matrix-synapse 1.140.0__cp39-abi3-musllinux_1_2_aarch64.whl → 1.141.0__cp39-abi3-musllinux_1_2_aarch64.whl

{matrix_synapse-1.140.0.dist-info → matrix_synapse-1.141.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: matrix-synapse
-Version: 1.140.0
+Version: 1.141.0
 Summary: Homeserver for the Matrix decentralised comms protocol
 License: AGPL-3.0-or-later OR LicenseRef-Element-Commercial
 Author: Matrix.org Team and Contributors

{matrix_synapse-1.140.0.dist-info → matrix_synapse-1.141.0.dist-info}/RECORD

@@ -4,7 +4,7 @@ synapse/_pydantic_compat.py,sha256=87dKeVb2Anau0frkNqq3y8XC5ZwJ3jLyVOsWSEwsCZ8,2
 synapse/event_auth.py,sha256=fTm9uAf2iC6bIJuP7QH_7zz26VrqPLIqsoXKXkGINME,47090
 synapse/notifier.py,sha256=-qPQQiKxrxwU5Cr3Uzv8PIoyWcNKfBipKemOBzELbT4,35910
 synapse/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-synapse/server.py,sha256=ARplbOkStxgqjWZVc63RokcWGBtnfDW-LeLWT7Q6lSQ,44912
+synapse/server.py,sha256=3JfefqrjLSeX7Gv8ZA9E103E4O6l05uDkfIghkAfNxg,45069
 synapse/synapse_rust.abi3.so,sha256=baXAwJnS5K039tqfWT-yVk7kE5AF1oZJRrzSh3WtEA4,11800609
 synapse/visibility.py,sha256=tRZzUn7X8nn2I9U74aORe0MB5KQZ60zTRWjqihSMsyY,31475
 synapse/_scripts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -13,7 +13,7 @@ synapse/_scripts/generate_config.py,sha256=KaYWiSVP50PQnhDvrfW6iKiIsPDn_PeAKnm43
 synapse/_scripts/generate_log_config.py,sha256=9lnzZeWYZTQtM-Y1iCt4kOegL4TkqZ2l21qPCbOBhPA,1459
 synapse/_scripts/generate_signing_key.py,sha256=lauzE2E0agnKNv7jhhSlV54htRLm9uX1GGVR2aFl9gM,1541
 synapse/_scripts/generate_workers_map.py,sha256=PymWyPFa33HCSvGvK_ltAUoZMM7EFHUCKGiC2xqqncg,10260
-synapse/_scripts/hash_password.py,sha256=umsXOUS2Tb1TZsn5xBKySA8cPgRJOT1_H8nqUmyAO1w,2174
+synapse/_scripts/hash_password.py,sha256=m6NTSEkFMyvUc4bEBtRGpF-fUBZKPmL1slrVrqKQU14,2621
 synapse/_scripts/move_remote_media_to_new_store.py,sha256=VOGFBrZM3qBW4ysmdD8XW9vNTXJOF7IyBRSpoh7pRdc,3780
 synapse/_scripts/register_new_matrix_user.py,sha256=CIdZpokRTis07Jw3SyUeH3WX-zPBJLEHh_4Gs_NSwbs,10757
 synapse/_scripts/review_recent_signups.py,sha256=MeEnHMpHiLGBh6xvwSyH4RSDM7YZKkygtC3-lDGJvCU,6422
@@ -30,12 +30,12 @@ synapse/api/ratelimiting.py,sha256=XJWgsdRtiX0I8QvYv5DbVGhI24ZNnNXO_FreIMPckOY,1
 synapse/api/room_versions.py,sha256=QDzw9X5qpFBxB9XaSmYgRpFwV1dl3V1R42dlUvoCu5w,18925
 synapse/api/urls.py,sha256=XVlSEhTE06_ABi2tjMTPVjOYApizA_RTIbtF4LYsWQ4,4378
 synapse/api/auth/__init__.py,sha256=DR8l59rRPhC_SIQshcqGgzDfECTTt9diw5R3Y55ooOg,7007
-synapse/api/auth/base.py,sha256=3mERbu-n4LHBqIDBr32r3v9urEu_S3XNOYEQexDwi48,15563
+synapse/api/auth/base.py,sha256=pEGeMnlzuzM8sngb_do5MdcSBQWZZmiL6CIwF4Y1FlA,15548
 synapse/api/auth/internal.py,sha256=qn6RJCPRvTv9bTTFDwVW7KdRiDgbidQMM9DAknbl-Bo,11405
 synapse/api/auth/mas.py,sha256=mRjT9dXcELdypXS8VR0uE2jPKv_shpuq3BvtfyleTDw,16143
 synapse/api/auth/msc3861_delegated.py,sha256=SfuEl0oZX4CGIRir6liPDsA2JowdhYt6XwYweNBFiM0,24162
 synapse/app/__init__.py,sha256=SA64haCokU2G02egH6Oz5IXQYjfMZZNpS2WSrcJjFWw,1937
-synapse/app/_base.py,sha256=eGDIixPs1OiKgtPGwMRZYG5wfNAZy_guJaDJDlvoc7E,30734
+synapse/app/_base.py,sha256=1dWeO2lo7ys1sXBctgq3wvIHChgl1XGfK56qYHmCTpA,30249
 synapse/app/admin_cmd.py,sha256=oUY3WDJ3-Su7R3t1sHyOWldnTgI84MVKVCFeJE8ER8M,12780
 synapse/app/appservice.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/client_reader.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
@@ -45,7 +45,7 @@ synapse/app/federation_reader.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPr
 synapse/app/federation_sender.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/frontend_proxy.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/generic_worker.py,sha256=Y3XYVWBk1kQrjO74TBb4pboAsqK7TBolWpgPF1FWK4s,15705
-synapse/app/homeserver.py,sha256=65-0hHxx8BR7uiQlKzrRL6ZM9uq--FNdsNIQhv527AM,17211
+synapse/app/homeserver.py,sha256=jilEa1K4HyOpRiFOAmsMbOaU1B6d7a_aAbFyXRkxCvg,17069
 synapse/app/media_repository.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/phone_stats_home.py,sha256=xLcw-uk2bfiJeQtGc6VYNq2vBfBg-Z7AmH5D2ub2XrY,10655
 synapse/app/pusher.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
@@ -71,7 +71,7 @@ synapse/config/cas.py,sha256=frR7DzZ2V27WvMKaGEKvC2_LuyvKNuONEVtys4E-9gU,4240
 synapse/config/consent.py,sha256=4KJbfMPrloJBrB2jQqLLF4ZWKOsLXmymRYBIOJW5RKs,2669
 synapse/config/database.py,sha256=0M2sSGKkg1uLcDz3E5W0_iTH3M-MJTndW0KlVivOcxk,6591
 synapse/config/emailconfig.py,sha256=ic_zF9CzX5SKPVJqBH4gRg5E3cGCIifv2sbCVPsjgak,15877
-synapse/config/experimental.py,sha256=0PKcAQtMMzvp48WO-W0NzeIoIVY8Us6jqB48vTbT_3s,23391
+synapse/config/experimental.py,sha256=c2ZMO1ApocXAIE0ser6cLsNpzEJ3zRfqAVWW4VsWwB0,23182
 synapse/config/federation.py,sha256=iu7ONXr--4WXrhT-YZX95l1Tyt3DWLBJmZpZ3OqvGCA,4470
 synapse/config/homeserver.py,sha256=22RCwv4f5oJX_Sjj3gtQ_ryqYavvnF1GfhYFXyK-Qrc,4713
 synapse/config/jwt.py,sha256=NOFTtnGewnmaeTJL4P1-dFNQhlsH153ZENmJGBwT_Pw,1949
@@ -137,7 +137,7 @@ synapse/handlers/account_data.py,sha256=CQAfVkJPMQsbl53lRZK_lHmkR0O2RM80rjwCfa9g
 synapse/handlers/account_validity.py,sha256=5HS1hL1rGe72xaOLENGwFrVsjXaezhEBWIctAMqWhlU,13924
 synapse/handlers/admin.py,sha256=P7e3bwsIDxOvRIzlZOArfMRWtJD-KkyLzDfubsUEq3k,22800
 synapse/handlers/appservice.py,sha256=vtqScclvlKH_LJYcG9v8BtG70aS9VL60-9tFM48fiz0,40481
-synapse/handlers/auth.py,sha256=9QcBvL7FCi0SBA5ipJ31HsXunmRPXj8lNO7LtNRqylo,99772
+synapse/handlers/auth.py,sha256=MtwCo5_HDILviQdHtg6WEz2hHtLKe5qhDPf8jDyMAso,100948
 synapse/handlers/cas.py,sha256=ce7bB1gXa2VWRb4l36WmxP3V7nD5JrIdMOusYRysBOk,15313
 synapse/handlers/deactivate_account.py,sha256=snM3YHgREAHsbn8XwcFpSq8SW7-8_AFS5i2jCsAVaKE,14602
 synapse/handlers/delayed_events.py,sha256=ApA9UiujQ3q33HcPwolOrRvRQkzDvgbALIaOvYV_-Bg,25948
@@ -229,7 +229,7 @@ synapse/metrics/_gc.py,sha256=s2k-GPFUItKGrLuIujrYQWlt-0bJE81WtLVbLfnhjZQ,8304
 synapse/metrics/_reactor_metrics.py,sha256=crp4x_VgjavL9Es2lo5JLXrzRr3wzTyK54q_gCViv6k,6002
 synapse/metrics/_types.py,sha256=XjukHeHdmh5xcELjdh0ZuLWpKlwpRFMedoM2MK3Mmko,1196
 synapse/metrics/background_process_metrics.py,sha256=L3-hiIX_PRITvCMsGGa5UXDAibBbd5zafkvc5xPpOYA,22473
-synapse/metrics/common_usage_metrics.py,sha256=j6ekGWIXaob2Z8sLWj1mPVQXZmLs0ejb50btPHzWV-U,2947
+synapse/metrics/common_usage_metrics.py,sha256=guOeJ84ARHNxHH8OLdw_e-MhMRqFfyJfdlTfY5nso1w,2941
 synapse/metrics/jemalloc.py,sha256=H1Dn6B0Ob-PWX4lww78fYMJg8X6pfuXdB5YjURkKs1U,8341
 synapse/module_api/__init__.py,sha256=CrWUBuWF9DgRMZwN8GTGQn_OZVL1IHcmqpHOjM3_-wc,80233
 synapse/module_api/errors.py,sha256=Xq9K1Rax-QLVPClaubhqg0C7onDdrJGqBPFtlnD34A8,1272
@@ -360,12 +360,12 @@ synapse/rest/client/auth.py,sha256=x5SMw7kYn77fnElR2RAyO_iEACEfOacAhvby5PjEFec,8
 synapse/rest/client/auth_metadata.py,sha256=NvDi6eyG5g_-t4fU_HhjJG9bW2HSATHGyryuPcrt82U,4417
 synapse/rest/client/capabilities.py,sha256=tJP3ZFHbyjV2jkkK8bIcYUGd-SW_Kc-O6izkV5cv4dU,4534
 synapse/rest/client/delayed_events.py,sha256=R5PQt7CpezcmodUz7B5GYSPZq8Faj35GBhIyzmjzzsM,3883
-synapse/rest/client/devices.py,sha256=fSKSBB3FitAWbZF-psmBBAXi9iw8JAgGb-thdZ1g-e8,19533
+synapse/rest/client/devices.py,sha256=29kauab4ELBxD7CQiZCkJoJddeOtb7p59z8f8N_mtpA,19377
 synapse/rest/client/directory.py,sha256=P12dOFUFXYUDJSBwpBpHI_ry-c-m3sDrihpnqeNMI0s,7395
 synapse/rest/client/events.py,sha256=ig7fi3b2VduD1_-yj82wensWQFbwMFwd-lv9cHyCSAQ,4067
 synapse/rest/client/filter.py,sha256=_jDRkrDVqrb0_wqn9vrSjIiH3yFI1Aia8zkcAORUxJo,3802
 synapse/rest/client/initial_sync.py,sha256=4cA5LRSpTCiIA72fzemNqUbwW4CkvB70TWUI95VsK94,2368
-synapse/rest/client/keys.py,sha256=4AP1FAwWiOfXAHOtA5BBV9DbHy6udkrD3PHwqH1Rpcc,25452
+synapse/rest/client/keys.py,sha256=b-jadOWP8v0P2MIGmivUGx-a0pVC7dB4CF3A8XdXhYI,25311
 synapse/rest/client/knock.py,sha256=KtOGjb9W1Jjpe5hAlOkEVU9DuzGsmpLHXrevVNYno-8,3558
 synapse/rest/client/login.py,sha256=OJhwDvlwNXJSf-8YEqTk1Rtbtz_lkkTr2jlVtdsmCU0,28379
 synapse/rest/client/login_token_request.py,sha256=iG2GE6ueI_t9syphFxJRdamkwpC3QcF1Oxaq2rnqLqg,4284
@@ -1023,7 +1023,7 @@ synapse/util/logcontext.py,sha256=WLB1FgS7BIJyeCpzc5ltm9gr8EEr0dBY7_kQ31S7_wM,12
 synapse/util/logformatter.py,sha256=dK6fhkz97KEiVj2zJWl-VJ_y4i9kqH-zIN2AHytG6_U,895
 synapse/util/macaroons.py,sha256=QmTwmKGxfNrPC6Ef59hz75-q4agZEwED4bE3pyeG3QM,12134
 synapse/util/manhole.py,sha256=XT4Mj2bbv9q3ZMsxiTJbWJuLjT4ExeJSPklgqTa42QQ,8349
-synapse/util/metrics.py,sha256=T5WjREtVFTsFgSWIqJa0_79BuYKFwfquwSK_ppvpvtM,11826
+synapse/util/metrics.py,sha256=E2MTVyGbEcIdCC2ftgMBj7bhsppPhw_xtkya23IFbgA,12046
 synapse/util/module_loader.py,sha256=DU0IzaYrvP2ol8aJ56HQonuBNkO9ouVy9VuJQDZx7rM,4003
 synapse/util/msisdn.py,sha256=8nwe3uXLmaDt0jOuYUDbHUVXyjC1llf19iRxCx-IAmA,1707
 synapse/util/patch_inline_callbacks.py,sha256=rIRrab18mVLJ5NFacoz_SouSfU1HWI0Ql3Ztl5lZ8uc,9322
@@ -1049,10 +1049,10 @@ synapse/util/caches/response_cache.py,sha256=pfiktchF_NUhFYU96nIRcPBfsQMSpBo4Zun
 synapse/util/caches/stream_change_cache.py,sha256=OaYpW9ZhVz6nLqkeSUnav3QztWgxoc6U2f_OHu7AqQI,13341
 synapse/util/caches/treecache.py,sha256=ZgINF6s_O7NnP4-sI3kEYS2hMLxVeI8Kb3EiFUVVrWA,5948
 synapse/util/caches/ttlcache.py,sha256=kYDG8koywsTukoEpXJuqBsmk5Du1MFEQfBrPN97uw8E,5818
-matrix_synapse-1.140.0.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
-matrix_synapse-1.140.0.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-matrix_synapse-1.140.0.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
-matrix_synapse-1.140.0.dist-info/METADATA,sha256=4pgE02jWITvgAKVvQ7hrOPpL4UW5rn24GmOI_TXH5MA,17002
-matrix_synapse-1.140.0.dist-info/WHEEL,sha256=qD05PE4oken3fxhpRz34QZ_OG3AXOlk_2cjvD0ZWlqI,108
-matrix_synapse-1.140.0.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
-matrix_synapse-1.140.0.dist-info/RECORD,,
+matrix_synapse-1.141.0.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
+matrix_synapse-1.141.0.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+matrix_synapse-1.141.0.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
+matrix_synapse-1.141.0.dist-info/METADATA,sha256=okmM7NfYC7A4x_0lJePCOJQuCXLPeqzU99oyE0HbGO8,17002
+matrix_synapse-1.141.0.dist-info/WHEEL,sha256=qD05PE4oken3fxhpRz34QZ_OG3AXOlk_2cjvD0ZWlqI,108
+matrix_synapse-1.141.0.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
+matrix_synapse-1.141.0.dist-info/RECORD,,

synapse/_scripts/hash_password.py

@@ -73,8 +73,18 @@ def main() -> None:
 
     pw = unicodedata.normalize("NFKC", password)
 
+    bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
+    if len(bytes_to_hash) > 72:
+        # bcrypt only looks at the first 72 bytes
+        print(
+            f"Password + pepper is too long ({len(bytes_to_hash)} bytes); truncating to 72 bytes for bcrypt. "
+            "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+            "sufficient entropy for a password."
+        )
+        bytes_to_hash = bytes_to_hash[:72]
+
     hashed = bcrypt.hashpw(
-        pw.encode("utf8") + password_pepper.encode("utf8"),
+        bytes_to_hash,
         bcrypt.gensalt(bcrypt_rounds),
     ).decode("ascii")
 

synapse/api/auth/base.py

@@ -302,12 +302,9 @@ class BaseAuth:
           (the user_id URI parameter allows an application service to masquerade
           any applicable user in its namespace)
         - what device the application service should be treated as controlling
-          (the device_id[^1] URI parameter allows an application service to masquerade
+          (the device_id URI parameter allows an application service to masquerade
           as any device that exists for the relevant user)
 
-        [^1] Unstable and provided by MSC3202.
-             Must use `org.matrix.msc3202.device_id` in place of `device_id` for now.
-
         Returns:
             the application service `Requester` of that request
 
@@ -319,7 +316,8 @@ class BaseAuth:
         - The returned device ID, if present, has been checked to be a valid device ID
           for the returned user ID.
         """
-        DEVICE_ID_ARG_NAME = b"org.matrix.msc3202.device_id"
+        # TODO: We can drop unstable support after 2026-01-01 (couple months after stable support)
+        UNSTABLE_DEVICE_ID_ARG_NAME = b"org.matrix.msc3202.device_id"
 
         app_service = self.store.get_app_service_by_token(access_token)
         if app_service is None:
@@ -341,13 +339,11 @@ class BaseAuth:
         else:
             effective_user_id = app_service.sender
 
-        effective_device_id: Optional[str] = None
-
-        if (
-            self.hs.config.experimental.msc3202_device_masquerading_enabled
-            and DEVICE_ID_ARG_NAME in request.args
-        ):
-            effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8")
+        effective_device_id_args = request.args.get(
+            b"device_id", request.args.get(UNSTABLE_DEVICE_ID_ARG_NAME)
+        )
+        if effective_device_id_args:
+            effective_device_id = effective_device_id_args[0].decode("utf8")
             # We only just set this so it can't be None!
             assert effective_device_id is not None
             device_opt = await self.store.get_device(
@@ -359,6 +355,8 @@ class BaseAuth:
                     f"Application service trying to use a device that doesn't exist ('{effective_device_id}' for {effective_user_id})",
                     Codes.UNKNOWN_DEVICE,
                 )
+        else:
+            effective_device_id = None
 
         return create_requester(
             effective_user_id, app_service=app_service, device_id=effective_device_id

synapse/app/_base.py

@@ -64,7 +64,6 @@ from twisted.web.resource import Resource
 import synapse.util.caches
 from synapse.api.constants import MAX_PDU_SIZE
 from synapse.app import check_bind_error
-from synapse.app.phone_stats_home import start_phone_stats_home
 from synapse.config import ConfigError
 from synapse.config._base import format_config_error
 from synapse.config.homeserver import HomeServerConfig
@@ -592,9 +591,9 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
                 # we're not using systemd.
                 sdnotify(b"RELOADING=1")
 
-            for sighup_callbacks in _instance_id_to_sighup_callbacks_map.values():
-                for func, args, kwargs in sighup_callbacks:
-                    func(*args, **kwargs)
+                for sighup_callbacks in _instance_id_to_sighup_callbacks_map.values():
+                    for func, args, kwargs in sighup_callbacks:
+                        func(*args, **kwargs)
 
                 sdnotify(b"READY=1")
 
@@ -683,15 +682,6 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
     if hs.config.worker.run_background_tasks:
         hs.start_background_tasks()
 
-        # TODO: This should be moved to same pattern we use for other background tasks:
-        # Add to `REQUIRED_ON_BACKGROUND_TASK_STARTUP` and rely on
-        # `start_background_tasks` to start it.
-        await hs.get_common_usage_metrics_manager().setup()
-
-        # TODO: This feels like another pattern that should refactored as one of the
-        # `REQUIRED_ON_BACKGROUND_TASK_STARTUP`
-        start_phone_stats_home(hs)
-
     if freeze:
         # We now freeze all allocated objects in the hopes that (almost)
         # everything currently allocated are things that will be used for the

synapse/app/homeserver.py

@@ -430,9 +430,7 @@ def setup(
 
         await _base.start(hs, freeze)
 
-        # TODO: This should be moved to `SynapseHomeServer.start_background_tasks` (not
-        # `HomeServer.start_background_tasks`) (this way it matches the behavior of only
-        # running on `main`)
+        # TODO: Feels like this should be moved somewhere else.
         hs.get_datastores().main.db_pool.updates.start_doing_background_updates()
 
     # Register a callback to be invoked once the reactor is running

synapse/config/experimental.py

@@ -412,11 +412,6 @@ class ExperimentalConfig(Config):
             "msc2409_to_device_messages_enabled", False
         )
 
-        # The portion of MSC3202 which is related to device masquerading.
-        self.msc3202_device_masquerading_enabled: bool = experimental.get(
-            "msc3202_device_masquerading", False
-        )
-
         # The portion of MSC3202 related to transaction extensions:
         # sending device list changes, one-time key counts and fallback key
         # usage to application services.

synapse/handlers/auth.py

@@ -1683,8 +1683,22 @@ class AuthHandler:
             # Normalise the Unicode in the password
             pw = unicodedata.normalize("NFKC", password)
 
+            bytes_to_hash = pw.encode(
+                "utf8"
+            ) + self.hs.config.auth.password_pepper.encode("utf8")
+            if len(bytes_to_hash) > 72:
+                # bcrypt only looks at the first 72 bytes.
+                #
+                # Note: we explicitly DO NOT log the length of the user's password here.
+                logger.debug(
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
+                    "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+                    "sufficient entropy for a password."
+                )
+                bytes_to_hash = bytes_to_hash[:72]
+
             return bcrypt.hashpw(
-                pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
+                bytes_to_hash,
                 bcrypt.gensalt(self.bcrypt_rounds),
             ).decode("ascii")
 
@@ -1706,9 +1720,20 @@ class AuthHandler:
         def _do_validate_hash(checked_hash: bytes) -> bool:
             # Normalise the Unicode in the password
             pw = unicodedata.normalize("NFKC", password)
+            password_pepper = self.hs.config.auth.password_pepper
+
+            bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
+            if len(bytes_to_hash) > 72:
+                # bcrypt only looks at the first 72 bytes
+                logger.debug(
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
+                    "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+                    "sufficient entropy for a password."
+                )
+                bytes_to_hash = bytes_to_hash[:72]
 
             return bcrypt.checkpw(
-                pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
+                bytes_to_hash,
                 checked_hash,
             )
 

synapse/metrics/common_usage_metrics.py

@@ -62,7 +62,7 @@ class CommonUsageMetricsManager:
         """
         return await self._collect()
 
-    async def setup(self) -> None:
+    def setup(self) -> None:
         """Keep the gauges for common usage metrics up to date."""
         self._hs.run_as_background_process(
             desc="common_usage_metrics_update_gauges",

synapse/rest/client/devices.py

@@ -112,7 +112,7 @@ class DeleteDevicesRestServlet(RestServlet):
             else:
                 raise e
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 can skip UIA for this endpoint
             pass
         else:
@@ -192,7 +192,7 @@ class DeviceRestServlet(RestServlet):
             else:
                 raise
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 allows appservices to delete devices through this endpoint without UIA
             # It's also allowed with MSC3861 enabled
             pass
@@ -227,7 +227,7 @@ class DeviceRestServlet(RestServlet):
         body = parse_and_validate_json_object_from_request(request, self.PutBody)
 
         # MSC4190 allows appservices to create devices through this endpoint
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             created = await self.device_handler.upsert_device(
                 user_id=requester.user.to_string(),
                 device_id=device_id,

synapse/rest/client/keys.py

@@ -543,15 +543,11 @@ class SigningKeyUploadServlet(RestServlet):
         if not keys_are_different:
             return 200, {}
 
-        # MSC4190 can skip UIA for replacing cross-signing keys as well.
-        is_appservice_with_msc4190 = (
-            requester.app_service and requester.app_service.msc4190_device_management
-        )
-
         # The keys are different; is x-signing set up? If no, then this is first-time
         # setup, and that is allowed without UIA, per MSC3967.
         # If yes, then we need to authenticate the change.
-        if is_cross_signing_setup and not is_appservice_with_msc4190:
+        # MSC4190 can skip UIA for replacing cross-signing keys as well.
+        if is_cross_signing_setup and not requester.app_service:
             # With MSC3861, UIA is not possible. Instead, the auth service has to
             # explicitly mark the master key as replaceable.
             if self.hs.config.mas.enabled:

synapse/server.py

@@ -62,6 +62,7 @@ from synapse.api.auth_blocking import AuthBlocking
 from synapse.api.filtering import Filtering
 from synapse.api.ratelimiting import Ratelimiter, RequestRatelimiter
 from synapse.app._base import unregister_sighups
+from synapse.app.phone_stats_home import start_phone_stats_home
 from synapse.appservice.api import ApplicationServiceApi
 from synapse.appservice.scheduler import ApplicationServiceScheduler
 from synapse.config.homeserver import HomeServerConfig
@@ -643,6 +644,8 @@ class HomeServer(metaclass=abc.ABCMeta):
         for i in self.REQUIRED_ON_BACKGROUND_TASK_STARTUP:
             getattr(self, "get_" + i + "_handler")()
         self.get_task_scheduler()
+        self.get_common_usage_metrics_manager().setup()
+        start_phone_stats_home(self)
 
     def get_reactor(self) -> ISynapseReactor:
         """

synapse/util/metrics.py

@@ -323,9 +323,13 @@ class DynamicCollectorRegistry(CollectorRegistry):
         if server_hooks.get(metric_name) is not None:
             # TODO: This should be an `assert` since registering the same metric name
             # multiple times will clobber the old metric.
-            # We currently rely on this behaviour as we instantiate multiple
-            # `SyncRestServlet`, one per listener, and in the `__init__` we setup a new
-            # LruCache.
+            #
+            # We currently rely on this behaviour in a few places:
+            #  - We instantiate multiple `SyncRestServlet`, one per listener, and in the
+            #   `__init__` we setup a new `LruCache`.
+            #  - We instantiate multiple `ApplicationService` (one per configured
+            #    application service) which use the `@cached` decorator on some methods.
+            #
             # Once the above behaviour is changed, this should be changed to an `assert`.
             logger.error(
                 "Metric named %s already registered for server %s",