rename

delete
add a .
2019-03-19 11:23:18 +00:00 · 2019-03-19 10:51:50 +00:00 · 2019-03-19 10:50:20 +00:00 · 2019-03-19 10:47:39 +00:00 · 2019-03-19 10:44:16 +00:00 · 2019-03-19 10:41:32 +00:00
147 changed files with 1081 additions and 2567 deletions
@@ -90,17 +90,6 @@ steps:
          image: "python:3.7"
          propagate-environment: true

-  - command:
-      - "python -m pip install tox"
-      - "tox -e py27-old,codecov"
-    label: ":python: 2.7 / SQLite / Old Deps"
-    env:
-      TRIAL_FLAGS: "-j 2"
-    plugins:
-      - docker#v3.0.1:
-          image: "python:2.7"
-          propagate-environment: true
-
  - label: ":python: 2.7 / :postgres: 9.4"
    env:
      TRIAL_FLAGS: "-j 4"
@@ -1,122 +1,3 @@
-Synapse 0.99.3.2 (2019-05-03)
-=============================
-
-Internal Changes
----------------
-
- Ensure that we have `urllib3` <1.25, to resolve incompatibility with `requests`. ([\#5135](https://github.com/matrix-org/synapse/issues/5135))
-
-
-Synapse 0.99.3.1 (2019-05-03)
-=============================
-
-Security update
---------------
-
-This release includes two security fixes:
-
- Switch to using a cryptographically-secure random number generator for token strings, ensuring they cannot be predicted by an attacker. Thanks to @opnsec for identifying and responsibly disclosing this issue! ([\#5133](https://github.com/matrix-org/synapse/issues/5133))
- Blacklist 0.0.0.0 and :: by default for URL previews. Thanks to @opnsec for identifying and responsibly disclosing this issue too! ([\#5134](https://github.com/matrix-org/synapse/issues/5134))
-
-Synapse 0.99.3 (2019-04-01)
-===========================
-
-No significant changes.
-
-
-Synapse 0.99.3rc1 (2019-03-27)
-==============================
-
-Features
--------
-
- The user directory has been rewritten to make it faster, with less chance of falling behind on a large server. ([\#4537](https://github.com/matrix-org/synapse/issues/4537), [\#4846](https://github.com/matrix-org/synapse/issues/4846), [\#4864](https://github.com/matrix-org/synapse/issues/4864), [\#4887](https://github.com/matrix-org/synapse/issues/4887), [\#4900](https://github.com/matrix-org/synapse/issues/4900), [\#4944](https://github.com/matrix-org/synapse/issues/4944))
- Add configurable rate limiting to the /register endpoint. ([\#4735](https://github.com/matrix-org/synapse/issues/4735), [\#4804](https://github.com/matrix-org/synapse/issues/4804))
- Move server key queries to federation reader. ([\#4757](https://github.com/matrix-org/synapse/issues/4757))
- Add support for /account/3pid REST endpoint to client_reader worker. ([\#4759](https://github.com/matrix-org/synapse/issues/4759))
- Add an endpoint to the admin API for querying the server version. Contributed by Joseph Weston. ([\#4772](https://github.com/matrix-org/synapse/issues/4772))
- Include a default configuration file in the 'docs' directory. ([\#4791](https://github.com/matrix-org/synapse/issues/4791), [\#4801](https://github.com/matrix-org/synapse/issues/4801))
- Synapse is now permissive about trailing slashes on some of its federation endpoints, allowing zero or more to be present. ([\#4793](https://github.com/matrix-org/synapse/issues/4793))
- Add support for /keys/query and /keys/changes REST endpoints to client_reader worker. ([\#4796](https://github.com/matrix-org/synapse/issues/4796))
- Add checks to incoming events over federation for events evading auth (aka "soft fail"). ([\#4814](https://github.com/matrix-org/synapse/issues/4814))
- Add configurable rate limiting to the /login endpoint. ([\#4821](https://github.com/matrix-org/synapse/issues/4821), [\#4865](https://github.com/matrix-org/synapse/issues/4865))
- Remove trailing slashes from certain outbound federation requests. Retry if receiving a 404. Context: #3622. ([\#4840](https://github.com/matrix-org/synapse/issues/4840))
- Allow passing --daemonize flags to workers in the same way as with master. ([\#4853](https://github.com/matrix-org/synapse/issues/4853))
- Batch up outgoing read-receipts to reduce federation traffic. ([\#4890](https://github.com/matrix-org/synapse/issues/4890), [\#4927](https://github.com/matrix-org/synapse/issues/4927))
- Add option to disable searching the user directory. ([\#4895](https://github.com/matrix-org/synapse/issues/4895))
- Add option to disable searching of local and remote public room lists. ([\#4896](https://github.com/matrix-org/synapse/issues/4896))
- Add ability for password providers to login/register a user via 3PID (email, phone). ([\#4931](https://github.com/matrix-org/synapse/issues/4931))
-
-
-Bugfixes
--------
-
- Fix a bug where media with spaces in the name would get a corrupted name. ([\#2090](https://github.com/matrix-org/synapse/issues/2090))
- Fix attempting to paginate in rooms where server cannot see any events, to avoid unnecessarily pulling in lots of redacted events. ([\#4699](https://github.com/matrix-org/synapse/issues/4699))
- 'event_id' is now a required parameter in federated state requests, as per the matrix spec. ([\#4740](https://github.com/matrix-org/synapse/issues/4740))
- Fix tightloop over connecting to replication server. ([\#4749](https://github.com/matrix-org/synapse/issues/4749))
- Fix parsing of Content-Disposition headers on remote media requests and URL previews. ([\#4763](https://github.com/matrix-org/synapse/issues/4763))
- Fix incorrect log about not persisting duplicate state event. ([\#4776](https://github.com/matrix-org/synapse/issues/4776))
- Fix v4v6 option in HAProxy example config. Contributed by Flakebi. ([\#4790](https://github.com/matrix-org/synapse/issues/4790))
- Handle batch updates in worker replication protocol. ([\#4792](https://github.com/matrix-org/synapse/issues/4792))
- Fix bug where we didn't correctly throttle sending of USER_IP commands over replication. ([\#4818](https://github.com/matrix-org/synapse/issues/4818))
- Fix potential race in handling missing updates in device list updates. ([\#4829](https://github.com/matrix-org/synapse/issues/4829))
- Fix bug where synapse expected an un-specced `prev_state` field on state events. ([\#4837](https://github.com/matrix-org/synapse/issues/4837))
- Transfer a user's notification settings (push rules) on room upgrade. ([\#4838](https://github.com/matrix-org/synapse/issues/4838))
- fix test_auto_create_auto_join_where_no_consent. ([\#4886](https://github.com/matrix-org/synapse/issues/4886))
- Fix a bug where hs_disabled_message was sometimes not correctly enforced. ([\#4888](https://github.com/matrix-org/synapse/issues/4888))
- Fix bug in shutdown room admin API where it would fail if a user in the room hadn't consented to the privacy policy. ([\#4904](https://github.com/matrix-org/synapse/issues/4904))
- Fix bug where blocked world-readable rooms were still peekable. ([\#4908](https://github.com/matrix-org/synapse/issues/4908))
-
-
-Internal Changes
----------------
-
- Add a systemd setup that supports synapse workers. Contributed by Luca Corbatto. ([\#4662](https://github.com/matrix-org/synapse/issues/4662))
- Change from TravisCI to Buildkite for CI. ([\#4752](https://github.com/matrix-org/synapse/issues/4752))
- When presence is disabled don't send over replication. ([\#4757](https://github.com/matrix-org/synapse/issues/4757))
- Minor docstring fixes for MatrixFederationAgent. ([\#4765](https://github.com/matrix-org/synapse/issues/4765))
- Optimise EDU transmission for the federation_sender worker. ([\#4770](https://github.com/matrix-org/synapse/issues/4770))
- Update test_typing to use HomeserverTestCase. ([\#4771](https://github.com/matrix-org/synapse/issues/4771))
- Update URLs for riot.im icons and logos in the default notification templates. ([\#4779](https://github.com/matrix-org/synapse/issues/4779))
- Removed unnecessary $ from some federation endpoint path regexes. ([\#4794](https://github.com/matrix-org/synapse/issues/4794))
- Remove link to deleted title in README. ([\#4795](https://github.com/matrix-org/synapse/issues/4795))
- Clean up read-receipt handling. ([\#4797](https://github.com/matrix-org/synapse/issues/4797))
- Add some debug about processing read receipts. ([\#4798](https://github.com/matrix-org/synapse/issues/4798))
- Clean up some replication code. ([\#4799](https://github.com/matrix-org/synapse/issues/4799))
- Add some docstrings. ([\#4815](https://github.com/matrix-org/synapse/issues/4815))
- Add debug logger to try and track down #4422. ([\#4816](https://github.com/matrix-org/synapse/issues/4816))
- Make shutdown API send explanation message to room after users have been forced joined. ([\#4817](https://github.com/matrix-org/synapse/issues/4817))
- Update example_log_config.yaml. ([\#4820](https://github.com/matrix-org/synapse/issues/4820))
- Document the `generate` option for the docker image. ([\#4824](https://github.com/matrix-org/synapse/issues/4824))
- Fix check-newsfragment for debian-only changes. ([\#4825](https://github.com/matrix-org/synapse/issues/4825))
- Add some debug logging for device list updates to help with #4828. ([\#4828](https://github.com/matrix-org/synapse/issues/4828))
- Improve federation documentation, specifically .well-known support. Many thanks to @vaab. ([\#4832](https://github.com/matrix-org/synapse/issues/4832))
- Disable captcha registration by default in unit tests. ([\#4839](https://github.com/matrix-org/synapse/issues/4839))
- Add stuff back to the .gitignore. ([\#4843](https://github.com/matrix-org/synapse/issues/4843))
- Clarify what registration_shared_secret allows for. ([\#4844](https://github.com/matrix-org/synapse/issues/4844))
- Correctly log expected errors when fetching server keys. ([\#4847](https://github.com/matrix-org/synapse/issues/4847))
- Update install docs to explicitly state a full-chain (not just the top-level) TLS certificate must be provided to Synapse. This caused some people's Synapse ports to appear correct in a browser but still (rightfully so) upset the federation tester. ([\#4849](https://github.com/matrix-org/synapse/issues/4849))
- Move client read-receipt processing to federation sender worker. ([\#4852](https://github.com/matrix-org/synapse/issues/4852))
- Refactor federation TransactionQueue. ([\#4855](https://github.com/matrix-org/synapse/issues/4855))
- Comment out most options in the generated config. ([\#4863](https://github.com/matrix-org/synapse/issues/4863))
- Fix yaml library warnings by using safe_load. ([\#4869](https://github.com/matrix-org/synapse/issues/4869))
- Update Apache setup to remove location syntax. Thanks to @cwmke! ([\#4870](https://github.com/matrix-org/synapse/issues/4870))
- Reinstate test case that runs unit tests against oldest supported dependencies. ([\#4879](https://github.com/matrix-org/synapse/issues/4879))
- Update link to federation docs. ([\#4881](https://github.com/matrix-org/synapse/issues/4881))
- fix test_auto_create_auto_join_where_no_consent. ([\#4886](https://github.com/matrix-org/synapse/issues/4886))
- Use a regular HomeServerConfig object for unit tests rater than a Mock. ([\#4889](https://github.com/matrix-org/synapse/issues/4889))
- Add some notes about tuning postgres for larger deployments. ([\#4895](https://github.com/matrix-org/synapse/issues/4895))
- Add a config option for torture-testing worker replication. ([\#4902](https://github.com/matrix-org/synapse/issues/4902))
- Log requests which are simulated by the unit tests. ([\#4905](https://github.com/matrix-org/synapse/issues/4905))
- Allow newsfragments to end with exclamation marks. Exciting! ([\#4912](https://github.com/matrix-org/synapse/issues/4912))
- Refactor some more tests to use HomeserverTestCase. ([\#4913](https://github.com/matrix-org/synapse/issues/4913))
- Refactor out the state deltas portion of the user directory store and handler. ([\#4917](https://github.com/matrix-org/synapse/issues/4917))
- Fix nginx example in ACME doc. ([\#4923](https://github.com/matrix-org/synapse/issues/4923))
- Use an explicit dbname for postgres connections in the tests. ([\#4928](https://github.com/matrix-org/synapse/issues/4928))
- Fix `ClientReplicationStreamProtocol.__str__()`. ([\#4929](https://github.com/matrix-org/synapse/issues/4929))
-
-
 Synapse 0.99.2 (2019-03-01)
 ===========================

@@ -384,7 +384,7 @@ To configure Synapse to expose an HTTPS port, you will need to edit
  `cert.pem`).

 For those of you upgrading your TLS certificate in readiness for Synapse 1.0,
-please take a look at [our guide](docs/MSC1711_certificates_FAQ.md#configuring-certificates-for-compatibility-with-synapse-100).
+please take a look at `our guide <docs/MSC1711_certificates_FAQ.md#configuring-certificates-for-compatibility-with-synapse-100>`_.

 ## Registering a user

@@ -0,0 +1 @@
+Fix a bug where media with spaces in the name would get a corrupted name.
@@ -0,0 +1 @@
+The user directory has been rewritten to make it faster, with less chance of falling behind on a large server.
@@ -0,0 +1 @@
+Add a systemd setup that supports synapse workers. Contributed by Luca Corbatto.
@@ -0,0 +1 @@
+Fix attempting to paginate in rooms where server cannot see any events, to avoid unnecessarily pulling in lots of redacted events.
@@ -0,0 +1 @@
+Add configurable rate limiting to the /register endpoint.
@@ -0,0 +1 @@
+'event_id' is now a required parameter in federated state requests, as per the matrix spec.
@@ -0,0 +1 @@
+Fix tightloop over connecting to replication server.
@@ -0,0 +1 @@
+Change from TravisCI to Buildkite for CI.
@@ -0,0 +1 @@
+Move server key queries to federation reader.
@@ -0,0 +1 @@
+When presence is disabled don't send over replication.
@@ -0,0 +1 @@
+Add support for /account/3pid REST endpoint to client_reader worker.
@@ -0,0 +1 @@
+Fix parsing of Content-Disposition headers on remote media requests and URL previews.
@@ -0,0 +1 @@
+Minor docstring fixes for MatrixFederationAgent.
@@ -0,0 +1 @@
+Optimise EDU transmission for the federation_sender worker.
@@ -0,0 +1 @@
+Update test_typing to use HomeserverTestCase.
@@ -0,0 +1 @@
+Add an endpoint to the admin API for querying the server version. Contributed by Joseph Weston.
@@ -0,0 +1 @@
+Fix incorrect log about not persisting duplicate state event.
@@ -0,0 +1 @@
+Update URLs for riot.im icons and logos in the default notification templates.
@@ -0,0 +1 @@
+Fix v4v6 option in HAProxy example config. Contributed by Flakebi.
@@ -0,0 +1 @@
+Include a default configuration file in the 'docs' directory.
@@ -0,0 +1 @@
+Handle batch updates in worker replication protocol.
@@ -0,0 +1 @@
+Removed unnecessary $ from some federation endpoint path regexes.
@@ -0,0 +1 @@
+Remove link to deleted title in README.
@@ -0,0 +1 @@
+Add support for /keys/query and /keys/changes REST endpoints to client_reader worker.
@@ -0,0 +1 @@
+Clean up read-receipt handling.
@@ -0,0 +1 @@
+Add some debug about processing read receipts.
@@ -0,0 +1 @@
+Clean up some replication code.
@@ -0,0 +1 @@
+Include a default configuration file in the 'docs' directory.
@@ -0,0 +1 @@
+Add configurable rate limiting to the /register endpoint.
@@ -0,0 +1 @@
+Add checks to incoming events over federation for events evading auth (aka "soft fail").
@@ -0,0 +1 @@
+Add some docstrings.
@@ -0,0 +1 @@
+Add debug logger to try and track down #4422.
@@ -0,0 +1 @@
+Make shutdown API send explanation message to room after users have been forced joined.
@@ -0,0 +1 @@
+Fix bug where we didn't correctly throttle sending of USER_IP commands over replication.
@@ -0,0 +1 @@
+Update example_log_config.yaml.
@@ -0,0 +1 @@
+Add configurable rate limiting to the /login endpoint.
@@ -0,0 +1 @@
+Document the `generate` option for the docker image.
@@ -0,0 +1 @@
+Fix check-newsfragment for debian-only changes.
@@ -0,0 +1 @@
+Add some debug logging for device list updates to help with #4828.
@@ -0,0 +1 @@
+Fix potential race in handling missing updates in device list updates.
@@ -0,0 +1 @@
+Improve federation documentation, specifically .well-known support. Many thanks to @vaab.
@@ -0,0 +1 @@
+Fix bug where synapse expected an un-specced `prev_state` field on state events.
@@ -0,0 +1 @@
+Transfer a user's notification settings (push rules) on room upgrade.
@@ -0,0 +1 @@
+Disable captcha registration by default in unit tests.
@@ -0,0 +1 @@
+Add stuff back to the .gitignore.
@@ -0,0 +1 @@
+Clarify what registration_shared_secret allows for.
@@ -0,0 +1 @@
+The user directory has been rewritten to make it faster, with less chance of falling behind on a large server.
@@ -0,0 +1 @@
+Correctly log expected errors when fetching server keys.
@@ -0,0 +1 @@
+Update install docs to explicitly state a full-chain (not just the top-level) TLS certificate must be provided to Synapse. This caused some people's Synapse ports to appear correct in a browser but still (rightfully so) upset the federation tester.
@@ -0,0 +1 @@
+ Move client read-receipt processing to federation sender worker.
@@ -0,0 +1 @@
+Allow passing --daemonize flags to workers in the same way as with master.
@@ -0,0 +1 @@
+Refactor federation TransactionQueue.
@@ -0,0 +1 @@
+fix test_auto_create_auto_join_where_no_consent.
@@ -0,0 +1 @@
+fix test_auto_create_auto_join_where_no_consent.
@@ -1,24 +1,8 @@
-matrix-synapse-py3 (0.99.3.2) stable; urgency=medium
+matrix-synapse-py3 (0.99.3) UNRELEASED; urgency=medium

-  * New synapse release 0.99.3.2.
-
- -- Synapse Packaging team <packages@matrix.org>  Fri, 03 May 2019 18:56:20 +0100
-
-matrix-synapse-py3 (0.99.3.1) stable; urgency=medium
-
-  * New synapse release 0.99.3.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Fri, 03 May 2019 16:02:43 +0100
-
-matrix-synapse-py3 (0.99.3) stable; urgency=medium
-
-  [ Richard van der Hoff ]
  * Fix warning during preconfiguration. (Fixes: #4819)

-  [ Synapse Packaging team ]
-  * New synapse release 0.99.3.
-
- -- Synapse Packaging team <packages@matrix.org>  Mon, 01 Apr 2019 12:48:21 +0000
+ -- Richard van der Hoff <richard@matrix.org>  Thu, 07 Mar 2019 07:17:00 +0000

 matrix-synapse-py3 (0.99.2) stable; urgency=medium

@@ -55,8 +55,7 @@ RUN apt-get update -qq -o Acquire::Languages=none \
        python3-pip \
        python3-setuptools \
        python3-venv \
-        sqlite3 \
-        libpq-dev
+        sqlite3

 COPY --from=builder /dh-virtualenv_1.1-1_all.deb /

@@ -67,7 +67,7 @@ For nginx users, add the following line to your existing `server` block:

 ```
 location /.well-known/acme-challenge {
-    proxy_pass http://localhost:8009;
+    proxy_pass http://localhost:8009/;
 }
 ```

@@ -15,8 +15,8 @@ machine's public DNS hostname, and provide Synapse with a TLS certificate
 which is valid for your ``server_name``.

 Once you have completed the steps necessary to federate, you should be able to 
-join a room via federation. (A good place to start is ``#synapse:matrix.org`` - a 
-room for Synapse admins.)
+join a room via federation. (A good place to start is ``#synapse:matrix.org``
+- a room for Synapse admins.)


 ## Delegation
@@ -89,6 +89,7 @@ In our example, we would need to add this SRV record in the

     _matrix._tcp.example.com. 3600 IN SRV 10 5 443 synapse.example.com.

+
 Once done and set up, you can check the DNS record with ``dig -t srv
 _matrix._tcp.<server_name>``. In our example, we would expect this:

@@ -116,6 +117,7 @@ you invite them to. This can be caused by an incorrectly-configured reverse
 proxy: see [reverse_proxy.rst](<reverse_proxy.rst>) for instructions on how to correctly
 configure a reverse proxy.

+
 ## Running a Demo Federation of Synapses

 If you want to get up and running quickly with a trio of homeservers in a
@@ -75,20 +75,6 @@ Password auth provider classes may optionally provide the following methods.
    result from the ``/login`` call (including ``access_token``, ``device_id``,
    etc.)

-``someprovider.check_3pid_auth``\(*medium*, *address*, *password*)
-
-    This method, if implemented, is called when a user attempts to register or
-    log in with a third party identifier, such as email. It is passed the
-    medium (ex. "email"), an address (ex. "jdoe@example.com") and the user's
-    password.
-
-    The method should return a Twisted ``Deferred`` object, which resolves to
-    a ``str`` containing the user's (canonical) User ID if authentication was
-    successful, and ``None`` if not.
-
-    As with ``check_auth``, the ``Deferred`` may alternatively resolve to a
-    ``(user_id, callback)`` tuple.
-
 ``someprovider.check_password``\(*user_id*, *password*)

    This method provides a simpler interface than ``get_supported_login_types``
@@ -49,24 +49,6 @@ As with Debian/Ubuntu, postgres support depends on the postgres python connector
    export PATH=/usr/pgsql-9.4/bin/:$PATH
    pip install psycopg2

-Tuning Postgres
-===============
-
-The default settings should be fine for most deployments. For larger scale
-deployments tuning some of the settings is recommended, details of which can be
-found at https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server.
-
-In particular, we've found tuning the following values helpful for performance:
-
- ``shared_buffers``
- ``effective_cache_size``
- ``work_mem``
- ``maintenance_work_mem``
- ``autovacuum_work_mem``
-
-Note that the appropriate values for those fields depend on the amount of free
-memory the database host has available.
-
 Synapse config
 ==============

@@ -147,8 +129,8 @@ Once that has completed, change the synapse config to point at the PostgreSQL
 database configuration file ``homeserver-postgres.yaml``::

    ./synctl stop
-    mv homeserver.yaml homeserver-old-sqlite.yaml
-    mv homeserver-postgres.yaml homeserver.yaml
+    mv homeserver.yaml homeserver-old-sqlite.yaml 
+    mv homeserver-postgres.yaml homeserver.yaml 
    ./synctl start

 Synapse should now be running against PostgreSQL.
@@ -18,7 +18,7 @@ servers do not necessarily need to connect to your server via the same server
 name or port. Indeed, clients will use port 443 by default, whereas servers
 default to port 8448. Where these are different, we refer to the 'client port'
 and the 'federation port'. See `Setting up federation
-<federate.md>`_ for more details of the algorithm used for
+<../README.rst#setting-up-federation>`_ for more details of the algorithm used for
 federation connections.

 Let's assume that we expect clients to connect to our server at
@@ -69,16 +69,20 @@ Let's assume that we expect clients to connect to our server at
          SSLEngine on
          ServerName matrix.example.com;

-          ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
-          ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
+          <Location /_matrix>
+              ProxyPass http://127.0.0.1:8008/_matrix nocanon
+              ProxyPassReverse http://127.0.0.1:8008/_matrix
+          </Location>
      </VirtualHost>

      <VirtualHost *:8448>
          SSLEngine on
          ServerName example.com;
-          
-          ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon
-          ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix
+
+          <Location /_matrix>
+              ProxyPass http://127.0.0.1:8008/_matrix nocanon
+              ProxyPassReverse http://127.0.0.1:8008/_matrix
+          </Location>
      </VirtualHost>

 * HAProxy::
@@ -63,11 +63,11 @@ pid_file: DATADIR/homeserver.pid
 # Zero is used to indicate synapse should set the soft limit to the
 # hard limit.
 #
-#soft_file_limit: 0
+soft_file_limit: 0

 # Set to false to disable presence tracking on this homeserver.
 #
-#use_presence: false
+use_presence: true

 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
@@ -359,8 +359,7 @@ database:
    database: "DATADIR/homeserver.db"

 # Number of events to cache in memory.
-#
-#event_cache_size: 10K
+event_cache_size: "10K"


 ## Logging ##
@@ -374,11 +373,11 @@ log_config: "CONFDIR/SERVERNAME.log.config"

 # Number of messages a client can send per second
 #
-#rc_messages_per_second: 0.2
+rc_messages_per_second: 0.2

 # Number of message a client can send before being throttled
 #
-#rc_message_burst_count: 10.0
+rc_message_burst_count: 10.0

 # Ratelimiting settings for registration and login.
 #
@@ -393,9 +392,6 @@ log_config: "CONFDIR/SERVERNAME.log.config"
 #     address.
 #   - one for login that ratelimits login requests based on the account the
 #     client is attempting to log into.
-#   - one for login that ratelimits login requests based on the account the
-#     client is attempting to log into, based on the amount of failed login
-#     attempts for this account.
 #
 # The defaults are as shown below.
 #
@@ -410,41 +406,30 @@ log_config: "CONFDIR/SERVERNAME.log.config"
 #  account:
 #    per_second: 0.17
 #    burst_count: 3
-#  failed_attempts:
-#    per_second: 0.17
-#    burst_count: 3

 # The federation window size in milliseconds
 #
-#federation_rc_window_size: 1000
+federation_rc_window_size: 1000

 # The number of federation requests from a single server in a window
 # before the server will delay processing the request.
 #
-#federation_rc_sleep_limit: 10
+federation_rc_sleep_limit: 10

 # The duration in milliseconds to delay processing events from
 # remote servers by if they go over the sleep limit.
 #
-#federation_rc_sleep_delay: 500
+federation_rc_sleep_delay: 500

 # The maximum number of concurrent federation requests allowed
 # from a single server
 #
-#federation_rc_reject_limit: 50
+federation_rc_reject_limit: 50

 # The number of federation requests to concurrently process from a
 # single server
 #
-#federation_rc_concurrent: 3
-
-# Target outgoing federation transaction frequency for sending read-receipts,
-# per-room.
-#
-# If we end up trying to send out more read-receipts, they will get buffered up
-# into fewer transactions.
-#
-#federation_rr_transactions_per_room_per_second: 50
+federation_rc_concurrent: 3



@@ -473,11 +458,11 @@ uploads_path: "DATADIR/uploads"

 # The largest allowed upload size in bytes
 #
-#max_upload_size: 10M
+max_upload_size: "10M"

 # Maximum number of pixels that will be thumbnailed
 #
-#max_image_pixels: 32M
+max_image_pixels: "32M"

 # Whether to generate new thumbnails on the fly to precisely match
 # the resolution requested by the client. If true then whenever
@@ -485,33 +470,32 @@ uploads_path: "DATADIR/uploads"
 # generate a new thumbnail. If false the server will pick a thumbnail
 # from a precalculated list.
 #
-#dynamic_thumbnails: false
+dynamic_thumbnails: false

 # List of thumbnails to precalculate when an image is uploaded.
 #
-#thumbnail_sizes:
-#  - width: 32
-#    height: 32
-#    method: crop
-#  - width: 96
-#    height: 96
-#    method: crop
-#  - width: 320
-#    height: 240
-#    method: scale
-#  - width: 640
-#    height: 480
-#    method: scale
-#  - width: 800
-#    height: 600
-#    method: scale
+thumbnail_sizes:
+- width: 32
+  height: 32
+  method: crop
+- width: 96
+  height: 96
+  method: crop
+- width: 320
+  height: 240
+  method: scale
+- width: 640
+  height: 480
+  method: scale
+- width: 800
+  height: 600
+  method: scale

-# Is the preview URL API enabled?
+# Is the preview URL API enabled?  If enabled, you *must* specify
+# an explicit url_preview_ip_range_blacklist of IPs that the spider is
+# denied from accessing.
 #
-# 'false' by default: uncomment the following to enable it (and specify a
-# url_preview_ip_range_blacklist blacklist).
-#
-#url_preview_enabled: true
+url_preview_enabled: False

 # List of IP address CIDR ranges that the URL preview spider is denied
 # from accessing.  There are no defaults: you must explicitly
@@ -521,12 +505,6 @@ uploads_path: "DATADIR/uploads"
 # synapse to issue arbitrary GET requests to your internal services,
 # causing serious security issues.
 #
-# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
-# listed here, since they correspond to unroutable addresses.)
-#
-# This must be specified if url_preview_enabled is set. It is recommended that 
-# you uncomment the following list as a starting point.
-#
 #url_preview_ip_range_blacklist:
 #  - '127.0.0.0/8'
 #  - '10.0.0.0/8'
@@ -537,7 +515,7 @@ uploads_path: "DATADIR/uploads"
 #  - '::1/128'
 #  - 'fe80::/64'
 #  - 'fc00::/7'
-
+#
 # List of IP address CIDR ranges that the URL preview spider is allowed
 # to access even if they are specified in url_preview_ip_range_blacklist.
 # This is useful for specifying exceptions to wide-ranging blacklisted
@@ -582,8 +560,8 @@ uploads_path: "DATADIR/uploads"
 #  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'

 # The largest allowed URL preview spidering size in bytes
-#
-#max_spider_size: 10M
+max_spider_size: "10M"
+


 ## Captcha ##
@@ -591,25 +569,23 @@ uploads_path: "DATADIR/uploads"

 # This Home Server's ReCAPTCHA public key.
 #
-#recaptcha_public_key: "YOUR_PUBLIC_KEY"
+recaptcha_public_key: "YOUR_PUBLIC_KEY"

 # This Home Server's ReCAPTCHA private key.
 #
-#recaptcha_private_key: "YOUR_PRIVATE_KEY"
+recaptcha_private_key: "YOUR_PRIVATE_KEY"

 # Enables ReCaptcha checks when registering, preventing signup
 # unless a captcha is answered. Requires a valid ReCaptcha
 # public/private key.
 #
-#enable_registration_captcha: false
+enable_registration_captcha: False

 # A secret key used to bypass the captcha test entirely.
-#
 #captcha_bypass_secret: "YOUR_SECRET_HERE"

 # The API endpoint to use for verifying m.login.recaptcha responses.
-#
-#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
+recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"


 ## TURN ##
@@ -630,7 +606,7 @@ uploads_path: "DATADIR/uploads"

 # How long generated TURN credentials last
 #
-#turn_user_lifetime: 1h
+turn_user_lifetime: "1h"

 # Whether guests should be allowed to use the TURN server.
 # This defaults to True, otherwise VoIP will be unreliable for guests.
@@ -638,17 +614,15 @@ uploads_path: "DATADIR/uploads"
 # connect to arbitrary endpoints without having first signed up for a
 # valid account (e.g. by passing a CAPTCHA).
 #
-#turn_allow_guests: True
+turn_allow_guests: True


 ## Registration ##
-#
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
 # section of this file.

 # Enable registration for new users.
-#
-#enable_registration: false
+enable_registration: False

 # The user must provide all of the below types of 3PID when registering.
 #
@@ -659,7 +633,7 @@ uploads_path: "DATADIR/uploads"
 # Explicitly disable asking for MSISDNs from the registration
 # flow (overrides registrations_require_3pid if MSISDNs are set as required)
 #
-#disable_msisdn_registration: true
+#disable_msisdn_registration: True

 # Mandate that users are only allowed to associate certain formats of
 # 3PIDs with accounts on this server.
@@ -683,13 +657,13 @@ uploads_path: "DATADIR/uploads"
 # N.B. that increasing this will exponentially increase the time required
 # to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
 #
-#bcrypt_rounds: 12
+bcrypt_rounds: 12

 # Allows users to register as guests without a password/email/etc, and
 # participate in rooms hosted on this server which have been made
 # accessible to anonymous users.
 #
-#allow_guest_access: false
+allow_guest_access: False

 # The identity server which we suggest that clients should use when users log
 # in on this server.
@@ -705,9 +679,9 @@ uploads_path: "DATADIR/uploads"
 # Also defines the ID server which will be called when an account is
 # deactivated (one will be picked arbitrarily).
 #
-#trusted_third_party_id_servers:
-#  - matrix.org
-#  - vector.im
+trusted_third_party_id_servers:
+  - matrix.org
+  - vector.im

 # Users who register on this homeserver will automatically be joined
 # to these rooms
@@ -721,14 +695,14 @@ uploads_path: "DATADIR/uploads"
 # Setting to false means that if the rooms are not manually created,
 # users cannot be auto-joined since they do not exist.
 #
-#autocreate_auto_join_rooms: true
+autocreate_auto_join_rooms: true


 ## Metrics ###

 # Enable collection and rendering of performance metrics
 #
-#enable_metrics: False
+enable_metrics: False

 # Enable sentry integration
 # NOTE: While attempts are made to ensure that the logs don't contain
@@ -748,24 +722,22 @@ uploads_path: "DATADIR/uploads"

 # A list of event types that will be included in the room_invite_state
 #
-#room_invite_state_types:
-#  - "m.room.join_rules"
-#  - "m.room.canonical_alias"
-#  - "m.room.avatar"
-#  - "m.room.encryption"
-#  - "m.room.name"
+room_invite_state_types:
+    - "m.room.join_rules"
+    - "m.room.canonical_alias"
+    - "m.room.avatar"
+    - "m.room.encryption"
+    - "m.room.name"


-# A list of application service config files to use
+# A list of application service config file to use
 #
-#app_service_config_files:
-#  - app_service_1.yaml
-#  - app_service_2.yaml
+app_service_config_files: []

-# Uncomment to enable tracking of application service IP addresses. Implicitly
+# Whether or not to track application service IP addresses. Implicitly
 # enables MAU tracking for application service users.
 #
-#track_appservice_user_ips: True
+track_appservice_user_ips: False


 # a secret which is used to sign access tokens. If none is specified,
@@ -776,7 +748,7 @@ uploads_path: "DATADIR/uploads"

 # Used to enable access token expiration.
 #
-#expire_access_token: False
+expire_access_token: False

 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values. Must be specified for the User Consent
@@ -805,16 +777,17 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 # Determines how quickly servers will query to check which keys
 # are still valid.
 #
-#key_refresh_interval: 1d
+key_refresh_interval: "1d" # 1 Day.

 # The trusted servers to download signing keys from.
 #
-#perspectives:
-#  servers:
-#    "matrix.org":
-#      verify_keys:
-#        "ed25519:auto":
-#          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+perspectives:
+  servers:
+    "matrix.org":
+      verify_keys:
+        "ed25519:auto":
+          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+


 # Enable SAML2 for registration and login. Uses pysaml2.
@@ -879,15 +852,14 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key"
 #   algorithm: "HS256"


-password_config:
-   # Uncomment to disable password login
-   #
-   #enabled: false

+# Enable password for login.
+#
+password_config:
+   enabled: true
   # Uncomment and change to a secret random string for extra security.
   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   #
-   #pepper: "EVEN_MORE_SECRET"
+   #pepper: ""



@@ -956,9 +928,9 @@ password_config:
 #    example_option: 'things'


-# Uncomment to allow non-server-admin users to create groups on this server
+# Whether to allow non server admins to create groups on this server
 #
-#enable_group_creation: true
+enable_group_creation: false

 # If enabled, non server admins can only create groups with local parts
 # starting with this prefix
@@ -969,10 +941,6 @@ password_config:

 # User Directory configuration
 #
-# 'enabled' defines whether users can search the user directory. If
-# false then empty responses are returned to all queries. Defaults to
-# true.
-#
 # 'search_all_users' defines whether to search all users visible to your HS
 # when searching the user directory, rather than limiting to users visible
 # in public rooms.  Defaults to false.  If you set it True, you'll have to run
@@ -980,7 +948,6 @@ password_config:
 # on your database to tell it to rebuild the user_directory search indexes.
 #
 #user_directory:
-#  enabled: true
 #  search_all_users: false


@@ -1056,12 +1023,6 @@ password_config:



-# Uncomment to disable searching the public room list. When disabled
-# blocks searching local and remote room lists for local and remote
-# users by always returning an empty list for all queries.
-#
-#enable_room_list_search: false
-
 # The `alias_creation` option controls who's allowed to create aliases
 # on this server.
 #
@@ -24,7 +24,6 @@ DISTS = (
    "ubuntu:xenial",
    "ubuntu:bionic",
    "ubuntu:cosmic",
-    "ubuntu:disco",
 )

 DESC = '''\
@@ -31,8 +31,8 @@ echo
 # check that any new newsfiles on this branch end with a full stop.
 for f in `git diff --name-only FETCH_HEAD... -- changelog.d`; do
    lastchar=`tr -d '\n' < $f | tail -c 1`
-    if [ $lastchar != '.' -a $lastchar != '!' ]; then
-        echo -e "\e[31mERROR: newsfragment $f does not end with a '.' or '!'\e[39m" >&2
+    if [ $lastchar != '.' ]; then
+        echo -e "\e[31mERROR: newsfragment $f does not end with a '.'\e[39m" >&2
        exit 1
    fi
 done
@@ -76,7 +76,7 @@ def rows_v2(server, json):


 def main():
-    config = yaml.safe_load(open(sys.argv[1]))
+    config = yaml.load(open(sys.argv[1]))
    valid_until = int(time.time() / (3600 * 24)) * 1000 * 3600 * 24

    server_name = config["server_name"]
@@ -27,4 +27,4 @@ try:
 except ImportError:
    pass

-__version__ = "0.99.3.2"
+__version__ = "0.99.2"
@@ -621,13 +621,13 @@ class Auth(object):

        Returns:
            True if the the sender is allowed to redact the target event if the
-                target event was created by them.
+            target event was created by them.
            False if the sender is allowed to redact the target event with no
-                further checks.
+            further checks.

        Raises:
            AuthError if the event sender is definitely not allowed to redact
-                the target event.
+            the target event.
        """
        return event_auth.check_redaction(room_version, event, auth_events)

@@ -743,9 +743,9 @@ class Auth(object):

        Returns:
            Deferred[tuple[str, str|None]]: Resolves to the current membership of
-                the user in the room and the membership event ID of the user. If
-                the user is not in the room and never has been, then
-                `(Membership.JOIN, None)` is returned.
+            the user in the room and the membership event ID of the user. If
+            the user is not in the room and never has been, then
+            `(Membership.JOIN, None)` is returned.
        """

        try:
@@ -777,22 +777,20 @@ class Auth(object):

        Args:
            user_id(str|None): If present, checks for presence against existing
-                MAU cohort
+            MAU cohort

            threepid(dict|None): If present, checks for presence against configured
-                reserved threepid. Used in cases where the user is trying register
-                with a MAU blocked server, normally they would be rejected but their
-                threepid is on the reserved list. user_id and
-                threepid should never be set at the same time.
+            reserved threepid. Used in cases where the user is trying register
+            with a MAU blocked server, normally they would be rejected but their
+            threepid is on the reserved list. user_id and
+            threepid should never be set at the same time.
        """

        # Never fail an auth check for the server notices users or support user
        # This can be a problem where event creation is prohibited due to blocking
-        if user_id is not None:
-            if user_id == self.hs.config.server_notices_mxid:
-                return
-            if (yield self.store.is_support_user(user_id)):
-                return
+        is_support = yield self.store.is_support_user(user_id)
+        if user_id == self.hs.config.server_notices_mxid or is_support:
+            return

        if self.hs.config.hs_disabled:
            raise ResourceLimitError(
@@ -137,7 +137,7 @@ class Config(object):
    @staticmethod
    def read_config_file(file_path):
        with open(file_path) as file_stream:
-            return yaml.safe_load(file_stream)
+            return yaml.load(file_stream)

    def invoke_all(self, name, *args, **kargs):
        results = []
@@ -318,7 +318,7 @@ class Config(object):
                    )
                    config_file.write(config_str)

-                config = yaml.safe_load(config_str)
+                config = yaml.load(config_str)
                obj.invoke_all("generate_files", config)

                print(
@@ -390,7 +390,7 @@ class Config(object):
            server_name=server_name,
            generate_secrets=False,
        )
-        config = yaml.safe_load(config_string)
+        config = yaml.load(config_string)
        config.pop("log_config")
        config.update(specified_config)

@@ -405,10 +405,7 @@ class Config(object):
            self.invoke_all("generate_files", config)
            return

-        self.parse_config_dict(config)
-
-    def parse_config_dict(self, config_dict):
-        self.invoke_all("read_config", config_dict)
+        self.invoke_all("read_config", config)


 def find_config_files(search_paths):
@@ -34,10 +34,10 @@ class ApiConfig(Config):

        # A list of event types that will be included in the room_invite_state
        #
-        #room_invite_state_types:
-        #  - "{JoinRules}"
-        #  - "{CanonicalAlias}"
-        #  - "{RoomAvatar}"
-        #  - "{RoomEncryption}"
-        #  - "{Name}"
+        room_invite_state_types:
+            - "{JoinRules}"
+            - "{CanonicalAlias}"
+            - "{RoomAvatar}"
+            - "{RoomEncryption}"
+            - "{Name}"
        """.format(**vars(EventTypes))
@@ -37,16 +37,14 @@ class AppServiceConfig(Config):

    def default_config(cls, **kwargs):
        return """\
-        # A list of application service config files to use
+        # A list of application service config file to use
        #
-        #app_service_config_files:
-        #  - app_service_1.yaml
-        #  - app_service_2.yaml
+        app_service_config_files: []

-        # Uncomment to enable tracking of application service IP addresses. Implicitly
+        # Whether or not to track application service IP addresses. Implicitly
        # enables MAU tracking for application service users.
        #
-        #track_appservice_user_ips: True
+        track_appservice_user_ips: False
        """


@@ -68,7 +66,7 @@ def load_appservices(hostname, config_files):
        try:
            with open(config_file, 'r') as f:
                appservice = _load_appservice(
-                    hostname, yaml.safe_load(f), config_file
+                    hostname, yaml.load(f), config_file
                )
                if appservice.id in seen_ids:
                    raise ConfigError(
@@ -18,16 +18,11 @@ from ._base import Config
 class CaptchaConfig(Config):

    def read_config(self, config):
-        self.recaptcha_private_key = config.get("recaptcha_private_key")
-        self.recaptcha_public_key = config.get("recaptcha_public_key")
-        self.enable_registration_captcha = config.get(
-            "enable_registration_captcha", False
-        )
+        self.recaptcha_private_key = config["recaptcha_private_key"]
+        self.recaptcha_public_key = config["recaptcha_public_key"]
+        self.enable_registration_captcha = config["enable_registration_captcha"]
        self.captcha_bypass_secret = config.get("captcha_bypass_secret")
-        self.recaptcha_siteverify_api = config.get(
-            "recaptcha_siteverify_api",
-            "https://www.recaptcha.net/recaptcha/api/siteverify",
-        )
+        self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]

    def default_config(self, **kwargs):
        return """\
@@ -36,23 +31,21 @@ class CaptchaConfig(Config):

        # This Home Server's ReCAPTCHA public key.
        #
-        #recaptcha_public_key: "YOUR_PUBLIC_KEY"
+        recaptcha_public_key: "YOUR_PUBLIC_KEY"

        # This Home Server's ReCAPTCHA private key.
        #
-        #recaptcha_private_key: "YOUR_PRIVATE_KEY"
+        recaptcha_private_key: "YOUR_PRIVATE_KEY"

        # Enables ReCaptcha checks when registering, preventing signup
        # unless a captcha is answered. Requires a valid ReCaptcha
        # public/private key.
        #
-        #enable_registration_captcha: false
+        enable_registration_captcha: False

        # A secret key used to bypass the captcha test entirely.
-        #
        #captcha_bypass_secret: "YOUR_SECRET_HERE"

        # The API endpoint to use for verifying m.login.recaptcha responses.
-        #
-        #recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
+        recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
        """
@@ -60,8 +60,7 @@ class DatabaseConfig(Config):
            database: "%(database_path)s"

        # Number of events to cache in memory.
-        #
-        #event_cache_size: 10K
+        event_cache_size: "10K"
        """ % locals()

    def read_arguments(self, args):
@@ -23,9 +23,9 @@ class GroupsConfig(Config):

    def default_config(self, **kwargs):
        return """\
-        # Uncomment to allow non-server-admin users to create groups on this server
+        # Whether to allow non server admins to create groups on this server
        #
-        #enable_group_creation: true
+        enable_group_creation: false

        # If enabled, non server admins can only create groups with local parts
        # starting with this prefix
@@ -38,26 +38,15 @@ logger = logging.getLogger(__name__)
 class KeyConfig(Config):

    def read_config(self, config):
-        # the signing key can be specified inline or in a separate file
-        if "signing_key" in config:
-            self.signing_key = read_signing_keys([config["signing_key"]])
-        else:
-            self.signing_key = self.read_signing_key(config["signing_key_path"])
-
+        self.signing_key = self.read_signing_key(config["signing_key_path"])
        self.old_signing_keys = self.read_old_signing_keys(
            config.get("old_signing_keys", {})
        )
        self.key_refresh_interval = self.parse_duration(
-            config.get("key_refresh_interval", "1d"),
+            config["key_refresh_interval"]
        )
        self.perspectives = self.read_perspectives(
-            config.get("perspectives", {}).get("servers", {
-                "matrix.org": {"verify_keys": {
-                    "ed25519:auto": {
-                        "key": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw",
-                    }
-                }}
-            })
+            config["perspectives"]
        )

        self.macaroon_secret_key = config.get(
@@ -99,7 +88,7 @@ class KeyConfig(Config):

        # Used to enable access token expiration.
        #
-        #expire_access_token: False
+        expire_access_token: False

        # a secret which is used to calculate HMACs for form values, to stop
        # falsification of values. Must be specified for the User Consent
@@ -128,21 +117,21 @@ class KeyConfig(Config):
        # Determines how quickly servers will query to check which keys
        # are still valid.
        #
-        #key_refresh_interval: 1d
+        key_refresh_interval: "1d" # 1 Day.

        # The trusted servers to download signing keys from.
        #
-        #perspectives:
-        #  servers:
-        #    "matrix.org":
-        #      verify_keys:
-        #        "ed25519:auto":
-        #          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+        perspectives:
+          servers:
+            "matrix.org":
+              verify_keys:
+                "ed25519:auto":
+                  key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
        """ % locals()

-    def read_perspectives(self, perspectives_servers):
+    def read_perspectives(self, perspectives_config):
        servers = {}
-        for server_name, server_config in perspectives_servers.items():
+        for server_name, server_config in perspectives_config["servers"].items():
            for key_id, key_data in server_config["verify_keys"].items():
                if is_signing_algorithm_supported(key_id):
                    key_base64 = key_data["key"]
@@ -195,7 +195,7 @@ def setup_logging(config, use_worker_options=False):
    else:
        def load_log_config():
            with open(log_config, 'r') as f:
-                logging.config.dictConfig(yaml.safe_load(f))
+                logging.config.dictConfig(yaml.load(f))

        def sighup(*args):
            # it might be better to use a file watcher or something for this.
@@ -24,7 +24,7 @@ MISSING_SENTRY = (

 class MetricsConfig(Config):
    def read_config(self, config):
-        self.enable_metrics = config.get("enable_metrics", False)
+        self.enable_metrics = config["enable_metrics"]
        self.report_stats = config.get("report_stats", None)
        self.metrics_port = config.get("metrics_port")
        self.metrics_bind_host = config.get("metrics_bind_host", "127.0.0.1")
@@ -48,7 +48,7 @@ class MetricsConfig(Config):

        # Enable collection and rendering of performance metrics
        #
-        #enable_metrics: False
+        enable_metrics: False

        # Enable sentry integration
        # NOTE: While attempts are made to ensure that the logs don't contain
@@ -22,21 +22,16 @@ class PasswordConfig(Config):

    def read_config(self, config):
        password_config = config.get("password_config", {})
-        if password_config is None:
-            password_config = {}
-
        self.password_enabled = password_config.get("enabled", True)
        self.password_pepper = password_config.get("pepper", "")

    def default_config(self, config_dir_path, server_name, **kwargs):
-        return """\
+        return """
+        # Enable password for login.
+        #
        password_config:
-           # Uncomment to disable password login
-           #
-           #enabled: false
-
+           enabled: true
           # Uncomment and change to a secret random string for extra security.
           # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-           #
-           #pepper: "EVEN_MORE_SECRET"
+           #pepper: ""
        """
@@ -24,27 +24,20 @@ class RateLimitConfig(object):
 class RatelimitConfig(Config):

    def read_config(self, config):
-        self.rc_messages_per_second = config.get("rc_messages_per_second", 0.2)
-        self.rc_message_burst_count = config.get("rc_message_burst_count", 10.0)
+        self.rc_messages_per_second = config["rc_messages_per_second"]
+        self.rc_message_burst_count = config["rc_message_burst_count"]

        self.rc_registration = RateLimitConfig(config.get("rc_registration", {}))

        rc_login_config = config.get("rc_login", {})
        self.rc_login_address = RateLimitConfig(rc_login_config.get("address", {}))
        self.rc_login_account = RateLimitConfig(rc_login_config.get("account", {}))
-        self.rc_login_failed_attempts = RateLimitConfig(
-            rc_login_config.get("failed_attempts", {}),
-        )

-        self.federation_rc_window_size = config.get("federation_rc_window_size", 1000)
-        self.federation_rc_sleep_limit = config.get("federation_rc_sleep_limit", 10)
-        self.federation_rc_sleep_delay = config.get("federation_rc_sleep_delay", 500)
-        self.federation_rc_reject_limit = config.get("federation_rc_reject_limit", 50)
-        self.federation_rc_concurrent = config.get("federation_rc_concurrent", 3)
-
-        self.federation_rr_transactions_per_room_per_second = config.get(
-            "federation_rr_transactions_per_room_per_second", 50,
-        )
+        self.federation_rc_window_size = config["federation_rc_window_size"]
+        self.federation_rc_sleep_limit = config["federation_rc_sleep_limit"]
+        self.federation_rc_sleep_delay = config["federation_rc_sleep_delay"]
+        self.federation_rc_reject_limit = config["federation_rc_reject_limit"]
+        self.federation_rc_concurrent = config["federation_rc_concurrent"]

    def default_config(self, **kwargs):
        return """\
@@ -52,11 +45,11 @@ class RatelimitConfig(Config):

        # Number of messages a client can send per second
        #
-        #rc_messages_per_second: 0.2
+        rc_messages_per_second: 0.2

        # Number of message a client can send before being throttled
        #
-        #rc_message_burst_count: 10.0
+        rc_message_burst_count: 10.0

        # Ratelimiting settings for registration and login.
        #
@@ -71,9 +64,6 @@ class RatelimitConfig(Config):
        #     address.
        #   - one for login that ratelimits login requests based on the account the
        #     client is attempting to log into.
-        #   - one for login that ratelimits login requests based on the account the
-        #     client is attempting to log into, based on the amount of failed login
-        #     attempts for this account.
        #
        # The defaults are as shown below.
        #
@@ -88,39 +78,28 @@ class RatelimitConfig(Config):
        #  account:
        #    per_second: 0.17
        #    burst_count: 3
-        #  failed_attempts:
-        #    per_second: 0.17
-        #    burst_count: 3

        # The federation window size in milliseconds
        #
-        #federation_rc_window_size: 1000
+        federation_rc_window_size: 1000

        # The number of federation requests from a single server in a window
        # before the server will delay processing the request.
        #
-        #federation_rc_sleep_limit: 10
+        federation_rc_sleep_limit: 10

        # The duration in milliseconds to delay processing events from
        # remote servers by if they go over the sleep limit.
        #
-        #federation_rc_sleep_delay: 500
+        federation_rc_sleep_delay: 500

        # The maximum number of concurrent federation requests allowed
        # from a single server
        #
-        #federation_rc_reject_limit: 50
+        federation_rc_reject_limit: 50

        # The number of federation requests to concurrently process from a
        # single server
        #
-        #federation_rc_concurrent: 3
-
-        # Target outgoing federation transaction frequency for sending read-receipts,
-        # per-room.
-        #
-        # If we end up trying to send out more read-receipts, they will get buffered up
-        # into fewer transactions.
-        #
-        #federation_rr_transactions_per_room_per_second: 50
+        federation_rc_concurrent: 3
        """
@@ -24,7 +24,7 @@ class RegistrationConfig(Config):

    def read_config(self, config):
        self.enable_registration = bool(
-            strtobool(str(config.get("enable_registration", False)))
+            strtobool(str(config["enable_registration"]))
        )
        if "disable_registration" in config:
            self.enable_registration = not bool(
@@ -36,10 +36,7 @@ class RegistrationConfig(Config):
        self.registration_shared_secret = config.get("registration_shared_secret")

        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
-        self.trusted_third_party_id_servers = config.get(
-            "trusted_third_party_id_servers",
-            ["matrix.org", "vector.im"],
-        )
+        self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
        self.default_identity_server = config.get("default_identity_server")
        self.allow_guest_access = config.get("allow_guest_access", False)

@@ -67,13 +64,11 @@ class RegistrationConfig(Config):

        return """\
        ## Registration ##
-        #
        # Registration can be rate-limited using the parameters in the "Ratelimiting"
        # section of this file.

        # Enable registration for new users.
-        #
-        #enable_registration: false
+        enable_registration: False

        # The user must provide all of the below types of 3PID when registering.
        #
@@ -84,7 +79,7 @@ class RegistrationConfig(Config):
        # Explicitly disable asking for MSISDNs from the registration
        # flow (overrides registrations_require_3pid if MSISDNs are set as required)
        #
-        #disable_msisdn_registration: true
+        #disable_msisdn_registration: True

        # Mandate that users are only allowed to associate certain formats of
        # 3PIDs with accounts on this server.
@@ -108,13 +103,13 @@ class RegistrationConfig(Config):
        # N.B. that increasing this will exponentially increase the time required
        # to register or login - e.g. 24 => 2^24 rounds which will take >20 mins.
        #
-        #bcrypt_rounds: 12
+        bcrypt_rounds: 12

        # Allows users to register as guests without a password/email/etc, and
        # participate in rooms hosted on this server which have been made
        # accessible to anonymous users.
        #
-        #allow_guest_access: false
+        allow_guest_access: False

        # The identity server which we suggest that clients should use when users log
        # in on this server.
@@ -130,9 +125,9 @@ class RegistrationConfig(Config):
        # Also defines the ID server which will be called when an account is
        # deactivated (one will be picked arbitrarily).
        #
-        #trusted_third_party_id_servers:
-        #  - matrix.org
-        #  - vector.im
+        trusted_third_party_id_servers:
+          - matrix.org
+          - vector.im

        # Users who register on this homeserver will automatically be joined
        # to these rooms
@@ -146,7 +141,7 @@ class RegistrationConfig(Config):
        # Setting to false means that if the rooms are not manually created,
        # users cannot be auto-joined since they do not exist.
        #
-        #autocreate_auto_join_rooms: true
+        autocreate_auto_join_rooms: true
        """ % locals()

    def add_arguments(self, parser):
@@ -19,36 +19,6 @@ from synapse.util.module_loader import load_module

 from ._base import Config, ConfigError

-DEFAULT_THUMBNAIL_SIZES = [
-    {
-        "width": 32,
-        "height": 32,
-        "method": "crop",
-    }, {
-        "width": 96,
-        "height": 96,
-        "method": "crop",
-    }, {
-        "width": 320,
-        "height": 240,
-        "method": "scale",
-    }, {
-        "width": 640,
-        "height": 480,
-        "method": "scale",
-    }, {
-        "width": 800,
-        "height": 600,
-        "method": "scale"
-    },
-]
-
-THUMBNAIL_SIZE_YAML = """\
-        #  - width: %(width)i
-        #    height: %(height)i
-        #    method: %(method)s
-"""
-
 MISSING_NETADDR = (
    "Missing netaddr library. This is required for URL preview API."
 )
@@ -107,9 +77,9 @@ def parse_thumbnail_requirements(thumbnail_sizes):

 class ContentRepositoryConfig(Config):
    def read_config(self, config):
-        self.max_upload_size = self.parse_size(config.get("max_upload_size", "10M"))
-        self.max_image_pixels = self.parse_size(config.get("max_image_pixels", "32M"))
-        self.max_spider_size = self.parse_size(config.get("max_spider_size", "10M"))
+        self.max_upload_size = self.parse_size(config["max_upload_size"])
+        self.max_image_pixels = self.parse_size(config["max_image_pixels"])
+        self.max_spider_size = self.parse_size(config["max_spider_size"])

        self.media_store_path = self.ensure_directory(config["media_store_path"])

@@ -169,9 +139,9 @@ class ContentRepositoryConfig(Config):
            )

        self.uploads_path = self.ensure_directory(config["uploads_path"])
-        self.dynamic_thumbnails = config.get("dynamic_thumbnails", False)
+        self.dynamic_thumbnails = config["dynamic_thumbnails"]
        self.thumbnail_requirements = parse_thumbnail_requirements(
-            config.get("thumbnail_sizes", DEFAULT_THUMBNAIL_SIZES),
+            config["thumbnail_sizes"]
        )
        self.url_preview_enabled = config.get("url_preview_enabled", False)
        if self.url_preview_enabled:
@@ -186,21 +156,17 @@ class ContentRepositoryConfig(Config):
            except ImportError:
                raise ConfigError(MISSING_NETADDR)

-            if "url_preview_ip_range_blacklist" not in config:
+            if "url_preview_ip_range_blacklist" in config:
+                self.url_preview_ip_range_blacklist = IPSet(
+                    config["url_preview_ip_range_blacklist"]
+                )
+            else:
                raise ConfigError(
                    "For security, you must specify an explicit target IP address "
                    "blacklist in url_preview_ip_range_blacklist for url previewing "
                    "to work"
                )

-            self.url_preview_ip_range_blacklist = IPSet(
-                config["url_preview_ip_range_blacklist"]
-            )
-
-            # we always blacklist '0.0.0.0' and '::', which are supposed to be
-            # unroutable addresses.
-            self.url_preview_ip_range_blacklist.update(['0.0.0.0', '::'])
-
            self.url_preview_ip_range_whitelist = IPSet(
                config.get("url_preview_ip_range_whitelist", ())
            )
@@ -212,13 +178,6 @@ class ContentRepositoryConfig(Config):
    def default_config(self, data_dir_path, **kwargs):
        media_store = os.path.join(data_dir_path, "media_store")
        uploads_path = os.path.join(data_dir_path, "uploads")
-
-        formatted_thumbnail_sizes = "".join(
-            THUMBNAIL_SIZE_YAML % s for s in DEFAULT_THUMBNAIL_SIZES
-        )
-        # strip final NL
-        formatted_thumbnail_sizes = formatted_thumbnail_sizes[:-1]
-
        return r"""
        # Directory where uploaded images and attachments are stored.
        #
@@ -245,11 +204,11 @@ class ContentRepositoryConfig(Config):

        # The largest allowed upload size in bytes
        #
-        #max_upload_size: 10M
+        max_upload_size: "10M"

        # Maximum number of pixels that will be thumbnailed
        #
-        #max_image_pixels: 32M
+        max_image_pixels: "32M"

        # Whether to generate new thumbnails on the fly to precisely match
        # the resolution requested by the client. If true then whenever
@@ -257,19 +216,32 @@ class ContentRepositoryConfig(Config):
        # generate a new thumbnail. If false the server will pick a thumbnail
        # from a precalculated list.
        #
-        #dynamic_thumbnails: false
+        dynamic_thumbnails: false

        # List of thumbnails to precalculate when an image is uploaded.
        #
-        #thumbnail_sizes:
-%(formatted_thumbnail_sizes)s
+        thumbnail_sizes:
+        - width: 32
+          height: 32
+          method: crop
+        - width: 96
+          height: 96
+          method: crop
+        - width: 320
+          height: 240
+          method: scale
+        - width: 640
+          height: 480
+          method: scale
+        - width: 800
+          height: 600
+          method: scale

-        # Is the preview URL API enabled?
+        # Is the preview URL API enabled?  If enabled, you *must* specify
+        # an explicit url_preview_ip_range_blacklist of IPs that the spider is
+        # denied from accessing.
        #
-        # 'false' by default: uncomment the following to enable it (and specify a
-        # url_preview_ip_range_blacklist blacklist).
-        #
-        #url_preview_enabled: true
+        url_preview_enabled: False

        # List of IP address CIDR ranges that the URL preview spider is denied
        # from accessing.  There are no defaults: you must explicitly
@@ -279,12 +251,6 @@ class ContentRepositoryConfig(Config):
        # synapse to issue arbitrary GET requests to your internal services,
        # causing serious security issues.
        #
-        # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
-        # listed here, since they correspond to unroutable addresses.)
-        #
-        # This must be specified if url_preview_enabled is set. It is recommended that
-        # you uncomment the following list as a starting point.
-        #
        #url_preview_ip_range_blacklist:
        #  - '127.0.0.0/8'
        #  - '10.0.0.0/8'
@@ -295,7 +261,7 @@ class ContentRepositoryConfig(Config):
        #  - '::1/128'
        #  - 'fe80::/64'
        #  - 'fc00::/7'
-
+        #
        # List of IP address CIDR ranges that the URL preview spider is allowed
        # to access even if they are specified in url_preview_ip_range_blacklist.
        # This is useful for specifying exceptions to wide-ranging blacklisted
@@ -340,6 +306,6 @@ class ContentRepositoryConfig(Config):
        #  - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'

        # The largest allowed URL preview spidering size in bytes
-        #
-        #max_spider_size: 10M
+        max_spider_size: "10M"
+
        """ % locals()
@@ -20,10 +20,6 @@ from ._base import Config, ConfigError

 class RoomDirectoryConfig(Config):
    def read_config(self, config):
-        self.enable_room_list_search = config.get(
-            "enable_room_list_search", True,
-        )
-
        alias_creation_rules = config.get("alias_creation_rules")

        if alias_creation_rules is not None:
@@ -58,12 +54,6 @@ class RoomDirectoryConfig(Config):

    def default_config(self, config_dir_path, server_name, **kwargs):
        return """
-        # Uncomment to disable searching the public room list. When disabled
-        # blocks searching local and remote room lists for local and remote
-        # users by always returning an empty list for all queries.
-        #
-        #enable_room_list_search: false
-
        # The `alias_creation` option controls who's allowed to create aliases
        # on this server.
        #
@@ -64,7 +64,7 @@ class SAML2Config(Config):
        }

    def default_config(self, config_dir_path, server_name, **kwargs):
-        return """\
+        return """
        # Enable SAML2 for registration and login. Uses pysaml2.
        #
        # `sp_config` is the configuration for the pysaml2 Service Provider.
@@ -45,7 +45,7 @@ class ServerConfig(Config):

        self.pid_file = self.abspath(config.get("pid_file"))
        self.web_client_location = config.get("web_client_location", None)
-        self.soft_file_limit = config.get("soft_file_limit", 0)
+        self.soft_file_limit = config["soft_file_limit"]
        self.daemonize = config.get("daemonize")
        self.print_pidfile = config.get("print_pidfile")
        self.user_agent_suffix = config.get("user_agent_suffix")
@@ -126,11 +126,6 @@ class ServerConfig(Config):
                self.public_baseurl += '/'
        self.start_pushers = config.get("start_pushers", True)

-        # (undocumented) option for torturing the worker-mode replication a bit,
-        # for testing. The value defines the number of milliseconds to pause before
-        # sending out any replication updates.
-        self.replication_torture_level = config.get("replication_torture_level")
-
        self.listeners = []
        for listener in config.get("listeners", []):
            if not isinstance(listener.get("port", None), int):
@@ -312,11 +307,11 @@ class ServerConfig(Config):
        # Zero is used to indicate synapse should set the soft limit to the
        # hard limit.
        #
-        #soft_file_limit: 0
+        soft_file_limit: 0

        # Set to false to disable presence tracking on this homeserver.
        #
-        #use_presence: false
+        use_presence: true

        # The GC threshold parameters to pass to `gc.set_threshold`, if defined
        #
@@ -22,13 +22,9 @@ class UserDirectoryConfig(Config):
    """

    def read_config(self, config):
-        self.user_directory_search_enabled = True
        self.user_directory_search_all_users = False
        user_directory_config = config.get("user_directory", None)
        if user_directory_config:
-            self.user_directory_search_enabled = (
-                user_directory_config.get("enabled", True)
-            )
            self.user_directory_search_all_users = (
                user_directory_config.get("search_all_users", False)
            )
@@ -37,10 +33,6 @@ class UserDirectoryConfig(Config):
        return """
        # User Directory configuration
        #
-        # 'enabled' defines whether users can search the user directory. If
-        # false then empty responses are returned to all queries. Defaults to
-        # true.
-        #
        # 'search_all_users' defines whether to search all users visible to your HS
        # when searching the user directory, rather than limiting to users visible
        # in public rooms.  Defaults to false.  If you set it True, you'll have to run
@@ -48,6 +40,5 @@ class UserDirectoryConfig(Config):
        # on your database to tell it to rebuild the user_directory search indexes.
        #
        #user_directory:
-        #  enabled: true
        #  search_all_users: false
        """
@@ -22,9 +22,7 @@ class VoipConfig(Config):
        self.turn_shared_secret = config.get("turn_shared_secret")
        self.turn_username = config.get("turn_username")
        self.turn_password = config.get("turn_password")
-        self.turn_user_lifetime = self.parse_duration(
-            config.get("turn_user_lifetime", "1h"),
-        )
+        self.turn_user_lifetime = self.parse_duration(config["turn_user_lifetime"])
        self.turn_allow_guests = config.get("turn_allow_guests", True)

    def default_config(self, **kwargs):
@@ -47,7 +45,7 @@ class VoipConfig(Config):

        # How long generated TURN credentials last
        #
-        #turn_user_lifetime: 1h
+        turn_user_lifetime: "1h"

        # Whether guests should be allowed to use the TURN server.
        # This defaults to True, otherwise VoIP will be unreliable for guests.
@@ -55,5 +53,5 @@ class VoipConfig(Config):
        # connect to arbitrary endpoints without having first signed up for a
        # valid account (e.g. by passing a CAPTCHA).
        #
-        #turn_allow_guests: True
+        turn_allow_guests: True
        """
@@ -104,26 +104,7 @@ class FederationSender(object):

        self._processing_pending_presence = False

-        # map from room_id to a set of PerDestinationQueues which we believe are
-        # awaiting a call to flush_read_receipts_for_room. The presence of an entry
-        # here for a given room means that we are rate-limiting RR flushes to that room,
-        # and that there is a pending call to _flush_rrs_for_room in the system.
-        self._queues_awaiting_rr_flush_by_room = {
-        }   # type: dict[str, set[PerDestinationQueue]]
-
-        self._rr_txn_interval_per_room_ms = (
-            1000.0 / hs.get_config().federation_rr_transactions_per_room_per_second
-        )
-
    def _get_per_destination_queue(self, destination):
-        """Get or create a PerDestinationQueue for the given destination
-
-        Args:
-            destination (str): server_name of remote server
-
-        Returns:
-            PerDestinationQueue
-        """
        queue = self._per_destination_queues.get(destination)
        if not queue:
            queue = PerDestinationQueue(self.hs, self._transaction_manager, destination)
@@ -269,91 +250,33 @@ class FederationSender(object):
        Args:
            receipt (synapse.types.ReadReceipt): receipt to be sent
        """
-
-        # Some background on the rate-limiting going on here.
-        #
-        # It turns out that if we attempt to send out RRs as soon as we get them from
-        # a client, then we end up trying to do several hundred Hz of federation
-        # transactions. (The number of transactions scales as O(N^2) on the size of a
-        # room, since in a large room we have both more RRs coming in, and more servers
-        # to send them to.)
-        #
-        # This leads to a lot of CPU load, and we end up getting behind. The solution
-        # currently adopted is as follows:
-        #
-        # The first receipt in a given room is sent out immediately, at time T0. Any
-        # further receipts are, in theory, batched up for N seconds, where N is calculated
-        # based on the number of servers in the room to achieve a transaction frequency
-        # of around 50Hz. So, for example, if there were 100 servers in the room, then
-        # N would be 100 / 50Hz = 2 seconds.
-        #
-        # Then, after T+N, we flush out any receipts that have accumulated, and restart
-        # the timer to flush out more receipts at T+2N, etc. If no receipts accumulate,
-        # we stop the cycle and go back to the start.
-        #
-        # However, in practice, it is often possible to flush out receipts earlier: in
-        # particular, if we are sending a transaction to a given server anyway (for
-        # example, because we have a PDU or a RR in another room to send), then we may
-        # as well send out all of the pending RRs for that server. So it may be that
-        # by the time we get to T+N, we don't actually have any RRs left to send out.
-        # Nevertheless we continue to buffer up RRs for the room in question until we
-        # reach the point that no RRs arrive between timer ticks.
-        #
-        # For even more background, see https://github.com/matrix-org/synapse/issues/4730.
-
-        room_id = receipt.room_id
-
        # Work out which remote servers should be poked and poke them.
-        domains = yield self.state.get_current_hosts_in_room(room_id)
+        domains = yield self.state.get_current_hosts_in_room(receipt.room_id)
        domains = [d for d in domains if d != self.server_name]
        if not domains:
            return

-        queues_pending_flush = self._queues_awaiting_rr_flush_by_room.get(
-            room_id
-        )
+        logger.debug("Sending receipt to: %r", domains)

-        # if there is no flush yet scheduled, we will send out these receipts with
-        # immediate flushes, and schedule the next flush for this room.
-        if queues_pending_flush is not None:
-            logger.debug("Queuing receipt for: %r", domains)
-        else:
-            logger.debug("Sending receipt to: %r", domains)
-            self._schedule_rr_flush_for_room(room_id, len(domains))
+        content = {
+            receipt.room_id: {
+                receipt.receipt_type: {
+                    receipt.user_id: {
+                        "event_ids": receipt.event_ids,
+                        "data": receipt.data,
+                    },
+                },
+            },
+        }
+        key = (receipt.room_id, receipt.receipt_type, receipt.user_id)

        for domain in domains:
-            queue = self._get_per_destination_queue(domain)
-            queue.queue_read_receipt(receipt)
-
-            # if there is already a RR flush pending for this room, then make sure this
-            # destination is registered for the flush
-            if queues_pending_flush is not None:
-                queues_pending_flush.add(queue)
-            else:
-                queue.flush_read_receipts_for_room(room_id)
-
-    def _schedule_rr_flush_for_room(self, room_id, n_domains):
-        # that is going to cause approximately len(domains) transactions, so now back
-        # off for that multiplied by RR_TXN_INTERVAL_PER_ROOM
-        backoff_ms = self._rr_txn_interval_per_room_ms * n_domains
-
-        logger.debug("Scheduling RR flush in %s in %d ms", room_id, backoff_ms)
-        self.clock.call_later(backoff_ms, self._flush_rrs_for_room, room_id)
-        self._queues_awaiting_rr_flush_by_room[room_id] = set()
-
-    def _flush_rrs_for_room(self, room_id):
-        queues = self._queues_awaiting_rr_flush_by_room.pop(room_id)
-        logger.debug("Flushing RRs in %s to %s", room_id, queues)
-
-        if not queues:
-            # no more RRs arrived for this room; we are done.
-            return
-
-        # schedule the next flush
-        self._schedule_rr_flush_for_room(room_id, len(queues))
-
-        for queue in queues:
-            queue.flush_read_receipts_for_room(room_id)
+            self.build_and_send_edu(
+                destination=domain,
+                edu_type="m.receipt",
+                content=content,
+                key=key,
+            )

    @logcontext.preserve_fn  # the caller should not yield on this
    @defer.inlineCallbacks
@@ -80,10 +80,6 @@ class PerDestinationQueue(object):
        # destination
        self._pending_presence = {}   # type: dict[str, UserPresenceState]

-        # room_id -> receipt_type -> user_id -> receipt_dict
-        self._pending_rrs = {}
-        self._rrs_pending_flush = False
-
        # stream_id of last successfully sent to-device message.
        # NB: may be a long or an int.
        self._last_device_stream_id = 0
@@ -91,9 +87,6 @@ class PerDestinationQueue(object):
        # stream_id of last successfully sent device list update.
        self._last_device_list_stream_id = 0

-    def __str__(self):
-        return "PerDestinationQueue[%s]" % self._destination
-
    def pending_pdu_count(self):
        return len(self._pending_pdus)

@@ -125,30 +118,6 @@ class PerDestinationQueue(object):
        })
        self.attempt_new_transaction()

-    def queue_read_receipt(self, receipt):
-        """Add a RR to the list to be sent. Doesn't start the transmission loop yet
-        (see flush_read_receipts_for_room)
-
-        Args:
-            receipt (synapse.api.receipt_info.ReceiptInfo): receipt to be queued
-        """
-        self._pending_rrs.setdefault(
-            receipt.room_id, {},
-        ).setdefault(
-            receipt.receipt_type, {}
-        )[receipt.user_id] = {
-            "event_ids": receipt.event_ids,
-            "data": receipt.data,
-        }
-
-    def flush_read_receipts_for_room(self, room_id):
-        # if we don't have any read-receipts for this room, it may be that we've already
-        # sent them out, so we don't need to flush.
-        if room_id not in self._pending_rrs:
-            return
-        self._rrs_pending_flush = True
-        self.attempt_new_transaction()
-
    def send_keyed_edu(self, edu, key):
        self._pending_edus_keyed[(edu.edu_type, key)] = edu
        self.attempt_new_transaction()
@@ -214,12 +183,10 @@ class PerDestinationQueue(object):
                # We can only include at most 50 PDUs per transactions
                pending_pdus, self._pending_pdus = pending_pdus[:50], pending_pdus[50:]

-                pending_edus = []
-
-                pending_edus.extend(self._get_rr_edus(force_flush=False))
+                pending_edus = self._pending_edus

                # We can only include at most 100 EDUs per transactions
-                pending_edus.extend(self._pop_pending_edus(100 - len(pending_edus)))
+                pending_edus, self._pending_edus = pending_edus[:100], pending_edus[100:]

                pending_edus.extend(
                    self._pending_edus_keyed.values()
@@ -257,11 +224,6 @@ class PerDestinationQueue(object):
                    self._last_device_stream_id = device_stream_id
                    return

-                # if we've decided to send a transaction anyway, and we have room, we
-                # may as well send any pending RRs
-                if len(pending_edus) < 100:
-                    pending_edus.extend(self._get_rr_edus(force_flush=True))
-
                # END CRITICAL SECTION

                success = yield self._transaction_manager.send_new_transaction(
@@ -323,28 +285,6 @@ class PerDestinationQueue(object):
            # We want to be *very* sure we clear this after we stop processing
            self.transmission_loop_running = False

-    def _get_rr_edus(self, force_flush):
-        if not self._pending_rrs:
-            return
-        if not force_flush and not self._rrs_pending_flush:
-            # not yet time for this lot
-            return
-
-        edu = Edu(
-            origin=self._server_name,
-            destination=self._destination,
-            edu_type="m.receipt",
-            content=self._pending_rrs,
-        )
-        self._pending_rrs = {}
-        self._rrs_pending_flush = False
-        yield edu
-
-    def _pop_pending_edus(self, limit):
-        pending_edus = self._pending_edus
-        pending_edus, self._pending_edus = pending_edus[:limit], pending_edus[limit:]
-        return pending_edus
-
    @defer.inlineCallbacks
    def _get_new_device_messages(self):
        last_device_stream_id = self._last_device_stream_id
@@ -51,10 +51,9 @@ class TransportLayerClient(object):
        logger.debug("get_room_state dest=%s, room=%s",
                     destination, room_id)

-        path = _create_v1_path("/state/%s", room_id)
+        path = _create_v1_path("/state/%s/", room_id)
        return self.client.get_json(
            destination, path=path, args={"event_id": event_id},
-            try_trailing_slash_on_400=True,
        )

    @log_function
@@ -74,10 +73,9 @@ class TransportLayerClient(object):
        logger.debug("get_room_state_ids dest=%s, room=%s",
                     destination, room_id)

-        path = _create_v1_path("/state_ids/%s", room_id)
+        path = _create_v1_path("/state_ids/%s/", room_id)
        return self.client.get_json(
            destination, path=path, args={"event_id": event_id},
-            try_trailing_slash_on_400=True,
        )

    @log_function
@@ -97,11 +95,8 @@ class TransportLayerClient(object):
        logger.debug("get_pdu dest=%s, event_id=%s",
                     destination, event_id)

-        path = _create_v1_path("/event/%s", event_id)
-        return self.client.get_json(
-            destination, path=path, timeout=timeout,
-            try_trailing_slash_on_400=True,
-        )
+        path = _create_v1_path("/event/%s/", event_id)
+        return self.client.get_json(destination, path=path, timeout=timeout)

    @log_function
    def backfill(self, destination, room_id, event_tuples, limit):
@@ -126,7 +121,7 @@ class TransportLayerClient(object):
            # TODO: raise?
            return

-        path = _create_v1_path("/backfill/%s", room_id)
+        path = _create_v1_path("/backfill/%s/", room_id)

        args = {
            "v": event_tuples,
@@ -137,7 +132,6 @@ class TransportLayerClient(object):
            destination,
            path=path,
            args=args,
-            try_trailing_slash_on_400=True,
        )

    @defer.inlineCallbacks
@@ -173,7 +167,7 @@ class TransportLayerClient(object):
        # generated by the json_data_callback.
        json_data = transaction.get_dict()

-        path = _create_v1_path("/send/%s", transaction.transaction_id)
+        path = _create_v1_path("/send/%s/", transaction.transaction_id)

        response = yield self.client.put_json(
            transaction.destination,
@@ -182,7 +176,6 @@ class TransportLayerClient(object):
            json_data_callback=json_data_callback,
            long_retries=True,
            backoff_on_404=True,  # If we get a 404 the other side has gone
-            try_trailing_slash_on_400=True,
        )

        defer.returnValue(response)
@@ -966,7 +959,7 @@ def _create_v1_path(path, *args):

    Example:

-        _create_v1_path("/event/%s", event_id)
+        _create_v1_path("/event/%s/", event_id)

    Args:
        path (str): String template for the path
@@ -987,7 +980,7 @@ def _create_v2_path(path, *args):

    Example:

-        _create_v2_path("/event/%s", event_id)
+        _create_v2_path("/event/%s/", event_id)

    Args:
        path (str): String template for the path
@@ -312,7 +312,7 @@ class BaseFederationServlet(object):


 class FederationSendServlet(BaseFederationServlet):
-    PATH = "/send/(?P<transaction_id>[^/]*)/?"
+    PATH = "/send/(?P<transaction_id>[^/]*)/"

    def __init__(self, handler, server_name, **kwargs):
        super(FederationSendServlet, self).__init__(
@@ -378,7 +378,7 @@ class FederationSendServlet(BaseFederationServlet):


 class FederationEventServlet(BaseFederationServlet):
-    PATH = "/event/(?P<event_id>[^/]*)/?"
+    PATH = "/event/(?P<event_id>[^/]*)/"

    # This is when someone asks for a data item for a given server data_id pair.
    def on_GET(self, origin, content, query, event_id):
@@ -386,7 +386,7 @@ class FederationEventServlet(BaseFederationServlet):


 class FederationStateServlet(BaseFederationServlet):
-    PATH = "/state/(?P<context>[^/]*)/?"
+    PATH = "/state/(?P<context>[^/]*)/"

    # This is when someone asks for all data for a given context.
    def on_GET(self, origin, content, query, context):
@@ -398,7 +398,7 @@ class FederationStateServlet(BaseFederationServlet):


 class FederationStateIdsServlet(BaseFederationServlet):
-    PATH = "/state_ids/(?P<room_id>[^/]*)/?"
+    PATH = "/state_ids/(?P<room_id>[^/]*)/"

    def on_GET(self, origin, content, query, room_id):
        return self.handler.on_state_ids_request(
@@ -409,7 +409,7 @@ class FederationStateIdsServlet(BaseFederationServlet):


 class FederationBackfillServlet(BaseFederationServlet):
-    PATH = "/backfill/(?P<context>[^/]*)/?"
+    PATH = "/backfill/(?P<context>[^/]*)/"

    def on_GET(self, origin, content, query, context):
        versions = [x.decode('ascii') for x in query[b"v"]]
@@ -1080,7 +1080,7 @@ class FederationGroupsCategoriesServlet(BaseFederationServlet):
    """Get all categories for a group
    """
    PATH = (
-        "/groups/(?P<group_id>[^/]*)/categories/?"
+        "/groups/(?P<group_id>[^/]*)/categories/"
    )

    @defer.inlineCallbacks
@@ -1150,7 +1150,7 @@ class FederationGroupsRolesServlet(BaseFederationServlet):
    """Get roles in a group
    """
    PATH = (
-        "/groups/(?P<group_id>[^/]*)/roles/?"
+        "/groups/(?P<group_id>[^/]*)/roles/"
    )

    @defer.inlineCallbacks
@@ -165,7 +165,6 @@ class BaseHandler(object):
                    member_event.room_id,
                    "leave",
                    ratelimit=False,
-                    require_consent=False,
                )
            except Exception as e:
                logger.exception("Error kicking guest user: %s" % (e,))
@@ -101,7 +101,6 @@ class AuthHandler(BaseHandler):
        self._supported_login_types = login_types

        self._account_ratelimiter = Ratelimiter()
-        self._failed_attempts_ratelimiter = Ratelimiter()

        self._clock = self.hs.get_clock()

@@ -730,57 +729,14 @@ class AuthHandler(BaseHandler):
        if not known_login_type:
            raise SynapseError(400, "Unknown login type %s" % login_type)

-        # unknown username or invalid password.
-        self._failed_attempts_ratelimiter.ratelimit(
-            qualified_user_id.lower(), time_now_s=self._clock.time(),
-            rate_hz=self.hs.config.rc_login_failed_attempts.per_second,
-            burst_count=self.hs.config.rc_login_failed_attempts.burst_count,
-            update=True,
-        )
-
-        # We raise a 403 here, but note that if we're doing user-interactive
-        # login, it turns all LoginErrors into a 401 anyway.
+        # unknown username or invalid password. We raise a 403 here, but note
+        # that if we're doing user-interactive login, it turns all LoginErrors
+        # into a 401 anyway.
        raise LoginError(
            403, "Invalid password",
            errcode=Codes.FORBIDDEN
        )

-    @defer.inlineCallbacks
-    def check_password_provider_3pid(self, medium, address, password):
-        """Check if a password provider is able to validate a thirdparty login
-
-        Args:
-            medium (str): The medium of the 3pid (ex. email).
-            address (str): The address of the 3pid (ex. jdoe@example.com).
-            password (str): The password of the user.
-
-        Returns:
-            Deferred[(str|None, func|None)]: A tuple of `(user_id,
-            callback)`. If authentication is successful, `user_id` is a `str`
-            containing the authenticated, canonical user ID. `callback` is
-            then either a function to be later run after the server has
-            completed login/registration, or `None`. If authentication was
-            unsuccessful, `user_id` and `callback` are both `None`.
-        """
-        for provider in self.password_providers:
-            if hasattr(provider, "check_3pid_auth"):
-                # This function is able to return a deferred that either
-                # resolves None, meaning authentication failure, or upon
-                # success, to a str (which is the user_id) or a tuple of
-                # (user_id, callback_func), where callback_func should be run
-                # after we've finished everything else
-                result = yield provider.check_3pid_auth(
-                    medium, address, password,
-                )
-                if result:
-                    # Check if the return value is a str or a tuple
-                    if isinstance(result, str):
-                        # If it's a str, set callback function to None
-                        result = (result, None)
-                    defer.returnValue(result)
-
-        defer.returnValue((None, None))
-
    @defer.inlineCallbacks
    def _check_local_password(self, user_id, password):
        """Authenticate a user against the local password database.
@@ -792,8 +748,7 @@ class AuthHandler(BaseHandler):
            user_id (unicode): complete @user:id
            password (unicode): the provided password
        Returns:
-            Deferred[unicode] the canonical_user_id, or Deferred[None] if
-                unknown user/bad password
+            (unicode) the canonical_user_id, or None if unknown user / bad password

        Raises:
            LimitExceededError if the ratelimiter's login requests count for this
@@ -1001,23 +956,13 @@ class AuthHandler(BaseHandler):
    def ratelimit_login_per_account(self, user_id):
        """Checks whether the process must be stopped because of ratelimiting.

-        Checks against two ratelimiters: the generic one for login attempts per
-        account and the one specific to failed attempts.
-
        Args:
            user_id (unicode): complete @user:id

        Raises:
-            LimitExceededError if one of the ratelimiters' login requests count
-                for this user is too high too proceed.
+            LimitExceededError if the ratelimiter's login requests count for this
+                user is too high too proceed.
        """
-        self._failed_attempts_ratelimiter.ratelimit(
-            user_id.lower(), time_now_s=self._clock.time(),
-            rate_hz=self.hs.config.rc_login_failed_attempts.per_second,
-            burst_count=self.hs.config.rc_login_failed_attempts.burst_count,
-            update=False,
-        )
-
        self._account_ratelimiter.ratelimit(
            user_id.lower(), time_now_s=self._clock.time(),
            rate_hz=self.hs.config.rc_login_account.per_second,
@@ -164,7 +164,6 @@ class DeactivateAccountHandler(BaseHandler):
                    room_id,
                    "leave",
                    ratelimit=False,
-                    require_consent=False,
                )
            except Exception:
                logger.exception(
@@ -44,7 +44,6 @@ class DirectoryHandler(BaseHandler):
        self.appservice_handler = hs.get_application_service_handler()
        self.event_creation_handler = hs.get_event_creation_handler()
        self.config = hs.config
-        self.enable_room_list_search = hs.config.enable_room_list_search

        self.federation = hs.get_federation_client()
        hs.get_federation_registry().register_query_handler(
@@ -412,13 +411,6 @@ class DirectoryHandler(BaseHandler):
        if visibility not in ["public", "private"]:
            raise SynapseError(400, "Invalid visibility setting")

-        if visibility == "public" and not self.enable_room_list_search:
-            # The room list has been disabled.
-            raise AuthError(
-                403,
-                "This user is not permitted to publish rooms to the room list"
-            )
-
        room = yield self.store.get_room(room_id)
        if room is None:
            raise SynapseError(400, "Unknown room")
@@ -19,7 +19,7 @@ import random
 from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership
-from synapse.api.errors import AuthError, SynapseError
+from synapse.api.errors import AuthError
 from synapse.events import EventBase
 from synapse.events.utils import serialize_event
 from synapse.types import UserID
@@ -61,11 +61,6 @@ class EventStreamHandler(BaseHandler):
        If `only_keys` is not None, events from keys will be sent down.
        """

-        if room_id:
-            blocked = yield self.store.is_room_blocked(room_id)
-            if blocked:
-                raise SynapseError(403, "This room has been blocked on this server")
-
        # send any outstanding server notices to the user.
        yield self._server_notices_sender.on_user_syncing(auth_user_id)

@@ -18,7 +18,7 @@ import logging
 from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership
-from synapse.api.errors import AuthError, Codes, SynapseError
+from synapse.api.errors import AuthError, Codes
 from synapse.events.utils import serialize_event
 from synapse.events.validator import EventValidator
 from synapse.handlers.presence import format_user_presence_state
@@ -262,10 +262,6 @@ class InitialSyncHandler(BaseHandler):
            A JSON serialisable dict with the snapshot of the room.
        """

-        blocked = yield self.store.is_room_blocked(room_id)
-        if blocked:
-            raise SynapseError(403, "This room has been blocked on this server")
-
        user_id = requester.user.to_string()

        membership, member_event_id = yield self._check_in_room_or_world_readable(
@@ -255,7 +255,7 @@ class EventCreationHandler(object):

    @defer.inlineCallbacks
    def create_event(self, requester, event_dict, token_id=None, txn_id=None,
-                     prev_events_and_hashes=None, require_consent=True):
+                     prev_events_and_hashes=None):
        """
        Given a dict from a client, create a new event.

@@ -276,9 +276,6 @@ class EventCreationHandler(object):
                where *hashes* is a map from algorithm to hash.

                If None, they will be requested from the database.
-
-            require_consent (bool): Whether to check if the requester has
-                consented to privacy policy.
        Raises:
            ResourceLimitError if server is blocked to some resource being
            exceeded
@@ -320,7 +317,7 @@ class EventCreationHandler(object):
                    )

        is_exempt = yield self._is_exempt_from_privacy_policy(builder, requester)
-        if require_consent and not is_exempt:
+        if not is_exempt:
            yield self.assert_accepted_privacy_policy(requester)

        if token_id is not None:
@@ -147,14 +147,8 @@ class BaseProfileHandler(BaseHandler):

    @defer.inlineCallbacks
    def set_displayname(self, target_user, requester, new_displayname, by_admin=False):
-        """Set the displayname of a user
-
-        Args:
-            target_user (UserID): the user whose displayname is to be changed.
-            requester (Requester): The user attempting to make this change.
-            new_displayname (str): The displayname to give this user.
-            by_admin (bool): Whether this change was made by an administrator.
-        """
+        """target_user is the user whose displayname is to be changed;
+        auth_user is the user attempting to make this change."""
        if not self.hs.is_mine(target_user):
            raise SynapseError(400, "User is not hosted on this Home Server")

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Neil Johnson	c61bcae886	rename	2019-03-19 11:23:18 +00:00
Neil Johnson	195c2b6d39	delete	2019-03-19 10:51:50 +00:00
Neil Johnson	6e54268bb1	add a .	2019-03-19 10:50:20 +00:00
Neil Johnson	c7238134df	add a .	2019-03-19 10:47:39 +00:00
Neil Johnson	97bd4669a1	put it in the right directory ...	2019-03-19 10:44:16 +00:00
Neil Johnson	7480fd3c37	use the correct PR no.	2019-03-19 10:41:32 +00:00
Neil Johnson	4bacb07a45	remove redundant code and improve comments	2019-03-19 10:38:33 +00:00
Neil Johnson	9ad68163bd	fix test_auto_create_auto_join_where_no_consent	2019-03-19 10:19:53 +00:00
Richard van der Hoff	0a5382062c	broken registration test, for neil to look at	2019-03-18 18:30:07 +00:00
				`@@ -0,0 +1 @@`
				`Fix a bug where media with spaces in the name would get a corrupted name.`
				`@@ -0,0 +1 @@`
				`The user directory has been rewritten to make it faster, with less chance of falling behind on a large server.`
				`@@ -0,0 +1 @@`
				`Add a systemd setup that supports synapse workers. Contributed by Luca Corbatto.`
				`@@ -0,0 +1 @@`
				`Fix attempting to paginate in rooms where server cannot see any events, to avoid unnecessarily pulling in lots of redacted events.`
				`@@ -0,0 +1 @@`
				`Add configurable rate limiting to the /register endpoint.`
				`@@ -0,0 +1 @@`
				`'event_id' is now a required parameter in federated state requests, as per the matrix spec.`
				`@@ -0,0 +1 @@`
				`Fix tightloop over connecting to replication server.`
				`@@ -0,0 +1 @@`
				`Move server key queries to federation reader.`
				`@@ -0,0 +1 @@`
				`When presence is disabled don't send over replication.`