Use the new dedicated Synapse API

crates/cli/src/util.rs

@@ -17,7 +17,7 @@ use mas_data_model::{SessionExpirationConfig, SiteConfig};
 use mas_email::{MailTransport, Mailer};
 use mas_handlers::passwords::PasswordManager;
 use mas_matrix::{HomeserverConnection, ReadOnlyHomeserverConnection};
-use mas_matrix_synapse::SynapseConnection;
+use mas_matrix_synapse::{LegacySynapseConnection, SynapseConnection};
 use mas_policy::PolicyFactory;
 use mas_router::UrlBuilder;
 use mas_storage::{BoxRepositoryFactory, RepositoryAccess, RepositoryFactory};
@@ -469,14 +469,22 @@ pub fn homeserver_connection_from_config(
     http_client: reqwest::Client,
 ) -> Arc<dyn HomeserverConnection> {
     match config.kind {
-        HomeserverKind::Synapse => Arc::new(SynapseConnection::new(
+        HomeserverKind::Synapse | HomeserverKind::SynapseLegacy => {
+            Arc::new(LegacySynapseConnection::new(
+                config.homeserver.clone(),
+                config.endpoint.clone(),
+                config.secret.clone(),
+                http_client,
+            ))
+        }
+        HomeserverKind::SynapseModern => Arc::new(SynapseConnection::new(
             config.homeserver.clone(),
             config.endpoint.clone(),
             config.secret.clone(),
             http_client,
         )),
         HomeserverKind::SynapseReadOnly => {
-            let connection = SynapseConnection::new(
+            let connection = LegacySynapseConnection::new(
                 config.homeserver.clone(),
                 config.endpoint.clone(),
                 config.secret.clone(),

crates/config/src/sections/matrix.rs

@@ -27,15 +27,25 @@ fn default_endpoint() -> Url {
 #[derive(Debug, Clone, Serialize, Deserialize, JsonSchema, Default)]
 #[serde(rename_all = "snake_case")]
 pub enum HomeserverKind {
-    /// Homeserver is Synapse
+    /// Homeserver is Synapse, using the legacy API
+    ///
+    /// This will switch to using the modern API in a few releases.
     #[default]
     Synapse,
 
-    /// Homeserver is Synapse, in read-only mode
+    /// Homeserver is Synapse, using the legacy API, in read-only mode
     ///
     /// This is meant for testing rolling out Matrix Authentication Service with
     /// no risk of writing data to the homeserver.
+    ///
+    /// This will switch to using the modern API in a few releases.
     SynapseReadOnly,
+
+    /// Homeserver is Synapse, using the legacy API,
+    SynapseLegacy,
+
+    /// Homeserver is Synapse, with the modern API available
+    SynapseModern,
 }
 
 /// Configuration related to the Matrix homeserver

crates/handlers/src/admin/v1/users/add.rs

@@ -166,10 +166,7 @@ pub async fn handler(
     let user = repo.user().add(&mut rng, &clock, params.username).await?;
 
     homeserver
-        .provision_user(&ProvisionRequest::new(
-            homeserver.mxid(&user.username),
-            &user.sub,
-        ))
+        .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
         .await
         .map_err(RouteError::Homeserver)?;
 
@@ -222,8 +219,7 @@ mod tests {
         assert_eq!(user.username, "alice");
 
         // Check that the user was created on the homeserver
-        let mxid = state.homeserver_connection.mxid("alice");
-        let result = state.homeserver_connection.query_user(&mxid).await;
+        let result = state.homeserver_connection.query_user("alice").await;
         assert!(result.is_ok());
     }
 

crates/handlers/src/admin/v1/users/reactivate.rs

@@ -83,9 +83,8 @@ pub async fn handler(
         .ok_or(RouteError::NotFound(id))?;
 
     // Call the homeserver synchronously to reactivate the user
-    let mxid = homeserver.mxid(&user.username);
     homeserver
-        .reactivate_user(&mxid)
+        .reactivate_user(&user.username)
         .await
         .map_err(RouteError::Homeserver)?;
 
@@ -127,20 +126,23 @@ mod tests {
 
         // Provision and immediately deactivate the user on the homeserver,
         // because this endpoint will try to reactivate it
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(&mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
         state
             .homeserver_connection
-            .delete_user(&mxid, true)
+            .delete_user(&user.username, true)
             .await
             .unwrap();
 
         // The user should be deactivated on the homeserver
-        let mx_user = state.homeserver_connection.query_user(&mxid).await.unwrap();
+        let mx_user = state
+            .homeserver_connection
+            .query_user(&user.username)
+            .await
+            .unwrap();
         assert!(mx_user.deactivated);
 
         let request = Request::post(format!("/api/admin/v1/users/{}/reactivate", user.id))
@@ -176,10 +178,9 @@ mod tests {
         repo.save().await.unwrap();
 
         // Provision the user on the homeserver
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(&mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 

crates/handlers/src/admin/v1/users/unlock.rs

@@ -112,10 +112,9 @@ mod tests {
 
         // Also provision the user on the homeserver, because this endpoint will try to
         // reactivate it
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(&mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 
@@ -149,21 +148,24 @@ mod tests {
         repo.save().await.unwrap();
 
         // Provision the user on the homeserver
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(&mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
         // but then deactivate it
         state
             .homeserver_connection
-            .delete_user(&mxid, true)
+            .delete_user(&user.username, true)
             .await
             .unwrap();
 
         // The user should be deactivated on the homeserver
-        let mx_user = state.homeserver_connection.query_user(&mxid).await.unwrap();
+        let mx_user = state
+            .homeserver_connection
+            .query_user(&user.username)
+            .await
+            .unwrap();
         assert!(mx_user.deactivated);
 
         let request = Request::post(format!("/api/admin/v1/users/{}/unlock", user.id))
@@ -182,7 +184,11 @@ mod tests {
             body["data"]["attributes"]["deactivated_at"],
             serde_json::json!(state.clock.now())
         );
-        let mx_user = state.homeserver_connection.query_user(&mxid).await.unwrap();
+        let mx_user = state
+            .homeserver_connection
+            .query_user(&user.username)
+            .await
+            .unwrap();
         assert!(mx_user.deactivated);
     }
 

crates/handlers/src/compat/login.rs

@@ -411,7 +411,11 @@ pub(crate) async fn post(
     // Now we can create the device on the homeserver, without holding the
     // transaction
     if let Err(err) = homeserver
-        .create_device(&user_id, device.as_str(), session.human_name.as_deref())
+        .upsert_device(
+            &user.username,
+            device.as_str(),
+            session.human_name.as_deref(),
+        )
         .await
     {
         // Something went wrong, let's end this session and schedule a device sync
@@ -829,10 +833,9 @@ mod tests {
             .add(&mut rng, &state.clock, &user, version, hash, None)
             .await
             .unwrap();
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 
@@ -1133,10 +1136,9 @@ mod tests {
             .await
             .unwrap();
 
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 
@@ -1239,10 +1241,9 @@ mod tests {
         let user = repo.user().lock(&state.clock, user).await.unwrap();
         repo.save().await.unwrap();
 
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 

crates/handlers/src/graphql/model/matrix.rs

@@ -27,9 +27,9 @@ impl MatrixUser {
         conn: &C,
         user: &str,
     ) -> Result<MatrixUser, anyhow::Error> {
-        let mxid = conn.mxid(user);
+        let info = conn.query_user(user).await?;
 
-        let info = conn.query_user(&mxid).await?;
+        let mxid = conn.mxid(user);
 
         Ok(MatrixUser {
             mxid,

crates/handlers/src/graphql/mutations/compat_session.rs

@@ -187,10 +187,9 @@ impl CompatSessionMutations {
             .await?;
 
         // Update the device on the homeserver side
-        let mxid = homeserver.mxid(&user.username);
         if let Some(device) = session.device.as_ref() {
             homeserver
-                .update_device_display_name(&mxid, device.as_str(), &input.human_name)
+                .update_device_display_name(&user.username, device.as_str(), &input.human_name)
                 .await
                 .context("Failed to provision device")?;
         }

crates/handlers/src/graphql/mutations/matrix.rs

@@ -93,7 +93,6 @@ impl MatrixMutations {
         repo.cancel().await?;
 
         let conn = state.homeserver_connection();
-        let mxid = conn.mxid(&user.username);
 
         if let Some(display_name) = &input.display_name {
             // Let's do some basic validation on the display name
@@ -105,11 +104,11 @@ impl MatrixMutations {
                 return Ok(SetDisplayNamePayload::Invalid);
             }
 
-            conn.set_displayname(&mxid, display_name)
+            conn.set_displayname(&user.username, display_name)
                 .await
                 .context("Failed to set display name")?;
         } else {
-            conn.unset_displayname(&mxid)
+            conn.unset_displayname(&user.username)
                 .await
                 .context("Failed to unset display name")?;
         }

crates/handlers/src/graphql/mutations/oauth2_session.rs

@@ -212,11 +212,10 @@ impl OAuth2SessionMutations {
         repo.user().acquire_lock_for_sync(&user).await?;
 
         // Look for devices to provision
-        let mxid = homeserver.mxid(&user.username);
         for scope in &*session.scope {
             if let Some(device) = Device::from_scope_token(scope) {
                 homeserver
-                    .create_device(&mxid, device.as_str(), None)
+                    .upsert_device(&user.username, device.as_str(), None)
                     .await
                     .context("Failed to provision device")?;
             }
@@ -331,11 +330,10 @@ impl OAuth2SessionMutations {
             .await?;
 
         // Update the device on the homeserver side
-        let mxid = homeserver.mxid(&user.username);
         for scope in &*session.scope {
             if let Some(device) = Device::from_scope_token(scope) {
                 homeserver
-                    .update_device_display_name(&mxid, device.as_str(), &input.human_name)
+                    .update_device_display_name(&user.username, device.as_str(), &input.human_name)
                     .await
                     .context("Failed to provision device")?;
             }

crates/handlers/src/graphql/mutations/user.rs

@@ -586,8 +586,7 @@ impl UserMutations {
         };
 
         // Call the homeserver synchronously to reactivate the user
-        let mxid = matrix.mxid(&user.username);
-        matrix.reactivate_user(&mxid).await?;
+        matrix.reactivate_user(&user.username).await?;
 
         // Now reactivate & unlock the user in our database
         let user = repo.user().reactivate(user).await?;
@@ -654,9 +653,7 @@ impl UserMutations {
         };
 
         let conn = state.homeserver_connection();
-        let mxid = conn.mxid(&user.username);
-
-        conn.allow_cross_signing_reset(&mxid)
+        conn.allow_cross_signing_reset(&user.username)
             .await
             .context("Failed to allow cross-signing reset")?;
 

crates/handlers/src/graphql/tests.rs

@@ -529,10 +529,9 @@ async fn test_oauth2_client_credentials(pool: PgPool) {
     // XXX: we don't run the task worker here, so even though the addUser mutation
     // should have scheduled a job to provision the user, it won't run in the test,
     // so we need to do it manually
-    let mxid = state.homeserver_connection.mxid("alice");
     state
         .homeserver_connection
-        .provision_user(&ProvisionRequest::new(mxid, user_id))
+        .provision_user(&ProvisionRequest::new("alice", user_id))
         .await
         .unwrap();
 

crates/handlers/src/oauth2/introspection.rs

@@ -634,10 +634,9 @@ mod tests {
             .await
             .unwrap();
 
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 
@@ -835,10 +834,9 @@ mod tests {
             .await
             .unwrap();
 
-        let mxid = state.homeserver_connection.mxid(&user.username);
         state
             .homeserver_connection
-            .provision_user(&ProvisionRequest::new(mxid, &user.sub))
+            .provision_user(&ProvisionRequest::new(&user.username, &user.sub))
             .await
             .unwrap();
 

crates/handlers/src/oauth2/token.rs

@@ -575,11 +575,14 @@ async fn authorization_code_grant(
         .await?;
 
     // Look for device to provision
-    let mxid = homeserver.mxid(&browser_session.user.username);
     for scope in &*session.scope {
         if let Some(device) = Device::from_scope_token(scope) {
             homeserver
-                .create_device(&mxid, device.as_str(), Some(&device_name))
+                .upsert_device(
+                    &browser_session.user.username,
+                    device.as_str(),
+                    Some(&device_name),
+                )
                 .await
                 .map_err(RouteError::ProvisionDeviceFailed)?;
         }
@@ -951,11 +954,10 @@ async fn device_code_grant(
         .await?;
 
     // Look for device to provision
-    let mxid = homeserver.mxid(&browser_session.user.username);
     for scope in &*session.scope {
         if let Some(device) = Device::from_scope_token(scope) {
             homeserver
-                .create_device(&mxid, device.as_str(), None)
+                .upsert_device(&browser_session.user.username, device.as_str(), None)
                 .await
                 .map_err(RouteError::ProvisionDeviceFailed)?;
         }