Merge remote-tracking branch 'origin/release-v0.12.0'

Bump changelog and version for v0.12.0
Update CHANGES
2025-12-19 02:20:44 +00:00 · 2016-01-04 14:02:50 +00:00 · 2016-01-04 13:57:39 +00:00 · 2016-01-04 12:45:58 +00:00 · 2016-01-04 12:41:53 +00:00 · 2016-01-02 17:24:28 +00:00
181 changed files with 10238 additions and 3261 deletions
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -44,4 +44,10 @@ Eric Myhre <hash at exultant.us>
   repository API.
 Muthu Subramanian <muthu.subramanian.karunanidhi at ericsson.com>
- * Add SAML2 support for registration and logins.
+ * Add SAML2 support for registration and login.
 Steven Hammerton <steven.hammerton at openmarket.com>
 * Add CAS support for registration and login.
 Mads Robin Christensen <mads at v42 dot dk>
 * CentOS 7 installation instructions.
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,163 @@
 Changes in synapse v0.12.0 (2016-01-04)
 =======================================
 * Expose ``/login`` under ``r0`` (PR #459)
 Changes in synapse v0.12.0-rc3 (2015-12-23)
 ===========================================
 * Allow guest accounts access to ``/sync`` (PR #455)
 * Allow filters to include/exclude rooms at the room level
  rather than just from the components of the sync for each
  room. (PR #454)
 * Include urls for room avatars in the response to ``/publicRooms`` (PR #453)
 * Don't set a identicon as the avatar for a user when they register (PR #450)
 * Add a ``display_name`` to third-party invites (PR #449)
 * Send more information to the identity server for third-party invites so that
  it can send richer messages to the invitee (PR #446)
 * Cache the responses to ``/intialSync`` for 5 minutes. If a client
  retries a request to ``/initialSync`` before the a response was computed
  to the first request then the same response is used for both requests
  (PR #457)
 * Fix a bug where synapse would always request the signing keys of
  remote servers even when the key was cached locally (PR #452)
 * Fix 500 when pagination search results (PR #447)
 * Fix a bug where synapse was leaking raw email address in third-party invites
   (PR #448)
 Changes in synapse v0.12.0-rc2 (2015-12-14)
 ===========================================
 * Add caches for whether rooms have been forgotten by a user (PR #434)
 * Remove instructions to use ``--process-dependency-link`` since all of the
  dependencies of synapse are on PyPI (PR #436)
 * Parallelise the processing of ``/sync`` requests (PR #437)
 * Fix race updating presence in ``/events`` (PR #444)
 * Fix bug back-populating search results (PR #441)
 * Fix bug calculating state in ``/sync`` requests (PR #442)
 Changes in synapse v0.12.0-rc1 (2015-12-10)
 ===========================================
 * Host the client APIs released as r0 by
  https://matrix.org/docs/spec/r0.0.0/client_server.html
  on paths prefixed by ``/_matrix/client/r0``. (PR #430, PR #415, PR #400)
 * Updates the client APIs to match r0 of the matrix specification.
  * All APIs return events in the new event format, old APIs also include
    the fields needed to parse the event using the old format for
    compatibility. (PR #402)
  * Search results are now given as a JSON array rather than
    a JSON object (PR #405)
  * Miscellaneous changes to search (PR #403, PR #406, PR #412)
  * Filter JSON objects may now be passed as query parameters to ``/sync``
    (PR #431)
  * Fix implementation of ``/admin/whois`` (PR #418)
  * Only include the rooms that user has left in ``/sync`` if the client
    requests them in the filter (PR #423)
  * Don't push for ``m.room.message`` by default (PR #411)
  * Add API for setting per account user data (PR #392)
  * Allow users to forget rooms (PR #385)
 * Performance improvements and monitoring:
  * Add per-request counters for CPU time spent on the main python thread.
    (PR #421, PR #420)
  * Add per-request counters for time spent in the database (PR #429)
  * Make state updates in the C+S API idempotent (PR #416)
  * Only fire ``user_joined_room`` if the user has actually joined. (PR #410)
  * Reuse a single http client, rather than creating new ones (PR #413)
 * Fixed a bug upgrading from older versions of synapse on postgresql (PR #417)
 Changes in synapse v0.11.1 (2015-11-20)
 =======================================
 * Add extra options to search API (PR #394)
 * Fix bug where we did not correctly cap federation retry timers. This meant it
  could take several hours for servers to start talking to ressurected servers,
  even when they were receiving traffic from them (PR #393)
 * Don't advertise login token flow unless CAS is enabled. This caused issues
  where some clients would always use the fallback API if they did not
  recognize all login flows (PR #391)
 * Change /v2 sync API to rename ``private_user_data`` to ``account_data``
  (PR #386)
 * Change /v2 sync API to remove the ``event_map`` and rename keys in ``rooms``
  object (PR #389)
 Changes in synapse v0.11.0-r2 (2015-11-19)
 ==========================================
 * Fix bug in database port script (PR #387)
 Changes in synapse v0.11.0-r1 (2015-11-18)
 ==========================================
 * Retry and fail federation requests more aggressively for requests that block
  client side requests (PR #384)
 Changes in synapse v0.11.0 (2015-11-17)
 =======================================
 * Change CAS login API (PR #349)
 Changes in synapse v0.11.0-rc2 (2015-11-13)
 ===========================================
 * Various changes to /sync API response format (PR #373)
 * Fix regression when setting display name in newly joined room over
  federation (PR #368)
 * Fix problem where /search was slow when using SQLite (PR #366)
 Changes in synapse v0.11.0-rc1 (2015-11-11)
 ===========================================
 * Add Search API (PR #307, #324, #327, #336, #350, #359)
 * Add 'archived' state to v2 /sync API (PR #316)
 * Add ability to reject invites (PR #317)
 * Add config option to disable password login (PR #322)
 * Add the login fallback API (PR #330)
 * Add room context API (PR #334)
 * Add room tagging support (PR #335)
 * Update v2 /sync API to match spec (PR #305, #316, #321, #332, #337, #341)
 * Change retry schedule for application services (PR #320)
 * Change retry schedule for remote servers (PR #340)
 * Fix bug where we hosted static content in the incorrect place (PR #329)
 * Fix bug where we didn't increment retry interval for remote servers (PR #343)
 Changes in synapse v0.10.1-rc1 (2015-10-15)
 ===========================================
 * Add support for CAS, thanks to Steven Hammerton (PR #295, #296)
 * Add support for using macaroons for ``access_token`` (PR #256, #229)
 * Add support for ``m.room.canonical_alias`` (PR #287)
 * Add support for viewing the history of rooms that they have left. (PR #276,
  #294)
 * Add support for refresh tokens (PR #240)
 * Add flag on creation which disables federation of the room (PR #279)
 * Add some room state to invites. (PR #275)
 * Atomically persist events when joining a room over federation (PR #283)
 * Change default history visibility for private rooms (PR #271)
 * Allow users to redact their own sent events (PR #262)
 * Use tox for tests (PR #247)
 * Split up syutil into separate libraries (PR #243)
 Changes in synapse v0.10.0-r2 (2015-09-16)
 ==========================================
 * Fix bug where we always fetched remote server signing keys instead of using
  ones in our cache.
 * Fix adding threepids to an existing account.
 * Fix bug with invinting over federation where remote server was already in
  the room. (PR #281, SYN-392)
 Changes in synapse v0.10.0-r1 (2015-09-08)
 ==========================================
 * Fix bug with python packaging
 Changes in synapse v0.10.0 (2015-09-03)
 =======================================
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -15,8 +15,11 @@ recursive-include scripts *
 recursive-include scripts-dev *
 recursive-include tests *.py
-recursive-include static *.css
+recursive-include synapse/static *.css
-recursive-include static *.html
+recursive-include synapse/static *.gif
-recursive-include static *.js
+recursive-include synapse/static *.html
 recursive-include synapse/static *.js
 exclude jenkins.sh
 prune demo/etc
--- a/README.rst
+++ b/README.rst
@@ -20,8 +20,8 @@ The overall architecture is::
             https://somewhere.org/_matrix      https://elsewhere.net/_matrix
 ``#matrix:matrix.org`` is the official support room for Matrix, and can be
-accessed by the web client at http://matrix.org/beta or via an IRC bridge at
+accessed by any client from https://matrix.org/blog/try-matrix-now or via IRC
-irc://irc.freenode.net/matrix.
+bridge at irc://irc.freenode.net/matrix.
 Synapse is currently in rapid development, but as of version 0.5 we believe it
 is sufficiently stable to be run as an internet-facing service for real usage!
@@ -77,14 +77,14 @@ Meanwhile, iOS and Android SDKs and clients are available from:
 - https://github.com/matrix-org/matrix-android-sdk
 We'd like to invite you to join #matrix:matrix.org (via
-https://matrix.org/beta), run a homeserver, take a look at the Matrix spec at
+https://matrix.org/blog/try-matrix-now), run a homeserver, take a look at the
-https://matrix.org/docs/spec and API docs at https://matrix.org/docs/api,
+Matrix spec at https://matrix.org/docs/spec and API docs at
-experiment with the APIs and the demo clients, and report any bugs via
+https://matrix.org/docs/api, experiment with the APIs and the demo clients, and
-https://matrix.org/jira.
+report any bugs via https://matrix.org/jira.
 Thanks for using Matrix!
-[1] End-to-end encryption is currently in development
+[1] End-to-end encryption is currently in development - see https://matrix.org/git/olm
 Synapse Installation
 ====================
@@ -111,6 +111,14 @@ Installing prerequisites on ArchLinux::
    sudo pacman -S base-devel python2 python-pip \
                   python-setuptools python-virtualenv sqlite3
 Installing prerequisites on CentOS 7::
    sudo yum install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
                     lcms2-devel libwebp-devel tcl-devel tk-devel \
                     python-virtualenv libffi-devel openssl-devel
    sudo yum groupinstall "Development Tools"
 Installing prerequisites on Mac OS X::
    xcode-select --install
@@ -122,7 +130,7 @@ To install the synapse homeserver run::
    virtualenv -p python2.7 ~/.synapse
    source ~/.synapse/bin/activate
    pip install --upgrade setuptools
-    pip install --process-dependency-links https://github.com/matrix-org/synapse/tarball/master
+    pip install https://github.com/matrix-org/synapse/tarball/master
 This installs synapse, along with the libraries it uses, into a virtual
 environment under ``~/.synapse``.  Feel free to pick a different directory
@@ -133,15 +141,25 @@ In case of problems, please see the _Troubleshooting section below.
 Alternatively, Silvio Fricke has contributed a Dockerfile to automate the
 above in Docker at https://registry.hub.docker.com/u/silviof/docker-matrix/.
 Another alternative is to install via apt from http://matrix.org/packages/debian/.
 Note that these packages do not include  a client - choose one from
 https://matrix.org/blog/try-matrix-now/ (or build your own with 
 https://github.com/matrix-org/matrix-js-sdk/). 
 Finally, Martin Giess has created an auto-deployment process with vagrant/ansible, 
 tested with VirtualBox/AWS/DigitalOcean - see https://github.com/EMnify/matrix-synapse-auto-deploy 
 for details.
 To set up your homeserver, run (in your virtualenv, as before)::
    cd ~/.synapse
    python -m synapse.app.homeserver \
        --server-name machine.my.domain.name \
        --config-path homeserver.yaml \
-        --generate-config
+        --generate-config \
        --report-stats=[yes|no]
-Substituting your host and domain name as appropriate.
+...substituting your host and domain name as appropriate.
 This will generate you a config file that you can then customise, but it will
 also generate a set of keys for you. These keys will allow your Home Server to
@@ -154,10 +172,11 @@ key in the <server name>.signing.key file (the second word, which by default is
 By default, registration of new users is disabled. You can either enable
 registration in the config by specifying ``enable_registration: true``
-(it is then recommended to also set up CAPTCHA), or
+(it is then recommended to also set up CAPTCHA - see docs/CAPTCHA_SETUP), or
 you can use the command line to register new users::
    $ source ~/.synapse/bin/activate
    $ synctl start # if not already running
    $ register_new_matrix_user -c homeserver.yaml https://localhost:8448
    New user localpart: erikj
    Password:
@@ -167,6 +186,16 @@ you can use the command line to register new users::
 For reliable VoIP calls to be routed via this homeserver, you MUST configure
 a TURN server.  See docs/turn-howto.rst for details.
 Running Synapse
 ===============
 To actually run your new homeserver, pick a working directory for Synapse to
 run (e.g. ``~/.synapse``), and::
    cd ~/.synapse
    source ./bin/activate
    synctl start
 Using PostgreSQL
 ================
@@ -189,16 +218,6 @@ may have a few regressions relative to SQLite.
 For information on how to install and use PostgreSQL, please see
 `docs/postgres.rst <docs/postgres.rst>`_.
 Running Synapse
 ===============
 To actually run your new homeserver, pick a working directory for Synapse to
 run (e.g. ``~/.synapse``), and::
    cd ~/.synapse
    source ./bin/activate
    synctl start
 Platform Specific Instructions
 ==============================
@@ -220,8 +239,7 @@ pip may be outdated (6.0.7-1 and needs to be upgraded to 6.0.8-1 )::
 You also may need to explicitly specify python 2.7 again during the install
 request::
-    pip2.7 install --process-dependency-links \
+    pip2.7 install https://github.com/matrix-org/synapse/tarball/master
        https://github.com/matrix-org/synapse/tarball/master
 If you encounter an error with lib bcrypt causing an Wrong ELF Class:
 ELFCLASS32 (x64 Systems), you may need to reinstall py-bcrypt to correctly
@@ -280,8 +298,7 @@ Troubleshooting
 Troubleshooting Installation
 ----------------------------
-Synapse requires pip 1.7 or later, so if your OS provides too old a version and
+Synapse requires pip 1.7 or later, so if your OS provides too old a version you
 you get errors about ``error: no such option: --process-dependency-links`` you
 may need to manually upgrade it::
    sudo pip install --upgrade pip
@@ -425,6 +442,10 @@ SRV record, as that is the name other machines will expect it to have::
    python -m synapse.app.homeserver --config-path homeserver.yaml
 If you've already generated the config file, you need to edit the "server_name"
 in you  ```homeserver.yaml``` file. If you've already started Synapse and a
 database has been created, you will have to recreate the database.
 You may additionally want to pass one or more "-v" options, in order to
 increase the verbosity of logging output; at least for initial testing.
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -30,6 +30,19 @@ running:
    python synapse/python_dependencies.py | xargs -n1 pip install
 Upgrading to v0.11.0
 ====================
 This release includes the option to send anonymous usage stats to matrix.org,
 and requires that administrators explictly opt in or out by setting the
 ``report_stats`` option to either ``true`` or ``false``.
 We would really appreciate it if you could help our project out by reporting
 anonymized usage statistics from your homeserver. Only very basic aggregate
 data (e.g. number of users) will be reported, but it helps us to track the
 growth of the Matrix community, and helps us to make Matrix a success, as well
 as to convince other networks that they should peer with us.
 Upgrading to v0.9.0
 ===================
--- a/demo/start.sh
+++ b/demo/start.sh
@@ -25,6 +25,7 @@ for port in 8080 8081 8082; do
        --generate-config \
        -H "localhost:$https_port" \
        --config-path "$DIR/etc/$port.config" \
        --report-stats no
    # Check script parameters
    if [ $# -eq 1 ]; then
@@ -37,6 +38,13 @@ for port in 8080 8081 8082; do
    perl -p -i -e 's/^enable_registration:.*/enable_registration: true/g' $DIR/etc/$port.config
    if ! grep -F "full_twisted_stacktraces" -q  $DIR/etc/$port.config; then
        echo "full_twisted_stacktraces: true" >> $DIR/etc/$port.config
    fi
    if ! grep -F "report_stats" -q  $DIR/etc/$port.config ; then
        echo "report_stats: false" >> $DIR/etc/$port.config
    fi
    python -m synapse.app.homeserver \
        --config-path "$DIR/etc/$port.config" \
        -D \
--- a/docs/postgres.rst
+++ b/docs/postgres.rst
@@ -18,8 +18,8 @@ encoding use, e.g.::
 This would create an appropriate database named ``synapse`` owned by the
 ``synapse_user`` user (which must already exist).
-Set up client
+Set up client in Debian/Ubuntu
-=============
+===========================
 Postgres support depends on the postgres python connector ``psycopg2``. In the
 virtual env::
@@ -27,6 +27,19 @@ virtual env::
    sudo apt-get install libpq-dev
    pip install psycopg2
 Set up client in RHEL/CentOs 7
 ==============================
 Make sure you have the appropriate version of postgres-devel installed. For a
 postgres 9.4, use the postgres 9.4 packages from
 [here](https://wiki.postgresql.org/wiki/YUM_Installation).
 As with Debian/Ubuntu, postgres support depends on the postgres python connector
 ``psycopg2``. In the virtual env::
    sudo yum install postgresql-devel libpqxx-devel.x86_64
    export PATH=/usr/pgsql-9.4/bin/:$PATH
    pip install psycopg2
 Synapse config
 ==============
--- a/jenkins.sh
+++ b/jenkins.sh
@@ -0,0 +1,81 @@
 #!/bin/bash -eu
 export PYTHONDONTWRITEBYTECODE=yep
 # Output test results as junit xml
 export TRIAL_FLAGS="--reporter=subunit"
 export TOXSUFFIX="| subunit-1to2 | subunit2junitxml --no-passthrough --output-to=results.xml"
 # Write coverage reports to a separate file for each process
 export COVERAGE_OPTS="-p"
 export DUMP_COVERAGE_COMMAND="coverage help"
 # Output flake8 violations to violations.flake8.log
 # Don't exit with non-0 status code on Jenkins,
 # so that the build steps continue and a later step can decided whether to
 # UNSTABLE or FAILURE this build.
 export PEP8SUFFIX="--output-file=violations.flake8.log || echo flake8 finished with status code \$?"
 rm .coverage* || echo "No coverage files to remove"
 tox
 : ${GIT_BRANCH:="origin/$(git rev-parse --abbrev-ref HEAD)"}
 TOX_BIN=$WORKSPACE/.tox/py27/bin
 if [[ ! -e .sytest-base ]]; then
  git clone https://github.com/matrix-org/sytest.git .sytest-base --mirror
 else
  (cd .sytest-base; git fetch)
 fi
 rm -rf sytest
 git clone .sytest-base sytest --shared
 cd sytest
 git checkout "${GIT_BRANCH}" || (echo >&2 "No ref ${GIT_BRANCH} found, falling back to develop" ; git checkout develop)
 : ${PERL5LIB:=$WORKSPACE/perl5/lib/perl5}
 : ${PERL_MB_OPT:=--install_base=$WORKSPACE/perl5}
 : ${PERL_MM_OPT:=INSTALL_BASE=$WORKSPACE/perl5}
 export PERL5LIB PERL_MB_OPT PERL_MM_OPT
 ./install-deps.pl
 : ${PORT_BASE:=8000}
 echo >&2 "Running sytest with SQLite3";
 ./run-tests.pl --coverage -O tap --synapse-directory $WORKSPACE \
    --python $TOX_BIN/python --all --port-base $PORT_BASE > results-sqlite3.tap
 RUN_POSTGRES=""
 for port in $(($PORT_BASE + 1)) $(($PORT_BASE + 2)); do
    if psql synapse_jenkins_$port <<< ""; then
        RUN_POSTGRES=$RUN_POSTGRES:$port
        cat > localhost-$port/database.yaml << EOF
 name: psycopg2
 args:
    database: synapse_jenkins_$port
 EOF
    fi
 done
 # Run if both postgresql databases exist
 if test $RUN_POSTGRES = ":$(($PORT_BASE + 1)):$(($PORT_BASE + 2))"; then
    echo >&2 "Running sytest with PostgreSQL";
    $TOX_BIN/pip install psycopg2
    ./run-tests.pl --coverage -O tap --synapse-directory $WORKSPACE \
        --python $TOX_BIN/python --all --port-base $PORT_BASE > results-postgresql.tap
 else
    echo >&2 "Skipping running sytest with PostgreSQL, $RUN_POSTGRES"
 fi
 cd ..
 cp sytest/.coverage.* .
 # Combine the coverage reports
 echo "Combining:" .coverage.*
 $TOX_BIN/python -m coverage combine
 # Output coverage to coverage.xml
 $TOX_BIN/coverage xml -o coverage.xml
--- a/scripts-dev/definitions.py
+++ b/scripts-dev/definitions.py
@@ -0,0 +1,175 @@
 #! /usr/bin/python
 import ast
 import yaml
 class DefinitionVisitor(ast.NodeVisitor):
    def __init__(self):
        super(DefinitionVisitor, self).__init__()
        self.functions = {}
        self.classes = {}
        self.names = {}
        self.attrs = set()
        self.definitions = {
            'def': self.functions,
            'class': self.classes,
            'names': self.names,
            'attrs': self.attrs,
        }
    def visit_Name(self, node):
        self.names.setdefault(type(node.ctx).__name__, set()).add(node.id)
    def visit_Attribute(self, node):
        self.attrs.add(node.attr)
        for child in ast.iter_child_nodes(node):
            self.visit(child)
    def visit_ClassDef(self, node):
        visitor = DefinitionVisitor()
        self.classes[node.name] = visitor.definitions
        for child in ast.iter_child_nodes(node):
            visitor.visit(child)
    def visit_FunctionDef(self, node):
        visitor = DefinitionVisitor()
        self.functions[node.name] = visitor.definitions
        for child in ast.iter_child_nodes(node):
            visitor.visit(child)
 def non_empty(defs):
    functions = {name: non_empty(f) for name, f in defs['def'].items()}
    classes = {name: non_empty(f) for name, f in defs['class'].items()}
    result = {}
    if functions: result['def'] = functions
    if classes: result['class'] = classes
    names = defs['names']
    uses = []
    for name in names.get('Load', ()):
        if name not in names.get('Param', ()) and name not in names.get('Store', ()):
            uses.append(name)
    uses.extend(defs['attrs'])
    if uses: result['uses'] = uses
    result['names'] = names
    result['attrs'] = defs['attrs']
    return result
 def definitions_in_code(input_code):
    input_ast = ast.parse(input_code)
    visitor = DefinitionVisitor()
    visitor.visit(input_ast)
    definitions = non_empty(visitor.definitions)
    return definitions
 def definitions_in_file(filepath):
    with open(filepath) as f:
        return definitions_in_code(f.read())
 def defined_names(prefix, defs, names):
    for name, funcs in defs.get('def', {}).items():
        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
        defined_names(prefix + name + ".", funcs, names)
    for name, funcs in defs.get('class', {}).items():
        names.setdefault(name, {'defined': []})['defined'].append(prefix + name)
        defined_names(prefix + name + ".", funcs, names)
 def used_names(prefix, item, defs, names):
    for name, funcs in defs.get('def', {}).items():
        used_names(prefix + name + ".", name, funcs, names)
    for name, funcs in defs.get('class', {}).items():
        used_names(prefix + name + ".", name, funcs, names)
    for used in defs.get('uses', ()):
        if used in names:
            names[used].setdefault('used', {}).setdefault(item, []).append(prefix.rstrip('.'))
 if __name__ == '__main__':
    import sys, os, argparse, re
    parser = argparse.ArgumentParser(description='Find definitions.')
    parser.add_argument(
        "--unused", action="store_true", help="Only list unused definitions"
    )
    parser.add_argument(
        "--ignore", action="append", metavar="REGEXP", help="Ignore a pattern"
    )
    parser.add_argument(
        "--pattern", action="append", metavar="REGEXP",
        help="Search for a pattern"
    )
    parser.add_argument(
        "directories", nargs='+', metavar="DIR",
        help="Directories to search for definitions"
    )
    parser.add_argument(
        "--referrers", default=0, type=int,
        help="Include referrers up to the given depth"
    )
    parser.add_argument(
        "--format", default="yaml",
        help="Output format, one of 'yaml' or 'dot'"
    )
    args = parser.parse_args()
    definitions = {}
    for directory in args.directories:
        for root, dirs, files in os.walk(directory):
            for filename in files:
                if filename.endswith(".py"):
                    filepath = os.path.join(root, filename)
                    definitions[filepath] = definitions_in_file(filepath)
    names = {}
    for filepath, defs in definitions.items():
        defined_names(filepath + ":", defs, names)
    for filepath, defs in definitions.items():
        used_names(filepath + ":", None, defs, names)
    patterns = [re.compile(pattern) for pattern in args.pattern or ()]
    ignore = [re.compile(pattern) for pattern in args.ignore or ()]
    result = {}
    for name, definition in names.items():
        if patterns and not any(pattern.match(name) for pattern in patterns):
            continue
        if ignore and any(pattern.match(name) for pattern in ignore):
            continue
        if args.unused and definition.get('used'):
            continue
        result[name] = definition
    referrer_depth = args.referrers
    referrers = set()
    while referrer_depth:
        referrer_depth -= 1
        for entry in result.values():
            for used_by in entry.get("used", ()):
                referrers.add(used_by)
        for name, definition in names.items():
            if not name in referrers:
                continue
            if ignore and any(pattern.match(name) for pattern in ignore):
                continue
            result[name] = definition
    if args.format == 'yaml':
        yaml.dump(result, sys.stdout, default_flow_style=False)
    elif args.format == 'dot':
        print "digraph {"
        for name, entry in result.items():
            print name
            for used_by in entry.get("used", ()):
                if used_by in result:
                    print used_by, "->", name
        print "}"
    else:
        raise ValueError("Unknown format %r" % (args.format))
--- a/scripts/gen_password
+++ b/scripts/gen_password
@@ -0,0 +1 @@
 perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"'
--- a/scripts/synapse_port_db
+++ b/scripts/synapse_port_db
@@ -68,6 +68,7 @@ APPEND_ONLY_TABLES = [
    "state_groups_state",
    "event_to_state_groups",
    "rejections",
    "event_search",
 ]
@@ -95,8 +96,6 @@ class Store(object):
    _simple_update_one = SQLBaseStore.__dict__["_simple_update_one"]
    _simple_update_one_txn = SQLBaseStore.__dict__["_simple_update_one_txn"]
    _execute_and_decode = SQLBaseStore.__dict__["_execute_and_decode"]
    def runInteraction(self, desc, func, *args, **kwargs):
        def r(conn):
            try:
@@ -231,19 +230,51 @@ class Porter(object):
            if rows:
                next_chunk = rows[-1][0] + 1
-                self._convert_rows(table, headers, rows)
+                if table == "event_search":
                    # We have to treat event_search differently since it has a
                    # different structure in the two different databases.
                    def insert(txn):
                        sql = (
                            "INSERT INTO event_search (event_id, room_id, key, sender, vector)"
                            " VALUES (?,?,?,?,to_tsvector('english', ?))"
                        )
-                def insert(txn):
+                        rows_dict = [
-                    self.postgres_store.insert_many_txn(
+                            dict(zip(headers, row))
-                        txn, table, headers[1:], rows
+                            for row in rows
-                    )
+                        ]
-                    self.postgres_store._simple_update_one_txn(
+                        txn.executemany(sql, [
-                        txn,
+                            (
-                        table="port_from_sqlite3",
+                                row["event_id"],
-                        keyvalues={"table_name": table},
+                                row["room_id"],
-                        updatevalues={"rowid": next_chunk},
+                                row["key"],
-                    )
+                                row["sender"],
                                row["value"],
                            )
                            for row in rows_dict
                        ])
                        self.postgres_store._simple_update_one_txn(
                            txn,
                            table="port_from_sqlite3",
                            keyvalues={"table_name": table},
                            updatevalues={"rowid": next_chunk},
                        )
                else:
                    self._convert_rows(table, headers, rows)
                    def insert(txn):
                        self.postgres_store.insert_many_txn(
                            txn, table, headers[1:], rows
                        )
                        self.postgres_store._simple_update_one_txn(
                            txn,
                            table="port_from_sqlite3",
                            keyvalues={"table_name": table},
                            updatevalues={"rowid": next_chunk},
                        )
                yield self.postgres_store.execute(insert)
--- a/synapse/init.py
+++ b/synapse/init.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
-__version__ = "0.10.0"
+__version__ = "0.12.0"
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -14,15 +14,20 @@
 # limitations under the License.
 """This module contains classes for authenticating the user."""
 from canonicaljson import encode_canonical_json
 from signedjson.key import decode_verify_key_bytes
 from signedjson.sign import verify_signed_json, SignatureVerifyException
 from twisted.internet import defer
 from synapse.api.constants import EventTypes, Membership, JoinRules
-from synapse.api.errors import AuthError, Codes, SynapseError
+from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
 from synapse.types import RoomID, UserID, EventID
 from synapse.util.logutils import log_function
-from synapse.types import UserID, EventID
+from unpaddedbase64 import decode_base64
 import logging
 import pymacaroons
 logger = logging.getLogger(__name__)
@@ -30,6 +35,7 @@ logger = logging.getLogger(__name__)
 AuthEventTypes = (
    EventTypes.Create, EventTypes.Member, EventTypes.PowerLevels,
    EventTypes.JoinRules, EventTypes.RoomHistoryVisibility,
    EventTypes.ThirdPartyInvite,
 )
@@ -40,6 +46,13 @@ class Auth(object):
        self.store = hs.get_datastore()
        self.state = hs.get_state_handler()
        self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
        self._KNOWN_CAVEAT_PREFIXES = set([
            "gen = ",
            "guest = ",
            "type = ",
            "time < ",
            "user_id = ",
        ])
    def check(self, event, auth_events):
        """ Checks if this event is correctly authed.
@@ -52,6 +65,8 @@ class Auth(object):
        Returns:
            True if the auth checks pass.
        """
        self.check_size_limits(event)
        try:
            if not hasattr(event, "room_id"):
                raise AuthError(500, "Event has no room_id: %s" % event)
@@ -73,6 +88,15 @@ class Auth(object):
                    "Room %r does not exist" % (event.room_id,)
                )
            creating_domain = RoomID.from_string(event.room_id).domain
            originating_domain = UserID.from_string(event.sender).domain
            if creating_domain != originating_domain:
                if not self.can_federate(event, auth_events):
                    raise AuthError(
                        403,
                        "This room has been marked as unfederatable."
                    )
            # FIXME: Temp hack
            if event.type == EventTypes.Aliases:
                return True
@@ -110,8 +134,39 @@ class Auth(object):
            logger.info("Denying! %s", event)
            raise
    def check_size_limits(self, event):
        def too_big(field):
            raise EventSizeError("%s too large" % (field,))
        if len(event.user_id) > 255:
            too_big("user_id")
        if len(event.room_id) > 255:
            too_big("room_id")
        if event.is_state() and len(event.state_key) > 255:
            too_big("state_key")
        if len(event.type) > 255:
            too_big("type")
        if len(event.event_id) > 255:
            too_big("event_id")
        if len(encode_canonical_json(event.get_pdu_json())) > 65536:
            too_big("event")
    @defer.inlineCallbacks
    def check_joined_room(self, room_id, user_id, current_state=None):
        """Check if the user is currently joined in the room
        Args:
            room_id(str): The room to check.
            user_id(str): The user to check.
            current_state(dict): Optional map of the current state of the room.
                If provided then that map is used to check whether they are a
                member of the room. Otherwise the current membership is
                loaded from the database.
        Raises:
            AuthError if the user is not in the room.
        Returns:
            A deferred membership event for the user if the user is in
            the room.
        """
        if current_state:
            member = current_state.get(
                (EventTypes.Member, user_id),
@@ -127,6 +182,40 @@ class Auth(object):
        self._check_joined_room(member, user_id, room_id)
        defer.returnValue(member)
    @defer.inlineCallbacks
    def check_user_was_in_room(self, room_id, user_id):
        """Check if the user was in the room at some point.
        Args:
            room_id(str): The room to check.
            user_id(str): The user to check.
        Raises:
            AuthError if the user was never in the room.
        Returns:
            A deferred membership event for the user if the user was in the
            room. This will be the join event if they are currently joined to
            the room. This will be the leave event if they have left the room.
        """
        member = yield self.state.get_current_state(
            room_id=room_id,
            event_type=EventTypes.Member,
            state_key=user_id
        )
        membership = member.membership if member else None
        if membership not in (Membership.JOIN, Membership.LEAVE):
            raise AuthError(403, "User %s not in room %s" % (
                user_id, room_id
            ))
        if membership == Membership.LEAVE:
            forgot = yield self.store.did_forget(user_id, room_id)
            if forgot:
                raise AuthError(403, "User %s not in room %s" % (
                    user_id, room_id
                ))
        defer.returnValue(member)
    @defer.inlineCallbacks
    def check_host_in_room(self, room_id, host):
        curr_state = yield self.state.get_current_state(room_id)
@@ -161,6 +250,11 @@ class Auth(object):
                user_id, room_id, repr(member)
            ))
    def can_federate(self, event, auth_events):
        creation_event = auth_events.get((EventTypes.Create, ""))
        return creation_event.content.get("m.federate", True) is True
    @log_function
    def is_membership_change_allowed(self, event, auth_events):
        membership = event.content["membership"]
@@ -176,6 +270,15 @@ class Auth(object):
        target_user_id = event.state_key
        creating_domain = RoomID.from_string(event.room_id).domain
        target_domain = UserID.from_string(target_user_id).domain
        if creating_domain != target_domain:
            if not self.can_federate(event, auth_events):
                raise AuthError(
                    403,
                    "This room has been marked as unfederatable."
                )
        # get info about the caller
        key = (EventTypes.Member, event.user_id, )
        caller = auth_events.get(key)
@@ -221,8 +324,17 @@ class Auth(object):
            }
        )
        if Membership.INVITE == membership and "third_party_invite" in event.content:
            if not self._verify_third_party_invite(event, auth_events):
                raise AuthError(403, "You are not invited to this room.")
            return True
        if Membership.JOIN != membership:
-            # JOIN is the only action you can perform if you're not in the room
+            if (caller_invited
                    and Membership.LEAVE == membership
                    and target_user_id == event.user_id):
                return True
            if not caller_in_room:  # caller isn't joined
                raise AuthError(
                    403,
@@ -286,6 +398,66 @@ class Auth(object):
        return True
    def _verify_third_party_invite(self, event, auth_events):
        """
        Validates that the invite event is authorized by a previous third-party invite.
        Checks that the public key, and keyserver, match those in the third party invite,
        and that the invite event has a signature issued using that public key.
        Args:
            event: The m.room.member join event being validated.
            auth_events: All relevant previous context events which may be used
                for authorization decisions.
        Return:
            True if the event fulfills the expectations of a previous third party
            invite event.
        """
        if "third_party_invite" not in event.content:
            return False
        if "signed" not in event.content["third_party_invite"]:
            return False
        signed = event.content["third_party_invite"]["signed"]
        for key in {"mxid", "token"}:
            if key not in signed:
                return False
        token = signed["token"]
        invite_event = auth_events.get(
            (EventTypes.ThirdPartyInvite, token,)
        )
        if not invite_event:
            return False
        if event.user_id != invite_event.user_id:
            return False
        try:
            public_key = invite_event.content["public_key"]
            if signed["mxid"] != event.state_key:
                return False
            if signed["token"] != token:
                return False
            for server, signature_block in signed["signatures"].items():
                for key_name, encoded_signature in signature_block.items():
                    if not key_name.startswith("ed25519:"):
                        return False
                    verify_key = decode_verify_key_bytes(
                        key_name,
                        decode_base64(public_key)
                    )
                    verify_signed_json(signed, server, verify_key)
                    # We got the public key from the invite, so we know that the
                    # correct server signed the signed bundle.
                    # The caller is responsible for checking that the signing
                    # server has not revoked that public key.
                    return True
            return False
        except (KeyError, SignatureVerifyException,):
            return False
    def _get_power_level_event(self, auth_events):
        key = (EventTypes.PowerLevels, "", )
        return auth_events.get(key)
@@ -324,7 +496,7 @@ class Auth(object):
            return default
    @defer.inlineCallbacks
-    def get_user_by_req(self, request):
+    def get_user_by_req(self, request, allow_guest=False):
        """ Get a registered user's ID.
        Args:
@@ -362,14 +534,15 @@ class Auth(object):
                request.authenticated_entity = user_id
-                defer.returnValue((UserID.from_string(user_id), ""))
+                defer.returnValue((UserID.from_string(user_id), "", False))
                return
            except KeyError:
                pass  # normal users won't have the user_id query parameter set.
-            user_info = yield self.get_user_by_access_token(access_token)
+            user_info = yield self._get_user_by_access_token(access_token)
            user = user_info["user"]
            token_id = user_info["token_id"]
            is_guest = user_info["is_guest"]
            ip_addr = self.hs.get_ip_from_request(request)
            user_agent = request.requestHeaders.getRawHeaders(
@@ -384,9 +557,14 @@ class Auth(object):
                    user_agent=user_agent
                )
            if is_guest and not allow_guest:
                raise AuthError(
                    403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
                )
            request.authenticated_entity = user.to_string()
-            defer.returnValue((user, token_id,))
+            defer.returnValue((user, token_id, is_guest,))
        except KeyError:
            raise AuthError(
                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
@@ -394,7 +572,7 @@ class Auth(object):
            )
    @defer.inlineCallbacks
-    def get_user_by_access_token(self, token):
+    def _get_user_by_access_token(self, token):
        """ Get a registered user's ID.
        Args:
@@ -404,6 +582,112 @@ class Auth(object):
        Raises:
            AuthError if no user by that token exists or the token is invalid.
        """
        try:
            ret = yield self._get_user_from_macaroon(token)
        except AuthError:
            # TODO(daniel): Remove this fallback when all existing access tokens
            # have been re-issued as macaroons.
            ret = yield self._look_up_user_by_access_token(token)
        defer.returnValue(ret)
    @defer.inlineCallbacks
    def _get_user_from_macaroon(self, macaroon_str):
        try:
            macaroon = pymacaroons.Macaroon.deserialize(macaroon_str)
            self.validate_macaroon(macaroon, "access", False)
            user_prefix = "user_id = "
            user = None
            guest = False
            for caveat in macaroon.caveats:
                if caveat.caveat_id.startswith(user_prefix):
                    user = UserID.from_string(caveat.caveat_id[len(user_prefix):])
                elif caveat.caveat_id == "guest = true":
                    guest = True
            if user is None:
                raise AuthError(
                    self.TOKEN_NOT_FOUND_HTTP_STATUS, "No user caveat in macaroon",
                    errcode=Codes.UNKNOWN_TOKEN
                )
            if guest:
                ret = {
                    "user": user,
                    "is_guest": True,
                    "token_id": None,
                }
            else:
                # This codepath exists so that we can actually return a
                # token ID, because we use token IDs in place of device
                # identifiers throughout the codebase.
                # TODO(daniel): Remove this fallback when device IDs are
                # properly implemented.
                ret = yield self._look_up_user_by_access_token(macaroon_str)
                if ret["user"] != user:
                    logger.error(
                        "Macaroon user (%s) != DB user (%s)",
                        user,
                        ret["user"]
                    )
                    raise AuthError(
                        self.TOKEN_NOT_FOUND_HTTP_STATUS,
                        "User mismatch in macaroon",
                        errcode=Codes.UNKNOWN_TOKEN
                    )
            defer.returnValue(ret)
        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
            raise AuthError(
                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Invalid macaroon passed.",
                errcode=Codes.UNKNOWN_TOKEN
            )
    def validate_macaroon(self, macaroon, type_string, verify_expiry):
        """
        validate that a Macaroon is understood by and was signed by this server.
        Args:
            macaroon(pymacaroons.Macaroon): The macaroon to validate
            type_string(str): The kind of token this is (e.g. "access", "refresh")
            verify_expiry(bool): Whether to verify whether the macaroon has expired.
                This should really always be True, but no clients currently implement
                token refresh, so we can't enforce expiry yet.
        """
        v = pymacaroons.Verifier()
        v.satisfy_exact("gen = 1")
        v.satisfy_exact("type = " + type_string)
        v.satisfy_general(lambda c: c.startswith("user_id = "))
        v.satisfy_exact("guest = true")
        if verify_expiry:
            v.satisfy_general(self._verify_expiry)
        else:
            v.satisfy_general(lambda c: c.startswith("time < "))
        v.verify(macaroon, self.hs.config.macaroon_secret_key)
        v = pymacaroons.Verifier()
        v.satisfy_general(self._verify_recognizes_caveats)
        v.verify(macaroon, self.hs.config.macaroon_secret_key)
    def _verify_expiry(self, caveat):
        prefix = "time < "
        if not caveat.startswith(prefix):
            return False
        expiry = int(caveat[len(prefix):])
        now = self.hs.get_clock().time_msec()
        return now < expiry
    def _verify_recognizes_caveats(self, caveat):
        first_space = caveat.find(" ")
        if first_space < 0:
            return False
        second_space = caveat.find(" ", first_space + 1)
        if second_space < 0:
            return False
        return caveat[:second_space + 1] in self._KNOWN_CAVEAT_PREFIXES
    @defer.inlineCallbacks
    def _look_up_user_by_access_token(self, token):
        ret = yield self.store.get_user_by_access_token(token)
        if not ret:
            raise AuthError(
@@ -413,8 +697,8 @@ class Auth(object):
        user_info = {
            "user": UserID.from_string(ret.get("name")),
            "token_id": ret.get("token_id", None),
            "is_guest": False,
        }
        defer.returnValue(user_info)
    @defer.inlineCallbacks
@@ -489,6 +773,16 @@ class Auth(object):
            else:
                if member_event:
                    auth_ids.append(member_event.event_id)
            if e_type == Membership.INVITE:
                if "third_party_invite" in event.content:
                    key = (
                        EventTypes.ThirdPartyInvite,
                        event.content["third_party_invite"]["signed"]["token"]
                    )
                    third_party_invite = current_state.get(key)
                    if third_party_invite:
                        auth_ids.append(third_party_invite.event_id)
        elif member_event:
            if member_event.content["membership"] == Membership.JOIN:
                auth_ids.append(member_event.event_id)
@@ -566,7 +860,7 @@ class Auth(object):
        redact_level = self._get_named_level(auth_events, "redact", 50)
-        if user_level > redact_level:
+        if user_level >= redact_level:
            return False
        redacter_domain = EventID.from_string(event.event_id).domain
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -27,16 +27,6 @@ class Membership(object):
    LIST = (INVITE, JOIN, KNOCK, LEAVE, BAN)
 class Feedback(object):
    """Represents the types of feedback a user can send in response to a
    message."""
    DELIVERED = u"delivered"
    READ = u"read"
    LIST = (DELIVERED, READ)
 class PresenceState(object):
    """Represents the presence state of a user."""
    OFFLINE = u"offline"
@@ -73,11 +63,12 @@ class EventTypes(object):
    PowerLevels = "m.room.power_levels"
    Aliases = "m.room.aliases"
    Redaction = "m.room.redaction"
-    Feedback = "m.room.message.feedback"
+    ThirdPartyInvite = "m.room.third_party_invite"
    RoomHistoryVisibility = "m.room.history_visibility"
    CanonicalAlias = "m.room.canonical_alias"
    RoomAvatar = "m.room.avatar"
    GuestAccess = "m.room.guest_access"
    # These are used for validation
    Message = "m.room.message"
@@ -94,3 +85,4 @@ class RejectedReason(object):
 class RoomCreationPreset(object):
    PRIVATE_CHAT = "private_chat"
    PUBLIC_CHAT = "public_chat"
    TRUSTED_PRIVATE_CHAT = "trusted_private_chat"
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -33,6 +33,7 @@ class Codes(object):
    NOT_FOUND = "M_NOT_FOUND"
    MISSING_TOKEN = "M_MISSING_TOKEN"
    UNKNOWN_TOKEN = "M_UNKNOWN_TOKEN"
    GUEST_ACCESS_FORBIDDEN = "M_GUEST_ACCESS_FORBIDDEN"
    LIMIT_EXCEEDED = "M_LIMIT_EXCEEDED"
    CAPTCHA_NEEDED = "M_CAPTCHA_NEEDED"
    CAPTCHA_INVALID = "M_CAPTCHA_INVALID"
@@ -47,7 +48,6 @@ class CodeMessageException(RuntimeError):
    """An exception with integer code and message string attributes."""
    def __init__(self, code, msg):
        logger.info("%s: %s, %s", type(self).__name__, code, msg)
        super(CodeMessageException, self).__init__("%d: %s" % (code, msg))
        self.code = code
        self.msg = msg
@@ -77,11 +77,6 @@ class SynapseError(CodeMessageException):
        )
 class RoomError(SynapseError):
    """An error raised when a room event fails."""
    pass
 class RegistrationError(SynapseError):
    """An error raised when a registration event fails."""
    pass
@@ -125,6 +120,31 @@ class AuthError(SynapseError):
        super(AuthError, self).__init__(*args, **kwargs)
 class GuestAccessError(AuthError):
    """An error raised when a there is a problem with a guest user accessing
    a room"""
    def __init__(self, rooms, *args, **kwargs):
        self.rooms = rooms
        super(GuestAccessError, self).__init__(*args, **kwargs)
    def error_dict(self):
        return cs_error(
            self.msg,
            self.errcode,
            rooms=self.rooms,
        )
 class EventSizeError(SynapseError):
    """An error raised when an event is too big."""
    def __init__(self, *args, **kwargs):
        if "errcode" not in kwargs:
            kwargs["errcode"] = Codes.TOO_LARGE
        super(EventSizeError, self).__init__(413, *args, **kwargs)
 class EventStreamError(SynapseError):
    """An error raised when there a problem with the event stream."""
    def __init__(self, *args, **kwargs):
--- a/synapse/api/filtering.py
+++ b/synapse/api/filtering.py
@@ -24,7 +24,7 @@ class Filtering(object):
    def get_user_filter(self, user_localpart, filter_id):
        result = self.store.get_user_filter(user_localpart, filter_id)
-        result.addCallback(Filter)
+        result.addCallback(FilterCollection)
        return result
    def add_user_filter(self, user_localpart, user_filter):
@@ -50,11 +50,11 @@ class Filtering(object):
        # many definitions.
        top_level_definitions = [
-            "public_user_data", "private_user_data", "server_data"
+            "presence", "account_data"
        ]
        room_level_definitions = [
-            "state", "events", "ephemeral"
+            "state", "timeline", "ephemeral", "account_data"
        ]
        for key in top_level_definitions:
@@ -62,10 +62,29 @@ class Filtering(object):
                self._check_definition(user_filter_json[key])
        if "room" in user_filter_json:
            self._check_definition_room_lists(user_filter_json["room"])
            for key in room_level_definitions:
                if key in user_filter_json["room"]:
                    self._check_definition(user_filter_json["room"][key])
    def _check_definition_room_lists(self, definition):
        """Check that "rooms" and "not_rooms" are lists of room ids if they
        are present
        Args:
            definition(dict): The filter definition
        Raises:
            SynapseError: If there was a problem with this definition.
        """
        # check rooms are valid room IDs
        room_id_keys = ["rooms", "not_rooms"]
        for key in room_id_keys:
            if key in definition:
                if type(definition[key]) != list:
                    raise SynapseError(400, "Expected %s to be a list." % key)
                for room_id in definition[key]:
                    RoomID.from_string(room_id)
    def _check_definition(self, definition):
        """Check if the provided definition is valid.
@@ -85,14 +104,7 @@ class Filtering(object):
                400, "Expected JSON object, not %s" % (definition,)
            )
-        # check rooms are valid room IDs
+        self._check_definition_room_lists(definition)
        room_id_keys = ["rooms", "not_rooms"]
        for key in room_id_keys:
            if key in definition:
                if type(definition[key]) != list:
                    raise SynapseError(400, "Expected %s to be a list." % key)
                for room_id in definition[key]:
                    RoomID.from_string(room_id)
        # check senders are valid user IDs
        user_id_keys = ["senders", "not_senders"]
@@ -114,116 +126,147 @@ class Filtering(object):
                    if not isinstance(event_type, basestring):
                        raise SynapseError(400, "Event type should be a string")
        if "format" in definition:
            event_format = definition["format"]
            if event_format not in ["federation", "events"]:
                raise SynapseError(400, "Invalid format: %s" % (event_format,))
-        if "select" in definition:
+class FilterCollection(object):
-            event_select_list = definition["select"]
+    def __init__(self, filter_json):
-            for select_key in event_select_list:
+        self.filter_json = filter_json
                if select_key not in ["event_id", "origin_server_ts",
                                      "thread_id", "content", "content.body"]:
                    raise SynapseError(400, "Bad select: %s" % (select_key,))
-        if ("bundle_updates" in definition and
+        room_filter_json = self.filter_json.get("room", {})
-                type(definition["bundle_updates"]) != bool):
+
-            raise SynapseError(400, "Bad bundle_updates: expected bool.")
+        self.room_filter = Filter({
            k: v for k, v in room_filter_json.items()
            if k in ("rooms", "not_rooms")
        })
        self.room_timeline_filter = Filter(room_filter_json.get("timeline", {}))
        self.room_state_filter = Filter(room_filter_json.get("state", {}))
        self.room_ephemeral_filter = Filter(room_filter_json.get("ephemeral", {}))
        self.room_account_data = Filter(room_filter_json.get("account_data", {}))
        self.presence_filter = Filter(self.filter_json.get("presence", {}))
        self.account_data = Filter(self.filter_json.get("account_data", {}))
        self.include_leave = self.filter_json.get("room", {}).get(
            "include_leave", False
        )
    def list_rooms(self):
        return self.room_filter.list_rooms()
    def timeline_limit(self):
        return self.room_timeline_filter.limit()
    def presence_limit(self):
        return self.presence_filter.limit()
    def ephemeral_limit(self):
        return self.room_ephemeral_filter.limit()
    def filter_presence(self, events):
        return self.presence_filter.filter(events)
    def filter_account_data(self, events):
        return self.account_data.filter(events)
    def filter_room_state(self, events):
        return self.room_state_filter.filter(self.room_filter.filter(events))
    def filter_room_timeline(self, events):
        return self.room_timeline_filter.filter(self.room_filter.filter(events))
    def filter_room_ephemeral(self, events):
        return self.room_ephemeral_filter.filter(self.room_filter.filter(events))
    def filter_room_account_data(self, events):
        return self.room_account_data.filter(self.room_filter.filter(events))
 class Filter(object):
    def __init__(self, filter_json):
        self.filter_json = filter_json
-    def filter_public_user_data(self, events):
+    def list_rooms(self):
-        return self._filter_on_key(events, ["public_user_data"])
+        """The list of room_id strings this filter restricts the output to
-
+        or None if the this filter doesn't list the room ids.
    def filter_private_user_data(self, events):
        return self._filter_on_key(events, ["private_user_data"])
    def filter_room_state(self, events):
        return self._filter_on_key(events, ["room", "state"])
    def filter_room_events(self, events):
        return self._filter_on_key(events, ["room", "events"])
    def filter_room_ephemeral(self, events):
        return self._filter_on_key(events, ["room", "ephemeral"])
    def _filter_on_key(self, events, keys):
        filter_json = self.filter_json
        if not filter_json:
            return events
        try:
            # extract the right definition from the filter
            definition = filter_json
            for key in keys:
                definition = definition[key]
            return self._filter_with_definition(events, definition)
        except KeyError:
            # return all events if definition isn't specified.
            return events
    def _filter_with_definition(self, events, definition):
        return [e for e in events if self._passes_definition(definition, e)]
    def _passes_definition(self, definition, event):
        """Check if the event passes through the given definition.
        Args:
            definition(dict): The definition to check against.
            event(Event): The event to check.
        Returns:
            True if the event passes through the filter.
        """
-        # Algorithm notes:
+        if "rooms" in self.filter_json:
-        # For each key in the definition, check the event meets the criteria:
+            return list(set(self.filter_json["rooms"]))
-        #   * For types: Literal match or prefix match (if ends with wildcard)
+        else:
-        #   * For senders/rooms: Literal match only
+            return None
        #   * "not_" checks take presedence (e.g. if "m.*" is in both 'types'
        #     and 'not_types' then it is treated as only being in 'not_types')
-        # room checks
+    def check(self, event):
-        if hasattr(event, "room_id"):
+        """Checks whether the filter matches the given event.
-            room_id = event.room_id
+
-            allow_rooms = definition.get("rooms", None)
+        Returns:
-            reject_rooms = definition.get("not_rooms", None)
+            bool: True if the event matches
-            if reject_rooms and room_id in reject_rooms:
+        """
-                return False
+        if isinstance(event, dict):
-            if allow_rooms and room_id not in allow_rooms:
+            return self.check_fields(
                event.get("room_id", None),
                event.get("sender", None),
                event.get("type", None),
            )
        else:
            return self.check_fields(
                getattr(event, "room_id", None),
                getattr(event, "sender", None),
                event.type,
            )
    def check_fields(self, room_id, sender, event_type):
        """Checks whether the filter matches the given event fields.
        Returns:
            bool: True if the event fields match
        """
        literal_keys = {
            "rooms": lambda v: room_id == v,
            "senders": lambda v: sender == v,
            "types": lambda v: _matches_wildcard(event_type, v)
        }
        for name, match_func in literal_keys.items():
            not_name = "not_%s" % (name,)
            disallowed_values = self.filter_json.get(not_name, [])
            if any(map(match_func, disallowed_values)):
                return False
-        # sender checks
+            allowed_values = self.filter_json.get(name, None)
-        if hasattr(event, "sender"):
+            if allowed_values is not None:
-            # Should we be including event.state_key for some event types?
+                if not any(map(match_func, allowed_values)):
            sender = event.sender
            allow_senders = definition.get("senders", None)
            reject_senders = definition.get("not_senders", None)
            if reject_senders and sender in reject_senders:
                return False
            if allow_senders and sender not in allow_senders:
                return False
        # type checks
        if "not_types" in definition:
            for def_type in definition["not_types"]:
                if self._event_matches_type(event, def_type):
                    return False
        if "types" in definition:
            included = False
            for def_type in definition["types"]:
                if self._event_matches_type(event, def_type):
                    included = True
                    break
            if not included:
                return False
        return True
-    def _event_matches_type(self, event, def_type):
+    def filter_rooms(self, room_ids):
-        if def_type.endswith("*"):
+        """Apply the 'rooms' filter to a given list of rooms.
-            type_prefix = def_type[:-1]
+
-            return event.type.startswith(type_prefix)
+        Args:
-        else:
+            room_ids (list): A list of room_ids.
-            return event.type == def_type
+
        Returns:
            list: A list of room_ids that match the filter
        """
        room_ids = set(room_ids)
        disallowed_rooms = set(self.filter_json.get("not_rooms", []))
        room_ids -= disallowed_rooms
        allowed_rooms = self.filter_json.get("rooms", None)
        if allowed_rooms is not None:
            room_ids &= set(allowed_rooms)
        return room_ids
    def filter(self, events):
        return filter(self.check, events)
    def limit(self):
        return self.filter_json.get("limit", 10)
 def _matches_wildcard(actual_value, filter_value):
    if filter_value.endswith("*"):
        type_prefix = filter_value[:-1]
        return actual_value.startswith(type_prefix)
    else:
        return actual_value == filter_value
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -15,21 +15,34 @@
 # limitations under the License.
 import sys
 from synapse.rest import ClientRestResource
 sys.dont_write_bytecode = True
-from synapse.python_dependencies import check_requirements, DEPENDENCY_LINKS
+from synapse.python_dependencies import (
    check_requirements, DEPENDENCY_LINKS, MissingRequirementError
 )
 if __name__ == '__main__':
-    check_requirements()
+    try:
        check_requirements()
    except MissingRequirementError as e:
        message = "\n".join([
            "Missing Requirement: %s" % (e.message,),
            "To install run:",
            "    pip install --upgrade --force \"%s\"" % (e.dependency,),
            "",
        ])
        sys.stderr.writelines(message)
        sys.exit(1)
 from synapse.storage.engines import create_engine, IncorrectDatabaseSetup
-from synapse.storage import (
+from synapse.storage import are_all_users_on_domain
-    are_all_users_on_domain, UpgradeDatabaseException,
+from synapse.storage.prepare_database import UpgradeDatabaseException
 )
 from synapse.server import HomeServer
-from twisted.internet import reactor
+from twisted.internet import reactor, task, defer
 from twisted.application import service
 from twisted.enterprise import adbapi
 from twisted.web.resource import Resource, EncodingResourceWrapper
@@ -42,15 +55,13 @@ from synapse.rest.key.v1.server_key_resource import LocalKey
 from synapse.rest.key.v2 import KeyApiV2Resource
 from synapse.http.matrixfederationclient import MatrixFederationHttpClient
 from synapse.api.urls import (
-    CLIENT_PREFIX, FEDERATION_PREFIX, WEB_CLIENT_PREFIX, CONTENT_REPO_PREFIX,
+    FEDERATION_PREFIX, WEB_CLIENT_PREFIX, CONTENT_REPO_PREFIX,
-    SERVER_KEY_PREFIX, MEDIA_PREFIX, CLIENT_V2_ALPHA_PREFIX, STATIC_PREFIX,
+    SERVER_KEY_PREFIX, MEDIA_PREFIX, STATIC_PREFIX,
    SERVER_KEY_V2_PREFIX,
 )
 from synapse.config.homeserver import HomeServerConfig
 from synapse.crypto import context_factory
 from synapse.util.logcontext import LoggingContext
 from synapse.rest.client.v1 import ClientV1RestResource
 from synapse.rest.client.v2_alpha import ClientV2AlphaRestResource
 from synapse.metrics.resource import MetricsResource, METRICS_PREFIX
 from synapse import events
@@ -72,12 +83,6 @@ import time
 logger = logging.getLogger("synapse.app.homeserver")
 class GzipFile(File):
    def getChild(self, path, request):
        child = File.getChild(self, path, request)
        return EncodingResourceWrapper(child, [GzipEncoderFactory()])
 def gz_wrap(r):
    return EncodingResourceWrapper(r, [GzipEncoderFactory()])
@@ -87,11 +92,8 @@ class SynapseHomeServer(HomeServer):
    def build_http_client(self):
        return MatrixFederationHttpClient(self)
-    def build_resource_for_client(self):
+    def build_client_resource(self):
-        return ClientV1RestResource(self)
+        return ClientRestResource(self)
    def build_resource_for_client_v2_alpha(self):
        return ClientV2AlphaRestResource(self)
    def build_resource_for_federation(self):
        return JsonResource(self)
@@ -121,12 +123,15 @@ class SynapseHomeServer(HomeServer):
        # (It can stay enabled for the API resources: they call
        # write() with the whole body and then finish() straight
        # after and so do not trigger the bug.
        # GzipFile was removed in commit 184ba09
        # return GzipFile(webclient_path)  # TODO configurable?
        return File(webclient_path)  # TODO configurable?
    def build_resource_for_static_content(self):
        # This is old and should go away: not going to bother adding gzip
-        return File("static")
+        return File(
            os.path.join(os.path.dirname(synapse.__file__), "static")
        )
    def build_resource_for_content_repo(self):
        return ContentRepoResource(
@@ -171,16 +176,15 @@ class SynapseHomeServer(HomeServer):
        for res in listener_config["resources"]:
            for name in res["names"]:
                if name == "client":
                    client_resource = self.get_client_resource()
                    if res["compress"]:
-                        client_v1 = gz_wrap(self.get_resource_for_client())
+                        client_resource = gz_wrap(client_resource)
                        client_v2 = gz_wrap(self.get_resource_for_client_v2_alpha())
                    else:
                        client_v1 = self.get_resource_for_client()
                        client_v2 = self.get_resource_for_client_v2_alpha()
                    resources.update({
-                        CLIENT_PREFIX: client_v1,
+                        "/_matrix/client/api/v1": client_resource,
-                        CLIENT_V2_ALPHA_PREFIX: client_v2,
+                        "/_matrix/client/r0": client_resource,
                        "/_matrix/client/unstable": client_resource,
                        "/_matrix/client/v2_alpha": client_resource,
                    })
                if name == "federation":
@@ -221,7 +225,7 @@ class SynapseHomeServer(HomeServer):
                    listener_config,
                    root_resource,
                ),
-                self.tls_context_factory,
+                self.tls_server_context_factory,
                interface=bind_address
            )
        else:
@@ -365,7 +369,6 @@ def setup(config_options):
    Args:
        config_options_options: The options passed to Synapse. Usually
            `sys.argv[1:]`.
        should_run (bool): Whether to start the reactor.
    Returns:
        HomeServer
@@ -388,7 +391,7 @@ def setup(config_options):
    events.USE_FROZEN_DICTS = config.use_frozen_dicts
-    tls_context_factory = context_factory.ServerContextFactory(config)
+    tls_server_context_factory = context_factory.ServerContextFactory(config)
    database_engine = create_engine(config.database_config["name"])
    config.database_config["args"]["cp_openfun"] = database_engine.on_new_connection
@@ -396,7 +399,7 @@ def setup(config_options):
    hs = SynapseHomeServer(
        config.server_name,
        db_config=config.database_config,
-        tls_context_factory=tls_context_factory,
+        tls_server_context_factory=tls_server_context_factory,
        config=config,
        content_addr=config.content_addr,
        version_string=version_string,
@@ -432,6 +435,7 @@ def setup(config_options):
    hs.get_pusherpool().start()
    hs.get_state_handler().start_caching()
    hs.get_datastore().start_profiling()
    hs.get_datastore().start_doing_background_updates()
    hs.get_replication_layer().start_get_pdu_cache()
    return hs
@@ -491,13 +495,28 @@ class SynapseRequest(Request):
        self.start_time = int(time.time() * 1000)
    def finished_processing(self):
        try:
            context = LoggingContext.current_context()
            ru_utime, ru_stime = context.get_resource_usage()
            db_txn_count = context.db_txn_count
            db_txn_duration = context.db_txn_duration
        except:
            ru_utime, ru_stime = (0, 0)
            db_txn_count, db_txn_duration = (0, 0)
        self.site.access_logger.info(
            "%s - %s - {%s}"
-            " Processed request: %dms %sB %s \"%s %s %s\" \"%s\"",
+            " Processed request: %dms (%dms, %dms) (%dms/%d)"
            " %sB %s \"%s %s %s\" \"%s\"",
            self.getClientIP(),
            self.site.site_tag,
            self.authenticated_entity,
            int(time.time() * 1000) - self.start_time,
            int(ru_utime * 1000),
            int(ru_stime * 1000),
            int(db_txn_duration * 1000),
            int(db_txn_count),
            self.sentLength,
            self.code,
            self.method,
@@ -665,6 +684,42 @@ def run(hs):
        ThreadPool._worker = profile(ThreadPool._worker)
        reactor.run = profile(reactor.run)
    start_time = hs.get_clock().time()
    @defer.inlineCallbacks
    def phone_stats_home():
        now = int(hs.get_clock().time())
        uptime = int(now - start_time)
        if uptime < 0:
            uptime = 0
        stats = {}
        stats["homeserver"] = hs.config.server_name
        stats["timestamp"] = now
        stats["uptime_seconds"] = uptime
        stats["total_users"] = yield hs.get_datastore().count_all_users()
        all_rooms = yield hs.get_datastore().get_rooms(False)
        stats["total_room_count"] = len(all_rooms)
        stats["daily_active_users"] = yield hs.get_datastore().count_daily_users()
        daily_messages = yield hs.get_datastore().count_daily_messages()
        if daily_messages is not None:
            stats["daily_messages"] = daily_messages
        logger.info("Reporting stats to matrix.org: %s" % (stats,))
        try:
            yield hs.get_simple_http_client().put_json(
                "https://matrix.org/report-usage-stats/push",
                stats
            )
        except Exception as e:
            logger.warn("Error reporting stats: %s", e)
    if hs.config.report_stats:
        phone_home_task = task.LoopingCall(phone_stats_home)
        phone_home_task.start(60 * 60 * 24, now=False)
    def in_thread():
        with LoggingContext("run"):
            change_resource_limit(hs.config.soft_file_limit)
--- a/synapse/app/synctl.py
+++ b/synapse/app/synctl.py
@@ -16,57 +16,67 @@
 import sys
 import os
 import os.path
 import subprocess
 import signal
 import yaml
 SYNAPSE = ["python", "-B", "-m", "synapse.app.homeserver"]
 CONFIGFILE = "homeserver.yaml"
 GREEN = "\x1b[1;32m"
 RED = "\x1b[1;31m"
 NORMAL = "\x1b[m"
 if not os.path.exists(CONFIGFILE):
    sys.stderr.write(
        "No config file found\n"
        "To generate a config file, run '%s -c %s --generate-config"
        " --server-name=<server name>'\n" % (
            " ".join(SYNAPSE), CONFIGFILE
        )
    )
    sys.exit(1)
-CONFIG = yaml.load(open(CONFIGFILE))
+def start(configfile):
 PIDFILE = CONFIG["pid_file"]
 def start():
    print "Starting ...",
    args = SYNAPSE
-    args.extend(["--daemonize", "-c", CONFIGFILE])
+    args.extend(["--daemonize", "-c", configfile])
-    subprocess.check_call(args)
+
-    print GREEN + "started" + NORMAL
+    try:
        subprocess.check_call(args)
        print GREEN + "started" + NORMAL
    except subprocess.CalledProcessError as e:
        print (
            RED +
            "error starting (exit code: %d); see above for logs" % e.returncode +
            NORMAL
        )
-def stop():
+def stop(pidfile):
-    if os.path.exists(PIDFILE):
+    if os.path.exists(pidfile):
-        pid = int(open(PIDFILE).read())
+        pid = int(open(pidfile).read())
        os.kill(pid, signal.SIGTERM)
        print GREEN + "stopped" + NORMAL
 def main():
    configfile = sys.argv[2] if len(sys.argv) == 3 else "homeserver.yaml"
    if not os.path.exists(configfile):
        sys.stderr.write(
            "No config file found\n"
            "To generate a config file, run '%s -c %s --generate-config"
            " --server-name=<server name>'\n" % (
                " ".join(SYNAPSE), configfile
            )
        )
        sys.exit(1)
    config = yaml.load(open(configfile))
    pidfile = config["pid_file"]
    action = sys.argv[1] if sys.argv[1:] else "usage"
    if action == "start":
-        start()
+        start(configfile)
    elif action == "stop":
-        stop()
+        stop(pidfile)
    elif action == "restart":
-        stop()
+        stop(pidfile)
-        start()
+        start(configfile)
    else:
-        sys.stderr.write("Usage: %s [start|stop|restart]\n" % (sys.argv[0],))
+        sys.stderr.write("Usage: %s [start|stop|restart] [configfile]\n" % (sys.argv[0],))
        sys.exit(1)
--- a/synapse/appservice/scheduler.py
+++ b/synapse/appservice/scheduler.py
@@ -224,8 +224,8 @@ class _Recoverer(object):
        self.clock.call_later((2 ** self.backoff_counter), self.retry)
    def _backoff(self):
-        # cap the backoff to be around 18h => (2^16) = 65536 secs
+        # cap the backoff to be around 8.5min => (2^9) = 512 secs
-        if self.backoff_counter < 16:
+        if self.backoff_counter < 9:
            self.backoff_counter += 1
        self.recover()
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 import argparse
 import errno
 import os
 import yaml
 import sys
@@ -24,8 +25,29 @@ class ConfigError(Exception):
    pass
-class Config(object):
+# We split these messages out to allow packages to override with package
 # specific instructions.
 MISSING_REPORT_STATS_CONFIG_INSTRUCTIONS = """\
 Please opt in or out of reporting anonymized homeserver usage statistics, by
 setting the `report_stats` key in your config file to either True or False.
 """
 MISSING_REPORT_STATS_SPIEL = """\
 We would really appreciate it if you could help our project out by reporting
 anonymized usage statistics from your homeserver. Only very basic aggregate
 data (e.g. number of users) will be reported, but it helps us to track the
 growth of the Matrix community, and helps us to make Matrix a success, as well
 as to convince other networks that they should peer with us.
 Thank you.
 """
 MISSING_SERVER_NAME = """\
 Missing mandatory `server_name` config option.
 """
 class Config(object):
    @staticmethod
    def parse_size(value):
        if isinstance(value, int) or isinstance(value, long):
@@ -81,8 +103,11 @@ class Config(object):
    @classmethod
    def ensure_directory(cls, dir_path):
        dir_path = cls.abspath(dir_path)
-        if not os.path.exists(dir_path):
+        try:
            os.makedirs(dir_path)
        except OSError, e:
            if e.errno != errno.EEXIST:
                raise
        if not os.path.isdir(dir_path):
            raise ConfigError(
                "%s is not a directory" % (dir_path,)
@@ -111,11 +136,14 @@ class Config(object):
                results.append(getattr(cls, name)(self, *args, **kargs))
        return results
-    def generate_config(self, config_dir_path, server_name):
+    def generate_config(self, config_dir_path, server_name, report_stats=None):
        default_config = "# vim:ft=yaml\n"
        default_config += "\n\n".join(dedent(conf) for conf in self.invoke_all(
-            "default_config", config_dir_path, server_name
+            "default_config",
            config_dir_path=config_dir_path,
            server_name=server_name,
            report_stats=report_stats,
        ))
        config = yaml.load(default_config)
@@ -139,6 +167,12 @@ class Config(object):
            action="store_true",
            help="Generate a config file for the server name"
        )
        config_parser.add_argument(
            "--report-stats",
            action="store",
            help="Stuff",
            choices=["yes", "no"]
        )
        config_parser.add_argument(
            "--generate-keys",
            action="store_true",
@@ -189,6 +223,11 @@ class Config(object):
                    config_files.append(config_path)
        if config_args.generate_config:
            if config_args.report_stats is None:
                config_parser.error(
                    "Please specify either --report-stats=yes or --report-stats=no\n\n" +
                    MISSING_REPORT_STATS_SPIEL
                )
            if not config_files:
                config_parser.error(
                    "Must supply a config file.\nA config file can be automatically"
@@ -211,7 +250,9 @@ class Config(object):
                    os.makedirs(config_dir_path)
                with open(config_path, "wb") as config_file:
                    config_bytes, config = obj.generate_config(
-                        config_dir_path, server_name
+                        config_dir_path=config_dir_path,
                        server_name=server_name,
                        report_stats=(config_args.report_stats == "yes"),
                    )
                    obj.invoke_all("generate_files", config)
                    config_file.write(config_bytes)
@@ -260,10 +301,22 @@ class Config(object):
            yaml_config = cls.read_config_file(config_file)
            specified_config.update(yaml_config)
        if "server_name" not in specified_config:
            sys.stderr.write("\n" + MISSING_SERVER_NAME + "\n")
            sys.exit(1)
        server_name = specified_config["server_name"]
-        _, config = obj.generate_config(config_dir_path, server_name)
+        _, config = obj.generate_config(
            config_dir_path=config_dir_path,
            server_name=server_name
        )
        config.pop("log_config")
        config.update(specified_config)
        if "report_stats" not in config:
            sys.stderr.write(
                "\n" + MISSING_REPORT_STATS_CONFIG_INSTRUCTIONS + "\n" +
                MISSING_REPORT_STATS_SPIEL + "\n")
            sys.exit(1)
        if generate_keys:
            obj.invoke_all("generate_files", config)
--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@@ -20,7 +20,7 @@ class AppServiceConfig(Config):
    def read_config(self, config):
        self.app_service_config_files = config.get("app_service_config_files", [])
-    def default_config(cls, config_dir_path, server_name):
+    def default_config(cls, **kwargs):
        return """\
        # A list of application service config file to use
        app_service_config_files: []
--- a/synapse/config/captcha.py
+++ b/synapse/config/captcha.py
@@ -24,7 +24,7 @@ class CaptchaConfig(Config):
        self.captcha_bypass_secret = config.get("captcha_bypass_secret")
        self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, **kwargs):
        return """\
        ## Captcha ##
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@@ -0,0 +1,47 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from ._base import Config
 class CasConfig(Config):
    """Cas Configuration
    cas_server_url: URL of CAS server
    """
    def read_config(self, config):
        cas_config = config.get("cas_config", None)
        if cas_config:
            self.cas_enabled = cas_config.get("enabled", True)
            self.cas_server_url = cas_config["server_url"]
            self.cas_service_url = cas_config["service_url"]
            self.cas_required_attributes = cas_config.get("required_attributes", {})
        else:
            self.cas_enabled = False
            self.cas_server_url = None
            self.cas_service_url = None
            self.cas_required_attributes = {}
    def default_config(self, config_dir_path, server_name, **kwargs):
        return """
        # Enable CAS for registration and login.
        #cas_config:
        #   enabled: true
        #   server_url: "https://cas-server.com"
        #   service_url: "https://homesever.domain.com:8448"
        #   #required_attributes:
        #   #    name: value
        """
--- a/synapse/config/database.py
+++ b/synapse/config/database.py
@@ -45,7 +45,7 @@ class DatabaseConfig(Config):
        self.set_databasepath(config.get("database_path"))
-    def default_config(self, config, config_dir_path):
+    def default_config(self, **kwargs):
        database_path = self.abspath("homeserver.db")
        return """\
        # Database configuration
--- a/synapse/config/homeserver.py
+++ b/synapse/config/homeserver.py
@@ -26,12 +26,15 @@ from .metrics import MetricsConfig
 from .appservice import AppServiceConfig
 from .key import KeyConfig
 from .saml2 import SAML2Config
 from .cas import CasConfig
 from .password import PasswordConfig
 class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig,
                       RatelimitConfig, ContentRepositoryConfig, CaptchaConfig,
                       VoipConfig, RegistrationConfig, MetricsConfig,
-                       AppServiceConfig, KeyConfig, SAML2Config, ):
+                       AppServiceConfig, KeyConfig, SAML2Config, CasConfig,
                       PasswordConfig,):
    pass
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -40,7 +40,7 @@ class KeyConfig(Config):
            config["perspectives"]
        )
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, config_dir_path, server_name, **kwargs):
        base_key_name = os.path.join(config_dir_path, server_name)
        return """\
        ## Signing Keys ##
--- a/synapse/config/logger.py
+++ b/synapse/config/logger.py
@@ -21,6 +21,8 @@ import logging.config
 import yaml
 from string import Template
 import os
 import signal
 from synapse.util.debug import debug_deferreds
 DEFAULT_LOG_CONFIG = Template("""
@@ -68,8 +70,10 @@ class LoggingConfig(Config):
        self.verbosity = config.get("verbose", 0)
        self.log_config = self.abspath(config.get("log_config"))
        self.log_file = self.abspath(config.get("log_file"))
        if config.get("full_twisted_stacktraces"):
            debug_deferreds()
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, config_dir_path, server_name, **kwargs):
        log_file = self.abspath("homeserver.log")
        log_config = self.abspath(
            os.path.join(config_dir_path, server_name + ".log.config")
@@ -83,6 +87,11 @@ class LoggingConfig(Config):
        # A yaml python logging config file
        log_config: "%(log_config)s"
        # Stop twisted from discarding the stack traces of exceptions in
        # deferreds by waiting a reactor tick before running a deferred's
        # callbacks.
        # full_twisted_stacktraces: true
        """ % locals()
    def read_arguments(self, args):
@@ -142,6 +151,19 @@ class LoggingConfig(Config):
                handler = logging.handlers.RotatingFileHandler(
                    self.log_file, maxBytes=(1000 * 1000 * 100), backupCount=3
                )
                def sighup(signum, stack):
                    logger.info("Closing log file due to SIGHUP")
                    handler.doRollover()
                    logger.info("Opened new log file due to SIGHUP")
                # TODO(paul): obviously this is a terrible mechanism for
                #   stealing SIGHUP, because it means no other part of synapse
                #   can use it instead. If we want to catch SIGHUP anywhere
                #   else as well, I'd suggest we find a nicer way to broadcast
                #   it around.
                if getattr(signal, "SIGHUP"):
                    signal.signal(signal.SIGHUP, sighup)
            else:
                handler = logging.StreamHandler()
            handler.setFormatter(formatter)
--- a/synapse/config/metrics.py
+++ b/synapse/config/metrics.py
@@ -19,13 +19,15 @@ from ._base import Config
 class MetricsConfig(Config):
    def read_config(self, config):
        self.enable_metrics = config["enable_metrics"]
        self.report_stats = config.get("report_stats", None)
        self.metrics_port = config.get("metrics_port")
        self.metrics_bind_host = config.get("metrics_bind_host", "127.0.0.1")
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, report_stats=None, **kwargs):
-        return """\
+        suffix = "" if report_stats is None else "report_stats: %(report_stats)s\n"
        return ("""\
        ## Metrics ###
        # Enable collection and rendering of performance metrics
        enable_metrics: False
-        """
+        """ + suffix) % locals()
--- a/synapse/config/password.py
+++ b/synapse/config/password.py
@@ -0,0 +1,32 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from ._base import Config
 class PasswordConfig(Config):
    """Password login configuration
    """
    def read_config(self, config):
        password_config = config.get("password_config", {})
        self.password_enabled = password_config.get("enabled", True)
    def default_config(self, config_dir_path, server_name, **kwargs):
        return """
        # Enable password for login.
        password_config:
           enabled: true
        """
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@@ -27,7 +27,7 @@ class RatelimitConfig(Config):
        self.federation_rc_reject_limit = config["federation_rc_reject_limit"]
        self.federation_rc_concurrent = config["federation_rc_concurrent"]
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, **kwargs):
        return """\
        ## Ratelimiting ##
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -33,8 +33,10 @@ class RegistrationConfig(Config):
        self.registration_shared_secret = config.get("registration_shared_secret")
        self.macaroon_secret_key = config.get("macaroon_secret_key")
        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
        self.allow_guest_access = config.get("allow_guest_access", False)
-    def default_config(self, config_dir, server_name):
+    def default_config(self, **kwargs):
        registration_shared_secret = random_string_with_symbols(50)
        macaroon_secret_key = random_string_with_symbols(50)
        return """\
@@ -48,6 +50,16 @@ class RegistrationConfig(Config):
        registration_shared_secret: "%(registration_shared_secret)s"
        macaroon_secret_key: "%(macaroon_secret_key)s"
        # Set the number of bcrypt rounds used to generate password hash.
        # Larger numbers increase the work factor needed to generate the hash.
        # The default number of rounds is 12.
        bcrypt_rounds: 12
        # Allows users to register as guests without a password/email/etc, and
        # participate in rooms hosted on this server which have been made
        # accessible to anonymous users.
        allow_guest_access: False
        """ % locals()
    def add_arguments(self, parser):
--- a/synapse/config/repository.py
+++ b/synapse/config/repository.py
@@ -60,7 +60,7 @@ class ContentRepositoryConfig(Config):
            config["thumbnail_sizes"]
        )
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, **kwargs):
        media_store = self.default_path("media_store")
        uploads_path = self.default_path("uploads")
        return """
--- a/synapse/config/saml2.py
+++ b/synapse/config/saml2.py
@@ -33,7 +33,7 @@ class SAML2Config(Config):
    def read_config(self, config):
        saml2_config = config.get("saml2_config", None)
        if saml2_config:
-            self.saml2_enabled = True
+            self.saml2_enabled = saml2_config.get("enabled", True)
            self.saml2_config_path = saml2_config["config_path"]
            self.saml2_idp_redirect_url = saml2_config["idp_redirect_url"]
        else:
@@ -41,7 +41,7 @@ class SAML2Config(Config):
            self.saml2_config_path = None
            self.saml2_idp_redirect_url = None
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, config_dir_path, server_name, **kwargs):
        return """
        # Enable SAML2 for registration and login. Uses pysaml2
        # config_path:      Path to the sp_conf.py configuration file
@@ -49,6 +49,7 @@ class SAML2Config(Config):
        #                   the user back to /login/saml2 with proper info.
        # See pysaml2 docs for format of config.
        #saml2_config:
        #   enabled: true
        #   config_path: "%s/sp_conf.py"
        #   idp_redirect_url: "http://%s/idp"
        """ % (config_dir_path, server_name)
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -26,6 +26,7 @@ class ServerConfig(Config):
        self.soft_file_limit = config["soft_file_limit"]
        self.daemonize = config.get("daemonize")
        self.print_pidfile = config.get("print_pidfile")
        self.user_agent_suffix = config.get("user_agent_suffix")
        self.use_frozen_dicts = config.get("use_frozen_dicts", True)
        self.listeners = config.get("listeners", [])
@@ -117,7 +118,7 @@ class ServerConfig(Config):
        self.content_addr = content_addr
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, server_name, **kwargs):
        if ":" in server_name:
            bind_port = int(server_name.split(":")[1])
            unsecure_port = bind_port - 400
@@ -132,6 +133,7 @@ class ServerConfig(Config):
        # The domain name of the server, with optional explicit port.
        # This is used by remote servers to connect to this server,
        # e.g. matrix.org, localhost:8080, etc.
        # This is also the last part of your UserID.
        server_name: "%(server_name)s"
        # When running as a daemon, the file to store the pid in
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -42,7 +42,15 @@ class TlsConfig(Config):
            config.get("tls_dh_params_path"), "tls_dh_params"
        )
-    def default_config(self, config_dir_path, server_name):
+        # This config option applies to non-federation HTTP clients
        # (e.g. for talking to recaptcha, identity servers, and such)
        # It should never be used in production, and is intended for
        # use only when running tests.
        self.use_insecure_ssl_client_just_for_testing_do_not_use = config.get(
            "use_insecure_ssl_client_just_for_testing_do_not_use"
        )
    def default_config(self, config_dir_path, server_name, **kwargs):
        base_key_name = os.path.join(config_dir_path, server_name)
        tls_certificate_path = base_key_name + ".tls.crt"
--- a/synapse/config/voip.py
+++ b/synapse/config/voip.py
@@ -22,7 +22,7 @@ class VoipConfig(Config):
        self.turn_shared_secret = config["turn_shared_secret"]
        self.turn_user_lifetime = self.parse_duration(config["turn_user_lifetime"])
-    def default_config(self, config_dir_path, server_name):
+    def default_config(self, **kwargs):
        return """\
        ## Turn ##
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -228,10 +228,11 @@ class Keyring(object):
        def do_iterations():
            merged_results = {}
-            missing_keys = {
+            missing_keys = {}
-                group.server_name: set(group.key_ids)
+            for group in group_id_to_group.values():
-                for group in group_id_to_group.values()
+                missing_keys.setdefault(group.server_name, set()).update(
-            }
+                    group.key_ids
                )
            for fn in key_fetch_fns:
                results = yield fn(missing_keys.items())
@@ -382,28 +383,24 @@ class Keyring(object):
    def get_server_verify_key_v2_indirect(self, server_names_and_key_ids,
                                          perspective_name,
                                          perspective_keys):
-        limiter = yield get_retry_limiter(
+        # TODO(mark): Set the minimum_valid_until_ts to that needed by
-            perspective_name, self.clock, self.store
+        # the events being validated or the current time if validating
-        )
+        # an incoming request.
-
+        query_response = yield self.client.post_json(
-        with limiter:
+            destination=perspective_name,
-            # TODO(mark): Set the minimum_valid_until_ts to that needed by
+            path=b"/_matrix/key/v2/query",
-            # the events being validated or the current time if validating
+            data={
-            # an incoming request.
+                u"server_keys": {
-            query_response = yield self.client.post_json(
+                    server_name: {
-                destination=perspective_name,
+                        key_id: {
-                path=b"/_matrix/key/v2/query",
+                            u"minimum_valid_until_ts": 0
-                data={
+                        } for key_id in key_ids
                    u"server_keys": {
                        server_name: {
                            key_id: {
                                u"minimum_valid_until_ts": 0
                            } for key_id in key_ids
                        }
                        for server_name, key_ids in server_names_and_key_ids
                    }
-                },
+                    for server_name, key_ids in server_names_and_key_ids
-            )
+                }
            },
            long_retries=True,
        )
        keys = {}
@@ -470,7 +467,7 @@ class Keyring(object):
                continue
            (response, tls_certificate) = yield fetch_server_key(
-                server_name, self.hs.tls_context_factory,
+                server_name, self.hs.tls_server_context_factory,
                path=(b"/_matrix/key/v2/server/%s" % (
                    urllib.quote(requested_key_id),
                )).encode("ascii"),
@@ -604,7 +601,7 @@ class Keyring(object):
        # Try to fetch the key from the remote server.
        (response, tls_certificate) = yield fetch_server_key(
-            server_name, self.hs.tls_context_factory
+            server_name, self.hs.tls_server_context_factory
        )
        # Check the response.
--- a/synapse/events/utils.py
+++ b/synapse/events/utils.py
@@ -66,7 +66,6 @@ def prune_event(event):
            "users_default",
            "events",
            "events_default",
            "events_default",
            "state_default",
            "ban",
            "kick",
@@ -101,19 +100,20 @@ def format_event_raw(d):
 def format_event_for_client_v1(d):
-    d["user_id"] = d.pop("sender", None)
+    d = format_event_for_client_v2(d)
-    move_keys = ("age", "redacted_because", "replaces_state", "prev_content")
+    sender = d.get("sender")
-    for key in move_keys:
+    if sender is not None:
        d["user_id"] = sender
    copy_keys = (
        "age", "redacted_because", "replaces_state", "prev_content",
        "invite_room_state",
    )
    for key in copy_keys:
        if key in d["unsigned"]:
            d[key] = d["unsigned"][key]
    drop_keys = (
        "auth_events", "prev_events", "hashes", "signatures", "depth",
        "unsigned", "origin", "prev_state"
    )
    for key in drop_keys:
        d.pop(key, None)
    return d
@@ -127,10 +127,9 @@ def format_event_for_client_v2(d):
    return d
-def format_event_for_client_v2_without_event_id(d):
+def format_event_for_client_v2_without_room_id(d):
    d = format_event_for_client_v2(d)
    d.pop("room_id", None)
    d.pop("event_id", None)
    return d
@@ -152,7 +151,8 @@ def serialize_event(e, time_now_ms, as_client_event=True,
    if "redacted_because" in e.unsigned:
        d["unsigned"]["redacted_because"] = serialize_event(
-            e.unsigned["redacted_because"], time_now_ms
+            e.unsigned["redacted_because"], time_now_ms,
            event_format=event_format
        )
    if token_id is not None:
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -17,6 +17,7 @@
 from twisted.internet import defer
 from .federation_base import FederationBase
 from synapse.api.constants import Membership
 from .units import Edu
 from synapse.api.errors import (
@@ -356,19 +357,55 @@ class FederationClient(FederationBase):
        defer.returnValue(signed_auth)
    @defer.inlineCallbacks
-    def make_join(self, destinations, room_id, user_id):
+    def make_membership_event(self, destinations, room_id, user_id, membership,
                              content={},):
        """
        Creates an m.room.member event, with context, without participating in the room.
        Does so by asking one of the already participating servers to create an
        event with proper context.
        Note that this does not append any events to any graphs.
        Args:
            destinations (str): Candidate homeservers which are probably
                participating in the room.
            room_id (str): The room in which the event will happen.
            user_id (str): The user whose membership is being evented.
            membership (str): The "membership" property of the event. Must be
                one of "join" or "leave".
            content (object): Any additional data to put into the content field
                of the event.
        Return:
            A tuple of (origin (str), event (object)) where origin is the remote
            homeserver which generated the event.
        """
        valid_memberships = {Membership.JOIN, Membership.LEAVE}
        if membership not in valid_memberships:
            raise RuntimeError(
                "make_membership_event called with membership='%s', must be one of %s" %
                (membership, ",".join(valid_memberships))
            )
        for destination in destinations:
            if destination == self.server_name:
                continue
            try:
-                ret = yield self.transport_layer.make_join(
+                ret = yield self.transport_layer.make_membership_event(
-                    destination, room_id, user_id
+                    destination, room_id, user_id, membership
                )
                pdu_dict = ret["event"]
-                logger.debug("Got response to make_join: %s", pdu_dict)
+                logger.debug("Got response to make_%s: %s", membership, pdu_dict)
                pdu_dict["content"].update(content)
                # The protoevent received over the JSON wire may not have all
                # the required fields. Lets just gloss over that because
                # there's some we never care about
                if "prev_state" not in pdu_dict:
                    pdu_dict["prev_state"] = []
                defer.returnValue(
                    (destination, self.event_from_pdu_json(pdu_dict))
@@ -378,8 +415,8 @@ class FederationClient(FederationBase):
                raise
            except Exception as e:
                logger.warn(
-                    "Failed to make_join via %s: %s",
+                    "Failed to make_%s via %s: %s",
-                    destination, e.message
+                    membership, destination, e.message
                )
        raise RuntimeError("Failed to send to any server.")
@@ -485,6 +522,33 @@ class FederationClient(FederationBase):
        defer.returnValue(pdu)
    @defer.inlineCallbacks
    def send_leave(self, destinations, pdu):
        for destination in destinations:
            if destination == self.server_name:
                continue
            try:
                time_now = self._clock.time_msec()
                _, content = yield self.transport_layer.send_leave(
                    destination=destination,
                    room_id=pdu.room_id,
                    event_id=pdu.event_id,
                    content=pdu.get_pdu_json(time_now),
                )
                logger.debug("Got content: %s", content)
                defer.returnValue(None)
            except CodeMessageException:
                raise
            except Exception as e:
                logger.exception(
                    "Failed to send_leave via %s: %s",
                    destination, e.message
                )
        raise RuntimeError("Failed to send to any server.")
    @defer.inlineCallbacks
    def query_auth(self, destination, room_id, event_id, local_auth):
        """
@@ -643,3 +707,26 @@ class FederationClient(FederationBase):
        event.internal_metadata.outlier = outlier
        return event
    @defer.inlineCallbacks
    def forward_third_party_invite(self, destinations, room_id, event_dict):
        for destination in destinations:
            if destination == self.server_name:
                continue
            try:
                yield self.transport_layer.exchange_third_party_invite(
                    destination=destination,
                    room_id=room_id,
                    event_dict=event_dict,
                )
                defer.returnValue(None)
            except CodeMessageException:
                raise
            except Exception as e:
                logger.exception(
                    "Failed to send_third_party_invite via %s: %s",
                    destination, e.message
                )
        raise RuntimeError("Failed to send to any server.")
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -254,6 +254,20 @@ class FederationServer(FederationBase):
            ],
        }))
    @defer.inlineCallbacks
    def on_make_leave_request(self, room_id, user_id):
        pdu = yield self.handler.on_make_leave_request(room_id, user_id)
        time_now = self._clock.time_msec()
        defer.returnValue({"event": pdu.get_pdu_json(time_now)})
    @defer.inlineCallbacks
    def on_send_leave_request(self, origin, content):
        logger.debug("on_send_leave_request: content: %s", content)
        pdu = self.event_from_pdu_json(content)
        logger.debug("on_send_leave_request: pdu sigs: %s", pdu.signatures)
        yield self.handler.on_send_leave_request(origin, pdu)
        defer.returnValue((200, {}))
    @defer.inlineCallbacks
    def on_event_auth(self, origin, room_id, event_id):
        time_now = self._clock.time_msec()
@@ -529,3 +543,15 @@ class FederationServer(FederationBase):
        event.internal_metadata.outlier = outlier
        return event
    @defer.inlineCallbacks
    def exchange_third_party_invite(self, invite):
        ret = yield self.handler.exchange_third_party_invite(invite)
        defer.returnValue(ret)
    @defer.inlineCallbacks
    def on_exchange_third_party_invite_request(self, origin, room_id, event_dict):
        ret = yield self.handler.on_exchange_third_party_invite_request(
            origin, room_id, event_dict
        )
        defer.returnValue(ret)
--- a/synapse/federation/transaction_queue.py
+++ b/synapse/federation/transaction_queue.py
@@ -202,6 +202,7 @@ class TransactionQueue(object):
    @defer.inlineCallbacks
    @log_function
    def _attempt_new_transaction(self, destination):
        # list of (pending_pdu, deferred, order)
        if destination in self.pending_transactions:
            # XXX: pending_transactions can get stuck on by a never-ending
            # request at which point pending_pdus_by_dest just keeps growing.
@@ -213,9 +214,6 @@ class TransactionQueue(object):
            )
            return
        logger.debug("TX [%s] _attempt_new_transaction", destination)
        # list of (pending_pdu, deferred, order)
        pending_pdus = self.pending_pdus_by_dest.pop(destination, [])
        pending_edus = self.pending_edus_by_dest.pop(destination, [])
        pending_failures = self.pending_failures_by_dest.pop(destination, [])
@@ -228,20 +226,22 @@ class TransactionQueue(object):
            logger.debug("TX [%s] Nothing to send", destination)
            return
        # Sort based on the order field
        pending_pdus.sort(key=lambda t: t[2])
        pdus = [x[0] for x in pending_pdus]
        edus = [x[0] for x in pending_edus]
        failures = [x[0].get_dict() for x in pending_failures]
        deferreds = [
            x[1]
            for x in pending_pdus + pending_edus + pending_failures
        ]
        try:
            self.pending_transactions[destination] = 1
            logger.debug("TX [%s] _attempt_new_transaction", destination)
            # Sort based on the order field
            pending_pdus.sort(key=lambda t: t[2])
            pdus = [x[0] for x in pending_pdus]
            edus = [x[0] for x in pending_edus]
            failures = [x[0].get_dict() for x in pending_failures]
            deferreds = [
                x[1]
                for x in pending_pdus + pending_edus + pending_failures
            ]
            txn_id = str(self._next_txn_id)
            limiter = yield get_retry_limiter(
--- a/synapse/federation/transport/client.py
+++ b/synapse/federation/transport/client.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 from twisted.internet import defer
 from synapse.api.constants import Membership
 from synapse.api.urls import FEDERATION_PREFIX as PREFIX
 from synapse.util.logutils import log_function
@@ -135,6 +136,7 @@ class TransportLayerClient(object):
            path=PREFIX + "/send/%s/" % transaction.transaction_id,
            data=json_data,
            json_data_callback=json_data_callback,
            long_retries=True,
        )
        logger.debug(
@@ -160,13 +162,19 @@ class TransportLayerClient(object):
    @defer.inlineCallbacks
    @log_function
-    def make_join(self, destination, room_id, user_id, retry_on_dns_fail=True):
+    def make_membership_event(self, destination, room_id, user_id, membership):
-        path = PREFIX + "/make_join/%s/%s" % (room_id, user_id)
+        valid_memberships = {Membership.JOIN, Membership.LEAVE}
        if membership not in valid_memberships:
            raise RuntimeError(
                "make_membership_event called with membership='%s', must be one of %s" %
                (membership, ",".join(valid_memberships))
            )
        path = PREFIX + "/make_%s/%s/%s" % (membership, room_id, user_id)
        content = yield self.client.get_json(
            destination=destination,
            path=path,
-            retry_on_dns_fail=retry_on_dns_fail,
+            retry_on_dns_fail=True,
        )
        defer.returnValue(content)
@@ -184,6 +192,19 @@ class TransportLayerClient(object):
        defer.returnValue(response)
    @defer.inlineCallbacks
    @log_function
    def send_leave(self, destination, room_id, event_id, content):
        path = PREFIX + "/send_leave/%s/%s" % (room_id, event_id)
        response = yield self.client.put_json(
            destination=destination,
            path=path,
            data=content,
        )
        defer.returnValue(response)
    @defer.inlineCallbacks
    @log_function
    def send_invite(self, destination, room_id, event_id, content):
@@ -197,6 +218,19 @@ class TransportLayerClient(object):
        defer.returnValue(response)
    @defer.inlineCallbacks
    @log_function
    def exchange_third_party_invite(self, destination, room_id, event_dict):
        path = PREFIX + "/exchange_third_party_invite/%s" % (room_id,)
        response = yield self.client.put_json(
            destination=destination,
            path=path,
            data=event_dict,
        )
        defer.returnValue(response)
    @defer.inlineCallbacks
    @log_function
    def get_event_auth(self, destination, room_id, event_id):
--- a/synapse/federation/transport/server.py
+++ b/synapse/federation/transport/server.py
@@ -165,7 +165,7 @@ class BaseFederationServlet(object):
            if code is None:
                continue
-            server.register_path(method, pattern, self._wrap(code))
+            server.register_paths(method, (pattern,), self._wrap(code))
 class FederationSendServlet(BaseFederationServlet):
@@ -296,6 +296,24 @@ class FederationMakeJoinServlet(BaseFederationServlet):
        defer.returnValue((200, content))
 class FederationMakeLeaveServlet(BaseFederationServlet):
    PATH = "/make_leave/([^/]*)/([^/]*)"
    @defer.inlineCallbacks
    def on_GET(self, origin, content, query, context, user_id):
        content = yield self.handler.on_make_leave_request(context, user_id)
        defer.returnValue((200, content))
 class FederationSendLeaveServlet(BaseFederationServlet):
    PATH = "/send_leave/([^/]*)/([^/]*)"
    @defer.inlineCallbacks
    def on_PUT(self, origin, content, query, room_id, txid):
        content = yield self.handler.on_send_leave_request(origin, content)
        defer.returnValue((200, content))
 class FederationEventAuthServlet(BaseFederationServlet):
    PATH = "/event_auth/([^/]*)/([^/]*)"
@@ -325,6 +343,17 @@ class FederationInviteServlet(BaseFederationServlet):
        defer.returnValue((200, content))
 class FederationThirdPartyInviteExchangeServlet(BaseFederationServlet):
    PATH = "/exchange_third_party_invite/([^/]*)"
    @defer.inlineCallbacks
    def on_PUT(self, origin, content, query, room_id):
        content = yield self.handler.on_exchange_third_party_invite_request(
            origin, room_id, content
        )
        defer.returnValue((200, content))
 class FederationClientKeysQueryServlet(BaseFederationServlet):
    PATH = "/user/keys/query"
@@ -378,6 +407,30 @@ class FederationGetMissingEventsServlet(BaseFederationServlet):
        defer.returnValue((200, content))
 class On3pidBindServlet(BaseFederationServlet):
    PATH = "/3pid/onbind"
    @defer.inlineCallbacks
    def on_POST(self, request):
        content_bytes = request.content.read()
        content = json.loads(content_bytes)
        if "invites" in content:
            last_exception = None
            for invite in content["invites"]:
                try:
                    yield self.handler.exchange_third_party_invite(invite)
                except Exception as e:
                    last_exception = e
            if last_exception:
                raise last_exception
        defer.returnValue((200, {}))
    # Avoid doing remote HS authorization checks which are done by default by
    # BaseFederationServlet.
    def _wrap(self, code):
        return code
 SERVLET_CLASSES = (
    FederationPullServlet,
    FederationEventServlet,
@@ -385,12 +438,16 @@ SERVLET_CLASSES = (
    FederationBackfillServlet,
    FederationQueryServlet,
    FederationMakeJoinServlet,
    FederationMakeLeaveServlet,
    FederationEventServlet,
    FederationSendJoinServlet,
    FederationSendLeaveServlet,
    FederationInviteServlet,
    FederationQueryAuthServlet,
    FederationGetMissingEventsServlet,
    FederationEventAuthServlet,
    FederationClientKeysQueryServlet,
    FederationClientKeysClaimServlet,
    FederationThirdPartyInviteExchangeServlet,
    On3pidBindServlet,
 )
--- a/synapse/handlers/init.py
+++ b/synapse/handlers/init.py
@@ -17,7 +17,7 @@ from synapse.appservice.scheduler import AppServiceScheduler
 from synapse.appservice.api import ApplicationServiceApi
 from .register import RegistrationHandler
 from .room import (
-    RoomCreationHandler, RoomMemberHandler, RoomListHandler
+    RoomCreationHandler, RoomMemberHandler, RoomListHandler, RoomContextHandler,
 )
 from .message import MessageHandler
 from .events import EventStreamHandler, EventHandler
@@ -32,6 +32,7 @@ from .sync import SyncHandler
 from .auth import AuthHandler
 from .identity import IdentityHandler
 from .receipts import ReceiptsHandler
 from .search import SearchHandler
 class Handlers(object):
@@ -68,3 +69,5 @@ class Handlers(object):
        self.sync_handler = SyncHandler(hs)
        self.auth_handler = AuthHandler(hs)
        self.identity_handler = IdentityHandler(hs)
        self.search_handler = SearchHandler(hs)
        self.room_context_handler = RoomContextHandler(hs)
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -29,6 +29,12 @@ logger = logging.getLogger(__name__)
 class BaseHandler(object):
    """
    Common base class for the event handlers.
    :type store: synapse.storage.events.StateStore
    :type state_handler: synapse.state.StateHandler
    """
    def __init__(self, hs):
        self.store = hs.get_datastore()
@@ -45,6 +51,82 @@ class BaseHandler(object):
        self.event_builder_factory = hs.get_event_builder_factory()
    @defer.inlineCallbacks
    def _filter_events_for_client(self, user_id, events, is_guest=False,
                                  require_all_visible_for_guests=True):
        # Assumes that user has at some point joined the room if not is_guest.
        def allowed(event, membership, visibility):
            if visibility == "world_readable":
                return True
            if is_guest:
                return False
            if membership == Membership.JOIN:
                return True
            if event.type == EventTypes.RoomHistoryVisibility:
                return not is_guest
            if visibility == "shared":
                return True
            elif visibility == "joined":
                return membership == Membership.JOIN
            elif visibility == "invited":
                return membership == Membership.INVITE
            return True
        event_id_to_state = yield self.store.get_state_for_events(
            frozenset(e.event_id for e in events),
            types=(
                (EventTypes.RoomHistoryVisibility, ""),
                (EventTypes.Member, user_id),
            )
        )
        events_to_return = []
        for event in events:
            state = event_id_to_state[event.event_id]
            membership_event = state.get((EventTypes.Member, user_id), None)
            if membership_event:
                was_forgotten_at_event = yield self.store.was_forgotten_at(
                    membership_event.state_key,
                    membership_event.room_id,
                    membership_event.event_id
                )
                if was_forgotten_at_event:
                    membership = None
                else:
                    membership = membership_event.membership
            else:
                membership = None
            visibility_event = state.get((EventTypes.RoomHistoryVisibility, ""), None)
            if visibility_event:
                visibility = visibility_event.content.get("history_visibility", "shared")
            else:
                visibility = "shared"
            should_include = allowed(event, membership, visibility)
            if should_include:
                events_to_return.append(event)
        if (require_all_visible_for_guests
                and is_guest
                and len(events_to_return) < len(events)):
            # This indicates that some events in the requested range were not
            # visible to guest users. To be safe, we reject the entire request,
            # so that we don't have to worry about interpreting visibility
            # boundaries.
            raise AuthError(403, "User %s does not have permission" % (
                user_id
            ))
        defer.returnValue(events_to_return)
    def ratelimit(self, user_id):
        time_now = self.clock.time()
        allowed, time_allowed = self.ratelimiter.send_message(
@@ -107,6 +189,8 @@ class BaseHandler(object):
        if not suppress_auth:
            self.auth.check(event, auth_events=context.current_state)
        yield self.maybe_kick_guest_users(event, context.current_state.values())
        if event.type == EventTypes.CanonicalAlias:
            # Check the alias is acually valid (at this time at least)
            room_alias_str = event.content.get("alias", None)
@@ -123,24 +207,39 @@ class BaseHandler(object):
                        )
                    )
        (event_stream_id, max_stream_id) = yield self.store.persist_event(
            event, context=context
        )
        federation_handler = self.hs.get_handlers().federation_handler
        if event.type == EventTypes.Member:
            if event.content["membership"] == Membership.INVITE:
                event.unsigned["invite_room_state"] = [
                    {
                        "type": e.type,
                        "state_key": e.state_key,
                        "content": e.content,
                        "sender": e.sender,
                    }
                    for k, e in context.current_state.items()
                    if e.type in (
                        EventTypes.JoinRules,
                        EventTypes.CanonicalAlias,
                        EventTypes.RoomAvatar,
                        EventTypes.Name,
                    )
                ]
                invitee = UserID.from_string(event.state_key)
                if not self.hs.is_mine(invitee):
                    # TODO: Can we add signature from remote server in a nicer
                    # way? If we have been invited by a remote server, we need
                    # to get them to sign the event.
                    returned_invite = yield federation_handler.send_invite(
                        invitee.domain,
                        event,
                    )
                    event.unsigned.pop("room_state", None)
                    # TODO: Make sure the signatures actually are correct.
                    event.signatures.update(
                        returned_invite.signatures
@@ -161,6 +260,10 @@ class BaseHandler(object):
                        "You don't have permission to redact events"
                    )
        (event_stream_id, max_stream_id) = yield self.store.persist_event(
            event, context=context
        )
        destinations = set(extra_destinations)
        for k, s in context.current_state.items():
            try:
@@ -189,6 +292,64 @@ class BaseHandler(object):
        notify_d.addErrback(log_failure)
        # If invite, remove room_state from unsigned before sending.
        event.unsigned.pop("invite_room_state", None)
        federation_handler.handle_new_event(
            event, destinations=destinations,
        )
    @defer.inlineCallbacks
    def maybe_kick_guest_users(self, event, current_state):
        # Technically this function invalidates current_state by changing it.
        # Hopefully this isn't that important to the caller.
        if event.type == EventTypes.GuestAccess:
            guest_access = event.content.get("guest_access", "forbidden")
            if guest_access != "can_join":
                yield self.kick_guest_users(current_state)
    @defer.inlineCallbacks
    def kick_guest_users(self, current_state):
        for member_event in current_state:
            try:
                if member_event.type != EventTypes.Member:
                    continue
                if not self.hs.is_mine(UserID.from_string(member_event.state_key)):
                    continue
                if member_event.content["membership"] not in {
                    Membership.JOIN,
                    Membership.INVITE
                }:
                    continue
                if (
                    "kind" not in member_event.content
                    or member_event.content["kind"] != "guest"
                ):
                    continue
                # We make the user choose to leave, rather than have the
                # event-sender kick them. This is partially because we don't
                # need to worry about power levels, and partially because guest
                # users are a concept which doesn't hugely work over federation,
                # and having homeservers have their own users leave keeps more
                # of that decision-making and control local to the guest-having
                # homeserver.
                message_handler = self.hs.get_handlers().message_handler
                yield message_handler.create_and_send_event(
                    {
                        "type": EventTypes.Member,
                        "state_key": member_event.state_key,
                        "content": {
                            "membership": Membership.LEAVE,
                            "kind": "guest"
                        },
                        "room_id": member_event.room_id,
                        "sender": member_event.state_key
                    },
                    ratelimit=False,
                )
            except Exception as e:
                logger.warn("Error kicking guest user: %s" % (e,))
--- a/synapse/handlers/account_data.py
+++ b/synapse/handlers/account_data.py
@@ -0,0 +1,65 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from twisted.internet import defer
 class AccountDataEventSource(object):
    def __init__(self, hs):
        self.store = hs.get_datastore()
    def get_current_key(self, direction='f'):
        return self.store.get_max_account_data_stream_id()
    @defer.inlineCallbacks
    def get_new_events(self, user, from_key, **kwargs):
        user_id = user.to_string()
        last_stream_id = from_key
        current_stream_id = yield self.store.get_max_account_data_stream_id()
        results = []
        tags = yield self.store.get_updated_tags(user_id, last_stream_id)
        for room_id, room_tags in tags.items():
            results.append({
                "type": "m.tag",
                "content": {"tags": room_tags},
                "room_id": room_id,
            })
        account_data, room_account_data = (
            yield self.store.get_updated_account_data_for_user(user_id, last_stream_id)
        )
        for account_data_type, content in account_data.items():
            results.append({
                "type": account_data_type,
                "content": content,
            })
        for room_id, account_data in room_account_data.items():
            for account_data_type, content in account_data.items():
                results.append({
                    "type": account_data_type,
                    "content": content,
                    "room_id": room_id,
                })
        defer.returnValue((results, current_stream_id))
    @defer.inlineCallbacks
    def get_pagination_rows(self, user, config, key):
        defer.returnValue(([], config.to_id))
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@@ -30,34 +30,27 @@ class AdminHandler(BaseHandler):
    @defer.inlineCallbacks
    def get_whois(self, user):
-        res = yield self.store.get_user_ip_and_agents(user)
+        connections = []
-        d = {}
+        sessions = yield self.store.get_user_ip_and_agents(user)
-        for r in res:
+        for session in sessions:
-            # Note that device_id is always None
+            connections.append({
-            device = d.setdefault(r["device_id"], {})
+                "ip": session["ip"],
-            session = device.setdefault(r["access_token"], [])
+                "last_seen": session["last_seen"],
-            session.append({
+                "user_agent": session["user_agent"],
                "ip": r["ip"],
                "user_agent": r["user_agent"],
                "last_seen": r["last_seen"],
            })
        ret = {
            "user_id": user.to_string(),
-            "devices": [
+            "devices": {
-                {
+                "": {
                    "device_id": k,
                    "sessions": [
                        {
-                            # "access_token": x, TODO (erikj)
+                            "connections": connections,
                            "connections": y,
                        }
                        for x, y in v.items()
                    ]
-                }
+                },
-                for k, v in d.items()
+            },
            ],
        }
        defer.returnValue(ret)
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -18,8 +18,7 @@ from twisted.internet import defer
 from ._base import BaseHandler
 from synapse.api.constants import LoginType
 from synapse.types import UserID
-from synapse.api.errors import LoginError, Codes
+from synapse.api.errors import AuthError, LoginError, Codes
 from synapse.http.client import SimpleHttpClient
 from synapse.util.async import run_on_reactor
 from twisted.web.client import PartialDownloadError
@@ -45,7 +44,9 @@ class AuthHandler(BaseHandler):
            LoginType.EMAIL_IDENTITY: self._check_email_identity,
            LoginType.DUMMY: self._check_dummy_auth,
        }
        self.bcrypt_rounds = hs.config.bcrypt_rounds
        self.sessions = {}
        self.INVALID_TOKEN_HTTP_STATUS = 401
    @defer.inlineCallbacks
    def check_auth(self, flows, clientdict, clientip):
@@ -187,7 +188,7 @@ class AuthHandler(BaseHandler):
        # TODO: get this from the homeserver rather than creating a new one for
        # each request
        try:
-            client = SimpleHttpClient(self.hs)
+            client = self.hs.get_simple_http_client()
            resp_body = yield client.post_urlencoded_get_json(
                self.hs.config.recaptcha_siteverify_api,
                args={
@@ -296,6 +297,39 @@ class AuthHandler(BaseHandler):
        refresh_token = yield self.issue_refresh_token(user_id)
        defer.returnValue((user_id, access_token, refresh_token))
    @defer.inlineCallbacks
    def get_login_tuple_for_user_id(self, user_id):
        """
        Gets login tuple for the user with the given user ID.
        The user is assumed to have been authenticated by some other
        machanism (e.g. CAS)
        Args:
            user_id (str): User ID
        Returns:
            A tuple of:
              The user's ID.
              The access token for the user's session.
              The refresh token for the user's session.
        Raises:
            StoreError if there was a problem storing the token.
            LoginError if there was an authentication problem.
        """
        user_id, ignored = yield self._find_user_id_and_pwd_hash(user_id)
        logger.info("Logging in user %s", user_id)
        access_token = yield self.issue_access_token(user_id)
        refresh_token = yield self.issue_refresh_token(user_id)
        defer.returnValue((user_id, access_token, refresh_token))
    @defer.inlineCallbacks
    def does_user_exist(self, user_id):
        try:
            yield self._find_user_id_and_pwd_hash(user_id)
            defer.returnValue(True)
        except LoginError:
            defer.returnValue(False)
    @defer.inlineCallbacks
    def _find_user_id_and_pwd_hash(self, user_id):
        """Checks to see if a user with the given id exists. Will check case
@@ -340,12 +374,15 @@ class AuthHandler(BaseHandler):
        yield self.store.add_refresh_token_to_user(user_id, refresh_token)
        defer.returnValue(refresh_token)
-    def generate_access_token(self, user_id):
+    def generate_access_token(self, user_id, extra_caveats=None):
        extra_caveats = extra_caveats or []
        macaroon = self._generate_base_macaroon(user_id)
        macaroon.add_first_party_caveat("type = access")
        now = self.hs.get_clock().time_msec()
        expiry = now + (60 * 60 * 1000)
        macaroon.add_first_party_caveat("time < %d" % (expiry,))
        for caveat in extra_caveats:
            macaroon.add_first_party_caveat(caveat)
        return macaroon.serialize()
    def generate_refresh_token(self, user_id):
@@ -358,6 +395,23 @@ class AuthHandler(BaseHandler):
        ))
        return m.serialize()
    def generate_short_term_login_token(self, user_id):
        macaroon = self._generate_base_macaroon(user_id)
        macaroon.add_first_party_caveat("type = login")
        now = self.hs.get_clock().time_msec()
        expiry = now + (2 * 60 * 1000)
        macaroon.add_first_party_caveat("time < %d" % (expiry,))
        return macaroon.serialize()
    def validate_short_term_login_token_and_get_user_id(self, login_token):
        try:
            macaroon = pymacaroons.Macaroon.deserialize(login_token)
            auth_api = self.hs.get_auth()
            auth_api.validate_macaroon(macaroon, "login", True)
            return self._get_user_from_macaroon(macaroon)
        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
            raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN)
    def _generate_base_macaroon(self, user_id):
        macaroon = pymacaroons.Macaroon(
            location=self.hs.config.server_name,
@@ -367,6 +421,16 @@ class AuthHandler(BaseHandler):
        macaroon.add_first_party_caveat("user_id = %s" % (user_id,))
        return macaroon
    def _get_user_from_macaroon(self, macaroon):
        user_prefix = "user_id = "
        for caveat in macaroon.caveats:
            if caveat.caveat_id.startswith(user_prefix):
                return caveat.caveat_id[len(user_prefix):]
        raise AuthError(
            self.INVALID_TOKEN_HTTP_STATUS, "No user_id found in token",
            errcode=Codes.UNKNOWN_TOKEN
        )
    @defer.inlineCallbacks
    def set_password(self, user_id, newpassword):
        password_hash = self.hash(newpassword)
@@ -401,7 +465,7 @@ class AuthHandler(BaseHandler):
        Returns:
            Hashed password (str).
        """
-        return bcrypt.hashpw(password, bcrypt.gensalt())
+        return bcrypt.hashpw(password, bcrypt.gensalt(self.bcrypt_rounds))
    def validate_hash(self, password, stored_hash):
        """Validates that self.hash(password) == stored_hash.
--- a/synapse/handlers/events.py
+++ b/synapse/handlers/events.py
@@ -28,6 +28,18 @@ import random
 logger = logging.getLogger(__name__)
 def started_user_eventstream(distributor, user):
    return distributor.fire("started_user_eventstream", user)
 def stopped_user_eventstream(distributor, user):
    return distributor.fire("stopped_user_eventstream", user)
 def user_joined_room(distributor, user, room_id):
    return distributor.fire("user_joined_room", user, room_id)
 class EventStreamHandler(BaseHandler):
    def __init__(self, hs):
@@ -46,11 +58,66 @@ class EventStreamHandler(BaseHandler):
        self.notifier = hs.get_notifier()
    @defer.inlineCallbacks
    def started_stream(self, user):
        """Tells the presence handler that we have started an eventstream for
        the user:
        Args:
            user (User): The user who started a stream.
        Returns:
            A deferred that completes once their presence has been updated.
        """
        if user not in self._streams_per_user:
            # Make sure we set the streams per user to 1 here rather than
            # setting it to zero and incrementing the value below.
            # Otherwise this may race with stopped_stream causing the
            # user to be erased from the map before we have a chance
            # to increment it.
            self._streams_per_user[user] = 1
            if user in self._stop_timer_per_user:
                try:
                    self.clock.cancel_call_later(
                        self._stop_timer_per_user.pop(user)
                    )
                except:
                    logger.exception("Failed to cancel event timer")
            else:
                yield started_user_eventstream(self.distributor, user)
        else:
            self._streams_per_user[user] += 1
    def stopped_stream(self, user):
        """If there are no streams for a user this starts a timer that will
        notify the presence handler that we haven't got an event stream for
        the user unless the user starts a new stream in 30 seconds.
        Args:
            user (User): The user who stopped a stream.
        """
        self._streams_per_user[user] -= 1
        if not self._streams_per_user[user]:
            del self._streams_per_user[user]
            # 30 seconds of grace to allow the client to reconnect again
            #   before we think they're gone
            def _later():
                logger.debug("_later stopped_user_eventstream %s", user)
                self._stop_timer_per_user.pop(user, None)
                return stopped_user_eventstream(self.distributor, user)
            logger.debug("Scheduling _later: for %s", user)
            self._stop_timer_per_user[user] = (
                self.clock.call_later(30, _later)
            )
    @defer.inlineCallbacks
    @log_function
    def get_stream(self, auth_user_id, pagin_config, timeout=0,
                   as_client_event=True, affect_presence=True,
-                   only_room_events=False):
+                   only_room_events=False, room_id=None, is_guest=False):
        """Fetches the events stream for a given user.
        If `only_room_events` is `True` only room events will be returned.
@@ -59,31 +126,7 @@ class EventStreamHandler(BaseHandler):
        try:
            if affect_presence:
-                if auth_user not in self._streams_per_user:
+                yield self.started_stream(auth_user)
                    self._streams_per_user[auth_user] = 0
                    if auth_user in self._stop_timer_per_user:
                        try:
                            self.clock.cancel_call_later(
                                self._stop_timer_per_user.pop(auth_user)
                            )
                        except:
                            logger.exception("Failed to cancel event timer")
                    else:
                        yield self.distributor.fire(
                            "started_user_eventstream", auth_user
                        )
                self._streams_per_user[auth_user] += 1
            rm_handler = self.hs.get_handlers().room_member_handler
            app_service = yield self.store.get_app_service_by_user_id(
                auth_user.to_string()
            )
            if app_service:
                rooms = yield self.store.get_app_service_rooms(app_service)
                room_ids = set(r.room_id for r in rooms)
            else:
                room_ids = yield rm_handler.get_joined_rooms_for_user(auth_user)
            if timeout:
                # If they've set a timeout set a minimum limit.
@@ -93,9 +136,13 @@ class EventStreamHandler(BaseHandler):
                # thundering herds on restart.
                timeout = random.randint(int(timeout*0.9), int(timeout*1.1))
            if is_guest:
                yield user_joined_room(self.distributor, auth_user, room_id)
            events, tokens = yield self.notifier.get_events_for(
-                auth_user, room_ids, pagin_config, timeout,
+                auth_user, pagin_config, timeout,
-                only_room_events=only_room_events
+                only_room_events=only_room_events,
                is_guest=is_guest, guest_room_id=room_id
            )
            time_now = self.clock.time_msec()
@@ -114,27 +161,7 @@ class EventStreamHandler(BaseHandler):
        finally:
            if affect_presence:
-                self._streams_per_user[auth_user] -= 1
+                self.stopped_stream(auth_user)
                if not self._streams_per_user[auth_user]:
                    del self._streams_per_user[auth_user]
                    # 10 seconds of grace to allow the client to reconnect again
                    #   before we think they're gone
                    def _later():
                        logger.debug(
                            "_later stopped_user_eventstream %s", auth_user
                        )
                        self._stop_timer_per_user.pop(auth_user, None)
                        return self.distributor.fire(
                            "stopped_user_eventstream", auth_user
                        )
                    logger.debug("Scheduling _later: for %s", auth_user)
                    self._stop_timer_per_user[auth_user] = (
                        self.clock.call_later(30, _later)
                    )
 class EventHandler(BaseHandler):
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -21,6 +21,7 @@ from synapse.api.errors import (
    AuthError, FederationError, StoreError, CodeMessageException, SynapseError,
 )
 from synapse.api.constants import EventTypes, Membership, RejectedReason
 from synapse.events.validator import EventValidator
 from synapse.util import unwrapFirstError
 from synapse.util.logcontext import PreserveLoggingContext
 from synapse.util.logutils import log_function
@@ -40,10 +41,13 @@ from twisted.internet import defer
 import itertools
 import logging
 logger = logging.getLogger(__name__)
 def user_joined_room(distributor, user, room_id):
    return distributor.fire("user_joined_room", user, room_id)
 class FederationHandler(BaseHandler):
    """Handles events that originated from federation.
        Responsible for:
@@ -58,22 +62,18 @@ class FederationHandler(BaseHandler):
    def __init__(self, hs):
        super(FederationHandler, self).__init__(hs)
-        self.distributor.observe(
+        self.hs = hs
-            "user_joined_room",
+
-            self._on_user_joined
+        self.distributor.observe("user_joined_room", self.user_joined_room)
        )
        self.waiting_for_join_list = {}
        self.store = hs.get_datastore()
        self.replication_layer = hs.get_replication_layer()
        self.state_handler = hs.get_state_handler()
        # self.auth_handler = gs.get_auth_handler()
        self.server_name = hs.hostname
        self.keyring = hs.get_keyring()
        self.lock_manager = hs.get_room_lock_manager()
        self.replication_layer.set_handler(self)
        # When joining a room we need to queue any events for that room up
@@ -125,60 +125,72 @@ class FederationHandler(BaseHandler):
        )
        if not is_in_room and not event.internal_metadata.is_outlier():
            logger.debug("Got event for room we're not in.")
            current_state = state
-        event_ids = set()
+            try:
-        if state:
+                event_stream_id, max_stream_id = yield self._persist_auth_tree(
-            event_ids |= {e.event_id for e in state}
+                    auth_chain, state, event
-        if auth_chain:
+                )
-            event_ids |= {e.event_id for e in auth_chain}
+            except AuthError as e:
                raise FederationError(
                    "ERROR",
                    e.code,
                    e.msg,
                    affected=event.event_id,
                )
-        seen_ids = set(
+        else:
-            (yield self.store.have_events(event_ids)).keys()
+            event_ids = set()
-        )
+            if state:
                event_ids |= {e.event_id for e in state}
            if auth_chain:
                event_ids |= {e.event_id for e in auth_chain}
-        if state and auth_chain is not None:
+            seen_ids = set(
-            # If we have any state or auth_chain given to us by the replication
+                (yield self.store.have_events(event_ids)).keys()
            # layer, then we should handle them (if we haven't before.)
            event_infos = []
            for e in itertools.chain(auth_chain, state):
                if e.event_id in seen_ids:
                    continue
                e.internal_metadata.outlier = True
                auth_ids = [e_id for e_id, _ in e.auth_events]
                auth = {
                    (e.type, e.state_key): e for e in auth_chain
                    if e.event_id in auth_ids
                }
                event_infos.append({
                    "event": e,
                    "auth_events": auth,
                })
                seen_ids.add(e.event_id)
            yield self._handle_new_events(
                origin,
                event_infos,
                outliers=True
            )
-        try:
+            if state and auth_chain is not None:
-            _, event_stream_id, max_stream_id = yield self._handle_new_event(
+                # If we have any state or auth_chain given to us by the replication
-                origin,
+                # layer, then we should handle them (if we haven't before.)
-                event,
+
-                state=state,
+                event_infos = []
-                backfilled=backfilled,
+
-                current_state=current_state,
+                for e in itertools.chain(auth_chain, state):
-            )
+                    if e.event_id in seen_ids:
-        except AuthError as e:
+                        continue
-            raise FederationError(
+                    e.internal_metadata.outlier = True
-                "ERROR",
+                    auth_ids = [e_id for e_id, _ in e.auth_events]
-                e.code,
+                    auth = {
-                e.msg,
+                        (e.type, e.state_key): e for e in auth_chain
-                affected=event.event_id,
+                        if e.event_id in auth_ids or e.type == EventTypes.Create
-            )
+                    }
                    event_infos.append({
                        "event": e,
                        "auth_events": auth,
                    })
                    seen_ids.add(e.event_id)
                yield self._handle_new_events(
                    origin,
                    event_infos,
                    outliers=True
                )
            try:
                context, event_stream_id, max_stream_id = yield self._handle_new_event(
                    origin,
                    event,
                    state=state,
                    backfilled=backfilled,
                    current_state=current_state,
                )
            except AuthError as e:
                raise FederationError(
                    "ERROR",
                    e.code,
                    e.msg,
                    affected=event.event_id,
                )
        # if we're receiving valid events from an origin,
        # it's probably a good idea to mark it as not in retry-state
@@ -222,15 +234,18 @@ class FederationHandler(BaseHandler):
        if event.type == EventTypes.Member:
            if event.membership == Membership.JOIN:
-                user = UserID.from_string(event.state_key)
+                prev_state = context.current_state.get((event.type, event.state_key))
-                yield self.distributor.fire(
+                if not prev_state or prev_state.membership != Membership.JOIN:
-                    "user_joined_room", user=user, room_id=event.room_id
+                    # Only fire user_joined_room if the user has acutally
-                )
+                    # joined the room. Don't bother if the user is just
                    # changing their profile info.
                    user = UserID.from_string(event.state_key)
                    yield user_joined_room(self.distributor, user, event.room_id)
    @defer.inlineCallbacks
    def _filter_events_for_server(self, server_name, room_id, events):
        event_to_state = yield self.store.get_state_for_events(
-            room_id, frozenset(e.event_id for e in events),
+            frozenset(e.event_id for e in events),
            types=(
                (EventTypes.RoomHistoryVisibility, ""),
                (EventTypes.Member, None),
@@ -553,7 +568,7 @@ class FederationHandler(BaseHandler):
    @log_function
    @defer.inlineCallbacks
-    def do_invite_join(self, target_hosts, room_id, joinee, content, snapshot):
+    def do_invite_join(self, target_hosts, room_id, joinee, content):
        """ Attempts to join the `joinee` to the room `room_id` via the
        server `target_host`.
@@ -569,49 +584,19 @@ class FederationHandler(BaseHandler):
        yield self.store.clean_room_for_join(room_id)
-        origin, pdu = yield self.replication_layer.make_join(
+        origin, event = yield self._make_and_verify_event(
            target_hosts,
            room_id,
-            joinee
+            joinee,
            "join",
            content,
        )
        logger.debug("Got response to make_join: %s", pdu)
        event = pdu
        # We should assert some things.
        # FIXME: Do this in a nicer way
        assert(event.type == EventTypes.Member)
        assert(event.user_id == joinee)
        assert(event.state_key == joinee)
        assert(event.room_id == room_id)
        event.internal_metadata.outlier = False
        self.room_queues[room_id] = []
        builder = self.event_builder_factory.new(
            unfreeze(event.get_pdu_json())
        )
        handled_events = set()
        try:
-            builder.event_id = self.event_builder_factory.create_event_id()
+            event = self._sign_event(event)
            builder.origin = self.hs.hostname
            builder.content = content
            if not hasattr(event, "signatures"):
                builder.signatures = {}
            add_hashes_and_signatures(
                builder,
                self.hs.hostname,
                self.hs.config.signing_key[0],
            )
            new_event = builder.build()
            # Try the host we successfully got a response to /make_join/
            # request first.
            try:
@@ -619,11 +604,7 @@ class FederationHandler(BaseHandler):
                target_hosts.insert(0, origin)
            except ValueError:
                pass
-
+            ret = yield self.replication_layer.send_join(target_hosts, event)
            ret = yield self.replication_layer.send_join(
                target_hosts,
                new_event
            )
            origin = ret["origin"]
            state = ret["state"]
@@ -632,12 +613,12 @@ class FederationHandler(BaseHandler):
            handled_events.update([s.event_id for s in state])
            handled_events.update([a.event_id for a in auth_chain])
-            handled_events.add(new_event.event_id)
+            handled_events.add(event.event_id)
            logger.debug("do_invite_join auth_chain: %s", auth_chain)
            logger.debug("do_invite_join state: %s", state)
-            logger.debug("do_invite_join event: %s", new_event)
+            logger.debug("do_invite_join event: %s", event)
            try:
                yield self.store.store_room(
@@ -649,47 +630,20 @@ class FederationHandler(BaseHandler):
                # FIXME
                pass
-            ev_infos = []
+            event_stream_id, max_stream_id = yield self._persist_auth_tree(
-            for e in itertools.chain(state, auth_chain):
+                auth_chain, state, event
                if e.event_id == event.event_id:
                    continue
                e.internal_metadata.outlier = True
                auth_ids = [e_id for e_id, _ in e.auth_events]
                ev_infos.append({
                    "event": e,
                    "auth_events": {
                        (e.type, e.state_key): e for e in auth_chain
                        if e.event_id in auth_ids
                    }
                })
            yield self._handle_new_events(origin, ev_infos, outliers=True)
            auth_ids = [e_id for e_id, _ in event.auth_events]
            auth_events = {
                (e.type, e.state_key): e for e in auth_chain
                if e.event_id in auth_ids
            }
            _, event_stream_id, max_stream_id = yield self._handle_new_event(
                origin,
                new_event,
                state=state,
                current_state=state,
                auth_events=auth_events,
            )
            with PreserveLoggingContext():
                d = self.notifier.on_new_room_event(
-                    new_event, event_stream_id, max_stream_id,
+                    event, event_stream_id, max_stream_id,
                    extra_users=[joinee]
                )
            def log_failure(f):
                logger.warn(
                    "Failed to notify about %s: %s",
-                    new_event.event_id, f.value
+                    event.event_id, f.value
                )
            d.addErrback(log_failure)
@@ -714,12 +668,14 @@ class FederationHandler(BaseHandler):
    @log_function
    def on_make_join_request(self, room_id, user_id):
        """ We've received a /make_join/ request, so we create a partial
-        join event for the room and return that. We don *not* persist or
+        join event for the room and return that. We do *not* persist or
        process it until the other server has signed it and sent it back.
        """
        event_content = {"membership": Membership.JOIN}
        builder = self.event_builder_factory.new({
            "type": EventTypes.Member,
-            "content": {"membership": Membership.JOIN},
+            "content": event_content,
            "room_id": room_id,
            "sender": user_id,
            "state_key": user_id,
@@ -781,9 +737,7 @@ class FederationHandler(BaseHandler):
        if event.type == EventTypes.Member:
            if event.content["membership"] == Membership.JOIN:
                user = UserID.from_string(event.state_key)
-                yield self.distributor.fire(
+                yield user_joined_room(self.distributor, user, event.room_id)
                    "user_joined_room", user=user, room_id=event.room_id
                )
        new_pdu = event
@@ -864,6 +818,168 @@ class FederationHandler(BaseHandler):
        defer.returnValue(event)
    @defer.inlineCallbacks
    def do_remotely_reject_invite(self, target_hosts, room_id, user_id):
        origin, event = yield self._make_and_verify_event(
            target_hosts,
            room_id,
            user_id,
            "leave"
        )
        signed_event = self._sign_event(event)
        # Try the host we successfully got a response to /make_join/
        # request first.
        try:
            target_hosts.remove(origin)
            target_hosts.insert(0, origin)
        except ValueError:
            pass
        yield self.replication_layer.send_leave(
            target_hosts,
            signed_event
        )
        defer.returnValue(None)
    @defer.inlineCallbacks
    def _make_and_verify_event(self, target_hosts, room_id, user_id, membership,
                               content={},):
        origin, pdu = yield self.replication_layer.make_membership_event(
            target_hosts,
            room_id,
            user_id,
            membership,
            content,
        )
        logger.debug("Got response to make_%s: %s", membership, pdu)
        event = pdu
        # We should assert some things.
        # FIXME: Do this in a nicer way
        assert(event.type == EventTypes.Member)
        assert(event.user_id == user_id)
        assert(event.state_key == user_id)
        assert(event.room_id == room_id)
        defer.returnValue((origin, event))
    def _sign_event(self, event):
        event.internal_metadata.outlier = False
        builder = self.event_builder_factory.new(
            unfreeze(event.get_pdu_json())
        )
        builder.event_id = self.event_builder_factory.create_event_id()
        builder.origin = self.hs.hostname
        if not hasattr(event, "signatures"):
            builder.signatures = {}
        add_hashes_and_signatures(
            builder,
            self.hs.hostname,
            self.hs.config.signing_key[0],
        )
        return builder.build()
    @defer.inlineCallbacks
    @log_function
    def on_make_leave_request(self, room_id, user_id):
        """ We've received a /make_leave/ request, so we create a partial
        join event for the room and return that. We do *not* persist or
        process it until the other server has signed it and sent it back.
        """
        builder = self.event_builder_factory.new({
            "type": EventTypes.Member,
            "content": {"membership": Membership.LEAVE},
            "room_id": room_id,
            "sender": user_id,
            "state_key": user_id,
        })
        event, context = yield self._create_new_client_event(
            builder=builder,
        )
        self.auth.check(event, auth_events=context.current_state)
        defer.returnValue(event)
    @defer.inlineCallbacks
    @log_function
    def on_send_leave_request(self, origin, pdu):
        """ We have received a leave event for a room. Fully process it."""
        event = pdu
        logger.debug(
            "on_send_leave_request: Got event: %s, signatures: %s",
            event.event_id,
            event.signatures,
        )
        event.internal_metadata.outlier = False
        context, event_stream_id, max_stream_id = yield self._handle_new_event(
            origin, event
        )
        logger.debug(
            "on_send_leave_request: After _handle_new_event: %s, sigs: %s",
            event.event_id,
            event.signatures,
        )
        extra_users = []
        if event.type == EventTypes.Member:
            target_user_id = event.state_key
            target_user = UserID.from_string(target_user_id)
            extra_users.append(target_user)
        with PreserveLoggingContext():
            d = self.notifier.on_new_room_event(
                event, event_stream_id, max_stream_id, extra_users=extra_users
            )
        def log_failure(f):
            logger.warn(
                "Failed to notify about %s: %s",
                event.event_id, f.value
            )
        d.addErrback(log_failure)
        new_pdu = event
        destinations = set()
        for k, s in context.current_state.items():
            try:
                if k[0] == EventTypes.Member:
                    if s.content["membership"] == Membership.LEAVE:
                        destinations.add(
                            UserID.from_string(s.state_key).domain
                        )
            except:
                logger.warn(
                    "Failed to get destination from event %s", s.event_id
                )
        destinations.discard(origin)
        logger.debug(
            "on_send_leave_request: Sending event: %s, signatures: %s",
            event.event_id,
            event.signatures,
        )
        self.replication_layer.send_pdu(new_pdu, destinations)
        defer.returnValue(None)
    @defer.inlineCallbacks
    def get_state_for_pdu(self, origin, room_id, event_id, do_auth=True):
        yield run_on_reactor()
@@ -968,7 +1084,7 @@ class FederationHandler(BaseHandler):
        return self.store.get_min_depth(context)
    @log_function
-    def _on_user_joined(self, user, room_id):
+    def user_joined_room(self, user, room_id):
        waiters = self.waiting_for_join_list.get(
            (user.to_string(), room_id),
            []
@@ -986,8 +1102,6 @@ class FederationHandler(BaseHandler):
        context = yield self._prep_event(
            origin, event,
            state=state,
            backfilled=backfilled,
            current_state=current_state,
            auth_events=auth_events,
        )
@@ -1010,7 +1124,6 @@ class FederationHandler(BaseHandler):
                    origin,
                    ev_info["event"],
                    state=ev_info.get("state"),
                    backfilled=backfilled,
                    auth_events=ev_info.get("auth_events"),
                )
                for ev_info in event_infos
@@ -1027,8 +1140,77 @@ class FederationHandler(BaseHandler):
        )
    @defer.inlineCallbacks
-    def _prep_event(self, origin, event, state=None, backfilled=False,
+    def _persist_auth_tree(self, auth_events, state, event):
-                    current_state=None, auth_events=None):
+        """Checks the auth chain is valid (and passes auth checks) for the
        state and event. Then persists the auth chain and state atomically.
        Persists the event seperately.
        Returns:
            2-tuple of (event_stream_id, max_stream_id) from the persist_event
            call for `event`
        """
        events_to_context = {}
        for e in itertools.chain(auth_events, state):
            ctx = yield self.state_handler.compute_event_context(
                e, outlier=True,
            )
            events_to_context[e.event_id] = ctx
            e.internal_metadata.outlier = True
        event_map = {
            e.event_id: e
            for e in auth_events
        }
        create_event = None
        for e in auth_events:
            if (e.type, e.state_key) == (EventTypes.Create, ""):
                create_event = e
                break
        for e in itertools.chain(auth_events, state, [event]):
            auth_for_e = {
                (event_map[e_id].type, event_map[e_id].state_key): event_map[e_id]
                for e_id, _ in e.auth_events
            }
            if create_event:
                auth_for_e[(EventTypes.Create, "")] = create_event
            try:
                self.auth.check(e, auth_events=auth_for_e)
            except AuthError as err:
                logger.warn(
                    "Rejecting %s because %s",
                    e.event_id, err.msg
                )
                if e == event:
                    raise
                events_to_context[e.event_id].rejected = RejectedReason.AUTH_ERROR
        yield self.store.persist_events(
            [
                (e, events_to_context[e.event_id])
                for e in itertools.chain(auth_events, state)
            ],
            is_new_state=False,
        )
        new_event_context = yield self.state_handler.compute_event_context(
            event, old_state=state, outlier=False,
        )
        event_stream_id, max_stream_id = yield self.store.persist_event(
            event, new_event_context,
            backfilled=False,
            is_new_state=True,
            current_state=state,
        )
        defer.returnValue((event_stream_id, max_stream_id))
    @defer.inlineCallbacks
    def _prep_event(self, origin, event, state=None, auth_events=None):
        outlier = event.internal_metadata.is_outlier()
        context = yield self.state_handler.compute_event_context(
@@ -1061,6 +1243,10 @@ class FederationHandler(BaseHandler):
            context.rejected = RejectedReason.AUTH_ERROR
        if event.type == EventTypes.GuestAccess:
            full_context = yield self.store.get_current_state(room_id=event.room_id)
            yield self.maybe_kick_guest_users(event, full_context)
        defer.returnValue(context)
    @defer.inlineCallbacks
@@ -1166,7 +1352,7 @@ class FederationHandler(BaseHandler):
                        auth_ids = [e_id for e_id, _ in e.auth_events]
                        auth = {
                            (e.type, e.state_key): e for e in remote_auth_chain
-                            if e.event_id in auth_ids
+                            if e.event_id in auth_ids or e.type == EventTypes.Create
                        }
                        e.internal_metadata.outlier = True
@@ -1284,6 +1470,7 @@ class FederationHandler(BaseHandler):
                                (e.type, e.state_key): e
                                for e in result["auth_chain"]
                                if e.event_id in auth_ids
                                or event.type == EventTypes.Create
                            }
                            ev.internal_metadata.outlier = True
@@ -1458,50 +1645,114 @@ class FederationHandler(BaseHandler):
        })
    @defer.inlineCallbacks
-    def _handle_auth_events(self, origin, auth_events):
+    @log_function
-        auth_ids_to_deferred = {}
+    def exchange_third_party_invite(self, invite):
        sender = invite["sender"]
        room_id = invite["room_id"]
-        def process_auth_ev(ev):
+        if "signed" not in invite or "token" not in invite["signed"]:
-            auth_ids = [e_id for e_id, _ in ev.auth_events]
+            logger.info(
                "Discarding received notification of third party invite "
                "without signed: %s" % (invite,)
            )
            return
-            prev_ds = [
+        third_party_invite = {
-                auth_ids_to_deferred[i]
+            "signed": invite["signed"],
-                for i in auth_ids
+        }
                if i in auth_ids_to_deferred
            ]
-            d = defer.Deferred()
+        event_dict = {
            "type": EventTypes.Member,
            "content": {
                "membership": Membership.INVITE,
                "third_party_invite": third_party_invite,
            },
            "room_id": room_id,
            "sender": sender,
            "state_key": invite["mxid"],
        }
-            auth_ids_to_deferred[ev.event_id] = d
+        if (yield self.auth.check_host_in_room(room_id, self.hs.hostname)):
            builder = self.event_builder_factory.new(event_dict)
            EventValidator().validate_new(builder)
            event, context = yield self._create_new_client_event(builder=builder)
-            @defer.inlineCallbacks
+            event, context = yield self.add_display_name_to_third_party_invite(
-            def f(*_):
+                event_dict, event, context
-                ev.internal_metadata.outlier = True
+            )
-                try:
+            self.auth.check(event, context.current_state)
-                    auth = {
+            yield self._validate_keyserver(event, auth_events=context.current_state)
-                        (e.type, e.state_key): e for e in auth_events
+            member_handler = self.hs.get_handlers().room_member_handler
-                        if e.event_id in auth_ids
+            yield member_handler.change_membership(event, context)
-                    }
+        else:
            destinations = set([x.split(":", 1)[-1] for x in (sender, room_id)])
            yield self.replication_layer.forward_third_party_invite(
                destinations,
                room_id,
                event_dict,
            )
-                    yield self._handle_new_event(
+    @defer.inlineCallbacks
-                        origin, ev, auth_events=auth
+    @log_function
-                    )
+    def on_exchange_third_party_invite_request(self, origin, room_id, event_dict):
-                except:
+        builder = self.event_builder_factory.new(event_dict)
                    logger.exception(
                        "Failed to handle auth event %s",
                        ev.event_id,
                    )
-                d.callback(None)
+        event, context = yield self._create_new_client_event(
            builder=builder,
        )
-            if prev_ds:
+        event, context = yield self.add_display_name_to_third_party_invite(
-                dx = defer.DeferredList(prev_ds)
+            event_dict, event, context
-                dx.addBoth(f)
+        )
            else:
                f()
-        for e in auth_events:
+        self.auth.check(event, auth_events=context.current_state)
-            process_auth_ev(e)
+        yield self._validate_keyserver(event, auth_events=context.current_state)
-        yield defer.DeferredList(auth_ids_to_deferred.values())
+        returned_invite = yield self.send_invite(origin, event)
        # TODO: Make sure the signatures actually are correct.
        event.signatures.update(returned_invite.signatures)
        member_handler = self.hs.get_handlers().room_member_handler
        yield member_handler.change_membership(event, context)
    @defer.inlineCallbacks
    def add_display_name_to_third_party_invite(self, event_dict, event, context):
        key = (
            EventTypes.ThirdPartyInvite,
            event.content["third_party_invite"]["signed"]["token"]
        )
        original_invite = context.current_state.get(key)
        if not original_invite:
            logger.info(
                "Could not find invite event for third_party_invite - "
                "discarding: %s" % (event_dict,)
            )
            return
        display_name = original_invite.content["display_name"]
        event_dict["content"]["third_party_invite"]["display_name"] = display_name
        builder = self.event_builder_factory.new(event_dict)
        EventValidator().validate_new(builder)
        event, context = yield self._create_new_client_event(builder=builder)
        defer.returnValue((event, context))
    @defer.inlineCallbacks
    def _validate_keyserver(self, event, auth_events):
        token = event.content["third_party_invite"]["signed"]["token"]
        invite_event = auth_events.get(
            (EventTypes.ThirdPartyInvite, token,)
        )
        try:
            response = yield self.hs.get_simple_http_client().get_json(
                invite_event.content["key_validity_url"],
                {"public_key": invite_event.content["public_key"]}
            )
        except Exception:
            raise SynapseError(
                502,
                "Third party certificate could not be checked"
            )
        if "valid" not in response or not response["valid"]:
            raise AuthError(403, "Third party certificate was invalid")
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -20,7 +20,6 @@ from synapse.api.errors import (
    CodeMessageException
 )
 from ._base import BaseHandler
 from synapse.http.client import SimpleHttpClient
 from synapse.util.async import run_on_reactor
 from synapse.api.errors import SynapseError
@@ -35,13 +34,12 @@ class IdentityHandler(BaseHandler):
    def __init__(self, hs):
        super(IdentityHandler, self).__init__(hs)
        self.http_client = hs.get_simple_http_client()
    @defer.inlineCallbacks
    def threepid_from_creds(self, creds):
        yield run_on_reactor()
        # TODO: get this from the homeserver rather than creating a new one for
        # each request
        http_client = SimpleHttpClient(self.hs)
        # XXX: make this configurable!
        # trustedIdServers = ['matrix.org', 'localhost:8090']
        trustedIdServers = ['matrix.org', 'vector.im']
@@ -67,7 +65,7 @@ class IdentityHandler(BaseHandler):
        data = {}
        try:
-            data = yield http_client.get_json(
+            data = yield self.http_client.get_json(
                "https://%s%s" % (
                    id_server,
                    "/_matrix/identity/api/v1/3pid/getValidated3pid"
@@ -85,7 +83,6 @@ class IdentityHandler(BaseHandler):
    def bind_threepid(self, creds, mxid):
        yield run_on_reactor()
        logger.debug("binding threepid %r to %s", creds, mxid)
        http_client = SimpleHttpClient(self.hs)
        data = None
        if 'id_server' in creds:
@@ -103,7 +100,7 @@ class IdentityHandler(BaseHandler):
            raise SynapseError(400, "No client_secret in creds")
        try:
-            data = yield http_client.post_urlencoded_get_json(
+            data = yield self.http_client.post_urlencoded_get_json(
                "https://%s%s" % (
                    id_server, "/_matrix/identity/api/v1/3pid/bind"
                ),
@@ -121,7 +118,6 @@ class IdentityHandler(BaseHandler):
    @defer.inlineCallbacks
    def requestEmailToken(self, id_server, email, client_secret, send_attempt, **kwargs):
        yield run_on_reactor()
        http_client = SimpleHttpClient(self.hs)
        params = {
            'email': email,
@@ -131,7 +127,7 @@ class IdentityHandler(BaseHandler):
        params.update(kwargs)
        try:
-            data = yield http_client.post_urlencoded_get_json(
+            data = yield self.http_client.post_urlencoded_get_json(
                "https://%s%s" % (
                    id_server,
                    "/_matrix/identity/api/v1/validate/email/requestToken"
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -16,21 +16,28 @@
 from twisted.internet import defer
 from synapse.api.constants import EventTypes, Membership
-from synapse.api.errors import RoomError, SynapseError
+from synapse.api.errors import SynapseError, AuthError, Codes
 from synapse.streams.config import PaginationConfig
 from synapse.events.utils import serialize_event
 from synapse.events.validator import EventValidator
 from synapse.util import unwrapFirstError
 from synapse.util.logcontext import PreserveLoggingContext
-from synapse.types import UserID, RoomStreamToken
+from synapse.util.caches.snapshot_cache import SnapshotCache
 from synapse.types import UserID, RoomStreamToken, StreamToken
 from ._base import BaseHandler
 from canonicaljson import encode_canonical_json
 import logging
 logger = logging.getLogger(__name__)
 def collect_presencelike_data(distributor, user, content):
    return distributor.fire("collect_presencelike_data", user, content)
 class MessageHandler(BaseHandler):
    def __init__(self, hs):
@@ -39,6 +46,7 @@ class MessageHandler(BaseHandler):
        self.state = hs.get_state_handler()
        self.clock = hs.get_clock()
        self.validator = EventValidator()
        self.snapshot_cache = SnapshotCache()
    @defer.inlineCallbacks
    def get_message(self, msg_id=None, room_id=None, sender_id=None,
@@ -71,34 +79,64 @@ class MessageHandler(BaseHandler):
    @defer.inlineCallbacks
    def get_messages(self, user_id=None, room_id=None, pagin_config=None,
-                     feedback=False, as_client_event=True):
+                     as_client_event=True, is_guest=False):
        """Get messages in a room.
        Args:
            user_id (str): The user requesting messages.
            room_id (str): The room they want messages from.
            pagin_config (synapse.api.streams.PaginationConfig): The pagination
-            config rules to apply, if any.
+                config rules to apply, if any.
            feedback (bool): True to get compressed feedback with the messages
            as_client_event (bool): True to get events in client-server format.
            is_guest (bool): Whether the requesting user is a guest (as opposed
                to a fully registered user).
        Returns:
            dict: Pagination API results
        """
        yield self.auth.check_joined_room(room_id, user_id)
        data_source = self.hs.get_event_sources().sources["room"]
-        if not pagin_config.from_token:
+        if pagin_config.from_token:
            room_token = pagin_config.from_token.room_key
        else:
            pagin_config.from_token = (
                yield self.hs.get_event_sources().get_current_token(
                    direction='b'
                )
            )
            room_token = pagin_config.from_token.room_key
-        room_token = RoomStreamToken.parse(pagin_config.from_token.room_key)
+        room_token = RoomStreamToken.parse(room_token)
        if room_token.topological is None:
            raise SynapseError(400, "Invalid token")
        pagin_config.from_token = pagin_config.from_token.copy_and_replace(
            "room_key", str(room_token)
        )
        source_config = pagin_config.get_source_config("room")
        if not is_guest:
            member_event = yield self.auth.check_user_was_in_room(room_id, user_id)
            if member_event.membership == Membership.LEAVE:
                # If they have left the room then clamp the token to be before
                # they left the room.
                # If they're a guest, we'll just 403 them if they're asking for
                # events they can't see.
                leave_token = yield self.store.get_topological_token_for_event(
                    member_event.event_id
                )
                leave_token = RoomStreamToken.parse(leave_token)
                if leave_token.topological < room_token.topological:
                    source_config.from_key = str(leave_token)
                if source_config.direction == "f":
                    if source_config.to_key is None:
                        source_config.to_key = str(leave_token)
                    else:
                        to_token = RoomStreamToken.parse(source_config.to_key)
                        if leave_token.topological < to_token.topological:
                            source_config.to_key = str(leave_token)
        yield self.hs.get_handlers().federation_handler.maybe_backfill(
            room_id, room_token.topological
        )
@@ -106,7 +144,7 @@ class MessageHandler(BaseHandler):
        user = UserID.from_string(user_id)
        events, next_key = yield data_source.get_pagination_rows(
-            user, pagin_config.get_source_config("room"), room_id
+            user, source_config, room_id
        )
        next_token = pagin_config.from_token.copy_and_replace(
@@ -120,7 +158,7 @@ class MessageHandler(BaseHandler):
                "end": next_token.to_string(),
            })
-        events = yield self._filter_events_for_client(user_id, room_id, events)
+        events = yield self._filter_events_for_client(user_id, events, is_guest=is_guest)
        time_now = self.clock.time_msec()
@@ -135,55 +173,9 @@ class MessageHandler(BaseHandler):
        defer.returnValue(chunk)
    @defer.inlineCallbacks
    def _filter_events_for_client(self, user_id, room_id, events):
        event_id_to_state = yield self.store.get_state_for_events(
            room_id, frozenset(e.event_id for e in events),
            types=(
                (EventTypes.RoomHistoryVisibility, ""),
                (EventTypes.Member, user_id),
            )
        )
        def allowed(event, state):
            if event.type == EventTypes.RoomHistoryVisibility:
                return True
            membership_ev = state.get((EventTypes.Member, user_id), None)
            if membership_ev:
                membership = membership_ev.membership
            else:
                membership = Membership.LEAVE
            if membership == Membership.JOIN:
                return True
            history = state.get((EventTypes.RoomHistoryVisibility, ''), None)
            if history:
                visibility = history.content.get("history_visibility", "shared")
            else:
                visibility = "shared"
            if visibility == "public":
                return True
            elif visibility == "shared":
                return True
            elif visibility == "joined":
                return membership == Membership.JOIN
            elif visibility == "invited":
                return membership == Membership.INVITE
            return True
        defer.returnValue([
            event
            for event in events
            if allowed(event, event_id_to_state[event.event_id])
        ])
    @defer.inlineCallbacks
    def create_and_send_event(self, event_dict, ratelimit=True,
-                              token_id=None, txn_id=None):
+                              token_id=None, txn_id=None, is_guest=False):
        """ Given a dict from a client, create and handle a new event.
        Creates an FrozenEvent object, filling out auth_events, prev_events,
@@ -211,10 +203,8 @@ class MessageHandler(BaseHandler):
            if membership == Membership.JOIN:
                joinee = UserID.from_string(builder.state_key)
                # If event doesn't include a display name, add one.
-                yield self.distributor.fire(
+                yield collect_presencelike_data(
-                    "collect_presencelike_data",
+                    self.distributor, joinee, builder.content
                    joinee,
                    builder.content
                )
        if token_id is not None:
@@ -227,9 +217,19 @@ class MessageHandler(BaseHandler):
            builder=builder,
        )
        if event.is_state():
            prev_state = context.current_state.get((event.type, event.state_key))
            if prev_state and event.user_id == prev_state.user_id:
                prev_content = encode_canonical_json(prev_state.content)
                next_content = encode_canonical_json(event.content)
                if prev_content == next_content:
                    # Duplicate suppression for state updates with same sender
                    # and content.
                    defer.returnValue(prev_state)
        if event.type == EventTypes.Member:
            member_handler = self.hs.get_handlers().room_member_handler
-            yield member_handler.change_membership(event, context)
+            yield member_handler.change_membership(event, context, is_guest=is_guest)
        else:
            yield self.handle_new_client_event(
                event=event,
@@ -245,7 +245,7 @@ class MessageHandler(BaseHandler):
    @defer.inlineCallbacks
    def get_room_data(self, user_id=None, room_id=None,
-                      event_type=None, state_key=""):
+                      event_type=None, state_key="", is_guest=False):
        """ Get data from a room.
        Args:
@@ -255,29 +255,55 @@ class MessageHandler(BaseHandler):
        Raises:
            SynapseError if something went wrong.
        """
-        have_joined = yield self.auth.check_joined_room(room_id, user_id)
+        membership, membership_event_id = yield self._check_in_room_or_world_readable(
-        if not have_joined:
+            room_id, user_id, is_guest
            raise RoomError(403, "User not in room.")
        data = yield self.state_handler.get_current_state(
            room_id, event_type, state_key
        )
        if membership == Membership.JOIN:
            data = yield self.state_handler.get_current_state(
                room_id, event_type, state_key
            )
        elif membership == Membership.LEAVE:
            key = (event_type, state_key)
            room_state = yield self.store.get_state_for_events(
                [membership_event_id], [key]
            )
            data = room_state[membership_event_id].get(key)
        defer.returnValue(data)
    @defer.inlineCallbacks
-    def get_feedback(self, event_id):
+    def _check_in_room_or_world_readable(self, room_id, user_id, is_guest):
-        # yield self.auth.check_joined_room(room_id, user_id)
+        try:
-
+            # check_user_was_in_room will return the most recent membership
-        # Pull out the feedback from the db
+            # event for the user if:
-        fb = yield self.store.get_feedback(event_id)
+            #  * The user is a non-guest user, and was ever in the room
-
+            #  * The user is a guest user, and has joined the room
-        if fb:
+            # else it will throw.
-            defer.returnValue(fb)
+            member_event = yield self.auth.check_user_was_in_room(room_id, user_id)
-        defer.returnValue(None)
+            defer.returnValue((member_event.membership, member_event.event_id))
            return
        except AuthError, auth_error:
            visibility = yield self.state_handler.get_current_state(
                room_id, EventTypes.RoomHistoryVisibility, ""
            )
            if (
                visibility and
                visibility.content["history_visibility"] == "world_readable"
            ):
                defer.returnValue((Membership.JOIN, None))
                return
            if not is_guest:
                raise auth_error
            raise AuthError(
                403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN
            )
    @defer.inlineCallbacks
-    def get_state_events(self, user_id, room_id):
+    def get_state_events(self, user_id, room_id, is_guest=False):
-        """Retrieve all state events for a given room.
+        """Retrieve all state events for a given room. If the user is
        joined to the room then return the current state. If the user has
        left the room return the state events from when they left.
        Args:
            user_id(str): The user requesting state events.
@@ -285,18 +311,25 @@ class MessageHandler(BaseHandler):
        Returns:
            A list of dicts representing state events. [{}, {}, {}]
        """
-        yield self.auth.check_joined_room(room_id, user_id)
+        membership, membership_event_id = yield self._check_in_room_or_world_readable(
-
+            room_id, user_id, is_guest
-        # TODO: This is duplicating logic from snapshot_all_rooms
+        )
-        current_state = yield self.state_handler.get_current_state(room_id)
+
-        now = self.clock.time_msec()
+        if membership == Membership.JOIN:
-        defer.returnValue(
+            room_state = yield self.state_handler.get_current_state(room_id)
-            [serialize_event(c, now) for c in current_state.values()]
+        elif membership == Membership.LEAVE:
            room_state = yield self.store.get_state_for_events(
                [membership_event_id], None
            )
            room_state = room_state[membership_event_id]
        now = self.clock.time_msec()
        defer.returnValue(
            [serialize_event(c, now) for c in room_state.values()]
        )
    @defer.inlineCallbacks
    def snapshot_all_rooms(self, user_id=None, pagin_config=None,
-                           feedback=False, as_client_event=True):
+                           as_client_event=True, include_archived=False):
        """Retrieve a snapshot of all rooms the user is invited or has joined.
        This snapshot may include messages for all rooms where the user is
@@ -306,17 +339,42 @@ class MessageHandler(BaseHandler):
            user_id (str): The ID of the user making the request.
            pagin_config (synapse.api.streams.PaginationConfig): The pagination
            config used to determine how many messages *PER ROOM* to return.
            feedback (bool): True to get feedback along with these messages.
            as_client_event (bool): True to get events in client-server format.
            include_archived (bool): True to get rooms that the user has left
        Returns:
            A list of dicts with "room_id" and "membership" keys for all rooms
            the user is currently invited or joined in on. Rooms where the user
            is joined on, may return a "messages" key with messages, depending
            on the specified PaginationConfig.
        """
        key = (
            user_id,
            pagin_config.from_token,
            pagin_config.to_token,
            pagin_config.direction,
            pagin_config.limit,
            as_client_event,
            include_archived,
        )
        now_ms = self.clock.time_msec()
        result = self.snapshot_cache.get(now_ms, key)
        if result is not None:
            return result
        return self.snapshot_cache.set(now_ms, key, self._snapshot_all_rooms(
            user_id, pagin_config, as_client_event, include_archived
        ))
    @defer.inlineCallbacks
    def _snapshot_all_rooms(self, user_id=None, pagin_config=None,
                            as_client_event=True, include_archived=False):
        memberships = [Membership.INVITE, Membership.JOIN]
        if include_archived:
            memberships.append(Membership.LEAVE)
        room_list = yield self.store.get_rooms_for_user_where_membership_is(
-            user_id=user_id,
+            user_id=user_id, membership_list=memberships
            membership_list=[Membership.INVITE, Membership.JOIN]
        )
        user = UserID.from_string(user_id)
@@ -336,6 +394,12 @@ class MessageHandler(BaseHandler):
            user, pagination_config.get_source_config("receipt"), None
        )
        tags_by_room = yield self.store.get_tags_for_user(user_id)
        account_data, account_data_by_room = (
            yield self.store.get_account_data_for_user(user_id)
        )
        public_room_ids = yield self.store.get_public_room_ids()
        limit = pagin_config.limit
@@ -354,28 +418,45 @@ class MessageHandler(BaseHandler):
            }
            if event.membership == Membership.INVITE:
                time_now = self.clock.time_msec()
                d["inviter"] = event.sender
                invite_event = yield self.store.get_event(event.event_id)
                d["invite"] = serialize_event(invite_event, time_now, as_client_event)
            rooms_ret.append(d)
-            if event.membership != Membership.JOIN:
+            if event.membership not in (Membership.JOIN, Membership.LEAVE):
                return
            try:
                if event.membership == Membership.JOIN:
                    room_end_token = now_token.room_key
                    deferred_room_state = self.state_handler.get_current_state(
                        event.room_id
                    )
                elif event.membership == Membership.LEAVE:
                    room_end_token = "s%d" % (event.stream_ordering,)
                    deferred_room_state = self.store.get_state_for_events(
                        [event.event_id], None
                    )
                    deferred_room_state.addCallback(
                        lambda states: states[event.event_id]
                    )
                (messages, token), current_state = yield defer.gatherResults(
                    [
                        self.store.get_recent_events_for_room(
                            event.room_id,
                            limit=limit,
-                            end_token=now_token.room_key,
+                            end_token=room_end_token,
                        ),
                        self.state_handler.get_current_state(
                            event.room_id
                        ),
                        deferred_room_state,
                    ]
                ).addErrback(unwrapFirstError)
                messages = yield self._filter_events_for_client(
-                    user_id, event.room_id, messages
+                    user_id, messages
                )
                start_token = now_token.copy_and_replace("room_key", token[0])
@@ -395,6 +476,23 @@ class MessageHandler(BaseHandler):
                    serialize_event(c, time_now, as_client_event)
                    for c in current_state.values()
                ]
                account_data_events = []
                tags = tags_by_room.get(event.room_id)
                if tags:
                    account_data_events.append({
                        "type": "m.tag",
                        "content": {"tags": tags},
                    })
                account_data = account_data_by_room.get(event.room_id, {})
                for account_data_type, content in account_data.items():
                    account_data_events.append({
                        "type": account_data_type,
                        "content": content,
                    })
                d["account_data"] = account_data_events
            except:
                logger.exception("Failed to get snapshot")
@@ -407,9 +505,17 @@ class MessageHandler(BaseHandler):
                consumeErrors=True
            ).addErrback(unwrapFirstError)
        account_data_events = []
        for account_data_type, content in account_data.items():
            account_data_events.append({
                "type": account_data_type,
                "content": content,
            })
        ret = {
            "rooms": rooms_ret,
            "presence": presence,
            "account_data": account_data_events,
            "receipts": receipt,
            "end": now_token.to_string(),
        }
@@ -417,15 +523,107 @@ class MessageHandler(BaseHandler):
        defer.returnValue(ret)
    @defer.inlineCallbacks
-    def room_initial_sync(self, user_id, room_id, pagin_config=None,
+    def room_initial_sync(self, user_id, room_id, pagin_config=None, is_guest=False):
-                          feedback=False):
+        """Capture the a snapshot of a room. If user is currently a member of
-        current_state = yield self.state.get_current_state(
+        the room this will be what is currently in the room. If the user left
-            room_id=room_id,
+        the room this will be what was in the room when they left.
        Args:
            user_id(str): The user to get a snapshot for.
            room_id(str): The room to get a snapshot of.
            pagin_config(synapse.streams.config.PaginationConfig):
                The pagination config used to determine how many messages to
                return.
        Raises:
            AuthError if the user wasn't in the room.
        Returns:
            A JSON serialisable dict with the snapshot of the room.
        """
        membership, member_event_id = yield self._check_in_room_or_world_readable(
            room_id,
            user_id,
            is_guest
        )
-        yield self.auth.check_joined_room(
+        if membership == Membership.JOIN:
-            room_id, user_id,
+            result = yield self._room_initial_sync_joined(
-            current_state=current_state
+                user_id, room_id, pagin_config, membership, is_guest
            )
        elif membership == Membership.LEAVE:
            result = yield self._room_initial_sync_parted(
                user_id, room_id, pagin_config, membership, member_event_id, is_guest
            )
        account_data_events = []
        tags = yield self.store.get_tags_for_room(user_id, room_id)
        if tags:
            account_data_events.append({
                "type": "m.tag",
                "content": {"tags": tags},
            })
        account_data = yield self.store.get_account_data_for_room(user_id, room_id)
        for account_data_type, content in account_data.items():
            account_data_events.append({
                "type": account_data_type,
                "content": content,
            })
        result["account_data"] = account_data_events
        defer.returnValue(result)
    @defer.inlineCallbacks
    def _room_initial_sync_parted(self, user_id, room_id, pagin_config,
                                  membership, member_event_id, is_guest):
        room_state = yield self.store.get_state_for_events(
            [member_event_id], None
        )
        room_state = room_state[member_event_id]
        limit = pagin_config.limit if pagin_config else None
        if limit is None:
            limit = 10
        stream_token = yield self.store.get_stream_token_for_event(
            member_event_id
        )
        messages, token = yield self.store.get_recent_events_for_room(
            room_id,
            limit=limit,
            end_token=stream_token
        )
        messages = yield self._filter_events_for_client(
            user_id, messages, is_guest=is_guest
        )
        start_token = StreamToken(token[0], 0, 0, 0, 0)
        end_token = StreamToken(token[1], 0, 0, 0, 0)
        time_now = self.clock.time_msec()
        defer.returnValue({
            "membership": membership,
            "room_id": room_id,
            "messages": {
                "chunk": [serialize_event(m, time_now) for m in messages],
                "start": start_token.to_string(),
                "end": end_token.to_string(),
            },
            "state": [serialize_event(s, time_now) for s in room_state.values()],
            "presence": [],
            "receipts": [],
        })
    @defer.inlineCallbacks
    def _room_initial_sync_joined(self, user_id, room_id, pagin_config,
                                  membership, is_guest):
        current_state = yield self.state.get_current_state(
            room_id=room_id,
        )
        # TODO(paul): I wish I was called with user objects not user_id
@@ -439,8 +637,6 @@ class MessageHandler(BaseHandler):
            for x in current_state.values()
        ]
        member_event = current_state.get((EventTypes.Member, user_id,))
        now_token = yield self.hs.get_event_sources().get_current_token()
        limit = pagin_config.limit if pagin_config else None
@@ -466,12 +662,19 @@ class MessageHandler(BaseHandler):
            defer.returnValue(states.values())
-        receipts_handler = self.hs.get_handlers().receipts_handler
+        @defer.inlineCallbacks
        def get_receipts():
            receipts_handler = self.hs.get_handlers().receipts_handler
            receipts = yield receipts_handler.get_receipts_for_room(
                room_id,
                now_token.receipt_key
            )
            defer.returnValue(receipts)
        presence, receipts, (messages, token) = yield defer.gatherResults(
            [
                get_presence(),
-                receipts_handler.get_receipts_for_room(room_id, now_token.receipt_key),
+                get_receipts(),
                self.store.get_recent_events_for_room(
                    room_id,
                    limit=limit,
@@ -482,7 +685,7 @@ class MessageHandler(BaseHandler):
        ).addErrback(unwrapFirstError)
        messages = yield self._filter_events_for_client(
-            user_id, room_id, messages
+            user_id, messages, is_guest=is_guest, require_all_visible_for_guests=False
        )
        start_token = now_token.copy_and_replace("room_key", token[0])
@@ -490,8 +693,7 @@ class MessageHandler(BaseHandler):
        time_now = self.clock.time_msec()
-        defer.returnValue({
+        ret = {
            "membership": member_event.membership,
            "room_id": room_id,
            "messages": {
                "chunk": [serialize_event(m, time_now) for m in messages],
@@ -501,4 +703,8 @@ class MessageHandler(BaseHandler):
            "state": state,
            "presence": presence,
            "receipts": receipts,
-        })
+        }
        if not is_guest:
            ret["membership"] = membership
        defer.returnValue(ret)
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@@ -62,6 +62,14 @@ def partitionbool(l, func):
    return ret.get(True, []), ret.get(False, [])
 def user_presence_changed(distributor, user, statuscache):
    return distributor.fire("user_presence_changed", user, statuscache)
 def collect_presencelike_data(distributor, user, content):
    return distributor.fire("collect_presencelike_data", user, content)
 class PresenceHandler(BaseHandler):
    STATE_LEVELS = {
@@ -361,9 +369,7 @@ class PresenceHandler(BaseHandler):
        yield self.store.set_presence_state(
            target_user.localpart, state_to_store
        )
-        yield self.distributor.fire(
+        yield collect_presencelike_data(self.distributor, target_user, state)
            "collect_presencelike_data", target_user, state
        )
        if now_level > was_level:
            state["last_active"] = self.clock.time_msec()
@@ -378,7 +384,7 @@ class PresenceHandler(BaseHandler):
        # TODO(paul): perform a presence push as part of start/stop poll so
        #   we don't have to do this all the time
-        self.changed_presencelike_data(target_user, state)
+        yield self.changed_presencelike_data(target_user, state)
    def bump_presence_active_time(self, user, now=None):
        if now is None:
@@ -422,12 +428,12 @@ class PresenceHandler(BaseHandler):
    @log_function
    def started_user_eventstream(self, user):
        # TODO(paul): Use "last online" state
-        self.set_state(user, user, {"presence": PresenceState.ONLINE})
+        return self.set_state(user, user, {"presence": PresenceState.ONLINE})
    @log_function
    def stopped_user_eventstream(self, user):
        # TODO(paul): Save current state as "last online" state
-        self.set_state(user, user, {"presence": PresenceState.OFFLINE})
+        return self.set_state(user, user, {"presence": PresenceState.OFFLINE})
    @defer.inlineCallbacks
    def user_joined_room(self, user, room_id):
@@ -467,7 +473,7 @@ class PresenceHandler(BaseHandler):
            )
    @defer.inlineCallbacks
-    def send_invite(self, observer_user, observed_user):
+    def send_presence_invite(self, observer_user, observed_user):
        """Request the presence of a local or remote user for a local user"""
        if not self.hs.is_mine(observer_user):
            raise SynapseError(400, "User is not hosted on this Home Server")
@@ -878,7 +884,7 @@ class PresenceHandler(BaseHandler):
            room_ids=room_ids,
            statuscache=statuscache,
        )
-        yield self.distributor.fire("user_presence_changed", user, statuscache)
+        yield user_presence_changed(self.distributor, user, statuscache)
    @defer.inlineCallbacks
    def incoming_presence(self, origin, content):
@@ -950,7 +956,8 @@ class PresenceHandler(BaseHandler):
                )
                while len(self._remote_offline_serials) > MAX_OFFLINE_SERIALS:
                    self._remote_offline_serials.pop()  # remove the oldest
-                del self._user_cachemap[user]
+                if user in self._user_cachemap:
                    del self._user_cachemap[user]
            else:
                # Remove the user from remote_offline_serials now that they're
                # no longer offline
@@ -1115,9 +1122,7 @@ class PresenceHandler(BaseHandler):
                    self._user_cachemap[user].get_state()["last_active"]
                )
-            yield self.distributor.fire(
+            yield collect_presencelike_data(self.distributor, user, state)
                "collect_presencelike_data", user, state
            )
        if "last_active" in state:
            state = dict(state)
@@ -1142,8 +1147,9 @@ class PresenceEventSource(object):
    @defer.inlineCallbacks
    @log_function
-    def get_new_events_for_user(self, user, from_key, limit):
+    def get_new_events(self, user, from_key, room_ids=None, **kwargs):
        from_key = int(from_key)
        room_ids = room_ids or []
        presence = self.hs.get_handlers().presence_handler
        cachemap = presence._user_cachemap
@@ -1161,7 +1167,6 @@ class PresenceEventSource(object):
            user_ids_to_check |= set(
                UserID.from_string(p["observed_user_id"]) for p in presence_list
            )
        room_ids = yield presence.get_joined_rooms_for_user(user)
        for room_id in set(room_ids) & set(presence._room_serials):
            if presence._room_serials[room_id] > from_key:
                joined = yield presence.get_joined_users_for_room_id(room_id)
@@ -1263,6 +1268,11 @@ class UserPresenceCache(object):
        self.state = {"presence": PresenceState.OFFLINE}
        self.serial = None
    def __repr__(self):
        return "UserPresenceCache(state=%r, serial=%r)" % (
            self.state, self.serial
        )
    def update(self, state, serial):
        assert("mtime_age" not in state)
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -28,6 +28,14 @@ import logging
 logger = logging.getLogger(__name__)
 def changed_presencelike_data(distributor, user, state):
    return distributor.fire("changed_presencelike_data", user, state)
 def collect_presencelike_data(distributor, user, content):
    return distributor.fire("collect_presencelike_data", user, content)
 class ProfileHandler(BaseHandler):
    def __init__(self, hs):
@@ -95,11 +103,9 @@ class ProfileHandler(BaseHandler):
            target_user.localpart, new_displayname
        )
-        yield self.distributor.fire(
+        yield changed_presencelike_data(self.distributor, target_user, {
-            "changed_presencelike_data", target_user, {
+            "displayname": new_displayname,
-                "displayname": new_displayname,
+        })
            }
        )
        yield self._update_join_states(target_user)
@@ -144,11 +150,9 @@ class ProfileHandler(BaseHandler):
            target_user.localpart, new_avatar_url
        )
-        yield self.distributor.fire(
+        yield changed_presencelike_data(self.distributor, target_user, {
-            "changed_presencelike_data", target_user, {
+            "avatar_url": new_avatar_url,
-                "avatar_url": new_avatar_url,
+        })
            }
        )
        yield self._update_join_states(target_user)
@@ -208,9 +212,7 @@ class ProfileHandler(BaseHandler):
                "membership": Membership.JOIN,
            }
-            yield self.distributor.fire(
+            yield collect_presencelike_data(self.distributor, user, content)
                "collect_presencelike_data", user, content
            )
            msg_handler = self.hs.get_handlers().message_handler
            try:
--- a/synapse/handlers/receipts.py
+++ b/synapse/handlers/receipts.py
@@ -156,13 +156,7 @@ class ReceiptsHandler(BaseHandler):
        if not result:
            defer.returnValue([])
-        event = {
+        defer.returnValue(result)
            "type": "m.receipt",
            "room_id": room_id,
            "content": result,
        }
        defer.returnValue([event])
 class ReceiptEventSource(object):
@@ -170,17 +164,15 @@ class ReceiptEventSource(object):
        self.store = hs.get_datastore()
    @defer.inlineCallbacks
-    def get_new_events_for_user(self, user, from_key, limit):
+    def get_new_events(self, from_key, room_ids, **kwargs):
        from_key = int(from_key)
        to_key = yield self.get_current_key()
        if from_key == to_key:
            defer.returnValue(([], to_key))
        rooms = yield self.store.get_rooms_for_user(user.to_string())
        rooms = [room.room_id for room in rooms]
        events = yield self.store.get_linearized_receipts_for_rooms(
-            rooms,
+            room_ids,
            from_key=from_key,
            to_key=to_key,
        )
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -31,6 +31,10 @@ import urllib
 logger = logging.getLogger(__name__)
 def registered_user(distributor, user):
    return distributor.fire("registered_user", user)
 class RegistrationHandler(BaseHandler):
    def __init__(self, hs):
@@ -38,6 +42,7 @@ class RegistrationHandler(BaseHandler):
        self.distributor = hs.get_distributor()
        self.distributor.declare("registered_user")
        self.captcha_client = CaptchaServerHttpClient(hs)
    @defer.inlineCallbacks
    def check_username(self, localpart):
@@ -64,7 +69,7 @@ class RegistrationHandler(BaseHandler):
            )
    @defer.inlineCallbacks
-    def register(self, localpart=None, password=None):
+    def register(self, localpart=None, password=None, generate_token=True):
        """Registers a new client on the server.
        Args:
@@ -89,33 +94,35 @@ class RegistrationHandler(BaseHandler):
            user = UserID(localpart, self.hs.hostname)
            user_id = user.to_string()
-            token = self.auth_handler().generate_access_token(user_id)
+            token = None
            if generate_token:
                token = self.auth_handler().generate_access_token(user_id)
            yield self.store.register(
                user_id=user_id,
                token=token,
                password_hash=password_hash
            )
-            yield self.distributor.fire("registered_user", user)
+            yield registered_user(self.distributor, user)
        else:
            # autogen a random user ID
            attempts = 0
            user_id = None
            token = None
-            while not user_id and not token:
+            while not user_id:
                try:
                    localpart = self._generate_user_id()
                    user = UserID(localpart, self.hs.hostname)
                    user_id = user.to_string()
                    yield self.check_user_id_is_valid(user_id)
-
+                    if generate_token:
-                    token = self.auth_handler().generate_access_token(user_id)
+                        token = self.auth_handler().generate_access_token(user_id)
                    yield self.store.register(
                        user_id=user_id,
                        token=token,
                        password_hash=password_hash)
-                    self.distributor.fire("registered_user", user)
+                    yield registered_user(self.distributor, user)
                except SynapseError:
                    # if user id is taken, just generate another
                    user_id = None
@@ -125,25 +132,9 @@ class RegistrationHandler(BaseHandler):
                        raise RegistrationError(
                            500, "Cannot generate user ID.")
-        # create a default avatar for the user
+        # We used to generate default identicons here, but nowadays
-        # XXX: ideally clients would explicitly specify one, but given they don't
+        # we want clients to generate their own as part of their branding
-        # and we want consistent and pretty identicons for random users, we'll
+        # rather than there being consistent matrix-wide ones, so we don't.
        # do it here.
        try:
            auth_user = UserID.from_string(user_id)
            media_repository = self.hs.get_resource_for_media_repository()
            identicon_resource = media_repository.getChildWithDefault("identicon", None)
            upload_resource = media_repository.getChildWithDefault("upload", None)
            identicon_bytes = identicon_resource.generate_identicon(user_id, 320, 320)
            content_uri = yield upload_resource.create_content(
                "image/png", None, identicon_bytes, len(identicon_bytes), auth_user
            )
            profile_handler = self.hs.get_handlers().profile_handler
            profile_handler.set_avatar_url(
                auth_user, auth_user, ("%s#auto" % (content_uri,))
            )
        except NotImplementedError:
            pass  # make tests pass without messing around creating default avatars
        defer.returnValue((user_id, token))
@@ -165,7 +156,7 @@ class RegistrationHandler(BaseHandler):
            token=token,
            password_hash=""
        )
-        self.distributor.fire("registered_user", user)
+        registered_user(self.distributor, user)
        defer.returnValue((user_id, token))
    @defer.inlineCallbacks
@@ -213,7 +204,7 @@ class RegistrationHandler(BaseHandler):
                token=token,
                password_hash=None
            )
-            yield self.distributor.fire("registered_user", user)
+            yield registered_user(self.distributor, user)
        except Exception, e:
            yield self.store.add_access_token_to_user(user_id, token)
            # Ignore Registration errors
@@ -300,10 +291,7 @@ class RegistrationHandler(BaseHandler):
        """
        Used only by c/s api v1
        """
-        # TODO: get this from the homeserver rather than creating a new one for
+        data = yield self.captcha_client.post_urlencoded_get_raw(
        # each request
        client = CaptchaServerHttpClient(self.hs)
        data = yield client.post_urlencoded_get_raw(
            "http://www.google.com:80/recaptcha/api/verify",
            args={
                'privatekey': private_key,
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -22,26 +22,50 @@ from synapse.types import UserID, RoomAlias, RoomID
 from synapse.api.constants import (
    EventTypes, Membership, JoinRules, RoomCreationPreset,
 )
-from synapse.api.errors import StoreError, SynapseError
+from synapse.api.errors import AuthError, StoreError, SynapseError
 from synapse.util import stringutils, unwrapFirstError
 from synapse.util.async import run_on_reactor
-from synapse.events.utils import serialize_event
+
 from signedjson.sign import verify_signed_json
 from signedjson.key import decode_verify_key_bytes
 from collections import OrderedDict
 from unpaddedbase64 import decode_base64
 import logging
 import math
 import string
 logger = logging.getLogger(__name__)
 id_server_scheme = "https://"
 def collect_presencelike_data(distributor, user, content):
    return distributor.fire("collect_presencelike_data", user, content)
 def user_left_room(distributor, user, room_id):
    return distributor.fire("user_left_room", user=user, room_id=room_id)
 def user_joined_room(distributor, user, room_id):
    return distributor.fire("user_joined_room", user=user, room_id=room_id)
 class RoomCreationHandler(BaseHandler):
    PRESETS_DICT = {
        RoomCreationPreset.PRIVATE_CHAT: {
            "join_rules": JoinRules.INVITE,
-            "history_visibility": "invited",
+            "history_visibility": "shared",
            "original_invitees_have_ops": False,
        },
        RoomCreationPreset.TRUSTED_PRIVATE_CHAT: {
            "join_rules": JoinRules.INVITE,
            "history_visibility": "shared",
            "original_invitees_have_ops": True,
        },
        RoomCreationPreset.PUBLIC_CHAT: {
            "join_rules": JoinRules.PUBLIC,
            "history_visibility": "shared",
@@ -150,12 +174,16 @@ class RoomCreationHandler(BaseHandler):
        for val in raw_initial_state:
            initial_state[(val["type"], val.get("state_key", ""))] = val["content"]
        creation_content = config.get("creation_content", {})
        user = UserID.from_string(user_id)
        creation_events = self._create_events_for_new_room(
            user, room_id,
            preset_config=preset_config,
            invite_list=invite_list,
            initial_state=initial_state,
            creation_content=creation_content,
            room_alias=room_alias,
        )
        msg_handler = self.hs.get_handlers().message_handler
@@ -203,7 +231,8 @@ class RoomCreationHandler(BaseHandler):
        defer.returnValue(result)
    def _create_events_for_new_room(self, creator, room_id, preset_config,
-                                    invite_list, initial_state):
+                                    invite_list, initial_state, creation_content,
                                    room_alias):
        config = RoomCreationHandler.PRESETS_DICT[preset_config]
        creator_id = creator.to_string()
@@ -225,9 +254,10 @@ class RoomCreationHandler(BaseHandler):
            return e
        creation_content.update({"creator": creator.to_string()})
        creation_event = create(
            etype=EventTypes.Create,
-            content={"creator": creator.to_string()},
+            content=creation_content,
        )
        join_event = create(
@@ -272,6 +302,14 @@ class RoomCreationHandler(BaseHandler):
            returned_events.append(power_levels_event)
        if room_alias and (EventTypes.CanonicalAlias, '') not in initial_state:
            room_alias_event = create(
                etype=EventTypes.CanonicalAlias,
                content={"alias": room_alias.to_string()},
            )
            returned_events.append(room_alias_event)
        if (EventTypes.JoinRules, '') not in initial_state:
            join_rules_event = create(
                etype=EventTypes.JoinRules,
@@ -343,42 +381,7 @@ class RoomMemberHandler(BaseHandler):
                    remotedomains.add(member.domain)
    @defer.inlineCallbacks
-    def get_room_members_as_pagination_chunk(self, room_id=None, user_id=None,
+    def change_membership(self, event, context, do_auth=True, is_guest=False):
                                             limit=0, start_tok=None,
                                             end_tok=None):
        """Retrieve a list of room members in the room.
        Args:
            room_id (str): The room to get the member list for.
            user_id (str): The ID of the user making the request.
            limit (int): The max number of members to return.
            start_tok (str): Optional. The start token if known.
            end_tok (str): Optional. The end token if known.
        Returns:
            dict: A Pagination streamable dict.
        Raises:
            SynapseError if something goes wrong.
        """
        yield self.auth.check_joined_room(room_id, user_id)
        member_list = yield self.store.get_room_members(room_id=room_id)
        time_now = self.clock.time_msec()
        event_list = [
            serialize_event(entry, time_now)
            for entry in member_list
        ]
        chunk_data = {
            "start": "START",  # FIXME (erikj): START is no longer valid
            "end": "END",
            "chunk": event_list
        }
        # TODO honor Pagination stream params
        # TODO snapshot this list to return on subsequent requests when
        # paginating
        defer.returnValue(chunk_data)
    @defer.inlineCallbacks
    def change_membership(self, event, context, do_auth=True):
        """ Change the membership status of a user in a room.
        Args:
@@ -399,9 +402,38 @@ class RoomMemberHandler(BaseHandler):
        # if this HS is not currently in the room, i.e. we have to do the
        # invite/join dance.
        if event.membership == Membership.JOIN:
            if is_guest:
                guest_access = context.current_state.get(
                    (EventTypes.GuestAccess, ""),
                    None
                )
                is_guest_access_allowed = (
                    guest_access
                    and guest_access.content
                    and "guest_access" in guest_access.content
                    and guest_access.content["guest_access"] == "can_join"
                )
                if not is_guest_access_allowed:
                    raise AuthError(403, "Guest access not allowed")
            yield self._do_join(event, context, do_auth=do_auth)
        else:
-            # This is not a JOIN, so we can handle it normally.
+            if event.membership == Membership.LEAVE:
                is_host_in_room = yield self.is_host_in_room(room_id, context)
                if not is_host_in_room:
                    # Rejecting an invite, rather than leaving a joined room
                    handler = self.hs.get_handlers().federation_handler
                    inviter = yield self.get_inviter(event)
                    if not inviter:
                        # return the same error as join_room_alias does
                        raise SynapseError(404, "No known servers")
                    yield handler.do_remotely_reject_invite(
                        [inviter.domain],
                        room_id,
                        event.user_id
                    )
                    defer.returnValue({"room_id": room_id})
                    return
            # FIXME: This isn't idempotency.
            if prev_state and prev_state.membership == event.membership:
@@ -418,14 +450,12 @@ class RoomMemberHandler(BaseHandler):
            if prev_state and prev_state.membership == Membership.JOIN:
                user = UserID.from_string(event.user_id)
-                self.distributor.fire(
+                user_left_room(self.distributor, user, event.room_id)
                    "user_left_room", user=user, room_id=event.room_id
                )
        defer.returnValue({"room_id": room_id})
    @defer.inlineCallbacks
-    def join_room_alias(self, joinee, room_alias, do_auth=True, content={}):
+    def join_room_alias(self, joinee, room_alias, content={}):
        directory_handler = self.hs.get_handlers().directory_handler
        mapping = yield directory_handler.get_association(room_alias)
@@ -438,9 +468,7 @@ class RoomMemberHandler(BaseHandler):
            raise SynapseError(404, "No known servers")
        # If event doesn't include a display name, add one.
-        yield self.distributor.fire(
+        yield collect_presencelike_data(self.distributor, joinee, content)
            "collect_presencelike_data", joinee, content
        )
        content.update({"membership": Membership.JOIN})
        builder = self.event_builder_factory.new({
@@ -459,8 +487,6 @@ class RoomMemberHandler(BaseHandler):
    @defer.inlineCallbacks
    def _do_join(self, event, context, room_hosts=None, do_auth=True):
        joinee = UserID.from_string(event.state_key)
        # room_id = RoomID.from_string(event.room_id, self.hs)
        room_id = event.room_id
        # XXX: We don't do an auth check if we are doing an invite
@@ -468,8 +494,67 @@ class RoomMemberHandler(BaseHandler):
        # that we are allowed to join when we decide whether or not we
        # need to do the invite/join dance.
        is_host_in_room = yield self.is_host_in_room(room_id, context)
        if is_host_in_room:
            should_do_dance = False
        elif room_hosts:  # TODO: Shouldn't this be remote_room_host?
            should_do_dance = True
        else:
            inviter = yield self.get_inviter(event)
            if not inviter:
                # return the same error as join_room_alias does
                raise SynapseError(404, "No known servers")
            should_do_dance = not self.hs.is_mine(inviter)
            room_hosts = [inviter.domain]
        if should_do_dance:
            handler = self.hs.get_handlers().federation_handler
            yield handler.do_invite_join(
                room_hosts,
                room_id,
                event.user_id,
                event.content,
            )
        else:
            logger.debug("Doing normal join")
            yield self._do_local_membership_update(
                event,
                membership=event.content["membership"],
                context=context,
                do_auth=do_auth,
            )
        prev_state = context.current_state.get((event.type, event.state_key))
        if not prev_state or prev_state.membership != Membership.JOIN:
            # Only fire user_joined_room if the user has acutally joined the
            # room. Don't bother if the user is just changing their profile
            # info.
            user = UserID.from_string(event.user_id)
            yield user_joined_room(self.distributor, user, room_id)
    @defer.inlineCallbacks
    def get_inviter(self, event):
        # TODO(markjh): get prev_state from snapshot
        prev_state = yield self.store.get_room_member(
            event.user_id, event.room_id
        )
        if prev_state and prev_state.membership == Membership.INVITE:
            defer.returnValue(UserID.from_string(prev_state.user_id))
            return
        elif "third_party_invite" in event.content:
            if "sender" in event.content["third_party_invite"]:
                inviter = UserID.from_string(
                    event.content["third_party_invite"]["sender"]
                )
                defer.returnValue(inviter)
        defer.returnValue(None)
    @defer.inlineCallbacks
    def is_host_in_room(self, room_id, context):
        is_host_in_room = yield self.auth.check_host_in_room(
-            event.room_id,
+            room_id,
            self.hs.hostname
        )
        if not is_host_in_room:
@@ -484,75 +569,7 @@ class RoomMemberHandler(BaseHandler):
                create_event = context.current_state.get(("m.room.create", ""))
                if create_event:
                    is_host_in_room = True
-
+        defer.returnValue(is_host_in_room)
        if is_host_in_room:
            should_do_dance = False
        elif room_hosts:  # TODO: Shouldn't this be remote_room_host?
            should_do_dance = True
        else:
            # TODO(markjh): get prev_state from snapshot
            prev_state = yield self.store.get_room_member(
                joinee.to_string(), room_id
            )
            if prev_state and prev_state.membership == Membership.INVITE:
                inviter = UserID.from_string(prev_state.user_id)
                should_do_dance = not self.hs.is_mine(inviter)
                room_hosts = [inviter.domain]
            else:
                # return the same error as join_room_alias does
                raise SynapseError(404, "No known servers")
        if should_do_dance:
            handler = self.hs.get_handlers().federation_handler
            yield handler.do_invite_join(
                room_hosts,
                room_id,
                event.user_id,
                event.content,  # FIXME To get a non-frozen dict
                context
            )
        else:
            logger.debug("Doing normal join")
            yield self._do_local_membership_update(
                event,
                membership=event.content["membership"],
                context=context,
                do_auth=do_auth,
            )
        user = UserID.from_string(event.user_id)
        yield self.distributor.fire(
            "user_joined_room", user=user, room_id=room_id
        )
    @defer.inlineCallbacks
    def _should_invite_join(self, room_id, prev_state, do_auth):
        logger.debug("_should_invite_join: room_id: %s", room_id)
        # XXX: We don't do an auth check if we are doing an invite
        # join dance for now, since we're kinda implicitly checking
        # that we are allowed to join when we decide whether or not we
        # need to do the invite/join dance.
        # Only do an invite join dance if a) we were invited,
        # b) the person inviting was from a differnt HS and c) we are
        # not currently in the room
        room_host = None
        if prev_state and prev_state.membership == Membership.INVITE:
            room = yield self.store.get_room(room_id)
            inviter = UserID.from_string(
                prev_state.sender
            )
            is_remote_invite_join = not self.hs.is_mine(inviter) and not room
            room_host = inviter.domain
        else:
            is_remote_invite_join = False
        defer.returnValue((is_remote_invite_join, room_host))
    @defer.inlineCallbacks
    def get_joined_rooms_for_user(self, user):
@@ -583,13 +600,224 @@ class RoomMemberHandler(BaseHandler):
            suppress_auth=(not do_auth),
        )
    @defer.inlineCallbacks
    def do_3pid_invite(
            self,
            room_id,
            inviter,
            medium,
            address,
            id_server,
            token_id,
            txn_id
    ):
        invitee = yield self._lookup_3pid(
            id_server, medium, address
        )
        if invitee:
            # make sure it looks like a user ID; it'll throw if it's invalid.
            UserID.from_string(invitee)
            yield self.hs.get_handlers().message_handler.create_and_send_event(
                {
                    "type": EventTypes.Member,
                    "content": {
                        "membership": unicode("invite")
                    },
                    "room_id": room_id,
                    "sender": inviter.to_string(),
                    "state_key": invitee,
                },
                token_id=token_id,
                txn_id=txn_id,
            )
        else:
            yield self._make_and_store_3pid_invite(
                id_server,
                medium,
                address,
                room_id,
                inviter,
                token_id,
                txn_id=txn_id
            )
    @defer.inlineCallbacks
    def _lookup_3pid(self, id_server, medium, address):
        """Looks up a 3pid in the passed identity server.
        Args:
            id_server (str): The server name (including port, if required)
                of the identity server to use.
            medium (str): The type of the third party identifier (e.g. "email").
            address (str): The third party identifier (e.g. "foo@example.com").
        Returns:
            (str) the matrix ID of the 3pid, or None if it is not recognized.
        """
        try:
            data = yield self.hs.get_simple_http_client().get_json(
                "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server,),
                {
                    "medium": medium,
                    "address": address,
                }
            )
            if "mxid" in data:
                if "signatures" not in data:
                    raise AuthError(401, "No signatures on 3pid binding")
                self.verify_any_signature(data, id_server)
                defer.returnValue(data["mxid"])
        except IOError as e:
            logger.warn("Error from identity server lookup: %s" % (e,))
            defer.returnValue(None)
    @defer.inlineCallbacks
    def verify_any_signature(self, data, server_hostname):
        if server_hostname not in data["signatures"]:
            raise AuthError(401, "No signature from server %s" % (server_hostname,))
        for key_name, signature in data["signatures"][server_hostname].items():
            key_data = yield self.hs.get_simple_http_client().get_json(
                "%s%s/_matrix/identity/api/v1/pubkey/%s" %
                (id_server_scheme, server_hostname, key_name,),
            )
            if "public_key" not in key_data:
                raise AuthError(401, "No public key named %s from %s" %
                                (key_name, server_hostname,))
            verify_signed_json(
                data,
                server_hostname,
                decode_verify_key_bytes(key_name, decode_base64(key_data["public_key"]))
            )
            return
    @defer.inlineCallbacks
    def _make_and_store_3pid_invite(
            self,
            id_server,
            medium,
            address,
            room_id,
            user,
            token_id,
            txn_id
    ):
        room_state = yield self.hs.get_state_handler().get_current_state(room_id)
        inviter_display_name = ""
        inviter_avatar_url = ""
        member_event = room_state.get((EventTypes.Member, user.to_string()))
        if member_event:
            inviter_display_name = member_event.content.get("displayname", "")
            inviter_avatar_url = member_event.content.get("avatar_url", "")
        canonical_room_alias = ""
        canonical_alias_event = room_state.get((EventTypes.CanonicalAlias, ""))
        if canonical_alias_event:
            canonical_room_alias = canonical_alias_event.content.get("alias", "")
        room_name = ""
        room_name_event = room_state.get((EventTypes.Name, ""))
        if room_name_event:
            room_name = room_name_event.content.get("name", "")
        room_join_rules = ""
        join_rules_event = room_state.get((EventTypes.JoinRules, ""))
        if join_rules_event:
            room_join_rules = join_rules_event.content.get("join_rule", "")
        room_avatar_url = ""
        room_avatar_event = room_state.get((EventTypes.RoomAvatar, ""))
        if room_avatar_event:
            room_avatar_url = room_avatar_event.content.get("url", "")
        token, public_key, key_validity_url, display_name = (
            yield self._ask_id_server_for_third_party_invite(
                id_server=id_server,
                medium=medium,
                address=address,
                room_id=room_id,
                inviter_user_id=user.to_string(),
                room_alias=canonical_room_alias,
                room_avatar_url=room_avatar_url,
                room_join_rules=room_join_rules,
                room_name=room_name,
                inviter_display_name=inviter_display_name,
                inviter_avatar_url=inviter_avatar_url
            )
        )
        msg_handler = self.hs.get_handlers().message_handler
        yield msg_handler.create_and_send_event(
            {
                "type": EventTypes.ThirdPartyInvite,
                "content": {
                    "display_name": display_name,
                    "key_validity_url": key_validity_url,
                    "public_key": public_key,
                },
                "room_id": room_id,
                "sender": user.to_string(),
                "state_key": token,
            },
            token_id=token_id,
            txn_id=txn_id,
        )
    @defer.inlineCallbacks
    def _ask_id_server_for_third_party_invite(
            self,
            id_server,
            medium,
            address,
            room_id,
            inviter_user_id,
            room_alias,
            room_avatar_url,
            room_join_rules,
            room_name,
            inviter_display_name,
            inviter_avatar_url
    ):
        is_url = "%s%s/_matrix/identity/api/v1/store-invite" % (
            id_server_scheme, id_server,
        )
        data = yield self.hs.get_simple_http_client().post_urlencoded_get_json(
            is_url,
            {
                "medium": medium,
                "address": address,
                "room_id": room_id,
                "room_alias": room_alias,
                "room_avatar_url": room_avatar_url,
                "room_join_rules": room_join_rules,
                "room_name": room_name,
                "sender": inviter_user_id,
                "sender_display_name": inviter_display_name,
                "sender_avatar_url": inviter_avatar_url,
            }
        )
        # TODO: Check for success
        token = data["token"]
        public_key = data["public_key"]
        display_name = data["display_name"]
        key_validity_url = "%s%s/_matrix/identity/api/v1/pubkey/isvalid" % (
            id_server_scheme, id_server,
        )
        defer.returnValue((token, public_key, key_validity_url, display_name))
    def forget(self, user, room_id):
        return self.store.forget(user.to_string(), room_id)
 class RoomListHandler(BaseHandler):
    @defer.inlineCallbacks
    def get_public_room_list(self):
        chunk = yield self.store.get_rooms(is_public=True)
-        results = yield defer.gatherResults(
+
        room_members = yield defer.gatherResults(
            [
                self.store.get_users_in_room(room["room_id"])
                for room in chunk
@@ -597,19 +825,104 @@ class RoomListHandler(BaseHandler):
            consumeErrors=True,
        ).addErrback(unwrapFirstError)
        avatar_urls = yield defer.gatherResults(
            [
                self.get_room_avatar_url(room["room_id"])
                for room in chunk
            ],
            consumeErrors=True,
        ).addErrback(unwrapFirstError)
        for i, room in enumerate(chunk):
-            room["num_joined_members"] = len(results[i])
+            room["num_joined_members"] = len(room_members[i])
            if avatar_urls[i]:
                room["avatar_url"] = avatar_urls[i]
        # FIXME (erikj): START is no longer a valid value
        defer.returnValue({"start": "START", "end": "END", "chunk": chunk})
    @defer.inlineCallbacks
    def get_room_avatar_url(self, room_id):
        event = yield self.hs.get_state_handler().get_current_state(
            room_id, "m.room.avatar"
        )
        if event and "url" in event.content:
            defer.returnValue(event.content["url"])
 class RoomContextHandler(BaseHandler):
    @defer.inlineCallbacks
    def get_event_context(self, user, room_id, event_id, limit, is_guest):
        """Retrieves events, pagination tokens and state around a given event
        in a room.
        Args:
            user (UserID)
            room_id (str)
            event_id (str)
            limit (int): The maximum number of events to return in total
                (excluding state).
        Returns:
            dict
        """
        before_limit = math.floor(limit/2.)
        after_limit = limit - before_limit
        now_token = yield self.hs.get_event_sources().get_current_token()
        results = yield self.store.get_events_around(
            room_id, event_id, before_limit, after_limit
        )
        results["events_before"] = yield self._filter_events_for_client(
            user.to_string(),
            results["events_before"],
            is_guest=is_guest,
            require_all_visible_for_guests=False
        )
        results["events_after"] = yield self._filter_events_for_client(
            user.to_string(),
            results["events_after"],
            is_guest=is_guest,
            require_all_visible_for_guests=False
        )
        if results["events_after"]:
            last_event_id = results["events_after"][-1].event_id
        else:
            last_event_id = event_id
        state = yield self.store.get_state_for_events(
            [last_event_id], None
        )
        results["state"] = state[last_event_id].values()
        results["start"] = now_token.copy_and_replace(
            "room_key", results["start"]
        ).to_string()
        results["end"] = now_token.copy_and_replace(
            "room_key", results["end"]
        ).to_string()
        defer.returnValue(results)
 class RoomEventSource(object):
    def __init__(self, hs):
        self.store = hs.get_datastore()
    @defer.inlineCallbacks
-    def get_new_events_for_user(self, user, from_key, limit):
+    def get_new_events(
            self,
            user,
            from_key,
            limit,
            room_ids,
            is_guest,
    ):
        # We just ignore the key for now.
        to_key = yield self.get_current_key()
@@ -629,8 +942,9 @@ class RoomEventSource(object):
                user_id=user.to_string(),
                from_key=from_key,
                to_key=to_key,
                room_id=None,
                limit=limit,
                room_ids=room_ids,
                is_guest=is_guest,
            )
        defer.returnValue((events, end_key))
@@ -646,7 +960,6 @@ class RoomEventSource(object):
            to_key=config.to_key,
            direction=config.direction,
            limit=config.limit,
            with_feedback=True
        )
        defer.returnValue((events, next_key))
--- a/synapse/handlers/search.py
+++ b/synapse/handlers/search.py
@@ -0,0 +1,391 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from twisted.internet import defer
 from ._base import BaseHandler
 from synapse.api.constants import Membership, EventTypes
 from synapse.api.filtering import Filter
 from synapse.api.errors import SynapseError
 from synapse.events.utils import serialize_event
 from unpaddedbase64 import decode_base64, encode_base64
 import itertools
 import logging
 logger = logging.getLogger(__name__)
 class SearchHandler(BaseHandler):
    def __init__(self, hs):
        super(SearchHandler, self).__init__(hs)
    @defer.inlineCallbacks
    def search(self, user, content, batch=None):
        """Performs a full text search for a user.
        Args:
            user (UserID)
            content (dict): Search parameters
            batch (str): The next_batch parameter. Used for pagination.
        Returns:
            dict to be returned to the client with results of search
        """
        batch_group = None
        batch_group_key = None
        batch_token = None
        if batch:
            try:
                b = decode_base64(batch)
                batch_group, batch_group_key, batch_token = b.split("\n")
                assert batch_group is not None
                assert batch_group_key is not None
                assert batch_token is not None
            except:
                raise SynapseError(400, "Invalid batch")
        try:
            room_cat = content["search_categories"]["room_events"]
            # The actual thing to query in FTS
            search_term = room_cat["search_term"]
            # Which "keys" to search over in FTS query
            keys = room_cat.get("keys", [
                "content.body", "content.name", "content.topic",
            ])
            # Filter to apply to results
            filter_dict = room_cat.get("filter", {})
            # What to order results by (impacts whether pagination can be doen)
            order_by = room_cat.get("order_by", "rank")
            # Return the current state of the rooms?
            include_state = room_cat.get("include_state", False)
            # Include context around each event?
            event_context = room_cat.get(
                "event_context", None
            )
            # Group results together? May allow clients to paginate within a
            # group
            group_by = room_cat.get("groupings", {}).get("group_by", {})
            group_keys = [g["key"] for g in group_by]
            if event_context is not None:
                before_limit = int(event_context.get(
                    "before_limit", 5
                ))
                after_limit = int(event_context.get(
                    "after_limit", 5
                ))
                # Return the historic display name and avatar for the senders
                # of the events?
                include_profile = bool(event_context.get("include_profile", False))
        except KeyError:
            raise SynapseError(400, "Invalid search query")
        if order_by not in ("rank", "recent"):
            raise SynapseError(400, "Invalid order by: %r" % (order_by,))
        if set(group_keys) - {"room_id", "sender"}:
            raise SynapseError(
                400,
                "Invalid group by keys: %r" % (set(group_keys) - {"room_id", "sender"},)
            )
        search_filter = Filter(filter_dict)
        # TODO: Search through left rooms too
        rooms = yield self.store.get_rooms_for_user_where_membership_is(
            user.to_string(),
            membership_list=[Membership.JOIN],
            # membership_list=[Membership.JOIN, Membership.LEAVE, Membership.Ban],
        )
        room_ids = set(r.room_id for r in rooms)
        room_ids = search_filter.filter_rooms(room_ids)
        if batch_group == "room_id":
            room_ids.intersection_update({batch_group_key})
        if not room_ids:
            defer.returnValue({
                "search_categories": {
                    "room_events": {
                        "results": [],
                        "count": 0,
                        "highlights": [],
                    }
                }
            })
        rank_map = {}  # event_id -> rank of event
        allowed_events = []
        room_groups = {}  # Holds result of grouping by room, if applicable
        sender_group = {}  # Holds result of grouping by sender, if applicable
        # Holds the next_batch for the entire result set if one of those exists
        global_next_batch = None
        highlights = set()
        count = None
        if order_by == "rank":
            search_result = yield self.store.search_msgs(
                room_ids, search_term, keys
            )
            count = search_result["count"]
            if search_result["highlights"]:
                highlights.update(search_result["highlights"])
            results = search_result["results"]
            results_map = {r["event"].event_id: r for r in results}
            rank_map.update({r["event"].event_id: r["rank"] for r in results})
            filtered_events = search_filter.filter([r["event"] for r in results])
            events = yield self._filter_events_for_client(
                user.to_string(), filtered_events
            )
            events.sort(key=lambda e: -rank_map[e.event_id])
            allowed_events = events[:search_filter.limit()]
            for e in allowed_events:
                rm = room_groups.setdefault(e.room_id, {
                    "results": [],
                    "order": rank_map[e.event_id],
                })
                rm["results"].append(e.event_id)
                s = sender_group.setdefault(e.sender, {
                    "results": [],
                    "order": rank_map[e.event_id],
                })
                s["results"].append(e.event_id)
        elif order_by == "recent":
            room_events = []
            i = 0
            pagination_token = batch_token
            # We keep looping and we keep filtering until we reach the limit
            # or we run out of things.
            # But only go around 5 times since otherwise synapse will be sad.
            while len(room_events) < search_filter.limit() and i < 5:
                i += 1
                search_result = yield self.store.search_rooms(
                    room_ids, search_term, keys, search_filter.limit() * 2,
                    pagination_token=pagination_token,
                )
                if search_result["highlights"]:
                    highlights.update(search_result["highlights"])
                count = search_result["count"]
                results = search_result["results"]
                results_map = {r["event"].event_id: r for r in results}
                rank_map.update({r["event"].event_id: r["rank"] for r in results})
                filtered_events = search_filter.filter([
                    r["event"] for r in results
                ])
                events = yield self._filter_events_for_client(
                    user.to_string(), filtered_events
                )
                room_events.extend(events)
                room_events = room_events[:search_filter.limit()]
                if len(results) < search_filter.limit() * 2:
                    pagination_token = None
                    break
                else:
                    pagination_token = results[-1]["pagination_token"]
            for event in room_events:
                group = room_groups.setdefault(event.room_id, {
                    "results": [],
                })
                group["results"].append(event.event_id)
            if room_events and len(room_events) >= search_filter.limit():
                last_event_id = room_events[-1].event_id
                pagination_token = results_map[last_event_id]["pagination_token"]
                # We want to respect the given batch group and group keys so
                # that if people blindly use the top level `next_batch` token
                # it returns more from the same group (if applicable) rather
                # than reverting to searching all results again.
                if batch_group and batch_group_key:
                    global_next_batch = encode_base64("%s\n%s\n%s" % (
                        batch_group, batch_group_key, pagination_token
                    ))
                else:
                    global_next_batch = encode_base64("%s\n%s\n%s" % (
                        "all", "", pagination_token
                    ))
                for room_id, group in room_groups.items():
                    group["next_batch"] = encode_base64("%s\n%s\n%s" % (
                        "room_id", room_id, pagination_token
                    ))
            allowed_events.extend(room_events)
        else:
            # We should never get here due to the guard earlier.
            raise NotImplementedError()
        # If client has asked for "context" for each event (i.e. some surrounding
        # events and state), fetch that
        if event_context is not None:
            now_token = yield self.hs.get_event_sources().get_current_token()
            contexts = {}
            for event in allowed_events:
                res = yield self.store.get_events_around(
                    event.room_id, event.event_id, before_limit, after_limit
                )
                res["events_before"] = yield self._filter_events_for_client(
                    user.to_string(), res["events_before"]
                )
                res["events_after"] = yield self._filter_events_for_client(
                    user.to_string(), res["events_after"]
                )
                res["start"] = now_token.copy_and_replace(
                    "room_key", res["start"]
                ).to_string()
                res["end"] = now_token.copy_and_replace(
                    "room_key", res["end"]
                ).to_string()
                if include_profile:
                    senders = set(
                        ev.sender
                        for ev in itertools.chain(
                            res["events_before"], [event], res["events_after"]
                        )
                    )
                    if res["events_after"]:
                        last_event_id = res["events_after"][-1].event_id
                    else:
                        last_event_id = event.event_id
                    state = yield self.store.get_state_for_event(
                        last_event_id,
                        types=[(EventTypes.Member, sender) for sender in senders]
                    )
                    res["profile_info"] = {
                        s.state_key: {
                            "displayname": s.content.get("displayname", None),
                            "avatar_url": s.content.get("avatar_url", None),
                        }
                        for s in state.values()
                        if s.type == EventTypes.Member and s.state_key in senders
                    }
                contexts[event.event_id] = res
        else:
            contexts = {}
        # TODO: Add a limit
        time_now = self.clock.time_msec()
        for context in contexts.values():
            context["events_before"] = [
                serialize_event(e, time_now)
                for e in context["events_before"]
            ]
            context["events_after"] = [
                serialize_event(e, time_now)
                for e in context["events_after"]
            ]
        state_results = {}
        if include_state:
            rooms = set(e.room_id for e in allowed_events)
            for room_id in rooms:
                state = yield self.state_handler.get_current_state(room_id)
                state_results[room_id] = state.values()
            state_results.values()
        # We're now about to serialize the events. We should not make any
        # blocking calls after this. Otherwise the 'age' will be wrong
        results = [
            {
                "rank": rank_map[e.event_id],
                "result": serialize_event(e, time_now),
                "context": contexts.get(e.event_id, {}),
            }
            for e in allowed_events
        ]
        rooms_cat_res = {
            "results": results,
            "count": count,
            "highlights": list(highlights),
        }
        if state_results:
            rooms_cat_res["state"] = {
                room_id: [serialize_event(e, time_now) for e in state]
                for room_id, state in state_results.items()
            }
        if room_groups and "room_id" in group_keys:
            rooms_cat_res.setdefault("groups", {})["room_id"] = room_groups
        if sender_group and "sender" in group_keys:
            rooms_cat_res.setdefault("groups", {})["sender"] = sender_group
        if global_next_batch:
            rooms_cat_res["next_batch"] = global_next_batch
        defer.returnValue({
            "search_categories": {
                "room_events": rooms_cat_res
            }
        })
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
--- a/synapse/handlers/typing.py
+++ b/synapse/handlers/typing.py
@@ -246,17 +246,12 @@ class TypingNotificationEventSource(object):
            },
        }
-    @defer.inlineCallbacks
+    def get_new_events(self, from_key, room_ids, **kwargs):
    def get_new_events_for_user(self, user, from_key, limit):
        from_key = int(from_key)
        handler = self.handler()
        joined_room_ids = (
            yield self.room_member_handler().get_joined_rooms_for_user(user)
        )
        events = []
-        for room_id in joined_room_ids:
+        for room_id in room_ids:
            if room_id not in handler._room_serials:
                continue
            if handler._room_serials[room_id] <= from_key:
@@ -264,7 +259,7 @@ class TypingNotificationEventSource(object):
            events.append(self._make_event_for(room_id))
-        defer.returnValue((events, handler._latest_room_serial))
+        return events, handler._latest_room_serial
    def get_current_key(self):
        return self.handler()._latest_room_serial
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -12,6 +12,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from OpenSSL import SSL
 from OpenSSL.SSL import VERIFY_NONE
 from synapse.api.errors import CodeMessageException
 from synapse.util.logcontext import preserve_context_over_fn
@@ -19,10 +21,9 @@ import synapse.metrics
 from canonicaljson import encode_canonical_json
-from twisted.internet import defer, reactor
+from twisted.internet import defer, reactor, ssl
 from twisted.web.client import (
    Agent, readBody, FileBodyProducer, PartialDownloadError,
    HTTPConnectionPool,
 )
 from twisted.web.http_headers import Headers
@@ -57,10 +58,14 @@ class SimpleHttpClient(object):
        # The default context factory in Twisted 14.0.0 (which we require) is
        # BrowserLikePolicyForHTTPS which will do regular cert validation
        # 'like a browser'
-        pool = HTTPConnectionPool(reactor)
+        self.agent = Agent(
-        pool.maxPersistentPerHost = 10
+            reactor,
-        self.agent = Agent(reactor, pool=pool)
+            connectTimeout=15,
-        self.version_string = hs.version_string
+            contextFactory=hs.get_http_client_context_factory()
        )
        self.user_agent = hs.version_string
        if hs.config.user_agent_suffix:
            self.user_agent = "%s %s" % (self.user_agent, hs.config.user_agent_suffix,)
    def request(self, method, uri, *args, **kwargs):
        # A small wrapper around self.agent.request() so we can easily attach
@@ -105,7 +110,7 @@ class SimpleHttpClient(object):
            uri.encode("ascii"),
            headers=Headers({
                b"Content-Type": [b"application/x-www-form-urlencoded"],
-                b"User-Agent": [self.version_string],
+                b"User-Agent": [self.user_agent],
            }),
            bodyProducer=FileBodyProducer(StringIO(query_bytes))
        )
@@ -124,7 +129,8 @@ class SimpleHttpClient(object):
            "POST",
            uri.encode("ascii"),
            headers=Headers({
-                "Content-Type": ["application/json"]
+                b"Content-Type": [b"application/json"],
                b"User-Agent": [self.user_agent],
            }),
            bodyProducer=FileBodyProducer(StringIO(json_str))
        )
@@ -150,27 +156,8 @@ class SimpleHttpClient(object):
            On a non-2xx HTTP response. The response body will be used as the
            error message.
        """
-        if len(args):
+        body = yield self.get_raw(uri, args)
-            query_bytes = urllib.urlencode(args, True)
+        defer.returnValue(json.loads(body))
            uri = "%s?%s" % (uri, query_bytes)
        response = yield self.request(
            "GET",
            uri.encode("ascii"),
            headers=Headers({
                b"User-Agent": [self.version_string],
            })
        )
        body = yield preserve_context_over_fn(readBody, response)
        if 200 <= response.code < 300:
            defer.returnValue(json.loads(body))
        else:
            # NB: This is explicitly not json.loads(body)'d because the contract
            # of CodeMessageException is a *string* message. Callers can always
            # load it into JSON if they want.
            raise CodeMessageException(response.code, body)
    @defer.inlineCallbacks
    def put_json(self, uri, json_body, args={}):
@@ -199,7 +186,7 @@ class SimpleHttpClient(object):
            "PUT",
            uri.encode("ascii"),
            headers=Headers({
-                b"User-Agent": [self.version_string],
+                b"User-Agent": [self.user_agent],
                "Content-Type": ["application/json"]
            }),
            bodyProducer=FileBodyProducer(StringIO(json_str))
@@ -215,6 +202,42 @@ class SimpleHttpClient(object):
            # load it into JSON if they want.
            raise CodeMessageException(response.code, body)
    @defer.inlineCallbacks
    def get_raw(self, uri, args={}):
        """ Gets raw text from the given URI.
        Args:
            uri (str): The URI to request, not including query parameters
            args (dict): A dictionary used to create query strings, defaults to
                None.
                **Note**: The value of each key is assumed to be an iterable
                and *not* a string.
        Returns:
            Deferred: Succeeds when we get *any* 2xx HTTP response, with the
            HTTP body at text.
        Raises:
            On a non-2xx HTTP response. The response body will be used as the
            error message.
        """
        if len(args):
            query_bytes = urllib.urlencode(args, True)
            uri = "%s?%s" % (uri, query_bytes)
        response = yield self.request(
            "GET",
            uri.encode("ascii"),
            headers=Headers({
                b"User-Agent": [self.user_agent],
            })
        )
        body = yield preserve_context_over_fn(readBody, response)
        if 200 <= response.code < 300:
            defer.returnValue(body)
        else:
            raise CodeMessageException(response.code, body)
 class CaptchaServerHttpClient(SimpleHttpClient):
    """
@@ -234,7 +257,7 @@ class CaptchaServerHttpClient(SimpleHttpClient):
            bodyProducer=FileBodyProducer(StringIO(query_bytes)),
            headers=Headers({
                b"Content-Type": [b"application/x-www-form-urlencoded"],
-                b"User-Agent": [self.version_string],
+                b"User-Agent": [self.user_agent],
            })
        )
@@ -252,3 +275,18 @@ def _print_ex(e):
            _print_ex(ex)
    else:
        logger.exception(e)
 class InsecureInterceptableContextFactory(ssl.ContextFactory):
    """
    Factory for PyOpenSSL SSL contexts which accepts any certificate for any domain.
    Do not use this since it allows an attacker to intercept your communications.
    """
    def __init__(self):
        self._context = SSL.Context(SSL.SSLv23_METHOD)
        self._context.set_verify(VERIFY_NONE, lambda *_: None)
    def getContext(self, hostname, port):
        return self._context
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -35,6 +35,7 @@ from signedjson.sign import sign_json
 import simplejson as json
 import logging
 import random
 import sys
 import urllib
 import urlparse
@@ -55,16 +56,20 @@ incoming_responses_counter = metrics.register_counter(
 )
 MAX_LONG_RETRIES = 10
 MAX_SHORT_RETRIES = 3
 class MatrixFederationEndpointFactory(object):
    def __init__(self, hs):
-        self.tls_context_factory = hs.tls_context_factory
+        self.tls_server_context_factory = hs.tls_server_context_factory
    def endpointForURI(self, uri):
        destination = uri.netloc
        return matrix_federation_endpoint(
            reactor, destination, timeout=10,
-            ssl_context_factory=self.tls_context_factory
+            ssl_context_factory=self.tls_server_context_factory
        )
@@ -99,7 +104,7 @@ class MatrixFederationHttpClient(object):
    def _create_request(self, destination, method, path_bytes,
                        body_callback, headers_dict={}, param_bytes=b"",
                        query_bytes=b"", retry_on_dns_fail=True,
-                        timeout=None):
+                        timeout=None, long_retries=False):
        """ Creates and sends a request to the given url
        """
        headers_dict[b"User-Agent"] = [self.version_string]
@@ -119,7 +124,10 @@ class MatrixFederationHttpClient(object):
        # XXX: Would be much nicer to retry only at the transaction-layer
        # (once we have reliable transactions in place)
-        retries_left = 5
+        if long_retries:
            retries_left = MAX_LONG_RETRIES
        else:
            retries_left = MAX_SHORT_RETRIES
        http_url_bytes = urlparse.urlunparse(
            ("", "", path_bytes, param_bytes, query_bytes, "")
@@ -180,7 +188,16 @@ class MatrixFederationHttpClient(object):
                    )
                    if retries_left and not timeout:
-                        yield sleep(2 ** (5 - retries_left))
+                        if long_retries:
                            delay = 4 ** (MAX_LONG_RETRIES + 1 - retries_left)
                            delay = min(delay, 60)
                            delay *= random.uniform(0.8, 1.4)
                        else:
                            delay = 0.5 * 2 ** (MAX_SHORT_RETRIES - retries_left)
                            delay = min(delay, 2)
                            delay *= random.uniform(0.8, 1.4)
                        yield sleep(delay)
                        retries_left -= 1
                    else:
                        raise
@@ -230,7 +247,8 @@ class MatrixFederationHttpClient(object):
        headers_dict[b"Authorization"] = auth_headers
    @defer.inlineCallbacks
-    def put_json(self, destination, path, data={}, json_data_callback=None):
+    def put_json(self, destination, path, data={}, json_data_callback=None,
                 long_retries=False):
        """ Sends the specifed json data using PUT
        Args:
@@ -241,6 +259,8 @@ class MatrixFederationHttpClient(object):
                the request body. This will be encoded as JSON.
            json_data_callback (callable): A callable returning the dict to
                use as the request body.
            long_retries (bool): A boolean that indicates whether we should
                retry for a short or long time.
        Returns:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
@@ -266,6 +286,7 @@ class MatrixFederationHttpClient(object):
            path.encode("ascii"),
            body_callback=body_callback,
            headers_dict={"Content-Type": ["application/json"]},
            long_retries=long_retries,
        )
        if 200 <= response.code < 300:
@@ -281,7 +302,7 @@ class MatrixFederationHttpClient(object):
        defer.returnValue(json.loads(body))
    @defer.inlineCallbacks
-    def post_json(self, destination, path, data={}):
+    def post_json(self, destination, path, data={}, long_retries=True):
        """ Sends the specifed json data using POST
        Args:
@@ -290,6 +311,8 @@ class MatrixFederationHttpClient(object):
            path (str): The HTTP path.
            data (dict): A dict containing the data that will be used as
                the request body. This will be encoded as JSON.
            long_retries (bool): A boolean that indicates whether we should
                retry for a short or long time.
        Returns:
            Deferred: Succeeds when we get a 2xx HTTP response. The result
@@ -309,6 +332,7 @@ class MatrixFederationHttpClient(object):
            path.encode("ascii"),
            body_callback=body_callback,
            headers_dict={"Content-Type": ["application/json"]},
            long_retries=True,
        )
        if 200 <= response.code < 300:
@@ -484,6 +508,9 @@ class _JsonProducer(object):
    def stopProducing(self):
        pass
    def resumeProducing(self):
        pass
 def _flatten_response_never_received(e):
    if hasattr(e, "reasons"):
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -15,7 +15,7 @@
 from synapse.api.errors import (
-    cs_exception, SynapseError, CodeMessageException, UnrecognizedRequestError
+    cs_exception, SynapseError, CodeMessageException, UnrecognizedRequestError, Codes
 )
 from synapse.util.logcontext import LoggingContext, PreserveLoggingContext
 import synapse.metrics
@@ -53,6 +53,23 @@ response_timer = metrics.register_distribution(
    labels=["method", "servlet"]
 )
 response_ru_utime = metrics.register_distribution(
    "response_ru_utime", labels=["method", "servlet"]
 )
 response_ru_stime = metrics.register_distribution(
    "response_ru_stime", labels=["method", "servlet"]
 )
 response_db_txn_count = metrics.register_distribution(
    "response_db_txn_count", labels=["method", "servlet"]
 )
 response_db_txn_duration = metrics.register_distribution(
    "response_db_txn_duration", labels=["method", "servlet"]
 )
 _next_request_id = 0
@@ -110,7 +127,10 @@ def request_handler(request_handler):
                    respond_with_json(
                        request,
                        500,
-                        {"error": "Internal server error"},
+                        {
                            "error": "Internal server error",
                            "errcode": Codes.UNKNOWN,
                        },
                        send_cors=True
                    )
    return wrapped_request_handler
@@ -120,7 +140,7 @@ class HttpServer(object):
    """ Interface for registering callbacks on a HTTP server
    """
-    def register_path(self, method, path_pattern, callback):
+    def register_paths(self, method, path_patterns, callback):
        """ Register a callback that gets fired if we receive a http request
        with the given method for a path that matches the given regex.
@@ -129,7 +149,7 @@ class HttpServer(object):
        Args:
            method (str): The method to listen to.
-            path_pattern (str): The regex used to match requests.
+            path_patterns (list<SRE_Pattern>): The regex used to match requests.
            callback (function): The function to fire if we receive a matched
                request. The first argument will be the request object and
                subsequent arguments will be any matched groups from the regex.
@@ -165,10 +185,11 @@ class JsonResource(HttpServer, resource.Resource):
        self.version_string = hs.version_string
        self.hs = hs
-    def register_path(self, method, path_pattern, callback):
+    def register_paths(self, method, path_patterns, callback):
-        self.path_regexs.setdefault(method, []).append(
+        for path_pattern in path_patterns:
-            self._PathEntry(path_pattern, callback)
+            self.path_regexs.setdefault(method, []).append(
-        )
+                self._PathEntry(path_pattern, callback)
            )
    def render(self, request):
        """ This gets called by twisted every time someone sends us a request.
@@ -220,6 +241,21 @@ class JsonResource(HttpServer, resource.Resource):
                self.clock.time_msec() - start, request.method, servlet_classname
            )
            try:
                context = LoggingContext.current_context()
                ru_utime, ru_stime = context.get_resource_usage()
                response_ru_utime.inc_by(ru_utime, request.method, servlet_classname)
                response_ru_stime.inc_by(ru_stime, request.method, servlet_classname)
                response_db_txn_count.inc_by(
                    context.db_txn_count, request.method, servlet_classname
                )
                response_db_txn_duration.inc_by(
                    context.db_txn_duration, request.method, servlet_classname
                )
            except:
                pass
            return
        # Huh. No one wanted to handle that? Fiiiiiine. Send 400.
--- a/synapse/http/servlet.py
+++ b/synapse/http/servlet.py
@@ -19,7 +19,6 @@ from synapse.api.errors import SynapseError
 import logging
 logger = logging.getLogger(__name__)
@@ -102,12 +101,13 @@ class RestServlet(object):
    def register(self, http_server):
        """ Register this servlet with the given HTTP server. """
-        if hasattr(self, "PATTERN"):
+        if hasattr(self, "PATTERNS"):
-            pattern = self.PATTERN
+            patterns = self.PATTERNS
            for method in ("GET", "PUT", "POST", "OPTIONS", "DELETE"):
                if hasattr(self, "on_%s" % (method,)):
                    method_handler = getattr(self, "on_%s" % (method,))
-                    http_server.register_path(method, pattern, method_handler)
+                    http_server.register_paths(method, patterns, method_handler)
        else:
            raise NotImplementedError("RestServlet must register something.")
--- a/synapse/notifier.py
+++ b/synapse/notifier.py
@@ -14,6 +14,8 @@
 # limitations under the License.
 from twisted.internet import defer
 from synapse.api.constants import EventTypes
 from synapse.api.errors import AuthError
 from synapse.util.logutils import log_function
 from synapse.util.async import run_on_reactor, ObservableDeferred
@@ -269,8 +271,8 @@ class Notifier(object):
                logger.exception("Failed to notify listener")
    @defer.inlineCallbacks
-    def wait_for_events(self, user, rooms, timeout, callback,
+    def wait_for_events(self, user, timeout, callback, room_ids=None,
-                        from_token=StreamToken("s0", "0", "0", "0")):
+                        from_token=StreamToken("s0", "0", "0", "0", "0")):
        """Wait until the callback returns a non empty response or the
        timeout fires.
        """
@@ -279,11 +281,12 @@ class Notifier(object):
        if user_stream is None:
            appservice = yield self.store.get_app_service_by_user_id(user)
            current_token = yield self.event_sources.get_current_token()
-            rooms = yield self.store.get_rooms_for_user(user)
+            if room_ids is None:
-            rooms = [room.room_id for room in rooms]
+                rooms = yield self.store.get_rooms_for_user(user)
                room_ids = [room.room_id for room in rooms]
            user_stream = _NotifierUserStream(
                user=user,
-                rooms=rooms,
+                rooms=room_ids,
                appservice=appservice,
                current_token=current_token,
                time_now_ms=self.clock.time_msec(),
@@ -328,8 +331,9 @@ class Notifier(object):
        defer.returnValue(result)
    @defer.inlineCallbacks
-    def get_events_for(self, user, rooms, pagination_config, timeout,
+    def get_events_for(self, user, pagination_config, timeout,
-                       only_room_events=False):
+                       only_room_events=False,
                       is_guest=False, guest_room_id=None):
        """ For the given user and rooms, return any new events for them. If
        there are no new events wait for up to `timeout` milliseconds for any
        new events to happen before returning.
@@ -342,6 +346,16 @@ class Notifier(object):
        limit = pagination_config.limit
        room_ids = []
        if is_guest:
            if guest_room_id:
                if not (yield self._is_world_readable(guest_room_id)):
                    raise AuthError(403, "Guest access not allowed")
                room_ids = [guest_room_id]
        else:
            rooms = yield self.store.get_rooms_for_user(user.to_string())
            room_ids = [room.room_id for room in rooms]
        @defer.inlineCallbacks
        def check_for_updates(before_token, after_token):
            if not after_token.is_after(before_token):
@@ -349,6 +363,7 @@ class Notifier(object):
            events = []
            end_token = from_token
            for name, source in self.event_sources.sources.items():
                keyname = "%s_key" % name
                before_id = getattr(before_token, keyname)
@@ -357,9 +372,23 @@ class Notifier(object):
                    continue
                if only_room_events and name != "room":
                    continue
-                new_events, new_key = yield source.get_new_events_for_user(
+                new_events, new_key = yield source.get_new_events(
-                    user, getattr(from_token, keyname), limit,
+                    user=user,
                    from_key=getattr(from_token, keyname),
                    limit=limit,
                    is_guest=is_guest,
                    room_ids=room_ids,
                )
                if name == "room":
                    room_member_handler = self.hs.get_handlers().room_member_handler
                    new_events = yield room_member_handler._filter_events_for_client(
                        user.to_string(),
                        new_events,
                        is_guest=is_guest,
                        require_all_visible_for_guests=False
                    )
                events.extend(new_events)
                end_token = end_token.copy_and_replace(keyname, new_key)
@@ -369,7 +398,7 @@ class Notifier(object):
                defer.returnValue(None)
        result = yield self.wait_for_events(
-            user, rooms, timeout, check_for_updates, from_token=from_token
+            user, timeout, check_for_updates, room_ids=room_ids, from_token=from_token
        )
        if result is None:
@@ -377,6 +406,17 @@ class Notifier(object):
        defer.returnValue(result)
    @defer.inlineCallbacks
    def _is_world_readable(self, room_id):
        state = yield self.hs.get_state_handler().get_current_state(
            room_id,
            EventTypes.RoomHistoryVisibility
        )
        if state and "history_visibility" in state.content:
            defer.returnValue(state.content["history_visibility"] == "world_readable")
        else:
            defer.returnValue(False)
    @log_function
    def remove_expired_streams(self):
        time_now_ms = self.clock.time_msec()
--- a/synapse/push/init.py
+++ b/synapse/push/init.py
@@ -16,14 +16,12 @@
 from twisted.internet import defer
 from synapse.streams.config import PaginationConfig
-from synapse.types import StreamToken, UserID
+from synapse.types import StreamToken
 import synapse.util.async
-import baserules
+import push_rule_evaluator as push_rule_evaluator
 import logging
 import simplejson as json
 import re
 import random
 logger = logging.getLogger(__name__)
@@ -33,9 +31,6 @@ class Pusher(object):
    INITIAL_BACKOFF = 1000
    MAX_BACKOFF = 60 * 60 * 1000
    GIVE_UP_AFTER = 24 * 60 * 60 * 1000
    DEFAULT_ACTIONS = ['dont_notify']
    INEQUALITY_EXPR = re.compile("^([=<>]*)([0-9]*)$")
    def __init__(self, _hs, profile_tag, user_name, app_id,
                 app_display_name, device_display_name, pushkey, pushkey_ts,
@@ -62,161 +57,6 @@ class Pusher(object):
        self.last_last_active_time = 0
        self.has_unread = True
    @defer.inlineCallbacks
    def _actions_for_event(self, ev):
        """
        This should take into account notification settings that the user
        has configured both globally and per-room when we have the ability
        to do such things.
        """
        if ev['user_id'] == self.user_name:
            # let's assume you probably know about messages you sent yourself
            defer.returnValue(['dont_notify'])
        rawrules = yield self.store.get_push_rules_for_user(self.user_name)
        rules = []
        for rawrule in rawrules:
            rule = dict(rawrule)
            rule['conditions'] = json.loads(rawrule['conditions'])
            rule['actions'] = json.loads(rawrule['actions'])
            rules.append(rule)
        enabled_map = yield self.store.get_push_rules_enabled_for_user(self.user_name)
        user = UserID.from_string(self.user_name)
        rules = baserules.list_with_base_rules(rules, user)
        room_id = ev['room_id']
        # get *our* member event for display name matching
        my_display_name = None
        our_member_event = yield self.store.get_current_state(
            room_id=room_id,
            event_type='m.room.member',
            state_key=self.user_name,
        )
        if our_member_event:
            my_display_name = our_member_event[0].content.get("displayname")
        room_members = yield self.store.get_users_in_room(room_id)
        room_member_count = len(room_members)
        for r in rules:
            if r['rule_id'] in enabled_map:
                r['enabled'] = enabled_map[r['rule_id']]
            elif 'enabled' not in r:
                r['enabled'] = True
            if not r['enabled']:
                continue
            matches = True
            conditions = r['conditions']
            actions = r['actions']
            for c in conditions:
                matches &= self._event_fulfills_condition(
                    ev, c, display_name=my_display_name,
                    room_member_count=room_member_count
                )
            logger.debug(
                "Rule %s %s",
                r['rule_id'], "matches" if matches else "doesn't match"
            )
            # ignore rules with no actions (we have an explict 'dont_notify')
            if len(actions) == 0:
                logger.warn(
                    "Ignoring rule id %s with no actions for user %s",
                    r['rule_id'], self.user_name
                )
                continue
            if matches:
                logger.info(
                    "%s matches for user %s, event %s",
                    r['rule_id'], self.user_name, ev['event_id']
                )
                defer.returnValue(actions)
        logger.info(
            "No rules match for user %s, event %s",
            self.user_name, ev['event_id']
        )
        defer.returnValue(Pusher.DEFAULT_ACTIONS)
    @staticmethod
    def _glob_to_regexp(glob):
        r = re.escape(glob)
        r = re.sub(r'\\\*', r'.*?', r)
        r = re.sub(r'\\\?', r'.', r)
        # handle [abc], [a-z] and [!a-z] style ranges.
        r = re.sub(r'\\\[(\\\!|)(.*)\\\]',
                   lambda x: ('[%s%s]' % (x.group(1) and '^' or '',
                                          re.sub(r'\\\-', '-', x.group(2)))), r)
        return r
    def _event_fulfills_condition(self, ev, condition, display_name, room_member_count):
        if condition['kind'] == 'event_match':
            if 'pattern' not in condition:
                logger.warn("event_match condition with no pattern")
                return False
            # XXX: optimisation: cache our pattern regexps
            if condition['key'] == 'content.body':
                r = r'\b%s\b' % self._glob_to_regexp(condition['pattern'])
            else:
                r = r'^%s$' % self._glob_to_regexp(condition['pattern'])
            val = _value_for_dotted_key(condition['key'], ev)
            if val is None:
                return False
            return re.search(r, val, flags=re.IGNORECASE) is not None
        elif condition['kind'] == 'device':
            if 'profile_tag' not in condition:
                return True
            return condition['profile_tag'] == self.profile_tag
        elif condition['kind'] == 'contains_display_name':
            # This is special because display names can be different
            # between rooms and so you can't really hard code it in a rule.
            # Optimisation: we should cache these names and update them from
            # the event stream.
            if 'content' not in ev or 'body' not in ev['content']:
                return False
            if not display_name:
                return False
            return re.search(
                "\b%s\b" % re.escape(display_name), ev['content']['body'],
                flags=re.IGNORECASE
            ) is not None
        elif condition['kind'] == 'room_member_count':
            if 'is' not in condition:
                return False
            m = Pusher.INEQUALITY_EXPR.match(condition['is'])
            if not m:
                return False
            ineq = m.group(1)
            rhs = m.group(2)
            if not rhs.isdigit():
                return False
            rhs = int(rhs)
            if ineq == '' or ineq == '==':
                return room_member_count == rhs
            elif ineq == '<':
                return room_member_count < rhs
            elif ineq == '>':
                return room_member_count > rhs
            elif ineq == '>=':
                return room_member_count >= rhs
            elif ineq == '<=':
                return room_member_count <= rhs
            else:
                return False
        else:
            return True
    @defer.inlineCallbacks
    def get_context_for_event(self, ev):
        name_aliases = yield self.store.get_room_name_and_aliases(
@@ -308,8 +148,14 @@ class Pusher(object):
            return
        processed = False
-        actions = yield self._actions_for_event(single_event)
+
-        tweaks = _tweaks_for_actions(actions)
+        rule_evaluator = yield \
            push_rule_evaluator.evaluator_for_user_name_and_profile_tag(
                self.user_name, self.profile_tag, single_event['room_id'], self.store
            )
        actions = yield rule_evaluator.actions_for_event(single_event)
        tweaks = rule_evaluator.tweaks_for_actions(actions)
        if len(actions) == 0:
            logger.warn("Empty actions! Using default action.")
@@ -448,27 +294,6 @@ class Pusher(object):
                    self.has_unread = False
 def _value_for_dotted_key(dotted_key, event):
    parts = dotted_key.split(".")
    val = event
    while len(parts) > 0:
        if parts[0] not in val:
            return None
        val = val[parts[0]]
        parts = parts[1:]
    return val
 def _tweaks_for_actions(actions):
    tweaks = {}
    for a in actions:
        if not isinstance(a, dict):
            continue
        if 'set_tweak' in a and 'value' in a:
            tweaks[a['set_tweak']] = a['value']
    return tweaks
 class PusherConfigException(Exception):
    def __init__(self, msg):
        super(PusherConfigException, self).__init__(msg)
--- a/synapse/push/baserules.py
+++ b/synapse/push/baserules.py
@@ -247,6 +247,7 @@ def make_base_append_underride_rules(user):
        },
        {
            'rule_id': 'global/underride/.m.rule.message',
            'enabled': False,
            'conditions': [
                {
                    'kind': 'event_match',
--- a/synapse/push/httppusher.py
+++ b/synapse/push/httppusher.py
@@ -14,7 +14,6 @@
 # limitations under the License.
 from synapse.push import Pusher, PusherConfigException
 from synapse.http.client import SimpleHttpClient
 from twisted.internet import defer
@@ -46,7 +45,7 @@ class HttpPusher(Pusher):
                "'url' required in data for HTTP pusher"
            )
        self.url = data['url']
-        self.httpCli = SimpleHttpClient(self.hs)
+        self.http_client = _hs.get_simple_http_client()
        self.data_minus_url = {}
        self.data_minus_url.update(self.data)
        del self.data_minus_url['url']
@@ -107,7 +106,7 @@ class HttpPusher(Pusher):
        if not notification_dict:
            defer.returnValue([])
        try:
-            resp = yield self.httpCli.post_json_get_json(self.url, notification_dict)
+            resp = yield self.http_client.post_json_get_json(self.url, notification_dict)
        except:
            logger.warn("Failed to push %s ", self.url)
            defer.returnValue(False)
@@ -138,7 +137,7 @@ class HttpPusher(Pusher):
            }
        }
        try:
-            resp = yield self.httpCli.post_json_get_json(self.url, d)
+            resp = yield self.http_client.post_json_get_json(self.url, d)
        except:
            logger.exception("Failed to push %s ", self.url)
            defer.returnValue(False)
--- a/synapse/push/push_rule_evaluator.py
+++ b/synapse/push/push_rule_evaluator.py
@@ -0,0 +1,224 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from twisted.internet import defer
 from synapse.types import UserID
 import baserules
 import logging
 import simplejson as json
 import re
 logger = logging.getLogger(__name__)
@defer.inlineCallbacks
 def evaluator_for_user_name_and_profile_tag(user_name, profile_tag, room_id, store):
    rawrules = yield store.get_push_rules_for_user(user_name)
    enabled_map = yield store.get_push_rules_enabled_for_user(user_name)
    our_member_event = yield store.get_current_state(
        room_id=room_id,
        event_type='m.room.member',
        state_key=user_name,
    )
    defer.returnValue(PushRuleEvaluator(
        user_name, profile_tag, rawrules, enabled_map,
        room_id, our_member_event, store
    ))
 class PushRuleEvaluator:
    DEFAULT_ACTIONS = ['dont_notify']
    INEQUALITY_EXPR = re.compile("^([=<>]*)([0-9]*)$")
    def __init__(self, user_name, profile_tag, raw_rules, enabled_map, room_id,
                 our_member_event, store):
        self.user_name = user_name
        self.profile_tag = profile_tag
        self.room_id = room_id
        self.our_member_event = our_member_event
        self.store = store
        rules = []
        for raw_rule in raw_rules:
            rule = dict(raw_rule)
            rule['conditions'] = json.loads(raw_rule['conditions'])
            rule['actions'] = json.loads(raw_rule['actions'])
            rules.append(rule)
        user = UserID.from_string(self.user_name)
        self.rules = baserules.list_with_base_rules(rules, user)
        self.enabled_map = enabled_map
    @staticmethod
    def tweaks_for_actions(actions):
        tweaks = {}
        for a in actions:
            if not isinstance(a, dict):
                continue
            if 'set_tweak' in a and 'value' in a:
                tweaks[a['set_tweak']] = a['value']
        return tweaks
    @defer.inlineCallbacks
    def actions_for_event(self, ev):
        """
        This should take into account notification settings that the user
        has configured both globally and per-room when we have the ability
        to do such things.
        """
        if ev['user_id'] == self.user_name:
            # let's assume you probably know about messages you sent yourself
            defer.returnValue(['dont_notify'])
        room_id = ev['room_id']
        # get *our* member event for display name matching
        my_display_name = None
        if self.our_member_event:
            my_display_name = self.our_member_event[0].content.get("displayname")
        room_members = yield self.store.get_users_in_room(room_id)
        room_member_count = len(room_members)
        for r in self.rules:
            if r['rule_id'] in self.enabled_map:
                r['enabled'] = self.enabled_map[r['rule_id']]
            elif 'enabled' not in r:
                r['enabled'] = True
            if not r['enabled']:
                continue
            matches = True
            conditions = r['conditions']
            actions = r['actions']
            for c in conditions:
                matches &= self._event_fulfills_condition(
                    ev, c, display_name=my_display_name,
                    room_member_count=room_member_count
                )
            logger.debug(
                "Rule %s %s",
                r['rule_id'], "matches" if matches else "doesn't match"
            )
            # ignore rules with no actions (we have an explict 'dont_notify')
            if len(actions) == 0:
                logger.warn(
                    "Ignoring rule id %s with no actions for user %s",
                    r['rule_id'], self.user_name
                )
                continue
            if matches:
                logger.info(
                    "%s matches for user %s, event %s",
                    r['rule_id'], self.user_name, ev['event_id']
                )
                defer.returnValue(actions)
        logger.info(
            "No rules match for user %s, event %s",
            self.user_name, ev['event_id']
        )
        defer.returnValue(PushRuleEvaluator.DEFAULT_ACTIONS)
    @staticmethod
    def _glob_to_regexp(glob):
        r = re.escape(glob)
        r = re.sub(r'\\\*', r'.*?', r)
        r = re.sub(r'\\\?', r'.', r)
        # handle [abc], [a-z] and [!a-z] style ranges.
        r = re.sub(r'\\\[(\\\!|)(.*)\\\]',
                   lambda x: ('[%s%s]' % (x.group(1) and '^' or '',
                                          re.sub(r'\\\-', '-', x.group(2)))), r)
        return r
    def _event_fulfills_condition(self, ev, condition, display_name, room_member_count):
        if condition['kind'] == 'event_match':
            if 'pattern' not in condition:
                logger.warn("event_match condition with no pattern")
                return False
            # XXX: optimisation: cache our pattern regexps
            if condition['key'] == 'content.body':
                r = r'\b%s\b' % self._glob_to_regexp(condition['pattern'])
            else:
                r = r'^%s$' % self._glob_to_regexp(condition['pattern'])
            val = _value_for_dotted_key(condition['key'], ev)
            if val is None:
                return False
            return re.search(r, val, flags=re.IGNORECASE) is not None
        elif condition['kind'] == 'device':
            if 'profile_tag' not in condition:
                return True
            return condition['profile_tag'] == self.profile_tag
        elif condition['kind'] == 'contains_display_name':
            # This is special because display names can be different
            # between rooms and so you can't really hard code it in a rule.
            # Optimisation: we should cache these names and update them from
            # the event stream.
            if 'content' not in ev or 'body' not in ev['content']:
                return False
            if not display_name:
                return False
            return re.search(
                r"\b%s\b" % re.escape(display_name), ev['content']['body'],
                flags=re.IGNORECASE
            ) is not None
        elif condition['kind'] == 'room_member_count':
            if 'is' not in condition:
                return False
            m = PushRuleEvaluator.INEQUALITY_EXPR.match(condition['is'])
            if not m:
                return False
            ineq = m.group(1)
            rhs = m.group(2)
            if not rhs.isdigit():
                return False
            rhs = int(rhs)
            if ineq == '' or ineq == '==':
                return room_member_count == rhs
            elif ineq == '<':
                return room_member_count < rhs
            elif ineq == '>':
                return room_member_count > rhs
            elif ineq == '>=':
                return room_member_count >= rhs
            elif ineq == '<=':
                return room_member_count <= rhs
            else:
                return False
        else:
            return True
 def _value_for_dotted_key(dotted_key, event):
    parts = dotted_key.split(".")
    val = event
    while len(parts) > 0:
        if parts[0] not in val:
            return None
        val = val[parts[0]]
        parts = parts[1:]
    return val
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -18,18 +18,18 @@ from distutils.version import LooseVersion
 logger = logging.getLogger(__name__)
 REQUIREMENTS = {
    "frozendict>=0.4": ["frozendict"],
    "unpaddedbase64>=1.0.1": ["unpaddedbase64>=1.0.1"],
    "canonicaljson>=1.0.0": ["canonicaljson>=1.0.0"],
    "signedjson>=1.0.0": ["signedjson>=1.0.0"],
-    "Twisted>=15.1.0": ["twisted>=15.1.0"],
+    "pynacl>=0.3.0": ["nacl>=0.3.0", "nacl.bindings"],
    "service_identity>=1.0.0": ["service_identity>=1.0.0"],
    "Twisted>=15.1.0": ["twisted>=15.1.0"],
    "pyopenssl>=0.14": ["OpenSSL>=0.14"],
    "pyyaml": ["yaml"],
    "pyasn1": ["pyasn1"],
    "pynacl>=0.3.0": ["nacl>=0.3.0"],
    "daemonize": ["daemonize"],
    "py-bcrypt": ["bcrypt"],
    "frozendict>=0.4": ["frozendict"],
    "pillow": ["PIL"],
    "pydenticon": ["pydenticon"],
    "ujson": ["ujson"],
@@ -60,7 +60,10 @@ DEPENDENCY_LINKS = {
 class MissingRequirementError(Exception):
-    pass
+    def __init__(self, message, module_name, dependency):
        super(MissingRequirementError, self).__init__(message)
        self.module_name = module_name
        self.dependency = dependency
 def check_requirements(config=None):
@@ -88,7 +91,7 @@ def check_requirements(config=None):
                )
                raise MissingRequirementError(
                    "Can't import %r which is part of %r"
-                    % (module_name, dependency)
+                    % (module_name, dependency), module_name, dependency
                )
            version = getattr(module, "__version__", None)
            file_path = getattr(module, "__file__", None)
@@ -101,23 +104,25 @@ def check_requirements(config=None):
                if version is None:
                    raise MissingRequirementError(
                        "Version of %r isn't set as __version__ of module %r"
-                        % (dependency, module_name)
+                        % (dependency, module_name), module_name, dependency
                    )
                if LooseVersion(version) < LooseVersion(required_version):
                    raise MissingRequirementError(
                        "Version of %r in %r is too old. %r < %r"
-                        % (dependency, file_path, version, required_version)
+                        % (dependency, file_path, version, required_version),
                        module_name, dependency
                    )
            elif version_test == "==":
                if version is None:
                    raise MissingRequirementError(
                        "Version of %r isn't set as __version__ of module %r"
-                        % (dependency, module_name)
+                        % (dependency, module_name), module_name, dependency
                    )
                if LooseVersion(version) != LooseVersion(required_version):
                    raise MissingRequirementError(
                        "Unexpected version of %r in %r. %r != %r"
-                        % (dependency, file_path, version, required_version)
+                        % (dependency, file_path, version, required_version),
                        module_name, dependency
                    )
--- a/synapse/rest/init.py
+++ b/synapse/rest/init.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
+# Copyright 2014, 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,3 +12,69 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from synapse.rest.client.v1 import (
    room,
    events,
    profile,
    presence,
    initial_sync,
    directory,
    voip,
    admin,
    pusher,
    push_rule,
    register as v1_register,
    login as v1_login,
 )
 from synapse.rest.client.v2_alpha import (
    sync,
    filter,
    account,
    register,
    auth,
    receipts,
    keys,
    tokenrefresh,
    tags,
    account_data,
 )
 from synapse.http.server import JsonResource
 class ClientRestResource(JsonResource):
    """A resource for version 1 of the matrix client API."""
    def __init__(self, hs):
        JsonResource.__init__(self, hs, canonical_json=False)
        self.register_servlets(self, hs)
    @staticmethod
    def register_servlets(client_resource, hs):
        # "v1"
        room.register_servlets(hs, client_resource)
        events.register_servlets(hs, client_resource)
        v1_register.register_servlets(hs, client_resource)
        v1_login.register_servlets(hs, client_resource)
        profile.register_servlets(hs, client_resource)
        presence.register_servlets(hs, client_resource)
        initial_sync.register_servlets(hs, client_resource)
        directory.register_servlets(hs, client_resource)
        voip.register_servlets(hs, client_resource)
        admin.register_servlets(hs, client_resource)
        pusher.register_servlets(hs, client_resource)
        push_rule.register_servlets(hs, client_resource)
        # "v2"
        sync.register_servlets(hs, client_resource)
        filter.register_servlets(hs, client_resource)
        account.register_servlets(hs, client_resource)
        register.register_servlets(hs, client_resource)
        auth.register_servlets(hs, client_resource)
        receipts.register_servlets(hs, client_resource)
        keys.register_servlets(hs, client_resource)
        tokenrefresh.register_servlets(hs, client_resource)
        tags.register_servlets(hs, client_resource)
        account_data.register_servlets(hs, client_resource)
--- a/synapse/rest/client/v1/init.py
+++ b/synapse/rest/client/v1/init.py
@@ -12,33 +12,3 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from . import (
    room, events, register, login, profile, presence, initial_sync, directory,
    voip, admin, pusher, push_rule
 )
 from synapse.http.server import JsonResource
 class ClientV1RestResource(JsonResource):
    """A resource for version 1 of the matrix client API."""
    def __init__(self, hs):
        JsonResource.__init__(self, hs, canonical_json=False)
        self.register_servlets(self, hs)
    @staticmethod
    def register_servlets(client_resource, hs):
        room.register_servlets(hs, client_resource)
        events.register_servlets(hs, client_resource)
        register.register_servlets(hs, client_resource)
        login.register_servlets(hs, client_resource)
        profile.register_servlets(hs, client_resource)
        presence.register_servlets(hs, client_resource)
        initial_sync.register_servlets(hs, client_resource)
        directory.register_servlets(hs, client_resource)
        voip.register_servlets(hs, client_resource)
        admin.register_servlets(hs, client_resource)
        pusher.register_servlets(hs, client_resource)
        push_rule.register_servlets(hs, client_resource)
--- a/synapse/rest/client/v1/admin.py
+++ b/synapse/rest/client/v1/admin.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import AuthError, SynapseError
 from synapse.types import UserID
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
 import logging
@@ -26,12 +26,12 @@ logger = logging.getLogger(__name__)
 class WhoisRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/admin/whois/(?P<user_id>[^/]*)")
+    PATTERNS = client_path_patterns("/admin/whois/(?P<user_id>[^/]*)")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
        target_user = UserID.from_string(user_id)
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        is_admin = yield self.auth.is_server_admin(auth_user)
        if not is_admin and target_user != auth_user:
--- a/synapse/rest/client/v1/base.py
+++ b/synapse/rest/client/v1/base.py
@@ -27,7 +27,7 @@ import logging
 logger = logging.getLogger(__name__)
-def client_path_pattern(path_regex):
+def client_path_patterns(path_regex, releases=(0,), include_in_unstable=True):
    """Creates a regex compiled client path with the correct client path
    prefix.
@@ -37,7 +37,14 @@ def client_path_pattern(path_regex):
    Returns:
        SRE_Pattern
    """
-    return re.compile("^" + CLIENT_PREFIX + path_regex)
+    patterns = [re.compile("^" + CLIENT_PREFIX + path_regex)]
    if include_in_unstable:
        unstable_prefix = CLIENT_PREFIX.replace("/api/v1", "/unstable")
        patterns.append(re.compile("^" + unstable_prefix + path_regex))
    for release in releases:
        new_prefix = CLIENT_PREFIX.replace("/api/v1", "/r%d" % release)
        patterns.append(re.compile("^" + new_prefix + path_regex))
    return patterns
 class ClientV1RestServlet(RestServlet):
--- a/synapse/rest/client/v1/directory.py
+++ b/synapse/rest/client/v1/directory.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import AuthError, SynapseError, Codes
 from synapse.types import RoomAlias
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 import simplejson as json
 import logging
@@ -32,7 +32,7 @@ def register_servlets(hs, http_server):
 class ClientDirectoryServer(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/directory/room/(?P<room_alias>[^/]*)$")
+    PATTERNS = client_path_patterns("/directory/room/(?P<room_alias>[^/]*)$")
    @defer.inlineCallbacks
    def on_GET(self, request, room_alias):
@@ -69,7 +69,7 @@ class ClientDirectoryServer(ClientV1RestServlet):
        try:
            # try to auth as a user
-            user, _ = yield self.auth.get_user_by_req(request)
+            user, _, _ = yield self.auth.get_user_by_req(request)
            try:
                user_id = user.to_string()
                yield dir_handler.create_association(
@@ -116,7 +116,7 @@ class ClientDirectoryServer(ClientV1RestServlet):
            # fallback to default user behaviour if they aren't an AS
            pass
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        is_admin = yield self.auth.is_server_admin(user)
        if not is_admin:
--- a/synapse/rest/client/v1/events.py
+++ b/synapse/rest/client/v1/events.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError
 from synapse.streams.config import PaginationConfig
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 from synapse.events.utils import serialize_event
 import logging
@@ -28,13 +28,21 @@ logger = logging.getLogger(__name__)
 class EventStreamRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/events$")
+    PATTERNS = client_path_patterns("/events$")
    DEFAULT_LONGPOLL_TIME_MS = 30000
    @defer.inlineCallbacks
    def on_GET(self, request):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, is_guest = yield self.auth.get_user_by_req(
            request,
            allow_guest=True
        )
        room_id = None
        if is_guest:
            if "room_id" not in request.args:
                raise SynapseError(400, "Guest users must specify room_id param")
            room_id = request.args["room_id"][0]
        try:
            handler = self.handlers.event_stream_handler
            pagin_config = PaginationConfig.from_request(request)
@@ -49,7 +57,8 @@ class EventStreamRestServlet(ClientV1RestServlet):
            chunk = yield handler.get_stream(
                auth_user.to_string(), pagin_config, timeout=timeout,
-                as_client_event=as_client_event
+                as_client_event=as_client_event, affect_presence=(not is_guest),
                room_id=room_id, is_guest=is_guest
            )
        except:
            logger.exception("Event stream failed")
@@ -63,7 +72,7 @@ class EventStreamRestServlet(ClientV1RestServlet):
 # TODO: Unit test gets, with and without auth, with different kinds of events.
 class EventRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/events/(?P<event_id>[^/]*)$")
+    PATTERNS = client_path_patterns("/events/(?P<event_id>[^/]*)$")
    def __init__(self, hs):
        super(EventRestServlet, self).__init__(hs)
@@ -71,7 +80,7 @@ class EventRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request, event_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        handler = self.handlers.event_handler
        event = yield handler.get_event(auth_user, event_id)
--- a/synapse/rest/client/v1/initial_sync.py
+++ b/synapse/rest/client/v1/initial_sync.py
@@ -16,25 +16,25 @@
 from twisted.internet import defer
 from synapse.streams.config import PaginationConfig
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
 # TODO: Needs unit testing
 class InitialSyncRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/initialSync$")
+    PATTERNS = client_path_patterns("/initialSync$")
    @defer.inlineCallbacks
    def on_GET(self, request):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        with_feedback = "feedback" in request.args
        as_client_event = "raw" not in request.args
        pagination_config = PaginationConfig.from_request(request)
        handler = self.handlers.message_handler
        include_archived = request.args.get("archived", None) == ["true"]
        content = yield handler.snapshot_all_rooms(
            user_id=user.to_string(),
            pagin_config=pagination_config,
-            feedback=with_feedback,
+            as_client_event=as_client_event,
-            as_client_event=as_client_event
+            include_archived=include_archived,
        )
        defer.returnValue((200, content))
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -15,36 +15,61 @@
 from twisted.internet import defer
-from synapse.api.errors import SynapseError
+from synapse.api.errors import SynapseError, LoginError, Codes
 from synapse.types import UserID
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
 import simplejson as json
 import urllib
 import urlparse
 import logging
 from saml2 import BINDING_HTTP_POST
 from saml2 import config
 from saml2.client import Saml2Client
 import xml.etree.ElementTree as ET
 logger = logging.getLogger(__name__)
 class LoginRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/login$")
+    PATTERNS = client_path_patterns("/login$")
    PASS_TYPE = "m.login.password"
    SAML2_TYPE = "m.login.saml2"
    CAS_TYPE = "m.login.cas"
    TOKEN_TYPE = "m.login.token"
    def __init__(self, hs):
        super(LoginRestServlet, self).__init__(hs)
        self.idp_redirect_url = hs.config.saml2_idp_redirect_url
        self.password_enabled = hs.config.password_enabled
        self.saml2_enabled = hs.config.saml2_enabled
        self.cas_enabled = hs.config.cas_enabled
        self.cas_server_url = hs.config.cas_server_url
        self.cas_required_attributes = hs.config.cas_required_attributes
        self.servername = hs.config.server_name
        self.http_client = hs.get_simple_http_client()
    def on_GET(self, request):
-        flows = [{"type": LoginRestServlet.PASS_TYPE}]
+        flows = []
        if self.saml2_enabled:
            flows.append({"type": LoginRestServlet.SAML2_TYPE})
        if self.cas_enabled:
            flows.append({"type": LoginRestServlet.CAS_TYPE})
            # While its valid for us to advertise this login type generally,
            # synapse currently only gives out these tokens as part of the
            # CAS login flow.
            # Generally we don't want to advertise login flows that clients
            # don't know how to implement, since they (currently) will always
            # fall back to the fallback API if they don't understand one of the
            # login flow types returned.
            flows.append({"type": LoginRestServlet.TOKEN_TYPE})
        if self.password_enabled:
            flows.append({"type": LoginRestServlet.PASS_TYPE})
        return (200, {"flows": flows})
    def on_OPTIONS(self, request):
@@ -55,6 +80,9 @@ class LoginRestServlet(ClientV1RestServlet):
        login_submission = _parse_json(request)
        try:
            if login_submission["type"] == LoginRestServlet.PASS_TYPE:
                if not self.password_enabled:
                    raise SynapseError(400, "Password login has been disabled.")
                result = yield self.do_password_login(login_submission)
                defer.returnValue(result)
            elif self.saml2_enabled and (login_submission["type"] ==
@@ -67,6 +95,20 @@ class LoginRestServlet(ClientV1RestServlet):
                    "uri": "%s%s" % (self.idp_redirect_url, relay_state)
                }
                defer.returnValue((200, result))
            # TODO Delete this after all CAS clients switch to token login instead
            elif self.cas_enabled and (login_submission["type"] ==
                                       LoginRestServlet.CAS_TYPE):
                uri = "%s/proxyValidate" % (self.cas_server_url,)
                args = {
                    "ticket": login_submission["ticket"],
                    "service": login_submission["service"]
                }
                body = yield self.http_client.get_raw(uri, args)
                result = yield self.do_cas_login(body)
                defer.returnValue(result)
            elif login_submission["type"] == LoginRestServlet.TOKEN_TYPE:
                result = yield self.do_token_login(login_submission)
                defer.returnValue(result)
            else:
                raise SynapseError(400, "Bad login type.")
        except KeyError:
@@ -78,6 +120,8 @@ class LoginRestServlet(ClientV1RestServlet):
            user_id = yield self.hs.get_datastore().get_user_id_by_threepid(
                login_submission['medium'], login_submission['address']
            )
            if not user_id:
                raise LoginError(403, "", errcode=Codes.FORBIDDEN)
        else:
            user_id = login_submission['user']
@@ -100,39 +144,98 @@ class LoginRestServlet(ClientV1RestServlet):
        defer.returnValue((200, result))
 class LoginFallbackRestServlet(ClientV1RestServlet):
    PATTERN = client_path_pattern("/login/fallback$")
    def on_GET(self, request):
        # TODO(kegan): This should be returning some HTML which is capable of
        # hitting LoginRestServlet
        return (200, {})
 class PasswordResetRestServlet(ClientV1RestServlet):
    PATTERN = client_path_pattern("/login/reset")
    @defer.inlineCallbacks
-    def on_POST(self, request):
+    def do_token_login(self, login_submission):
-        reset_info = _parse_json(request)
+        token = login_submission['token']
-        try:
+        auth_handler = self.handlers.auth_handler
-            email = reset_info["email"]
+        user_id = (
-            user_id = reset_info["user_id"]
+            yield auth_handler.validate_short_term_login_token_and_get_user_id(token)
-            handler = self.handlers.login_handler
+        )
-            yield handler.reset_password(user_id, email)
+        user_id, access_token, refresh_token = (
-            # purposefully give no feedback to avoid people hammering different
+            yield auth_handler.get_login_tuple_for_user_id(user_id)
-            # combinations.
+        )
-            defer.returnValue((200, {}))
+        result = {
-        except KeyError:
+            "user_id": user_id,  # may have changed
-            raise SynapseError(
+            "access_token": access_token,
-                400,
+            "refresh_token": refresh_token,
-                "Missing keys. Requires 'email' and 'user_id'."
+            "home_server": self.hs.hostname,
        }
        defer.returnValue((200, result))
    # TODO Delete this after all CAS clients switch to token login instead
    @defer.inlineCallbacks
    def do_cas_login(self, cas_response_body):
        user, attributes = self.parse_cas_response(cas_response_body)
        for required_attribute, required_value in self.cas_required_attributes.items():
            # If required attribute was not in CAS Response - Forbidden
            if required_attribute not in attributes:
                raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
            # Also need to check value
            if required_value is not None:
                actual_value = attributes[required_attribute]
                # If required attribute value does not match expected - Forbidden
                if required_value != actual_value:
                    raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
        user_id = UserID.create(user, self.hs.hostname).to_string()
        auth_handler = self.handlers.auth_handler
        user_exists = yield auth_handler.does_user_exist(user_id)
        if user_exists:
            user_id, access_token, refresh_token = (
                yield auth_handler.get_login_tuple_for_user_id(user_id)
            )
            result = {
                "user_id": user_id,  # may have changed
                "access_token": access_token,
                "refresh_token": refresh_token,
                "home_server": self.hs.hostname,
            }
        else:
            user_id, access_token = (
                yield self.handlers.registration_handler.register(localpart=user)
            )
            result = {
                "user_id": user_id,  # may have changed
                "access_token": access_token,
                "home_server": self.hs.hostname,
            }
        defer.returnValue((200, result))
    # TODO Delete this after all CAS clients switch to token login instead
    def parse_cas_response(self, cas_response_body):
        root = ET.fromstring(cas_response_body)
        if not root.tag.endswith("serviceResponse"):
            raise LoginError(401, "Invalid CAS response", errcode=Codes.UNAUTHORIZED)
        if not root[0].tag.endswith("authenticationSuccess"):
            raise LoginError(401, "Unsuccessful CAS response", errcode=Codes.UNAUTHORIZED)
        for child in root[0]:
            if child.tag.endswith("user"):
                user = child.text
            if child.tag.endswith("attributes"):
                attributes = {}
                for attribute in child:
                    # ElementTree library expands the namespace in attribute tags
                    # to the full URL of the namespace.
                    # See (https://docs.python.org/2/library/xml.etree.elementtree.html)
                    # We don't care about namespace here and it will always be encased in
                    # curly braces, so we remove them.
                    if "}" in attribute.tag:
                        attributes[attribute.tag.split("}")[1]] = attribute.text
                    else:
                        attributes[attribute.tag] = attribute.text
        if user is None or attributes is None:
            raise LoginError(401, "Invalid CAS response", errcode=Codes.UNAUTHORIZED)
        return (user, attributes)
 class SAML2RestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/login/saml2")
+    PATTERNS = client_path_patterns("/login/saml2", releases=())
    def __init__(self, hs):
        super(SAML2RestServlet, self).__init__(hs)
@@ -174,6 +277,127 @@ class SAML2RestServlet(ClientV1RestServlet):
        defer.returnValue((200, {"status": "not_authenticated"}))
 # TODO Delete this after all CAS clients switch to token login instead
 class CasRestServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns("/login/cas", releases=())
    def __init__(self, hs):
        super(CasRestServlet, self).__init__(hs)
        self.cas_server_url = hs.config.cas_server_url
    def on_GET(self, request):
        return (200, {"serverUrl": self.cas_server_url})
 class CasRedirectServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns("/login/cas/redirect", releases=())
    def __init__(self, hs):
        super(CasRedirectServlet, self).__init__(hs)
        self.cas_server_url = hs.config.cas_server_url
        self.cas_service_url = hs.config.cas_service_url
    def on_GET(self, request):
        args = request.args
        if "redirectUrl" not in args:
            return (400, "Redirect URL not specified for CAS auth")
        client_redirect_url_param = urllib.urlencode({
            "redirectUrl": args["redirectUrl"][0]
        })
        hs_redirect_url = self.cas_service_url + "/_matrix/client/api/v1/login/cas/ticket"
        service_param = urllib.urlencode({
            "service": "%s?%s" % (hs_redirect_url, client_redirect_url_param)
        })
        request.redirect("%s?%s" % (self.cas_server_url, service_param))
        request.finish()
 class CasTicketServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns("/login/cas/ticket", releases=())
    def __init__(self, hs):
        super(CasTicketServlet, self).__init__(hs)
        self.cas_server_url = hs.config.cas_server_url
        self.cas_service_url = hs.config.cas_service_url
        self.cas_required_attributes = hs.config.cas_required_attributes
    @defer.inlineCallbacks
    def on_GET(self, request):
        client_redirect_url = request.args["redirectUrl"][0]
        http_client = self.hs.get_simple_http_client()
        uri = self.cas_server_url + "/proxyValidate"
        args = {
            "ticket": request.args["ticket"],
            "service": self.cas_service_url
        }
        body = yield http_client.get_raw(uri, args)
        result = yield self.handle_cas_response(request, body, client_redirect_url)
        defer.returnValue(result)
    @defer.inlineCallbacks
    def handle_cas_response(self, request, cas_response_body, client_redirect_url):
        user, attributes = self.parse_cas_response(cas_response_body)
        for required_attribute, required_value in self.cas_required_attributes.items():
            # If required attribute was not in CAS Response - Forbidden
            if required_attribute not in attributes:
                raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
            # Also need to check value
            if required_value is not None:
                actual_value = attributes[required_attribute]
                # If required attribute value does not match expected - Forbidden
                if required_value != actual_value:
                    raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
        user_id = UserID.create(user, self.hs.hostname).to_string()
        auth_handler = self.handlers.auth_handler
        user_exists = yield auth_handler.does_user_exist(user_id)
        if not user_exists:
            user_id, _ = (
                yield self.handlers.registration_handler.register(localpart=user)
            )
        login_token = auth_handler.generate_short_term_login_token(user_id)
        redirect_url = self.add_login_token_to_redirect_url(client_redirect_url,
                                                            login_token)
        request.redirect(redirect_url)
        request.finish()
    def add_login_token_to_redirect_url(self, url, token):
        url_parts = list(urlparse.urlparse(url))
        query = dict(urlparse.parse_qsl(url_parts[4]))
        query.update({"loginToken": token})
        url_parts[4] = urllib.urlencode(query)
        return urlparse.urlunparse(url_parts)
    def parse_cas_response(self, cas_response_body):
        root = ET.fromstring(cas_response_body)
        if not root.tag.endswith("serviceResponse"):
            raise LoginError(401, "Invalid CAS response", errcode=Codes.UNAUTHORIZED)
        if not root[0].tag.endswith("authenticationSuccess"):
            raise LoginError(401, "Unsuccessful CAS response", errcode=Codes.UNAUTHORIZED)
        for child in root[0]:
            if child.tag.endswith("user"):
                user = child.text
            if child.tag.endswith("attributes"):
                attributes = {}
                for attribute in child:
                    # ElementTree library expands the namespace in attribute tags
                    # to the full URL of the namespace.
                    # See (https://docs.python.org/2/library/xml.etree.elementtree.html)
                    # We don't care about namespace here and it will always be encased in
                    # curly braces, so we remove them.
                    if "}" in attribute.tag:
                        attributes[attribute.tag.split("}")[1]] = attribute.text
                    else:
                        attributes[attribute.tag] = attribute.text
        if user is None or attributes is None:
            raise LoginError(401, "Invalid CAS response", errcode=Codes.UNAUTHORIZED)
        return (user, attributes)
 def _parse_json(request):
    try:
        content = json.loads(request.content.read())
@@ -188,4 +412,8 @@ def register_servlets(hs, http_server):
    LoginRestServlet(hs).register(http_server)
    if hs.config.saml2_enabled:
        SAML2RestServlet(hs).register(http_server)
    if hs.config.cas_enabled:
        CasRedirectServlet(hs).register(http_server)
        CasTicketServlet(hs).register(http_server)
        CasRestServlet(hs).register(http_server)
    # TODO PasswordResetRestServlet(hs).register(http_server)
--- a/synapse/rest/client/v1/presence.py
+++ b/synapse/rest/client/v1/presence.py
@@ -19,7 +19,7 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError
 from synapse.types import UserID
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 import simplejson as json
 import logging
@@ -28,11 +28,11 @@ logger = logging.getLogger(__name__)
 class PresenceStatusRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/presence/(?P<user_id>[^/]*)/status")
+    PATTERNS = client_path_patterns("/presence/(?P<user_id>[^/]*)/status")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)
        state = yield self.handlers.presence_handler.get_state(
@@ -42,7 +42,7 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)
        state = {}
@@ -73,11 +73,11 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
 class PresenceListRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/presence/list/(?P<user_id>[^/]*)")
+    PATTERNS = client_path_patterns("/presence/list/(?P<user_id>[^/]*)")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)
        if not self.hs.is_mine(user):
@@ -97,7 +97,7 @@ class PresenceListRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)
        if not self.hs.is_mine(user):
@@ -120,7 +120,7 @@ class PresenceListRestServlet(ClientV1RestServlet):
                if len(u) == 0:
                    continue
                invited_user = UserID.from_string(u)
-                yield self.handlers.presence_handler.send_invite(
+                yield self.handlers.presence_handler.send_presence_invite(
                    observer_user=user, observed_user=invited_user
                )
--- a/synapse/rest/client/v1/profile.py
+++ b/synapse/rest/client/v1/profile.py
@@ -16,14 +16,14 @@
 """ This module contains REST servlets to do with profile: /profile/<paths> """
 from twisted.internet import defer
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 from synapse.types import UserID
 import simplejson as json
 class ProfileDisplaynameRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/profile/(?P<user_id>[^/]*)/displayname")
+    PATTERNS = client_path_patterns("/profile/(?P<user_id>[^/]*)/displayname")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
@@ -37,7 +37,7 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request, allow_guest=True)
        user = UserID.from_string(user_id)
        try:
@@ -56,7 +56,7 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
 class ProfileAvatarURLRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/profile/(?P<user_id>[^/]*)/avatar_url")
+    PATTERNS = client_path_patterns("/profile/(?P<user_id>[^/]*)/avatar_url")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
@@ -70,7 +70,7 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user = UserID.from_string(user_id)
        try:
@@ -89,7 +89,7 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
 class ProfileRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/profile/(?P<user_id>[^/]*)")
+    PATTERNS = client_path_patterns("/profile/(?P<user_id>[^/]*)")
    @defer.inlineCallbacks
    def on_GET(self, request, user_id):
--- a/synapse/rest/client/v1/push_rule.py
+++ b/synapse/rest/client/v1/push_rule.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import (
    SynapseError, Codes, UnrecognizedRequestError, NotFoundError, StoreError
 )
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 from synapse.storage.push_rule import (
    InconsistentRuleException, RuleNotFoundException
 )
@@ -31,7 +31,7 @@ import simplejson as json
 class PushRuleRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/pushrules/.*$")
+    PATTERNS = client_path_patterns("/pushrules/.*$")
    SLIGHTLY_PEDANTIC_TRAILING_SLASH_ERROR = (
        "Unrecognised request: You probably wanted a trailing slash")
@@ -43,7 +43,7 @@ class PushRuleRestServlet(ClientV1RestServlet):
        except InvalidRuleException as e:
            raise SynapseError(400, e.message)
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        if '/' in spec['rule_id'] or '\\' in spec['rule_id']:
            raise SynapseError(400, "rule_id may not contain slashes")
@@ -92,7 +92,7 @@ class PushRuleRestServlet(ClientV1RestServlet):
    def on_DELETE(self, request):
        spec = _rule_spec_from_path(request.postpath)
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        namespaced_rule_id = _namespaced_rule_id_from_spec(spec)
@@ -109,7 +109,7 @@ class PushRuleRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        # we build up the full structure and then decide which bits of it
        # to send which means doing unnecessary work sometimes but is
@@ -207,7 +207,12 @@ class PushRuleRestServlet(ClientV1RestServlet):
    def set_rule_attr(self, user_name, spec, val):
        if spec['attr'] == 'enabled':
            if isinstance(val, dict) and "enabled" in val:
                val = val["enabled"]
            if not isinstance(val, bool):
                # Legacy fallback
                # This should *actually* take a dict, but many clients pass
                # bools directly, so let's not break them.
                raise SynapseError(400, "Value for 'enabled' must be boolean")
            namespaced_rule_id = _namespaced_rule_id_from_spec(spec)
            self.hs.get_datastore().set_push_rule_enabled(
--- a/synapse/rest/client/v1/pusher.py
+++ b/synapse/rest/client/v1/pusher.py
@@ -17,17 +17,20 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError, Codes
 from synapse.push import PusherConfigException
-from .base import ClientV1RestServlet, client_path_pattern
+from .base import ClientV1RestServlet, client_path_patterns
 import simplejson as json
 import logging
 logger = logging.getLogger(__name__)
 class PusherRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/pushers/set$")
+    PATTERNS = client_path_patterns("/pushers/set$")
    @defer.inlineCallbacks
    def on_POST(self, request):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, _ = yield self.auth.get_user_by_req(request)
        content = _parse_json(request)
@@ -51,6 +54,9 @@ class PusherRestServlet(ClientV1RestServlet):
            raise SynapseError(400, "Missing parameters: "+','.join(missing),
                               errcode=Codes.MISSING_PARAM)
        logger.debug("set pushkey %s to kind %s", content['pushkey'], content['kind'])
        logger.debug("Got pushers request with body: %r", content)
        append = False
        if 'append' in content:
            append = content['append']
--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError, Codes
 from synapse.api.constants import LoginType
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
 import synapse.util.stringutils as stringutils
 from synapse.util.async import run_on_reactor
@@ -48,7 +48,7 @@ class RegisterRestServlet(ClientV1RestServlet):
    handler doesn't have a concept of multi-stages or sessions.
    """
-    PATTERN = client_path_pattern("/register$")
+    PATTERNS = client_path_patterns("/register$", releases=(), include_in_unstable=False)
    def __init__(self, hs):
        super(RegisterRestServlet, self).__init__(hs)
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -16,8 +16,8 @@
 """ This module contains REST servlets to do with rooms: /rooms/<paths> """
 from twisted.internet import defer
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
-from synapse.api.errors import SynapseError, Codes
+from synapse.api.errors import SynapseError, Codes, AuthError
 from synapse.streams.config import PaginationConfig
 from synapse.api.constants import EventTypes, Membership
 from synapse.types import UserID, RoomID, RoomAlias
@@ -27,7 +27,6 @@ import simplejson as json
 import logging
 import urllib
 logger = logging.getLogger(__name__)
@@ -35,16 +34,16 @@ class RoomCreateRestServlet(ClientV1RestServlet):
    # No PATTERN; we have custom dispatch rules here
    def register(self, http_server):
-        PATTERN = "/createRoom"
+        PATTERNS = "/createRoom"
-        register_txn_path(self, PATTERN, http_server)
+        register_txn_path(self, PATTERNS, http_server)
        # define CORS for all of /rooms in RoomCreateRestServlet for simplicity
-        http_server.register_path("OPTIONS",
+        http_server.register_paths("OPTIONS",
-                                  client_path_pattern("/rooms(?:/.*)?$"),
+                                   client_path_patterns("/rooms(?:/.*)?$"),
-                                  self.on_OPTIONS)
+                                   self.on_OPTIONS)
        # define CORS for /createRoom[/txnid]
-        http_server.register_path("OPTIONS",
+        http_server.register_paths("OPTIONS",
-                                  client_path_pattern("/createRoom(?:/.*)?$"),
+                                   client_path_patterns("/createRoom(?:/.*)?$"),
-                                  self.on_OPTIONS)
+                                   self.on_OPTIONS)
    @defer.inlineCallbacks
    def on_PUT(self, request, txn_id):
@@ -62,7 +61,7 @@ class RoomCreateRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        room_config = self.get_room_config(request)
        info = yield self.make_room(room_config, auth_user, None)
@@ -104,18 +103,18 @@ class RoomStateEventRestServlet(ClientV1RestServlet):
        state_key = ("/rooms/(?P<room_id>[^/]*)/state/"
                     "(?P<event_type>[^/]*)/(?P<state_key>[^/]*)$")
-        http_server.register_path("GET",
+        http_server.register_paths("GET",
-                                  client_path_pattern(state_key),
+                                   client_path_patterns(state_key),
-                                  self.on_GET)
+                                   self.on_GET)
-        http_server.register_path("PUT",
+        http_server.register_paths("PUT",
-                                  client_path_pattern(state_key),
+                                   client_path_patterns(state_key),
-                                  self.on_PUT)
+                                   self.on_PUT)
-        http_server.register_path("GET",
+        http_server.register_paths("GET",
-                                  client_path_pattern(no_state_key),
+                                   client_path_patterns(no_state_key),
-                                  self.on_GET_no_state_key)
+                                   self.on_GET_no_state_key)
-        http_server.register_path("PUT",
+        http_server.register_paths("PUT",
-                                  client_path_pattern(no_state_key),
+                                   client_path_patterns(no_state_key),
-                                  self.on_PUT_no_state_key)
+                                   self.on_PUT_no_state_key)
    def on_GET_no_state_key(self, request, room_id, event_type):
        return self.on_GET(request, room_id, event_type, "")
@@ -125,7 +124,7 @@ class RoomStateEventRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request, room_id, event_type, state_key):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, is_guest = yield self.auth.get_user_by_req(request, allow_guest=True)
        msg_handler = self.handlers.message_handler
        data = yield msg_handler.get_room_data(
@@ -133,6 +132,7 @@ class RoomStateEventRestServlet(ClientV1RestServlet):
            room_id=room_id,
            event_type=event_type,
            state_key=state_key,
            is_guest=is_guest,
        )
        if not data:
@@ -143,7 +143,7 @@ class RoomStateEventRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_PUT(self, request, room_id, event_type, state_key, txn_id=None):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, _ = yield self.auth.get_user_by_req(request)
        content = _parse_json(request)
@@ -170,12 +170,12 @@ class RoomSendEventRestServlet(ClientV1RestServlet):
    def register(self, http_server):
        # /rooms/$roomid/send/$event_type[/$txn_id]
-        PATTERN = ("/rooms/(?P<room_id>[^/]*)/send/(?P<event_type>[^/]*)")
+        PATTERNS = ("/rooms/(?P<room_id>[^/]*)/send/(?P<event_type>[^/]*)")
-        register_txn_path(self, PATTERN, http_server, with_get=True)
+        register_txn_path(self, PATTERNS, http_server, with_get=True)
    @defer.inlineCallbacks
    def on_POST(self, request, room_id, event_type, txn_id=None):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, _ = yield self.auth.get_user_by_req(request, allow_guest=True)
        content = _parse_json(request)
        msg_handler = self.handlers.message_handler
@@ -215,12 +215,15 @@ class JoinRoomAliasServlet(ClientV1RestServlet):
    def register(self, http_server):
        # /join/$room_identifier[/$txn_id]
-        PATTERN = ("/join/(?P<room_identifier>[^/]*)")
+        PATTERNS = ("/join/(?P<room_identifier>[^/]*)")
-        register_txn_path(self, PATTERN, http_server)
+        register_txn_path(self, PATTERNS, http_server)
    @defer.inlineCallbacks
    def on_POST(self, request, room_identifier, txn_id=None):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, is_guest = yield self.auth.get_user_by_req(
            request,
            allow_guest=True
        )
        # the identifier could be a room alias or a room id. Try one then the
        # other if it fails to parse, without swallowing other valid
@@ -242,16 +245,20 @@ class JoinRoomAliasServlet(ClientV1RestServlet):
            defer.returnValue((200, ret_dict))
        else:  # room id
            msg_handler = self.handlers.message_handler
            content = {"membership": Membership.JOIN}
            if is_guest:
                content["kind"] = "guest"
            yield msg_handler.create_and_send_event(
                {
                    "type": EventTypes.Member,
-                    "content": {"membership": Membership.JOIN},
+                    "content": content,
                    "room_id": identifier.to_string(),
                    "sender": user.to_string(),
                    "state_key": user.to_string(),
                },
                token_id=token_id,
                txn_id=txn_id,
                is_guest=is_guest,
            )
            defer.returnValue((200, {"room_id": identifier.to_string()}))
@@ -273,7 +280,7 @@ class JoinRoomAliasServlet(ClientV1RestServlet):
 # TODO: Needs unit testing
 class PublicRoomListRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/publicRooms$")
+    PATTERNS = client_path_patterns("/publicRooms$")
    @defer.inlineCallbacks
    def on_GET(self, request):
@@ -284,18 +291,24 @@ class PublicRoomListRestServlet(ClientV1RestServlet):
 # TODO: Needs unit testing
 class RoomMemberListRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/rooms/(?P<room_id>[^/]*)/members$")
+    PATTERNS = client_path_patterns("/rooms/(?P<room_id>[^/]*)/members$")
    @defer.inlineCallbacks
    def on_GET(self, request, room_id):
        # TODO support Pagination stream API (limit/tokens)
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
-        handler = self.handlers.room_member_handler
+        handler = self.handlers.message_handler
-        members = yield handler.get_room_members_as_pagination_chunk(
+        events = yield handler.get_state_events(
            room_id=room_id,
-            user_id=user.to_string())
+            user_id=user.to_string(),
        )
-        for event in members["chunk"]:
+        chunk = []
        for event in events:
            if event["type"] != EventTypes.Member:
                continue
            chunk.append(event)
            # FIXME: should probably be state_key here, not user_id
            target_user = UserID.from_string(event["user_id"])
            # Presence is an optional cache; don't fail if we can't fetch it
@@ -308,27 +321,28 @@ class RoomMemberListRestServlet(ClientV1RestServlet):
            except:
                pass
-        defer.returnValue((200, members))
+        defer.returnValue((200, {
            "chunk": chunk
        }))
-# TODO: Needs unit testing
+# TODO: Needs better unit testing
 class RoomMessageListRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/rooms/(?P<room_id>[^/]*)/messages$")
+    PATTERNS = client_path_patterns("/rooms/(?P<room_id>[^/]*)/messages$")
    @defer.inlineCallbacks
    def on_GET(self, request, room_id):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, is_guest = yield self.auth.get_user_by_req(request, allow_guest=True)
        pagination_config = PaginationConfig.from_request(
            request, default_limit=10,
        )
        with_feedback = "feedback" in request.args
        as_client_event = "raw" not in request.args
        handler = self.handlers.message_handler
        msgs = yield handler.get_messages(
            room_id=room_id,
            user_id=user.to_string(),
            is_guest=is_guest,
            pagin_config=pagination_config,
            feedback=with_feedback,
            as_client_event=as_client_event
        )
@@ -337,58 +351,71 @@ class RoomMessageListRestServlet(ClientV1RestServlet):
 # TODO: Needs unit testing
 class RoomStateRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/rooms/(?P<room_id>[^/]*)/state$")
+    PATTERNS = client_path_patterns("/rooms/(?P<room_id>[^/]*)/state$")
    @defer.inlineCallbacks
    def on_GET(self, request, room_id):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, is_guest = yield self.auth.get_user_by_req(request, allow_guest=True)
        handler = self.handlers.message_handler
        # Get all the current state for this room
        events = yield handler.get_state_events(
            room_id=room_id,
            user_id=user.to_string(),
            is_guest=is_guest,
        )
        defer.returnValue((200, events))
 # TODO: Needs unit testing
 class RoomInitialSyncRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/rooms/(?P<room_id>[^/]*)/initialSync$")
+    PATTERNS = client_path_patterns("/rooms/(?P<room_id>[^/]*)/initialSync$")
    @defer.inlineCallbacks
    def on_GET(self, request, room_id):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, is_guest = yield self.auth.get_user_by_req(request, allow_guest=True)
        pagination_config = PaginationConfig.from_request(request)
        content = yield self.handlers.message_handler.room_initial_sync(
            room_id=room_id,
            user_id=user.to_string(),
            pagin_config=pagination_config,
            is_guest=is_guest,
        )
        defer.returnValue((200, content))
-class RoomTriggerBackfill(ClientV1RestServlet):
+class RoomEventContext(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/rooms/(?P<room_id>[^/]*)/backfill$")
+    PATTERNS = client_path_patterns(
        "/rooms/(?P<room_id>[^/]*)/context/(?P<event_id>[^/]*)$"
    )
    def __init__(self, hs):
-        super(RoomTriggerBackfill, self).__init__(hs)
+        super(RoomEventContext, self).__init__(hs)
        self.clock = hs.get_clock()
    @defer.inlineCallbacks
-    def on_GET(self, request, room_id):
+    def on_GET(self, request, room_id, event_id):
-        remote_server = urllib.unquote(
+        user, _, is_guest = yield self.auth.get_user_by_req(request, allow_guest=True)
            request.args["remote"][0]
        ).decode("UTF-8")
-        limit = int(request.args["limit"][0])
+        limit = int(request.args.get("limit", [10])[0])
-        handler = self.handlers.federation_handler
+        results = yield self.handlers.room_context_handler.get_event_context(
-        events = yield handler.backfill(remote_server, room_id, limit)
+            user, room_id, event_id, limit, is_guest
        )
        time_now = self.clock.time_msec()
        results["events_before"] = [
            serialize_event(event, time_now) for event in results["events_before"]
        ]
        results["events_after"] = [
            serialize_event(event, time_now) for event in results["events_after"]
        ]
        results["state"] = [
            serialize_event(event, time_now) for event in results["state"]
        ]
-        res = [serialize_event(event, time_now) for event in events]
+        logger.info("Responding with %r", results)
-        defer.returnValue((200, res))
+
        defer.returnValue((200, results))
 # TODO: Needs unit testing
@@ -396,43 +423,83 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
    def register(self, http_server):
        # /rooms/$roomid/[invite|join|leave]
-        PATTERN = ("/rooms/(?P<room_id>[^/]*)/"
+        PATTERNS = ("/rooms/(?P<room_id>[^/]*)/"
-                   "(?P<membership_action>join|invite|leave|ban|kick)")
+                    "(?P<membership_action>join|invite|leave|ban|kick|forget)")
-        register_txn_path(self, PATTERN, http_server)
+        register_txn_path(self, PATTERNS, http_server)
    @defer.inlineCallbacks
    def on_POST(self, request, room_id, membership_action, txn_id=None):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, is_guest = yield self.auth.get_user_by_req(
            request,
            allow_guest=True
        )
        effective_membership_action = membership_action
        if is_guest and membership_action not in {Membership.JOIN, Membership.LEAVE}:
            raise AuthError(403, "Guest access not allowed")
        content = _parse_json(request)
        # target user is you unless it is an invite
        state_key = user.to_string()
-        if membership_action in ["invite", "ban", "kick"]:
+
-            if "user_id" not in content:
+        if membership_action == "invite" and self._has_3pid_invite_keys(content):
            yield self.handlers.room_member_handler.do_3pid_invite(
                room_id,
                user,
                content["medium"],
                content["address"],
                content["id_server"],
                token_id,
                txn_id
            )
            defer.returnValue((200, {}))
            return
        elif membership_action in ["invite", "ban", "kick"]:
            if "user_id" in content:
                state_key = content["user_id"]
            else:
                raise SynapseError(400, "Missing user_id key.")
-            state_key = content["user_id"]
+
            # make sure it looks like a user ID; it'll throw if it's invalid.
            UserID.from_string(state_key)
            if membership_action == "kick":
-                membership_action = "leave"
+                effective_membership_action = "leave"
        elif membership_action == "forget":
            effective_membership_action = "leave"
        msg_handler = self.handlers.message_handler
        content = {"membership": unicode(effective_membership_action)}
        if is_guest:
            content["kind"] = "guest"
        yield msg_handler.create_and_send_event(
            {
                "type": EventTypes.Member,
-                "content": {"membership": unicode(membership_action)},
+                "content": content,
                "room_id": room_id,
                "sender": user.to_string(),
                "state_key": state_key,
            },
            token_id=token_id,
            txn_id=txn_id,
            is_guest=is_guest,
        )
        if membership_action == "forget":
            yield self.handlers.room_member_handler.forget(user, room_id)
        defer.returnValue((200, {}))
    def _has_3pid_invite_keys(self, content):
        for key in {"id_server", "medium", "address"}:
            if key not in content:
                return False
        return True
    @defer.inlineCallbacks
    def on_PUT(self, request, room_id, membership_action, txn_id):
        try:
@@ -452,12 +519,12 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
 class RoomRedactEventRestServlet(ClientV1RestServlet):
    def register(self, http_server):
-        PATTERN = ("/rooms/(?P<room_id>[^/]*)/redact/(?P<event_id>[^/]*)")
+        PATTERNS = ("/rooms/(?P<room_id>[^/]*)/redact/(?P<event_id>[^/]*)")
-        register_txn_path(self, PATTERN, http_server)
+        register_txn_path(self, PATTERNS, http_server)
    @defer.inlineCallbacks
    def on_POST(self, request, room_id, event_id, txn_id=None):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, _ = yield self.auth.get_user_by_req(request)
        content = _parse_json(request)
        msg_handler = self.handlers.message_handler
@@ -491,13 +558,13 @@ class RoomRedactEventRestServlet(ClientV1RestServlet):
 class RoomTypingRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern(
+    PATTERNS = client_path_patterns(
        "/rooms/(?P<room_id>[^/]*)/typing/(?P<user_id>[^/]*)$"
    )
    @defer.inlineCallbacks
    def on_PUT(self, request, room_id, user_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        room_id = urllib.unquote(room_id)
        target_user = UserID.from_string(urllib.unquote(user_id))
@@ -523,6 +590,23 @@ class RoomTypingRestServlet(ClientV1RestServlet):
        defer.returnValue((200, {}))
 class SearchRestServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns(
        "/search$"
    )
    @defer.inlineCallbacks
    def on_POST(self, request):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        content = _parse_json(request)
        batch = request.args.get("next_batch", [None])[0]
        results = yield self.handlers.search_handler.search(auth_user, content, batch)
        defer.returnValue((200, results))
 def _parse_json(request):
    try:
        content = json.loads(request.content.read())
@@ -547,20 +631,20 @@ def register_txn_path(servlet, regex_string, http_server, with_get=False):
        http_server : The http_server to register paths with.
        with_get: True to also register respective GET paths for the PUTs.
    """
-    http_server.register_path(
+    http_server.register_paths(
        "POST",
-        client_path_pattern(regex_string + "$"),
+        client_path_patterns(regex_string + "$"),
        servlet.on_POST
    )
-    http_server.register_path(
+    http_server.register_paths(
        "PUT",
-        client_path_pattern(regex_string + "/(?P<txn_id>[^/]*)$"),
+        client_path_patterns(regex_string + "/(?P<txn_id>[^/]*)$"),
        servlet.on_PUT
    )
    if with_get:
-        http_server.register_path(
+        http_server.register_paths(
            "GET",
-            client_path_pattern(regex_string + "/(?P<txn_id>[^/]*)$"),
+            client_path_patterns(regex_string + "/(?P<txn_id>[^/]*)$"),
            servlet.on_GET
        )
@@ -571,7 +655,6 @@ def register_servlets(hs, http_server):
    RoomMemberListRestServlet(hs).register(http_server)
    RoomMessageListRestServlet(hs).register(http_server)
    JoinRoomAliasServlet(hs).register(http_server)
    RoomTriggerBackfill(hs).register(http_server)
    RoomMembershipRestServlet(hs).register(http_server)
    RoomSendEventRestServlet(hs).register(http_server)
    PublicRoomListRestServlet(hs).register(http_server)
@@ -579,3 +662,5 @@ def register_servlets(hs, http_server):
    RoomInitialSyncRestServlet(hs).register(http_server)
    RoomRedactEventRestServlet(hs).register(http_server)
    RoomTypingRestServlet(hs).register(http_server)
    SearchRestServlet(hs).register(http_server)
    RoomEventContext(hs).register(http_server)
--- a/synapse/rest/client/v1/voip.py
+++ b/synapse/rest/client/v1/voip.py
@@ -15,7 +15,7 @@
 from twisted.internet import defer
-from base import ClientV1RestServlet, client_path_pattern
+from base import ClientV1RestServlet, client_path_patterns
 import hmac
@@ -24,11 +24,11 @@ import base64
 class VoipRestServlet(ClientV1RestServlet):
-    PATTERN = client_path_pattern("/voip/turnServer$")
+    PATTERNS = client_path_patterns("/voip/turnServer$")
    @defer.inlineCallbacks
    def on_GET(self, request):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        turnUris = self.hs.config.turn_uris
        turnSecret = self.hs.config.turn_shared_secret
--- a/synapse/rest/client/v2_alpha/init.py
+++ b/synapse/rest/client/v2_alpha/init.py
@@ -12,35 +12,3 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from . import (
    sync,
    filter,
    account,
    register,
    auth,
    receipts,
    keys,
    tokenrefresh,
 )
 from synapse.http.server import JsonResource
 class ClientV2AlphaRestResource(JsonResource):
    """A resource for version 2 alpha of the matrix client API."""
    def __init__(self, hs):
        JsonResource.__init__(self, hs, canonical_json=False)
        self.register_servlets(self, hs)
    @staticmethod
    def register_servlets(client_resource, hs):
        sync.register_servlets(hs, client_resource)
        filter.register_servlets(hs, client_resource)
        account.register_servlets(hs, client_resource)
        register.register_servlets(hs, client_resource)
        auth.register_servlets(hs, client_resource)
        receipts.register_servlets(hs, client_resource)
        keys.register_servlets(hs, client_resource)
        tokenrefresh.register_servlets(hs, client_resource)
--- a/synapse/rest/client/v2_alpha/_base.py
+++ b/synapse/rest/client/v2_alpha/_base.py
@@ -27,7 +27,7 @@ import simplejson
 logger = logging.getLogger(__name__)
-def client_v2_pattern(path_regex):
+def client_v2_patterns(path_regex, releases=(0,)):
    """Creates a regex compiled client path with the correct client path
    prefix.
@@ -37,7 +37,13 @@ def client_v2_pattern(path_regex):
    Returns:
        SRE_Pattern
    """
-    return re.compile("^" + CLIENT_V2_ALPHA_PREFIX + path_regex)
+    patterns = [re.compile("^" + CLIENT_V2_ALPHA_PREFIX + path_regex)]
    unstable_prefix = CLIENT_V2_ALPHA_PREFIX.replace("/v2_alpha", "/unstable")
    patterns.append(re.compile("^" + unstable_prefix + path_regex))
    for release in releases:
        new_prefix = CLIENT_V2_ALPHA_PREFIX.replace("/v2_alpha", "/r%d" % release)
        patterns.append(re.compile("^" + new_prefix + path_regex))
    return patterns
 def parse_request_allow_empty(request):
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -20,7 +20,7 @@ from synapse.api.errors import LoginError, SynapseError, Codes
 from synapse.http.servlet import RestServlet
 from synapse.util.async import run_on_reactor
-from ._base import client_v2_pattern, parse_json_dict_from_request
+from ._base import client_v2_patterns, parse_json_dict_from_request
 import logging
@@ -29,7 +29,7 @@ logger = logging.getLogger(__name__)
 class PasswordRestServlet(RestServlet):
-    PATTERN = client_v2_pattern("/account/password")
+    PATTERNS = client_v2_patterns("/account/password")
    def __init__(self, hs):
        super(PasswordRestServlet, self).__init__()
@@ -55,7 +55,7 @@ class PasswordRestServlet(RestServlet):
        if LoginType.PASSWORD in result:
            # if using password, they should also be logged in
-            auth_user, _ = yield self.auth.get_user_by_req(request)
+            auth_user, _, _ = yield self.auth.get_user_by_req(request)
            if auth_user.to_string() != result[LoginType.PASSWORD]:
                raise LoginError(400, "", Codes.UNKNOWN)
            user_id = auth_user.to_string()
@@ -89,7 +89,7 @@ class PasswordRestServlet(RestServlet):
 class ThreepidRestServlet(RestServlet):
-    PATTERN = client_v2_pattern("/account/3pid")
+    PATTERNS = client_v2_patterns("/account/3pid")
    def __init__(self, hs):
        super(ThreepidRestServlet, self).__init__()
@@ -102,7 +102,7 @@ class ThreepidRestServlet(RestServlet):
    def on_GET(self, request):
        yield run_on_reactor()
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        threepids = yield self.hs.get_datastore().user_get_threepids(
            auth_user.to_string()
@@ -120,7 +120,7 @@ class ThreepidRestServlet(RestServlet):
            raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)
        threePidCreds = body['threePidCreds']
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        threepid = yield self.identity_handler.threepid_from_creds(threePidCreds)
--- a/synapse/rest/client/v2_alpha/account_data.py
+++ b/synapse/rest/client/v2_alpha/account_data.py
@@ -0,0 +1,111 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from ._base import client_v2_patterns
 from synapse.http.servlet import RestServlet
 from synapse.api.errors import AuthError, SynapseError
 from twisted.internet import defer
 import logging
 import simplejson as json
 logger = logging.getLogger(__name__)
 class AccountDataServlet(RestServlet):
    """
    PUT /user/{user_id}/account_data/{account_dataType} HTTP/1.1
    """
    PATTERNS = client_v2_patterns(
        "/user/(?P<user_id>[^/]*)/account_data/(?P<account_data_type>[^/]*)"
    )
    def __init__(self, hs):
        super(AccountDataServlet, self).__init__()
        self.auth = hs.get_auth()
        self.store = hs.get_datastore()
        self.notifier = hs.get_notifier()
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id, account_data_type):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if user_id != auth_user.to_string():
            raise AuthError(403, "Cannot add account data for other users.")
        try:
            content_bytes = request.content.read()
            body = json.loads(content_bytes)
        except:
            raise SynapseError(400, "Invalid JSON")
        max_id = yield self.store.add_account_data_for_user(
            user_id, account_data_type, body
        )
        yield self.notifier.on_new_event(
            "account_data_key", max_id, users=[user_id]
        )
        defer.returnValue((200, {}))
 class RoomAccountDataServlet(RestServlet):
    """
    PUT /user/{user_id}/rooms/{room_id}/account_data/{account_dataType} HTTP/1.1
    """
    PATTERNS = client_v2_patterns(
        "/user/(?P<user_id>[^/]*)"
        "/rooms/(?P<room_id>[^/]*)"
        "/account_data/(?P<account_data_type>[^/]*)"
    )
    def __init__(self, hs):
        super(RoomAccountDataServlet, self).__init__()
        self.auth = hs.get_auth()
        self.store = hs.get_datastore()
        self.notifier = hs.get_notifier()
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id, room_id, account_data_type):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if user_id != auth_user.to_string():
            raise AuthError(403, "Cannot add account data for other users.")
        try:
            content_bytes = request.content.read()
            body = json.loads(content_bytes)
        except:
            raise SynapseError(400, "Invalid JSON")
        if not isinstance(body, dict):
            raise ValueError("Expected a JSON object")
        max_id = yield self.store.add_account_data_to_room(
            user_id, room_id, account_data_type, body
        )
        yield self.notifier.on_new_event(
            "account_data_key", max_id, users=[user_id]
        )
        defer.returnValue((200, {}))
 def register_servlets(hs, http_server):
    AccountDataServlet(hs).register(http_server)
    RoomAccountDataServlet(hs).register(http_server)
--- a/synapse/rest/client/v2_alpha/auth.py
+++ b/synapse/rest/client/v2_alpha/auth.py
@@ -20,7 +20,7 @@ from synapse.api.errors import SynapseError
 from synapse.api.urls import CLIENT_V2_ALPHA_PREFIX
 from synapse.http.servlet import RestServlet
-from ._base import client_v2_pattern
+from ._base import client_v2_patterns
 import logging
@@ -97,7 +97,7 @@ class AuthRestServlet(RestServlet):
    cannot be handled in the normal flow (with requests to the same endpoint).
    Current use is for web fallback auth.
    """
-    PATTERN = client_v2_pattern("/auth/(?P<stagetype>[\w\.]*)/fallback/web")
+    PATTERNS = client_v2_patterns("/auth/(?P<stagetype>[\w\.]*)/fallback/web")
    def __init__(self, hs):
        super(AuthRestServlet, self).__init__()
--- a/synapse/rest/client/v2_alpha/filter.py
+++ b/synapse/rest/client/v2_alpha/filter.py
@@ -19,7 +19,7 @@ from synapse.api.errors import AuthError, SynapseError
 from synapse.http.servlet import RestServlet
 from synapse.types import UserID
-from ._base import client_v2_pattern
+from ._base import client_v2_patterns
 import simplejson as json
 import logging
@@ -29,7 +29,7 @@ logger = logging.getLogger(__name__)
 class GetFilterRestServlet(RestServlet):
-    PATTERN = client_v2_pattern("/user/(?P<user_id>[^/]*)/filter/(?P<filter_id>[^/]*)")
+    PATTERNS = client_v2_patterns("/user/(?P<user_id>[^/]*)/filter/(?P<filter_id>[^/]*)")
    def __init__(self, hs):
        super(GetFilterRestServlet, self).__init__()
@@ -40,7 +40,7 @@ class GetFilterRestServlet(RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request, user_id, filter_id):
        target_user = UserID.from_string(user_id)
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if target_user != auth_user:
            raise AuthError(403, "Cannot get filters for other users")
@@ -65,7 +65,7 @@ class GetFilterRestServlet(RestServlet):
 class CreateFilterRestServlet(RestServlet):
-    PATTERN = client_v2_pattern("/user/(?P<user_id>[^/]*)/filter")
+    PATTERNS = client_v2_patterns("/user/(?P<user_id>[^/]*)/filter")
    def __init__(self, hs):
        super(CreateFilterRestServlet, self).__init__()
@@ -76,7 +76,7 @@ class CreateFilterRestServlet(RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request, user_id):
        target_user = UserID.from_string(user_id)
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if target_user != auth_user:
            raise AuthError(403, "Cannot create filters for other users")
--- a/synapse/rest/client/v2_alpha/keys.py
+++ b/synapse/rest/client/v2_alpha/keys.py
@@ -21,7 +21,7 @@ from synapse.types import UserID
 from canonicaljson import encode_canonical_json
-from ._base import client_v2_pattern
+from ._base import client_v2_patterns
 import simplejson as json
 import logging
@@ -54,7 +54,7 @@ class KeyUploadServlet(RestServlet):
      },
    }
    """
-    PATTERN = client_v2_pattern("/keys/upload/(?P<device_id>[^/]*)")
+    PATTERNS = client_v2_patterns("/keys/upload/(?P<device_id>[^/]*)", releases=())
    def __init__(self, hs):
        super(KeyUploadServlet, self).__init__()
@@ -64,7 +64,7 @@ class KeyUploadServlet(RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request, device_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user_id = auth_user.to_string()
        # TODO: Check that the device_id matches that in the authentication
        # or derive the device_id from the authentication instead.
@@ -109,7 +109,7 @@ class KeyUploadServlet(RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request, device_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        user_id = auth_user.to_string()
        result = yield self.store.count_e2e_one_time_keys(user_id, device_id)
@@ -154,12 +154,13 @@ class KeyQueryServlet(RestServlet):
    } } } } } }
    """
-    PATTERN = client_v2_pattern(
+    PATTERNS = client_v2_patterns(
        "/keys/query(?:"
        "/(?P<user_id>[^/]*)(?:"
        "/(?P<device_id>[^/]*)"
        ")?"
-        ")?"
+        ")?",
        releases=()
    )
    def __init__(self, hs):
@@ -181,7 +182,7 @@ class KeyQueryServlet(RestServlet):
    @defer.inlineCallbacks
    def on_GET(self, request, user_id, device_id):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        auth_user_id = auth_user.to_string()
        user_id = user_id if user_id else auth_user_id
        device_ids = [device_id] if device_id else []
@@ -245,10 +246,11 @@ class OneTimeKeyServlet(RestServlet):
    } } } }
    """
-    PATTERN = client_v2_pattern(
+    PATTERNS = client_v2_patterns(
        "/keys/claim(?:/?|(?:/"
        "(?P<user_id>[^/]*)/(?P<device_id>[^/]*)/(?P<algorithm>[^/]*)"
-        ")?)"
+        ")?)",
        releases=()
    )
    def __init__(self, hs):
--- a/synapse/rest/client/v2_alpha/receipts.py
+++ b/synapse/rest/client/v2_alpha/receipts.py
@@ -15,8 +15,9 @@
 from twisted.internet import defer
 from synapse.api.errors import SynapseError
 from synapse.http.servlet import RestServlet
-from ._base import client_v2_pattern
+from ._base import client_v2_patterns
 import logging
@@ -25,7 +26,7 @@ logger = logging.getLogger(__name__)
 class ReceiptRestServlet(RestServlet):
-    PATTERN = client_v2_pattern(
+    PATTERNS = client_v2_patterns(
        "/rooms/(?P<room_id>[^/]*)"
        "/receipt/(?P<receipt_type>[^/]*)"
        "/(?P<event_id>[^/]*)$"
@@ -39,7 +40,10 @@ class ReceiptRestServlet(RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request, room_id, receipt_type, event_id):
-        user, _ = yield self.auth.get_user_by_req(request)
+        user, _, _ = yield self.auth.get_user_by_req(request)
        if receipt_type != "m.read":
            raise SynapseError(400, "Receipt type must be 'm.read'")
        yield self.receipts_handler.received_client_receipt(
            room_id,
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -16,10 +16,10 @@
 from twisted.internet import defer
 from synapse.api.constants import LoginType
-from synapse.api.errors import SynapseError, Codes
+from synapse.api.errors import SynapseError, Codes, UnrecognizedRequestError
 from synapse.http.servlet import RestServlet
-from ._base import client_v2_pattern, parse_json_dict_from_request
+from ._base import client_v2_patterns, parse_json_dict_from_request
 import logging
 import hmac
@@ -41,7 +41,7 @@ logger = logging.getLogger(__name__)
 class RegisterRestServlet(RestServlet):
-    PATTERN = client_v2_pattern("/register")
+    PATTERNS = client_v2_patterns("/register")
    def __init__(self, hs):
        super(RegisterRestServlet, self).__init__()
@@ -55,6 +55,19 @@ class RegisterRestServlet(RestServlet):
    def on_POST(self, request):
        yield run_on_reactor()
        kind = "user"
        if "kind" in request.args:
            kind = request.args["kind"][0]
        if kind == "guest":
            ret = yield self._do_guest_registration()
            defer.returnValue(ret)
            return
        elif kind != "user":
            raise UnrecognizedRequestError(
                "Do not understand membership kind: %s" % (kind,)
            )
        if '/register/email/requestToken' in request.path:
            ret = yield self.onEmailTokenRequest(request)
            defer.returnValue(ret)
@@ -236,6 +249,18 @@ class RegisterRestServlet(RestServlet):
        ret = yield self.identity_handler.requestEmailToken(**body)
        defer.returnValue((200, ret))
    @defer.inlineCallbacks
    def _do_guest_registration(self):
        if not self.hs.config.allow_guest_access:
            defer.returnValue((403, "Guest access is disabled"))
        user_id, _ = yield self.registration_handler.register(generate_token=False)
        access_token = self.auth_handler.generate_access_token(user_id, ["guest = true"])
        defer.returnValue((200, {
            "user_id": user_id,
            "access_token": access_token,
            "home_server": self.hs.hostname,
        }))
 def register_servlets(hs, http_server):
    RegisterRestServlet(hs).register(http_server)
--- a/synapse/rest/client/v2_alpha/sync.py
+++ b/synapse/rest/client/v2_alpha/sync.py
@@ -20,14 +20,19 @@ from synapse.http.servlet import (
 )
 from synapse.handlers.sync import SyncConfig
 from synapse.types import StreamToken
 from synapse.events import FrozenEvent
 from synapse.events.utils import (
-    serialize_event, format_event_for_client_v2_without_event_id,
+    serialize_event, format_event_for_client_v2_without_room_id,
 )
-from synapse.api.filtering import Filter
+from synapse.api.filtering import FilterCollection
-from ._base import client_v2_pattern
+from synapse.api.errors import SynapseError
 from ._base import client_v2_patterns
 import copy
 import logging
 import ujson as json
 logger = logging.getLogger(__name__)
@@ -36,99 +41,93 @@ class SyncRestServlet(RestServlet):
    GET parameters::
        timeout(int): How long to wait for new events in milliseconds.
        limit(int): Maxiumum number of events per room to return.
        gap(bool): Create gaps the message history if limit is exceeded to
            ensure that the client has the most recent messages. Defaults to
            "true".
        sort(str,str): tuple of sort key (e.g. "timeline") and direction
            (e.g. "asc", "desc"). Defaults to "timeline,asc".
        since(batch_token): Batch token when asking for incremental deltas.
        set_presence(str): What state the device presence should be set to.
            default is "online".
        backfill(bool): Should the HS request message history from other
            servers. This may take a long time making it unsuitable for clients
            expecting a prompt response. Defaults to "true".
        filter(filter_id): A filter to apply to the events returned.
        filter_*: Filter override parameters.
    Response JSON::
        {
-            "next_batch": // batch token for the next /sync
+          "next_batch": // batch token for the next /sync
-            "private_user_data": // private events for this user.
+          "presence": // presence data for the user.
-            "public_user_data": // public events for all users including the
+          "rooms": {
-                                // public events for this user.
+            "join": { // Joined rooms being updated.
-            "rooms": [{ // List of rooms with updates.
+              "${room_id}": { // Id of the room being updated
                "room_id": // Id of the room being updated
                "limited": // Was the per-room event limit exceeded?
                "published": // Is the room published by our HS?
                "event_map": // Map of EventID -> event JSON.
-                "events": { // The recent events in the room if gap is "true"
+                "timeline": { // The recent events in the room if gap is "true"
-                            // otherwise the next events in the room.
+                  "limited": // Was the per-room event limit exceeded?
-                    "batch": [] // list of EventIDs in the "event_map".
+                             // otherwise the next events in the room.
-                    "prev_batch": // back token for getting previous events.
+                  "events": [] // list of EventIDs in the "event_map".
                  "prev_batch": // back token for getting previous events.
                }
-                "state": [] // list of EventIDs updating the current state to
+                "state": {"events": []} // list of EventIDs updating the
-                            // be what it should be at the end of the batch.
+                                        // current state to be what it should
-                "ephemeral": []
+                                        // be at the end of the batch.
-            }]
+                "ephemeral": {"events": []} // list of event objects
              }
            },
            "invite": {}, // Invited rooms being updated.
            "leave": {} // Archived rooms being updated.
          }
        }
    """
-    PATTERN = client_v2_pattern("/sync$")
+    PATTERNS = client_v2_patterns("/sync$")
-    ALLOWED_SORT = set(["timeline,asc", "timeline,desc"])
+    ALLOWED_PRESENCE = set(["online", "offline"])
    ALLOWED_PRESENCE = set(["online", "offline", "idle"])
    def __init__(self, hs):
        super(SyncRestServlet, self).__init__()
        self.auth = hs.get_auth()
        self.event_stream_handler = hs.get_handlers().event_stream_handler
        self.sync_handler = hs.get_handlers().sync_handler
        self.clock = hs.get_clock()
        self.filtering = hs.get_filtering()
    @defer.inlineCallbacks
    def on_GET(self, request):
-        user, token_id = yield self.auth.get_user_by_req(request)
+        user, token_id, is_guest = yield self.auth.get_user_by_req(
            request, allow_guest=True
        )
        timeout = parse_integer(request, "timeout", default=0)
        limit = parse_integer(request, "limit", required=True)
        gap = parse_boolean(request, "gap", default=True)
        sort = parse_string(
            request, "sort", default="timeline,asc",
            allowed_values=self.ALLOWED_SORT
        )
        since = parse_string(request, "since")
        set_presence = parse_string(
            request, "set_presence", default="online",
            allowed_values=self.ALLOWED_PRESENCE
        )
        backfill = parse_boolean(request, "backfill", default=False)
        filter_id = parse_string(request, "filter", default=None)
        full_state = parse_boolean(request, "full_state", default=False)
        logger.info(
-            "/sync: user=%r, timeout=%r, limit=%r, gap=%r, sort=%r, since=%r,"
+            "/sync: user=%r, timeout=%r, since=%r,"
-            " set_presence=%r, backfill=%r, filter_id=%r" % (
+            " set_presence=%r, filter_id=%r" % (
-                user, timeout, limit, gap, sort, since, set_presence,
+                user, timeout, since, set_presence, filter_id
                backfill, filter_id
            )
        )
-        # TODO(mjark): Load filter and apply overrides.
+        if filter_id and filter_id.startswith('{'):
-        try:
+            try:
-            filter = yield self.filtering.get_user_filter(
+                filter_object = json.loads(filter_id)
-                user.localpart, filter_id
+            except:
                raise SynapseError(400, "Invalid filter JSON")
            self.filtering._check_valid_filter(filter_object)
            filter = FilterCollection(filter_object)
        else:
            try:
                filter = yield self.filtering.get_user_filter(
                    user.localpart, filter_id
                )
            except:
                filter = FilterCollection({})
        if is_guest and filter.list_rooms() is None:
            raise SynapseError(
                400, "Guest users must provide a list of rooms in the filter"
            )
        except:
            filter = Filter({})
        # filter = filter.apply_overrides(http_request)
        # if filter.matches(event):
        #   # stuff
        sync_config = SyncConfig(
            user=user,
-            gap=gap,
+            is_guest=is_guest,
            limit=limit,
            sort=sort,
            backfill=backfill,
            filter=filter,
        )
@@ -137,70 +136,260 @@ class SyncRestServlet(RestServlet):
        else:
            since_token = None
-        sync_result = yield self.sync_handler.wait_for_sync_for_user(
+        if set_presence == "online":
-            sync_config, since_token=since_token, timeout=timeout
+            yield self.event_stream_handler.started_stream(user)
-        )
+
        try:
            sync_result = yield self.sync_handler.wait_for_sync_for_user(
                sync_config, since_token=since_token, timeout=timeout,
                full_state=full_state
            )
        finally:
            if set_presence == "online":
                self.event_stream_handler.stopped_stream(user)
        time_now = self.clock.time_msec()
        joined = self.encode_joined(
            sync_result.joined, filter, time_now, token_id
        )
        invited = self.encode_invited(
            sync_result.invited, filter, time_now, token_id
        )
        archived = self.encode_archived(
            sync_result.archived, filter, time_now, token_id
        )
        response_content = {
-            "public_user_data": self.encode_user_data(
+            "account_data": self.encode_account_data(
-                sync_result.public_user_data, filter, time_now
+                sync_result.account_data, filter, time_now
            ),
-            "private_user_data": self.encode_user_data(
+            "presence": self.encode_presence(
-                sync_result.private_user_data, filter, time_now
+                sync_result.presence, filter, time_now
            ),
            "rooms": self.encode_rooms(
                sync_result.rooms, filter, time_now, token_id
            ),
            "rooms": {
                "join": joined,
                "invite": invited,
                "leave": archived,
            },
            "next_batch": sync_result.next_batch.to_string(),
        }
        defer.returnValue((200, response_content))
-    def encode_user_data(self, events, filter, time_now):
+    def encode_presence(self, events, filter, time_now):
-        return events
+        formatted = []
        for event in events:
            event = copy.deepcopy(event)
            event['sender'] = event['content'].pop('user_id')
            formatted.append(event)
        return {"events": filter.filter_presence(formatted)}
-    def encode_rooms(self, rooms, filter, time_now, token_id):
+    def encode_account_data(self, events, filter, time_now):
-        return [
+        return {"events": filter.filter_account_data(events)}
-            self.encode_room(room, filter, time_now, token_id)
+
-            for room in rooms
+    def encode_joined(self, rooms, filter, time_now, token_id):
-        ]
+        """
        Encode the joined rooms in a sync result
        :param list[synapse.handlers.sync.JoinedSyncResult] rooms: list of sync
            results for rooms this user is joined to
        :param FilterCollection filter: filters to apply to the results
        :param int time_now: current time - used as a baseline for age
            calculations
        :param int token_id: ID of the user's auth token - used for namespacing
            of transaction IDs
        :return: the joined rooms list, in our response format
        :rtype: dict[str, dict[str, object]]
        """
        joined = {}
        for room in rooms:
            joined[room.room_id] = self.encode_room(
                room, filter, time_now, token_id
            )
        return joined
    def encode_invited(self, rooms, filter, time_now, token_id):
        """
        Encode the invited rooms in a sync result
        :param list[synapse.handlers.sync.InvitedSyncResult] rooms: list of
             sync results for rooms this user is joined to
        :param FilterCollection filter: filters to apply to the results
        :param int time_now: current time - used as a baseline for age
            calculations
        :param int token_id: ID of the user's auth token - used for namespacing
            of transaction IDs
        :return: the invited rooms list, in our response format
        :rtype: dict[str, dict[str, object]]
        """
        invited = {}
        for room in rooms:
            invite = serialize_event(
                room.invite, time_now, token_id=token_id,
                event_format=format_event_for_client_v2_without_room_id,
            )
            invited_state = invite.get("unsigned", {}).pop("invite_room_state", [])
            invited_state.append(invite)
            invited[room.room_id] = {
                "invite_state": {"events": invited_state}
            }
        return invited
    def encode_archived(self, rooms, filter, time_now, token_id):
        """
        Encode the archived rooms in a sync result
        :param list[synapse.handlers.sync.ArchivedSyncResult] rooms: list of
             sync results for rooms this user is joined to
        :param FilterCollection filter: filters to apply to the results
        :param int time_now: current time - used as a baseline for age
            calculations
        :param int token_id: ID of the user's auth token - used for namespacing
            of transaction IDs
        :return: the invited rooms list, in our response format
        :rtype: dict[str, dict[str, object]]
        """
        joined = {}
        for room in rooms:
            joined[room.room_id] = self.encode_room(
                room, filter, time_now, token_id, joined=False
            )
        return joined
    @staticmethod
-    def encode_room(room, filter, time_now, token_id):
+    def encode_room(room, filter, time_now, token_id, joined=True):
-        event_map = {}
+        """
-        state_events = filter.filter_room_state(room.state)
+        :param JoinedSyncResult|ArchivedSyncResult room: sync result for a
-        recent_events = filter.filter_room_events(room.events)
+            single room
-        state_event_ids = []
+        :param FilterCollection filter: filters to apply to the results
-        recent_event_ids = []
+        :param int time_now: current time - used as a baseline for age
-        for event in state_events:
+            calculations
-            # TODO(mjark): Respect formatting requirements in the filter.
+        :param int token_id: ID of the user's auth token - used for namespacing
-            event_map[event.event_id] = serialize_event(
+            of transaction IDs
-                event, time_now, token_id=token_id,
+        :param joined: True if the user is joined to this room - will mean
-                event_format=format_event_for_client_v2_without_event_id,
+            we handle ephemeral events
            )
            state_event_ids.append(event.event_id)
-        for event in recent_events:
+        :return: the room, encoded in our response format
        :rtype: dict[str, object]
        """
        def serialize(event):
            # TODO(mjark): Respect formatting requirements in the filter.
-            event_map[event.event_id] = serialize_event(
+            return serialize_event(
                event, time_now, token_id=token_id,
-                event_format=format_event_for_client_v2_without_event_id,
+                event_format=format_event_for_client_v2_without_room_id,
            )
-            recent_event_ids.append(event.event_id)
+
        state_dict = room.state
        timeline_events = filter.filter_room_timeline(room.timeline.events)
        state_dict = SyncRestServlet._rollback_state_for_timeline(
            state_dict, timeline_events)
        state_events = filter.filter_room_state(state_dict.values())
        serialized_state = [serialize(e) for e in state_events]
        serialized_timeline = [serialize(e) for e in timeline_events]
        account_data = filter.filter_room_account_data(
            room.account_data
        )
        result = {
-            "room_id": room.room_id,
+            "timeline": {
-            "event_map": event_map,
+                "events": serialized_timeline,
-            "events": {
+                "prev_batch": room.timeline.prev_batch.to_string(),
-                "batch": recent_event_ids,
+                "limited": room.timeline.limited,
                "prev_batch": room.prev_batch.to_string(),
            },
-            "state": state_event_ids,
+            "state": {"events": serialized_state},
-            "limited": room.limited,
+            "account_data": {"events": account_data},
            "published": room.published,
            "ephemeral": room.ephemeral,
        }
        if joined:
            ephemeral_events = filter.filter_room_ephemeral(room.ephemeral)
            result["ephemeral"] = {"events": ephemeral_events}
        return result
    @staticmethod
    def _rollback_state_for_timeline(state, timeline):
        """
        Wind the state dictionary backwards, so that it represents the
        state at the start of the timeline, rather than at the end.
        :param dict[(str, str), synapse.events.EventBase] state: the
            state dictionary. Will be updated to the state before the timeline.
        :param list[synapse.events.EventBase] timeline: the event timeline
        :return: updated state dictionary
        """
        logger.debug("Processing state dict %r; timeline %r", state,
                     [e.get_dict() for e in timeline])
        result = state.copy()
        for timeline_event in reversed(timeline):
            if not timeline_event.is_state():
                continue
            event_key = (timeline_event.type, timeline_event.state_key)
            logger.debug("Considering %s for removal", event_key)
            state_event = result.get(event_key)
            if (state_event is None or
                    state_event.event_id != timeline_event.event_id):
                # the event in the timeline isn't present in the state
                # dictionary.
                #
                # the most likely cause for this is that there was a fork in
                # the event graph, and the state is no longer valid. Really,
                # the event shouldn't be in the timeline. We're going to ignore
                # it for now, however.
                logger.warn("Found state event %r in timeline which doesn't "
                            "match state dictionary", timeline_event)
                continue
            prev_event_id = timeline_event.unsigned.get("replaces_state", None)
            prev_content = timeline_event.unsigned.get('prev_content')
            prev_sender = timeline_event.unsigned.get('prev_sender')
            # Empircally it seems possible for the event to have a
            # "replaces_state" key but not a prev_content or prev_sender
            # markjh conjectures that it could be due to the server not
            # having a copy of that event.
            # If this is the case the we ignore the previous event. This will
            # cause the displayname calculations on the client to be incorrect
            if prev_event_id is None or not prev_content or not prev_sender:
                logger.debug(
                    "Removing %r from the state dict, as it is missing"
                    " prev_content (prev_event_id=%r)",
                    timeline_event.event_id, prev_event_id
                )
                del result[event_key]
            else:
                logger.debug(
                    "Replacing %r with %r in state dict",
                    timeline_event.event_id, prev_event_id
                )
                result[event_key] = FrozenEvent({
                    "type": timeline_event.type,
                    "state_key": timeline_event.state_key,
                    "content": prev_content,
                    "sender": prev_sender,
                    "event_id": prev_event_id,
                    "room_id": timeline_event.room_id,
                })
            logger.debug("New value: %r", result.get(event_key))
        return result
--- a/synapse/rest/client/v2_alpha/tags.py
+++ b/synapse/rest/client/v2_alpha/tags.py
@@ -0,0 +1,106 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015 OpenMarket Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from ._base import client_v2_patterns
 from synapse.http.servlet import RestServlet
 from synapse.api.errors import AuthError, SynapseError
 from twisted.internet import defer
 import logging
 import simplejson as json
 logger = logging.getLogger(__name__)
 class TagListServlet(RestServlet):
    """
    GET /user/{user_id}/rooms/{room_id}/tags HTTP/1.1
    """
    PATTERNS = client_v2_patterns(
        "/user/(?P<user_id>[^/]*)/rooms/(?P<room_id>[^/]*)/tags"
    )
    def __init__(self, hs):
        super(TagListServlet, self).__init__()
        self.auth = hs.get_auth()
        self.store = hs.get_datastore()
    @defer.inlineCallbacks
    def on_GET(self, request, user_id, room_id):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if user_id != auth_user.to_string():
            raise AuthError(403, "Cannot get tags for other users.")
        tags = yield self.store.get_tags_for_room(user_id, room_id)
        defer.returnValue((200, {"tags": tags}))
 class TagServlet(RestServlet):
    """
    PUT /user/{user_id}/rooms/{room_id}/tags/{tag} HTTP/1.1
    DELETE /user/{user_id}/rooms/{room_id}/tags/{tag} HTTP/1.1
    """
    PATTERNS = client_v2_patterns(
        "/user/(?P<user_id>[^/]*)/rooms/(?P<room_id>[^/]*)/tags/(?P<tag>[^/]*)"
    )
    def __init__(self, hs):
        super(TagServlet, self).__init__()
        self.auth = hs.get_auth()
        self.store = hs.get_datastore()
        self.notifier = hs.get_notifier()
    @defer.inlineCallbacks
    def on_PUT(self, request, user_id, room_id, tag):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if user_id != auth_user.to_string():
            raise AuthError(403, "Cannot add tags for other users.")
        try:
            content_bytes = request.content.read()
            body = json.loads(content_bytes)
        except:
            raise SynapseError(400, "Invalid tag JSON")
        max_id = yield self.store.add_tag_to_room(user_id, room_id, tag, body)
        yield self.notifier.on_new_event(
            "account_data_key", max_id, users=[user_id]
        )
        defer.returnValue((200, {}))
    @defer.inlineCallbacks
    def on_DELETE(self, request, user_id, room_id, tag):
        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        if user_id != auth_user.to_string():
            raise AuthError(403, "Cannot add tags for other users.")
        max_id = yield self.store.remove_tag_from_room(user_id, room_id, tag)
        yield self.notifier.on_new_event(
            "account_data_key", max_id, users=[user_id]
        )
        defer.returnValue((200, {}))
 def register_servlets(hs, http_server):
    TagListServlet(hs).register(http_server)
    TagServlet(hs).register(http_server)
--- a/synapse/rest/client/v2_alpha/tokenrefresh.py
+++ b/synapse/rest/client/v2_alpha/tokenrefresh.py
@@ -18,7 +18,7 @@ from twisted.internet import defer
 from synapse.api.errors import AuthError, StoreError, SynapseError
 from synapse.http.servlet import RestServlet
-from ._base import client_v2_pattern, parse_json_dict_from_request
+from ._base import client_v2_patterns, parse_json_dict_from_request
 class TokenRefreshRestServlet(RestServlet):
@@ -26,7 +26,7 @@ class TokenRefreshRestServlet(RestServlet):
    Exchanges refresh tokens for a pair of an access token and a new refresh
    token.
    """
-    PATTERN = client_v2_pattern("/tokenrefresh")
+    PATTERNS = client_v2_patterns("/tokenrefresh")
    def __init__(self, hs):
        super(TokenRefreshRestServlet, self).__init__()
--- a/synapse/rest/media/v0/content_repository.py
+++ b/synapse/rest/media/v0/content_repository.py
@@ -66,7 +66,7 @@ class ContentRepoResource(resource.Resource):
    @defer.inlineCallbacks
    def map_request_to_name(self, request):
        # auth the user
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        # namespace all file uploads on the user
        prefix = base64.urlsafe_b64encode(
--- a/synapse/rest/media/v1/upload_resource.py
+++ b/synapse/rest/media/v1/upload_resource.py
@@ -70,7 +70,7 @@ class UploadResource(BaseMediaResource):
    @request_handler
    @defer.inlineCallbacks
    def _async_render_POST(self, request):
-        auth_user, _ = yield self.auth.get_user_by_req(request)
+        auth_user, _, _ = yield self.auth.get_user_by_req(request)
        # TODO: The checks here are a bit late. The content will have
        # already been uploaded to a tmp file at this point
        content_length = request.getHeader("Content-Length")
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -19,7 +19,9 @@
 # partial one for unit test mocking.
 # Imports required for the default HomeServer() implementation
 from twisted.web.client import BrowserLikePolicyForHTTPS
 from synapse.federation import initialize_http_replication
 from synapse.http.client import SimpleHttpClient,  InsecureInterceptableContextFactory
 from synapse.notifier import Notifier
 from synapse.api.auth import Auth
 from synapse.handlers import Handlers
@@ -27,7 +29,6 @@ from synapse.state import StateHandler
 from synapse.storage import DataStore
 from synapse.util import Clock
 from synapse.util.distributor import Distributor
 from synapse.util.lockutils import LockManager
 from synapse.streams.events import EventSources
 from synapse.api.ratelimiting import Ratelimiter
 from synapse.crypto.keyring import Keyring
@@ -68,11 +69,9 @@ class BaseHomeServer(object):
        'auth',
        'rest_servlet_factory',
        'state_handler',
        'room_lock_manager',
        'notifier',
        'distributor',
-        'resource_for_client',
+        'client_resource',
        'resource_for_client_v2_alpha',
        'resource_for_federation',
        'resource_for_static_content',
        'resource_for_web_client',
@@ -87,6 +86,8 @@ class BaseHomeServer(object):
        'pusherpool',
        'event_builder_factory',
        'filtering',
        'http_client_context_factory',
        'simple_http_client',
    ]
    def __init__(self, hostname, **kwargs):
@@ -174,6 +175,17 @@ class HomeServer(BaseHomeServer):
    def build_auth(self):
        return Auth(self)
    def build_http_client_context_factory(self):
        config = self.get_config()
        return (
            InsecureInterceptableContextFactory()
            if config.use_insecure_ssl_client_just_for_testing_do_not_use
            else BrowserLikePolicyForHTTPS()
        )
    def build_simple_http_client(self):
        return SimpleHttpClient(self)
    def build_v1auth(self):
        orf = Auth(self)
        # Matrix spec makes no reference to what HTTP status code is returned,
@@ -186,9 +198,6 @@ class HomeServer(BaseHomeServer):
    def build_state_handler(self):
        return StateHandler(self)
    def build_room_lock_manager(self):
        return LockManager()
    def build_distributor(self):
        return Distributor()
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`perl -MCrypt::Random -MCrypt::Eksblowfish::Bcrypt -e 'print Crypt::Eksblowfish::Bcrypt::bcrypt("secret", "\$2\$12\$" . Crypt::Eksblowfish::Bcrypt::en_base64(Crypt::Random::makerandom_octet(Length=>16)))."\n"'`