This makes the "messages" key in the content required. This is currently
optional in the spec, but that seems to be an error.

Removes the trailing slash with causes issues with matrix.to/Element.

Adds the redacts endpoint to workers that have the client listener.

This table has been unused since Synapse v1.17.0.

Tests were broken due to an API changing. The code used in Synapse
proper should be compatible with both versions already.

This makes the CAS handler look more like the SAML/OIDC handlers:

* Render errors to users instead of throwing JSON errors.
* Internal reorganization.

Adds a new setting `email.invite_client_location` which, if defined, is
passed to the identity server during invites.

This adds an admin API that allows a server admin to get power in a room if a local user has power in a room. Will also invite the user if they're not in the room and its a private room. Can specify another user (rather than the admin user) to be granted power.

Co-authored-by: Matthew Hodgson <matthew@matrix.org>

This had two effects 1) it'd give the wrong answer and b) would iterate
*all* power levels in the auth chain of each event. The latter of which
can be *very* expensive for certain types of IRC bridge rooms that have
large numbers of power level changes.

The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow
`UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser
back to the client, we redirect to a username-picker resource, which allows the user to enter a username.
We *then* complete the SSO flow (including doing the client permission checks).

The static resources for the username picker itself (in 
https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker)
are essentially lifted wholesale from
https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. 
As the comment says, we might want to think about making them customisable, but that can be a follow-up. 

Fixes #8876.

This fixes an KeyError exception, after this PR the content
is just considered unknown.

If we see stale extremities while persisting events, and notice that
they don't change the result of state resolution, we drop them.

... and disable coverage tracking for mypy and friends.

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

* Use the simple dictionary in fts for the user directory

* Clarify naming

Fixes a bug that deactivated users appear in the directory when their profile information was updated.

To change profile information of deactivated users is neccesary for example you will remove displayname or avatar.
But they should not appear in directory. They are deactivated.



Co-authored-by: Erik Johnston <erikj@jki.re>

This is another part of my work towards fixing #8876. It moves some of the logic currently in the SAML and OIDC handlers - in particular the call to `AuthHandler.complete_sso_login` down into the `SsoHandler`.

Move it from the federation section to the server section to match
ip_range_blacklist.

This improves type hinting and should use less memory.

More preparatory refactoring of the OidcHandler tests

Remove `Request` return value from `make_request`

It used to write an empty file if you gave it a -o arg.

... so that we can test its behaviour when it raises.

Also pull it out to the top level so that I can use it from other test classes.

The tests that need this all do it already.

despite the warnings saying "don't implement get_extra_attributes", we had
implemented it, so the tests weren't doing what we thought they were.

This was never used, so let's get rid of it.