PyPI - matrix-synapse - Versions diffs - 1.145.0rc2__cp310-abi3-manylinux_2_28_x86_64.whl - Mend

matrix-synapse 1.145.0rc2__cp310-abi3-manylinux_2_28_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of matrix-synapse might be problematic. Click here for more details.

Files changed (1636) hide show

AUTHORS.rst +51 -0
CHANGES.md +1732 -0
CONTRIBUTING.md +3 -0
Cargo.lock +1923 -0
Cargo.toml +6 -0
INSTALL.md +7 -0
LICENSE-AGPL-3.0 +661 -0
LICENSE-COMMERCIAL +6 -0
UPGRADE.rst +7 -0
book.toml +47 -0
changelog.d/.gitignore +1 -0
demo/.gitignore +4 -0
demo/clean.sh +22 -0
demo/start.sh +173 -0
demo/stop.sh +14 -0
docs/.sample_config_header.yaml +12 -0
docs/CAPTCHA_SETUP.md +37 -0
docs/README.md +86 -0
docs/SUMMARY.md +126 -0
docs/admin_api/README.rst +13 -0
docs/admin_api/account_validity.md +47 -0
docs/admin_api/client_server_api_extensions.md +67 -0
docs/admin_api/event_reports.md +185 -0
docs/admin_api/experimental_features.md +52 -0
docs/admin_api/fetch_event.md +53 -0
docs/admin_api/media_admin_api.md +372 -0
docs/admin_api/purge_history_api.md +77 -0
docs/admin_api/register_api.md +92 -0
docs/admin_api/room_membership.md +35 -0
docs/admin_api/rooms.md +1190 -0
docs/admin_api/scheduled_tasks.md +54 -0
docs/admin_api/server_notices.md +48 -0
docs/admin_api/statistics.md +132 -0
docs/admin_api/user_admin_api.md +1602 -0
docs/admin_api/version_api.md +23 -0
docs/ancient_architecture_notes.md +81 -0
docs/application_services.md +36 -0
docs/architecture.md +65 -0
docs/auth_chain_diff.dot +32 -0
docs/auth_chain_diff.dot.png +0 -0
docs/auth_chain_difference_algorithm.md +141 -0
docs/changelogs/CHANGES-2019.md +1039 -0
docs/changelogs/CHANGES-2020.md +2145 -0
docs/changelogs/CHANGES-2021.md +2573 -0
docs/changelogs/CHANGES-2022.md +2766 -0
docs/changelogs/CHANGES-2023.md +2202 -0
docs/changelogs/CHANGES-2024.md +1586 -0
docs/changelogs/CHANGES-pre-1.0.md +3641 -0
docs/changelogs/README.md +1 -0
docs/code_style.md +119 -0
docs/consent_tracking.md +197 -0
docs/delegate.md +111 -0
docs/deprecation_policy.md +89 -0
docs/development/cas.md +64 -0
docs/development/contributing_guide.md +554 -0
docs/development/database_schema.md +404 -0
docs/development/demo.md +42 -0
docs/development/dependencies.md +326 -0
docs/development/experimental_features.md +37 -0
docs/development/git.md +148 -0
docs/development/img/git/branches.jpg +0 -0
docs/development/img/git/clean.png +0 -0
docs/development/img/git/squash.png +0 -0
docs/development/internal_documentation/README.md +12 -0
docs/development/internal_documentation/release_notes_review_checklist.md +12 -0
docs/development/releases.md +37 -0
docs/development/reviews.md +41 -0
docs/development/room-dag-concepts.md +115 -0
docs/development/saml.md +40 -0
docs/development/synapse_architecture/cancellation.md +392 -0
docs/development/synapse_architecture/faster_joins.md +375 -0
docs/development/synapse_architecture/streams.md +198 -0
docs/element_logo_white_bg.svg +94 -0
docs/favicon.png +0 -0
docs/favicon.svg +58 -0
docs/federate.md +67 -0
docs/jwt.md +105 -0
docs/log_contexts.md +566 -0
docs/manhole.md +101 -0
docs/media_repository.md +78 -0
docs/message_retention_policies.md +207 -0
docs/metrics-howto.md +315 -0
docs/modules/account_data_callbacks.md +106 -0
docs/modules/account_validity_callbacks.md +57 -0
docs/modules/add_extra_fields_to_client_events_unsigned.md +32 -0
docs/modules/background_update_controller_callbacks.md +71 -0
docs/modules/index.md +53 -0
docs/modules/media_repository_callbacks.md +131 -0
docs/modules/password_auth_provider_callbacks.md +270 -0
docs/modules/porting_legacy_module.md +20 -0
docs/modules/presence_router_callbacks.md +112 -0
docs/modules/ratelimit_callbacks.md +43 -0
docs/modules/spam_checker_callbacks.md +517 -0
docs/modules/third_party_rules_callbacks.md +350 -0
docs/modules/writing_a_module.md +141 -0
docs/openid.md +783 -0
docs/opentracing.md +99 -0
docs/other/running_synapse_on_single_board_computers.md +75 -0
docs/password_auth_providers.md +129 -0
docs/postgres.md +269 -0
docs/presence_router_module.md +247 -0
docs/privacy_policy_templates/en/1.0.html +26 -0
docs/privacy_policy_templates/en/success.html +11 -0
docs/replication.md +36 -0
docs/reverse_proxy.md +327 -0
docs/room_and_user_statistics.md +22 -0
docs/sample_config.yaml +47 -0
docs/sample_log_config.yaml +75 -0
docs/server_notices.md +66 -0
docs/setup/forward_proxy.md +89 -0
docs/setup/installation.md +656 -0
docs/setup/security.md +41 -0
docs/setup/turn/coturn.md +197 -0
docs/setup/turn/eturnal.md +170 -0
docs/spam_checker.md +122 -0
docs/sso_mapping_providers.md +208 -0
docs/structured_logging.md +80 -0
docs/synctl_workers.md +36 -0
docs/systemd-with-workers/README.md +101 -0
docs/systemd-with-workers/system/matrix-synapse-worker@.service +26 -0
docs/systemd-with-workers/system/matrix-synapse.service +23 -0
docs/systemd-with-workers/system/matrix-synapse.target +6 -0
docs/systemd-with-workers/workers/background_worker.yaml +4 -0
docs/systemd-with-workers/workers/event_persister.yaml +20 -0
docs/systemd-with-workers/workers/federation_sender.yaml +4 -0
docs/systemd-with-workers/workers/generic_worker.yaml +11 -0
docs/systemd-with-workers/workers/media_worker.yaml +11 -0
docs/systemd-with-workers/workers/pusher_worker.yaml +4 -0
docs/tcp_replication.md +258 -0
docs/templates.md +254 -0
docs/turn-howto.md +168 -0
docs/upgrade.md +2876 -0
docs/usage/administration/README.md +7 -0
docs/usage/administration/admin_api/README.md +47 -0
docs/usage/administration/admin_api/background_updates.md +109 -0
docs/usage/administration/admin_api/federation.md +212 -0
docs/usage/administration/admin_api/registration_tokens.md +298 -0
docs/usage/administration/admin_faq.md +294 -0
docs/usage/administration/backups.md +125 -0
docs/usage/administration/database_maintenance_tools.md +18 -0
docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md +77 -0
docs/usage/administration/monthly_active_users.md +84 -0
docs/usage/administration/request_log.md +44 -0
docs/usage/administration/state_groups.md +25 -0
docs/usage/administration/understanding_synapse_through_grafana_graphs.md +83 -0
docs/usage/administration/useful_sql_for_admins.md +216 -0
docs/usage/configuration/README.md +4 -0
docs/usage/configuration/config_documentation.md +4768 -0
docs/usage/configuration/homeserver_sample_config.md +17 -0
docs/usage/configuration/logging_sample_config.md +19 -0
docs/usage/configuration/user_authentication/README.md +15 -0
docs/usage/configuration/user_authentication/refresh_tokens.md +139 -0
docs/usage/configuration/user_authentication/single_sign_on/README.md +5 -0
docs/usage/configuration/user_authentication/single_sign_on/cas.md +8 -0
docs/usage/configuration/user_authentication/single_sign_on/saml.md +8 -0
docs/user_directory.md +130 -0
docs/website_files/README.md +35 -0
docs/website_files/indent-section-headers.css +7 -0
docs/website_files/remove-nav-buttons.css +8 -0
docs/website_files/table-of-contents.css +47 -0
docs/website_files/table-of-contents.js +148 -0
docs/website_files/theme/index.hbs +324 -0
docs/website_files/version-picker.css +78 -0
docs/website_files/version-picker.js +147 -0
docs/website_files/version.js +1 -0
docs/welcome_and_overview.md +67 -0
docs/workers.md +897 -0
matrix_synapse-1.145.0rc2.dist-info/METADATA +260 -0
matrix_synapse-1.145.0rc2.dist-info/RECORD +1636 -0
matrix_synapse-1.145.0rc2.dist-info/WHEEL +5 -0
matrix_synapse-1.145.0rc2.dist-info/entry_points.txt +13 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/AUTHORS.rst +51 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/LICENSE-AGPL-3.0 +661 -0
matrix_synapse-1.145.0rc2.dist-info/licenses/LICENSE-COMMERCIAL +6 -0
mypy.ini +115 -0
rust/Cargo.toml +63 -0
rust/build.rs +45 -0
scripts-dev/build_debian_packages.py +228 -0
scripts-dev/check-newsfragment.sh +62 -0
scripts-dev/check_line_terminators.sh +29 -0
scripts-dev/check_locked_deps_have_sdists.py +64 -0
scripts-dev/check_schema_delta.py +240 -0
scripts-dev/complement.sh +332 -0
scripts-dev/config-lint.sh +15 -0
scripts-dev/database-save.sh +15 -0
scripts-dev/docker_update_debian_changelog.sh +70 -0
scripts-dev/dump_macaroon.py +25 -0
scripts-dev/federation_client.py +428 -0
scripts-dev/gen_config_documentation.py +510 -0
scripts-dev/generate_sample_config.sh +28 -0
scripts-dev/lint.sh +141 -0
scripts-dev/make_full_schema.sh +310 -0
scripts-dev/mypy_synapse_plugin.py +918 -0
scripts-dev/next_github_number.sh +9 -0
scripts-dev/release.py +986 -0
scripts-dev/schema_versions.py +182 -0
scripts-dev/sign_json.py +172 -0
synapse/__init__.py +97 -0
synapse/_scripts/__init__.py +0 -0
synapse/_scripts/export_signing_key.py +109 -0
synapse/_scripts/generate_config.py +83 -0
synapse/_scripts/generate_log_config.py +56 -0
synapse/_scripts/generate_signing_key.py +55 -0
synapse/_scripts/generate_workers_map.py +318 -0
synapse/_scripts/hash_password.py +95 -0
synapse/_scripts/move_remote_media_to_new_store.py +128 -0
synapse/_scripts/register_new_matrix_user.py +402 -0
synapse/_scripts/review_recent_signups.py +212 -0
synapse/_scripts/synapse_port_db.py +1604 -0
synapse/_scripts/synctl.py +365 -0
synapse/_scripts/update_synapse_database.py +130 -0
synapse/api/__init__.py +20 -0
synapse/api/auth/__init__.py +207 -0
synapse/api/auth/base.py +406 -0
synapse/api/auth/internal.py +299 -0
synapse/api/auth/mas.py +436 -0
synapse/api/auth/msc3861_delegated.py +617 -0
synapse/api/auth_blocking.py +144 -0
synapse/api/constants.py +379 -0
synapse/api/errors.py +913 -0
synapse/api/filtering.py +537 -0
synapse/api/presence.py +102 -0
synapse/api/ratelimiting.py +481 -0
synapse/api/room_versions.py +535 -0
synapse/api/urls.py +118 -0
synapse/app/__init__.py +62 -0
synapse/app/_base.py +906 -0
synapse/app/admin_cmd.py +388 -0
synapse/app/appservice.py +30 -0
synapse/app/client_reader.py +30 -0
synapse/app/complement_fork_starter.py +206 -0
synapse/app/event_creator.py +29 -0
synapse/app/federation_reader.py +30 -0
synapse/app/federation_sender.py +30 -0
synapse/app/frontend_proxy.py +30 -0
synapse/app/generic_worker.py +475 -0
synapse/app/homeserver.py +505 -0
synapse/app/media_repository.py +30 -0
synapse/app/phone_stats_home.py +292 -0
synapse/app/pusher.py +30 -0
synapse/app/synchrotron.py +30 -0
synapse/app/user_dir.py +31 -0
synapse/appservice/__init__.py +458 -0
synapse/appservice/api.py +567 -0
synapse/appservice/scheduler.py +565 -0
synapse/config/__init__.py +27 -0
synapse/config/__main__.py +62 -0
synapse/config/_base.py +1154 -0
synapse/config/_base.pyi +216 -0
synapse/config/_util.py +99 -0
synapse/config/account_validity.py +116 -0
synapse/config/api.py +141 -0
synapse/config/appservice.py +210 -0
synapse/config/auth.py +80 -0
synapse/config/auto_accept_invites.py +43 -0
synapse/config/background_updates.py +44 -0
synapse/config/cache.py +231 -0
synapse/config/captcha.py +90 -0
synapse/config/cas.py +116 -0
synapse/config/consent.py +73 -0
synapse/config/database.py +184 -0
synapse/config/emailconfig.py +367 -0
synapse/config/experimental.py +601 -0
synapse/config/federation.py +114 -0
synapse/config/homeserver.py +141 -0
synapse/config/jwt.py +55 -0
synapse/config/key.py +447 -0
synapse/config/logger.py +390 -0
synapse/config/mas.py +192 -0
synapse/config/matrixrtc.py +66 -0
synapse/config/metrics.py +93 -0
synapse/config/modules.py +40 -0
synapse/config/oembed.py +185 -0
synapse/config/oidc.py +509 -0
synapse/config/password_auth_providers.py +82 -0
synapse/config/push.py +64 -0
synapse/config/ratelimiting.py +260 -0
synapse/config/redis.py +74 -0
synapse/config/registration.py +296 -0
synapse/config/repository.py +311 -0
synapse/config/retention.py +162 -0
synapse/config/room.py +88 -0
synapse/config/room_directory.py +165 -0
synapse/config/saml2.py +251 -0
synapse/config/server.py +1139 -0
synapse/config/server_notices.py +84 -0
synapse/config/spam_checker.py +66 -0
synapse/config/sso.py +121 -0
synapse/config/stats.py +54 -0
synapse/config/third_party_event_rules.py +40 -0
synapse/config/tls.py +192 -0
synapse/config/tracer.py +71 -0
synapse/config/user_directory.py +47 -0
synapse/config/user_types.py +42 -0
synapse/config/voip.py +59 -0
synapse/config/workers.py +642 -0
synapse/crypto/__init__.py +20 -0
synapse/crypto/context_factory.py +278 -0
synapse/crypto/event_signing.py +194 -0
synapse/crypto/keyring.py +980 -0
synapse/event_auth.py +1266 -0
synapse/events/__init__.py +667 -0
synapse/events/auto_accept_invites.py +216 -0
synapse/events/builder.py +387 -0
synapse/events/presence_router.py +243 -0
synapse/events/snapshot.py +559 -0
synapse/events/utils.py +924 -0
synapse/events/validator.py +305 -0
synapse/federation/__init__.py +22 -0
synapse/federation/federation_base.py +382 -0
synapse/federation/federation_client.py +2133 -0
synapse/federation/federation_server.py +1543 -0
synapse/federation/persistence.py +70 -0
synapse/federation/send_queue.py +532 -0
synapse/federation/sender/__init__.py +1165 -0
synapse/federation/sender/per_destination_queue.py +886 -0
synapse/federation/sender/transaction_manager.py +210 -0
synapse/federation/transport/__init__.py +28 -0
synapse/federation/transport/client.py +1199 -0
synapse/federation/transport/server/__init__.py +334 -0
synapse/federation/transport/server/_base.py +429 -0
synapse/federation/transport/server/federation.py +910 -0
synapse/federation/units.py +133 -0
synapse/handlers/__init__.py +20 -0
synapse/handlers/account.py +162 -0
synapse/handlers/account_data.py +360 -0
synapse/handlers/account_validity.py +362 -0
synapse/handlers/admin.py +615 -0
synapse/handlers/appservice.py +989 -0
synapse/handlers/auth.py +2482 -0
synapse/handlers/cas.py +413 -0
synapse/handlers/deactivate_account.py +363 -0
synapse/handlers/delayed_events.py +607 -0
synapse/handlers/device.py +1869 -0
synapse/handlers/devicemessage.py +399 -0
synapse/handlers/directory.py +545 -0
synapse/handlers/e2e_keys.py +1835 -0
synapse/handlers/e2e_room_keys.py +455 -0
synapse/handlers/event_auth.py +390 -0
synapse/handlers/events.py +203 -0
synapse/handlers/federation.py +2042 -0
synapse/handlers/federation_event.py +2420 -0
synapse/handlers/identity.py +812 -0
synapse/handlers/initial_sync.py +528 -0
synapse/handlers/jwt.py +120 -0
synapse/handlers/message.py +2357 -0
synapse/handlers/oidc.py +1801 -0
synapse/handlers/pagination.py +811 -0
synapse/handlers/password_policy.py +102 -0
synapse/handlers/presence.py +2634 -0
synapse/handlers/profile.py +656 -0
synapse/handlers/push_rules.py +164 -0
synapse/handlers/read_marker.py +79 -0
synapse/handlers/receipts.py +351 -0
synapse/handlers/register.py +1059 -0
synapse/handlers/relations.py +623 -0
synapse/handlers/reports.py +98 -0
synapse/handlers/room.py +2449 -0
synapse/handlers/room_list.py +632 -0
synapse/handlers/room_member.py +2366 -0
synapse/handlers/room_member_worker.py +146 -0
synapse/handlers/room_policy.py +186 -0
synapse/handlers/room_summary.py +1057 -0
synapse/handlers/saml.py +524 -0
synapse/handlers/search.py +723 -0
synapse/handlers/send_email.py +209 -0
synapse/handlers/set_password.py +71 -0
synapse/handlers/sliding_sync/__init__.py +1961 -0
synapse/handlers/sliding_sync/extensions.py +969 -0
synapse/handlers/sliding_sync/room_lists.py +2317 -0
synapse/handlers/sliding_sync/store.py +126 -0
synapse/handlers/sso.py +1291 -0
synapse/handlers/state_deltas.py +82 -0
synapse/handlers/stats.py +322 -0
synapse/handlers/sync.py +3096 -0
synapse/handlers/thread_subscriptions.py +190 -0
synapse/handlers/typing.py +612 -0
synapse/handlers/ui_auth/__init__.py +48 -0
synapse/handlers/ui_auth/checkers.py +332 -0
synapse/handlers/user_directory.py +786 -0
synapse/handlers/worker_lock.py +371 -0
synapse/http/__init__.py +105 -0
synapse/http/additional_resource.py +62 -0
synapse/http/client.py +1377 -0
synapse/http/connectproxyclient.py +316 -0
synapse/http/federation/__init__.py +19 -0
synapse/http/federation/matrix_federation_agent.py +490 -0
synapse/http/federation/srv_resolver.py +196 -0
synapse/http/federation/well_known_resolver.py +368 -0
synapse/http/matrixfederationclient.py +1874 -0
synapse/http/proxy.py +290 -0
synapse/http/proxyagent.py +497 -0
synapse/http/replicationagent.py +203 -0
synapse/http/request_metrics.py +309 -0
synapse/http/server.py +1111 -0
synapse/http/servlet.py +1018 -0
synapse/http/site.py +952 -0
synapse/http/types.py +27 -0
synapse/logging/__init__.py +31 -0
synapse/logging/_remote.py +261 -0
synapse/logging/_terse_json.py +95 -0
synapse/logging/context.py +1209 -0
synapse/logging/formatter.py +62 -0
synapse/logging/handlers.py +99 -0
synapse/logging/loggers.py +25 -0
synapse/logging/opentracing.py +1132 -0
synapse/logging/scopecontextmanager.py +160 -0
synapse/media/_base.py +831 -0
synapse/media/filepath.py +417 -0
synapse/media/media_repository.py +1595 -0
synapse/media/media_storage.py +703 -0
synapse/media/oembed.py +277 -0
synapse/media/preview_html.py +556 -0
synapse/media/storage_provider.py +195 -0
synapse/media/thumbnailer.py +833 -0
synapse/media/url_previewer.py +884 -0
synapse/metrics/__init__.py +748 -0
synapse/metrics/_gc.py +219 -0
synapse/metrics/_reactor_metrics.py +171 -0
synapse/metrics/_types.py +38 -0
synapse/metrics/background_process_metrics.py +555 -0
synapse/metrics/common_usage_metrics.py +95 -0
synapse/metrics/jemalloc.py +248 -0
synapse/module_api/__init__.py +2131 -0
synapse/module_api/callbacks/__init__.py +50 -0
synapse/module_api/callbacks/account_validity_callbacks.py +106 -0
synapse/module_api/callbacks/media_repository_callbacks.py +157 -0
synapse/module_api/callbacks/ratelimit_callbacks.py +78 -0
synapse/module_api/callbacks/spamchecker_callbacks.py +991 -0
synapse/module_api/callbacks/third_party_event_rules_callbacks.py +592 -0
synapse/module_api/errors.py +42 -0
synapse/notifier.py +969 -0
synapse/push/__init__.py +212 -0
synapse/push/bulk_push_rule_evaluator.py +635 -0
synapse/push/clientformat.py +126 -0
synapse/push/emailpusher.py +334 -0
synapse/push/httppusher.py +565 -0
synapse/push/mailer.py +1009 -0
synapse/push/presentable_names.py +216 -0
synapse/push/push_tools.py +114 -0
synapse/push/push_types.py +141 -0
synapse/push/pusher.py +87 -0
synapse/push/pusherpool.py +501 -0
synapse/push/rulekinds.py +33 -0
synapse/py.typed +0 -0
synapse/replication/__init__.py +20 -0
synapse/replication/http/__init__.py +68 -0
synapse/replication/http/_base.py +469 -0
synapse/replication/http/account_data.py +297 -0
synapse/replication/http/deactivate_account.py +81 -0
synapse/replication/http/delayed_events.py +62 -0
synapse/replication/http/devices.py +254 -0
synapse/replication/http/federation.py +334 -0
synapse/replication/http/login.py +106 -0
synapse/replication/http/membership.py +364 -0
synapse/replication/http/presence.py +133 -0
synapse/replication/http/push.py +156 -0
synapse/replication/http/register.py +172 -0
synapse/replication/http/send_events.py +182 -0
synapse/replication/http/state.py +82 -0
synapse/replication/http/streams.py +101 -0
synapse/replication/tcp/__init__.py +56 -0
synapse/replication/tcp/client.py +553 -0
synapse/replication/tcp/commands.py +569 -0
synapse/replication/tcp/context.py +41 -0
synapse/replication/tcp/external_cache.py +156 -0
synapse/replication/tcp/handler.py +922 -0
synapse/replication/tcp/protocol.py +611 -0
synapse/replication/tcp/redis.py +510 -0
synapse/replication/tcp/resource.py +349 -0
synapse/replication/tcp/streams/__init__.py +96 -0
synapse/replication/tcp/streams/_base.py +765 -0
synapse/replication/tcp/streams/events.py +287 -0
synapse/replication/tcp/streams/federation.py +92 -0
synapse/replication/tcp/streams/partial_state.py +80 -0
synapse/res/providers.json +29 -0
synapse/res/templates/_base.html +29 -0
synapse/res/templates/account_previously_renewed.html +6 -0
synapse/res/templates/account_renewed.html +6 -0
synapse/res/templates/add_threepid.html +8 -0
synapse/res/templates/add_threepid.txt +6 -0
synapse/res/templates/add_threepid_failure.html +7 -0
synapse/res/templates/add_threepid_success.html +6 -0
synapse/res/templates/already_in_use.html +12 -0
synapse/res/templates/already_in_use.txt +10 -0
synapse/res/templates/auth_success.html +21 -0
synapse/res/templates/invalid_token.html +6 -0
synapse/res/templates/mail-Element.css +7 -0
synapse/res/templates/mail-Vector.css +7 -0
synapse/res/templates/mail-expiry.css +4 -0
synapse/res/templates/mail.css +156 -0
synapse/res/templates/notice_expiry.html +46 -0
synapse/res/templates/notice_expiry.txt +7 -0
synapse/res/templates/notif.html +51 -0
synapse/res/templates/notif.txt +22 -0
synapse/res/templates/notif_mail.html +59 -0
synapse/res/templates/notif_mail.txt +10 -0
synapse/res/templates/password_reset.html +10 -0
synapse/res/templates/password_reset.txt +7 -0
synapse/res/templates/password_reset_confirmation.html +15 -0
synapse/res/templates/password_reset_failure.html +7 -0
synapse/res/templates/password_reset_success.html +6 -0
synapse/res/templates/recaptcha.html +42 -0
synapse/res/templates/registration.html +12 -0
synapse/res/templates/registration.txt +10 -0
synapse/res/templates/registration_failure.html +6 -0
synapse/res/templates/registration_success.html +6 -0
synapse/res/templates/registration_token.html +18 -0
synapse/res/templates/room.html +33 -0
synapse/res/templates/room.txt +9 -0
synapse/res/templates/sso.css +129 -0
synapse/res/templates/sso_account_deactivated.html +25 -0
synapse/res/templates/sso_auth_account_details.html +186 -0
synapse/res/templates/sso_auth_account_details.js +116 -0
synapse/res/templates/sso_auth_bad_user.html +26 -0
synapse/res/templates/sso_auth_confirm.html +27 -0
synapse/res/templates/sso_auth_success.html +26 -0
synapse/res/templates/sso_error.html +71 -0
synapse/res/templates/sso_footer.html +19 -0
synapse/res/templates/sso_login_idp_picker.html +60 -0
synapse/res/templates/sso_new_user_consent.html +30 -0
synapse/res/templates/sso_partial_profile.html +19 -0
synapse/res/templates/sso_redirect_confirm.html +39 -0
synapse/res/templates/style.css +33 -0
synapse/res/templates/terms.html +27 -0
synapse/rest/__init__.py +197 -0
synapse/rest/admin/__init__.py +395 -0
synapse/rest/admin/_base.py +72 -0
synapse/rest/admin/background_updates.py +171 -0
synapse/rest/admin/devices.py +221 -0
synapse/rest/admin/event_reports.py +173 -0
synapse/rest/admin/events.py +69 -0
synapse/rest/admin/experimental_features.py +137 -0
synapse/rest/admin/federation.py +243 -0
synapse/rest/admin/media.py +540 -0
synapse/rest/admin/registration_tokens.py +358 -0
synapse/rest/admin/rooms.py +1092 -0
synapse/rest/admin/scheduled_tasks.py +70 -0
synapse/rest/admin/server_notice_servlet.py +132 -0
synapse/rest/admin/statistics.py +132 -0
synapse/rest/admin/username_available.py +58 -0
synapse/rest/admin/users.py +1634 -0
synapse/rest/client/__init__.py +20 -0
synapse/rest/client/_base.py +113 -0
synapse/rest/client/account.py +937 -0
synapse/rest/client/account_data.py +319 -0
synapse/rest/client/account_validity.py +103 -0
synapse/rest/client/appservice_ping.py +125 -0
synapse/rest/client/auth.py +218 -0
synapse/rest/client/auth_metadata.py +122 -0
synapse/rest/client/capabilities.py +121 -0
synapse/rest/client/delayed_events.py +165 -0
synapse/rest/client/devices.py +587 -0
synapse/rest/client/directory.py +211 -0
synapse/rest/client/events.py +116 -0
synapse/rest/client/filter.py +112 -0
synapse/rest/client/initial_sync.py +65 -0
synapse/rest/client/keys.py +678 -0
synapse/rest/client/knock.py +104 -0
synapse/rest/client/login.py +750 -0
synapse/rest/client/login_token_request.py +127 -0
synapse/rest/client/logout.py +93 -0
synapse/rest/client/matrixrtc.py +52 -0
synapse/rest/client/media.py +307 -0
synapse/rest/client/mutual_rooms.py +145 -0
synapse/rest/client/notifications.py +137 -0
synapse/rest/client/openid.py +109 -0
synapse/rest/client/password_policy.py +69 -0
synapse/rest/client/presence.py +131 -0
synapse/rest/client/profile.py +291 -0
synapse/rest/client/push_rule.py +331 -0
synapse/rest/client/pusher.py +181 -0
synapse/rest/client/read_marker.py +104 -0
synapse/rest/client/receipts.py +165 -0
synapse/rest/client/register.py +1072 -0
synapse/rest/client/relations.py +138 -0
synapse/rest/client/rendezvous.py +76 -0
synapse/rest/client/reporting.py +207 -0
synapse/rest/client/room.py +1763 -0
synapse/rest/client/room_keys.py +426 -0
synapse/rest/client/room_upgrade_rest_servlet.py +112 -0
synapse/rest/client/sendtodevice.py +85 -0
synapse/rest/client/sync.py +1131 -0
synapse/rest/client/tags.py +129 -0
synapse/rest/client/thirdparty.py +130 -0
synapse/rest/client/thread_subscriptions.py +247 -0
synapse/rest/client/tokenrefresh.py +52 -0
synapse/rest/client/transactions.py +150 -0
synapse/rest/client/user_directory.py +99 -0
synapse/rest/client/versions.py +193 -0
synapse/rest/client/voip.py +88 -0
synapse/rest/consent/__init__.py +0 -0
synapse/rest/consent/consent_resource.py +210 -0
synapse/rest/health.py +38 -0
synapse/rest/key/__init__.py +20 -0
synapse/rest/key/v2/__init__.py +40 -0
synapse/rest/key/v2/local_key_resource.py +125 -0
synapse/rest/key/v2/remote_key_resource.py +302 -0
synapse/rest/media/__init__.py +0 -0
synapse/rest/media/config_resource.py +53 -0
synapse/rest/media/create_resource.py +90 -0
synapse/rest/media/download_resource.py +110 -0
synapse/rest/media/media_repository_resource.py +113 -0
synapse/rest/media/preview_url_resource.py +77 -0
synapse/rest/media/thumbnail_resource.py +142 -0
synapse/rest/media/upload_resource.py +187 -0
synapse/rest/media/v1/__init__.py +39 -0
synapse/rest/media/v1/_base.py +23 -0
synapse/rest/media/v1/media_storage.py +23 -0
synapse/rest/media/v1/storage_provider.py +23 -0
synapse/rest/synapse/__init__.py +20 -0
synapse/rest/synapse/client/__init__.py +93 -0
synapse/rest/synapse/client/federation_whitelist.py +66 -0
synapse/rest/synapse/client/jwks.py +77 -0
synapse/rest/synapse/client/new_user_consent.py +115 -0
synapse/rest/synapse/client/oidc/__init__.py +45 -0
synapse/rest/synapse/client/oidc/backchannel_logout_resource.py +42 -0
synapse/rest/synapse/client/oidc/callback_resource.py +48 -0
synapse/rest/synapse/client/password_reset.py +129 -0
synapse/rest/synapse/client/pick_idp.py +107 -0
synapse/rest/synapse/client/pick_username.py +153 -0
synapse/rest/synapse/client/rendezvous.py +58 -0
synapse/rest/synapse/client/saml2/__init__.py +42 -0
synapse/rest/synapse/client/saml2/metadata_resource.py +46 -0
synapse/rest/synapse/client/saml2/response_resource.py +52 -0
synapse/rest/synapse/client/sso_register.py +56 -0
synapse/rest/synapse/client/unsubscribe.py +88 -0
synapse/rest/synapse/mas/__init__.py +71 -0
synapse/rest/synapse/mas/_base.py +55 -0
synapse/rest/synapse/mas/devices.py +239 -0
synapse/rest/synapse/mas/users.py +469 -0
synapse/rest/well_known.py +148 -0
synapse/server.py +1279 -0
synapse/server_notices/__init__.py +0 -0
synapse/server_notices/consent_server_notices.py +136 -0
synapse/server_notices/resource_limits_server_notices.py +215 -0
synapse/server_notices/server_notices_manager.py +388 -0
synapse/server_notices/server_notices_sender.py +67 -0
synapse/server_notices/worker_server_notices_sender.py +46 -0
synapse/spam_checker_api/__init__.py +31 -0
synapse/state/__init__.py +1023 -0
synapse/state/v1.py +369 -0
synapse/state/v2.py +985 -0
synapse/static/client/login/index.html +47 -0
synapse/static/client/login/js/jquery-3.4.1.min.js +2 -0
synapse/static/client/login/js/login.js +291 -0
synapse/static/client/login/spinner.gif +0 -0
synapse/static/client/login/style.css +79 -0
synapse/static/index.html +63 -0
synapse/storage/__init__.py +43 -0
synapse/storage/_base.py +245 -0
synapse/storage/admin_client_config.py +25 -0
synapse/storage/background_updates.py +1189 -0
synapse/storage/controllers/__init__.py +57 -0
synapse/storage/controllers/persist_events.py +1237 -0
synapse/storage/controllers/purge_events.py +456 -0
synapse/storage/controllers/state.py +950 -0
synapse/storage/controllers/stats.py +119 -0
synapse/storage/database.py +2720 -0
synapse/storage/databases/__init__.py +175 -0
synapse/storage/databases/main/__init__.py +420 -0
synapse/storage/databases/main/account_data.py +1073 -0
synapse/storage/databases/main/appservice.py +473 -0
synapse/storage/databases/main/cache.py +912 -0
synapse/storage/databases/main/censor_events.py +226 -0
synapse/storage/databases/main/client_ips.py +816 -0
synapse/storage/databases/main/delayed_events.py +577 -0
synapse/storage/databases/main/deviceinbox.py +1272 -0
synapse/storage/databases/main/devices.py +2579 -0
synapse/storage/databases/main/directory.py +212 -0
synapse/storage/databases/main/e2e_room_keys.py +689 -0
synapse/storage/databases/main/end_to_end_keys.py +1894 -0
synapse/storage/databases/main/event_federation.py +2511 -0
synapse/storage/databases/main/event_push_actions.py +1936 -0
synapse/storage/databases/main/events.py +3765 -0
synapse/storage/databases/main/events_bg_updates.py +2910 -0
synapse/storage/databases/main/events_forward_extremities.py +126 -0
synapse/storage/databases/main/events_worker.py +2787 -0
synapse/storage/databases/main/experimental_features.py +130 -0
synapse/storage/databases/main/filtering.py +231 -0
synapse/storage/databases/main/keys.py +291 -0
synapse/storage/databases/main/lock.py +554 -0
synapse/storage/databases/main/media_repository.py +1068 -0
synapse/storage/databases/main/metrics.py +461 -0
synapse/storage/databases/main/monthly_active_users.py +443 -0
synapse/storage/databases/main/openid.py +60 -0
synapse/storage/databases/main/presence.py +509 -0
synapse/storage/databases/main/profile.py +539 -0
synapse/storage/databases/main/purge_events.py +521 -0
synapse/storage/databases/main/push_rule.py +970 -0
synapse/storage/databases/main/pusher.py +793 -0
synapse/storage/databases/main/receipts.py +1341 -0
synapse/storage/databases/main/registration.py +3071 -0
synapse/storage/databases/main/rejections.py +37 -0
synapse/storage/databases/main/relations.py +1116 -0
synapse/storage/databases/main/room.py +2779 -0
synapse/storage/databases/main/roommember.py +2132 -0
synapse/storage/databases/main/search.py +939 -0
synapse/storage/databases/main/session.py +152 -0
synapse/storage/databases/main/signatures.py +94 -0
synapse/storage/databases/main/sliding_sync.py +842 -0
synapse/storage/databases/main/state.py +1002 -0
synapse/storage/databases/main/state_deltas.py +360 -0
synapse/storage/databases/main/stats.py +789 -0
synapse/storage/databases/main/stream.py +2589 -0
synapse/storage/databases/main/tags.py +360 -0
synapse/storage/databases/main/task_scheduler.py +225 -0
synapse/storage/databases/main/thread_subscriptions.py +589 -0
synapse/storage/databases/main/transactions.py +676 -0
synapse/storage/databases/main/ui_auth.py +420 -0
synapse/storage/databases/main/user_directory.py +1330 -0
synapse/storage/databases/main/user_erasure_store.py +117 -0
synapse/storage/databases/state/__init__.py +22 -0
synapse/storage/databases/state/bg_updates.py +497 -0
synapse/storage/databases/state/deletion.py +557 -0
synapse/storage/databases/state/store.py +948 -0
synapse/storage/engines/__init__.py +70 -0
synapse/storage/engines/_base.py +154 -0
synapse/storage/engines/postgres.py +261 -0
synapse/storage/engines/sqlite.py +199 -0
synapse/storage/invite_rule.py +152 -0
synapse/storage/keys.py +40 -0
synapse/storage/prepare_database.py +730 -0
synapse/storage/push_rule.py +28 -0
synapse/storage/roommember.py +88 -0
synapse/storage/schema/README.md +4 -0
synapse/storage/schema/__init__.py +186 -0
synapse/storage/schema/common/delta/25/00background_updates.sql +40 -0
synapse/storage/schema/common/delta/35/00background_updates_add_col.sql +36 -0
synapse/storage/schema/common/delta/58/00background_update_ordering.sql +38 -0
synapse/storage/schema/common/full_schemas/72/full.sql.postgres +8 -0
synapse/storage/schema/common/full_schemas/72/full.sql.sqlite +6 -0
synapse/storage/schema/common/schema_version.sql +60 -0
synapse/storage/schema/main/delta/12/v12.sql +82 -0
synapse/storage/schema/main/delta/13/v13.sql +38 -0
synapse/storage/schema/main/delta/14/v14.sql +42 -0
synapse/storage/schema/main/delta/15/appservice_txns.sql +50 -0
synapse/storage/schema/main/delta/15/presence_indices.sql +2 -0
synapse/storage/schema/main/delta/15/v15.sql +24 -0
synapse/storage/schema/main/delta/16/events_order_index.sql +4 -0
synapse/storage/schema/main/delta/16/remote_media_cache_index.sql +2 -0
synapse/storage/schema/main/delta/16/remove_duplicates.sql +9 -0
synapse/storage/schema/main/delta/16/room_alias_index.sql +3 -0
synapse/storage/schema/main/delta/16/unique_constraints.sql +72 -0
synapse/storage/schema/main/delta/16/users.sql +56 -0
synapse/storage/schema/main/delta/17/drop_indexes.sql +37 -0
synapse/storage/schema/main/delta/17/server_keys.sql +43 -0
synapse/storage/schema/main/delta/17/user_threepids.sql +9 -0
synapse/storage/schema/main/delta/18/server_keys_bigger_ints.sql +51 -0
synapse/storage/schema/main/delta/19/event_index.sql +38 -0
synapse/storage/schema/main/delta/20/dummy.sql +1 -0
synapse/storage/schema/main/delta/20/pushers.py +93 -0
synapse/storage/schema/main/delta/21/end_to_end_keys.sql +53 -0
synapse/storage/schema/main/delta/21/receipts.sql +57 -0
synapse/storage/schema/main/delta/22/receipts_index.sql +41 -0
synapse/storage/schema/main/delta/22/user_threepids_unique.sql +19 -0
synapse/storage/schema/main/delta/24/stats_reporting.sql +37 -0
synapse/storage/schema/main/delta/25/fts.py +81 -0
synapse/storage/schema/main/delta/25/guest_access.sql +44 -0
synapse/storage/schema/main/delta/25/history_visibility.sql +44 -0
synapse/storage/schema/main/delta/25/tags.sql +57 -0
synapse/storage/schema/main/delta/26/account_data.sql +36 -0
synapse/storage/schema/main/delta/27/account_data.sql +55 -0
synapse/storage/schema/main/delta/27/forgotten_memberships.sql +45 -0
synapse/storage/schema/main/delta/27/ts.py +61 -0
synapse/storage/schema/main/delta/28/event_push_actions.sql +46 -0
synapse/storage/schema/main/delta/28/events_room_stream.sql +39 -0
synapse/storage/schema/main/delta/28/public_roms_index.sql +39 -0
synapse/storage/schema/main/delta/28/receipts_user_id_index.sql +41 -0
synapse/storage/schema/main/delta/28/upgrade_times.sql +40 -0
synapse/storage/schema/main/delta/28/users_is_guest.sql +41 -0
synapse/storage/schema/main/delta/29/push_actions.sql +54 -0
synapse/storage/schema/main/delta/30/alias_creator.sql +35 -0
synapse/storage/schema/main/delta/30/as_users.py +82 -0
synapse/storage/schema/main/delta/30/deleted_pushers.sql +44 -0
synapse/storage/schema/main/delta/30/presence_stream.sql +49 -0
synapse/storage/schema/main/delta/30/public_rooms.sql +42 -0
synapse/storage/schema/main/delta/30/push_rule_stream.sql +57 -0
synapse/storage/schema/main/delta/30/threepid_guest_access_tokens.sql +43 -0
synapse/storage/schema/main/delta/31/invites.sql +61 -0
synapse/storage/schema/main/delta/31/local_media_repository_url_cache.sql +46 -0
synapse/storage/schema/main/delta/31/pushers_0.py +92 -0
synapse/storage/schema/main/delta/31/pushers_index.sql +41 -0
synapse/storage/schema/main/delta/31/search_update.py +65 -0
synapse/storage/schema/main/delta/32/events.sql +35 -0
synapse/storage/schema/main/delta/32/openid.sql +9 -0
synapse/storage/schema/main/delta/32/pusher_throttle.sql +42 -0
synapse/storage/schema/main/delta/32/remove_indices.sql +52 -0
synapse/storage/schema/main/delta/32/reports.sql +44 -0
synapse/storage/schema/main/delta/33/access_tokens_device_index.sql +36 -0
synapse/storage/schema/main/delta/33/devices.sql +40 -0
synapse/storage/schema/main/delta/33/devices_for_e2e_keys.sql +38 -0
synapse/storage/schema/main/delta/33/devices_for_e2e_keys_clear_unknown_device.sql +39 -0
synapse/storage/schema/main/delta/33/event_fields.py +61 -0
synapse/storage/schema/main/delta/33/remote_media_ts.py +43 -0
synapse/storage/schema/main/delta/33/user_ips_index.sql +36 -0
synapse/storage/schema/main/delta/34/appservice_stream.sql +42 -0
synapse/storage/schema/main/delta/34/cache_stream.py +50 -0
synapse/storage/schema/main/delta/34/device_inbox.sql +43 -0
synapse/storage/schema/main/delta/34/push_display_name_rename.sql +39 -0
synapse/storage/schema/main/delta/34/received_txn_purge.py +36 -0
synapse/storage/schema/main/delta/35/contains_url.sql +36 -0
synapse/storage/schema/main/delta/35/device_outbox.sql +58 -0
synapse/storage/schema/main/delta/35/device_stream_id.sql +40 -0
synapse/storage/schema/main/delta/35/event_push_actions_index.sql +36 -0
synapse/storage/schema/main/delta/35/public_room_list_change_stream.sql +52 -0
synapse/storage/schema/main/delta/35/stream_order_to_extrem.sql +56 -0
synapse/storage/schema/main/delta/36/readd_public_rooms.sql +45 -0
synapse/storage/schema/main/delta/37/remove_auth_idx.py +89 -0
synapse/storage/schema/main/delta/37/user_threepids.sql +71 -0
synapse/storage/schema/main/delta/38/postgres_fts_gist.sql +38 -0
synapse/storage/schema/main/delta/39/appservice_room_list.sql +48 -0
synapse/storage/schema/main/delta/39/device_federation_stream_idx.sql +35 -0
synapse/storage/schema/main/delta/39/event_push_index.sql +36 -0
synapse/storage/schema/main/delta/39/federation_out_position.sql +41 -0
synapse/storage/schema/main/delta/39/membership_profile.sql +39 -0
synapse/storage/schema/main/delta/40/current_state_idx.sql +36 -0
synapse/storage/schema/main/delta/40/device_inbox.sql +40 -0
synapse/storage/schema/main/delta/40/device_list_streams.sql +79 -0
synapse/storage/schema/main/delta/40/event_push_summary.sql +57 -0
synapse/storage/schema/main/delta/40/pushers.sql +58 -0
synapse/storage/schema/main/delta/41/device_list_stream_idx.sql +36 -0
synapse/storage/schema/main/delta/41/device_outbound_index.sql +35 -0
synapse/storage/schema/main/delta/41/event_search_event_id_idx.sql +36 -0
synapse/storage/schema/main/delta/41/ratelimit.sql +41 -0
synapse/storage/schema/main/delta/42/current_state_delta.sql +48 -0
synapse/storage/schema/main/delta/42/device_list_last_id.sql +52 -0
synapse/storage/schema/main/delta/42/event_auth_state_only.sql +36 -0
synapse/storage/schema/main/delta/42/user_dir.py +88 -0
synapse/storage/schema/main/delta/43/blocked_rooms.sql +40 -0
synapse/storage/schema/main/delta/43/quarantine_media.sql +36 -0
synapse/storage/schema/main/delta/43/url_cache.sql +35 -0
synapse/storage/schema/main/delta/43/user_share.sql +52 -0
synapse/storage/schema/main/delta/44/expire_url_cache.sql +60 -0
synapse/storage/schema/main/delta/45/group_server.sql +186 -0
synapse/storage/schema/main/delta/45/profile_cache.sql +47 -0
synapse/storage/schema/main/delta/46/drop_refresh_tokens.sql +36 -0
synapse/storage/schema/main/delta/46/drop_unique_deleted_pushers.sql +54 -0
synapse/storage/schema/main/delta/46/group_server.sql +51 -0
synapse/storage/schema/main/delta/46/local_media_repository_url_idx.sql +43 -0
synapse/storage/schema/main/delta/46/user_dir_null_room_ids.sql +54 -0
synapse/storage/schema/main/delta/46/user_dir_typos.sql +43 -0
synapse/storage/schema/main/delta/47/last_access_media.sql +35 -0
synapse/storage/schema/main/delta/47/postgres_fts_gin.sql +36 -0
synapse/storage/schema/main/delta/47/push_actions_staging.sql +47 -0
synapse/storage/schema/main/delta/48/add_user_consent.sql +37 -0
synapse/storage/schema/main/delta/48/add_user_ips_last_seen_index.sql +36 -0
synapse/storage/schema/main/delta/48/deactivated_users.sql +44 -0
synapse/storage/schema/main/delta/48/group_unique_indexes.py +67 -0
synapse/storage/schema/main/delta/48/groups_joinable.sql +41 -0
synapse/storage/schema/main/delta/49/add_user_consent_server_notice_sent.sql +39 -0
synapse/storage/schema/main/delta/49/add_user_daily_visits.sql +40 -0
synapse/storage/schema/main/delta/49/add_user_ips_last_seen_only_index.sql +36 -0
synapse/storage/schema/main/delta/50/add_creation_ts_users_index.sql +38 -0
synapse/storage/schema/main/delta/50/erasure_store.sql +40 -0
synapse/storage/schema/main/delta/50/make_event_content_nullable.py +102 -0
synapse/storage/schema/main/delta/51/e2e_room_keys.sql +58 -0
synapse/storage/schema/main/delta/51/monthly_active_users.sql +46 -0
synapse/storage/schema/main/delta/52/add_event_to_state_group_index.sql +38 -0
synapse/storage/schema/main/delta/52/device_list_streams_unique_idx.sql +55 -0
synapse/storage/schema/main/delta/52/e2e_room_keys.sql +72 -0
synapse/storage/schema/main/delta/53/add_user_type_to_users.sql +38 -0
synapse/storage/schema/main/delta/53/drop_sent_transactions.sql +35 -0
synapse/storage/schema/main/delta/53/event_format_version.sql +35 -0
synapse/storage/schema/main/delta/53/user_dir_populate.sql +49 -0
synapse/storage/schema/main/delta/53/user_ips_index.sql +49 -0
synapse/storage/schema/main/delta/53/user_share.sql +63 -0
synapse/storage/schema/main/delta/53/user_threepid_id.sql +48 -0
synapse/storage/schema/main/delta/53/users_in_public_rooms.sql +47 -0
synapse/storage/schema/main/delta/54/account_validity_with_renewal.sql +49 -0
synapse/storage/schema/main/delta/54/add_validity_to_server_keys.sql +42 -0
synapse/storage/schema/main/delta/54/delete_forward_extremities.sql +42 -0
synapse/storage/schema/main/delta/54/drop_legacy_tables.sql +49 -0
synapse/storage/schema/main/delta/54/drop_presence_list.sql +35 -0
synapse/storage/schema/main/delta/54/relations.sql +46 -0
synapse/storage/schema/main/delta/54/stats.sql +99 -0
synapse/storage/schema/main/delta/54/stats2.sql +47 -0
synapse/storage/schema/main/delta/55/access_token_expiry.sql +37 -0
synapse/storage/schema/main/delta/55/track_threepid_validations.sql +50 -0
synapse/storage/schema/main/delta/55/users_alter_deactivated.sql +38 -0
synapse/storage/schema/main/delta/56/add_spans_to_device_lists.sql +39 -0
synapse/storage/schema/main/delta/56/current_state_events_membership.sql +41 -0
synapse/storage/schema/main/delta/56/current_state_events_membership_mk2.sql +43 -0
synapse/storage/schema/main/delta/56/delete_keys_from_deleted_backups.sql +44 -0
synapse/storage/schema/main/delta/56/destinations_failure_ts.sql +44 -0
synapse/storage/schema/main/delta/56/destinations_retry_interval_type.sql.postgres +18 -0
synapse/storage/schema/main/delta/56/device_stream_id_insert.sql +39 -0
synapse/storage/schema/main/delta/56/devices_last_seen.sql +43 -0
synapse/storage/schema/main/delta/56/drop_unused_event_tables.sql +39 -0
synapse/storage/schema/main/delta/56/event_expiry.sql +40 -0
synapse/storage/schema/main/delta/56/event_labels.sql +49 -0
synapse/storage/schema/main/delta/56/event_labels_background_update.sql +36 -0
synapse/storage/schema/main/delta/56/fix_room_keys_index.sql +37 -0
synapse/storage/schema/main/delta/56/hidden_devices.sql +37 -0
synapse/storage/schema/main/delta/56/hidden_devices_fix.sql.sqlite +42 -0
synapse/storage/schema/main/delta/56/nuke_empty_communities_from_db.sql +48 -0
synapse/storage/schema/main/delta/56/public_room_list_idx.sql +35 -0
synapse/storage/schema/main/delta/56/redaction_censor.sql +35 -0
synapse/storage/schema/main/delta/56/redaction_censor2.sql +41 -0
synapse/storage/schema/main/delta/56/redaction_censor3_fix_update.sql.postgres +25 -0
synapse/storage/schema/main/delta/56/redaction_censor4.sql +35 -0
synapse/storage/schema/main/delta/56/remove_tombstoned_rooms_from_directory.sql +38 -0
synapse/storage/schema/main/delta/56/room_key_etag.sql +36 -0
synapse/storage/schema/main/delta/56/room_membership_idx.sql +37 -0
synapse/storage/schema/main/delta/56/room_retention.sql +52 -0
synapse/storage/schema/main/delta/56/signing_keys.sql +75 -0
synapse/storage/schema/main/delta/56/signing_keys_nonunique_signatures.sql +41 -0
synapse/storage/schema/main/delta/56/stats_separated.sql +175 -0
synapse/storage/schema/main/delta/56/unique_user_filter_index.py +46 -0
synapse/storage/schema/main/delta/56/user_external_ids.sql +43 -0
synapse/storage/schema/main/delta/56/users_in_public_rooms_idx.sql +36 -0
synapse/storage/schema/main/delta/57/delete_old_current_state_events.sql +41 -0
synapse/storage/schema/main/delta/57/device_list_remote_cache_stale.sql +44 -0
synapse/storage/schema/main/delta/57/local_current_membership.py +111 -0
synapse/storage/schema/main/delta/57/remove_sent_outbound_pokes.sql +40 -0
synapse/storage/schema/main/delta/57/rooms_version_column.sql +43 -0
synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.postgres +35 -0
synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.sqlite +22 -0
synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.postgres +39 -0
synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.sqlite +23 -0
synapse/storage/schema/main/delta/58/02remove_dup_outbound_pokes.sql +41 -0
synapse/storage/schema/main/delta/58/03persist_ui_auth.sql +55 -0
synapse/storage/schema/main/delta/58/05cache_instance.sql.postgres +30 -0
synapse/storage/schema/main/delta/58/06dlols_unique_idx.py +83 -0
synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.postgres +33 -0
synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.sqlite +44 -0
synapse/storage/schema/main/delta/58/07persist_ui_auth_ips.sql +44 -0
synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.postgres +18 -0
synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.sqlite +18 -0
synapse/storage/schema/main/delta/58/09shadow_ban.sql +37 -0
synapse/storage/schema/main/delta/58/10_pushrules_enabled_delete_obsolete.sql +47 -0
synapse/storage/schema/main/delta/58/10drop_local_rejections_stream.sql +41 -0
synapse/storage/schema/main/delta/58/10federation_pos_instance_name.sql +41 -0
synapse/storage/schema/main/delta/58/11dehydration.sql +39 -0
synapse/storage/schema/main/delta/58/11fallback.sql +43 -0
synapse/storage/schema/main/delta/58/11user_id_seq.py +38 -0
synapse/storage/schema/main/delta/58/12room_stats.sql +51 -0
synapse/storage/schema/main/delta/58/13remove_presence_allow_inbound.sql +36 -0
synapse/storage/schema/main/delta/58/14events_instance_name.sql +35 -0
synapse/storage/schema/main/delta/58/14events_instance_name.sql.postgres +28 -0
synapse/storage/schema/main/delta/58/15_catchup_destination_rooms.sql +61 -0
synapse/storage/schema/main/delta/58/15unread_count.sql +45 -0
synapse/storage/schema/main/delta/58/16populate_stats_process_rooms_fix.sql +41 -0
synapse/storage/schema/main/delta/58/17_catchup_last_successful.sql +40 -0
synapse/storage/schema/main/delta/58/18stream_positions.sql +41 -0
synapse/storage/schema/main/delta/58/19instance_map.sql.postgres +25 -0
synapse/storage/schema/main/delta/58/19txn_id.sql +59 -0
synapse/storage/schema/main/delta/58/20instance_name_event_tables.sql +36 -0
synapse/storage/schema/main/delta/58/20user_daily_visits.sql +37 -0
synapse/storage/schema/main/delta/58/21as_device_stream.sql +36 -0
synapse/storage/schema/main/delta/58/21drop_device_max_stream_id.sql +1 -0
synapse/storage/schema/main/delta/58/22puppet_token.sql +36 -0
synapse/storage/schema/main/delta/58/22users_have_local_media.sql +2 -0
synapse/storage/schema/main/delta/58/23e2e_cross_signing_keys_idx.sql +36 -0
synapse/storage/schema/main/delta/58/24drop_event_json_index.sql +38 -0
synapse/storage/schema/main/delta/58/25user_external_ids_user_id_idx.sql +36 -0
synapse/storage/schema/main/delta/58/26access_token_last_validated.sql +37 -0
synapse/storage/schema/main/delta/58/27local_invites.sql +37 -0
synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.postgres +16 -0
synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.sqlite +62 -0
synapse/storage/schema/main/delta/59/01ignored_user.py +85 -0
synapse/storage/schema/main/delta/59/02shard_send_to_device.sql +37 -0
synapse/storage/schema/main/delta/59/03shard_send_to_device_sequence.sql.postgres +25 -0
synapse/storage/schema/main/delta/59/04_event_auth_chains.sql +71 -0
synapse/storage/schema/main/delta/59/04_event_auth_chains.sql.postgres +16 -0
synapse/storage/schema/main/delta/59/04drop_account_data.sql +36 -0
synapse/storage/schema/main/delta/59/05cache_invalidation.sql +36 -0
synapse/storage/schema/main/delta/59/06chain_cover_index.sql +36 -0
synapse/storage/schema/main/delta/59/06shard_account_data.sql +39 -0
synapse/storage/schema/main/delta/59/06shard_account_data.sql.postgres +32 -0
synapse/storage/schema/main/delta/59/07shard_account_data_fix.sql +37 -0
synapse/storage/schema/main/delta/59/08delete_pushers_for_deactivated_accounts.sql +39 -0
synapse/storage/schema/main/delta/59/08delete_stale_pushers.sql +39 -0
synapse/storage/schema/main/delta/59/09rejected_events_metadata.sql +45 -0
synapse/storage/schema/main/delta/59/10delete_purged_chain_cover.sql +36 -0
synapse/storage/schema/main/delta/59/11add_knock_members_to_stats.sql +39 -0
synapse/storage/schema/main/delta/59/11drop_thumbnail_constraint.sql.postgres +22 -0
synapse/storage/schema/main/delta/59/12account_validity_token_used_ts_ms.sql +37 -0
synapse/storage/schema/main/delta/59/12presence_stream_instance.sql +37 -0
synapse/storage/schema/main/delta/59/12presence_stream_instance_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/59/13users_to_send_full_presence_to.sql +53 -0
synapse/storage/schema/main/delta/59/14refresh_tokens.sql +53 -0
synapse/storage/schema/main/delta/59/15locks.sql +56 -0
synapse/storage/schema/main/delta/59/16federation_inbound_staging.sql +51 -0
synapse/storage/schema/main/delta/60/01recreate_stream_ordering.sql.postgres +45 -0
synapse/storage/schema/main/delta/60/02change_stream_ordering_columns.sql.postgres +30 -0
synapse/storage/schema/main/delta/61/01change_appservices_txns.sql.postgres +23 -0
synapse/storage/schema/main/delta/61/01insertion_event_lookups.sql +68 -0
synapse/storage/schema/main/delta/61/02drop_redundant_room_depth_index.sql +37 -0
synapse/storage/schema/main/delta/61/03recreate_min_depth.py +74 -0
synapse/storage/schema/main/delta/62/01insertion_event_extremities.sql +43 -0
synapse/storage/schema/main/delta/63/01create_registration_tokens.sql +42 -0
synapse/storage/schema/main/delta/63/02delete_unlinked_email_pushers.sql +39 -0
synapse/storage/schema/main/delta/63/02populate-rooms-creator.sql +36 -0
synapse/storage/schema/main/delta/63/03session_store.sql +42 -0
synapse/storage/schema/main/delta/63/04add_presence_stream_not_offline_index.sql +37 -0
synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.postgres +23 -0
synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.sqlite +37 -0
synapse/storage/schema/main/delta/65/01msc2716_insertion_event_edges.sql +38 -0
synapse/storage/schema/main/delta/65/03remove_hidden_devices_from_device_inbox.sql +41 -0
synapse/storage/schema/main/delta/65/04_local_group_updates.sql +37 -0
synapse/storage/schema/main/delta/65/05_remove_room_stats_historical_and_user_stats_historical.sql +38 -0
synapse/storage/schema/main/delta/65/06remove_deleted_devices_from_device_inbox.sql +53 -0
synapse/storage/schema/main/delta/65/07_arbitrary_relations.sql +37 -0
synapse/storage/schema/main/delta/65/08_device_inbox_background_updates.sql +37 -0
synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql +47 -0
synapse/storage/schema/main/delta/65/11_devices_auth_provider_session.sql +46 -0
synapse/storage/schema/main/delta/67/01drop_public_room_list_stream.sql +37 -0
synapse/storage/schema/main/delta/68/01event_columns.sql +45 -0
synapse/storage/schema/main/delta/68/02_msc2409_add_device_id_appservice_stream_type.sql +40 -0
synapse/storage/schema/main/delta/68/03_delete_account_data_for_deactivated_accounts.sql +39 -0
synapse/storage/schema/main/delta/68/04_refresh_tokens_index_next_token_id.sql +47 -0
synapse/storage/schema/main/delta/68/04partial_state_rooms.sql +60 -0
synapse/storage/schema/main/delta/68/05_delete_non_strings_from_event_search.sql.sqlite +22 -0
synapse/storage/schema/main/delta/68/05partial_state_rooms_triggers.py +80 -0
synapse/storage/schema/main/delta/68/06_msc3202_add_device_list_appservice_stream_type.sql +42 -0
synapse/storage/schema/main/delta/69/01as_txn_seq.py +54 -0
synapse/storage/schema/main/delta/69/01device_list_oubound_by_room.sql +57 -0
synapse/storage/schema/main/delta/69/02cache_invalidation_index.sql +37 -0
synapse/storage/schema/main/delta/70/01clean_table_purged_rooms.sql +39 -0
synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.postgres +43 -0
synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.sqlite +47 -0
synapse/storage/schema/main/delta/71/01remove_noop_background_updates.sql +80 -0
synapse/storage/schema/main/delta/71/02event_push_summary_unique.sql +37 -0
synapse/storage/schema/main/delta/72/01add_room_type_to_state_stats.sql +38 -0
synapse/storage/schema/main/delta/72/01event_push_summary_receipt.sql +54 -0
synapse/storage/schema/main/delta/72/02event_push_actions_index.sql +38 -0
synapse/storage/schema/main/delta/72/03bg_populate_events_columns.py +57 -0
synapse/storage/schema/main/delta/72/03drop_event_reference_hashes.sql +36 -0
synapse/storage/schema/main/delta/72/03remove_groups.sql +50 -0
synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.postgres +17 -0
synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.sqlite +40 -0
synapse/storage/schema/main/delta/72/05receipts_event_stream_ordering.sql +38 -0
synapse/storage/schema/main/delta/72/05remove_unstable_private_read_receipts.sql +38 -0
synapse/storage/schema/main/delta/72/06add_consent_ts_to_users.sql +35 -0
synapse/storage/schema/main/delta/72/06thread_notifications.sql +49 -0
synapse/storage/schema/main/delta/72/07force_update_current_state_events_membership.py +67 -0
synapse/storage/schema/main/delta/72/07thread_receipts.sql.postgres +30 -0
synapse/storage/schema/main/delta/72/07thread_receipts.sql.sqlite +70 -0
synapse/storage/schema/main/delta/72/08begin_cache_invalidation_seq_at_2.sql.postgres +23 -0
synapse/storage/schema/main/delta/72/08thread_receipts.sql +39 -0
synapse/storage/schema/main/delta/72/09partial_indices.sql.sqlite +56 -0
synapse/storage/schema/main/delta/73/01event_failed_pull_attempts.sql +48 -0
synapse/storage/schema/main/delta/73/02add_pusher_enabled.sql +35 -0
synapse/storage/schema/main/delta/73/02room_id_indexes_for_purging.sql +41 -0
synapse/storage/schema/main/delta/73/03pusher_device_id.sql +39 -0
synapse/storage/schema/main/delta/73/03users_approved_column.sql +39 -0
synapse/storage/schema/main/delta/73/04partial_join_details.sql +42 -0
synapse/storage/schema/main/delta/73/04pending_device_list_updates.sql +47 -0
synapse/storage/schema/main/delta/73/05old_push_actions.sql.postgres +22 -0
synapse/storage/schema/main/delta/73/05old_push_actions.sql.sqlite +24 -0
synapse/storage/schema/main/delta/73/06thread_notifications_thread_id_idx.sql +42 -0
synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.postgres +23 -0
synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.sqlite +76 -0
synapse/storage/schema/main/delta/73/09partial_joined_via_destination.sql +37 -0
synapse/storage/schema/main/delta/73/09threads_table.sql +49 -0
synapse/storage/schema/main/delta/73/10_update_sqlite_fts4_tokenizer.py +71 -0
synapse/storage/schema/main/delta/73/10login_tokens.sql +54 -0
synapse/storage/schema/main/delta/73/11event_search_room_id_n_distinct.sql.postgres +33 -0
synapse/storage/schema/main/delta/73/12refactor_device_list_outbound_pokes.sql +72 -0
synapse/storage/schema/main/delta/73/13add_device_lists_index.sql +39 -0
synapse/storage/schema/main/delta/73/20_un_partial_stated_room_stream.sql +51 -0
synapse/storage/schema/main/delta/73/21_un_partial_stated_room_stream_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/73/22_rebuild_user_dir_stats.sql +48 -0
synapse/storage/schema/main/delta/73/22_un_partial_stated_event_stream.sql +53 -0
synapse/storage/schema/main/delta/73/23_fix_thread_index.sql +52 -0
synapse/storage/schema/main/delta/73/23_un_partial_stated_room_stream_seq.sql.postgres +20 -0
synapse/storage/schema/main/delta/73/24_events_jump_to_date_index.sql +36 -0
synapse/storage/schema/main/delta/73/25drop_presence.sql +36 -0
synapse/storage/schema/main/delta/74/01_user_directory_stale_remote_users.sql +58 -0
synapse/storage/schema/main/delta/74/02_set_device_id_for_pushers_bg_update.sql +38 -0
synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.postgres +29 -0
synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.sqlite +23 -0
synapse/storage/schema/main/delta/74/03_room_membership_index.sql +38 -0
synapse/storage/schema/main/delta/74/04_delete_e2e_backup_keys_for_deactivated_users.sql +36 -0
synapse/storage/schema/main/delta/74/04_membership_tables_event_stream_ordering_triggers.py +87 -0
synapse/storage/schema/main/delta/74/05_events_txn_id_device_id.sql +72 -0
synapse/storage/schema/main/delta/74/90COMMENTS_destinations.sql.postgres +52 -0
synapse/storage/schema/main/delta/76/01_add_profiles_full_user_id_column.sql +39 -0
synapse/storage/schema/main/delta/76/02_add_user_filters_full_user_id_column.sql +39 -0
synapse/storage/schema/main/delta/76/03_per_user_experimental_features.sql +46 -0
synapse/storage/schema/main/delta/76/04_add_room_forgetter.sql +43 -0
synapse/storage/schema/main/delta/77/01_add_profiles_not_valid_check.sql.postgres +16 -0
synapse/storage/schema/main/delta/77/02_add_user_filters_not_valid_check.sql.postgres +16 -0
synapse/storage/schema/main/delta/77/03bg_populate_full_user_id_profiles.sql +35 -0
synapse/storage/schema/main/delta/77/04bg_populate_full_user_id_user_filters.sql +35 -0
synapse/storage/schema/main/delta/77/05thread_notifications_backfill.sql +67 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null.sql.sqlite +102 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions.sql.postgres +27 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions_staging.sql.postgres +27 -0
synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_summary.sql.postgres +29 -0
synapse/storage/schema/main/delta/77/14bg_indices_event_stream_ordering.sql +39 -0
synapse/storage/schema/main/delta/78/01_validate_and_update_profiles.py +99 -0
synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py +100 -0
synapse/storage/schema/main/delta/78/03_remove_unused_indexes_user_filters.py +72 -0
synapse/storage/schema/main/delta/78/03event_extremities_constraints.py +65 -0
synapse/storage/schema/main/delta/78/04_add_full_user_id_index_user_filters.py +32 -0
synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.postgres +102 -0
synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.sqlite +72 -0
synapse/storage/schema/main/delta/79/04_mitigate_stream_ordering_update_race.py +70 -0
synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.postgres +69 -0
synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.sqlite +65 -0
synapse/storage/schema/main/delta/80/01_users_alter_locked.sql +35 -0
synapse/storage/schema/main/delta/80/02_read_write_locks_unlogged.sql.postgres +30 -0
synapse/storage/schema/main/delta/80/02_scheduled_tasks.sql +47 -0
synapse/storage/schema/main/delta/80/03_read_write_locks_triggers.sql.postgres +37 -0
synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres +71 -0
synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql +35 -0
synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql +39 -0
synapse/storage/schema/main/delta/82/05gaps.sql +44 -0
synapse/storage/schema/main/delta/83/01_drop_old_tables.sql +43 -0
synapse/storage/schema/main/delta/83/03_instance_name_receipts.sql.sqlite +17 -0
synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql +34 -0
synapse/storage/schema/main/delta/83/06_event_push_summary_room.sql +36 -0
synapse/storage/schema/main/delta/84/01_auth_links_stats.sql.postgres +20 -0
synapse/storage/schema/main/delta/84/02_auth_links_index.sql +16 -0
synapse/storage/schema/main/delta/84/03_auth_links_analyze.sql.postgres +16 -0
synapse/storage/schema/main/delta/84/04_access_token_index.sql +15 -0
synapse/storage/schema/main/delta/85/01_add_suspended.sql +14 -0
synapse/storage/schema/main/delta/85/02_add_instance_names.sql +27 -0
synapse/storage/schema/main/delta/85/03_new_sequences.sql.postgres +54 -0
synapse/storage/schema/main/delta/85/04_cleanup_device_federation_outbox.sql +15 -0
synapse/storage/schema/main/delta/85/05_add_instance_names_converted_pos.sql +16 -0
synapse/storage/schema/main/delta/85/06_add_room_reports.sql +20 -0
synapse/storage/schema/main/delta/86/01_authenticate_media.sql +15 -0
synapse/storage/schema/main/delta/86/02_receipts_event_id_index.sql +15 -0
synapse/storage/schema/main/delta/87/01_sliding_sync_memberships.sql +169 -0
synapse/storage/schema/main/delta/87/02_per_connection_state.sql +81 -0
synapse/storage/schema/main/delta/87/03_current_state_index.sql +19 -0
synapse/storage/schema/main/delta/88/01_add_delayed_events.sql +43 -0
synapse/storage/schema/main/delta/88/01_custom_profile_fields.sql +15 -0
synapse/storage/schema/main/delta/88/02_fix_sliding_sync_membership_snapshots_forgotten_column.sql +21 -0
synapse/storage/schema/main/delta/88/03_add_otk_ts_added_index.sql +18 -0
synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql +18 -0
synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.postgres +19 -0
synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.sqlite +19 -0
synapse/storage/schema/main/delta/88/05_sliding_sync_room_config_index.sql +20 -0
synapse/storage/schema/main/delta/88/06_events_received_ts_index.sql +17 -0
synapse/storage/schema/main/delta/89/01_sliding_sync_membership_snapshot_index.sql +15 -0
synapse/storage/schema/main/delta/90/01_add_column_participant_room_memberships_table.sql +16 -0
synapse/storage/schema/main/delta/91/01_media_hash.sql +28 -0
synapse/storage/schema/main/delta/92/01_remove_trigger.sql.postgres +16 -0
synapse/storage/schema/main/delta/92/01_remove_trigger.sql.sqlite +16 -0
synapse/storage/schema/main/delta/92/02_remove_populate_participant_bg_update.sql +17 -0
synapse/storage/schema/main/delta/92/04_ss_membership_snapshot_idx.sql +16 -0
synapse/storage/schema/main/delta/92/04_thread_subscriptions.sql +59 -0
synapse/storage/schema/main/delta/92/04_thread_subscriptions_seq.sql.postgres +19 -0
synapse/storage/schema/main/delta/92/05_fixup_max_depth_cap.sql +17 -0
synapse/storage/schema/main/delta/92/05_thread_subscriptions_comments.sql.postgres +18 -0
synapse/storage/schema/main/delta/92/06_device_federation_inbox_index.sql +16 -0
synapse/storage/schema/main/delta/92/06_threads_last_sent_stream_ordering_comments.sql.postgres +24 -0
synapse/storage/schema/main/delta/92/07_add_user_reports.sql +22 -0
synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql +15 -0
synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql +21 -0
synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres +19 -0
synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql +20 -0
synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres +18 -0
synapse/storage/schema/main/delta/93/01_add_delayed_events.sql +15 -0
synapse/storage/schema/main/delta/93/02_sliding_sync_members.sql +60 -0
synapse/storage/schema/main/delta/93/03_sss_pos_last_used.sql +27 -0
synapse/storage/schema/main/full_schemas/72/full.sql.postgres +1344 -0
synapse/storage/schema/main/full_schemas/72/full.sql.sqlite +646 -0
synapse/storage/schema/state/delta/23/drop_state_index.sql +35 -0
synapse/storage/schema/state/delta/32/remove_state_indices.sql +38 -0
synapse/storage/schema/state/delta/35/add_state_index.sql +36 -0
synapse/storage/schema/state/delta/35/state.sql +41 -0
synapse/storage/schema/state/delta/35/state_dedupe.sql +36 -0
synapse/storage/schema/state/delta/47/state_group_seq.py +38 -0
synapse/storage/schema/state/delta/56/state_group_room_idx.sql +36 -0
synapse/storage/schema/state/delta/61/02state_groups_state_n_distinct.sql.postgres +34 -0
synapse/storage/schema/state/delta/70/08_state_group_edges_unique.sql +36 -0
synapse/storage/schema/state/delta/89/01_state_groups_deletion.sql +39 -0
synapse/storage/schema/state/delta/90/02_delete_unreferenced_state_groups.sql +16 -0
synapse/storage/schema/state/delta/90/03_remove_old_deletion_bg_update.sql +15 -0
synapse/storage/schema/state/full_schemas/72/full.sql.postgres +30 -0
synapse/storage/schema/state/full_schemas/72/full.sql.sqlite +20 -0
synapse/storage/types.py +183 -0
synapse/storage/util/__init__.py +20 -0
synapse/storage/util/id_generators.py +928 -0
synapse/storage/util/partial_state_events_tracker.py +194 -0
synapse/storage/util/sequence.py +315 -0
synapse/streams/__init__.py +43 -0
synapse/streams/config.py +91 -0
synapse/streams/events.py +203 -0
synapse/synapse_rust/__init__.pyi +3 -0
synapse/synapse_rust/acl.pyi +20 -0
synapse/synapse_rust/events.pyi +136 -0
synapse/synapse_rust/http_client.pyi +32 -0
synapse/synapse_rust/push.pyi +86 -0
synapse/synapse_rust/rendezvous.pyi +30 -0
synapse/synapse_rust/segmenter.pyi +1 -0
synapse/synapse_rust.abi3.so +0 -0
synapse/types/__init__.py +1600 -0
synapse/types/handlers/__init__.py +93 -0
synapse/types/handlers/policy_server.py +16 -0
synapse/types/handlers/sliding_sync.py +1004 -0
synapse/types/rest/__init__.py +25 -0
synapse/types/rest/client/__init__.py +413 -0
synapse/types/state.py +634 -0
synapse/types/storage/__init__.py +66 -0
synapse/util/__init__.py +160 -0
synapse/util/async_helpers.py +1048 -0
synapse/util/background_queue.py +142 -0
synapse/util/batching_queue.py +203 -0
synapse/util/caches/__init__.py +300 -0
synapse/util/caches/cached_call.py +143 -0
synapse/util/caches/deferred_cache.py +530 -0
synapse/util/caches/descriptors.py +692 -0
synapse/util/caches/dictionary_cache.py +346 -0
synapse/util/caches/expiringcache.py +250 -0
synapse/util/caches/lrucache.py +976 -0
synapse/util/caches/response_cache.py +323 -0
synapse/util/caches/stream_change_cache.py +370 -0
synapse/util/caches/treecache.py +189 -0
synapse/util/caches/ttlcache.py +197 -0
synapse/util/cancellation.py +63 -0
synapse/util/check_dependencies.py +335 -0
synapse/util/clock.py +592 -0
synapse/util/daemonize.py +165 -0
synapse/util/distributor.py +157 -0
synapse/util/duration.py +117 -0
synapse/util/events.py +134 -0
synapse/util/file_consumer.py +164 -0
synapse/util/frozenutils.py +57 -0
synapse/util/gai_resolver.py +178 -0
synapse/util/hash.py +38 -0
synapse/util/httpresourcetree.py +108 -0
synapse/util/iterutils.py +190 -0
synapse/util/json.py +56 -0
synapse/util/linked_list.py +156 -0
synapse/util/logcontext.py +46 -0
synapse/util/logformatter.py +28 -0
synapse/util/macaroons.py +325 -0
synapse/util/manhole.py +191 -0
synapse/util/metrics.py +339 -0
synapse/util/module_loader.py +116 -0
synapse/util/msisdn.py +51 -0
synapse/util/patch_inline_callbacks.py +250 -0
synapse/util/pydantic_models.py +63 -0
synapse/util/ratelimitutils.py +422 -0
synapse/util/retryutils.py +339 -0
synapse/util/rlimit.py +42 -0
synapse/util/rust.py +164 -0
synapse/util/sentinel.py +21 -0
synapse/util/stringutils.py +293 -0
synapse/util/task_scheduler.py +494 -0
synapse/util/templates.py +126 -0
synapse/util/threepids.py +123 -0
synapse/util/wheel_timer.py +112 -0
synapse/visibility.py +869 -0
synmark/__init__.py +47 -0
synmark/__main__.py +128 -0
synmark/suites/__init__.py +9 -0
synmark/suites/logging.py +154 -0
synmark/suites/lrucache.py +48 -0
synmark/suites/lrucache_evict.py +49 -0
sytest-blacklist +33 -0
tests/__init__.py +29 -0
tests/api/__init__.py +0 -0
tests/api/test_auth.py +548 -0
tests/api/test_errors.py +46 -0
tests/api/test_filtering.py +622 -0
tests/api/test_ratelimiting.py +505 -0
tests/api/test_urls.py +81 -0
tests/app/__init__.py +0 -0
tests/app/test_homeserver_shutdown.py +271 -0
tests/app/test_homeserver_start.py +49 -0
tests/app/test_openid_listener.py +139 -0
tests/app/test_phone_stats_home.py +248 -0
tests/appservice/__init__.py +20 -0
tests/appservice/test_api.py +253 -0
tests/appservice/test_appservice.py +259 -0
tests/appservice/test_scheduler.py +477 -0
tests/config/__init__.py +20 -0
tests/config/test___main__.py +38 -0
tests/config/test_api.py +146 -0
tests/config/test_appservice.py +48 -0
tests/config/test_background_update.py +65 -0
tests/config/test_base.py +151 -0
tests/config/test_cache.py +193 -0
tests/config/test_database.py +42 -0
tests/config/test_generate.py +72 -0
tests/config/test_load.py +322 -0
tests/config/test_oauth_delegation.py +454 -0
tests/config/test_ratelimiting.py +77 -0
tests/config/test_registration_config.py +203 -0
tests/config/test_room_directory.py +203 -0
tests/config/test_server.py +248 -0
tests/config/test_tls.py +209 -0
tests/config/test_util.py +59 -0
tests/config/test_workers.py +332 -0
tests/config/utils.py +66 -0
tests/crypto/__init__.py +20 -0
tests/crypto/test_event_signing.py +109 -0
tests/crypto/test_keyring.py +737 -0
tests/events/__init__.py +0 -0
tests/events/test_auto_accept_invites.py +827 -0
tests/events/test_presence_router.py +540 -0
tests/events/test_snapshot.py +121 -0
tests/events/test_utils.py +986 -0
tests/federation/__init__.py +0 -0
tests/federation/test_complexity.py +257 -0
tests/federation/test_federation_catch_up.py +585 -0
tests/federation/test_federation_client.py +316 -0
tests/federation/test_federation_devices.py +161 -0
tests/federation/test_federation_media.py +295 -0
tests/federation/test_federation_out_of_band_membership.py +671 -0
tests/federation/test_federation_sender.py +956 -0
tests/federation/test_federation_server.py +631 -0
tests/federation/transport/__init__.py +0 -0
tests/federation/transport/server/__init__.py +20 -0
tests/federation/transport/server/test__base.py +156 -0
tests/federation/transport/test_client.py +157 -0
tests/federation/transport/test_knocking.py +323 -0
tests/federation/transport/test_server.py +74 -0
tests/handlers/__init__.py +0 -0
tests/handlers/oidc_test_key.p8 +5 -0
tests/handlers/oidc_test_key.pub.pem +4 -0
tests/handlers/test_admin.py +361 -0
tests/handlers/test_appservice.py +1336 -0
tests/handlers/test_auth.py +248 -0
tests/handlers/test_cas.py +239 -0
tests/handlers/test_deactivate_account.py +485 -0
tests/handlers/test_device.py +665 -0
tests/handlers/test_directory.py +613 -0
tests/handlers/test_e2e_keys.py +2025 -0
tests/handlers/test_e2e_room_keys.py +569 -0
tests/handlers/test_federation.py +794 -0
tests/handlers/test_federation_event.py +1181 -0
tests/handlers/test_message.py +322 -0
tests/handlers/test_oauth_delegation.py +1314 -0
tests/handlers/test_oidc.py +1688 -0
tests/handlers/test_password_providers.py +987 -0
tests/handlers/test_presence.py +2144 -0
tests/handlers/test_profile.py +401 -0
tests/handlers/test_receipts.py +342 -0
tests/handlers/test_register.py +880 -0
tests/handlers/test_room.py +108 -0
tests/handlers/test_room_list.py +93 -0
tests/handlers/test_room_member.py +764 -0
tests/handlers/test_room_policy.py +468 -0
tests/handlers/test_room_summary.py +1248 -0
tests/handlers/test_saml.py +427 -0
tests/handlers/test_send_email.py +230 -0
tests/handlers/test_sliding_sync.py +5065 -0
tests/handlers/test_sso.py +152 -0
tests/handlers/test_stats.py +594 -0
tests/handlers/test_sync.py +1275 -0
tests/handlers/test_typing.py +557 -0
tests/handlers/test_user_directory.py +1435 -0
tests/handlers/test_worker_lock.py +126 -0
tests/http/__init__.py +196 -0
tests/http/ca.crt +19 -0
tests/http/ca.key +27 -0
tests/http/federation/__init__.py +19 -0
tests/http/federation/test_matrix_federation_agent.py +1855 -0
tests/http/federation/test_srv_resolver.py +220 -0
tests/http/server/__init__.py +20 -0
tests/http/server/_base.py +621 -0
tests/http/server.key +27 -0
tests/http/test_additional_resource.py +76 -0
tests/http/test_client.py +422 -0
tests/http/test_endpoint.py +62 -0
tests/http/test_matrixfederationclient.py +1092 -0
tests/http/test_proxy.py +75 -0
tests/http/test_proxyagent.py +1008 -0
tests/http/test_servlet.py +145 -0
tests/http/test_simple_client.py +188 -0
tests/http/test_site.py +247 -0
tests/logging/__init__.py +42 -0
tests/logging/test_loggers.py +127 -0
tests/logging/test_opentracing.py +524 -0
tests/logging/test_remote_handler.py +184 -0
tests/logging/test_terse_json.py +253 -0
tests/media/__init__.py +20 -0
tests/media/test_base.py +88 -0
tests/media/test_filepath.py +602 -0
tests/media/test_html_preview.py +565 -0
tests/media/test_media_retention.py +299 -0
tests/media/test_media_storage.py +1401 -0
tests/media/test_oembed.py +172 -0
tests/media/test_url_previewer.py +120 -0
tests/metrics/__init__.py +0 -0
tests/metrics/test_background_process_metrics.py +21 -0
tests/metrics/test_metrics.py +407 -0
tests/metrics/test_phone_home_stats.py +263 -0
tests/module_api/__init__.py +0 -0
tests/module_api/test_account_data_manager.py +171 -0
tests/module_api/test_api.py +1035 -0
tests/module_api/test_event_unsigned_addition.py +66 -0
tests/module_api/test_spamchecker.py +286 -0
tests/push/__init__.py +0 -0
tests/push/test_bulk_push_rule_evaluator.py +652 -0
tests/push/test_email.py +570 -0
tests/push/test_http.py +1247 -0
tests/push/test_presentable_names.py +238 -0
tests/push/test_push_rule_evaluator.py +1069 -0
tests/replication/__init__.py +20 -0
tests/replication/_base.py +619 -0
tests/replication/http/__init__.py +20 -0
tests/replication/http/test__base.py +113 -0
tests/replication/storage/__init__.py +20 -0
tests/replication/storage/_base.py +85 -0
tests/replication/storage/test_events.py +299 -0
tests/replication/tcp/__init__.py +19 -0
tests/replication/tcp/streams/__init__.py +19 -0
tests/replication/tcp/streams/test_account_data.py +133 -0
tests/replication/tcp/streams/test_events.py +565 -0
tests/replication/tcp/streams/test_federation.py +117 -0
tests/replication/tcp/streams/test_partial_state.py +72 -0
tests/replication/tcp/streams/test_receipts.py +110 -0
tests/replication/tcp/streams/test_thread_subscriptions.py +157 -0
tests/replication/tcp/streams/test_to_device.py +112 -0
tests/replication/tcp/streams/test_typing.py +223 -0
tests/replication/tcp/test_commands.py +50 -0
tests/replication/tcp/test_handler.py +211 -0
tests/replication/test_auth.py +120 -0
tests/replication/test_client_reader_shard.py +101 -0
tests/replication/test_federation_ack.py +88 -0
tests/replication/test_federation_sender_shard.py +352 -0
tests/replication/test_module_cache_invalidation.py +89 -0
tests/replication/test_multi_media_repo.py +496 -0
tests/replication/test_pusher_shard.py +192 -0
tests/replication/test_sharded_event_persister.py +332 -0
tests/replication/test_sharded_receipts.py +250 -0
tests/rest/__init__.py +20 -0
tests/rest/admin/__init__.py +19 -0
tests/rest/admin/test_admin.py +614 -0
tests/rest/admin/test_background_updates.py +375 -0
tests/rest/admin/test_device.py +600 -0
tests/rest/admin/test_event.py +74 -0
tests/rest/admin/test_event_reports.py +781 -0
tests/rest/admin/test_federation.py +863 -0
tests/rest/admin/test_jwks.py +106 -0
tests/rest/admin/test_media.py +1091 -0
tests/rest/admin/test_registration_tokens.py +729 -0
tests/rest/admin/test_room.py +3626 -0
tests/rest/admin/test_scheduled_tasks.py +192 -0
tests/rest/admin/test_server_notice.py +753 -0
tests/rest/admin/test_statistics.py +523 -0
tests/rest/admin/test_user.py +6061 -0
tests/rest/admin/test_username_available.py +82 -0
tests/rest/client/__init__.py +20 -0
tests/rest/client/sliding_sync/__init__.py +13 -0
tests/rest/client/sliding_sync/test_connection_tracking.py +505 -0
tests/rest/client/sliding_sync/test_extension_account_data.py +1056 -0
tests/rest/client/sliding_sync/test_extension_e2ee.py +459 -0
tests/rest/client/sliding_sync/test_extension_receipts.py +934 -0
tests/rest/client/sliding_sync/test_extension_thread_subscriptions.py +497 -0
tests/rest/client/sliding_sync/test_extension_to_device.py +294 -0
tests/rest/client/sliding_sync/test_extension_typing.py +500 -0
tests/rest/client/sliding_sync/test_extensions.py +306 -0
tests/rest/client/sliding_sync/test_lists_filters.py +1975 -0
tests/rest/client/sliding_sync/test_room_subscriptions.py +303 -0
tests/rest/client/sliding_sync/test_rooms_invites.py +528 -0
tests/rest/client/sliding_sync/test_rooms_meta.py +1338 -0
tests/rest/client/sliding_sync/test_rooms_required_state.py +2247 -0
tests/rest/client/sliding_sync/test_rooms_timeline.py +718 -0
tests/rest/client/sliding_sync/test_sliding_sync.py +1688 -0
tests/rest/client/test_account.py +1543 -0
tests/rest/client/test_account_data.py +81 -0
tests/rest/client/test_auth.py +1508 -0
tests/rest/client/test_auth_metadata.py +145 -0
tests/rest/client/test_capabilities.py +318 -0
tests/rest/client/test_consent.py +138 -0
tests/rest/client/test_delayed_events.py +553 -0
tests/rest/client/test_devices.py +634 -0
tests/rest/client/test_directory.py +249 -0
tests/rest/client/test_ephemeral_message.py +113 -0
tests/rest/client/test_events.py +165 -0
tests/rest/client/test_filter.py +124 -0
tests/rest/client/test_identity.py +67 -0
tests/rest/client/test_keys.py +516 -0
tests/rest/client/test_login.py +1881 -0
tests/rest/client/test_login_token_request.py +175 -0
tests/rest/client/test_matrixrtc.py +105 -0
tests/rest/client/test_media.py +3156 -0
tests/rest/client/test_models.py +83 -0
tests/rest/client/test_mutual_rooms.py +235 -0
tests/rest/client/test_notifications.py +231 -0
tests/rest/client/test_owned_state.py +308 -0
tests/rest/client/test_password_policy.py +186 -0
tests/rest/client/test_power_levels.py +295 -0
tests/rest/client/test_presence.py +149 -0
tests/rest/client/test_profile.py +925 -0
tests/rest/client/test_push_rule_attrs.py +510 -0
tests/rest/client/test_read_marker.py +151 -0
tests/rest/client/test_receipts.py +287 -0
tests/rest/client/test_redactions.py +657 -0
tests/rest/client/test_register.py +1314 -0
tests/rest/client/test_relations.py +1954 -0
tests/rest/client/test_rendezvous.py +468 -0
tests/rest/client/test_reporting.py +324 -0
tests/rest/client/test_retention.py +389 -0
tests/rest/client/test_rooms.py +5486 -0
tests/rest/client/test_sendtodevice.py +271 -0
tests/rest/client/test_shadow_banned.py +335 -0
tests/rest/client/test_sync.py +1147 -0
tests/rest/client/test_tags.py +161 -0
tests/rest/client/test_third_party_rules.py +1076 -0
tests/rest/client/test_thread_subscriptions.py +351 -0
tests/rest/client/test_transactions.py +204 -0
tests/rest/client/test_typing.py +114 -0
tests/rest/client/test_upgrade_room.py +433 -0
tests/rest/client/utils.py +985 -0
tests/rest/key/__init__.py +0 -0
tests/rest/key/v2/__init__.py +0 -0
tests/rest/key/v2/test_remote_key_resource.py +282 -0
tests/rest/media/__init__.py +19 -0
tests/rest/media/test_domain_blocking.py +148 -0
tests/rest/media/test_url_preview.py +1445 -0
tests/rest/synapse/__init__.py +12 -0
tests/rest/synapse/client/__init__.py +12 -0
tests/rest/synapse/client/test_federation_whitelist.py +118 -0
tests/rest/synapse/mas/__init__.py +12 -0
tests/rest/synapse/mas/_base.py +43 -0
tests/rest/synapse/mas/test_devices.py +693 -0
tests/rest/synapse/mas/test_users.py +1399 -0
tests/rest/test_health.py +35 -0
tests/rest/test_well_known.py +155 -0
tests/scripts/__init__.py +0 -0
tests/scripts/test_new_matrix_user.py +172 -0
tests/server.py +1374 -0
tests/server_notices/__init__.py +241 -0
tests/server_notices/test_consent.py +111 -0
tests/server_notices/test_resource_limits_server_notices.py +409 -0
tests/state/__init__.py +0 -0
tests/state/test_v2.py +1096 -0
tests/state/test_v21.py +506 -0
tests/storage/__init__.py +0 -0
tests/storage/databases/__init__.py +20 -0
tests/storage/databases/main/__init__.py +20 -0
tests/storage/databases/main/test_cache.py +124 -0
tests/storage/databases/main/test_deviceinbox.py +323 -0
tests/storage/databases/main/test_end_to_end_keys.py +127 -0
tests/storage/databases/main/test_events_worker.py +594 -0
tests/storage/databases/main/test_lock.py +499 -0
tests/storage/databases/main/test_metrics.py +88 -0
tests/storage/databases/main/test_receipts.py +218 -0
tests/storage/databases/main/test_room.py +192 -0
tests/storage/test__base.py +178 -0
tests/storage/test_account_data.py +186 -0
tests/storage/test_appservice.py +568 -0
tests/storage/test_background_update.py +671 -0
tests/storage/test_base.py +813 -0
tests/storage/test_cleanup_extrems.py +396 -0
tests/storage/test_client_ips.py +788 -0
tests/storage/test_database.py +288 -0
tests/storage/test_devices.py +353 -0
tests/storage/test_directory.py +74 -0
tests/storage/test_e2e_room_keys.py +87 -0
tests/storage/test_end_to_end_keys.py +120 -0
tests/storage/test_event_chain.py +826 -0
tests/storage/test_event_federation.py +1433 -0
tests/storage/test_event_push_actions.py +809 -0
tests/storage/test_events.py +591 -0
tests/storage/test_events_bg_updates.py +156 -0
tests/storage/test_id_generators.py +791 -0
tests/storage/test_invite_rule.py +171 -0
tests/storage/test_main.py +56 -0
tests/storage/test_monthly_active_users.py +500 -0
tests/storage/test_profile.py +134 -0
tests/storage/test_purge.py +459 -0
tests/storage/test_receipts.py +309 -0
tests/storage/test_redaction.py +462 -0
tests/storage/test_registration.py +277 -0
tests/storage/test_relations.py +118 -0
tests/storage/test_rollback_worker.py +132 -0
tests/storage/test_room.py +69 -0
tests/storage/test_room_search.py +383 -0
tests/storage/test_roommember.py +812 -0
tests/storage/test_sliding_sync_tables.py +5187 -0
tests/storage/test_state.py +959 -0
tests/storage/test_state_deletion.py +475 -0
tests/storage/test_stream.py +1533 -0
tests/storage/test_thread_subscriptions.py +369 -0
tests/storage/test_transactions.py +77 -0
tests/storage/test_txn_limit.py +49 -0
tests/storage/test_unsafe_locale.py +67 -0
tests/storage/test_user_directory.py +691 -0
tests/storage/test_user_filters.py +101 -0
tests/storage/util/__init__.py +20 -0
tests/storage/util/test_partial_state_events_tracker.py +181 -0
tests/synapse_rust/__init__.py +11 -0
tests/synapse_rust/test_http_client.py +225 -0
tests/test_distributor.py +74 -0
tests/test_event_auth.py +921 -0
tests/test_mau.py +347 -0
tests/test_phone_home.py +102 -0
tests/test_rust.py +11 -0
tests/test_server.py +557 -0
tests/test_state.py +902 -0
tests/test_terms_auth.py +128 -0
tests/test_types.py +201 -0
tests/test_utils/__init__.py +161 -0
tests/test_utils/event_injection.py +150 -0
tests/test_utils/html_parsers.py +59 -0
tests/test_utils/logging_setup.py +74 -0
tests/test_utils/oidc.py +370 -0
tests/test_visibility.py +712 -0
tests/types/__init__.py +0 -0
tests/types/test_init.py +51 -0
tests/types/test_state.py +627 -0
tests/unittest.py +1108 -0
tests/util/__init__.py +20 -0
tests/util/caches/__init__.py +20 -0
tests/util/caches/test_cached_call.py +168 -0
tests/util/caches/test_deferred_cache.py +317 -0
tests/util/caches/test_descriptors.py +1110 -0
tests/util/caches/test_response_cache.py +225 -0
tests/util/caches/test_ttlcache.py +90 -0
tests/util/test_async_helpers.py +808 -0
tests/util/test_background_queue.py +117 -0
tests/util/test_batching_queue.py +252 -0
tests/util/test_check_dependencies.py +243 -0
tests/util/test_dict_cache.py +130 -0
tests/util/test_events.py +118 -0
tests/util/test_expiring_cache.py +113 -0
tests/util/test_file_consumer.py +199 -0
tests/util/test_itertools.py +190 -0
tests/util/test_linearizer.py +264 -0
tests/util/test_logcontext.py +715 -0
tests/util/test_logformatter.py +44 -0
tests/util/test_lrucache.py +479 -0
tests/util/test_macaroons.py +126 -0
tests/util/test_mutable_overlay_mapping.py +189 -0
tests/util/test_ratelimitutils.py +146 -0
tests/util/test_retryutils.py +314 -0
tests/util/test_rwlock.py +401 -0
tests/util/test_stream_change_cache.py +304 -0
tests/util/test_stringutils.py +86 -0
tests/util/test_task_scheduler.py +227 -0
tests/util/test_threepids.py +55 -0
tests/util/test_treecache.py +93 -0
tests/util/test_wheel_timer.py +82 -0
tests/utils.py +342 -0

tests/rest/client/test_auth.py ADDED Viewed

@@ -0,0 +1,1508 @@
+#
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright 2020-2021 The Matrix.org Foundation C.I.C
+# Copyright (C) 2023 New Vector, Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl-3.0.html>.
+#
+# Originally licensed under the Apache License, Version 2.0:
+# <http://www.apache.org/licenses/LICENSE-2.0>.
+#
+# [This file includes modifications made by New Vector Limited]
+#
+#
+import re
+from http import HTTPStatus
+from typing import Any
+from twisted.internet.defer import succeed
+from twisted.internet.testing import MemoryReactor
+from twisted.web.resource import Resource
+import synapse.rest.admin
+from synapse.api.constants import ApprovalNoticeMedium, LoginType
+from synapse.api.errors import Codes, SynapseError
+from synapse.handlers.ui_auth.checkers import UserInteractiveAuthChecker
+from synapse.rest.client import account, auth, devices, login, logout, register
+from synapse.rest.synapse.client import build_synapse_client_resource_tree
+from synapse.server import HomeServer
+from synapse.storage.database import LoggingTransaction
+from synapse.types import JsonDict, UserID
+from synapse.util.clock import Clock
+from tests import unittest
+from tests.handlers.test_oidc import HAS_OIDC
+from tests.rest.client.utils import TEST_OIDC_CONFIG, TEST_OIDC_ISSUER
+from tests.server import FakeChannel
+from tests.unittest import override_config, skip_unless
+class DummyRecaptchaChecker(UserInteractiveAuthChecker):
+    def __init__(self, hs: HomeServer) -> None:
+        super().__init__(hs)
+        self.recaptcha_attempts: list[tuple[dict, str]] = []
+    def is_enabled(self) -> bool:
+        return True
+    def check_auth(self, authdict: dict, clientip: str) -> Any:
+        self.recaptcha_attempts.append((authdict, clientip))
+        return succeed(True)
+class FallbackAuthTests(unittest.HomeserverTestCase):
+    servlets = [
+        auth.register_servlets,
+        register.register_servlets,
+    ]
+    hijack_auth = False
+    def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
+        config = self.default_config()
+        config["enable_registration_captcha"] = True
+        config["recaptcha_public_key"] = "brokencake"
+        config["registrations_require_3pid"] = []
+        hs = self.setup_test_homeserver(config=config)
+        return hs
+    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
+        self.recaptcha_checker = DummyRecaptchaChecker(hs)
+        auth_handler = hs.get_auth_handler()
+        auth_handler.checkers[LoginType.RECAPTCHA] = self.recaptcha_checker
+    def register(self, expected_response: int, body: JsonDict) -> FakeChannel:
+        """Make a register request."""
+        channel = self.make_request("POST", "register", body)
+        self.assertEqual(channel.code, expected_response)
+        return channel
+    def recaptcha(
+        self,
+        session: str,
+        expected_post_response: int,
+        post_session: str | None = None,
+    ) -> None:
+        """Get and respond to a fallback recaptcha. Returns the second request."""
+        if post_session is None:
+            post_session = session
+        channel = self.make_request(
+            "GET", "auth/m.login.recaptcha/fallback/web?session=" + session
+        )
+        self.assertEqual(channel.code, HTTPStatus.OK)
+        channel = self.make_request(
+            "POST",
+            "auth/m.login.recaptcha/fallback/web?session="
+            + post_session
+            + "&g-recaptcha-response=a",
+        )
+        self.assertEqual(channel.code, expected_post_response)
+        # The recaptcha handler is called with the response given
+        attempts = self.recaptcha_checker.recaptcha_attempts
+        self.assertEqual(len(attempts), 1)
+        self.assertEqual(attempts[0][0]["response"], "a")
+    def test_fallback_captcha(self) -> None:
+        """Ensure that fallback auth via a captcha works."""
+        # Returns a 401 as per the spec
+        channel = self.register(
+            HTTPStatus.UNAUTHORIZED,
+            {"username": "user", "type": "m.login.password", "password": "bar"},
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Assert our configured public key is being given
+        self.assertEqual(
+            channel.json_body["params"]["m.login.recaptcha"]["public_key"], "brokencake"
+        )
+        # Complete the recaptcha step.
+        self.recaptcha(session, HTTPStatus.OK)
+        # also complete the dummy auth
+        self.register(
+            HTTPStatus.OK, {"auth": {"session": session, "type": "m.login.dummy"}}
+        )
+        # Now we should have fulfilled a complete auth flow, including
+        # the recaptcha fallback step, we can then send a
+        # request to the register API with the session in the authdict.
+        channel = self.register(HTTPStatus.OK, {"auth": {"session": session}})
+        # We're given a registered user.
+        self.assertEqual(channel.json_body["user_id"], "@user:test")
+    def test_complete_operation_unknown_session(self) -> None:
+        """
+        Attempting to mark an invalid session as complete should error.
+        """
+        # Make the initial request to register. (Later on a different password
+        # will be used.)
+        # Returns a 401 as per the spec
+        channel = self.register(
+            HTTPStatus.UNAUTHORIZED,
+            {"username": "user", "type": "m.login.password", "password": "bar"},
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Assert our configured public key is being given
+        self.assertEqual(
+            channel.json_body["params"]["m.login.recaptcha"]["public_key"], "brokencake"
+        )
+        # Attempt to complete the recaptcha step with an unknown session.
+        # This results in an error.
+        self.recaptcha(session, 400, session + "unknown")
+class UIAuthTests(unittest.HomeserverTestCase):
+    servlets = [
+        auth.register_servlets,
+        devices.register_servlets,
+        login.register_servlets,
+        synapse.rest.admin.register_servlets_for_client_rest_resource,
+        register.register_servlets,
+    ]
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        # public_baseurl uses an http:// scheme because FakeChannel.isSecure() returns
+        # False, so synapse will see the requested uri as http://..., so using http in
+        # the public_baseurl stops Synapse trying to redirect to https.
+        config["public_baseurl"] = "http://synapse.test"
+        if HAS_OIDC:
+            # we enable OIDC as a way of testing SSO flows
+            oidc_config = {}
+            oidc_config.update(TEST_OIDC_CONFIG)
+            oidc_config["allow_existing_users"] = True
+            config["oidc_config"] = oidc_config
+        return config
+    def create_resource_dict(self) -> dict[str, Resource]:
+        resource_dict = super().create_resource_dict()
+        resource_dict.update(build_synapse_client_resource_tree(self.hs))
+        return resource_dict
+    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
+        self.user_pass = "pass"
+        self.user = self.register_user("test", self.user_pass)
+        self.device_id = "dev1"
+        # Force-enable password login for just long enough to log in.
+        auth_handler = self.hs.get_auth_handler()
+        allow_auth_for_login = auth_handler._password_enabled_for_login
+        auth_handler._password_enabled_for_login = True
+        self.user_tok = self.login("test", self.user_pass, self.device_id)
+        # Restore password login to however it was.
+        auth_handler._password_enabled_for_login = allow_auth_for_login
+    def delete_device(
+        self,
+        access_token: str,
+        device: str,
+        expected_response: int,
+        body: bytes | JsonDict = b"",
+    ) -> FakeChannel:
+        """Delete an individual device."""
+        channel = self.make_request(
+            "DELETE",
+            "devices/" + device,
+            body,
+            access_token=access_token,
+        )
+        # Ensure the response is sane.
+        self.assertEqual(channel.code, expected_response)
+        return channel
+    def delete_devices(self, expected_response: int, body: JsonDict) -> FakeChannel:
+        """Delete 1 or more devices."""
+        # Note that this uses the delete_devices endpoint so that we can modify
+        # the payload half-way through some tests.
+        channel = self.make_request(
+            "POST",
+            "delete_devices",
+            body,
+            access_token=self.user_tok,
+        )
+        # Ensure the response is sane.
+        self.assertEqual(channel.code, expected_response)
+        return channel
+    def test_ui_auth(self) -> None:
+        """
+        Test user interactive authentication outside of registration.
+        """
+        # Attempt to delete this device.
+        # Returns a 401 as per the spec
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Ensure that flows are what is expected.
+        self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"])
+        # Make another request providing the UI auth flow.
+        self.delete_device(
+            self.user_tok,
+            self.device_id,
+            HTTPStatus.OK,
+            {
+                "auth": {
+                    "type": "m.login.password",
+                    "identifier": {"type": "m.id.user", "user": self.user},
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+    @override_config({"password_config": {"enabled": "only_for_reauth"}})
+    def test_ui_auth_with_passwords_for_reauth_only(self) -> None:
+        """
+        Test user interactive authentication outside of registration.
+        """
+        # Attempt to delete this device.
+        # Returns a 401 as per the spec
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Ensure that flows are what is expected.
+        self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"])
+        # Make another request providing the UI auth flow.
+        self.delete_device(
+            self.user_tok,
+            self.device_id,
+            HTTPStatus.OK,
+            {
+                "auth": {
+                    "type": "m.login.password",
+                    "identifier": {"type": "m.id.user", "user": self.user},
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+    def test_grandfathered_identifier(self) -> None:
+        """Check behaviour without "identifier" dict
+        Synapse used to require clients to submit a "user" field for m.login.password
+        UIA - check that still works.
+        """
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        session = channel.json_body["session"]
+        # Make another request providing the UI auth flow.
+        self.delete_device(
+            self.user_tok,
+            self.device_id,
+            HTTPStatus.OK,
+            {
+                "auth": {
+                    "type": "m.login.password",
+                    "user": self.user,
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+    def test_can_change_body(self) -> None:
+        """
+        The client dict can be modified during the user interactive authentication session.
+        Note that it is not spec compliant to modify the client dict during a
+        user interactive authentication session, but many clients currently do.
+        When Synapse is updated to be spec compliant, the call to re-use the
+        session ID should be rejected.
+        """
+        # Create a second login.
+        self.login("test", self.user_pass, "dev2")
+        # Attempt to delete the first device.
+        # Returns a 401 as per the spec
+        channel = self.delete_devices(
+            HTTPStatus.UNAUTHORIZED, {"devices": [self.device_id]}
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Ensure that flows are what is expected.
+        self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"])
+        # Make another request providing the UI auth flow, but try to delete the
+        # second device.
+        self.delete_devices(
+            HTTPStatus.OK,
+            {
+                "devices": ["dev2"],
+                "auth": {
+                    "type": "m.login.password",
+                    "identifier": {"type": "m.id.user", "user": self.user},
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+    def test_cannot_change_uri(self) -> None:
+        """
+        The initial requested URI cannot be modified during the user interactive authentication session.
+        """
+        # Create a second login.
+        self.login("test", self.user_pass, "dev2")
+        # Attempt to delete the first device.
+        # Returns a 401 as per the spec
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        # Grab the session
+        session = channel.json_body["session"]
+        # Ensure that flows are what is expected.
+        self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"])
+        # Make another request providing the UI auth flow, but try to delete the
+        # second device. This results in an error.
+        #
+        # This makes use of the fact that the device ID is embedded into the URL.
+        self.delete_device(
+            self.user_tok,
+            "dev2",
+            HTTPStatus.FORBIDDEN,
+            {
+                "auth": {
+                    "type": "m.login.password",
+                    "identifier": {"type": "m.id.user", "user": self.user},
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+    @unittest.override_config({"ui_auth": {"session_timeout": "5s"}})
+    def test_can_reuse_session(self) -> None:
+        """
+        The session can be reused if configured.
+        Compare to test_cannot_change_uri.
+        """
+        # Create a second and third login.
+        self.login("test", self.user_pass, "dev2")
+        self.login("test", self.user_pass, "dev3")
+        # Attempt to delete a device. This works since the user just logged in.
+        self.delete_device(self.user_tok, "dev2", HTTPStatus.OK)
+        # Move the clock forward past the validation timeout.
+        self.reactor.advance(6)
+        # Deleting another devices throws the user into UI auth.
+        channel = self.delete_device(self.user_tok, "dev3", HTTPStatus.UNAUTHORIZED)
+        # Grab the session
+        session = channel.json_body["session"]
+        # Ensure that flows are what is expected.
+        self.assertIn({"stages": ["m.login.password"]}, channel.json_body["flows"])
+        # Make another request providing the UI auth flow.
+        self.delete_device(
+            self.user_tok,
+            "dev3",
+            HTTPStatus.OK,
+            {
+                "auth": {
+                    "type": "m.login.password",
+                    "identifier": {"type": "m.id.user", "user": self.user},
+                    "password": self.user_pass,
+                    "session": session,
+                },
+            },
+        )
+        # Make another request, but try to delete the first device. This works
+        # due to re-using the previous session.
+        #
+        # Note that *no auth* information is provided, not even a session iD!
+        self.delete_device(self.user_tok, self.device_id, HTTPStatus.OK)
+    @skip_unless(HAS_OIDC, "requires OIDC")
+    @override_config({"oidc_config": TEST_OIDC_CONFIG})
+    def test_ui_auth_via_sso(self) -> None:
+        """Test a successful UI Auth flow via SSO
+        This includes:
+          * hitting the UIA SSO redirect endpoint
+          * checking it serves a confirmation page which links to the OIDC provider
+          * calling back to the synapse oidc callback
+          * checking that the original operation succeeds
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        # log the user in
+        remote_user_id = UserID.from_string(self.user).localpart
+        login_resp, _ = self.helper.login_via_oidc(fake_oidc_server, remote_user_id)
+        self.assertEqual(login_resp["user_id"], self.user)
+        # initiate a UI Auth process by attempting to delete the device
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        # check that SSO is offered
+        flows = channel.json_body["flows"]
+        self.assertIn({"stages": ["m.login.sso"]}, flows)
+        # run the UIA-via-SSO flow
+        session_id = channel.json_body["session"]
+        channel, _ = self.helper.auth_via_oidc(
+            fake_oidc_server, {"sub": remote_user_id}, ui_auth_session_id=session_id
+        )
+        # that should serve a confirmation page
+        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)
+        # and now the delete request should succeed.
+        self.delete_device(
+            self.user_tok,
+            self.device_id,
+            HTTPStatus.OK,
+            body={"auth": {"session": session_id}},
+        )
+    @skip_unless(HAS_OIDC, "requires OIDC")
+    @override_config({"oidc_config": TEST_OIDC_CONFIG})
+    def test_does_not_offer_password_for_sso_user(self) -> None:
+        fake_oidc_server = self.helper.fake_oidc_server()
+        login_resp, _ = self.helper.login_via_oidc(fake_oidc_server, "username")
+        user_tok = login_resp["access_token"]
+        device_id = login_resp["device_id"]
+        # now call the device deletion API: we should get the option to auth with SSO
+        # and not password.
+        channel = self.delete_device(user_tok, device_id, HTTPStatus.UNAUTHORIZED)
+        flows = channel.json_body["flows"]
+        self.assertEqual(flows, [{"stages": ["m.login.sso"]}])
+    def test_does_not_offer_sso_for_password_user(self) -> None:
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        flows = channel.json_body["flows"]
+        self.assertEqual(flows, [{"stages": ["m.login.password"]}])
+    @skip_unless(HAS_OIDC, "requires OIDC")
+    @override_config({"oidc_config": TEST_OIDC_CONFIG})
+    def test_offers_both_flows_for_upgraded_user(self) -> None:
+        """A user that had a password and then logged in with SSO should get both flows"""
+        fake_oidc_server = self.helper.fake_oidc_server()
+        login_resp, _ = self.helper.login_via_oidc(
+            fake_oidc_server, UserID.from_string(self.user).localpart
+        )
+        self.assertEqual(login_resp["user_id"], self.user)
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        flows = channel.json_body["flows"]
+        # we have no particular expectations of ordering here
+        self.assertIn({"stages": ["m.login.password"]}, flows)
+        self.assertIn({"stages": ["m.login.sso"]}, flows)
+        self.assertEqual(len(flows), 2)
+    @skip_unless(HAS_OIDC, "requires OIDC")
+    @override_config({"oidc_config": TEST_OIDC_CONFIG})
+    def test_ui_auth_fails_for_incorrect_sso_user(self) -> None:
+        """If the user tries to authenticate with the wrong SSO user, they get an error"""
+        fake_oidc_server = self.helper.fake_oidc_server()
+        # log the user in
+        login_resp, _ = self.helper.login_via_oidc(
+            fake_oidc_server, UserID.from_string(self.user).localpart
+        )
+        self.assertEqual(login_resp["user_id"], self.user)
+        # start a UI Auth flow by attempting to delete a device
+        channel = self.delete_device(
+            self.user_tok, self.device_id, HTTPStatus.UNAUTHORIZED
+        )
+        flows = channel.json_body["flows"]
+        self.assertIn({"stages": ["m.login.sso"]}, flows)
+        session_id = channel.json_body["session"]
+        # do the OIDC auth, but auth as the wrong user
+        channel, _ = self.helper.auth_via_oidc(
+            fake_oidc_server, {"sub": "wrong_user"}, ui_auth_session_id=session_id
+        )
+        # that should return a failure message
+        self.assertSubstring("We were unable to validate", channel.text_body)
+        # ... and the delete op should now fail with a 403
+        self.delete_device(
+            self.user_tok,
+            self.device_id,
+            HTTPStatus.FORBIDDEN,
+            body={"auth": {"session": session_id}},
+        )
+    @skip_unless(HAS_OIDC, "requires OIDC")
+    @override_config(
+        {
+            "oidc_config": TEST_OIDC_CONFIG,
+            "experimental_features": {
+                "msc3866": {
+                    "enabled": True,
+                    "require_approval_for_new_accounts": True,
+                }
+            },
+        }
+    )
+    def test_sso_not_approved(self) -> None:
+        """Tests that if we register a user via SSO while requiring approval for new
+        accounts, we still raise the correct error before logging the user in.
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        login_resp, _ = self.helper.login_via_oidc(
+            fake_oidc_server, "username", expected_status=403
+        )
+        self.assertEqual(login_resp["errcode"], Codes.USER_AWAITING_APPROVAL)
+        self.assertEqual(
+            ApprovalNoticeMedium.NONE, login_resp["approval_notice_medium"]
+        )
+        # Check that we didn't register a device for the user during the login attempt.
+        devices = self.get_success(
+            self.hs.get_datastores().main.get_devices_by_user("@username:test")
+        )
+        self.assertEqual(len(devices), 0)
+class RefreshAuthTests(unittest.HomeserverTestCase):
+    servlets = [
+        auth.register_servlets,
+        account.register_servlets,
+        login.register_servlets,
+        logout.register_servlets,
+        synapse.rest.admin.register_servlets_for_client_rest_resource,
+        register.register_servlets,
+    ]
+    hijack_auth = False
+    def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
+        self.user_pass = "pass"
+        self.user = self.register_user("test", self.user_pass)
+    def use_refresh_token(self, refresh_token: str) -> FakeChannel:
+        """
+        Helper that makes a request to use a refresh token.
+        """
+        return self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": refresh_token},
+        )
+    def test_login_issue_refresh_token(self) -> None:
+        """
+        A login response should include a refresh_token only if asked.
+        """
+        # Test login
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+        }
+        login_without_refresh = self.make_request(
+            "POST", "/_matrix/client/r0/login", body
+        )
+        self.assertEqual(
+            login_without_refresh.code, HTTPStatus.OK, login_without_refresh.result
+        )
+        self.assertNotIn("refresh_token", login_without_refresh.json_body)
+        login_with_refresh = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            {"refresh_token": True, **body},
+        )
+        self.assertEqual(
+            login_with_refresh.code, HTTPStatus.OK, login_with_refresh.result
+        )
+        self.assertIn("refresh_token", login_with_refresh.json_body)
+        self.assertIn("expires_in_ms", login_with_refresh.json_body)
+    def test_register_issue_refresh_token(self) -> None:
+        """
+        A register response should include a refresh_token only if asked.
+        """
+        register_without_refresh = self.make_request(
+            "POST",
+            "/_matrix/client/r0/register",
+            {
+                "username": "test2",
+                "password": self.user_pass,
+                "auth": {"type": LoginType.DUMMY},
+            },
+        )
+        self.assertEqual(
+            register_without_refresh.code,
+            HTTPStatus.OK,
+            register_without_refresh.result,
+        )
+        self.assertNotIn("refresh_token", register_without_refresh.json_body)
+        register_with_refresh = self.make_request(
+            "POST",
+            "/_matrix/client/r0/register",
+            {
+                "username": "test3",
+                "password": self.user_pass,
+                "auth": {"type": LoginType.DUMMY},
+                "refresh_token": True,
+            },
+        )
+        self.assertEqual(
+            register_with_refresh.code, HTTPStatus.OK, register_with_refresh.result
+        )
+        self.assertIn("refresh_token", register_with_refresh.json_body)
+        self.assertIn("expires_in_ms", register_with_refresh.json_body)
+    def test_token_refresh(self) -> None:
+        """
+        A refresh token can be used to issue a new access token.
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": login_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(refresh_response.code, HTTPStatus.OK, refresh_response.result)
+        self.assertIn("access_token", refresh_response.json_body)
+        self.assertIn("refresh_token", refresh_response.json_body)
+        self.assertIn("expires_in_ms", refresh_response.json_body)
+        # The access and refresh tokens should be different from the original ones after refresh
+        self.assertNotEqual(
+            login_response.json_body["access_token"],
+            refresh_response.json_body["access_token"],
+        )
+        self.assertNotEqual(
+            login_response.json_body["refresh_token"],
+            refresh_response.json_body["refresh_token"],
+        )
+    @override_config({"refreshable_access_token_lifetime": "1m"})
+    def test_refreshable_access_token_expiration(self) -> None:
+        """
+        The access token should have some time as specified in the config.
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        self.assertApproximates(
+            login_response.json_body["expires_in_ms"], 60 * 1000, 100
+        )
+        refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": login_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(refresh_response.code, HTTPStatus.OK, refresh_response.result)
+        self.assertApproximates(
+            refresh_response.json_body["expires_in_ms"], 60 * 1000, 100
+        )
+        access_token = refresh_response.json_body["access_token"]
+        # Advance 59 seconds in the future (just shy of 1 minute, the time of expiry)
+        self.reactor.advance(59.0)
+        # Check that our token is valid
+        self.assertEqual(
+            self.make_request(
+                "GET", "/_matrix/client/v3/account/whoami", access_token=access_token
+            ).code,
+            HTTPStatus.OK,
+        )
+        # Advance 2 more seconds (just past the time of expiry)
+        self.reactor.advance(2.0)
+        # Check that our token is invalid
+        self.assertEqual(
+            self.make_request(
+                "GET", "/_matrix/client/v3/account/whoami", access_token=access_token
+            ).code,
+            HTTPStatus.UNAUTHORIZED,
+        )
+    @override_config(
+        {
+            "refreshable_access_token_lifetime": "1m",
+            "nonrefreshable_access_token_lifetime": "10m",
+        }
+    )
+    def test_different_expiry_for_refreshable_and_nonrefreshable_access_tokens(
+        self,
+    ) -> None:
+        """
+        Tests that the expiry times for refreshable and non-refreshable access
+        tokens can be different.
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+        }
+        login_response1 = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            {"refresh_token": True, **body},
+        )
+        self.assertEqual(login_response1.code, HTTPStatus.OK, login_response1.result)
+        self.assertApproximates(
+            login_response1.json_body["expires_in_ms"], 60 * 1000, 100
+        )
+        refreshable_access_token = login_response1.json_body["access_token"]
+        login_response2 = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response2.code, HTTPStatus.OK, login_response2.result)
+        nonrefreshable_access_token = login_response2.json_body["access_token"]
+        # Advance 59 seconds in the future (just shy of 1 minute, the time of expiry)
+        self.reactor.advance(59.0)
+        # Both tokens should still be valid.
+        self.helper.whoami(refreshable_access_token, expect_code=HTTPStatus.OK)
+        self.helper.whoami(nonrefreshable_access_token, expect_code=HTTPStatus.OK)
+        # Advance to 61 s (just past 1 minute, the time of expiry)
+        self.reactor.advance(2.0)
+        # Only the non-refreshable token is still valid.
+        self.helper.whoami(
+            refreshable_access_token, expect_code=HTTPStatus.UNAUTHORIZED
+        )
+        self.helper.whoami(nonrefreshable_access_token, expect_code=HTTPStatus.OK)
+        # Advance to 599 s (just shy of 10 minutes, the time of expiry)
+        self.reactor.advance(599.0 - 61.0)
+        # It's still the case that only the non-refreshable token is still valid.
+        self.helper.whoami(
+            refreshable_access_token, expect_code=HTTPStatus.UNAUTHORIZED
+        )
+        self.helper.whoami(nonrefreshable_access_token, expect_code=HTTPStatus.OK)
+        # Advance to 601 s (just past 10 minutes, the time of expiry)
+        self.reactor.advance(2.0)
+        # Now neither token is valid.
+        self.helper.whoami(
+            refreshable_access_token, expect_code=HTTPStatus.UNAUTHORIZED
+        )
+        self.helper.whoami(
+            nonrefreshable_access_token, expect_code=HTTPStatus.UNAUTHORIZED
+        )
+    @override_config(
+        {"refreshable_access_token_lifetime": "1m", "refresh_token_lifetime": "2m"}
+    )
+    def test_refresh_token_expiry(self) -> None:
+        """
+        The refresh token can be configured to have a limited lifetime.
+        When that lifetime has ended, the refresh token can no longer be used to
+        refresh the session.
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        refresh_token1 = login_response.json_body["refresh_token"]
+        # Advance 119 seconds in the future (just shy of 2 minutes)
+        self.reactor.advance(119.0)
+        # Refresh our session. The refresh token should still JUST be valid right now.
+        # By doing so, we get a new access token and a new refresh token.
+        refresh_response = self.use_refresh_token(refresh_token1)
+        self.assertEqual(refresh_response.code, HTTPStatus.OK, refresh_response.result)
+        self.assertIn(
+            "refresh_token",
+            refresh_response.json_body,
+            "No new refresh token returned after refresh.",
+        )
+        refresh_token2 = refresh_response.json_body["refresh_token"]
+        # Advance 121 seconds in the future (just a bit more than 2 minutes)
+        self.reactor.advance(121.0)
+        # Try to refresh our session, but instead notice that the refresh token is
+        # not valid (it just expired).
+        refresh_response = self.use_refresh_token(refresh_token2)
+        self.assertEqual(
+            refresh_response.code, HTTPStatus.FORBIDDEN, refresh_response.result
+        )
+    @override_config(
+        {
+            "refreshable_access_token_lifetime": "2m",
+            "refresh_token_lifetime": "2m",
+            "session_lifetime": "3m",
+        }
+    )
+    def test_ultimate_session_expiry(self) -> None:
+        """
+        The session can be configured to have an ultimate, limited lifetime.
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        refresh_token = login_response.json_body["refresh_token"]
+        # Advance shy of 2 minutes into the future
+        self.reactor.advance(119.0)
+        # Refresh our session. The refresh token should still be valid right now.
+        refresh_response = self.use_refresh_token(refresh_token)
+        self.assertEqual(refresh_response.code, HTTPStatus.OK, refresh_response.result)
+        self.assertIn(
+            "refresh_token",
+            refresh_response.json_body,
+            "No new refresh token returned after refresh.",
+        )
+        # Notice that our access token lifetime has been diminished to match the
+        # session lifetime.
+        # 3 minutes - 119 seconds = 61 seconds.
+        self.assertEqual(refresh_response.json_body["expires_in_ms"], 61_000)
+        refresh_token = refresh_response.json_body["refresh_token"]
+        # Advance 61 seconds into the future. Our session should have expired
+        # now, because we've had our 3 minutes.
+        self.reactor.advance(61.0)
+        # Try to issue a new, refreshed, access token.
+        # This should fail because the refresh token's lifetime has also been
+        # diminished as our session expired.
+        refresh_response = self.use_refresh_token(refresh_token)
+        self.assertEqual(
+            refresh_response.code, HTTPStatus.FORBIDDEN, refresh_response.result
+        )
+    def test_refresh_token_invalidation(self) -> None:
+        """Refresh tokens are invalidated after first use of the next token.
+        A refresh token is considered invalid if:
+            - it was already used at least once
+            - and either
+                - the next access token was used
+                - the next refresh token was used
+        The chain of tokens goes like this:
+            login -|-> first_refresh -> third_refresh (fails)
+                   |-> second_refresh -> fifth_refresh
+                   |-> fourth_refresh (fails)
+        """
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/r0/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        # This first refresh should work properly
+        first_refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": login_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(
+            first_refresh_response.code, HTTPStatus.OK, first_refresh_response.result
+        )
+        # This one as well, since the token in the first one was never used
+        second_refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": login_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(
+            second_refresh_response.code, HTTPStatus.OK, second_refresh_response.result
+        )
+        # This one should not, since the token from the first refresh is not valid anymore
+        third_refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": first_refresh_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(
+            third_refresh_response.code,
+            HTTPStatus.UNAUTHORIZED,
+            third_refresh_response.result,
+        )
+        # The associated access token should also be invalid
+        whoami_response = self.make_request(
+            "GET",
+            "/_matrix/client/r0/account/whoami",
+            access_token=first_refresh_response.json_body["access_token"],
+        )
+        self.assertEqual(
+            whoami_response.code, HTTPStatus.UNAUTHORIZED, whoami_response.result
+        )
+        # But all other tokens should work (they will expire after some time)
+        for access_token in [
+            second_refresh_response.json_body["access_token"],
+            login_response.json_body["access_token"],
+        ]:
+            whoami_response = self.make_request(
+                "GET", "/_matrix/client/r0/account/whoami", access_token=access_token
+            )
+            self.assertEqual(
+                whoami_response.code, HTTPStatus.OK, whoami_response.result
+            )
+        # Now that the access token from the last valid refresh was used once, refreshing with the N-1 token should fail
+        fourth_refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": login_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(
+            fourth_refresh_response.code,
+            HTTPStatus.FORBIDDEN,
+            fourth_refresh_response.result,
+        )
+        # But refreshing from the last valid refresh token still works
+        fifth_refresh_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/refresh",
+            {"refresh_token": second_refresh_response.json_body["refresh_token"]},
+        )
+        self.assertEqual(
+            fifth_refresh_response.code, HTTPStatus.OK, fifth_refresh_response.result
+        )
+    def test_many_token_refresh(self) -> None:
+        """
+        If a refresh is performed many times during a session, there shouldn't be
+        extra 'cruft' built up over time.
+        This test was written specifically to troubleshoot a case where logout
+        was very slow if a lot of refreshes had been performed for the session.
+        """
+        def _refresh(refresh_token: str) -> tuple[str, str]:
+            """
+            Performs one refresh, returning the next refresh token and access token.
+            """
+            refresh_response = self.use_refresh_token(refresh_token)
+            self.assertEqual(
+                refresh_response.code, HTTPStatus.OK, refresh_response.result
+            )
+            return (
+                refresh_response.json_body["refresh_token"],
+                refresh_response.json_body["access_token"],
+            )
+        def _table_length(table_name: str) -> int:
+            """
+            Helper to get the size of a table, in rows.
+            For testing only; trivially vulnerable to SQL injection.
+            """
+            def _txn(txn: LoggingTransaction) -> int:
+                txn.execute(f"SELECT COUNT(1) FROM {table_name}")
+                row = txn.fetchone()
+                # Query is infallible
+                assert row is not None
+                return row[0]
+            return self.get_success(
+                self.hs.get_datastores().main.db_pool.runInteraction(
+                    "_table_length", _txn
+                )
+            )
+        # Before we log in, there are no access tokens.
+        self.assertEqual(_table_length("access_tokens"), 0)
+        self.assertEqual(_table_length("refresh_tokens"), 0)
+        body = {
+            "type": "m.login.password",
+            "user": "test",
+            "password": self.user_pass,
+            "refresh_token": True,
+        }
+        login_response = self.make_request(
+            "POST",
+            "/_matrix/client/v3/login",
+            body,
+        )
+        self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
+        access_token = login_response.json_body["access_token"]
+        refresh_token = login_response.json_body["refresh_token"]
+        # Now that we have logged in, there should be one access token and one
+        # refresh token
+        self.assertEqual(_table_length("access_tokens"), 1)
+        self.assertEqual(_table_length("refresh_tokens"), 1)
+        for _ in range(5):
+            refresh_token, access_token = _refresh(refresh_token)
+        # After 5 sequential refreshes, there should only be the latest two
+        # refresh/access token pairs.
+        # (The last one is preserved because it's in use!
+        # The one before that is preserved because it can still be used to
+        # replace the last token pair, in case of e.g. a network interruption.)
+        self.assertEqual(_table_length("access_tokens"), 2)
+        self.assertEqual(_table_length("refresh_tokens"), 2)
+        logout_response = self.make_request(
+            "POST", "/_matrix/client/v3/logout", {}, access_token=access_token
+        )
+        self.assertEqual(logout_response.code, HTTPStatus.OK, logout_response.result)
+        # Now that we have logged in, there should be no access token
+        # and no refresh token
+        self.assertEqual(_table_length("access_tokens"), 0)
+        self.assertEqual(_table_length("refresh_tokens"), 0)
+def oidc_config(
+    id: str, with_localpart_template: bool, **kwargs: Any
+) -> dict[str, Any]:
+    """Sample OIDC provider config used in backchannel logout tests.
+    Args:
+        id: IDP ID for this provider
+        with_localpart_template: Set to `true` to have a default localpart_template in
+            the `user_mapping_provider` config and skip the user mapping session
+        **kwargs: rest of the config
+    Returns:
+        A dict suitable for the `oidc_config` or the `oidc_providers[]` parts of
+        the HS config
+    """
+    config: dict[str, Any] = {
+        "idp_id": id,
+        "idp_name": id,
+        "issuer": TEST_OIDC_ISSUER,
+        "client_id": "test-client-id",
+        "client_secret": "test-client-secret",
+        "scopes": ["openid"],
+    }
+    if with_localpart_template:
+        config["user_mapping_provider"] = {
+            "config": {"localpart_template": "{{ user.sub }}"}
+        }
+    else:
+        config["user_mapping_provider"] = {"config": {}}
+    config.update(kwargs)
+    return config
+@skip_unless(HAS_OIDC, "Requires OIDC")
+class OidcBackchannelLogoutTests(unittest.HomeserverTestCase):
+    servlets = [
+        account.register_servlets,
+        login.register_servlets,
+    ]
+    def default_config(self) -> dict[str, Any]:
+        config = super().default_config()
+        # public_baseurl uses an http:// scheme because FakeChannel.isSecure() returns
+        # False, so synapse will see the requested uri as http://..., so using http in
+        # the public_baseurl stops Synapse trying to redirect to https.
+        config["public_baseurl"] = "http://synapse.test"
+        return config
+    def create_resource_dict(self) -> dict[str, Resource]:
+        resource_dict = super().create_resource_dict()
+        resource_dict.update(build_synapse_client_resource_tree(self.hs))
+        return resource_dict
+    def submit_logout_token(self, logout_token: str) -> FakeChannel:
+        return self.make_request(
+            "POST",
+            "/_synapse/client/oidc/backchannel_logout",
+            content=f"logout_token={logout_token}",
+            content_is_form=True,
+        )
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    id="oidc",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=True,
+                )
+            ]
+        }
+    )
+    def test_simple_logout(self) -> None:
+        """
+        Receiving a logout token should logout the user
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        user = "john"
+        login_resp, first_grant = self.helper.login_via_oidc(
+            fake_oidc_server, user, with_sid=True
+        )
+        first_access_token: str = login_resp["access_token"]
+        self.helper.whoami(first_access_token, expect_code=HTTPStatus.OK)
+        login_resp, second_grant = self.helper.login_via_oidc(
+            fake_oidc_server, user, with_sid=True
+        )
+        second_access_token: str = login_resp["access_token"]
+        self.helper.whoami(second_access_token, expect_code=HTTPStatus.OK)
+        self.assertNotEqual(first_grant.sid, second_grant.sid)
+        self.assertEqual(first_grant.userinfo["sub"], second_grant.userinfo["sub"])
+        # Logging out of the first session
+        logout_token = fake_oidc_server.generate_logout_token(first_grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+        self.helper.whoami(first_access_token, expect_code=HTTPStatus.UNAUTHORIZED)
+        self.helper.whoami(second_access_token, expect_code=HTTPStatus.OK)
+        # Logging out of the second session
+        logout_token = fake_oidc_server.generate_logout_token(second_grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    id="oidc",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=True,
+                )
+            ]
+        }
+    )
+    def test_logout_during_login(self) -> None:
+        """
+        It should revoke login tokens when receiving a logout token
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        user = "john"
+        # Get an authentication, and logout before submitting the logout token
+        client_redirect_url = "https://x"
+        userinfo = {"sub": user}
+        channel, grant = self.helper.auth_via_oidc(
+            fake_oidc_server,
+            userinfo,
+            client_redirect_url,
+            with_sid=True,
+        )
+        # expect a confirmation page
+        self.assertEqual(channel.code, HTTPStatus.OK, channel.result)
+        # fish the matrix login token out of the body of the confirmation page
+        m = re.search(
+            'a href="%s.*loginToken=([^"]*)"' % (client_redirect_url,),
+            channel.text_body,
+        )
+        assert m, channel.text_body
+        login_token = m.group(1)
+        # Submit a logout
+        logout_token = fake_oidc_server.generate_logout_token(grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+        # Now try to exchange the login token, it should fail.
+        self.helper.login_via_token(login_token, 403)
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    id="oidc",
+                    with_localpart_template=False,
+                    backchannel_logout_enabled=True,
+                )
+            ]
+        }
+    )
+    def test_logout_during_mapping(self) -> None:
+        """
+        It should stop ongoing user mapping session when receiving a logout token
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        user = "john"
+        # Get an authentication, and logout before submitting the logout token
+        client_redirect_url = "https://x"
+        userinfo = {"sub": user}
+        channel, grant = self.helper.auth_via_oidc(
+            fake_oidc_server,
+            userinfo,
+            client_redirect_url,
+            with_sid=True,
+        )
+        # Expect a user mapping page
+        self.assertEqual(channel.code, HTTPStatus.FOUND, channel.result)
+        # We should have a user_mapping_session cookie
+        cookie_headers = channel.headers.getRawHeaders("Set-Cookie")
+        assert cookie_headers
+        cookies: dict[str, str] = {}
+        for h in cookie_headers:
+            key, value = h.split(";")[0].split("=", maxsplit=1)
+            cookies[key] = value
+        user_mapping_session_id = cookies["username_mapping_session"]
+        # Getting that session should not raise
+        session = self.hs.get_sso_handler().get_mapping_session(user_mapping_session_id)
+        self.assertIsNotNone(session)
+        # Submit a logout
+        logout_token = fake_oidc_server.generate_logout_token(grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+        # Now it should raise
+        with self.assertRaises(SynapseError):
+            self.hs.get_sso_handler().get_mapping_session(user_mapping_session_id)
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    id="oidc",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=False,
+                )
+            ]
+        }
+    )
+    def test_disabled(self) -> None:
+        """
+        Receiving a logout token should do nothing if it is disabled in the config
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        user = "john"
+        login_resp, grant = self.helper.login_via_oidc(
+            fake_oidc_server, user, with_sid=True
+        )
+        access_token: str = login_resp["access_token"]
+        self.helper.whoami(access_token, expect_code=HTTPStatus.OK)
+        # Logging out shouldn't work
+        logout_token = fake_oidc_server.generate_logout_token(grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 400)
+        # And the token should still be valid
+        self.helper.whoami(access_token, expect_code=HTTPStatus.OK)
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    id="oidc",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=True,
+                )
+            ]
+        }
+    )
+    def test_no_sid(self) -> None:
+        """
+        Receiving a logout token without `sid` during the login should do nothing
+        """
+        fake_oidc_server = self.helper.fake_oidc_server()
+        user = "john"
+        login_resp, grant = self.helper.login_via_oidc(
+            fake_oidc_server, user, with_sid=False
+        )
+        access_token: str = login_resp["access_token"]
+        self.helper.whoami(access_token, expect_code=HTTPStatus.OK)
+        # Logging out shouldn't work
+        logout_token = fake_oidc_server.generate_logout_token(grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 400)
+        # And the token should still be valid
+        self.helper.whoami(access_token, expect_code=HTTPStatus.OK)
+    @override_config(
+        {
+            "oidc_providers": [
+                oidc_config(
+                    "first",
+                    issuer="https://first-issuer.com/",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=True,
+                ),
+                oidc_config(
+                    "second",
+                    issuer="https://second-issuer.com/",
+                    with_localpart_template=True,
+                    backchannel_logout_enabled=True,
+                ),
+            ]
+        }
+    )
+    def test_multiple_providers(self) -> None:
+        """
+        It should be able to distinguish login tokens from two different IdPs
+        """
+        first_server = self.helper.fake_oidc_server(issuer="https://first-issuer.com/")
+        second_server = self.helper.fake_oidc_server(
+            issuer="https://second-issuer.com/"
+        )
+        user = "john"
+        login_resp, first_grant = self.helper.login_via_oidc(
+            first_server, user, with_sid=True, idp_id="oidc-first"
+        )
+        first_access_token: str = login_resp["access_token"]
+        self.helper.whoami(first_access_token, expect_code=HTTPStatus.OK)
+        login_resp, second_grant = self.helper.login_via_oidc(
+            second_server, user, with_sid=True, idp_id="oidc-second"
+        )
+        second_access_token: str = login_resp["access_token"]
+        self.helper.whoami(second_access_token, expect_code=HTTPStatus.OK)
+        # `sid` in the fake providers are generated by a counter, so the first grant of
+        # each provider should give the same SID
+        self.assertEqual(first_grant.sid, second_grant.sid)
+        self.assertEqual(first_grant.userinfo["sub"], second_grant.userinfo["sub"])
+        # Logging out of the first session
+        logout_token = first_server.generate_logout_token(first_grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+        self.helper.whoami(first_access_token, expect_code=HTTPStatus.UNAUTHORIZED)
+        self.helper.whoami(second_access_token, expect_code=HTTPStatus.OK)
+        # Logging out of the second session
+        logout_token = second_server.generate_logout_token(second_grant)
+        channel = self.submit_logout_token(logout_token)
+        self.assertEqual(channel.code, 200)
+        self.helper.whoami(second_access_token, expect_code=HTTPStatus.UNAUTHORIZED)