* Add 'sandbox' to the CSP for media repo

* Changelog

Make /config more CORS-y

Make isort tox check print diff when it fails

When we register a new user from SAML2 data, initialise their displayname
correctly.

If you're installing as a system package, the system package should have set up
the systemd config, so it's more useful to give an example of running in a
virtualenv here.

This implements both a SAML2 metadata endpoint (at
`/_matrix/saml2/metadata.xml`), and a SAML2 response receiver (at
`/_matrix/saml2/authn_response`). If the SAML2 response matches what's been
configured, we complete the SSO login flow by redirecting to the client url
(aka `RelayState` in SAML2 jargon) with a login token.

What we don't yet have is anything to build a SAML2 request and redirect the
user to the identity provider. That is left as an exercise for the reader.

This is mostly factoring out the post-CAS-login code to somewhere we can reuse
it for other SSO flows, but it also fixes the userid mapping while we're at it.

* Rip out half-implemented m.login.saml2 support

This was implemented in an odd way that left most of the work to the client, in
a way that I really didn't understand. It's going to be a pain to maintain, so
let's start by ripping it out.

* drop undocumented dependency on dateutil

It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.

It turns out we were relying on dateutil being pulled in transitively by
pysaml2. There's no need for that bloat.

Sometimes it's useful for synapse to generate its own .well-known file.

Notes on upgrading to python3, and README updates.

Remove obsolete settings from docker homeserver.yaml

These aren't used, because we have a `log_config` setting.

Use labels to tag builds with their SHA1 version.

Replace mentions of Vector with Riot

This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.

* Add note to UPGRADE.rst about removing riot.im from list of trusted identity servers

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Add changelog

Signed-off-by: Aaron Raimist <aaron@raim.ist>

This is a bit of a half-assed effort at fixing https://github.com/matrix-org/synapse/issues/4252. Fundamentally the right answer is to drop support for Python 2.

Drop sent_transactions

Fix removing pushers on python 3

Add a basic .editorconfig

This should fix some "Starting db connection from sentinel context" warnings,
and will mean we get metrics for these processes.

Signed-off-by: Aaron Raimist <aaron@raim.ist>

It turns out that we accept events with non-ascii IDs, which would later cause
an explosion during state res.

Fixes #4226

Signed-off-by: Aaron Raimist <aaron@raim.ist>

Signed-off-by: Aaron Raimist <aaron@raim.ist>

* Fix auto join failures for servers that require user consent

* Fix auto join failures for servers that require user consent