Merge remote-tracking branch 'origin/develop' into erikj/vector_clock_stream_token

2020-10-02 10:49:41 +01:00 · 2020-10-02 10:49:41 +01:00 · 2067dc7b0f
parent eed3cf588c 6c5d5e507e
commit 2067dc7b0f
121 changed files with 664 additions and 188 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,104 @@
+Synapse 1.21.0rc1 (2020-10-01)
+==============================
+
+Features
+--------
+
+- Require the user to confirm that their password should be reset after clicking the email confirmation link. ([\#8004](https://github.com/matrix-org/synapse/issues/8004))
+- Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel. ([\#8217](https://github.com/matrix-org/synapse/issues/8217))
+- Consolidate the SSO error template across all configuration. ([\#8248](https://github.com/matrix-org/synapse/issues/8248), [\#8405](https://github.com/matrix-org/synapse/issues/8405))
+- Add a configuration option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number. ([\#8275](https://github.com/matrix-org/synapse/issues/8275), [\#8417](https://github.com/matrix-org/synapse/issues/8417))
+- Add experimental support for sharding event persister. ([\#8294](https://github.com/matrix-org/synapse/issues/8294), [\#8387](https://github.com/matrix-org/synapse/issues/8387), [\#8396](https://github.com/matrix-org/synapse/issues/8396), [\#8419](https://github.com/matrix-org/synapse/issues/8419))
+- Add the room topic and avatar to the room details admin API. ([\#8305](https://github.com/matrix-org/synapse/issues/8305))
+- Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel. ([\#8306](https://github.com/matrix-org/synapse/issues/8306))
+- Add `uk.half-shot.msc2778.login.application_service` login type to allow appservices to login. ([\#8320](https://github.com/matrix-org/synapse/issues/8320))
+- Add a configuration option that allows existing users to log in with OpenID Connect. Contributed by @BBBSnowball and @OmmyZhang. ([\#8345](https://github.com/matrix-org/synapse/issues/8345))
+- Add prometheus metrics for replication requests. ([\#8406](https://github.com/matrix-org/synapse/issues/8406))
+- Support passing additional single sign-on parameters to the client. ([\#8413](https://github.com/matrix-org/synapse/issues/8413))
+- Add experimental reporting of metrics on expensive rooms for state-resolution. ([\#8420](https://github.com/matrix-org/synapse/issues/8420))
+- Add experimental prometheus metric to track numbers of "large" rooms for state resolutiom. ([\#8425](https://github.com/matrix-org/synapse/issues/8425))
+- Add prometheus metrics to track federation delays. ([\#8430](https://github.com/matrix-org/synapse/issues/8430))
+
+
+Bugfixes
+--------
+
+- Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7. ([\#7124](https://github.com/matrix-org/synapse/issues/7124))
+- Fix inconsistent handling of non-existent push rules, and stop tracking the `enabled` state of removed push rules. ([\#7796](https://github.com/matrix-org/synapse/issues/7796))
+- Fix a longstanding bug when storing a media file with an empty `upload_name`. ([\#7905](https://github.com/matrix-org/synapse/issues/7905))
+- Fix messages not being sent over federation until an event is sent into the same room. ([\#8230](https://github.com/matrix-org/synapse/issues/8230), [\#8247](https://github.com/matrix-org/synapse/issues/8247), [\#8258](https://github.com/matrix-org/synapse/issues/8258), [\#8272](https://github.com/matrix-org/synapse/issues/8272), [\#8322](https://github.com/matrix-org/synapse/issues/8322))
+- Fix a longstanding bug where files that could not be thumbnailed would result in an Internal Server Error. ([\#8236](https://github.com/matrix-org/synapse/issues/8236), [\#8435](https://github.com/matrix-org/synapse/issues/8435))
+- Upgrade minimum version of `canonicaljson` to version 1.4.0, to fix an unicode encoding issue. ([\#8262](https://github.com/matrix-org/synapse/issues/8262))
+- Fix longstanding bug which could lead to incomplete database upgrades on SQLite. ([\#8265](https://github.com/matrix-org/synapse/issues/8265))
+- Fix stack overflow when stderr is redirected to the logging system, and the logging system encounters an error. ([\#8268](https://github.com/matrix-org/synapse/issues/8268))
+- Fix a bug which cause the logging system to report errors, if `DEBUG` was enabled and no `context` filter was applied. ([\#8278](https://github.com/matrix-org/synapse/issues/8278))
+- Fix edge case where push could get delayed for a user until a later event was pushed. ([\#8287](https://github.com/matrix-org/synapse/issues/8287))
+- Fix fetching malformed events from remote servers. ([\#8324](https://github.com/matrix-org/synapse/issues/8324))
+- Fix `UnboundLocalError` from occuring when appservices send a malformed register request. ([\#8329](https://github.com/matrix-org/synapse/issues/8329))
+- Don't send push notifications to expired user accounts. ([\#8353](https://github.com/matrix-org/synapse/issues/8353))
+- Fix a regression in v1.19.0 with reactivating users through the admin API. ([\#8362](https://github.com/matrix-org/synapse/issues/8362))
+- Fix a bug where during device registration the length of the device name wasn't limited. ([\#8364](https://github.com/matrix-org/synapse/issues/8364))
+- Include `guest_access` in the fields that are checked for null bytes when updating `room_stats_state`. Broke in v1.7.2. ([\#8373](https://github.com/matrix-org/synapse/issues/8373))
+- Fix theoretical race condition where events are not sent down `/sync` if the synchrotron worker is restarted without restarting other workers. ([\#8374](https://github.com/matrix-org/synapse/issues/8374))
+- Fix a bug which could cause errors in rooms with malformed membership events, on servers using sqlite. ([\#8385](https://github.com/matrix-org/synapse/issues/8385))
+- Fix "Re-starting finished log context" warning when receiving an event we already had over federation. ([\#8398](https://github.com/matrix-org/synapse/issues/8398))
+- Fix incorrect handling of timeouts on outgoing HTTP requests. ([\#8400](https://github.com/matrix-org/synapse/issues/8400))
+- Fix a regression in v1.20.0 in the `synapse_port_db` script regarding the `ui_auth_sessions_ips` table. ([\#8410](https://github.com/matrix-org/synapse/issues/8410))
+- Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2. ([\#8414](https://github.com/matrix-org/synapse/issues/8414))
+
+
+Improved Documentation
+----------------------
+
+- Add `/_synapse/client` to the reverse proxy documentation. ([\#8227](https://github.com/matrix-org/synapse/issues/8227))
+- Add note to the reverse proxy settings documentation about disabling Apache's mod_security2. Contributed by Julian Fietkau (@jfietkau). ([\#8375](https://github.com/matrix-org/synapse/issues/8375))
+- Improve description of `server_name` config option in `homserver.yaml`. ([\#8415](https://github.com/matrix-org/synapse/issues/8415))
+
+
+Deprecations and Removals
+-------------------------
+
+- Drop support for `prometheus_client` older than 0.4.0. ([\#8426](https://github.com/matrix-org/synapse/issues/8426))
+
+
+Internal Changes
+----------------
+
+- Fix tests on distros which disable TLSv1.0. Contributed by @danc86. ([\#8208](https://github.com/matrix-org/synapse/issues/8208))
+- Simplify the distributor code to avoid unnecessary work. ([\#8216](https://github.com/matrix-org/synapse/issues/8216))
+- Remove the `populate_stats_process_rooms_2` background job and restore functionality to `populate_stats_process_rooms`. ([\#8243](https://github.com/matrix-org/synapse/issues/8243))
+- Clean up type hints for `PaginationConfig`. ([\#8250](https://github.com/matrix-org/synapse/issues/8250), [\#8282](https://github.com/matrix-org/synapse/issues/8282))
+- Track the latest event for every destination and room for catch-up after federation outage. ([\#8256](https://github.com/matrix-org/synapse/issues/8256))
+- Fix non-user visible bug in implementation of `MultiWriterIdGenerator.get_current_token_for_writer`. ([\#8257](https://github.com/matrix-org/synapse/issues/8257))
+- Switch to the JSON implementation from the standard library. ([\#8259](https://github.com/matrix-org/synapse/issues/8259))
+- Add type hints to `synapse.util.async_helpers`. ([\#8260](https://github.com/matrix-org/synapse/issues/8260))
+- Simplify tests that mock asynchronous functions. ([\#8261](https://github.com/matrix-org/synapse/issues/8261))
+- Add type hints to `StreamToken` and `RoomStreamToken` classes. ([\#8279](https://github.com/matrix-org/synapse/issues/8279))
+- Change `StreamToken.room_key` to be a `RoomStreamToken` instance. ([\#8281](https://github.com/matrix-org/synapse/issues/8281))
+- Refactor notifier code to correctly use the max event stream position. ([\#8288](https://github.com/matrix-org/synapse/issues/8288))
+- Use slotted classes where possible. ([\#8296](https://github.com/matrix-org/synapse/issues/8296))
+- Support testing the local Synapse checkout against the [Complement homeserver test suite](https://github.com/matrix-org/complement/). ([\#8317](https://github.com/matrix-org/synapse/issues/8317))
+- Update outdated usages of `metaclass` to python 3 syntax. ([\#8326](https://github.com/matrix-org/synapse/issues/8326))
+- Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this. ([\#8330](https://github.com/matrix-org/synapse/issues/8330), [\#8377](https://github.com/matrix-org/synapse/issues/8377))
+- Use the `admin_patterns` helper in additional locations. ([\#8331](https://github.com/matrix-org/synapse/issues/8331))
+- Fix test logging to allow braces in log output. ([\#8335](https://github.com/matrix-org/synapse/issues/8335))
+- Remove `__future__` imports related to Python 2 compatibility. ([\#8337](https://github.com/matrix-org/synapse/issues/8337))
+- Simplify `super()` calls to Python 3 syntax. ([\#8344](https://github.com/matrix-org/synapse/issues/8344))
+- Fix bad merge from `release-v1.20.0` branch to `develop`. ([\#8354](https://github.com/matrix-org/synapse/issues/8354))
+- Factor out a `_send_dummy_event_for_room` method. ([\#8370](https://github.com/matrix-org/synapse/issues/8370))
+- Improve logging of state resolution. ([\#8371](https://github.com/matrix-org/synapse/issues/8371))
+- Add type annotations to `SimpleHttpClient`. ([\#8372](https://github.com/matrix-org/synapse/issues/8372))
+- Refactor ID generators to use `async with` syntax. ([\#8383](https://github.com/matrix-org/synapse/issues/8383))
+- Add `EventStreamPosition` type. ([\#8388](https://github.com/matrix-org/synapse/issues/8388))
+- Create a mechanism for marking tests "logcontext clean". ([\#8399](https://github.com/matrix-org/synapse/issues/8399))
+- A pair of tiny cleanups in the federation request code. ([\#8401](https://github.com/matrix-org/synapse/issues/8401))
+- Add checks on startup that PostgreSQL sequences are consistent with their associated tables. ([\#8402](https://github.com/matrix-org/synapse/issues/8402))
+- Do not include appservice users when calculating the total MAU for a server. ([\#8404](https://github.com/matrix-org/synapse/issues/8404))
+- Typing fixes for `synapse.handlers.federation`. ([\#8422](https://github.com/matrix-org/synapse/issues/8422))
+- Various refactors to simplify stream token handling. ([\#8423](https://github.com/matrix-org/synapse/issues/8423))
+- Make stream token serializing/deserializing async. ([\#8427](https://github.com/matrix-org/synapse/issues/8427))
+
+
 Synapse 1.20.1 (2020-09-24)
 ===========================

--- a/changelog.d/7124.bugfix
+++ b/changelog.d/7124.bugfix
@ -1 +0,0 @@
-Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7.
--- a/changelog.d/7658.feature
+++ b/changelog.d/7658.feature
@ -0,0 +1 @@
+Add a configuration option for always using the "userinfo endpoint" for OpenID Connect. This fixes support for some identity providers, e.g. GitLab. Contributed by Benjamin Koch.
--- a/changelog.d/7796.bugfix
+++ b/changelog.d/7796.bugfix
@ -1 +0,0 @@
-Fix inconsistent handling of non-existent push rules, and stop tracking the `enabled` state of removed push rules.
--- a/changelog.d/7905.bugfix
+++ b/changelog.d/7905.bugfix
@ -1 +0,0 @@
-Fix a longstanding bug when storing a media file with an empty `upload_name`.
--- a/changelog.d/8004.feature
+++ b/changelog.d/8004.feature
@ -1 +0,0 @@
-Require the user to confirm that their password should be reset after clicking the email confirmation link.
--- a/changelog.d/8208.misc
+++ b/changelog.d/8208.misc
@ -1 +0,0 @@
-Fix tests on distros which disable TLSv1.0. Contributed by @danc86.
--- a/changelog.d/8216.misc
+++ b/changelog.d/8216.misc
@ -1 +0,0 @@
-Simplify the distributor code to avoid unnecessary work.
--- a/changelog.d/8217.feature
+++ b/changelog.d/8217.feature
@ -1 +0,0 @@
-Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel.
--- a/changelog.d/8227.doc
+++ b/changelog.d/8227.doc
@ -1 +0,0 @@
-Add `/_synapse/client` to the reverse proxy documentation.
--- a/changelog.d/8230.bugfix
+++ b/changelog.d/8230.bugfix
@ -1 +0,0 @@
-Fix messages over federation being lost until an event is sent into the same room.
--- a/changelog.d/8236.bugfix
+++ b/changelog.d/8236.bugfix
@ -1 +0,0 @@
-Fix a longstanding bug where files that could not be thumbnailed would result in an Internal Server Error.
--- a/changelog.d/8243.misc
+++ b/changelog.d/8243.misc
@ -1 +0,0 @@
-Remove the 'populate_stats_process_rooms_2' background job and restore functionality to 'populate_stats_process_rooms'.
--- a/changelog.d/8247.bugfix
+++ b/changelog.d/8247.bugfix
@ -1 +0,0 @@
-Fix messages over federation being lost until an event is sent into the same room.
--- a/changelog.d/8248.feature
+++ b/changelog.d/8248.feature
@ -1 +0,0 @@
-Consolidate the SSO error template across all configuration.
--- a/changelog.d/8250.misc
+++ b/changelog.d/8250.misc
@ -1 +0,0 @@
-Clean up type hints for `PaginationConfig`.
--- a/changelog.d/8256.misc
+++ b/changelog.d/8256.misc
@ -1 +0,0 @@
-Track the latest event for every destination and room for catch-up after federation outage.
--- a/changelog.d/8257.misc
+++ b/changelog.d/8257.misc
@ -1 +0,0 @@
-Fix non-user visible bug in implementation of `MultiWriterIdGenerator.get_current_token_for_writer`.
--- a/changelog.d/8258.bugfix
+++ b/changelog.d/8258.bugfix
@ -1 +0,0 @@
-Fix messages over federation being lost until an event is sent into the same room.
--- a/changelog.d/8259.misc
+++ b/changelog.d/8259.misc
@ -1 +0,0 @@
-Switch to the JSON implementation from the standard library.
--- a/changelog.d/8260.misc
+++ b/changelog.d/8260.misc
@ -1 +0,0 @@
-Add type hints to `synapse.util.async_helpers`.
--- a/changelog.d/8261.misc
+++ b/changelog.d/8261.misc
@ -1 +0,0 @@
-Simplify tests that mock asynchronous functions.
--- a/changelog.d/8262.bugfix
+++ b/changelog.d/8262.bugfix
@ -1 +0,0 @@
-Upgrade canonicaljson to version 1.4.0 to fix an unicode encoding issue.
--- a/changelog.d/8265.bugfix
+++ b/changelog.d/8265.bugfix
@ -1 +0,0 @@
-Fix logstanding bug which could lead to incomplete database upgrades on SQLite.
--- a/changelog.d/8268.bugfix
+++ b/changelog.d/8268.bugfix
@ -1 +0,0 @@
-Fix stack overflow when stderr is redirected to the logging system, and the logging system encounters an error.
--- a/changelog.d/8272.bugfix
+++ b/changelog.d/8272.bugfix
@ -1 +0,0 @@
-Fix messages over federation being lost until an event is sent into the same room.
--- a/changelog.d/8275.feature
+++ b/changelog.d/8275.feature
@ -1 +0,0 @@
-Add a config option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number.
--- a/changelog.d/8278.bugfix
+++ b/changelog.d/8278.bugfix
@ -1 +0,0 @@
-Fix a bug which cause the logging system to report errors, if `DEBUG` was enabled and no `context` filter was applied.
--- a/changelog.d/8279.misc
+++ b/changelog.d/8279.misc
@ -1 +0,0 @@
-Add type hints to `StreamToken` and `RoomStreamToken` classes.
--- a/changelog.d/8281.misc
+++ b/changelog.d/8281.misc
@ -1 +0,0 @@
-Change `StreamToken.room_key` to be a `RoomStreamToken` instance.
--- a/changelog.d/8282.misc
+++ b/changelog.d/8282.misc
@ -1 +0,0 @@
-Clean up type hints for `PaginationConfig`.
--- a/changelog.d/8287.bugfix
+++ b/changelog.d/8287.bugfix
@ -1 +0,0 @@
-Fix edge case where push could get delayed for a user until a later event was pushed.
--- a/changelog.d/8288.misc
+++ b/changelog.d/8288.misc
@ -1 +0,0 @@
-Refactor notifier code to correctly use the max event stream position.
--- a/changelog.d/8294.feature
+++ b/changelog.d/8294.feature
@ -1 +0,0 @@
-Add experimental support for sharding event persister.
--- a/changelog.d/8296.misc
+++ b/changelog.d/8296.misc
@ -1 +0,0 @@
-Use slotted classes where possible.
--- a/changelog.d/8305.feature
+++ b/changelog.d/8305.feature
@ -1 +0,0 @@
-Add the room topic and avatar to the room details admin API.
--- a/changelog.d/8306.feature
+++ b/changelog.d/8306.feature
@ -1 +0,0 @@
-Add an admin API for querying rooms where a user is a member. Contributed by @dklimpel.
--- a/changelog.d/8317.feature
+++ b/changelog.d/8317.feature
@ -1 +0,0 @@
-Support testing the local Synapse checkout against the [Complement homeserver test suite](https://github.com/matrix-org/complement/).
--- a/changelog.d/8320.feature
+++ b/changelog.d/8320.feature
@ -1 +0,0 @@
-Add `uk.half-shot.msc2778.login.application_service` login type to allow appservices to login.
--- a/changelog.d/8322.bugfix
+++ b/changelog.d/8322.bugfix
@ -1 +0,0 @@
-Fix messages over federation being lost until an event is sent into the same room.
--- a/changelog.d/8324.bugfix
+++ b/changelog.d/8324.bugfix
@ -1 +0,0 @@
-Fix fetching events from remote servers that are malformed.
--- a/changelog.d/8326.misc
+++ b/changelog.d/8326.misc
@ -1 +0,0 @@
-Update outdated usages of `metaclass` to python 3 syntax.
--- a/changelog.d/8329.bugfix
+++ b/changelog.d/8329.bugfix
@ -1 +0,0 @@
-Fix UnboundLocalError from occuring when appservices send malformed register request.
--- a/changelog.d/8330.misc
+++ b/changelog.d/8330.misc
@ -1 +0,0 @@
-Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this.
--- a/changelog.d/8331.misc
+++ b/changelog.d/8331.misc
@ -1 +0,0 @@
-Use the `admin_patterns` helper in additional locations.
--- a/changelog.d/8335.misc
+++ b/changelog.d/8335.misc
@ -1 +0,0 @@
-Fix test logging to allow braces in log output.
--- a/changelog.d/8337.misc
+++ b/changelog.d/8337.misc
@ -1 +0,0 @@
-Remove `__future__` imports related to Python 2 compatibility.
--- a/changelog.d/8344.misc
+++ b/changelog.d/8344.misc
@ -1 +0,0 @@
-Simplify `super()` calls to Python 3 syntax.
--- a/changelog.d/8345.feature
+++ b/changelog.d/8345.feature
@ -1 +0,0 @@
-Add a configuration option that allows existing users to log in with OpenID Connect. Contributed by @BBBSnowball and @OmmyZhang.
--- a/changelog.d/8353.bugfix
+++ b/changelog.d/8353.bugfix
@ -1 +0,0 @@
-Don't send push notifications to expired user accounts.
--- a/changelog.d/8354.misc
+++ b/changelog.d/8354.misc
@ -1 +0,0 @@
-Fix bad merge from `release-v1.20.0` branch to `develop`.
--- a/changelog.d/8362.bugfix
+++ b/changelog.d/8362.bugfix
@ -1 +0,0 @@
-Fixed a regression in v1.19.0 with reactivating users through the admin API.
--- a/changelog.d/8364.bugfix
+++ b/changelog.d/8364.bugfix
@ -1,2 +0,0 @@
-Fix a bug where during device registration the length of the device name wasn't
-limited.
--- a/changelog.d/8370.misc
+++ b/changelog.d/8370.misc
@ -1 +0,0 @@
-Factor out a `_send_dummy_event_for_room` method.
--- a/changelog.d/8371.misc
+++ b/changelog.d/8371.misc
@ -1 +0,0 @@
-Improve logging of state resolution.
--- a/changelog.d/8372.misc
+++ b/changelog.d/8372.misc
@ -1 +0,0 @@
-Add type annotations to `SimpleHttpClient`.
--- a/changelog.d/8373.bugfix
+++ b/changelog.d/8373.bugfix
@ -1 +0,0 @@
-Include `guest_access` in the fields that are checked for null bytes when updating `room_stats_state`. Broke in v1.7.2.
--- a/changelog.d/8374.bugfix
+++ b/changelog.d/8374.bugfix
@ -1 +0,0 @@
-Fix theoretical race condition where events are not sent down `/sync` if the synchrotron worker is restarted without restarting other workers.
--- a/changelog.d/8375.doc
+++ b/changelog.d/8375.doc
@ -1 +0,0 @@
-Add note to the reverse proxy settings documentation about disabling Apache's mod_security2. Contributed by Julian Fietkau (@jfietkau).
--- a/changelog.d/8377.misc
+++ b/changelog.d/8377.misc
@ -1 +0,0 @@
-Move lint-related dependencies to package-extra field, update CONTRIBUTING.md to utilise this.
--- a/changelog.d/8383.misc
+++ b/changelog.d/8383.misc
@ -1 +0,0 @@
-Refactor ID generators to use `async with` syntax.
--- a/changelog.d/8385.bugfix
+++ b/changelog.d/8385.bugfix
@ -1 +0,0 @@
-Fix a bug which could cause errors in rooms with malformed membership events, on servers using sqlite.
--- a/changelog.d/8386.bugfix
+++ b/changelog.d/8386.bugfix
@ -1 +0,0 @@
-Fix a bug introduced in v1.20.0 which caused the `synapse_port_db` script to fail.
--- a/changelog.d/8387.feature
+++ b/changelog.d/8387.feature
@ -1 +0,0 @@
-Add experimental support for sharding event persister.
--- a/changelog.d/8388.misc
+++ b/changelog.d/8388.misc
@ -1 +0,0 @@
-Add `EventStreamPosition` type.
--- a/changelog.d/8396.feature
+++ b/changelog.d/8396.feature
@ -1 +0,0 @@
-Add experimental support for sharding event persister.
--- a/changelog.d/8398.bugfix
+++ b/changelog.d/8398.bugfix
@ -1 +0,0 @@
-Fix "Re-starting finished log context" warning when receiving an event we already had over federation.
--- a/changelog.d/8399.misc
+++ b/changelog.d/8399.misc
@ -1 +0,0 @@
-Create a mechanism for marking tests "logcontext clean".
--- a/changelog.d/8400.bugfix
+++ b/changelog.d/8400.bugfix
@ -1 +0,0 @@
-Fix incorrect handling of timeouts on outgoing HTTP requests.
--- a/changelog.d/8401.misc
+++ b/changelog.d/8401.misc
@ -1 +0,0 @@
-A pair of tiny cleanups in the federation request code.
--- a/changelog.d/8402.misc
+++ b/changelog.d/8402.misc
@ -1 +0,0 @@
-Add checks on startup that PostgreSQL sequences are consistent with their associated tables.
--- a/changelog.d/8404.misc
+++ b/changelog.d/8404.misc
@ -1 +0,0 @@
-Do not include appservice users when calculating the total MAU for a server.
--- a/changelog.d/8405.feature
+++ b/changelog.d/8405.feature
@ -1 +0,0 @@
-Consolidate the SSO error template across all configuration.
--- a/changelog.d/8406.feature
+++ b/changelog.d/8406.feature
@ -1 +0,0 @@
-Add prometheus metrics for replication requests.
--- a/changelog.d/8410.bugfix
+++ b/changelog.d/8410.bugfix
@ -1 +0,0 @@
-Fix a v1.20.0 regression in the `synapse_port_db` script regarding the `ui_auth_sessions_ips` table.
--- a/changelog.d/8413.feature
+++ b/changelog.d/8413.feature
@ -1 +0,0 @@
-Support passing additional single sign-on parameters to the client.
--- a/changelog.d/8414.bugfix
+++ b/changelog.d/8414.bugfix
@ -1 +0,0 @@
-Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2.
--- a/changelog.d/8415.doc
+++ b/changelog.d/8415.doc
@ -1 +0,0 @@
-Improve description of `server_name` config option in `homserver.yaml`.
--- a/changelog.d/8417.feature
+++ b/changelog.d/8417.feature
@ -1 +0,0 @@
-Add a config option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number.
--- a/changelog.d/8419.feature
+++ b/changelog.d/8419.feature
@ -1 +0,0 @@
-Add experimental support for sharding event persister.
--- a/changelog.d/8420.feature
+++ b/changelog.d/8420.feature
@ -1 +0,0 @@
-Add experimental reporting of metrics on expensive rooms for state-resolution.
--- a/changelog.d/8422.misc
+++ b/changelog.d/8422.misc
@ -1 +0,0 @@
-Typing fixes for `synapse.handlers.federation`.
--- a/changelog.d/8423.misc
+++ b/changelog.d/8423.misc
@ -1 +0,0 @@
-Various refactors to simplify stream token handling.
--- a/changelog.d/8425.feature
+++ b/changelog.d/8425.feature
@ -1 +0,0 @@
-Add experimental prometheus metric to track numbers of "large" rooms for state resolutiom.
--- a/changelog.d/8426.removal
+++ b/changelog.d/8426.removal
@ -1 +0,0 @@
-Drop support for `prometheus_client` older than 0.4.0.
--- a/changelog.d/8427.misc
+++ b/changelog.d/8427.misc
@ -1 +0,0 @@
-Make stream token serializing/deserializing async.
--- a/changelog.d/8432.misc
+++ b/changelog.d/8432.misc
@ -0,0 +1 @@
+Check for unreachable code with mypy.
--- a/changelog.d/8433.misc
+++ b/changelog.d/8433.misc
@ -0,0 +1 @@
+Add unit test for event persister sharding.
--- a/docs/openid.md
+++ b/docs/openid.md
@ -238,13 +238,36 @@ Synapse config:

 ```yaml
 oidc_config:
-   enabled: true
-   issuer: "https://id.twitch.tv/oauth2/"
-   client_id: "your-client-id" # TO BE FILLED
-   client_secret: "your-client-secret" # TO BE FILLED
-   client_auth_method: "client_secret_post"
-   user_mapping_provider:
-     config:
-       localpart_template: '{{ user.preferred_username }}'
-       display_name_template: '{{ user.name }}'
+  enabled: true
+  issuer: "https://id.twitch.tv/oauth2/"
+  client_id: "your-client-id" # TO BE FILLED
+  client_secret: "your-client-secret" # TO BE FILLED
+  client_auth_method: "client_secret_post"
+  user_mapping_provider:
+    config:
+      localpart_template: "{{ user.preferred_username }}"
+      display_name_template: "{{ user.name }}"
+```
+
+### GitLab
+
+1. Create a [new application](https://gitlab.com/profile/applications).
+2. Add the `read_user` and `openid` scopes.
+3. Add this Callback URL: `[synapse public baseurl]/_synapse/oidc/callback`
+
+Synapse config:
+
+```yaml
+oidc_config:
+  enabled: true
+  issuer: "https://gitlab.com/"
+  client_id: "your-client-id" # TO BE FILLED
+  client_secret: "your-client-secret" # TO BE FILLED
+  client_auth_method: "client_secret_post"
+  scopes: ["openid", "read_user"]
+  user_profile_method: "userinfo_endpoint"
+  user_mapping_provider:
+    config:
+      localpart_template: '{{ user.nickname }}'
+      display_name_template: '{{ user.name }}'
 ```
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@ -629,6 +629,7 @@ acme:
 #tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]


+## Federation ##

 # Restrict federation to the following whitelist of domains.
 # N.B. we recommend also firewalling your federation listener to limit
@ -662,6 +663,17 @@ federation_ip_range_blacklist:
  - 'fe80::/64'
  - 'fc00::/7'

+# Report prometheus metrics on the age of PDUs being sent to and received from
+# the following domains. This can be used to give an idea of "delay" on inbound
+# and outbound federation, though be aware that any delay can be due to problems
+# at either end or with the intermediate network.
+#
+# By default, no domains are monitored in this way.
+#
+#federation_metrics_domains:
+#  - matrix.org
+#  - example.com
+

 ## Caching ##

@ -1702,6 +1714,14 @@ oidc_config:
  #
  #skip_verification: true

+  # Whether to fetch the user profile from the userinfo endpoint. Valid
+  # values are: "auto" or "userinfo_endpoint".
+  #
+  # Defaults to "auto", which fetches the userinfo endpoint if "openid" is included
+  # in `scopes`. Uncomment the following to always fetch the userinfo endpoint.
+  #
+  #user_profile_method: "userinfo_endpoint"
+
  # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead
  # of failing. This could be used if switching from password logins to OIDC. Defaults to false.
  #
--- a/mypy.ini
+++ b/mypy.ini
@ -6,6 +6,7 @@ check_untyped_defs = True
 show_error_codes = True
 show_traceback = True
 mypy_path = stubs
+warn_unreachable = True
 files =
  synapse/api,
  synapse/appservice,
@ -142,3 +143,6 @@ ignore_missing_imports = True

 [mypy-nacl.*]
 ignore_missing_imports = True
+
+[mypy-hiredis]
+ignore_missing_imports = True
--- a/stubs/txredisapi.pyi
+++ b/stubs/txredisapi.pyi
@ -16,7 +16,7 @@
 """Contains *incomplete* type hints for txredisapi.
 """

-from typing import List, Optional, Union
+from typing import List, Optional, Union, Type

 class RedisProtocol:
    def publish(self, channel: str, message: bytes): ...
@ -42,3 +42,21 @@ def lazyConnection(

 class SubscriberFactory:
    def buildProtocol(self, addr): ...
+
+class ConnectionHandler: ...
+
+class RedisFactory:
+    continueTrying: bool
+    handler: RedisProtocol
+    def __init__(
+        self,
+        uuid: str,
+        dbid: Optional[int],
+        poolsize: int,
+        isLazy: bool = False,
+        handler: Type = ConnectionHandler,
+        charset: str = "utf-8",
+        password: Optional[str] = None,
+        replyTimeout: Optional[int] = None,
+        convertNumbers: Optional[int] = True,
+    ): ...
--- a/synapse/init.py
+++ b/synapse/init.py
@ -48,7 +48,7 @@ try:
 except ImportError:
    pass

-__version__ = "1.20.1"
+__version__ = "1.21.0rc1"

 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
    # We import here so that we don't have to install a bunch of deps when
--- a/synapse/config/_util.py
+++ b/synapse/config/_util.py
@ -12,7 +12,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-from typing import Any, List
+from typing import Any, Iterable

 import jsonschema

@ -20,7 +20,9 @@ from synapse.config._base import ConfigError
 from synapse.types import JsonDict


-def validate_config(json_schema: JsonDict, config: Any, config_path: List[str]) -> None:
+def validate_config(
+    json_schema: JsonDict, config: Any, config_path: Iterable[str]
+) -> None:
    """Validates a config setting against a JsonSchema definition

    This can be used to validate a section of the config file against a schema
--- a/synapse/config/federation.py
+++ b/synapse/config/federation.py
@ -17,7 +17,8 @@ from typing import Optional

 from netaddr import IPSet

-from ._base import Config, ConfigError
+from synapse.config._base import Config, ConfigError
+from synapse.config._util import validate_config


 class FederationConfig(Config):
@ -52,8 +53,18 @@ class FederationConfig(Config):
                "Invalid range(s) provided in federation_ip_range_blacklist: %s" % e
            )

+        federation_metrics_domains = config.get("federation_metrics_domains") or []
+        validate_config(
+            _METRICS_FOR_DOMAINS_SCHEMA,
+            federation_metrics_domains,
+            ("federation_metrics_domains",),
+        )
+        self.federation_metrics_domains = set(federation_metrics_domains)
+
    def generate_config_section(self, config_dir_path, server_name, **kwargs):
        return """\
+        ## Federation ##
+
        # Restrict federation to the following whitelist of domains.
        # N.B. we recommend also firewalling your federation listener to limit
        # inbound federation traffic as early as possible, rather than relying
@ -85,4 +96,18 @@ class FederationConfig(Config):
          - '::1/128'
          - 'fe80::/64'
          - 'fc00::/7'
+
+        # Report prometheus metrics on the age of PDUs being sent to and received from
+        # the following domains. This can be used to give an idea of "delay" on inbound
+        # and outbound federation, though be aware that any delay can be due to problems
+        # at either end or with the intermediate network.
+        #
+        # By default, no domains are monitored in this way.
+        #
+        #federation_metrics_domains:
+        #  - matrix.org
+        #  - example.com
        """
+
+
+_METRICS_FOR_DOMAINS_SCHEMA = {"type": "array", "items": {"type": "string"}}
--- a/synapse/config/homeserver.py
+++ b/synapse/config/homeserver.py
@ -92,5 +92,4 @@ class HomeServerConfig(RootConfig):
        TracerConfig,
        WorkerConfig,
        RedisConfig,
-        FederationConfig,
    ]
--- a/synapse/config/oidc_config.py
+++ b/synapse/config/oidc_config.py
@ -56,6 +56,7 @@ class OIDCConfig(Config):
        self.oidc_userinfo_endpoint = oidc_config.get("userinfo_endpoint")
        self.oidc_jwks_uri = oidc_config.get("jwks_uri")
        self.oidc_skip_verification = oidc_config.get("skip_verification", False)
+        self.oidc_user_profile_method = oidc_config.get("user_profile_method", "auto")
        self.oidc_allow_existing_users = oidc_config.get("allow_existing_users", False)

        ump_config = oidc_config.get("user_mapping_provider", {})
@ -159,6 +160,14 @@ class OIDCConfig(Config):
          #
          #skip_verification: true

+          # Whether to fetch the user profile from the userinfo endpoint. Valid
+          # values are: "auto" or "userinfo_endpoint".
+          #
+          # Defaults to "auto", which fetches the userinfo endpoint if "openid" is included
+          # in `scopes`. Uncomment the following to always fetch the userinfo endpoint.
+          #
+          #user_profile_method: "userinfo_endpoint"
+
          # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead
          # of failing. This could be used if switching from password logins to OIDC. Defaults to false.
          #
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@ -18,7 +18,7 @@ import os
 import warnings
 from datetime import datetime
 from hashlib import sha256
-from typing import List
+from typing import List, Optional

 from unpaddedbase64 import encode_base64

@ -177,8 +177,8 @@ class TlsConfig(Config):
            "use_insecure_ssl_client_just_for_testing_do_not_use"
        )

-        self.tls_certificate = None
-        self.tls_private_key = None
+        self.tls_certificate = None  # type: Optional[crypto.X509]
+        self.tls_private_key = None  # type: Optional[crypto.PKey]

    def is_disk_cert_valid(self, allow_self_signed=True):
        """
@ -226,12 +226,12 @@ class TlsConfig(Config):
        days_remaining = (expires_on - now).days
        return days_remaining

-    def read_certificate_from_disk(self, require_cert_and_key):
+    def read_certificate_from_disk(self, require_cert_and_key: bool):
        """
        Read the certificates and private key from disk.

        Args:
-            require_cert_and_key (bool): set to True to throw an error if the certificate
+            require_cert_and_key: set to True to throw an error if the certificate
                and key file are not given
        """
        if require_cert_and_key:
@ -471,7 +471,6 @@ class TlsConfig(Config):
        # or by checking matrix.org/federationtester/api/report?server_name=$host
        #
        #tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
-
        """
            # Lowercase the string representation of boolean values
            % {
@ -480,13 +479,13 @@ class TlsConfig(Config):
            }
        )

-    def read_tls_certificate(self):
+    def read_tls_certificate(self) -> crypto.X509:
        """Reads the TLS certificate from the configured file, and returns it

        Also checks if it is self-signed, and warns if so

        Returns:
-            OpenSSL.crypto.X509: the certificate
+            The certificate
        """
        cert_path = self.tls_certificate_file
        logger.info("Loading TLS certificate from %s", cert_path)
@ -505,11 +504,11 @@ class TlsConfig(Config):

        return cert

-    def read_tls_private_key(self):
+    def read_tls_private_key(self) -> crypto.PKey:
        """Reads the TLS private key from the configured file, and returns it

        Returns:
-            OpenSSL.crypto.PKey: the private key
+            The private key
        """
        private_key_path = self.tls_private_key_file
        logger.info("Loading TLS key from %s", private_key_path)
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@ -22,13 +22,12 @@ from typing import (
    Callable,
    Dict,
    List,
-    Match,
    Optional,
    Tuple,
    Union,
 )

-from prometheus_client import Counter, Histogram
+from prometheus_client import Counter, Gauge, Histogram

 from twisted.internet import defer
 from twisted.internet.abstract import isIPAddress
@ -88,6 +87,13 @@ pdu_process_time = Histogram(
 )


+last_pdu_age_metric = Gauge(
+    "synapse_federation_last_received_pdu_age",
+    "The age (in seconds) of the last PDU successfully received from the given domain",
+    labelnames=("server_name",),
+)
+
+
 class FederationServer(FederationBase):
    def __init__(self, hs):
        super().__init__(hs)
@ -118,6 +124,10 @@ class FederationServer(FederationBase):
            hs, "state_ids_resp", timeout_ms=30000
        )

+        self._federation_metrics_domains = (
+            hs.get_config().federation.federation_metrics_domains
+        )
+
    async def on_backfill_request(
        self, origin: str, room_id: str, versions: List[str], limit: int
    ) -> Tuple[int, Dict[str, Any]]:
@ -262,7 +272,11 @@ class FederationServer(FederationBase):

        pdus_by_room = {}  # type: Dict[str, List[EventBase]]

+        newest_pdu_ts = 0
+
        for p in transaction.pdus:  # type: ignore
+            # FIXME (richardv): I don't think this works:
+            #  https://github.com/matrix-org/synapse/issues/8429
            if "unsigned" in p:
                unsigned = p["unsigned"]
                if "age" in unsigned:
@ -300,6 +314,9 @@ class FederationServer(FederationBase):
            event = event_from_pdu_json(p, room_version)
            pdus_by_room.setdefault(room_id, []).append(event)

+            if event.origin_server_ts > newest_pdu_ts:
+                newest_pdu_ts = event.origin_server_ts
+
        pdu_results = {}

        # we can process different rooms in parallel (which is useful if they
@ -340,6 +357,10 @@ class FederationServer(FederationBase):
            process_pdus_for_room, pdus_by_room.keys(), TRANSACTION_CONCURRENCY_LIMIT
        )

+        if newest_pdu_ts and origin in self._federation_metrics_domains:
+            newest_pdu_age = self._clock.time_msec() - newest_pdu_ts
+            last_pdu_age_metric.labels(server_name=origin).set(newest_pdu_age / 1000)
+
        return pdu_results

    async def _handle_edus_in_txn(self, origin: str, transaction: Transaction):
@ -803,14 +824,14 @@ def server_matches_acl_event(server_name: str, acl_event: EventBase) -> bool:
    return False


-def _acl_entry_matches(server_name: str, acl_entry: str) -> Match:
+def _acl_entry_matches(server_name: str, acl_entry: Any) -> bool:
    if not isinstance(acl_entry, str):
        logger.warning(
            "Ignoring non-str ACL entry '%s' (is %s)", acl_entry, type(acl_entry)
        )
        return False
    regex = glob_to_regex(acl_entry)
-    return regex.match(server_name)
+    return bool(regex.match(server_name))


 class FederationHandlerRegistry:
--- a/synapse/federation/sender/transaction_manager.py
+++ b/synapse/federation/sender/transaction_manager.py
@ -15,6 +15,8 @@
 import logging
 from typing import TYPE_CHECKING, List

+from prometheus_client import Gauge
+
 from synapse.api.errors import HttpResponseException
 from synapse.events import EventBase
 from synapse.federation.persistence import TransactionActions
@ -34,6 +36,12 @@ if TYPE_CHECKING:

 logger = logging.getLogger(__name__)

+last_pdu_age_metric = Gauge(
+    "synapse_federation_last_sent_pdu_age",
+    "The age (in seconds) of the last PDU successfully sent to the given domain",
+    labelnames=("server_name",),
+)
+

 class TransactionManager:
    """Helper class which handles building and sending transactions
@ -48,6 +56,10 @@ class TransactionManager:
        self._transaction_actions = TransactionActions(self._store)
        self._transport_layer = hs.get_federation_transport_client()

+        self._federation_metrics_domains = (
+            hs.get_config().federation.federation_metrics_domains
+        )
+
        # HACK to get unique tx id
        self._next_txn_id = int(self.clock.time_msec())

@ -119,6 +131,9 @@ class TransactionManager:

            # FIXME (erikj): This is a bit of a hack to make the Pdu age
            # keys work
+            # FIXME (richardv): I also believe it no longer works. We (now?) store
+            #  "age_ts" in "unsigned" rather than at the top level. See
+            #  https://github.com/matrix-org/synapse/issues/8429.
            def json_data_cb():
                data = transaction.get_dict()
                now = int(self.clock.time_msec())
@ -167,5 +182,12 @@ class TransactionManager:
                    )
                success = False

+            if success and pdus and destination in self._federation_metrics_domains:
+                last_pdu = pdus[-1]
+                last_pdu_age = self.clock.time_msec() - last_pdu.origin_server_ts
+                last_pdu_age_metric.labels(server_name=destination).set(
+                    last_pdu_age / 1000
+                )
+
            set_tag(tags.ERROR, not success)
            return success
--- a/Show More
+++ b/Show More
				`@ -1 +0,0 @@`
				`Fix a bug in the media repository where remote thumbnails with the same size but different crop methods would overwrite each other. Contributed by @deepbluev7.`
				`@ -0,0 +1 @@`
				`Add a configuration option for always using the "userinfo endpoint" for OpenID Connect. This fixes support for some identity providers, e.g. GitLab. Contributed by Benjamin Koch.`
				`@ -1 +0,0 @@`
				Fix inconsistent handling of non-existent push rules, and stop tracking the `enabled` state of removed push rules.
				`@ -1 +0,0 @@`
				Fix a longstanding bug when storing a media file with an empty `upload_name`.
				`@ -1 +0,0 @@`
				`Require the user to confirm that their password should be reset after clicking the email confirmation link.`
				`@ -1 +0,0 @@`
				`Fix tests on distros which disable TLSv1.0. Contributed by @danc86.`
				`@ -1 +0,0 @@`
				`Simplify the distributor code to avoid unnecessary work.`
				`@ -1 +0,0 @@`
				Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel.
				`@ -1 +0,0 @@`
				Add `/_synapse/client` to the reverse proxy documentation.
				`@ -1 +0,0 @@`
				`Fix messages over federation being lost until an event is sent into the same room.`