Newsfragment

Include aggregations of events in the /relations API.
2021-11-09 12:59:36 -05:00 · 2021-11-09 12:53:05 -05:00
105 changed files with 392 additions and 684 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,97 +1,3 @@
-Synapse 1.47.0rc2 (2021-11-10)
-==============================
-
-This fixes an issue with publishing the Debian packages for 1.47.0rc1.
-It is otherwise identical to 1.47.0rc1.
-
-
-Synapse 1.47.0rc1 (2021-11-09)
-==============================
-
-Deprecations and Removals
-------------------------
-
- The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more information. ([\#11206](https://github.com/matrix-org/synapse/issues/11206))
- Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). ([\#11213](https://github.com/matrix-org/synapse/issues/11213))
-
-
-Features
--------
-
- Advertise support for Client-Server API r0.6.1. ([\#11097](https://github.com/matrix-org/synapse/issues/11097))
- Add search by room ID and room alias to the List Room admin API. ([\#11099](https://github.com/matrix-org/synapse/issues/11099))
- Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room. ([\#11126](https://github.com/matrix-org/synapse/issues/11126))
- Add a module API method to update a user's membership in a room. ([\#11147](https://github.com/matrix-org/synapse/issues/11147))
- Add metrics for thread pool usage. ([\#11178](https://github.com/matrix-org/synapse/issues/11178))
- Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#11187](https://github.com/matrix-org/synapse/issues/11187))
- Add a module API method to retrieve the current state of a room. ([\#11204](https://github.com/matrix-org/synapse/issues/11204))
- Calculate a default value for `public_baseurl` based on `server_name`. ([\#11210](https://github.com/matrix-org/synapse/issues/11210))
- Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443. ([\#11211](https://github.com/matrix-org/synapse/issues/11211))
- Add admin APIs to pause, start and check the status of background updates. ([\#11263](https://github.com/matrix-org/synapse/issues/11263))
-
-
-Bugfixes
--------
-
- Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. ([\#10097](https://github.com/matrix-org/synapse/issues/10097))
- Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine. ([\#10969](https://github.com/matrix-org/synapse/issues/10969), [\#11212](https://github.com/matrix-org/synapse/issues/11212))
- Do not accept events if a third-party rule `check_event_allowed` callback raises an exception. ([\#11033](https://github.com/matrix-org/synapse/issues/11033))
- Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver. ([\#11129](https://github.com/matrix-org/synapse/issues/11129))
- Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical messages is already part of the current room state at the given `?prev_event_id`. ([\#11188](https://github.com/matrix-org/synapse/issues/11188))
- Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p. ([\#11191](https://github.com/matrix-org/synapse/issues/11191))
- Delete `to_device` messages for hidden devices that will never be read, reducing database size. ([\#11199](https://github.com/matrix-org/synapse/issues/11199))
- Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error. ([\#11200](https://github.com/matrix-org/synapse/issues/11200))
- Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at Beeper. ([\#11207](https://github.com/matrix-org/synapse/issues/11207))
- Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats. ([\#11217](https://github.com/matrix-org/synapse/issues/11217))
- Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried. ([\#11234](https://github.com/matrix-org/synapse/issues/11234))
- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection. ([\#11240](https://github.com/matrix-org/synapse/issues/11240))
- Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. ([\#11255](https://github.com/matrix-org/synapse/issues/11255), [\#11276](https://github.com/matrix-org/synapse/issues/11276))
- Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed. ([\#11262](https://github.com/matrix-org/synapse/issues/11262))
- Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu. ([\#11157](https://github.com/matrix-org/synapse/issues/11157))
-
-
-Updates to the Docker image
---------------------------
-
- Avoid changing user ID when started as a non-root user, and no explicit `UID` is set. ([\#11209](https://github.com/matrix-org/synapse/issues/11209))
-
-
-Improved Documentation
----------------------
-
- Improve example HAProxy config in the docs to properly handle HTTP `Host` headers with port information. This is required for federation over port 443 to work correctly. ([\#11128](https://github.com/matrix-org/synapse/issues/11128))
- Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. ([\#11151](https://github.com/matrix-org/synapse/issues/11151))
- Clarify lack of support for Windows. ([\#11198](https://github.com/matrix-org/synapse/issues/11198))
- Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. ([\#11221](https://github.com/matrix-org/synapse/issues/11221))
- Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. ([\#11257](https://github.com/matrix-org/synapse/issues/11257))
-
-
-Internal Changes
----------------
-
- Add type annotations for the `log_function` decorator. ([\#10943](https://github.com/matrix-org/synapse/issues/10943))
- Add type hints to `synapse.events`. ([\#11098](https://github.com/matrix-org/synapse/issues/11098))
- Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code. ([\#11137](https://github.com/matrix-org/synapse/issues/11137))
- Add type hints so that `synapse.http` passes `mypy` checks. ([\#11164](https://github.com/matrix-org/synapse/issues/11164))
- Update scripts to pass Shellcheck lints. ([\#11166](https://github.com/matrix-org/synapse/issues/11166))
- Add knock information in admin export. Contributed by Rafael Gonçalves. ([\#11171](https://github.com/matrix-org/synapse/issues/11171))
- Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly. ([\#11179](https://github.com/matrix-org/synapse/issues/11179))
- Refactor `Filter` to check different fields depending on the data type. ([\#11194](https://github.com/matrix-org/synapse/issues/11194))
- Improve type hints for the relations datastore. ([\#11205](https://github.com/matrix-org/synapse/issues/11205))
- Replace outdated links in the pull request checklist with links to the rendered documentation. ([\#11225](https://github.com/matrix-org/synapse/issues/11225))
- Fix a bug in unit test `test_block_room_and_not_purge`. ([\#11226](https://github.com/matrix-org/synapse/issues/11226))
- In `ObservableDeferred`, run observers in the order they were registered. ([\#11229](https://github.com/matrix-org/synapse/issues/11229))
- Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`. ([\#11231](https://github.com/matrix-org/synapse/issues/11231))
- Add `twine` and `towncrier` as dev dependencies, as they're used by the release script. ([\#11233](https://github.com/matrix-org/synapse/issues/11233))
- Allow `stream_writers.typing` config to be a list of one worker. ([\#11237](https://github.com/matrix-org/synapse/issues/11237))
- Remove debugging statement in tests. ([\#11239](https://github.com/matrix-org/synapse/issues/11239))
- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers. ([\#11244](https://github.com/matrix-org/synapse/issues/11244))
- Add an additional test for the `cachedList` method decorator. ([\#11246](https://github.com/matrix-org/synapse/issues/11246))
- Make minor correction to the type of `auth_checkers` callbacks. ([\#11253](https://github.com/matrix-org/synapse/issues/11253))
- Clean up trivial aspects of the Debian package build tooling. ([\#11269](https://github.com/matrix-org/synapse/issues/11269), [\#11273](https://github.com/matrix-org/synapse/issues/11273))
- Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. ([\#11270](https://github.com/matrix-org/synapse/issues/11270))
-
-
 Synapse 1.46.0 (2021-11-02)
 ===========================

--- a/changelog.d/10097.bugfix
+++ b/changelog.d/10097.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat.
--- a/changelog.d/10943.misc
+++ b/changelog.d/10943.misc
@ -0,0 +1 @@
+Add type annotations for the `log_function` decorator.
--- a/changelog.d/10969.bugfix
+++ b/changelog.d/10969.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
--- a/changelog.d/11033.bugfix
+++ b/changelog.d/11033.bugfix
@ -0,0 +1 @@
+Do not accept events if a third-party rule module API callback raises an exception.
--- a/changelog.d/11097.feature
+++ b/changelog.d/11097.feature
@ -0,0 +1 @@
+Advertise support for Client-Server API r0.6.1.
--- a/changelog.d/11098.misc
+++ b/changelog.d/11098.misc
@ -0,0 +1 @@
+Add type hints to `synapse.events`.
--- a/changelog.d/11099.feature
+++ b/changelog.d/11099.feature
@ -0,0 +1 @@
+Add search by room ID and room alias to List Room admin API.
--- a/changelog.d/11126.feature
+++ b/changelog.d/11126.feature
@ -0,0 +1 @@
+Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room.
--- a/changelog.d/11128.doc
+++ b/changelog.d/11128.doc
@ -0,0 +1 @@
+Improve example HAProxy config in the docs to properly handle host headers with port information. This is required for federation over port 443 to work correctly.
--- a/changelog.d/11129.bugfix
+++ b/changelog.d/11129.bugfix
@ -0,0 +1 @@
+Fix long-standing bug where verification requests could fail in certain cases if whitelist was in place but did not include your own homeserver.
--- a/changelog.d/11137.misc
+++ b/changelog.d/11137.misc
@ -0,0 +1 @@
+Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code.
--- a/changelog.d/11147.feature
+++ b/changelog.d/11147.feature
@ -0,0 +1 @@
+Add a module API method to update a user's membership in a room.
--- a/changelog.d/11151.doc
+++ b/changelog.d/11151.doc
@ -0,0 +1 @@
+Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5.
--- a/changelog.d/11157.misc
+++ b/changelog.d/11157.misc
@ -0,0 +1 @@
+Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu.
--- a/changelog.d/11164.misc
+++ b/changelog.d/11164.misc
@ -0,0 +1 @@
+Add type hints so that `synapse.http` passes `mypy` checks.
--- a/changelog.d/11166.misc
+++ b/changelog.d/11166.misc
@ -0,0 +1 @@
+Update scripts to pass Shellcheck lints.
--- a/changelog.d/11171.misc
+++ b/changelog.d/11171.misc
@ -0,0 +1 @@
+Add knock information in admin export. Contributed by Rafael Gonçalves.
--- a/changelog.d/11178.feature
+++ b/changelog.d/11178.feature
@ -0,0 +1 @@
+Add metrics for thread pool usage.
--- a/changelog.d/11179.misc
+++ b/changelog.d/11179.misc
@ -0,0 +1 @@
+Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly.
--- a/changelog.d/11187.feature
+++ b/changelog.d/11187.feature
@ -0,0 +1 @@
+Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288).
--- a/changelog.d/11188.bugfix
+++ b/changelog.d/11188.bugfix
@ -0,0 +1 @@
+Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical messages is already part of the current room state at the given `?prev_event_id`.
--- a/changelog.d/11191.bugfix
+++ b/changelog.d/11191.bugfix
@ -0,0 +1 @@
+Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p.
--- a/changelog.d/11194.misc
+++ b/changelog.d/11194.misc
@ -0,0 +1 @@
+Refactor `Filter` to check different fields depending on the data type.
--- a/changelog.d/11198.doc
+++ b/changelog.d/11198.doc
@ -0,0 +1 @@
+Clarify lack of support for Windows.
--- a/changelog.d/11199.bugfix
+++ b/changelog.d/11199.bugfix
@ -0,0 +1 @@
+Delete `to_device` messages for hidden devices that will never be read, reducing database size.
--- a/changelog.d/11200.bugfix
+++ b/changelog.d/11200.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error.
--- a/changelog.d/11204.feature
+++ b/changelog.d/11204.feature
@ -0,0 +1 @@
+Add a module API method to retrieve the current state of a room.
--- a/changelog.d/11205.misc
+++ b/changelog.d/11205.misc
@ -0,0 +1 @@
+Improve type hints for the relations datastore.
--- a/changelog.d/11206.removal
+++ b/changelog.d/11206.removal
@ -0,0 +1 @@
+The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more information.
--- a/changelog.d/11207.bugfix
+++ b/changelog.d/11207.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at Beeper.
--- a/changelog.d/11209.docker
+++ b/changelog.d/11209.docker
@ -0,0 +1 @@
+Avoid changing userid when started as a non-root user, and no explicit `UID` is set.
--- a/changelog.d/11210.feature
+++ b/changelog.d/11210.feature
@ -0,0 +1 @@
+Calculate a default value for `public_baseurl` based on `server_name`.
--- a/changelog.d/11211.feature
+++ b/changelog.d/11211.feature
@ -0,0 +1 @@
+Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443.
--- a/changelog.d/11212.bugfix
+++ b/changelog.d/11212.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
--- a/changelog.d/11213.removal
+++ b/changelog.d/11213.removal
@ -0,0 +1 @@
+Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`).
--- a/changelog.d/11217.bugfix
+++ b/changelog.d/11217.bugfix
@ -0,0 +1 @@
+Fix a bug introduced in 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats.
--- a/changelog.d/11221.doc
+++ b/changelog.d/11221.doc
@ -0,0 +1 @@
+Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper.
--- a/changelog.d/11225.misc
+++ b/changelog.d/11225.misc
@ -0,0 +1 @@
+Replace outdated links in the pull request checklist with links to the rendered documentation.
--- a/changelog.d/11226.misc
+++ b/changelog.d/11226.misc
@ -0,0 +1 @@
+Fix a bug in unit test `test_block_room_and_not_purge`.
--- a/changelog.d/11229.misc
+++ b/changelog.d/11229.misc
@ -0,0 +1 @@
+`ObservableDeferred`: run registered observers in order.
--- a/changelog.d/11231.misc
+++ b/changelog.d/11231.misc
@ -0,0 +1 @@
+Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`.
--- a/changelog.d/11233.misc
+++ b/changelog.d/11233.misc
@ -0,0 +1 @@
+Add `twine` and `towncrier` as dev dependencies, as they're used by the release script.
--- a/changelog.d/11234.bugfix
+++ b/changelog.d/11234.bugfix
@ -0,0 +1 @@
+Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried.
--- a/changelog.d/11237.misc
+++ b/changelog.d/11237.misc
@ -0,0 +1 @@
+Allow `stream_writers.typing` config to be a list of one worker.
--- a/changelog.d/11239.misc
+++ b/changelog.d/11239.misc
@ -0,0 +1 @@
+Remove debugging statement in tests.
--- a/changelog.d/11240.bugfix
+++ b/changelog.d/11240.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection.
--- a/changelog.d/11242.misc
+++ b/changelog.d/11242.misc
@ -1 +0,0 @@
-Split out federated PDU retrieval function into a non-cached version.
--- a/changelog.d/11244.misc
+++ b/changelog.d/11244.misc
@ -0,0 +1 @@
+Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers.
--- a/changelog.d/11246.misc
+++ b/changelog.d/11246.misc
@ -0,0 +1 @@
+Add an additional test for the `cachedList` method decorator.
--- a/changelog.d/11247.misc
+++ b/changelog.d/11247.misc
@ -1 +0,0 @@
-Clean up code relating to to-device messages and sending ephemeral events to application services.
--- a/changelog.d/11253.misc
+++ b/changelog.d/11253.misc
@ -0,0 +1 @@
+Make minor correction to the type of `auth_checkers` callbacks.
--- a/changelog.d/11255.bugfix
+++ b/changelog.d/11255.bugfix
@ -0,0 +1 @@
+Fix rolling back Synapse version when using workers.
--- a/changelog.d/11257.doc
+++ b/changelog.d/11257.doc
@ -0,0 +1 @@
+Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr.
--- a/changelog.d/11262.bugfix
+++ b/changelog.d/11262.bugfix
@ -0,0 +1 @@
+Fix a bug where if a remote event is being processed by a worker when it gets killed then it won't get processed on restart. Introduced in v1.37.1.
--- a/changelog.d/11263.feature
+++ b/changelog.d/11263.feature
@ -0,0 +1 @@
+Add some background update admin APIs.
--- a/changelog.d/11269.misc
+++ b/changelog.d/11269.misc
@ -0,0 +1 @@
+Clean up trivial aspects of the Debian package build tooling.
--- a/changelog.d/11270.misc
+++ b/changelog.d/11270.misc
@ -0,0 +1 @@
+Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse.
--- a/changelog.d/11273.misc
+++ b/changelog.d/11273.misc
@ -0,0 +1 @@
+Clean up trivial aspects of the Debian package build tooling.
--- a/changelog.d/11276.bugfix
+++ b/changelog.d/11276.bugfix
@ -0,0 +1 @@
+Fix rolling back Synapse version when using workers.
--- a/changelog.d/11282.misc
+++ b/changelog.d/11282.misc
@ -1 +0,0 @@
-Require all files in synapse/ and tests/ to pass mypy unless specifically excluded.
--- a/changelog.d/11284.feature
+++ b/changelog.d/11284.feature
@ -0,0 +1 @@
+Include bundled relations in response to the `/relations` API, per [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440).
--- a/changelog.d/11285.misc
+++ b/changelog.d/11285.misc
@ -1 +0,0 @@
-Require all files in synapse/ and tests/ to pass mypy unless specifically excluded.
--- a/changelog.d/11286.doc
+++ b/changelog.d/11286.doc
@ -1 +0,0 @@
-Fix typo in the word `available` and fix HTTP method (should be `GET`) for the `username_available` admin API. Contributed by Stanislav Motylkov.
--- a/changelog.d/11287.misc
+++ b/changelog.d/11287.misc
@ -1 +0,0 @@
-Add missing type hints to `synapse.app`.
--- a/changelog.d/11288.bugfix
+++ b/changelog.d/11288.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @Neeeflix.
--- a/changelog.d/11292.misc
+++ b/changelog.d/11292.misc
@ -1 +0,0 @@
-Remove unused parameters on `FederationEventHandler._check_event_auth`.
--- a/changelog.d/11297.misc
+++ b/changelog.d/11297.misc
@ -1 +0,0 @@
-Add type hints to `synapse._scripts`.
--- a/changelog.d/11298.doc
+++ b/changelog.d/11298.doc
@ -1 +0,0 @@
-Add Single Sign-On, SAML and CAS pages to the documentation.
--- a/debian/changelog
+++ b/debian/changelog
@ -1,16 +1,12 @@
-matrix-synapse-py3 (1.47.0~rc2) stable; urgency=medium
+matrix-synapse-py3 (1.47.0+nmu1) UNRELEASED; urgency=medium

-  [ Dan Callahan ]
  * Update scripts to pass Shellcheck lints.
  * Remove unused Vagrant scripts from debian/ directory.
  * Allow building Debian packages for any architecture, not just amd64.
  * Preinstall the "wheel" package when building virtualenvs.
  * Do not error if /etc/default/matrix-synapse is missing.

-  [ Synapse Packaging team ]
-  * New synapse release 1.47.0~rc2.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 10 Nov 2021 09:41:01 +0000
+ -- Dan Callahan <danc@element.io>  Fri, 22 Oct 2021 22:20:31 +0000

 matrix-synapse-py3 (1.46.0) stable; urgency=medium

--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@ -23,10 +23,10 @@
    - [Structured Logging](structured_logging.md)
    - [Templates](templates.md)
    - [User Authentication](usage/configuration/user_authentication/README.md)
-      - [Single-Sign On](usage/configuration/user_authentication/single_sign_on/README.md)
+      - [Single-Sign On]()
        - [OpenID Connect](openid.md)
-        - [SAML](usage/configuration/user_authentication/single_sign_on/saml.md)
-        - [CAS](usage/configuration/user_authentication/single_sign_on/cas.md)
+        - [SAML]()
+        - [CAS]()
        - [SSO Mapping Providers](sso_mapping_providers.md)
      - [Password Auth Providers](password_auth_providers.md)
      - [JSON Web Tokens](jwt.md)
--- a/docs/admin_api/user_admin_api.md
+++ b/docs/admin_api/user_admin_api.md
@ -1107,7 +1107,7 @@ This endpoint will work even if registration is disabled on the server, unlike
 The API is:

 ```
-GET /_synapse/admin/v1/username_available?username=$localpart
+POST /_synapse/admin/v1/username_availabile?username=$localpart
 ```

 The request and response format is the same as the [/_matrix/client/r0/register/available](https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-register-available) API.
--- a/docs/usage/configuration/user_authentication/single_sign_on/README.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/README.md
@ -1,5 +0,0 @@
-# Single Sign-On
-
-Synapse supports single sign-on through the SAML, Open ID Connect or CAS protocols. 
-LDAP and other login methods are supported through first and third-party password
-auth provider modules.
--- a/docs/usage/configuration/user_authentication/single_sign_on/cas.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/cas.md
@ -1,8 +0,0 @@
-# CAS
-
-Synapse supports authenticating users via the [Central Authentication
-Service protocol](https://en.wikipedia.org/wiki/Central_Authentication_Service)
-(CAS) natively.
-
-Please see the `cas_config` and `sso` sections of the [Synapse configuration
-file](../../../configuration/homeserver_sample_config.md) for more details.
--- a/docs/usage/configuration/user_authentication/single_sign_on/saml.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/saml.md
@ -1,8 +0,0 @@
-# SAML
-
-Synapse supports authenticating users via the [Security Assertion
-Markup Language](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language)
-(SAML) protocol natively.
-
-Please see the `saml2_config` and `sso` sections of the [Synapse configuration
-file](../../../configuration/homeserver_sample_config.md) for more details.
--- a/mypy.ini
+++ b/mypy.ini
@ -10,162 +10,86 @@ warn_unreachable = True
 local_partial_types = True
 no_implicit_optional = True

+# To find all folders that pass mypy you run:
+#
+#   find synapse/* -type d -not -name __pycache__ -exec bash -c "mypy '{}' > /dev/null"  \; -print
+
 files =
  scripts-dev/sign_json,
-  setup.py,
-  synapse/,
-  tests/
-
-# Note: Better exclusion syntax coming in mypy > 0.910
-# https://github.com/python/mypy/pull/11329
-#
-# For now, set the (?x) flag enable "verbose" regexes
-# https://docs.python.org/3/library/re.html#re.X
-exclude = (?x)
-  ^(
-   |synapse/storage/databases/__init__.py
-   |synapse/storage/databases/main/__init__.py
-   |synapse/storage/databases/main/account_data.py
-   |synapse/storage/databases/main/cache.py
-   |synapse/storage/databases/main/censor_events.py
-   |synapse/storage/databases/main/deviceinbox.py
-   |synapse/storage/databases/main/devices.py
-   |synapse/storage/databases/main/directory.py
-   |synapse/storage/databases/main/e2e_room_keys.py
-   |synapse/storage/databases/main/end_to_end_keys.py
-   |synapse/storage/databases/main/event_federation.py
-   |synapse/storage/databases/main/event_push_actions.py
-   |synapse/storage/databases/main/events_bg_updates.py
-   |synapse/storage/databases/main/events_forward_extremities.py
-   |synapse/storage/databases/main/events_worker.py
-   |synapse/storage/databases/main/filtering.py
-   |synapse/storage/databases/main/group_server.py
-   |synapse/storage/databases/main/lock.py
-   |synapse/storage/databases/main/media_repository.py
-   |synapse/storage/databases/main/metrics.py
-   |synapse/storage/databases/main/monthly_active_users.py
-   |synapse/storage/databases/main/openid.py
-   |synapse/storage/databases/main/presence.py
-   |synapse/storage/databases/main/profile.py
-   |synapse/storage/databases/main/purge_events.py
-   |synapse/storage/databases/main/push_rule.py
-   |synapse/storage/databases/main/receipts.py
-   |synapse/storage/databases/main/rejections.py
-   |synapse/storage/databases/main/room.py
-   |synapse/storage/databases/main/room_batch.py
-   |synapse/storage/databases/main/roommember.py
-   |synapse/storage/databases/main/search.py
-   |synapse/storage/databases/main/signatures.py
-   |synapse/storage/databases/main/state.py
-   |synapse/storage/databases/main/state_deltas.py
-   |synapse/storage/databases/main/stats.py
-   |synapse/storage/databases/main/tags.py
-   |synapse/storage/databases/main/transactions.py
-   |synapse/storage/databases/main/user_directory.py
-   |synapse/storage/databases/main/user_erasure_store.py
-   |synapse/storage/schema/
-
-   |tests/api/test_auth.py
-   |tests/api/test_ratelimiting.py
-   |tests/app/test_openid_listener.py
-   |tests/appservice/test_scheduler.py
-   |tests/config/test_cache.py
-   |tests/config/test_tls.py
-   |tests/crypto/test_keyring.py
-   |tests/events/test_presence_router.py
-   |tests/events/test_utils.py
-   |tests/federation/test_federation_catch_up.py
-   |tests/federation/test_federation_sender.py
-   |tests/federation/test_federation_server.py
-   |tests/federation/transport/test_knocking.py
-   |tests/federation/transport/test_server.py
-   |tests/handlers/test_cas.py
-   |tests/handlers/test_directory.py
-   |tests/handlers/test_e2e_keys.py
-   |tests/handlers/test_federation.py
-   |tests/handlers/test_oidc.py
-   |tests/handlers/test_presence.py
-   |tests/handlers/test_profile.py
-   |tests/handlers/test_saml.py
-   |tests/handlers/test_typing.py
-   |tests/http/federation/test_matrix_federation_agent.py
-   |tests/http/federation/test_srv_resolver.py
-   |tests/http/test_fedclient.py
-   |tests/http/test_proxyagent.py
-   |tests/http/test_servlet.py
-   |tests/http/test_site.py
-   |tests/logging/__init__.py
-   |tests/logging/test_terse_json.py
-   |tests/module_api/test_api.py
-   |tests/push/test_email.py
-   |tests/push/test_http.py
-   |tests/push/test_presentable_names.py
-   |tests/push/test_push_rule_evaluator.py
-   |tests/rest/admin/test_admin.py
-   |tests/rest/admin/test_device.py
-   |tests/rest/admin/test_media.py
-   |tests/rest/admin/test_server_notice.py
-   |tests/rest/admin/test_user.py
-   |tests/rest/admin/test_username_available.py
-   |tests/rest/client/test_account.py
-   |tests/rest/client/test_events.py
-   |tests/rest/client/test_filter.py
-   |tests/rest/client/test_groups.py
-   |tests/rest/client/test_register.py
-   |tests/rest/client/test_report_event.py
-   |tests/rest/client/test_rooms.py
-   |tests/rest/client/test_third_party_rules.py
-   |tests/rest/client/test_transactions.py
-   |tests/rest/client/test_typing.py
-   |tests/rest/client/utils.py
-   |tests/rest/key/v2/test_remote_key_resource.py
-   |tests/rest/media/v1/test_base.py
-   |tests/rest/media/v1/test_media_storage.py
-   |tests/rest/media/v1/test_url_preview.py
-   |tests/scripts/test_new_matrix_user.py
-   |tests/server.py
-   |tests/server_notices/test_resource_limits_server_notices.py
-   |tests/state/test_v2.py
-   |tests/storage/test_account_data.py
-   |tests/storage/test_appservice.py
-   |tests/storage/test_background_update.py
-   |tests/storage/test_base.py
-   |tests/storage/test_client_ips.py
-   |tests/storage/test_database.py
-   |tests/storage/test_event_federation.py
-   |tests/storage/test_id_generators.py
-   |tests/storage/test_roommember.py
-   |tests/test_metrics.py
-   |tests/test_phone_home.py
-   |tests/test_server.py
-   |tests/test_state.py
-   |tests/test_terms_auth.py
-   |tests/test_visibility.py
-   |tests/unittest.py
-   |tests/util/caches/test_cached_call.py
-   |tests/util/caches/test_deferred_cache.py
-   |tests/util/caches/test_descriptors.py
-   |tests/util/caches/test_response_cache.py
-   |tests/util/caches/test_ttlcache.py
-   |tests/util/test_async_helpers.py
-   |tests/util/test_batching_queue.py
-   |tests/util/test_dict_cache.py
-   |tests/util/test_expiring_cache.py
-   |tests/util/test_file_consumer.py
-   |tests/util/test_linearizer.py
-   |tests/util/test_logcontext.py
-   |tests/util/test_lrucache.py
-   |tests/util/test_rwlock.py
-   |tests/util/test_wheel_timer.py
-   |tests/utils.py
-   )$
+  synapse/__init__.py,
+  synapse/api,
+  synapse/appservice,
+  synapse/config,
+  synapse/crypto,
+  synapse/event_auth.py,
+  synapse/events,
+  synapse/federation,
+  synapse/groups,
+  synapse/handlers,
+  synapse/http,
+  synapse/logging,
+  synapse/metrics,
+  synapse/module_api,
+  synapse/notifier.py,
+  synapse/push,
+  synapse/replication,
+  synapse/rest,
+  synapse/server.py,
+  synapse/server_notices,
+  synapse/spam_checker_api,
+  synapse/state,
+  synapse/storage/__init__.py,
+  synapse/storage/_base.py,
+  synapse/storage/background_updates.py,
+  synapse/storage/databases/main/appservice.py,
+  synapse/storage/databases/main/client_ips.py,
+  synapse/storage/databases/main/events.py,
+  synapse/storage/databases/main/keys.py,
+  synapse/storage/databases/main/pusher.py,
+  synapse/storage/databases/main/registration.py,
+  synapse/storage/databases/main/relations.py,
+  synapse/storage/databases/main/session.py,
+  synapse/storage/databases/main/stream.py,
+  synapse/storage/databases/main/ui_auth.py,
+  synapse/storage/databases/state,
+  synapse/storage/database.py,
+  synapse/storage/engines,
+  synapse/storage/keys.py,
+  synapse/storage/persist_events.py,
+  synapse/storage/prepare_database.py,
+  synapse/storage/purge_events.py,
+  synapse/storage/push_rule.py,
+  synapse/storage/relations.py,
+  synapse/storage/roommember.py,
+  synapse/storage/state.py,
+  synapse/storage/types.py,
+  synapse/storage/util,
+  synapse/streams,
+  synapse/types.py,
+  synapse/util,
+  synapse/visibility.py,
+  tests/replication,
+  tests/test_event_auth.py,
+  tests/test_utils,
+  tests/handlers/test_password_providers.py,
+  tests/handlers/test_room.py,
+  tests/handlers/test_room_summary.py,
+  tests/handlers/test_send_email.py,
+  tests/handlers/test_sync.py,
+  tests/handlers/test_user_directory.py,
+  tests/rest/client/test_login.py,
+  tests/rest/client/test_auth.py,
+  tests/rest/client/test_relations.py,
+  tests/rest/media/v1/test_filepath.py,
+  tests/rest/media/v1/test_oembed.py,
+  tests/storage/test_state.py,
+  tests/storage/test_user_directory.py,
+  tests/util/test_itertools.py,
+  tests/util/test_stream_change_cache.py

 [mypy-synapse.api.*]
 disallow_untyped_defs = True

-[mypy-synapse.app.*]
-disallow_untyped_defs = True
-
 [mypy-synapse.crypto.*]
 disallow_untyped_defs = True

@ -348,9 +272,6 @@ ignore_missing_imports = True
 [mypy-opentracing]
 ignore_missing_imports = True

-[mypy-parameterized.*]
-ignore_missing_imports = True
-
 [mypy-phonenumbers.*]
 ignore_missing_imports = True

--- a/setup.py
+++ b/setup.py
@ -17,7 +17,6 @@
 # limitations under the License.
 import glob
 import os
-from typing import Any, Dict

 from setuptools import Command, find_packages, setup

@ -50,6 +49,8 @@ here = os.path.abspath(os.path.dirname(__file__))
 # [1]: http://tox.readthedocs.io/en/2.5.0/example/basic.html#integration-with-setup-py-test-command
 # [2]: https://pypi.python.org/pypi/setuptools_trial
 class TestCommand(Command):
+    user_options = []
+
    def initialize_options(self):
        pass

@ -74,7 +75,7 @@ def read_file(path_segments):

 def exec_file(path_segments):
    """Execute a single python file to get the variables defined in it"""
-    result: Dict[str, Any] = {}
+    result = {}
    code = read_file(path_segments)
    exec(code, result)
    return result
@ -110,7 +111,6 @@ CONDITIONAL_REQUIREMENTS["mypy"] = [
    "types-Pillow>=8.3.4",
    "types-pyOpenSSL>=20.0.7",
    "types-PyYAML>=5.4.10",
-    "types-requests>=2.26.0",
    "types-setuptools>=57.4.0",
 ]

--- a/synapse/init.py
+++ b/synapse/init.py
@ -47,7 +47,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.47.0rc2"
+__version__ = "1.46.0"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@ -1,6 +1,5 @@
 # Copyright 2015, 2016 OpenMarket Ltd
 # Copyright 2018 New Vector
-# Copyright 2021 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -20,23 +19,22 @@ import hashlib
 import hmac
 import logging
 import sys
-from typing import Callable, Optional

 import requests as _requests
 import yaml


 def request_registration(
-    user: str,
-    password: str,
-    server_location: str,
-    shared_secret: str,
-    admin: bool = False,
-    user_type: Optional[str] = None,
+    user,
+    password,
+    server_location,
+    shared_secret,
+    admin=False,
+    user_type=None,
    requests=_requests,
-    _print: Callable[[str], None] = print,
-    exit: Callable[[int], None] = sys.exit,
-) -> None:
+    _print=print,
+    exit=sys.exit,
+):

    url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)

@ -67,13 +65,13 @@ def request_registration(
        mac.update(b"\x00")
        mac.update(user_type.encode("utf8"))

-    hex_mac = mac.hexdigest()
+    mac = mac.hexdigest()

    data = {
        "nonce": nonce,
        "username": user,
        "password": password,
-        "mac": hex_mac,
+        "mac": mac,
        "admin": admin,
        "user_type": user_type,
    }
@ -93,17 +91,10 @@ def request_registration(
    _print("Success!")


-def register_new_user(
-    user: str,
-    password: str,
-    server_location: str,
-    shared_secret: str,
-    admin: Optional[bool],
-    user_type: Optional[str],
-) -> None:
+def register_new_user(user, password, server_location, shared_secret, admin, user_type):
    if not user:
        try:
-            default_user: Optional[str] = getpass.getuser()
+            default_user = getpass.getuser()
        except Exception:
            default_user = None

@ -132,8 +123,8 @@ def register_new_user(
            sys.exit(1)

    if admin is None:
-        admin_inp = input("Make admin [no]: ")
-        if admin_inp in ("y", "yes", "true"):
+        admin = input("Make admin [no]: ")
+        if admin in ("y", "yes", "true"):
            admin = True
        else:
            admin = False
@ -143,7 +134,7 @@ def register_new_user(
    )


-def main() -> None:
+def main():

    logging.captureWarnings(True)

--- a/synapse/_scripts/review_recent_signups.py
+++ b/synapse/_scripts/review_recent_signups.py
@ -92,7 +92,7 @@ def get_recent_users(txn: LoggingTransaction, since_ms: int) -> List[UserInfo]:
    return user_infos


-def main() -> None:
+def main():
    parser = argparse.ArgumentParser()
    parser.add_argument(
        "-c",
@ -142,8 +142,7 @@ def main() -> None:
    engine = create_engine(database_config.config)

    with make_conn(database_config, engine, "review_recent_signups") as db_conn:
-        # This generates a type of Cursor, not LoggingTransaction.
-        user_infos = get_recent_users(db_conn.cursor(), since_ms)  # type: ignore[arg-type]
+        user_infos = get_recent_users(db_conn.cursor(), since_ms)

    for user_info in user_infos:
        if exclude_users_with_email and user_info.emails:
--- a/synapse/app/init.py
+++ b/synapse/app/init.py
@ -13,7 +13,6 @@
 # limitations under the License.
 import logging
 import sys
-from typing import Container

 from synapse import python_dependencies  # noqa: E402

@ -28,9 +27,7 @@ except python_dependencies.DependencyException as e:
    sys.exit(1)


-def check_bind_error(
-    e: Exception, address: str, bind_addresses: Container[str]
-) -> None:
+def check_bind_error(e, address, bind_addresses):
    """
    This method checks an exception occurred while binding on 0.0.0.0.
    If :: is specified in the bind addresses a warning is shown.
@ -41,9 +38,9 @@ def check_bind_error(
    When binding on 0.0.0.0 after :: this can safely be ignored.

    Args:
-        e: Exception that was caught.
-        address: Address on which binding was attempted.
-        bind_addresses: Addresses on which the service listens.
+        e (Exception): Exception that was caught.
+        address (str): Address on which binding was attempted.
+        bind_addresses (list): Addresses on which the service listens.
    """
    if address == "0.0.0.0" and "::" in bind_addresses:
        logger.warning(
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@ -22,27 +22,13 @@ import socket
 import sys
 import traceback
 import warnings
-from typing import (
-    TYPE_CHECKING,
-    Any,
-    Awaitable,
-    Callable,
-    Collection,
-    Dict,
-    Iterable,
-    List,
-    NoReturn,
-    Tuple,
-    cast,
-)
+from typing import TYPE_CHECKING, Awaitable, Callable, Iterable

 from cryptography.utils import CryptographyDeprecationWarning
+from typing_extensions import NoReturn

 import twisted
-from twisted.internet import defer, error, reactor as _reactor
-from twisted.internet.interfaces import IOpenSSLContextFactory, IReactorSSL, IReactorTCP
-from twisted.internet.protocol import ServerFactory
-from twisted.internet.tcp import Port
+from twisted.internet import defer, error, reactor
 from twisted.logger import LoggingFile, LogLevel
 from twisted.protocols.tls import TLSMemoryBIOFactory
 from twisted.python.threadpool import ThreadPool
@ -62,7 +48,6 @@ from synapse.logging.context import PreserveLoggingContext
 from synapse.metrics import register_threadpool
 from synapse.metrics.background_process_metrics import wrap_as_background_process
 from synapse.metrics.jemalloc import setup_jemalloc_stats
-from synapse.types import ISynapseReactor
 from synapse.util.caches.lrucache import setup_expire_lru_cache_entries
 from synapse.util.daemonize import daemonize_process
 from synapse.util.gai_resolver import GAIResolver
@ -72,44 +57,33 @@ from synapse.util.versionstring import get_version_string
 if TYPE_CHECKING:
    from synapse.server import HomeServer

-# Twisted injects the global reactor to make it easier to import, this confuses
-# mypy which thinks it is a module. Tell it that it a more proper type.
-reactor = cast(ISynapseReactor, _reactor)
-
-
 logger = logging.getLogger(__name__)

 # list of tuples of function, args list, kwargs dict
-_sighup_callbacks: List[
-    Tuple[Callable[..., None], Tuple[Any, ...], Dict[str, Any]]
-] = []
+_sighup_callbacks = []


-def register_sighup(func: Callable[..., None], *args: Any, **kwargs: Any) -> None:
+def register_sighup(func, *args, **kwargs):
    """
    Register a function to be called when a SIGHUP occurs.

    Args:
-        func: Function to be called when sent a SIGHUP signal.
+        func (function): Function to be called when sent a SIGHUP signal.
        *args, **kwargs: args and kwargs to be passed to the target function.
    """
    _sighup_callbacks.append((func, args, kwargs))


-def start_worker_reactor(
-    appname: str,
-    config: HomeServerConfig,
-    run_command: Callable[[], None] = reactor.run,
-) -> None:
+def start_worker_reactor(appname, config, run_command=reactor.run):
    """Run the reactor in the main process

    Daemonizes if necessary, and then configures some resources, before starting
    the reactor. Pulls configuration from the 'worker' settings in 'config'.

    Args:
-        appname: application name which will be sent to syslog
-        config: config object
-        run_command: callable that actually runs the reactor
+        appname (str): application name which will be sent to syslog
+        config (synapse.config.Config): config object
+        run_command (Callable[]): callable that actually runs the reactor
    """

    logger = logging.getLogger(config.worker.worker_app)
@ -127,32 +101,32 @@ def start_worker_reactor(


 def start_reactor(
-    appname: str,
-    soft_file_limit: int,
-    gc_thresholds: Tuple[int, int, int],
-    pid_file: str,
-    daemonize: bool,
-    print_pidfile: bool,
-    logger: logging.Logger,
-    run_command: Callable[[], None] = reactor.run,
-) -> None:
+    appname,
+    soft_file_limit,
+    gc_thresholds,
+    pid_file,
+    daemonize,
+    print_pidfile,
+    logger,
+    run_command=reactor.run,
+):
    """Run the reactor in the main process

    Daemonizes if necessary, and then configures some resources, before starting
    the reactor

    Args:
-        appname: application name which will be sent to syslog
-        soft_file_limit:
+        appname (str): application name which will be sent to syslog
+        soft_file_limit (int):
        gc_thresholds:
-        pid_file: name of pid file to write to if daemonize is True
-        daemonize: true to run the reactor in a background process
-        print_pidfile: whether to print the pid file, if daemonize is True
-        logger: logger instance to pass to Daemonize
-        run_command: callable that actually runs the reactor
+        pid_file (str): name of pid file to write to if daemonize is True
+        daemonize (bool): true to run the reactor in a background process
+        print_pidfile (bool): whether to print the pid file, if daemonize is True
+        logger (logging.Logger): logger instance to pass to Daemonize
+        run_command (Callable[]): callable that actually runs the reactor
    """

-    def run() -> None:
+    def run():
        logger.info("Running")
        setup_jemalloc_stats()
        change_resource_limit(soft_file_limit)
@ -211,7 +185,7 @@ def redirect_stdio_to_logs() -> None:
    print("Redirected stdout/stderr to logs")


-def register_start(cb: Callable[..., Awaitable], *args: Any, **kwargs: Any) -> None:
+def register_start(cb: Callable[..., Awaitable], *args, **kwargs) -> None:
    """Register a callback with the reactor, to be called once it is running

    This can be used to initialise parts of the system which require an asynchronous
@ -221,7 +195,7 @@ def register_start(cb: Callable[..., Awaitable], *args: Any, **kwargs: Any) -> N
    will exit.
    """

-    async def wrapper() -> None:
+    async def wrapper():
        try:
            await cb(*args, **kwargs)
        except Exception:
@ -250,7 +224,7 @@ def register_start(cb: Callable[..., Awaitable], *args: Any, **kwargs: Any) -> N
    reactor.callWhenRunning(lambda: defer.ensureDeferred(wrapper()))


-def listen_metrics(bind_addresses: Iterable[str], port: int) -> None:
+def listen_metrics(bind_addresses, port):
    """
    Start Prometheus metrics server.
    """
@ -262,11 +236,11 @@ def listen_metrics(bind_addresses: Iterable[str], port: int) -> None:


 def listen_manhole(
-    bind_addresses: Collection[str],
+    bind_addresses: Iterable[str],
    port: int,
    manhole_settings: ManholeConfig,
    manhole_globals: dict,
-) -> None:
+):
    # twisted.conch.manhole 21.1.0 uses "int_from_bytes", which produces a confusing
    # warning. It's fixed by https://github.com/twisted/twisted/pull/1522), so
    # suppress the warning for now.
@ -285,18 +259,12 @@ def listen_manhole(
    )


-def listen_tcp(
-    bind_addresses: Collection[str],
-    port: int,
-    factory: ServerFactory,
-    reactor: IReactorTCP = reactor,
-    backlog: int = 50,
-) -> List[Port]:
+def listen_tcp(bind_addresses, port, factory, reactor=reactor, backlog=50):
    """
    Create a TCP socket for a port and several addresses

    Returns:
-        list of twisted.internet.tcp.Port listening for TCP connections
+        list[twisted.internet.tcp.Port]: listening for TCP connections
    """
    r = []
    for address in bind_addresses:
@ -305,19 +273,12 @@ def listen_tcp(
        except error.CannotListenError as e:
            check_bind_error(e, address, bind_addresses)

-    # IReactorTCP returns an object implementing IListeningPort from listenTCP,
-    # but we know it will be a Port instance.
-    return r  # type: ignore[return-value]
+    return r


 def listen_ssl(
-    bind_addresses: Collection[str],
-    port: int,
-    factory: ServerFactory,
-    context_factory: IOpenSSLContextFactory,
-    reactor: IReactorSSL = reactor,
-    backlog: int = 50,
-) -> List[Port]:
+    bind_addresses, port, factory, context_factory, reactor=reactor, backlog=50
+):
    """
    Create an TLS-over-TCP socket for a port and several addresses

@ -333,13 +294,10 @@ def listen_ssl(
        except error.CannotListenError as e:
            check_bind_error(e, address, bind_addresses)

-    # IReactorSSL incorrectly declares that an int is returned from listenSSL,
-    # it actually returns an object implementing IListeningPort, but we know it
-    # will be a Port instance.
-    return r  # type: ignore[return-value]
+    return r


-def refresh_certificate(hs: "HomeServer") -> None:
+def refresh_certificate(hs: "HomeServer"):
    """
    Refresh the TLS certificates that Synapse is using by re-reading them from
    disk and updating the TLS context factories to use them.
@ -371,7 +329,7 @@ def refresh_certificate(hs: "HomeServer") -> None:
        logger.info("Context factories updated.")


-async def start(hs: "HomeServer") -> None:
+async def start(hs: "HomeServer"):
    """
    Start a Synapse server or worker.

@ -402,7 +360,7 @@ async def start(hs: "HomeServer") -> None:
    if hasattr(signal, "SIGHUP"):

        @wrap_as_background_process("sighup")
-        def handle_sighup(*args: Any, **kwargs: Any) -> None:
+        def handle_sighup(*args, **kwargs):
            # Tell systemd our state, if we're using it. This will silently fail if
            # we're not using systemd.
            sdnotify(b"RELOADING=1")
@ -415,7 +373,7 @@ async def start(hs: "HomeServer") -> None:
        # We defer running the sighup handlers until next reactor tick. This
        # is so that we're in a sane state, e.g. flushing the logs may fail
        # if the sighup happens in the middle of writing a log entry.
-        def run_sighup(*args: Any, **kwargs: Any) -> None:
+        def run_sighup(*args, **kwargs):
            # `callFromThread` should be "signal safe" as well as thread
            # safe.
            reactor.callFromThread(handle_sighup, *args, **kwargs)
@ -478,8 +436,12 @@ async def start(hs: "HomeServer") -> None:
        atexit.register(gc.freeze)


-def setup_sentry(hs: "HomeServer") -> None:
-    """Enable sentry integration, if enabled in configuration"""
+def setup_sentry(hs: "HomeServer"):
+    """Enable sentry integration, if enabled in configuration
+
+    Args:
+        hs
+    """

    if not hs.config.metrics.sentry_enabled:
        return
@ -504,7 +466,7 @@ def setup_sentry(hs: "HomeServer") -> None:
        scope.set_tag("worker_name", name)


-def setup_sdnotify(hs: "HomeServer") -> None:
+def setup_sdnotify(hs: "HomeServer"):
    """Adds process state hooks to tell systemd what we are up to."""

    # Tell systemd our state, if we're using it. This will silently fail if
@ -519,7 +481,7 @@ def setup_sdnotify(hs: "HomeServer") -> None:
 sdnotify_sockaddr = os.getenv("NOTIFY_SOCKET")


-def sdnotify(state: bytes) -> None:
+def sdnotify(state):
    """
    Send a notification to systemd, if the NOTIFY_SOCKET env var is set.

@ -528,7 +490,7 @@ def sdnotify(state: bytes) -> None:
    package which many OSes don't include as a matter of principle.

    Args:
-        state: notification to send
+        state (bytes): notification to send
    """
    if not isinstance(state, bytes):
        raise TypeError("sdnotify should be called with a bytes")
--- a/synapse/app/admin_cmd.py
+++ b/synapse/app/admin_cmd.py
@ -17,7 +17,6 @@ import logging
 import os
 import sys
 import tempfile
-from typing import List, Optional

 from twisted.internet import defer, task

@ -26,7 +25,6 @@ from synapse.app import _base
 from synapse.config._base import ConfigError
 from synapse.config.homeserver import HomeServerConfig
 from synapse.config.logger import setup_logging
-from synapse.events import EventBase
 from synapse.handlers.admin import ExfiltrationWriter
 from synapse.replication.slave.storage._base import BaseSlavedStore
 from synapse.replication.slave.storage.account_data import SlavedAccountDataStore
@ -42,7 +40,6 @@ from synapse.replication.slave.storage.receipts import SlavedReceiptsStore
 from synapse.replication.slave.storage.registration import SlavedRegistrationStore
 from synapse.server import HomeServer
 from synapse.storage.databases.main.room import RoomWorkerStore
-from synapse.types import StateMap
 from synapse.util.logcontext import LoggingContext
 from synapse.util.versionstring import get_version_string

@ -68,11 +65,16 @@ class AdminCmdSlavedStore(


 class AdminCmdServer(HomeServer):
-    DATASTORE_CLASS = AdminCmdSlavedStore  # type: ignore
+    DATASTORE_CLASS = AdminCmdSlavedStore


-async def export_data_command(hs: HomeServer, args: argparse.Namespace) -> None:
-    """Export data for a user."""
+async def export_data_command(hs: HomeServer, args):
+    """Export data for a user.
+
+    Args:
+        hs
+        args (argparse.Namespace)
+    """

    user_id = args.user_id
    directory = args.output_directory
@ -90,12 +92,12 @@ class FileExfiltrationWriter(ExfiltrationWriter):
    Note: This writes to disk on the main reactor thread.

    Args:
-        user_id: The user whose data is being exfiltrated.
-        directory: The directory to write the data to, if None then will write
-            to a temporary directory.
+        user_id (str): The user whose data is being exfiltrated.
+        directory (str|None): The directory to write the data to, if None then
+            will write to a temporary directory.
    """

-    def __init__(self, user_id: str, directory: Optional[str] = None):
+    def __init__(self, user_id, directory=None):
        self.user_id = user_id

        if directory:
@ -109,7 +111,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
        if list(os.listdir(self.base_directory)):
            raise Exception("Directory must be empty")

-    def write_events(self, room_id: str, events: List[EventBase]) -> None:
+    def write_events(self, room_id, events):
        room_directory = os.path.join(self.base_directory, "rooms", room_id)
        os.makedirs(room_directory, exist_ok=True)
        events_file = os.path.join(room_directory, "events")
@ -118,9 +120,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in events:
                print(json.dumps(event.get_pdu_json()), file=f)

-    def write_state(
-        self, room_id: str, event_id: str, state: StateMap[EventBase]
-    ) -> None:
+    def write_state(self, room_id, event_id, state):
        room_directory = os.path.join(self.base_directory, "rooms", room_id)
        state_directory = os.path.join(room_directory, "state")
        os.makedirs(state_directory, exist_ok=True)
@ -131,9 +131,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event.get_pdu_json()), file=f)

-    def write_invite(
-        self, room_id: str, event: EventBase, state: StateMap[EventBase]
-    ) -> None:
+    def write_invite(self, room_id, event, state):
        self.write_events(room_id, [event])

        # We write the invite state somewhere else as they aren't full events
@ -147,9 +145,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event), file=f)

-    def write_knock(
-        self, room_id: str, event: EventBase, state: StateMap[EventBase]
-    ) -> None:
+    def write_knock(self, room_id, event, state):
        self.write_events(room_id, [event])

        # We write the knock state somewhere else as they aren't full events
@ -163,11 +159,11 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event), file=f)

-    def finished(self) -> str:
+    def finished(self):
        return self.base_directory


-def start(config_options: List[str]) -> None:
+def start(config_options):
    parser = argparse.ArgumentParser(description="Synapse Admin Command")
    HomeServerConfig.add_arguments_to_parser(parser)

@ -235,7 +231,7 @@ def start(config_options: List[str]) -> None:
    # We also make sure that `_base.start` gets run before we actually run the
    # command.

-    async def run() -> None:
+    async def run():
        with LoggingContext("command"):
            await _base.start(ss)
            await args.func(ss, args)
--- a/synapse/app/generic_worker.py
+++ b/synapse/app/generic_worker.py
@ -14,10 +14,11 @@
 # limitations under the License.
 import logging
 import sys
-from typing import Dict, List, Optional, Tuple
+from typing import Dict, Optional

 from twisted.internet import address
-from twisted.web.resource import Resource
+from twisted.web.resource import IResource
+from twisted.web.server import Request

 import synapse
 import synapse.events
@ -43,7 +44,7 @@ from synapse.config.server import ListenerConfig
 from synapse.federation.transport.server import TransportLayerServer
 from synapse.http.server import JsonResource, OptionsResource
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
-from synapse.http.site import SynapseRequest, SynapseSite
+from synapse.http.site import SynapseSite
 from synapse.logging.context import LoggingContext
 from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
 from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
@ -118,7 +119,6 @@ from synapse.storage.databases.main.stats import StatsStore
 from synapse.storage.databases.main.transactions import TransactionWorkerStore
 from synapse.storage.databases.main.ui_auth import UIAuthWorkerStore
 from synapse.storage.databases.main.user_directory import UserDirectoryStore
-from synapse.types import JsonDict
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.versionstring import get_version_string

@ -143,9 +143,7 @@ class KeyUploadServlet(RestServlet):
        self.http_client = hs.get_simple_http_client()
        self.main_uri = hs.config.worker.worker_main_http_uri

-    async def on_POST(
-        self, request: SynapseRequest, device_id: Optional[str]
-    ) -> Tuple[int, JsonDict]:
+    async def on_POST(self, request: Request, device_id: Optional[str]):
        requester = await self.auth.get_user_by_req(request, allow_guest=True)
        user_id = requester.user.to_string()
        body = parse_json_object_from_request(request)
@ -189,8 +187,9 @@ class KeyUploadServlet(RestServlet):
                # If the header exists, add to the comma-separated list of the first
                # instance of the header. Otherwise, generate a new header.
                if x_forwarded_for:
-                    x_forwarded_for = [x_forwarded_for[0] + b", " + previous_host]
-                    x_forwarded_for.extend(x_forwarded_for[1:])
+                    x_forwarded_for = [
+                        x_forwarded_for[0] + b", " + previous_host
+                    ] + x_forwarded_for[1:]
                else:
                    x_forwarded_for = [previous_host]
            headers[b"X-Forwarded-For"] = x_forwarded_for
@ -254,16 +253,13 @@ class GenericWorkerSlavedStore(
    SessionStore,
    BaseSlavedStore,
 ):
-    # Properties that multiple storage classes define. Tell mypy what the
-    # expected type is.
-    server_name: str
-    config: HomeServerConfig
+    pass


 class GenericWorkerServer(HomeServer):
-    DATASTORE_CLASS = GenericWorkerSlavedStore  # type: ignore
+    DATASTORE_CLASS = GenericWorkerSlavedStore

-    def _listen_http(self, listener_config: ListenerConfig) -> None:
+    def _listen_http(self, listener_config: ListenerConfig):
        port = listener_config.port
        bind_addresses = listener_config.bind_addresses

@ -271,10 +267,10 @@ class GenericWorkerServer(HomeServer):

        site_tag = listener_config.http_options.tag
        if site_tag is None:
-            site_tag = str(port)
+            site_tag = port

        # We always include a health resource.
-        resources: Dict[str, Resource] = {"/health": HealthResource()}
+        resources: Dict[str, IResource] = {"/health": HealthResource()}

        for res in listener_config.http_options.resources:
            for name in res.names:
@ -390,7 +386,7 @@ class GenericWorkerServer(HomeServer):

        logger.info("Synapse worker now listening on port %d", port)

-    def start_listening(self) -> None:
+    def start_listening(self):
        for listener in self.config.worker.worker_listeners:
            if listener.type == "http":
                self._listen_http(listener)
@ -415,7 +411,7 @@ class GenericWorkerServer(HomeServer):
        self.get_tcp_replication().start_replication(self)


-def start(config_options: List[str]) -> None:
+def start(config_options):
    try:
        config = HomeServerConfig.load_config("Synapse worker", config_options)
    except ConfigError as e:
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@ -16,10 +16,10 @@
 import logging
 import os
 import sys
-from typing import Dict, Iterable, Iterator, List
+from typing import Iterator

-from twisted.internet.tcp import Port
-from twisted.web.resource import EncodingResourceWrapper, Resource
+from twisted.internet import reactor
+from twisted.web.resource import EncodingResourceWrapper, IResource
 from twisted.web.server import GzipEncoderFactory
 from twisted.web.static import File

@ -76,27 +76,23 @@ from synapse.util.versionstring import get_version_string
 logger = logging.getLogger("synapse.app.homeserver")


-def gz_wrap(r: Resource) -> Resource:
+def gz_wrap(r):
    return EncodingResourceWrapper(r, [GzipEncoderFactory()])


 class SynapseHomeServer(HomeServer):
-    DATASTORE_CLASS = DataStore  # type: ignore
+    DATASTORE_CLASS = DataStore

-    def _listener_http(
-        self, config: HomeServerConfig, listener_config: ListenerConfig
-    ) -> Iterable[Port]:
+    def _listener_http(self, config: HomeServerConfig, listener_config: ListenerConfig):
        port = listener_config.port
        bind_addresses = listener_config.bind_addresses
        tls = listener_config.tls
-        # Must exist since this is an HTTP listener.
-        assert listener_config.http_options is not None
        site_tag = listener_config.http_options.tag
        if site_tag is None:
            site_tag = str(port)

        # We always include a health resource.
-        resources: Dict[str, Resource] = {"/health": HealthResource()}
+        resources = {"/health": HealthResource()}

        for res in listener_config.http_options.resources:
            for name in res.names:
@ -115,7 +111,7 @@ class SynapseHomeServer(HomeServer):
                ("listeners", site_tag, "additional_resources", "<%s>" % (path,)),
            )
            handler = handler_cls(config, module_api)
-            if isinstance(handler, Resource):
+            if IResource.providedBy(handler):
                resource = handler
            elif hasattr(handler, "handle_request"):
                resource = AdditionalResource(self, handler.handle_request)
@ -132,7 +128,7 @@ class SynapseHomeServer(HomeServer):

        # try to find something useful to redirect '/' to
        if WEB_CLIENT_PREFIX in resources:
-            root_resource: Resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
+            root_resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
        elif STATIC_PREFIX in resources:
            root_resource = RootOptionsRedirectResource(STATIC_PREFIX)
        else:
@ -149,8 +145,6 @@ class SynapseHomeServer(HomeServer):
        )

        if tls:
-            # refresh_certificate should have been called before this.
-            assert self.tls_server_context_factory is not None
            ports = listen_ssl(
                bind_addresses,
                port,
@ -171,21 +165,20 @@ class SynapseHomeServer(HomeServer):

        return ports

-    def _configure_named_resource(
-        self, name: str, compress: bool = False
-    ) -> Dict[str, Resource]:
+    def _configure_named_resource(self, name, compress=False):
        """Build a resource map for a named resource

        Args:
-            name: named resource: one of "client", "federation", etc
-            compress: whether to enable gzip compression for this resource
+            name (str): named resource: one of "client", "federation", etc
+            compress (bool): whether to enable gzip compression for this
+                resource

        Returns:
-            map from path to HTTP resource
+            dict[str, Resource]: map from path to HTTP resource
        """
-        resources: Dict[str, Resource] = {}
+        resources = {}
        if name == "client":
-            client_resource: Resource = ClientRestResource(self)
+            client_resource = ClientRestResource(self)
            if compress:
                client_resource = gz_wrap(client_resource)

@ -214,7 +207,7 @@ class SynapseHomeServer(HomeServer):
        if name == "consent":
            from synapse.rest.consent.consent_resource import ConsentResource

-            consent_resource: Resource = ConsentResource(self)
+            consent_resource = ConsentResource(self)
            if compress:
                consent_resource = gz_wrap(consent_resource)
            resources.update({"/_matrix/consent": consent_resource})
@ -284,7 +277,7 @@ class SynapseHomeServer(HomeServer):

        return resources

-    def start_listening(self) -> None:
+    def start_listening(self):
        if self.config.redis.redis_enabled:
            # If redis is enabled we connect via the replication command handler
            # in the same way as the workers (since we're effectively a client
@ -310,9 +303,7 @@ class SynapseHomeServer(HomeServer):
                    ReplicationStreamProtocolFactory(self),
                )
                for s in services:
-                    self.get_reactor().addSystemEventTrigger(
-                        "before", "shutdown", s.stopListening
-                    )
+                    reactor.addSystemEventTrigger("before", "shutdown", s.stopListening)
            elif listener.type == "metrics":
                if not self.config.metrics.enable_metrics:
                    logger.warning(
@ -327,13 +318,14 @@ class SynapseHomeServer(HomeServer):
                logger.warning("Unrecognized listener type: %s", listener.type)


-def setup(config_options: List[str]) -> SynapseHomeServer:
+def setup(config_options):
    """
    Args:
-        config_options_options: The options passed to Synapse. Usually `sys.argv[1:]`.
+        config_options_options: The options passed to Synapse. Usually
+            `sys.argv[1:]`.

    Returns:
-        A homeserver instance.
+        HomeServer
    """
    try:
        config = HomeServerConfig.load_or_generate_config(
@ -372,7 +364,7 @@ def setup(config_options: List[str]) -> SynapseHomeServer:
    except Exception as e:
        handle_startup_exception(e)

-    async def start() -> None:
+    async def start():
        # Load the OIDC provider metadatas, if OIDC is enabled.
        if hs.config.oidc.oidc_enabled:
            oidc = hs.get_oidc_handler()
@ -412,15 +404,39 @@ def format_config_error(e: ConfigError) -> Iterator[str]:

    yield ":\n  %s" % (e.msg,)

-    parent_e = e.__cause__
+    e = e.__cause__
    indent = 1
-    while parent_e:
+    while e:
        indent += 1
-        yield ":\n%s%s" % ("  " * indent, str(parent_e))
-        parent_e = parent_e.__cause__
+        yield ":\n%s%s" % ("  " * indent, str(e))
+        e = e.__cause__


-def run(hs: HomeServer) -> None:
+def run(hs: HomeServer):
+    PROFILE_SYNAPSE = False
+    if PROFILE_SYNAPSE:
+
+        def profile(func):
+            from cProfile import Profile
+            from threading import current_thread
+
+            def profiled(*args, **kargs):
+                profile = Profile()
+                profile.enable()
+                func(*args, **kargs)
+                profile.disable()
+                ident = current_thread().ident
+                profile.dump_stats(
+                    "/tmp/%s.%s.%i.pstat" % (hs.hostname, func.__name__, ident)
+                )
+
+            return profiled
+
+        from twisted.python.threadpool import ThreadPool
+
+        ThreadPool._worker = profile(ThreadPool._worker)
+        reactor.run = profile(reactor.run)
+
    _base.start_reactor(
        "synapse-homeserver",
        soft_file_limit=hs.config.server.soft_file_limit,
@ -432,7 +448,7 @@ def run(hs: HomeServer) -> None:
    )


-def main() -> None:
+def main():
    with LoggingContext("main"):
        # check base requirements
        check_requirements()
--- a/synapse/app/phone_stats_home.py
+++ b/synapse/app/phone_stats_home.py
@ -15,12 +15,11 @@ import logging
 import math
 import resource
 import sys
-from typing import TYPE_CHECKING, List, Sized, Tuple
+from typing import TYPE_CHECKING

 from prometheus_client import Gauge

 from synapse.metrics.background_process_metrics import wrap_as_background_process
-from synapse.types import JsonDict

 if TYPE_CHECKING:
    from synapse.server import HomeServer
@ -29,7 +28,7 @@ logger = logging.getLogger("synapse.app.homeserver")

 # Contains the list of processes we will be monitoring
 # currently either 0 or 1
-_stats_process: List[Tuple[int, "resource.struct_rusage"]] = []
+_stats_process = []

 # Gauges to expose monthly active user control metrics
 current_mau_gauge = Gauge("synapse_admin_mau:current", "Current MAU")
@ -46,15 +45,9 @@ registered_reserved_users_mau_gauge = Gauge(


@wrap_as_background_process("phone_stats_home")
-async def phone_stats_home(
-    hs: "HomeServer",
-    stats: JsonDict,
-    stats_process: List[Tuple[int, "resource.struct_rusage"]] = _stats_process,
-) -> None:
+async def phone_stats_home(hs: "HomeServer", stats, stats_process=_stats_process):
    logger.info("Gathering stats for reporting")
    now = int(hs.get_clock().time())
-    # Ensure the homeserver has started.
-    assert hs.start_time is not None
    uptime = int(now - hs.start_time)
    if uptime < 0:
        uptime = 0
@ -153,15 +146,15 @@ async def phone_stats_home(
        logger.warning("Error reporting stats: %s", e)


-def start_phone_stats_home(hs: "HomeServer") -> None:
+def start_phone_stats_home(hs: "HomeServer"):
    """
    Start the background tasks which report phone home stats.
    """
    clock = hs.get_clock()

-    stats: JsonDict = {}
+    stats = {}

-    def performance_stats_init() -> None:
+    def performance_stats_init():
        _stats_process.clear()
        _stats_process.append(
            (int(hs.get_clock().time()), resource.getrusage(resource.RUSAGE_SELF))
@ -177,10 +170,10 @@ def start_phone_stats_home(hs: "HomeServer") -> None:
    hs.get_datastore().reap_monthly_active_users()

    @wrap_as_background_process("generate_monthly_active_users")
-    async def generate_monthly_active_users() -> None:
+    async def generate_monthly_active_users():
        current_mau_count = 0
        current_mau_count_by_service = {}
-        reserved_users: Sized = ()
+        reserved_users = ()
        store = hs.get_datastore()
        if hs.config.server.limit_usage_by_mau or hs.config.server.mau_stats_only:
            current_mau_count = await store.get_monthly_active_count()
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@ -277,58 +277,6 @@ class FederationClient(FederationBase):

        return pdus

-    async def get_pdu_from_destination_raw(
-        self,
-        destination: str,
-        event_id: str,
-        room_version: RoomVersion,
-        outlier: bool = False,
-        timeout: Optional[int] = None,
-    ) -> Optional[EventBase]:
-        """Requests the PDU with given origin and ID from the remote home
-        server. Does not have any caching or rate limiting!
-
-        Args:
-            destination: Which homeserver to query
-            event_id: event to fetch
-            room_version: version of the room
-            outlier: Indicates whether the PDU is an `outlier`, i.e. if
-                it's from an arbitrary point in the context as opposed to part
-                of the current block of PDUs. Defaults to `False`
-            timeout: How long to try (in ms) each destination for before
-                moving to the next destination. None indicates no timeout.
-
-        Returns:
-            The requested PDU, or None if we were unable to find it.
-
-        Raises:
-            SynapseError, NotRetryingDestination, FederationDeniedError
-        """
-        transaction_data = await self.transport_layer.get_event(
-            destination, event_id, timeout=timeout
-        )
-
-        logger.debug(
-            "retrieved event id %s from %s: %r",
-            event_id,
-            destination,
-            transaction_data,
-        )
-
-        pdu_list: List[EventBase] = [
-            event_from_pdu_json(p, room_version, outlier=outlier)
-            for p in transaction_data["pdus"]
-        ]
-
-        if pdu_list and pdu_list[0]:
-            pdu = pdu_list[0]
-
-            # Check signatures are correct.
-            signed_pdu = await self._check_sigs_and_hash(room_version, pdu)
-            return signed_pdu
-
-        return None
-
    async def get_pdu(
        self,
        destinations: Iterable[str],
@ -373,14 +321,30 @@ class FederationClient(FederationBase):
                continue

            try:
-                signed_pdu = await self.get_pdu_from_destination_raw(
-                    destination=destination,
-                    event_id=event_id,
-                    room_version=room_version,
-                    outlier=outlier,
-                    timeout=timeout,
+                transaction_data = await self.transport_layer.get_event(
+                    destination, event_id, timeout=timeout
                )

+                logger.debug(
+                    "retrieved event id %s from %s: %r",
+                    event_id,
+                    destination,
+                    transaction_data,
+                )
+
+                pdu_list: List[EventBase] = [
+                    event_from_pdu_json(p, room_version, outlier=outlier)
+                    for p in transaction_data["pdus"]
+                ]
+
+                if pdu_list and pdu_list[0]:
+                    pdu = pdu_list[0]
+
+                    # Check signatures are correct.
+                    signed_pdu = await self._check_sigs_and_hash(room_version, pdu)
+
+                    break
+
                pdu_attempts[destination] = now

            except SynapseError as e:
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@ -234,7 +234,7 @@ class ExfiltrationWriter(metaclass=abc.ABCMeta):

    @abc.abstractmethod
    def write_invite(
-        self, room_id: str, event: EventBase, state: StateMap[EventBase]
+        self, room_id: str, event: EventBase, state: StateMap[dict]
    ) -> None:
        """Write an invite for the room, with associated invite state.

@ -248,7 +248,7 @@ class ExfiltrationWriter(metaclass=abc.ABCMeta):

    @abc.abstractmethod
    def write_knock(
-        self, room_id: str, event: EventBase, state: StateMap[EventBase]
+        self, room_id: str, event: EventBase, state: StateMap[dict]
    ) -> None:
        """Write a knock for the room, with associated knock state.

--- a/synapse/handlers/appservice.py
+++ b/synapse/handlers/appservice.py
@ -188,7 +188,7 @@ class ApplicationServicesHandler:
        self,
        stream_key: str,
        new_token: Union[int, RoomStreamToken],
-        users: Collection[Union[str, UserID]],
+        users: Optional[Collection[Union[str, UserID]]] = None,
    ) -> None:
        """
        This is called by the notifier in the background when an ephemeral event is handled
@ -203,9 +203,7 @@ class ApplicationServicesHandler:
                value for `stream_key` will cause this function to return early.

                Ephemeral events will only be pushed to appservices that have opted into
-                receiving them by setting `push_ephemeral` to true in their registration
-                file. Note that while MSC2409 is experimental, this option is called
-                `de.sorunome.msc2409.push_ephemeral`.
+                them.

                Appservices will only receive ephemeral events that fall within their
                registered user and room namespaces.
@ -216,7 +214,6 @@ class ApplicationServicesHandler:
        if not self.notify_appservices:
            return

-        # Ignore any unsupported streams
        if stream_key not in ("typing_key", "receipt_key", "presence_key"):
            return

@ -233,25 +230,18 @@ class ApplicationServicesHandler:
        # Additional context: https://github.com/matrix-org/synapse/pull/11137
        assert isinstance(new_token, int)

-        # Check whether there are any appservices which have registered to receive
-        # ephemeral events.
-        #
-        # Note that whether these events are actually relevant to these appservices
-        # is decided later on.
        services = [
            service
            for service in self.store.get_app_services()
            if service.supports_ephemeral
        ]
        if not services:
-            # Bail out early if none of the target appservices have explicitly registered
-            # to receive these ephemeral events.
            return

        # We only start a new background process if necessary rather than
        # optimistically (to cut down on overhead).
        self._notify_interested_services_ephemeral(
-            services, stream_key, new_token, users
+            services, stream_key, new_token, users or []
        )

    @wrap_as_background_process("notify_interested_services_ephemeral")
@ -262,7 +252,7 @@ class ApplicationServicesHandler:
        new_token: int,
        users: Collection[Union[str, UserID]],
    ) -> None:
-        logger.debug("Checking interested services for %s", stream_key)
+        logger.debug("Checking interested services for %s" % (stream_key))
        with Measure(self.clock, "notify_interested_services_ephemeral"):
            for service in services:
                if stream_key == "typing_key":
@ -355,9 +345,6 @@ class ApplicationServicesHandler:

        Args:
            service: The application service to check for which events it should receive.
-            new_token: A receipts event stream token. Purely used to double-check that the
-                from_token we pull from the database isn't greater than or equal to this
-                token. Prevents accidentally duplicating work.

        Returns:
            A list of JSON dictionaries containing data derived from the read receipts that
@ -395,9 +382,6 @@ class ApplicationServicesHandler:
        Args:
            service: The application service that ephemeral events are being sent to.
            users: The users that should receive the presence update.
-            new_token: A presence update stream token. Purely used to double-check that the
-                from_token we pull from the database isn't greater than or equal to this
-                token. Prevents accidentally duplicating work.

        Returns:
            A list of json dictionaries containing data derived from the presence events
--- a/synapse/handlers/devicemessage.py
+++ b/synapse/handlers/devicemessage.py
@ -89,13 +89,6 @@ class DeviceMessageHandler:
        )

    async def on_direct_to_device_edu(self, origin: str, content: JsonDict) -> None:
-        """
-        Handle receiving to-device messages from remote homeservers.
-
-        Args:
-            origin: The remote homeserver.
-            content: The JSON dictionary containing the to-device messages.
-        """
        local_messages = {}
        sender_user_id = content["sender"]
        if origin != get_domain_from_id(sender_user_id):
@ -142,16 +135,12 @@ class DeviceMessageHandler:
                message_type, sender_user_id, by_device
            )

-        # Add messages to the database.
-        # Retrieve the stream id of the last-processed to-device message.
-        last_stream_id = await self.store.add_messages_from_remote_to_device_inbox(
+        stream_id = await self.store.add_messages_from_remote_to_device_inbox(
            origin, message_id, local_messages
        )

-        # Notify listeners that there are new to-device messages to process,
-        # handing them the latest stream id.
        self.notifier.on_new_event(
-            "to_device_key", last_stream_id, users=local_messages.keys()
+            "to_device_key", stream_id, users=local_messages.keys()
        )

    async def _check_for_unknown_devices(
@ -206,14 +195,6 @@ class DeviceMessageHandler:
        message_type: str,
        messages: Dict[str, Dict[str, JsonDict]],
    ) -> None:
-        """
-        Handle a request from a user to send to-device message(s).
-
-        Args:
-            requester: The user that is sending the to-device messages.
-            message_type: The type of to-device messages that are being sent.
-            messages: A dictionary containing recipients mapped to messages intended for them.
-        """
        sender_user_id = requester.user.to_string()

        message_id = random_string(16)
@ -276,16 +257,12 @@ class DeviceMessageHandler:
                "org.matrix.opentracing_context": json_encoder.encode(context),
            }

-        # Add messages to the database.
-        # Retrieve the stream id of the last-processed to-device message.
-        last_stream_id = await self.store.add_messages_to_device_inbox(
+        stream_id = await self.store.add_messages_to_device_inbox(
            local_messages, remote_edu_contents
        )

-        # Notify listeners that there are new to-device messages to process,
-        # handing them the latest stream id.
        self.notifier.on_new_event(
-            "to_device_key", last_stream_id, users=local_messages.keys()
+            "to_device_key", stream_id, users=local_messages.keys()
        )

        if self.federation_sender:
--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@ -981,6 +981,8 @@ class FederationEventHandler:
                origin,
                event,
                context,
+                state=state,
+                backfilled=backfilled,
            )
        except AuthError as e:
            # FIXME richvdh 2021/10/07 I don't think this is reachable. Let's log it
@ -1330,6 +1332,8 @@ class FederationEventHandler:
        origin: str,
        event: EventBase,
        context: EventContext,
+        state: Optional[Iterable[EventBase]] = None,
+        backfilled: bool = False,
    ) -> EventContext:
        """
        Checks whether an event should be rejected (for failing auth checks).
@ -1340,6 +1344,12 @@ class FederationEventHandler:
            context:
                The event context.

+            state:
+                The state events used to check the event for soft-fail. If this is
+                not provided the current state events will be used.
+
+            backfilled: True if the event was backfilled.
+
        Returns:
            The updated context object.

--- a/synapse/logging/handlers.py
+++ b/synapse/logging/handlers.py
@ -3,7 +3,7 @@ import time
 from logging import Handler, LogRecord
 from logging.handlers import MemoryHandler
 from threading import Thread
-from typing import Optional, cast
+from typing import Optional

 from twisted.internet.interfaces import IReactorCore

@ -56,7 +56,7 @@ class PeriodicallyFlushingMemoryHandler(MemoryHandler):
        if reactor is None:
            from twisted.internet import reactor as global_reactor

-            reactor_to_use = cast(IReactorCore, global_reactor)
+            reactor_to_use = global_reactor  # type: ignore[assignment]
        else:
            reactor_to_use = reactor

--- a/synapse/module_api/init.py
+++ b/synapse/module_api/init.py
@ -31,7 +31,7 @@ import attr
 import jinja2

 from twisted.internet import defer
-from twisted.web.resource import Resource
+from twisted.web.resource import IResource

 from synapse.api.errors import SynapseError
 from synapse.events import EventBase
@ -196,7 +196,7 @@ class ModuleApi:
        """
        return self._password_auth_provider.register_password_auth_provider_callbacks

-    def register_web_resource(self, path: str, resource: Resource):
+    def register_web_resource(self, path: str, resource: IResource):
        """Registers a web resource to be served at the given path.

        This function should be called during initialisation of the module.
--- a/synapse/replication/tcp/resource.py
+++ b/synapse/replication/tcp/resource.py
@ -20,7 +20,7 @@ from typing import TYPE_CHECKING

 from prometheus_client import Counter

-from twisted.internet.protocol import ServerFactory
+from twisted.internet.protocol import Factory

 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.replication.tcp.commands import PositionCommand
@ -38,7 +38,7 @@ stream_updates_counter = Counter(
 logger = logging.getLogger(__name__)


-class ReplicationStreamProtocolFactory(ServerFactory):
+class ReplicationStreamProtocolFactory(Factory):
    """Factory for new replication connections."""

    def __init__(self, hs: "HomeServer"):
--- a/synapse/rest/client/relations.py
+++ b/synapse/rest/client/relations.py
@ -230,12 +230,9 @@ class RelationPaginationServlet(RestServlet):
        original_event = await self._event_serializer.serialize_event(
            event, now, bundle_aggregations=False
        )
-        # Similarly, we don't allow relations to be applied to relations, so we
-        # return the original relations without any aggregations on top of them
-        # here.
-        serialized_events = await self._event_serializer.serialize_events(
-            events, now, bundle_aggregations=False
-        )
+        # For any relations applying to the original event they need their
+        # aggregations applied to them.
+        serialized_events = await self._event_serializer.serialize_events(events, now)

        return_value = pagination_chunk.to_dict()
        return_value["chunk"] = serialized_events
--- a/synapse/rest/media/v1/thumbnailer.py
+++ b/synapse/rest/media/v1/thumbnailer.py
@ -101,8 +101,8 @@ class Thumbnailer:
        fits within the given rectangle::

            (w_in / h_in) = (w_out / h_out)
-            w_out = max(min(w_max, h_max * (w_in / h_in)), 1)
-            h_out = max(min(h_max, w_max * (h_in / w_in)), 1)
+            w_out = min(w_max, h_max * (w_in / h_in))
+            h_out = min(h_max, w_max * (h_in / w_in))

        Args:
            max_width: The largest possible width.
@ -110,9 +110,9 @@ class Thumbnailer:
        """

        if max_width * self.height < max_height * self.width:
-            return max_width, max((max_width * self.height) // self.width, 1)
+            return max_width, (max_width * self.height) // self.width
        else:
-            return max((max_height * self.width) // self.height, 1), max_height
+            return (max_height * self.width) // self.height, max_height

    def _resize(self, width: int, height: int) -> Image.Image:
        # 1-bit or 8-bit color palette images need converting to RGB
--- a/synapse/server.py
+++ b/synapse/server.py
@ -33,10 +33,9 @@ from typing import (
    cast,
 )

-from twisted.internet.interfaces import IOpenSSLContextFactory
-from twisted.internet.tcp import Port
+import twisted.internet.tcp
 from twisted.web.iweb import IPolicyForHTTPS
-from twisted.web.resource import Resource
+from twisted.web.resource import IResource

 from synapse.api.auth import Auth
 from synapse.api.filtering import Filtering
@ -207,7 +206,7 @@ class HomeServer(metaclass=abc.ABCMeta):

    Attributes:
        config (synapse.config.homeserver.HomeserverConfig):
-        _listening_services (list[Port]): TCP ports that
+        _listening_services (list[twisted.internet.tcp.Port]): TCP ports that
            we are listening on to provide HTTP services.
    """

@ -226,8 +225,6 @@ class HomeServer(metaclass=abc.ABCMeta):
    # instantiated during setup() for future return by get_datastore()
    DATASTORE_CLASS = abc.abstractproperty()

-    tls_server_context_factory: Optional[IOpenSSLContextFactory]
-
    def __init__(
        self,
        hostname: str,
@ -250,7 +247,7 @@ class HomeServer(metaclass=abc.ABCMeta):
        # the key we use to sign events and requests
        self.signing_key = config.key.signing_key[0]
        self.config = config
-        self._listening_services: List[Port] = []
+        self._listening_services: List[twisted.internet.tcp.Port] = []
        self.start_time: Optional[int] = None

        self._instance_id = random_string(5)
@ -260,10 +257,10 @@ class HomeServer(metaclass=abc.ABCMeta):

        self.datastores: Optional[Databases] = None

-        self._module_web_resources: Dict[str, Resource] = {}
+        self._module_web_resources: Dict[str, IResource] = {}
        self._module_web_resources_consumed = False

-    def register_module_web_resource(self, path: str, resource: Resource):
+    def register_module_web_resource(self, path: str, resource: IResource):
        """Allows a module to register a web resource to be served at the given path.

        If multiple modules register a resource for the same path, the module that
--- a/synapse/storage/databases/main/appservice.py
+++ b/synapse/storage/databases/main/appservice.py
@ -412,16 +412,16 @@ class ApplicationServiceTransactionWorkerStore(
        )

    async def set_type_stream_id_for_appservice(
-        self, service: ApplicationService, stream_type: str, pos: Optional[int]
+        self, service: ApplicationService, type: str, pos: Optional[int]
    ) -> None:
-        if stream_type not in ("read_receipt", "presence"):
+        if type not in ("read_receipt", "presence"):
            raise ValueError(
                "Expected type to be a valid application stream id type, got %s"
-                % (stream_type,)
+                % (type,)
            )

        def set_type_stream_id_for_appservice_txn(txn):
-            stream_id_type = "%s_stream_id" % stream_type
+            stream_id_type = "%s_stream_id" % type
            txn.execute(
                "UPDATE application_services_state SET %s = ? WHERE as_id=?"
                % stream_id_type,
--- a/synapse/storage/databases/main/deviceinbox.py
+++ b/synapse/storage/databases/main/deviceinbox.py
@ -134,10 +134,7 @@ class DeviceInboxWorkerStore(SQLBaseStore):
            limit: The maximum number of messages to retrieve.

        Returns:
-            A tuple containing:
-                * A list of messages for the device.
-                * The max stream token of these messages. There may be more to retrieve
-                  if the given limit was reached.
+            A list of messages for the device and where in the stream the messages got to.
        """
        has_changed = self._device_inbox_stream_cache.has_entity_changed(
            user_id, last_stream_id
@ -156,19 +153,12 @@ class DeviceInboxWorkerStore(SQLBaseStore):
            txn.execute(
                sql, (user_id, device_id, last_stream_id, current_stream_id, limit)
            )
-
            messages = []
-            stream_pos = current_stream_id
-
            for row in txn:
                stream_pos = row[0]
                messages.append(db_to_json(row[1]))
-
-            # If the limit was not reached we know that there's no more data for this
-            # user/device pair up to current_stream_id.
            if len(messages) < limit:
                stream_pos = current_stream_id
-
            return messages, stream_pos

        return await self.db_pool.runInteraction(
@ -270,20 +260,13 @@ class DeviceInboxWorkerStore(SQLBaseStore):
                " LIMIT ?"
            )
            txn.execute(sql, (destination, last_stream_id, current_stream_id, limit))
-
            messages = []
-            stream_pos = current_stream_id
-
            for row in txn:
                stream_pos = row[0]
                messages.append(db_to_json(row[1]))
-
-            # If the limit was not reached we know that there's no more data for this
-            # user/device pair up to current_stream_id.
            if len(messages) < limit:
                log_kv({"message": "Set stream position to current position"})
                stream_pos = current_stream_id
-
            return messages, stream_pos

        return await self.db_pool.runInteraction(
@ -389,8 +372,8 @@ class DeviceInboxWorkerStore(SQLBaseStore):
        """Used to send messages from this server.

        Args:
-            local_messages_by_user_then_device:
-                Dictionary of recipient user_id to recipient device_id to message.
+            local_messages_by_user_and_device:
+                Dictionary of user_id to device_id to message.
            remote_messages_by_destination:
                Dictionary of destination server_name to the EDU JSON to send.

--- a/synapse/types.py
+++ b/synapse/types.py
@ -38,7 +38,6 @@ from zope.interface import Interface
 from twisted.internet.interfaces import (
    IReactorCore,
    IReactorPluggableNameResolver,
-    IReactorSSL,
    IReactorTCP,
    IReactorThreads,
    IReactorTime,
@ -67,7 +66,6 @@ JsonDict = Dict[str, Any]
 # for mypy-zope to realize it is an interface.
 class ISynapseReactor(
    IReactorTCP,
-    IReactorSSL,
    IReactorPluggableNameResolver,
    IReactorTime,
    IReactorCore,
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Patrick Cloke	3e604f9c66	Newsfragment	2021-11-09 12:59:36 -05:00
Patrick Cloke	a5b10ce0cc	Include aggregations of events in the /relations API.	2021-11-09 12:53:05 -05:00
				`@ -0,0 +1 @@`
				`Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat.`
				`@ -0,0 +1 @@`
				Add type annotations for the `log_function` decorator.
				`@ -0,0 +1 @@`
				Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
				`@ -0,0 +1 @@`
				`Do not accept events if a third-party rule module API callback raises an exception.`
				`@ -0,0 +1 @@`
				`Advertise support for Client-Server API r0.6.1.`
				`@ -0,0 +1 @@`
				`Add search by room ID and room alias to List Room admin API.`
				`@ -0,0 +1 @@`
				Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room.
				`@ -0,0 +1 @@`
				`Improve example HAProxy config in the docs to properly handle host headers with port information. This is required for federation over port 443 to work correctly.`
				`@ -0,0 +1 @@`
				`Fix long-standing bug where verification requests could fail in certain cases if whitelist was in place but did not include your own homeserver.`