Merge tag 'v1.122.0' into develop

Please note that this version of Synapse drops support for PostgreSQL 11 and 12. The minimum version of PostgreSQL supported is now version 13.

No significant changes since 1.122.0rc1.

- Remove support for PostgreSQL 11 and 12. Contributed by @clokep. ([\#18034](element-hq/synapse#18034))

- Added the `email.tlsname` config option.  This allows specifying the domain name used to validate the SMTP server's TLS certificate separately from the `email.smtp_host` to connect to. ([\#17849](element-hq/synapse#17849))
- Module developers will have access to the user ID of the requester when adding `check_username_for_spam` callbacks to `spam_checker_module_callbacks`. Contributed by [email protected]. ([\#17916](element-hq/synapse#17916))
- Add endpoints to the Admin API to fetch the number of invites the provided user has sent after a given timestamp,
  fetch the number of rooms the provided user has joined after a given timestamp, and get report IDs of event
  reports against a provided user (i.e. where the user was the sender of the reported event). ([\#17948](element-hq/synapse#17948))
- Support stable account suspension from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\#17964](element-hq/synapse#17964))
- Add `macaroon_secret_key_path` config option. ([\#17983](element-hq/synapse#17983))

- Fix bug when rejecting withdrew invite with a `third_party_rules` module, where the invite would be stuck for the client. ([\#17930](element-hq/synapse#17930))
- Properly purge state groups tables when purging a room with the Admin API. ([\#18024](element-hq/synapse#18024))
- Fix a bug preventing the admin redaction endpoint from working on messages from remote users. ([\#18029](element-hq/synapse#18029), [\#18043](element-hq/synapse#18043))

- Update `synapse.app.generic_worker` documentation to only recommend `GET` requests for stream writer routes by default, unless the worker is also configured as a stream writer. Contributed by @evoL. ([\#17954](element-hq/synapse#17954))
- Add documentation for the previously-undocumented `last_seen_ts` query parameter to the query user Admin API. ([\#17976](element-hq/synapse#17976))
- Improve documentation for the `TaskScheduler` class. ([\#17992](element-hq/synapse#17992))
- Fix example in reverse proxy docs to include server port. ([\#17994](element-hq/synapse#17994))
- Update Alpine Linux Synapse Package Maintainer within the installation instructions. ([\#17846](element-hq/synapse#17846))

- Add `RoomID` & `EventID` rust types. ([\#17996](element-hq/synapse#17996))
- Fix various type errors across the codebase. ([\#17998](element-hq/synapse#17998))
- Disable DB statement timeout when doing a room purge since it can be quite long. ([\#18017](element-hq/synapse#18017))
- Remove some remaining uses of `twisted.internet.defer.returnValue`. Contributed by Colin Watson. ([\#18020](element-hq/synapse#18020))
- Refactor `get_profile` to no longer include fields with a value of `None`. ([\#18063](element-hq/synapse#18063))

* Bump anyhow from 1.0.93 to 1.0.95. ([\#18012](element-hq/synapse#18012), [\#18045](element-hq/synapse#18045))
* Bump authlib from 1.3.2 to 1.4.0. ([\#18048](element-hq/synapse#18048))
* Bump dawidd6/action-download-artifact from 6 to 7. ([\#17981](element-hq/synapse#17981))
* Bump http from 1.1.0 to 1.2.0. ([\#18013](element-hq/synapse#18013))
- Bump mypy from 1.11.2 to 1.12.1. ([\#17999](element-hq/synapse#17999))
* Bump mypy-zope from 1.0.8 to 1.0.9. ([\#18047](element-hq/synapse#18047))
* Bump pillow from 10.4.0 to 11.0.0. ([\#18015](element-hq/synapse#18015))
* Bump pydantic from 2.9.2 to 2.10.3. ([\#18014](element-hq/synapse#18014))
* Bump pyicu from 2.13.1 to 2.14. ([\#18060](element-hq/synapse#18060))
* Bump pyo3 from 0.23.2 to 0.23.3. ([\#18001](element-hq/synapse#18001))
* Bump python-multipart from 0.0.16 to 0.0.18. ([\#17985](element-hq/synapse#17985))
* Bump sentry-sdk from 2.17.0 to 2.19.2. ([\#18061](element-hq/synapse#18061))
* Bump serde from 1.0.215 to 1.0.217. ([\#18031](element-hq/synapse#18031), [\#18059](element-hq/synapse#18059))
* Bump serde_json from 1.0.133 to 1.0.134. ([\#18044](element-hq/synapse#18044))
* Bump twine from 5.1.1 to 6.0.1. ([\#18049](element-hq/synapse#18049))

**Changelogs for older versions can be found [here](docs/changelogs/).**

.ci/scripts/calculate_jobs.py

@@ -60,7 +60,7 @@ def set_output(key: str, value: str):
     {
         "python-version": "3.9",
         "database": "postgres",
-        "postgres-version": "11",
+        "postgres-version": "13",
         "extras": "all",
     }
 ]

.github/workflows/docker.yml

@@ -14,7 +14,7 @@ permissions:
   id-token: write # needed for signing the images with GitHub OIDC Token
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Set up Docker Buildx
         id: buildx

contrib/cmdclient/console.py

@@ -245,7 +245,7 @@ def _check_can_login(self):
 
         if "flows" not in json_res:
             print("Failed to find any login flows.")
-            defer.returnValue(False)
+            return False
 
         flow = json_res["flows"][0]  # assume first is the one we want.
         if "type" not in flow or "m.login.password" != flow["type"] or "stages" in flow:
@@ -254,8 +254,8 @@ def _check_can_login(self):
                 "Unable to login via the command line client. Please visit "
                 "%s to login." % fallback_url
             )
-            defer.returnValue(False)
-        defer.returnValue(True)
+            return False
+        return True
 
     def do_emailrequest(self, line):
         """Requests the association of a third party identifier

contrib/cmdclient/http.py

@@ -78,7 +78,7 @@ def put_json(self, url, data):
             url, data, headers_dict={"Content-Type": ["application/json"]}
         )
         body = yield readBody(response)
-        defer.returnValue((response.code, body))
+        return response.code, body
 
     @defer.inlineCallbacks
     def get_json(self, url, args=None):
@@ -88,7 +88,7 @@ def get_json(self, url, args=None):
             url = "%s?%s" % (url, qs)
         response = yield self._create_get_request(url)
         body = yield readBody(response)
-        defer.returnValue(json.loads(body))
+        return json.loads(body)
 
     def _create_put_request(self, url, json_data, headers_dict: Optional[dict] = None):
         """Wrapper of _create_request to issue a PUT request"""
@@ -134,7 +134,7 @@ def do_request(
             response = yield self._create_request(method, url)
 
         body = yield readBody(response)
-        defer.returnValue(json.loads(body))
+        return json.loads(body)
 
     @defer.inlineCallbacks
     def _create_request(
@@ -173,7 +173,7 @@ def _create_request(
         if self.verbose:
             print("Status %s %s" % (response.code, response.phrase))
             print(pformat(list(response.headers.getAllRawHeaders())))
-        defer.returnValue(response)
+        return response
 
     def sleep(self, seconds):
         d = defer.Deferred()

debian/changelog

@@ -1,3 +1,21 @@
+matrix-synapse-py3 (1.122.0) stable; urgency=medium
+
+  * New Synapse release 1.122.0.
+
+ -- Synapse Packaging team <[email protected]>  Tue, 14 Jan 2025 14:14:14 +0000
+
+matrix-synapse-py3 (1.122.0~rc1) stable; urgency=medium
+
+  * New Synapse release 1.122.0rc1.
+
+ -- Synapse Packaging team <[email protected]>  Tue, 07 Jan 2025 14:06:19 +0000
+
+matrix-synapse-py3 (1.121.1) stable; urgency=medium
+
+  * New Synapse release 1.121.1.
+
+ -- Synapse Packaging team <[email protected]>  Wed, 11 Dec 2024 18:24:48 +0000
+
 matrix-synapse-py3 (1.121.0) stable; urgency=medium
 
   * New Synapse release 1.121.0.

docker/conf-workers/nginx.conf.j2

@@ -38,6 +38,9 @@ server {
 {% if using_unix_sockets %}
         proxy_pass http://unix:/run/main_public.sock;
 {% else %}
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
         proxy_pass http://localhost:8080;
 {% endif %}
         proxy_set_header X-Forwarded-For $remote_addr;

docs/admin_api/event_reports.md

@@ -60,10 +60,11 @@ paginate through.
   anything other than the return value of `next_token` from a previous call. Defaults to `0`.
 * `dir`: string - Direction of event report order. Whether to fetch the most recent
   first (`b`) or the oldest first (`f`). Defaults to `b`.
-* `user_id`: string - Is optional and filters to only return users with user IDs that
-  contain this value. This is the user who reported the event and wrote the reason.
-* `room_id`: string - Is optional and filters to only return rooms with room IDs that
-  contain this value.
+* `user_id`: optional string - Filter by the user ID of the reporter. This is the user who reported the event
+   and wrote the reason.
+* `room_id`: optional string - Filter by room id.
+* `event_sender_user_id`: optional string - Filter by the sender of the reported event. This is the user who 
+   the report was made against.
 
 **Response**
 

docs/admin_api/user_admin_api.md

@@ -40,6 +40,7 @@ It returns a JSON body like the following:
     "erased": false,
     "shadow_banned": 0,
     "creation_ts": 1560432506,
+    "last_seen_ts": 1732919539393,
     "appservice_id": null,
     "consent_server_notice_sent": null,
     "consent_version": null,
@@ -477,9 +478,9 @@ with a body of:
 }
 ```
 
-## List room memberships of a user
+## List joined rooms of a user
 
-Gets a list of all `room_id` that a specific `user_id` is member.
+Gets a list of all `room_id` that a specific `user_id` is joined to and is a member of (participating in).
 
 The API is:
 
@@ -516,6 +517,73 @@ The following fields are returned in the JSON response body:
 - `joined_rooms` - An array of `room_id`.
 - `total` - Number of rooms.
 
+## Get the number of invites sent by the user
+
+Fetches the number of invites sent by the provided user ID across all rooms
+after the given timestamp.
+
+```
+GET /_synapse/admin/v1/users/$user_id/sent_invite_count
+```
+
+**Parameters**
+
+The following parameters should be set in the URL:
+
+* `user_id`: fully qualified: for example, `@user:server.com`
+
+The following should be set as query parameters in the URL:
+
+* `from_ts`: int, required. A timestamp in ms from the unix epoch. Only
+   invites sent at or after the provided timestamp will be returned.
+   This works by comparing the provided timestamp to the `received_ts`
+   column in the `events` table.
+   Note: https://currentmillis.com/ is a useful tool for converting dates
+   into timestamps and vice versa.
+
+A response body like the following is returned:
+
+```json
+{
+  "invite_count": 30
+}
+```
+
+_Added in Synapse 1.122.0_
+
+## Get the cumulative number of rooms a user has joined after a given timestamp
+
+Fetches the number of rooms that the user joined after the given timestamp, even
+if they have subsequently left/been banned from those rooms.
+
+```
+GET /_synapse/admin/v1/users/$<user_id/cumulative_joined_room_count
+```
+
+**Parameters**
+
+The following parameters should be set in the URL:
+
+* `user_id`: fully qualified: for example, `@user:server.com`
+
+The following should be set as query parameters in the URL:
+
+* `from_ts`: int, required. A timestamp in ms from the unix epoch. Only
+   invites sent at or after the provided timestamp will be returned.
+   This works by comparing the provided timestamp to the `received_ts`
+   column in the `events` table.
+   Note: https://currentmillis.com/ is a useful tool for converting dates
+   into timestamps and vice versa.
+
+A response body like the following is returned:
+
+```json
+{
+  "cumulative_joined_room_count": 30
+}
+```
+_Added in Synapse 1.122.0_
+
 ## Account Data
 Gets information about account data for a specific `user_id`.
 
@@ -1444,4 +1512,6 @@ The following fields are returned in the JSON response body:
 - `failed_redactions` - dictionary - the keys of the dict are event ids the process was unable to redact, if any, and the values are 
   the corresponding error that caused the redaction to fail
 
-_Added in Synapse 1.116.0._
+_Added in Synapse 1.116.0._
+
+