Merge remote-tracking branch 'origin/develop' into matrix-org-hotfixes

changelog.d/9153.feature

@@ -0,0 +1 @@
+Add support for multiple SSO Identity Providers.

changelog.d/9157.misc

@@ -0,0 +1 @@
+Replace the old `perspectives` option in the Synapse docker config file template with `trusted_key_servers`.

changelog.d/9161.bugfix

@@ -0,0 +1 @@
+Fix a long-standing bug "ValueError: invalid literal for int() with base 10" when `/publicRooms` is requested with an invalid `server` parameter.

changelog.d/9166.feature

@@ -0,0 +1 @@
+Add experimental support for moving off receipts and account data persistence off master.

docker/conf/homeserver.yaml

@@ -198,12 +198,10 @@ old_signing_keys: {}
 key_refresh_interval: "1d" # 1 Day.
 
 # The trusted servers to download signing keys from.
-perspectives:
-  servers:
-    "matrix.org":
-      verify_keys:
-        "ed25519:auto":
-          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+trusted_key_servers:
+  - server_name: matrix.org
+    verify_keys:
+      "ed25519:auto": "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
 
 password_config:
    enabled: true

synapse/config/oidc_config.py

@@ -15,7 +15,7 @@
 # limitations under the License.
 
 import string
-from typing import Iterable, Optional, Type
+from typing import Iterable, Optional, Tuple, Type
 
 import attr
 
@@ -280,8 +280,8 @@ def _parse_oidc_provider_configs(config: JsonDict) -> Iterable["OidcProviderConf
     """
     validate_config(MAIN_CONFIG_SCHEMA, config, ())
 
-    for p in config.get("oidc_providers") or []:
-        yield _parse_oidc_config_dict(p)
+    for i, p in enumerate(config.get("oidc_providers") or []):
+        yield _parse_oidc_config_dict(p, ("oidc_providers", "<item %i>" % (i,)))
 
     # for backwards-compatibility, it is also possible to provide a single "oidc_config"
     # object with an "enabled: True" property.
@@ -291,10 +291,12 @@ def _parse_oidc_provider_configs(config: JsonDict) -> Iterable["OidcProviderConf
         # it matches OIDC_PROVIDER_CONFIG_SCHEMA (see the comments on OIDC_CONFIG_SCHEMA
         # above), so now we need to validate it.
         validate_config(OIDC_PROVIDER_CONFIG_SCHEMA, oidc_config, ("oidc_config",))
-        yield _parse_oidc_config_dict(oidc_config)
+        yield _parse_oidc_config_dict(oidc_config, ("oidc_config",))
 
 
-def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
+def _parse_oidc_config_dict(
+    oidc_config: JsonDict, config_path: Tuple[str, ...]
+) -> "OidcProviderConfig":
     """Take the configuration dict and parse it into an OidcProviderConfig
 
     Raises:
@@ -305,7 +307,7 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
     ump_config.setdefault("config", {})
 
     (user_mapping_provider_class, user_mapping_provider_config,) = load_module(
-        ump_config, ("oidc_config", "user_mapping_provider")
+        ump_config, config_path + ("user_mapping_provider",)
     )
 
     # Ensure loaded user mapping module has defined all necessary methods
@@ -320,9 +322,9 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
     ]
     if missing_methods:
         raise ConfigError(
-            "Class specified by oidc_config."
-            "user_mapping_provider.module is missing required "
-            "methods: %s" % (", ".join(missing_methods),)
+            "Class %s is missing required "
+            "methods: %s" % (user_mapping_provider_class, ", ".join(missing_methods),),
+            config_path + ("user_mapping_provider", "module"),
         )
 
     # MSC2858 will appy certain limits in what can be used as an IdP id, so let's
@@ -331,7 +333,10 @@ def _parse_oidc_config_dict(oidc_config: JsonDict) -> "OidcProviderConfig":
     valid_idp_chars = set(string.ascii_letters + string.digits + "-._~")
 
     if any(c not in valid_idp_chars for c in idp_id):
-        raise ConfigError('idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"')
+        raise ConfigError(
+            'idp_id may only contain A-Z, a-z, 0-9, "-", ".", "_", "~"',
+            config_path + ("idp_id",),
+        )
 
     return OidcProviderConfig(
         idp_id=idp_id,

synapse/rest/client/v1/room.py

@@ -32,6 +32,7 @@ from synapse.api.errors import (
 )
 from synapse.api.filtering import Filter
 from synapse.events.utils import format_event_for_client_v2
+from synapse.http.endpoint import parse_and_validate_server_name
 from synapse.http.servlet import (
     RestServlet,
     assert_params_in_dict,
@@ -347,8 +348,6 @@ class PublicRoomListRestServlet(TransactionRestServlet):
             # provided.
             if server:
                 raise e
-            else:
-                pass
 
         limit = parse_integer(request, "limit", 0)
         since_token = parse_string(request, "since", None)
@@ -359,6 +358,14 @@ class PublicRoomListRestServlet(TransactionRestServlet):
 
         handler = self.hs.get_room_list_handler()
         if server and server != self.hs.config.server_name:
+            # Ensure the server is valid.
+            try:
+                parse_and_validate_server_name(server)
+            except ValueError:
+                raise SynapseError(
+                    400, "Invalid server name: %s" % (server,), Codes.INVALID_PARAM,
+                )
+
             try:
                 data = await handler.get_remote_public_room_list(
                     server, limit=limit, since_token=since_token
@@ -402,6 +409,14 @@ class PublicRoomListRestServlet(TransactionRestServlet):
 
         handler = self.hs.get_room_list_handler()
         if server and server != self.hs.config.server_name:
+            # Ensure the server is valid.
+            try:
+                parse_and_validate_server_name(server)
+            except ValueError:
+                raise SynapseError(
+                    400, "Invalid server name: %s" % (server,), Codes.INVALID_PARAM,
+                )
+
             try:
                 data = await handler.get_remote_public_room_list(
                     server,

synapse/server_notices/resource_limits_server_notices.py

@@ -42,6 +42,7 @@ class ResourceLimitsServerNotices:
         self._auth = hs.get_auth()
         self._config = hs.config
         self._resouce_limited = False
+        self._account_data_handler = hs.get_account_data_handler()
         self._message_handler = hs.get_message_handler()
         self._state = hs.get_state_handler()
 
@@ -177,7 +178,7 @@ class ResourceLimitsServerNotices:
                 # tag already present, nothing to do here
                 need_to_set_tag = False
         if need_to_set_tag:
-            max_id = await self._store.add_tag_to_room(
+            max_id = await self._account_data_handler.add_tag_to_room(
                 user_id, room_id, SERVER_NOTICE_ROOM_TAG, {}
             )
             self._notifier.on_new_event("account_data_key", max_id, users=[user_id])

synapse/server_notices/server_notices_manager.py

@@ -35,6 +35,7 @@ class ServerNoticesManager:
 
         self._store = hs.get_datastore()
         self._config = hs.config
+        self._account_data_handler = hs.get_account_data_handler()
         self._room_creation_handler = hs.get_room_creation_handler()
         self._room_member_handler = hs.get_room_member_handler()
         self._event_creation_handler = hs.get_event_creation_handler()
@@ -163,7 +164,7 @@ class ServerNoticesManager:
         )
         room_id = info["room_id"]
 
-        max_id = await self._store.add_tag_to_room(
+        max_id = await self._account_data_handler.add_tag_to_room(
             user_id, room_id, SERVER_NOTICE_ROOM_TAG, {}
         )
         self._notifier.on_new_event("account_data_key", max_id, users=[user_id])