From fb56dfdccd129ecdc07effbb6e2e18d3b304d821 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Fri, 6 Nov 2020 11:42:07 +0000
Subject: Fix SIGHUP handler (#8697)

Fixes:

```
builtins.TypeError: _reload_logging_config() takes 1 positional argument but 2 were given
```
---
 changelog.d/8697.misc | 1 +
 synapse/app/_base.py  | 5 ++---
 2 files changed, 3 insertions(+), 3 deletions(-)
 create mode 100644 changelog.d/8697.misc

diff --git a/changelog.d/8697.misc b/changelog.d/8697.misc
new file mode 100644
index 0000000000..7982a4e46d
--- /dev/null
+++ b/changelog.d/8697.misc
@@ -0,0 +1 @@
+ Re-organize the structured logging code to separate the TCP transport handling from the JSON formatting.
diff --git a/synapse/app/_base.py b/synapse/app/_base.py
index f6f7b2bf42..9c8dc785c6 100644
--- a/synapse/app/_base.py
+++ b/synapse/app/_base.py
@@ -49,7 +49,6 @@ def register_sighup(func, *args, **kwargs):
 
     Args:
         func (function): Function to be called when sent a SIGHUP signal.
-            Will be called with a single default argument, the homeserver.
         *args, **kwargs: args and kwargs to be passed to the target function.
     """
     _sighup_callbacks.append((func, args, kwargs))
@@ -251,13 +250,13 @@ def start(hs: "synapse.server.HomeServer", listeners: Iterable[ListenerConfig]):
                 sdnotify(b"RELOADING=1")
 
                 for i, args, kwargs in _sighup_callbacks:
-                    i(hs, *args, **kwargs)
+                    i(*args, **kwargs)
 
                 sdnotify(b"READY=1")
 
             signal.signal(signal.SIGHUP, handle_sighup)
 
-            register_sighup(refresh_certificate)
+            register_sighup(refresh_certificate, hs)
 
         # Load the certificate from disk.
         refresh_certificate(hs)
-- 
cgit 1.5.1


From 2a6b6852940c29320cc463ac347c5632e9dceab2 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Fri, 6 Nov 2020 11:59:22 +0000
Subject: Add documentation about documentation to CONTRIBUTING.md (#8714)

This PR adds some documentation that:

* Describes who the audience for the `docs/`, `docs/dev/` and `docs/admin/` directories are, as well as Synapse's wiki page.
* Stresses that we'd like all documentation to be down in markdown.
---
 CONTRIBUTING.md      | 18 ++++++++++++++++++
 changelog.d/8714.doc |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 changelog.d/8714.doc

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f7bea79b0d..1d7bb8f969 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -156,6 +156,24 @@ directory, you will need both a regular newsfragment *and* an entry in the
 debian changelog. (Though typically such changes should be submitted as two
 separate pull requests.)
 
+## Documentation
+
+There is a growing amount of documentation located in the [docs](docs)
+directory. This documentation is intended primarily for sysadmins running their
+own Synapse instance, as well as developers interacting externally with
+Synapse. [docs/dev](docs/dev) exists primarily to house documentation for
+Synapse developers. [docs/admin_api](docs/admin_api) houses documentation
+regarding Synapse's Admin API, which is used mostly by sysadmins and external
+service developers.
+
+New files added to both folders should be written in [Github-Flavoured
+Markdown](https://guides.github.com/features/mastering-markdown/), and attempts
+should be made to migrate existing documents to markdown where possible.
+
+Some documentation also exists in [Synapse's Github
+Wiki](https://github.com/matrix-org/synapse/wiki), although this is primarily
+contributed to by community authors.
+
 ## Sign off
 
 In order to have a concrete record that your contribution is intentional
diff --git a/changelog.d/8714.doc b/changelog.d/8714.doc
new file mode 100644
index 0000000000..bda22714e7
--- /dev/null
+++ b/changelog.d/8714.doc
@@ -0,0 +1 @@
+Add information regarding the various sources of, and expected contributions to, Synapse's documentation to `CONTRIBUTING.md`.
\ No newline at end of file
-- 
cgit 1.5.1


From c059413001cd2ff7c6104cfcd323ed115245ae90 Mon Sep 17 00:00:00 2001
From: Marcus Schopen <lists@localguru.de>
Date: Fri, 6 Nov 2020 15:33:07 +0100
Subject: Notes on SSO logins and media_repository worker (#8701)

If SSO login is used (e.g. SAML) in a multi worker setup, it should be mentioned that currently all SAML logins must run on the same worker, see https://github.com/matrix-org/synapse/issues/7530

Also, if you are using different ports (for example 443 and 8448) in a reverse proxy for client and federation, the path `/_matrix/media` on the client and federation port must point to the listener of the `media_repository` worker, otherwise you'll get a 404 on the federation port for the path `/_matrix/media`, if a remote server is trying to get the media object on federation port, see https://github.com/matrix-org/synapse/issues/8695
---
 changelog.d/8701.doc | 1 +
 docs/workers.md      | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 changelog.d/8701.doc

diff --git a/changelog.d/8701.doc b/changelog.d/8701.doc
new file mode 100644
index 0000000000..e2e8b2f79a
--- /dev/null
+++ b/changelog.d/8701.doc
@@ -0,0 +1 @@
+Notes on SSO logins and media_repository worker.
\ No newline at end of file
diff --git a/docs/workers.md b/docs/workers.md
index 4e046bdb31..c53d1bd2ff 100644
--- a/docs/workers.md
+++ b/docs/workers.md
@@ -262,6 +262,9 @@ using):
 Note that a HTTP listener with `client` and `federation` resources must be
 configured in the `worker_listeners` option in the worker config.
 
+Ensure that all SSO logins go to a single process (usually the main process). 
+For multiple workers not handling the SSO endpoints properly, see
+[#7530](https://github.com/matrix-org/synapse/issues/7530).
 
 #### Load balancing
 
@@ -420,6 +423,8 @@ and you must configure a single instance to run the background tasks, e.g.:
     media_instance_running_background_jobs: "media-repository-1"
 ```
 
+Note that if a reverse proxy is used , then `/_matrix/media/` must be routed for both inbound client and federation requests (if they are handled separately).
+
 ### `synapse.app.user_dir`
 
 Handles searches in the user directory. It can handle REST endpoints matching
-- 
cgit 1.5.1


From 4c7587ef99e8057960a0d9cd3c50e73b90e3c9ae Mon Sep 17 00:00:00 2001
From: Nicolai Søborg <NicolaiSoeborg@users.noreply.github.com>
Date: Wed, 11 Nov 2020 14:24:53 +0100
Subject: Catch exceptions in password_providers (#8636)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Nicolai Søborg <git@xn--sb-lka.org>
---
 changelog.d/8636.misc    |  1 +
 synapse/handlers/auth.py | 13 +++++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/8636.misc

diff --git a/changelog.d/8636.misc b/changelog.d/8636.misc
new file mode 100644
index 0000000000..df4dca42f8
--- /dev/null
+++ b/changelog.d/8636.misc
@@ -0,0 +1 @@
+Catch exceptions during initialization of `password_providers`. Contributed by Nicolai Søborg.
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index ff103cbb92..213baea2e3 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -181,10 +181,15 @@ class AuthHandler(BaseHandler):
         #   better way to break the loop
         account_handler = ModuleApi(hs, self)
 
-        self.password_providers = [
-            module(config=config, account_handler=account_handler)
-            for module, config in hs.config.password_providers
-        ]
+        self.password_providers = []
+        for module, config in hs.config.password_providers:
+            try:
+                self.password_providers.append(
+                    module(config=config, account_handler=account_handler)
+                )
+            except Exception as e:
+                logger.error("Error while initializing %r: %s", module, e)
+                raise
 
         logger.info("Extra password_providers: %r", self.password_providers)
 
-- 
cgit 1.5.1


From eedaf90c840f2b66e0cd537ccd462df19b3f5dcf Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Wed, 11 Nov 2020 14:22:40 +0000
Subject: Better error message when a remote resource uses invalid Content-Type
 (#8719)

---
 changelog.d/8719.misc                  |  1 +
 synapse/http/matrixfederationclient.py | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 changelog.d/8719.misc

diff --git a/changelog.d/8719.misc b/changelog.d/8719.misc
new file mode 100644
index 0000000000..9aabef8fc3
--- /dev/null
+++ b/changelog.d/8719.misc
@@ -0,0 +1 @@
+Improve the error message returned when a remote server incorrectly sets the `Content-Type` header in response to a JSON request.
diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
index 04766ca965..7e17cdb73e 100644
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -1063,13 +1063,19 @@ def check_content_type_is_json(headers):
     """
     c_type = headers.getRawHeaders(b"Content-Type")
     if c_type is None:
-        raise RequestSendFailed(RuntimeError("No Content-Type header"), can_retry=False)
+        raise RequestSendFailed(
+            RuntimeError("No Content-Type header received from remote server"),
+            can_retry=False,
+        )
 
     c_type = c_type[0].decode("ascii")  # only the first header
     val, options = cgi.parse_header(c_type)
     if val != "application/json":
         raise RequestSendFailed(
-            RuntimeError("Content-Type not application/json: was '%s'" % c_type),
+            RuntimeError(
+                "Remote server sent Content-Type header of '%s', not 'application/json'"
+                % c_type,
+            ),
             can_retry=False,
         )
 
-- 
cgit 1.5.1


From 89700dfb8c2fbf375d12edbde01429b4e6bfd884 Mon Sep 17 00:00:00 2001
From: Will Hunt <will@half-shot.uk>
Date: Wed, 11 Nov 2020 14:23:16 +0000
Subject: Check support room has only two users before sending a notice (#8728)

* Check support room has only two users

* Create 8728.bugfix

* Update synapse/server_notices/server_notices_manager.py

Co-authored-by: Erik Johnston <erik@matrix.org>

Co-authored-by: Erik Johnston <erik@matrix.org>
---
 changelog.d/8728.bugfix                          | 1 +
 synapse/server_notices/server_notices_manager.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/8728.bugfix

diff --git a/changelog.d/8728.bugfix b/changelog.d/8728.bugfix
new file mode 100644
index 0000000000..8064aad0ff
--- /dev/null
+++ b/changelog.d/8728.bugfix
@@ -0,0 +1 @@
+Fix bug where the `/_synapse/admin/v1/send_server_notice` API could send notices to non-notice rooms.
diff --git a/synapse/server_notices/server_notices_manager.py b/synapse/server_notices/server_notices_manager.py
index 0422d4c7ce..d464c75c03 100644
--- a/synapse/server_notices/server_notices_manager.py
+++ b/synapse/server_notices/server_notices_manager.py
@@ -119,7 +119,7 @@ class ServerNoticesManager:
             # manages to invite the system user to a room, that doesn't make it
             # the server notices room.
             user_ids = await self._store.get_users_in_room(room.room_id)
-            if self.server_notices_mxid in user_ids:
+            if len(user_ids) <= 2 and self.server_notices_mxid in user_ids:
                 # we found a room which our user shares with the system notice
                 # user
                 logger.info(
-- 
cgit 1.5.1