Fix error in thumbnail generation (#11288 )

Signed-off-by: Jonas Zeunert <jonas@zeunert.org>
Add missing type hints to synapse.app. (#11287 )
2021-11-10 20:49:43 +00:00 · 2021-11-10 15:06:54 -05:00 · 2021-11-10 17:55:32 +00:00 · 2021-11-10 17:54:56 +00:00 · 2021-11-10 14:16:06 +00:00 · 2021-11-10 13:01:08 +00:00
95 changed files with 446 additions and 312 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,97 @@
+Synapse 1.47.0rc2 (2021-11-10)
+==============================
+
+This fixes an issue with publishing the Debian packages for 1.47.0rc1.
+It is otherwise identical to 1.47.0rc1.
+
+
+Synapse 1.47.0rc1 (2021-11-09)
+==============================
+
+Deprecations and Removals
+-------------------------
+
+- The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more information. ([\#11206](https://github.com/matrix-org/synapse/issues/11206))
+- Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`). ([\#11213](https://github.com/matrix-org/synapse/issues/11213))
+
+
+Features
+--------
+
+- Advertise support for Client-Server API r0.6.1. ([\#11097](https://github.com/matrix-org/synapse/issues/11097))
+- Add search by room ID and room alias to the List Room admin API. ([\#11099](https://github.com/matrix-org/synapse/issues/11099))
+- Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room. ([\#11126](https://github.com/matrix-org/synapse/issues/11126))
+- Add a module API method to update a user's membership in a room. ([\#11147](https://github.com/matrix-org/synapse/issues/11147))
+- Add metrics for thread pool usage. ([\#11178](https://github.com/matrix-org/synapse/issues/11178))
+- Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288). ([\#11187](https://github.com/matrix-org/synapse/issues/11187))
+- Add a module API method to retrieve the current state of a room. ([\#11204](https://github.com/matrix-org/synapse/issues/11204))
+- Calculate a default value for `public_baseurl` based on `server_name`. ([\#11210](https://github.com/matrix-org/synapse/issues/11210))
+- Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443. ([\#11211](https://github.com/matrix-org/synapse/issues/11211))
+- Add admin APIs to pause, start and check the status of background updates. ([\#11263](https://github.com/matrix-org/synapse/issues/11263))
+
+
+Bugfixes
+--------
+
+- Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat. ([\#10097](https://github.com/matrix-org/synapse/issues/10097))
+- Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine. ([\#10969](https://github.com/matrix-org/synapse/issues/10969), [\#11212](https://github.com/matrix-org/synapse/issues/11212))
+- Do not accept events if a third-party rule `check_event_allowed` callback raises an exception. ([\#11033](https://github.com/matrix-org/synapse/issues/11033))
+- Fix long-standing bug where verification requests could fail in certain cases if a federation whitelist was in place but did not include your own homeserver. ([\#11129](https://github.com/matrix-org/synapse/issues/11129))
+- Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical messages is already part of the current room state at the given `?prev_event_id`. ([\#11188](https://github.com/matrix-org/synapse/issues/11188))
+- Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p. ([\#11191](https://github.com/matrix-org/synapse/issues/11191))
+- Delete `to_device` messages for hidden devices that will never be read, reducing database size. ([\#11199](https://github.com/matrix-org/synapse/issues/11199))
+- Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error. ([\#11200](https://github.com/matrix-org/synapse/issues/11200))
+- Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at Beeper. ([\#11207](https://github.com/matrix-org/synapse/issues/11207))
+- Fix a bug introduced in Synapse 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats. ([\#11217](https://github.com/matrix-org/synapse/issues/11217))
+- Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried. ([\#11234](https://github.com/matrix-org/synapse/issues/11234))
+- Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection. ([\#11240](https://github.com/matrix-org/synapse/issues/11240))
+- Fix a bug preventing Synapse from being rolled back to an earlier version when using workers. ([\#11255](https://github.com/matrix-org/synapse/issues/11255), [\#11276](https://github.com/matrix-org/synapse/issues/11276))
+- Fix a bug introduced in Synapse 1.37.1 which caused a remote event being processed by a worker to not get processed on restart if the worker was killed. ([\#11262](https://github.com/matrix-org/synapse/issues/11262))
+- Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu. ([\#11157](https://github.com/matrix-org/synapse/issues/11157))
+
+
+Updates to the Docker image
+---------------------------
+
+- Avoid changing user ID when started as a non-root user, and no explicit `UID` is set. ([\#11209](https://github.com/matrix-org/synapse/issues/11209))
+
+
+Improved Documentation
+----------------------
+
+- Improve example HAProxy config in the docs to properly handle HTTP `Host` headers with port information. This is required for federation over port 443 to work correctly. ([\#11128](https://github.com/matrix-org/synapse/issues/11128))
+- Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. ([\#11151](https://github.com/matrix-org/synapse/issues/11151))
+- Clarify lack of support for Windows. ([\#11198](https://github.com/matrix-org/synapse/issues/11198))
+- Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper. ([\#11221](https://github.com/matrix-org/synapse/issues/11221))
+- Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr. ([\#11257](https://github.com/matrix-org/synapse/issues/11257))
+
+
+Internal Changes
+----------------
+
+- Add type annotations for the `log_function` decorator. ([\#10943](https://github.com/matrix-org/synapse/issues/10943))
+- Add type hints to `synapse.events`. ([\#11098](https://github.com/matrix-org/synapse/issues/11098))
+- Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code. ([\#11137](https://github.com/matrix-org/synapse/issues/11137))
+- Add type hints so that `synapse.http` passes `mypy` checks. ([\#11164](https://github.com/matrix-org/synapse/issues/11164))
+- Update scripts to pass Shellcheck lints. ([\#11166](https://github.com/matrix-org/synapse/issues/11166))
+- Add knock information in admin export. Contributed by Rafael Gonçalves. ([\#11171](https://github.com/matrix-org/synapse/issues/11171))
+- Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly. ([\#11179](https://github.com/matrix-org/synapse/issues/11179))
+- Refactor `Filter` to check different fields depending on the data type. ([\#11194](https://github.com/matrix-org/synapse/issues/11194))
+- Improve type hints for the relations datastore. ([\#11205](https://github.com/matrix-org/synapse/issues/11205))
+- Replace outdated links in the pull request checklist with links to the rendered documentation. ([\#11225](https://github.com/matrix-org/synapse/issues/11225))
+- Fix a bug in unit test `test_block_room_and_not_purge`. ([\#11226](https://github.com/matrix-org/synapse/issues/11226))
+- In `ObservableDeferred`, run observers in the order they were registered. ([\#11229](https://github.com/matrix-org/synapse/issues/11229))
+- Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`. ([\#11231](https://github.com/matrix-org/synapse/issues/11231))
+- Add `twine` and `towncrier` as dev dependencies, as they're used by the release script. ([\#11233](https://github.com/matrix-org/synapse/issues/11233))
+- Allow `stream_writers.typing` config to be a list of one worker. ([\#11237](https://github.com/matrix-org/synapse/issues/11237))
+- Remove debugging statement in tests. ([\#11239](https://github.com/matrix-org/synapse/issues/11239))
+- Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers. ([\#11244](https://github.com/matrix-org/synapse/issues/11244))
+- Add an additional test for the `cachedList` method decorator. ([\#11246](https://github.com/matrix-org/synapse/issues/11246))
+- Make minor correction to the type of `auth_checkers` callbacks. ([\#11253](https://github.com/matrix-org/synapse/issues/11253))
+- Clean up trivial aspects of the Debian package build tooling. ([\#11269](https://github.com/matrix-org/synapse/issues/11269), [\#11273](https://github.com/matrix-org/synapse/issues/11273))
+- Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse. ([\#11270](https://github.com/matrix-org/synapse/issues/11270))
+
+
 Synapse 1.46.0 (2021-11-02)
 ===========================

--- a/changelog.d/10097.bugfix
+++ b/changelog.d/10097.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat.
--- a/changelog.d/10943.misc
+++ b/changelog.d/10943.misc
@ -1 +0,0 @@
-Add type annotations for the `log_function` decorator.
--- a/changelog.d/10969.bugfix
+++ b/changelog.d/10969.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
--- a/changelog.d/11033.bugfix
+++ b/changelog.d/11033.bugfix
@ -1 +0,0 @@
-Do not accept events if a third-party rule module API callback raises an exception.
--- a/changelog.d/11097.feature
+++ b/changelog.d/11097.feature
@ -1 +0,0 @@
-Advertise support for Client-Server API r0.6.1.
--- a/changelog.d/11098.misc
+++ b/changelog.d/11098.misc
@ -1 +0,0 @@
-Add type hints to `synapse.events`.
--- a/changelog.d/11099.feature
+++ b/changelog.d/11099.feature
@ -1 +0,0 @@
-Add search by room ID and room alias to List Room admin API.
--- a/changelog.d/11126.feature
+++ b/changelog.d/11126.feature
@ -1 +0,0 @@
-Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room.
--- a/changelog.d/11128.doc
+++ b/changelog.d/11128.doc
@ -1 +0,0 @@
-Improve example HAProxy config in the docs to properly handle host headers with port information. This is required for federation over port 443 to work correctly.
--- a/changelog.d/11129.bugfix
+++ b/changelog.d/11129.bugfix
@ -1 +0,0 @@
-Fix long-standing bug where verification requests could fail in certain cases if whitelist was in place but did not include your own homeserver.
--- a/changelog.d/11137.misc
+++ b/changelog.d/11137.misc
@ -1 +0,0 @@
-Remove and document unnecessary `RoomStreamToken` checks in application service ephemeral event code.
--- a/changelog.d/11147.feature
+++ b/changelog.d/11147.feature
@ -1 +0,0 @@
-Add a module API method to update a user's membership in a room.
--- a/changelog.d/11151.doc
+++ b/changelog.d/11151.doc
@ -1 +0,0 @@
-Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5.
--- a/changelog.d/11157.misc
+++ b/changelog.d/11157.misc
@ -1 +0,0 @@
-Only allow old Element/Riot Android clients to send read receipts without a request body. All other clients must include a request body as required by the specification. Contributed by @rogersheu.
--- a/changelog.d/11164.misc
+++ b/changelog.d/11164.misc
@ -1 +0,0 @@
-Add type hints so that `synapse.http` passes `mypy` checks.
--- a/changelog.d/11166.misc
+++ b/changelog.d/11166.misc
@ -1 +0,0 @@
-Update scripts to pass Shellcheck lints.
--- a/changelog.d/11171.misc
+++ b/changelog.d/11171.misc
@ -1 +0,0 @@
-Add knock information in admin export. Contributed by Rafael Gonçalves.
--- a/changelog.d/11178.feature
+++ b/changelog.d/11178.feature
@ -1 +0,0 @@
-Add metrics for thread pool usage.
--- a/changelog.d/11179.misc
+++ b/changelog.d/11179.misc
@ -1 +0,0 @@
-Add tests to check that `ClientIpStore.get_last_client_ip_by_device` and `get_user_ip_and_agents` combine database and in-memory data correctly.
--- a/changelog.d/11187.feature
+++ b/changelog.d/11187.feature
@ -1 +0,0 @@
-Support the stable room type field for [MSC3288](https://github.com/matrix-org/matrix-doc/pull/3288).
--- a/changelog.d/11188.bugfix
+++ b/changelog.d/11188.bugfix
@ -1 +0,0 @@
-Allow an empty list of `state_events_at_start` to be sent when using the [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) `/batch_send` endpoint and the author of the historical messages is already part of the current room state at the given `?prev_event_id`.
--- a/changelog.d/11191.bugfix
+++ b/changelog.d/11191.bugfix
@ -1 +0,0 @@
-Fix a bug introduced in Synapse 1.45.0 which prevented the `synapse_review_recent_signups` script from running. Contributed by @samuel-p.
--- a/changelog.d/11194.misc
+++ b/changelog.d/11194.misc
@ -1 +0,0 @@
-Refactor `Filter` to check different fields depending on the data type.
--- a/changelog.d/11198.doc
+++ b/changelog.d/11198.doc
@ -1 +0,0 @@
-Clarify lack of support for Windows.
--- a/changelog.d/11199.bugfix
+++ b/changelog.d/11199.bugfix
@ -1 +0,0 @@
-Delete `to_device` messages for hidden devices that will never be read, reducing database size.
--- a/changelog.d/11200.bugfix
+++ b/changelog.d/11200.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug wherein a missing `Content-Type` header when downloading remote media would cause Synapse to throw an error.
--- a/changelog.d/11204.feature
+++ b/changelog.d/11204.feature
@ -1 +0,0 @@
-Add a module API method to retrieve the current state of a room.
--- a/changelog.d/11205.misc
+++ b/changelog.d/11205.misc
@ -1 +0,0 @@
-Improve type hints for the relations datastore.
--- a/changelog.d/11206.removal
+++ b/changelog.d/11206.removal
@ -1 +0,0 @@
-The `user_may_create_room_with_invites` module callback is now deprecated. Please refer to the [upgrade notes](https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1470) for more information.
--- a/changelog.d/11207.bugfix
+++ b/changelog.d/11207.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug which could result in serialization errors and potentially duplicate transaction data when sending ephemeral events to application services. Contributed by @Fizzadar at Beeper.
--- a/changelog.d/11209.docker
+++ b/changelog.d/11209.docker
@ -1 +0,0 @@
-Avoid changing userid when started as a non-root user, and no explicit `UID` is set.
--- a/changelog.d/11210.feature
+++ b/changelog.d/11210.feature
@ -1 +0,0 @@
-Calculate a default value for `public_baseurl` based on `server_name`.
--- a/changelog.d/11211.feature
+++ b/changelog.d/11211.feature
@ -1 +0,0 @@
-Add support for serving `/.well-known/matrix/server` files, to redirect federation traffic to port 443.
--- a/changelog.d/11212.bugfix
+++ b/changelog.d/11212.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
--- a/changelog.d/11213.removal
+++ b/changelog.d/11213.removal
@ -1 +0,0 @@
-Remove deprecated admin API to delete rooms (`POST /_synapse/admin/v1/rooms/<room_id>/delete`).
--- a/changelog.d/11217.bugfix
+++ b/changelog.d/11217.bugfix
@ -1 +0,0 @@
-Fix a bug introduced in 1.35.0 which made it impossible to join rooms that return a `send_join` response containing floats.
--- a/changelog.d/11221.doc
+++ b/changelog.d/11221.doc
@ -1 +0,0 @@
-Improve code formatting and fix a few typos in docs. Contributed by @sumnerevans at Beeper.
--- a/changelog.d/11225.misc
+++ b/changelog.d/11225.misc
@ -1 +0,0 @@
-Replace outdated links in the pull request checklist with links to the rendered documentation.
--- a/changelog.d/11226.misc
+++ b/changelog.d/11226.misc
@ -1 +0,0 @@
-Fix a bug in unit test `test_block_room_and_not_purge`.
--- a/changelog.d/11229.misc
+++ b/changelog.d/11229.misc
@ -1 +0,0 @@
-`ObservableDeferred`: run registered observers in order.
--- a/changelog.d/11231.misc
+++ b/changelog.d/11231.misc
@ -1 +0,0 @@
-Minor speed up to start up times and getting updates for groups by adding missing index to `local_group_updates.stream_id`.
--- a/changelog.d/11233.misc
+++ b/changelog.d/11233.misc
@ -1 +0,0 @@
-Add `twine` and `towncrier` as dev dependencies, as they're used by the release script.
--- a/changelog.d/11234.bugfix
+++ b/changelog.d/11234.bugfix
@ -1 +0,0 @@
-Fix long-standing bug where cross signing keys were not included in the response to `/r0/keys/query` the first time a remote user was queried.
--- a/changelog.d/11237.misc
+++ b/changelog.d/11237.misc
@ -1 +0,0 @@
-Allow `stream_writers.typing` config to be a list of one worker.
--- a/changelog.d/11239.misc
+++ b/changelog.d/11239.misc
@ -1 +0,0 @@
-Remove debugging statement in tests.
--- a/changelog.d/11240.bugfix
+++ b/changelog.d/11240.bugfix
@ -1 +0,0 @@
-Fix a long-standing bug where all requests that read events from the database could get stuck as a result of losing the database connection.
--- a/changelog.d/11242.misc
+++ b/changelog.d/11242.misc
@ -0,0 +1 @@
+Split out federated PDU retrieval function into a non-cached version.
--- a/changelog.d/11244.misc
+++ b/changelog.d/11244.misc
@ -1 +0,0 @@
-Fix [MSC2716](https://github.com/matrix-org/matrix-doc/pull/2716) historical messages backfilling in random order on remote homeservers.
--- a/changelog.d/11246.misc
+++ b/changelog.d/11246.misc
@ -1 +0,0 @@
-Add an additional test for the `cachedList` method decorator.
--- a/changelog.d/11253.misc
+++ b/changelog.d/11253.misc
@ -1 +0,0 @@
-Make minor correction to the type of `auth_checkers` callbacks.
--- a/changelog.d/11255.bugfix
+++ b/changelog.d/11255.bugfix
@ -1 +0,0 @@
-Fix rolling back Synapse version when using workers.
--- a/changelog.d/11257.doc
+++ b/changelog.d/11257.doc
@ -1 +0,0 @@
-Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr.
--- a/changelog.d/11262.bugfix
+++ b/changelog.d/11262.bugfix
@ -1 +0,0 @@
-Fix a bug where if a remote event is being processed by a worker when it gets killed then it won't get processed on restart. Introduced in v1.37.1.
--- a/changelog.d/11263.feature
+++ b/changelog.d/11263.feature
@ -1 +0,0 @@
-Add some background update admin APIs.
--- a/changelog.d/11269.misc
+++ b/changelog.d/11269.misc
@ -1 +0,0 @@
-Clean up trivial aspects of the Debian package build tooling.
--- a/changelog.d/11270.misc
+++ b/changelog.d/11270.misc
@ -1 +0,0 @@
-Blacklist new SyTest that checks that key uploads are valid pending the validation being implemented in Synapse.
--- a/changelog.d/11273.misc
+++ b/changelog.d/11273.misc
@ -1 +0,0 @@
-Clean up trivial aspects of the Debian package build tooling.
--- a/changelog.d/11276.bugfix
+++ b/changelog.d/11276.bugfix
@ -1 +0,0 @@
-Fix rolling back Synapse version when using workers.
--- a/changelog.d/11286.doc
+++ b/changelog.d/11286.doc
@ -0,0 +1 @@
+Fix typo in the word `available` and fix HTTP method (should be `GET`) for the `username_available` admin API. Contributed by Stanislav Motylkov.
--- a/changelog.d/11287.misc
+++ b/changelog.d/11287.misc
@ -0,0 +1 @@
+Add missing type hints to `synapse.app`.
--- a/changelog.d/11288.bugfix
+++ b/changelog.d/11288.bugfix
@ -0,0 +1 @@
+Fix a long-standing bug where uploading extremely thin images (e.g. 1000x1) would fail. Contributed by @Neeeflix.
--- a/changelog.d/11292.misc
+++ b/changelog.d/11292.misc
@ -0,0 +1 @@
+Remove unused parameters on `FederationEventHandler._check_event_auth`.
--- a/changelog.d/11297.misc
+++ b/changelog.d/11297.misc
@ -0,0 +1 @@
+Add type hints to `synapse._scripts`.
--- a/changelog.d/11298.doc
+++ b/changelog.d/11298.doc
@ -0,0 +1 @@
+Add Single Sign-On, SAML and CAS pages to the documentation.
--- a/debian/changelog
+++ b/debian/changelog
@ -1,12 +1,16 @@
-matrix-synapse-py3 (1.47.0+nmu1) UNRELEASED; urgency=medium
+matrix-synapse-py3 (1.47.0~rc2) stable; urgency=medium

+  [ Dan Callahan ]
  * Update scripts to pass Shellcheck lints.
  * Remove unused Vagrant scripts from debian/ directory.
  * Allow building Debian packages for any architecture, not just amd64.
  * Preinstall the "wheel" package when building virtualenvs.
  * Do not error if /etc/default/matrix-synapse is missing.

- -- Dan Callahan <danc@element.io>  Fri, 22 Oct 2021 22:20:31 +0000
+  [ Synapse Packaging team ]
+  * New synapse release 1.47.0~rc2.
+
+ -- Synapse Packaging team <packages@matrix.org>  Wed, 10 Nov 2021 09:41:01 +0000

 matrix-synapse-py3 (1.46.0) stable; urgency=medium

--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@ -23,10 +23,10 @@
    - [Structured Logging](structured_logging.md)
    - [Templates](templates.md)
    - [User Authentication](usage/configuration/user_authentication/README.md)
-      - [Single-Sign On]()
+      - [Single-Sign On](usage/configuration/user_authentication/single_sign_on/README.md)
        - [OpenID Connect](openid.md)
-        - [SAML]()
-        - [CAS]()
+        - [SAML](usage/configuration/user_authentication/single_sign_on/saml.md)
+        - [CAS](usage/configuration/user_authentication/single_sign_on/cas.md)
        - [SSO Mapping Providers](sso_mapping_providers.md)
      - [Password Auth Providers](password_auth_providers.md)
      - [JSON Web Tokens](jwt.md)
--- a/docs/admin_api/user_admin_api.md
+++ b/docs/admin_api/user_admin_api.md
@ -1107,7 +1107,7 @@ This endpoint will work even if registration is disabled on the server, unlike
 The API is:

 ```
-POST /_synapse/admin/v1/username_availabile?username=$localpart
+GET /_synapse/admin/v1/username_available?username=$localpart
 ```

 The request and response format is the same as the [/_matrix/client/r0/register/available](https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-register-available) API.
--- a/docs/usage/configuration/user_authentication/single_sign_on/README.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/README.md
@ -0,0 +1,5 @@
+# Single Sign-On
+
+Synapse supports single sign-on through the SAML, Open ID Connect or CAS protocols. 
+LDAP and other login methods are supported through first and third-party password
+auth provider modules.
--- a/docs/usage/configuration/user_authentication/single_sign_on/cas.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/cas.md
@ -0,0 +1,8 @@
+# CAS
+
+Synapse supports authenticating users via the [Central Authentication
+Service protocol](https://en.wikipedia.org/wiki/Central_Authentication_Service)
+(CAS) natively.
+
+Please see the `cas_config` and `sso` sections of the [Synapse configuration
+file](../../../configuration/homeserver_sample_config.md) for more details.
--- a/docs/usage/configuration/user_authentication/single_sign_on/saml.md
+++ b/docs/usage/configuration/user_authentication/single_sign_on/saml.md
@ -0,0 +1,8 @@
+# SAML
+
+Synapse supports authenticating users via the [Security Assertion
+Markup Language](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language)
+(SAML) protocol natively.
+
+Please see the `saml2_config` and `sso` sections of the [Synapse configuration
+file](../../../configuration/homeserver_sample_config.md) for more details.
--- a/mypy.ini
+++ b/mypy.ini
@ -23,24 +23,6 @@ files =
 # https://docs.python.org/3/library/re.html#re.X
 exclude = (?x)
  ^(
-   |synapse/_scripts/register_new_matrix_user.py
-   |synapse/_scripts/review_recent_signups.py
-   |synapse/app/__init__.py
-   |synapse/app/_base.py
-   |synapse/app/admin_cmd.py
-   |synapse/app/appservice.py
-   |synapse/app/client_reader.py
-   |synapse/app/event_creator.py
-   |synapse/app/federation_reader.py
-   |synapse/app/federation_sender.py
-   |synapse/app/frontend_proxy.py
-   |synapse/app/generic_worker.py
-   |synapse/app/homeserver.py
-   |synapse/app/media_repository.py
-   |synapse/app/phone_stats_home.py
-   |synapse/app/pusher.py
-   |synapse/app/synchrotron.py
-   |synapse/app/user_dir.py
   |synapse/storage/databases/__init__.py
   |synapse/storage/databases/main/__init__.py
   |synapse/storage/databases/main/account_data.py
@ -181,6 +163,9 @@ exclude = (?x)
 [mypy-synapse.api.*]
 disallow_untyped_defs = True

+[mypy-synapse.app.*]
+disallow_untyped_defs = True
+
 [mypy-synapse.crypto.*]
 disallow_untyped_defs = True

--- a/setup.py
+++ b/setup.py
@ -110,6 +110,7 @@ CONDITIONAL_REQUIREMENTS["mypy"] = [
    "types-Pillow>=8.3.4",
    "types-pyOpenSSL>=20.0.7",
    "types-PyYAML>=5.4.10",
+    "types-requests>=2.26.0",
    "types-setuptools>=57.4.0",
 ]

--- a/synapse/init.py
+++ b/synapse/init.py
@ -47,7 +47,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.46.0"
+__version__ = "1.47.0rc2"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@ -1,5 +1,6 @@
 # Copyright 2015, 2016 OpenMarket Ltd
 # Copyright 2018 New Vector
+# Copyright 2021 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -19,22 +20,23 @@ import hashlib
 import hmac
 import logging
 import sys
+from typing import Callable, Optional

 import requests as _requests
 import yaml


 def request_registration(
-    user,
-    password,
-    server_location,
-    shared_secret,
-    admin=False,
-    user_type=None,
+    user: str,
+    password: str,
+    server_location: str,
+    shared_secret: str,
+    admin: bool = False,
+    user_type: Optional[str] = None,
    requests=_requests,
-    _print=print,
-    exit=sys.exit,
-):
+    _print: Callable[[str], None] = print,
+    exit: Callable[[int], None] = sys.exit,
+) -> None:

    url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)

@ -65,13 +67,13 @@ def request_registration(
        mac.update(b"\x00")
        mac.update(user_type.encode("utf8"))

-    mac = mac.hexdigest()
+    hex_mac = mac.hexdigest()

    data = {
        "nonce": nonce,
        "username": user,
        "password": password,
-        "mac": mac,
+        "mac": hex_mac,
        "admin": admin,
        "user_type": user_type,
    }
@ -91,10 +93,17 @@ def request_registration(
    _print("Success!")


-def register_new_user(user, password, server_location, shared_secret, admin, user_type):
+def register_new_user(
+    user: str,
+    password: str,
+    server_location: str,
+    shared_secret: str,
+    admin: Optional[bool],
+    user_type: Optional[str],
+) -> None:
    if not user:
        try:
-            default_user = getpass.getuser()
+            default_user: Optional[str] = getpass.getuser()
        except Exception:
            default_user = None

@ -123,8 +132,8 @@ def register_new_user(user, password, server_location, shared_secret, admin, use
            sys.exit(1)

    if admin is None:
-        admin = input("Make admin [no]: ")
-        if admin in ("y", "yes", "true"):
+        admin_inp = input("Make admin [no]: ")
+        if admin_inp in ("y", "yes", "true"):
            admin = True
        else:
            admin = False
@ -134,7 +143,7 @@ def register_new_user(user, password, server_location, shared_secret, admin, use
    )


-def main():
+def main() -> None:

    logging.captureWarnings(True)

--- a/synapse/_scripts/review_recent_signups.py
+++ b/synapse/_scripts/review_recent_signups.py
@ -92,7 +92,7 @@ def get_recent_users(txn: LoggingTransaction, since_ms: int) -> List[UserInfo]:
    return user_infos


-def main():
+def main() -> None:
    parser = argparse.ArgumentParser()
    parser.add_argument(
        "-c",
@ -142,7 +142,8 @@ def main():
    engine = create_engine(database_config.config)

    with make_conn(database_config, engine, "review_recent_signups") as db_conn:
-        user_infos = get_recent_users(db_conn.cursor(), since_ms)
+        # This generates a type of Cursor, not LoggingTransaction.
+        user_infos = get_recent_users(db_conn.cursor(), since_ms)  # type: ignore[arg-type]

    for user_info in user_infos:
        if exclude_users_with_email and user_info.emails:
--- a/synapse/app/init.py
+++ b/synapse/app/init.py
@ -13,6 +13,7 @@
 # limitations under the License.
 import logging
 import sys
+from typing import Container

 from synapse import python_dependencies  # noqa: E402

@ -27,7 +28,9 @@ except python_dependencies.DependencyException as e:
    sys.exit(1)


-def check_bind_error(e, address, bind_addresses):
+def check_bind_error(
+    e: Exception, address: str, bind_addresses: Container[str]
+) -> None:
    """
    This method checks an exception occurred while binding on 0.0.0.0.
    If :: is specified in the bind addresses a warning is shown.
@ -38,9 +41,9 @@ def check_bind_error(e, address, bind_addresses):
    When binding on 0.0.0.0 after :: this can safely be ignored.

    Args:
-        e (Exception): Exception that was caught.
-        address (str): Address on which binding was attempted.
-        bind_addresses (list): Addresses on which the service listens.
+        e: Exception that was caught.
+        address: Address on which binding was attempted.
+        bind_addresses: Addresses on which the service listens.
    """
    if address == "0.0.0.0" and "::" in bind_addresses:
        logger.warning(
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@ -22,13 +22,27 @@ import socket
 import sys
 import traceback
 import warnings
-from typing import TYPE_CHECKING, Awaitable, Callable, Iterable
+from typing import (
+    TYPE_CHECKING,
+    Any,
+    Awaitable,
+    Callable,
+    Collection,
+    Dict,
+    Iterable,
+    List,
+    NoReturn,
+    Tuple,
+    cast,
+)

 from cryptography.utils import CryptographyDeprecationWarning
-from typing_extensions import NoReturn

 import twisted
-from twisted.internet import defer, error, reactor
+from twisted.internet import defer, error, reactor as _reactor
+from twisted.internet.interfaces import IOpenSSLContextFactory, IReactorSSL, IReactorTCP
+from twisted.internet.protocol import ServerFactory
+from twisted.internet.tcp import Port
 from twisted.logger import LoggingFile, LogLevel
 from twisted.protocols.tls import TLSMemoryBIOFactory
 from twisted.python.threadpool import ThreadPool
@ -48,6 +62,7 @@ from synapse.logging.context import PreserveLoggingContext
 from synapse.metrics import register_threadpool
 from synapse.metrics.background_process_metrics import wrap_as_background_process
 from synapse.metrics.jemalloc import setup_jemalloc_stats
+from synapse.types import ISynapseReactor
 from synapse.util.caches.lrucache import setup_expire_lru_cache_entries
 from synapse.util.daemonize import daemonize_process
 from synapse.util.gai_resolver import GAIResolver
@ -57,33 +72,44 @@ from synapse.util.versionstring import get_version_string
 if TYPE_CHECKING:
    from synapse.server import HomeServer

+# Twisted injects the global reactor to make it easier to import, this confuses
+# mypy which thinks it is a module. Tell it that it a more proper type.
+reactor = cast(ISynapseReactor, _reactor)
+
+
 logger = logging.getLogger(__name__)

 # list of tuples of function, args list, kwargs dict
-_sighup_callbacks = []
+_sighup_callbacks: List[
+    Tuple[Callable[..., None], Tuple[Any, ...], Dict[str, Any]]
+] = []


-def register_sighup(func, *args, **kwargs):
+def register_sighup(func: Callable[..., None], *args: Any, **kwargs: Any) -> None:
    """
    Register a function to be called when a SIGHUP occurs.

    Args:
-        func (function): Function to be called when sent a SIGHUP signal.
+        func: Function to be called when sent a SIGHUP signal.
        *args, **kwargs: args and kwargs to be passed to the target function.
    """
    _sighup_callbacks.append((func, args, kwargs))


-def start_worker_reactor(appname, config, run_command=reactor.run):
+def start_worker_reactor(
+    appname: str,
+    config: HomeServerConfig,
+    run_command: Callable[[], None] = reactor.run,
+) -> None:
    """Run the reactor in the main process

    Daemonizes if necessary, and then configures some resources, before starting
    the reactor. Pulls configuration from the 'worker' settings in 'config'.

    Args:
-        appname (str): application name which will be sent to syslog
-        config (synapse.config.Config): config object
-        run_command (Callable[]): callable that actually runs the reactor
+        appname: application name which will be sent to syslog
+        config: config object
+        run_command: callable that actually runs the reactor
    """

    logger = logging.getLogger(config.worker.worker_app)
@ -101,32 +127,32 @@ def start_worker_reactor(appname, config, run_command=reactor.run):


 def start_reactor(
-    appname,
-    soft_file_limit,
-    gc_thresholds,
-    pid_file,
-    daemonize,
-    print_pidfile,
-    logger,
-    run_command=reactor.run,
-):
+    appname: str,
+    soft_file_limit: int,
+    gc_thresholds: Tuple[int, int, int],
+    pid_file: str,
+    daemonize: bool,
+    print_pidfile: bool,
+    logger: logging.Logger,
+    run_command: Callable[[], None] = reactor.run,
+) -> None:
    """Run the reactor in the main process

    Daemonizes if necessary, and then configures some resources, before starting
    the reactor

    Args:
-        appname (str): application name which will be sent to syslog
-        soft_file_limit (int):
+        appname: application name which will be sent to syslog
+        soft_file_limit:
        gc_thresholds:
-        pid_file (str): name of pid file to write to if daemonize is True
-        daemonize (bool): true to run the reactor in a background process
-        print_pidfile (bool): whether to print the pid file, if daemonize is True
-        logger (logging.Logger): logger instance to pass to Daemonize
-        run_command (Callable[]): callable that actually runs the reactor
+        pid_file: name of pid file to write to if daemonize is True
+        daemonize: true to run the reactor in a background process
+        print_pidfile: whether to print the pid file, if daemonize is True
+        logger: logger instance to pass to Daemonize
+        run_command: callable that actually runs the reactor
    """

-    def run():
+    def run() -> None:
        logger.info("Running")
        setup_jemalloc_stats()
        change_resource_limit(soft_file_limit)
@ -185,7 +211,7 @@ def redirect_stdio_to_logs() -> None:
    print("Redirected stdout/stderr to logs")


-def register_start(cb: Callable[..., Awaitable], *args, **kwargs) -> None:
+def register_start(cb: Callable[..., Awaitable], *args: Any, **kwargs: Any) -> None:
    """Register a callback with the reactor, to be called once it is running

    This can be used to initialise parts of the system which require an asynchronous
@ -195,7 +221,7 @@ def register_start(cb: Callable[..., Awaitable], *args, **kwargs) -> None:
    will exit.
    """

-    async def wrapper():
+    async def wrapper() -> None:
        try:
            await cb(*args, **kwargs)
        except Exception:
@ -224,7 +250,7 @@ def register_start(cb: Callable[..., Awaitable], *args, **kwargs) -> None:
    reactor.callWhenRunning(lambda: defer.ensureDeferred(wrapper()))


-def listen_metrics(bind_addresses, port):
+def listen_metrics(bind_addresses: Iterable[str], port: int) -> None:
    """
    Start Prometheus metrics server.
    """
@ -236,11 +262,11 @@ def listen_metrics(bind_addresses, port):


 def listen_manhole(
-    bind_addresses: Iterable[str],
+    bind_addresses: Collection[str],
    port: int,
    manhole_settings: ManholeConfig,
    manhole_globals: dict,
-):
+) -> None:
    # twisted.conch.manhole 21.1.0 uses "int_from_bytes", which produces a confusing
    # warning. It's fixed by https://github.com/twisted/twisted/pull/1522), so
    # suppress the warning for now.
@ -259,12 +285,18 @@ def listen_manhole(
    )


-def listen_tcp(bind_addresses, port, factory, reactor=reactor, backlog=50):
+def listen_tcp(
+    bind_addresses: Collection[str],
+    port: int,
+    factory: ServerFactory,
+    reactor: IReactorTCP = reactor,
+    backlog: int = 50,
+) -> List[Port]:
    """
    Create a TCP socket for a port and several addresses

    Returns:
-        list[twisted.internet.tcp.Port]: listening for TCP connections
+        list of twisted.internet.tcp.Port listening for TCP connections
    """
    r = []
    for address in bind_addresses:
@ -273,12 +305,19 @@ def listen_tcp(bind_addresses, port, factory, reactor=reactor, backlog=50):
        except error.CannotListenError as e:
            check_bind_error(e, address, bind_addresses)

-    return r
+    # IReactorTCP returns an object implementing IListeningPort from listenTCP,
+    # but we know it will be a Port instance.
+    return r  # type: ignore[return-value]


 def listen_ssl(
-    bind_addresses, port, factory, context_factory, reactor=reactor, backlog=50
-):
+    bind_addresses: Collection[str],
+    port: int,
+    factory: ServerFactory,
+    context_factory: IOpenSSLContextFactory,
+    reactor: IReactorSSL = reactor,
+    backlog: int = 50,
+) -> List[Port]:
    """
    Create an TLS-over-TCP socket for a port and several addresses

@ -294,10 +333,13 @@ def listen_ssl(
        except error.CannotListenError as e:
            check_bind_error(e, address, bind_addresses)

-    return r
+    # IReactorSSL incorrectly declares that an int is returned from listenSSL,
+    # it actually returns an object implementing IListeningPort, but we know it
+    # will be a Port instance.
+    return r  # type: ignore[return-value]


-def refresh_certificate(hs: "HomeServer"):
+def refresh_certificate(hs: "HomeServer") -> None:
    """
    Refresh the TLS certificates that Synapse is using by re-reading them from
    disk and updating the TLS context factories to use them.
@ -329,7 +371,7 @@ def refresh_certificate(hs: "HomeServer"):
        logger.info("Context factories updated.")


-async def start(hs: "HomeServer"):
+async def start(hs: "HomeServer") -> None:
    """
    Start a Synapse server or worker.

@ -360,7 +402,7 @@ async def start(hs: "HomeServer"):
    if hasattr(signal, "SIGHUP"):

        @wrap_as_background_process("sighup")
-        def handle_sighup(*args, **kwargs):
+        def handle_sighup(*args: Any, **kwargs: Any) -> None:
            # Tell systemd our state, if we're using it. This will silently fail if
            # we're not using systemd.
            sdnotify(b"RELOADING=1")
@ -373,7 +415,7 @@ async def start(hs: "HomeServer"):
        # We defer running the sighup handlers until next reactor tick. This
        # is so that we're in a sane state, e.g. flushing the logs may fail
        # if the sighup happens in the middle of writing a log entry.
-        def run_sighup(*args, **kwargs):
+        def run_sighup(*args: Any, **kwargs: Any) -> None:
            # `callFromThread` should be "signal safe" as well as thread
            # safe.
            reactor.callFromThread(handle_sighup, *args, **kwargs)
@ -436,12 +478,8 @@ async def start(hs: "HomeServer"):
        atexit.register(gc.freeze)


-def setup_sentry(hs: "HomeServer"):
-    """Enable sentry integration, if enabled in configuration
-
-    Args:
-        hs
-    """
+def setup_sentry(hs: "HomeServer") -> None:
+    """Enable sentry integration, if enabled in configuration"""

    if not hs.config.metrics.sentry_enabled:
        return
@ -466,7 +504,7 @@ def setup_sentry(hs: "HomeServer"):
        scope.set_tag("worker_name", name)


-def setup_sdnotify(hs: "HomeServer"):
+def setup_sdnotify(hs: "HomeServer") -> None:
    """Adds process state hooks to tell systemd what we are up to."""

    # Tell systemd our state, if we're using it. This will silently fail if
@ -481,7 +519,7 @@ def setup_sdnotify(hs: "HomeServer"):
 sdnotify_sockaddr = os.getenv("NOTIFY_SOCKET")


-def sdnotify(state):
+def sdnotify(state: bytes) -> None:
    """
    Send a notification to systemd, if the NOTIFY_SOCKET env var is set.

@ -490,7 +528,7 @@ def sdnotify(state):
    package which many OSes don't include as a matter of principle.

    Args:
-        state (bytes): notification to send
+        state: notification to send
    """
    if not isinstance(state, bytes):
        raise TypeError("sdnotify should be called with a bytes")
--- a/synapse/app/admin_cmd.py
+++ b/synapse/app/admin_cmd.py
@ -17,6 +17,7 @@ import logging
 import os
 import sys
 import tempfile
+from typing import List, Optional

 from twisted.internet import defer, task

@ -25,6 +26,7 @@ from synapse.app import _base
 from synapse.config._base import ConfigError
 from synapse.config.homeserver import HomeServerConfig
 from synapse.config.logger import setup_logging
+from synapse.events import EventBase
 from synapse.handlers.admin import ExfiltrationWriter
 from synapse.replication.slave.storage._base import BaseSlavedStore
 from synapse.replication.slave.storage.account_data import SlavedAccountDataStore
@ -40,6 +42,7 @@ from synapse.replication.slave.storage.receipts import SlavedReceiptsStore
 from synapse.replication.slave.storage.registration import SlavedRegistrationStore
 from synapse.server import HomeServer
 from synapse.storage.databases.main.room import RoomWorkerStore
+from synapse.types import StateMap
 from synapse.util.logcontext import LoggingContext
 from synapse.util.versionstring import get_version_string

@ -65,16 +68,11 @@ class AdminCmdSlavedStore(


 class AdminCmdServer(HomeServer):
-    DATASTORE_CLASS = AdminCmdSlavedStore
+    DATASTORE_CLASS = AdminCmdSlavedStore  # type: ignore


-async def export_data_command(hs: HomeServer, args):
-    """Export data for a user.
-
-    Args:
-        hs
-        args (argparse.Namespace)
-    """
+async def export_data_command(hs: HomeServer, args: argparse.Namespace) -> None:
+    """Export data for a user."""

    user_id = args.user_id
    directory = args.output_directory
@ -92,12 +90,12 @@ class FileExfiltrationWriter(ExfiltrationWriter):
    Note: This writes to disk on the main reactor thread.

    Args:
-        user_id (str): The user whose data is being exfiltrated.
-        directory (str|None): The directory to write the data to, if None then
-            will write to a temporary directory.
+        user_id: The user whose data is being exfiltrated.
+        directory: The directory to write the data to, if None then will write
+            to a temporary directory.
    """

-    def __init__(self, user_id, directory=None):
+    def __init__(self, user_id: str, directory: Optional[str] = None):
        self.user_id = user_id

        if directory:
@ -111,7 +109,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
        if list(os.listdir(self.base_directory)):
            raise Exception("Directory must be empty")

-    def write_events(self, room_id, events):
+    def write_events(self, room_id: str, events: List[EventBase]) -> None:
        room_directory = os.path.join(self.base_directory, "rooms", room_id)
        os.makedirs(room_directory, exist_ok=True)
        events_file = os.path.join(room_directory, "events")
@ -120,7 +118,9 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in events:
                print(json.dumps(event.get_pdu_json()), file=f)

-    def write_state(self, room_id, event_id, state):
+    def write_state(
+        self, room_id: str, event_id: str, state: StateMap[EventBase]
+    ) -> None:
        room_directory = os.path.join(self.base_directory, "rooms", room_id)
        state_directory = os.path.join(room_directory, "state")
        os.makedirs(state_directory, exist_ok=True)
@ -131,7 +131,9 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event.get_pdu_json()), file=f)

-    def write_invite(self, room_id, event, state):
+    def write_invite(
+        self, room_id: str, event: EventBase, state: StateMap[EventBase]
+    ) -> None:
        self.write_events(room_id, [event])

        # We write the invite state somewhere else as they aren't full events
@ -145,7 +147,9 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event), file=f)

-    def write_knock(self, room_id, event, state):
+    def write_knock(
+        self, room_id: str, event: EventBase, state: StateMap[EventBase]
+    ) -> None:
        self.write_events(room_id, [event])

        # We write the knock state somewhere else as they aren't full events
@ -159,11 +163,11 @@ class FileExfiltrationWriter(ExfiltrationWriter):
            for event in state.values():
                print(json.dumps(event), file=f)

-    def finished(self):
+    def finished(self) -> str:
        return self.base_directory


-def start(config_options):
+def start(config_options: List[str]) -> None:
    parser = argparse.ArgumentParser(description="Synapse Admin Command")
    HomeServerConfig.add_arguments_to_parser(parser)

@ -231,7 +235,7 @@ def start(config_options):
    # We also make sure that `_base.start` gets run before we actually run the
    # command.

-    async def run():
+    async def run() -> None:
        with LoggingContext("command"):
            await _base.start(ss)
            await args.func(ss, args)
--- a/synapse/app/generic_worker.py
+++ b/synapse/app/generic_worker.py
@ -14,11 +14,10 @@
 # limitations under the License.
 import logging
 import sys
-from typing import Dict, Optional
+from typing import Dict, List, Optional, Tuple

 from twisted.internet import address
-from twisted.web.resource import IResource
-from twisted.web.server import Request
+from twisted.web.resource import Resource

 import synapse
 import synapse.events
@ -44,7 +43,7 @@ from synapse.config.server import ListenerConfig
 from synapse.federation.transport.server import TransportLayerServer
 from synapse.http.server import JsonResource, OptionsResource
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
-from synapse.http.site import SynapseSite
+from synapse.http.site import SynapseRequest, SynapseSite
 from synapse.logging.context import LoggingContext
 from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
 from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
@ -119,6 +118,7 @@ from synapse.storage.databases.main.stats import StatsStore
 from synapse.storage.databases.main.transactions import TransactionWorkerStore
 from synapse.storage.databases.main.ui_auth import UIAuthWorkerStore
 from synapse.storage.databases.main.user_directory import UserDirectoryStore
+from synapse.types import JsonDict
 from synapse.util.httpresourcetree import create_resource_tree
 from synapse.util.versionstring import get_version_string

@ -143,7 +143,9 @@ class KeyUploadServlet(RestServlet):
        self.http_client = hs.get_simple_http_client()
        self.main_uri = hs.config.worker.worker_main_http_uri

-    async def on_POST(self, request: Request, device_id: Optional[str]):
+    async def on_POST(
+        self, request: SynapseRequest, device_id: Optional[str]
+    ) -> Tuple[int, JsonDict]:
        requester = await self.auth.get_user_by_req(request, allow_guest=True)
        user_id = requester.user.to_string()
        body = parse_json_object_from_request(request)
@ -187,9 +189,8 @@ class KeyUploadServlet(RestServlet):
                # If the header exists, add to the comma-separated list of the first
                # instance of the header. Otherwise, generate a new header.
                if x_forwarded_for:
-                    x_forwarded_for = [
-                        x_forwarded_for[0] + b", " + previous_host
-                    ] + x_forwarded_for[1:]
+                    x_forwarded_for = [x_forwarded_for[0] + b", " + previous_host]
+                    x_forwarded_for.extend(x_forwarded_for[1:])
                else:
                    x_forwarded_for = [previous_host]
            headers[b"X-Forwarded-For"] = x_forwarded_for
@ -253,13 +254,16 @@ class GenericWorkerSlavedStore(
    SessionStore,
    BaseSlavedStore,
 ):
-    pass
+    # Properties that multiple storage classes define. Tell mypy what the
+    # expected type is.
+    server_name: str
+    config: HomeServerConfig


 class GenericWorkerServer(HomeServer):
-    DATASTORE_CLASS = GenericWorkerSlavedStore
+    DATASTORE_CLASS = GenericWorkerSlavedStore  # type: ignore

-    def _listen_http(self, listener_config: ListenerConfig):
+    def _listen_http(self, listener_config: ListenerConfig) -> None:
        port = listener_config.port
        bind_addresses = listener_config.bind_addresses

@ -267,10 +271,10 @@ class GenericWorkerServer(HomeServer):

        site_tag = listener_config.http_options.tag
        if site_tag is None:
-            site_tag = port
+            site_tag = str(port)

        # We always include a health resource.
-        resources: Dict[str, IResource] = {"/health": HealthResource()}
+        resources: Dict[str, Resource] = {"/health": HealthResource()}

        for res in listener_config.http_options.resources:
            for name in res.names:
@ -386,7 +390,7 @@ class GenericWorkerServer(HomeServer):

        logger.info("Synapse worker now listening on port %d", port)

-    def start_listening(self):
+    def start_listening(self) -> None:
        for listener in self.config.worker.worker_listeners:
            if listener.type == "http":
                self._listen_http(listener)
@ -411,7 +415,7 @@ class GenericWorkerServer(HomeServer):
        self.get_tcp_replication().start_replication(self)


-def start(config_options):
+def start(config_options: List[str]) -> None:
    try:
        config = HomeServerConfig.load_config("Synapse worker", config_options)
    except ConfigError as e:
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@ -16,10 +16,10 @@
 import logging
 import os
 import sys
-from typing import Iterator
+from typing import Dict, Iterable, Iterator, List

-from twisted.internet import reactor
-from twisted.web.resource import EncodingResourceWrapper, IResource
+from twisted.internet.tcp import Port
+from twisted.web.resource import EncodingResourceWrapper, Resource
 from twisted.web.server import GzipEncoderFactory
 from twisted.web.static import File

@ -76,23 +76,27 @@ from synapse.util.versionstring import get_version_string
 logger = logging.getLogger("synapse.app.homeserver")


-def gz_wrap(r):
+def gz_wrap(r: Resource) -> Resource:
    return EncodingResourceWrapper(r, [GzipEncoderFactory()])


 class SynapseHomeServer(HomeServer):
-    DATASTORE_CLASS = DataStore
+    DATASTORE_CLASS = DataStore  # type: ignore

-    def _listener_http(self, config: HomeServerConfig, listener_config: ListenerConfig):
+    def _listener_http(
+        self, config: HomeServerConfig, listener_config: ListenerConfig
+    ) -> Iterable[Port]:
        port = listener_config.port
        bind_addresses = listener_config.bind_addresses
        tls = listener_config.tls
+        # Must exist since this is an HTTP listener.
+        assert listener_config.http_options is not None
        site_tag = listener_config.http_options.tag
        if site_tag is None:
            site_tag = str(port)

        # We always include a health resource.
-        resources = {"/health": HealthResource()}
+        resources: Dict[str, Resource] = {"/health": HealthResource()}

        for res in listener_config.http_options.resources:
            for name in res.names:
@ -111,7 +115,7 @@ class SynapseHomeServer(HomeServer):
                ("listeners", site_tag, "additional_resources", "<%s>" % (path,)),
            )
            handler = handler_cls(config, module_api)
-            if IResource.providedBy(handler):
+            if isinstance(handler, Resource):
                resource = handler
            elif hasattr(handler, "handle_request"):
                resource = AdditionalResource(self, handler.handle_request)
@ -128,7 +132,7 @@ class SynapseHomeServer(HomeServer):

        # try to find something useful to redirect '/' to
        if WEB_CLIENT_PREFIX in resources:
-            root_resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
+            root_resource: Resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
        elif STATIC_PREFIX in resources:
            root_resource = RootOptionsRedirectResource(STATIC_PREFIX)
        else:
@ -145,6 +149,8 @@ class SynapseHomeServer(HomeServer):
        )

        if tls:
+            # refresh_certificate should have been called before this.
+            assert self.tls_server_context_factory is not None
            ports = listen_ssl(
                bind_addresses,
                port,
@ -165,20 +171,21 @@ class SynapseHomeServer(HomeServer):

        return ports

-    def _configure_named_resource(self, name, compress=False):
+    def _configure_named_resource(
+        self, name: str, compress: bool = False
+    ) -> Dict[str, Resource]:
        """Build a resource map for a named resource

        Args:
-            name (str): named resource: one of "client", "federation", etc
-            compress (bool): whether to enable gzip compression for this
-                resource
+            name: named resource: one of "client", "federation", etc
+            compress: whether to enable gzip compression for this resource

        Returns:
-            dict[str, Resource]: map from path to HTTP resource
+            map from path to HTTP resource
        """
-        resources = {}
+        resources: Dict[str, Resource] = {}
        if name == "client":
-            client_resource = ClientRestResource(self)
+            client_resource: Resource = ClientRestResource(self)
            if compress:
                client_resource = gz_wrap(client_resource)

@ -207,7 +214,7 @@ class SynapseHomeServer(HomeServer):
        if name == "consent":
            from synapse.rest.consent.consent_resource import ConsentResource

-            consent_resource = ConsentResource(self)
+            consent_resource: Resource = ConsentResource(self)
            if compress:
                consent_resource = gz_wrap(consent_resource)
            resources.update({"/_matrix/consent": consent_resource})
@ -277,7 +284,7 @@ class SynapseHomeServer(HomeServer):

        return resources

-    def start_listening(self):
+    def start_listening(self) -> None:
        if self.config.redis.redis_enabled:
            # If redis is enabled we connect via the replication command handler
            # in the same way as the workers (since we're effectively a client
@ -303,7 +310,9 @@ class SynapseHomeServer(HomeServer):
                    ReplicationStreamProtocolFactory(self),
                )
                for s in services:
-                    reactor.addSystemEventTrigger("before", "shutdown", s.stopListening)
+                    self.get_reactor().addSystemEventTrigger(
+                        "before", "shutdown", s.stopListening
+                    )
            elif listener.type == "metrics":
                if not self.config.metrics.enable_metrics:
                    logger.warning(
@ -318,14 +327,13 @@ class SynapseHomeServer(HomeServer):
                logger.warning("Unrecognized listener type: %s", listener.type)


-def setup(config_options):
+def setup(config_options: List[str]) -> SynapseHomeServer:
    """
    Args:
-        config_options_options: The options passed to Synapse. Usually
-            `sys.argv[1:]`.
+        config_options_options: The options passed to Synapse. Usually `sys.argv[1:]`.

    Returns:
-        HomeServer
+        A homeserver instance.
    """
    try:
        config = HomeServerConfig.load_or_generate_config(
@ -364,7 +372,7 @@ def setup(config_options):
    except Exception as e:
        handle_startup_exception(e)

-    async def start():
+    async def start() -> None:
        # Load the OIDC provider metadatas, if OIDC is enabled.
        if hs.config.oidc.oidc_enabled:
            oidc = hs.get_oidc_handler()
@ -404,39 +412,15 @@ def format_config_error(e: ConfigError) -> Iterator[str]:

    yield ":\n  %s" % (e.msg,)

-    e = e.__cause__
+    parent_e = e.__cause__
    indent = 1
-    while e:
+    while parent_e:
        indent += 1
-        yield ":\n%s%s" % ("  " * indent, str(e))
-        e = e.__cause__
+        yield ":\n%s%s" % ("  " * indent, str(parent_e))
+        parent_e = parent_e.__cause__


-def run(hs: HomeServer):
-    PROFILE_SYNAPSE = False
-    if PROFILE_SYNAPSE:
-
-        def profile(func):
-            from cProfile import Profile
-            from threading import current_thread
-
-            def profiled(*args, **kargs):
-                profile = Profile()
-                profile.enable()
-                func(*args, **kargs)
-                profile.disable()
-                ident = current_thread().ident
-                profile.dump_stats(
-                    "/tmp/%s.%s.%i.pstat" % (hs.hostname, func.__name__, ident)
-                )
-
-            return profiled
-
-        from twisted.python.threadpool import ThreadPool
-
-        ThreadPool._worker = profile(ThreadPool._worker)
-        reactor.run = profile(reactor.run)
-
+def run(hs: HomeServer) -> None:
    _base.start_reactor(
        "synapse-homeserver",
        soft_file_limit=hs.config.server.soft_file_limit,
@ -448,7 +432,7 @@ def run(hs: HomeServer):
    )


-def main():
+def main() -> None:
    with LoggingContext("main"):
        # check base requirements
        check_requirements()
--- a/synapse/app/phone_stats_home.py
+++ b/synapse/app/phone_stats_home.py
@ -15,11 +15,12 @@ import logging
 import math
 import resource
 import sys
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, List, Sized, Tuple

 from prometheus_client import Gauge

 from synapse.metrics.background_process_metrics import wrap_as_background_process
+from synapse.types import JsonDict

 if TYPE_CHECKING:
    from synapse.server import HomeServer
@ -28,7 +29,7 @@ logger = logging.getLogger("synapse.app.homeserver")

 # Contains the list of processes we will be monitoring
 # currently either 0 or 1
-_stats_process = []
+_stats_process: List[Tuple[int, "resource.struct_rusage"]] = []

 # Gauges to expose monthly active user control metrics
 current_mau_gauge = Gauge("synapse_admin_mau:current", "Current MAU")
@ -45,9 +46,15 @@ registered_reserved_users_mau_gauge = Gauge(


@wrap_as_background_process("phone_stats_home")
-async def phone_stats_home(hs: "HomeServer", stats, stats_process=_stats_process):
+async def phone_stats_home(
+    hs: "HomeServer",
+    stats: JsonDict,
+    stats_process: List[Tuple[int, "resource.struct_rusage"]] = _stats_process,
+) -> None:
    logger.info("Gathering stats for reporting")
    now = int(hs.get_clock().time())
+    # Ensure the homeserver has started.
+    assert hs.start_time is not None
    uptime = int(now - hs.start_time)
    if uptime < 0:
        uptime = 0
@ -146,15 +153,15 @@ async def phone_stats_home(hs: "HomeServer", stats, stats_process=_stats_process
        logger.warning("Error reporting stats: %s", e)


-def start_phone_stats_home(hs: "HomeServer"):
+def start_phone_stats_home(hs: "HomeServer") -> None:
    """
    Start the background tasks which report phone home stats.
    """
    clock = hs.get_clock()

-    stats = {}
+    stats: JsonDict = {}

-    def performance_stats_init():
+    def performance_stats_init() -> None:
        _stats_process.clear()
        _stats_process.append(
            (int(hs.get_clock().time()), resource.getrusage(resource.RUSAGE_SELF))
@ -170,10 +177,10 @@ def start_phone_stats_home(hs: "HomeServer"):
    hs.get_datastore().reap_monthly_active_users()

    @wrap_as_background_process("generate_monthly_active_users")
-    async def generate_monthly_active_users():
+    async def generate_monthly_active_users() -> None:
        current_mau_count = 0
        current_mau_count_by_service = {}
-        reserved_users = ()
+        reserved_users: Sized = ()
        store = hs.get_datastore()
        if hs.config.server.limit_usage_by_mau or hs.config.server.mau_stats_only:
            current_mau_count = await store.get_monthly_active_count()
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@ -277,6 +277,58 @@ class FederationClient(FederationBase):

        return pdus

+    async def get_pdu_from_destination_raw(
+        self,
+        destination: str,
+        event_id: str,
+        room_version: RoomVersion,
+        outlier: bool = False,
+        timeout: Optional[int] = None,
+    ) -> Optional[EventBase]:
+        """Requests the PDU with given origin and ID from the remote home
+        server. Does not have any caching or rate limiting!
+
+        Args:
+            destination: Which homeserver to query
+            event_id: event to fetch
+            room_version: version of the room
+            outlier: Indicates whether the PDU is an `outlier`, i.e. if
+                it's from an arbitrary point in the context as opposed to part
+                of the current block of PDUs. Defaults to `False`
+            timeout: How long to try (in ms) each destination for before
+                moving to the next destination. None indicates no timeout.
+
+        Returns:
+            The requested PDU, or None if we were unable to find it.
+
+        Raises:
+            SynapseError, NotRetryingDestination, FederationDeniedError
+        """
+        transaction_data = await self.transport_layer.get_event(
+            destination, event_id, timeout=timeout
+        )
+
+        logger.debug(
+            "retrieved event id %s from %s: %r",
+            event_id,
+            destination,
+            transaction_data,
+        )
+
+        pdu_list: List[EventBase] = [
+            event_from_pdu_json(p, room_version, outlier=outlier)
+            for p in transaction_data["pdus"]
+        ]
+
+        if pdu_list and pdu_list[0]:
+            pdu = pdu_list[0]
+
+            # Check signatures are correct.
+            signed_pdu = await self._check_sigs_and_hash(room_version, pdu)
+            return signed_pdu
+
+        return None
+
    async def get_pdu(
        self,
        destinations: Iterable[str],
@ -321,30 +373,14 @@ class FederationClient(FederationBase):
                continue

            try:
-                transaction_data = await self.transport_layer.get_event(
-                    destination, event_id, timeout=timeout
+                signed_pdu = await self.get_pdu_from_destination_raw(
+                    destination=destination,
+                    event_id=event_id,
+                    room_version=room_version,
+                    outlier=outlier,
+                    timeout=timeout,
                )

-                logger.debug(
-                    "retrieved event id %s from %s: %r",
-                    event_id,
-                    destination,
-                    transaction_data,
-                )
-
-                pdu_list: List[EventBase] = [
-                    event_from_pdu_json(p, room_version, outlier=outlier)
-                    for p in transaction_data["pdus"]
-                ]
-
-                if pdu_list and pdu_list[0]:
-                    pdu = pdu_list[0]
-
-                    # Check signatures are correct.
-                    signed_pdu = await self._check_sigs_and_hash(room_version, pdu)
-
-                    break
-
                pdu_attempts[destination] = now

            except SynapseError as e:
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@ -234,7 +234,7 @@ class ExfiltrationWriter(metaclass=abc.ABCMeta):

    @abc.abstractmethod
    def write_invite(
-        self, room_id: str, event: EventBase, state: StateMap[dict]
+        self, room_id: str, event: EventBase, state: StateMap[EventBase]
    ) -> None:
        """Write an invite for the room, with associated invite state.

@ -248,7 +248,7 @@ class ExfiltrationWriter(metaclass=abc.ABCMeta):

    @abc.abstractmethod
    def write_knock(
-        self, room_id: str, event: EventBase, state: StateMap[dict]
+        self, room_id: str, event: EventBase, state: StateMap[EventBase]
    ) -> None:
        """Write a knock for the room, with associated knock state.

--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@ -981,8 +981,6 @@ class FederationEventHandler:
                origin,
                event,
                context,
-                state=state,
-                backfilled=backfilled,
            )
        except AuthError as e:
            # FIXME richvdh 2021/10/07 I don't think this is reachable. Let's log it
@ -1332,8 +1330,6 @@ class FederationEventHandler:
        origin: str,
        event: EventBase,
        context: EventContext,
-        state: Optional[Iterable[EventBase]] = None,
-        backfilled: bool = False,
    ) -> EventContext:
        """
        Checks whether an event should be rejected (for failing auth checks).
@ -1344,12 +1340,6 @@ class FederationEventHandler:
            context:
                The event context.

-            state:
-                The state events used to check the event for soft-fail. If this is
-                not provided the current state events will be used.
-
-            backfilled: True if the event was backfilled.
-
        Returns:
            The updated context object.

--- a/synapse/logging/handlers.py
+++ b/synapse/logging/handlers.py
@ -3,7 +3,7 @@ import time
 from logging import Handler, LogRecord
 from logging.handlers import MemoryHandler
 from threading import Thread
-from typing import Optional
+from typing import Optional, cast

 from twisted.internet.interfaces import IReactorCore

@ -56,7 +56,7 @@ class PeriodicallyFlushingMemoryHandler(MemoryHandler):
        if reactor is None:
            from twisted.internet import reactor as global_reactor

-            reactor_to_use = global_reactor  # type: ignore[assignment]
+            reactor_to_use = cast(IReactorCore, global_reactor)
        else:
            reactor_to_use = reactor

--- a/synapse/module_api/init.py
+++ b/synapse/module_api/init.py
@ -31,7 +31,7 @@ import attr
 import jinja2

 from twisted.internet import defer
-from twisted.web.resource import IResource
+from twisted.web.resource import Resource

 from synapse.api.errors import SynapseError
 from synapse.events import EventBase
@ -196,7 +196,7 @@ class ModuleApi:
        """
        return self._password_auth_provider.register_password_auth_provider_callbacks

-    def register_web_resource(self, path: str, resource: IResource):
+    def register_web_resource(self, path: str, resource: Resource):
        """Registers a web resource to be served at the given path.

        This function should be called during initialisation of the module.
--- a/synapse/replication/tcp/resource.py
+++ b/synapse/replication/tcp/resource.py
@ -20,7 +20,7 @@ from typing import TYPE_CHECKING

 from prometheus_client import Counter

-from twisted.internet.protocol import Factory
+from twisted.internet.protocol import ServerFactory

 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.replication.tcp.commands import PositionCommand
@ -38,7 +38,7 @@ stream_updates_counter = Counter(
 logger = logging.getLogger(__name__)


-class ReplicationStreamProtocolFactory(Factory):
+class ReplicationStreamProtocolFactory(ServerFactory):
    """Factory for new replication connections."""

    def __init__(self, hs: "HomeServer"):
--- a/synapse/rest/media/v1/thumbnailer.py
+++ b/synapse/rest/media/v1/thumbnailer.py
@ -101,8 +101,8 @@ class Thumbnailer:
        fits within the given rectangle::

            (w_in / h_in) = (w_out / h_out)
-            w_out = min(w_max, h_max * (w_in / h_in))
-            h_out = min(h_max, w_max * (h_in / w_in))
+            w_out = max(min(w_max, h_max * (w_in / h_in)), 1)
+            h_out = max(min(h_max, w_max * (h_in / w_in)), 1)

        Args:
            max_width: The largest possible width.
@ -110,9 +110,9 @@ class Thumbnailer:
        """

        if max_width * self.height < max_height * self.width:
-            return max_width, (max_width * self.height) // self.width
+            return max_width, max((max_width * self.height) // self.width, 1)
        else:
-            return (max_height * self.width) // self.height, max_height
+            return max((max_height * self.width) // self.height, 1), max_height

    def _resize(self, width: int, height: int) -> Image.Image:
        # 1-bit or 8-bit color palette images need converting to RGB
--- a/synapse/server.py
+++ b/synapse/server.py
@ -33,9 +33,10 @@ from typing import (
    cast,
 )

-import twisted.internet.tcp
+from twisted.internet.interfaces import IOpenSSLContextFactory
+from twisted.internet.tcp import Port
 from twisted.web.iweb import IPolicyForHTTPS
-from twisted.web.resource import IResource
+from twisted.web.resource import Resource

 from synapse.api.auth import Auth
 from synapse.api.filtering import Filtering
@ -206,7 +207,7 @@ class HomeServer(metaclass=abc.ABCMeta):

    Attributes:
        config (synapse.config.homeserver.HomeserverConfig):
-        _listening_services (list[twisted.internet.tcp.Port]): TCP ports that
+        _listening_services (list[Port]): TCP ports that
            we are listening on to provide HTTP services.
    """

@ -225,6 +226,8 @@ class HomeServer(metaclass=abc.ABCMeta):
    # instantiated during setup() for future return by get_datastore()
    DATASTORE_CLASS = abc.abstractproperty()

+    tls_server_context_factory: Optional[IOpenSSLContextFactory]
+
    def __init__(
        self,
        hostname: str,
@ -247,7 +250,7 @@ class HomeServer(metaclass=abc.ABCMeta):
        # the key we use to sign events and requests
        self.signing_key = config.key.signing_key[0]
        self.config = config
-        self._listening_services: List[twisted.internet.tcp.Port] = []
+        self._listening_services: List[Port] = []
        self.start_time: Optional[int] = None

        self._instance_id = random_string(5)
@ -257,10 +260,10 @@ class HomeServer(metaclass=abc.ABCMeta):

        self.datastores: Optional[Databases] = None

-        self._module_web_resources: Dict[str, IResource] = {}
+        self._module_web_resources: Dict[str, Resource] = {}
        self._module_web_resources_consumed = False

-    def register_module_web_resource(self, path: str, resource: IResource):
+    def register_module_web_resource(self, path: str, resource: Resource):
        """Allows a module to register a web resource to be served at the given path.

        If multiple modules register a resource for the same path, the module that
--- a/synapse/types.py
+++ b/synapse/types.py
@ -38,6 +38,7 @@ from zope.interface import Interface
 from twisted.internet.interfaces import (
    IReactorCore,
    IReactorPluggableNameResolver,
+    IReactorSSL,
    IReactorTCP,
    IReactorThreads,
    IReactorTime,
@ -66,6 +67,7 @@ JsonDict = Dict[str, Any]
 # for mypy-zope to realize it is an interface.
 class ISynapseReactor(
    IReactorTCP,
+    IReactorSSL,
    IReactorPluggableNameResolver,
    IReactorTime,
    IReactorCore,
--- a/synapse/util/async_helpers.py
+++ b/synapse/util/async_helpers.py
@ -31,13 +31,13 @@ from typing import (
    Set,
    TypeVar,
    Union,
+    cast,
 )

 import attr
 from typing_extensions import ContextManager

 from twisted.internet import defer
-from twisted.internet.base import ReactorBase
 from twisted.internet.defer import CancelledError
 from twisted.internet.interfaces import IReactorTime
 from twisted.python import failure
@ -271,8 +271,7 @@ class Linearizer:
        if not clock:
            from twisted.internet import reactor

-            assert isinstance(reactor, ReactorBase)
-            clock = Clock(reactor)
+            clock = Clock(cast(IReactorTime, reactor))
        self._clock = clock
        self.max_count = max_count

--- a/synapse/util/httpresourcetree.py
+++ b/synapse/util/httpresourcetree.py
@ -92,9 +92,9 @@ def _resource_id(resource: Resource, path_seg: bytes) -> str:
    the mapping should looks like _resource_id(A,C) = B.

    Args:
-        resource (Resource): The *parent* Resourceb
-        path_seg (str): The name of the child Resource to be attached.
+        resource: The *parent* Resourceb
+        path_seg: The name of the child Resource to be attached.
    Returns:
-        str: A unique string which can be a key to the child Resource.
+        A unique string which can be a key to the child Resource.
    """
    return "%s-%r" % (resource, path_seg)
--- a/synapse/util/manhole.py
+++ b/synapse/util/manhole.py
@ -23,7 +23,7 @@ from twisted.conch.manhole import ColoredManhole, ManholeInterpreter
 from twisted.conch.ssh.keys import Key
 from twisted.cred import checkers, portal
 from twisted.internet import defer
-from twisted.internet.protocol import Factory
+from twisted.internet.protocol import ServerFactory

 from synapse.config.server import ManholeConfig

@ -65,7 +65,7 @@ EddTrx3TNpr1D5m/f+6mnXWrc8u9y1+GNx9yz889xMjIBTBI9KqaaOs=
 -----END RSA PRIVATE KEY-----"""


-def manhole(settings: ManholeConfig, globals: Dict[str, Any]) -> Factory:
+def manhole(settings: ManholeConfig, globals: Dict[str, Any]) -> ServerFactory:
    """Starts a ssh listener with password authentication using
    the given username and password. Clients connecting to the ssh
    listener will find themselves in a colored python shell with
@ -105,7 +105,8 @@ def manhole(settings: ManholeConfig, globals: Dict[str, Any]) -> Factory:
    factory.privateKeys[b"ssh-rsa"] = priv_key  # type: ignore[assignment]
    factory.publicKeys[b"ssh-rsa"] = pub_key  # type: ignore[assignment]

-    return factory
+    # ConchFactory is a Factory, not a ServerFactory, but they are identical.
+    return factory  # type: ignore[return-value]


 class SynapseManhole(ColoredManhole):
--- a/tests/test_federation.py
+++ b/tests/test_federation.py
@ -81,8 +81,6 @@ class MessageAcceptTests(unittest.HomeserverTestCase):
            origin,
            event,
            context,
-            state=None,
-            backfilled=False,
        ):
            return context
Author	SHA1	Message	Date
Neeeflix	6ce19b94e8	Fix error in thumbnail generation (#11288 ) Signed-off-by: Jonas Zeunert <jonas@zeunert.org>	2021-11-10 20:49:43 +00:00
Patrick Cloke	5cace20bf1	Add missing type hints to `synapse.app`. (#11287 )	2021-11-10 15:06:54 -05:00
Patrick Cloke	66c4b774fd	Add type hints to synapse._scripts (#11297 )	2021-11-10 17:55:32 +00:00
Andrew Morgan	5f277ffe89	Add documentation page stubs for Single Sign-On, SAML and CAS pages (#11298 )	2021-11-10 17:54:56 +00:00
Richard van der Hoff	73cbb284b9	Remove redundant parameters on `_check_event_auth` (#11292 ) as of #11012, these parameters are unused.	2021-11-10 14:16:06 +00:00
Olivier Wilkinson (reivilibre)	68c258a604	Synapse 1.47.0rc2 (2021-11-10) ============================== This fixes an issue with publishing the Debian packages for 1.47.0rc1. It is otherwise identical to 1.47.0rc1. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE8SRSDO7gYkSP4chELS76LzL74EcFAmGLl4sACgkQLS76LzL7 4EdpXxAArEBqEWCUCy6wSNRfexzI+qAITzhhqR5BiDDtkt33GzXLWDN83lT3kCS/ xNZyhiwwUbtt/TqkZ0/Tqu2afI5JZCizpP/kXLVS2WA03jY8+l+eQbKEQR5vEsEV 752J8OVJ9GUunewOI4Uo4xRqndzvOMQBKaoPzyq44PcFd6lS2rkAnJYstVnow+rB JvRIXFjOocaOzpemal5Mh8ToH5Y6yfe7MEE8B0s3PjX1FMAv87475X1oLaK7GeKn 3yf8XJ1mJcvJfkHuopqX8PxW+pFGorb4N1AFk2BikxB4XV0nCo5VHUejSWaEP4oH uHtTYDV5RHwHhZyHYMbBOyPD2bSIKZ6wXqgn/o5io7mfsUS77SdwuGhRDqnupCi/ Vg+4F5e1nuSPaLEJd5Qfb1NM2xErGm8gfYN3DlRBzpuQ+Jx/034YWds42ZuNv2IO qdAOeztiOMdrPkdPTL+XlNNXV80waMsQFt2EaycYkYmPVtgvlKvr/c/Wg06jyD7u dll33KlE8d+jM3JbOf6D/Ze5ECQlf0gGtCukXTMIEOorrCdQuLH4R8hb49YqmiLq nL8aPXCv1pZOrMbHGbcYfHoZIV+qMhUK04PN7jMLF/+nyBkTI1wRODN0lvBh8gy6 dNWTzM/dMk5IvFY0FDipkR7Cv5c2U2Wu1xCy8026VHCu/DIzVRw= =Baxl -----END PGP SIGNATURE----- Merge tag 'v1.47.0rc2' into develop Synapse 1.47.0rc2 (2021-11-10) ============================== This fixes an issue with publishing the Debian packages for 1.47.0rc1. It is otherwise identical to 1.47.0rc1.	2021-11-10 13:01:08 +00:00
Olivier Wilkinson (reivilibre)	595f28529c	Changelog tweak from feedback	2021-11-10 09:54:34 +00:00
Olivier Wilkinson (reivilibre)	ef7f9286d1	Move Debian changelog entries to rc2 since rc1 was not published	2021-11-10 09:48:50 +00:00
Olivier Wilkinson (reivilibre)	82e62b488a	1.47.0rc2	2021-11-10 09:44:38 +00:00
Olivier Wilkinson (reivilibre)	af6374905a	Correct the Debian changelog	2021-11-10 09:37:48 +00:00
Stanislav Motylkov	b09d90cac9	Fix typos in the `username_available` admin API documentation. (#11286 )	2021-11-09 21:11:05 +00:00
Eric Eastwood	f1d5c2f269	Split out federated PDU retrieval into a non-cached version (#11242 ) Context: https://github.com/matrix-org/synapse/pull/11114/files#r741643968	2021-11-09 15:07:57 -06:00
Olivier Wilkinson (reivilibre)	dc5f524974	Update __init__.py	2021-11-09 13:51:08 +00:00
Olivier Wilkinson (reivilibre)	a754510f28	Changelog tweaks from review	2021-11-09 13:22:36 +00:00
Olivier Wilkinson (reivilibre)	b67a7c62a2	Make Deprecations and Removals more prominent	2021-11-09 12:32:05 +00:00
Olivier Wilkinson (reivilibre)	1a4f10045f	Changelog tweaks	2021-11-09 12:30:15 +00:00
Olivier Wilkinson (reivilibre)	01f61da77f	1.47.0rc1	2021-11-09 12:17:35 +00:00
				`@ -1 +0,0 @@`
				`Fix a long-standing bug which allowed hidden devices to receive to-device messages, resulting in unnecessary database bloat.`
				`@ -1 +0,0 @@`
				Add type annotations for the `log_function` decorator.
				`@ -1 +0,0 @@`
				Fix a long-standing bug where messages in the `device_inbox` table for deleted devices would persist indefinitely. Contributed by @dklimpel and @JohannesKleine.
				`@ -1 +0,0 @@`
				`Do not accept events if a third-party rule module API callback raises an exception.`
				`@ -1 +0,0 @@`
				`Advertise support for Client-Server API r0.6.1.`
				`@ -1 +0,0 @@`
				`Add search by room ID and room alias to List Room admin API.`
				`@ -1 +0,0 @@`
				Add an `on_new_event` third-party rules callback to allow Synapse modules to act after an event has been sent into a room.
				`@ -1 +0,0 @@`
				`Improve example HAProxy config in the docs to properly handle host headers with port information. This is required for federation over port 443 to work correctly.`
				`@ -1 +0,0 @@`
				`Fix long-standing bug where verification requests could fail in certain cases if whitelist was in place but did not include your own homeserver.`