DFJSDJKSDFJKSFDJKSFDJK

Remove FrozenEventBase
Assert instead of handling
2020-02-03 17:27:30 +00:00 · 2020-02-03 17:18:56 +00:00 · 2020-02-03 12:35:04 +00:00 · 2020-01-31 13:53:12 +00:00 · 2020-01-31 13:47:02 +00:00 · 2020-01-31 13:39:22 +00:00
170 changed files with 3397 additions and 1227 deletions
--- a/.buildkite/docker-compose.py35.pg95.yaml
+++ b/.buildkite/docker-compose.py35.pg95.yaml
@@ -1,22 +0,0 @@
-version: '3.1'
-
-services:
-
-  postgres:
-    image: postgres:9.5
-    environment:
-      POSTGRES_PASSWORD: postgres
-    command: -c fsync=off
-
-  testenv:
-    image: python:3.5
-    depends_on:
-      - postgres
-    env_file: .env
-    environment:
-      SYNAPSE_POSTGRES_HOST: postgres
-      SYNAPSE_POSTGRES_USER: postgres
-      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /src
-    volumes:
-      - ..:/src
--- a/.buildkite/docker-compose.py37.pg11.yaml
+++ b/.buildkite/docker-compose.py37.pg11.yaml
@@ -1,22 +0,0 @@
-version: '3.1'
-
-services:
-
-  postgres:
-    image: postgres:11
-    environment:
-      POSTGRES_PASSWORD: postgres
-    command: -c fsync=off
-
-  testenv:
-    image: python:3.7
-    depends_on:
-      - postgres
-    env_file: .env
-    environment:
-      SYNAPSE_POSTGRES_HOST: postgres
-      SYNAPSE_POSTGRES_USER: postgres
-      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /src
-    volumes:
-      - ..:/src
--- a/.buildkite/docker-compose.py37.pg95.yaml
+++ b/.buildkite/docker-compose.py37.pg95.yaml
@@ -1,22 +0,0 @@
-version: '3.1'
-
-services:
-
-  postgres:
-    image: postgres:9.5
-    environment:
-      POSTGRES_PASSWORD: postgres
-    command: -c fsync=off
-
-  testenv:
-    image: python:3.7
-    depends_on:
-      - postgres
-    env_file: .env
-    environment:
-      SYNAPSE_POSTGRES_HOST: postgres
-      SYNAPSE_POSTGRES_USER: postgres
-      SYNAPSE_POSTGRES_PASSWORD: postgres
-    working_dir: /src
-    volumes:
-      - ..:/src
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,96 @@
+Synapse 1.9.1 (2020-01-28)
+==========================
+
+Bugfixes
+--------
+
+- Fix bug where setting `mau_limit_reserved_threepids` config would cause Synapse to refuse to start. ([\#6793](https://github.com/matrix-org/synapse/issues/6793))
+
+
+Synapse 1.9.0 (2020-01-23)
+==========================
+
+**WARNING**: As of this release, Synapse no longer supports versions of SQLite before 3.11, and will refuse to start when configured to use an older version. Administrators are recommended to migrate their database to Postgres (see instructions [here](docs/postgres.md)).
+
+If your Synapse deployment uses workers, note that the reverse-proxy configurations for the `synapse.app.media_repository`, `synapse.app.federation_reader` and `synapse.app.event_creator` workers have changed, with the addition of a few paths (see the updated configurations [here](docs/workers.md#available-worker-applications)). Existing configurations will continue to work.
+
+
+Improved Documentation
+----------------------
+
+- Fix endpoint documentation for the List Rooms admin API. ([\#6770](https://github.com/matrix-org/synapse/issues/6770))
+
+
+Synapse 1.9.0rc1 (2020-01-22)
+=============================
+
+Features
+--------
+
+- Allow admin to create or modify a user. Contributed by Awesome Technologies Innovationslabor GmbH. ([\#5742](https://github.com/matrix-org/synapse/issues/5742))
+- Add new quarantine media admin APIs to quarantine by media ID or by user who uploaded the media. ([\#6681](https://github.com/matrix-org/synapse/issues/6681), [\#6756](https://github.com/matrix-org/synapse/issues/6756))
+- Add `org.matrix.e2e_cross_signing` to `unstable_features` in `/versions` as per [MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756). ([\#6712](https://github.com/matrix-org/synapse/issues/6712))
+- Add a new admin API to list and filter rooms on the server. ([\#6720](https://github.com/matrix-org/synapse/issues/6720))
+
+
+Bugfixes
+--------
+
+- Correctly proxy HTTP errors due to API calls to remote group servers. ([\#6654](https://github.com/matrix-org/synapse/issues/6654))
+- Fix media repo admin APIs when using a media worker. ([\#6664](https://github.com/matrix-org/synapse/issues/6664))
+- Fix "CRITICAL" errors being logged when a request is received for a uri containing non-ascii characters. ([\#6682](https://github.com/matrix-org/synapse/issues/6682))
+- Fix a bug where we would assign a numeric user ID if somebody tried registering with an empty username. ([\#6690](https://github.com/matrix-org/synapse/issues/6690))
+- Fix `purge_room` admin API. ([\#6711](https://github.com/matrix-org/synapse/issues/6711))
+- Fix a bug causing Synapse to not always purge quiet rooms with a low `max_lifetime` in their message retention policies when running the automated purge jobs. ([\#6714](https://github.com/matrix-org/synapse/issues/6714))
+- Fix the `synapse_port_db` not correctly running background updates. Thanks @tadzik for reporting. ([\#6718](https://github.com/matrix-org/synapse/issues/6718))
+- Fix changing password via user admin API. ([\#6730](https://github.com/matrix-org/synapse/issues/6730))
+- Fix `/events/:event_id` deprecated API. ([\#6731](https://github.com/matrix-org/synapse/issues/6731))
+- Fix monthly active user limiting support for worker mode, fixes [#4639](https://github.com/matrix-org/synapse/issues/4639). ([\#6742](https://github.com/matrix-org/synapse/issues/6742))
+- Fix bug when setting `account_validity` to an empty block in the config. Thanks to @Sorunome for reporting. ([\#6747](https://github.com/matrix-org/synapse/issues/6747))
+- Fix `AttributeError: 'NoneType' object has no attribute 'get'` in `hash_password` when configuration has an empty `password_config`. Contributed by @ivilata. ([\#6753](https://github.com/matrix-org/synapse/issues/6753))
+- Fix the `docker-compose.yaml` overriding the entire `/etc` folder of the container. Contributed by Fabian Meyer. ([\#6656](https://github.com/matrix-org/synapse/issues/6656))
+
+
+Improved Documentation
+----------------------
+
+- Fix a typo in the configuration example for purge jobs in the sample configuration file. ([\#6621](https://github.com/matrix-org/synapse/issues/6621))
+- Add complete documentation of the message retention policies support. ([\#6624](https://github.com/matrix-org/synapse/issues/6624), [\#6665](https://github.com/matrix-org/synapse/issues/6665))
+- Add some helpful tips about changelog entries to the GitHub pull request template. ([\#6663](https://github.com/matrix-org/synapse/issues/6663))
+- Clarify the `account_validity` and `email` sections of the sample configuration. ([\#6685](https://github.com/matrix-org/synapse/issues/6685))
+- Add more endpoints to the documentation for Synapse workers. ([\#6698](https://github.com/matrix-org/synapse/issues/6698))
+
+
+Deprecations and Removals
+-------------------------
+
+- Synapse no longer supports versions of SQLite before 3.11, and will refuse to start when configured to use an older version. Administrators are recommended to migrate their database to Postgres (see instructions [here](docs/postgres.md)). ([\#6675](https://github.com/matrix-org/synapse/issues/6675))
+
+
+Internal Changes
+----------------
+
+- Add `local_current_membership` table for tracking local user membership state in rooms. ([\#6655](https://github.com/matrix-org/synapse/issues/6655), [\#6728](https://github.com/matrix-org/synapse/issues/6728))
+- Port `synapse.replication.tcp` to async/await. ([\#6666](https://github.com/matrix-org/synapse/issues/6666))
+- Fixup `synapse.replication` to pass mypy checks. ([\#6667](https://github.com/matrix-org/synapse/issues/6667))
+- Allow `additional_resources` to implement `IResource` directly. ([\#6686](https://github.com/matrix-org/synapse/issues/6686))
+- Allow REST endpoint implementations to raise a `RedirectException`, which will redirect the user's browser to a given location. ([\#6687](https://github.com/matrix-org/synapse/issues/6687))
+- Updates and extensions to the module API. ([\#6688](https://github.com/matrix-org/synapse/issues/6688))
+- Updates to the SAML mapping provider API. ([\#6689](https://github.com/matrix-org/synapse/issues/6689), [\#6723](https://github.com/matrix-org/synapse/issues/6723))
+- Remove redundant `RegistrationError` class. ([\#6691](https://github.com/matrix-org/synapse/issues/6691))
+- Don't block processing of incoming EDUs behind processing PDUs in the same transaction. ([\#6697](https://github.com/matrix-org/synapse/issues/6697))
+- Remove duplicate check for the `session` query parameter on the `/auth/xxx/fallback/web` Client-Server endpoint. ([\#6702](https://github.com/matrix-org/synapse/issues/6702))
+- Attempt to retry sending a transaction when we detect a remote server has come back online, rather than waiting for a transaction to be triggered by new data. ([\#6706](https://github.com/matrix-org/synapse/issues/6706))
+- Add `StateMap` type alias to simplify types. ([\#6715](https://github.com/matrix-org/synapse/issues/6715))
+- Add a `DeltaState` to track changes to be made to current state during event persistence. ([\#6716](https://github.com/matrix-org/synapse/issues/6716))
+- Add more logging around message retention policies support. ([\#6717](https://github.com/matrix-org/synapse/issues/6717))
+- When processing a SAML response, log the assertions for easier configuration. ([\#6724](https://github.com/matrix-org/synapse/issues/6724))
+- Fixup `synapse.rest` to pass mypy. ([\#6732](https://github.com/matrix-org/synapse/issues/6732), [\#6764](https://github.com/matrix-org/synapse/issues/6764))
+- Fixup `synapse.api` to pass mypy. ([\#6733](https://github.com/matrix-org/synapse/issues/6733))
+- Allow streaming cache 'invalidate all' to workers. ([\#6749](https://github.com/matrix-org/synapse/issues/6749))
+- Remove unused CI docker compose files. ([\#6754](https://github.com/matrix-org/synapse/issues/6754))
+
+
 Synapse 1.8.0 (2020-01-09)
 ==========================

--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -76,6 +76,15 @@ for example:
     dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb


+Upgrading to **<NEXT_VERSION>**
+===============================
+
+Synapse will now log a warning on start up if used with a PostgreSQL database
+that has a non-recommended locale set.
+
+See [docs/postgres.md](docs/postgres.md) for details.
+
+
 Upgrading to v1.8.0
 ===================

--- a/changelog.d/5742.feature
+++ b/changelog.d/5742.feature
@@ -1 +0,0 @@
-Allow admin to create or modify a user. Contributed by Awesome Technologies Innovationslabor GmbH.
--- a/changelog.d/6621.doc
+++ b/changelog.d/6621.doc
@@ -1 +0,0 @@
-Fix a typo in the configuration example for purge jobs in the sample configuration file.
--- a/changelog.d/6624.doc
+++ b/changelog.d/6624.doc
@@ -1 +0,0 @@
-Add complete documentation of the message retention policies support.
--- a/changelog.d/6654.bugfix
+++ b/changelog.d/6654.bugfix
@@ -1 +0,0 @@
-Correctly proxy HTTP errors due to API calls to remote group servers.
--- a/changelog.d/6655.misc
+++ b/changelog.d/6655.misc
@@ -1 +0,0 @@
-Add `local_current_membership` table for tracking local user membership state in rooms.
--- a/changelog.d/6656.doc
+++ b/changelog.d/6656.doc
@@ -1 +0,0 @@
-No more overriding the entire /etc folder of the container in docker-compose.yaml. Contributed by Fabian Meyer.
--- a/changelog.d/6663.doc
+++ b/changelog.d/6663.doc
@@ -1 +0,0 @@
-Add some helpful tips about changelog entries to the github pull request template.
--- a/changelog.d/6664.bugfix
+++ b/changelog.d/6664.bugfix
@@ -1 +0,0 @@
-Fix media repo admin APIs when using a media worker.
--- a/changelog.d/6665.doc
+++ b/changelog.d/6665.doc
@@ -1 +0,0 @@
-Add complete documentation of the message retention policies support.
--- a/changelog.d/6666.misc
+++ b/changelog.d/6666.misc
@@ -1 +0,0 @@
-Port `synapse.replication.tcp` to async/await.
--- a/changelog.d/6667.misc
+++ b/changelog.d/6667.misc
@@ -1 +0,0 @@
-Fixup `synapse.replication` to pass mypy checks.
--- a/changelog.d/6675.removal
+++ b/changelog.d/6675.removal
@@ -1 +0,0 @@
-Synapse no longer supports versions of SQLite before 3.11, and will refuse to start when configured to use an older version. Administrators are recommended to migrate their database to Postgres (see instructions [here](docs/postgres.md)).
--- a/changelog.d/6681.feature
+++ b/changelog.d/6681.feature
@@ -1 +0,0 @@
-Add new quarantine media admin APIs to quarantine by media ID or by user who uploaded the media.
--- a/changelog.d/6682.bugfix
+++ b/changelog.d/6682.bugfix
@@ -1,2 +0,0 @@
-Fix "CRITICAL" errors being logged when a request is received for a uri containing non-ascii characters.
-
--- a/changelog.d/6685.doc
+++ b/changelog.d/6685.doc
@@ -1 +0,0 @@
-Clarify the `account_validity` and `email` sections of the sample configuration.
--- a/changelog.d/6686.misc
+++ b/changelog.d/6686.misc
@@ -1 +0,0 @@
-Allow additional_resources to implement IResource directly.
--- a/changelog.d/6687.misc
+++ b/changelog.d/6687.misc
@@ -1 +0,0 @@
-Allow REST endpoint implementations to raise a RedirectException, which will redirect the user's browser to a given location.
--- a/changelog.d/6688.misc
+++ b/changelog.d/6688.misc
@@ -1 +0,0 @@
-Updates and extensions to the module API.
--- a/changelog.d/6689.misc
+++ b/changelog.d/6689.misc
@@ -1 +0,0 @@
-Updates to the SAML mapping provider API.
--- a/changelog.d/6690.bugfix
+++ b/changelog.d/6690.bugfix
@@ -1 +0,0 @@
-Fix a bug where we would assign a numeric userid if somebody tried registering with an empty username.
--- a/changelog.d/6691.misc
+++ b/changelog.d/6691.misc
@@ -1 +0,0 @@
-Remove redundant RegistrationError class.
--- a/changelog.d/6697.misc
+++ b/changelog.d/6697.misc
@@ -1 +0,0 @@
-Don't block processing of incoming EDUs behind processing PDUs in the same transaction.
--- a/changelog.d/6698.doc
+++ b/changelog.d/6698.doc
@@ -1 +0,0 @@
-Add more endpoints to the documentation for Synapse workers.
--- a/changelog.d/6702.misc
+++ b/changelog.d/6702.misc
@@ -1 +0,0 @@
-Remove duplicate check for the `session` query parameter on the `/auth/xxx/fallback/web` Client-Server endpoint.
--- a/changelog.d/6706.misc
+++ b/changelog.d/6706.misc
@@ -1 +0,0 @@
-Attempt to retry sending a transaction when we detect a remote server has come back online, rather than waiting for a transaction to be triggered by new data.
--- a/changelog.d/6711.bugfix
+++ b/changelog.d/6711.bugfix
@@ -1 +0,0 @@
-Fix `purge_room` admin API.
--- a/changelog.d/6712.feature
+++ b/changelog.d/6712.feature
@@ -1 +0,0 @@
-Add org.matrix.e2e_cross_signing to unstable_features in /versions as per [MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756).
--- a/changelog.d/6715.misc
+++ b/changelog.d/6715.misc
@@ -1 +0,0 @@
-Add StateMap type alias to simplify types.
--- a/changelog.d/6723.misc
+++ b/changelog.d/6723.misc
@@ -1 +0,0 @@
-Updates to the SAML mapping provider API.
--- a/changelog.d/6724.misc
+++ b/changelog.d/6724.misc
@@ -1 +0,0 @@
-When processing a SAML response, log the assertions for easier configuration.
--- a/changelog.d/6729.misc
+++ b/changelog.d/6729.misc
@@ -0,0 +1 @@
+Record room versions in the `rooms` table.
--- a/changelog.d/6734.bugfix
+++ b/changelog.d/6734.bugfix
@@ -0,0 +1 @@
+Warn if postgres database has a non-C locale, as that can cause issues when upgrading locales (e.g. due to upgrading OS).
--- a/changelog.d/6748.misc
+++ b/changelog.d/6748.misc
@@ -0,0 +1 @@
+Propagate cache invalidates from workers to other workers.
--- a/changelog.d/6751.misc
+++ b/changelog.d/6751.misc
@@ -0,0 +1 @@
+Remove some unnecessary admin handler abstraction methods.
--- a/changelog.d/6757.misc
+++ b/changelog.d/6757.misc
@@ -0,0 +1 @@
+Add some debugging for media storage providers.
--- a/changelog.d/6761.bugfix
+++ b/changelog.d/6761.bugfix
@@ -0,0 +1 @@
+Minor fixes to `PUT /_synapse/admin/v2/users` admin api.
--- a/changelog.d/6767.bugfix
+++ b/changelog.d/6767.bugfix
@@ -0,0 +1 @@
+Validate `client_secret` parameter using the regex provided by the Client-Server API, temporarily allowing `:` characters for older clients. The `:` character will be removed in a future release.
--- a/changelog.d/6771.bugfix
+++ b/changelog.d/6771.bugfix
@@ -0,0 +1 @@
+Fix persisting redaction events that have been redacted (or otherwise don't have a redacts key).
--- a/changelog.d/6775.doc
+++ b/changelog.d/6775.doc
@@ -0,0 +1 @@
+Clarify documentation related to `user_dir` and `federation_reader` workers.
--- a/changelog.d/6776.misc
+++ b/changelog.d/6776.misc
@@ -0,0 +1 @@
+Detect unknown remote devices and mark cache as stale.
--- a/changelog.d/6786.misc
+++ b/changelog.d/6786.misc
@@ -0,0 +1 @@
+Attempt to resync remote users' devices when detected as stale.
--- a/changelog.d/6787.feature
+++ b/changelog.d/6787.feature
@@ -0,0 +1 @@
+Implement updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260).
--- a/changelog.d/6788.misc
+++ b/changelog.d/6788.misc
@@ -0,0 +1 @@
+Record room versions in the `rooms` table.
--- a/changelog.d/6790.feature
+++ b/changelog.d/6790.feature
@@ -0,0 +1 @@
+Implement updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260).
--- a/changelog.d/6792.misc
+++ b/changelog.d/6792.misc
@@ -0,0 +1 @@
+Delete current state from the database when server leaves a room.
--- a/changelog.d/6794.feature
+++ b/changelog.d/6794.feature
@@ -0,0 +1 @@
+Implement updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260).
--- a/changelog.d/6795.bugfix
+++ b/changelog.d/6795.bugfix
@@ -0,0 +1 @@
+Fix outbound federation request metrics.
--- a/changelog.d/6796.bugfix
+++ b/changelog.d/6796.bugfix
@@ -0,0 +1 @@
+Fix bug where querying a remote user's device keys that weren't cached resulted in only returning a single device.
--- a/changelog.d/6797.misc
+++ b/changelog.d/6797.misc
@@ -0,0 +1 @@
+When a client asks for a remote user's device keys check if the local cache for that user has been marked as potentially stale.
--- a/changelog.d/6799.bugfix
+++ b/changelog.d/6799.bugfix
@@ -0,0 +1 @@
+Fix race in federation sender worker that delayed sending of device updates.
--- a/changelog.d/6800.bugfix
+++ b/changelog.d/6800.bugfix
@@ -0,0 +1 @@
+Fix race in federation sender worker that delayed sending of device updates.
--- a/changelog.d/6801.bugfix
+++ b/changelog.d/6801.bugfix
@@ -0,0 +1 @@
+Fix bug where Synapse didn't invalidate cache of remote users' devices when Synapse left a room.
--- a/changelog.d/6802.misc
+++ b/changelog.d/6802.misc
@@ -0,0 +1 @@
+Add background update to clean out left rooms from current state.
--- a/changelog.d/6803.misc
+++ b/changelog.d/6803.misc
@@ -0,0 +1 @@
+Refactoring work in preparation for changing the event redaction algorithm.
--- a/changelog.d/6805.misc
+++ b/changelog.d/6805.misc
@@ -0,0 +1 @@
+Refactoring work in preparation for changing the event redaction algorithm.
--- a/changelog.d/6810.misc
+++ b/changelog.d/6810.misc
@@ -0,0 +1 @@
+Record room versions in the `rooms` table.
--- a/changelog.d/6811.bugfix
+++ b/changelog.d/6811.bugfix
@@ -0,0 +1 @@
+Fix waking up other workers when remote server is detected to have come back online.
--- a/changelog.d/6816.misc
+++ b/changelog.d/6816.misc
@@ -0,0 +1 @@
+Add background update to clean out left rooms from current state.
--- a/changelog.d/6821.misc
+++ b/changelog.d/6821.misc
@@ -0,0 +1 @@
+Add type hints to `SyncHandler`.
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+matrix-synapse-py3 (1.9.1) stable; urgency=medium
+
+  * New synapse release 1.9.1.
+
+ -- Synapse Packaging team <packages@matrix.org>  Tue, 28 Jan 2020 13:09:23 +0000
+
+matrix-synapse-py3 (1.9.0) stable; urgency=medium
+
+  * New synapse release 1.9.0.
+
+ -- Synapse Packaging team <packages@matrix.org>  Thu, 23 Jan 2020 12:56:31 +0000
+
 matrix-synapse-py3 (1.8.0) stable; urgency=medium

  [ Richard van der Hoff ]
--- a/docs/admin_api/rooms.md
+++ b/docs/admin_api/rooms.md
@@ -0,0 +1,173 @@
+# List Room API
+
+The List Room admin API allows server admins to get a list of rooms on their
+server. There are various parameters available that allow for filtering and
+sorting the returned list. This API supports pagination.
+
+## Parameters
+
+The following query parameters are available:
+
+* `from` - Offset in the returned list. Defaults to `0`.
+* `limit` - Maximum amount of rooms to return. Defaults to `100`.
+* `order_by` - The method in which to sort the returned list of rooms. Valid values are:
+  - `alphabetical` - Rooms are ordered alphabetically by room name. This is the default.
+  - `size` - Rooms are ordered by the number of members. Largest to smallest.
+* `dir` - Direction of room order. Either `f` for forwards or `b` for backwards. Setting
+          this value to `b` will reverse the above sort order. Defaults to `f`.
+* `search_term` - Filter rooms by their room name. Search term can be contained in any
+                  part of the room name. Defaults to no filtering.
+
+The following fields are possible in the JSON response body:
+
+* `rooms` - An array of objects, each containing information about a room.
+  - Room objects contain the following fields:
+    - `room_id` - The ID of the room.
+    - `name` - The name of the room.
+    - `canonical_alias` - The canonical (main) alias address of the room.
+    - `joined_members` - How many users are currently in the room.
+* `offset` - The current pagination offset in rooms. This parameter should be
+             used instead of `next_token` for room offset as `next_token` is
+             not intended to be parsed.
+* `total_rooms` - The total number of rooms this query can return. Using this
+                  and `offset`, you have enough information to know the current
+                  progression through the list.
+* `next_batch` - If this field is present, we know that there are potentially
+                 more rooms on the server that did not all fit into this response.
+                 We can use `next_batch` to get the "next page" of results. To do
+                 so, simply repeat your request, setting the `from` parameter to
+                 the value of `next_batch`.
+* `prev_batch` - If this field is present, it is possible to paginate backwards.
+                 Use `prev_batch` for the `from` value in the next request to
+                 get the "previous page" of results.
+
+## Usage
+
+A standard request with no filtering:
+
+```
+GET /_synapse/admin/v1/rooms
+
+{}
+```
+
+Response:
+
+```
+{
+  "rooms": [
+    {
+      "room_id": "!OGEhHVWSdvArJzumhm:matrix.org",
+      "name": "Matrix HQ",
+      "canonical_alias": "#matrix:matrix.org",
+      "joined_members": 8326
+    },
+    ... (8 hidden items) ...
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 10
+}
+```
+
+Filtering by room name:
+
+```
+GET /_synapse/admin/v1/rooms?search_term=TWIM
+
+{}
+```
+
+Response:
+
+```
+{
+  "rooms": [
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 1
+}
+```
+
+Paginating through a list of rooms:
+
+```
+GET /_synapse/admin/v1/rooms?order_by=size
+
+{}
+```
+
+Response:
+
+```
+{
+  "rooms": [
+    {
+      "room_id": "!OGEhHVWSdvArJzumhm:matrix.org",
+      "name": "Matrix HQ",
+      "canonical_alias": "#matrix:matrix.org",
+      "joined_members": 8326
+    },
+    ... (98 hidden items) ...
+    {
+      "room_id": "!xYvNcQPhnkrdUmYczI:matrix.org",
+      "name": "This Week In Matrix (TWIM)",
+      "canonical_alias": "#twim:matrix.org",
+      "joined_members": 314
+    }
+  ],
+  "offset": 0,
+  "total_rooms": 150
+  "next_token": 100
+}
+```
+
+The presence of the `next_token` parameter tells us that there are more rooms
+than returned in this request, and we need to make another request to get them.
+To get the next batch of room results, we repeat our request, setting the `from`
+parameter to the value of `next_token`.
+
+```
+GET /_synapse/admin/v1/rooms?order_by=size&from=100
+
+{}
+```
+
+Response:
+
+```
+{
+  "rooms": [
+    {
+      "room_id": "!mscvqgqpHYjBGDxNym:matrix.org",
+      "name": "Music Theory",
+      "canonical_alias": "#musictheory:matrix.org",
+      "joined_members": 127
+    },
+    ... (48 hidden items) ...
+    {
+      "room_id": "!twcBhHVdZlQWuuxBhN:termina.org.uk",
+      "name": "weechat-matrix",
+      "canonical_alias": "#weechat-matrix:termina.org.uk",
+      "joined_members": 137
+    }
+  ],
+  "offset": 100,
+  "prev_batch": 0,
+  "total_rooms": 150
+}
+```
+
+Once the `next_token` parameter is no longer present, we know we've reached the
+end of the list.
--- a/docs/postgres.md
+++ b/docs/postgres.md
@@ -32,7 +32,7 @@ Assuming your PostgreSQL database user is called `postgres`, first authenticate
    su - postgres
    # Or, if your system uses sudo to get administrative rights
    sudo -u postgres bash
-  
+
 Then, create a user ``synapse_user`` with:

    createuser --pwprompt synapse_user
@@ -63,6 +63,24 @@ You may need to enable password authentication so `synapse_user` can
 connect to the database. See
 <https://www.postgresql.org/docs/11/auth-pg-hba-conf.html>.

+### Fixing incorrect `COLLATE` or `CTYPE`
+
+Synapse will refuse to set up a new database if it has the wrong values of
+`COLLATE` and `CTYPE` set, and will log warnings on existing databases. Using
+different locales can cause issues if the locale library is updated from
+underneath the database, or if a different version of the locale is used on any
+replicas.
+
+The safest way to fix the issue is to take a dump and recreate the database with
+the correct `COLLATE` and `CTYPE` parameters (as per
+[docs/postgres.md](docs/postgres.md)). It is also possible to change the
+parameters on a live database and run a `REINDEX` on the entire database,
+however extreme care must be taken to avoid database corruption.
+
+Note that the above may fail with an error about duplicate rows if corruption
+has already occurred, and such duplicate rows will need to be manually removed.
+
+
 ## Tuning Postgres

 The default settings should be fine for most deployments. For larger
--- a/docs/tcp_replication.md
+++ b/docs/tcp_replication.md
@@ -254,6 +254,11 @@ and they key to invalidate. For example:

    > RDATA caches 550953771 ["get_user_by_id", ["@bob:example.com"], 1550574873251]

+Alternatively, an entire cache can be invalidated by sending down a `null`
+instead of the key. For example:
+
+    > RDATA caches 550953772 ["get_user_by_id", null, 1550574873252]
+
 However, there are times when a number of caches need to be invalidated
 at the same time with the same key. To reduce traffic we batch those
 invalidations into a single poke by defining a special cache name that
--- a/docs/workers.md
+++ b/docs/workers.md
@@ -185,6 +185,19 @@ reverse-proxy configuration.
 The `^/_matrix/federation/v1/send/` endpoint must only be handled by a single
 instance.

+Note that `federation` must be added to the listener resources in the worker config:
+
+```yaml
+worker_app: synapse.app.federation_reader
+...
+worker_listeners:
+ - type: http
+   port: <port>
+   resources:
+     - names:
+       - federation
+```
+
 ### `synapse.app.federation_sender`

 Handles sending federation traffic to other servers. Doesn't handle any
@@ -265,6 +278,10 @@ the following regular expressions:

    ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$

+When using this worker you must also set `update_user_directory: False` in the 
+shared configuration file to stop the main synapse running background 
+jobs related to updating the user directory.
+
 ### `synapse.app.frontend_proxy`

 Proxies some frequently-requested client endpoints to add caching and remove
--- a/mypy.ini
+++ b/mypy.ini
@@ -7,6 +7,9 @@ show_error_codes = True
 show_traceback = True
 mypy_path = stubs

+[mypy-pymacaroons.*]
+ignore_missing_imports = True
+
 [mypy-zope]
 ignore_missing_imports = True

@@ -63,3 +66,12 @@ ignore_missing_imports = True

 [mypy-sentry_sdk]
 ignore_missing_imports = True
+
+[mypy-PIL.*]
+ignore_missing_imports = True
+
+[mypy-lxml]
+ignore_missing_imports = True
+
+[mypy-jwt.*]
+ignore_missing_imports = True
--- a/scripts-dev/update_database
+++ b/scripts-dev/update_database
@@ -22,10 +22,12 @@ import yaml

 from twisted.internet import defer, reactor

+import synapse
 from synapse.config.homeserver import HomeServerConfig
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.server import HomeServer
 from synapse.storage import DataStore
+from synapse.util.versionstring import get_version_string

 logger = logging.getLogger("update_database")

@@ -38,6 +40,8 @@ class MockHomeserver(HomeServer):
            config.server_name, reactor=reactor, config=config, **kwargs
        )

+        self.version_string = "Synapse/"+get_version_string(synapse)
+

 if __name__ == "__main__":
    parser = argparse.ArgumentParser(
@@ -81,15 +85,17 @@ if __name__ == "__main__":
    hs.setup()
    store = hs.get_datastore()

-    @defer.inlineCallbacks
-    def run_background_updates():
-        yield store.db.updates.run_background_updates(sleep=False)
+    async def run_background_updates():
+        await store.db.updates.run_background_updates(sleep=False)
        # Stop the reactor to exit the script once every background update is run.
        reactor.stop()

-    # Apply all background updates on the database.
-    reactor.callWhenRunning(
-        lambda: run_as_background_process("background_updates", run_background_updates)
-    )
+    def run():
+        # Apply all background updates on the database.
+        defer.ensureDeferred(
+            run_as_background_process("background_updates", run_background_updates)
+        )
+
+    reactor.callWhenRunning(run)

    reactor.run()
--- a/scripts/hash_password
+++ b/scripts/hash_password
@@ -52,7 +52,7 @@ if __name__ == "__main__":
    if "config" in args and args.config:
        config = yaml.safe_load(args.config)
        bcrypt_rounds = config.get("bcrypt_rounds", bcrypt_rounds)
-        password_config = config.get("password_config", {})
+        password_config = config.get("password_config", None) or {}
        password_pepper = password_config.get("pepper", password_pepper)
    password = args.password

--- a/scripts/synapse_port_db
+++ b/scripts/synapse_port_db
@@ -27,13 +27,16 @@ from six import string_types

 import yaml

-from twisted.enterprise import adbapi
 from twisted.internet import defer, reactor

+import synapse
 from synapse.config.database import DatabaseConnectionConfig
 from synapse.config.homeserver import HomeServerConfig
-from synapse.logging.context import PreserveLoggingContext
-from synapse.storage._base import LoggingTransaction
+from synapse.logging.context import (
+    LoggingContext,
+    make_deferred_yieldable,
+    run_in_background,
+)
 from synapse.storage.data_stores.main.client_ips import ClientIpBackgroundUpdateStore
 from synapse.storage.data_stores.main.deviceinbox import (
    DeviceInboxBackgroundUpdateStore,
@@ -61,6 +64,7 @@ from synapse.storage.database import Database, make_conn
 from synapse.storage.engines import create_engine
 from synapse.storage.prepare_database import prepare_database
 from synapse.util import Clock
+from synapse.util.versionstring import get_version_string

 logger = logging.getLogger("synapse_port_db")

@@ -125,6 +129,13 @@ APPEND_ONLY_TABLES = [
 ]


+# Error returned by the run function. Used at the top-level part of the script to
+# handle errors and return codes.
+end_error = None
+# The exec_info for the error, if any. If error is defined but not exec_info the script
+# will show only the error message without the stacktrace, if exec_info is defined but
+# not the error then the script will show nothing outside of what's printed in the run
+# function. If both are defined, the script will print both the error and the stacktrace.
 end_error_exec_info = None


@@ -177,6 +188,7 @@ class MockHomeserver:
        self.clock = Clock(reactor)
        self.config = config
        self.hostname = config.server_name
+        self.version_string = "Synapse/"+get_version_string(synapse)

    def get_clock(self):
        return self.clock
@@ -189,11 +201,10 @@ class Porter(object):
    def __init__(self, **kwargs):
        self.__dict__.update(kwargs)

-    @defer.inlineCallbacks
-    def setup_table(self, table):
+    async def setup_table(self, table):
        if table in APPEND_ONLY_TABLES:
            # It's safe to just carry on inserting.
-            row = yield self.postgres_store.db.simple_select_one(
+            row = await self.postgres_store.db.simple_select_one(
                table="port_from_sqlite3",
                keyvalues={"table_name": table},
                retcols=("forward_rowid", "backward_rowid"),
@@ -207,10 +218,10 @@ class Porter(object):
                        forward_chunk,
                        already_ported,
                        total_to_port,
-                    ) = yield self._setup_sent_transactions()
+                    ) = await self._setup_sent_transactions()
                    backward_chunk = 0
                else:
-                    yield self.postgres_store.db.simple_insert(
+                    await self.postgres_store.db.simple_insert(
                        table="port_from_sqlite3",
                        values={
                            "table_name": table,
@@ -227,7 +238,7 @@ class Porter(object):
                backward_chunk = row["backward_rowid"]

            if total_to_port is None:
-                already_ported, total_to_port = yield self._get_total_count_to_port(
+                already_ported, total_to_port = await self._get_total_count_to_port(
                    table, forward_chunk, backward_chunk
                )
        else:
@@ -238,9 +249,9 @@ class Porter(object):
                )
                txn.execute("TRUNCATE %s CASCADE" % (table,))

-            yield self.postgres_store.execute(delete_all)
+            await self.postgres_store.execute(delete_all)

-            yield self.postgres_store.db.simple_insert(
+            await self.postgres_store.db.simple_insert(
                table="port_from_sqlite3",
                values={"table_name": table, "forward_rowid": 1, "backward_rowid": 0},
            )
@@ -248,16 +259,13 @@ class Porter(object):
            forward_chunk = 1
            backward_chunk = 0

-            already_ported, total_to_port = yield self._get_total_count_to_port(
+            already_ported, total_to_port = await self._get_total_count_to_port(
                table, forward_chunk, backward_chunk
            )

-        defer.returnValue(
-            (table, already_ported, total_to_port, forward_chunk, backward_chunk)
-        )
+        return table, already_ported, total_to_port, forward_chunk, backward_chunk

-    @defer.inlineCallbacks
-    def handle_table(
+    async def handle_table(
        self, table, postgres_size, table_size, forward_chunk, backward_chunk
    ):
        logger.info(
@@ -275,7 +283,7 @@ class Porter(object):
        self.progress.add_table(table, postgres_size, table_size)

        if table == "event_search":
-            yield self.handle_search_table(
+            await self.handle_search_table(
                postgres_size, table_size, forward_chunk, backward_chunk
            )
            return
@@ -294,7 +302,7 @@ class Porter(object):
        if table == "user_directory_stream_pos":
            # We need to make sure there is a single row, `(X, null), as that is
            # what synapse expects to be there.
-            yield self.postgres_store.db.simple_insert(
+            await self.postgres_store.db.simple_insert(
                table=table, values={"stream_id": None}
            )
            self.progress.update(table, table_size)  # Mark table as done
@@ -335,7 +343,7 @@ class Porter(object):

                return headers, forward_rows, backward_rows

-            headers, frows, brows = yield self.sqlite_store.db.runInteraction(
+            headers, frows, brows = await self.sqlite_store.db.runInteraction(
                "select", r
            )

@@ -361,7 +369,7 @@ class Porter(object):
                        },
                    )

-                yield self.postgres_store.execute(insert)
+                await self.postgres_store.execute(insert)

                postgres_size += len(rows)

@@ -369,8 +377,7 @@ class Porter(object):
            else:
                return

-    @defer.inlineCallbacks
-    def handle_search_table(
+    async def handle_search_table(
        self, postgres_size, table_size, forward_chunk, backward_chunk
    ):
        select = (
@@ -390,7 +397,7 @@ class Porter(object):

                return headers, rows

-            headers, rows = yield self.sqlite_store.db.runInteraction("select", r)
+            headers, rows = await self.sqlite_store.db.runInteraction("select", r)

            if rows:
                forward_chunk = rows[-1][0] + 1
@@ -438,7 +445,7 @@ class Porter(object):
                        },
                    )

-                yield self.postgres_store.execute(insert)
+                await self.postgres_store.execute(insert)

                postgres_size += len(rows)

@@ -476,11 +483,10 @@ class Porter(object):

        return store

-    @defer.inlineCallbacks
-    def run_background_updates_on_postgres(self):
+    async def run_background_updates_on_postgres(self):
        # Manually apply all background updates on the PostgreSQL database.
        postgres_ready = (
-            yield self.postgres_store.db.updates.has_completed_background_updates()
+            await self.postgres_store.db.updates.has_completed_background_updates()
        )

        if not postgres_ready:
@@ -489,13 +495,20 @@ class Porter(object):
            self.progress.set_state("Running background updates on PostgreSQL")

        while not postgres_ready:
-            yield self.postgres_store.db.updates.do_next_background_update(100)
-            postgres_ready = yield (
+            await self.postgres_store.db.updates.do_next_background_update(100)
+            postgres_ready = await (
                self.postgres_store.db.updates.has_completed_background_updates()
            )

-    @defer.inlineCallbacks
-    def run(self):
+    async def run(self):
+        """Ports the SQLite database to a PostgreSQL database.
+
+        When a fatal error is met, its message is assigned to the global "end_error"
+        variable. When this error comes with a stacktrace, its exec_info is assigned to
+        the global "end_error_exec_info" variable.
+        """
+        global end_error
+
        try:
            # we allow people to port away from outdated versions of sqlite.
            self.sqlite_store = self.build_db_store(
@@ -505,21 +518,21 @@ class Porter(object):

            # Check if all background updates are done, abort if not.
            updates_complete = (
-                yield self.sqlite_store.db.updates.has_completed_background_updates()
+                await self.sqlite_store.db.updates.has_completed_background_updates()
            )
            if not updates_complete:
-                sys.stderr.write(
+                end_error = (
                    "Pending background updates exist in the SQLite3 database."
                    " Please start Synapse again and wait until every update has finished"
                    " before running this script.\n"
                )
-                defer.returnValue(None)
+                return

            self.postgres_store = self.build_db_store(
                self.hs_config.get_single_database()
            )

-            yield self.run_background_updates_on_postgres()
+            await self.run_background_updates_on_postgres()

            self.progress.set_state("Creating port tables")

@@ -547,22 +560,22 @@ class Porter(object):
                )

            try:
-                yield self.postgres_store.db.runInteraction("alter_table", alter_table)
+                await self.postgres_store.db.runInteraction("alter_table", alter_table)
            except Exception:
                # On Error Resume Next
                pass

-            yield self.postgres_store.db.runInteraction(
+            await self.postgres_store.db.runInteraction(
                "create_port_table", create_port_table
            )

            # Step 2. Get tables.
            self.progress.set_state("Fetching tables")
-            sqlite_tables = yield self.sqlite_store.db.simple_select_onecol(
+            sqlite_tables = await self.sqlite_store.db.simple_select_onecol(
                table="sqlite_master", keyvalues={"type": "table"}, retcol="name"
            )

-            postgres_tables = yield self.postgres_store.db.simple_select_onecol(
+            postgres_tables = await self.postgres_store.db.simple_select_onecol(
                table="information_schema.tables",
                keyvalues={},
                retcol="distinct table_name",
@@ -573,28 +586,34 @@ class Porter(object):

            # Step 3. Figure out what still needs copying
            self.progress.set_state("Checking on port progress")
-            setup_res = yield defer.gatherResults(
-                [
-                    self.setup_table(table)
-                    for table in tables
-                    if table not in ["schema_version", "applied_schema_deltas"]
-                    and not table.startswith("sqlite_")
-                ],
-                consumeErrors=True,
+            setup_res = await make_deferred_yieldable(
+                defer.gatherResults(
+                    [
+                        run_in_background(self.setup_table, table)
+                        for table in tables
+                        if table not in ["schema_version", "applied_schema_deltas"]
+                        and not table.startswith("sqlite_")
+                    ],
+                    consumeErrors=True,
+                )
            )

            # Step 4. Do the copying.
            self.progress.set_state("Copying to postgres")
-            yield defer.gatherResults(
-                [self.handle_table(*res) for res in setup_res], consumeErrors=True
+            await make_deferred_yieldable(
+                defer.gatherResults(
+                    [run_in_background(self.handle_table, *res) for res in setup_res],
+                    consumeErrors=True,
+                )
            )

            # Step 5. Do final post-processing
-            yield self._setup_state_group_id_seq()
+            await self._setup_state_group_id_seq()

            self.progress.done()
-        except Exception:
+        except Exception as e:
            global end_error_exec_info
+            end_error = e
            end_error_exec_info = sys.exc_info()
            logger.exception("")
        finally:
@@ -634,8 +653,7 @@ class Porter(object):

        return outrows

-    @defer.inlineCallbacks
-    def _setup_sent_transactions(self):
+    async def _setup_sent_transactions(self):
        # Only save things from the last day
        yesterday = int(time.time() * 1000) - 86400000

@@ -656,7 +674,7 @@ class Porter(object):

            return headers, [r for r in rows if r[ts_ind] < yesterday]

-        headers, rows = yield self.sqlite_store.db.runInteraction("select", r)
+        headers, rows = await self.sqlite_store.db.runInteraction("select", r)

        rows = self._convert_rows("sent_transactions", headers, rows)

@@ -669,7 +687,7 @@ class Porter(object):
                    txn, "sent_transactions", headers[1:], rows
                )

-            yield self.postgres_store.execute(insert)
+            await self.postgres_store.execute(insert)
        else:
            max_inserted_rowid = 0

@@ -686,10 +704,10 @@ class Porter(object):
            else:
                return 1

-        next_chunk = yield self.sqlite_store.execute(get_start_id)
+        next_chunk = await self.sqlite_store.execute(get_start_id)
        next_chunk = max(max_inserted_rowid + 1, next_chunk)

-        yield self.postgres_store.db.simple_insert(
+        await self.postgres_store.db.simple_insert(
            table="port_from_sqlite3",
            values={
                "table_name": "sent_transactions",
@@ -705,46 +723,49 @@ class Porter(object):
            (size,) = txn.fetchone()
            return int(size)

-        remaining_count = yield self.sqlite_store.execute(get_sent_table_size)
+        remaining_count = await self.sqlite_store.execute(get_sent_table_size)

        total_count = remaining_count + inserted_rows

-        defer.returnValue((next_chunk, inserted_rows, total_count))
+        return next_chunk, inserted_rows, total_count

-    @defer.inlineCallbacks
-    def _get_remaining_count_to_port(self, table, forward_chunk, backward_chunk):
-        frows = yield self.sqlite_store.execute_sql(
+    async def _get_remaining_count_to_port(self, table, forward_chunk, backward_chunk):
+        frows = await self.sqlite_store.execute_sql(
            "SELECT count(*) FROM %s WHERE rowid >= ?" % (table,), forward_chunk
        )

-        brows = yield self.sqlite_store.execute_sql(
+        brows = await self.sqlite_store.execute_sql(
            "SELECT count(*) FROM %s WHERE rowid <= ?" % (table,), backward_chunk
        )

-        defer.returnValue(frows[0][0] + brows[0][0])
+        return frows[0][0] + brows[0][0]

-    @defer.inlineCallbacks
-    def _get_already_ported_count(self, table):
-        rows = yield self.postgres_store.execute_sql(
+    async def _get_already_ported_count(self, table):
+        rows = await self.postgres_store.execute_sql(
            "SELECT count(*) FROM %s" % (table,)
        )

-        defer.returnValue(rows[0][0])
+        return rows[0][0]

-    @defer.inlineCallbacks
-    def _get_total_count_to_port(self, table, forward_chunk, backward_chunk):
-        remaining, done = yield defer.gatherResults(
-            [
-                self._get_remaining_count_to_port(table, forward_chunk, backward_chunk),
-                self._get_already_ported_count(table),
-            ],
-            consumeErrors=True,
+    async def _get_total_count_to_port(self, table, forward_chunk, backward_chunk):
+        remaining, done = await make_deferred_yieldable(
+            defer.gatherResults(
+                [
+                    run_in_background(
+                        self._get_remaining_count_to_port,
+                        table,
+                        forward_chunk,
+                        backward_chunk,
+                    ),
+                    run_in_background(self._get_already_ported_count, table),
+                ],
+            )
        )

        remaining = int(remaining) if remaining else 0
        done = int(done) if done else 0

-        defer.returnValue((done, remaining + done))
+        return done, remaining + done

    def _setup_state_group_id_seq(self):
        def r(txn):
@@ -1010,7 +1031,12 @@ if __name__ == "__main__":
            hs_config=config,
        )

-        reactor.callWhenRunning(porter.run)
+        @defer.inlineCallbacks
+        def run():
+            with LoggingContext("synapse_port_db_run"):
+                yield defer.ensureDeferred(porter.run())
+
+        reactor.callWhenRunning(run)

        reactor.run()

@@ -1019,7 +1045,11 @@ if __name__ == "__main__":
    else:
        start()

-    if end_error_exec_info:
-        exc_type, exc_value, exc_traceback = end_error_exec_info
-        traceback.print_exception(exc_type, exc_value, exc_traceback)
+    if end_error:
+        if end_error_exec_info:
+            exc_type, exc_value, exc_traceback = end_error_exec_info
+            traceback.print_exception(exc_type, exc_value, exc_traceback)
+
+        sys.stderr.write(end_error)
+
        sys.exit(5)
--- a/synapse/init.py
+++ b/synapse/init.py
@@ -36,7 +36,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.9.0.dev1"
+__version__ = "1.9.1"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -33,6 +33,7 @@ from synapse.api.errors import (
    MissingClientTokenError,
    ResourceLimitError,
 )
+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
 from synapse.config.server import is_threepid_reserved
 from synapse.types import StateMap, UserID
 from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache
@@ -77,15 +78,17 @@ class Auth(object):
        self._account_validity = hs.config.account_validity

    @defer.inlineCallbacks
-    def check_from_context(self, room_version, event, context, do_sig_check=True):
+    def check_from_context(self, room_version: str, event, context, do_sig_check=True):
        prev_state_ids = yield context.get_prev_state_ids()
        auth_events_ids = yield self.compute_auth_events(
            event, prev_state_ids, for_verification=True
        )
        auth_events = yield self.store.get_events(auth_events_ids)
        auth_events = {(e.type, e.state_key): e for e in itervalues(auth_events)}
+
+        room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
        event_auth.check(
-            room_version, event, auth_events=auth_events, do_sig_check=do_sig_check
+            room_version_obj, event, auth_events=auth_events, do_sig_check=do_sig_check
        )

    @defer.inlineCallbacks
--- a/synapse/api/filtering.py
+++ b/synapse/api/filtering.py
@@ -15,6 +15,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+from typing import List
+
 from six import text_type

 import jsonschema
@@ -293,7 +295,7 @@ class Filter(object):
            room_id = None
            ev_type = "m.presence"
            contains_url = False
-            labels = []
+            labels = []  # type: List[str]
        else:
            sender = event.get("sender", None)
            if not sender:
--- a/synapse/api/ratelimiting.py
+++ b/synapse/api/ratelimiting.py
@@ -12,7 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-import collections
+from collections import OrderedDict
+from typing import Any, Optional, Tuple

 from synapse.api.errors import LimitExceededError

@@ -23,7 +24,9 @@ class Ratelimiter(object):
    """

    def __init__(self):
-        self.message_counts = collections.OrderedDict()
+        self.message_counts = (
+            OrderedDict()
+        )  # type: OrderedDict[Any, Tuple[float, int, Optional[float]]]

    def can_do_action(self, key, time_now_s, rate_hz, burst_count, update=True):
        """Can the entity (e.g. user or IP address) perform the action?
--- a/synapse/api/room_versions.py
+++ b/synapse/api/room_versions.py
@@ -57,6 +57,9 @@ class RoomVersion(object):
    state_res = attr.ib()  # int; one of the StateResolutionVersions
    enforce_key_validity = attr.ib()  # bool

+    # bool: before MSC2260, anyone was allowed to send an aliases event
+    special_case_aliases_auth = attr.ib(type=bool, default=False)
+

 class RoomVersions(object):
    V1 = RoomVersion(
@@ -65,6 +68,7 @@ class RoomVersions(object):
        EventFormatVersions.V1,
        StateResolutionVersions.V1,
        enforce_key_validity=False,
+        special_case_aliases_auth=True,
    )
    V2 = RoomVersion(
        "2",
@@ -72,6 +76,7 @@ class RoomVersions(object):
        EventFormatVersions.V1,
        StateResolutionVersions.V2,
        enforce_key_validity=False,
+        special_case_aliases_auth=True,
    )
    V3 = RoomVersion(
        "3",
@@ -79,6 +84,7 @@ class RoomVersions(object):
        EventFormatVersions.V2,
        StateResolutionVersions.V2,
        enforce_key_validity=False,
+        special_case_aliases_auth=True,
    )
    V4 = RoomVersion(
        "4",
@@ -86,6 +92,7 @@ class RoomVersions(object):
        EventFormatVersions.V3,
        StateResolutionVersions.V2,
        enforce_key_validity=False,
+        special_case_aliases_auth=True,
    )
    V5 = RoomVersion(
        "5",
@@ -93,6 +100,14 @@ class RoomVersions(object):
        EventFormatVersions.V3,
        StateResolutionVersions.V2,
        enforce_key_validity=True,
+        special_case_aliases_auth=True,
+    )
+    MSC2260_DEV = RoomVersion(
+        "org.matrix.msc2260",
+        RoomDisposition.UNSTABLE,
+        EventFormatVersions.V3,
+        StateResolutionVersions.V2,
+        enforce_key_validity=True,
    )


@@ -104,5 +119,6 @@ KNOWN_ROOM_VERSIONS = {
        RoomVersions.V3,
        RoomVersions.V4,
        RoomVersions.V5,
+        RoomVersions.MSC2260_DEV,
    )
 }  # type: Dict[str, RoomVersion]
--- a/synapse/app/client_reader.py
+++ b/synapse/app/client_reader.py
@@ -62,6 +62,9 @@ from synapse.rest.client.v2_alpha.keys import KeyChangesServlet, KeyQueryServlet
 from synapse.rest.client.v2_alpha.register import RegisterRestServlet
 from synapse.rest.client.versions import VersionsRestServlet
 from synapse.server import HomeServer
+from synapse.storage.data_stores.main.monthly_active_users import (
+    MonthlyActiveUsersWorkerStore,
+)
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.manhole import manhole
 from synapse.util.versionstring import get_version_string
@@ -85,6 +88,7 @@ class ClientReaderSlavedStore(
    SlavedTransactionStore,
    SlavedProfileStore,
    SlavedClientIpStore,
+    MonthlyActiveUsersWorkerStore,
    BaseSlavedStore,
 ):
    pass
--- a/synapse/app/event_creator.py
+++ b/synapse/app/event_creator.py
@@ -56,6 +56,9 @@ from synapse.rest.client.v1.room import (
    RoomStateEventRestServlet,
 )
 from synapse.server import HomeServer
+from synapse.storage.data_stores.main.monthly_active_users import (
+    MonthlyActiveUsersWorkerStore,
+)
 from synapse.storage.data_stores.main.user_directory import UserDirectoryStore
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.manhole import manhole
@@ -81,6 +84,7 @@ class EventCreatorSlavedStore(
    SlavedEventStore,
    SlavedRegistrationStore,
    RoomStore,
+    MonthlyActiveUsersWorkerStore,
    BaseSlavedStore,
 ):
    pass
--- a/synapse/app/federation_reader.py
+++ b/synapse/app/federation_reader.py
@@ -46,6 +46,9 @@ from synapse.replication.slave.storage.transactions import SlavedTransactionStor
 from synapse.replication.tcp.client import ReplicationClientHandler
 from synapse.rest.key.v2 import KeyApiV2Resource
 from synapse.server import HomeServer
+from synapse.storage.data_stores.main.monthly_active_users import (
+    MonthlyActiveUsersWorkerStore,
+)
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.manhole import manhole
 from synapse.util.versionstring import get_version_string
@@ -66,6 +69,7 @@ class FederationReaderSlavedStore(
    RoomStore,
    DirectoryStore,
    SlavedTransactionStore,
+    MonthlyActiveUsersWorkerStore,
    BaseSlavedStore,
 ):
    pass
--- a/synapse/app/federation_sender.py
+++ b/synapse/app/federation_sender.py
@@ -38,7 +38,11 @@ from synapse.replication.slave.storage.receipts import SlavedReceiptsStore
 from synapse.replication.slave.storage.registration import SlavedRegistrationStore
 from synapse.replication.slave.storage.transactions import SlavedTransactionStore
 from synapse.replication.tcp.client import ReplicationClientHandler
-from synapse.replication.tcp.streams._base import ReceiptsStream
+from synapse.replication.tcp.streams._base import (
+    DeviceListsStream,
+    ReceiptsStream,
+    ToDeviceStream,
+)
 from synapse.server import HomeServer
 from synapse.storage.database import Database
 from synapse.types import ReadReceipt
@@ -256,6 +260,20 @@ class FederationSenderHandler(object):
                "process_receipts_for_federation", self._on_new_receipts, rows
            )

+        # ... as well as device updates and messages
+        elif stream_name == DeviceListsStream.NAME:
+            hosts = set(row.destination for row in rows)
+            for host in hosts:
+                self.federation_sender.send_device_messages(host)
+
+        elif stream_name == ToDeviceStream.NAME:
+            # The to_device stream includes stuff to be pushed to both local
+            # clients and remote servers, so we ignore entities that start with
+            # '@' (since they'll be local users rather than destinations).
+            hosts = set(row.entity for row in rows if not row.entity.startswith("@"))
+            for host in hosts:
+                self.federation_sender.send_device_messages(host)
+
    @defer.inlineCallbacks
    def _on_new_receipts(self, rows):
        """
--- a/synapse/app/synchrotron.py
+++ b/synapse/app/synchrotron.py
@@ -54,6 +54,9 @@ from synapse.rest.client.v1.initial_sync import InitialSyncRestServlet
 from synapse.rest.client.v1.room import RoomInitialSyncRestServlet
 from synapse.rest.client.v2_alpha import sync
 from synapse.server import HomeServer
+from synapse.storage.data_stores.main.monthly_active_users import (
+    MonthlyActiveUsersWorkerStore,
+)
 from synapse.storage.data_stores.main.presence import UserPresenceState
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.manhole import manhole
@@ -77,6 +80,7 @@ class SynchrotronSlavedStore(
    SlavedEventStore,
    SlavedClientIpStore,
    RoomStore,
+    MonthlyActiveUsersWorkerStore,
    BaseSlavedStore,
 ):
    pass
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -29,6 +29,7 @@ class AccountValidityConfig(Config):
    def __init__(self, config, synapse_config):
        if config is None:
            return
+        super(AccountValidityConfig, self).__init__()
        self.enabled = config.get("enabled", False)
        self.renew_by_email_enabled = "renew_at" in config

@@ -93,7 +94,7 @@ class RegistrationConfig(Config):
            )

        self.account_validity = AccountValidityConfig(
-            config.get("account_validity", {}), config
+            config.get("account_validity") or {}, config
        )

        self.registrations_require_3pid = config.get("registrations_require_3pid", [])
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -294,6 +294,14 @@ class ServerConfig(Config):
            self.retention_default_min_lifetime = None
            self.retention_default_max_lifetime = None

+        if self.retention_enabled:
+            logger.info(
+                "Message retention policies support enabled with the following default"
+                " policy: min_lifetime = %s ; max_lifetime = %s",
+                self.retention_default_min_lifetime,
+                self.retention_default_max_lifetime,
+            )
+
        self.retention_allowed_lifetime_min = retention_config.get(
            "allowed_lifetime_min"
        )
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # Copyright 2014 - 2016 OpenMarket Ltd
+# Copyright 2020 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,17 +24,27 @@ from unpaddedbase64 import decode_base64

 from synapse.api.constants import EventTypes, JoinRules, Membership
 from synapse.api.errors import AuthError, EventSizeError, SynapseError
-from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, EventFormatVersions
+from synapse.api.room_versions import (
+    KNOWN_ROOM_VERSIONS,
+    EventFormatVersions,
+    RoomVersion,
+)
 from synapse.types import UserID, get_domain_from_id

 logger = logging.getLogger(__name__)


-def check(room_version, event, auth_events, do_sig_check=True, do_size_check=True):
+def check(
+    room_version_obj: RoomVersion,
+    event,
+    auth_events,
+    do_sig_check=True,
+    do_size_check=True,
+):
    """ Checks if this event is correctly authed.

    Args:
-        room_version (str): the version of the room
+        room_version_obj: the version of the room
        event: the event being checked.
        auth_events (dict: event-key -> event): the existing room state.

@@ -89,7 +100,12 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
            if not event.signatures.get(event_id_domain):
                raise AuthError(403, "Event not signed by sending server")

+    # Implementation of https://matrix.org/docs/spec/rooms/v1#authorization-rules
+    #
+    # 1. If type is m.room.create:
    if event.type == EventTypes.Create:
+        # 1b. If the domain of the room_id does not match the domain of the sender,
+        # reject.
        sender_domain = get_domain_from_id(event.sender)
        room_id_domain = get_domain_from_id(event.room_id)
        if room_id_domain != sender_domain:
@@ -97,39 +113,49 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
                403, "Creation event's room_id domain does not match sender's"
            )

-        room_version = event.content.get("room_version", "1")
-        if room_version not in KNOWN_ROOM_VERSIONS:
+        # 1c. If content.room_version is present and is not a recognised version, reject
+        room_version_prop = event.content.get("room_version", "1")
+        if room_version_prop not in KNOWN_ROOM_VERSIONS:
            raise AuthError(
-                403, "room appears to have unsupported version %s" % (room_version,)
+                403,
+                "room appears to have unsupported version %s" % (room_version_prop,),
            )
-        # FIXME
+
        logger.debug("Allowing! %s", event)
        return

+    # 3. If event does not have a m.room.create in its auth_events, reject.
    creation_event = auth_events.get((EventTypes.Create, ""), None)
-
    if not creation_event:
        raise AuthError(403, "No create event in auth events")

+    # additional check for m.federate
    creating_domain = get_domain_from_id(event.room_id)
    originating_domain = get_domain_from_id(event.sender)
    if creating_domain != originating_domain:
        if not _can_federate(event, auth_events):
            raise AuthError(403, "This room has been marked as unfederatable.")

-    # FIXME: Temp hack
+    # 4. If type is m.room.aliases
    if event.type == EventTypes.Aliases:
+        # 4a. If event has no state_key, reject
        if not event.is_state():
            raise AuthError(403, "Alias event must be a state event")
        if not event.state_key:
            raise AuthError(403, "Alias event must have non-empty state_key")
+
+        # 4b. If sender's domain doesn't matches [sic] state_key, reject
        sender_domain = get_domain_from_id(event.sender)
        if event.state_key != sender_domain:
            raise AuthError(
                403, "Alias event's state_key does not match sender's domain"
            )
-        logger.debug("Allowing! %s", event)
-        return
+
+        # 4c. Otherwise, allow.
+        # This is removed by https://github.com/matrix-org/matrix-doc/pull/2260
+        if room_version_obj.special_case_aliases_auth:
+            logger.debug("Allowing! %s", event)
+            return

    if logger.isEnabledFor(logging.DEBUG):
        logger.debug("Auth events: %s", [a.event_id for a in auth_events.values()])
@@ -160,7 +186,7 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
        _check_power_levels(event, auth_events)

    if event.type == EventTypes.Redaction:
-        check_redaction(room_version, event, auth_events)
+        check_redaction(room_version_obj, event, auth_events)

    logger.debug("Allowing! %s", event)

@@ -386,7 +412,7 @@ def _can_send_event(event, auth_events):
    return True


-def check_redaction(room_version, event, auth_events):
+def check_redaction(room_version_obj: RoomVersion, event, auth_events):
    """Check whether the event sender is allowed to redact the target event.

    Returns:
@@ -406,11 +432,7 @@ def check_redaction(room_version, event, auth_events):
    if user_level >= redact_level:
        return False

-    v = KNOWN_ROOM_VERSIONS.get(room_version)
-    if not v:
-        raise RuntimeError("Unrecognized room version %r" % (room_version,))
-
-    if v.event_format == EventFormatVersions.V1:
+    if room_version_obj.event_format == EventFormatVersions.V1:
        redacter_domain = get_domain_from_id(event.event_id)
        redactee_domain = get_domain_from_id(event.redacts)
        if redacter_domain == redactee_domain:
@@ -634,7 +656,7 @@ def get_public_keys(invite_event):
    return public_keys


-def auth_types_for_event(event) -> Set[Tuple[str]]:
+def auth_types_for_event(event) -> Set[Tuple[str, str]]:
    """Given an event, return a list of (EventType, StateKey) that may be
    needed to auth the event. The returned list may be a superset of what
    would actually be required depending on the full state of the room.
--- a/synapse/events/init.py
+++ b/synapse/events/init.py
@@ -23,6 +23,7 @@ from unpaddedbase64 import encode_base64

 from synapse.api.errors import UnsupportedRoomVersionError
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, EventFormatVersions
+from synapse.types import JsonDict
 from synapse.util.caches import intern_dict
 from synapse.util.frozenutils import freeze

@@ -116,16 +117,32 @@ class _EventInternalMetadata(object):
        return getattr(self, "redacted", False)


-def _event_dict_property(key):
+_SENTINEL = object()
+
+
+def _event_dict_property(key, default=_SENTINEL):
+    """Creates a new property for the given key that delegates access to
+    `self._event_dict`.
+
+    The default is used if the key is missing from the `_event_dict`, if given,
+    otherwise an AttributeError will be raised.
+
+    Note: If a default is given then `hasattr` will always return true.
+    """
+
    # We want to be able to use hasattr with the event dict properties.
    # However, (on python3) hasattr expects AttributeError to be raised. Hence,
    # we need to transform the KeyError into an AttributeError
-    def getter(self):
+
+    def getter_raises(self):
        try:
            return self._event_dict[key]
        except KeyError:
            raise AttributeError(key)

+    def getter_default(self):
+        return self._event_dict.get(key, default)
+
    def setter(self, v):
        try:
            self._event_dict[key] = v
@@ -138,7 +155,11 @@ def _event_dict_property(key):
        except KeyError:
            raise AttributeError(key)

-    return property(getter, setter, delete)
+    if default is _SENTINEL:
+        # No default given, so use the getter that raises
+        return property(getter_raises, setter, delete)
+    else:
+        return property(getter_default, setter, delete)


 class EventBase(object):
@@ -165,11 +186,17 @@ class EventBase(object):
    origin = _event_dict_property("origin")
    origin_server_ts = _event_dict_property("origin_server_ts")
    prev_events = _event_dict_property("prev_events")
-    redacts = _event_dict_property("redacts")
+    redacts = _event_dict_property("redacts", None)
    room_id = _event_dict_property("room_id")
    sender = _event_dict_property("sender")
+    state_key = _event_dict_property("state_key")
+    type = _event_dict_property("type")
    user_id = _event_dict_property("sender")

+    @property
+    def event_id(self) -> str:
+        raise NotImplementedError()
+
    @property
    def membership(self):
        return self.content["membership"]
@@ -177,7 +204,7 @@ class EventBase(object):
    def is_state(self):
        return hasattr(self, "state_key") and self.state_key is not None

-    def get_dict(self):
+    def get_dict(self) -> JsonDict:
        d = dict(self._event_dict)
        d.update({"signatures": self.signatures, "unsigned": dict(self.unsigned)})

@@ -189,7 +216,7 @@ class EventBase(object):
    def get_internal_metadata_dict(self):
        return self.internal_metadata.get_dict()

-    def get_pdu_json(self, time_now=None):
+    def get_pdu_json(self, time_now=None) -> JsonDict:
        pdu_json = self.get_dict()

        if time_now is not None and "age_ts" in pdu_json["unsigned"]:
@@ -260,10 +287,7 @@ class FrozenEvent(EventBase):
        else:
            frozen_dict = event_dict

-        self.event_id = event_dict["event_id"]
-        self.type = event_dict["type"]
-        if "state_key" in event_dict:
-            self.state_key = event_dict["state_key"]
+        self._event_id = event_dict["event_id"]

        super(FrozenEvent, self).__init__(
            frozen_dict,
@@ -273,6 +297,10 @@ class FrozenEvent(EventBase):
            rejected_reason=rejected_reason,
        )

+    @property
+    def event_id(self) -> str:
+        return self._event_id
+
    def __str__(self):
        return self.__repr__()

@@ -311,9 +339,6 @@ class FrozenEventV2(EventBase):
            frozen_dict = event_dict

        self._event_id = None
-        self.type = event_dict["type"]
-        if "state_key" in event_dict:
-            self.state_key = event_dict["state_key"]

        super(FrozenEventV2, self).__init__(
            frozen_dict,
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@@ -12,8 +12,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import collections
 import re
+from typing import Mapping, Union

 from six import string_types

@@ -422,3 +423,37 @@ class EventClientSerializer(object):
        return yieldable_gather_results(
            self.serialize_event, events, time_now=time_now, **kwargs
        )
+
+
+def copy_power_levels_contents(
+    old_power_levels: Mapping[str, Union[int, Mapping[str, int]]]
+):
+    """Copy the content of a power_levels event, unfreezing frozendicts along the way
+
+    Raises:
+        TypeError if the input does not look like a valid power levels event content
+    """
+    if not isinstance(old_power_levels, collections.Mapping):
+        raise TypeError("Not a valid power-levels content: %r" % (old_power_levels,))
+
+    power_levels = {}
+    for k, v in old_power_levels.items():
+
+        if isinstance(v, int):
+            power_levels[k] = v
+            continue
+
+        if isinstance(v, collections.Mapping):
+            power_levels[k] = h = {}
+            for k1, v1 in v.items():
+                # we should only have one level of nesting
+                if not isinstance(v1, int):
+                    raise TypeError(
+                        "Invalid power_levels value for %s.%s: %r" % (k, k1, v1)
+                    )
+                h[k1] = v1
+            continue
+
+        raise TypeError("Invalid power_levels value for %s: %r" % (k, v))
+
+    return power_levels
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -17,6 +17,7 @@
 import copy
 import itertools
 import logging
+from typing import Dict, Iterable

 from prometheus_client import Counter

@@ -29,6 +30,7 @@ from synapse.api.errors import (
    FederationDeniedError,
    HttpResponseException,
    SynapseError,
+    UnsupportedRoomVersionError,
 )
 from synapse.api.room_versions import (
    KNOWN_ROOM_VERSIONS,
@@ -385,6 +387,8 @@ class FederationClient(FederationBase):
                return res
            except InvalidResponseError as e:
                logger.warning("Failed to %s via %s: %s", description, destination, e)
+            except UnsupportedRoomVersionError:
+                raise
            except HttpResponseException as e:
                if not 500 <= e.code < 600:
                    raise e.to_synapse_error()
@@ -404,7 +408,13 @@ class FederationClient(FederationBase):
        raise SynapseError(502, "Failed to %s via any server" % (description,))

    def make_membership_event(
-        self, destinations, room_id, user_id, membership, content, params
+        self,
+        destinations: Iterable[str],
+        room_id: str,
+        user_id: str,
+        membership: str,
+        content: dict,
+        params: Dict[str, str],
    ):
        """
        Creates an m.room.member event, with context, without participating in the room.
@@ -417,21 +427,23 @@ class FederationClient(FederationBase):
        Note that this does not append any events to any graphs.

        Args:
-            destinations (Iterable[str]): Candidate homeservers which are probably
+            destinations: Candidate homeservers which are probably
                participating in the room.
-            room_id (str): The room in which the event will happen.
-            user_id (str): The user whose membership is being evented.
-            membership (str): The "membership" property of the event. Must be
-                one of "join" or "leave".
-            content (dict): Any additional data to put into the content field
-                of the event.
-            params (dict[str, str|Iterable[str]]): Query parameters to include in the
-                request.
+            room_id: The room in which the event will happen.
+            user_id: The user whose membership is being evented.
+            membership: The "membership" property of the event. Must be one of
+                "join" or "leave".
+            content: Any additional data to put into the content field of the
+                event.
+            params: Query parameters to include in the request.
        Return:
-            Deferred[tuple[str, FrozenEvent, int]]: resolves to a tuple of
-            `(origin, event, event_format)` where origin is the remote
-            homeserver which generated the event, and event_format is one of
-            `synapse.api.room_versions.EventFormatVersions`.
+            Deferred[Tuple[str, FrozenEvent, RoomVersion]]: resolves to a tuple of
+            `(origin, event, room_version)` where origin is the remote
+            homeserver which generated the event, and room_version is the
+            version of the room.
+
+            Fails with a `UnsupportedRoomVersionError` if remote responds with
+            a room version we don't understand.

            Fails with a ``SynapseError`` if the chosen remote server
            returns a 300/400 code.
@@ -453,8 +465,12 @@ class FederationClient(FederationBase):

            # Note: If not supplied, the room version may be either v1 or v2,
            # however either way the event format version will be v1.
-            room_version = ret.get("room_version", RoomVersions.V1.identifier)
-            event_format = room_version_to_event_format(room_version)
+            room_version_id = ret.get("room_version", RoomVersions.V1.identifier)
+            room_version = KNOWN_ROOM_VERSIONS.get(room_version_id)
+            if not room_version:
+                raise UnsupportedRoomVersionError()
+
+            event_format = room_version_to_event_format(room_version_id)

            pdu_dict = ret.get("event", None)
            if not isinstance(pdu_dict, dict):
@@ -478,7 +494,7 @@ class FederationClient(FederationBase):
                event_dict=pdu_dict,
            )

-            return (destination, ev, event_format)
+            return (destination, ev, room_version)

        return self._try_destination_list(
            "make_" + membership, destinations, send_request
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -410,7 +410,7 @@ class FederationServer(FederationBase):
        origin_host, _ = parse_server_name(origin)
        await self.check_server_matches_acl(origin_host, pdu.room_id)
        pdu = await self._check_sigs_and_hash(room_version, pdu)
-        ret_pdu = await self.handler.on_invite_request(origin, pdu)
+        ret_pdu = await self.handler.on_invite_request(origin, pdu, room_version)
        time_now = self._clock.time_msec()
        return {"event": ret_pdu.get_pdu_json(time_now)}

--- a/synapse/federation/send_queue.py
+++ b/synapse/federation/send_queue.py
@@ -69,8 +69,6 @@ class FederationRemoteSendQueue(object):

        self.edus = SortedDict()  # stream position -> Edu

-        self.device_messages = SortedDict()  # stream position -> destination
-
        self.pos = 1
        self.pos_time = SortedDict()

@@ -92,7 +90,6 @@ class FederationRemoteSendQueue(object):
            "keyed_edu",
            "keyed_edu_changed",
            "edus",
-            "device_messages",
            "pos_time",
            "presence_destinations",
        ]:
@@ -171,12 +168,6 @@ class FederationRemoteSendQueue(object):
            for key in keys[:i]:
                del self.edus[key]

-            # Delete things out of device map
-            keys = self.device_messages.keys()
-            i = self.device_messages.bisect_left(position_to_delete)
-            for key in keys[:i]:
-                del self.device_messages[key]
-
    def notify_new_events(self, current_id):
        """As per FederationSender"""
        # We don't need to replicate this as it gets sent down a different
@@ -249,9 +240,8 @@ class FederationRemoteSendQueue(object):

    def send_device_messages(self, destination):
        """As per FederationSender"""
-        pos = self._next_pos()
-        self.device_messages[pos] = destination
-        self.notifier.on_new_replication_data()
+        # We don't need to replicate this as it gets sent down a different
+        # stream.

    def get_current_token(self):
        return self.pos - 1
@@ -339,14 +329,6 @@ class FederationRemoteSendQueue(object):
        for (pos, edu) in edus:
            rows.append((pos, EduRow(edu)))

-        # Fetch changed device messages
-        i = self.device_messages.bisect_right(from_token)
-        j = self.device_messages.bisect_right(to_token) + 1
-        device_messages = {v: k for k, v in self.device_messages.items()[i:j]}
-
-        for (destination, pos) in iteritems(device_messages):
-            rows.append((pos, DeviceRow(destination=destination)))
-
        # Sort rows based on pos
        rows.sort()

@@ -472,28 +454,9 @@ class EduRow(BaseFederationRow, namedtuple("EduRow", ("edu",))):  # Edu
        buff.edus.setdefault(self.edu.destination, []).append(self.edu)


-class DeviceRow(BaseFederationRow, namedtuple("DeviceRow", ("destination",))):  # str
-    """Streams the fact that either a) there is pending to device messages for
-    users on the remote, or b) a local users device has changed and needs to
-    be sent to the remote.
-    """
-
-    TypeId = "d"
-
-    @staticmethod
-    def from_data(data):
-        return DeviceRow(destination=data["destination"])
-
-    def to_data(self):
-        return {"destination": self.destination}
-
-    def add_to_buffer(self, buff):
-        buff.device_destinations.add(self.destination)
-
-
 TypeToRow = {
    Row.TypeId: Row
-    for Row in (PresenceRow, PresenceDestinationsRow, KeyedEduRow, EduRow, DeviceRow)
+    for Row in (PresenceRow, PresenceDestinationsRow, KeyedEduRow, EduRow,)
 }


@@ -504,7 +467,6 @@ ParsedFederationStreamData = namedtuple(
        "presence_destinations",  # list of tuples of UserPresenceState and destinations
        "keyed_edus",  # dict of destination -> { key -> Edu }
        "edus",  # dict of destination -> [Edu]
-        "device_destinations",  # set of destinations
    ),
 )

@@ -523,11 +485,7 @@ def process_rows_for_federation(transaction_queue, rows):
    # them into the appropriate collection and then send them off.

    buff = ParsedFederationStreamData(
-        presence=[],
-        presence_destinations=[],
-        keyed_edus={},
-        edus={},
-        device_destinations=set(),
+        presence=[], presence_destinations=[], keyed_edus={}, edus={},
    )

    # Parse the rows in the stream and add to the buffer
@@ -555,6 +513,3 @@ def process_rows_for_federation(transaction_queue, rows):
    for destination, edu_list in iteritems(buff.edus):
        for edu in edu_list:
            transaction_queue.send_edu(edu, None)
-
-    for destination in buff.device_destinations:
-        transaction_queue.send_device_messages(destination)
--- a/synapse/federation/transport/client.py
+++ b/synapse/federation/transport/client.py
@@ -15,6 +15,7 @@
 # limitations under the License.

 import logging
+from typing import Any, Dict

 from six.moves import urllib

@@ -352,7 +353,9 @@ class TransportLayerClient(object):
        else:
            path = _create_v1_path("/publicRooms")

-            args = {"include_all_networks": "true" if include_all_networks else "false"}
+            args = {
+                "include_all_networks": "true" if include_all_networks else "false"
+            }  # type: Dict[str, Any]
            if third_party_instance_id:
                args["third_party_instance_id"] = (third_party_instance_id,)
            if limit:
--- a/synapse/federation/transport/server.py
+++ b/synapse/federation/transport/server.py
@@ -18,6 +18,7 @@
 import functools
 import logging
 import re
+from typing import Optional, Tuple, Type

 from twisted.internet.defer import maybeDeferred

@@ -267,6 +268,8 @@ class BaseFederationServlet(object):
                returned.
    """

+    PATH = ""  # Overridden in subclasses, the regex to match against the path.
+
    REQUIRE_AUTH = True

    PREFIX = FEDERATION_V1_PREFIX  # Allows specifying the API version
@@ -347,9 +350,6 @@ class BaseFederationServlet(object):

            return response

-        # Extra logic that functools.wraps() doesn't finish
-        new_func.__self__ = func.__self__
-
        return new_func

    def register(self, server):
@@ -824,7 +824,7 @@ class PublicRoomList(BaseFederationServlet):
        if not self.allow_access:
            raise FederationDeniedError(origin)

-        limit = int(content.get("limit", 100))
+        limit = int(content.get("limit", 100))  # type: Optional[int]
        since_token = content.get("since", None)
        search_filter = content.get("filter", None)

@@ -971,7 +971,7 @@ class FederationGroupsAddRoomsConfigServlet(BaseFederationServlet):
        if get_domain_from_id(requester_user_id) != origin:
            raise SynapseError(403, "requester_user_id doesn't match origin")

-        result = await self.groups_handler.update_room_in_group(
+        result = await self.handler.update_room_in_group(
            group_id, requester_user_id, room_id, config_key, content
        )

@@ -1422,11 +1422,13 @@ FEDERATION_SERVLET_CLASSES = (
    On3pidBindServlet,
    FederationVersionServlet,
    RoomComplexityServlet,
-)
+)  # type: Tuple[Type[BaseFederationServlet], ...]

-OPENID_SERVLET_CLASSES = (OpenIdUserInfo,)
+OPENID_SERVLET_CLASSES = (
+    OpenIdUserInfo,
+)  # type: Tuple[Type[BaseFederationServlet], ...]

-ROOM_LIST_CLASSES = (PublicRoomList,)
+ROOM_LIST_CLASSES = (PublicRoomList,)  # type: Tuple[Type[PublicRoomList], ...]

 GROUP_SERVER_SERVLET_CLASSES = (
    FederationGroupsProfileServlet,
@@ -1447,17 +1449,19 @@ GROUP_SERVER_SERVLET_CLASSES = (
    FederationGroupsAddRoomsServlet,
    FederationGroupsAddRoomsConfigServlet,
    FederationGroupsSettingJoinPolicyServlet,
-)
+)  # type: Tuple[Type[BaseFederationServlet], ...]


 GROUP_LOCAL_SERVLET_CLASSES = (
    FederationGroupsLocalInviteServlet,
    FederationGroupsRemoveLocalUserServlet,
    FederationGroupsBulkPublicisedServlet,
-)
+)  # type: Tuple[Type[BaseFederationServlet], ...]


-GROUP_ATTESTATION_SERVLET_CLASSES = (FederationGroupsRenewAttestaionServlet,)
+GROUP_ATTESTATION_SERVLET_CLASSES = (
+    FederationGroupsRenewAttestaionServlet,
+)  # type: Tuple[Type[BaseFederationServlet], ...]

 DEFAULT_SERVLET_GROUPS = (
    "federation",
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@@ -62,68 +62,6 @@ class AdminHandler(BaseHandler):
            ret["avatar_url"] = profile.avatar_url
        return ret

-    async def get_users(self):
-        """Function to retrieve a list of users in users table.
-
-        Args:
-        Returns:
-            defer.Deferred: resolves to list[dict[str, Any]]
-        """
-        ret = await self.store.get_users()
-
-        return ret
-
-    async def get_users_paginate(self, start, limit, name, guests, deactivated):
-        """Function to retrieve a paginated list of users from
-        users list. This will return a json list of users.
-
-        Args:
-            start (int): start number to begin the query from
-            limit (int): number of rows to retrieve
-            name (string): filter for user names
-            guests (bool): whether to in include guest users
-            deactivated (bool): whether to include deactivated users
-        Returns:
-            defer.Deferred: resolves to json list[dict[str, Any]]
-        """
-        ret = await self.store.get_users_paginate(
-            start, limit, name, guests, deactivated
-        )
-
-        return ret
-
-    async def search_users(self, term):
-        """Function to search users list for one or more users with
-        the matched term.
-
-        Args:
-            term (str): search term
-        Returns:
-            defer.Deferred: resolves to list[dict[str, Any]]
-        """
-        ret = await self.store.search_users(term)
-
-        return ret
-
-    def get_user_server_admin(self, user):
-        """
-        Get the admin bit on a user.
-
-        Args:
-            user_id (UserID): the (necessarily local) user to manipulate
-        """
-        return self.store.is_server_admin(user)
-
-    def set_user_server_admin(self, user, admin):
-        """
-        Set the admin bit on a user.
-
-        Args:
-            user_id (UserID): the (necessarily local) user to manipulate
-            admin (bool): whether or not the user should be an admin of this server
-        """
-        return self.store.set_server_admin(user, admin)
-
    async def export_user_data(self, user_id, writer):
        """Write all data we have on the user to the given writer.

--- a/synapse/handlers/devicemessage.py
+++ b/synapse/handlers/devicemessage.py
@@ -14,12 +14,14 @@
 # limitations under the License.

 import logging
+from typing import Any, Dict

 from canonicaljson import json

 from twisted.internet import defer

 from synapse.api.errors import SynapseError
+from synapse.logging.context import run_in_background
 from synapse.logging.opentracing import (
    get_active_span_text_map,
    log_kv,
@@ -47,6 +49,8 @@ class DeviceMessageHandler(object):
            "m.direct_to_device", self.on_direct_to_device_edu
        )

+        self._device_list_updater = hs.get_device_handler().device_list_updater
+
    @defer.inlineCallbacks
    def on_direct_to_device_edu(self, origin, content):
        local_messages = {}
@@ -65,6 +69,9 @@ class DeviceMessageHandler(object):
                logger.warning("Request for keys for non-local user %s", user_id)
                raise SynapseError(400, "Not a user here")

+            if not by_device:
+                continue
+
            messages_by_device = {
                device_id: {
                    "content": message_content,
@@ -73,8 +80,11 @@ class DeviceMessageHandler(object):
                }
                for device_id, message_content in by_device.items()
            }
-            if messages_by_device:
-                local_messages[user_id] = messages_by_device
+            local_messages[user_id] = messages_by_device
+
+            yield self._check_for_unknown_devices(
+                message_type, sender_user_id, by_device
+            )

        stream_id = yield self.store.add_messages_from_remote_to_device_inbox(
            origin, message_id, local_messages
@@ -84,6 +94,55 @@ class DeviceMessageHandler(object):
            "to_device_key", stream_id, users=local_messages.keys()
        )

+    @defer.inlineCallbacks
+    def _check_for_unknown_devices(
+        self,
+        message_type: str,
+        sender_user_id: str,
+        by_device: Dict[str, Dict[str, Any]],
+    ):
+        """Checks inbound device messages for unkown remote devices, and if
+        found marks the remote cache for the user as stale.
+        """
+
+        if message_type != "m.room_key_request":
+            return
+
+        # Get the sending device IDs
+        requesting_device_ids = set()
+        for message_content in by_device.values():
+            device_id = message_content.get("requesting_device_id")
+            requesting_device_ids.add(device_id)
+
+        # Check if we are tracking the devices of the remote user.
+        room_ids = yield self.store.get_rooms_for_user(sender_user_id)
+        if not room_ids:
+            logger.info(
+                "Received device message from remote device we don't"
+                " share a room with: %s %s",
+                sender_user_id,
+                requesting_device_ids,
+            )
+            return
+
+        # If we are tracking check that we know about the sending
+        # devices.
+        cached_devices = yield self.store.get_cached_devices_for_user(sender_user_id)
+
+        unknown_devices = requesting_device_ids - set(cached_devices)
+        if unknown_devices:
+            logger.info(
+                "Received device message from remote device not in our cache: %s %s",
+                sender_user_id,
+                unknown_devices,
+            )
+            yield self.store.mark_remote_user_device_cache_as_stale(sender_user_id)
+
+            # Immediately attempt a resync in the background
+            run_in_background(
+                self._device_list_updater.user_device_resync, sender_user_id
+            )
+
    @defer.inlineCallbacks
    def send_device_message(self, sender_user_id, message_type, messages):
        set_tag("number_of_messages", len(messages))
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@@ -151,7 +151,12 @@ class DirectoryHandler(BaseHandler):

        yield self._create_association(room_alias, room_id, servers, creator=user_id)
        if send_event:
-            yield self.send_room_alias_update_event(requester, room_id)
+            try:
+                yield self.send_room_alias_update_event(requester, room_id)
+            except AuthError as e:
+                # sending the aliases event may fail due to the user not having
+                # permission in the room; this is permitted.
+                logger.info("Skipping updating aliases event due to auth error %s", e)

    @defer.inlineCallbacks
    def delete_association(self, requester, room_alias, send_event=True):
--- a/synapse/handlers/e2e_keys.py
+++ b/synapse/handlers/e2e_keys.py
@@ -208,8 +208,9 @@ class E2eKeysHandler(object):
                        )

                    user_devices = user_devices["devices"]
+                    user_results = results.setdefault(user_id, {})
                    for device in user_devices:
-                        results[user_id] = {device["device_id"]: device["keys"]}
+                        user_results[device["device_id"]] = device["keys"]
                    user_ids_updated.append(user_id)
                except Exception as e:
                    failures[destination] = _exception_to_failure(e)
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -44,7 +44,7 @@ from synapse.api.errors import (
    StoreError,
    SynapseError,
 )
-from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion, RoomVersions
 from synapse.crypto.event_signing import compute_event_signature
 from synapse.event_auth import auth_types_for_event
 from synapse.events import EventBase
@@ -57,6 +57,7 @@ from synapse.logging.context import (
    run_in_background,
 )
 from synapse.logging.utils import log_function
+from synapse.replication.http.devices import ReplicationUserDevicesResyncRestServlet
 from synapse.replication.http.federation import (
    ReplicationCleanRoomRestServlet,
    ReplicationFederationSendEventsRestServlet,
@@ -156,6 +157,13 @@ class FederationHandler(BaseHandler):
            hs
        )

+        if hs.config.worker_app:
+            self._user_device_resync = ReplicationUserDevicesResyncRestServlet.make_client(
+                hs
+            )
+        else:
+            self._device_list_updater = hs.get_device_handler().device_list_updater
+
        # When joining a room we need to queue any events for that room up
        self.room_queues = {}
        self._room_pdu_linearizer = Linearizer("fed_room_pdu")
@@ -703,8 +711,20 @@ class FederationHandler(BaseHandler):

        if not room:
            try:
+                prev_state_ids = await context.get_prev_state_ids()
+                create_event = await self.store.get_event(
+                    prev_state_ids[(EventTypes.Create, "")]
+                )
+
+                room_version_id = create_event.content.get(
+                    "room_version", RoomVersions.V1.identifier
+                )
+
                await self.store.store_room(
-                    room_id=room_id, room_creator_user_id="", is_public=False
+                    room_id=room_id,
+                    room_creator_user_id="",
+                    is_public=False,
+                    room_version=KNOWN_ROOM_VERSIONS[room_version_id],
                )
            except StoreError:
                logger.exception("Failed to store room.")
@@ -730,6 +750,32 @@ class FederationHandler(BaseHandler):
                    user = UserID.from_string(event.state_key)
                    await self.user_joined_room(user, room_id)

+        # For encrypted messages we check that we know about the sending device,
+        # if we don't then we mark the device cache for that user as stale.
+        if event.type == EventTypes.Encryption:
+            device_id = event.content.get("device_id")
+            if device_id is not None:
+                cached_devices = await self.store.get_cached_devices_for_user(
+                    event.sender
+                )
+                if device_id not in cached_devices:
+                    logger.info(
+                        "Received event from remote device not in our cache: %s %s",
+                        event.sender,
+                        device_id,
+                    )
+                    await self.store.mark_remote_user_device_cache_as_stale(
+                        event.sender
+                    )
+
+                    # Immediately attempt a resync in the background
+                    if self.config.worker_app:
+                        return run_in_background(self._user_device_resync, event.sender)
+                    else:
+                        return run_in_background(
+                            self._device_list_updater.user_device_resync, event.sender
+                        )
+
    @log_function
    async def backfill(self, dest, room_id, limit, extremities):
        """ Trigger a backfill request to `dest` for the given `room_id`
@@ -1186,7 +1232,7 @@ class FederationHandler(BaseHandler):
        """
        logger.debug("Joining %s to %s", joinee, room_id)

-        origin, event, event_format_version = yield self._make_and_verify_event(
+        origin, event, room_version_obj = yield self._make_and_verify_event(
            target_hosts,
            room_id,
            joinee,
@@ -1214,6 +1260,8 @@ class FederationHandler(BaseHandler):
                target_hosts.insert(0, origin)
            except ValueError:
                pass
+
+            event_format_version = room_version_obj.event_format
            ret = yield self.federation_client.send_join(
                target_hosts, event, event_format_version
            )
@@ -1234,13 +1282,18 @@ class FederationHandler(BaseHandler):

            try:
                yield self.store.store_room(
-                    room_id=room_id, room_creator_user_id="", is_public=False
+                    room_id=room_id,
+                    room_creator_user_id="",
+                    is_public=False,
+                    room_version=room_version_obj,
                )
            except Exception:
                # FIXME
                pass

-            yield self._persist_auth_tree(origin, auth_chain, state, event)
+            yield self._persist_auth_tree(
+                origin, auth_chain, state, event, room_version_obj
+            )

            # Check whether this room is the result of an upgrade of a room we already know
            # about. If so, migrate over user information
@@ -1429,13 +1482,13 @@ class FederationHandler(BaseHandler):
        return {"state": list(state.values()), "auth_chain": auth_chain}

    @defer.inlineCallbacks
-    def on_invite_request(self, origin, pdu):
+    def on_invite_request(
+        self, origin: str, event: EventBase, room_version: RoomVersion
+    ):
        """ We've got an invite event. Process and persist it. Sign it.

        Respond with the now signed event.
        """
-        event = pdu
-
        if event.state_key is None:
            raise SynapseError(400, "The invite event did not have a state key")

@@ -1486,7 +1539,7 @@ class FederationHandler(BaseHandler):

    @defer.inlineCallbacks
    def do_remotely_reject_invite(self, target_hosts, room_id, user_id, content):
-        origin, event, event_format_version = yield self._make_and_verify_event(
+        origin, event, room_version = yield self._make_and_verify_event(
            target_hosts, room_id, user_id, "leave", content=content
        )
        # Mark as outlier as we don't have any state for this event; we're not
@@ -1513,7 +1566,11 @@ class FederationHandler(BaseHandler):
    def _make_and_verify_event(
        self, target_hosts, room_id, user_id, membership, content={}, params=None
    ):
-        origin, event, format_ver = yield self.federation_client.make_membership_event(
+        (
+            origin,
+            event,
+            room_version,
+        ) = yield self.federation_client.make_membership_event(
            target_hosts, room_id, user_id, membership, content, params=params
        )

@@ -1525,7 +1582,7 @@ class FederationHandler(BaseHandler):
        assert event.user_id == user_id
        assert event.state_key == user_id
        assert event.room_id == room_id
-        return origin, event, format_ver
+        return origin, event, room_version

    @defer.inlineCallbacks
    @log_function
@@ -1810,7 +1867,14 @@ class FederationHandler(BaseHandler):
        )

    @defer.inlineCallbacks
-    def _persist_auth_tree(self, origin, auth_events, state, event):
+    def _persist_auth_tree(
+        self,
+        origin: str,
+        auth_events: List[EventBase],
+        state: List[EventBase],
+        event: EventBase,
+        room_version: RoomVersion,
+    ):
        """Checks the auth chain is valid (and passes auth checks) for the
        state and event. Then persists the auth chain and state atomically.
        Persists the event separately. Notifies about the persisted events
@@ -1819,10 +1883,12 @@ class FederationHandler(BaseHandler):
        Will attempt to fetch missing auth events.

        Args:
-            origin (str): Where the events came from
-            auth_events (list)
-            state (list)
-            event (Event)
+            origin: Where the events came from
+            auth_events
+            state
+            event
+            room_version: The room version we expect this room to have, and
+                will raise if it doesn't match the version in the create event.

        Returns:
            Deferred
@@ -1848,10 +1914,13 @@ class FederationHandler(BaseHandler):
            # invalid, and it would fail auth checks anyway.
            raise SynapseError(400, "No create event in state")

-        room_version = create_event.content.get(
+        room_version_id = create_event.content.get(
            "room_version", RoomVersions.V1.identifier
        )

+        if room_version.identifier != room_version_id:
+            raise SynapseError(400, "Room version mismatch")
+
        missing_auth_events = set()
        for e in itertools.chain(auth_events, state, [event]):
            for e_id in e.auth_event_ids():
@@ -1860,7 +1929,11 @@ class FederationHandler(BaseHandler):

        for e_id in missing_auth_events:
            m_ev = yield self.federation_client.get_pdu(
-                [origin], e_id, room_version=room_version, outlier=True, timeout=10000
+                [origin],
+                e_id,
+                room_version=room_version.identifier,
+                outlier=True,
+                timeout=10000,
            )
            if m_ev and m_ev.event_id == e_id:
                event_map[e_id] = m_ev
@@ -1987,6 +2060,7 @@ class FederationHandler(BaseHandler):

        if do_soft_fail_check:
            room_version = yield self.store.get_room_version(event.room_id)
+            room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

            # Calculate the "current state".
            if state is not None:
@@ -2036,7 +2110,9 @@ class FederationHandler(BaseHandler):
            }

            try:
-                event_auth.check(room_version, event, auth_events=current_auth_events)
+                event_auth.check(
+                    room_version_obj, event, auth_events=current_auth_events
+                )
            except AuthError as e:
                logger.warning("Soft-failing %r because %s", event, e)
                event.internal_metadata.soft_failed = True
@@ -2120,6 +2196,7 @@ class FederationHandler(BaseHandler):
            defer.Deferred[EventContext]: updated context object
        """
        room_version = yield self.store.get_room_version(event.room_id)
+        room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

        try:
            context = yield self._update_auth_events_and_context_for_auth(
@@ -2137,7 +2214,7 @@ class FederationHandler(BaseHandler):
            )

        try:
-            event_auth.check(room_version, event, auth_events=auth_events)
+            event_auth.check(room_version_obj, event, auth_events=auth_events)
        except AuthError as e:
            logger.warning("Failed auth resolution for %r because %s", event, e)
            context.rejected = RejectedReason.AUTH_ERROR
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -38,7 +38,7 @@ from synapse.api.errors import (
 from synapse.config.emailconfig import ThreepidBehaviour
 from synapse.http.client import SimpleHttpClient
 from synapse.util.hash import sha256_and_url_safe_base64
-from synapse.util.stringutils import random_string
+from synapse.util.stringutils import assert_valid_client_secret, random_string

 from ._base import BaseHandler

@@ -84,6 +84,8 @@ class IdentityHandler(BaseHandler):
            raise SynapseError(
                400, "Missing param client_secret in creds", errcode=Codes.MISSING_PARAM
            )
+        assert_valid_client_secret(client_secret)
+
        session_id = creds.get("sid")
        if not session_id:
            raise SynapseError(
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -40,7 +40,7 @@ from synapse.api.errors import (
    NotFoundError,
    SynapseError,
 )
-from synapse.api.room_versions import RoomVersions
+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
 from synapse.api.urls import ConsentURIBuilder
 from synapse.events.validator import EventValidator
 from synapse.logging.context import run_in_background
@@ -962,9 +962,13 @@ class EventCreationHandler(object):
            )
            auth_events = yield self.store.get_events(auth_events_ids)
            auth_events = {(e.type, e.state_key): e for e in auth_events.values()}
-            room_version = yield self.store.get_room_version(event.room_id)

-            if event_auth.check_redaction(room_version, event, auth_events=auth_events):
+            room_version = yield self.store.get_room_version(event.room_id)
+            room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
+
+            if event_auth.check_redaction(
+                room_version_obj, event, auth_events=auth_events
+            ):
                # this user doesn't have 'redact' rights, so we need to do some more
                # checks on the original event. Let's start by checking the original
                # event exists.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Erik Johnston	504776e013	DFJSDJKSDFJKSFDJKSFDJK	2020-02-03 17:27:30 +00:00
Erik Johnston	d5c9d04b89	Remove FrozenEventBase	2020-02-03 17:18:56 +00:00
Erik Johnston	78589c3b4a	Assert instead of handling	2020-02-03 12:35:04 +00:00
Erik Johnston	f91bd40f50	Fix up return types	2020-01-31 13:53:12 +00:00
Erik Johnston	39c4fe8c7e	Apply suggestions from code review Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2020-01-31 13:47:02 +00:00
Erik Johnston	3069d3b01c	Fix unit test	2020-01-31 13:39:22 +00:00
Erik Johnston	91e895cb4e	Fix FrozenEventBase	2020-01-31 13:20:16 +00:00
Erik Johnston	c6d8921dc0	Newsfile	2020-01-31 13:07:35 +00:00
Erik Johnston	d5cb6adcd3	Add sync to tox.ini	2020-01-31 13:02:36 +00:00
Erik Johnston	5013b3a493	Use a FrozenEvent base class for types	2020-01-31 13:02:27 +00:00
Erik Johnston	4e60e6cb39	Add types to function signatures in SyncHandler	2020-01-31 12:56:55 +00:00
Erik Johnston	ad5e4de70d	Fixup type annotations	2020-01-31 12:03:12 +00:00
Erik Johnston	51941bc699	Convert namedtuple to attrs	2020-01-31 12:03:03 +00:00
Erik Johnston	c680b40274	Add a _RoomChanges type for return value	2020-01-31 10:56:05 +00:00
Erik Johnston	7d846e8704	Fix bug with getting missing auth event during join 500'ed (#6810 )	2020-01-31 09:49:13 +00:00
Richard van der Hoff	46a446828d	pass room version into FederationHandler.on_invite_request (#6805 )	2020-01-30 22:13:02 +00:00
Erik Johnston	e0992fcc5b	Log when we delete room in bg update (#6816 )	2020-01-30 17:55:34 +00:00
Richard van der Hoff	184303b865	MSC2260: Block direct sends of m.room.aliases events (#6794 ) as per MSC2260	2020-01-30 17:20:55 +00:00
Erik Johnston	57ad702af0	Backgroud update to clean out rooms from current state (#6802 )	2020-01-30 17:17:44 +00:00
Erik Johnston	b660327056	Resync remote device list when detected as stale. (#6786 )	2020-01-30 17:06:38 +00:00
Erik Johnston	c3d4ad8afd	Fix sending server up commands from workers (#6811 ) Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>	2020-01-30 16:42:11 +00:00
Erik Johnston	a5bab2d058	When server leaves room check for stale device lists. (#6801 ) When a server leaves a room it may stop sharing a room with remote users, and thus not get any updates to their device lists. So we need to check for this case and delete those device lists from the cache. We don't need to do this if we stop sharing a room because the remote user leaves the room, because we track that case via looking at membership changes.	2020-01-30 16:10:30 +00:00
Erik Johnston	c80a9fe13d	When a client asks for remote keys check if should resync. (#6797 ) If we detect that the remote users' keys may have changed then we should attempt to resync against the remote server rather than using the (potentially) stale local cache.	2020-01-30 15:06:58 +00:00
Richard van der Hoff	5a246611e3	Type defintions for use in refactoring for redaction changes (#6803 ) * Bump signedjson to 1.1 ... so that we can use the type definitions * Fix breakage caused by upgrade to signedjson 1.1 Thanks, @illicitonion...	2020-01-30 11:25:59 +00:00
Erik Johnston	a855b7c3a8	Remove unused DeviceRow class (#6800 )	2020-01-29 12:06:31 +00:00
Richard van der Hoff	281551f720	Merge pull request #6790 from matrix-org/rav/msc2260.1 MSC2260: change the default power level for m.room.aliases events	2020-01-29 11:53:11 +00:00
Richard van der Hoff	750d4d7599	changelog	2020-01-29 11:52:52 +00:00
Richard van der Hoff	dcd85b976d	Make /directory/room/<alias> handle restrictive power levels Fixes a bug where the alias would be added, but `PUT /directory/room/<alias>` would return a 403.	2020-01-29 11:52:52 +00:00
Richard van der Hoff	b36095ae5c	Set the PL for aliases events to 0.	2020-01-29 11:52:52 +00:00
Richard van der Hoff	ee42a5513e	Factor out a `copy_power_levels_contents` method I'm going to need another copy (hah!) of this.	2020-01-29 11:52:52 +00:00
Erik Johnston	6b9e1014cf	Fix race in federation sender that delayed device updates. (#6799 ) We were sending device updates down both the federation stream and device streams. This mean there was a race if the federation sender worker processed the federation stream first, as when the sender checked if there were new device updates the slaved ID generator hadn't been updated with the new stream IDs and so returned nothing. This situation is correctly handled by events/receipts/etc by not sending updates down the federation stream and instead having the federation sender worker listen on the other streams and poke the transaction queues as appropriate.	2020-01-29 11:23:01 +00:00
Erik Johnston	611215a49c	Delete current state when server leaves a room (#6792 ) Otherwise its just stale data, which may get deleted later anyway so can't be relied on. It's also a bit of a shotgun if we're trying to get the current state of a room we're not in.	2020-01-29 11:01:32 +00:00
Erik Johnston	2cad8baa70	Fix bug when querying remote user keys that require a resync. (#6796 ) We ended up only returning a single device, rather than all of them.	2020-01-29 09:56:41 +00:00
Erik Johnston	fcfb591b31	Fix outbound federation request metrics (#6795 )	2020-01-28 18:59:48 +00:00
Richard van der Hoff	cc109b79dd	Merge pull request #6787 from matrix-org/rav/msc2260 Implement updated auth rules from MSC2260	2020-01-28 15:11:22 +00:00
Richard van der Hoff	a1f307f7d1	fix bad variable ref	2020-01-28 14:55:22 +00:00
Erik Johnston	e17a110661	Detect unknown remote devices and mark cache as stale (#6776 ) We just mark the fact that the cache may be stale in the database for now.	2020-01-28 14:43:21 +00:00
Richard van der Hoff	fbe0a82c0d	update changelog	2020-01-28 14:20:10 +00:00
Richard van der Hoff	99e205fc21	changelog	2020-01-28 14:20:10 +00:00
Richard van der Hoff	49d3bca37b	Implement updated auth rules from MSC2260	2020-01-28 14:20:10 +00:00
Richard van der Hoff	a8ce7aeb43	Pass room version object into event_auth.check and check_redaction (#6788 ) These are easier to work with than the strings and we normally have one around. This fixes `FederationHander._persist_auth_tree` which was passing a RoomVersion object into event_auth.check instead of a string.	2020-01-28 14:18:29 +00:00
Erik Johnston	02b44db922	Warn if postgres database has non-C locale. (#6734 ) As using non-C locale can cause issues on upgrading OS.	2020-01-28 13:44:21 +00:00
Erik Johnston	33f904835a	Merge branch 'master' into develop	2020-01-28 13:39:39 +00:00
Erik Johnston	77d9357226	1.9.1	2020-01-28 13:09:36 +00:00
Erik Johnston	bdbeeb94ec	Fix setting `mau_limit_reserved_threepids` config (#6793 ) Calling the invalidation function during initialisation of the data stores introduces a circular dependency, causing Synapse to fail to start.	2020-01-28 13:05:24 +00:00
Erik Johnston	8df862e45d	Add `rooms.room_version` column (#6729 ) This is so that we don't have to rely on pulling it out from `current_state_events` table.	2020-01-27 14:30:57 +00:00
Erik Johnston	d5275fc55f	Propagate cache invalidates from workers to other workers. (#6748 ) Currently if a worker invalidates a cache it will be streamed to master, which then didn't forward those to other workers.	2020-01-27 13:47:50 +00:00
Brendan Abolivier	f74d178b17	Merge pull request #6775 from matrix-org/jaywink/worker-docs-tweaks Clarifications to the workers documentation	2020-01-27 12:30:54 +00:00
Jason Robinson	cf9d56e5cf	Formatting of changelog Co-Authored-By: Brendan Abolivier <babolivier@matrix.org>	2020-01-27 14:09:59 +02:00
Jason Robinson	1fe5001369	Fix federation_reader listeners doc as per PR review Signed-off-by: Jason Robinson <jasonr@matrix.org>	2020-01-27 10:21:25 +02:00
Andrew Morgan	9f7aaf90b5	Validate client_secret parameter (#6767 )	2020-01-24 14:28:40 +00:00
Jason Robinson	aa6ad288f1	Clarifications to the workers documentation * Add note that user_dir requires disabling user dir updates from the main synapse process. * Add note that federation_reader should have the federation listener resource. Signed-off-by: Jason Robinson <jasonr@matrix.org>	2020-01-24 11:08:50 +02:00
Erik Johnston	fa4d609e20	Make 'event.redacts' never raise. (#6771 ) There are quite a few places that we assume that a redaction event has a corresponding `redacts` key, which is not always the case. So lets cheekily make it so that event.redacts just returns None instead.	2020-01-23 15:19:03 +00:00
Brendan Abolivier	51fc3f693e	Merge branch 'master' into develop	2020-01-23 13:45:23 +00:00
Brendan Abolivier	9bae740527	Fixup changelog	2020-01-23 13:13:19 +00:00
Brendan Abolivier	1755326d8a	Fixup changelog	2020-01-23 13:11:07 +00:00
Brendan Abolivier	1dc5a791cf	Fixup changelog	2020-01-23 12:59:29 +00:00
Brendan Abolivier	ba64c3b615	Merge branch 'release-v1.9.0' of github.com:matrix-org/synapse into release-v1.9.0	2020-01-23 12:58:03 +00:00
Brendan Abolivier	f3eac2b3e9	1.9.0	2020-01-23 12:57:55 +00:00
Richard van der Hoff	6b7462a13f	a bit of debugging for media storage providers (#6757 ) * a bit of debugging for media storage providers * changelog	2020-01-23 12:11:44 +00:00
Richard van der Hoff	5bd3cb7260	Minor fixes to user admin api (#6761 ) * don't insist on a password (this is valid if you have an SSO login) * fix reference to undefined `requester`	2020-01-23 12:03:58 +00:00
Andrew Morgan	04345338e1	Merge branch 'release-v1.9.0' into develop	2020-01-23 11:38:29 +00:00
Andrew Morgan	d31f5f4d89	Update admin room docs with correct endpoints (#6770 )	2020-01-23 11:37:26 +00:00
Andrew Morgan	ce84dd9e20	Remove unnecessary abstractions in admin handler (#6751 )	2020-01-22 15:09:57 +00:00
Brendan Abolivier	33f7e5ce2a	Fixup warning about workers changes	2020-01-22 14:49:21 +00:00
Brendan Abolivier	91085ef49e	Add deprecation headers	2020-01-22 14:30:22 +00:00
Brendan Abolivier	ffa637050d	Fixup changelog	2020-01-22 14:19:23 +00:00
Brendan Abolivier	0d0f32bc53	1.9.0rc1	2020-01-22 14:03:46 +00:00
Andrew Morgan	90a28fb475	Admin API to list, filter and sort rooms (#6720 )	2020-01-22 13:36:43 +00:00
Brendan Abolivier	ae6cf586b0	Merge pull request #6764 from matrix-org/babolivier/fix-thumbnail Fix typo in _select_thumbnail	2020-01-22 13:21:00 +00:00
Brendan Abolivier	6ae0c8db33	Lint + changelog	2020-01-22 12:38:18 +00:00
Brendan Abolivier	d9a8728b11	Remove unused import	2020-01-22 12:30:49 +00:00
Brendan Abolivier	67aa18e8dc	Add tests for thumbnailing	2020-01-22 12:28:07 +00:00
Brendan Abolivier	ed83c3a018	Fix typo in _select_thumbnail	2020-01-22 12:27:42 +00:00
Andrew Morgan	aa9b00fb2f	Fix and add test to deprecated quarantine media admin api (#6756 )	2020-01-22 11:05:50 +00:00
Neil Johnson	5e52d8563b	Allow monthly active user limiting support for worker mode, fixes #4639 . (#6742 )	2020-01-22 11:05:14 +00:00
Erik Johnston	5d7a6ad223	Allow streaming cache invalidate all to workers. (#6749 )	2020-01-22 10:37:00 +00:00
Erik Johnston	2093f83ea0	Remove unused CI docker compose files (#6754 ) These now exist in the pipelines repo.	2020-01-22 10:36:48 +00:00
Ivan Vilata-i-Balaguer	837f62266b	Avoid attribute error when `password_config` present but empty (#6753 ) The old statement returned `None` for such a `password_config` (like the one created on first run), thus retrieval of the `pepper` key failed with `AttributeError`. Fixes #5315 Signed-off-by: Ivan Vilata i Balaguer <ivan@selidor.net>	2020-01-22 07:32:52 +00:00
Brendan Abolivier	07124d028d	Port synapse_port_db to async/await (#6718 ) * Raise an exception if there are pending background updates So we return with a non-0 code * Changelog * Port synapse_port_db to async/await * Port update_database to async/await * Add version string to mocked homeservers * Remove unused imports * Convert overseen bits to async/await * Fixup logging contexts * Fix imports * Add a way to print an error without raising an exception * Incorporate review	2020-01-21 19:04:58 +00:00
Erik Johnston	0e68760078	Add a DeltaState to track changes to be made to current state (#6716 )	2020-01-20 18:07:20 +00:00
Erik Johnston	b0a66ab83c	Fixup synapse.rest to pass mypy (#6732 )	2020-01-20 17:38:21 +00:00
Erik Johnston	74b74462f1	Fix `/events/:event_id` deprecated API. (#6731 )	2020-01-20 17:38:09 +00:00
Erik Johnston	0f6e525be3	Fixup synapse.api to pass mypy (#6733 )	2020-01-20 17:34:13 +00:00
Erik Johnston	ceecedc68b	Fix changing password via user admin API. (#6730 )	2020-01-20 17:23:59 +00:00
Andrew Morgan	e9e066055f	Fix empty account_validity config block (#6747 )	2020-01-20 16:21:59 +00:00
Andrew Morgan	351fdfede6	Update changelog.d/6747.bugfix Co-Authored-By: Erik Johnston <erik@matrix.org>	2020-01-20 15:58:44 +00:00
Erik Johnston	2f23eb27b3	Revert "Newsfile" This reverts commit `11c23af465`.	2020-01-20 15:12:58 +00:00
Erik Johnston	11c23af465	Newsfile	2020-01-20 15:11:38 +00:00
Andrew Morgan	026f4bdf3c	Add changelog	2020-01-20 14:12:21 +00:00
Andrew Morgan	198d52da3a	Fix empty account_validity config block	2020-01-20 14:05:29 +00:00
Brendan Abolivier	a17f64361c	Add more logging around message retention policies support (#6717 ) So we can debug issues like #6683 more easily	2020-01-17 20:51:44 +00:00
Erik Johnston	5909751936	Fix up changelog	2020-01-17 15:13:27 +00:00
Richard van der Hoff	0b885d62ef	bump version to v1.9.0.dev2	2020-01-17 14:58:58 +00:00
Satsuki Yanagi	722b4f302d	Fix syntax error in run_upgrade for schema 57 (#6728 ) Fix #6727 Related #6655 Co-authored-by: Erik Johnston <erikj@jki.re>	2020-01-17 14:30:35 +00:00
Brendan Abolivier	3b72bb780a	Merge pull request #6714 from matrix-org/babolivier/retention_select_event Fix instantiation of message retention purge jobs	2020-01-17 14:23:51 +00:00
Brendan Abolivier	4fb3cb208a	Precise changelog	2020-01-16 20:27:07 +00:00
Brendan Abolivier	dac148341b	Fixup diff	2020-01-16 20:25:09 +00:00
Brendan Abolivier	842c2cfbf1	Remove get_room_event_after_stream_ordering entirely	2020-01-16 20:24:17 +00:00
Brendan Abolivier	e601f35d3b	Lint	2020-01-16 09:55:11 +00:00
Brendan Abolivier	48e57a6452	Rename changelog	2020-01-15 19:40:52 +00:00
Brendan Abolivier	914e73cdd9	Changelog	2020-01-15 19:36:19 +00:00
Brendan Abolivier	066b9f52b8	Correctly order when selecting before stream ordering	2020-01-15 19:32:47 +00:00
Brendan Abolivier	8363588237	Fix typo	2020-01-15 19:13:22 +00:00
Brendan Abolivier	855af069a4	Fix instantiation of message retention purge jobs When figuring out which topological token to start a purge job at, we need to do the following: 1. Figure out a timestamp before which events will be purged 2. Select the first stream ordering after that timestamp 3. Select info about the first event after that stream ordering 4. Build a topological token from that info In some situations (e.g. quiet rooms with a short max_lifetime), there might not be an event after the stream ordering at step 3, therefore we abort the purge with the error `No event found`. To mitigate that, this patch fetches the first event _before_ the stream ordering, instead of after.	2020-01-15 18:56:18 +00:00
				`@@ -1 +0,0 @@`
				`Allow admin to create or modify a user. Contributed by Awesome Technologies Innovationslabor GmbH.`
				`@@ -1 +0,0 @@`
				`Fix a typo in the configuration example for purge jobs in the sample configuration file.`
				`@@ -1 +0,0 @@`
				`Add complete documentation of the message retention policies support.`
				`@@ -1 +0,0 @@`
				`Correctly proxy HTTP errors due to API calls to remote group servers.`
				`@@ -1 +0,0 @@`
				Add `local_current_membership` table for tracking local user membership state in rooms.
				`@@ -1 +0,0 @@`
				`No more overriding the entire /etc folder of the container in docker-compose.yaml. Contributed by Fabian Meyer.`
				`@@ -1 +0,0 @@`
				`Add some helpful tips about changelog entries to the github pull request template.`
				`@@ -1 +0,0 @@`
				`Fix media repo admin APIs when using a media worker.`
				`@@ -1 +0,0 @@`
				Port `synapse.replication.tcp` to async/await.