matrix-synapse 1.140.0rc1__cp39-abi3-macosx_11_0_arm64.whl → 1.141.0rc2__cp39-abi3-macosx_11_0_arm64.whl

{matrix_synapse-1.140.0rc1.dist-info → matrix_synapse-1.141.0rc2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: matrix-synapse
-Version: 1.140.0rc1
+Version: 1.141.0rc2
 Summary: Homeserver for the Matrix decentralised comms protocol
 License: AGPL-3.0-or-later OR LicenseRef-Element-Commercial
 Author: Matrix.org Team and Contributors

{matrix_synapse-1.140.0rc1.dist-info → matrix_synapse-1.141.0rc2.dist-info}/RECORD

@@ -1,11 +1,11 @@
-matrix_synapse-1.140.0rc1.dist-info/RECORD,,
-matrix_synapse-1.140.0rc1.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-matrix_synapse-1.140.0rc1.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
-matrix_synapse-1.140.0rc1.dist-info/WHEEL,sha256=scg0IzB77chy-_40STvfbf7iGhX6kulz7EDsXzX0T_8,132
-matrix_synapse-1.140.0rc1.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
-matrix_synapse-1.140.0rc1.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
-matrix_synapse-1.140.0rc1.dist-info/METADATA,sha256=AZkJEl2UQhWobsklcyGMnMz5IG08X3e92YrQKAhDMos,17005
-synapse/server.py,sha256=ARplbOkStxgqjWZVc63RokcWGBtnfDW-LeLWT7Q6lSQ,44912
+matrix_synapse-1.141.0rc2.dist-info/RECORD,,
+matrix_synapse-1.141.0rc2.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+matrix_synapse-1.141.0rc2.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
+matrix_synapse-1.141.0rc2.dist-info/WHEEL,sha256=scg0IzB77chy-_40STvfbf7iGhX6kulz7EDsXzX0T_8,132
+matrix_synapse-1.141.0rc2.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
+matrix_synapse-1.141.0rc2.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
+matrix_synapse-1.141.0rc2.dist-info/METADATA,sha256=3cIxSPUcTj5AgpZRyjRGEy4ijsmdkequvwO5-bc2ddw,17005
+synapse/server.py,sha256=3JfefqrjLSeX7Gv8ZA9E103E4O6l05uDkfIghkAfNxg,45069
 synapse/synapse_rust.abi3.so,sha256=c8Hr_z19BOOySFjzivUlQep5buKDZv-KOxKpsEVZsmg,10483184
 synapse/event_auth.py,sha256=fTm9uAf2iC6bIJuP7QH_7zz26VrqPLIqsoXKXkGINME,47090
 synapse/notifier.py,sha256=-qPQQiKxrxwU5Cr3Uzv8PIoyWcNKfBipKemOBzELbT4,35910
@@ -16,7 +16,7 @@ synapse/_pydantic_compat.py,sha256=87dKeVb2Anau0frkNqq3y8XC5ZwJ3jLyVOsWSEwsCZ8,2
 synapse/metrics/_types.py,sha256=XjukHeHdmh5xcELjdh0ZuLWpKlwpRFMedoM2MK3Mmko,1196
 synapse/metrics/background_process_metrics.py,sha256=L3-hiIX_PRITvCMsGGa5UXDAibBbd5zafkvc5xPpOYA,22473
 synapse/metrics/_reactor_metrics.py,sha256=crp4x_VgjavL9Es2lo5JLXrzRr3wzTyK54q_gCViv6k,6002
-synapse/metrics/common_usage_metrics.py,sha256=j6ekGWIXaob2Z8sLWj1mPVQXZmLs0ejb50btPHzWV-U,2947
+synapse/metrics/common_usage_metrics.py,sha256=guOeJ84ARHNxHH8OLdw_e-MhMRqFfyJfdlTfY5nso1w,2941
 synapse/metrics/_gc.py,sha256=s2k-GPFUItKGrLuIujrYQWlt-0bJE81WtLVbLfnhjZQ,8304
 synapse/metrics/jemalloc.py,sha256=H1Dn6B0Ob-PWX4lww78fYMJg8X6pfuXdB5YjURkKs1U,8341
 synapse/metrics/__init__.py,sha256=cn3EYBg9ehpOkjwxi7LBUOqKib3F6OvLXPjlXa3sCa0,26784
@@ -85,9 +85,9 @@ synapse/types/rest/client/__init__.py,sha256=UZtSkvh4_GfF048h36WR-joK_4OpH2dJ5Dp
 synapse/app/pusher.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/frontend_proxy.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/generic_worker.py,sha256=Y3XYVWBk1kQrjO74TBb4pboAsqK7TBolWpgPF1FWK4s,15705
-synapse/app/_base.py,sha256=eGDIixPs1OiKgtPGwMRZYG5wfNAZy_guJaDJDlvoc7E,30734
+synapse/app/_base.py,sha256=1dWeO2lo7ys1sXBctgq3wvIHChgl1XGfK56qYHmCTpA,30249
 synapse/app/client_reader.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
-synapse/app/homeserver.py,sha256=65-0hHxx8BR7uiQlKzrRL6ZM9uq--FNdsNIQhv527AM,17211
+synapse/app/homeserver.py,sha256=jilEa1K4HyOpRiFOAmsMbOaU1B6d7a_aAbFyXRkxCvg,17069
 synapse/app/appservice.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/synchrotron.py,sha256=8kcF8yev36b8nFs_lI0VfEWgosAXl78aEQr0IZPrWAk,1060
 synapse/app/complement_fork_starter.py,sha256=-e0KrFWsUp98tQVpKMTvftAZF6CNGehxihOHCDhjRIw,7288
@@ -103,7 +103,7 @@ synapse/util/async_helpers.py,sha256=eq77yWWO1HcJ0B23-EkRaqLeFDst5xAl7xhpte2WoRU
 synapse/util/logcontext.py,sha256=WLB1FgS7BIJyeCpzc5ltm9gr8EEr0dBY7_kQ31S7_wM,1269
 synapse/util/threepids.py,sha256=XT_az254AK_DJLGyg5SjKfyMsGYhmCzIN14Dp8lZIZw,3745
 synapse/util/retryutils.py,sha256=fpOE1kcudz_ETdxpWOm0WkQVauiw3Sqc8sdKy_HDQIY,12787
-synapse/util/metrics.py,sha256=T5WjREtVFTsFgSWIqJa0_79BuYKFwfquwSK_ppvpvtM,11826
+synapse/util/metrics.py,sha256=E2MTVyGbEcIdCC2ftgMBj7bhsppPhw_xtkya23IFbgA,12046
 synapse/util/ratelimitutils.py,sha256=INMr6RS03H5bzwSeNQ2k8Ar43swFGaXyIoXjuXO13_0,14714
 synapse/util/distributor.py,sha256=f-9_QQelrRriNtJSzNIW9QywQwLeN8Gg6DopQgyDaNc,5291
 synapse/util/iterutils.py,sha256=gwJFEmgOrVBBFwjgicskuM3Fhb05YoLX6-7n_8zL2ts,5539
@@ -154,7 +154,7 @@ synapse/config/oidc.py,sha256=LJs_H1B_gsN8q6Ibd60HTVNLr5vOzFHrCAk9WpS9P-k,20052
 synapse/config/_base.py,sha256=nU8YNC_ulDAxjpSPBJtjk8CCyV8PSXHGE9_fiLeuWus,39246
 synapse/config/metrics.py,sha256=A7A2YpOcBVsAxYT1L54r0pkXJyGLEuvDNl9i5ZueS-I,2764
 synapse/config/server.py,sha256=OjqiNRcm_xAXN_pk7sepd1D01FVRZkRa8ORT0IsCTvA,43741
-synapse/config/experimental.py,sha256=0PKcAQtMMzvp48WO-W0NzeIoIVY8Us6jqB48vTbT_3s,23391
+synapse/config/experimental.py,sha256=c2ZMO1ApocXAIE0ser6cLsNpzEJ3zRfqAVWW4VsWwB0,23182
 synapse/config/ratelimiting.py,sha256=_97HNDT_WdDPXqJrlqPBNxpK7VpWZU2KMZTvSDqG-W8,8655
 synapse/config/homeserver.py,sha256=22RCwv4f5oJX_Sjj3gtQ_ryqYavvnF1GfhYFXyK-Qrc,4713
 synapse/config/room_directory.py,sha256=td6bghPpyv9EJKMR0W1UQwshg1ne6DU17JB_U6BusME,5475
@@ -206,7 +206,7 @@ synapse/_scripts/move_remote_media_to_new_store.py,sha256=VOGFBrZM3qBW4ysmdD8XW9
 synapse/_scripts/export_signing_key.py,sha256=i-7-vXYNpWRUvPJZNGcWgZ78pVNtHcd-j5VKI8JP9wk,2831
 synapse/_scripts/update_synapse_database.py,sha256=RGj8-lFjFB74WgUjTZXi-zkGcMWYR10eyg2GtMJ1YFQ,4005
 synapse/_scripts/register_new_matrix_user.py,sha256=CIdZpokRTis07Jw3SyUeH3WX-zPBJLEHh_4Gs_NSwbs,10757
-synapse/_scripts/hash_password.py,sha256=umsXOUS2Tb1TZsn5xBKySA8cPgRJOT1_H8nqUmyAO1w,2174
+synapse/_scripts/hash_password.py,sha256=m6NTSEkFMyvUc4bEBtRGpF-fUBZKPmL1slrVrqKQU14,2621
 synapse/_scripts/generate_config.py,sha256=KaYWiSVP50PQnhDvrfW6iKiIsPDn_PeAKnm43Tsklqo,2336
 synapse/_scripts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 synapse/_scripts/synapse_port_db.py,sha256=lrXRqYTd2T3eWJb7lHT4ZufXHvf3dWOepQ7n6Dp0O1c,56646
@@ -828,7 +828,7 @@ synapse/api/auth/internal.py,sha256=qn6RJCPRvTv9bTTFDwVW7KdRiDgbidQMM9DAknbl-Bo,
 synapse/api/auth/mas.py,sha256=mRjT9dXcELdypXS8VR0uE2jPKv_shpuq3BvtfyleTDw,16143
 synapse/api/auth/__init__.py,sha256=DR8l59rRPhC_SIQshcqGgzDfECTTt9diw5R3Y55ooOg,7007
 synapse/api/auth/msc3861_delegated.py,sha256=SfuEl0oZX4CGIRir6liPDsA2JowdhYt6XwYweNBFiM0,24162
-synapse/api/auth/base.py,sha256=3mERbu-n4LHBqIDBr32r3v9urEu_S3XNOYEQexDwi48,15563
+synapse/api/auth/base.py,sha256=pEGeMnlzuzM8sngb_do5MdcSBQWZZmiL6CIwF4Y1FlA,15548
 synapse/replication/__init__.py,sha256=5DWi14gUO6wonAMLxJX7fev_idjDNPLvKGXEQ5IZeDg,705
 synapse/replication/tcp/handler.py,sha256=mCqEbRsy9Q4TgUcEcMUJZd5Mben3hlp5kRf1F1XzNgg,35312
 synapse/replication/tcp/protocol.py,sha256=NPcn8HEgH_A5h6Qfal09OiTaZNQmDpVdoOlC0FLqsiE,20624
@@ -873,7 +873,7 @@ synapse/server_notices/resource_limits_server_notices.py,sha256=VpFHZn1DTkpmVjSK
 synapse/server_notices/worker_server_notices_sender.py,sha256=SYuUXW1yYSIO1bEvaRKXD8DPdCVJ3hDbzrAaDBD50Qo,1388
 synapse/server_notices/server_notices_manager.py,sha256=pGqkoJrmOGpx5rjL0W0yJ151YesdZP9_dgM3Vzy9vDY,14620
 synapse/handlers/sync.py,sha256=di99Dk_f8KQmDN0WZiFvn0vPn2jQ0N5YmH3wJqiFBSw,132288
-synapse/handlers/auth.py,sha256=9QcBvL7FCi0SBA5ipJ31HsXunmRPXj8lNO7LtNRqylo,99772
+synapse/handlers/auth.py,sha256=MtwCo5_HDILviQdHtg6WEz2hHtLKe5qhDPf8jDyMAso,100948
 synapse/handlers/oidc.py,sha256=h6Xn5-C_rnD-4IvCu4Lp_sAPKBOskf4WFaLfAOZezcw,71896
 synapse/handlers/push_rules.py,sha256=WkYG-vbbavU8V-pKuWSdwMQLEkHupvuCJIXqS4SpRFI,6062
 synapse/handlers/e2e_keys.py,sha256=OOGG7GVdNTrRfmwYM5GnqYYC7BFFwDtNkkDqSCzMpbg,75373
@@ -988,7 +988,7 @@ synapse/rest/client/relations.py,sha256=gL4i5Jfla73MYztfUH4vYwY1Th67iSut7UCrJ9Y4
 synapse/rest/client/account_data.py,sha256=dRov8NQ8caBi0OgYcxcAUWV9Zcu4QhEm0ne0v_tQG8Q,11359
 synapse/rest/client/matrixrtc.py,sha256=sOXvAs_fr3Z3UbsUjuQqlV2RfGyc6oySQN8g57ebbus,1712
 synapse/rest/client/__init__.py,sha256=pGyU2T0uOe01gjI70J92qseRxU5TIhnR2bHI1d-7mWE,728
-synapse/rest/client/keys.py,sha256=4AP1FAwWiOfXAHOtA5BBV9DbHy6udkrD3PHwqH1Rpcc,25452
+synapse/rest/client/keys.py,sha256=b-jadOWP8v0P2MIGmivUGx-a0pVC7dB4CF3A8XdXhYI,25311
 synapse/rest/client/presence.py,sha256=D7gL_Q4QBWs0og0T5rbW3BJ9xsaWCXHhPYFkW05Uyac,4559
 synapse/rest/client/read_marker.py,sha256=l6My_HOnHhhr1t-O7mKR3TlQZ4Uzc8N1T_vO-eaQupU,3693
 synapse/rest/client/room_keys.py,sha256=rRTI8O4gfjzElgJgyOpLEUhBYXo9UPjkPKP0nqX43UA,15462
@@ -1006,7 +1006,7 @@ synapse/rest/client/sendtodevice.py,sha256=cFYzZ0o0tvsPK2Ri1SHb65TWabUjkpw7p5zBO
 synapse/rest/client/directory.py,sha256=P12dOFUFXYUDJSBwpBpHI_ry-c-m3sDrihpnqeNMI0s,7395
 synapse/rest/client/thread_subscriptions.py,sha256=8Ww79FFsZTN1ExaUBOB07qhlPIeC87uoVhBwWmZqUB0,9055
 synapse/rest/client/login_token_request.py,sha256=iG2GE6ueI_t9syphFxJRdamkwpC3QcF1Oxaq2rnqLqg,4284
-synapse/rest/client/devices.py,sha256=fSKSBB3FitAWbZF-psmBBAXi9iw8JAgGb-thdZ1g-e8,19533
+synapse/rest/client/devices.py,sha256=29kauab4ELBxD7CQiZCkJoJddeOtb7p59z8f8N_mtpA,19377
 synapse/rest/client/thirdparty.py,sha256=dohbEvyCtljZlVhiCHB2Hcz-ffLZUEX1A7qiW6dEEX0,4223
 synapse/rest/client/openid.py,sha256=reW553DzSPaYANiGok1tAcvDDq6XMqEywHnQBSQZirQ,3440
 synapse/rest/client/room.py,sha256=kvpwLLkMCqRNgyeedTkRs533_rlYAINso4AyZOW5nFA,59712

synapse/_scripts/hash_password.py

@@ -73,8 +73,18 @@ def main() -> None:
 
     pw = unicodedata.normalize("NFKC", password)
 
+    bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
+    if len(bytes_to_hash) > 72:
+        # bcrypt only looks at the first 72 bytes
+        print(
+            f"Password + pepper is too long ({len(bytes_to_hash)} bytes); truncating to 72 bytes for bcrypt. "
+            "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+            "sufficient entropy for a password."
+        )
+        bytes_to_hash = bytes_to_hash[:72]
+
     hashed = bcrypt.hashpw(
-        pw.encode("utf8") + password_pepper.encode("utf8"),
+        bytes_to_hash,
         bcrypt.gensalt(bcrypt_rounds),
     ).decode("ascii")
 

synapse/api/auth/base.py

@@ -302,12 +302,9 @@ class BaseAuth:
           (the user_id URI parameter allows an application service to masquerade
           any applicable user in its namespace)
         - what device the application service should be treated as controlling
-          (the device_id[^1] URI parameter allows an application service to masquerade
+          (the device_id URI parameter allows an application service to masquerade
           as any device that exists for the relevant user)
 
-        [^1] Unstable and provided by MSC3202.
-             Must use `org.matrix.msc3202.device_id` in place of `device_id` for now.
-
         Returns:
             the application service `Requester` of that request
 
@@ -319,7 +316,8 @@ class BaseAuth:
         - The returned device ID, if present, has been checked to be a valid device ID
           for the returned user ID.
         """
-        DEVICE_ID_ARG_NAME = b"org.matrix.msc3202.device_id"
+        # TODO: We can drop unstable support after 2026-01-01 (couple months after stable support)
+        UNSTABLE_DEVICE_ID_ARG_NAME = b"org.matrix.msc3202.device_id"
 
         app_service = self.store.get_app_service_by_token(access_token)
         if app_service is None:
@@ -341,13 +339,11 @@ class BaseAuth:
         else:
             effective_user_id = app_service.sender
 
-        effective_device_id: Optional[str] = None
-
-        if (
-            self.hs.config.experimental.msc3202_device_masquerading_enabled
-            and DEVICE_ID_ARG_NAME in request.args
-        ):
-            effective_device_id = request.args[DEVICE_ID_ARG_NAME][0].decode("utf8")
+        effective_device_id_args = request.args.get(
+            b"device_id", request.args.get(UNSTABLE_DEVICE_ID_ARG_NAME)
+        )
+        if effective_device_id_args:
+            effective_device_id = effective_device_id_args[0].decode("utf8")
             # We only just set this so it can't be None!
             assert effective_device_id is not None
             device_opt = await self.store.get_device(
@@ -359,6 +355,8 @@ class BaseAuth:
                     f"Application service trying to use a device that doesn't exist ('{effective_device_id}' for {effective_user_id})",
                     Codes.UNKNOWN_DEVICE,
                 )
+        else:
+            effective_device_id = None
 
         return create_requester(
             effective_user_id, app_service=app_service, device_id=effective_device_id

synapse/app/_base.py

@@ -64,7 +64,6 @@ from twisted.web.resource import Resource
 import synapse.util.caches
 from synapse.api.constants import MAX_PDU_SIZE
 from synapse.app import check_bind_error
-from synapse.app.phone_stats_home import start_phone_stats_home
 from synapse.config import ConfigError
 from synapse.config._base import format_config_error
 from synapse.config.homeserver import HomeServerConfig
@@ -592,9 +591,9 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
                 # we're not using systemd.
                 sdnotify(b"RELOADING=1")
 
-            for sighup_callbacks in _instance_id_to_sighup_callbacks_map.values():
-                for func, args, kwargs in sighup_callbacks:
-                    func(*args, **kwargs)
+                for sighup_callbacks in _instance_id_to_sighup_callbacks_map.values():
+                    for func, args, kwargs in sighup_callbacks:
+                        func(*args, **kwargs)
 
                 sdnotify(b"READY=1")
 
@@ -683,15 +682,6 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
     if hs.config.worker.run_background_tasks:
         hs.start_background_tasks()
 
-        # TODO: This should be moved to same pattern we use for other background tasks:
-        # Add to `REQUIRED_ON_BACKGROUND_TASK_STARTUP` and rely on
-        # `start_background_tasks` to start it.
-        await hs.get_common_usage_metrics_manager().setup()
-
-        # TODO: This feels like another pattern that should refactored as one of the
-        # `REQUIRED_ON_BACKGROUND_TASK_STARTUP`
-        start_phone_stats_home(hs)
-
     if freeze:
         # We now freeze all allocated objects in the hopes that (almost)
         # everything currently allocated are things that will be used for the

synapse/app/homeserver.py

@@ -430,9 +430,7 @@ def setup(
 
         await _base.start(hs, freeze)
 
-        # TODO: This should be moved to `SynapseHomeServer.start_background_tasks` (not
-        # `HomeServer.start_background_tasks`) (this way it matches the behavior of only
-        # running on `main`)
+        # TODO: Feels like this should be moved somewhere else.
         hs.get_datastores().main.db_pool.updates.start_doing_background_updates()
 
     # Register a callback to be invoked once the reactor is running

synapse/config/experimental.py

@@ -412,11 +412,6 @@ class ExperimentalConfig(Config):
             "msc2409_to_device_messages_enabled", False
         )
 
-        # The portion of MSC3202 which is related to device masquerading.
-        self.msc3202_device_masquerading_enabled: bool = experimental.get(
-            "msc3202_device_masquerading", False
-        )
-
         # The portion of MSC3202 related to transaction extensions:
         # sending device list changes, one-time key counts and fallback key
         # usage to application services.

synapse/handlers/auth.py

@@ -1683,8 +1683,22 @@ class AuthHandler:
             # Normalise the Unicode in the password
             pw = unicodedata.normalize("NFKC", password)
 
+            bytes_to_hash = pw.encode(
+                "utf8"
+            ) + self.hs.config.auth.password_pepper.encode("utf8")
+            if len(bytes_to_hash) > 72:
+                # bcrypt only looks at the first 72 bytes.
+                #
+                # Note: we explicitly DO NOT log the length of the user's password here.
+                logger.debug(
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
+                    "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+                    "sufficient entropy for a password."
+                )
+                bytes_to_hash = bytes_to_hash[:72]
+
             return bcrypt.hashpw(
-                pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
+                bytes_to_hash,
                 bcrypt.gensalt(self.bcrypt_rounds),
             ).decode("ascii")
 
@@ -1706,9 +1720,20 @@ class AuthHandler:
         def _do_validate_hash(checked_hash: bytes) -> bool:
             # Normalise the Unicode in the password
             pw = unicodedata.normalize("NFKC", password)
+            password_pepper = self.hs.config.auth.password_pepper
+
+            bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
+            if len(bytes_to_hash) > 72:
+                # bcrypt only looks at the first 72 bytes
+                logger.debug(
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
+                    "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+                    "sufficient entropy for a password."
+                )
+                bytes_to_hash = bytes_to_hash[:72]
 
             return bcrypt.checkpw(
-                pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
+                bytes_to_hash,
                 checked_hash,
             )
 

synapse/metrics/common_usage_metrics.py

@@ -62,7 +62,7 @@ class CommonUsageMetricsManager:
         """
         return await self._collect()
 
-    async def setup(self) -> None:
+    def setup(self) -> None:
         """Keep the gauges for common usage metrics up to date."""
         self._hs.run_as_background_process(
             desc="common_usage_metrics_update_gauges",

synapse/rest/client/devices.py

@@ -112,7 +112,7 @@ class DeleteDevicesRestServlet(RestServlet):
             else:
                 raise e
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 can skip UIA for this endpoint
             pass
         else:
@@ -192,7 +192,7 @@ class DeviceRestServlet(RestServlet):
             else:
                 raise
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 allows appservices to delete devices through this endpoint without UIA
             # It's also allowed with MSC3861 enabled
             pass
@@ -227,7 +227,7 @@ class DeviceRestServlet(RestServlet):
         body = parse_and_validate_json_object_from_request(request, self.PutBody)
 
         # MSC4190 allows appservices to create devices through this endpoint
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             created = await self.device_handler.upsert_device(
                 user_id=requester.user.to_string(),
                 device_id=device_id,

synapse/rest/client/keys.py

@@ -543,15 +543,11 @@ class SigningKeyUploadServlet(RestServlet):
         if not keys_are_different:
             return 200, {}
 
-        # MSC4190 can skip UIA for replacing cross-signing keys as well.
-        is_appservice_with_msc4190 = (
-            requester.app_service and requester.app_service.msc4190_device_management
-        )
-
         # The keys are different; is x-signing set up? If no, then this is first-time
         # setup, and that is allowed without UIA, per MSC3967.
         # If yes, then we need to authenticate the change.
-        if is_cross_signing_setup and not is_appservice_with_msc4190:
+        # MSC4190 can skip UIA for replacing cross-signing keys as well.
+        if is_cross_signing_setup and not requester.app_service:
             # With MSC3861, UIA is not possible. Instead, the auth service has to
             # explicitly mark the master key as replaceable.
             if self.hs.config.mas.enabled:

synapse/server.py

@@ -62,6 +62,7 @@ from synapse.api.auth_blocking import AuthBlocking
 from synapse.api.filtering import Filtering
 from synapse.api.ratelimiting import Ratelimiter, RequestRatelimiter
 from synapse.app._base import unregister_sighups
+from synapse.app.phone_stats_home import start_phone_stats_home
 from synapse.appservice.api import ApplicationServiceApi
 from synapse.appservice.scheduler import ApplicationServiceScheduler
 from synapse.config.homeserver import HomeServerConfig
@@ -643,6 +644,8 @@ class HomeServer(metaclass=abc.ABCMeta):
         for i in self.REQUIRED_ON_BACKGROUND_TASK_STARTUP:
             getattr(self, "get_" + i + "_handler")()
         self.get_task_scheduler()
+        self.get_common_usage_metrics_manager().setup()
+        start_phone_stats_home(self)
 
     def get_reactor(self) -> ISynapseReactor:
         """

synapse/util/metrics.py

@@ -323,9 +323,13 @@ class DynamicCollectorRegistry(CollectorRegistry):
         if server_hooks.get(metric_name) is not None:
             # TODO: This should be an `assert` since registering the same metric name
             # multiple times will clobber the old metric.
-            # We currently rely on this behaviour as we instantiate multiple
-            # `SyncRestServlet`, one per listener, and in the `__init__` we setup a new
-            # LruCache.
+            #
+            # We currently rely on this behaviour in a few places:
+            #  - We instantiate multiple `SyncRestServlet`, one per listener, and in the
+            #   `__init__` we setup a new `LruCache`.
+            #  - We instantiate multiple `ApplicationService` (one per configured
+            #    application service) which use the `@cached` decorator on some methods.
+            #
             # Once the above behaviour is changed, this should be changed to an `assert`.
             logger.error(
                 "Metric named %s already registered for server %s",