* add tests for filter api errors

 * add tests

Signed-off-by: Alexander Maznev <alexander.maznev@gmail.com>

Interactive Auth: Return 401 from for incorrect password

This requires a bit of fettling, because I want to return a helpful error
message too but we don't want to distinguish between unknown user and invalid
password. To avoid hardcoding the error message into 15 places in the code,
I've had to refactor a few methods to return None instead of throwing.

Fixes https://matrix.org/jira/browse/SYN-744

window.postmessage for Interactive Auth fallback

If you're a webapp running the fallback in an iframe, you can't set set a
window.onAuthDone function. Let's post a message back to window.opener instead.

Add Riot brand to email notifs

Restructure ldap authentication

- properly parse return values of ldap bind() calls
- externalize authentication methods
- change control flow to be more error-resilient
- unbind ldap connections in many places
- improve log messages and loglevels

Fix background reindex of origin_server_ts

Update port script with recently added tables

The storage function `_get_events_txn` was removed everywhere except
from this background reindex. The function was removed due to it being
(almost) completely unused while also being large and complex.
Therefore, instead of resurrecting `_get_events_txn` we manually
reimplement the bits that are needed directly.

Fix perf of fetching state in SQLite

This also fixes a bug where the port script would explode when it
encountered the newly added boolean column
`public_room_list_stream.visibility`

Time out typing over federation

Allow invites via 3pid to bypass sender sig check

Support /initialSync in synchrotron worker

When a server sends a third party invite another server may be the one
that the inviting user registers with. In this case it is that remote
server that will issue an actual invitation, and wants to do it "in the
name of" the original invitee. However, the new proper invite will not
be signed by the original server, and thus other servers would reject
the invite if it was seen as coming from the original user.

To fix this, a special case has been added to the auth rules whereby
another server can send an invite "in the name of" another server's
user, so long as that user had previously issued a third party invite
that is now being accepted.

Fix _delete_old_forward_extrem_cache query