PyPI - matrix-synapse - Versions diffs - 1.145.0rc2__cp310-abi3-manylinux_2_28_x86_64.whl - Mend

matrix-synapse 1.145.0rc2__cp310-abi3-manylinux_2_28_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of matrix-synapse might be problematic. Click here for more details.

Files changed (1636) hide show

AUTHORS.rst +51 -0
CHANGES.md +1732 -0
CONTRIBUTING.md +3 -0
Cargo.lock +1923 -0
Cargo.toml +6 -0
INSTALL.md +7 -0
LICENSE-AGPL-3.0 +661 -0
LICENSE-COMMERCIAL +6 -0
UPGRADE.rst +7 -0
book.toml +47 -0
changelog.d/.gitignore +1 -0
demo/.gitignore +4 -0
demo/clean.sh +22 -0
demo/start.sh +173 -0
demo/stop.sh +14 -0
docs/.sample_config_header.yaml +12 -0
docs/CAPTCHA_SETUP.md +37 -0
docs/README.md +86 -0
docs/SUMMARY.md +126 -0
docs/admin_api/README.rst +13 -0
docs/admin_api/account_validity.md +47 -0
docs/admin_api/client_server_api_extensions.md +67 -0
docs/admin_api/event_reports.md +185 -0
docs/admin_api/experimental_features.md +52 -0
docs/admin_api/fetch_event.md +53 -0
docs/admin_api/media_admin_api.md +372 -0
docs/admin_api/purge_history_api.md +77 -0
docs/admin_api/register_api.md +92 -0
docs/admin_api/room_membership.md +35 -0
docs/admin_api/rooms.md +1190 -0
docs/admin_api/scheduled_tasks.md +54 -0
docs/admin_api/server_notices.md +48 -0
docs/admin_api/statistics.md +132 -0
docs/admin_api/user_admin_api.md +1602 -0
docs/admin_api/version_api.md +23 -0
docs/ancient_architecture_notes.md +81 -0
docs/application_services.md +36 -0
docs/architecture.md +65 -0
docs/auth_chain_diff.dot +32 -0
docs/auth_chain_diff.dot.png +0 -0
docs/auth_chain_difference_algorithm.md +141 -0
docs/changelogs/CHANGES-2019.md +1039 -0
docs/changelogs/CHANGES-2020.md +2145 -0
docs/changelogs/CHANGES-2021.md +2573 -0
docs/changelogs/CHANGES-2022.md +2766 -0
docs/changelogs/CHANGES-2023.md +2202 -0
docs/changelogs/CHANGES-2024.md +1586 -0
docs/changelogs/CHANGES-pre-1.0.md +3641 -0
docs/changelogs/README.md +1 -0
docs/code_style.md +119 -0
docs/consent_tracking.md +197 -0
docs/delegate.md +111 -0
docs/deprecation_policy.md +89 -0
docs/development/cas.md +64 -0
docs/development/contributing_guide.md +554 -0
docs/development/database_schema.md +404 -0
docs/development/demo.md +42 -0
docs/development/dependencies.md +326 -0
docs/development/experimental_features.md +37 -0
docs/development/git.md +148 -0
docs/development/img/git/branches.jpg +0 -0
docs/development/img/git/clean.png +0 -0
docs/development/img/git/squash.png +0 -0
docs/development/internal_documentation/README.md +12 -0
docs/development/internal_documentation/release_notes_review_checklist.md +12 -0
docs/development/releases.md +37 -0
docs/development/reviews.md +41 -0
docs/development/room-dag-concepts.md +115 -0
docs/development/saml.md +40 -0
docs/development/synapse_architecture/cancellation.md +392 -0
docs/development/synapse_architecture/faster_joins.md +375 -0
docs/development/synapse_architecture/streams.md +198 -0
docs/element_logo_white_bg.svg +94 -0
docs/favicon.png +0 -0
docs/favicon.svg +58 -0
docs/federate.md +67 -0
docs/jwt.md +105 -0
docs/log_contexts.md +566 -0
docs/manhole.md +101 -0
docs/media_repository.md +78 -0
docs/message_retention_policies.md +207 -0
docs/metrics-howto.md +315 -0
docs/modules/account_data_callbacks.md +106 -0
docs/modules/account_validity_callbacks.md +57 -0
docs/modules/add_extra_fields_to_client_events_unsigned.md +32 -0
docs/modules/background_update_controller_callbacks.md +71 -0
docs/modules/index.md +53 -0
docs/modules/media_repository_callbacks.md +131 -0
docs/modules/password_auth_provider_callbacks.md +270 -0
docs/modules/porting_legacy_module.md +20 -0
docs/modules/presence_router_callbacks.md +112 -0
docs/modules/ratelimit_callbacks.md +43 -0
docs/modules/spam_checker_callbacks.md +517 -0
docs/modules/third_party_rules_callbacks.md +350 -0
docs/modules/writing_a_module.md +141 -0
docs/openid.md +783 -0
docs/opentracing.md +99 -0
docs/other/running_synapse_on_single_board_computers.md +75 -0
docs/password_auth_providers.md +129 -0
docs/postgres.md +269 -0
docs/presence_router_module.md +247 -0
docs/privacy_policy_templates/en/1.0.html +26 -0
docs/privacy_policy_templates/en/success.html +11 -0
docs/replication.md +36 -0
docs/reverse_proxy.md +327 -0
docs/room_and_user_statistics.md +22 -0
docs/sample_config.yaml +47 -0
docs/sample_log_config.yaml +75 -0
docs/server_notices.md +66 -0
docs/setup/forward_proxy.md +89 -0
docs/setup/installation.md +656 -0
docs/setup/security.md +41 -0
docs/setup/turn/coturn.md +197 -0
docs/setup/turn/eturnal.md +170 -0
docs/spam_checker.md +122 -0
docs/sso_mapping_providers.md +208 -0
docs/structured_logging.md +80 -0
docs/synctl_workers.md +36 -0
docs/systemd-with-workers/README.md +101 -0
docs/systemd-with-workers/system/matrix-synapse-worker@.service +26 -0
docs/systemd-with-workers/system/matrix-synapse.service +23 -0
docs/systemd-with-workers/system/matrix-synapse.target +6 -0
docs/systemd-with-workers/workers/background_worker.yaml +4 -0
docs/systemd-with-workers/workers/event_persister.yaml +20 -0
docs/systemd-with-workers/workers/federation_sender.yaml +4 -0
docs/systemd-with-workers/workers/generic_worker.yaml +11 -0
docs/systemd-with-workers/workers/media_worker.yaml +11 -0
docs/systemd-with-workers/workers/pusher_worker.yaml +4 -0
docs/tcp_replication.md +258 -0
docs/templates.md +254 -0
docs/turn-howto.md +168 -0
docs/upgrade.md +2876 -0
docs/usage/administration/README.md +7 -0
docs/usage/administration/admin_api/README.md +47 -0
docs/usage/administration/admin_api/background_updates.md +109 -0
docs/usage/administration/admin_api/federation.md +212 -0
docs/usage/administration/admin_api/registration_tokens.md +298 -0
docs/usage/administration/admin_faq.md +294 -0
docs/usage/administration/backups.md +125 -0
docs/usage/administration/database_maintenance_tools.md +18 -0
docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md +77 -0
docs/usage/administration/monthly_active_users.md +84 -0
docs/usage/administration/request_log.md +44 -0
docs/usage/administration/state_groups.md +25 -0
docs/usage/administration/understanding_synapse_through_grafana_graphs.md +83 -0
docs/usage/administration/useful_sql_for_admins.md +216 -0
docs/usage/configuration/README.md +4 -0
docs/usage/configuration/config_documentation.md +4768 -0
docs/usage/configuration/homeserver_sample_config.md +17 -0
docs/usage/configuration/logging_sample_config.md +19 -0
docs/usage/configuration/user_authentication/README.md +15 -0
docs/usage/configuration/user_authentication/refresh_tokens.md +139 -0
docs/usage/configuration/user_authentication/single_sign_on/README.md +5 -0
docs/usage/configuration/user_authentication/single_sign_on/cas.md +8 -0
docs/usage/configuration/user_authentication/single_sign_on/saml.md +8 -0
docs/user_directory.md +130 -0
docs/website_files/README.md +35 -0
docs/website_files/indent-section-headers.css +7 -0
docs/website_files/remove-nav-buttons.css +8 -0
docs/website_files/table-of-contents.css +47 -0
docs/website_files/table-of-contents.js +148 -0
docs/website_files/theme/index.hbs +324 -0
docs/website_files/version-picker.css +78 -0
docs/website_files/version-picker.js +147 -0
docs/website_files/version.js +1 -0
docs/welcome_and_overview.md +67 -0
docs/workers.md +897 -0
matrix_synapse-1.145.0rc2.dist-info/METADATA +260 -0
matrix_synapse-1.145.0rc2.dist-info/RECORD +1636 -0
matrix_synapse-1.145.0rc2.dist-info/WHEEL +5 -0
matrix_synapse-1.145.0rc2.dist-info/entry_points.txt +13 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/AUTHORS.rst +51 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/LICENSE-AGPL-3.0 +661 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/LICENSE-COMMERCIAL +6 -0
mypy.ini +115 -0
rust/Cargo.toml +63 -0
rust/build.rs +45 -0
scripts-dev/build_debian_packages.py +228 -0
scripts-dev/check-newsfragment.sh +62 -0
scripts-dev/check_line_terminators.sh +29 -0
scripts-dev/check_locked_deps_have_sdists.py +64 -0
scripts-dev/check_schema_delta.py +240 -0
scripts-dev/complement.sh +332 -0
scripts-dev/config-lint.sh +15 -0
scripts-dev/database-save.sh +15 -0
scripts-dev/docker_update_debian_changelog.sh +70 -0
scripts-dev/dump_macaroon.py +25 -0
scripts-dev/federation_client.py +428 -0
scripts-dev/gen_config_documentation.py +510 -0
scripts-dev/generate_sample_config.sh +28 -0
scripts-dev/lint.sh +141 -0
scripts-dev/make_full_schema.sh +310 -0
scripts-dev/mypy_synapse_plugin.py +918 -0
scripts-dev/next_github_number.sh +9 -0
scripts-dev/release.py +986 -0
scripts-dev/schema_versions.py +182 -0
scripts-dev/sign_json.py +172 -0
synapse/__init__.py +97 -0
synapse/_scripts/__init__.py +0 -0
synapse/_scripts/export_signing_key.py +109 -0
synapse/_scripts/generate_config.py +83 -0
synapse/_scripts/generate_log_config.py +56 -0
synapse/_scripts/generate_signing_key.py +55 -0
synapse/_scripts/generate_workers_map.py +318 -0
synapse/_scripts/hash_password.py +95 -0
synapse/_scripts/move_remote_media_to_new_store.py +128 -0
synapse/_scripts/register_new_matrix_user.py +402 -0
synapse/_scripts/review_recent_signups.py +212 -0
synapse/_scripts/synapse_port_db.py +1604 -0
synapse/_scripts/synctl.py +365 -0
synapse/_scripts/update_synapse_database.py +130 -0
synapse/api/__init__.py +20 -0
synapse/api/auth/__init__.py +207 -0
synapse/api/auth/base.py +406 -0
synapse/api/auth/internal.py +299 -0
synapse/api/auth/mas.py +436 -0
synapse/api/auth/msc3861_delegated.py +617 -0
synapse/api/auth_blocking.py +144 -0
synapse/api/constants.py +379 -0
synapse/api/errors.py +913 -0
synapse/api/filtering.py +537 -0
synapse/api/presence.py +102 -0
synapse/api/ratelimiting.py +481 -0
synapse/api/room_versions.py +535 -0
synapse/api/urls.py +118 -0
synapse/app/__init__.py +62 -0
synapse/app/_base.py +906 -0
synapse/app/admin_cmd.py +388 -0
synapse/app/appservice.py +30 -0
synapse/app/client_reader.py +30 -0
synapse/app/complement_fork_starter.py +206 -0
synapse/app/event_creator.py +29 -0
synapse/app/federation_reader.py +30 -0
synapse/app/federation_sender.py +30 -0
synapse/app/frontend_proxy.py +30 -0
synapse/app/generic_worker.py +475 -0
synapse/app/homeserver.py +505 -0
synapse/app/media_repository.py +30 -0
synapse/app/phone_stats_home.py +292 -0
synapse/app/pusher.py +30 -0
synapse/app/synchrotron.py +30 -0
synapse/app/user_dir.py +31 -0
synapse/appservice/__init__.py +458 -0
synapse/appservice/api.py +567 -0
synapse/appservice/scheduler.py +565 -0
synapse/config/__init__.py +27 -0
synapse/config/__main__.py +62 -0
synapse/config/_base.py +1154 -0
synapse/config/_base.pyi +216 -0
synapse/config/_util.py +99 -0
synapse/config/account_validity.py +116 -0
synapse/config/api.py +141 -0
synapse/config/appservice.py +210 -0
synapse/config/auth.py +80 -0
synapse/config/auto_accept_invites.py +43 -0
synapse/config/background_updates.py +44 -0
synapse/config/cache.py +231 -0
synapse/config/captcha.py +90 -0
synapse/config/cas.py +116 -0
synapse/config/consent.py +73 -0
synapse/config/database.py +184 -0
synapse/config/emailconfig.py +367 -0
synapse/config/experimental.py +601 -0
synapse/config/federation.py +114 -0
synapse/config/homeserver.py +141 -0
synapse/config/jwt.py +55 -0
synapse/config/key.py +447 -0
synapse/config/logger.py +390 -0
synapse/config/mas.py +192 -0
synapse/config/matrixrtc.py +66 -0
synapse/config/metrics.py +93 -0
synapse/config/modules.py +40 -0
synapse/config/oembed.py +185 -0
synapse/config/oidc.py +509 -0
synapse/config/password_auth_providers.py +82 -0
synapse/config/push.py +64 -0
synapse/config/ratelimiting.py +260 -0
synapse/config/redis.py +74 -0
synapse/config/registration.py +296 -0
synapse/config/repository.py +311 -0
synapse/config/retention.py +162 -0
synapse/config/room.py +88 -0
synapse/config/room_directory.py +165 -0
synapse/config/saml2.py +251 -0
synapse/config/server.py +1139 -0
synapse/config/server_notices.py +84 -0
synapse/config/spam_checker.py +66 -0
synapse/config/sso.py +121 -0
synapse/config/stats.py +54 -0
synapse/config/third_party_event_rules.py +40 -0
synapse/config/tls.py +192 -0
synapse/config/tracer.py +71 -0
synapse/config/user_directory.py +47 -0
synapse/config/user_types.py +42 -0
synapse/config/voip.py +59 -0
synapse/config/workers.py +642 -0
synapse/crypto/__init__.py +20 -0
synapse/crypto/context_factory.py +278 -0
synapse/crypto/event_signing.py +194 -0
synapse/crypto/keyring.py +980 -0
synapse/event_auth.py +1266 -0
synapse/events/__init__.py +667 -0
synapse/events/auto_accept_invites.py +216 -0
synapse/events/builder.py +387 -0
synapse/events/presence_router.py +243 -0
synapse/events/snapshot.py +559 -0
synapse/events/utils.py +924 -0
synapse/events/validator.py +305 -0
synapse/federation/__init__.py +22 -0
synapse/federation/federation_base.py +382 -0
synapse/federation/federation_client.py +2133 -0
synapse/federation/federation_server.py +1543 -0
synapse/federation/persistence.py +70 -0
synapse/federation/send_queue.py +532 -0
synapse/federation/sender/__init__.py +1165 -0
synapse/federation/sender/per_destination_queue.py +886 -0
synapse/federation/sender/transaction_manager.py +210 -0
synapse/federation/transport/__init__.py +28 -0
synapse/federation/transport/client.py +1199 -0
synapse/federation/transport/server/__init__.py +334 -0
synapse/federation/transport/server/_base.py +429 -0
synapse/federation/transport/server/federation.py +910 -0
synapse/federation/units.py +133 -0
synapse/handlers/__init__.py +20 -0
synapse/handlers/account.py +162 -0
synapse/handlers/account_data.py +360 -0
synapse/handlers/account_validity.py +362 -0
synapse/handlers/admin.py +615 -0
synapse/handlers/appservice.py +989 -0
synapse/handlers/auth.py +2482 -0
synapse/handlers/cas.py +413 -0
synapse/handlers/deactivate_account.py +363 -0
synapse/handlers/delayed_events.py +607 -0
synapse/handlers/device.py +1869 -0
synapse/handlers/devicemessage.py +399 -0
synapse/handlers/directory.py +545 -0
synapse/handlers/e2e_keys.py +1835 -0
synapse/handlers/e2e_room_keys.py +455 -0
synapse/handlers/event_auth.py +390 -0
synapse/handlers/events.py +203 -0
synapse/handlers/federation.py +2042 -0
synapse/handlers/federation_event.py +2420 -0
synapse/handlers/identity.py +812 -0
synapse/handlers/initial_sync.py +528 -0
synapse/handlers/jwt.py +120 -0
synapse/handlers/message.py +2357 -0
synapse/handlers/oidc.py +1801 -0
synapse/handlers/pagination.py +811 -0
synapse/handlers/password_policy.py +102 -0
synapse/handlers/presence.py +2634 -0
synapse/handlers/profile.py +656 -0
synapse/handlers/push_rules.py +164 -0
synapse/handlers/read_marker.py +79 -0
synapse/handlers/receipts.py +351 -0
synapse/handlers/register.py +1059 -0
synapse/handlers/relations.py +623 -0
synapse/handlers/reports.py +98 -0
synapse/handlers/room.py +2449 -0
synapse/handlers/room_list.py +632 -0
synapse/handlers/room_member.py +2366 -0
synapse/handlers/room_member_worker.py +146 -0
synapse/handlers/room_policy.py +186 -0
synapse/handlers/room_summary.py +1057 -0
synapse/handlers/saml.py +524 -0
synapse/handlers/search.py +723 -0
synapse/handlers/send_email.py +209 -0
synapse/handlers/set_password.py +71 -0
synapse/handlers/sliding_sync/__init__.py +1961 -0
synapse/handlers/sliding_sync/extensions.py +969 -0
synapse/handlers/sliding_sync/room_lists.py +2317 -0
synapse/handlers/sliding_sync/store.py +126 -0
synapse/handlers/sso.py +1291 -0
synapse/handlers/state_deltas.py +82 -0
synapse/handlers/stats.py +322 -0
synapse/handlers/sync.py +3096 -0
synapse/handlers/thread_subscriptions.py +190 -0
synapse/handlers/typing.py +612 -0
synapse/handlers/ui_auth/__init__.py +48 -0
synapse/handlers/ui_auth/checkers.py +332 -0
synapse/handlers/user_directory.py +786 -0
synapse/handlers/worker_lock.py +371 -0
synapse/http/__init__.py +105 -0
synapse/http/additional_resource.py +62 -0
synapse/http/client.py +1377 -0
synapse/http/connectproxyclient.py +316 -0
synapse/http/federation/__init__.py +19 -0
synapse/http/federation/matrix_federation_agent.py +490 -0
synapse/http/federation/srv_resolver.py +196 -0
synapse/http/federation/well_known_resolver.py +368 -0
synapse/http/matrixfederationclient.py +1874 -0
synapse/http/proxy.py +290 -0
synapse/http/proxyagent.py +497 -0
synapse/http/replicationagent.py +203 -0
synapse/http/request_metrics.py +309 -0
synapse/http/server.py +1111 -0
synapse/http/servlet.py +1018 -0
synapse/http/site.py +952 -0
synapse/http/types.py +27 -0
synapse/logging/__init__.py +31 -0
synapse/logging/_remote.py +261 -0
synapse/logging/_terse_json.py +95 -0
synapse/logging/context.py +1209 -0
synapse/logging/formatter.py +62 -0
synapse/logging/handlers.py +99 -0
synapse/logging/loggers.py +25 -0
synapse/logging/opentracing.py +1132 -0
synapse/logging/scopecontextmanager.py +160 -0
synapse/media/_base.py +831 -0
synapse/media/filepath.py +417 -0
synapse/media/media_repository.py +1595 -0
synapse/media/media_storage.py +703 -0
synapse/media/oembed.py +277 -0
synapse/media/preview_html.py +556 -0
synapse/media/storage_provider.py +195 -0
synapse/media/thumbnailer.py +833 -0
synapse/media/url_previewer.py +884 -0
synapse/metrics/__init__.py +748 -0
synapse/metrics/_gc.py +219 -0
synapse/metrics/_reactor_metrics.py +171 -0
synapse/metrics/_types.py +38 -0
synapse/metrics/background_process_metrics.py +555 -0
synapse/metrics/common_usage_metrics.py +95 -0
synapse/metrics/jemalloc.py +248 -0
synapse/module_api/__init__.py +2131 -0
synapse/module_api/callbacks/__init__.py +50 -0
synapse/module_api/callbacks/account_validity_callbacks.py +106 -0
synapse/module_api/callbacks/media_repository_callbacks.py +157 -0
synapse/module_api/callbacks/ratelimit_callbacks.py +78 -0
synapse/module_api/callbacks/spamchecker_callbacks.py +991 -0
synapse/module_api/callbacks/third_party_event_rules_callbacks.py +592 -0
synapse/module_api/errors.py +42 -0
synapse/notifier.py +969 -0
synapse/push/__init__.py +212 -0
synapse/push/bulk_push_rule_evaluator.py +635 -0
synapse/push/clientformat.py +126 -0
synapse/push/emailpusher.py +334 -0
synapse/push/httppusher.py +565 -0
synapse/push/mailer.py +1009 -0
synapse/push/presentable_names.py +216 -0
synapse/push/push_tools.py +114 -0
synapse/push/push_types.py +141 -0
synapse/push/pusher.py +87 -0
synapse/push/pusherpool.py +501 -0
synapse/push/rulekinds.py +33 -0
synapse/py.typed +0 -0
synapse/replication/__init__.py +20 -0
synapse/replication/http/__init__.py +68 -0
synapse/replication/http/_base.py +469 -0
synapse/replication/http/account_data.py +297 -0
synapse/replication/http/deactivate_account.py +81 -0
synapse/replication/http/delayed_events.py +62 -0
synapse/replication/http/devices.py +254 -0
synapse/replication/http/federation.py +334 -0
synapse/replication/http/login.py +106 -0
synapse/replication/http/membership.py +364 -0
synapse/replication/http/presence.py +133 -0
synapse/replication/http/push.py +156 -0
synapse/replication/http/register.py +172 -0
synapse/replication/http/send_events.py +182 -0
synapse/replication/http/state.py +82 -0
synapse/replication/http/streams.py +101 -0
synapse/replication/tcp/__init__.py +56 -0
synapse/replication/tcp/client.py +553 -0
synapse/replication/tcp/commands.py +569 -0
synapse/replication/tcp/context.py +41 -0
synapse/replication/tcp/external_cache.py +156 -0
synapse/replication/tcp/handler.py +922 -0
synapse/replication/tcp/protocol.py +611 -0
synapse/replication/tcp/redis.py +510 -0
synapse/replication/tcp/resource.py +349 -0
synapse/replication/tcp/streams/__init__.py +96 -0
synapse/replication/tcp/streams/_base.py +765 -0
synapse/replication/tcp/streams/events.py +287 -0
synapse/replication/tcp/streams/federation.py +92 -0
synapse/replication/tcp/streams/partial_state.py +80 -0
synapse/res/providers.json +29 -0
synapse/res/templates/_base.html +29 -0
synapse/res/templates/account_previously_renewed.html +6 -0
synapse/res/templates/account_renewed.html +6 -0
synapse/res/templates/add_threepid.html +8 -0
synapse/res/templates/add_threepid.txt +6 -0
synapse/res/templates/add_threepid_failure.html +7 -0
synapse/res/templates/add_threepid_success.html +6 -0
synapse/res/templates/already_in_use.html +12 -0
synapse/res/templates/already_in_use.txt +10 -0
synapse/res/templates/auth_success.html +21 -0
synapse/res/templates/invalid_token.html +6 -0
synapse/res/templates/mail-Element.css +7 -0
synapse/res/templates/mail-Vector.css +7 -0
synapse/res/templates/mail-expiry.css +4 -0
synapse/res/templates/mail.css +156 -0
synapse/res/templates/notice_expiry.html +46 -0
synapse/res/templates/notice_expiry.txt +7 -0
synapse/res/templates/notif.html +51 -0
synapse/res/templates/notif.txt +22 -0
synapse/res/templates/notif_mail.html +59 -0
synapse/res/templates/notif_mail.txt +10 -0
synapse/res/templates/password_reset.html +10 -0
synapse/res/templates/password_reset.txt +7 -0
synapse/res/templates/password_reset_confirmation.html +15 -0
synapse/res/templates/password_reset_failure.html +7 -0
synapse/res/templates/password_reset_success.html +6 -0
synapse/res/templates/recaptcha.html +42 -0
synapse/res/templates/registration.html +12 -0
synapse/res/templates/registration.txt +10 -0
synapse/res/templates/registration_failure.html +6 -0
synapse/res/templates/registration_success.html +6 -0
synapse/res/templates/registration_token.html +18 -0
synapse/res/templates/room.html +33 -0
synapse/res/templates/room.txt +9 -0
synapse/res/templates/sso.css +129 -0
synapse/res/templates/sso_account_deactivated.html +25 -0
synapse/res/templates/sso_auth_account_details.html +186 -0
synapse/res/templates/sso_auth_account_details.js +116 -0
synapse/res/templates/sso_auth_bad_user.html +26 -0
synapse/res/templates/sso_auth_confirm.html +27 -0
synapse/res/templates/sso_auth_success.html +26 -0
synapse/res/templates/sso_error.html +71 -0
synapse/res/templates/sso_footer.html +19 -0
synapse/res/templates/sso_login_idp_picker.html +60 -0
synapse/res/templates/sso_new_user_consent.html +30 -0
synapse/res/templates/sso_partial_profile.html +19 -0
synapse/res/templates/sso_redirect_confirm.html +39 -0
synapse/res/templates/style.css +33 -0
synapse/res/templates/terms.html +27 -0
synapse/rest/__init__.py +197 -0
synapse/rest/admin/__init__.py +395 -0
synapse/rest/admin/_base.py +72 -0
synapse/rest/admin/background_updates.py +171 -0
synapse/rest/admin/devices.py +221 -0
synapse/rest/admin/event_reports.py +173 -0
synapse/rest/admin/events.py +69 -0
synapse/rest/admin/experimental_features.py +137 -0
synapse/rest/admin/federation.py +243 -0
synapse/rest/admin/media.py +540 -0
synapse/rest/admin/registration_tokens.py +358 -0
synapse/rest/admin/rooms.py +1092 -0
synapse/rest/admin/scheduled_tasks.py +70 -0
synapse/rest/admin/server_notice_servlet.py +132 -0
synapse/rest/admin/statistics.py +132 -0
synapse/rest/admin/username_available.py +58 -0
synapse/rest/admin/users.py +1634 -0
synapse/rest/client/__init__.py +20 -0
synapse/rest/client/_base.py +113 -0
synapse/rest/client/account.py +937 -0
synapse/rest/client/account_data.py +319 -0
synapse/rest/client/account_validity.py +103 -0
synapse/rest/client/appservice_ping.py +125 -0
synapse/rest/client/auth.py +218 -0
synapse/rest/client/auth_metadata.py +122 -0
synapse/rest/client/capabilities.py +121 -0
synapse/rest/client/delayed_events.py +165 -0
synapse/rest/client/devices.py +587 -0
synapse/rest/client/directory.py +211 -0
synapse/rest/client/events.py +116 -0
synapse/rest/client/filter.py +112 -0
synapse/rest/client/initial_sync.py +65 -0
synapse/rest/client/keys.py +678 -0
synapse/rest/client/knock.py +104 -0
synapse/rest/client/login.py +750 -0
synapse/rest/client/login_token_request.py +127 -0
synapse/rest/client/logout.py +93 -0
synapse/rest/client/matrixrtc.py +52 -0
synapse/rest/client/media.py +307 -0
synapse/rest/client/mutual_rooms.py +145 -0
synapse/rest/client/notifications.py +137 -0
synapse/rest/client/openid.py +109 -0
synapse/rest/client/password_policy.py +69 -0
synapse/rest/client/presence.py +131 -0
synapse/rest/client/profile.py +291 -0
synapse/rest/client/push_rule.py +331 -0
synapse/rest/client/pusher.py +181 -0
synapse/rest/client/read_marker.py +104 -0
synapse/rest/client/receipts.py +165 -0
synapse/rest/client/register.py +1072 -0
synapse/rest/client/relations.py +138 -0
synapse/rest/client/rendezvous.py +76 -0
synapse/rest/client/reporting.py +207 -0
synapse/rest/client/room.py +1763 -0
synapse/rest/client/room_keys.py +426 -0
synapse/rest/client/room_upgrade_rest_servlet.py +112 -0
synapse/rest/client/sendtodevice.py +85 -0
synapse/rest/client/sync.py +1131 -0
synapse/rest/client/tags.py +129 -0
synapse/rest/client/thirdparty.py +130 -0
synapse/rest/client/thread_subscriptions.py +247 -0
synapse/rest/client/tokenrefresh.py +52 -0
synapse/rest/client/transactions.py +150 -0
synapse/rest/client/user_directory.py +99 -0
synapse/rest/client/versions.py +193 -0
synapse/rest/client/voip.py +88 -0
synapse/rest/consent/__init__.py +0 -0
synapse/rest/consent/consent_resource.py +210 -0
synapse/rest/health.py +38 -0
synapse/rest/key/__init__.py +20 -0
synapse/rest/key/v2/__init__.py +40 -0
synapse/rest/key/v2/local_key_resource.py +125 -0
synapse/rest/key/v2/remote_key_resource.py +302 -0
synapse/rest/media/__init__.py +0 -0
synapse/rest/media/config_resource.py +53 -0
synapse/rest/media/create_resource.py +90 -0
synapse/rest/media/download_resource.py +110 -0
synapse/rest/media/media_repository_resource.py +113 -0
synapse/rest/media/preview_url_resource.py +77 -0
synapse/rest/media/thumbnail_resource.py +142 -0
synapse/rest/media/upload_resource.py +187 -0
synapse/rest/media/v1/__init__.py +39 -0
synapse/rest/media/v1/_base.py +23 -0
synapse/rest/media/v1/media_storage.py +23 -0
synapse/rest/media/v1/storage_provider.py +23 -0
synapse/rest/synapse/__init__.py +20 -0
synapse/rest/synapse/client/__init__.py +93 -0
synapse/rest/synapse/client/federation_whitelist.py +66 -0
synapse/rest/synapse/client/jwks.py +77 -0
synapse/rest/synapse/client/new_user_consent.py +115 -0
synapse/rest/synapse/client/oidc/__init__.py +45 -0
synapse/rest/synapse/client/oidc/backchannel_logout_resource.py +42 -0
synapse/rest/synapse/client/oidc/callback_resource.py +48 -0
synapse/rest/synapse/client/password_reset.py +129 -0
synapse/rest/synapse/client/pick_idp.py +107 -0
synapse/rest/synapse/client/pick_username.py +153 -0
synapse/rest/synapse/client/rendezvous.py +58 -0
synapse/rest/synapse/client/saml2/__init__.py +42 -0
synapse/rest/synapse/client/saml2/metadata_resource.py +46 -0
synapse/rest/synapse/client/saml2/response_resource.py +52 -0
synapse/rest/synapse/client/sso_register.py +56 -0
synapse/rest/synapse/client/unsubscribe.py +88 -0
synapse/rest/synapse/mas/__init__.py +71 -0
synapse/rest/synapse/mas/_base.py +55 -0
synapse/rest/synapse/mas/devices.py +239 -0
synapse/rest/synapse/mas/users.py +469 -0
synapse/rest/well_known.py +148 -0
synapse/server.py +1279 -0
synapse/server_notices/__init__.py +0 -0
synapse/server_notices/consent_server_notices.py +136 -0
synapse/server_notices/resource_limits_server_notices.py +215 -0
synapse/server_notices/server_notices_manager.py +388 -0
synapse/server_notices/server_notices_sender.py +67 -0
synapse/server_notices/worker_server_notices_sender.py +46 -0
synapse/spam_checker_api/__init__.py +31 -0
synapse/state/__init__.py +1023 -0
synapse/state/v1.py +369 -0
synapse/state/v2.py +985 -0
synapse/static/client/login/index.html +47 -0
synapse/static/client/login/js/jquery-3.4.1.min.js +2 -0
synapse/static/client/login/js/login.js +291 -0
synapse/static/client/login/spinner.gif +0 -0
synapse/static/client/login/style.css +79 -0
synapse/static/index.html +63 -0
synapse/storage/__init__.py +43 -0
synapse/storage/_base.py +245 -0
synapse/storage/admin_client_config.py +25 -0
synapse/storage/background_updates.py +1189 -0
synapse/storage/controllers/__init__.py +57 -0
synapse/storage/controllers/persist_events.py +1237 -0
synapse/storage/controllers/purge_events.py +456 -0
synapse/storage/controllers/state.py +950 -0
synapse/storage/controllers/stats.py +119 -0
synapse/storage/database.py +2720 -0
synapse/storage/databases/__init__.py +175 -0
synapse/storage/databases/main/__init__.py +420 -0
synapse/storage/databases/main/account_data.py +1073 -0
synapse/storage/databases/main/appservice.py +473 -0
synapse/storage/databases/main/cache.py +912 -0
synapse/storage/databases/main/censor_events.py +226 -0
synapse/storage/databases/main/client_ips.py +816 -0
synapse/storage/databases/main/delayed_events.py +577 -0
synapse/storage/databases/main/deviceinbox.py +1272 -0
synapse/storage/databases/main/devices.py +2579 -0
synapse/storage/databases/main/directory.py +212 -0
synapse/storage/databases/main/e2e_room_keys.py +689 -0
synapse/storage/databases/main/end_to_end_keys.py +1894 -0
synapse/storage/databases/main/event_federation.py +2511 -0
synapse/storage/databases/main/event_push_actions.py +1936 -0
synapse/storage/databases/main/events.py +3765 -0
synapse/storage/databases/main/events_bg_updates.py +2910 -0
synapse/storage/databases/main/events_forward_extremities.py +126 -0
synapse/storage/databases/main/events_worker.py +2787 -0
synapse/storage/databases/main/experimental_features.py +130 -0
synapse/storage/databases/main/filtering.py +231 -0
synapse/storage/databases/main/keys.py +291 -0
synapse/storage/databases/main/lock.py +554 -0
synapse/storage/databases/main/media_repository.py +1068 -0
synapse/storage/databases/main/metrics.py +461 -0
synapse/storage/databases/main/monthly_active_users.py +443 -0
synapse/storage/databases/main/openid.py +60 -0
synapse/storage/databases/main/presence.py +509 -0
synapse/storage/databases/main/profile.py +539 -0
synapse/storage/databases/main/purge_events.py +521 -0
synapse/storage/databases/main/push_rule.py +970 -0
synapse/storage/databases/main/pusher.py +793 -0
synapse/storage/databases/main/receipts.py +1341 -0
synapse/storage/databases/main/registration.py +3071 -0
synapse/storage/databases/main/rejections.py +37 -0
synapse/storage/databases/main/relations.py +1116 -0
synapse/storage/databases/main/room.py +2779 -0
synapse/storage/databases/main/roommember.py +2132 -0
synapse/storage/databases/main/search.py +939 -0
synapse/storage/databases/main/session.py +152 -0
synapse/storage/databases/main/signatures.py +94 -0
synapse/storage/databases/main/sliding_sync.py +842 -0
synapse/storage/databases/main/state.py +1002 -0
synapse/storage/databases/main/state_deltas.py +360 -0
synapse/storage/databases/main/stats.py +789 -0
synapse/storage/databases/main/stream.py +2589 -0
synapse/storage/databases/main/tags.py +360 -0
synapse/storage/databases/main/task_scheduler.py +225 -0
synapse/storage/databases/main/thread_subscriptions.py +589 -0
synapse/storage/databases/main/transactions.py +676 -0
synapse/storage/databases/main/ui_auth.py +420 -0
synapse/storage/databases/main/user_directory.py +1330 -0
synapse/storage/databases/main/user_erasure_store.py +117 -0
synapse/storage/databases/state/__init__.py +22 -0
synapse/storage/databases/state/bg_updates.py +497 -0
synapse/storage/databases/state/deletion.py +557 -0
synapse/storage/databases/state/store.py +948 -0
synapse/storage/engines/__init__.py +70 -0
synapse/storage/engines/_base.py +154 -0
synapse/storage/engines/postgres.py +261 -0
synapse/storage/engines/sqlite.py +199 -0
synapse/storage/invite_rule.py +152 -0
synapse/storage/keys.py +40 -0
synapse/storage/prepare_database.py +730 -0
synapse/storage/push_rule.py +28 -0
synapse/storage/roommember.py +88 -0
synapse/storage/schema/README.md +4 -0
synapse/storage/schema/__init__.py +186 -0
synapse/storage/schema/common/delta/25/00background_updates.sql +40 -0
synapse/storage/schema/common/delta/35/00background_updates_add_col.sql +36 -0
synapse/storage/schema/common/delta/58/00background_update_ordering.sql +38 -0
synapse/storage/schema/common/full_schemas/72/full.sql.postgres +8 -0
synapse/storage/schema/common/full_schemas/72/full.sql.sqlite +6 -0
synapse/storage/schema/common/schema_version.sql +60 -0
synapse/storage/schema/main/delta/12/v12.sql +82 -0
synapse/storage/schema/main/delta/13/v13.sql +38 -0
synapse/storage/schema/main/delta/14/v14.sql +42 -0
synapse/storage/schema/main/delta/15/appservice_txns.sql +50 -0
synapse/storage/schema/main/delta/15/presence_indices.sql +2 -0
synapse/storage/schema/main/delta/15/v15.sql +24 -0
synapse/storage/schema/main/delta/16/events_order_index.sql +4 -0
synapse/storage/schema/main/delta/16/remote_media_cache_index.sql +2 -0
synapse/storage/schema/main/delta/16/remove_duplicates.sql +9 -0
synapse/storage/schema/main/delta/16/room_alias_index.sql +3 -0
synapse/storage/schema/main/delta/16/unique_constraints.sql +72 -0
synapse/storage/schema/main/delta/16/users.sql +56 -0
synapse/storage/schema/main/delta/17/drop_indexes.sql +37 -0
synapse/storage/schema/main/delta/17/server_keys.sql +43 -0
synapse/storage/schema/main/delta/17/user_threepids.sql +9 -0
synapse/storage/schema/main/delta/18/server_keys_bigger_ints.sql +51 -0
synapse/storage/schema/main/delta/19/event_index.sql +38 -0
synapse/storage/schema/main/delta/20/dummy.sql +1 -0
synapse/storage/schema/main/delta/20/pushers.py +93 -0
synapse/storage/schema/main/delta/21/end_to_end_keys.sql +53 -0
synapse/storage/schema/main/delta/21/receipts.sql +57 -0
synapse/storage/schema/main/delta/22/receipts_index.sql +41 -0
synapse/storage/schema/main/delta/22/user_threepids_unique.sql +19 -0
synapse/storage/schema/main/delta/24/stats_reporting.sql +37 -0
synapse/storage/schema/main/delta/25/fts.py +81 -0
synapse/storage/schema/main/delta/25/guest_access.sql +44 -0
synapse/storage/schema/main/delta/25/history_visibility.sql +44 -0
synapse/storage/schema/main/delta/25/tags.sql +57 -0
synapse/storage/schema/main/delta/26/account_data.sql +36 -0
synapse/storage/schema/main/delta/27/account_data.sql +55 -0
synapse/storage/schema/main/delta/27/forgotten_memberships.sql +45 -0
synapse/storage/schema/main/delta/27/ts.py +61 -0
synapse/storage/schema/main/delta/28/event_push_actions.sql +46 -0
synapse/storage/schema/main/delta/28/events_room_stream.sql +39 -0
synapse/storage/schema/main/delta/28/public_roms_index.sql +39 -0
synapse/storage/schema/main/delta/28/receipts_user_id_index.sql +41 -0
synapse/storage/schema/main/delta/28/upgrade_times.sql +40 -0
synapse/storage/schema/main/delta/28/users_is_guest.sql +41 -0
synapse/storage/schema/main/delta/29/push_actions.sql +54 -0
synapse/storage/schema/main/delta/30/alias_creator.sql +35 -0
synapse/storage/schema/main/delta/30/as_users.py +82 -0
synapse/storage/schema/main/delta/30/deleted_pushers.sql +44 -0
synapse/storage/schema/main/delta/30/presence_stream.sql +49 -0
synapse/storage/schema/main/delta/30/public_rooms.sql +42 -0
synapse/storage/schema/main/delta/30/push_rule_stream.sql +57 -0
synapse/storage/schema/main/delta/30/threepid_guest_access_tokens.sql +43 -0
synapse/storage/schema/main/delta/31/invites.sql +61 -0
synapse/storage/schema/main/delta/31/local_media_repository_url_cache.sql +46 -0
synapse/storage/schema/main/delta/31/pushers_0.py +92 -0
synapse/storage/schema/main/delta/31/pushers_index.sql +41 -0
synapse/storage/schema/main/delta/31/search_update.py +65 -0
synapse/storage/schema/main/delta/32/events.sql +35 -0
synapse/storage/schema/main/delta/32/openid.sql +9 -0
synapse/storage/schema/main/delta/32/pusher_throttle.sql +42 -0
synapse/storage/schema/main/delta/32/remove_indices.sql +52 -0
synapse/storage/schema/main/delta/32/reports.sql +44 -0
synapse/storage/schema/main/delta/33/access_tokens_device_index.sql +36 -0
synapse/storage/schema/main/delta/33/devices.sql +40 -0
synapse/storage/schema/main/delta/33/devices_for_e2e_keys.sql +38 -0
synapse/storage/schema/main/delta/33/devices_for_e2e_keys_clear_unknown_device.sql +39 -0
synapse/storage/schema/main/delta/33/event_fields.py +61 -0
synapse/storage/schema/main/delta/33/remote_media_ts.py +43 -0
synapse/storage/schema/main/delta/33/user_ips_index.sql +36 -0
synapse/storage/schema/main/delta/34/appservice_stream.sql +42 -0
synapse/storage/schema/main/delta/34/cache_stream.py +50 -0
synapse/storage/schema/main/delta/34/device_inbox.sql +43 -0
synapse/storage/schema/main/delta/34/push_display_name_rename.sql +39 -0
synapse/storage/schema/main/delta/34/received_txn_purge.py +36 -0
synapse/storage/schema/main/delta/35/contains_url.sql +36 -0
synapse/storage/schema/main/delta/35/device_outbox.sql +58 -0
synapse/storage/schema/main/delta/35/device_stream_id.sql +40 -0
synapse/storage/schema/main/delta/35/event_push_actions_index.sql +36 -0
synapse/storage/schema/main/delta/35/public_room_list_change_stream.sql +52 -0
synapse/storage/schema/main/delta/35/stream_order_to_extrem.sql +56 -0
synapse/storage/schema/main/delta/36/readd_public_rooms.sql +45 -0
synapse/storage/schema/main/delta/37/remove_auth_idx.py +89 -0
synapse/storage/schema/main/delta/37/user_threepids.sql +71 -0
synapse/storage/schema/main/delta/38/postgres_fts_gist.sql +38 -0
synapse/storage/schema/main/delta/39/appservice_room_list.sql +48 -0
synapse/storage/schema/main/delta/39/device_federation_stream_idx.sql +35 -0
synapse/storage/schema/main/delta/39/event_push_index.sql +36 -0
synapse/storage/schema/main/delta/39/federation_out_position.sql +41 -0
synapse/storage/schema/main/delta/39/membership_profile.sql +39 -0
synapse/storage/schema/main/delta/40/current_state_idx.sql +36 -0
synapse/storage/schema/main/delta/40/device_inbox.sql +40 -0
synapse/storage/schema/main/delta/40/device_list_streams.sql +79 -0
synapse/storage/schema/main/delta/40/event_push_summary.sql +57 -0
synapse/storage/schema/main/delta/40/pushers.sql +58 -0
synapse/storage/schema/main/delta/41/device_list_stream_idx.sql +36 -0
synapse/storage/schema/main/delta/41/device_outbound_index.sql +35 -0
synapse/storage/schema/main/delta/41/event_search_event_id_idx.sql +36 -0
synapse/storage/schema/main/delta/41/ratelimit.sql +41 -0
synapse/storage/schema/main/delta/42/current_state_delta.sql +48 -0
synapse/storage/schema/main/delta/42/device_list_last_id.sql +52 -0
synapse/storage/schema/main/delta/42/event_auth_state_only.sql +36 -0
synapse/storage/schema/main/delta/42/user_dir.py +88 -0
synapse/storage/schema/main/delta/43/blocked_rooms.sql +40 -0
synapse/storage/schema/main/delta/43/quarantine_media.sql +36 -0
synapse/storage/schema/main/delta/43/url_cache.sql +35 -0
synapse/storage/schema/main/delta/43/user_share.sql +52 -0
synapse/storage/schema/main/delta/44/expire_url_cache.sql +60 -0
synapse/storage/schema/main/delta/45/group_server.sql +186 -0
synapse/storage/schema/main/delta/45/profile_cache.sql +47 -0
synapse/storage/schema/main/delta/46/drop_refresh_tokens.sql +36 -0
synapse/storage/schema/main/delta/46/drop_unique_deleted_pushers.sql +54 -0
synapse/storage/schema/main/delta/46/group_server.sql +51 -0
synapse/storage/schema/main/delta/46/local_media_repository_url_idx.sql +43 -0
synapse/storage/schema/main/delta/46/user_dir_null_room_ids.sql +54 -0
synapse/storage/schema/main/delta/46/user_dir_typos.sql +43 -0
synapse/storage/schema/main/delta/47/last_access_media.sql +35 -0
synapse/storage/schema/main/delta/47/postgres_fts_gin.sql +36 -0
synapse/storage/schema/main/delta/47/push_actions_staging.sql +47 -0
synapse/storage/schema/main/delta/48/add_user_consent.sql +37 -0
synapse/storage/schema/main/delta/48/add_user_ips_last_seen_index.sql +36 -0
synapse/storage/schema/main/delta/48/deactivated_users.sql +44 -0
synapse/storage/schema/main/delta/48/group_unique_indexes.py +67 -0
synapse/storage/schema/main/delta/48/groups_joinable.sql +41 -0
synapse/storage/schema/main/delta/49/add_user_consent_server_notice_sent.sql +39 -0
synapse/storage/schema/main/delta/49/add_user_daily_visits.sql +40 -0
synapse/storage/schema/main/delta/49/add_user_ips_last_seen_only_index.sql +36 -0
synapse/storage/schema/main/delta/50/add_creation_ts_users_index.sql +38 -0
synapse/storage/schema/main/delta/50/erasure_store.sql +40 -0
synapse/storage/schema/main/delta/50/make_event_content_nullable.py +102 -0
synapse/storage/schema/main/delta/51/e2e_room_keys.sql +58 -0
synapse/storage/schema/main/delta/51/monthly_active_users.sql +46 -0
synapse/storage/schema/main/delta/52/add_event_to_state_group_index.sql +38 -0
synapse/storage/schema/main/delta/52/device_list_streams_unique_idx.sql +55 -0
synapse/storage/schema/main/delta/52/e2e_room_keys.sql +72 -0
synapse/storage/schema/main/delta/53/add_user_type_to_users.sql +38 -0
synapse/storage/schema/main/delta/53/drop_sent_transactions.sql +35 -0
synapse/storage/schema/main/delta/53/event_format_version.sql +35 -0
synapse/storage/schema/main/delta/53/user_dir_populate.sql +49 -0
synapse/storage/schema/main/delta/53/user_ips_index.sql +49 -0
synapse/storage/schema/main/delta/53/user_share.sql +63 -0
synapse/storage/schema/main/delta/53/user_threepid_id.sql +48 -0
synapse/storage/schema/main/delta/53/users_in_public_rooms.sql +47 -0
synapse/storage/schema/main/delta/54/account_validity_with_renewal.sql +49 -0
synapse/storage/schema/main/delta/54/add_validity_to_server_keys.sql +42 -0
synapse/storage/schema/main/delta/54/delete_forward_extremities.sql +42 -0
synapse/storage/schema/main/delta/54/drop_legacy_tables.sql +49 -0
synapse/storage/schema/main/delta/54/drop_presence_list.sql +35 -0
synapse/storage/schema/main/delta/54/relations.sql +46 -0
synapse/storage/schema/main/delta/54/stats.sql +99 -0
synapse/storage/schema/main/delta/54/stats2.sql +47 -0
synapse/storage/schema/main/delta/55/access_token_expiry.sql +37 -0
synapse/storage/schema/main/delta/55/track_threepid_validations.sql +50 -0
synapse/storage/schema/main/delta/55/users_alter_deactivated.sql +38 -0
synapse/storage/schema/main/delta/56/add_spans_to_device_lists.sql +39 -0
synapse/storage/schema/main/delta/56/current_state_events_membership.sql +41 -0
synapse/storage/schema/main/delta/56/current_state_events_membership_mk2.sql +43 -0
synapse/storage/schema/main/delta/56/delete_keys_from_deleted_backups.sql +44 -0
synapse/storage/schema/main/delta/56/destinations_failure_ts.sql +44 -0
synapse/storage/schema/main/delta/56/destinations_retry_interval_type.sql.postgres +18 -0
synapse/storage/schema/main/delta/56/device_stream_id_insert.sql +39 -0
synapse/storage/schema/main/delta/56/devices_last_seen.sql +43 -0
synapse/storage/schema/main/delta/56/drop_unused_event_tables.sql +39 -0
synapse/storage/schema/main/delta/56/event_expiry.sql +40 -0
synapse/storage/schema/main/delta/56/event_labels.sql +49 -0
synapse/storage/schema/main/delta/56/event_labels_background_update.sql +36 -0
synapse/storage/schema/main/delta/56/fix_room_keys_index.sql +37 -0
synapse/storage/schema/main/delta/56/hidden_devices.sql +37 -0
synapse/storage/schema/main/delta/56/hidden_devices_fix.sql.sqlite +42 -0
synapse/storage/schema/main/delta/56/nuke_empty_communities_from_db.sql +48 -0
synapse/storage/schema/main/delta/56/public_room_list_idx.sql +35 -0
synapse/storage/schema/main/delta/56/redaction_censor.sql +35 -0
synapse/storage/schema/main/delta/56/redaction_censor2.sql +41 -0
synapse/storage/schema/main/delta/56/redaction_censor3_fix_update.sql.postgres +25 -0
synapse/storage/schema/main/delta/56/redaction_censor4.sql +35 -0
synapse/storage/schema/main/delta/56/remove_tombstoned_rooms_from_directory.sql +38 -0
synapse/storage/schema/main/delta/56/room_key_etag.sql +36 -0
synapse/storage/schema/main/delta/56/room_membership_idx.sql +37 -0
synapse/storage/schema/main/delta/56/room_retention.sql +52 -0
synapse/storage/schema/main/delta/56/signing_keys.sql +75 -0
synapse/storage/schema/main/delta/56/signing_keys_nonunique_signatures.sql +41 -0
synapse/storage/schema/main/delta/56/stats_separated.sql +175 -0
synapse/storage/schema/main/delta/56/unique_user_filter_index.py +46 -0
synapse/storage/schema/main/delta/56/user_external_ids.sql +43 -0
synapse/storage/schema/main/delta/56/users_in_public_rooms_idx.sql +36 -0
synapse/storage/schema/main/delta/57/delete_old_current_state_events.sql +41 -0
synapse/storage/schema/main/delta/57/device_list_remote_cache_stale.sql +44 -0
synapse/storage/schema/main/delta/57/local_current_membership.py +111 -0
synapse/storage/schema/main/delta/57/remove_sent_outbound_pokes.sql +40 -0
synapse/storage/schema/main/delta/57/rooms_version_column.sql +43 -0
synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.postgres +35 -0
synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.sqlite +22 -0
synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.postgres +39 -0
synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.sqlite +23 -0
synapse/storage/schema/main/delta/58/02remove_dup_outbound_pokes.sql +41 -0
synapse/storage/schema/main/delta/58/03persist_ui_auth.sql +55 -0
synapse/storage/schema/main/delta/58/05cache_instance.sql.postgres +30 -0
synapse/storage/schema/main/delta/58/06dlols_unique_idx.py +83 -0
synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.postgres +33 -0
synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.sqlite +44 -0
synapse/storage/schema/main/delta/58/07persist_ui_auth_ips.sql +44 -0
synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.postgres +18 -0
synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.sqlite +18 -0
synapse/storage/schema/main/delta/58/09shadow_ban.sql +37 -0
synapse/storage/schema/main/delta/58/10_pushrules_enabled_delete_obsolete.sql +47 -0
synapse/storage/schema/main/delta/58/10drop_local_rejections_stream.sql +41 -0
synapse/storage/schema/main/delta/58/10federation_pos_instance_name.sql +41 -0
synapse/storage/schema/main/delta/58/11dehydration.sql +39 -0
synapse/storage/schema/main/delta/58/11fallback.sql +43 -0
synapse/storage/schema/main/delta/58/11user_id_seq.py +38 -0
synapse/storage/schema/main/delta/58/12room_stats.sql +51 -0
synapse/storage/schema/main/delta/58/13remove_presence_allow_inbound.sql +36 -0
synapse/storage/schema/main/delta/58/14events_instance_name.sql +35 -0
synapse/storage/schema/main/delta/58/14events_instance_name.sql.postgres +28 -0
synapse/storage/schema/main/delta/58/15_catchup_destination_rooms.sql +61 -0
synapse/storage/schema/main/delta/58/15unread_count.sql +45 -0
synapse/storage/schema/main/delta/58/16populate_stats_process_rooms_fix.sql +41 -0
synapse/storage/schema/main/delta/58/17_catchup_last_successful.sql +40 -0
synapse/storage/schema/main/delta/58/18stream_positions.sql +41 -0
synapse/storage/schema/main/delta/58/19instance_map.sql.postgres +25 -0
synapse/storage/schema/main/delta/58/19txn_id.sql +59 -0
synapse/storage/schema/main/delta/58/20instance_name_event_tables.sql +36 -0
synapse/storage/schema/main/delta/58/20user_daily_visits.sql +37 -0
synapse/storage/schema/main/delta/58/21as_device_stream.sql +36 -0
synapse/storage/schema/main/delta/58/21drop_device_max_stream_id.sql +1 -0
synapse/storage/schema/main/delta/58/22puppet_token.sql +36 -0
synapse/storage/schema/main/delta/58/22users_have_local_media.sql +2 -0
synapse/storage/schema/main/delta/58/23e2e_cross_signing_keys_idx.sql +36 -0
synapse/storage/schema/main/delta/58/24drop_event_json_index.sql +38 -0
synapse/storage/schema/main/delta/58/25user_external_ids_user_id_idx.sql +36 -0
synapse/storage/schema/main/delta/58/26access_token_last_validated.sql +37 -0
synapse/storage/schema/main/delta/58/27local_invites.sql +37 -0
synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.postgres +16 -0
synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.sqlite +62 -0
synapse/storage/schema/main/delta/59/01ignored_user.py +85 -0
synapse/storage/schema/main/delta/59/02shard_send_to_device.sql +37 -0
synapse/storage/schema/main/delta/59/03shard_send_to_device_sequence.sql.postgres +25 -0
synapse/storage/schema/main/delta/59/04_event_auth_chains.sql +71 -0
synapse/storage/schema/main/delta/59/04_event_auth_chains.sql.postgres +16 -0
synapse/storage/schema/main/delta/59/04drop_account_data.sql +36 -0
synapse/storage/schema/main/delta/59/05cache_invalidation.sql +36 -0
synapse/storage/schema/main/delta/59/06chain_cover_index.sql +36 -0
synapse/storage/schema/main/delta/59/06shard_account_data.sql +39 -0
synapse/storage/schema/main/delta/59/06shard_account_data.sql.postgres +32 -0
synapse/storage/schema/main/delta/59/07shard_account_data_fix.sql +37 -0
synapse/storage/schema/main/delta/59/08delete_pushers_for_deactivated_accounts.sql +39 -0
synapse/storage/schema/main/delta/59/08delete_stale_pushers.sql +39 -0
synapse/storage/schema/main/delta/59/09rejected_events_metadata.sql +45 -0
synapse/storage/schema/main/delta/59/10delete_purged_chain_cover.sql +36 -0
synapse/storage/schema/main/delta/59/11add_knock_members_to_stats.sql +39 -0
synapse/storage/schema/main/delta/59/11drop_thumbnail_constraint.sql.postgres +22 -0
synapse/storage/schema/main/delta/59/12account_validity_token_used_ts_ms.sql +37 -0
synapse/storage/schema/main/delta/59/12presence_stream_instance.sql +37 -0
synapse/storage/schema/main/delta/59/12presence_stream_instance_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/59/13users_to_send_full_presence_to.sql +53 -0
synapse/storage/schema/main/delta/59/14refresh_tokens.sql +53 -0
synapse/storage/schema/main/delta/59/15locks.sql +56 -0
synapse/storage/schema/main/delta/59/16federation_inbound_staging.sql +51 -0
synapse/storage/schema/main/delta/60/01recreate_stream_ordering.sql.postgres +45 -0
synapse/storage/schema/main/delta/60/02change_stream_ordering_columns.sql.postgres +30 -0
synapse/storage/schema/main/delta/61/01change_appservices_txns.sql.postgres +23 -0
synapse/storage/schema/main/delta/61/01insertion_event_lookups.sql +68 -0
synapse/storage/schema/main/delta/61/02drop_redundant_room_depth_index.sql +37 -0
synapse/storage/schema/main/delta/61/03recreate_min_depth.py +74 -0
synapse/storage/schema/main/delta/62/01insertion_event_extremities.sql +43 -0
synapse/storage/schema/main/delta/63/01create_registration_tokens.sql +42 -0
synapse/storage/schema/main/delta/63/02delete_unlinked_email_pushers.sql +39 -0
synapse/storage/schema/main/delta/63/02populate-rooms-creator.sql +36 -0
synapse/storage/schema/main/delta/63/03session_store.sql +42 -0
synapse/storage/schema/main/delta/63/04add_presence_stream_not_offline_index.sql +37 -0
synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.postgres +23 -0
synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.sqlite +37 -0
synapse/storage/schema/main/delta/65/01msc2716_insertion_event_edges.sql +38 -0
synapse/storage/schema/main/delta/65/03remove_hidden_devices_from_device_inbox.sql +41 -0
synapse/storage/schema/main/delta/65/04_local_group_updates.sql +37 -0
synapse/storage/schema/main/delta/65/05_remove_room_stats_historical_and_user_stats_historical.sql +38 -0
synapse/storage/schema/main/delta/65/06remove_deleted_devices_from_device_inbox.sql +53 -0
synapse/storage/schema/main/delta/65/07_arbitrary_relations.sql +37 -0
synapse/storage/schema/main/delta/65/08_device_inbox_background_updates.sql +37 -0
synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql +47 -0
synapse/storage/schema/main/delta/65/11_devices_auth_provider_session.sql +46 -0
synapse/storage/schema/main/delta/67/01drop_public_room_list_stream.sql +37 -0
synapse/storage/schema/main/delta/68/01event_columns.sql +45 -0
synapse/storage/schema/main/delta/68/02_msc2409_add_device_id_appservice_stream_type.sql +40 -0
synapse/storage/schema/main/delta/68/03_delete_account_data_for_deactivated_accounts.sql +39 -0
synapse/storage/schema/main/delta/68/04_refresh_tokens_index_next_token_id.sql +47 -0
synapse/storage/schema/main/delta/68/04partial_state_rooms.sql +60 -0
synapse/storage/schema/main/delta/68/05_delete_non_strings_from_event_search.sql.sqlite +22 -0
synapse/storage/schema/main/delta/68/05partial_state_rooms_triggers.py +80 -0
synapse/storage/schema/main/delta/68/06_msc3202_add_device_list_appservice_stream_type.sql +42 -0
synapse/storage/schema/main/delta/69/01as_txn_seq.py +54 -0
synapse/storage/schema/main/delta/69/01device_list_oubound_by_room.sql +57 -0
synapse/storage/schema/main/delta/69/02cache_invalidation_index.sql +37 -0
synapse/storage/schema/main/delta/70/01clean_table_purged_rooms.sql +39 -0
synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.postgres +43 -0
synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.sqlite +47 -0
synapse/storage/schema/main/delta/71/01remove_noop_background_updates.sql +80 -0
synapse/storage/schema/main/delta/71/02event_push_summary_unique.sql +37 -0
synapse/storage/schema/main/delta/72/01add_room_type_to_state_stats.sql +38 -0
synapse/storage/schema/main/delta/72/01event_push_summary_receipt.sql +54 -0
synapse/storage/schema/main/delta/72/02event_push_actions_index.sql +38 -0
synapse/storage/schema/main/delta/72/03bg_populate_events_columns.py +57 -0
synapse/storage/schema/main/delta/72/03drop_event_reference_hashes.sql +36 -0
synapse/storage/schema/main/delta/72/03remove_groups.sql +50 -0
synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.postgres +17 -0
synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.sqlite +40 -0
synapse/storage/schema/main/delta/72/05receipts_event_stream_ordering.sql +38 -0
synapse/storage/schema/main/delta/72/05remove_unstable_private_read_receipts.sql +38 -0
synapse/storage/schema/main/delta/72/06add_consent_ts_to_users.sql +35 -0
synapse/storage/schema/main/delta/72/06thread_notifications.sql +49 -0
synapse/storage/schema/main/delta/72/07force_update_current_state_events_membership.py +67 -0
synapse/storage/schema/main/delta/72/07thread_receipts.sql.postgres +30 -0
synapse/storage/schema/main/delta/72/07thread_receipts.sql.sqlite +70 -0
synapse/storage/schema/main/delta/72/08begin_cache_invalidation_seq_at_2.sql.postgres +23 -0
synapse/storage/schema/main/delta/72/08thread_receipts.sql +39 -0
synapse/storage/schema/main/delta/72/09partial_indices.sql.sqlite +56 -0
synapse/storage/schema/main/delta/73/01event_failed_pull_attempts.sql +48 -0
synapse/storage/schema/main/delta/73/02add_pusher_enabled.sql +35 -0
synapse/storage/schema/main/delta/73/02room_id_indexes_for_purging.sql +41 -0
synapse/storage/schema/main/delta/73/03pusher_device_id.sql +39 -0
synapse/storage/schema/main/delta/73/03users_approved_column.sql +39 -0
synapse/storage/schema/main/delta/73/04partial_join_details.sql +42 -0
synapse/storage/schema/main/delta/73/04pending_device_list_updates.sql +47 -0
synapse/storage/schema/main/delta/73/05old_push_actions.sql.postgres +22 -0
synapse/storage/schema/main/delta/73/05old_push_actions.sql.sqlite +24 -0
synapse/storage/schema/main/delta/73/06thread_notifications_thread_id_idx.sql +42 -0
synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.postgres +23 -0
synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.sqlite +76 -0
synapse/storage/schema/main/delta/73/09partial_joined_via_destination.sql +37 -0
synapse/storage/schema/main/delta/73/09threads_table.sql +49 -0
synapse/storage/schema/main/delta/73/10_update_sqlite_fts4_tokenizer.py +71 -0
synapse/storage/schema/main/delta/73/10login_tokens.sql +54 -0
synapse/storage/schema/main/delta/73/11event_search_room_id_n_distinct.sql.postgres +33 -0
synapse/storage/schema/main/delta/73/12refactor_device_list_outbound_pokes.sql +72 -0
synapse/storage/schema/main/delta/73/13add_device_lists_index.sql +39 -0
synapse/storage/schema/main/delta/73/20_un_partial_stated_room_stream.sql +51 -0
synapse/storage/schema/main/delta/73/21_un_partial_stated_room_stream_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/73/22_rebuild_user_dir_stats.sql +48 -0
synapse/storage/schema/main/delta/73/22_un_partial_stated_event_stream.sql +53 -0
synapse/storage/schema/main/delta/73/23_fix_thread_index.sql +52 -0
synapse/storage/schema/main/delta/73/23_un_partial_stated_room_stream_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/73/24_events_jump_to_date_index.sql +36 -0
synapse/storage/schema/main/delta/73/25drop_presence.sql +36 -0
synapse/storage/schema/main/delta/74/01_user_directory_stale_remote_users.sql +58 -0
synapse/storage/schema/main/delta/74/02_set_device_id_for_pushers_bg_update.sql +38 -0
synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.postgres +29 -0
synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.sqlite +23 -0
synapse/storage/schema/main/delta/74/03_room_membership_index.sql +38 -0
synapse/storage/schema/main/delta/74/04_delete_e2e_backup_keys_for_deactivated_users.sql +36 -0
synapse/storage/schema/main/delta/74/04_membership_tables_event_stream_ordering_triggers.py +87 -0
synapse/storage/schema/main/delta/74/05_events_txn_id_device_id.sql +72 -0
synapse/storage/schema/main/delta/74/90COMMENTS_destinations.sql.postgres +52 -0
synapse/storage/schema/main/delta/76/01_add_profiles_full_user_id_column.sql +39 -0
synapse/storage/schema/main/delta/76/02_add_user_filters_full_user_id_column.sql +39 -0
synapse/storage/schema/main/delta/76/03_per_user_experimental_features.sql +46 -0
synapse/storage/schema/main/delta/76/04_add_room_forgetter.sql +43 -0
synapse/storage/schema/main/delta/77/01_add_profiles_not_valid_check.sql.postgres +16 -0
synapse/storage/schema/main/delta/77/02_add_user_filters_not_valid_check.sql.postgres +16 -0
synapse/storage/schema/main/delta/77/03bg_populate_full_user_id_profiles.sql +35 -0
synapse/storage/schema/main/delta/77/04bg_populate_full_user_id_user_filters.sql +35 -0
synapse/storage/schema/main/delta/77/05thread_notifications_backfill.sql +67 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null.sql.sqlite +102 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions.sql.postgres +27 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions_staging.sql.postgres +27 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_summary.sql.postgres +29 -0
synapse/storage/schema/main/delta/77/14bg_indices_event_stream_ordering.sql +39 -0
synapse/storage/schema/main/delta/78/01_validate_and_update_profiles.py +99 -0
synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py +100 -0
synapse/storage/schema/main/delta/78/03_remove_unused_indexes_user_filters.py +72 -0
synapse/storage/schema/main/delta/78/03event_extremities_constraints.py +65 -0
synapse/storage/schema/main/delta/78/04_add_full_user_id_index_user_filters.py +32 -0
synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.postgres +102 -0
synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.sqlite +72 -0
synapse/storage/schema/main/delta/79/04_mitigate_stream_ordering_update_race.py +70 -0
synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.postgres +69 -0
synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.sqlite +65 -0
synapse/storage/schema/main/delta/80/01_users_alter_locked.sql +35 -0
synapse/storage/schema/main/delta/80/02_read_write_locks_unlogged.sql.postgres +30 -0
synapse/storage/schema/main/delta/80/02_scheduled_tasks.sql +47 -0
synapse/storage/schema/main/delta/80/03_read_write_locks_triggers.sql.postgres +37 -0
synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres +71 -0
synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql +35 -0
synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql +39 -0
synapse/storage/schema/main/delta/82/05gaps.sql +44 -0
synapse/storage/schema/main/delta/83/01_drop_old_tables.sql +43 -0
synapse/storage/schema/main/delta/83/03_instance_name_receipts.sql.sqlite +17 -0
synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql +34 -0
synapse/storage/schema/main/delta/83/06_event_push_summary_room.sql +36 -0
synapse/storage/schema/main/delta/84/01_auth_links_stats.sql.postgres +20 -0
synapse/storage/schema/main/delta/84/02_auth_links_index.sql +16 -0
synapse/storage/schema/main/delta/84/03_auth_links_analyze.sql.postgres +16 -0
synapse/storage/schema/main/delta/84/04_access_token_index.sql +15 -0
synapse/storage/schema/main/delta/85/01_add_suspended.sql +14 -0
synapse/storage/schema/main/delta/85/02_add_instance_names.sql +27 -0
synapse/storage/schema/main/delta/85/03_new_sequences.sql.postgres +54 -0
synapse/storage/schema/main/delta/85/04_cleanup_device_federation_outbox.sql +15 -0
synapse/storage/schema/main/delta/85/05_add_instance_names_converted_pos.sql +16 -0
synapse/storage/schema/main/delta/85/06_add_room_reports.sql +20 -0
synapse/storage/schema/main/delta/86/01_authenticate_media.sql +15 -0
synapse/storage/schema/main/delta/86/02_receipts_event_id_index.sql +15 -0
synapse/storage/schema/main/delta/87/01_sliding_sync_memberships.sql +169 -0
synapse/storage/schema/main/delta/87/02_per_connection_state.sql +81 -0
synapse/storage/schema/main/delta/87/03_current_state_index.sql +19 -0
synapse/storage/schema/main/delta/88/01_add_delayed_events.sql +43 -0
synapse/storage/schema/main/delta/88/01_custom_profile_fields.sql +15 -0
synapse/storage/schema/main/delta/88/02_fix_sliding_sync_membership_snapshots_forgotten_column.sql +21 -0
synapse/storage/schema/main/delta/88/03_add_otk_ts_added_index.sql +18 -0
synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql +18 -0
synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.postgres +19 -0
synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.sqlite +19 -0
synapse/storage/schema/main/delta/88/05_sliding_sync_room_config_index.sql +20 -0
synapse/storage/schema/main/delta/88/06_events_received_ts_index.sql +17 -0
synapse/storage/schema/main/delta/89/01_sliding_sync_membership_snapshot_index.sql +15 -0
synapse/storage/schema/main/delta/90/01_add_column_participant_room_memberships_table.sql +16 -0
synapse/storage/schema/main/delta/91/01_media_hash.sql +28 -0
synapse/storage/schema/main/delta/92/01_remove_trigger.sql.postgres +16 -0
synapse/storage/schema/main/delta/92/01_remove_trigger.sql.sqlite +16 -0
synapse/storage/schema/main/delta/92/02_remove_populate_participant_bg_update.sql +17 -0
synapse/storage/schema/main/delta/92/04_ss_membership_snapshot_idx.sql +16 -0
synapse/storage/schema/main/delta/92/04_thread_subscriptions.sql +59 -0
synapse/storage/schema/main/delta/92/04_thread_subscriptions_seq.sql.postgres +19 -0
synapse/storage/schema/main/delta/92/05_fixup_max_depth_cap.sql +17 -0
synapse/storage/schema/main/delta/92/05_thread_subscriptions_comments.sql.postgres +18 -0
synapse/storage/schema/main/delta/92/06_device_federation_inbox_index.sql +16 -0
synapse/storage/schema/main/delta/92/06_threads_last_sent_stream_ordering_comments.sql.postgres +24 -0
synapse/storage/schema/main/delta/92/07_add_user_reports.sql +22 -0
synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql +15 -0
synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql +21 -0
synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres +19 -0
synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql +20 -0
synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres +18 -0
synapse/storage/schema/main/delta/93/01_add_delayed_events.sql +15 -0
synapse/storage/schema/main/delta/93/02_sliding_sync_members.sql +60 -0
synapse/storage/schema/main/delta/93/03_sss_pos_last_used.sql +27 -0
synapse/storage/schema/main/full_schemas/72/full.sql.postgres +1344 -0
synapse/storage/schema/main/full_schemas/72/full.sql.sqlite +646 -0
synapse/storage/schema/state/delta/23/drop_state_index.sql +35 -0
synapse/storage/schema/state/delta/32/remove_state_indices.sql +38 -0
synapse/storage/schema/state/delta/35/add_state_index.sql +36 -0
synapse/storage/schema/state/delta/35/state.sql +41 -0
synapse/storage/schema/state/delta/35/state_dedupe.sql +36 -0
synapse/storage/schema/state/delta/47/state_group_seq.py +38 -0
synapse/storage/schema/state/delta/56/state_group_room_idx.sql +36 -0
synapse/storage/schema/state/delta/61/02state_groups_state_n_distinct.sql.postgres +34 -0
synapse/storage/schema/state/delta/70/08_state_group_edges_unique.sql +36 -0
synapse/storage/schema/state/delta/89/01_state_groups_deletion.sql +39 -0
synapse/storage/schema/state/delta/90/02_delete_unreferenced_state_groups.sql +16 -0
synapse/storage/schema/state/delta/90/03_remove_old_deletion_bg_update.sql +15 -0
synapse/storage/schema/state/full_schemas/72/full.sql.postgres +30 -0
synapse/storage/schema/state/full_schemas/72/full.sql.sqlite +20 -0
synapse/storage/types.py +183 -0
synapse/storage/util/__init__.py +20 -0
synapse/storage/util/id_generators.py +928 -0
synapse/storage/util/partial_state_events_tracker.py +194 -0
synapse/storage/util/sequence.py +315 -0
synapse/streams/__init__.py +43 -0
synapse/streams/config.py +91 -0
synapse/streams/events.py +203 -0
synapse/synapse_rust/__init__.pyi +3 -0
synapse/synapse_rust/acl.pyi +20 -0
synapse/synapse_rust/events.pyi +136 -0
synapse/synapse_rust/http_client.pyi +32 -0
synapse/synapse_rust/push.pyi +86 -0
synapse/synapse_rust/rendezvous.pyi +30 -0
synapse/synapse_rust/segmenter.pyi +1 -0
synapse/synapse_rust.abi3.so +0 -0
synapse/types/__init__.py +1600 -0
synapse/types/handlers/__init__.py +93 -0
synapse/types/handlers/policy_server.py +16 -0
synapse/types/handlers/sliding_sync.py +1004 -0
synapse/types/rest/__init__.py +25 -0
synapse/types/rest/client/__init__.py +413 -0
synapse/types/state.py +634 -0
synapse/types/storage/__init__.py +66 -0
synapse/util/__init__.py +160 -0
synapse/util/async_helpers.py +1048 -0
synapse/util/background_queue.py +142 -0
synapse/util/batching_queue.py +203 -0
synapse/util/caches/__init__.py +300 -0
synapse/util/caches/cached_call.py +143 -0
synapse/util/caches/deferred_cache.py +530 -0
synapse/util/caches/descriptors.py +692 -0
synapse/util/caches/dictionary_cache.py +346 -0
synapse/util/caches/expiringcache.py +250 -0
synapse/util/caches/lrucache.py +976 -0
synapse/util/caches/response_cache.py +323 -0
synapse/util/caches/stream_change_cache.py +370 -0
synapse/util/caches/treecache.py +189 -0
synapse/util/caches/ttlcache.py +197 -0
synapse/util/cancellation.py +63 -0
synapse/util/check_dependencies.py +335 -0
synapse/util/clock.py +592 -0
synapse/util/daemonize.py +165 -0
synapse/util/distributor.py +157 -0
synapse/util/duration.py +117 -0
synapse/util/events.py +134 -0
synapse/util/file_consumer.py +164 -0
synapse/util/frozenutils.py +57 -0
synapse/util/gai_resolver.py +178 -0
synapse/util/hash.py +38 -0
synapse/util/httpresourcetree.py +108 -0
synapse/util/iterutils.py +190 -0
synapse/util/json.py +56 -0
synapse/util/linked_list.py +156 -0
synapse/util/logcontext.py +46 -0
synapse/util/logformatter.py +28 -0
synapse/util/macaroons.py +325 -0
synapse/util/manhole.py +191 -0
synapse/util/metrics.py +339 -0
synapse/util/module_loader.py +116 -0
synapse/util/msisdn.py +51 -0
synapse/util/patch_inline_callbacks.py +250 -0
synapse/util/pydantic_models.py +63 -0
synapse/util/ratelimitutils.py +422 -0
synapse/util/retryutils.py +339 -0
synapse/util/rlimit.py +42 -0
synapse/util/rust.py +164 -0
synapse/util/sentinel.py +21 -0
synapse/util/stringutils.py +293 -0
synapse/util/task_scheduler.py +494 -0
synapse/util/templates.py +126 -0
synapse/util/threepids.py +123 -0
synapse/util/wheel_timer.py +112 -0
synapse/visibility.py +869 -0
synmark/__init__.py +47 -0
synmark/__main__.py +128 -0
synmark/suites/__init__.py +9 -0
synmark/suites/logging.py +154 -0
synmark/suites/lrucache.py +48 -0
synmark/suites/lrucache_evict.py +49 -0
sytest-blacklist +33 -0
tests/__init__.py +29 -0
tests/api/__init__.py +0 -0
tests/api/test_auth.py +548 -0
tests/api/test_errors.py +46 -0
tests/api/test_filtering.py +622 -0
tests/api/test_ratelimiting.py +505 -0
tests/api/test_urls.py +81 -0
tests/app/__init__.py +0 -0
tests/app/test_homeserver_shutdown.py +271 -0
tests/app/test_homeserver_start.py +49 -0
tests/app/test_openid_listener.py +139 -0
tests/app/test_phone_stats_home.py +248 -0
tests/appservice/__init__.py +20 -0
tests/appservice/test_api.py +253 -0
tests/appservice/test_appservice.py +259 -0
tests/appservice/test_scheduler.py +477 -0
tests/config/__init__.py +20 -0
tests/config/test___main__.py +38 -0
tests/config/test_api.py +146 -0
tests/config/test_appservice.py +48 -0
tests/config/test_background_update.py +65 -0
tests/config/test_base.py +151 -0
tests/config/test_cache.py +193 -0
tests/config/test_database.py +42 -0
tests/config/test_generate.py +72 -0
tests/config/test_load.py +322 -0
tests/config/test_oauth_delegation.py +454 -0
tests/config/test_ratelimiting.py +77 -0
tests/config/test_registration_config.py +203 -0
tests/config/test_room_directory.py +203 -0
tests/config/test_server.py +248 -0
tests/config/test_tls.py +209 -0
tests/config/test_util.py +59 -0
tests/config/test_workers.py +332 -0
tests/config/utils.py +66 -0
tests/crypto/__init__.py +20 -0
tests/crypto/test_event_signing.py +109 -0
tests/crypto/test_keyring.py +737 -0
tests/events/__init__.py +0 -0
tests/events/test_auto_accept_invites.py +827 -0
tests/events/test_presence_router.py +540 -0
tests/events/test_snapshot.py +121 -0
tests/events/test_utils.py +986 -0
tests/federation/__init__.py +0 -0
tests/federation/test_complexity.py +257 -0
tests/federation/test_federation_catch_up.py +585 -0
tests/federation/test_federation_client.py +316 -0
tests/federation/test_federation_devices.py +161 -0
tests/federation/test_federation_media.py +295 -0
tests/federation/test_federation_out_of_band_membership.py +671 -0
tests/federation/test_federation_sender.py +956 -0
tests/federation/test_federation_server.py +631 -0
tests/federation/transport/__init__.py +0 -0
tests/federation/transport/server/__init__.py +20 -0
tests/federation/transport/server/test__base.py +156 -0
tests/federation/transport/test_client.py +157 -0
tests/federation/transport/test_knocking.py +323 -0
tests/federation/transport/test_server.py +74 -0
tests/handlers/__init__.py +0 -0
tests/handlers/oidc_test_key.p8 +5 -0
tests/handlers/oidc_test_key.pub.pem +4 -0
tests/handlers/test_admin.py +361 -0
tests/handlers/test_appservice.py +1336 -0
tests/handlers/test_auth.py +248 -0
tests/handlers/test_cas.py +239 -0
tests/handlers/test_deactivate_account.py +485 -0
tests/handlers/test_device.py +665 -0
tests/handlers/test_directory.py +613 -0
tests/handlers/test_e2e_keys.py +2025 -0
tests/handlers/test_e2e_room_keys.py +569 -0
tests/handlers/test_federation.py +794 -0
tests/handlers/test_federation_event.py +1181 -0
tests/handlers/test_message.py +322 -0
tests/handlers/test_oauth_delegation.py +1314 -0
tests/handlers/test_oidc.py +1688 -0
tests/handlers/test_password_providers.py +987 -0
tests/handlers/test_presence.py +2144 -0
tests/handlers/test_profile.py +401 -0
tests/handlers/test_receipts.py +342 -0
tests/handlers/test_register.py +880 -0
tests/handlers/test_room.py +108 -0
tests/handlers/test_room_list.py +93 -0
tests/handlers/test_room_member.py +764 -0
tests/handlers/test_room_policy.py +468 -0
tests/handlers/test_room_summary.py +1248 -0
tests/handlers/test_saml.py +427 -0
tests/handlers/test_send_email.py +230 -0
tests/handlers/test_sliding_sync.py +5065 -0
tests/handlers/test_sso.py +152 -0
tests/handlers/test_stats.py +594 -0
tests/handlers/test_sync.py +1275 -0
tests/handlers/test_typing.py +557 -0
tests/handlers/test_user_directory.py +1435 -0
tests/handlers/test_worker_lock.py +126 -0
tests/http/__init__.py +196 -0
tests/http/ca.crt +19 -0
tests/http/ca.key +27 -0
tests/http/federation/__init__.py +19 -0
tests/http/federation/test_matrix_federation_agent.py +1855 -0
tests/http/federation/test_srv_resolver.py +220 -0
tests/http/server/__init__.py +20 -0
tests/http/server/_base.py +621 -0
tests/http/server.key +27 -0
tests/http/test_additional_resource.py +76 -0
tests/http/test_client.py +422 -0
tests/http/test_endpoint.py +62 -0
tests/http/test_matrixfederationclient.py +1092 -0
tests/http/test_proxy.py +75 -0
tests/http/test_proxyagent.py +1008 -0
tests/http/test_servlet.py +145 -0
tests/http/test_simple_client.py +188 -0
tests/http/test_site.py +247 -0
tests/logging/__init__.py +42 -0
tests/logging/test_loggers.py +127 -0
tests/logging/test_opentracing.py +524 -0
tests/logging/test_remote_handler.py +184 -0
tests/logging/test_terse_json.py +253 -0
tests/media/__init__.py +20 -0
tests/media/test_base.py +88 -0
tests/media/test_filepath.py +602 -0
tests/media/test_html_preview.py +565 -0
tests/media/test_media_retention.py +299 -0
tests/media/test_media_storage.py +1401 -0
tests/media/test_oembed.py +172 -0
tests/media/test_url_previewer.py +120 -0
tests/metrics/__init__.py +0 -0
tests/metrics/test_background_process_metrics.py +21 -0
tests/metrics/test_metrics.py +407 -0
tests/metrics/test_phone_home_stats.py +263 -0
tests/module_api/__init__.py +0 -0
tests/module_api/test_account_data_manager.py +171 -0
tests/module_api/test_api.py +1035 -0
tests/module_api/test_event_unsigned_addition.py +66 -0
tests/module_api/test_spamchecker.py +286 -0
tests/push/__init__.py +0 -0
tests/push/test_bulk_push_rule_evaluator.py +652 -0
tests/push/test_email.py +570 -0
tests/push/test_http.py +1247 -0
tests/push/test_presentable_names.py +238 -0
tests/push/test_push_rule_evaluator.py +1069 -0
tests/replication/__init__.py +20 -0
tests/replication/_base.py +619 -0
tests/replication/http/__init__.py +20 -0
tests/replication/http/test__base.py +113 -0
tests/replication/storage/__init__.py +20 -0
tests/replication/storage/_base.py +85 -0
tests/replication/storage/test_events.py +299 -0
tests/replication/tcp/__init__.py +19 -0
tests/replication/tcp/streams/__init__.py +19 -0
tests/replication/tcp/streams/test_account_data.py +133 -0
tests/replication/tcp/streams/test_events.py +565 -0
tests/replication/tcp/streams/test_federation.py +117 -0
tests/replication/tcp/streams/test_partial_state.py +72 -0
tests/replication/tcp/streams/test_receipts.py +110 -0
tests/replication/tcp/streams/test_thread_subscriptions.py +157 -0
tests/replication/tcp/streams/test_to_device.py +112 -0
tests/replication/tcp/streams/test_typing.py +223 -0
tests/replication/tcp/test_commands.py +50 -0
tests/replication/tcp/test_handler.py +211 -0
tests/replication/test_auth.py +120 -0
tests/replication/test_client_reader_shard.py +101 -0
tests/replication/test_federation_ack.py +88 -0
tests/replication/test_federation_sender_shard.py +352 -0
tests/replication/test_module_cache_invalidation.py +89 -0
tests/replication/test_multi_media_repo.py +496 -0
tests/replication/test_pusher_shard.py +192 -0
tests/replication/test_sharded_event_persister.py +332 -0
tests/replication/test_sharded_receipts.py +250 -0
tests/rest/__init__.py +20 -0
tests/rest/admin/__init__.py +19 -0
tests/rest/admin/test_admin.py +614 -0
tests/rest/admin/test_background_updates.py +375 -0
tests/rest/admin/test_device.py +600 -0
tests/rest/admin/test_event.py +74 -0
tests/rest/admin/test_event_reports.py +781 -0
tests/rest/admin/test_federation.py +863 -0
tests/rest/admin/test_jwks.py +106 -0
tests/rest/admin/test_media.py +1091 -0
tests/rest/admin/test_registration_tokens.py +729 -0
tests/rest/admin/test_room.py +3626 -0
tests/rest/admin/test_scheduled_tasks.py +192 -0
tests/rest/admin/test_server_notice.py +753 -0
tests/rest/admin/test_statistics.py +523 -0
tests/rest/admin/test_user.py +6061 -0
tests/rest/admin/test_username_available.py +82 -0
tests/rest/client/__init__.py +20 -0
tests/rest/client/sliding_sync/__init__.py +13 -0
tests/rest/client/sliding_sync/test_connection_tracking.py +505 -0
tests/rest/client/sliding_sync/test_extension_account_data.py +1056 -0
tests/rest/client/sliding_sync/test_extension_e2ee.py +459 -0
tests/rest/client/sliding_sync/test_extension_receipts.py +934 -0
tests/rest/client/sliding_sync/test_extension_thread_subscriptions.py +497 -0
tests/rest/client/sliding_sync/test_extension_to_device.py +294 -0
tests/rest/client/sliding_sync/test_extension_typing.py +500 -0
tests/rest/client/sliding_sync/test_extensions.py +306 -0
tests/rest/client/sliding_sync/test_lists_filters.py +1975 -0
tests/rest/client/sliding_sync/test_room_subscriptions.py +303 -0
tests/rest/client/sliding_sync/test_rooms_invites.py +528 -0
tests/rest/client/sliding_sync/test_rooms_meta.py +1338 -0
tests/rest/client/sliding_sync/test_rooms_required_state.py +2247 -0
tests/rest/client/sliding_sync/test_rooms_timeline.py +718 -0
tests/rest/client/sliding_sync/test_sliding_sync.py +1688 -0
tests/rest/client/test_account.py +1543 -0
tests/rest/client/test_account_data.py +81 -0
tests/rest/client/test_auth.py +1508 -0
tests/rest/client/test_auth_metadata.py +145 -0
tests/rest/client/test_capabilities.py +318 -0
tests/rest/client/test_consent.py +138 -0
tests/rest/client/test_delayed_events.py +553 -0
tests/rest/client/test_devices.py +634 -0
tests/rest/client/test_directory.py +249 -0
tests/rest/client/test_ephemeral_message.py +113 -0
tests/rest/client/test_events.py +165 -0
tests/rest/client/test_filter.py +124 -0
tests/rest/client/test_identity.py +67 -0
tests/rest/client/test_keys.py +516 -0
tests/rest/client/test_login.py +1881 -0
tests/rest/client/test_login_token_request.py +175 -0
tests/rest/client/test_matrixrtc.py +105 -0
tests/rest/client/test_media.py +3156 -0
tests/rest/client/test_models.py +83 -0
tests/rest/client/test_mutual_rooms.py +235 -0
tests/rest/client/test_notifications.py +231 -0
tests/rest/client/test_owned_state.py +308 -0
tests/rest/client/test_password_policy.py +186 -0
tests/rest/client/test_power_levels.py +295 -0
tests/rest/client/test_presence.py +149 -0
tests/rest/client/test_profile.py +925 -0
tests/rest/client/test_push_rule_attrs.py +510 -0
tests/rest/client/test_read_marker.py +151 -0
tests/rest/client/test_receipts.py +287 -0
tests/rest/client/test_redactions.py +657 -0
tests/rest/client/test_register.py +1314 -0
tests/rest/client/test_relations.py +1954 -0
tests/rest/client/test_rendezvous.py +468 -0
tests/rest/client/test_reporting.py +324 -0
tests/rest/client/test_retention.py +389 -0
tests/rest/client/test_rooms.py +5486 -0
tests/rest/client/test_sendtodevice.py +271 -0
tests/rest/client/test_shadow_banned.py +335 -0
tests/rest/client/test_sync.py +1147 -0
tests/rest/client/test_tags.py +161 -0
tests/rest/client/test_third_party_rules.py +1076 -0
tests/rest/client/test_thread_subscriptions.py +351 -0
tests/rest/client/test_transactions.py +204 -0
tests/rest/client/test_typing.py +114 -0
tests/rest/client/test_upgrade_room.py +433 -0
tests/rest/client/utils.py +985 -0
tests/rest/key/__init__.py +0 -0
tests/rest/key/v2/__init__.py +0 -0
tests/rest/key/v2/test_remote_key_resource.py +282 -0
tests/rest/media/__init__.py +19 -0
tests/rest/media/test_domain_blocking.py +148 -0
tests/rest/media/test_url_preview.py +1445 -0
tests/rest/synapse/__init__.py +12 -0
tests/rest/synapse/client/__init__.py +12 -0
tests/rest/synapse/client/test_federation_whitelist.py +118 -0
tests/rest/synapse/mas/__init__.py +12 -0
tests/rest/synapse/mas/_base.py +43 -0
tests/rest/synapse/mas/test_devices.py +693 -0
tests/rest/synapse/mas/test_users.py +1399 -0
tests/rest/test_health.py +35 -0
tests/rest/test_well_known.py +155 -0
tests/scripts/__init__.py +0 -0
tests/scripts/test_new_matrix_user.py +172 -0
tests/server.py +1374 -0
tests/server_notices/__init__.py +241 -0
tests/server_notices/test_consent.py +111 -0
tests/server_notices/test_resource_limits_server_notices.py +409 -0
tests/state/__init__.py +0 -0
tests/state/test_v2.py +1096 -0
tests/state/test_v21.py +506 -0
tests/storage/__init__.py +0 -0
tests/storage/databases/__init__.py +20 -0
tests/storage/databases/main/__init__.py +20 -0
tests/storage/databases/main/test_cache.py +124 -0
tests/storage/databases/main/test_deviceinbox.py +323 -0
tests/storage/databases/main/test_end_to_end_keys.py +127 -0
tests/storage/databases/main/test_events_worker.py +594 -0
tests/storage/databases/main/test_lock.py +499 -0
tests/storage/databases/main/test_metrics.py +88 -0
tests/storage/databases/main/test_receipts.py +218 -0
tests/storage/databases/main/test_room.py +192 -0
tests/storage/test__base.py +178 -0
tests/storage/test_account_data.py +186 -0
tests/storage/test_appservice.py +568 -0
tests/storage/test_background_update.py +671 -0
tests/storage/test_base.py +813 -0
tests/storage/test_cleanup_extrems.py +396 -0
tests/storage/test_client_ips.py +788 -0
tests/storage/test_database.py +288 -0
tests/storage/test_devices.py +353 -0
tests/storage/test_directory.py +74 -0
tests/storage/test_e2e_room_keys.py +87 -0
tests/storage/test_end_to_end_keys.py +120 -0
tests/storage/test_event_chain.py +826 -0
tests/storage/test_event_federation.py +1433 -0
tests/storage/test_event_push_actions.py +809 -0
tests/storage/test_events.py +591 -0
tests/storage/test_events_bg_updates.py +156 -0
tests/storage/test_id_generators.py +791 -0
tests/storage/test_invite_rule.py +171 -0
tests/storage/test_main.py +56 -0
tests/storage/test_monthly_active_users.py +500 -0
tests/storage/test_profile.py +134 -0
tests/storage/test_purge.py +459 -0
tests/storage/test_receipts.py +309 -0
tests/storage/test_redaction.py +462 -0
tests/storage/test_registration.py +277 -0
tests/storage/test_relations.py +118 -0
tests/storage/test_rollback_worker.py +132 -0
tests/storage/test_room.py +69 -0
tests/storage/test_room_search.py +383 -0
tests/storage/test_roommember.py +812 -0
tests/storage/test_sliding_sync_tables.py +5187 -0
tests/storage/test_state.py +959 -0
tests/storage/test_state_deletion.py +475 -0
tests/storage/test_stream.py +1533 -0
tests/storage/test_thread_subscriptions.py +369 -0
tests/storage/test_transactions.py +77 -0
tests/storage/test_txn_limit.py +49 -0
tests/storage/test_unsafe_locale.py +67 -0
tests/storage/test_user_directory.py +691 -0
tests/storage/test_user_filters.py +101 -0
tests/storage/util/__init__.py +20 -0
tests/storage/util/test_partial_state_events_tracker.py +181 -0
tests/synapse_rust/__init__.py +11 -0
tests/synapse_rust/test_http_client.py +225 -0
tests/test_distributor.py +74 -0
tests/test_event_auth.py +921 -0
tests/test_mau.py +347 -0
tests/test_phone_home.py +102 -0
tests/test_rust.py +11 -0
tests/test_server.py +557 -0
tests/test_state.py +902 -0
tests/test_terms_auth.py +128 -0
tests/test_types.py +201 -0
tests/test_utils/__init__.py +161 -0
tests/test_utils/event_injection.py +150 -0
tests/test_utils/html_parsers.py +59 -0
tests/test_utils/logging_setup.py +74 -0
tests/test_utils/oidc.py +370 -0
tests/test_visibility.py +712 -0
tests/types/__init__.py +0 -0
tests/types/test_init.py +51 -0
tests/types/test_state.py +627 -0
tests/unittest.py +1108 -0
tests/util/__init__.py +20 -0
tests/util/caches/__init__.py +20 -0
tests/util/caches/test_cached_call.py +168 -0
tests/util/caches/test_deferred_cache.py +317 -0
tests/util/caches/test_descriptors.py +1110 -0
tests/util/caches/test_response_cache.py +225 -0
tests/util/caches/test_ttlcache.py +90 -0
tests/util/test_async_helpers.py +808 -0
tests/util/test_background_queue.py +117 -0
tests/util/test_batching_queue.py +252 -0
tests/util/test_check_dependencies.py +243 -0
tests/util/test_dict_cache.py +130 -0
tests/util/test_events.py +118 -0
tests/util/test_expiring_cache.py +113 -0
tests/util/test_file_consumer.py +199 -0
tests/util/test_itertools.py +190 -0
tests/util/test_linearizer.py +264 -0
tests/util/test_logcontext.py +715 -0
tests/util/test_logformatter.py +44 -0
tests/util/test_lrucache.py +479 -0
tests/util/test_macaroons.py +126 -0
tests/util/test_mutable_overlay_mapping.py +189 -0
tests/util/test_ratelimitutils.py +146 -0
tests/util/test_retryutils.py +314 -0
tests/util/test_rwlock.py +401 -0
tests/util/test_stream_change_cache.py +304 -0
tests/util/test_stringutils.py +86 -0
tests/util/test_task_scheduler.py +227 -0
tests/util/test_threepids.py +55 -0
tests/util/test_treecache.py +93 -0
tests/util/test_wheel_timer.py +82 -0
tests/utils.py +342 -0

tests/handlers/test_oauth_delegation.py ADDED Viewed

@@ -0,0 +1,1314 @@
+#
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright 2022 Matrix.org Foundation C.I.C.
+# Copyright (C) 2023 New Vector, Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl-3.0.html>.
+#
+# Originally licensed under the Apache License, Version 2.0:
+# <http://www.apache.org/licenses/LICENSE-2.0>.
+#
+# [This file includes modifications made by New Vector Limited]
+#
+#
+import json
+import threading
+import time
+from http import HTTPStatus
+from http.server import BaseHTTPRequestHandler, HTTPServer
+from io import BytesIO
+from typing import Any, ClassVar, Coroutine, Generator, TypeVar, Union
+from unittest.mock import ANY, AsyncMock, Mock
+from urllib.parse import parse_qs
+from parameterized.parameterized import parameterized_class
+from signedjson.key import (
+    encode_verify_key_base64,
+    generate_signing_key,
+    get_verify_key,
+)
+from signedjson.sign import sign_json
+from twisted.internet.defer import Deferred, ensureDeferred
+from twisted.internet.testing import MemoryReactor
+from synapse.api.auth.mas import MasDelegatedAuth
+from synapse.api.errors import (
+    AuthError,
+    Codes,
+    HttpResponseException,
+    InvalidClientTokenError,
+    SynapseError,
+)
+from synapse.appservice import ApplicationService
+from synapse.http.site import SynapseRequest
+from synapse.rest import admin
+from synapse.rest.client import account, devices, keys, login, logout, register
+from synapse.server import HomeServer
+from synapse.types import JsonDict, UserID, create_requester
+from synapse.util.clock import Clock
+from tests.server import FakeChannel
+from tests.test_utils import get_awaitable_result
+from tests.unittest import HomeserverTestCase, override_config, skip_unless
+from tests.utils import HAS_AUTHLIB, checked_cast, mock_getRawHeaders
+# These are a few constants that are used as config parameters in the tests.
+SERVER_NAME = "test"
+ISSUER = "https://issuer/"
+CLIENT_ID = "test-client-id"
+CLIENT_SECRET = "test-client-secret"
+BASE_URL = "https://synapse/"
+SCOPES = ["openid"]
+AUTHORIZATION_ENDPOINT = ISSUER + "authorize"
+TOKEN_ENDPOINT = ISSUER + "token"
+USERINFO_ENDPOINT = ISSUER + "userinfo"
+WELL_KNOWN = ISSUER + ".well-known/openid-configuration"
+JWKS_URI = ISSUER + ".well-known/jwks.json"
+INTROSPECTION_ENDPOINT = ISSUER + "introspect"
+SYNAPSE_ADMIN_SCOPE = "urn:synapse:admin:*"
+DEVICE = "AABBCCDD"
+SUBJECT = "abc-def-ghi"
+USERNAME = "test-user"
+USER_ID = "@" + USERNAME + ":" + SERVER_NAME
+OIDC_ADMIN_USERID = f"@__oidc_admin:{SERVER_NAME}"
+async def get_json(url: str) -> JsonDict:
+    # Mock get_json calls to handle jwks & oidc discovery endpoints
+    if url == WELL_KNOWN:
+        # Minimal discovery document, as defined in OpenID.Discovery
+        # https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+        return {
+            "issuer": ISSUER,
+            "authorization_endpoint": AUTHORIZATION_ENDPOINT,
+            "token_endpoint": TOKEN_ENDPOINT,
+            "jwks_uri": JWKS_URI,
+            "userinfo_endpoint": USERINFO_ENDPOINT,
+            "introspection_endpoint": INTROSPECTION_ENDPOINT,
+            "response_types_supported": ["code"],
+            "subject_types_supported": ["public"],
+            "id_token_signing_alg_values_supported": ["RS256"],
+        }
+    elif url == JWKS_URI:
+        return {"keys": []}
+    return {}
+@skip_unless(HAS_AUTHLIB, "requires authlib")
+@parameterized_class(
+    ("device_scope_prefix", "api_scope"),
+    [
+        ("urn:matrix:client:device:", "urn:matrix:client:api:*"),
+        (
+            "urn:matrix:org.matrix.msc2967.client:device:",
+            "urn:matrix:org.matrix.msc2967.client:api:*",
+        ),
+    ],
+)
+class MSC3861OAuthDelegation(HomeserverTestCase):
+    device_scope_prefix: ClassVar[str]
+    api_scope: ClassVar[str]
+    @property
+    def device_scope(self) -> str:
+        return self.device_scope_prefix + DEVICE
+    servlets = [
+        account.register_servlets,
+        keys.register_servlets,
+    ]
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        config["public_baseurl"] = BASE_URL
+        config["disable_registration"] = True
+        config["experimental_features"] = {
+            "msc3861": {
+                "enabled": True,
+                "issuer": ISSUER,
+                "client_id": CLIENT_ID,
+                "client_auth_method": "client_secret_post",
+                "client_secret": CLIENT_SECRET,
+                "admin_token": "admin_token_value",
+            }
+        }
+        return config
+    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
+        self.http_client = Mock(spec=["get_json"])
+        self.http_client.get_json.side_effect = get_json
+        self.http_client.user_agent = b"Synapse Test"
+        hs = self.setup_test_homeserver(proxied_http_client=self.http_client)
+        # Import this here so that we've checked that authlib is available.
+        from synapse.api.auth.msc3861_delegated import MSC3861DelegatedAuth
+        self.auth = checked_cast(MSC3861DelegatedAuth, hs.get_auth())
+        self._rust_client = Mock(spec=["post"])
+        self.auth._rust_http_client = self._rust_client
+        return hs
+    def prepare(
+        self, reactor: MemoryReactor, clock: Clock, homeserver: HomeServer
+    ) -> None:
+        # Provision the user and the device we use in the tests.
+        store = homeserver.get_datastores().main
+        self.get_success(store.register_user(USER_ID))
+        self.get_success(
+            store.store_device(USER_ID, DEVICE, initial_device_display_name=None)
+        )
+    def _set_introspection_returnvalue(self, response_value: Any) -> AsyncMock:
+        self._rust_client.post = mock = AsyncMock(
+            return_value=json.dumps(response_value).encode("utf-8")
+        )
+        return mock
+    def _assertParams(self) -> None:
+        """Assert that the request parameters are correct."""
+        params = parse_qs(self._rust_client.post.call_args[1]["request_body"])
+        self.assertEqual(params["token"], ["mockAccessToken"])
+        self.assertEqual(params["client_id"], [CLIENT_ID])
+        self.assertEqual(params["client_secret"], [CLIENT_SECRET])
+    def test_inactive_token(self) -> None:
+        """The handler should return a 403 where the token is inactive."""
+        self._set_introspection_returnvalue({"active": False})
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+    def test_active_no_scope(self) -> None:
+        """The handler should return a 403 where no scope is given."""
+        self._set_introspection_returnvalue({"active": True})
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+    def test_active_user_no_subject(self) -> None:
+        """The handler should return a 500 when no subject is present."""
+        self._set_introspection_returnvalue(
+            {"active": True, "scope": " ".join([self.api_scope])},
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+    def test_active_no_user_scope(self) -> None:
+        """The handler should return a 500 when no subject is present."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([self.device_scope]),
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+    def test_active_admin_not_user(self) -> None:
+        """The handler should raise when the scope has admin right but not user."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([SYNAPSE_ADMIN_SCOPE]),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+    def test_active_admin(self) -> None:
+        """The handler should return a requester with admin rights."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([SYNAPSE_ADMIN_SCOPE, self.api_scope]),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+        self.assertEqual(requester.user.to_string(), "@%s:%s" % (USERNAME, SERVER_NAME))
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(requester.device_id, None)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), True
+        )
+    def test_active_admin_highest_privilege(self) -> None:
+        """The handler should resolve to the most permissive scope."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([SYNAPSE_ADMIN_SCOPE, self.api_scope]),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+        self.assertEqual(requester.user.to_string(), "@%s:%s" % (USERNAME, SERVER_NAME))
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(requester.device_id, None)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), True
+        )
+    def test_active_user(self) -> None:
+        """The handler should return a requester with normal user rights."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([self.api_scope]),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+        self.assertEqual(requester.user.to_string(), "@%s:%s" % (USERNAME, SERVER_NAME))
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(requester.device_id, None)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), False
+        )
+    def test_active_user_with_device(self) -> None:
+        """The handler should return a requester with normal user rights and a device ID."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([self.api_scope, self.device_scope]),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        self._assertParams()
+        self.assertEqual(requester.user.to_string(), "@%s:%s" % (USERNAME, SERVER_NAME))
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), False
+        )
+        self.assertEqual(requester.device_id, DEVICE)
+    def test_active_user_with_device_explicit_device_id(self) -> None:
+        """The handler should return a requester with normal user rights and a device ID, given explicitly, as supported by MAS 0.15+"""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([self.api_scope]),
+                "device_id": DEVICE,
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.http_client.get_json.assert_called_once_with(WELL_KNOWN)
+        self._rust_client.post.assert_called_once_with(
+            url=INTROSPECTION_ENDPOINT,
+            response_limit=ANY,
+            request_body=ANY,
+            headers=ANY,
+        )
+        # It should have called with the 'X-MAS-Supports-Device-Id: 1' header
+        self.assertEqual(
+            self._rust_client.post.call_args[1]["headers"].get(
+                "X-MAS-Supports-Device-Id",
+            ),
+            "1",
+        )
+        self._assertParams()
+        self.assertEqual(requester.user.to_string(), "@%s:%s" % (USERNAME, SERVER_NAME))
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), False
+        )
+        self.assertEqual(requester.device_id, DEVICE)
+    def test_multiple_devices(self) -> None:
+        """The handler should raise an error if multiple devices are found in the scope."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join(
+                    [
+                        self.api_scope,
+                        f"{self.device_scope_prefix}AABBCC",
+                        f"{self.device_scope_prefix}DDEEFF",
+                    ]
+                ),
+                "username": USERNAME,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        self.get_failure(self.auth.get_user_by_req(request), AuthError)
+    def test_unavailable_introspection_endpoint(self) -> None:
+        """The handler should return an internal server error."""
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        # The introspection endpoint is returning an error.
+        self._rust_client.post = AsyncMock(
+            side_effect=HttpResponseException(
+                code=500, msg="Internal Server Error", response=b"{}"
+            )
+        )
+        error = self.get_failure(self.auth.get_user_by_req(request), SynapseError)
+        self.assertEqual(error.value.code, 503)
+        # The introspection endpoint request fails.
+        self._rust_client.post = AsyncMock(side_effect=Exception())
+        error = self.get_failure(self.auth.get_user_by_req(request), SynapseError)
+        self.assertEqual(error.value.code, 503)
+        # The introspection endpoint does not return a JSON object.
+        self._set_introspection_returnvalue(["this is an array", "not an object"])
+        error = self.get_failure(self.auth.get_user_by_req(request), SynapseError)
+        self.assertEqual(error.value.code, 503)
+        # The introspection endpoint does not return valid JSON.
+        self._set_introspection_returnvalue("this is not valid JSON")
+        error = self.get_failure(self.auth.get_user_by_req(request), SynapseError)
+        self.assertEqual(error.value.code, 503)
+    def test_cached_expired_introspection(self) -> None:
+        """The handler should raise an error if the introspection response gives
+        an expiry time, the introspection response is cached and then the entry is
+        re-requested after it has expired."""
+        introspection_mock = self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join(
+                    [
+                        self.api_scope,
+                        f"{self.device_scope_prefix}AABBCC",
+                    ]
+                ),
+                "username": USERNAME,
+                "expires_in": 60,
+            }
+        )
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"mockAccessToken"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        # The first CS-API request causes a successful introspection
+        self.get_success(self.auth.get_user_by_req(request))
+        self.assertEqual(introspection_mock.call_count, 1)
+        # Sleep for 60 seconds so the token expires.
+        self.reactor.advance(60.0)
+        # Now the CS-API request fails because the token expired
+        self.get_failure(self.auth.get_user_by_req(request), InvalidClientTokenError)
+        # Ensure another introspection request was not sent
+        self.assertEqual(introspection_mock.call_count, 1)
+    def make_device_keys(self, user_id: str, device_id: str) -> JsonDict:
+        # We only generate a master key to simplify the test.
+        master_signing_key = generate_signing_key(device_id)
+        master_verify_key = encode_verify_key_base64(get_verify_key(master_signing_key))
+        return {
+            "master_key": sign_json(
+                {
+                    "user_id": user_id,
+                    "usage": ["master"],
+                    "keys": {"ed25519:" + master_verify_key: master_verify_key},
+                },
+                user_id,
+                master_signing_key,
+            ),
+        }
+    def test_cross_signing(self) -> None:
+        """Try uploading device keys with OAuth delegation enabled."""
+        self._set_introspection_returnvalue(
+            {
+                "active": True,
+                "sub": SUBJECT,
+                "scope": " ".join([self.api_scope, self.device_scope]),
+                "username": USERNAME,
+            }
+        )
+        keys_upload_body = self.make_device_keys(USER_ID, DEVICE)
+        channel = self.make_request(
+            "POST",
+            "/_matrix/client/v3/keys/device_signing/upload",
+            keys_upload_body,
+            access_token="mockAccessToken",
+        )
+        self.assertEqual(channel.code, 200, channel.json_body)
+        # Try uploading *different* keys; it should cause a 501 error.
+        keys_upload_body = self.make_device_keys(USER_ID, DEVICE)
+        channel = self.make_request(
+            "POST",
+            "/_matrix/client/v3/keys/device_signing/upload",
+            keys_upload_body,
+            access_token="mockAccessToken",
+        )
+        self.assertEqual(channel.code, HTTPStatus.UNAUTHORIZED, channel.json_body)
+    def test_admin_token(self) -> None:
+        """The handler should return a requester with admin rights when admin_token is used."""
+        self._set_introspection_returnvalue({"active": False})
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"admin_token_value"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        requester = self.get_success(self.auth.get_user_by_req(request))
+        self.assertEqual(
+            requester.user.to_string(),
+            OIDC_ADMIN_USERID,
+        )
+        self.assertEqual(requester.is_guest, False)
+        self.assertEqual(requester.device_id, None)
+        self.assertEqual(
+            get_awaitable_result(self.auth.is_server_admin(requester)), True
+        )
+        # There should be no call to the introspection endpoint
+        self._rust_client.post.assert_not_called()
+    @override_config({"mau_stats_only": True})
+    def test_request_tracking(self) -> None:
+        """Using an access token should update the client_ips and MAU tables."""
+        # To start, there are no MAU users.
+        store = self.hs.get_datastores().main
+        mau = self.get_success(store.get_monthly_active_count())
+        self.assertEqual(mau, 0)
+        known_token = "token-token-GOOD-:)"
+        async def mock_http_client_request(
+            url: str, request_body: str, **kwargs: Any
+        ) -> bytes:
+            """Mocked auth provider response."""
+            token = parse_qs(request_body)["token"][0]
+            if token == known_token:
+                return json.dumps(
+                    {
+                        "active": True,
+                        "scope": self.api_scope,
+                        "sub": SUBJECT,
+                        "username": USERNAME,
+                    },
+                ).encode("utf-8")
+            return json.dumps({"active": False}).encode("utf-8")
+        self._rust_client.post = mock_http_client_request
+        EXAMPLE_IPV4_ADDR = "123.123.123.123"
+        EXAMPLE_USER_AGENT = "httprettygood"
+        # First test a known access token
+        channel = FakeChannel(self.site, self.reactor)
+        # type-ignore: FakeChannel is a mock of an HTTPChannel, not a proper HTTPChannel
+        req = SynapseRequest(channel, self.site, self.hs.hostname)  # type: ignore[arg-type]
+        req.client.host = EXAMPLE_IPV4_ADDR
+        req.requestHeaders.addRawHeader("Authorization", f"Bearer {known_token}")
+        req.requestHeaders.addRawHeader("User-Agent", EXAMPLE_USER_AGENT)
+        req.content = BytesIO(b"")
+        req.requestReceived(
+            b"GET",
+            b"/_matrix/client/v3/account/whoami",
+            b"1.1",
+        )
+        channel.await_result()
+        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
+        self.assertEqual(channel.json_body["user_id"], USER_ID, channel.json_body)
+        # Expect to see one MAU entry, from the first request
+        mau = self.get_success(store.get_monthly_active_count())
+        self.assertEqual(mau, 1)
+        conn_infos = self.get_success(
+            store.get_user_ip_and_agents(UserID.from_string(USER_ID))
+        )
+        self.assertEqual(len(conn_infos), 1, conn_infos)
+        conn_info = conn_infos[0]
+        self.assertEqual(conn_info["access_token"], known_token)
+        self.assertEqual(conn_info["ip"], EXAMPLE_IPV4_ADDR)
+        self.assertEqual(conn_info["user_agent"], EXAMPLE_USER_AGENT)
+        # Now test MAS making a request using the special __oidc_admin token
+        MAS_IPV4_ADDR = "127.0.0.1"
+        MAS_USER_AGENT = "masmasmas"
+        channel = FakeChannel(self.site, self.reactor)
+        req = SynapseRequest(channel, self.site, self.hs.hostname)  # type: ignore[arg-type]
+        req.client.host = MAS_IPV4_ADDR
+        req.requestHeaders.addRawHeader(
+            "Authorization", f"Bearer {self.auth._admin_token()}"
+        )
+        req.requestHeaders.addRawHeader("User-Agent", MAS_USER_AGENT)
+        req.content = BytesIO(b"")
+        req.requestReceived(
+            b"GET",
+            b"/_matrix/client/v3/account/whoami",
+            b"1.1",
+        )
+        channel.await_result()
+        self.assertEqual(channel.code, HTTPStatus.OK, channel.json_body)
+        self.assertEqual(
+            channel.json_body["user_id"], OIDC_ADMIN_USERID, channel.json_body
+        )
+        # Still expect to see one MAU entry, from the first request
+        mau = self.get_success(store.get_monthly_active_count())
+        self.assertEqual(mau, 1)
+        conn_infos = self.get_success(
+            store.get_user_ip_and_agents(UserID.from_string(OIDC_ADMIN_USERID))
+        )
+        self.assertEqual(conn_infos, [])
+class FakeMasHandler(BaseHTTPRequestHandler):
+    server: "FakeMasServer"
+    def do_POST(self) -> None:
+        self.server.calls += 1
+        if self.path != "/oauth2/introspect":
+            self.send_response(404)
+            self.end_headers()
+            self.wfile.close()
+            return
+        auth = self.headers.get("Authorization")
+        if auth is None or auth != f"Bearer {self.server.secret}":
+            self.send_response(401)
+            self.end_headers()
+            self.wfile.close()
+            return
+        content_length = self.headers.get("Content-Length")
+        if content_length is None:
+            self.send_response(400)
+            self.end_headers()
+            self.wfile.close()
+            return
+        raw_body = self.rfile.read(int(content_length))
+        body = parse_qs(raw_body)
+        param = body.get(b"token")
+        if param is None:
+            self.send_response(400)
+            self.end_headers()
+            self.wfile.close()
+            return
+        self.server.last_token_seen = param[0].decode("utf-8")
+        self.send_response(200)
+        self.send_header("Content-Type", "application/json")
+        self.end_headers()
+        self.wfile.write(json.dumps(self.server.introspection_response).encode("utf-8"))
+    def log_message(self, format: str, *args: Any) -> None:
+        # Don't log anything; by default, the server logs to stderr
+        pass
+class FakeMasServer(HTTPServer):
+    """A fake MAS server for testing.
+    This opens a real HTTP server on a random port, on a separate thread.
+    """
+    introspection_response: JsonDict = {}
+    """Determines what the response to the introspection endpoint will be."""
+    secret: str = "verysecret"
+    """The shared secret used to authenticate the introspection endpoint."""
+    last_token_seen: str | None = None
+    """What is the last access token seen by the introspection endpoint."""
+    calls: int = 0
+    """How many times has the introspection endpoint been called."""
+    _thread: threading.Thread
+    def __init__(self) -> None:
+        super().__init__(("127.0.0.1", 0), FakeMasHandler)
+        self._thread = threading.Thread(
+            target=self.serve_forever,
+            name="FakeMasServer",
+            kwargs={"poll_interval": 0.01},
+            daemon=True,
+        )
+        self._thread.start()
+    def shutdown(self) -> None:
+        super().shutdown()
+        self._thread.join()
+    @property
+    def endpoint(self) -> str:
+        return f"http://127.0.0.1:{self.server_port}/"
+T = TypeVar("T")
+@parameterized_class(
+    ("device_scope_prefix", "api_scope"),
+    [
+        ("urn:matrix:client:device:", "urn:matrix:client:api:*"),
+        (
+            "urn:matrix:org.matrix.msc2967.client:device:",
+            "urn:matrix:org.matrix.msc2967.client:api:*",
+        ),
+    ],
+)
+class MasAuthDelegation(HomeserverTestCase):
+    server: FakeMasServer
+    device_scope_prefix: ClassVar[str]
+    api_scope: ClassVar[str]
+    @property
+    def device_scope(self) -> str:
+        return self.device_scope_prefix + DEVICE
+    def till_deferred_has_result(
+        self,
+        awaitable: Union[
+            "Coroutine[Deferred[Any], Any, T]",
+            "Generator[Deferred[Any], Any, T]",
+            "Deferred[T]",
+        ],
+    ) -> "Deferred[T]":
+        """Wait until a deferred has a result.
+        This is useful because the Rust HTTP client will resolve the deferred
+        using reactor.callFromThread, which are only run when we call
+        reactor.advance.
+        """
+        deferred = ensureDeferred(awaitable)
+        tries = 0
+        while not deferred.called:
+            time.sleep(0.1)
+            self.reactor.advance(0)
+            tries += 1
+            if tries > 100:
+                raise Exception("Timed out waiting for deferred to resolve")
+        return deferred
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        config["public_baseurl"] = BASE_URL
+        config["disable_registration"] = True
+        config["matrix_authentication_service"] = {
+            "enabled": True,
+            "endpoint": self.server.endpoint,
+            "secret": self.server.secret,
+        }
+        return config
+    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
+        self.server = FakeMasServer()
+        hs = self.setup_test_homeserver()
+        # This triggers the server startup hooks, which starts the Tokio thread pool
+        reactor.run()
+        self._auth = checked_cast(MasDelegatedAuth, hs.get_auth())
+        return hs
+    def prepare(
+        self, reactor: MemoryReactor, clock: Clock, homeserver: HomeServer
+    ) -> None:
+        # Provision the user and the device we use in the tests.
+        store = homeserver.get_datastores().main
+        self.get_success(store.register_user(USER_ID))
+        self.get_success(
+            store.store_device(USER_ID, DEVICE, initial_device_display_name=None)
+        )
+    def tearDown(self) -> None:
+        self.server.shutdown()
+        # MemoryReactor doesn't trigger the shutdown phases, and we want the
+        # Tokio thread pool to be stopped
+        # XXX: This logic should probably get moved somewhere else
+        shutdown_triggers = self.reactor.triggers.get("shutdown", {})
+        for phase in ["before", "during", "after"]:
+            triggers = shutdown_triggers.get(phase, [])
+            for callbable, args, kwargs in triggers:
+                callbable(*args, **kwargs)
+    def test_simple_introspection(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([self.api_scope, self.device_scope]),
+            "username": USERNAME,
+            "expires_in": 60,
+        }
+        requester = self.get_success(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            )
+        )
+        self.assertEquals(requester.user.to_string(), USER_ID)
+        self.assertEquals(requester.device_id, DEVICE)
+        self.assertFalse(self.get_success(self._auth.is_server_admin(requester)))
+        self.assertEquals(
+            self.server.last_token_seen,
+            "some_token",
+        )
+    def test_unexpiring_token(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([self.api_scope, self.device_scope]),
+            "username": USERNAME,
+        }
+        requester = self.get_success(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            )
+        )
+        self.assertEquals(requester.user.to_string(), USER_ID)
+        self.assertEquals(requester.device_id, DEVICE)
+        self.assertFalse(self.get_success(self._auth.is_server_admin(requester)))
+        self.assertEquals(
+            self.server.last_token_seen,
+            "some_token",
+        )
+    def test_inexistent_device(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([self.api_scope, f"{self.device_scope_prefix}ABCDEF"]),
+            "username": USERNAME,
+            "expires_in": 60,
+        }
+        failure = self.get_failure(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            ),
+            InvalidClientTokenError,
+        )
+        self.assertEqual(failure.value.code, 401)
+    def test_inexistent_user(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([self.api_scope]),
+            "username": "inexistent_user",
+            "expires_in": 60,
+        }
+        failure = self.get_failure(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            ),
+            AuthError,
+        )
+        # This is a 500, it should never happen really
+        self.assertEqual(failure.value.code, 500)
+    def test_missing_scope(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": "openid",
+            "username": USERNAME,
+            "expires_in": 60,
+        }
+        failure = self.get_failure(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            ),
+            InvalidClientTokenError,
+        )
+        self.assertEqual(failure.value.code, 401)
+    def test_invalid_response(self) -> None:
+        self.server.introspection_response = {}
+        failure = self.get_failure(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            ),
+            SynapseError,
+        )
+        self.assertEqual(failure.value.code, 503)
+    def test_device_id_in_body(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": self.api_scope,
+            "username": USERNAME,
+            "expires_in": 60,
+            "device_id": DEVICE,
+        }
+        requester = self.get_success(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            )
+        )
+        self.assertEqual(requester.device_id, DEVICE)
+    def test_admin_scope(self) -> None:
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([SYNAPSE_ADMIN_SCOPE, self.api_scope]),
+            "username": USERNAME,
+            "expires_in": 60,
+        }
+        requester = self.get_success(
+            self.till_deferred_has_result(
+                self._auth.get_user_by_access_token("some_token")
+            )
+        )
+        self.assertEqual(requester.user.to_string(), USER_ID)
+        self.assertTrue(self.get_success(self._auth.is_server_admin(requester)))
+    def test_cached_expired_introspection(self) -> None:
+        """The handler should raise an error if the introspection response gives
+        an expiry time, the introspection response is cached and then the entry is
+        re-requested after it has expired."""
+        self.server.introspection_response = {
+            "active": True,
+            "sub": SUBJECT,
+            "scope": " ".join([self.api_scope, self.device_scope]),
+            "username": USERNAME,
+            "expires_in": 60,
+        }
+        self.assertEqual(self.server.calls, 0)
+        request = Mock(args={})
+        request.args[b"access_token"] = [b"some_token"]
+        request.requestHeaders.getRawHeaders = mock_getRawHeaders()
+        # The first CS-API request causes a successful introspection
+        self.get_success(
+            self.till_deferred_has_result(self._auth.get_user_by_req(request))
+        )
+        self.assertEqual(self.server.calls, 1)
+        # Sleep for 60 seconds so the token expires.
+        self.reactor.advance(60.0)
+        # Now the CS-API request fails because the token expired
+        self.assertFailure(
+            self.till_deferred_has_result(self._auth.get_user_by_req(request)),
+            InvalidClientTokenError,
+        )
+        # Ensure another introspection request was not sent
+        self.assertEqual(self.server.calls, 1)
+class MasAuthDelegationWithSubpath(MasAuthDelegation):
+    """Test MAS delegation when the MAS server is hosted on a subpath."""
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        # Override the endpoint to include a subpath
+        config["matrix_authentication_service"]["endpoint"] = (
+            self.server.endpoint + "auth/path/"
+        )
+        return config
+    def test_introspection_endpoint_uses_subpath(self) -> None:
+        """Test that the introspection endpoint correctly uses the configured subpath."""
+        expected_introspection_url = (
+            self.server.endpoint + "auth/path/oauth2/introspect"
+        )
+        self.assertEqual(self._auth._introspection_endpoint, expected_introspection_url)
+    def test_metadata_url_uses_subpath(self) -> None:
+        """Test that the metadata URL correctly uses the configured subpath."""
+        expected_metadata_url = (
+            self.server.endpoint + "auth/path/.well-known/openid-configuration"
+        )
+        self.assertEqual(self._auth._metadata_url, expected_metadata_url)
+@parameterized_class(
+    ("config",),
+    [
+        (
+            {
+                "matrix_authentication_service": {
+                    "enabled": True,
+                    "endpoint": "http://localhost:1234/",
+                    "secret": "secret",
+                },
+            },
+        ),
+    ]
+    # Run the tests with experimental delegation only if authlib is available
+    + [
+        (
+            {
+                "experimental_features": {
+                    "msc3861": {
+                        "enabled": True,
+                        "issuer": ISSUER,
+                        "client_id": CLIENT_ID,
+                        "client_auth_method": "client_secret_post",
+                        "client_secret": CLIENT_SECRET,
+                        "admin_token": "admin_token_value",
+                    }
+                }
+            },
+        ),
+    ]
+    * HAS_AUTHLIB,
+)
+class DisabledEndpointsTestCase(HomeserverTestCase):
+    servlets = [
+        account.register_servlets,
+        devices.register_servlets,
+        keys.register_servlets,
+        register.register_servlets,
+        login.register_servlets,
+        logout.register_servlets,
+        admin.register_servlets,
+    ]
+    config: dict[str, Any]
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        config["public_baseurl"] = BASE_URL
+        config["disable_registration"] = True
+        config.update(self.config)
+        return config
+    def expect_unauthorized(
+        self, method: str, path: str, content: bytes | str | JsonDict = ""
+    ) -> None:
+        channel = self.make_request(method, path, content, shorthand=False)
+        self.assertEqual(channel.code, 401, channel.json_body)
+    def expect_unrecognized(
+        self,
+        method: str,
+        path: str,
+        content: bytes | str | JsonDict = "",
+        auth: bool = False,
+    ) -> None:
+        channel = self.make_request(
+            method, path, content, access_token="token" if auth else None
+        )
+        self.assertEqual(channel.code, 404, channel.json_body)
+        self.assertEqual(
+            channel.json_body["errcode"], Codes.UNRECOGNIZED, channel.json_body
+        )
+    def expect_forbidden(
+        self, method: str, path: str, content: bytes | str | JsonDict = ""
+    ) -> None:
+        channel = self.make_request(method, path, content)
+        self.assertEqual(channel.code, 403, channel.json_body)
+        self.assertEqual(
+            channel.json_body["errcode"], Codes.FORBIDDEN, channel.json_body
+        )
+    def test_uia_endpoints(self) -> None:
+        """Test that endpoints that were removed in MSC2964 are no longer available."""
+        # This is just an endpoint that should remain visible (but requires auth):
+        self.expect_unauthorized("GET", "/_matrix/client/v3/devices")
+        # This remains usable, but will require a uia scope:
+        self.expect_unauthorized(
+            "POST", "/_matrix/client/v3/keys/device_signing/upload"
+        )
+    def test_3pid_endpoints(self) -> None:
+        """Test that 3pid account management endpoints that were removed in MSC2964 are no longer available."""
+        # Remains and requires auth:
+        self.expect_unauthorized("GET", "/_matrix/client/v3/account/3pid")
+        self.expect_unauthorized(
+            "POST",
+            "/_matrix/client/v3/account/3pid/bind",
+            {
+                "client_secret": "foo",
+                "id_access_token": "bar",
+                "id_server": "foo",
+                "sid": "bar",
+            },
+        )
+        self.expect_unauthorized("POST", "/_matrix/client/v3/account/3pid/unbind", {})
+        # These are gone:
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/account/3pid"
+        )  # deprecated
+        self.expect_unrecognized("POST", "/_matrix/client/v3/account/3pid/add")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/account/3pid/delete")
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/account/3pid/email/requestToken"
+        )
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/account/3pid/msisdn/requestToken"
+        )
+    def test_account_management_endpoints_removed(self) -> None:
+        """Test that account management endpoints that were removed in MSC2964 are no longer available."""
+        self.expect_unrecognized("POST", "/_matrix/client/v3/account/deactivate")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/account/password")
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/account/password/email/requestToken"
+        )
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/account/password/msisdn/requestToken"
+        )
+    def test_registration_endpoints_removed(self) -> None:
+        """Test that registration endpoints that were removed in MSC2964 are no longer available."""
+        appservice = ApplicationService(
+            token="i_am_an_app_service",
+            id="1234",
+            namespaces={"users": [{"regex": r"@alice:.+", "exclusive": True}]},
+            sender=UserID.from_string("@as_main:test"),
+        )
+        self.hs.get_datastores().main.services_cache = [appservice]
+        self.expect_unrecognized(
+            "GET", "/_matrix/client/v1/register/m.login.registration_token/validity"
+        )
+        # Registration is disabled
+        self.expect_forbidden(
+            "POST",
+            "/_matrix/client/v3/register",
+            {"username": "alice", "password": "hunter2"},
+        )
+        # This is still available for AS registrations
+        channel = self.make_request(
+            "POST",
+            "/_matrix/client/v3/register",
+            {
+                "username": "alice",
+                "type": "m.login.application_service",
+                "inhibit_login": True,
+            },
+            shorthand=False,
+            access_token="i_am_an_app_service",
+        )
+        self.assertEqual(channel.code, 200, channel.json_body)
+        self.expect_unrecognized("GET", "/_matrix/client/v3/register/available")
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/register/email/requestToken"
+        )
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/register/msisdn/requestToken"
+        )
+    def test_session_management_endpoints_removed(self) -> None:
+        """Test that session management endpoints that were removed in MSC2964 are no longer available."""
+        self.expect_unrecognized("GET", "/_matrix/client/v3/login")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/login")
+        self.expect_unrecognized("GET", "/_matrix/client/v3/login/sso/redirect")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/logout")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/logout/all")
+        self.expect_unrecognized("POST", "/_matrix/client/v3/refresh")
+        self.expect_unrecognized("GET", "/_matrix/static/client/login")
+    def test_device_management_endpoints_removed(self) -> None:
+        """Test that device management endpoints that were removed in MSC2964 are no longer available."""
+        # Because we still support those endpoints with ASes, it checks the
+        # access token before returning 404
+        self.hs.get_auth().get_user_by_req = AsyncMock(  # type: ignore[method-assign]
+            return_value=create_requester(
+                user_id=USER_ID,
+                device_id=DEVICE,
+            )
+        )
+        self.expect_unrecognized("POST", "/_matrix/client/v3/delete_devices", auth=True)
+        self.expect_unrecognized(
+            "DELETE", "/_matrix/client/v3/devices/{DEVICE}", auth=True
+        )
+    def test_openid_endpoints_removed(self) -> None:
+        """Test that OpenID id_token endpoints that were removed in MSC2964 are no longer available."""
+        self.expect_unrecognized(
+            "POST", "/_matrix/client/v3/user/{USERNAME}/openid/request_token"
+        )
+    def test_admin_api_endpoints_removed(self) -> None:
+        """Test that admin API endpoints that were removed in MSC2964 are no longer available."""
+        self.expect_unrecognized("GET", "/_synapse/admin/v1/registration_tokens")
+        self.expect_unrecognized("POST", "/_synapse/admin/v1/registration_tokens/new")
+        self.expect_unrecognized("GET", "/_synapse/admin/v1/registration_tokens/abcd")
+        self.expect_unrecognized("PUT", "/_synapse/admin/v1/registration_tokens/abcd")
+        self.expect_unrecognized(
+            "DELETE", "/_synapse/admin/v1/registration_tokens/abcd"
+        )
+        self.expect_unrecognized("POST", "/_synapse/admin/v1/reset_password/foo")
+        self.expect_unrecognized("POST", "/_synapse/admin/v1/users/foo/login")
+        self.expect_unrecognized("GET", "/_synapse/admin/v1/register")
+        self.expect_unrecognized("POST", "/_synapse/admin/v1/register")
+        self.expect_unrecognized("GET", "/_synapse/admin/v1/users/foo/admin")
+        self.expect_unrecognized("PUT", "/_synapse/admin/v1/users/foo/admin")
+        self.expect_unrecognized("POST", "/_synapse/admin/v1/account_validity/validity")