user.to_string())
-        rooms = [room.room_id for room in rooms]
-        events = yield self.store.get_linearized_receipts_for_rooms(
-            rooms,
-            from_key=from_key,
-            to_key=to_key,
-        )
-
-        defer.returnValue((events, to_key))
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -25,16 +25,14 @@ import synapse.util.stringutils as stringutils
 from synapse.util.async import run_on_reactor
 from synapse.http.client import CaptchaServerHttpClient

+import base64
+import bcrypt
 import logging
 import urllib

 logger = logging.getLogger(__name__)


-def registered_user(distributor, user):
-    return distributor.fire("registered_user", user)
-
-
 class RegistrationHandler(BaseHandler):

    def __init__(self, hs):
@@ -42,7 +40,6 @@ class RegistrationHandler(BaseHandler):

        self.distributor = hs.get_distributor()
        self.distributor.declare("registered_user")
-        self.captch_client = CaptchaServerHttpClient(hs)

    @defer.inlineCallbacks
    def check_username(self, localpart):
@@ -60,8 +57,8 @@ class RegistrationHandler(BaseHandler):

        yield self.check_user_id_is_valid(user_id)

-        users = yield self.store.get_users_by_id_case_insensitive(user_id)
-        if users:
+        u = yield self.store.get_user_by_id(user_id)
+        if u:
            raise SynapseError(
                400,
                "User ID already taken.",
@@ -69,15 +66,14 @@ class RegistrationHandler(BaseHandler):
            )

    @defer.inlineCallbacks
-    def register(self, localpart=None, password=None, generate_token=True):
+    def register(self, localpart=None, password=None):
        """Registers a new client on the server.

        Args:
            localpart : The local part of the user ID to register. If None,
              one will be randomly generated.
            password (str) : The password to assign to this user so they can
-            login again. This can be None which means they cannot login again
-            via a password (e.g. the user is an application service user).
+            login again.
        Returns:
            A tuple of (user_id, access_token).
        Raises:
@@ -86,7 +82,7 @@ class RegistrationHandler(BaseHandler):
        yield run_on_reactor()
        password_hash = None
        if password:
-            password_hash = self.auth_handler().hash(password)
+            password_hash = bcrypt.hashpw(password, bcrypt.gensalt())

        if localpart:
            yield self.check_username(localpart)
@@ -94,35 +90,33 @@ class RegistrationHandler(BaseHandler):
            user = UserID(localpart, self.hs.hostname)
            user_id = user.to_string()

-            token = None
-            if generate_token:
-                token = self.auth_handler().generate_access_token(user_id)
+            token = self._generate_token(user_id)
            yield self.store.register(
                user_id=user_id,
                token=token,
                password_hash=password_hash
            )

-            yield registered_user(self.distributor, user)
+            yield self.distributor.fire("registered_user", user)
        else:
            # autogen a random user ID
            attempts = 0
            user_id = None
            token = None
-            while not user_id:
+            while not user_id and not token:
                try:
                    localpart = self._generate_user_id()
                    user = UserID(localpart, self.hs.hostname)
                    user_id = user.to_string()
                    yield self.check_user_id_is_valid(user_id)
-                    if generate_token:
-                        token = self.auth_handler().generate_access_token(user_id)
+
+                    token = self._generate_token(user_id)
                    yield self.store.register(
                        user_id=user_id,
                        token=token,
                        password_hash=password_hash)

-                    yield registered_user(self.distributor, user)
+                    self.distributor.fire("registered_user", user)
                except SynapseError:
                    # if user id is taken, just generate another
                    user_id = None
@@ -166,13 +160,13 @@ class RegistrationHandler(BaseHandler):
                400, "Invalid user localpart for this application service.",
                errcode=Codes.EXCLUSIVE
            )
-        token = self.auth_handler().generate_access_token(user_id)
+        token = self._generate_token(user_id)
        yield self.store.register(
            user_id=user_id,
            token=token,
            password_hash=""
        )
-        registered_user(self.distributor, user)
+        self.distributor.fire("registered_user", user)
        defer.returnValue((user_id, token))

    @defer.inlineCallbacks
@@ -198,35 +192,6 @@ class RegistrationHandler(BaseHandler):
        else:
            logger.info("Valid captcha entered from %s", ip)

-    @defer.inlineCallbacks
-    def register_saml2(self, localpart):
-        """
-        Registers email_id as SAML2 Based Auth.
-        """
-        if urllib.quote(localpart) != localpart:
-            raise SynapseError(
-                400,
-                "User ID must only contain characters which do not"
-                " require URL encoding."
-                )
-        user = UserID(localpart, self.hs.hostname)
-        user_id = user.to_string()
-
-        yield self.check_user_id_is_valid(user_id)
-        token = self.auth_handler().generate_access_token(user_id)
-        try:
-            yield self.store.register(
-                user_id=user_id,
-                token=token,
-                password_hash=None
-            )
-            yield registered_user(self.distributor, user)
-        except Exception, e:
-            yield self.store.add_access_token_to_user(user_id, token)
-            # Ignore Registration errors
-            logger.exception(e)
-        defer.returnValue((user_id, token))
-
    @defer.inlineCallbacks
    def register_email(self, threepidCreds):
        """
@@ -278,6 +243,13 @@ class RegistrationHandler(BaseHandler):
                    errcode=Codes.EXCLUSIVE
                )

+    def _generate_token(self, user_id):
+        # urlsafe variant uses _ and - so use . as the separator and replace
+        # all =s with .s so http clients don't quote =s when it is used as
+        # query params.
+        return (base64.urlsafe_b64encode(user_id).replace('=', '.') + '.' +
+                stringutils.random_string(18))
+
    def _generate_user_id(self):
        return "-" + stringutils.random_string(18)

@@ -307,7 +279,10 @@ class RegistrationHandler(BaseHandler):
        """
        Used only by c/s api v1
        """
-        data = yield self.captcha_client.post_urlencoded_get_raw(
+        # TODO: get this from the homeserver rather than creating a new one for
+        # each request
+        client = CaptchaServerHttpClient(self.hs)
+        data = yield client.post_urlencoded_get_raw(
            "http://www.google.com:80/recaptcha/api/verify",
            args={
                'privatekey': private_key,
@@ -317,6 +292,3 @@ class RegistrationHandler(BaseHandler):
            }
        )
        defer.returnValue(data)
-
-    def auth_handler(self):
-        return self.hs.get_handlers().auth_handler
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -19,60 +19,20 @@ from twisted.internet import defer
 from ._base import BaseHandler

 from synapse.types import UserID, RoomAlias, RoomID
-from synapse.api.constants import (
-    EventTypes, Membership, JoinRules, RoomCreationPreset,
-)
-from synapse.api.errors import AuthError, StoreError, SynapseError
+from synapse.api.constants import EventTypes, Membership, JoinRules
+from synapse.api.errors import StoreError, SynapseError
 from synapse.util import stringutils, unwrapFirstError
 from synapse.util.async import run_on_reactor
-
-from signedjson.sign import verify_signed_json
-from signedjson.key import decode_verify_key_bytes
-
-from collections import OrderedDict
-from unpaddedbase64 import decode_base64
+from synapse.events.utils import serialize_event

 import logging
-import math
 import string

 logger = logging.getLogger(__name__)

-id_server_scheme = "https://"
-
-
-def collect_presencelike_data(distributor, user, content):
-    return distributor.fire("collect_presencelike_data", user, content)
-
-
-def user_left_room(distributor, user, room_id):
-    return distributor.fire("user_left_room", user=user, room_id=room_id)
-
-
-def user_joined_room(distributor, user, room_id):
-    return distributor.fire("user_joined_room", user=user, room_id=room_id)
-

 class RoomCreationHandler(BaseHandler):

-    PRESETS_DICT = {
-        RoomCreationPreset.PRIVATE_CHAT: {
-            "join_rules": JoinRules.INVITE,
-            "history_visibility": "shared",
-            "original_invitees_have_ops": False,
-        },
-        RoomCreationPreset.TRUSTED_PRIVATE_CHAT: {
-            "join_rules": JoinRules.INVITE,
-            "history_visibility": "shared",
-            "original_invitees_have_ops": True,
-        },
-        RoomCreationPreset.PUBLIC_CHAT: {
-            "join_rules": JoinRules.PUBLIC,
-            "history_visibility": "shared",
-            "original_invitees_have_ops": False,
-        },
-    }
-
    @defer.inlineCallbacks
    def create_room(self, user_id, room_id, config):
        """ Creates a new room.
@@ -117,6 +77,14 @@ class RoomCreationHandler(BaseHandler):

        is_public = config.get("visibility", None) == "public"

+        # By default, all public-joinable rooms are published. Allow overriding
+        # that decision.
+        # TODO(paul): Specify 'published' key
+        if "published" in config:
+            published = config["published"]
+        else:
+            published = is_public
+
        if room_id:
            # Ensure room_id is the correct type
            room_id_obj = RoomID.from_string(room_id)
@@ -126,7 +94,7 @@ class RoomCreationHandler(BaseHandler):
            yield self.store.store_room(
                room_id=room_id,
                room_creator_user_id=user_id,
-                is_public=is_public
+                published=published,
            )
        else:
            # autogen room IDs and try to create it. We may clash, so just
@@ -143,7 +111,7 @@ class RoomCreationHandler(BaseHandler):
                    yield self.store.store_room(
                        room_id=gen_room_id.to_string(),
                        room_creator_user_id=user_id,
-                        is_public=is_public
+                        published=published,
                    )
                    room_id = gen_room_id.to_string()
                    break
@@ -161,29 +129,9 @@ class RoomCreationHandler(BaseHandler):
                servers=[self.hs.hostname],
            )

-        preset_config = config.get(
-            "preset",
-            RoomCreationPreset.PUBLIC_CHAT
-            if is_public
-            else RoomCreationPreset.PRIVATE_CHAT
-        )
-
-        raw_initial_state = config.get("initial_state", [])
-
-        initial_state = OrderedDict()
-        for val in raw_initial_state:
-            initial_state[(val["type"], val.get("state_key", ""))] = val["content"]
-
-        creation_content = config.get("creation_content", {})
-
        user = UserID.from_string(user_id)
        creation_events = self._create_events_for_new_room(
-            user, room_id,
-            preset_config=preset_config,
-            invite_list=invite_list,
-            initial_state=initial_state,
-            creation_content=creation_content,
-            room_alias=room_alias,
+            user, room_id, is_public=is_public
        )

        msg_handler = self.hs.get_handlers().message_handler
@@ -230,11 +178,7 @@ class RoomCreationHandler(BaseHandler):

        defer.returnValue(result)

-    def _create_events_for_new_room(self, creator, room_id, preset_config,
-                                    invite_list, initial_state, creation_content,
-                                    room_alias):
-        config = RoomCreationHandler.PRESETS_DICT[preset_config]
-
+    def _create_events_for_new_room(self, creator, room_id, is_public=False):
        creator_id = creator.to_string()

        event_keys = {
@@ -254,10 +198,9 @@ class RoomCreationHandler(BaseHandler):

            return e

-        creation_content.update({"creator": creator.to_string()})
        creation_event = create(
            etype=EventTypes.Create,
-            content=creation_content,
+            content={"creator": creator.to_string()},
        )

        join_event = create(
@@ -268,20 +211,16 @@ class RoomCreationHandler(BaseHandler):
            },
        )

-        returned_events = [creation_event, join_event]
-
-        if (EventTypes.PowerLevels, '') not in initial_state:
-            power_level_content = {
+        power_levels_event = create(
+            etype=EventTypes.PowerLevels,
+            content={
                "users": {
                    creator.to_string(): 100,
                },
                "users_default": 0,
                "events": {
-                    EventTypes.Name: 50,
+                    EventTypes.Name: 100,
                    EventTypes.PowerLevels: 100,
-                    EventTypes.RoomHistoryVisibility: 100,
-                    EventTypes.CanonicalAlias: 50,
-                    EventTypes.RoomAvatar: 50,
                },
                "events_default": 0,
                "state_default": 50,
@@ -289,51 +228,21 @@ class RoomCreationHandler(BaseHandler):
                "kick": 50,
                "redact": 50,
                "invite": 0,
-            }
+            },
+        )

-            if config["original_invitees_have_ops"]:
-                for invitee in invite_list:
-                    power_level_content["users"][invitee] = 100
+        join_rule = JoinRules.PUBLIC if is_public else JoinRules.INVITE
+        join_rules_event = create(
+            etype=EventTypes.JoinRules,
+            content={"join_rule": join_rule},
+        )

-            power_levels_event = create(
-                etype=EventTypes.PowerLevels,
-                content=power_level_content,
-            )
-
-            returned_events.append(power_levels_event)
-
-        if room_alias and (EventTypes.CanonicalAlias, '') not in initial_state:
-            room_alias_event = create(
-                etype=EventTypes.CanonicalAlias,
-                content={"alias": room_alias.to_string()},
-            )
-
-            returned_events.append(room_alias_event)
-
-        if (EventTypes.JoinRules, '') not in initial_state:
-            join_rules_event = create(
-                etype=EventTypes.JoinRules,
-                content={"join_rule": config["join_rules"]},
-            )
-
-            returned_events.append(join_rules_event)
-
-        if (EventTypes.RoomHistoryVisibility, '') not in initial_state:
-            history_event = create(
-                etype=EventTypes.RoomHistoryVisibility,
-                content={"history_visibility": config["history_visibility"]}
-            )
-
-            returned_events.append(history_event)
-
-        for (etype, state_key), content in initial_state.items():
-            returned_events.append(create(
-                etype=etype,
-                state_key=state_key,
-                content=content,
-            ))
-
-        return returned_events
+        return [
+            creation_event,
+            join_event,
+            power_levels_event,
+            join_rules_event,
+        ]


 class RoomMemberHandler(BaseHandler):
@@ -381,7 +290,42 @@ class RoomMemberHandler(BaseHandler):
                    remotedomains.add(member.domain)

    @defer.inlineCallbacks
-    def change_membership(self, event, context, do_auth=True, is_guest=False):
+    def get_room_members_as_pagination_chunk(self, room_id=None, user_id=None,
+                                             limit=0, start_tok=None,
+                                             end_tok=None):
+        """Retrieve a list of room members in the room.
+
+        Args:
+            room_id (str): The room to get the member list for.
+            user_id (str): The ID of the user making the request.
+            limit (int): The max number of members to return.
+            start_tok (str): Optional. The start token if known.
+            end_tok (str): Optional. The end token if known.
+        Returns:
+            dict: A Pagination streamable dict.
+        Raises:
+            SynapseError if something goes wrong.
+        """
+        yield self.auth.check_joined_room(room_id, user_id)
+
+        member_list = yield self.store.get_room_members(room_id=room_id)
+        time_now = self.clock.time_msec()
+        event_list = [
+            serialize_event(entry, time_now)
+            for entry in member_list
+        ]
+        chunk_data = {
+            "start": "START",  # FIXME (erikj): START is no longer valid
+            "end": "END",
+            "chunk": event_list
+        }
+        # TODO honor Pagination stream params
+        # TODO snapshot this list to return on subsequent requests when
+        # paginating
+        defer.returnValue(chunk_data)
+
+    @defer.inlineCallbacks
+    def change_membership(self, event, context, do_auth=True):
        """ Change the membership status of a user in a room.

        Args:
@@ -402,38 +346,9 @@ class RoomMemberHandler(BaseHandler):
        # if this HS is not currently in the room, i.e. we have to do the
        # invite/join dance.
        if event.membership == Membership.JOIN:
-            if is_guest:
-                guest_access = context.current_state.get(
-                    (EventTypes.GuestAccess, ""),
-                    None
-                )
-                is_guest_access_allowed = (
-                    guest_access
-                    and guest_access.content
-                    and "guest_access" in guest_access.content
-                    and guest_access.content["guest_access"] == "can_join"
-                )
-                if not is_guest_access_allowed:
-                    raise AuthError(403, "Guest access not allowed")
-
            yield self._do_join(event, context, do_auth=do_auth)
        else:
-            if event.membership == Membership.LEAVE:
-                is_host_in_room = yield self.is_host_in_room(room_id, context)
-                if not is_host_in_room:
-                    # Rejecting an invite, rather than leaving a joined room
-                    handler = self.hs.get_handlers().federation_handler
-                    inviter = yield self.get_inviter(event)
-                    if not inviter:
-                        # return the same error as join_room_alias does
-                        raise SynapseError(404, "No known servers")
-                    yield handler.do_remotely_reject_invite(
-                        [inviter.domain],
-                        room_id,
-                        event.user_id
-                    )
-                    defer.returnValue({"room_id": room_id})
-                    return
+            # This is not a JOIN, so we can handle it normally.

            # FIXME: This isn't idempotency.
            if prev_state and prev_state.membership == event.membership:
@@ -450,12 +365,14 @@ class RoomMemberHandler(BaseHandler):

            if prev_state and prev_state.membership == Membership.JOIN:
                user = UserID.from_string(event.user_id)
-                user_left_room(self.distributor, user, event.room_id)
+                self.distributor.fire(
+                    "user_left_room", user=user, room_id=event.room_id
+                )

        defer.returnValue({"room_id": room_id})

    @defer.inlineCallbacks
-    def join_room_alias(self, joinee, room_alias, content={}):
+    def join_room_alias(self, joinee, room_alias, do_auth=True, content={}):
        directory_handler = self.hs.get_handlers().directory_handler
        mapping = yield directory_handler.get_association(room_alias)

@@ -468,7 +385,9 @@ class RoomMemberHandler(BaseHandler):
            raise SynapseError(404, "No known servers")

        # If event doesn't include a display name, add one.
-        yield collect_presencelike_data(self.distributor, joinee, content)
+        yield self.distributor.fire(
+            "collect_presencelike_data", joinee, content
+        )

        content.update({"membership": Membership.JOIN})
        builder = self.event_builder_factory.new({
@@ -487,6 +406,8 @@ class RoomMemberHandler(BaseHandler):

    @defer.inlineCallbacks
    def _do_join(self, event, context, room_hosts=None, do_auth=True):
+        joinee = UserID.from_string(event.state_key)
+        # room_id = RoomID.from_string(event.room_id, self.hs)
        room_id = event.room_id

        # XXX: We don't do an auth check if we are doing an invite
@@ -494,67 +415,8 @@ class RoomMemberHandler(BaseHandler):
        # that we are allowed to join when we decide whether or not we
        # need to do the invite/join dance.

-        is_host_in_room = yield self.is_host_in_room(room_id, context)
-        if is_host_in_room:
-            should_do_dance = False
-        elif room_hosts:  # TODO: Shouldn't this be remote_room_host?
-            should_do_dance = True
-        else:
-            inviter = yield self.get_inviter(event)
-            if not inviter:
-                # return the same error as join_room_alias does
-                raise SynapseError(404, "No known servers")
-            should_do_dance = not self.hs.is_mine(inviter)
-            room_hosts = [inviter.domain]
-
-        if should_do_dance:
-            handler = self.hs.get_handlers().federation_handler
-            yield handler.do_invite_join(
-                room_hosts,
-                room_id,
-                event.user_id,
-                event.content,
-            )
-        else:
-            logger.debug("Doing normal join")
-
-            yield self._do_local_membership_update(
-                event,
-                membership=event.content["membership"],
-                context=context,
-                do_auth=do_auth,
-            )
-
-        prev_state = context.current_state.get((event.type, event.state_key))
-        if not prev_state or prev_state.membership != Membership.JOIN:
-            # Only fire user_joined_room if the user has acutally joined the
-            # room. Don't bother if the user is just changing their profile
-            # info.
-            user = UserID.from_string(event.user_id)
-            yield user_joined_room(self.distributor, user, room_id)
-
-    @defer.inlineCallbacks
-    def get_inviter(self, event):
-        # TODO(markjh): get prev_state from snapshot
-        prev_state = yield self.store.get_room_member(
-            event.user_id, event.room_id
-        )
-
-        if prev_state and prev_state.membership == Membership.INVITE:
-            defer.returnValue(UserID.from_string(prev_state.user_id))
-            return
-        elif "third_party_invite" in event.content:
-            if "sender" in event.content["third_party_invite"]:
-                inviter = UserID.from_string(
-                    event.content["third_party_invite"]["sender"]
-                )
-                defer.returnValue(inviter)
-        defer.returnValue(None)
-
-    @defer.inlineCallbacks
-    def is_host_in_room(self, room_id, context):
        is_host_in_room = yield self.auth.check_host_in_room(
-            room_id,
+            event.room_id,
            self.hs.hostname
        )
        if not is_host_in_room:
@@ -569,16 +431,90 @@ class RoomMemberHandler(BaseHandler):
                create_event = context.current_state.get(("m.room.create", ""))
                if create_event:
                    is_host_in_room = True
-        defer.returnValue(is_host_in_room)
+
+        if is_host_in_room:
+            should_do_dance = False
+        elif room_hosts:  # TODO: Shouldn't this be remote_room_host?
+            should_do_dance = True
+        else:
+            # TODO(markjh): get prev_state from snapshot
+            prev_state = yield self.store.get_room_member(
+                joinee.to_string(), room_id
+            )
+
+            if prev_state and prev_state.membership == Membership.INVITE:
+                inviter = UserID.from_string(prev_state.user_id)
+
+                should_do_dance = not self.hs.is_mine(inviter)
+                room_hosts = [inviter.domain]
+            else:
+                # return the same error as join_room_alias does
+                raise SynapseError(404, "No known servers")
+
+        if should_do_dance:
+            handler = self.hs.get_handlers().federation_handler
+            yield handler.do_invite_join(
+                room_hosts,
+                room_id,
+                event.user_id,
+                event.content,  # FIXME To get a non-frozen dict
+                context
+            )
+        else:
+            logger.debug("Doing normal join")
+
+            yield self._do_local_membership_update(
+                event,
+                membership=event.content["membership"],
+                context=context,
+                do_auth=do_auth,
+            )
+
+        user = UserID.from_string(event.user_id)
+        yield self.distributor.fire(
+            "user_joined_room", user=user, room_id=room_id
+        )
+
+    @defer.inlineCallbacks
+    def _should_invite_join(self, room_id, prev_state, do_auth):
+        logger.debug("_should_invite_join: room_id: %s", room_id)
+
+        # XXX: We don't do an auth check if we are doing an invite
+        # join dance for now, since we're kinda implicitly checking
+        # that we are allowed to join when we decide whether or not we
+        # need to do the invite/join dance.
+
+        # Only do an invite join dance if a) we were invited,
+        # b) the person inviting was from a differnt HS and c) we are
+        # not currently in the room
+        room_host = None
+        if prev_state and prev_state.membership == Membership.INVITE:
+            room = yield self.store.get_room(room_id)
+            inviter = UserID.from_string(
+                prev_state.sender
+            )
+
+            is_remote_invite_join = not self.hs.is_mine(inviter) and not room
+            room_host = inviter.domain
+        else:
+            is_remote_invite_join = False
+
+        defer.returnValue((is_remote_invite_join, room_host))

    @defer.inlineCallbacks
    def get_joined_rooms_for_user(self, user):
        """Returns a list of roomids that the user has any of the given
        membership states in."""

-        rooms = yield self.store.get_rooms_for_user(
-            user.to_string(),
+        app_service = yield self.store.get_app_service_by_user_id(
+            user.to_string()
        )
+        if app_service:
+            rooms = yield self.store.get_app_service_rooms(app_service)
+        else:
+            rooms = yield self.store.get_rooms_for_user(
+                user.to_string(),
+            )

        # For some reason the list of events contains duplicates
        # TODO(paul): work out why because I really don't think it should
@@ -600,169 +536,12 @@ class RoomMemberHandler(BaseHandler):
            suppress_auth=(not do_auth),
        )

-    @defer.inlineCallbacks
-    def do_3pid_invite(
-            self,
-            room_id,
-            inviter,
-            medium,
-            address,
-            id_server,
-            token_id,
-            txn_id
-    ):
-        invitee = yield self._lookup_3pid(
-            id_server, medium, address
-        )
-
-        if invitee:
-            # make sure it looks like a user ID; it'll throw if it's invalid.
-            UserID.from_string(invitee)
-            yield self.hs.get_handlers().message_handler.create_and_send_event(
-                {
-                    "type": EventTypes.Member,
-                    "content": {
-                        "membership": unicode("invite")
-                    },
-                    "room_id": room_id,
-                    "sender": inviter.to_string(),
-                    "state_key": invitee,
-                },
-                token_id=token_id,
-                txn_id=txn_id,
-            )
-        else:
-            yield self._make_and_store_3pid_invite(
-                id_server,
-                medium,
-                address,
-                room_id,
-                inviter,
-                token_id,
-                txn_id=txn_id
-            )
-
-    @defer.inlineCallbacks
-    def _lookup_3pid(self, id_server, medium, address):
-        """Looks up a 3pid in the passed identity server.
-
-        Args:
-            id_server (str): The server name (including port, if required)
-                of the identity server to use.
-            medium (str): The type of the third party identifier (e.g. "email").
-            address (str): The third party identifier (e.g. "foo@example.com").
-
-        Returns:
-            (str) the matrix ID of the 3pid, or None if it is not recognized.
-        """
-        try:
-            data = yield self.hs.get_simple_http_client().get_json(
-                "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server,),
-                {
-                    "medium": medium,
-                    "address": address,
-                }
-            )
-
-            if "mxid" in data:
-                if "signatures" not in data:
-                    raise AuthError(401, "No signatures on 3pid binding")
-                self.verify_any_signature(data, id_server)
-                defer.returnValue(data["mxid"])
-
-        except IOError as e:
-            logger.warn("Error from identity server lookup: %s" % (e,))
-            defer.returnValue(None)
-
-    @defer.inlineCallbacks
-    def verify_any_signature(self, data, server_hostname):
-        if server_hostname not in data["signatures"]:
-            raise AuthError(401, "No signature from server %s" % (server_hostname,))
-        for key_name, signature in data["signatures"][server_hostname].items():
-            key_data = yield self.hs.get_simple_http_client().get_json(
-                "%s%s/_matrix/identity/api/v1/pubkey/%s" %
-                (id_server_scheme, server_hostname, key_name,),
-            )
-            if "public_key" not in key_data:
-                raise AuthError(401, "No public key named %s from %s" %
-                                (key_name, server_hostname,))
-            verify_signed_json(
-                data,
-                server_hostname,
-                decode_verify_key_bytes(key_name, decode_base64(key_data["public_key"]))
-            )
-            return
-
-    @defer.inlineCallbacks
-    def _make_and_store_3pid_invite(
-            self,
-            id_server,
-            medium,
-            address,
-            room_id,
-            user,
-            token_id,
-            txn_id
-    ):
-        token, public_key, key_validity_url, display_name = (
-            yield self._ask_id_server_for_third_party_invite(
-                id_server,
-                medium,
-                address,
-                room_id,
-                user.to_string()
-            )
-        )
-        msg_handler = self.hs.get_handlers().message_handler
-        yield msg_handler.create_and_send_event(
-            {
-                "type": EventTypes.ThirdPartyInvite,
-                "content": {
-                    "display_name": display_name,
-                    "key_validity_url": key_validity_url,
-                    "public_key": public_key,
-                },
-                "room_id": room_id,
-                "sender": user.to_string(),
-                "state_key": token,
-            },
-            token_id=token_id,
-            txn_id=txn_id,
-        )
-
-    @defer.inlineCallbacks
-    def _ask_id_server_for_third_party_invite(
-            self, id_server, medium, address, room_id, sender):
-        is_url = "%s%s/_matrix/identity/api/v1/store-invite" % (
-            id_server_scheme, id_server,
-        )
-        data = yield self.hs.get_simple_http_client().post_urlencoded_get_json(
-            is_url,
-            {
-                "medium": medium,
-                "address": address,
-                "room_id": room_id,
-                "sender": sender,
-            }
-        )
-        # TODO: Check for success
-        token = data["token"]
-        public_key = data["public_key"]
-        display_name = data["display_name"]
-        key_validity_url = "%s%s/_matrix/identity/api/v1/pubkey/isvalid" % (
-            id_server_scheme, id_server,
-        )
-        defer.returnValue((token, public_key, key_validity_url, display_name))
-
-    def forget(self, user, room_id):
-        return self.store.forget(user.to_string(), room_id)
-

 class RoomListHandler(BaseHandler):

    @defer.inlineCallbacks
-    def get_public_room_list(self):
-        chunk = yield self.store.get_rooms(is_public=True)
+    def get_published_rooms(self):
+        chunk = yield self.store.get_published_rooms()
        results = yield defer.gatherResults(
            [
                self.store.get_users_in_room(room["room_id"])
@@ -778,79 +557,12 @@ class RoomListHandler(BaseHandler):
        defer.returnValue({"start": "START", "end": "END", "chunk": chunk})


-class RoomContextHandler(BaseHandler):
-    @defer.inlineCallbacks
-    def get_event_context(self, user, room_id, event_id, limit, is_guest):
-        """Retrieves events, pagination tokens and state around a given event
-        in a room.
-
-        Args:
-            user (UserID)
-            room_id (str)
-            event_id (str)
-            limit (int): The maximum number of events to return in total
-                (excluding state).
-
-        Returns:
-            dict
-        """
-        before_limit = math.floor(limit/2.)
-        after_limit = limit - before_limit
-
-        now_token = yield self.hs.get_event_sources().get_current_token()
-
-        results = yield self.store.get_events_around(
-            room_id, event_id, before_limit, after_limit
-        )
-
-        results["events_before"] = yield self._filter_events_for_client(
-            user.to_string(),
-            results["events_before"],
-            is_guest=is_guest,
-            require_all_visible_for_guests=False
-        )
-
-        results["events_after"] = yield self._filter_events_for_client(
-            user.to_string(),
-            results["events_after"],
-            is_guest=is_guest,
-            require_all_visible_for_guests=False
-        )
-
-        if results["events_after"]:
-            last_event_id = results["events_after"][-1].event_id
-        else:
-            last_event_id = event_id
-
-        state = yield self.store.get_state_for_events(
-            [last_event_id], None
-        )
-        results["state"] = state[last_event_id].values()
-
-        results["start"] = now_token.copy_and_replace(
-            "room_key", results["start"]
-        ).to_string()
-
-        results["end"] = now_token.copy_and_replace(
-            "room_key", results["end"]
-        ).to_string()
-
-        defer.returnValue(results)
-
-
 class RoomEventSource(object):
    def __init__(self, hs):
        self.store = hs.get_datastore()

    @defer.inlineCallbacks
-    def get_new_events(
-            self,
-            user,
-            from_key,
-            limit,
-            room_ids,
-            is_guest,
-    ):
+    def get_new_events_for_user(self, user, from_key, limit):
        # We just ignore the key for now.

        to_key = yield self.get_current_key()
@@ -870,9 +582,8 @@ class RoomEventSource(object):
                user_id=user.to_string(),
                from_key=from_key,
                to_key=to_key,
+                room_id=None,
                limit=limit,
-                room_ids=room_ids,
-                is_guest=is_guest,
            )

        defer.returnValue((events, end_key))
@@ -888,6 +599,7 @@ class RoomEventSource(object):
            to_key=config.to_key,
            direction=config.direction,
            limit=config.limit,
+            with_feedback=True
        )

        defer.returnValue((events, next_key))
--- a/synapse/handlers/search.py
+++ b/synapse/handlers/search.py
@@ -1,385 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from twisted.internet import defer
-
-from ._base import BaseHandler
-
-from synapse.api.constants import Membership, EventTypes
-from synapse.api.filtering import Filter
-from synapse.api.errors import SynapseError
-from synapse.events.utils import serialize_event
-
-from unpaddedbase64 import decode_base64, encode_base64
-
-import itertools
-import logging
-
-
-logger = logging.getLogger(__name__)
-
-
-class SearchHandler(BaseHandler):
-
-    def __init__(self, hs):
-        super(SearchHandler, self).__init__(hs)
-
-    @defer.inlineCallbacks
-    def search(self, user, content, batch=None):
-        """Performs a full text search for a user.
-
-        Args:
-            user (UserID)
-            content (dict): Search parameters
-            batch (str): The next_batch parameter. Used for pagination.
-
-        Returns:
-            dict to be returned to the client with results of search
-        """
-
-        batch_group = None
-        batch_group_key = None
-        batch_token = None
-        if batch:
-            try:
-                b = decode_base64(batch)
-                batch_group, batch_group_key, batch_token = b.split("\n")
-
-                assert batch_group is not None
-                assert batch_group_key is not None
-                assert batch_token is not None
-            except:
-                raise SynapseError(400, "Invalid batch")
-
-        try:
-            room_cat = content["search_categories"]["room_events"]
-
-            # The actual thing to query in FTS
-            search_term = room_cat["search_term"]
-
-            # Which "keys" to search over in FTS query
-            keys = room_cat.get("keys", [
-                "content.body", "content.name", "content.topic",
-            ])
-
-            # Filter to apply to results
-            filter_dict = room_cat.get("filter", {})
-
-            # What to order results by (impacts whether pagination can be doen)
-            order_by = room_cat.get("order_by", "rank")
-
-            # Return the current state of the rooms?
-            include_state = room_cat.get("include_state", False)
-
-            # Include context around each event?
-            event_context = room_cat.get(
-                "event_context", None
-            )
-
-            # Group results together? May allow clients to paginate within a
-            # group
-            group_by = room_cat.get("groupings", {}).get("group_by", {})
-            group_keys = [g["key"] for g in group_by]
-
-            if event_context is not None:
-                before_limit = int(event_context.get(
-                    "before_limit", 5
-                ))
-                after_limit = int(event_context.get(
-                    "after_limit", 5
-                ))
-
-                # Return the historic display name and avatar for the senders
-                # of the events?
-                include_profile = bool(event_context.get("include_profile", False))
-        except KeyError:
-            raise SynapseError(400, "Invalid search query")
-
-        if order_by not in ("rank", "recent"):
-            raise SynapseError(400, "Invalid order by: %r" % (order_by,))
-
-        if set(group_keys) - {"room_id", "sender"}:
-            raise SynapseError(
-                400,
-                "Invalid group by keys: %r" % (set(group_keys) - {"room_id", "sender"},)
-            )
-
-        search_filter = Filter(filter_dict)
-
-        # TODO: Search through left rooms too
-        rooms = yield self.store.get_rooms_for_user_where_membership_is(
-            user.to_string(),
-            membership_list=[Membership.JOIN],
-            # membership_list=[Membership.JOIN, Membership.LEAVE, Membership.Ban],
-        )
-        room_ids = set(r.room_id for r in rooms)
-
-        room_ids = search_filter.filter_rooms(room_ids)
-
-        if batch_group == "room_id":
-            room_ids.intersection_update({batch_group_key})
-
-        if not room_ids:
-            defer.returnValue({
-                "search_categories": {
-                    "room_events": {
-                        "results": [],
-                        "count": 0,
-                        "highlights": [],
-                    }
-                }
-            })
-
-        rank_map = {}  # event_id -> rank of event
-        allowed_events = []
-        room_groups = {}  # Holds result of grouping by room, if applicable
-        sender_group = {}  # Holds result of grouping by sender, if applicable
-
-        # Holds the next_batch for the entire result set if one of those exists
-        global_next_batch = None
-
-        highlights = set()
-
-        if order_by == "rank":
-            search_result = yield self.store.search_msgs(
-                room_ids, search_term, keys
-            )
-
-            if search_result["highlights"]:
-                highlights.update(search_result["highlights"])
-
-            results = search_result["results"]
-
-            results_map = {r["event"].event_id: r for r in results}
-
-            rank_map.update({r["event"].event_id: r["rank"] for r in results})
-
-            filtered_events = search_filter.filter([r["event"] for r in results])
-
-            events = yield self._filter_events_for_client(
-                user.to_string(), filtered_events
-            )
-
-            events.sort(key=lambda e: -rank_map[e.event_id])
-            allowed_events = events[:search_filter.limit()]
-
-            for e in allowed_events:
-                rm = room_groups.setdefault(e.room_id, {
-                    "results": [],
-                    "order": rank_map[e.event_id],
-                })
-                rm["results"].append(e.event_id)
-
-                s = sender_group.setdefault(e.sender, {
-                    "results": [],
-                    "order": rank_map[e.event_id],
-                })
-                s["results"].append(e.event_id)
-
-        elif order_by == "recent":
-            room_events = []
-            i = 0
-
-            pagination_token = batch_token
-
-            # We keep looping and we keep filtering until we reach the limit
-            # or we run out of things.
-            # But only go around 5 times since otherwise synapse will be sad.
-            while len(room_events) < search_filter.limit() and i < 5:
-                i += 1
-                search_result = yield self.store.search_rooms(
-                    room_ids, search_term, keys, search_filter.limit() * 2,
-                    pagination_token=pagination_token,
-                )
-
-                if search_result["highlights"]:
-                    highlights.update(search_result["highlights"])
-
-                results = search_result["results"]
-
-                results_map = {r["event"].event_id: r for r in results}
-
-                rank_map.update({r["event"].event_id: r["rank"] for r in results})
-
-                filtered_events = search_filter.filter([
-                    r["event"] for r in results
-                ])
-
-                events = yield self._filter_events_for_client(
-                    user.to_string(), filtered_events
-                )
-
-                room_events.extend(events)
-                room_events = room_events[:search_filter.limit()]
-
-                if len(results) < search_filter.limit() * 2:
-                    pagination_token = None
-                    break
-                else:
-                    pagination_token = results[-1]["pagination_token"]
-
-            for event in room_events:
-                group = room_groups.setdefault(event.room_id, {
-                    "results": [],
-                })
-                group["results"].append(event.event_id)
-
-            if room_events and len(room_events) >= search_filter.limit():
-                last_event_id = room_events[-1].event_id
-                pagination_token = results_map[last_event_id]["pagination_token"]
-
-                # We want to respect the given batch group and group keys so
-                # that if people blindly use the top level `next_batch` token
-                # it returns more from the same group (if applicable) rather
-                # than reverting to searching all results again.
-                if batch_group and batch_group_key:
-                    global_next_batch = encode_base64("%s\n%s\n%s" % (
-                        batch_group, batch_group_key, pagination_token
-                    ))
-                else:
-                    global_next_batch = encode_base64("%s\n%s\n%s" % (
-                        "all", "", pagination_token
-                    ))
-
-                for room_id, group in room_groups.items():
-                    group["next_batch"] = encode_base64("%s\n%s\n%s" % (
-                        "room_id", room_id, pagination_token
-                    ))
-
-            allowed_events.extend(room_events)
-
-        else:
-            # We should never get here due to the guard earlier.
-            raise NotImplementedError()
-
-        # If client has asked for "context" for each event (i.e. some surrounding
-        # events and state), fetch that
-        if event_context is not None:
-            now_token = yield self.hs.get_event_sources().get_current_token()
-
-            contexts = {}
-            for event in allowed_events:
-                res = yield self.store.get_events_around(
-                    event.room_id, event.event_id, before_limit, after_limit
-                )
-
-                res["events_before"] = yield self._filter_events_for_client(
-                    user.to_string(), res["events_before"]
-                )
-
-                res["events_after"] = yield self._filter_events_for_client(
-                    user.to_string(), res["events_after"]
-                )
-
-                res["start"] = now_token.copy_and_replace(
-                    "room_key", res["start"]
-                ).to_string()
-
-                res["end"] = now_token.copy_and_replace(
-                    "room_key", res["end"]
-                ).to_string()
-
-                if include_profile:
-                    senders = set(
-                        ev.sender
-                        for ev in itertools.chain(
-                            res["events_before"], [event], res["events_after"]
-                        )
-                    )
-
-                    if res["events_after"]:
-                        last_event_id = res["events_after"][-1].event_id
-                    else:
-                        last_event_id = event.event_id
-
-                    state = yield self.store.get_state_for_event(
-                        last_event_id,
-                        types=[(EventTypes.Member, sender) for sender in senders]
-                    )
-
-                    res["profile_info"] = {
-                        s.state_key: {
-                            "displayname": s.content.get("displayname", None),
-                            "avatar_url": s.content.get("avatar_url", None),
-                        }
-                        for s in state.values()
-                        if s.type == EventTypes.Member and s.state_key in senders
-                    }
-
-                contexts[event.event_id] = res
-        else:
-            contexts = {}
-
-        # TODO: Add a limit
-
-        time_now = self.clock.time_msec()
-
-        for context in contexts.values():
-            context["events_before"] = [
-                serialize_event(e, time_now)
-                for e in context["events_before"]
-            ]
-            context["events_after"] = [
-                serialize_event(e, time_now)
-                for e in context["events_after"]
-            ]
-
-        state_results = {}
-        if include_state:
-            rooms = set(e.room_id for e in allowed_events)
-            for room_id in rooms:
-                state = yield self.state_handler.get_current_state(room_id)
-                state_results[room_id] = state.values()
-
-            state_results.values()
-
-        # We're now about to serialize the events. We should not make any
-        # blocking calls after this. Otherwise the 'age' will be wrong
-
-        results = [
-            {
-                "rank": rank_map[e.event_id],
-                "result": serialize_event(e, time_now),
-                "context": contexts.get(e.event_id, {}),
-            }
-            for e in allowed_events
-        ]
-
-        rooms_cat_res = {
-            "results": results,
-            "count": len(results),
-            "highlights": list(highlights),
-        }
-
-        if state_results:
-            rooms_cat_res["state"] = {
-                room_id: [serialize_event(e, time_now) for e in state]
-                for room_id, state in state_results.items()
-            }
-
-        if room_groups and "room_id" in group_keys:
-            rooms_cat_res.setdefault("groups", {})["room_id"] = room_groups
-
-        if sender_group and "sender" in group_keys:
-            rooms_cat_res.setdefault("groups", {})["sender"] = sender_group
-
-        if global_next_batch:
-            rooms_cat_res["next_batch"] = global_next_batch
-
-        defer.returnValue({
-            "search_categories": {
-                "room_events": rooms_cat_res
-            }
-        })
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@@ -17,7 +17,6 @@ from ._base import BaseHandler

 from synapse.streams.config import PaginationConfig
 from synapse.api.constants import Membership, EventTypes
-from synapse.util import unwrapFirstError

 from twisted.internet import defer

@@ -29,30 +28,23 @@ logger = logging.getLogger(__name__)

 SyncConfig = collections.namedtuple("SyncConfig", [
    "user",
+    "client_info",
+    "limit",
+    "gap",
+    "sort",
+    "backfill",
    "filter",
 ])


-class TimelineBatch(collections.namedtuple("TimelineBatch", [
-    "prev_batch",
-    "events",
+class RoomSyncResult(collections.namedtuple("RoomSyncResult", [
+    "room_id",
    "limited",
-])):
-    __slots__ = []
-
-    def __nonzero__(self):
-        """Make the result appear empty if there are no updates. This is used
-        to tell if room needs to be part of the sync result.
-        """
-        return bool(self.events)
-
-
-class JoinedSyncResult(collections.namedtuple("JoinedSyncResult", [
-    "room_id",           # str
-    "timeline",          # TimelineBatch
-    "state",             # dict[(str, str), FrozenEvent]
+    "published",
+    "events",
+    "state",
+    "prev_batch",
    "ephemeral",
-    "account_data",
 ])):
    __slots__ = []

@@ -60,51 +52,14 @@ class JoinedSyncResult(collections.namedtuple("JoinedSyncResult", [
        """Make the result appear empty if there are no updates. This is used
        to tell if room needs to be part of the sync result.
        """
-        return bool(
-            self.timeline
-            or self.state
-            or self.ephemeral
-            or self.account_data
-        )
-
-
-class ArchivedSyncResult(collections.namedtuple("JoinedSyncResult", [
-    "room_id",            # str
-    "timeline",           # TimelineBatch
-    "state",              # dict[(str, str), FrozenEvent]
-    "account_data",
-])):
-    __slots__ = []
-
-    def __nonzero__(self):
-        """Make the result appear empty if there are no updates. This is used
-        to tell if room needs to be part of the sync result.
-        """
-        return bool(
-            self.timeline
-            or self.state
-            or self.account_data
-        )
-
-
-class InvitedSyncResult(collections.namedtuple("InvitedSyncResult", [
-    "room_id",   # str
-    "invite",    # FrozenEvent: the invite event
-])):
-    __slots__ = []
-
-    def __nonzero__(self):
-        """Invited rooms should always be reported to the client"""
-        return True
+        return bool(self.events or self.state or self.ephemeral)


 class SyncResult(collections.namedtuple("SyncResult", [
    "next_batch",  # Token for the next sync
-    "presence",  # List of presence events for the user.
-    "account_data",  # List of account_data events for the user.
-    "joined",  # JoinedSyncResult for each joined room.
-    "invited",  # InvitedSyncResult for each invited room.
-    "archived",  # ArchivedSyncResult for each archived room.
+    "private_user_data",  # List of private events for the user.
+    "public_user_data",  # List of public events for all users.
+    "rooms",  # RoomSyncResult for each room.
 ])):
    __slots__ = []

@@ -114,7 +69,7 @@ class SyncResult(collections.namedtuple("SyncResult", [
        events.
        """
        return bool(
-            self.presence or self.joined or self.invited
+            self.private_user_data or self.public_user_data or self.rooms
        )


@@ -126,57 +81,57 @@ class SyncHandler(BaseHandler):
        self.clock = hs.get_clock()

    @defer.inlineCallbacks
-    def wait_for_sync_for_user(self, sync_config, since_token=None, timeout=0,
-                               full_state=False):
+    def wait_for_sync_for_user(self, sync_config, since_token=None, timeout=0):
        """Get the sync for a client if we have new data for it now. Otherwise
        wait for new data to arrive on the server. If the timeout expires, then
        return an empty sync result.
        Returns:
            A Deferred SyncResult.
        """
-
-        if timeout == 0 or since_token is None or full_state:
-            # we are going to return immediately, so don't bother calling
-            # notifier.wait_for_events.
-            result = yield self.current_sync_for_user(sync_config, since_token,
-                                                      full_state=full_state)
+        if timeout == 0 or since_token is None:
+            result = yield self.current_sync_for_user(sync_config, since_token)
            defer.returnValue(result)
        else:
            def current_sync_callback(before_token, after_token):
                return self.current_sync_for_user(sync_config, since_token)

+            rm_handler = self.hs.get_handlers().room_member_handler
+            room_ids = yield rm_handler.get_joined_rooms_for_user(
+                sync_config.user
+            )
            result = yield self.notifier.wait_for_events(
-                sync_config.user, timeout, current_sync_callback,
-                from_token=since_token
+                sync_config.user, room_ids,
+                sync_config.filter, timeout, current_sync_callback
            )
            defer.returnValue(result)

-    def current_sync_for_user(self, sync_config, since_token=None,
-                              full_state=False):
+    def current_sync_for_user(self, sync_config, since_token=None):
        """Get the sync for client needed to match what the server has now.
        Returns:
            A Deferred SyncResult.
        """
-        if since_token is None or full_state:
-            return self.full_state_sync(sync_config, since_token)
+        if since_token is None:
+            return self.initial_sync(sync_config)
        else:
-            return self.incremental_sync_with_gap(sync_config, since_token)
+            if sync_config.gap:
+                return self.incremental_sync_with_gap(sync_config, since_token)
+            else:
+                # TODO(mjark): Handle gapless sync
+                raise NotImplementedError()

    @defer.inlineCallbacks
-    def full_state_sync(self, sync_config, timeline_since_token):
-        """Get a sync for a client which is starting without any state.
-
-        If a 'message_since_token' is given, only timeline events which have
-        happened since that token will be returned.
-
+    def initial_sync(self, sync_config):
+        """Get a sync for a client which is starting without any state
        Returns:
            A Deferred SyncResult.
        """
-        now_token = yield self.event_sources.get_current_token()
+        if sync_config.sort == "timeline,desc":
+            # TODO(mjark): Handle going through events in reverse order?.
+            # What does "most recent events" mean when applying the limits mean
+            # in this case?
+            raise NotImplementedError()

-        now_token, ephemeral_by_room = yield self.ephemeral_by_room(
-            sync_config, now_token
-        )
+        now_token = yield self.event_sources.get_current_token()

        presence_stream = self.event_sources.sources["presence"]
        # TODO (mjark): This looks wrong, shouldn't we be getting the presence
@@ -187,218 +142,53 @@ class SyncHandler(BaseHandler):
            pagination_config=pagination_config.get_source_config("presence"),
            key=None
        )
-
-        membership_list = (Membership.INVITE, Membership.JOIN)
-        if sync_config.filter.include_leave:
-            membership_list += (Membership.LEAVE, Membership.BAN)
-
        room_list = yield self.store.get_rooms_for_user_where_membership_is(
            user_id=sync_config.user.to_string(),
-            membership_list=membership_list
+            membership_list=[Membership.INVITE, Membership.JOIN]
        )

-        account_data, account_data_by_room = (
-            yield self.store.get_account_data_for_user(
-                sync_config.user.to_string()
-            )
-        )
+        published_rooms = yield self.store.get_published_rooms()
+        published_room_ids = set(r["room_id"] for r in published_rooms)

-        tags_by_room = yield self.store.get_tags_for_user(
-            sync_config.user.to_string()
-        )
-
-        joined = []
-        invited = []
-        archived = []
-        deferreds = []
+        rooms = []
        for event in room_list:
-            if event.membership == Membership.JOIN:
-                room_sync_deferred = self.full_state_sync_for_joined_room(
-                    room_id=event.room_id,
-                    sync_config=sync_config,
-                    now_token=now_token,
-                    timeline_since_token=timeline_since_token,
-                    ephemeral_by_room=ephemeral_by_room,
-                    tags_by_room=tags_by_room,
-                    account_data_by_room=account_data_by_room,
-                )
-                room_sync_deferred.addCallback(joined.append)
-                deferreds.append(room_sync_deferred)
-            elif event.membership == Membership.INVITE:
-                invite = yield self.store.get_event(event.event_id)
-                invited.append(InvitedSyncResult(
-                    room_id=event.room_id,
-                    invite=invite,
-                ))
-            elif event.membership in (Membership.LEAVE, Membership.BAN):
-                leave_token = now_token.copy_and_replace(
-                    "room_key", "s%d" % (event.stream_ordering,)
-                )
-                room_sync_deferred = self.full_state_sync_for_archived_room(
-                    sync_config=sync_config,
-                    room_id=event.room_id,
-                    leave_event_id=event.event_id,
-                    leave_token=leave_token,
-                    timeline_since_token=timeline_since_token,
-                    tags_by_room=tags_by_room,
-                    account_data_by_room=account_data_by_room,
-                )
-                room_sync_deferred.addCallback(archived.append)
-                deferreds.append(room_sync_deferred)
-
-        yield defer.gatherResults(
-            deferreds, consumeErrors=True
-        ).addErrback(unwrapFirstError)
+            room_sync = yield self.initial_sync_for_room(
+                event.room_id, sync_config, now_token, published_room_ids
+            )
+            rooms.append(room_sync)

        defer.returnValue(SyncResult(
-            presence=presence,
-            account_data=self.account_data_for_user(account_data),
-            joined=joined,
-            invited=invited,
-            archived=archived,
+            public_user_data=presence,
+            private_user_data=[],
+            rooms=rooms,
            next_batch=now_token,
        ))

    @defer.inlineCallbacks
-    def full_state_sync_for_joined_room(self, room_id, sync_config,
-                                        now_token, timeline_since_token,
-                                        ephemeral_by_room, tags_by_room,
-                                        account_data_by_room):
+    def initial_sync_for_room(self, room_id, sync_config, now_token,
+                              published_room_ids):
        """Sync a room for a client which is starting without any state
        Returns:
-            A Deferred JoinedSyncResult.
+            A Deferred RoomSyncResult.
        """

-        batch = yield self.load_filtered_recents(
-            room_id, sync_config, now_token, since_token=timeline_since_token
+        recents, prev_batch_token, limited = yield self.load_filtered_recents(
+            room_id, sync_config, now_token,
        )

-        current_state = yield self.get_state_at(room_id, now_token)
+        current_state = yield self.state_handler.get_current_state(
+            room_id
+        )
+        current_state_events = current_state.values()

-        defer.returnValue(JoinedSyncResult(
+        defer.returnValue(RoomSyncResult(
            room_id=room_id,
-            timeline=batch,
-            state=current_state,
-            ephemeral=ephemeral_by_room.get(room_id, []),
-            account_data=self.account_data_for_room(
-                room_id, tags_by_room, account_data_by_room
-            ),
-        ))
-
-    def account_data_for_user(self, account_data):
-        account_data_events = []
-
-        for account_data_type, content in account_data.items():
-            account_data_events.append({
-                "type": account_data_type,
-                "content": content,
-            })
-
-        return account_data_events
-
-    def account_data_for_room(self, room_id, tags_by_room, account_data_by_room):
-        account_data_events = []
-        tags = tags_by_room.get(room_id)
-        if tags is not None:
-            account_data_events.append({
-                "type": "m.tag",
-                "content": {"tags": tags},
-            })
-
-        account_data = account_data_by_room.get(room_id, {})
-        for account_data_type, content in account_data.items():
-            account_data_events.append({
-                "type": account_data_type,
-                "content": content,
-            })
-
-        return account_data_events
-
-    @defer.inlineCallbacks
-    def ephemeral_by_room(self, sync_config, now_token, since_token=None):
-        """Get the ephemeral events for each room the user is in
-        Args:
-            sync_config (SyncConfig): The flags, filters and user for the sync.
-            now_token (StreamToken): Where the server is currently up to.
-            since_token (StreamToken): Where the server was when the client
-                last synced.
-        Returns:
-            A tuple of the now StreamToken, updated to reflect the which typing
-            events are included, and a dict mapping from room_id to a list of
-            typing events for that room.
-        """
-
-        typing_key = since_token.typing_key if since_token else "0"
-
-        rooms = yield self.store.get_rooms_for_user(sync_config.user.to_string())
-        room_ids = [room.room_id for room in rooms]
-
-        typing_source = self.event_sources.sources["typing"]
-        typing, typing_key = yield typing_source.get_new_events(
-            user=sync_config.user,
-            from_key=typing_key,
-            limit=sync_config.filter.ephemeral_limit(),
-            room_ids=room_ids,
-            is_guest=False,
-        )
-        now_token = now_token.copy_and_replace("typing_key", typing_key)
-
-        ephemeral_by_room = {}
-
-        for event in typing:
-            # we want to exclude the room_id from the event, but modifying the
-            # result returned by the event source is poor form (it might cache
-            # the object)
-            room_id = event["room_id"]
-            event_copy = {k: v for (k, v) in event.iteritems()
-                          if k != "room_id"}
-            ephemeral_by_room.setdefault(room_id, []).append(event_copy)
-
-        receipt_key = since_token.receipt_key if since_token else "0"
-
-        receipt_source = self.event_sources.sources["receipt"]
-        receipts, receipt_key = yield receipt_source.get_new_events(
-            user=sync_config.user,
-            from_key=receipt_key,
-            limit=sync_config.filter.ephemeral_limit(),
-            room_ids=room_ids,
-            # /sync doesn't support guest access, they can't get to this point in code
-            is_guest=False,
-        )
-        now_token = now_token.copy_and_replace("receipt_key", receipt_key)
-
-        for event in receipts:
-            room_id = event["room_id"]
-            # exclude room id, as above
-            event_copy = {k: v for (k, v) in event.iteritems()
-                          if k != "room_id"}
-            ephemeral_by_room.setdefault(room_id, []).append(event_copy)
-
-        defer.returnValue((now_token, ephemeral_by_room))
-
-    @defer.inlineCallbacks
-    def full_state_sync_for_archived_room(self, room_id, sync_config,
-                                          leave_event_id, leave_token,
-                                          timeline_since_token, tags_by_room,
-                                          account_data_by_room):
-        """Sync a room for a client which is starting without any state
-        Returns:
-            A Deferred JoinedSyncResult.
-        """
-
-        batch = yield self.load_filtered_recents(
-            room_id, sync_config, leave_token, since_token=timeline_since_token
-        )
-
-        leave_state = yield self.store.get_state_for_event(leave_event_id)
-
-        defer.returnValue(ArchivedSyncResult(
-            room_id=room_id,
-            timeline=batch,
-            state=leave_state,
-            account_data=self.account_data_for_room(
-                room_id, tags_by_room, account_data_by_room
-            ),
+            published=room_id in published_room_ids,
+            events=recents,
+            prev_batch=prev_batch_token,
+            state=current_state_events,
+            limited=limited,
+            ephemeral=[],
        ))

    @defer.inlineCallbacks
@@ -408,88 +198,60 @@ class SyncHandler(BaseHandler):
        Returns:
            A Deferred SyncResult.
        """
+        if sync_config.sort == "timeline,desc":
+            # TODO(mjark): Handle going through events in reverse order?.
+            # What does "most recent events" mean when applying the limits mean
+            # in this case?
+            raise NotImplementedError()
+
        now_token = yield self.event_sources.get_current_token()

-        rooms = yield self.store.get_rooms_for_user(sync_config.user.to_string())
-        room_ids = [room.room_id for room in rooms]
-
        presence_source = self.event_sources.sources["presence"]
-        presence, presence_key = yield presence_source.get_new_events(
+        presence, presence_key = yield presence_source.get_new_events_for_user(
            user=sync_config.user,
            from_key=since_token.presence_key,
-            limit=sync_config.filter.presence_limit(),
-            room_ids=room_ids,
-            # /sync doesn't support guest access, they can't get to this point in code
-            is_guest=False,
+            limit=sync_config.limit,
        )
        now_token = now_token.copy_and_replace("presence_key", presence_key)

-        now_token, ephemeral_by_room = yield self.ephemeral_by_room(
-            sync_config, now_token, since_token
+        typing_source = self.event_sources.sources["typing"]
+        typing, typing_key = yield typing_source.get_new_events_for_user(
+            user=sync_config.user,
+            from_key=since_token.typing_key,
+            limit=sync_config.limit,
        )
+        now_token = now_token.copy_and_replace("typing_key", typing_key)
+
+        typing_by_room = {event["room_id"]: [event] for event in typing}
+        for event in typing:
+            event.pop("room_id")
+        logger.debug("Typing %r", typing_by_room)

        rm_handler = self.hs.get_handlers().room_member_handler
-        app_service = yield self.store.get_app_service_by_user_id(
-            sync_config.user.to_string()
-        )
-        if app_service:
-            rooms = yield self.store.get_app_service_rooms(app_service)
-            joined_room_ids = set(r.room_id for r in rooms)
-        else:
-            joined_room_ids = yield rm_handler.get_joined_rooms_for_user(
-                sync_config.user
-            )
+        room_ids = yield rm_handler.get_joined_rooms_for_user(sync_config.user)

-        timeline_limit = sync_config.filter.timeline_limit()
+        published_rooms = yield self.store.get_published_rooms()
+        published_room_ids = set(r["room_id"] for r in published_rooms)

        room_events, _ = yield self.store.get_room_events_stream(
            sync_config.user.to_string(),
            from_key=since_token.room_key,
            to_key=now_token.room_key,
-            limit=timeline_limit + 1,
+            room_id=None,
+            limit=sync_config.limit + 1,
        )

-        tags_by_room = yield self.store.get_updated_tags(
-            sync_config.user.to_string(),
-            since_token.account_data_key,
-        )
-
-        account_data, account_data_by_room = (
-            yield self.store.get_updated_account_data_for_user(
-                sync_config.user.to_string(),
-                since_token.account_data_key,
-            )
-        )
-
-        joined = []
-        archived = []
-        if len(room_events) <= timeline_limit:
+        rooms = []
+        if len(room_events) <= sync_config.limit:
            # There is no gap in any of the rooms. Therefore we can just
            # partition the new events by room and return them.
-            logger.debug("Got %i events for incremental sync - not limited",
-                         len(room_events))
-
-            invite_events = []
-            leave_events = []
            events_by_room_id = {}
            for event in room_events:
                events_by_room_id.setdefault(event.room_id, []).append(event)
-                if event.room_id not in joined_room_ids:
-                    if (event.type == EventTypes.Member
-                            and event.state_key == sync_config.user.to_string()):
-                        if event.membership == Membership.INVITE:
-                            invite_events.append(event)
-                        elif event.membership in (Membership.LEAVE, Membership.BAN):
-                            leave_events.append(event)

-            for room_id in joined_room_ids:
+            for room_id in room_ids:
                recents = events_by_room_id.get(room_id, [])
-                logger.debug("Events for room %s: %r", room_id, recents)
-                state = {
-                    (event.type, event.state_key): event
-                    for event in recents if event.is_state()}
-                limited = False
-
+                state = [event for event in recents if event.is_state()]
                if recents:
                    prev_batch = now_token.copy_and_replace(
                        "room_key", recents[0].internal_metadata.before
@@ -497,89 +259,49 @@ class SyncHandler(BaseHandler):
                else:
                    prev_batch = now_token

-                just_joined = yield self.check_joined_room(sync_config, state)
-                if just_joined:
-                    logger.debug("User has just joined %s: needs full state",
-                                 room_id)
-                    state = yield self.get_state_at(room_id, now_token)
-                    # the timeline is inherently limited if we've just joined
-                    limited = True
-
-                room_sync = JoinedSyncResult(
-                    room_id=room_id,
-                    timeline=TimelineBatch(
-                        events=recents,
-                        prev_batch=prev_batch,
-                        limited=limited,
-                    ),
-                    state=state,
-                    ephemeral=ephemeral_by_room.get(room_id, []),
-                    account_data=self.account_data_for_room(
-                        room_id, tags_by_room, account_data_by_room
-                    ),
+                state = yield self.check_joined_room(
+                    sync_config, room_id, state
                )
-                logger.debug("Result for room %s: %r", room_id, room_sync)

+                room_sync = RoomSyncResult(
+                    room_id=room_id,
+                    published=room_id in published_room_ids,
+                    events=recents,
+                    prev_batch=prev_batch,
+                    state=state,
+                    limited=False,
+                    ephemeral=typing_by_room.get(room_id, [])
+                )
                if room_sync:
-                    joined.append(room_sync)
-
+                    rooms.append(room_sync)
        else:
-            logger.debug("Got %i events for incremental sync - hit limit",
-                         len(room_events))
-
-            invite_events = yield self.store.get_invites_for_user(
-                sync_config.user.to_string()
-            )
-
-            leave_events = yield self.store.get_leave_and_ban_events_for_user(
-                sync_config.user.to_string()
-            )
-
-            for room_id in joined_room_ids:
+            for room_id in room_ids:
                room_sync = yield self.incremental_sync_with_gap_for_room(
                    room_id, sync_config, since_token, now_token,
-                    ephemeral_by_room, tags_by_room, account_data_by_room
+                    published_room_ids, typing_by_room
                )
                if room_sync:
-                    joined.append(room_sync)
-
-        for leave_event in leave_events:
-            room_sync = yield self.incremental_sync_for_archived_room(
-                sync_config, leave_event, since_token, tags_by_room,
-                account_data_by_room
-            )
-            archived.append(room_sync)
-
-        invited = [
-            InvitedSyncResult(room_id=event.room_id, invite=event)
-            for event in invite_events
-        ]
+                    rooms.append(room_sync)

        defer.returnValue(SyncResult(
-            presence=presence,
-            account_data=self.account_data_for_user(account_data),
-            joined=joined,
-            invited=invited,
-            archived=archived,
+            public_user_data=presence,
+            private_user_data=[],
+            rooms=rooms,
            next_batch=now_token,
        ))

    @defer.inlineCallbacks
    def load_filtered_recents(self, room_id, sync_config, now_token,
                              since_token=None):
-        """
-        :returns a Deferred TimelineBatch
-        """
        limited = True
        recents = []
        filtering_factor = 2
-        timeline_limit = sync_config.filter.timeline_limit()
-        load_limit = max(timeline_limit * filtering_factor, 100)
+        load_limit = max(sync_config.limit * filtering_factor, 100)
        max_repeat = 3  # Only try a few times per room, otherwise
        room_key = now_token.room_key
        end_key = room_key

-        while limited and len(recents) < timeline_limit and max_repeat:
+        while limited and len(recents) < sync_config.limit and max_repeat:
            events, keys = yield self.store.get_recent_events_for_room(
                room_id,
                limit=load_limit + 1,
@@ -588,124 +310,71 @@ class SyncHandler(BaseHandler):
            )
            (room_key, _) = keys
            end_key = "s" + room_key.split('-')[-1]
-            loaded_recents = sync_config.filter.filter_room_timeline(events)
-            loaded_recents = yield self._filter_events_for_client(
-                sync_config.user.to_string(), loaded_recents,
-            )
+            loaded_recents = sync_config.filter.filter_room_events(events)
            loaded_recents.extend(recents)
            recents = loaded_recents
            if len(events) <= load_limit:
                limited = False
            max_repeat -= 1

-        if len(recents) > timeline_limit:
-            limited = True
-            recents = recents[-timeline_limit:]
+        if len(recents) > sync_config.limit:
+            recents = recents[-sync_config.limit:]
            room_key = recents[0].internal_metadata.before

        prev_batch_token = now_token.copy_and_replace(
            "room_key", room_key
        )

-        defer.returnValue(TimelineBatch(
-            events=recents, prev_batch=prev_batch_token, limited=limited
-        ))
+        defer.returnValue((recents, prev_batch_token, limited))

    @defer.inlineCallbacks
    def incremental_sync_with_gap_for_room(self, room_id, sync_config,
                                           since_token, now_token,
-                                           ephemeral_by_room, tags_by_room,
-                                           account_data_by_room):
+                                           published_room_ids, typing_by_room):
        """ Get the incremental delta needed to bring the client up to date for
        the room. Gives the client the most recent events and the changes to
        state.
        Returns:
-            A Deferred JoinedSyncResult
+            A Deferred RoomSyncResult
        """
-        logger.debug("Doing incremental sync for room %s between %s and %s",
-                     room_id, since_token, now_token)

        # TODO(mjark): Check for redactions we might have missed.

-        batch = yield self.load_filtered_recents(
+        recents, prev_batch_token, limited = yield self.load_filtered_recents(
            room_id, sync_config, now_token, since_token,
        )

-        logging.debug("Recents %r", batch)
+        logging.debug("Recents %r", recents)

-        current_state = yield self.get_state_at(room_id, now_token)
-
-        state_at_previous_sync = yield self.get_state_at(
-            room_id, stream_position=since_token
+        # TODO(mjark): This seems racy since this isn't being passed a
+        # token to indicate what point in the stream this is
+        current_state = yield self.state_handler.get_current_state(
+            room_id
        )
+        current_state_events = current_state.values()

-        state = yield self.compute_state_delta(
-            since_token=since_token,
-            previous_state=state_at_previous_sync,
-            current_state=current_state,
-        )
-
-        just_joined = yield self.check_joined_room(sync_config, state)
-        if just_joined:
-            state = yield self.get_state_at(room_id, now_token)
-
-        room_sync = JoinedSyncResult(
-            room_id=room_id,
-            timeline=batch,
-            state=state,
-            ephemeral=ephemeral_by_room.get(room_id, []),
-            account_data=self.account_data_for_room(
-                room_id, tags_by_room, account_data_by_room
-            ),
-        )
-
-        logging.debug("Room sync: %r", room_sync)
-
-        defer.returnValue(room_sync)
-
-    @defer.inlineCallbacks
-    def incremental_sync_for_archived_room(self, sync_config, leave_event,
-                                           since_token, tags_by_room,
-                                           account_data_by_room):
-        """ Get the incremental delta needed to bring the client up to date for
-        the archived room.
-        Returns:
-            A Deferred ArchivedSyncResult
-        """
-
-        stream_token = yield self.store.get_stream_token_for_event(
-            leave_event.event_id
-        )
-
-        leave_token = since_token.copy_and_replace("room_key", stream_token)
-
-        batch = yield self.load_filtered_recents(
-            leave_event.room_id, sync_config, leave_token, since_token,
-        )
-
-        logging.debug("Recents %r", batch)
-
-        state_events_at_leave = yield self.store.get_state_for_event(
-            leave_event.event_id
-        )
-
-        state_at_previous_sync = yield self.get_state_at(
-            leave_event.room_id, stream_position=since_token
+        state_at_previous_sync = yield self.get_state_at_previous_sync(
+            room_id, since_token=since_token
        )

        state_events_delta = yield self.compute_state_delta(
            since_token=since_token,
            previous_state=state_at_previous_sync,
-            current_state=state_events_at_leave,
+            current_state=current_state_events,
        )

-        room_sync = ArchivedSyncResult(
-            room_id=leave_event.room_id,
-            timeline=batch,
+        state_events_delta = yield self.check_joined_room(
+            sync_config, room_id, state_events_delta
+        )
+
+        room_sync = RoomSyncResult(
+            room_id=room_id,
+            published=room_id in published_room_ids,
+            events=recents,
+            prev_batch=prev_batch_token,
            state=state_events_delta,
-            account_data=self.account_data_for_room(
-                leave_event.room_id, tags_by_room, account_data_by_room
-            ),
+            limited=limited,
+            ephemeral=typing_by_room.get(room_id, [])
        )

        logging.debug("Room sync: %r", room_sync)
@@ -713,77 +382,58 @@ class SyncHandler(BaseHandler):
        defer.returnValue(room_sync)

    @defer.inlineCallbacks
-    def get_state_after_event(self, event):
-        """
-        Get the room state after the given event
-
-        :param synapse.events.EventBase event: event of interest
-        :return: A Deferred map from ((type, state_key)->Event)
-        """
-        state = yield self.store.get_state_for_event(event.event_id)
-        if event.is_state():
-            state = state.copy()
-            state[(event.type, event.state_key)] = event
-        defer.returnValue(state)
-
-    @defer.inlineCallbacks
-    def get_state_at(self, room_id, stream_position):
-        """ Get the room state at a particular stream position
-        :param str room_id: room for which to get state
-        :param StreamToken stream_position: point at which to get state
-        :returns: A Deferred map from ((type, state_key)->Event)
+    def get_state_at_previous_sync(self, room_id, since_token):
+        """ Get the room state at the previous sync the client made.
+        Returns:
+            A Deferred list of Events.
        """
        last_events, token = yield self.store.get_recent_events_for_room(
-            room_id, end_token=stream_position.room_key, limit=1,
+            room_id, end_token=since_token.room_key, limit=1,
        )

        if last_events:
-            last_event = last_events[-1]
-            state = yield self.get_state_after_event(last_event)
-
+            last_event = last_events[0]
+            last_context = yield self.state_handler.compute_event_context(
+                last_event
+            )
+            if last_event.is_state():
+                state = [last_event] + last_context.current_state.values()
+            else:
+                state = last_context.current_state.values()
        else:
-            # no events in this room - so presumably no state
-            state = {}
+            state = ()
        defer.returnValue(state)

    def compute_state_delta(self, since_token, previous_state, current_state):
        """ Works out the differnce in state between the current state and the
        state the client got when it last performed a sync.
-
-        :param str since_token: the point we are comparing against
-        :param dict[(str,str), synapse.events.FrozenEvent] previous_state: the
-            state to compare to
-        :param dict[(str,str), synapse.events.FrozenEvent] current_state: the
-            new state
-
-        :returns A new event dictionary
+        Returns:
+            A list of events.
        """
        # TODO(mjark) Check if the state events were received by the server
        # after the previous sync, since we need to include those state
        # updates even if they occured logically before the previous event.
        # TODO(mjark) Check for new redactions in the state events.
-
-        state_delta = {}
-        for key, event in current_state.iteritems():
-            if (key not in previous_state or
-                    previous_state[key].event_id != event.event_id):
-                state_delta[key] = event
+        previous_dict = {event.event_id: event for event in previous_state}
+        state_delta = []
+        for event in current_state:
+            if event.event_id not in previous_dict:
+                state_delta.append(event)
        return state_delta

-    def check_joined_room(self, sync_config, state_delta):
-        """
-        Check if the user has just joined the given room (so should
-        be given the full state)
+    @defer.inlineCallbacks
+    def check_joined_room(self, sync_config, room_id, state_delta):
+        joined = False
+        for event in state_delta:
+            if (
+                event.type == EventTypes.Member
+                and event.state_key == sync_config.user.to_string()
+            ):
+                if event.content["membership"] == Membership.JOIN:
+                    joined = True

-        :param sync_config:
-        :param dict[(str,str), synapse.events.FrozenEvent] state_delta: the
-           difference in state since the last sync
+        if joined:
+            res = yield self.state_handler.get_current_state(room_id)
+            state_delta = res.values()

-        :returns A deferred Tuple (state_delta, limited)
-        """
-        join_event = state_delta.get((
-            EventTypes.Member, sync_config.user.to_string()), None)
-        if join_event is not None:
-            if join_event.content["membership"] == Membership.JOIN:
-                return True
-        return False
+        defer.returnValue(state_delta)
--- a/synapse/handlers/typing.py
+++ b/synapse/handlers/typing.py
@@ -204,17 +204,21 @@ class TypingNotificationHandler(BaseHandler):
            )

    def _push_update_local(self, room_id, user, typing):
-        room_set = self._room_typing.setdefault(room_id, set())
+        if room_id not in self._room_serials:
+            self._room_serials[room_id] = 0
+            self._room_typing[room_id] = set()
+
+        room_set = self._room_typing[room_id]
        if typing:
            room_set.add(user)
-        else:
-            room_set.discard(user)
+        elif user in room_set:
+            room_set.remove(user)

        self._latest_room_serial += 1
        self._room_serials[room_id] = self._latest_room_serial

        with PreserveLoggingContext():
-            self.notifier.on_new_event(
+            self.notifier.on_new_user_event(
                "typing_key", self._latest_room_serial, rooms=[room_id]
            )

@@ -246,20 +250,25 @@ class TypingNotificationEventSource(object):
            },
        }

-    def get_new_events(self, from_key, room_ids, **kwargs):
+    @defer.inlineCallbacks
+    def get_new_events_for_user(self, user, from_key, limit):
        from_key = int(from_key)
        handler = self.handler()

+        joined_room_ids = (
+            yield self.room_member_handler().get_joined_rooms_for_user(user)
+        )
+
        events = []
-        for room_id in room_ids:
-            if room_id not in handler._room_serials:
+        for room_id in handler._room_serials:
+            if room_id not in joined_room_ids:
                continue
            if handler._room_serials[room_id] <= from_key:
                continue

            events.append(self._make_event_for(room_id))

-        return events, handler._latest_room_serial
+        defer.returnValue((events, handler._latest_room_serial))

    def get_current_key(self):
        return self.handler()._latest_room_serial
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -12,18 +12,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-from OpenSSL import SSL
-from OpenSSL.SSL import VERIFY_NONE

 from synapse.api.errors import CodeMessageException
 from synapse.util.logcontext import preserve_context_over_fn
+from syutil.jsonutil import encode_canonical_json
 import synapse.metrics

-from canonicaljson import encode_canonical_json
-
-from twisted.internet import defer, reactor, ssl
+from twisted.internet import defer, reactor
 from twisted.web.client import (
    Agent, readBody, FileBodyProducer, PartialDownloadError,
+    HTTPConnectionPool,
 )
 from twisted.web.http_headers import Headers

@@ -58,40 +56,26 @@ class SimpleHttpClient(object):
        # The default context factory in Twisted 14.0.0 (which we require) is
        # BrowserLikePolicyForHTTPS which will do regular cert validation
        # 'like a browser'
-        self.agent = Agent(
-            reactor,
-            connectTimeout=15,
-            contextFactory=hs.get_http_client_context_factory()
-        )
-        self.user_agent = hs.version_string
-        if hs.config.user_agent_suffix:
-            self.user_agent = "%s %s" % (self.user_agent, hs.config.user_agent_suffix,)
+        pool = HTTPConnectionPool(reactor)
+        pool.maxPersistentPerHost = 10
+        self.agent = Agent(reactor, pool=pool)
+        self.version_string = hs.version_string

-    def request(self, method, uri, *args, **kwargs):
+    def request(self, method, *args, **kwargs):
        # A small wrapper around self.agent.request() so we can easily attach
        # counters to it
        outgoing_requests_counter.inc(method)
        d = preserve_context_over_fn(
            self.agent.request,
-            method, uri, *args, **kwargs
+            method, *args, **kwargs
        )

-        logger.info("Sending request %s %s", method, uri)
-
        def _cb(response):
            incoming_responses_counter.inc(method, response.code)
-            logger.info(
-                "Received response to  %s %s: %s",
-                method, uri, response.code
-            )
            return response

        def _eb(failure):
            incoming_responses_counter.inc(method, "ERR")
-            logger.info(
-                "Error sending request to  %s %s: %s %s",
-                method, uri, failure.type, failure.getErrorMessage()
-            )
            return failure

        d.addCallbacks(_cb, _eb)
@@ -100,9 +84,7 @@ class SimpleHttpClient(object):

    @defer.inlineCallbacks
    def post_urlencoded_get_json(self, uri, args={}):
-        # TODO: Do we ever want to log message contents?
        logger.debug("post_urlencoded_get_json args: %s", args)
-
        query_bytes = urllib.urlencode(args, True)

        response = yield self.request(
@@ -110,12 +92,12 @@ class SimpleHttpClient(object):
            uri.encode("ascii"),
            headers=Headers({
                b"Content-Type": [b"application/x-www-form-urlencoded"],
-                b"User-Agent": [self.user_agent],
+                b"User-Agent": [self.version_string],
            }),
            bodyProducer=FileBodyProducer(StringIO(query_bytes))
        )

-        body = yield preserve_context_over_fn(readBody, response)
+        body = yield readBody(response)

        defer.returnValue(json.loads(body))

@@ -123,19 +105,18 @@ class SimpleHttpClient(object):
    def post_json_get_json(self, uri, post_json):
        json_str = encode_canonical_json(post_json)

-        logger.debug("HTTP POST %s -> %s", json_str, uri)
+        logger.info("HTTP POST %s -> %s", json_str, uri)

        response = yield self.request(
            "POST",
            uri.encode("ascii"),
            headers=Headers({
-                b"Content-Type": [b"application/json"],
-                b"User-Agent": [self.user_agent],
+                "Content-Type": ["application/json"]
            }),
            bodyProducer=FileBodyProducer(StringIO(json_str))
        )

-        body = yield preserve_context_over_fn(readBody, response)
+        body = yield readBody(response)

        defer.returnValue(json.loads(body))

@@ -156,8 +137,27 @@ class SimpleHttpClient(object):
            On a non-2xx HTTP response. The response body will be used as the
            error message.
        """
-        body = yield self.get_raw(uri, args)
-        defer.returnValue(json.loads(body))
+        if len(args):
+            query_bytes = urllib.urlencode(args, True)
+            uri = "%s?%s" % (uri, query_bytes)
+
+        response = yield self.request(
+            "GET",
+            uri.encode("ascii"),
+            headers=Headers({
+                b"User-Agent": [self.version_string],
+            })
+        )
+
+        body = yield readBody(response)
+
+        if 200 <= response.code < 300:
+            defer.returnValue(json.loads(body))
+        else:
+            # NB: This is explicitly not json.loads(body)'d because the contract
+            # of CodeMessageException is a *string* message. Callers can always
+            # load it into JSON if they want.
+            raise CodeMessageException(response.code, body)

    @defer.inlineCallbacks
    def put_json(self, uri, json_body, args={}):
@@ -186,13 +186,13 @@ class SimpleHttpClient(object):
            "PUT",
            uri.encode("ascii"),
            headers=Headers({
-                b"User-Agent": [self.user_agent],
+                b"User-Agent": [self.version_string],
                "Content-Type": ["application/json"]
            }),
            bodyProducer=FileBodyProducer(StringIO(json_str))
        )

-        body = yield preserve_context_over_fn(readBody, response)
+        body = yield readBody(response)

        if 200 <= response.code < 300:
            defer.returnValue(json.loads(body))
@@ -202,42 +202,6 @@ class SimpleHttpClient(object):
            # load it into JSON if they want.
            raise CodeMessageException(response.code, body)

-    @defer.inlineCallbacks
-    def get_raw(self, uri, args={}):
-        """ Gets raw text from the given URI.
-
-        Args:
-            uri (str): The URI to request, not including query parameters
-            args (dict): A dictionary used to create query strings, defaults to
-                None.
-                **Note**: The value of each key is assumed to be an iterable
-                and *not* a string.
-        Returns:
-            Deferred: Succeeds when we get *any* 2xx HTTP response, with the
-            HTTP body at text.
-        Raises:
-            On a non-2xx HTTP response. The response body will be used as the
-            error message.
-        """
-        if len(args):
-            query_bytes = urllib.urlencode(args, True)
-            uri = "%s?%s" % (uri, query_bytes)
-
-        response = yield self.request(
-            "GET",
-            uri.encode("ascii"),
-            headers=Headers({
-                b"User-Agent": [self.user_agent],
-            })
-        )
-
-        body = yield preserve_context_over_fn(readBody, response)
-
-        if 200 <= response.code < 300:
-            defer.returnValue(body)
-        else:
-            raise CodeMessageException(response.code, body)
-

 class CaptchaServerHttpClient(SimpleHttpClient):
    """
@@ -257,12 +221,12 @@ class CaptchaServerHttpClient(SimpleHttpClient):
            bodyProducer=FileBodyProducer(StringIO(query_bytes)),
            headers=Headers({
                b"Content-Type": [b"application/x-www-form-urlencoded"],
-                b"User-Agent": [self.user_agent],
+                b"User-Agent": [self.version_string],
            })
        )

        try:
-            body = yield preserve_context_over_fn(readBody, response)
+            body = yield readBody(response)
            defer.returnValue(body)
        except PartialDownloadError as e:
            # twisted dislikes google's response, no content length.
@@ -275,18 +239,3 @@ def _print_ex(e):
            _print_ex(ex)
    else:
        logger.exception(e)
-
-
-class InsecureInterceptableContextFactory(ssl.ContextFactory):
-    """
-    Factory for PyOpenSSL SSL contexts which accepts any certificate for any domain.
-
-    Do not use this since it allows an attacker to intercept your communications.
-    """
-
-    def __init__(self):
-        self._context = SSL.Context(SSL.SSLv23_METHOD)
-        self._context.set_verify(VERIFY_NONE, lambda *_: None)
-
-    def getContext(self, hostname, port):
-        return self._context
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -16,7 +16,7 @@

 from twisted.internet import defer, reactor, protocol
 from twisted.internet.error import DNSLookupError
-from twisted.web.client import readBody, HTTPConnectionPool, Agent
+from twisted.web.client import readBody, _AgentBase, _URI, HTTPConnectionPool
 from twisted.web.http_headers import Headers
 from twisted.web._newclient import ResponseDone

@@ -25,24 +25,21 @@ from synapse.util.async import sleep
 from synapse.util.logcontext import preserve_context_over_fn
 import synapse.metrics

-from canonicaljson import encode_canonical_json
+from syutil.jsonutil import encode_canonical_json

 from synapse.api.errors import (
    SynapseError, Codes, HttpResponseException,
 )

-from signedjson.sign import sign_json
+from syutil.crypto.jsonsign import sign_json

 import simplejson as json
 import logging
-import random
-import sys
 import urllib
 import urlparse


 logger = logging.getLogger(__name__)
-outbound_logger = logging.getLogger("synapse.http.outbound")

 metrics = synapse.metrics.get_metrics_for(__name__)

@@ -56,21 +53,41 @@ incoming_responses_counter = metrics.register_counter(
 )


-MAX_LONG_RETRIES = 10
-MAX_SHORT_RETRIES = 3
+class MatrixFederationHttpAgent(_AgentBase):

+    def __init__(self, reactor, pool=None):
+        _AgentBase.__init__(self, reactor, pool)

-class MatrixFederationEndpointFactory(object):
-    def __init__(self, hs):
-        self.tls_server_context_factory = hs.tls_server_context_factory
+    def request(self, destination, endpoint, method, path, params, query,
+                headers, body_producer):

-    def endpointForURI(self, uri):
-        destination = uri.netloc
+        outgoing_requests_counter.inc(method)

-        return matrix_federation_endpoint(
-            reactor, destination, timeout=10,
-            ssl_context_factory=self.tls_server_context_factory
-        )
+        host = b""
+        port = 0
+        fragment = b""
+
+        parsed_URI = _URI(b"http", destination, host, port, path, params,
+                          query, fragment)
+
+        # Set the connection pool key to be the destination.
+        key = destination
+
+        d = self._requestWithEndpoint(key, endpoint, method, parsed_URI,
+                                      headers, body_producer,
+                                      parsed_URI.originForm)
+
+        def _cb(response):
+            incoming_responses_counter.inc(method, response.code)
+            return response
+
+        def _eb(failure):
+            incoming_responses_counter.inc(method, "ERR")
+            return failure
+
+        d.addCallbacks(_cb, _eb)
+
+        return d


 class MatrixFederationHttpClient(object):
@@ -88,133 +105,106 @@ class MatrixFederationHttpClient(object):
        self.server_name = hs.hostname
        pool = HTTPConnectionPool(reactor)
        pool.maxPersistentPerHost = 10
-        self.agent = Agent.usingEndpointFactory(
-            reactor, MatrixFederationEndpointFactory(hs), pool=pool
-        )
+        self.agent = MatrixFederationHttpAgent(reactor, pool=pool)
        self.clock = hs.get_clock()
        self.version_string = hs.version_string
-        self._next_id = 1
-
-    def _create_url(self, destination, path_bytes, param_bytes, query_bytes):
-        return urlparse.urlunparse(
-            ("matrix", destination, path_bytes, param_bytes, query_bytes, "")
-        )

    @defer.inlineCallbacks
    def _create_request(self, destination, method, path_bytes,
                        body_callback, headers_dict={}, param_bytes=b"",
                        query_bytes=b"", retry_on_dns_fail=True,
-                        timeout=None, long_retries=False):
+                        timeout=None):
        """ Creates and sends a request to the given url
        """
        headers_dict[b"User-Agent"] = [self.version_string]
        headers_dict[b"Host"] = [destination]

-        url_bytes = self._create_url(
-            destination, path_bytes, param_bytes, query_bytes
+        url_bytes = urlparse.urlunparse(
+            ("", "", path_bytes, param_bytes, query_bytes, "",)
        )

-        txn_id = "%s-O-%s" % (method, self._next_id)
-        self._next_id = (self._next_id + 1) % (sys.maxint - 1)
+        logger.info("Sending request to %s: %s %s",
+                    destination, method, url_bytes)

-        outbound_logger.info(
-            "{%s} [%s] Sending request: %s %s",
-            txn_id, destination, method, url_bytes
+        logger.debug(
+            "Types: %s",
+            [
+                type(destination), type(method), type(path_bytes),
+                type(param_bytes),
+                type(query_bytes)
+            ]
        )

        # XXX: Would be much nicer to retry only at the transaction-layer
        # (once we have reliable transactions in place)
-        if long_retries:
-            retries_left = MAX_LONG_RETRIES
-        else:
-            retries_left = MAX_SHORT_RETRIES
+        retries_left = 5

-        http_url_bytes = urlparse.urlunparse(
-            ("", "", path_bytes, param_bytes, query_bytes, "")
-        )
+        endpoint = self._getEndpoint(reactor, destination)

-        log_result = None
-        try:
-            while True:
-                producer = None
-                if body_callback:
-                    producer = body_callback(method, http_url_bytes, headers_dict)
+        while True:
+            producer = None
+            if body_callback:
+                producer = body_callback(method, url_bytes, headers_dict)

-                try:
-                    def send_request():
-                        request_deferred = preserve_context_over_fn(
-                            self.agent.request,
-                            method,
-                            url_bytes,
-                            Headers(headers_dict),
-                            producer
-                        )
+            try:
+                request_deferred = preserve_context_over_fn(
+                    self.agent.request,
+                    destination,
+                    endpoint,
+                    method,
+                    path_bytes,
+                    param_bytes,
+                    query_bytes,
+                    Headers(headers_dict),
+                    producer
+                )

-                        return self.clock.time_bound_deferred(
-                            request_deferred,
-                            time_out=timeout/1000. if timeout else 60,
-                        )
-
-                    response = yield preserve_context_over_fn(
-                        send_request,
-                    )
-
-                    log_result = "%d %s" % (response.code, response.phrase,)
-                    break
-                except Exception as e:
-                    if not retry_on_dns_fail and isinstance(e, DNSLookupError):
-                        logger.warn(
-                            "DNS Lookup failed to %s with %s",
-                            destination,
-                            e
-                        )
-                        log_result = "DNS Lookup failed to %s with %s" % (
-                            destination, e
-                        )
-                        raise
+                response = yield self.clock.time_bound_deferred(
+                    request_deferred,
+                    time_out=timeout/1000. if timeout else 60,
+                )

+                logger.debug("Got response to %s", method)
+                break
+            except Exception as e:
+                if not retry_on_dns_fail and isinstance(e, DNSLookupError):
                    logger.warn(
-                        "{%s} Sending request failed to %s: %s %s: %s - %s",
-                        txn_id,
+                        "DNS Lookup failed to %s with %s",
                        destination,
-                        method,
-                        url_bytes,
-                        type(e).__name__,
-                        _flatten_response_never_received(e),
+                        e
                    )
+                    raise

-                    log_result = "%s - %s" % (
-                        type(e).__name__, _flatten_response_never_received(e),
-                    )
+                logger.warn(
+                    "Sending request failed to %s: %s %s: %s - %s",
+                    destination,
+                    method,
+                    url_bytes,
+                    type(e).__name__,
+                    _flatten_response_never_received(e),
+                )

-                    if retries_left and not timeout:
-                        if long_retries:
-                            delay = 4 ** (MAX_LONG_RETRIES + 1 - retries_left)
-                            delay = min(delay, 60)
-                            delay *= random.uniform(0.8, 1.4)
-                        else:
-                            delay = 0.5 * 2 ** (MAX_SHORT_RETRIES - retries_left)
-                            delay = min(delay, 2)
-                            delay *= random.uniform(0.8, 1.4)
+                if retries_left and not timeout:
+                    yield sleep(2 ** (5 - retries_left))
+                    retries_left -= 1
+                else:
+                    raise

-                        yield sleep(delay)
-                        retries_left -= 1
-                    else:
-                        raise
-        finally:
-            outbound_logger.info(
-                "{%s} [%s] Result: %s",
-                txn_id,
-                destination,
-                log_result,
-            )
+        logger.info(
+            "Received response %d %s for %s: %s %s",
+            response.code,
+            response.phrase,
+            destination,
+            method,
+            url_bytes
+        )

        if 200 <= response.code < 300:
            pass
        else:
            # :'(
            # Update transactions table?
-            body = yield preserve_context_over_fn(readBody, response)
+            body = yield readBody(response)
            raise HttpResponseException(
                response.code, response.phrase, body
            )
@@ -247,8 +237,7 @@ class MatrixFederationHttpClient(object):
        headers_dict[b"Authorization"] = auth_headers

    @defer.inlineCallbacks
-    def put_json(self, destination, path, data={}, json_data_callback=None,
-                 long_retries=False):
+    def put_json(self, destination, path, data={}, json_data_callback=None):
        """ Sends the specifed json data using PUT

        Args:
@@ -259,8 +248,6 @@ class MatrixFederationHttpClient(object):
                the request body. This will be encoded as JSON.
            json_data_callback (callable): A callable returning the dict to
                use as the request body.
-            long_retries (bool): A boolean that indicates whether we should
-                retry for a short or long time.

        Returns:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
@@ -286,7 +273,6 @@ class MatrixFederationHttpClient(object):
            path.encode("ascii"),
            body_callback=body_callback,
            headers_dict={"Content-Type": ["application/json"]},
-            long_retries=long_retries,
        )

        if 200 <= response.code < 300:
@@ -298,11 +284,14 @@ class MatrixFederationHttpClient(object):
                    "Content-Type not application/json"
                )

-        body = yield preserve_context_over_fn(readBody, response)
+        logger.debug("Getting resp body")
+        body = yield readBody(response)
+        logger.debug("Got resp body")
+
        defer.returnValue(json.loads(body))

    @defer.inlineCallbacks
-    def post_json(self, destination, path, data={}, long_retries=True):
+    def post_json(self, destination, path, data={}):
        """ Sends the specifed json data using POST

        Args:
@@ -311,8 +300,6 @@ class MatrixFederationHttpClient(object):
            path (str): The HTTP path.
            data (dict): A dict containing the data that will be used as
                the request body. This will be encoded as JSON.
-            long_retries (bool): A boolean that indicates whether we should
-                retry for a short or long time.

        Returns:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
@@ -332,7 +319,6 @@ class MatrixFederationHttpClient(object):
            path.encode("ascii"),
            body_callback=body_callback,
            headers_dict={"Content-Type": ["application/json"]},
-            long_retries=True,
        )

        if 200 <= response.code < 300:
@@ -344,7 +330,9 @@ class MatrixFederationHttpClient(object):
                    "Content-Type not application/json"
                )

-        body = yield preserve_context_over_fn(readBody, response)
+        logger.debug("Getting resp body")
+        body = yield readBody(response)
+        logger.debug("Got resp body")

        defer.returnValue(json.loads(body))

@@ -402,7 +390,9 @@ class MatrixFederationHttpClient(object):
                    "Content-Type not application/json"
                )

-        body = yield preserve_context_over_fn(readBody, response)
+        logger.debug("Getting resp body")
+        body = yield readBody(response)
+        logger.debug("Got resp body")

        defer.returnValue(json.loads(body))

@@ -445,16 +435,19 @@ class MatrixFederationHttpClient(object):
        headers = dict(response.headers.getAllRawHeaders())

        try:
-            length = yield preserve_context_over_fn(
-                _readBodyToFile,
-                response, output_stream, max_size
-            )
+            length = yield _readBodyToFile(response, output_stream, max_size)
        except:
            logger.exception("Failed to download body")
            raise

        defer.returnValue((length, headers))

+    def _getEndpoint(self, reactor, destination):
+        return matrix_federation_endpoint(
+            reactor, destination, timeout=10,
+            ssl_context_factory=self.hs.tls_context_factory
+        )
+

 class _ReadBodyToFileProtocol(protocol.Protocol):
    def __init__(self, stream, deferred, max_size):
@@ -508,9 +501,6 @@ class _JsonProducer(object):
    def stopProducing(self):
        pass

-    def resumeProducing(self):
-        pass
-

 def _flatten_response_never_received(e):
    if hasattr(e, "reasons"):
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -21,8 +21,8 @@ from synapse.util.logcontext import LoggingContext, PreserveLoggingContext
 import synapse.metrics
 import synapse.events

-from canonicaljson import (
-    encode_canonical_json, encode_pretty_printed_json
+from syutil.jsonutil import (
+    encode_canonical_json, encode_pretty_printed_json, encode_json
 )

 from twisted.internet import defer
@@ -33,7 +33,6 @@ from twisted.web.util import redirectTo
 import collections
 import logging
 import urllib
-import ujson

 logger = logging.getLogger(__name__)

@@ -53,23 +52,6 @@ response_timer = metrics.register_distribution(
    labels=["method", "servlet"]
 )

-response_ru_utime = metrics.register_distribution(
-    "response_ru_utime", labels=["method", "servlet"]
-)
-
-response_ru_stime = metrics.register_distribution(
-    "response_ru_stime", labels=["method", "servlet"]
-)
-
-response_db_txn_count = metrics.register_distribution(
-    "response_db_txn_count", labels=["method", "servlet"]
-)
-
-response_db_txn_duration = metrics.register_distribution(
-    "response_db_txn_duration", labels=["method", "servlet"]
-)
-
-
 _next_request_id = 0


@@ -97,39 +79,53 @@ def request_handler(request_handler):
        _next_request_id += 1
        with LoggingContext(request_id) as request_context:
            request_context.request = request_id
-            with request.processing():
-                try:
-                    d = request_handler(self, request)
-                    with PreserveLoggingContext():
-                        yield d
-                except CodeMessageException as e:
-                    code = e.code
-                    if isinstance(e, SynapseError):
-                        logger.info(
-                            "%s SynapseError: %s - %s", request, code, e.msg
-                        )
-                    else:
-                        logger.exception(e)
-                    outgoing_responses_counter.inc(request.method, str(code))
-                    respond_with_json(
-                        request, code, cs_exception(e), send_cors=True,
-                        pretty_print=_request_user_agent_is_curl(request),
-                        version_string=self.version_string,
-                    )
-                except:
-                    logger.exception(
-                        "Failed handle request %s.%s on %r: %r",
-                        request_handler.__module__,
-                        request_handler.__name__,
-                        self,
-                        request
-                    )
-                    respond_with_json(
-                        request,
-                        500,
-                        {"error": "Internal server error"},
-                        send_cors=True
+            code = None
+            start = self.clock.time_msec()
+            try:
+                logger.info(
+                    "Received request: %s %s",
+                    request.method, request.path
+                )
+                d = request_handler(self, request)
+                with PreserveLoggingContext():
+                    yield d
+                code = request.code
+            except CodeMessageException as e:
+                code = e.code
+                if isinstance(e, SynapseError):
+                    logger.info(
+                        "%s SynapseError: %s - %s", request, code, e.msg
                    )
+                else:
+                    logger.exception(e)
+                outgoing_responses_counter.inc(request.method, str(code))
+                respond_with_json(
+                    request, code, cs_exception(e), send_cors=True,
+                    pretty_print=_request_user_agent_is_curl(request),
+                    version_string=self.version_string,
+                )
+            except:
+                code = 500
+                logger.exception(
+                    "Failed handle request %s.%s on %r: %r",
+                    request_handler.__module__,
+                    request_handler.__name__,
+                    self,
+                    request
+                )
+                respond_with_json(
+                    request,
+                    500,
+                    {"error": "Internal server error"},
+                    send_cors=True
+                )
+            finally:
+                code = str(code) if code else "-"
+                end = self.clock.time_msec()
+                logger.info(
+                    "Processed request: %dms %s %s %s",
+                    end-start, code, request.method, request.path
+                )
    return wrapped_request_handler


@@ -137,7 +133,7 @@ class HttpServer(object):
    """ Interface for registering callbacks on a HTTP server
    """

-    def register_paths(self, method, path_patterns, callback):
+    def register_path(self, method, path_pattern, callback):
        """ Register a callback that gets fired if we receive a http request
        with the given method for a path that matches the given regex.

@@ -146,7 +142,7 @@ class HttpServer(object):

        Args:
            method (str): The method to listen to.
-            path_patterns (list<SRE_Pattern>): The regex used to match requests.
+            path_pattern (str): The regex used to match requests.
            callback (function): The function to fire if we receive a matched
                request. The first argument will be the request object and
                subsequent arguments will be any matched groups from the regex.
@@ -182,11 +178,10 @@ class JsonResource(HttpServer, resource.Resource):
        self.version_string = hs.version_string
        self.hs = hs

-    def register_paths(self, method, path_patterns, callback):
-        for path_pattern in path_patterns:
-            self.path_regexs.setdefault(method, []).append(
-                self._PathEntry(path_pattern, callback)
-            )
+    def register_path(self, method, path_pattern, callback):
+        self.path_regexs.setdefault(method, []).append(
+            self._PathEntry(path_pattern, callback)
+        )

    def render(self, request):
        """ This gets called by twisted every time someone sends us a request.
@@ -226,7 +221,7 @@ class JsonResource(HttpServer, resource.Resource):
            incoming_requests_counter.inc(request.method, servlet_classname)

            args = [
-                urllib.unquote(u).decode("UTF-8") if u else u for u in m.groups()
+                urllib.unquote(u).decode("UTF-8") for u in m.groups()
            ]

            callback_return = yield callback(request, *args)
@@ -238,21 +233,6 @@ class JsonResource(HttpServer, resource.Resource):
                self.clock.time_msec() - start, request.method, servlet_classname
            )

-            try:
-                context = LoggingContext.current_context()
-                ru_utime, ru_stime = context.get_resource_usage()
-
-                response_ru_utime.inc_by(ru_utime, request.method, servlet_classname)
-                response_ru_stime.inc_by(ru_stime, request.method, servlet_classname)
-                response_db_txn_count.inc_by(
-                    context.db_txn_count, request.method, servlet_classname
-                )
-                response_db_txn_duration.inc_by(
-                    context.db_txn_duration, request.method, servlet_classname
-                )
-            except:
-                pass
-
            return

        # Huh. No one wanted to handle that? Fiiiiiine. Send 400.
@@ -304,11 +284,12 @@ def respond_with_json(request, code, json_object, send_cors=False,
    if pretty_print:
        json_bytes = encode_pretty_printed_json(json_object) + "\n"
    else:
-        if canonical_json or synapse.events.USE_FROZEN_DICTS:
+        if canonical_json:
            json_bytes = encode_canonical_json(json_object)
        else:
-            # ujson doesn't like frozen_dicts.
-            json_bytes = ujson.dumps(json_object, ensure_ascii=False)
+            json_bytes = encode_json(
+                json_object, using_frozen_dicts=synapse.events.USE_FROZEN_DICTS
+            )

    return respond_with_json_bytes(
        request, code, json_bytes,
--- a/synapse/http/servlet.py
+++ b/synapse/http/servlet.py
@@ -19,6 +19,7 @@ from synapse.api.errors import SynapseError

 import logging

+
 logger = logging.getLogger(__name__)


@@ -101,13 +102,12 @@ class RestServlet(object):

    def register(self, http_server):
        """ Register this servlet with the given HTTP server. """
-        if hasattr(self, "PATTERNS"):
-            patterns = self.PATTERNS
+        if hasattr(self, "PATTERN"):
+            pattern = self.PATTERN

            for method in ("GET", "PUT", "POST", "OPTIONS", "DELETE"):
                if hasattr(self, "on_%s" % (method,)):
                    method_handler = getattr(self, "on_%s" % (method,))
-                    http_server.register_paths(method, patterns, method_handler)
-
+                    http_server.register_path(method, pattern, method_handler)
        else:
            raise NotImplementedError("RestServlet must register something.")
--- a/synapse/metrics/init.py
+++ b/synapse/metrics/init.py
@@ -17,13 +17,9 @@
 from __future__ import absolute_import

 import logging
-from resource import getrusage, RUSAGE_SELF
-import functools
+from resource import getrusage, getpagesize, RUSAGE_SELF
 import os
 import stat
-import time
-
-from twisted.internet import reactor

 from .metric import (
    CounterMetric, CallbackMetric, DistributionMetric, CacheMetric
@@ -100,6 +96,7 @@ def render_all():
 # process resource usage

 rusage = None
+PAGE_SIZE = getpagesize()


 def update_resource_metrics():
@@ -112,8 +109,8 @@ resource_metrics = get_metrics_for("process.resource")
 resource_metrics.register_callback("utime", lambda: rusage.ru_utime * 1000)
 resource_metrics.register_callback("stime", lambda: rusage.ru_stime * 1000)

-# kilobytes
-resource_metrics.register_callback("maxrss", lambda: rusage.ru_maxrss * 1024)
+# pages
+resource_metrics.register_callback("maxrss", lambda: rusage.ru_maxrss * PAGE_SIZE)

 TYPES = {
    stat.S_IFSOCK: "SOCK",
@@ -130,10 +127,6 @@ def _process_fds():
    counts = {(k,): 0 for k in TYPES.values()}
    counts[("other",)] = 0

-    # Not every OS will have a /proc/self/fd directory
-    if not os.path.exists("/proc/self/fd"):
-        return counts
-
    for fd in os.listdir("/proc/self/fd"):
        try:
            s = os.stat("/proc/self/fd/%s" % (fd))
@@ -151,50 +144,3 @@ def _process_fds():
    return counts

 get_metrics_for("process").register_callback("fds", _process_fds, labels=["type"])
-
-reactor_metrics = get_metrics_for("reactor")
-tick_time = reactor_metrics.register_distribution("tick_time")
-pending_calls_metric = reactor_metrics.register_distribution("pending_calls")
-
-
-def runUntilCurrentTimer(func):
-
-    @functools.wraps(func)
-    def f(*args, **kwargs):
-        now = reactor.seconds()
-        num_pending = 0
-
-        # _newTimedCalls is one long list of *all* pending calls. Below loop
-        # is based off of impl of reactor.runUntilCurrent
-        for delayed_call in reactor._newTimedCalls:
-            if delayed_call.time > now:
-                break
-
-            if delayed_call.delayed_time > 0:
-                continue
-
-            num_pending += 1
-
-        num_pending += len(reactor.threadCallQueue)
-
-        start = time.time() * 1000
-        ret = func(*args, **kwargs)
-        end = time.time() * 1000
-        tick_time.inc_by(end - start)
-        pending_calls_metric.inc_by(num_pending)
-        return ret
-
-    return f
-
-
-try:
-    # Ensure the reactor has all the attributes we expect
-    reactor.runUntilCurrent
-    reactor._newTimedCalls
-    reactor.threadCallQueue
-
-    # runUntilCurrent is called when we have pending calls. It is called once
-    # per iteratation after fd polling.
-    reactor.runUntilCurrent = runUntilCurrentTimer(reactor.runUntilCurrent)
-except AttributeError:
-    pass
--- a/synapse/notifier.py
+++ b/synapse/notifier.py
@@ -14,11 +14,9 @@
 # limitations under the License.

 from twisted.internet import defer
-from synapse.api.constants import EventTypes
-from synapse.api.errors import AuthError

 from synapse.util.logutils import log_function
-from synapse.util.async import run_on_reactor, ObservableDeferred
+from synapse.util.async import run_on_reactor
 from synapse.types import StreamToken
 import synapse.metrics

@@ -47,11 +45,21 @@ class _NotificationListener(object):
    The events stream handler will have yielded to the deferred, so to
    notify the handler it is sufficient to resolve the deferred.
    """
-    __slots__ = ["deferred"]

    def __init__(self, deferred):
        self.deferred = deferred

+    def notified(self):
+        return self.deferred.called
+
+    def notify(self, token):
+        """ Inform whoever is listening about the new events.
+        """
+        try:
+            self.deferred.callback(token)
+        except defer.AlreadyCalledError:
+            pass
+

 class _NotifierUserStream(object):
    """This represents a user connected to the event stream.
@@ -67,12 +75,11 @@ class _NotifierUserStream(object):
                 appservice=None):
        self.user = str(user)
        self.appservice = appservice
+        self.listeners = set()
        self.rooms = set(rooms)
        self.current_token = current_token
        self.last_notified_ms = time_now_ms

-        self.notify_deferred = ObservableDeferred(defer.Deferred())
-
    def notify(self, stream_key, stream_id, time_now_ms):
        """Notify any listeners for this user of a new event from an
        event source.
@@ -84,10 +91,12 @@ class _NotifierUserStream(object):
        self.current_token = self.current_token.copy_and_advance(
            stream_key, stream_id
        )
-        self.last_notified_ms = time_now_ms
-        noify_deferred = self.notify_deferred
-        self.notify_deferred = ObservableDeferred(defer.Deferred())
-        noify_deferred.callback(self.current_token)
+        if self.listeners:
+            self.last_notified_ms = time_now_ms
+            listeners = self.listeners
+            self.listeners = set()
+            for listener in listeners:
+                listener.notify(self.current_token)

    def remove(self, notifier):
        """ Remove this listener from all the indexes in the Notifier
@@ -105,18 +114,6 @@ class _NotifierUserStream(object):
                self.appservice, set()
            ).discard(self)

-    def count_listeners(self):
-        return len(self.notify_deferred.observers())
-
-    def new_listener(self, token):
-        """Returns a deferred that is resolved when there is a new token
-        greater than the given token.
-        """
-        if self.current_token.is_after(token):
-            return _NotificationListener(defer.succeed(self.current_token))
-        else:
-            return _NotificationListener(self.notify_deferred.observe())
-

 class Notifier(object):
    """ This class is responsible for notifying any listeners when there are
@@ -161,7 +158,7 @@ class Notifier(object):
            for x in self.appservice_to_user_streams.values():
                all_user_streams |= x

-            return sum(stream.count_listeners() for stream in all_user_streams)
+            return sum(len(stream.listeners) for stream in all_user_streams)
        metrics.register_callback("listeners", count_listeners)

        metrics.register_callback(
@@ -223,7 +220,16 @@ class Notifier(object):
            event
        )

-        app_streams = set()
+        room_id = event.room_id
+
+        room_user_streams = self.room_to_user_streams.get(room_id, set())
+
+        user_streams = room_user_streams.copy()
+
+        for user in extra_users:
+            user_stream = self.user_to_user_stream.get(str(user))
+            if user_stream is not None:
+                user_streams.add(user_stream)

        for appservice in self.appservice_to_user_streams:
            # TODO (kegan): Redundant appservice listener checks?
@@ -235,20 +241,24 @@ class Notifier(object):
                app_user_streams = self.appservice_to_user_streams.get(
                    appservice, set()
                )
-                app_streams |= app_user_streams
+                user_streams |= app_user_streams

-        self.on_new_event(
-            "room_key", room_stream_id,
-            users=extra_users,
-            rooms=[event.room_id],
-            extra_streams=app_streams,
-        )
+        logger.debug("on_new_room_event listeners %s", user_streams)
+
+        time_now_ms = self.clock.time_msec()
+        for user_stream in user_streams:
+            try:
+                user_stream.notify(
+                    "room_key", "s%d" % (room_stream_id,), time_now_ms
+                )
+            except:
+                logger.exception("Failed to notify listener")

    @defer.inlineCallbacks
    @log_function
-    def on_new_event(self, stream_key, new_token, users=[], rooms=[],
-                     extra_streams=set()):
-        """ Used to inform listeners that something has happend event wise.
+    def on_new_user_event(self, stream_key, new_token, users=[], rooms=[]):
+        """ Used to inform listeners that something has happend
+        presence/user event wise.

        Will wake up all listeners for the given users and rooms.
        """
@@ -271,74 +281,84 @@ class Notifier(object):
                logger.exception("Failed to notify listener")

    @defer.inlineCallbacks
-    def wait_for_events(self, user, timeout, callback, room_ids=None,
-                        from_token=StreamToken("s0", "0", "0", "0", "0")):
+    def wait_for_events(self, user, rooms, timeout, callback,
+                        from_token=StreamToken("s0", "0", "0")):
        """Wait until the callback returns a non empty response or the
        timeout fires.
        """
+
+        deferred = defer.Deferred()
+        time_now_ms = self.clock.time_msec()
+
        user = str(user)
        user_stream = self.user_to_user_stream.get(user)
        if user_stream is None:
            appservice = yield self.store.get_app_service_by_user_id(user)
            current_token = yield self.event_sources.get_current_token()
-            if room_ids is None:
-                rooms = yield self.store.get_rooms_for_user(user)
-                room_ids = [room.room_id for room in rooms]
+            rooms = yield self.store.get_rooms_for_user(user)
+            rooms = [room.room_id for room in rooms]
            user_stream = _NotifierUserStream(
                user=user,
-                rooms=room_ids,
+                rooms=rooms,
                appservice=appservice,
                current_token=current_token,
-                time_now_ms=self.clock.time_msec(),
+                time_now_ms=time_now_ms,
            )
            self._register_with_keys(user_stream)
-
-        result = None
-        if timeout:
-            # Will be set to a _NotificationListener that we'll be waiting on.
-            # Allows us to cancel it.
-            listener = None
-
-            def timed_out():
-                if listener:
-                    listener.deferred.cancel()
-            timer = self.clock.call_later(timeout/1000., timed_out)
-
-            prev_token = from_token
-            while not result:
-                try:
-                    current_token = user_stream.current_token
-
-                    result = yield callback(prev_token, current_token)
-                    if result:
-                        break
-
-                    # Now we wait for the _NotifierUserStream to be told there
-                    # is a new token.
-                    # We need to supply the token we supplied to callback so
-                    # that we don't miss any current_token updates.
-                    prev_token = current_token
-                    listener = user_stream.new_listener(prev_token)
-                    yield listener.deferred
-                except defer.CancelledError:
-                    break
-
-            self.clock.cancel_call_later(timer, ignore_errs=True)
        else:
            current_token = user_stream.current_token
+
+        listener = [_NotificationListener(deferred)]
+
+        if timeout and not current_token.is_after(from_token):
+            user_stream.listeners.add(listener[0])
+
+        if current_token.is_after(from_token):
            result = yield callback(from_token, current_token)
+        else:
+            result = None
+
+        timer = [None]
+
+        if result:
+            user_stream.listeners.discard(listener[0])
+            defer.returnValue(result)
+            return
+
+        if timeout:
+            timed_out = [False]
+
+            def _timeout_listener():
+                timed_out[0] = True
+                timer[0] = None
+                user_stream.listeners.discard(listener[0])
+                listener[0].notify(current_token)
+
+            # We create multiple notification listeners so we have to manage
+            # canceling the timeout ourselves.
+            timer[0] = self.clock.call_later(timeout/1000., _timeout_listener)
+
+            while not result and not timed_out[0]:
+                new_token = yield deferred
+                deferred = defer.Deferred()
+                listener[0] = _NotificationListener(deferred)
+                user_stream.listeners.add(listener[0])
+                result = yield callback(current_token, new_token)
+                current_token = new_token
+
+        if timer[0] is not None:
+            try:
+                self.clock.cancel_call_later(timer[0])
+            except:
+                logger.exception("Failed to cancel notifer timer")

        defer.returnValue(result)

    @defer.inlineCallbacks
-    def get_events_for(self, user, pagination_config, timeout,
-                       only_room_events=False,
-                       is_guest=False, guest_room_id=None):
+    def get_events_for(self, user, rooms, pagination_config, timeout):
        """ For the given user and rooms, return any new events for them. If
        there are no new events wait for up to `timeout` milliseconds for any
        new events to happen before returning.
-
-        If `only_room_events` is `True` only room events will be returned.
        """
        from_token = pagination_config.from_token
        if not from_token:
@@ -346,50 +366,20 @@ class Notifier(object):

        limit = pagination_config.limit

-        room_ids = []
-        if is_guest:
-            if guest_room_id:
-                if not self._is_world_readable(guest_room_id):
-                    raise AuthError(403, "Guest access not allowed")
-                room_ids = [guest_room_id]
-        else:
-            rooms = yield self.store.get_rooms_for_user(user.to_string())
-            room_ids = [room.room_id for room in rooms]
-
        @defer.inlineCallbacks
        def check_for_updates(before_token, after_token):
-            if not after_token.is_after(before_token):
-                defer.returnValue(None)
-
            events = []
            end_token = from_token
-
            for name, source in self.event_sources.sources.items():
                keyname = "%s_key" % name
                before_id = getattr(before_token, keyname)
                after_id = getattr(after_token, keyname)
                if before_id == after_id:
                    continue
-                if only_room_events and name != "room":
-                    continue
-                new_events, new_key = yield source.get_new_events(
-                    user=user,
-                    from_key=getattr(from_token, keyname),
-                    limit=limit,
-                    is_guest=is_guest,
-                    room_ids=room_ids,
+                stuff, new_key = yield source.get_new_events_for_user(
+                    user, getattr(from_token, keyname), limit,
                )
-
-                if name == "room":
-                    room_member_handler = self.hs.get_handlers().room_member_handler
-                    new_events = yield room_member_handler._filter_events_for_client(
-                        user.to_string(),
-                        new_events,
-                        is_guest=is_guest,
-                        require_all_visible_for_guests=False
-                    )
-
-                events.extend(new_events)
+                events.extend(stuff)
                end_token = end_token.copy_and_replace(keyname, new_key)

            if events:
@@ -398,7 +388,7 @@ class Notifier(object):
                defer.returnValue(None)

        result = yield self.wait_for_events(
-            user, timeout, check_for_updates, room_ids=room_ids, from_token=from_token
+            user, rooms, timeout, check_for_updates, from_token=from_token
        )

        if result is None:
@@ -406,24 +396,13 @@ class Notifier(object):

        defer.returnValue(result)

-    @defer.inlineCallbacks
-    def _is_world_readable(self, room_id):
-        state = yield self.hs.get_state_handler().get_current_state(
-            room_id,
-            EventTypes.RoomHistoryVisibility
-        )
-        if state and "history_visibility" in state.content:
-            defer.returnValue(state.content["history_visibility"] == "world_readable")
-        else:
-            defer.returnValue(False)
-
    @log_function
    def remove_expired_streams(self):
        time_now_ms = self.clock.time_msec()
        expired_streams = []
        expire_before_ts = time_now_ms - self.UNUSED_STREAM_EXPIRY_MS
        for stream in self.user_to_user_stream.values():
-            if stream.count_listeners():
+            if stream.listeners:
                continue
            if stream.last_notified_ms < expire_before_ts:
                expired_streams.append(stream)
--- a/synapse/push/init.py
+++ b/synapse/push/init.py
@@ -16,12 +16,14 @@
 from twisted.internet import defer

 from synapse.streams.config import PaginationConfig
-from synapse.types import StreamToken
+from synapse.types import StreamToken, UserID

 import synapse.util.async
-import push_rule_evaluator as push_rule_evaluator
+import baserules

 import logging
+import simplejson as json
+import re
 import random

 logger = logging.getLogger(__name__)
@@ -31,6 +33,9 @@ class Pusher(object):
    INITIAL_BACKOFF = 1000
    MAX_BACKOFF = 60 * 60 * 1000
    GIVE_UP_AFTER = 24 * 60 * 60 * 1000
+    DEFAULT_ACTIONS = ['dont_notify']
+
+    INEQUALITY_EXPR = re.compile("^([=<>]*)([0-9]*)$")

    def __init__(self, _hs, profile_tag, user_name, app_id,
                 app_display_name, device_display_name, pushkey, pushkey_ts,
@@ -57,6 +62,161 @@ class Pusher(object):
        self.last_last_active_time = 0
        self.has_unread = True

+    @defer.inlineCallbacks
+    def _actions_for_event(self, ev):
+        """
+        This should take into account notification settings that the user
+        has configured both globally and per-room when we have the ability
+        to do such things.
+        """
+        if ev['user_id'] == self.user_name:
+            # let's assume you probably know about messages you sent yourself
+            defer.returnValue(['dont_notify'])
+
+        rawrules = yield self.store.get_push_rules_for_user(self.user_name)
+
+        rules = []
+        for rawrule in rawrules:
+            rule = dict(rawrule)
+            rule['conditions'] = json.loads(rawrule['conditions'])
+            rule['actions'] = json.loads(rawrule['actions'])
+            rules.append(rule)
+
+        enabled_map = yield self.store.get_push_rules_enabled_for_user(self.user_name)
+
+        user = UserID.from_string(self.user_name)
+
+        rules = baserules.list_with_base_rules(rules, user)
+
+        room_id = ev['room_id']
+
+        # get *our* member event for display name matching
+        my_display_name = None
+        our_member_event = yield self.store.get_current_state(
+            room_id=room_id,
+            event_type='m.room.member',
+            state_key=self.user_name,
+        )
+        if our_member_event:
+            my_display_name = our_member_event[0].content.get("displayname")
+
+        room_members = yield self.store.get_users_in_room(room_id)
+        room_member_count = len(room_members)
+
+        for r in rules:
+            if r['rule_id'] in enabled_map:
+                r['enabled'] = enabled_map[r['rule_id']]
+            elif 'enabled' not in r:
+                r['enabled'] = True
+            if not r['enabled']:
+                continue
+            matches = True
+
+            conditions = r['conditions']
+            actions = r['actions']
+
+            for c in conditions:
+                matches &= self._event_fulfills_condition(
+                    ev, c, display_name=my_display_name,
+                    room_member_count=room_member_count
+                )
+            logger.debug(
+                "Rule %s %s",
+                r['rule_id'], "matches" if matches else "doesn't match"
+            )
+            # ignore rules with no actions (we have an explict 'dont_notify')
+            if len(actions) == 0:
+                logger.warn(
+                    "Ignoring rule id %s with no actions for user %s",
+                    r['rule_id'], self.user_name
+                )
+                continue
+            if matches:
+                logger.info(
+                    "%s matches for user %s, event %s",
+                    r['rule_id'], self.user_name, ev['event_id']
+                )
+                defer.returnValue(actions)
+
+        logger.info(
+            "No rules match for user %s, event %s",
+            self.user_name, ev['event_id']
+        )
+        defer.returnValue(Pusher.DEFAULT_ACTIONS)
+
+    @staticmethod
+    def _glob_to_regexp(glob):
+        r = re.escape(glob)
+        r = re.sub(r'\\\*', r'.*?', r)
+        r = re.sub(r'\\\?', r'.', r)
+
+        # handle [abc], [a-z] and [!a-z] style ranges.
+        r = re.sub(r'\\\[(\\\!|)(.*)\\\]',
+                   lambda x: ('[%s%s]' % (x.group(1) and '^' or '',
+                                          re.sub(r'\\\-', '-', x.group(2)))), r)
+        return r
+
+    def _event_fulfills_condition(self, ev, condition, display_name, room_member_count):
+        if condition['kind'] == 'event_match':
+            if 'pattern' not in condition:
+                logger.warn("event_match condition with no pattern")
+                return False
+            # XXX: optimisation: cache our pattern regexps
+            if condition['key'] == 'content.body':
+                r = r'\b%s\b' % self._glob_to_regexp(condition['pattern'])
+            else:
+                r = r'^%s$' % self._glob_to_regexp(condition['pattern'])
+            val = _value_for_dotted_key(condition['key'], ev)
+            if val is None:
+                return False
+            return re.search(r, val, flags=re.IGNORECASE) is not None
+
+        elif condition['kind'] == 'device':
+            if 'profile_tag' not in condition:
+                return True
+            return condition['profile_tag'] == self.profile_tag
+
+        elif condition['kind'] == 'contains_display_name':
+            # This is special because display names can be different
+            # between rooms and so you can't really hard code it in a rule.
+            # Optimisation: we should cache these names and update them from
+            # the event stream.
+            if 'content' not in ev or 'body' not in ev['content']:
+                return False
+            if not display_name:
+                return False
+            return re.search(
+                "\b%s\b" % re.escape(display_name), ev['content']['body'],
+                flags=re.IGNORECASE
+            ) is not None
+
+        elif condition['kind'] == 'room_member_count':
+            if 'is' not in condition:
+                return False
+            m = Pusher.INEQUALITY_EXPR.match(condition['is'])
+            if not m:
+                return False
+            ineq = m.group(1)
+            rhs = m.group(2)
+            if not rhs.isdigit():
+                return False
+            rhs = int(rhs)
+
+            if ineq == '' or ineq == '==':
+                return room_member_count == rhs
+            elif ineq == '<':
+                return room_member_count < rhs
+            elif ineq == '>':
+                return room_member_count > rhs
+            elif ineq == '>=':
+                return room_member_count >= rhs
+            elif ineq == '<=':
+                return room_member_count <= rhs
+            else:
+                return False
+        else:
+            return True
+
    @defer.inlineCallbacks
    def get_context_for_event(self, ev):
        name_aliases = yield self.store.get_room_name_and_aliases(
@@ -89,9 +249,7 @@ class Pusher(object):
            # we fail to dispatch the push)
            config = PaginationConfig(from_token=None, limit='1')
            chunk = yield self.evStreamHandler.get_stream(
-                self.user_name, config, timeout=0, affect_presence=False,
-                only_room_events=True
-            )
+                self.user_name, config, timeout=0)
            self.last_token = chunk['end']
            self.store.update_pusher_last_token(
                self.app_id, self.pushkey, self.user_name, self.last_token
@@ -122,8 +280,8 @@ class Pusher(object):
        config = PaginationConfig(from_token=from_tok, limit='1')
        timeout = (300 + random.randint(-60, 60)) * 1000
        chunk = yield self.evStreamHandler.get_stream(
-            self.user_name, config, timeout=timeout, affect_presence=False,
-            only_room_events=True
+            self.user_name, config,
+            timeout=timeout, affect_presence=False
        )

        # limiting to 1 may get 1 event plus 1 presence event, so
@@ -136,26 +294,14 @@ class Pusher(object):
        if not single_event:
            self.last_token = chunk['end']
            logger.debug("Event stream timeout for pushkey %s", self.pushkey)
-            yield self.store.update_pusher_last_token(
-                self.app_id,
-                self.pushkey,
-                self.user_name,
-                self.last_token
-            )
            return

        if not self.alive:
            return

        processed = False
-
-        rule_evaluator = yield \
-            push_rule_evaluator.evaluator_for_user_name_and_profile_tag(
-                self.user_name, self.profile_tag, single_event['room_id'], self.store
-            )
-
-        actions = yield rule_evaluator.actions_for_event(single_event)
-        tweaks = rule_evaluator.tweaks_for_actions(actions)
+        actions = yield self._actions_for_event(single_event)
+        tweaks = _tweaks_for_actions(actions)

        if len(actions) == 0:
            logger.warn("Empty actions! Using default action.")
@@ -199,7 +345,7 @@ class Pusher(object):
        if processed:
            self.backoff_delay = Pusher.INITIAL_BACKOFF
            self.last_token = chunk['end']
-            yield self.store.update_pusher_last_token_and_success(
+            self.store.update_pusher_last_token_and_success(
                self.app_id,
                self.pushkey,
                self.user_name,
@@ -208,7 +354,7 @@ class Pusher(object):
            )
            if self.failing_since:
                self.failing_since = None
-                yield self.store.update_pusher_failing_since(
+                self.store.update_pusher_failing_since(
                    self.app_id,
                    self.pushkey,
                    self.user_name,
@@ -216,7 +362,7 @@ class Pusher(object):
        else:
            if not self.failing_since:
                self.failing_since = self.clock.time_msec()
-                yield self.store.update_pusher_failing_since(
+                self.store.update_pusher_failing_since(
                    self.app_id,
                    self.pushkey,
                    self.user_name,
@@ -234,7 +380,7 @@ class Pusher(object):
                            self.user_name, self.pushkey)
                self.backoff_delay = Pusher.INITIAL_BACKOFF
                self.last_token = chunk['end']
-                yield self.store.update_pusher_last_token(
+                self.store.update_pusher_last_token(
                    self.app_id,
                    self.pushkey,
                    self.user_name,
@@ -242,7 +388,7 @@ class Pusher(object):
                )

                self.failing_since = None
-                yield self.store.update_pusher_failing_since(
+                self.store.update_pusher_failing_since(
                    self.app_id,
                    self.pushkey,
                    self.user_name,
@@ -294,6 +440,27 @@ class Pusher(object):
                    self.has_unread = False


+def _value_for_dotted_key(dotted_key, event):
+    parts = dotted_key.split(".")
+    val = event
+    while len(parts) > 0:
+        if parts[0] not in val:
+            return None
+        val = val[parts[0]]
+        parts = parts[1:]
+    return val
+
+
+def _tweaks_for_actions(actions):
+    tweaks = {}
+    for a in actions:
+        if not isinstance(a, dict):
+            continue
+        if 'set_tweak' in a and 'value' in a:
+            tweaks[a['set_tweak']] = a['value']
+    return tweaks
+
+
 class PusherConfigException(Exception):
    def __init__(self, msg):
        super(PusherConfigException, self).__init__(msg)
--- a/synapse/push/baserules.py
+++ b/synapse/push/baserules.py
@@ -164,7 +164,7 @@ def make_base_append_underride_rules(user):
            ]
        },
        {
-            'rule_id': 'global/underride/.m.rule.contains_display_name',
+            'rule_id': 'global/override/.m.rule.contains_display_name',
            'conditions': [
                {
                    'kind': 'contains_display_name'
@@ -247,7 +247,6 @@ def make_base_append_underride_rules(user):
        },
        {
            'rule_id': 'global/underride/.m.rule.message',
-            'enabled': False,
            'conditions': [
                {
                    'kind': 'event_match',
--- a/synapse/push/httppusher.py
+++ b/synapse/push/httppusher.py
@@ -14,6 +14,7 @@
 # limitations under the License.

 from synapse.push import Pusher, PusherConfigException
+from synapse.http.client import SimpleHttpClient

 from twisted.internet import defer

@@ -45,7 +46,7 @@ class HttpPusher(Pusher):
                "'url' required in data for HTTP pusher"
            )
        self.url = data['url']
-        self.http_client = _hs.get_simple_http_client()
+        self.httpCli = SimpleHttpClient(self.hs)
        self.data_minus_url = {}
        self.data_minus_url.update(self.data)
        del self.data_minus_url['url']
@@ -106,7 +107,7 @@ class HttpPusher(Pusher):
        if not notification_dict:
            defer.returnValue([])
        try:
-            resp = yield self.http_client.post_json_get_json(self.url, notification_dict)
+            resp = yield self.httpCli.post_json_get_json(self.url, notification_dict)
        except:
            logger.warn("Failed to push %s ", self.url)
            defer.returnValue(False)
@@ -137,7 +138,7 @@ class HttpPusher(Pusher):
            }
        }
        try:
-            resp = yield self.http_client.post_json_get_json(self.url, d)
+            resp = yield self.httpCli.post_json_get_json(self.url, d)
        except:
            logger.exception("Failed to push %s ", self.url)
            defer.returnValue(False)
--- a/synapse/push/push_rule_evaluator.py
+++ b/synapse/push/push_rule_evaluator.py
@@ -1,224 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from twisted.internet import defer
-
-from synapse.types import UserID
-
-import baserules
-
-import logging
-import simplejson as json
-import re
-
-logger = logging.getLogger(__name__)
-
-
-@defer.inlineCallbacks
-def evaluator_for_user_name_and_profile_tag(user_name, profile_tag, room_id, store):
-    rawrules = yield store.get_push_rules_for_user(user_name)
-    enabled_map = yield store.get_push_rules_enabled_for_user(user_name)
-    our_member_event = yield store.get_current_state(
-        room_id=room_id,
-        event_type='m.room.member',
-        state_key=user_name,
-    )
-
-    defer.returnValue(PushRuleEvaluator(
-        user_name, profile_tag, rawrules, enabled_map,
-        room_id, our_member_event, store
-    ))
-
-
-class PushRuleEvaluator:
-    DEFAULT_ACTIONS = ['dont_notify']
-    INEQUALITY_EXPR = re.compile("^([=<>]*)([0-9]*)$")
-
-    def __init__(self, user_name, profile_tag, raw_rules, enabled_map, room_id,
-                 our_member_event, store):
-        self.user_name = user_name
-        self.profile_tag = profile_tag
-        self.room_id = room_id
-        self.our_member_event = our_member_event
-        self.store = store
-
-        rules = []
-        for raw_rule in raw_rules:
-            rule = dict(raw_rule)
-            rule['conditions'] = json.loads(raw_rule['conditions'])
-            rule['actions'] = json.loads(raw_rule['actions'])
-            rules.append(rule)
-
-        user = UserID.from_string(self.user_name)
-        self.rules = baserules.list_with_base_rules(rules, user)
-
-        self.enabled_map = enabled_map
-
-    @staticmethod
-    def tweaks_for_actions(actions):
-        tweaks = {}
-        for a in actions:
-            if not isinstance(a, dict):
-                continue
-            if 'set_tweak' in a and 'value' in a:
-                tweaks[a['set_tweak']] = a['value']
-        return tweaks
-
-    @defer.inlineCallbacks
-    def actions_for_event(self, ev):
-        """
-        This should take into account notification settings that the user
-        has configured both globally and per-room when we have the ability
-        to do such things.
-        """
-        if ev['user_id'] == self.user_name:
-            # let's assume you probably know about messages you sent yourself
-            defer.returnValue(['dont_notify'])
-
-        room_id = ev['room_id']
-
-        # get *our* member event for display name matching
-        my_display_name = None
-
-        if self.our_member_event:
-            my_display_name = self.our_member_event[0].content.get("displayname")
-
-        room_members = yield self.store.get_users_in_room(room_id)
-        room_member_count = len(room_members)
-
-        for r in self.rules:
-            if r['rule_id'] in self.enabled_map:
-                r['enabled'] = self.enabled_map[r['rule_id']]
-            elif 'enabled' not in r:
-                r['enabled'] = True
-            if not r['enabled']:
-                continue
-            matches = True
-
-            conditions = r['conditions']
-            actions = r['actions']
-
-            for c in conditions:
-                matches &= self._event_fulfills_condition(
-                    ev, c, display_name=my_display_name,
-                    room_member_count=room_member_count
-                )
-            logger.debug(
-                "Rule %s %s",
-                r['rule_id'], "matches" if matches else "doesn't match"
-            )
-            # ignore rules with no actions (we have an explict 'dont_notify')
-            if len(actions) == 0:
-                logger.warn(
-                    "Ignoring rule id %s with no actions for user %s",
-                    r['rule_id'], self.user_name
-                )
-                continue
-            if matches:
-                logger.info(
-                    "%s matches for user %s, event %s",
-                    r['rule_id'], self.user_name, ev['event_id']
-                )
-                defer.returnValue(actions)
-
-        logger.info(
-            "No rules match for user %s, event %s",
-            self.user_name, ev['event_id']
-        )
-        defer.returnValue(PushRuleEvaluator.DEFAULT_ACTIONS)
-
-    @staticmethod
-    def _glob_to_regexp(glob):
-        r = re.escape(glob)
-        r = re.sub(r'\\\*', r'.*?', r)
-        r = re.sub(r'\\\?', r'.', r)
-
-        # handle [abc], [a-z] and [!a-z] style ranges.
-        r = re.sub(r'\\\[(\\\!|)(.*)\\\]',
-                   lambda x: ('[%s%s]' % (x.group(1) and '^' or '',
-                                          re.sub(r'\\\-', '-', x.group(2)))), r)
-        return r
-
-    def _event_fulfills_condition(self, ev, condition, display_name, room_member_count):
-        if condition['kind'] == 'event_match':
-            if 'pattern' not in condition:
-                logger.warn("event_match condition with no pattern")
-                return False
-            # XXX: optimisation: cache our pattern regexps
-            if condition['key'] == 'content.body':
-                r = r'\b%s\b' % self._glob_to_regexp(condition['pattern'])
-            else:
-                r = r'^%s$' % self._glob_to_regexp(condition['pattern'])
-            val = _value_for_dotted_key(condition['key'], ev)
-            if val is None:
-                return False
-            return re.search(r, val, flags=re.IGNORECASE) is not None
-
-        elif condition['kind'] == 'device':
-            if 'profile_tag' not in condition:
-                return True
-            return condition['profile_tag'] == self.profile_tag
-
-        elif condition['kind'] == 'contains_display_name':
-            # This is special because display names can be different
-            # between rooms and so you can't really hard code it in a rule.
-            # Optimisation: we should cache these names and update them from
-            # the event stream.
-            if 'content' not in ev or 'body' not in ev['content']:
-                return False
-            if not display_name:
-                return False
-            return re.search(
-                r"\b%s\b" % re.escape(display_name), ev['content']['body'],
-                flags=re.IGNORECASE
-            ) is not None
-
-        elif condition['kind'] == 'room_member_count':
-            if 'is' not in condition:
-                return False
-            m = PushRuleEvaluator.INEQUALITY_EXPR.match(condition['is'])
-            if not m:
-                return False
-            ineq = m.group(1)
-            rhs = m.group(2)
-            if not rhs.isdigit():
-                return False
-            rhs = int(rhs)
-
-            if ineq == '' or ineq == '==':
-                return room_member_count == rhs
-            elif ineq == '<':
-                return room_member_count < rhs
-            elif ineq == '>':
-                return room_member_count > rhs
-            elif ineq == '>=':
-                return room_member_count >= rhs
-            elif ineq == '<=':
-                return room_member_count <= rhs
-            else:
-                return False
-        else:
-            return True
-
-
-def _value_for_dotted_key(dotted_key, event):
-    parts = dotted_key.split(".")
-    val = event
-    while len(parts) > 0:
-        if parts[0] not in val:
-            return None
-        val = val[parts[0]]
-        parts = parts[1:]
-    return val
--- a/synapse/push/pusherpool.py
+++ b/synapse/push/pusherpool.py
@@ -94,14 +94,17 @@ class PusherPool:
                self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])

    @defer.inlineCallbacks
-    def remove_pushers_by_user(self, user_id):
+    def remove_pushers_by_user_access_token(self, user_id, not_access_token_id):
        all = yield self.store.get_all_pushers()
        logger.info(
-            "Removing all pushers for user %s",
-            user_id,
+            "Removing all pushers for user %s except access token %s",
+            user_id, not_access_token_id
        )
        for p in all:
-            if p['user_name'] == user_id:
+            if (
+                p['user_name'] == user_id and
+                p['access_token'] != not_access_token_id
+            ):
                logger.info(
                    "Removing pusher for app id %s, pushkey %s, user %s",
                    p['app_id'], p['pushkey'], p['user_name']
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -18,24 +18,19 @@ from distutils.version import LooseVersion
 logger = logging.getLogger(__name__)

 REQUIREMENTS = {
-    "frozendict>=0.4": ["frozendict"],
-    "unpaddedbase64>=1.0.1": ["unpaddedbase64>=1.0.1"],
-    "canonicaljson>=1.0.0": ["canonicaljson>=1.0.0"],
-    "signedjson>=1.0.0": ["signedjson>=1.0.0"],
-    "pynacl>=0.3.0": ["nacl>=0.3.0", "nacl.bindings"],
+    "syutil>=0.0.7": ["syutil>=0.0.7"],
+    "Twisted==14.0.2": ["twisted==14.0.2"],
    "service_identity>=1.0.0": ["service_identity>=1.0.0"],
-    "Twisted>=15.1.0": ["twisted>=15.1.0"],
    "pyopenssl>=0.14": ["OpenSSL>=0.14"],
    "pyyaml": ["yaml"],
    "pyasn1": ["pyasn1"],
+    "pynacl>=0.0.3": ["nacl>=0.0.3"],
    "daemonize": ["daemonize"],
    "py-bcrypt": ["bcrypt"],
+    "frozendict>=0.4": ["frozendict"],
    "pillow": ["PIL"],
    "pydenticon": ["pydenticon"],
    "ujson": ["ujson"],
-    "blist": ["blist"],
-    "pysaml2": ["saml2"],
-    "pymacaroons-pynacl": ["pymacaroons"],
 }
 CONDITIONAL_REQUIREMENTS = {
    "web_client": {
@@ -46,8 +41,8 @@ CONDITIONAL_REQUIREMENTS = {

 def requirements(config=None, include_conditional=False):
    reqs = REQUIREMENTS.copy()
-    if include_conditional:
-        for _, req in CONDITIONAL_REQUIREMENTS.items():
+    for key, req in CONDITIONAL_REQUIREMENTS.items():
+        if (config and getattr(config, key)) or include_conditional:
            reqs.update(req)
    return reqs

@@ -55,15 +50,22 @@ def requirements(config=None, include_conditional=False):
 def github_link(project, version, egg):
    return "https://github.com/%s/tarball/%s/#egg=%s" % (project, version, egg)

-DEPENDENCY_LINKS = {
-}
+DEPENDENCY_LINKS = [
+    github_link(
+        project="matrix-org/syutil",
+        version="v0.0.7",
+        egg="syutil-0.0.7",
+    ),
+    github_link(
+        project="matrix-org/matrix-angular-sdk",
+        version="v0.6.6",
+        egg="matrix_angular_sdk-0.6.6",
+    ),
+]


 class MissingRequirementError(Exception):
-    def __init__(self, message, module_name, dependency):
-        super(MissingRequirementError, self).__init__(message)
-        self.module_name = module_name
-        self.dependency = dependency
+    pass


 def check_requirements(config=None):
@@ -91,7 +93,7 @@ def check_requirements(config=None):
                )
                raise MissingRequirementError(
                    "Can't import %r which is part of %r"
-                    % (module_name, dependency), module_name, dependency
+                    % (module_name, dependency)
                )
            version = getattr(module, "__version__", None)
            file_path = getattr(module, "__file__", None)
@@ -104,32 +106,30 @@ def check_requirements(config=None):
                if version is None:
                    raise MissingRequirementError(
                        "Version of %r isn't set as __version__ of module %r"
-                        % (dependency, module_name), module_name, dependency
+                        % (dependency, module_name)
                    )
                if LooseVersion(version) < LooseVersion(required_version):
                    raise MissingRequirementError(
                        "Version of %r in %r is too old. %r < %r"
-                        % (dependency, file_path, version, required_version),
-                        module_name, dependency
+                        % (dependency, file_path, version, required_version)
                    )
            elif version_test == "==":
                if version is None:
                    raise MissingRequirementError(
                        "Version of %r isn't set as __version__ of module %r"
-                        % (dependency, module_name), module_name, dependency
+                        % (dependency, module_name)
                    )
                if LooseVersion(version) != LooseVersion(required_version):
                    raise MissingRequirementError(
                        "Unexpected version of %r in %r. %r != %r"
-                        % (dependency, file_path, version, required_version),
-                        module_name, dependency
+                        % (dependency, file_path, version, required_version)
                    )


 def list_requirements():
    result = []
    linked = []
-    for link in DEPENDENCY_LINKS.values():
+    for link in DEPENDENCY_LINKS:
        egg = link.split("#egg=")[1]
        linked.append(egg.split('-')[0])
        result.append(link)
--- a/synapse/rest/init.py
+++ b/synapse/rest/init.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright 2014, 2015 OpenMarket Ltd
+# Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,69 +12,3 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
-from synapse.rest.client.v1 import (
-    room,
-    events,
-    profile,
-    presence,
-    initial_sync,
-    directory,
-    voip,
-    admin,
-    pusher,
-    push_rule,
-    register as v1_register,
-    login as v1_login,
-)
-
-from synapse.rest.client.v2_alpha import (
-    sync,
-    filter,
-    account,
-    register,
-    auth,
-    receipts,
-    keys,
-    tokenrefresh,
-    tags,
-    account_data,
-)
-
-from synapse.http.server import JsonResource
-
-
-class ClientRestResource(JsonResource):
-    """A resource for version 1 of the matrix client API."""
-
-    def __init__(self, hs):
-        JsonResource.__init__(self, hs, canonical_json=False)
-        self.register_servlets(self, hs)
-
-    @staticmethod
-    def register_servlets(client_resource, hs):
-        # "v1"
-        room.register_servlets(hs, client_resource)
-        events.register_servlets(hs, client_resource)
-        v1_register.register_servlets(hs, client_resource)
-        v1_login.register_servlets(hs, client_resource)
-        profile.register_servlets(hs, client_resource)
-        presence.register_servlets(hs, client_resource)
-        initial_sync.register_servlets(hs, client_resource)
-        directory.register_servlets(hs, client_resource)
-        voip.register_servlets(hs, client_resource)
-        admin.register_servlets(hs, client_resource)
-        pusher.register_servlets(hs, client_resource)
-        push_rule.register_servlets(hs, client_resource)
-
-        # "v2"
-        sync.register_servlets(hs, client_resource)
-        filter.register_servlets(hs, client_resource)
-        account.register_servlets(hs, client_resource)
-        register.register_servlets(hs, client_resource)
-        auth.register_servlets(hs, client_resource)
-        receipts.register_servlets(hs, client_resource)
-        keys.register_servlets(hs, client_resource)
-        tokenrefresh.register_servlets(hs, client_resource)
-        tags.register_servlets(hs, client_resource)
-        account_data.register_servlets(hs, client_resource)
--- a/synapse/rest/client/v1/init.py
+++ b/synapse/rest/client/v1/init.py
@@ -12,3 +12,33 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+from . import (
+    room, events, register, login, profile, presence, initial_sync, directory,
+    voip, admin, pusher, push_rule
+)
+
+from synapse.http.server import JsonResource
+
+
+class ClientV1RestResource(JsonResource):
+    """A resource for version 1 of the matrix client API."""
+
+    def __init__(self, hs):
+        JsonResource.__init__(self, hs, canonical_json=False)
+        self.register_servlets(self, hs)
+
+    @staticmethod
+    def register_servlets(client_resource, hs):
+        room.register_servlets(hs, client_resource)
+        events.register_servlets(hs, client_resource)
+        register.register_servlets(hs, client_resource)
+        login.register_servlets(hs, client_resource)
+        profile.register_servlets(hs, client_resource)
+        presence.register_servlets(hs, client_resource)
+        initial_sync.register_servlets(hs, client_resource)
+        directory.register_servlets(hs, client_resource)
+        voip.register_servlets(hs, client_resource)
+        admin.register_servlets(hs, client_resource)
+        pusher.register_servlets(hs, client_resource)
+        push_rule.register_servlets(hs, client_resource)
--- a/synapse/rest/client/v1/admin.py
+++ b/synapse/rest/client/v1/admin.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import AuthError, SynapseError
 from synapse.types import UserID

-from base import ClientV1RestServlet, client_path_patterns
+from base import ClientV1RestServlet, client_path_pattern

 import logging

@@ -26,12 +26,12 @@ logger = logging.getLogger(__name__)


 class WhoisRestServlet(ClientV1RestServlet):
-    PATTERNS = client_path_patterns("/admin/whois/(?P<user_id>[^/]*)")
+    PATTERN = client_path_pattern("/admin/whois/(?P<user_id>[^/]*)")

    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
        target_user = UserID.from_string(user_id)
-        auth_user, _, _ = yield self.auth.get_user_by_req(request)
+        auth_user, client = yield self.auth.get_user_by_req(request)
        is_admin = yield self.auth.is_server_admin(auth_user)

        if not is_admin and target_user != auth_user:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Paul "LeoNerd" Evans	6081842b0b	Add some rest-level unit tests of new 'published' room creation config key	2015-06-18 15:05:26 +01:00
Paul "LeoNerd" Evans	1ecbb260d0	Fix logging description name in get_published_rooms()	2015-06-18 15:00:50 +01:00
Paul "LeoNerd" Evans	a197d2492f	Rename store_room()'s is_public parameter to published; default it from the badly-named "visiblity" parameter but allow a new "published" to override it	2015-06-18 14:27:23 +01:00
Paul "LeoNerd" Evans	7c5315b1a8	Since store.get_rooms() is only ever called with is_public=True, just fold that inline + rename the method to .get_published_rooms()	2015-06-18 14:15:20 +01:00
Paul "LeoNerd" Evans	4909cd0202	Rename get_public_room_ids() to get_published_room_ids()	2015-06-18 14:07:41 +01:00
Paul "LeoNerd" Evans	0dd8953cbc	Rename get_public_room_list() to get_published_rooms()	2015-06-18 14:00:23 +01:00