Merge branch 'develop' of github.com:matrix-org/synapse into erikj/split_federation

2018-08-15 14:25:46 +01:00 · 2018-08-15 14:25:46 +01:00 · ef184caf30
parent 488ffe6fdb 1c5e690a6b
commit ef184caf30
217 changed files with 2601 additions and 2756 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -0,0 +1,48 @@
+version: 2
+jobs:
+  sytestpy2:
+    machine: true
+    steps:
+      - checkout
+      - run: docker pull matrixdotorg/sytest-synapsepy2
+      - run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs matrixdotorg/sytest-synapsepy2
+      - store_artifacts:
+          path: ~/project/logs
+          destination: logs
+  sytestpy2postgres:
+    machine: true
+    steps:
+      - checkout
+      - run: docker pull matrixdotorg/sytest-synapsepy2
+      - run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs -e POSTGRES=1 matrixdotorg/sytest-synapsepy2
+      - store_artifacts:
+          path: ~/project/logs
+          destination: logs
+  sytestpy3:
+    machine: true
+    steps:
+      - checkout
+      - run: docker pull matrixdotorg/sytest-synapsepy3
+      - run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs hawkowl/sytestpy3
+      - store_artifacts:
+          path: ~/project/logs
+          destination: logs
+  sytestpy3postgres:
+    machine: true
+    steps:
+      - checkout
+      - run: docker pull matrixdotorg/sytest-synapsepy3
+      - run: docker run --rm -it -v $(pwd)\:/src -v $(pwd)/logs\:/logs -e POSTGRES=1 matrixdotorg/sytest-synapsepy3
+      - store_artifacts:
+          path: ~/project/logs
+          destination: logs
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - sytestpy2
+      - sytestpy2postgres
+# Currently broken while the Python 3 port is incomplete
+#      - sytestpy3
+#      - sytestpy3postgres
--- a/.dockerignore
+++ b/.dockerignore
@ -3,3 +3,6 @@ Dockerfile
 .gitignore
 demo/etc
 tox.ini
+synctl
+.git/*
+.tox/*
--- a/.travis.yml
+++ b/.travis.yml
@ -8,6 +8,9 @@ before_script:
  - git remote set-branches --add origin develop
  - git fetch origin develop

+services:
+  - postgresql
+
 matrix:
  fast_finish: true
  include:
@ -20,6 +23,9 @@ matrix:
  - python: 2.7
    env: TOX_ENV=py27

+  - python: 2.7
+    env: TOX_ENV=py27-postgres TRIAL_FLAGS="-j 4"
+
  - python: 3.6
    env: TOX_ENV=py36

@ -29,6 +35,10 @@ matrix:
  - python: 3.6
    env: TOX_ENV=check-newsfragment

+  allow_failures:
+  - python: 2.7
+    env: TOX_ENV=py27-postgres TRIAL_FLAGS="-j 4"
+
 install:
  - pip install tox

--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,76 @@
+Synapse 0.33.2 (2018-08-09)
+===========================
+
+No significant changes.
+
+
+Synapse 0.33.2rc1 (2018-08-07)
+==============================
+
+Features
+--------
+
+- add support for the lazy_loaded_members filter as per MSC1227 ([\#2970](https://github.com/matrix-org/synapse/issues/2970))
+- add support for the include_redundant_members filter param as per MSC1227 ([\#3331](https://github.com/matrix-org/synapse/issues/3331))
+- Add metrics to track resource usage by background processes ([\#3553](https://github.com/matrix-org/synapse/issues/3553), [\#3556](https://github.com/matrix-org/synapse/issues/3556), [\#3604](https://github.com/matrix-org/synapse/issues/3604), [\#3610](https://github.com/matrix-org/synapse/issues/3610))
+- Add `code` label to `synapse_http_server_response_time_seconds` prometheus metric ([\#3554](https://github.com/matrix-org/synapse/issues/3554))
+- Add support for client_reader to handle more APIs ([\#3555](https://github.com/matrix-org/synapse/issues/3555), [\#3597](https://github.com/matrix-org/synapse/issues/3597))
+- make the /context API filter & lazy-load aware as per MSC1227 ([\#3567](https://github.com/matrix-org/synapse/issues/3567))
+- Add ability to limit number of monthly active users on the server ([\#3630](https://github.com/matrix-org/synapse/issues/3630))
+- When we fail to join a room over federation, pass the error code back to the client. ([\#3639](https://github.com/matrix-org/synapse/issues/3639))
+- Add a new /admin/register API for non-interactively creating users. ([\#3415](https://github.com/matrix-org/synapse/issues/3415))
+
+
+Bugfixes
+--------
+
+- Make /directory/list API return 404 for room not found instead of 400 ([\#2952](https://github.com/matrix-org/synapse/issues/2952))
+- Default inviter_display_name to mxid for email invites ([\#3391](https://github.com/matrix-org/synapse/issues/3391))
+- Don't generate TURN credentials if no TURN config options are set ([\#3514](https://github.com/matrix-org/synapse/issues/3514))
+- Correctly announce deleted devices over federation ([\#3520](https://github.com/matrix-org/synapse/issues/3520))
+- Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis. ([\#3548](https://github.com/matrix-org/synapse/issues/3548))
+- Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password. ([\#3569](https://github.com/matrix-org/synapse/issues/3569))
+- Fix potential stack overflow and deadlock under heavy load ([\#3570](https://github.com/matrix-org/synapse/issues/3570))
+- Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585 ([\#3585](https://github.com/matrix-org/synapse/issues/3585))
+- Fix failure to persist events over federation under load ([\#3601](https://github.com/matrix-org/synapse/issues/3601))
+- Fix updating of cached remote profiles ([\#3605](https://github.com/matrix-org/synapse/issues/3605))
+- Fix 'tuple index out of range' error ([\#3607](https://github.com/matrix-org/synapse/issues/3607))
+- Only import secrets when available (fix for py < 3.6) ([\#3626](https://github.com/matrix-org/synapse/issues/3626))
+
+
+Internal Changes
+----------------
+
+- Remove redundant checks on who_forgot_in_room ([\#3350](https://github.com/matrix-org/synapse/issues/3350))
+- Remove unnecessary event re-signing hacks ([\#3367](https://github.com/matrix-org/synapse/issues/3367))
+- Rewrite cache list decorator ([\#3384](https://github.com/matrix-org/synapse/issues/3384))
+- Move v1-only REST APIs into their own module. ([\#3460](https://github.com/matrix-org/synapse/issues/3460))
+- Replace more instances of Python 2-only iteritems and itervalues uses. ([\#3562](https://github.com/matrix-org/synapse/issues/3562))
+- Refactor EventContext to accept state during init ([\#3577](https://github.com/matrix-org/synapse/issues/3577))
+- Improve Dockerfile and docker-compose instructions ([\#3543](https://github.com/matrix-org/synapse/issues/3543))
+- Release notes are now in the Markdown format. ([\#3552](https://github.com/matrix-org/synapse/issues/3552))
+- add config for pep8 ([\#3559](https://github.com/matrix-org/synapse/issues/3559))
+- Merge Linearizer and Limiter ([\#3571](https://github.com/matrix-org/synapse/issues/3571), [\#3572](https://github.com/matrix-org/synapse/issues/3572))
+- Lazily load state on master process when using workers to reduce DB consumption ([\#3579](https://github.com/matrix-org/synapse/issues/3579), [\#3581](https://github.com/matrix-org/synapse/issues/3581), [\#3582](https://github.com/matrix-org/synapse/issues/3582), [\#3584](https://github.com/matrix-org/synapse/issues/3584))
+- Fixes and optimisations for resolve_state_groups ([\#3586](https://github.com/matrix-org/synapse/issues/3586))
+- Improve logging for exceptions when handling PDUs ([\#3587](https://github.com/matrix-org/synapse/issues/3587))
+- Add some measure blocks to persist_events ([\#3590](https://github.com/matrix-org/synapse/issues/3590))
+- Fix some random logcontext leaks. ([\#3591](https://github.com/matrix-org/synapse/issues/3591), [\#3606](https://github.com/matrix-org/synapse/issues/3606))
+- Speed up calculating state deltas in persist_event loop ([\#3592](https://github.com/matrix-org/synapse/issues/3592))
+- Attempt to reduce amount of state pulled out of DB during persist_events ([\#3595](https://github.com/matrix-org/synapse/issues/3595))
+- Fix a documentation typo in on_make_leave_request ([\#3609](https://github.com/matrix-org/synapse/issues/3609))
+- Make EventStore inherit from EventFederationStore ([\#3612](https://github.com/matrix-org/synapse/issues/3612))
+- Remove some redundant joins on event_edges.room_id ([\#3613](https://github.com/matrix-org/synapse/issues/3613))
+- Stop populating events.content ([\#3614](https://github.com/matrix-org/synapse/issues/3614))
+- Update the /send_leave path registration to use event_id rather than a transaction ID. ([\#3616](https://github.com/matrix-org/synapse/issues/3616))
+- Refactor FederationHandler to move DB writes into separate functions ([\#3621](https://github.com/matrix-org/synapse/issues/3621))
+- Remove unused field "pdu_failures" from transactions. ([\#3628](https://github.com/matrix-org/synapse/issues/3628))
+- rename replication_layer to federation_client ([\#3634](https://github.com/matrix-org/synapse/issues/3634))
+- Factor out exception handling in federation_client ([\#3638](https://github.com/matrix-org/synapse/issues/3638))
+- Refactor location of docker build script. ([\#3644](https://github.com/matrix-org/synapse/issues/3644))
+- Update CONTRIBUTING to mention newsfragments. ([\#3645](https://github.com/matrix-org/synapse/issues/3645))
+
+
 Synapse 0.33.1 (2018-08-02)
 ===========================

--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -36,3 +36,4 @@ recursive-include changelog.d *
 prune .github
 prune demo/etc
 prune docker
+prune .circleci
--- a/changelog.d/1491.feature
+++ b/changelog.d/1491.feature
@ -0,0 +1 @@
+Add support for the SNI extension to federation TLS connections
--- a/changelog.d/2952.bugfix
+++ b/changelog.d/2952.bugfix
@ -1 +0,0 @@
-Make /directory/list API return 404 for room not found instead of 400
--- a/changelog.d/2970.feature
+++ b/changelog.d/2970.feature
@ -1 +0,0 @@
-add support for the lazy_loaded_members filter as per MSC1227
--- a/changelog.d/3331.feature
+++ b/changelog.d/3331.feature
@ -1 +0,0 @@
-add support for the include_redundant_members filter param as per MSC1227
--- a/changelog.d/3350.misc
+++ b/changelog.d/3350.misc
@ -1 +0,0 @@
-Remove redundant checks on who_forgot_in_room
--- a/changelog.d/3367.misc
+++ b/changelog.d/3367.misc
@ -1 +0,0 @@
-Remove unnecessary event re-signing hacks
--- a/changelog.d/3384.misc
+++ b/changelog.d/3384.misc
@ -1 +0,0 @@
-Rewrite cache list decorator
--- a/changelog.d/3391.bugfix
+++ b/changelog.d/3391.bugfix
@ -1 +0,0 @@
-Default inviter_display_name to mxid for email invites
--- a/changelog.d/3415.misc
+++ b/changelog.d/3415.misc
--- a/changelog.d/3423.misc
+++ b/changelog.d/3423.misc
@ -0,0 +1 @@
+The test suite now can run under PostgreSQL.
--- a/changelog.d/3460.misc
+++ b/changelog.d/3460.misc
--- a/changelog.d/3514.bugfix
+++ b/changelog.d/3514.bugfix
@ -1 +0,0 @@
-Don't generate TURN credentials if no TURN config options are set
--- a/changelog.d/3520.bugfix
+++ b/changelog.d/3520.bugfix
@ -1 +0,0 @@
-Correctly announce deleted devices over federation
--- a/changelog.d/3543.misc
+++ b/changelog.d/3543.misc
@ -1 +0,0 @@
-Improve Dockerfile and docker-compose instructions
--- a/changelog.d/3548.bugfix
+++ b/changelog.d/3548.bugfix
@ -1 +0,0 @@
-Catch failures saving metrics captured by Measure, and instead log the faulty metrics information for further analysis.
--- a/changelog.d/3552.misc
+++ b/changelog.d/3552.misc
@ -1 +0,0 @@
-Release notes are now in the Markdown format.
--- a/changelog.d/3553.feature
+++ b/changelog.d/3553.feature
@ -1 +0,0 @@
-Add metrics to track resource usage by background processes
--- a/changelog.d/3554.feature
+++ b/changelog.d/3554.feature
@ -1 +0,0 @@
-Add `code` label to `synapse_http_server_response_time_seconds` prometheus metric
--- a/changelog.d/3555.feature
+++ b/changelog.d/3555.feature
@ -1 +0,0 @@
-Add support for client_reader to handle more APIs
--- a/changelog.d/3556.feature
+++ b/changelog.d/3556.feature
@ -1 +0,0 @@
-Add metrics to track resource usage by background processes
--- a/changelog.d/3559.misc
+++ b/changelog.d/3559.misc
@ -1 +0,0 @@
-add config for pep8
--- a/changelog.d/3562.misc
+++ b/changelog.d/3562.misc
--- a/changelog.d/3567.feature
+++ b/changelog.d/3567.feature
@ -1 +0,0 @@
-make the /context API filter & lazy-load aware as per MSC1227
--- a/changelog.d/3569.bugfix
+++ b/changelog.d/3569.bugfix
@ -1 +0,0 @@
-Unicode passwords are now normalised before hashing, preventing the instance where two different devices or browsers might send a different UTF-8 sequence for the password.
--- a/changelog.d/3570.bugfix
+++ b/changelog.d/3570.bugfix
@ -1 +0,0 @@
-Fix potential stack overflow and deadlock under heavy load
--- a/changelog.d/3571.misc
+++ b/changelog.d/3571.misc
@ -1 +0,0 @@
-Merge Linearizer and Limiter
--- a/changelog.d/3572.misc
+++ b/changelog.d/3572.misc
@ -1 +0,0 @@
-Merge Linearizer and Limiter
--- a/changelog.d/3577.misc
+++ b/changelog.d/3577.misc
--- a/changelog.d/3579.misc
+++ b/changelog.d/3579.misc
@ -1 +0,0 @@
-Lazily load state on master process when using workers to reduce DB consumption
--- a/changelog.d/3581.misc
+++ b/changelog.d/3581.misc
@ -1 +0,0 @@
-Lazily load state on master process when using workers to reduce DB consumption
--- a/changelog.d/3582.misc
+++ b/changelog.d/3582.misc
@ -1 +0,0 @@
-Lazily load state on master process when using workers to reduce DB consumption
--- a/changelog.d/3584.misc
+++ b/changelog.d/3584.misc
@ -1 +0,0 @@
-Lazily load state on master process when using workers to reduce DB consumption
--- a/changelog.d/3585.bugfix
+++ b/changelog.d/3585.bugfix
@ -1 +0,0 @@
-Respond with M_NOT_FOUND when profiles are not found locally or over federation. Fixes #3585
--- a/changelog.d/3586.misc
+++ b/changelog.d/3586.misc
@ -1 +0,0 @@
-Fixes and optimisations for resolve_state_groups
--- a/changelog.d/3587.misc
+++ b/changelog.d/3587.misc
@ -1 +0,0 @@
-Improve logging for exceptions when handling PDUs
--- a/changelog.d/3590.misc
+++ b/changelog.d/3590.misc
@ -1 +0,0 @@
-Add some measure blocks to persist_events
--- a/changelog.d/3591.misc
+++ b/changelog.d/3591.misc
@ -1 +0,0 @@
-Fix some random logcontext leaks.
--- a/changelog.d/3592.misc
+++ b/changelog.d/3592.misc
@ -1 +0,0 @@
-Speed up calculating state deltas in persist_event loop
--- a/changelog.d/3595.misc
+++ b/changelog.d/3595.misc
@ -1 +0,0 @@
-Attempt to reduce amount of state pulled out of DB during persist_events
--- a/changelog.d/3597.feature
+++ b/changelog.d/3597.feature
@ -1 +0,0 @@
-Add support for client_reader to handle more APIs
--- a/changelog.d/3601.bugfix
+++ b/changelog.d/3601.bugfix
@ -1 +0,0 @@
-Fix failure to persist events over federation under load
--- a/changelog.d/3604.feature
+++ b/changelog.d/3604.feature
@ -1 +0,0 @@
-Add metrics to track resource usage by background processes
--- a/changelog.d/3605.bugfix
+++ b/changelog.d/3605.bugfix
@ -1 +0,0 @@
-Fix updating of cached remote profiles
--- a/changelog.d/3606.misc
+++ b/changelog.d/3606.misc
@ -1 +0,0 @@
-Fix some random logcontext leaks.
--- a/changelog.d/3607.bugfix
+++ b/changelog.d/3607.bugfix
@ -1 +0,0 @@
-Fix 'tuple index out of range' error
--- a/changelog.d/3609.misc
+++ b/changelog.d/3609.misc
@ -1 +0,0 @@
-Fix a documentation typo in on_make_leave_request
--- a/changelog.d/3610.feature
+++ b/changelog.d/3610.feature
@ -1 +0,0 @@
-Add metrics to track resource usage by background processes
--- a/changelog.d/3612.misc
+++ b/changelog.d/3612.misc
@ -1 +0,0 @@
-Make EventStore inherit from EventFederationStore
--- a/changelog.d/3613.misc
+++ b/changelog.d/3613.misc
@ -1 +0,0 @@
-Remove some redundant joins on event_edges.room_id
--- a/changelog.d/3614.misc
+++ b/changelog.d/3614.misc
@ -1 +0,0 @@
-Stop populating events.content
--- a/changelog.d/3616.misc
+++ b/changelog.d/3616.misc
@ -1 +0,0 @@
-Update the /send_leave path registration to use event_id rather than a transaction ID.
--- a/changelog.d/3621.misc
+++ b/changelog.d/3621.misc
@ -1 +0,0 @@
-Refactor FederationHandler to move DB writes into separate functions
--- a/changelog.d/3626.bugfix
+++ b/changelog.d/3626.bugfix
@ -1 +0,0 @@
-Only import secrets when available (fix for py < 3.6)
--- a/changelog.d/3628.misc
+++ b/changelog.d/3628.misc
@ -1 +0,0 @@
-Remove unused field "pdu_failures" from transactions.
--- a/changelog.d/3630.feature
+++ b/changelog.d/3630.feature
@ -1 +0,0 @@
-Add ability to limit number of monthly active users on the server
--- a/changelog.d/3634.misc
+++ b/changelog.d/3634.misc
@ -1 +0,0 @@
-rename replication_layer to federation_client
--- a/changelog.d/3638.misc
+++ b/changelog.d/3638.misc
@ -1 +0,0 @@
-Factor out exception handling in federation_client
--- a/changelog.d/3639.feature
+++ b/changelog.d/3639.feature
@ -1 +0,0 @@
-When we fail to join a room over federation, pass the error code back to the client.
--- a/changelog.d/3644.misc
+++ b/changelog.d/3644.misc
@ -1 +0,0 @@
-Refactor location of docker build script.
--- a/changelog.d/3645.misc
+++ b/changelog.d/3645.misc
@ -1 +0,0 @@
-Update CONTRIBUTING to mention newsfragments.
--- a/changelog.d/3655.feature
+++ b/changelog.d/3655.feature
@ -0,0 +1 @@
+Ability to disable client/server Synapse via conf toggle
--- a/changelog.d/3660.misc
+++ b/changelog.d/3660.misc
@ -0,0 +1 @@
+Sytests can now be run inside a Docker container.
--- a/changelog.d/3661.bugfix
+++ b/changelog.d/3661.bugfix
@ -0,0 +1 @@
+Fix bug on deleting 3pid when using identity servers that don't support unbind API
--- a/changelog.d/3669.misc
+++ b/changelog.d/3669.misc
@ -0,0 +1 @@
+Update docker base image from alpine 3.7 to 3.8.
--- a/changelog.d/3670.feature
+++ b/changelog.d/3670.feature
@ -0,0 +1 @@
+Where server is disabled, block ability for locked out users to read new messages
--- a/changelog.d/3676.bugfix
+++ b/changelog.d/3676.bugfix
@ -0,0 +1 @@
+Make the tests pass on Twisted < 18.7.0
--- a/changelog.d/3677.bugfix
+++ b/changelog.d/3677.bugfix
@ -0,0 +1 @@
+Don’t ship recaptcha_ajax.js, use it directly from Google
--- a/changelog.d/3678.misc
+++ b/changelog.d/3678.misc
@ -0,0 +1 @@
+Rename synapse.util.async to synapse.util.async_helpers to mitigate async becoming a keyword on Python 3.7.
--- a/changelog.d/3679.misc
+++ b/changelog.d/3679.misc
@ -0,0 +1 @@
+Synapse's tests are now formatted with the black autoformatter.
--- a/changelog.d/3681.bugfix
+++ b/changelog.d/3681.bugfix
@ -0,0 +1 @@
+Fixes test_reap_monthly_active_users so it passes under postgres
--- a/changelog.d/3684.misc
+++ b/changelog.d/3684.misc
@ -0,0 +1 @@
+Implemented a new testing base class to reduce test boilerplate.
--- a/changelog.d/3690.misc
+++ b/changelog.d/3690.misc
@ -0,0 +1 @@
+Rename MAU prometheus metrics
--- a/changelog.d/3692.bugfix
+++ b/changelog.d/3692.bugfix
@ -0,0 +1 @@
+Fix missing yield in synapse.storage.monthly_active_users.initialise_reserved_users
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,4 +1,4 @@
-FROM docker.io/python:2-alpine3.7
+FROM docker.io/python:2-alpine3.8

 RUN apk add --no-cache --virtual .nacl_deps \
        build-base \
--- a/pyproject.toml
+++ b/pyproject.toml
@ -2,7 +2,7 @@
    package = "synapse"
    filename = "CHANGES.md"
    directory = "changelog.d"
-    issue_format = "[\\#{issue}](https://github.com/matrix-org/synapse/issues/{issue}>)"
+    issue_format = "[\\#{issue}](https://github.com/matrix-org/synapse/issues/{issue})"

    [[tool.towncrier.type]]
        directory = "feature"
--- a/synapse/init.py
+++ b/synapse/init.py
@ -17,4 +17,4 @@
 """ This is a reference implementation of a Matrix home server.
 """

-__version__ = "0.33.1"
+__version__ = "0.33.2"
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -775,11 +775,25 @@ class Auth(object):
            )

    @defer.inlineCallbacks
-    def check_auth_blocking(self):
+    def check_auth_blocking(self, user_id=None):
        """Checks if the user should be rejected for some external reason,
        such as monthly active user limiting or global disable flag
+
+        Args:
+            user_id(str|None): If present, checks for presence against existing
+            MAU cohort
        """
+        if self.hs.config.hs_disabled:
+            raise AuthError(
+                403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
+            )
        if self.hs.config.limit_usage_by_mau is True:
+            # If the user is already part of the MAU cohort
+            if user_id:
+                timestamp = yield self.store.user_last_seen_monthly_active(user_id)
+                if timestamp:
+                    return
+            # Else if there is no room in the MAU bucket, bail
            current_mau = yield self.store.get_monthly_active_count()
            if current_mau >= self.hs.config.max_mau_value:
                raise AuthError(
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@ -57,6 +57,7 @@ class Codes(object):
    CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
    CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
    MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
+    HS_DISABLED = "M_HS_DISABLED"
    UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION"
    INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"

--- a/synapse/app/client_reader.py
+++ b/synapse/app/client_reader.py
@ -168,11 +168,13 @@ def start(config_options):
    database_engine = create_engine(config.database_config)

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ss = ClientReaderServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/event_creator.py
+++ b/synapse/app/event_creator.py
@ -174,11 +174,13 @@ def start(config_options):
    database_engine = create_engine(config.database_config)

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ss = EventCreatorServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/federation_reader.py
+++ b/synapse/app/federation_reader.py
@ -153,11 +153,13 @@ def start(config_options):
    database_engine = create_engine(config.database_config)

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ss = FederationReaderServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/federation_sender.py
+++ b/synapse/app/federation_sender.py
@ -40,7 +40,7 @@ from synapse.replication.slave.storage.transactions import SlavedTransactionStor
 from synapse.replication.tcp.client import ReplicationClientHandler
 from synapse.server import HomeServer
 from synapse.storage.engines import create_engine
-from synapse.util.async import Linearizer
+from synapse.util.async_helpers import Linearizer
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.logcontext import LoggingContext, run_in_background
 from synapse.util.manhole import manhole
@ -186,11 +186,13 @@ def start(config_options):
    config.send_federation = True

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ps = FederationSenderServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/frontend_proxy.py
+++ b/synapse/app/frontend_proxy.py
@ -208,11 +208,13 @@ def start(config_options):
    database_engine = create_engine(config.database_config)

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ss = FrontendProxyServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@ -303,8 +303,8 @@ class SynapseHomeServer(HomeServer):


 # Gauges to expose monthly active user control metrics
-current_mau_gauge = Gauge("synapse_admin_current_mau", "Current MAU")
-max_mau_value_gauge = Gauge("synapse_admin_max_mau_value", "MAU Limit")
+current_mau_gauge = Gauge("synapse_admin_mau:current", "Current MAU")
+max_mau_gauge = Gauge("synapse_admin_mau:max", "MAU Limit")


 def setup(config_options):
@ -338,6 +338,7 @@ def setup(config_options):
    events.USE_FROZEN_DICTS = config.use_frozen_dicts

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    database_engine = create_engine(config.database_config)
    config.database_config["args"]["cp_openfun"] = database_engine.on_new_connection
@ -346,6 +347,7 @@ def setup(config_options):
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
@ -530,7 +532,7 @@ def run(hs):
        if hs.config.limit_usage_by_mau:
            count = yield hs.get_datastore().get_monthly_active_count()
        current_mau_gauge.set(float(count))
-        max_mau_value_gauge.set(float(hs.config.max_mau_value))
+        max_mau_gauge.set(float(hs.config.max_mau_value))

    hs.get_datastore().initialise_reserved_users(
        hs.config.mau_limits_reserved_threepids
--- a/synapse/app/media_repository.py
+++ b/synapse/app/media_repository.py
@ -155,11 +155,13 @@ def start(config_options):
    database_engine = create_engine(config.database_config)

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ss = MediaRepositoryServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/app/user_dir.py
+++ b/synapse/app/user_dir.py
@ -214,11 +214,13 @@ def start(config_options):
    config.update_user_directory = True

    tls_server_context_factory = context_factory.ServerContextFactory(config)
+    tls_client_options_factory = context_factory.ClientTLSOptionsFactory(config)

    ps = UserDirectoryServer(
        config.server_name,
        db_config=config.database_config,
        tls_server_context_factory=tls_server_context_factory,
+        tls_client_options_factory=tls_client_options_factory,
        config=config,
        version_string="Synapse/" + get_version_string(synapse),
        database_engine=database_engine,
--- a/synapse/config/logger.py
+++ b/synapse/config/logger.py
@ -193,9 +193,8 @@ def setup_logging(config, use_worker_options=False):

        def sighup(signum, stack):
            # it might be better to use a file watcher or something for this.
-            logging.info("Reloading log config from %s due to SIGHUP",
-                         log_config)
            load_log_config()
+            logging.info("Reloaded log config from %s due to SIGHUP", log_config)

        load_log_config()

--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@ -78,6 +78,10 @@ class ServerConfig(Config):
            "mau_limit_reserved_threepids", []
        )

+        # Options to disable HS
+        self.hs_disabled = config.get("hs_disabled", False)
+        self.hs_disabled_message = config.get("hs_disabled_message", "")
+
        # FIXME: federation_domain_whitelist needs sytests
        self.federation_domain_whitelist = None
        federation_domain_whitelist = config.get(
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@ -11,19 +11,22 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 import logging

+from zope.interface import implementer
+
 from OpenSSL import SSL, crypto
-from twisted.internet import ssl
 from twisted.internet._sslverify import _defaultCurveName
+from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
+from twisted.internet.ssl import CertificateOptions, ContextFactory
+from twisted.python.failure import Failure

 logger = logging.getLogger(__name__)


-class ServerContextFactory(ssl.ContextFactory):
+class ServerContextFactory(ContextFactory):
    """Factory for PyOpenSSL SSL contexts that are used to handle incoming
-    connections and to make connections to remote servers."""
+    connections."""

    def __init__(self, config):
        self._context = SSL.Context(SSL.SSLv23_METHOD)
@ -48,3 +51,78 @@ class ServerContextFactory(ssl.ContextFactory):

    def getContext(self):
        return self._context
+
+
+def _idnaBytes(text):
+    """
+    Convert some text typed by a human into some ASCII bytes. This is a
+    copy of twisted.internet._idna._idnaBytes. For documentation, see the
+    twisted documentation.
+    """
+    try:
+        import idna
+    except ImportError:
+        return text.encode("idna")
+    else:
+        return idna.encode(text)
+
+
+def _tolerateErrors(wrapped):
+    """
+    Wrap up an info_callback for pyOpenSSL so that if something goes wrong
+    the error is immediately logged and the connection is dropped if possible.
+    This is a copy of twisted.internet._sslverify._tolerateErrors. For
+    documentation, see the twisted documentation.
+    """
+
+    def infoCallback(connection, where, ret):
+        try:
+            return wrapped(connection, where, ret)
+        except:  # noqa: E722, taken from the twisted implementation
+            f = Failure()
+            logger.exception("Error during info_callback")
+            connection.get_app_data().failVerification(f)
+
+    return infoCallback
+
+
+@implementer(IOpenSSLClientConnectionCreator)
+class ClientTLSOptions(object):
+    """
+    Client creator for TLS without certificate identity verification. This is a
+    copy of twisted.internet._sslverify.ClientTLSOptions with the identity
+    verification left out. For documentation, see the twisted documentation.
+    """
+
+    def __init__(self, hostname, ctx):
+        self._ctx = ctx
+        self._hostname = hostname
+        self._hostnameBytes = _idnaBytes(hostname)
+        ctx.set_info_callback(
+            _tolerateErrors(self._identityVerifyingInfoCallback)
+        )
+
+    def clientConnectionForTLS(self, tlsProtocol):
+        context = self._ctx
+        connection = SSL.Connection(context, None)
+        connection.set_app_data(tlsProtocol)
+        return connection
+
+    def _identityVerifyingInfoCallback(self, connection, where, ret):
+        if where & SSL.SSL_CB_HANDSHAKE_START:
+            connection.set_tlsext_host_name(self._hostnameBytes)
+
+
+class ClientTLSOptionsFactory(object):
+    """Factory for Twisted ClientTLSOptions that are used to make connections
+    to remote servers for federation."""
+
+    def __init__(self, config):
+        # We don't use config options yet
+        pass
+
+    def get_options(self, host):
+        return ClientTLSOptions(
+            host.decode('utf-8'),
+            CertificateOptions(verify=False).getContext()
+        )
--- a/synapse/crypto/keyclient.py
+++ b/synapse/crypto/keyclient.py
@ -30,14 +30,14 @@ KEY_API_V1 = b"/_matrix/key/v1/"


@defer.inlineCallbacks
-def fetch_server_key(server_name, ssl_context_factory, path=KEY_API_V1):
+def fetch_server_key(server_name, tls_client_options_factory, path=KEY_API_V1):
    """Fetch the keys for a remote server."""

    factory = SynapseKeyClientFactory()
    factory.path = path
    factory.host = server_name
    endpoint = matrix_federation_endpoint(
-        reactor, server_name, ssl_context_factory, timeout=30
+        reactor, server_name, tls_client_options_factory, timeout=30
    )

    for i in range(5):
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@ -512,7 +512,7 @@ class Keyring(object):
                continue

            (response, tls_certificate) = yield fetch_server_key(
-                server_name, self.hs.tls_server_context_factory,
+                server_name, self.hs.tls_client_options_factory,
                path=(b"/_matrix/key/v2/server/%s" % (
                    urllib.quote(requested_key_id),
                )).encode("ascii"),
@ -655,7 +655,7 @@ class Keyring(object):
        # Try to fetch the key from the remote server.

        (response, tls_certificate) = yield fetch_server_key(
-            server_name, self.hs.tls_server_context_factory
+            server_name, self.hs.tls_client_options_factory
        )

        # Check the response.
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@ -44,7 +44,7 @@ from synapse.replication.http.federation import (
    ReplicationGetQueryRestServlet,
 )
 from synapse.types import get_domain_from_id
-from synapse.util import async
+from synapse.util.async_helpers import Linearizer, concurrently_execute
 from synapse.util.caches.response_cache import ResponseCache
 from synapse.util.logutils import log_function

@ -71,8 +71,8 @@ class FederationServer(FederationBase):
        self.auth = hs.get_auth()
        self.handler = hs.get_handlers().federation_handler

-        self._server_linearizer = async.Linearizer("fed_server")
-        self._transaction_linearizer = async.Linearizer("fed_txn_handler")
+        self._server_linearizer = Linearizer("fed_server")
+        self._transaction_linearizer = Linearizer("fed_txn_handler")

        self.transaction_actions = TransactionActions(self.store)

@ -204,7 +204,7 @@ class FederationServer(FederationBase):
                        event_id, f.getTraceback().rstrip(),
                    )

-        yield async.concurrently_execute(
+        yield concurrently_execute(
            process_pdus_for_room, pdus_by_room.keys(),
            TRANSACTION_CONCURRENCY_LIMIT,
        )
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -828,12 +828,26 @@ class AuthHandler(BaseHandler):

    @defer.inlineCallbacks
    def delete_threepid(self, user_id, medium, address):
+        """Attempts to unbind the 3pid on the identity servers and deletes it
+        from the local database.
+
+        Args:
+            user_id (str)
+            medium (str)
+            address (str)
+
+        Returns:
+            Deferred[bool]: Returns True if successfully unbound the 3pid on
+            the identity server, False if identity server doesn't support the
+            unbind API.
+        """
+
        # 'Canonicalise' email addresses as per above
        if medium == 'email':
            address = address.lower()

        identity_handler = self.hs.get_handlers().identity_handler
-        yield identity_handler.unbind_threepid(
+        result = yield identity_handler.try_unbind_threepid(
            user_id,
            {
                'medium': medium,
@ -841,10 +855,10 @@ class AuthHandler(BaseHandler):
            },
        )

-        ret = yield self.store.user_delete_threepid(
+        yield self.store.user_delete_threepid(
            user_id, medium, address,
        )
-        defer.returnValue(ret)
+        defer.returnValue(result)

    def _save_session(self, session):
        # TODO: Persistent storage
--- a/synapse/handlers/deactivate_account.py
+++ b/synapse/handlers/deactivate_account.py
@ -51,7 +51,8 @@ class DeactivateAccountHandler(BaseHandler):
            erase_data (bool): whether to GDPR-erase the user's data

        Returns:
-            Deferred
+            Deferred[bool]: True if identity server supports removing
+            threepids, otherwise False.
        """
        # FIXME: Theoretically there is a race here wherein user resets
        # password using threepid.
@ -60,16 +61,22 @@ class DeactivateAccountHandler(BaseHandler):
        # leave the user still active so they can try again.
        # Ideally we would prevent password resets and then do this in the
        # background thread.
+
+        # This will be set to false if the identity server doesn't support
+        # unbinding
+        identity_server_supports_unbinding = True
+
        threepids = yield self.store.user_get_threepids(user_id)
        for threepid in threepids:
            try:
-                yield self._identity_handler.unbind_threepid(
+                result = yield self._identity_handler.try_unbind_threepid(
                    user_id,
                    {
                        'medium': threepid['medium'],
                        'address': threepid['address'],
                    },
                )
+                identity_server_supports_unbinding &= result
            except Exception:
                # Do we want this to be a fatal error or should we carry on?
                logger.exception("Failed to remove threepid from ID server")
@ -103,6 +110,8 @@ class DeactivateAccountHandler(BaseHandler):
        # parts users from rooms (if it isn't already running)
        self._start_user_parting()

+        defer.returnValue(identity_server_supports_unbinding)
+
    def _start_user_parting(self):
        """
        Start the process that goes through the table of users
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@ -23,7 +23,7 @@ from synapse.api.constants import EventTypes
 from synapse.api.errors import FederationDeniedError
 from synapse.types import RoomStreamToken, get_domain_from_id
 from synapse.util import stringutils
-from synapse.util.async import Linearizer
+from synapse.util.async_helpers import Linearizer
 from synapse.util.caches.expiringcache import ExpiringCache
 from synapse.util.metrics import measure_func
 from synapse.util.retryutils import NotRetryingDestination
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`Add support for the SNI extension to federation TLS connections`
				`@ -1 +0,0 @@`
				`Make /directory/list API return 404 for room not found instead of 400`
				`@ -1 +0,0 @@`
				`add support for the lazy_loaded_members filter as per MSC1227`
				`@ -1 +0,0 @@`
				`add support for the include_redundant_members filter param as per MSC1227`
				`@ -1 +0,0 @@`
				`Remove redundant checks on who_forgot_in_room`
				`@ -1 +0,0 @@`
				`Default inviter_display_name to mxid for email invites`
				`@ -0,0 +1 @@`
				`The test suite now can run under PostgreSQL.`
				`@ -1 +0,0 @@`
				`Don't generate TURN credentials if no TURN config options are set`
				`@ -1 +0,0 @@`
				`Correctly announce deleted devices over federation`
				`@ -1 +0,0 @@`
				`Improve Dockerfile and docker-compose instructions`