v30.3.0

* Comment explaining the purpose of RoomList

* Fix incorrect return type declaration on RoomList.getRoomEncryption

* Move RoomList out of MatrixClient, into legacy Crypto

* Initialise RoomList inside Crypto.init to allow us to await it

.editorconfig

@@ -23,4 +23,4 @@ indent_size = 4
 trim_trailing_whitespace = true
 
 [*.{yml,yaml}]
-indent_size = 2
+indent_size = 4

.eslintrc.js

@@ -1,6 +1,6 @@
 module.exports = {
     plugins: ["matrix-org", "import", "jsdoc"],
-    extends: ["plugin:matrix-org/babel", "plugin:import/typescript"],
+    extends: ["plugin:matrix-org/babel", "plugin:matrix-org/jest", "plugin:import/typescript"],
     parserOptions: {
         project: ["./tsconfig.json"],
     },
@@ -63,6 +63,17 @@ module.exports = {
                 ],
             },
         ],
+        // Disabled tests are a reality for now but as soon as all of the xits are
+        // eliminated, we should enforce this.
+        "jest/no-disabled-tests": "off",
+        // Also treat "oldBackendOnly" as a test function.
+        // Used in some crypto tests.
+        "jest/no-standalone-expect": [
+            "error",
+            {
+                additionalTestBlockFunctions: ["beforeAll", "beforeEach", "oldBackendOnly", "newBackendOnly"],
+            },
+        ],
     },
     overrides: [
         {

.github/CODEOWNERS

@@ -3,4 +3,6 @@
 /package.json             @matrix-org/element-web-app-team
 /yarn.lock                @matrix-org/element-web-app-team
 /src/webrtc               @matrix-org/element-call-reviewers
+/src/matrixrtc               @matrix-org/element-call-reviewers
 /spec/*/webrtc            @matrix-org/element-call-reviewers
+/spec/*/matrixrtc            @matrix-org/element-call-reviewers

.github/actions/sign-release-tarball/action.yml

@@ -0,0 +1,28 @@
+name: Sign Release Tarball
+description: Generates signature for release tarball and uploads it as a release asset
+inputs:
+    gpg-fingerprint:
+        description: Fingerprint of the GPG key to use for signing the tarball.
+        required: true
+    upload-url:
+        description: GitHub release upload URL to upload the signature file to.
+        required: true
+runs:
+    using: composite
+    steps:
+        - name: Generate tarball signature
+          shell: bash
+          run: |
+              git -c tar.tar.gz.command='gzip -cn' archive --format=tar.gz --prefix="${REPO#*/}-${VERSION#v}/" -o "/tmp/${VERSION}.tar.gz" "${VERSION}"
+              gpg -u "$GPG_FINGERPRINT" --armor --output "${VERSION}.tar.gz.asc" --detach-sig "/tmp/${VERSION}.tar.gz"
+              rm "/tmp/${VERSION}.tar.gz"
+          env:
+              GPG_FINGERPRINT: ${{ inputs.gpg-fingerprint }}
+              REPO: ${{ github.repository }}
+
+        - name: Upload tarball signature
+          if: ${{ inputs.upload-url }}
+          uses: shogo82148/actions-upload-release-asset@dccd6d23e64fd6a746dce6814c0bde0a04886085 # v1
+          with:
+              upload_url: ${{ inputs.upload-url }}
+              asset_path: ${{ env.VERSION }}.tar.gz.asc

.github/actions/upload-release-assets/action.yml

@@ -0,0 +1,41 @@
+name: Upload release assets
+description: Uploads assets to an existing release and optionally signs them
+inputs:
+    gpg-fingerprint:
+        description: Fingerprint of the GPG key to use for signing the assets, if any.
+        required: false
+    upload-url:
+        description: GitHub release upload URL to upload the assets to.
+        required: true
+    asset-path:
+        description: |
+            The path to the asset you want to upload, if any. You can use glob patterns here.
+            Will be GPG signed and an `.asc` file included in the release artifacts if `gpg-fingerprint` is set.
+        required: true
+runs:
+    using: composite
+    steps:
+        - name: Sign assets
+          if: inputs.gpg-fingerprint
+          shell: bash
+          run: |
+              for FILE in $ASSET_PATH
+              do
+                  gpg -u "$GPG_FINGERPRINT" --armor --output "$FILE".asc --detach-sig "$FILE"
+              done
+          env:
+              GPG_FINGERPRINT: ${{ inputs.gpg-fingerprint }}
+              ASSET_PATH: ${{ inputs.asset-path }}
+
+        - name: Upload asset signatures
+          if: inputs.gpg-fingerprint
+          uses: shogo82148/actions-upload-release-asset@dccd6d23e64fd6a746dce6814c0bde0a04886085 # v1
+          with:
+              upload_url: ${{ inputs.upload-url }}
+              asset_path: ${{ inputs.asset-path }}.asc
+
+        - name: Upload assets
+          uses: shogo82148/actions-upload-release-asset@dccd6d23e64fd6a746dce6814c0bde0a04886085 # v1
+          with:
+              upload_url: ${{ inputs.upload-url }}
+              asset_path: ${{ inputs.asset-path }}

.github/release-drafter.yml

@@ -0,0 +1,31 @@
+name-template: "v$RESOLVED_VERSION"
+tag-template: "v$RESOLVED_VERSION"
+change-template: "* $TITLE ([#$NUMBER]($URL)). Contributed by @$AUTHOR."
+categories:
+    - title: "🚨 BREAKING CHANGES"
+      label: "X-Breaking-Change"
+    - title: "🦖 Deprecations"
+      label: "T-Deprecation"
+    - title: "✨ Features"
+      label: "T-Enhancement"
+    - title: "🐛 Bug Fixes"
+      label: "T-Defect"
+    - title: "🧰 Maintenance"
+      label: "Dependencies"
+      collapse-after: 5
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+    major:
+        labels:
+            - "X-Breaking-Change"
+    default: minor
+exclude-labels:
+    - "T-Task"
+    - "X-Reverted"
+exclude-contributors:
+    - "RiotRobot"
+template: |
+    $CHANGES
+prerelease: true
+prerelease-identifier: rc
+include-pre-releases: false

.github/workflows/backport.yml

@@ -23,7 +23,7 @@ jobs:
               )
             )
         steps:
-            - uses: tibdex/backport@v2
+            - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2
               with:
                   labels_template: "<%= JSON.stringify([...labels, 'X-Release-Blocker']) %>"
                   # We can't use GITHUB_TOKEN here or CI won't run on the new PR

.github/workflows/cypress.yml

@@ -0,0 +1,90 @@
+# Triggers after the "Downstream artifacts" build has finished, to run the
+# matrix-react-sdk playwright & cypress tests (with access to repo secrets)
+
+name: matrix-react-sdk End to End Tests
+on:
+    workflow_run:
+        workflows: ["Build downstream artifacts"]
+        types:
+            - completed
+
+concurrency:
+    group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.run_id }}
+    cancel-in-progress: ${{ github.event.workflow_run.event == 'pull_request' }}
+
+jobs:
+    cypress:
+        name: Cypress
+
+        # We only want to run the cypress tests on merge queue to prevent regressions
+        # from creeping in. They take a long time to run and consume multiple concurrent runners.
+        if: github.event.workflow_run.event == 'merge_group'
+
+        uses: matrix-org/matrix-react-sdk/.github/workflows/cypress.yaml@develop
+        permissions:
+            actions: read
+            issues: read
+            statuses: write
+            pull-requests: read
+        secrets:
+            # secrets are not automatically shared with called workflows, so share the cypress dashboard key, and the Kiwi login details
+            KNAPSACK_PRO_TEST_SUITE_TOKEN_CYPRESS_RUST: ${{ secrets.KNAPSACK_PRO_TEST_SUITE_TOKEN_CYPRESS_RUST}}
+            KNAPSACK_PRO_TEST_SUITE_TOKEN_CYPRESS_LEGACY: ${{ secrets.KNAPSACK_PRO_TEST_SUITE_TOKEN_CYPRESS_LEGACY}}
+            TCMS_USERNAME: ${{ secrets.TCMS_USERNAME }}
+            TCMS_PASSWORD: ${{ secrets.TCMS_PASSWORD }}
+        with:
+            react-sdk-repository: matrix-org/matrix-react-sdk
+
+    playwright:
+        name: Playwright
+        # We only want to run the playwright tests on merge queue to prevent regressions
+        # from creeping in. They take a long time to run and consume multiple concurrent runners.
+        if: github.event.workflow_run.event == 'merge_group'
+        uses: matrix-org/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml@develop
+        permissions:
+            actions: read
+            issues: read
+            statuses: write
+            pull-requests: read
+            deployments: write
+        with:
+            react-sdk-repository: matrix-org/matrix-react-sdk
+
+    # We want to make the cypress tests a required check for the merge queue.
+    #
+    # Unfortunately, github doesn't distinguish between "checks needed for branch
+    # protection" (ie, the things that must pass before the PR will even be added
+    # to the merge queue) and "checks needed in the merge queue". We just have to add
+    # the check to the branch protection list.
+    #
+    # Ergo, if we know we're not going to run the cypress tests, we need to add a
+    # passing status check manually.
+    mark_skipped:
+        if: github.event.workflow_run.event != 'merge_group'
+        permissions:
+            statuses: write
+        runs-on: ubuntu-latest
+        steps:
+            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+              with:
+                  authToken: "${{ secrets.GITHUB_TOKEN }}"
+                  state: success
+                  description: Cypress skipped
+
+                  # Keep in step with the `context` that is updated by `Sibz/github-status-action`
+                  # in matrix-org/matrix-react-sdk/.github/workflows/cypress.yaml.
+                  context: "${{ github.workflow }} / cypress"
+
+                  sha: "${{ github.event.workflow_run.head_sha }}"
+
+            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+              with:
+                  authToken: "${{ secrets.GITHUB_TOKEN }}"
+                  state: success
+                  description: Playwright skipped
+
+                  # Keep in step with the `context` that is updated by `Sibz/github-status-action`
+                  # in matrix-org/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml.
+                  context: "${{ github.workflow }} / end-to-end-tests"
+
+                  sha: "${{ github.event.workflow_run.head_sha }}"

.github/workflows/docs-pr-netlify.yaml

@@ -14,7 +14,7 @@ jobs:
             # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
             # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
             - name: 📥 Download artifact
-              uses: dawidd6/action-download-artifact@bd10f381a96414ce2b13a11bfa89902ba7cea07f # v2.24.3
+              uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2
               with:
                   workflow: static_analysis.yml
                   run_id: ${{ github.event.workflow_run.id }}
@@ -22,7 +22,7 @@ jobs:
                   path: docs
 
             - name: 📤 Deploy to Netlify
-              uses: matrix-org/netlify-pr-preview@v1
+              uses: matrix-org/netlify-pr-preview@v3
               with:
                   path: docs
                   owner: ${{ github.event.workflow_run.head_repository.owner.login }}
@@ -32,3 +32,4 @@ jobs:
                   site_id: ${{ secrets.NETLIFY_SITE_ID }}
                   desc: Documentation preview
                   deployment_env: PR Documentation Preview
+        environment: PR Documentation Preview

.github/workflows/downstream-artifacts.yml

@@ -0,0 +1,26 @@
+name: Build downstream artifacts
+on:
+    merge_group:
+        types: [checks_requested]
+
+    pull_request: {}
+
+    # For now at least, we don't run this or the cypress-tests against pushes
+    # to develop or master.
+    #
+    # Note that if we later choose to do so, we'll need to find a way to stop
+    # the results in Cypress Cloud from clobbering those from the 'develop'
+    # branch of matrix-react-sdk.
+    #
+    #push:
+    #    branches: [develop, master]
+concurrency:
+    group: ${{ github.workflow }}-${{ github.ref }}
+    cancel-in-progress: true
+jobs:
+    build-element-web:
+        name: Build element-web
+        uses: matrix-org/matrix-react-sdk/.github/workflows/element-web.yaml@v3.85.0
+        with:
+            matrix-js-sdk-sha: ${{ github.sha }}
+            react-sdk-repository: matrix-org/matrix-react-sdk

.github/workflows/notify-downstream.yaml

@@ -20,7 +20,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
-              uses: peter-evans/repository-dispatch@v2
+              uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570 # v2
               with:
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                   repository: ${{ matrix.repo }}

.github/workflows/pull_request.yaml

@@ -2,23 +2,20 @@ name: Pull Request
 on:
     pull_request_target:
         types: [opened, edited, labeled, unlabeled, synchronize]
+    merge_group:
+        types: [checks_requested]
     workflow_call:
-        inputs:
-            labels:
-                type: string
-                default: "T-Defect,T-Deprecation,T-Enhancement,T-Task"
-                required: false
-                description: "No longer used, uses allchange logic now, will be removed at a later date"
         secrets:
             ELEMENT_BOT_TOKEN:
                 required: true
-concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref }}
+concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
 jobs:
     changelog:
         name: Preview Changelog
         runs-on: ubuntu-latest
         steps:
             - uses: matrix-org/allchange@main
+              if: github.event_name != 'merge_group'
               with:
                   ghToken: ${{ secrets.GITHUB_TOKEN }}
                   requireLabel: true
@@ -30,7 +27,7 @@ jobs:
             pull-requests: read
         steps:
             - name: Add notice
-              uses: actions/github-script@v6
+              uses: actions/github-script@v7
               if: contains(github.event.pull_request.labels.*.name, 'X-Blocked')
               with:
                   script: |
@@ -42,7 +39,7 @@ jobs:
         if: github.event.action == 'opened'
         steps:
             - name: Check membership
-              uses: tspascoal/get-user-teams-membership@v2
+              uses: tspascoal/get-user-teams-membership@ba78054988f58bea69b7c6136d563236f8ed2fc0 # v3
               id: teams
               with:
                   username: ${{ github.event.pull_request.user.login }}
@@ -52,7 +49,7 @@ jobs:
 
             - name: Add label
               if: ${{ steps.teams.outputs.isTeamMember == 'false' }}
-              uses: actions/github-script@v6
+              uses: actions/github-script@v7
               with:
                   script: |
                       github.rest.issues.addLabels({
@@ -71,7 +68,7 @@ jobs:
             github.event.pull_request.head.repo.full_name != github.repository
         steps:
             - name: Close pull request
-              uses: actions/github-script@v6
+              uses: actions/github-script@v7
               with:
                   script: |
                       github.rest.issues.createComment({

.github/workflows/release-drafter.yml

@@ -0,0 +1,21 @@
+name: Release Drafter
+on:
+    push:
+        branches: [staging]
+    workflow_dispatch:
+        inputs:
+            previous-version:
+                description: What release to use as a base for release note purposes
+                required: false
+                type: string
+concurrency: ${{ github.workflow }}
+jobs:
+    draft:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: release-drafter/release-drafter@e64b19c4c46173209ed9f2e5a2f4ca7de89a0e86 # v5
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              with:
+                  disable-autolabeler: true
+                  previous-version: ${{ inputs.previous-version }}

.github/workflows/release-gitflow.yml

@@ -0,0 +1,85 @@
+# Gitflow merge-back master->develop
+name: Merge master -> develop
+on:
+    push:
+        branches: [master]
+    workflow_call:
+        secrets:
+            ELEMENT_BOT_TOKEN:
+                required: true
+        inputs:
+            dependencies:
+                description: List of dependencies to reset.
+                type: string
+                required: false
+concurrency: ${{ github.workflow }}
+jobs:
+    merge:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+              with:
+                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  fetch-depth: 0
+
+            - name: Get actions scripts
+              uses: actions/checkout@v4
+              with:
+                  repository: matrix-org/matrix-js-sdk
+                  persist-credentials: false
+                  path: .action-repo
+                  sparse-checkout: |
+                      scripts/release
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+
+            - name: Install Deps
+              run: "yarn install --frozen-lockfile"
+
+            - name: Set up git
+              run: |
+                  git config --global user.email "releases@riot.im"
+                  git config --global user.name "RiotRobot"
+
+            - name: Merge to develop
+              run: |
+                  git checkout develop
+                  git merge -X ours master
+
+            - name: Run post-merge-master script to revert package.json fields
+              run: ./.action-repo/scripts/release/post-merge-master.sh
+
+            - name: Reset dependencies
+              if: inputs.dependencies
+              run: |
+                  while IFS= read -r PACKAGE; do
+                      [ -z "$PACKAGE" ] && continue
+
+                      CURRENT_VERSION=$(cat package.json | jq -r .dependencies[\"$PACKAGE\"])
+                      echo "Current $PACKAGE version is $CURRENT_VERSION"
+
+                      if [ "$CURRENT_VERSION" == "null" ]
+                      then
+                          echo "Unable to find $PACKAGE in package.json"
+                          exit 1
+                      fi
+
+                      if [ "$CURRENT_VERSION" == "develop" ]
+                      then
+                          echo "Not updating dependency $PACKAGE"
+                          continue
+                      fi
+
+                      echo "Resetting $1 to develop branch..."
+                      yarn add "github:matrix-org/$PACKAGE#develop"
+                      git add -u
+                      git commit -m "Reset $PACKAGE back to develop branch"
+                  done <<< "$DEPENDENCIES"
+              env:
+                  DEPENDENCIES: ${{ inputs.dependencies }}
+                  FINAL: ${{ inputs.final }}
+
+            - name: Push changes
+              run: git push origin develop

.github/workflows/release-make.yml

@@ -0,0 +1,353 @@
+name: Release Make
+on:
+    workflow_call:
+        secrets:
+            ELEMENT_BOT_TOKEN:
+                required: true
+            NPM_TOKEN:
+                required: false
+            GPG_PASSPHRASE:
+                required: false
+            GPG_PRIVATE_KEY:
+                required: false
+        inputs:
+            final:
+                description: Make final release
+                required: true
+                default: false
+                type: boolean
+            npm:
+                description: Publish to npm
+                type: boolean
+                default: false
+            dependencies:
+                description: |
+                    List of dependencies to update in `npm-dep=version` format.
+                    `version` can be `"current"` to leave it at the current version.
+                type: string
+                required: false
+            include-changes:
+                description: Project to include changelog entries from in this release.
+                type: string
+                required: false
+            gpg-fingerprint:
+                description: Fingerprint of the GPG key to use for signing the git tag and assets, if any.
+                type: string
+                required: false
+            asset-path:
+                description: |
+                    The path to the asset you want to upload, if any. You can use glob patterns here.
+                    Will be GPG signed and an `.asc` file included in the release artifacts if `gpg-fingerprint` is set.
+                type: string
+                required: false
+            expected-asset-count:
+                description: The number of expected assets, including signatures, excluding generated zip & tarball.
+                type: number
+                required: false
+jobs:
+    release:
+        name: Release
+        runs-on: ubuntu-latest
+        environment: Release
+        steps:
+            - name: Load GPG key
+              id: gpg
+              if: inputs.gpg-fingerprint
+              uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6
+              with:
+                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
+                  fingerprint: ${{ inputs.gpg-fingerprint }}
+
+            - name: Get draft release
+              id: release
+              uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada # v1
+              env:
+                  GITHUB_TOKEN: ${{ github.token }}
+              with:
+                  draft: true
+                  latest: true
+
+            - uses: actions/checkout@v4
+              with:
+                  ref: staging
+                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  fetch-depth: 0
+
+            - name: Get actions scripts
+              uses: actions/checkout@v4
+              with:
+                  repository: matrix-org/matrix-js-sdk
+                  persist-credentials: false
+                  path: .action-repo
+                  sparse-checkout: |
+                      .github/actions
+                      scripts/release
+
+            - name: Prepare variables
+              id: prepare
+              run: |
+                  echo "VERSION=$VERSION" >> $GITHUB_ENV
+                  {
+                      echo "RELEASE_NOTES<<EOF"
+                      echo "$BODY"
+                      echo "EOF"
+                  } >> $GITHUB_ENV
+
+                  HAS_DIST=0
+                  jq -e .scripts.dist package.json >/dev/null 2>&1 && HAS_DIST=1
+                  echo "has-dist-script=$HAS_DIST" >> $GITHUB_OUTPUT
+              env:
+                  BODY: ${{ steps.release.outputs.body }}
+                  VERSION: ${{ steps.release.outputs.tag_name }}
+
+            - name: Finalise version
+              if: inputs.final
+              run: echo "VERSION=$(echo $VERSION | cut -d- -f1)" >> $GITHUB_ENV
+
+            - name: Check version number not in use
+              uses: actions/github-script@v7
+              with:
+                  script: |
+                      const { VERSION } = process.env;
+                      github.rest.repos.getReleaseByTag({
+                          owner: context.repo.owner,
+                          repo: context.repo.repo,
+                          tag: VERSION,
+                      }).then(() => {
+                          core.setFailed(`Version ${VERSION} already exists`);
+                      }).catch(() => {
+                        // This is fine, we expect there to not be any release with this version yet
+                      });
+
+            - name: Set up git
+              run: |
+                  git config --global user.email "releases@riot.im"
+                  git config --global user.name "RiotRobot"
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+
+            - name: Install dependencies
+              run: "yarn install --frozen-lockfile"
+
+            - name: Update dependencies
+              id: update-dependencies
+              if: inputs.dependencies
+              run: |
+                  UPDATED=()
+                  while IFS= read -r DEPENDENCY; do
+                      [ -z "$DEPENDENCY" ] && continue
+                      IFS="=" read -r PACKAGE UPDATE_VERSION <<< "$DEPENDENCY"
+
+                      CURRENT_VERSION=$(cat package.json | jq -r .dependencies[\"$PACKAGE\"])
+                      echo "Current $PACKAGE version is $CURRENT_VERSION"
+
+                      if [ "$CURRENT_VERSION" == "null" ]
+                      then
+                          echo "Unable to find $PACKAGE in package.json"
+                          exit 1
+                      fi
+
+                      if [ "$UPDATE_VERSION" == "current" ] || [ "$UPDATE_VERSION" == "$CURRENT_VERSION" ]
+                      then
+                          echo "Not updating dependency $PACKAGE"
+                          continue
+                      fi
+
+                      echo "Upgrading $PACKAGE to $UPDATE_VERSION..."
+                      yarn upgrade "$PACKAGE@$UPDATE_VERSION" --exact
+                      git add -u
+                      git commit -m "Upgrade $PACKAGE to $UPDATE_VERSION"
+                      UPDATED+=("$PACKAGE")
+                  done <<< "$DEPENDENCIES"
+
+                  JSON=$(jq --compact-output --null-input '$ARGS.positional' --args -- "${UPDATED[@]}")
+                  echo "updated=$JSON" >> $GITHUB_OUTPUT
+              env:
+                  DEPENDENCIES: ${{ inputs.dependencies }}
+
+            - name: Prevent develop dependencies
+              if: inputs.dependencies
+              run: |
+                  ret=0
+                  cat package.json | jq '.dependencies[]' | grep -q '#develop' || ret=$?
+                  if [ "$ret" -eq 0 ]; then
+                      echo "package.json contains develop dependencies. Refusing to release."
+                      exit
+                  fi
+
+            - name: Bump package.json version
+              run: yarn version --no-git-tag-version --new-version "${VERSION#v}"
+
+            - name: Ingest upstream changes
+              if: |
+                  inputs.include-changes &&
+                  (!inputs.dependencies || contains(fromJSON(steps.update-dependencies.outputs.updated), inputs.include-changes))
+              uses: actions/github-script@v7
+              env:
+                  RELEASE_ID: ${{ steps.release.outputs.id }}
+                  DEPENDENCY: ${{ inputs.include-changes }}
+              with:
+                  retries: 3
+                  script: |
+                      const { RELEASE_ID: releaseId, DEPENDENCY, VERSION } = process.env;
+                      const { owner, repo } = context.repo;
+                      const script = require("./.action-repo/scripts/release/merge-release-notes.js");
+                      const notes = await script({
+                          github,
+                          releaseId,
+                          dependencies: [DEPENDENCY.replace("$VERSION", VERSION)],
+                      });
+                      core.exportVariable("RELEASE_NOTES", notes);
+
+            - name: Add to CHANGELOG.md
+              if: inputs.final
+              run: |
+                  mv CHANGELOG.md CHANGELOG.md.old
+                  HEADER="Changes in [${VERSION#v}](https://github.com/${{ github.repository }}/releases/tag/$VERSION) ($(date '+%Y-%m-%d'))"
+
+                  {
+                      echo "$HEADER"
+                      printf '=%.0s' $(seq ${#HEADER})
+                      echo ""
+                      echo "$RELEASE_NOTES"
+                      echo ""
+                  } > CHANGELOG.md
+
+                  cat CHANGELOG.md.old >> CHANGELOG.md
+                  rm CHANGELOG.md.old
+                  git add CHANGELOG.md
+
+            - name: Run pre-release script to update package.json fields
+              run: |
+                  ./.action-repo/scripts/release/pre-release.sh
+                  git add package.json
+
+            - name: Commit changes
+              run: git commit -m "$VERSION"
+
+            - name: Build assets
+              if: steps.prepare.outputs.has-dist-script == '1'
+              run: DIST_VERSION="$VERSION" yarn dist
+
+            - name: Upload release assets & signatures
+              if: inputs.asset-path
+              uses: ./.action-repo/.github/actions/upload-release-assets
+              with:
+                  gpg-fingerprint: ${{ inputs.gpg-fingerprint }}
+                  upload-url: ${{ steps.release.outputs.upload_url }}
+                  asset-path: ${{ inputs.asset-path }}
+
+            - name: Create signed tag
+              if: inputs.gpg-fingerprint
+              run: |
+                  GIT_COMMITTER_EMAIL="$SIGNING_ID" GPG_TTY=$(tty) git tag -u "$SIGNING_ID" -m "Release $VERSION" "$VERSION"
+              env:
+                  SIGNING_ID: ${{ steps.gpg.outputs.email }}
+
+            - name: Generate & upload tarball signature
+              if: inputs.gpg-fingerprint
+              uses: ./.action-repo/.github/actions/sign-release-tarball
+              with:
+                  gpg-fingerprint: ${{ inputs.gpg-fingerprint }}
+                  upload-url: ${{ steps.release.outputs.upload_url }}
+
+            # We defer pushing changes until after the release assets are built,
+            # signed & uploaded to improve the atomicity of this action.
+            - name: Push changes to staging
+              run: |
+                  git push origin staging $TAG
+                  git reset --hard
+              env:
+                  TAG: ${{ inputs.gpg-fingerprint && env.VERSION || '' }}
+
+            - name: Validate tarball signature
+              if: inputs.gpg-fingerprint
+              run: |
+                  wget https://github.com/$GITHUB_REPOSITORY/archive/refs/tags/$VERSION.tar.gz
+                  gpg --verify "$VERSION.tar.gz.asc" "$VERSION.tar.gz"
+
+            - name: Validate release has expected assets
+              if: inputs.expected-asset-count
+              uses: actions/github-script@v7
+              env:
+                  RELEASE_ID: ${{ steps.release.outputs.id }}
+                  EXPECTED_ASSET_COUNT: ${{ inputs.expected-asset-count }}
+              with:
+                  retries: 3
+                  script: |
+                      const { RELEASE_ID: release_id, EXPECTED_ASSET_COUNT } = process.env;
+                      const { owner, repo } = context.repo;
+
+                      const { data: release } = await github.rest.repos.getRelease({
+                          owner,
+                          repo,
+                          release_id,
+                      });
+
+                      if (release.assets.length !== parseInt(EXPECTED_ASSET_COUNT, 10)) {
+                          core.setFailed(`Found ${release.assets.length} assets but expected ${EXPECTED_ASSET_COUNT}`);
+                      }
+
+            - name: Merge to master
+              if: inputs.final
+              run: |
+                  git checkout master
+                  git merge -X theirs staging
+                  git push origin master
+
+            - name: Publish release
+              uses: actions/github-script@v7
+              env:
+                  RELEASE_ID: ${{ steps.release.outputs.id }}
+                  FINAL: ${{ inputs.final }}
+              with:
+                  retries: 3
+                  github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  script: |
+                      const { RELEASE_ID: release_id, RELEASE_NOTES, VERSION, FINAL } = process.env;
+                      const { owner, repo } = context.repo;
+
+                      const opts = {
+                          owner,
+                          repo,
+                          release_id,
+                          tag_name: VERSION,
+                          name: VERSION,
+                          draft: false,
+                          body: RELEASE_NOTES,
+                      };
+
+                      if (FINAL == "true") {
+                          opts.prerelease = false;
+                          opts.make_latest = true;
+                      }
+
+                      github.rest.repos.updateRelease(opts);
+
+    npm:
+        name: Publish to npm
+        needs: release
+        if: inputs.npm
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop
+        secrets:
+            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+    update-labels:
+        name: Advance release blocker labels
+        needs: release
+        runs-on: ubuntu-latest
+        steps:
+            - id: repository
+              run: echo "REPO=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT
+
+            - uses: garganshu/github-label-updater@3770d15ebfed2fe2cb06a241047bc340f774a7d1 # v1.0.0
+              with:
+                  owner: ${{ github.repository_owner }}
+                  repo: ${{ steps.repository.outputs.REPO }}
+                  token: ${{ secrets.GITHUB_TOKEN }}
+                  filter-labels: X-Upcoming-Release-Blocker
+                  remove-labels: X-Upcoming-Release-Blocker
+                  add-labels: X-Release-Blocker

.github/workflows/release-npm.yml

@@ -1,4 +1,3 @@
-# Must only be called from `release#published` triggers
 name: Publish to npm
 on:
     workflow_call:
@@ -11,31 +10,31 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: 🧮 Checkout code
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
+              with:
+                  ref: staging
 
             - name: 🔧 Yarn cache
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
               with:
                   cache: "yarn"
                   registry-url: "https://registry.npmjs.org"
 
             - name: 🔨 Install dependencies
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: 🚀 Publish to npm
               id: npm-publish
-              uses: JS-DevTools/npm-publish@v1
+              uses: JS-DevTools/npm-publish@4b07b26a2f6e0a51846e1870223e545bae91c552 # v3.0.1
               with:
                   token: ${{ secrets.NPM_TOKEN }}
                   access: public
                   tag: next
+                  ignore-scripts: false
 
             - name: 🎖️ Add `latest` dist-tag to final releases
-              if: github.event.release.prerelease == false
-              run: |
-                  package=$(cat package.json | jq -er .name)
-                  npm dist-tag add "$package@$release" latest
+              if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.')
+              run: npm dist-tag add "$release" latest
               env:
-                  # JS-DevTools/npm-publish overrides `NODE_AUTH_TOKEN` with `INPUT_TOKEN` in .npmrc
-                  INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
-                  release: ${{ steps.npm-publish.outputs.version }}
+                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+                  release: ${{ steps.npm-publish.outputs.id }}

.github/workflows/release.yml

@@ -1,59 +1,76 @@
 name: Release Process
 on:
-    release:
-        types: [published]
-concurrency: ${{ github.workflow }}-${{ github.ref }}
+    workflow_dispatch:
+        inputs:
+            mode:
+                description: What type of release
+                required: true
+                default: rc
+                type: choice
+                options:
+                    - rc
+                    - final
+            docs:
+                description: Publish docs
+                required: true
+                type: boolean
+                default: true
+            npm:
+                description: Publish to npm
+                required: true
+                type: boolean
+                default: true
+concurrency: ${{ github.workflow }}
 jobs:
-    jsdoc:
+    release:
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop
+        secrets: inherit
+        with:
+            final: ${{ inputs.mode == 'final' }}
+            npm: ${{ inputs.npm }}
+
+    docs:
         name: Publish Documentation
+        needs: release
+        if: inputs.docs
         runs-on: ubuntu-latest
         steps:
             - name: 🧮 Checkout code
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
+
+            - name: 🧮 Checkout gh-pages
+              uses: actions/checkout@v4
+              with:
+                  ref: gh-pages
+                  path: _docs
 
             - name: 🔧 Yarn cache
-              uses: actions/setup-node@v3
+              uses: actions/setup-node@v4
               with:
                   cache: "yarn"
 
             - name: 🔨 Install dependencies
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
-            - name: 📖 Generate JSDoc
-              run: "yarn gendoc"
-
-            - name: 📋 Copy to temp
+            - name: 🔨 Install symlinks
               run: |
-                  cp -a "./_docs" "$RUNNER_TEMP/"
+                  sudo apt-get update
+                  sudo apt-get install -y symlinks
 
-            - name: 🧮 Checkout gh-pages
-              uses: actions/checkout@v3
-              with:
-                  ref: gh-pages
-
-            - name: 🔪 Prepare
-              env:
-                  GITHUB_REF_NAME: ${{ github.ref_name }}
+            - name: 📖 Generate docs
               run: |
-                  VERSION="${GITHUB_REF_NAME#v}"
-                  [ ! -e "$VERSION" ] || rm -r $VERSION
-                  cp -r $RUNNER_TEMP/_docs/ $VERSION
+                  yarn tpv purge --yes --out _docs --stale --major 10
+                  yarn gendoc
+                  symlinks -rc _docs
 
-                  # Add the new directory to the index if it isn't there already
-                  if ! grep -q ">Version $VERSION</a>" index.html; then
-                    perl -i -pe 'BEGIN {$rel=shift} $_ =~ /^<\/ul>/ && print
-                      "<li><a href=\"${rel}/index.html\">Version ${rel}</a></li>\n"' "$VERSION" index.html
-                  fi
+            - name: 🔨 Set up git
+              run: |
+                  git config --global user.email "releases@riot.im"
+                  git config --global user.name "RiotRobot"
 
             - name: 🚀 Deploy
-              uses: peaceiris/actions-gh-pages@v3
-              with:
-                  github_token: ${{ secrets.GITHUB_TOKEN }}
-                  keep_files: true
-                  publish_dir: .
-
-    npm:
-        name: Publish
-        uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop
-        secrets:
-            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+              run: |
+                  git add . --all
+                  git commit -m "Update docs"
+                  git push
+              working-directory: _docs

.github/workflows/sonarcloud.yml

@@ -17,7 +17,7 @@ jobs:
         steps:
             # We create the status here and then update it to success/failure in the `report` stage
             # This provides an easy link to this workflow_run from the PR before Cypress is done.
-            - uses: Sibz/github-status-action@v1
+            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}
                   state: pending
@@ -27,7 +27,7 @@ jobs:
 
             - name: "🩻 SonarCloud Scan"
               id: sonarcloud
-              uses: matrix-org/sonarcloud-workflow-action@v2.3
+              uses: matrix-org/sonarcloud-workflow-action@v2.7
               # workflow_run fails report against the develop commit always, we don't want that for PRs
               continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }}
               with:
@@ -42,7 +42,7 @@ jobs:
                   coverage_extract_path: coverage
                   extra_args: ${{ inputs.extra_args }}
 
-            - uses: Sibz/github-status-action@v1
+            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
               if: always()
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/sonarqube.yml

@@ -11,6 +11,7 @@ jobs:
     # This is a workaround for https://github.com/SonarSource/SonarJS/issues/578
     prepare:
         name: Prepare
+        if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group'
         runs-on: ubuntu-latest
         outputs:
             reportPaths: ${{ steps.extra_args.outputs.reportPaths }}
@@ -19,7 +20,7 @@ jobs:
             # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
             # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
             - name: 📥 Download artifact
-              uses: dawidd6/action-download-artifact@v2
+              uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2
               with:
                   workflow: tests.yaml
                   run_id: ${{ github.event.workflow_run.id }}
@@ -35,6 +36,7 @@ jobs:
 
     sonarqube:
         name: 🩻 SonarQube
+        if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group'
         needs: prepare
         uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
         secrets:

.github/workflows/static_analysis.yml

@@ -1,6 +1,8 @@
 name: Static Analysis
 on:
     pull_request: {}
+    merge_group:
+        types: [checks_requested]
     push:
         branches: [develop, master]
 concurrency:
@@ -11,9 +13,9 @@ jobs:
         name: "Typescript Syntax Check"
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
 
-            - uses: actions/setup-node@v3
+            - uses: actions/setup-node@v4
               with:
                   cache: "yarn"
 
@@ -37,9 +39,9 @@ jobs:
         name: "ESLint"
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
 
-            - uses: actions/setup-node@v3
+            - uses: actions/setup-node@v4
               with:
                   cache: "yarn"
 
@@ -49,13 +51,29 @@ jobs:
             - name: Run Linter
               run: "yarn run lint:js"
 
+    workflow_lint:
+        name: "Workflow Lint"
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+
+            - name: Install Deps
+              run: "yarn install --frozen-lockfile"
+
+            - name: Run Linter
+              run: "yarn lint:workflows"
+
     docs:
         name: "JSDoc Checker"
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@v4
 
-            - uses: actions/setup-node@v3
+            - uses: actions/setup-node@v4
               with:
                   cache: "yarn"
 
@@ -63,7 +81,14 @@ jobs:
               run: "yarn install"
 
             - name: Generate Docs
-              run: "yarn run gendoc"
+              run: "yarn run gendoc --treatWarningsAsErrors"
+
+            # Upload artifact duplicates symlink contents so we do this to save 75% space
+            - name: Flatten symlink and write _redirects
+              run: |
+                  find _docs -mindepth 1 -maxdepth 1 ! -type f ! -name stable -printf '/%f/* /stable/:splat\n' > _docs/_redirects
+                  find _docs -mindepth 1 -maxdepth 1 -type l -delete
+                  find _docs -mindepth 1 -maxdepth 1 -type d -execdir mv {} stable \; -quit
 
             - name: Upload Artifact
               uses: actions/upload-artifact@v3

.github/workflows/tests.yml

@@ -1,26 +1,31 @@
 name: Tests
 on:
     pull_request: {}
+    merge_group:
+        types: [checks_requested]
     push:
         branches: [develop, master]
 concurrency:
     group: ${{ github.workflow }}-${{ github.ref }}
     cancel-in-progress: true
+env:
+    ENABLE_COVERAGE: ${{ github.event_name != 'merge_group' }}
 jobs:
     jest:
-        name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node }})"
+        name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})"
         runs-on: ubuntu-latest
         timeout-minutes: 10
         strategy:
             matrix:
-                specs: [browserify, integ, unit]
-                node: [16, 18, latest]
+                specs: [integ, unit]
+                node: [18, "lts/*", 21]
         steps:
             - name: Checkout code
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - name: Setup Node
-              uses: actions/setup-node@v3
+              id: setupNode
+              uses: actions/setup-node@v4
               with:
                   cache: "yarn"
                   node-version: ${{ matrix.node }}
@@ -28,34 +33,63 @@ jobs:
             - name: Install dependencies
               run: "yarn install"
 
-            - name: Build
-              if: matrix.specs == 'browserify'
-              run: "yarn build"
-
             - name: Get number of CPU cores
               id: cpu-cores
-              uses: SimenB/github-actions-cpu-cores@v1
+              uses: SimenB/github-actions-cpu-cores@97ba232459a8e02ff6121db9362b09661c875ab8 # v2
 
-            - name: Run tests with coverage and metrics
-              if: github.ref == 'refs/heads/develop'
+            - name: Run tests
               run: |
-                  yarn coverage --ci --reporters github-actions '--reporters=<rootDir>/spec/slowReporter.js' --max-workers ${{ steps.cpu-cores.outputs.count }} ./spec/${{ matrix.specs }}
-                  mv coverage/lcov.info coverage/${{ matrix.node }}-${{ matrix.specs }}.lcov.info
+                  yarn test \
+                      --coverage=${{ env.ENABLE_COVERAGE }} \
+                      --ci \
+                      --max-workers ${{ steps.cpu-cores.outputs.count }} \
+                      ./spec/${{ matrix.specs }}
               env:
                   JEST_SONAR_UNIQUE_OUTPUT_NAME: true
 
-            - name: Run tests with coverage
-              if: github.ref != 'refs/heads/develop'
-              run: |
-                  yarn coverage --ci --reporters github-actions --max-workers ${{ steps.cpu-cores.outputs.count }} ./spec/${{ matrix.specs }}
-                  mv coverage/lcov.info coverage/${{ matrix.node }}-${{ matrix.specs }}.lcov.info
-              env:
-                  JEST_SONAR_UNIQUE_OUTPUT_NAME: true
+                  # tell jest to use coloured output
+                  FORCE_COLOR: true
+
+            - name: Move coverage files into place
+              if: env.ENABLE_COVERAGE == 'true'
+              run: mv coverage/lcov.info coverage/${{ steps.setupNode.output.node-version }}-${{ matrix.specs }}.lcov.info
 
             - name: Upload Artifact
+              if: env.ENABLE_COVERAGE == 'true'
               uses: actions/upload-artifact@v3
               with:
                   name: coverage
                   path: |
                       coverage
                       !coverage/lcov-report
+
+    matrix-react-sdk:
+        name: Downstream test matrix-react-sdk
+        if: github.event_name == 'merge_group'
+        uses: matrix-org/matrix-react-sdk/.github/workflows/tests.yml@develop
+        with:
+            disable_coverage: true
+            matrix-js-sdk-sha: ${{ github.sha }}
+
+    # Hook for branch protection to skip downstream testing outside of merge queues
+    # and skip sonarcloud coverage within merge queues
+    downstream:
+        name: Downstream tests
+        runs-on: ubuntu-latest
+        if: always()
+        needs:
+            - matrix-react-sdk
+        steps:
+            - name: Skip SonarCloud on merge queues
+              if: env.ENABLE_COVERAGE == 'false'
+              uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+              with:
+                  authToken: ${{ secrets.GITHUB_TOKEN }}
+                  state: success
+                  description: SonarCloud skipped
+                  context: SonarCloud Code Analysis
+                  sha: ${{ github.sha }}
+                  target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+            - if: needs.matrix-react-sdk.result != 'skipped' && needs.matrix-react-sdk.result != 'success'
+              run: exit 1

.github/workflows/triage-labelled.yml

@@ -0,0 +1,11 @@
+name: Move labelled issues to correct projects
+
+on:
+    issues:
+        types: [labeled]
+
+jobs:
+    call-triage-labelled:
+        uses: vector-im/element-web/.github/workflows/triage-labelled.yml@develop
+        secrets:
+            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/upgrade_dependencies.yml

@@ -1,38 +0,0 @@
-name: Upgrade Dependencies
-on:
-    workflow_dispatch: {}
-    workflow_call:
-        secrets:
-            ELEMENT_BOT_TOKEN:
-                required: true
-jobs:
-    upgrade:
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@v3
-
-            - uses: actions/setup-node@v3
-              with:
-                  cache: "yarn"
-
-            - name: Upgrade
-              run: yarn upgrade && yarn install
-
-            - name: Create Pull Request
-              id: cpr
-              uses: peter-evans/create-pull-request@v4
-              with:
-                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
-                  branch: actions/upgrade-deps
-                  delete-branch: true
-                  title: Upgrade dependencies
-                  labels: |
-                      Dependencies
-                      T-Task
-
-            - name: Enable automerge
-              uses: peter-evans/enable-pull-request-automerge@v2
-              if: steps.cpr.outputs.pull-request-operation == 'created'
-              with:
-                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
-                  pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}

.gitignore

@@ -19,3 +19,4 @@ out
 
 .vscode
 .vscode/
+.idea/

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx lint-staged

.lintstagedrc

@@ -0,0 +1,4 @@
+{
+    "*.(ts|tsx)": ["eslint --fix", "prettier --write"],
+    "*.(py|md|yaml)": ["prettier --write"]
+}

.prettierignore

@@ -24,3 +24,6 @@ out
 
 # This file is owned, parsed, and generated by allchange, which doesn't comply with prettier
 /CHANGELOG.md
+
+# This file is also autogenerated
+/spec/test-utils/test-data/index.ts

CHANGELOG.md

@@ -1,3 +1,412 @@
+Changes in [30.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v30.3.0) (2023-12-19)
+==================================================================================================
+## ✨ Features
+
+* Element-R: disable sending room key requests ([#3939](https://github.com/matrix-org/matrix-js-sdk/pull/3939)). Contributed by @richvdh.
+
+## 🐛 Bug Fixes
+
+* Fix notifications appearing for old events ([#3946](https://github.com/matrix-org/matrix-js-sdk/pull/3946)). Contributed by @dbkr.
+* Don't back up keys that we got from backup ([#3934](https://github.com/matrix-org/matrix-js-sdk/pull/3934)). Contributed by @uhoreg.
+* Fix upload with empty Content-Type ([#3918](https://github.com/matrix-org/matrix-js-sdk/pull/3918)). Contributed by @JakubOnderka.
+* Prevent phantom notifications from events not in a room's timeline ([#3942](https://github.com/matrix-org/matrix-js-sdk/pull/3942)). Contributed by @dbkr.
+
+
+Changes in [30.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v30.2.0) (2023-12-05)
+==================================================================================================
+## ✨ Features
+
+* Only await key query after lazy members resolved ([#3902](https://github.com/matrix-org/matrix-js-sdk/pull/3902)). Contributed by @BillCarsonFr.
+
+## 🐛 Bug Fixes
+
+* Rewrite receipt-handling code ([#3901](https://github.com/matrix-org/matrix-js-sdk/pull/3901)). Contributed by @andybalaam.
+* Explicitly free some Rust-side objects ([#3911](https://github.com/matrix-org/matrix-js-sdk/pull/3911)). Contributed by @richvdh.
+* Fix type for TimestampToEventResponse.origin\_server\_ts ([#3906](https://github.com/matrix-org/matrix-js-sdk/pull/3906)). Contributed by @Half-Shot.
+
+
+Changes in [30.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v30.1.0) (2023-11-21)
+==================================================================================================
+## ✨ Features
+
+* Rotate per-participant keys when a member leaves ([#3833](https://github.com/matrix-org/matrix-js-sdk/pull/3833)). Contributed by @dbkr.
+* Add E2EE for embedded mode of Element Call ([#3667](https://github.com/matrix-org/matrix-js-sdk/pull/3667)). Contributed by @SimonBrandner.
+
+## 🐛 Bug Fixes
+
+* Shorten TimelineWindow when an event is removed ([#3862](https://github.com/matrix-org/matrix-js-sdk/pull/3862)). Contributed by @andybalaam.
+* Ignore receipts pointing at missing or invalid events ([#3817](https://github.com/matrix-org/matrix-js-sdk/pull/3817)). Contributed by @andybalaam.
+* Fix members being loaded from server on initial sync (defeating lazy loading) ([#3830](https://github.com/matrix-org/matrix-js-sdk/pull/3830)). Contributed by @BillCarsonFr.
+
+
+Changes in [30.0.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v30.0.1) (2023-11-13)
+==================================================================================================
+
+## 🐛 Bug Fixes
+ * Ensure `setUserCreator` is called when a store is assigned ([\#3867](https://github.com/matrix-org/matrix-js-sdk/pull/3867)). Fixes vector-im/element-web#26520. Contributed by @MidhunSureshR.
+
+Changes in [30.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v30.0.0) (2023-11-07)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Refactor & make base64 functions browser-safe ([\#3818](https://github.com/matrix-org/matrix-js-sdk/pull/3818)).
+
+## 🦖 Deprecations
+ * Deprecate `MatrixEvent.toJSON` ([\#3801](https://github.com/matrix-org/matrix-js-sdk/pull/3801)).
+
+## ✨ Features
+ * Element-R: Add the git sha of the binding crate to `CryptoApi#getVersion` ([\#3838](https://github.com/matrix-org/matrix-js-sdk/pull/3838)). Contributed by @florianduros.
+ * Element-R: Wire up `globalBlacklistUnverifiedDevices` field to rust crypto encryption settings ([\#3790](https://github.com/matrix-org/matrix-js-sdk/pull/3790)). Fixes vector-im/element-web#26315. Contributed by @florianduros.
+ * Element-R: Wire up room rotation ([\#3807](https://github.com/matrix-org/matrix-js-sdk/pull/3807)). Fixes vector-im/element-web#26318. Contributed by @florianduros.
+ * Element-R: Add current version of the rust-sdk and vodozemac ([\#3825](https://github.com/matrix-org/matrix-js-sdk/pull/3825)). Contributed by @florianduros.
+ * Element-R: Wire up room history visibility ([\#3805](https://github.com/matrix-org/matrix-js-sdk/pull/3805)). Fixes vector-im/element-web#26319. Contributed by @florianduros.
+ * Element-R: log when we send to-device messages ([\#3810](https://github.com/matrix-org/matrix-js-sdk/pull/3810)).
+
+## 🐛 Bug Fixes
+ * Fix reemitter not being correctly wired on user objects created in storage classes ([\#3796](https://github.com/matrix-org/matrix-js-sdk/pull/3796)). Contributed by @MidhunSureshR.
+ * Element-R: silence log errors when viewing a pending event ([\#3824](https://github.com/matrix-org/matrix-js-sdk/pull/3824)).
+ * Don't emit a closed event if the indexeddb is closed by Element ([\#3832](https://github.com/matrix-org/matrix-js-sdk/pull/3832)). Fixes vector-im/element-web#25941. Contributed by @dhenneke.
+ * Element-R: silence log errors when viewing a decryption failure ([\#3821](https://github.com/matrix-org/matrix-js-sdk/pull/3821)).
+
+Changes in [29.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v29.1.0) (2023-10-24)
+==================================================================================================
+
+## ✨ Features
+ * OIDC: refresh tokens ([\#3764](https://github.com/matrix-org/matrix-js-sdk/pull/3764)). Contributed by @kerryarchibald.
+ * OIDC: add `prompt` param to auth url creation ([\#3794](https://github.com/matrix-org/matrix-js-sdk/pull/3794)). Contributed by @kerryarchibald.
+ * Allow applications to specify their own logger instance ([\#3792](https://github.com/matrix-org/matrix-js-sdk/pull/3792)). Fixes #1899.
+ * Export AutoDiscoveryError and fix type of ALL_ERRORS ([\#3768](https://github.com/matrix-org/matrix-js-sdk/pull/3768)).
+
+## 🐛 Bug Fixes
+ * Fix sending call member events on leave ([\#3799](https://github.com/matrix-org/matrix-js-sdk/pull/3799)). Fixes vector-im/element-call#1763.
+ * Don't use event.sender in CallMembership ([\#3793](https://github.com/matrix-org/matrix-js-sdk/pull/3793)).
+ * Element-R: Don't mark QR code verification as done until it's done ([\#3791](https://github.com/matrix-org/matrix-js-sdk/pull/3791)). Fixes vector-im/element-web#26293.
+ * Element-R: Connect device to key backup when crypto is created ([\#3784](https://github.com/matrix-org/matrix-js-sdk/pull/3784)). Fixes vector-im/element-web#26316. Contributed by @florianduros.
+ * Element-R: Avoid errors in `VerificationRequest.generateQRCode` when QR code is unavailable ([\#3779](https://github.com/matrix-org/matrix-js-sdk/pull/3779)). Fixes vector-im/element-web#26300. Contributed by @florianduros.
+ * ElementR: Check key backup when user identity changes ([\#3760](https://github.com/matrix-org/matrix-js-sdk/pull/3760)). Fixes vector-im/element-web#26244. Contributed by @florianduros.
+ * Element-R: emit `VerificationRequestReceived` on incoming request ([\#3762](https://github.com/matrix-org/matrix-js-sdk/pull/3762)). Fixes vector-im/element-web#26245.
+
+Changes in [29.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v29.0.0) (2023-10-10)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Remove browserify builds ([\#3759](https://github.com/matrix-org/matrix-js-sdk/pull/3759)).
+
+## ✨ Features
+ * Export AutoDiscoveryError and fix type of ALL_ERRORS ([\#3768](https://github.com/matrix-org/matrix-js-sdk/pull/3768)).
+ * Support for stable MSC3882 get_login_token ([\#3416](https://github.com/matrix-org/matrix-js-sdk/pull/3416)). Contributed by @hughns.
+ * Remove IsUserMention and IsRoomMention from DEFAULT_OVERRIDE_RULES ([\#3752](https://github.com/matrix-org/matrix-js-sdk/pull/3752)). Contributed by @kerryarchibald.
+
+## 🐛 Bug Fixes
+ * Fix a case where joinRoom creates a duplicate Room object ([\#3747](https://github.com/matrix-org/matrix-js-sdk/pull/3747)).
+ * Add membershipID to call memberships ([\#3745](https://github.com/matrix-org/matrix-js-sdk/pull/3745)).
+ * Fix the warning for messages from unsigned devices ([\#3743](https://github.com/matrix-org/matrix-js-sdk/pull/3743)).
+ * Stop keep alive, when sync was stoped ([\#3720](https://github.com/matrix-org/matrix-js-sdk/pull/3720)). Contributed by @finsterwalder.
+
+Changes in [28.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v28.2.0) (2023-09-26)
+==================================================================================================
+
+## 🦖 Deprecations
+ * Implement `getEncryptionInfoForEvent` and deprecate `getEventEncryptionInfo` ([\#3693](https://github.com/matrix-org/matrix-js-sdk/pull/3693)).
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+
+## ✨ Features
+ * Delete knocked room when knock membership changes ([\#3729](https://github.com/matrix-org/matrix-js-sdk/pull/3729)). Contributed by @maheichyk.
+ * Introduce MatrixRTCSession lower level group call primitive ([\#3663](https://github.com/matrix-org/matrix-js-sdk/pull/3663)).
+ * Sync knock rooms ([\#3703](https://github.com/matrix-org/matrix-js-sdk/pull/3703)). Contributed by @maheichyk.
+
+## 🐛 Bug Fixes
+ * Dont access indexed db when undefined ([\#3707](https://github.com/matrix-org/matrix-js-sdk/pull/3707)). Contributed by @finsterwalder.
+ * Don't reset unread count when adding a synthetic receipt ([\#3706](https://github.com/matrix-org/matrix-js-sdk/pull/3706)). Fixes #3684. Contributed by @andybalaam.
+
+Changes in [28.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v28.1.0) (2023-09-12)
+============================================================================================================
+
+## 🦖 Deprecations
+ * Deprecate `MatrixClient.checkUserTrust` ([\#3691](https://github.com/matrix-org/matrix-js-sdk/pull/3691)).
+ * Deprecate `MatrixClient.{prepare,create}KeyBackupVersion` in favour of new `CryptoApi.resetKeyBackup` API ([\#3689](https://github.com/matrix-org/matrix-js-sdk/pull/3689)).
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+
+## ✨ Features
+ * Allow calls without ICE/TURN/STUN servers ([\#3695](https://github.com/matrix-org/matrix-js-sdk/pull/3695)).
+ * Emit summary update event ([\#3687](https://github.com/matrix-org/matrix-js-sdk/pull/3687)). Fixes vector-im/element-web#26033.
+ * ElementR: Update `CryptoApi.userHasCrossSigningKeys` ([\#3646](https://github.com/matrix-org/matrix-js-sdk/pull/3646)). Contributed by @florianduros.
+ * Add `join_rule` field to /publicRooms response ([\#3673](https://github.com/matrix-org/matrix-js-sdk/pull/3673)). Contributed by @charlynguyen.
+ * Use sender instead of content.creator field on m.room.create events ([\#3675](https://github.com/matrix-org/matrix-js-sdk/pull/3675)).
+
+## 🐛 Bug Fixes
+ * Provide better error for ICE Server SyntaxError ([\#3694](https://github.com/matrix-org/matrix-js-sdk/pull/3694)). Fixes vector-im/element-web#21804.
+ * Legacy crypto: re-check key backup after `bootstrapSecretStorage` ([\#3692](https://github.com/matrix-org/matrix-js-sdk/pull/3692)). Fixes vector-im/element-web#26115.
+
+Changes in [28.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v28.0.0) (2023-08-29)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Set minimum supported Matrix 1.1 version (drop legacy r0 versions) ([\#3007](https://github.com/matrix-org/matrix-js-sdk/pull/3007)). Fixes vector-im/element-web#16876.
+
+## 🦖 Deprecations
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+
+## ✨ Features
+ * ElementR: Add `CryptoApi.requestVerificationDM` ([\#3643](https://github.com/matrix-org/matrix-js-sdk/pull/3643)). Contributed by @florianduros.
+ * Implement `CryptoApi.checkKeyBackupAndEnable` ([\#3633](https://github.com/matrix-org/matrix-js-sdk/pull/3633)). Fixes vector-im/crypto-internal#111 and vector-im/crypto-internal#112.
+
+## 🐛 Bug Fixes
+ * ElementR: Process all verification events, not just requests ([\#3650](https://github.com/matrix-org/matrix-js-sdk/pull/3650)). Contributed by @florianduros.
+
+Changes in [27.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v27.2.0) (2023-08-15)
+==================================================================================================
+
+## 🦖 Deprecations
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+
+## ✨ Features
+ * Allow knocking rooms ([\#3647](https://github.com/matrix-org/matrix-js-sdk/pull/3647)). Contributed by @charlynguyen.
+ * Bump pagination limit to account for threaded events ([\#3638](https://github.com/matrix-org/matrix-js-sdk/pull/3638)).
+ * ElementR: Add `CryptoApi.findVerificationRequestDMInProgress` ([\#3601](https://github.com/matrix-org/matrix-js-sdk/pull/3601)). Contributed by @florianduros.
+ * Export more into the public interface ([\#3614](https://github.com/matrix-org/matrix-js-sdk/pull/3614)).
+
+## 🐛 Bug Fixes
+ * Fix wrong handling of encrypted rooms when loading them from sync accumulator ([\#3640](https://github.com/matrix-org/matrix-js-sdk/pull/3640)). Fixes vector-im/element-web#25803.
+ * Skip processing thread roots and fetching threads list when support is disabled ([\#3642](https://github.com/matrix-org/matrix-js-sdk/pull/3642)).
+ * Ensure we don't overinflate the total notification count ([\#3634](https://github.com/matrix-org/matrix-js-sdk/pull/3634)). Fixes vector-im/element-web#25803.
+
+Changes in [27.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v27.1.0) (2023-08-01)
+==================================================================================================
+
+## 🦖 Deprecations
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+
+## ✨ Features
+ * ElementR: Add `CryptoApi.getCrossSigningKeyId` ([\#3619](https://github.com/matrix-org/matrix-js-sdk/pull/3619)). Contributed by @florianduros.
+ * ElementR: Stub `CheckOwnCrossSigningTrust`, import cross signing keys and verify local device in `bootstrapCrossSigning` ([\#3608](https://github.com/matrix-org/matrix-js-sdk/pull/3608)). Contributed by @florianduros.
+ * Specify /preview_url requests as low priority ([\#3609](https://github.com/matrix-org/matrix-js-sdk/pull/3609)). Fixes vector-im/element-web#7292.
+ * Element-R: support for displaying QR codes during verification ([\#3588](https://github.com/matrix-org/matrix-js-sdk/pull/3588)). Fixes vector-im/crypto-internal#124.
+ * Add support for scanning QR codes during verification, with Rust crypto ([\#3565](https://github.com/matrix-org/matrix-js-sdk/pull/3565)).
+ * Add methods to influence set_presence on /sync API calls ([\#3578](https://github.com/matrix-org/matrix-js-sdk/pull/3578)).
+
+## 🐛 Bug Fixes
+ * Fix threads ending up with chunks of their timelines missing ([\#3618](https://github.com/matrix-org/matrix-js-sdk/pull/3618)). Fixes vector-im/element-web#24466.
+ * Ensure we do not clobber a newer RR with an older unthreaded one ([\#3617](https://github.com/matrix-org/matrix-js-sdk/pull/3617)). Fixes vector-im/element-web#25806.
+ * Fix registration check your emails stage regression ([\#3616](https://github.com/matrix-org/matrix-js-sdk/pull/3616)).
+ * Fix how `Room::eventShouldLiveIn` handles replies to unknown parents ([\#3615](https://github.com/matrix-org/matrix-js-sdk/pull/3615)). Fixes vector-im/element-web#22603.
+ * Only send threaded read receipts if threads support is enabled ([\#3612](https://github.com/matrix-org/matrix-js-sdk/pull/3612)).
+ * ElementR: Fix `userId` parameter usage in `CryptoApi#getVerificationRequestsToDeviceInProgress` ([\#3611](https://github.com/matrix-org/matrix-js-sdk/pull/3611)). Contributed by @florianduros.
+ * Fix edge cases around non-thread relations to thread roots and read receipts ([\#3607](https://github.com/matrix-org/matrix-js-sdk/pull/3607)).
+ * Fix read receipt sending behaviour around thread roots ([\#3600](https://github.com/matrix-org/matrix-js-sdk/pull/3600)).
+ * Export typed event emitter key types ([\#3597](https://github.com/matrix-org/matrix-js-sdk/pull/3597)). Fixes #3506.
+ * Element-R: ensure that `userHasCrossSigningKeys` uses up-to-date data ([\#3599](https://github.com/matrix-org/matrix-js-sdk/pull/3599)). Fixes vector-im/element-web#25773.
+ * Fix sending `auth: null` due to broken types around UIA ([\#3594](https://github.com/matrix-org/matrix-js-sdk/pull/3594)).
+
+Changes in [27.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v27.0.0) (2023-07-18)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Drop support for Node 16 ([\#3533](https://github.com/matrix-org/matrix-js-sdk/pull/3533)).
+ * Improve types around login, registration, UIA and identity servers ([\#3537](https://github.com/matrix-org/matrix-js-sdk/pull/3537)).
+
+## 🦖 Deprecations
+ * **The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. (#3189)**
+ * Simplify `MatrixClient::setPowerLevel` API ([\#3570](https://github.com/matrix-org/matrix-js-sdk/pull/3570)). Fixes vector-im/element-web#13900 and #1844.
+ * Deprecate `VerificationRequest.getQRCodeBytes` and replace it with the asynchronous `generateQRCode`. ([\#3562](https://github.com/matrix-org/matrix-js-sdk/pull/3562)).
+ * Deprecate `VerificationRequest.beginKeyVerification()` in favour of `VerificationRequest.startVerification()`. ([\#3528](https://github.com/matrix-org/matrix-js-sdk/pull/3528)).
+ * Deprecate `Crypto.VerificationRequest` application event, replacing it with `Crypto.VerificationRequestReceived`. ([\#3514](https://github.com/matrix-org/matrix-js-sdk/pull/3514)).
+
+## ✨ Features
+ * Throw saner error when peeking has its room pulled out from under it ([\#3577](https://github.com/matrix-org/matrix-js-sdk/pull/3577)). Fixes vector-im/element-web#18679.
+ * OIDC: Log in ([\#3554](https://github.com/matrix-org/matrix-js-sdk/pull/3554)). Contributed by @kerryarchibald.
+ * Prevent threads code from making identical simultaneous API hits ([\#3541](https://github.com/matrix-org/matrix-js-sdk/pull/3541)). Fixes vector-im/element-web#25395.
+ * Update IUnsigned type to be extensible ([\#3547](https://github.com/matrix-org/matrix-js-sdk/pull/3547)).
+ * add stop() api to BackupManager for clean shutdown ([\#3553](https://github.com/matrix-org/matrix-js-sdk/pull/3553)).
+ * Log the message ID of any undecryptable to-device messages ([\#3543](https://github.com/matrix-org/matrix-js-sdk/pull/3543)).
+ * Ignore thread relations on state events for consistency with edits ([\#3540](https://github.com/matrix-org/matrix-js-sdk/pull/3540)).
+ * OIDC: validate id token ([\#3531](https://github.com/matrix-org/matrix-js-sdk/pull/3531)). Contributed by @kerryarchibald.
+
+## 🐛 Bug Fixes
+ * Fix read receipt sending behaviour around thread roots ([\#3600](https://github.com/matrix-org/matrix-js-sdk/pull/3600)).
+ * Fix `TypedEventEmitter::removeAllListeners(void)` not working ([\#3561](https://github.com/matrix-org/matrix-js-sdk/pull/3561)).
+ * Don't allow Olm unwedging rate-limiting to race ([\#3549](https://github.com/matrix-org/matrix-js-sdk/pull/3549)). Fixes vector-im/element-web#25716.
+ * Fix an instance of failed to decrypt error when an in flight `/keys/query` fails. ([\#3486](https://github.com/matrix-org/matrix-js-sdk/pull/3486)).
+ * Use the right anchor emoji for SAS verification ([\#3534](https://github.com/matrix-org/matrix-js-sdk/pull/3534)).
+ * fix a bug which caused the wrong emoji to be shown during SAS device verification. ([\#3523](https://github.com/matrix-org/matrix-js-sdk/pull/3523)).
+
+Changes in [26.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.2.0) (2023-07-04)
+==================================================================================================
+
+## 🦖 Deprecations
+ * The Browserify artifact is being deprecated, scheduled for removal in the October 10th release cycle. ([\#3189](https://github.com/matrix-org/matrix-js-sdk/issues/3189)).
+ * ElementR: Add `CryptoApi#bootstrapSecretStorage` ([\#3483](https://github.com/matrix-org/matrix-js-sdk/pull/3483)). Contributed by @florianduros.
+ * Deprecate `MatrixClient.findVerificationRequestDMInProgress`, `MatrixClient.getVerificationRequestsToDeviceInProgress`, and `MatrixClient.requestVerification`, in favour of methods in `CryptoApi`. ([\#3474](https://github.com/matrix-org/matrix-js-sdk/pull/3474)).
+ * Introduce a new `Crypto.VerificationRequest` interface, and deprecate direct access to the old `VerificationRequest` class. Also deprecate some related classes that were exported from `src/crypto/verification/request/VerificationRequest` ([\#3449](https://github.com/matrix-org/matrix-js-sdk/pull/3449)).
+
+## ✨ Features
+ * OIDC: navigate to authorization endpoint ([\#3499](https://github.com/matrix-org/matrix-js-sdk/pull/3499)). Contributed by @kerryarchibald.
+ * Support for interactive device verification in Element-R. ([\#3505](https://github.com/matrix-org/matrix-js-sdk/pull/3505)).
+ * Support for interactive device verification in Element-R. ([\#3508](https://github.com/matrix-org/matrix-js-sdk/pull/3508)).
+ * Support for interactive device verification in Element-R. ([\#3490](https://github.com/matrix-org/matrix-js-sdk/pull/3490)). Fixes vector-im/element-web#25316.
+ * Element-R: Store cross signing keys in secret storage ([\#3498](https://github.com/matrix-org/matrix-js-sdk/pull/3498)). Contributed by @florianduros.
+ * OIDC: add dynamic client registration util function ([\#3481](https://github.com/matrix-org/matrix-js-sdk/pull/3481)). Contributed by @kerryarchibald.
+ * Add getLastUnthreadedReceiptFor utility to Thread delegating to the underlying Room ([\#3493](https://github.com/matrix-org/matrix-js-sdk/pull/3493)).
+ * ElementR: Add `rust-crypto#createRecoveryKeyFromPassphrase` implementation ([\#3472](https://github.com/matrix-org/matrix-js-sdk/pull/3472)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+ * Aggregate relations regardless of whether event fits into the timeline ([\#3496](https://github.com/matrix-org/matrix-js-sdk/pull/3496)). Fixes vector-im/element-web#25596.
+ * Fix bug where switching media caused media in subsequent calls to fail ([\#3489](https://github.com/matrix-org/matrix-js-sdk/pull/3489)).
+ * Fix: remove polls from room state on redaction ([\#3475](https://github.com/matrix-org/matrix-js-sdk/pull/3475)). Fixes vector-im/element-web#25573. Contributed by @kerryarchibald.
+ * Fix export type `GeneratedSecretStorageKey` ([\#3479](https://github.com/matrix-org/matrix-js-sdk/pull/3479)). Contributed by @florianduros.
+ * Close IDB database before deleting it to prevent spurious unexpected close errors ([\#3478](https://github.com/matrix-org/matrix-js-sdk/pull/3478)). Fixes vector-im/element-web#25597.
+
+Changes in [26.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.1.0) (2023-06-20)
+==================================================================================================
+
+## 🦖 Deprecations
+ * Introduce a new `Crypto.Verifier` interface, and deprecate direct access to `VerificationBase`, `SAS` and `ReciprocateQRCode` ([\#3414](https://github.com/matrix-org/matrix-js-sdk/pull/3414)).
+
+## ✨ Features
+ * Add `rust-crypto#isCrossSigningReady` implementation ([\#3462](https://github.com/matrix-org/matrix-js-sdk/pull/3462)). Contributed by @florianduros.
+ * OIDC: Validate `m.authentication` configuration ([\#3419](https://github.com/matrix-org/matrix-js-sdk/pull/3419)). Contributed by @kerryarchibald.
+ * ElementR: Add `CryptoApi.getCrossSigningStatus` ([\#3452](https://github.com/matrix-org/matrix-js-sdk/pull/3452)). Contributed by @florianduros.
+ * Extend stats summary with call device and user count based on room state ([\#3424](https://github.com/matrix-org/matrix-js-sdk/pull/3424)). Contributed by @toger5.
+ * Update MSC3912 implementation to use `with_rel_type` instead of `with_relations` ([\#3420](https://github.com/matrix-org/matrix-js-sdk/pull/3420)).
+ * Export thread-related types from SDK ([\#3447](https://github.com/matrix-org/matrix-js-sdk/pull/3447)). Contributed by @stas-demydiuk.
+ * Use correct /v3 prefix for /refresh ([\#3016](https://github.com/matrix-org/matrix-js-sdk/pull/3016)). Contributed by @davidisaaclee.
+
+## 🐛 Bug Fixes
+ * Fix thread list being ordered based on all updates ([\#3458](https://github.com/matrix-org/matrix-js-sdk/pull/3458)). Fixes vector-im/element-web#25522.
+ * Fix: handle `baseUrl` with trailing slash in `fetch.getUrl` ([\#3455](https://github.com/matrix-org/matrix-js-sdk/pull/3455)). Fixes vector-im/element-web#25526. Contributed by @kerryarchibald.
+ * use cli.canSupport to determine intentional mentions support ([\#3445](https://github.com/matrix-org/matrix-js-sdk/pull/3445)). Fixes vector-im/element-web#25497. Contributed by @kerryarchibald.
+ * Make sliding sync linearize processing of sync requests ([\#3442](https://github.com/matrix-org/matrix-js-sdk/pull/3442)).
+ * Fix edge cases around 2nd order relations and threads ([\#3437](https://github.com/matrix-org/matrix-js-sdk/pull/3437)).
+
+Changes in [26.0.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.0.1) (2023-06-09)
+==================================================================================================
+
+## 🐛 Bug Fixes
+ * Fix: handle `baseUrl` with trailing slash in `fetch.getUrl` ([\#3455](https://github.com/matrix-org/matrix-js-sdk/pull/3455)). Fixes vector-im/element-web#25526. Contributed by @kerryarchibald.
+
+Changes in [26.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v26.0.0) (2023-06-06)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Ensure we do not add relations to the wrong timeline ([\#3427](https://github.com/matrix-org/matrix-js-sdk/pull/3427)). Fixes vector-im/element-web#25450 and vector-im/element-web#25494.
+ * Deprecate `QrCodeEvent`, `SasEvent` and `VerificationEvent` ([\#3386](https://github.com/matrix-org/matrix-js-sdk/pull/3386)).
+
+## 🦖 Deprecations
+ * Move crypto classes into a separate namespace ([\#3385](https://github.com/matrix-org/matrix-js-sdk/pull/3385)).
+
+## ✨ Features
+ * Mention deno support in the README ([\#3417](https://github.com/matrix-org/matrix-js-sdk/pull/3417)). Contributed by @sigmaSd.
+ * Mark room version 10 as safe ([\#3425](https://github.com/matrix-org/matrix-js-sdk/pull/3425)).
+ * Prioritise entirely supported flows for UIA ([\#3402](https://github.com/matrix-org/matrix-js-sdk/pull/3402)).
+ * Add methods to terminate idb worker ([\#3362](https://github.com/matrix-org/matrix-js-sdk/pull/3362)).
+ * Total summary count ([\#3351](https://github.com/matrix-org/matrix-js-sdk/pull/3351)). Contributed by @toger5.
+ * Audio concealment ([\#3349](https://github.com/matrix-org/matrix-js-sdk/pull/3349)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+ * Correctly accumulate sync summaries. ([\#3366](https://github.com/matrix-org/matrix-js-sdk/pull/3366)). Fixes vector-im/element-web#23345.
+ * Keep measuring a call feed's volume after a stream replacement ([\#3361](https://github.com/matrix-org/matrix-js-sdk/pull/3361)). Fixes vector-im/element-call#1051.
+ * Element-R: Avoid uploading a new fallback key at every `/sync` ([\#3338](https://github.com/matrix-org/matrix-js-sdk/pull/3338)). Fixes vector-im/element-web#25215.
+ * Accumulate receipts for the main thread and unthreaded separately ([\#3339](https://github.com/matrix-org/matrix-js-sdk/pull/3339)). Fixes vector-im/element-web#24629.
+ * Remove spec non-compliant extended glob format ([\#3423](https://github.com/matrix-org/matrix-js-sdk/pull/3423)). Fixes vector-im/element-web#25474.
+ * Fix bug where original event was inserted into timeline instead of the edit event ([\#3398](https://github.com/matrix-org/matrix-js-sdk/pull/3398)). Contributed by @andybalaam.
+ * Only add a local receipt if it's after an existing receipt ([\#3399](https://github.com/matrix-org/matrix-js-sdk/pull/3399)). Contributed by @andybalaam.
+ * Attempt a potential workaround for stuck notifs ([\#3384](https://github.com/matrix-org/matrix-js-sdk/pull/3384)). Fixes vector-im/element-web#25406. Contributed by @andybalaam.
+ * Fix verification bug with `pendingEventOrdering: "chronological"` ([\#3382](https://github.com/matrix-org/matrix-js-sdk/pull/3382)).
+
+Changes in [25.1.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v25.1.1) (2023-05-16)
+==================================================================================================
+
+## 🐛 Bug Fixes
+ * Rebuild to fix packaging glitch in 25.1.0. Fixes #3363
+
+Changes in [25.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v25.1.0) (2023-05-09)
+==================================================================================================
+
+## 🦖 Deprecations
+ * Deprecate MatrixClient::resolveRoomAlias ([\#3316](https://github.com/matrix-org/matrix-js-sdk/pull/3316)).
+
+## ✨ Features
+ * add client method to remove pusher ([\#3324](https://github.com/matrix-org/matrix-js-sdk/pull/3324)). Contributed by @kerryarchibald.
+ * Implement MSC 3981 ([\#3248](https://github.com/matrix-org/matrix-js-sdk/pull/3248)). Fixes vector-im/element-web#25021. Contributed by @justjanne.
+ * Added `Room.getLastLiveEvent` and `Room.getLastThread`. Deprecated `Room.lastThread` in favour of `Room.getLastThread`. ([\#3321](https://github.com/matrix-org/matrix-js-sdk/pull/3321)).
+ * Element-R: wire up device lists ([\#3272](https://github.com/matrix-org/matrix-js-sdk/pull/3272)). Contributed by @florianduros.
+ * Node 20 support ([\#3302](https://github.com/matrix-org/matrix-js-sdk/pull/3302)).
+
+## 🐛 Bug Fixes
+ * Fix racing between one-time-keys processing and sync ([\#3327](https://github.com/matrix-org/matrix-js-sdk/pull/3327)). Fixes vector-im/element-web#25214. Contributed by @florianduros.
+ * Fix lack of media when a user reconnects ([\#3318](https://github.com/matrix-org/matrix-js-sdk/pull/3318)).
+ * Fix TimelineWindow getEvents exploding if no neigbouring timeline ([\#3285](https://github.com/matrix-org/matrix-js-sdk/pull/3285)). Fixes vector-im/element-web#25104.
+
+Changes in [25.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v25.0.0) (2023-04-25)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Change `Store.save()` to return a `Promise` ([\#3221](https://github.com/matrix-org/matrix-js-sdk/pull/3221)). Contributed by @texuf.
+
+## ✨ Features
+ * Add typedoc-plugin-mdn-links ([\#3292](https://github.com/matrix-org/matrix-js-sdk/pull/3292)).
+ * Annotate events with executed push rule ([\#3284](https://github.com/matrix-org/matrix-js-sdk/pull/3284)). Contributed by @kerryarchibald.
+ * Element-R: pass device list change notifications into rust crypto-sdk ([\#3254](https://github.com/matrix-org/matrix-js-sdk/pull/3254)). Fixes vector-im/element-web#24795. Contributed by @florianduros.
+ * Support for MSC3882 revision 1 ([\#3228](https://github.com/matrix-org/matrix-js-sdk/pull/3228)). Contributed by @hughns.
+
+## 🐛 Bug Fixes
+ * Fix screen sharing on Firefox 113 ([\#3282](https://github.com/matrix-org/matrix-js-sdk/pull/3282)). Contributed by @tulir.
+ * Retry processing potential poll events after decryption ([\#3246](https://github.com/matrix-org/matrix-js-sdk/pull/3246)). Fixes vector-im/element-web#24568.
+ * Element-R: handle events which arrive before their keys ([\#3230](https://github.com/matrix-org/matrix-js-sdk/pull/3230)). Fixes vector-im/element-web#24489.
+
+Changes in [24.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0) (2023-04-11)
+==================================================================================================
+
+## ✨ Features
+ * Allow via_servers property in findPredecessor (update to MSC3946) ([\#3240](https://github.com/matrix-org/matrix-js-sdk/pull/3240)). Contributed by @andybalaam.
+ * Fire `closed` event when IndexedDB closes unexpectedly ([\#3218](https://github.com/matrix-org/matrix-js-sdk/pull/3218)).
+ * Implement MSC3952: intentional mentions ([\#3092](https://github.com/matrix-org/matrix-js-sdk/pull/3092)). Fixes vector-im/element-web#24376.
+ * Send one time key count and unused fallback keys for rust-crypto ([\#3215](https://github.com/matrix-org/matrix-js-sdk/pull/3215)). Fixes vector-im/element-web#24795. Contributed by @florianduros.
+ * Improve `processBeaconEvents` hotpath ([\#3200](https://github.com/matrix-org/matrix-js-sdk/pull/3200)).
+ * Implement MSC3966: a push rule condition to check if an array contains a value ([\#3180](https://github.com/matrix-org/matrix-js-sdk/pull/3180)).
+
+## 🐛 Bug Fixes
+ * indexddb-local-backend - return the current sync to database promise … ([\#3222](https://github.com/matrix-org/matrix-js-sdk/pull/3222)). Contributed by @texuf.
+ * Revert "Add the call object to Call events" ([\#3236](https://github.com/matrix-org/matrix-js-sdk/pull/3236)).
+ * Handle group call redaction ([\#3231](https://github.com/matrix-org/matrix-js-sdk/pull/3231)). Fixes vector-im/voip-internal#128.
+ * Stop doing O(n^2) work to find event's home (`eventShouldLiveIn`) ([\#3227](https://github.com/matrix-org/matrix-js-sdk/pull/3227)). Contributed by @jryans.
+ * Fix bug where video would not unmute if it started muted ([\#3213](https://github.com/matrix-org/matrix-js-sdk/pull/3213)). Fixes vector-im/element-call#925.
+ * Fixes to event encryption in the Rust Crypto implementation ([\#3202](https://github.com/matrix-org/matrix-js-sdk/pull/3202)).
+
+Changes in [24.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.0.0) (2023-03-28)
+==================================================================================================
+
+## 🔒 Security
+ * Fixes for [CVE-2023-28427](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28427) / GHSA-mwq8-fjpf-c2gr
+
+Changes in [23.5.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v23.5.0) (2023-03-15)
+==================================================================================================
+
+## ✨ Features
+ * Implement MSC3758: a push rule condition to match event properties exactly ([\#3179](https://github.com/matrix-org/matrix-js-sdk/pull/3179)).
+ * Enable group calls without video and audio track by configuration of MatrixClient ([\#3162](https://github.com/matrix-org/matrix-js-sdk/pull/3162)). Contributed by @EnricoSchw.
+ * Updates to protocol used for Sign in with QR code ([\#3155](https://github.com/matrix-org/matrix-js-sdk/pull/3155)). Contributed by @hughns.
+ * Implement MSC3873 to handle escaped dots in push rule keys ([\#3134](https://github.com/matrix-org/matrix-js-sdk/pull/3134)). Fixes undefined/matrix-js-sdk#1454.
+
+## 🐛 Bug Fixes
+ * Fix spec compliance issue around encrypted `m.relates_to` ([\#3178](https://github.com/matrix-org/matrix-js-sdk/pull/3178)).
+ * Fix reactions in threads sometimes causing stuck notifications ([\#3146](https://github.com/matrix-org/matrix-js-sdk/pull/3146)). Fixes vector-im/element-web#24000. Contributed by @justjanne.
+
+Changes in [23.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v23.4.0) (2023-02-28)
+==================================================================================================
+
+## ✨ Features
+ * Add easy way to determine if the decryption failure is due to "DecryptionError: The sender has disabled encrypting to unverified devices." ([\#3167](https://github.com/matrix-org/matrix-js-sdk/pull/3167)). Contributed by @florianduros.
+ * Polls: expose end event id on poll model ([\#3160](https://github.com/matrix-org/matrix-js-sdk/pull/3160)). Contributed by @kerryarchibald.
+ * Polls: count undecryptable poll relations ([\#3163](https://github.com/matrix-org/matrix-js-sdk/pull/3163)). Contributed by @kerryarchibald.
+
+## 🐛 Bug Fixes
+ * Better type guard parseTopicContent ([\#3165](https://github.com/matrix-org/matrix-js-sdk/pull/3165)). Fixes matrix-org/element-web-rageshakes#20177 and matrix-org/element-web-rageshakes#20178.
+ * Fix a bug where events in encrypted rooms would sometimes erroneously increment the total unread counter after being processed locally. ([\#3130](https://github.com/matrix-org/matrix-js-sdk/pull/3130)). Fixes vector-im/element-web#24448. Contributed by @Half-Shot.
+ * Stop the ICE disconnected timer on call terminate ([\#3147](https://github.com/matrix-org/matrix-js-sdk/pull/3147)).
+ * Clear notifications when we can infer read status from receipts ([\#3139](https://github.com/matrix-org/matrix-js-sdk/pull/3139)). Fixes vector-im/element-web#23991.
+ * Messages sent out of order after one message fails ([\#3131](https://github.com/matrix-org/matrix-js-sdk/pull/3131)). Fixes vector-im/element-web#22885 and vector-im/element-web#18942. Contributed by @justjanne.
+
 Changes in [23.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v23.3.0) (2023-02-14)
 ==================================================================================================
 

README.md

@@ -11,6 +11,8 @@
 This is the [Matrix](https://matrix.org) Client-Server SDK for JavaScript and TypeScript. This SDK can be run in a
 browser or in Node.js.
 
+#### Minimum Matrix server version: v1.1
+
 The Matrix specification is constantly evolving - while this SDK aims for maximum backwards compatibility, it only
 guarantees that a feature will be supported for at least 4 spec releases. For example, if a feature the js-sdk supports
 is removed in v1.4 then the feature is _eligible_ for removal from the SDK when v1.8 is released. This SDK has no
@@ -21,17 +23,7 @@ endpoints from before Matrix 1.1, for example.
 
 ## In a browser
 
-Download the browser version from
-https://github.com/matrix-org/matrix-js-sdk/releases/latest and add that as a
-`<script>` to your page. There will be a global variable `matrixcs`
-attached to `window` through which you can access the SDK. See below for how to
-include libolm to enable end-to-end-encryption.
-
-The browser bundle supports recent versions of browsers. Typically this is ES2015
-or `> 0.5%, last 2 versions, Firefox ESR, not dead` if using
-[browserlists](https://github.com/browserslist/browserslist).
-
-Please check [the working browser example](examples/browser) for more information.
+### Note, the browserify build has been removed. Please use a bundler like webpack or vite instead.
 
 ## In Node.js
 
@@ -55,6 +47,8 @@ client.publicRooms(function (err, data) {
 See below for how to include libolm to enable end-to-end-encryption. Please check
 [the Node.js terminal app](examples/node) for a more complex example.
 
+You can also use the sdk with [Deno](https://deno.land/) (`import npm:matrix-js-sdk`) but its not officialy supported.
+
 To start the client:
 
 ```javascript
@@ -357,7 +351,7 @@ First, you need to pull in the right build tools:
 
 ## Building
 
-To build a browser version from scratch when developing::
+To build a browser version from scratch when developing:
 
 ```
  $ yarn build
@@ -369,9 +363,6 @@ To run tests (Jest):
  $ yarn test
 ```
 
-> **Note**
-> The `sync-browserify.spec.ts` requires a browser build (`yarn build`) in order to pass
-
 To run linting:
 
 ```

docs/SUMMARY.md

@@ -0,0 +1,9 @@
+# Summary
+
+-   [Introduction](../README.md)
+
+# Deep dive
+
+-   [Release Process](release.md)
+-   [Storage notes](storage-notes.md)
+-   [Unverified devices](warning-on-unverified-devices.md)

docs/release.md

@@ -0,0 +1,24 @@
+# Release Process
+
+## Hotfix and off-cycle releases
+
+1. Prepare the `staging` branch by using the backport automation and manually merging
+2. Go to [Releasing](#Releasing)
+
+## Release candidates
+
+1. Prepare the `staging` branch by running the [branch cut automation](https://github.com/vector-im/element-web/actions/workflows/release_prepare.yml)
+2. Go to [Releasing](#Releasing)
+
+## Releasing
+
+1. Open the [Releases page](https://github.com/matrix-org/matrix-js-sdk/releases) and inspect the draft release there
+2. Make any modifications to the release notes and tag/version as required
+3. Run [workflow](https://github.com/matrix-org/matrix-js-sdk/actions/workflows/release.yml) with the type set appropriately
+
+## Artifacts
+
+Releasing the Matrix JS SDK has just two artifacts:
+
+-   Package published to [npm](https://github.com/matrix-org/matrix-js-sdk)
+-   Docs published to [Github Pages](https://matrix-org.github.io/matrix-js-sdk/)

docs/warning-on-unverified-devices.md

@@ -1,31 +1,29 @@
 Random notes from Matthew on the two possible approaches for warning users about unexpected
 unverified devices popping up in their rooms....
 
-Original idea...
-================
+# Original idea...
 
 Warn when an existing user adds an unknown device to a room.
 
 Warn when a user joins the room with unverified or unknown devices.
 
 Warn when you initial sync if the room has any unverified devices in it.
- ^ this is good enough if we're doing local storage.
- OR, better:
+^ this is good enough if we're doing local storage.
+OR, better:
 Warn when you initial sync if the room has any new undefined devices since you were last there.
- => This means persisting the rooms that devices are in, across initial syncs.
+=> This means persisting the rooms that devices are in, across initial syncs.
 
-
-Updated idea...
-===============
+# Updated idea...
 
 Warn when the user tries to send a message:
-  - If the room has unverified devices which the user has not yet been told about in the context of this room
-    ...or in the context of this user?  currently all verification is per-user, not per-room.
+
+-   If the room has unverified devices which the user has not yet been told about in the context of this room
+    ...or in the context of this user? currently all verification is per-user, not per-room.
     ...this should be good enough.
 
-  - so track whether we have warned the user or not about unverified devices - blocked, unverified, verified, unverified_warned.
+-   so track whether we have warned the user or not about unverified devices - blocked, unverified, verified, unverified_warned.
     throw an error when trying to encrypt if there are pure unverified devices there
     app will have to search for the devices which are pure unverified to warn about them - have to do this from MembersList anyway?
-      - or megolm could warn which devices are causing the problems.
+    -   or megolm could warn which devices are causing the problems.
 
-Why do we wait to establish outbound sessions?  It just makes a horrible pause when we first try to send a message... but could otherwise unnecessarily consume resources?
+Why do we wait to establish outbound sessions? It just makes a horrible pause when we first try to send a message... but could otherwise unnecessarily consume resources?

examples/browser/README.md

@@ -1,10 +0,0 @@
-To try it out, **you must build the SDK first** and then host this folder:
-
-```
- $ yarn install
- $ yarn build
- $ cd examples/browser
- $ python -m http.server 8003
-```
-
-Then visit `http://localhost:8003`.

examples/browser/browserTest.js

@@ -1,9 +0,0 @@
-console.log("Loading browser sdk");
-
-var client = matrixcs.createClient({ baseUrl: "https://matrix.org" });
-client.publicRooms().then(function (data) {
-    console.log("data %s [...]", JSON.stringify(data).substring(0, 100));
-    console.log("Congratulations! The SDK is working on the browser!");
-    var result = document.getElementById("result");
-    result.innerHTML = "<p>The SDK appears to be working correctly.</p>";
-});

examples/browser/index.html

@@ -1,17 +0,0 @@
-<html lang="en">
-    <head>
-        <title>Test</title>
-        <meta charset="utf-8" />
-        <link rel="icon" href="data:," />
-        <script src="lib/matrix.js"></script>
-        <script src="browserTest.js"></script>
-    </head>
-    <body>
-        Sanity Testing (check the console) : This example is here to make sure that the SDK works inside a browser. It
-        simply does a GET /publicRooms on matrix.org
-        <br />
-        You should see a message confirming that the SDK works below:
-        <br />
-        <div id="result"></div>
-    </body>
-</html>

examples/browser/lib/matrix.js

@@ -1 +0,0 @@
-../../../dist/browser-matrix.js

examples/crypto-browser/lib/.gitignore

@@ -1,2 +0,0 @@
-olm.js
-olm.wasm

examples/crypto-browser/lib/matrix.js

@@ -1 +0,0 @@
-../../../dist/browser-matrix.js

examples/crypto-browser/olm-device-export-import.html

@@ -1,60 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-    <head>
-        <meta charset="UTF-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <meta http-equiv="X-UA-Compatible" content="ie=edge" />
-        <title>Test Crypto in Browser</title>
-        <script src="lib/olm.js"></script>
-        <script src="lib/matrix.js"></script>
-    </head>
-    <body>
-        <h1>Testing export/import of Olm devices in the browser</h1>
-        <ul>
-            <li>Make sure you built the current version of the Matrix JS SDK (<code>yarn build</code>)</li>
-            <li>
-                copy <code>olm.js</code> and <code>olm.wasm</code> from a recent release of Olm (was tested with version
-                3.1.4) in directory <code>lib/</code>
-            </li>
-            <li>start a local Matrix homeserver (on port 8008, or change the port in the code)</li>
-            <li>Serve this HTML file (e.g. <code>python3 -m http.server</code>) and go to it through your browser</li>
-            <li>
-                in the JS console, do:
-                <pre>
-aliceMatrixClient = await newMatrixClient("alice-"+randomHex());
-await aliceMatrixClient.exportDevice();
-await aliceMatrixClient.getAccessToken();
-            </pre
-                >
-            </li>
-            <li>
-                copy the result of <code>exportDevice</code> and <code>getAccessToken</code> somewhere (<strong
-                    >not</strong
-                >
-                in a JS variable as it will be destroyed when you refresh the page)
-            </li>
-            <li><strong>refresh the page (F5)</strong> to make sure the client is destroyed</li>
-            <li>
-                Do the following, replacing <code>ALICE_ID</code>
-                with the user ID of Alice (you can find it in the exported data)
-                <pre>
-bobMatrixClient = await newMatrixClient("bob-"+randomHex());
-roomId = await bobMatrixClient.createEncryptedRoom([ALICE_ID]);
-await bobMatrixClient.sendTextMessage('Hi Alice!', roomId);
-            </pre
-                >
-            </li>
-            <li>Again, <strong>refresh the page (F5)</strong>. You may want to clear your console as well.</li>
-            <li>
-                Now do the following, using the exported data and the access token you saved previously:
-                <pre>
-aliceMatrixClient = await importMatrixClient(EXPORTED_DATA, ACCESS_TOKEN);
-            </pre
-                >
-            </li>
-            <li>You should see the message sent by Bob printed in the console.</li>
-        </ul>
-
-        <script src="olm-device-export-import.js"></script>
-    </body>
-</html>

examples/crypto-browser/olm-device-export-import.js

@@ -1,105 +0,0 @@
-if (!Olm) {
-    console.error("global.Olm does not seem to be present." + " Did you forget to add olm in the lib/ directory?");
-}
-
-const BASE_URL = "http://localhost:8008";
-const ROOM_CRYPTO_CONFIG = { algorithm: "m.megolm.v1.aes-sha2" };
-const PASSWORD = "password";
-
-// useful to create new usernames
-window.randomHex = () => Math.floor(Math.random() * 10 ** 6).toString(16);
-
-window.newMatrixClient = async function (username) {
-    const registrationClient = matrixcs.createClient(BASE_URL);
-
-    const userRegisterResult = await registrationClient.register(username, PASSWORD, null, { type: "m.login.dummy" });
-
-    const matrixClient = matrixcs.createClient({
-        baseUrl: BASE_URL,
-        userId: userRegisterResult.user_id,
-        accessToken: userRegisterResult.access_token,
-        deviceId: userRegisterResult.device_id,
-        sessionStore: new matrixcs.WebStorageSessionStore(window.localStorage),
-        cryptoStore: new matrixcs.MemoryCryptoStore(),
-    });
-
-    extendMatrixClient(matrixClient);
-
-    await matrixClient.initCrypto();
-    await matrixClient.startClient();
-    return matrixClient;
-};
-
-window.importMatrixClient = async function (exportedDevice, accessToken) {
-    const matrixClient = matrixcs.createClient({
-        baseUrl: BASE_URL,
-        deviceToImport: exportedDevice,
-        accessToken,
-        sessionStore: new matrixcs.WebStorageSessionStore(window.localStorage),
-        cryptoStore: new matrixcs.MemoryCryptoStore(),
-    });
-
-    extendMatrixClient(matrixClient);
-
-    await matrixClient.initCrypto();
-    await matrixClient.startClient();
-    return matrixClient;
-};
-
-function extendMatrixClient(matrixClient) {
-    // automatic join
-    matrixClient.on("RoomMember.membership", async (event, member) => {
-        if (member.membership === "invite" && member.userId === matrixClient.getUserId()) {
-            await matrixClient.joinRoom(member.roomId);
-            // setting up of room encryption seems to be triggered automatically
-            // but if we don't wait for it the first messages we send are unencrypted
-            await matrixClient.setRoomEncryption(member.roomId, { algorithm: "m.megolm.v1.aes-sha2" });
-        }
-    });
-
-    matrixClient.onDecryptedMessage = (message) => {
-        console.log("Got encrypted message: ", message);
-    };
-
-    matrixClient.on("Event.decrypted", (event) => {
-        if (event.getType() === "m.room.message") {
-            matrixClient.onDecryptedMessage(event.getContent().body);
-        } else {
-            console.log("decrypted an event of type", event.getType());
-            console.log(event);
-        }
-    });
-
-    matrixClient.createEncryptedRoom = async function (usersToInvite) {
-        const { room_id: roomId } = await this.createRoom({
-            visibility: "private",
-            invite: usersToInvite,
-        });
-
-        // matrixClient.setRoomEncryption() only updates local state
-        // but does not send anything to the server
-        // (see https://github.com/matrix-org/matrix-js-sdk/issues/905)
-        // so we do it ourselves with 'sendStateEvent'
-        await this.sendStateEvent(roomId, "m.room.encryption", ROOM_CRYPTO_CONFIG);
-        await this.setRoomEncryption(roomId, ROOM_CRYPTO_CONFIG);
-
-        // Marking all devices as verified
-        let room = this.getRoom(roomId);
-        let members = (await room.getEncryptionTargetMembers()).map((x) => x["userId"]);
-        let memberkeys = await this.downloadKeys(members);
-        for (const userId in memberkeys) {
-            for (const deviceId in memberkeys[userId]) {
-                await this.setDeviceVerified(userId, deviceId);
-            }
-        }
-
-        return roomId;
-    };
-
-    matrixClient.sendTextMessage = async function (message, roomId) {
-        return matrixClient.sendMessage(roomId, {
-            body: message,
-            msgtype: "m.text",
-        });
-    };
-}

jest.config.ts

@@ -0,0 +1,47 @@
+/* Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import type { Config } from "jest";
+import { env } from "process";
+
+const config: Config = {
+    testEnvironment: "node",
+    testMatch: ["<rootDir>/spec/**/*.spec.{js,ts}"],
+    setupFilesAfterEnv: ["<rootDir>/spec/setupTests.ts"],
+    collectCoverageFrom: ["<rootDir>/src/**/*.{js,ts}"],
+    coverageReporters: ["text-summary", "lcov"],
+    testResultsProcessor: "@casualbot/jest-sonar-reporter",
+
+    // Always print out a summary if there are any failing tests. Normally
+    // a summary is only printed if there are more than 20 test *suites*.
+    reporters: [["default", { summaryThreshold: 0 }]],
+};
+
+// if we're running under GHA, enable the GHA reporter
+if (env["GITHUB_ACTIONS"] !== undefined) {
+    const reporters: Config["reporters"] = [
+        ["github-actions", { silent: false }],
+        // as above: always show a summary if there were any failing tests.
+        ["summary", { summaryThreshold: 0 }],
+    ];
+
+    // if we're running against the develop branch, also enable the slow test reporter
+    if (env["GITHUB_REF"] == "refs/heads/develop") {
+        reporters.push("<rootDir>/spec/slowReporter.js");
+    }
+    config.reporters = reporters;
+}
+
+export default config;

package.json

@@ -1,26 +1,24 @@
 {
     "name": "matrix-js-sdk",
-    "version": "23.3.0",
+    "version": "30.3.0",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
-        "node": ">=16.0.0"
+        "node": ">=18.0.0"
     },
     "scripts": {
         "prepublishOnly": "yarn build",
         "start": "echo THIS IS FOR LEGACY PURPOSES ONLY. && babel src -w -s -d lib --verbose --extensions \".ts,.js\"",
-        "dist": "echo 'This is for the release script so it can make assets (browser bundle).' && yarn build",
-        "clean": "rimraf lib dist",
-        "build": "yarn build:dev && yarn build:compile-browser && yarn build:minify-browser",
+        "clean": "rimraf lib",
+        "build": "yarn build:dev",
         "build:dev": "yarn clean && git rev-parse HEAD > git-revision.txt && yarn build:compile && yarn build:types",
         "build:types": "tsc -p tsconfig-build.json --emitDeclarationOnly",
         "build:compile": "babel -d lib --verbose --extensions \".ts,.js\" src",
-        "build:compile-browser": "mkdir dist && browserify -d src/browser-index.ts -p [ tsify -p ./tsconfig-build.json ] -t [ babelify --sourceMaps=inline --presets [ @babel/preset-env @babel/preset-typescript ] ] | exorcist dist/browser-matrix.js.map > dist/browser-matrix.js",
-        "build:minify-browser": "terser dist/browser-matrix.js --compress --mangle --source-map --output dist/browser-matrix.min.js",
         "gendoc": "typedoc",
-        "lint": "yarn lint:types && yarn lint:js",
+        "lint": "yarn lint:types && yarn lint:js && yarn lint:workflows",
         "lint:js": "eslint --max-warnings 0 src spec && prettier --check .",
         "lint:js-fix": "prettier --loglevel=warn --write . && eslint --fix src spec",
         "lint:types": "tsc --noEmit",
+        "lint:workflows": "find .github/workflows -type f \\( -iname '*.yaml' -o -iname '*.yml' \\) | xargs -I {} sh -c 'echo \"Linting {}\"; action-validator \"{}\"'",
         "test": "jest",
         "test:watch": "jest --watch",
         "coverage": "yarn test --coverage"
@@ -42,7 +40,6 @@
     "author": "matrix.org",
     "license": "Apache-2.0",
     "files": [
-        "dist",
         "lib",
         "src",
         "git-revision.txt",
@@ -55,19 +52,23 @@
     ],
     "dependencies": {
         "@babel/runtime": "^7.12.5",
-        "@matrix-org/matrix-sdk-crypto-js": "^0.1.0-alpha.3",
+        "@matrix-org/matrix-sdk-crypto-wasm": "^3.4.0",
         "another-json": "^0.2.0",
         "bs58": "^5.0.0",
         "content-type": "^1.0.4",
+        "jwt-decode": "^3.1.2",
         "loglevel": "^1.7.1",
         "matrix-events-sdk": "0.0.1",
-        "matrix-widget-api": "^1.0.0",
+        "matrix-widget-api": "^1.6.0",
+        "oidc-client-ts": "^2.2.4",
         "p-retry": "4",
         "sdp-transform": "^2.14.1",
         "unhomoglyph": "^1.0.6",
         "uuid": "9"
     },
     "devDependencies": {
+        "@action-validator/cli": "^0.5.3",
+        "@action-validator/core": "^0.5.3",
         "@babel/cli": "^7.12.10",
         "@babel/core": "^7.12.10",
         "@babel/eslint-parser": "^7.12.10",
@@ -80,10 +81,11 @@
         "@babel/preset-env": "^7.12.11",
         "@babel/preset-typescript": "^7.12.7",
         "@babel/register": "^7.12.10",
-        "@casualbot/jest-sonar-reporter": "^2.2.5",
-        "@matrix-org/olm": "https://gitlab.matrix.org/api/v4/projects/27/packages/npm/@matrix-org/olm/-/@matrix-org/olm-3.2.14.tgz",
+        "@casualbot/jest-sonar-reporter": "2.2.7",
+        "@matrix-org/olm": "3.2.15",
         "@types/bs58": "^4.0.1",
         "@types/content-type": "^1.1.5",
+        "@types/debug": "^4.1.7",
         "@types/domexception": "^4.0.0",
         "@types/jest": "^29.0.0",
         "@types/node": "18",
@@ -93,52 +95,38 @@
         "@typescript-eslint/parser": "^5.45.0",
         "allchange": "^1.0.6",
         "babel-jest": "^29.0.0",
-        "babelify": "^10.0.0",
-        "better-docs": "^2.4.0-beta.9",
-        "browserify": "^17.0.0",
-        "docdash": "^2.0.0",
+        "debug": "^4.3.4",
         "domexception": "^4.0.0",
-        "eslint": "8.32.0",
+        "eslint": "8.54.0",
         "eslint-config-google": "^0.14.0",
-        "eslint-config-prettier": "^8.5.0",
+        "eslint-config-prettier": "^9.0.0",
         "eslint-import-resolver-typescript": "^3.5.1",
         "eslint-plugin-import": "^2.26.0",
-        "eslint-plugin-jsdoc": "^39.6.4",
-        "eslint-plugin-matrix-org": "^0.10.0",
+        "eslint-plugin-jest": "^27.1.6",
+        "eslint-plugin-jsdoc": "^46.0.0",
+        "eslint-plugin-matrix-org": "^1.0.0",
         "eslint-plugin-tsdoc": "^0.2.17",
-        "eslint-plugin-unicorn": "^45.0.0",
-        "exorcist": "^2.0.0",
-        "fake-indexeddb": "^4.0.0",
+        "eslint-plugin-unicorn": "^49.0.0",
+        "fake-indexeddb": "^5.0.0",
+        "fetch-mock": "9.11.0",
         "fetch-mock-jest": "^1.5.1",
+        "husky": "^8.0.3",
         "jest": "^29.0.0",
         "jest-environment-jsdom": "^29.0.0",
         "jest-localstorage-mock": "^2.4.6",
         "jest-mock": "^29.0.0",
+        "lint-staged": "^15.0.2",
         "matrix-mock-request": "^2.5.0",
-        "prettier": "2.8.3",
-        "rimraf": "^4.0.0",
-        "terser": "^5.5.1",
-        "tsify": "^5.0.2",
-        "typedoc": "^0.23.20",
-        "typedoc-plugin-missing-exports": "^1.0.0",
-        "typescript": "^4.5.3"
-    },
-    "jest": {
-        "testEnvironment": "node",
-        "testMatch": [
-            "<rootDir>/spec/**/*.spec.{js,ts}"
-        ],
-        "setupFilesAfterEnv": [
-            "<rootDir>/spec/setupTests.ts"
-        ],
-        "collectCoverageFrom": [
-            "<rootDir>/src/**/*.{js,ts}"
-        ],
-        "coverageReporters": [
-            "text-summary",
-            "lcov"
-        ],
-        "testResultsProcessor": "@casualbot/jest-sonar-reporter"
+        "prettier": "2.8.8",
+        "rimraf": "^5.0.0",
+        "ts-node": "^10.9.1",
+        "typedoc": "^0.24.0",
+        "typedoc-plugin-coverage": "^2.1.0",
+        "typedoc-plugin-mdn-links": "^3.0.3",
+        "typedoc-plugin-missing-exports": "^2.0.0",
+        "typedoc-plugin-versions": "^0.2.3",
+        "typedoc-plugin-versions-cli": "^0.1.12",
+        "typescript": "^5.0.0"
     },
     "@casualbot/jest-sonar-reporter": {
         "outputDirectory": "coverage",

post-release.sh

@@ -10,28 +10,6 @@ set -e
 jq --version > /dev/null || (echo "jq is required: please install it"; kill $$)
 
 if [ "$(git branch -lr | grep origin/develop -c)" -ge 1 ]; then
-    # When merging to develop, we need revert the `main` and `typings` fields if we adjusted them previously.
-    for i in main typings browser
-    do
-        # If a `lib` prefixed value is present, it means we adjusted the field
-        # earlier at publish time, so we should revert it now.
-        if [ "$(jq -r ".matrix_lib_$i" package.json)" != "null" ]; then
-            # If there's a `src` prefixed value, use that, otherwise delete.
-            # This is used to delete the `typings` field and reset `main` back
-            # to the TypeScript source.
-            src_value=$(jq -r ".matrix_src_$i" package.json)
-            if [ "$src_value" != "null" ]; then
-                jq ".$i = .matrix_src_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-            else
-                jq "del(.$i)" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-            fi
-        fi
-    done
-
-    if [ -n "$(git ls-files --modified package.json)" ]; then
-        echo "Committing develop package.json"
-        git commit package.json -m "Resetting package fields for development"
-    fi
-
+    "$(dirname "$0")/scripts/release/post-merge-master.sh"
     git push origin develop
 fi

release.sh

@@ -130,7 +130,7 @@ fi
 # global cache here to ensure we get the right thing.
 yarn cache clean
 # Ensure all dependencies are updated
-yarn install --ignore-scripts --pure-lockfile
+yarn install --ignore-scripts --frozen-lockfile
 
 # ignore leading v on release
 release="${1#v}"
@@ -175,18 +175,7 @@ echo "yarn version"
 # manually commit the result.
 yarn version --no-git-tag-version --new-version "$release"
 
-# For the published and dist versions of the package, we copy the
-# `matrix_lib_main` and `matrix_lib_typings` fields to `main` and `typings` (if
-# they exist). This small bit of gymnastics allows us to use the TypeScript
-# source directly for development without needing to build before linting or
-# testing.
-for i in main typings browser
-do
-    lib_value=$(jq -r ".matrix_lib_$i" package.json)
-    if [ "$lib_value" != "null" ]; then
-        jq ".$i = .matrix_lib_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-    fi
-done
+"$(dirname "$0")/scripts/release/pre-release.sh"
 
 # commit yarn.lock if it exists, is versioned, and is modified
 if [[ -f yarn.lock && $(git status --porcelain yarn.lock | grep '^ M') ]];
@@ -225,7 +214,7 @@ if [ $dodist -eq 0 ]; then
     pushd "$builddir"
     git clone "$projdir" .
     git checkout "$rel_branch"
-    yarn install --pure-lockfile
+    yarn install --frozen-lockfile
     # We haven't tagged yet, so tell the dist script what version
     # it's building
     DIST_VERSION="$tag" yarn dist

scripts/changelog_head.py

@@ -15,4 +15,4 @@ for line in sys.stdin:
             break
         found_first_header = True
     elif not re.match(r"^=+$", line) and len(line) > 0:
-        print line
+        print(line)

scripts/release/merge-release-notes.js

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+
+const fs = require("fs");
+
+async function getRelease(github, dependency) {
+    let owner;
+    let repo;
+    let tag;
+    if (dependency.includes("/") && dependency.includes("@")) {
+        owner = dependency.split("/")[0];
+        repo = dependency.split("/")[1].split("@")[0];
+        tag = dependency.split("@")[1];
+    } else {
+        const upstreamPackageJson = JSON.parse(fs.readFileSync(`./node_modules/${dependency}/package.json`, "utf8"));
+        [owner, repo] = upstreamPackageJson.repository.url.split("/").slice(-2);
+        tag = `v${upstreamPackageJson.version}`;
+    }
+
+    const response = await github.rest.repos.getReleaseByTag({
+        owner,
+        repo,
+        tag,
+    });
+    return response.data;
+}
+
+const HEADING_PREFIX = "## ";
+
+const main = async ({ github, releaseId, dependencies }) => {
+    const { GITHUB_REPOSITORY } = process.env;
+    const [owner, repo] = GITHUB_REPOSITORY.split("/");
+
+    const sections = new Map();
+    let heading = null;
+    for (const dependency of dependencies) {
+        const release = await getRelease(github, dependency);
+        for (const line of release.body.split("\n")) {
+            if (line.startsWith(HEADING_PREFIX)) {
+                heading = line.trim();
+                sections.set(heading, []);
+                continue;
+            }
+            if (heading && line) {
+                sections.get(heading).push(line.trim());
+            }
+        }
+    }
+
+    const { data: release } = await github.rest.repos.getRelease({
+        owner,
+        repo,
+        release_id: releaseId,
+    });
+
+    const headings = ["🚨 BREAKING CHANGES", "🦖 Deprecations", "✨ Features", "🐛 Bug Fixes", "🧰 Maintenance"].map(
+        (h) => HEADING_PREFIX + h,
+    );
+
+    heading = null;
+    const output = [];
+    for (const line of [...release.body.split("\n"), null]) {
+        if (line === null || line.startsWith(HEADING_PREFIX)) {
+            // If we have a heading, and it's not the first in the list of pending headings, output the section.
+            // If we're processing the last line (null) then output all remaining sections.
+            while (headings.length > 0 && (line === null || (heading && headings[0] !== heading))) {
+                const heading = headings.shift();
+                if (sections.has(heading)) {
+                    output.push(heading);
+                    output.push(...sections.get(heading));
+                }
+            }
+
+            if (heading && sections.has(heading)) {
+                const lastIsBlank = !output.at(-1)?.trim();
+                if (lastIsBlank) output.pop();
+                output.push(...sections.get(heading));
+                if (lastIsBlank) output.push("");
+            }
+            heading = line;
+        }
+        output.push(line);
+    }
+
+    return output.join("\n");
+};
+
+// This is just for testing locally
+// Needs environment variables GITHUB_TOKEN & GITHUB_REPOSITORY
+if (require.main === module) {
+    const { Octokit } = require("@octokit/rest");
+    const github = new Octokit({ auth: process.env.GITHUB_TOKEN });
+    if (process.argv.length < 4) {
+        // eslint-disable-next-line no-console
+        console.error("Usage: node merge-release-notes.js owner/repo:release_id npm-package-name ...");
+        process.exit(1);
+    }
+    const [releaseId, ...dependencies] = process.argv.slice(2);
+    main({ github, releaseId, dependencies }).then((output) => {
+        // eslint-disable-next-line no-console
+        console.log(output);
+    });
+}
+
+module.exports = main;

scripts/release/post-merge-master.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# When merging to develop, we need revert the `main` and `typings` fields if we adjusted them previously.
+for i in main typings browser
+do
+    # If a `lib` prefixed value is present, it means we adjusted the field earlier at publish time, so we should revert it now.
+    if [ "$(jq -r ".matrix_lib_$i" package.json)" != "null" ]; then
+        # If there's a `src` prefixed value, use that, otherwise delete.
+        # This is used to delete the `typings` field and reset `main` back to the TypeScript source.
+        src_value=$(jq -r ".matrix_src_$i" package.json)
+        if [ "$src_value" != "null" ]; then
+            jq ".$i = .matrix_src_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
+        else
+            jq "del(.$i)" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
+        fi
+    fi
+done
+
+if [ -n "$(git ls-files --modified package.json)" ]; then
+    echo "Committing develop package.json"
+    git commit package.json -m "Resetting package fields for development"
+fi

scripts/release/pre-release.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# For the published and dist versions of the package,
+# we copy the `matrix_lib_main` and `matrix_lib_typings` fields to `main` and `typings` (if they exist).
+# This small bit of gymnastics allows us to use the TypeScript source directly for development without
+# needing to build before linting or testing.
+
+for i in main typings browser
+do
+    lib_value=$(jq -r ".matrix_lib_$i" package.json)
+    if [ "$lib_value" != "null" ]; then
+        jq ".$i = .matrix_lib_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
+    fi
+done

spec/TestClient.ts

@@ -16,26 +16,33 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// `expect` is allowed in helper functions which are called within `test`/`it` blocks
+/* eslint-disable jest/no-standalone-expect */
+
 // load olm before the sdk if possible
 import "./olm-loader";
 
 import MockHttpBackend from "matrix-mock-request";
 
+import type { IDeviceKeys, IOneTimeKey } from "../src/@types/crypto";
+import type { IE2EKeyReceiver } from "./test-utils/E2EKeyReceiver";
 import { LocalStorageCryptoStore } from "../src/crypto/store/localStorage-crypto-store";
 import { logger } from "../src/logger";
 import { syncPromise } from "./test-utils/test-utils";
 import { createClient, IStartClientOpts } from "../src/matrix";
 import { ICreateClientOpts, IDownloadKeyResult, MatrixClient, PendingEventOrdering } from "../src/client";
 import { MockStorageApi } from "./MockStorageApi";
-import { encodeUri } from "../src/utils";
-import { IDeviceKeys, IOneTimeKey } from "../src/crypto/dehydration";
-import { IKeyBackupSession } from "../src/crypto/keybackup";
 import { IKeysUploadResponse, IUploadKeysRequest } from "../src/client";
+import { ISyncResponder } from "./test-utils/SyncResponder";
 
 /**
  * Wrapper for a MockStorageApi, MockHttpBackend and MatrixClient
+ *
+ * @deprecated Avoid using this; it is tied too tightly to matrix-mock-request and is generally inconvenient to use.
+ *    Instead, construct a MatrixClient manually, use fetch-mock-jest to intercept the HTTP requests, and
+ *    use things like {@link E2EKeyReceiver} and {@link SyncResponder} to manage the requests.
  */
-export class TestClient {
+export class TestClient implements IE2EKeyReceiver, ISyncResponder {
     public readonly httpBackend: MockHttpBackend;
     public readonly client: MatrixClient;
     public deviceKeys?: IDeviceKeys | null;
@@ -83,7 +90,7 @@ export class TestClient {
         logger.log(this + ": starting");
         this.httpBackend.when("GET", "/versions").respond(200, {
             // we have tests that rely on support for lazy-loading members
-            versions: ["r0.5.0"],
+            versions: ["v1.1"],
         });
         this.httpBackend.when("GET", "/pushrules").respond(200, {});
         this.httpBackend.when("POST", "/filter").respond(200, { filter_id: "fid" });
@@ -205,21 +212,6 @@ export class TestClient {
         });
     }
 
-    /**
-     * Set up expectations that the client will query key backups for a particular session
-     */
-    public expectKeyBackupQuery(roomId: string, sessionId: string, status: number, response: IKeyBackupSession) {
-        this.httpBackend
-            .when(
-                "GET",
-                encodeUri("/room_keys/keys/$roomId/$sessionId", {
-                    $roomId: roomId,
-                    $sessionId: sessionId,
-                }),
-            )
-            .respond(status, response);
-    }
-
     /**
      * get the uploaded curve25519 device key
      *
@@ -240,8 +232,22 @@ export class TestClient {
         return this.deviceKeys!.keys[keyId];
     }
 
+    /** Next time we see a sync request (or immediately, if there is one waiting), send the given response
+     *
+     * Calling this will register a response for `/sync`, and then, in the background, flush a single `/sync` request.
+     * Try calling {@link syncPromise} to wait for the sync to complete.
+     *
+     * @param response - response to /sync request
+     */
+    public sendOrQueueSyncResponse(syncResponse: object): void {
+        this.httpBackend.when("GET", "/sync").respond(200, syncResponse);
+        this.httpBackend.flush("/sync", 1);
+    }
+
     /**
      * flush a single /sync request, and wait for the syncing event
+     *
+     * @deprecated: prefer to use {@link #sendOrQueueSyncResponse} followed by {@link syncPromise}.
      */
     public flushSync(): Promise<void> {
         logger.log(`${this}: flushSync`);

spec/browserify/setupTests.ts

@@ -1,34 +0,0 @@
-/*
-Copyright 2020 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import "../../dist/browser-matrix"; // uses browser-matrix instead of the src
-import type { default as BrowserMatrix } from "../../src/browser-index";
-
-// stub for browser-matrix browserify tests
-// @ts-ignore
-global.XMLHttpRequest = jest.fn();
-
-afterAll(() => {
-    // clean up XMLHttpRequest mock
-    // @ts-ignore
-    global.XMLHttpRequest = undefined;
-});
-
-// Akin to spec/setupTests.ts - but that won't affect the browser-matrix bundle
-global.matrixcs = {
-    ...global.matrixcs,
-    timeoutSignal: () => new AbortController().signal,
-} as typeof BrowserMatrix;

spec/browserify/sync-browserify.spec.ts

@@ -1,92 +0,0 @@
-/*
-Copyright 2020 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import HttpBackend from "matrix-mock-request";
-
-import "./setupTests"; // uses browser-matrix instead of the src
-import type { MatrixClient } from "../../src";
-
-const USER_ID = "@user:test.server";
-const DEVICE_ID = "device_id";
-const ACCESS_TOKEN = "access_token";
-const ROOM_ID = "!room_id:server.test";
-
-describe("Browserify Test", function () {
-    let client: MatrixClient;
-    let httpBackend: HttpBackend;
-
-    beforeEach(() => {
-        httpBackend = new HttpBackend();
-        client = new global.matrixcs.MatrixClient({
-            baseUrl: "http://test.server",
-            userId: USER_ID,
-            accessToken: ACCESS_TOKEN,
-            deviceId: DEVICE_ID,
-            fetchFn: httpBackend.fetchFn as typeof global.fetch,
-        });
-
-        httpBackend.when("GET", "/versions").respond(200, {});
-        httpBackend.when("GET", "/pushrules").respond(200, {});
-        httpBackend.when("POST", "/filter").respond(200, { filter_id: "fid" });
-    });
-
-    afterEach(async () => {
-        client.stopClient();
-        client.http.abort();
-        httpBackend.verifyNoOutstandingRequests();
-        httpBackend.verifyNoOutstandingExpectation();
-        await httpBackend.stop();
-    });
-
-    it("Sync", async () => {
-        const event = {
-            type: "m.room.member",
-            room_id: ROOM_ID,
-            content: {
-                membership: "join",
-                name: "Displayname",
-            },
-            event_id: "$foobar",
-        };
-
-        const syncData = {
-            next_batch: "batch1",
-            rooms: {
-                join: {
-                    [ROOM_ID]: {
-                        timeline: {
-                            events: [event],
-                            limited: false,
-                        },
-                    },
-                },
-            },
-        };
-
-        httpBackend.when("GET", "/sync").respond(200, syncData);
-        httpBackend.when("GET", "/sync").respond(200, syncData);
-
-        const syncPromise = new Promise((r) => client.once(global.matrixcs.ClientEvent.Sync, r));
-        const unexpectedErrorFn = jest.fn();
-        client.once(global.matrixcs.ClientEvent.SyncUnexpectedError, unexpectedErrorFn);
-
-        client.startClient();
-
-        await httpBackend.flushAllExpected();
-        await syncPromise;
-        expect(unexpectedErrorFn).not.toHaveBeenCalled();
-    }, 20000); // additional timeout as this test can take quite a while
-});

spec/integ/crypto/cross-signing.spec.ts

@@ -0,0 +1,442 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+import "fake-indexeddb/auto";
+import { IDBFactory } from "fake-indexeddb";
+
+import { CRYPTO_BACKENDS, InitCrypto, syncPromise } from "../../test-utils/test-utils";
+import { AuthDict, createClient, CryptoEvent, MatrixClient } from "../../../src";
+import { mockInitialApiRequests, mockSetupCrossSigningRequests } from "../../test-utils/mockEndpoints";
+import { encryptAES } from "../../../src/crypto/aes";
+import { CryptoCallbacks, CrossSigningKey } from "../../../src/crypto-api";
+import { SECRET_STORAGE_ALGORITHM_V1_AES } from "../../../src/secret-storage";
+import { ISyncResponder, SyncResponder } from "../../test-utils/SyncResponder";
+import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+import {
+    MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+    SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+    SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64,
+    SIGNED_CROSS_SIGNING_KEYS_DATA,
+    SIGNED_TEST_DEVICE_DATA,
+    USER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+} from "../../test-utils/test-data";
+import * as testData from "../../test-utils/test-data";
+import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
+import { AccountDataAccumulator } from "../../test-utils/AccountDataAccumulator";
+
+afterEach(() => {
+    // reset fake-indexeddb after each test, to make sure we don't leak connections
+    // cf https://github.com/dumbmatter/fakeIndexedDB#wipingresetting-the-indexeddb-for-a-fresh-state
+    // eslint-disable-next-line no-global-assign
+    indexedDB = new IDBFactory();
+});
+
+const TEST_USER_ID = "@alice:localhost";
+const TEST_DEVICE_ID = "xzcvb";
+
+/**
+ * Integration tests for cross-signing functionality.
+ *
+ * These tests work by intercepting HTTP requests via fetch-mock rather than mocking out bits of the client, so as
+ * to provide the most effective integration tests possible.
+ */
+describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: string, initCrypto: InitCrypto) => {
+    // newBackendOnly is the opposite to `oldBackendOnly`: it will skip the test if we are running against the legacy
+    // backend. Once we drop support for legacy crypto, it will go away.
+    const newBackendOnly = backend === "rust-sdk" ? test : test.skip;
+
+    let aliceClient: MatrixClient;
+
+    /** an object which intercepts `/sync` requests from {@link #aliceClient} */
+    let syncResponder: ISyncResponder;
+
+    /** an object which intercepts `/keys/query` requests on the test homeserver */
+    let e2eKeyResponder: E2EKeyResponder;
+
+    // Encryption key used to encrypt cross signing keys
+    const encryptionKey = new Uint8Array(32);
+
+    /**
+     * Create the {@link CryptoCallbacks}
+     */
+    function createCryptoCallbacks(): CryptoCallbacks {
+        return {
+            getSecretStorageKey: (keys, name) => {
+                return Promise.resolve<[string, Uint8Array]>(["key_id", encryptionKey]);
+            },
+        };
+    }
+
+    beforeEach(async () => {
+        // anything that we don't have a specific matcher for silently returns a 404
+        fetchMock.catch(404);
+        fetchMock.config.warnOnFallback = false;
+
+        const homeserverUrl = "https://alice-server.com";
+        aliceClient = createClient({
+            baseUrl: homeserverUrl,
+            userId: TEST_USER_ID,
+            accessToken: "akjgkrgjs",
+            deviceId: TEST_DEVICE_ID,
+            cryptoCallbacks: createCryptoCallbacks(),
+        });
+
+        syncResponder = new SyncResponder(homeserverUrl);
+        e2eKeyResponder = new E2EKeyResponder(homeserverUrl);
+        /** an object which intercepts `/keys/upload` requests on the test homeserver */
+        new E2EKeyReceiver(homeserverUrl);
+
+        // Silence warnings from the backup manager
+        fetchMock.getOnce(new URL("/_matrix/client/v3/room_keys/version", homeserverUrl).toString(), {
+            status: 404,
+            body: { errcode: "M_NOT_FOUND" },
+        });
+
+        await initCrypto(aliceClient);
+    });
+
+    afterEach(async () => {
+        await aliceClient.stopClient();
+        fetchMock.mockReset();
+    });
+
+    /**
+     * Create cross-signing keys and publish the keys
+     *
+     * @param authDict - The parameters to as the `auth` dict in the key upload request.
+     * @see https://spec.matrix.org/v1.6/client-server-api/#authentication-types
+     */
+    async function bootstrapCrossSigning(authDict: AuthDict): Promise<void> {
+        await aliceClient.getCrypto()?.bootstrapCrossSigning({
+            authUploadDeviceSigningKeys: (makeRequest) => makeRequest(authDict).then(() => undefined),
+        });
+    }
+
+    describe("bootstrapCrossSigning (before initialsync completes)", () => {
+        it("publishes keys if none were yet published", async () => {
+            mockSetupCrossSigningRequests();
+
+            // provide a UIA callback, so that the cross-signing keys are uploaded
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+
+            // check the cross-signing keys upload
+            expect(fetchMock.called("upload-keys")).toBeTruthy();
+            const [, keysOpts] = fetchMock.lastCall("upload-keys")!;
+            const keysBody = JSON.parse(keysOpts!.body as string);
+            expect(keysBody.auth).toEqual(authDict); // check uia dict was passed
+            // there should be a key of each type
+            // master key is signed by the device
+            expect(keysBody).toHaveProperty(`master_key.signatures.[${TEST_USER_ID}].[ed25519:${TEST_DEVICE_ID}]`);
+            const masterKeyId = Object.keys(keysBody.master_key.keys)[0];
+            // ssk and usk are signed by the master key
+            expect(keysBody).toHaveProperty(`self_signing_key.signatures.[${TEST_USER_ID}].[${masterKeyId}]`);
+            expect(keysBody).toHaveProperty(`user_signing_key.signatures.[${TEST_USER_ID}].[${masterKeyId}]`);
+            const sskId = Object.keys(keysBody.self_signing_key.keys)[0];
+
+            // check the publish call
+            expect(fetchMock.called("upload-sigs")).toBeTruthy();
+            const [, sigsOpts] = fetchMock.lastCall("upload-sigs")!;
+            const body = JSON.parse(sigsOpts!.body as string);
+            // there should be a signature for our device, by our self-signing key.
+            expect(body).toHaveProperty(
+                `[${TEST_USER_ID}].[${TEST_DEVICE_ID}].signatures.[${TEST_USER_ID}].[${sskId}]`,
+            );
+        });
+
+        newBackendOnly("get cross signing keys from secret storage and import them", async () => {
+            // Return public cross signing keys
+            e2eKeyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
+
+            mockInitialApiRequests(aliceClient.getHomeserverUrl());
+
+            // Encrypt the private keys and return them in the /sync response as if they are in Secret Storage
+            const masterKey = await encryptAES(
+                MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+                encryptionKey,
+                "m.cross_signing.master",
+            );
+            const selfSigningKey = await encryptAES(
+                SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+                encryptionKey,
+                "m.cross_signing.self_signing",
+            );
+            const userSigningKey = await encryptAES(
+                USER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
+                encryptionKey,
+                "m.cross_signing.user_signing",
+            );
+
+            syncResponder.sendOrQueueSyncResponse({
+                next_batch: 1,
+                account_data: {
+                    events: [
+                        {
+                            type: "m.cross_signing.master",
+                            content: {
+                                encrypted: {
+                                    key_id: masterKey,
+                                },
+                            },
+                        },
+                        {
+                            type: "m.cross_signing.self_signing",
+                            content: {
+                                encrypted: {
+                                    key_id: selfSigningKey,
+                                },
+                            },
+                        },
+                        {
+                            type: "m.cross_signing.user_signing",
+                            content: {
+                                encrypted: {
+                                    key_id: userSigningKey,
+                                },
+                            },
+                        },
+                        {
+                            type: "m.secret_storage.key.key_id",
+                            content: {
+                                key: "key_id",
+                                algorithm: SECRET_STORAGE_ALGORITHM_V1_AES,
+                            },
+                        },
+                    ],
+                },
+            });
+            await aliceClient.startClient();
+            await syncPromise(aliceClient);
+
+            // we expect a request to upload signatures for our device ...
+            fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
+
+            // we expect the UserTrustStatusChanged event to be fired after the cross signing keys import
+            const userTrustStatusChangedPromise = new Promise<string>((resolve) =>
+                aliceClient.on(CryptoEvent.UserTrustStatusChanged, resolve),
+            );
+
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+
+            // Check if the UserTrustStatusChanged event was fired
+            expect(await userTrustStatusChangedPromise).toBe(aliceClient.getUserId());
+
+            // Expect the signature to be uploaded
+            expect(fetchMock.called("upload-sigs")).toBeTruthy();
+            const [, sigsOpts] = fetchMock.lastCall("upload-sigs")!;
+            const body = JSON.parse(sigsOpts!.body as string);
+            // the device should have a signature with the public self cross signing keys.
+            expect(body).toHaveProperty(
+                `[${TEST_USER_ID}].[${TEST_DEVICE_ID}].signatures.[${TEST_USER_ID}].[ed25519:${SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64}]`,
+            );
+        });
+
+        it("can bootstrapCrossSigning twice", async () => {
+            mockSetupCrossSigningRequests();
+
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+
+            // a second call should do nothing except GET requests
+            fetchMock.mockClear();
+            await bootstrapCrossSigning(authDict);
+            const calls = fetchMock.calls((url, opts) => opts.method != "GET");
+            expect(calls.length).toEqual(0);
+        });
+
+        newBackendOnly("will upload existing cross-signing keys to an established secret storage", async () => {
+            // This rather obscure codepath covers the case that:
+            //   - 4S is set up and working
+            //   - our device has private cross-signing keys, but has not published them to 4S
+            //
+            // To arrange that, we call `bootstrapCrossSigning` on our main device, and then (pretend to) set up 4S from
+            // a *different* device. Then, when we call `bootstrapCrossSigning` again, it should do the honours.
+
+            mockSetupCrossSigningRequests();
+            const accountDataAccumulator = new AccountDataAccumulator();
+            accountDataAccumulator.interceptGetAccountData();
+
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+
+            // Pretend that another device has uploaded a 4S key
+            accountDataAccumulator.accountDataEvents.set("m.secret_storage.default_key", { key: "key_id" });
+            accountDataAccumulator.accountDataEvents.set("m.secret_storage.key.key_id", {
+                key: "keykeykey",
+                algorithm: SECRET_STORAGE_ALGORITHM_V1_AES,
+            });
+
+            // Prepare for the cross-signing keys
+            const p = accountDataAccumulator.interceptSetAccountData(":type(m.cross_signing..*)");
+
+            await bootstrapCrossSigning(authDict);
+            await p;
+
+            // The cross-signing keys should have been uploaded
+            expect(accountDataAccumulator.accountDataEvents.has("m.cross_signing.master")).toBeTruthy();
+            expect(accountDataAccumulator.accountDataEvents.has("m.cross_signing.self_signing")).toBeTruthy();
+            expect(accountDataAccumulator.accountDataEvents.has("m.cross_signing.user_signing")).toBeTruthy();
+        });
+    });
+
+    describe("getCrossSigningStatus()", () => {
+        it("should return correct values without bootstrapping cross-signing", async () => {
+            mockSetupCrossSigningRequests();
+
+            const crossSigningStatus = await aliceClient.getCrypto()!.getCrossSigningStatus();
+
+            // Expect the cross signing keys to be unavailable
+            expect(crossSigningStatus).toStrictEqual({
+                publicKeysOnDevice: false,
+                privateKeysInSecretStorage: false,
+                privateKeysCachedLocally: { masterKey: false, userSigningKey: false, selfSigningKey: false },
+            });
+        });
+
+        it("should return correct values after bootstrapping cross-signing", async () => {
+            mockSetupCrossSigningRequests();
+
+            // provide a UIA callback, so that the cross-signing keys are uploaded
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+
+            const crossSigningStatus = await aliceClient.getCrypto()!.getCrossSigningStatus();
+
+            // Expect the cross signing keys to be available
+            expect(crossSigningStatus).toStrictEqual({
+                publicKeysOnDevice: true,
+                privateKeysInSecretStorage: false,
+                privateKeysCachedLocally: { masterKey: true, userSigningKey: true, selfSigningKey: true },
+            });
+        });
+    });
+
+    describe("isCrossSigningReady()", () => {
+        it("should return false if cross-signing is not bootstrapped", async () => {
+            mockSetupCrossSigningRequests();
+
+            const isCrossSigningReady = await aliceClient.getCrypto()!.isCrossSigningReady();
+
+            expect(isCrossSigningReady).toBeFalsy();
+        });
+
+        it("should return true after bootstrapping cross-signing", async () => {
+            mockSetupCrossSigningRequests();
+            await bootstrapCrossSigning({ type: "test" });
+
+            const isCrossSigningReady = await aliceClient.getCrypto()!.isCrossSigningReady();
+
+            expect(isCrossSigningReady).toBeTruthy();
+        });
+    });
+
+    describe("getCrossSigningKeyId", () => {
+        /**
+         * Intercept /keys/device_signing/upload request and return the cross signing keys
+         * https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3keysdevice_signingupload
+         *
+         * @returns the cross signing keys
+         */
+        function awaitCrossSigningKeysUpload() {
+            return new Promise<any>((resolve) => {
+                fetchMock.post(
+                    // legacy crypto uses /unstable/; /v3/ is correct
+                    {
+                        url: new RegExp("/_matrix/client/(unstable|v3)/keys/device_signing/upload"),
+                        name: "upload-keys",
+                    },
+                    (url, options) => {
+                        const content = JSON.parse(options.body as string);
+                        resolve(content);
+                        return {};
+                    },
+                    // Override the routes define in `mockSetupCrossSigningRequests`
+                    { overwriteRoutes: true },
+                );
+            });
+        }
+
+        it("should return the cross signing key id for each cross signing key", async () => {
+            mockSetupCrossSigningRequests();
+
+            // Intercept cross signing keys upload
+            const crossSigningKeysPromise = awaitCrossSigningKeysUpload();
+
+            // provide a UIA callback, so that the cross-signing keys are uploaded
+            const authDict = { type: "test" };
+            await bootstrapCrossSigning(authDict);
+            // Get the cross signing keys
+            const crossSigningKeys = await crossSigningKeysPromise;
+
+            const getPubKey = (crossSigningKey: any) => Object.values(crossSigningKey!.keys)[0];
+
+            const masterKeyId = await aliceClient.getCrypto()!.getCrossSigningKeyId();
+            expect(masterKeyId).toBe(getPubKey(crossSigningKeys.master_key));
+
+            const selfSigningKeyId = await aliceClient.getCrypto()!.getCrossSigningKeyId(CrossSigningKey.SelfSigning);
+            expect(selfSigningKeyId).toBe(getPubKey(crossSigningKeys.self_signing_key));
+
+            const userSigningKeyId = await aliceClient.getCrypto()!.getCrossSigningKeyId(CrossSigningKey.UserSigning);
+            expect(userSigningKeyId).toBe(getPubKey(crossSigningKeys.user_signing_key));
+        });
+    });
+
+    describe("crossSignDevice", () => {
+        beforeEach(async () => {
+            jest.useFakeTimers();
+
+            // make sure that there is another device which we can sign
+            e2eKeyResponder.addDeviceKeys(SIGNED_TEST_DEVICE_DATA);
+
+            // Complete initialsync, to get the outgoing requests going
+            mockInitialApiRequests(aliceClient.getHomeserverUrl());
+            syncResponder.sendOrQueueSyncResponse({ next_batch: 1 });
+            await aliceClient.startClient();
+            await syncPromise(aliceClient);
+
+            // Wait for legacy crypto to find the device
+            await jest.advanceTimersByTimeAsync(10);
+
+            const devices = await aliceClient.getCrypto()!.getUserDeviceInfo([aliceClient.getSafeUserId()]);
+            expect(devices.get(aliceClient.getSafeUserId())!.has(testData.TEST_DEVICE_ID)).toBeTruthy();
+        });
+
+        afterEach(async () => {
+            jest.useRealTimers();
+        });
+
+        it("fails for an unknown device", async () => {
+            await expect(aliceClient.getCrypto()!.crossSignDevice("unknown")).rejects.toThrow("Unknown device");
+        });
+
+        it("cross-signs the device", async () => {
+            mockSetupCrossSigningRequests();
+            await aliceClient.getCrypto()!.bootstrapCrossSigning({});
+
+            fetchMock.mockClear();
+            await aliceClient.getCrypto()!.crossSignDevice(testData.TEST_DEVICE_ID);
+
+            // check that a sig for the device was uploaded
+            const calls = fetchMock.calls("upload-sigs");
+            expect(calls.length).toEqual(1);
+            const body = JSON.parse(calls[0][1]!.body as string);
+            const deviceSig = body[aliceClient.getSafeUserId()][testData.TEST_DEVICE_ID];
+            expect(deviceSig).toHaveProperty("signatures");
+        });
+    });
+});

spec/integ/crypto/olm-encryption-spec.ts

@@ -26,16 +26,16 @@ limitations under the License.
  */
 
 // load olm before the sdk if possible
-import "../olm-loader";
+import "../../olm-loader";
 
 import type { Session } from "@matrix-org/olm";
-import { logger } from "../../src/logger";
-import * as testUtils from "../test-utils/test-utils";
-import { TestClient } from "../TestClient";
-import { CRYPTO_ENABLED, IClaimKeysRequest, IQueryKeysRequest, IUploadKeysRequest } from "../../src/client";
-import { ClientEvent, IContent, ISendEventResponse, MatrixClient, MatrixEvent } from "../../src/matrix";
-import { DeviceInfo } from "../../src/crypto/deviceinfo";
-import { IDeviceKeys, IOneTimeKey } from "../../src/crypto/dehydration";
+import type { IDeviceKeys, IOneTimeKey } from "../../../src/@types/crypto";
+import { logger } from "../../../src/logger";
+import * as testUtils from "../../test-utils/test-utils";
+import { TestClient } from "../../TestClient";
+import { CRYPTO_ENABLED, IClaimKeysRequest, IQueryKeysRequest, IUploadKeysRequest } from "../../../src/client";
+import { ClientEvent, IContent, ISendEventResponse, MatrixClient, MatrixEvent } from "../../../src/matrix";
+import { DeviceInfo } from "../../../src/crypto/deviceinfo";
 
 let aliTestClient: TestClient;
 const roomId = "!room:localhost";
@@ -472,7 +472,7 @@ describe("MatrixClient crypto", () => {
         aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
         await aliTestClient.start();
         await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve({});
+        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
         await firstSync(aliTestClient);
         await aliEnablesEncryption();
         await aliSendsFirstMessage();
@@ -483,7 +483,7 @@ describe("MatrixClient crypto", () => {
         aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
         await aliTestClient.start();
         await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve({});
+        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
         await firstSync(aliTestClient);
         await aliEnablesEncryption();
         await aliSendsFirstMessage();
@@ -545,7 +545,7 @@ describe("MatrixClient crypto", () => {
         aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
         await aliTestClient.start();
         await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve({});
+        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
         await firstSync(aliTestClient);
         await aliEnablesEncryption();
         await aliSendsFirstMessage();

spec/integ/crypto/olm-utils.ts

@@ -0,0 +1,408 @@
+/*
+Copyright 2016-2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import Olm from "@matrix-org/olm";
+import anotherjson from "another-json";
+
+import { IContent, IDeviceKeys, IDownloadKeyResult, IEvent, Keys, MatrixClient, SigningKeys } from "../../../src";
+import { IE2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+import { ISyncResponder } from "../../test-utils/SyncResponder";
+import { syncPromise } from "../../test-utils/test-utils";
+import { KeyBackupInfo } from "../../../src/crypto-api";
+
+/**
+ * @module
+ *
+ * A set of utilities for creating Olm accounts and sessions, and encrypting/decrypting with Olm/Megolm.
+ */
+
+/** Create an Olm Account object */
+export async function createOlmAccount(): Promise<Olm.Account> {
+    await Olm.init();
+    const testOlmAccount = new Olm.Account();
+    testOlmAccount.create();
+    return testOlmAccount;
+}
+
+/**
+ * Get the device keys for the test Olm Account
+ *
+ * @param olmAccount - Test olm account
+ * @param userId - The user ID to present the keys as belonging to
+ */
+export function getTestOlmAccountKeys(olmAccount: Olm.Account, userId: string, deviceId: string): IDeviceKeys {
+    const testE2eKeys = JSON.parse(olmAccount.identity_keys());
+    const testDeviceKeys: IDeviceKeys = {
+        algorithms: ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
+        device_id: deviceId,
+        keys: {
+            [`curve25519:${deviceId}`]: testE2eKeys.curve25519,
+            [`ed25519:${deviceId}`]: testE2eKeys.ed25519,
+        },
+        user_id: userId,
+    };
+
+    const j = anotherjson.stringify(testDeviceKeys);
+    const sig = olmAccount.sign(j);
+    testDeviceKeys.signatures = { [userId]: { [`ed25519:${deviceId}`]: sig } };
+    return testDeviceKeys;
+}
+
+/**
+ * Bootstrap cross signing for the given Olm account.
+ *
+ * Will generate the cross signing keys and sign them with the master key, and returns the `IDownloadKeyResult`
+ * that can be directly fed into a test e2eKeyResponder.
+ *
+ * The cross-signing keys are randomly generated, similar to how the olm account keys are generated. There may not
+ * be any value in using static vectors, as the device keys change at every test run.
+ *
+ * If some `KeyBackupInfo` are provided, the `auth_data` of each backup info will be signed with the
+ * master key, meaning the backups will be then trusted after verification.
+ *
+ * @param olmAccount - The Olm account object to use for signing the device keys.
+ * @param userId - The user ID to associate with the device keys.
+ * @param deviceId - The device ID to associate with the device keys.
+ * @param keyBackupInfo - Optional key backup infos to sign with the master key.
+ * @returns A valid keys/query response that can be fed into a test e2eKeyResponder.
+ */
+export function bootstrapCrossSigningTestOlmAccount(
+    olmAccount: Olm.Account,
+    userId: string,
+    deviceId: string,
+    keyBackupInfo: KeyBackupInfo[] = [],
+): Partial<IDownloadKeyResult> {
+    const olmAliceMSK = new global.Olm.PkSigning();
+    const masterPrivkey = olmAliceMSK.generate_seed();
+    const masterPubkey = olmAliceMSK.init_with_seed(masterPrivkey);
+
+    const olmAliceUSK = new global.Olm.PkSigning();
+    const userPrivkey = olmAliceUSK.generate_seed();
+    const userPubkey = olmAliceUSK.init_with_seed(userPrivkey);
+
+    const olmAliceSSK = new global.Olm.PkSigning();
+    const sskPrivkey = olmAliceSSK.generate_seed();
+    const sskPubkey = olmAliceSSK.init_with_seed(sskPrivkey);
+
+    const mskInfo: Keys = {
+        user_id: userId,
+        usage: ["master"],
+        keys: {
+            ["ed25519:" + masterPubkey]: masterPubkey,
+        },
+    };
+
+    const sskInfo: Partial<SigningKeys> = {
+        user_id: userId,
+        usage: ["self_signing"],
+        keys: {
+            ["ed25519:" + sskPubkey]: sskPubkey,
+        },
+    };
+    // sign the ssk with the msk
+    const sskSig = olmAliceMSK.sign(anotherjson.stringify(sskInfo));
+    sskInfo.signatures = {
+        [userId]: {
+            ["ed25519:" + masterPubkey]: sskSig,
+        },
+    };
+
+    const uskInfo: Partial<SigningKeys> = {
+        user_id: userId,
+        usage: ["user_signing"],
+        keys: {
+            ["ed25519:" + userPubkey]: userPubkey,
+        },
+    };
+
+    // sign the usk with the msk
+    const uskSig = olmAliceMSK.sign(anotherjson.stringify(uskInfo));
+    uskInfo.signatures = {
+        [userId]: {
+            ["ed25519:" + masterPubkey]: uskSig,
+        },
+    };
+
+    // get the device keys and sign them with the ssk (the device is then cross signed)
+    const deviceKeys = getTestOlmAccountKeys(olmAccount, userId, deviceId);
+
+    const copy = Object.assign({}, deviceKeys);
+    delete copy.signatures;
+    const crossSignature = olmAliceSSK.sign(anotherjson.stringify(copy));
+
+    // add the signature
+    deviceKeys.signatures![userId]["ed25519:" + sskPubkey] = crossSignature;
+
+    // if we have some key backup info, sign them with the msk
+    keyBackupInfo.forEach((info) => {
+        const unsignedAuthData = Object.assign({}, info.auth_data);
+        delete unsignedAuthData.signatures;
+        const backupSignature = olmAliceMSK.sign(anotherjson.stringify(unsignedAuthData));
+
+        info.auth_data.signatures = {
+            [userId]: {
+                ["ed25519:" + masterPubkey]: backupSignature,
+            },
+        };
+    });
+
+    // clean the olm resources as we don't need them anymore
+    olmAliceMSK.free();
+    olmAliceSSK.free();
+    olmAliceUSK.free();
+
+    return {
+        master_keys: { [userId]: mskInfo },
+        user_signing_keys: { [userId]: uskInfo as SigningKeys },
+        self_signing_keys: { [userId]: sskInfo as SigningKeys },
+        device_keys: { [userId]: { [deviceId]: deviceKeys } },
+    };
+}
+
+/** start an Olm session with a given recipient */
+export async function createOlmSession(
+    olmAccount: Olm.Account,
+    recipientTestClient: IE2EKeyReceiver,
+): Promise<Olm.Session> {
+    const keys = await recipientTestClient.awaitOneTimeKeyUpload();
+    const otkId = Object.keys(keys)[0];
+    const otk = keys[otkId];
+
+    const session = new global.Olm.Session();
+    session.create_outbound(olmAccount, recipientTestClient.getDeviceKey(), otk.key);
+    return session;
+}
+
+// IToDeviceEvent isn't exported by src/sync-accumulator.ts
+export interface ToDeviceEvent {
+    content: IContent;
+    sender: string;
+    type: string;
+}
+
+/** encrypt an event with an existing olm session */
+export function encryptOlmEvent(opts: {
+    /** the sender's user id */
+    sender?: string;
+    /** the sender's curve25519 key */
+    senderKey: string;
+    /** the sender's ed25519 key */
+    senderSigningKey: string;
+    /** the olm session to use for encryption */
+    p2pSession: Olm.Session;
+    /** the recipient's user id */
+    recipient: string;
+    /** the recipient's curve25519 key */
+    recipientCurve25519Key: string;
+    /** the recipient's ed25519 key */
+    recipientEd25519Key: string;
+    /** the payload of the message */
+    plaincontent?: object;
+    /** the event type of the payload */
+    plaintype?: string;
+}): ToDeviceEvent {
+    expect(opts.senderKey).toBeTruthy();
+    expect(opts.p2pSession).toBeTruthy();
+    expect(opts.recipient).toBeTruthy();
+
+    const plaintext = {
+        content: opts.plaincontent || {},
+        recipient: opts.recipient,
+        recipient_keys: {
+            ed25519: opts.recipientEd25519Key,
+        },
+        keys: {
+            ed25519: opts.senderSigningKey,
+        },
+        sender: opts.sender || "@bob:xyz",
+        type: opts.plaintype || "m.test",
+    };
+
+    return {
+        content: {
+            algorithm: "m.olm.v1.curve25519-aes-sha2",
+            ciphertext: {
+                [opts.recipientCurve25519Key]: opts.p2pSession.encrypt(JSON.stringify(plaintext)),
+            },
+            sender_key: opts.senderKey,
+        },
+        sender: opts.sender || "@bob:xyz",
+        type: "m.room.encrypted",
+    };
+}
+
+// encrypt an event with megolm
+export function encryptMegolmEvent(opts: {
+    senderKey: string;
+    groupSession: Olm.OutboundGroupSession;
+    plaintext?: Partial<IEvent>;
+    room_id?: string;
+}): IEvent {
+    expect(opts.senderKey).toBeTruthy();
+    expect(opts.groupSession).toBeTruthy();
+
+    const plaintext = opts.plaintext || {};
+    if (!plaintext.content) {
+        plaintext.content = {
+            body: "42",
+            msgtype: "m.text",
+        };
+    }
+    if (!plaintext.type) {
+        plaintext.type = "m.room.message";
+    }
+    if (!plaintext.room_id) {
+        expect(opts.room_id).toBeTruthy();
+        plaintext.room_id = opts.room_id;
+    }
+    return encryptMegolmEventRawPlainText({
+        senderKey: opts.senderKey,
+        groupSession: opts.groupSession,
+        plaintext,
+    });
+}
+
+export function encryptMegolmEventRawPlainText(opts: {
+    senderKey: string;
+    groupSession: Olm.OutboundGroupSession;
+    plaintext: Partial<IEvent>;
+    origin_server_ts?: number;
+}): IEvent {
+    return {
+        event_id: "$test_megolm_event_" + Math.random(),
+        sender: opts.plaintext.sender ?? "@not_the_real_sender:example.com",
+        origin_server_ts: opts.plaintext.origin_server_ts ?? 1672944778000,
+        content: {
+            algorithm: "m.megolm.v1.aes-sha2",
+            ciphertext: opts.groupSession.encrypt(JSON.stringify(opts.plaintext)),
+            device_id: "testDevice",
+            sender_key: opts.senderKey,
+            session_id: opts.groupSession.session_id(),
+        },
+        type: "m.room.encrypted",
+        unsigned: {},
+    };
+}
+
+/** build an encrypted room_key event to share a group session, using an existing olm session */
+export function encryptGroupSessionKey(opts: {
+    /** recipient's user id */
+    recipient: string;
+    /** the recipient's curve25519 key */
+    recipientCurve25519Key: string;
+    /** the recipient's ed25519 key */
+    recipientEd25519Key: string;
+    /** sender's olm account */
+    olmAccount: Olm.Account;
+    /** sender's olm session with the recipient */
+    p2pSession: Olm.Session;
+    groupSession: Olm.OutboundGroupSession;
+    room_id?: string;
+}): ToDeviceEvent {
+    const senderKeys = JSON.parse(opts.olmAccount.identity_keys());
+    return encryptOlmEvent({
+        senderKey: senderKeys.curve25519,
+        senderSigningKey: senderKeys.ed25519,
+        recipient: opts.recipient,
+        recipientCurve25519Key: opts.recipientCurve25519Key,
+        recipientEd25519Key: opts.recipientEd25519Key,
+        p2pSession: opts.p2pSession,
+        plaincontent: {
+            algorithm: "m.megolm.v1.aes-sha2",
+            room_id: opts.room_id,
+            session_id: opts.groupSession.session_id(),
+            session_key: opts.groupSession.session_key(),
+        },
+        plaintype: "m.room_key",
+    });
+}
+
+/**
+ * Test utility to correctly encrypt a secret send event to a test device using the provided p2p session.
+ *
+ * @param opts - the options for the secret send event
+ * @returns the to-device event, ready to be returned in a sync response for the test device.
+ */
+export function encryptSecretSend(opts: {
+    /** the sender's user id */
+    sender: string;
+    /** recipient's user id */
+    recipient: string;
+    /** the recipient's curve25519 key */
+    recipientCurve25519Key: string;
+    /** the recipient's ed25519 key */
+    recipientEd25519Key: string;
+    /** sender's olm account */
+    olmAccount: Olm.Account;
+    /** sender's olm session with the recipient */
+    p2pSession: Olm.Session;
+    /** The requestId of the secret request that this secret send is replying. */
+    requestId: string;
+    /** The secret value */
+    secret: string;
+}): ToDeviceEvent {
+    const senderKeys = JSON.parse(opts.olmAccount.identity_keys());
+    return encryptOlmEvent({
+        sender: opts.sender,
+        senderKey: senderKeys.curve25519,
+        senderSigningKey: senderKeys.ed25519,
+        recipient: opts.recipient,
+        recipientCurve25519Key: opts.recipientCurve25519Key,
+        recipientEd25519Key: opts.recipientEd25519Key,
+        p2pSession: opts.p2pSession,
+        plaincontent: {
+            request_id: opts.requestId,
+            secret: opts.secret,
+        },
+        plaintype: "m.secret.send",
+    });
+}
+
+/**
+ * Establish an Olm Session with the test user
+ *
+ * Waits for the test user to upload their keys, then sends a /sync response with a to-device message which will
+ * establish an Olm session.
+ *
+ * @param testClient - the MatrixClient under test, which we expect to upload account keys, and to make a
+ *    /sync request which we will respond to.
+ * @param keyReceiver - an IE2EKeyReceiver which will intercept the /keys/upload request from the client under test
+ * @param syncResponder - an ISyncResponder which will intercept /sync requests from the client under test
+ * @param peerOlmAccount: an OlmAccount which will be used to initiate the Olm session.
+ */
+export async function establishOlmSession(
+    testClient: MatrixClient,
+    keyReceiver: IE2EKeyReceiver,
+    syncResponder: ISyncResponder,
+    peerOlmAccount: Olm.Account,
+): Promise<Olm.Session> {
+    const peerE2EKeys = JSON.parse(peerOlmAccount.identity_keys());
+    const p2pSession = await createOlmSession(peerOlmAccount, keyReceiver);
+    const olmEvent = encryptOlmEvent({
+        senderKey: peerE2EKeys.curve25519,
+        senderSigningKey: peerE2EKeys.ed25519,
+        recipient: testClient.getUserId()!,
+        recipientCurve25519Key: keyReceiver.getDeviceKey(),
+        recipientEd25519Key: keyReceiver.getSigningKey(),
+        p2pSession: p2pSession,
+    });
+    syncResponder.sendOrQueueSyncResponse({
+        next_batch: 1,
+        to_device: { events: [olmEvent] },
+    });
+    await syncPromise(testClient);
+    return p2pSession;
+}

spec/integ/crypto/rust-crypto.spec.ts

@@ -17,7 +17,7 @@ limitations under the License.
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
 
-import { createClient } from "../../src";
+import { createClient } from "../../../src";
 
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -41,7 +41,7 @@ describe("MatrixClient.initRustCrypto", () => {
         await expect(() => unknownDeviceClient.initRustCrypto()).rejects.toThrow("unknown deviceId");
     });
 
-    it("should create the indexed dbs", async () => {
+    it("should create the indexed db", async () => {
         const matrixClient = createClient({
             baseUrl: "http://test.server",
             userId: "@alice:localhost",
@@ -53,7 +53,25 @@ describe("MatrixClient.initRustCrypto", () => {
 
         await matrixClient.initRustCrypto();
 
-        // should have two dbs now
+        // should have an indexed db now
+        const databaseNames = (await indexedDB.databases()).map((db) => db.name);
+        expect(databaseNames).toEqual(expect.arrayContaining(["matrix-js-sdk::matrix-sdk-crypto"]));
+    });
+
+    it("should create the meta db if given a pickleKey", async () => {
+        const matrixClient = createClient({
+            baseUrl: "http://test.server",
+            userId: "@alice:localhost",
+            deviceId: "aliceDevice",
+            pickleKey: "testKey",
+        });
+
+        // No databases.
+        expect(await indexedDB.databases()).toHaveLength(0);
+
+        await matrixClient.initRustCrypto();
+
+        // should have two indexed dbs now
         const databaseNames = (await indexedDB.databases()).map((db) => db.name);
         expect(databaseNames).toEqual(
             expect.arrayContaining(["matrix-js-sdk::matrix-sdk-crypto", "matrix-js-sdk::matrix-sdk-crypto-meta"]),
@@ -78,6 +96,7 @@ describe("MatrixClient.clearStores", () => {
             baseUrl: "http://test.server",
             userId: "@alice:localhost",
             deviceId: "aliceDevice",
+            pickleKey: "testKey",
         });
 
         await matrixClient.initRustCrypto();
@@ -87,4 +106,19 @@ describe("MatrixClient.clearStores", () => {
         await matrixClient.clearStores();
         expect(await indexedDB.databases()).toHaveLength(0);
     });
+
+    it("should not fail in environments without indexedDB", async () => {
+        // eslint-disable-next-line no-global-assign
+        indexedDB = undefined!;
+        const matrixClient = createClient({
+            baseUrl: "http://test.server",
+            userId: "@alice:localhost",
+            deviceId: "aliceDevice",
+        });
+
+        await matrixClient.stopClient();
+
+        await matrixClient.clearStores();
+        // No error thrown in clearStores
+    });
 });

spec/integ/matrix-client-event-emitter.spec.ts

@@ -92,9 +92,7 @@ describe("MatrixClient events", function () {
                                     type: "m.room.create",
                                     room: "!erufh:bar",
                                     user: "@foo:bar",
-                                    content: {
-                                        creator: "@foo:bar",
-                                    },
+                                    content: {},
                                 }),
                             ],
                         },
@@ -175,7 +173,7 @@ describe("MatrixClient events", function () {
             });
         });
 
-        it("should emit User events", function (done) {
+        it("should emit User events", async () => {
             httpBackend!.when("GET", "/sync").respond(200, SYNC_DATA);
             httpBackend!.when("GET", "/sync").respond(200, NEXT_SYNC_DATA);
             let fired = false;
@@ -192,10 +190,39 @@ describe("MatrixClient events", function () {
             });
             client!.startClient();
 
-            httpBackend!.flushAllExpected().then(function () {
-                expect(fired).toBe(true);
-                done();
+            await httpBackend!.flushAllExpected();
+            expect(fired).toBe(true);
+        });
+
+        it("should emit User events when presence data is absent in first sync", async () => {
+            const MODIFIED_SYNC_DATA: any = structuredClone(SYNC_DATA);
+            delete MODIFIED_SYNC_DATA["presence"];
+            const MODIFIED_NEXT_SYNC_DATA: any = structuredClone(NEXT_SYNC_DATA);
+            MODIFIED_NEXT_SYNC_DATA.presence = {
+                events: [
+                    utils.mkPresence({
+                        user: "@foo:bar",
+                        name: "Foo Bar",
+                        presence: "online",
+                    }),
+                ],
+            };
+            httpBackend!.when("GET", "/sync").respond(200, MODIFIED_SYNC_DATA);
+            httpBackend!.when("GET", "/sync").respond(200, MODIFIED_NEXT_SYNC_DATA);
+            let fired = false;
+            client!.on(UserEvent.Presence, function (event, user) {
+                fired = true;
+                expect(user).toBeTruthy();
+                expect(event).toBeTruthy();
+                if (!user || !event) {
+                    return;
+                }
+                expect(event.event).toEqual(MODIFIED_NEXT_SYNC_DATA.presence.events[0]);
+                expect(user.presence).toEqual(MODIFIED_NEXT_SYNC_DATA.presence.events[0]?.content?.presence);
             });
+            client!.startClient();
+            await httpBackend!.flushAllExpected();
+            expect(fired).toBe(true);
         });
 
         it("should emit Room events", function () {

spec/integ/matrix-client-event-timeline.spec.ts

@@ -21,11 +21,13 @@ import {
     EventStatus,
     EventTimeline,
     EventTimelineSet,
+    EventType,
     Filter,
     IEvent,
     MatrixClient,
     MatrixEvent,
     PendingEventOrdering,
+    RelationType,
     Room,
 } from "../../src/matrix";
 import { logger } from "../../src/logger";
@@ -33,6 +35,7 @@ import { encodeParams, encodeUri, QueryDict, replaceParam } from "../../src/util
 import { TestClient } from "../TestClient";
 import { FeatureSupport, Thread, THREAD_RELATION_TYPE, ThreadEvent } from "../../src/models/thread";
 import { emitPromise } from "../test-utils/test-utils";
+import { Feature, ServerSupport } from "../../src/feature";
 
 const userId = "@alice:localhost";
 const userName = "Alice";
@@ -104,9 +107,7 @@ const INITIAL_SYNC_DATA = {
                         utils.mkEvent({
                             type: "m.room.create",
                             user: userId,
-                            content: {
-                                creator: userId,
-                            },
+                            content: {},
                             event: false,
                         }),
                     ],
@@ -204,7 +205,7 @@ function startClient(httpBackend: HttpBackend, client: MatrixClient) {
     httpBackend.when("POST", "/filter").respond(200, { filter_id: "fid" });
     httpBackend.when("GET", "/sync").respond(200, INITIAL_SYNC_DATA);
 
-    client.startClient();
+    client.startClient({ threadSupport: true });
 
     // set up a promise which will resolve once the client is initialised
     const prom = new Promise<void>((resolve) => {
@@ -245,7 +246,7 @@ describe("getEventTimeline support", function () {
         return startClient(httpBackend, client).then(function () {
             const room = client.getRoom(roomId)!;
             const timelineSet = room!.getTimelineSets()[0];
-            expect(client.getEventTimeline(timelineSet, "event")).rejects.toBeTruthy();
+            return expect(client.getEventTimeline(timelineSet, "event")).rejects.toBeTruthy();
         });
     });
 
@@ -257,7 +258,18 @@ describe("getEventTimeline support", function () {
         return startClient(httpBackend, client).then(() => {
             const room = client.getRoom(roomId)!;
             const timelineSet = room!.getTimelineSets()[0];
-            expect(client.getEventTimeline(timelineSet, "event")).rejects.toBeFalsy();
+            httpBackend.when("GET", `/rooms/${encodeURIComponent(roomId)}/context/event`).respond(200, () => ({
+                event: {
+                    event_id: "event",
+                },
+                events_after: [],
+                events_before: [],
+                state: [],
+            }));
+            return Promise.all([
+                expect(client.getEventTimeline(timelineSet, "event")).resolves.toBeTruthy(),
+                httpBackend.flushAllExpected(),
+            ]);
         });
     });
 
@@ -268,7 +280,7 @@ describe("getEventTimeline support", function () {
 
         return startClient(httpBackend, client).then(function () {
             const timelineSet = new EventTimelineSet(undefined);
-            expect(client.getEventTimeline(timelineSet, "event")).rejects.toBeTruthy();
+            return expect(client.getEventTimeline(timelineSet, "event")).rejects.toBeTruthy();
         });
     });
 
@@ -595,12 +607,6 @@ describe("MatrixClient event timelines", function () {
             await client.stopClient(); // we don't need the client to be syncing at this time
             const room = client.getRoom(roomId)!;
 
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-
             httpBackend
                 .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
                 .respond(200, function () {
@@ -631,12 +637,6 @@ describe("MatrixClient event timelines", function () {
             const thread = room.createThread(THREAD_ROOT.event_id!, undefined, [], false);
             await httpBackend.flushAllExpected();
             const timelineSet = thread.timelineSet;
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            await flushHttp(emitPromise(thread, ThreadEvent.Update));
 
             const timeline = await client.getEventTimeline(timelineSet, THREAD_REPLY.event_id!);
 
@@ -787,7 +787,18 @@ describe("MatrixClient event timelines", function () {
             return startClient(httpBackend, client).then(() => {
                 const room = client.getRoom(roomId)!;
                 const timelineSet = room.getTimelineSets()[0];
-                expect(client.getLatestTimeline(timelineSet)).rejects.toBeFalsy();
+                httpBackend.when("GET", `/rooms/${encodeURIComponent(roomId)}/context/event`).respond(200, () => ({
+                    event: {
+                        event_id: "event",
+                    },
+                    events_after: [],
+                    events_before: [],
+                    state: [],
+                }));
+                return Promise.all([
+                    expect(client.getEventTimeline(timelineSet, "event")).resolves.toBeTruthy(),
+                    httpBackend.flushAllExpected(),
+                ]);
             });
         });
 
@@ -1139,7 +1150,7 @@ describe("MatrixClient event timelines", function () {
 
         const prom = emitPromise(room, ThreadEvent.Update);
         // Assume we're seeing the reply while loading backlog
-        room.addLiveEvents([THREAD_REPLY2]);
+        await room.addLiveEvents([THREAD_REPLY2]);
         httpBackend
             .when(
                 "GET",
@@ -1153,7 +1164,118 @@ describe("MatrixClient event timelines", function () {
             });
         await flushHttp(prom);
         // but while loading the metadata, a new reply has arrived
-        room.addLiveEvents([THREAD_REPLY3]);
+        await room.addLiveEvents([THREAD_REPLY3]);
+        const thread = room.getThread(THREAD_ROOT_UPDATED.event_id!)!;
+        // then the events should still be all in the right order
+        expect(thread.events.map((it) => it.getId())).toEqual([
+            THREAD_ROOT.event_id,
+            THREAD_REPLY.event_id,
+            THREAD_REPLY2.getId(),
+            THREAD_REPLY3.getId(),
+        ]);
+    });
+
+    it("should ensure thread events don't get reordered with recursive relations", async () => {
+        // Test data for a second reply to the first thread
+        const THREAD_REPLY2 = utils.mkEvent({
+            room: roomId,
+            user: userId,
+            type: "m.room.message",
+            content: {
+                "body": "thread reply 2",
+                "msgtype": "m.text",
+                "m.relates_to": {
+                    // We can't use the const here because we change server support mode for test
+                    rel_type: "io.element.thread",
+                    event_id: THREAD_ROOT.event_id,
+                },
+            },
+            event: true,
+        });
+        THREAD_REPLY2.localTimestamp += 1000;
+        const THREAD_ROOT_REACTION = utils.mkEvent({
+            event: true,
+            type: EventType.Reaction,
+            user: userId,
+            room: roomId,
+            content: {
+                "m.relates_to": {
+                    rel_type: RelationType.Annotation,
+                    event_id: THREAD_ROOT.event_id!,
+                    key: Math.random().toString(),
+                },
+            },
+        });
+        THREAD_ROOT_REACTION.localTimestamp += 2000;
+
+        // Test data for a second reply to the first thread
+        const THREAD_REPLY3 = utils.mkEvent({
+            room: roomId,
+            user: userId,
+            type: "m.room.message",
+            content: {
+                "body": "thread reply 3",
+                "msgtype": "m.text",
+                "m.relates_to": {
+                    // We can't use the const here because we change server support mode for test
+                    rel_type: "io.element.thread",
+                    event_id: THREAD_ROOT.event_id,
+                },
+            },
+            event: true,
+        });
+        THREAD_REPLY3.localTimestamp += 3000;
+
+        // Test data for the first thread, with the second reply
+        const THREAD_ROOT_UPDATED = {
+            ...THREAD_ROOT,
+            unsigned: {
+                ...THREAD_ROOT.unsigned,
+                "m.relations": {
+                    ...THREAD_ROOT.unsigned!["m.relations"],
+                    "io.element.thread": {
+                        ...THREAD_ROOT.unsigned!["m.relations"]!["io.element.thread"],
+                        count: 3,
+                        latest_event: THREAD_REPLY3.event,
+                    },
+                },
+            },
+        };
+
+        // @ts-ignore
+        client.clientOpts.threadSupport = true;
+        client.canSupport.set(Feature.RelationsRecursion, ServerSupport.Stable);
+        Thread.setServerSideSupport(FeatureSupport.Stable);
+        Thread.setServerSideListSupport(FeatureSupport.Stable);
+        Thread.setServerSideFwdPaginationSupport(FeatureSupport.Stable);
+
+        client.fetchRoomEvent = () => Promise.resolve(THREAD_ROOT_UPDATED);
+
+        await client.stopClient(); // we don't need the client to be syncing at this time
+        const room = client.getRoom(roomId)!;
+
+        const prom = emitPromise(room, ThreadEvent.Update);
+        // Assume we're seeing the reply while loading backlog
+        await room.addLiveEvents([THREAD_REPLY2]);
+        httpBackend
+            .when(
+                "GET",
+                "/_matrix/client/v1/rooms/!foo%3Abar/relations/" +
+                    encodeURIComponent(THREAD_ROOT_UPDATED.event_id!) +
+                    "/" +
+                    encodeURIComponent(THREAD_RELATION_TYPE.name) +
+                    buildRelationPaginationQuery({
+                        dir: Direction.Backward,
+                        limit: 3,
+                        recurse: true,
+                    }),
+            )
+            .respond(200, {
+                chunk: [THREAD_REPLY3.event, THREAD_ROOT_REACTION, THREAD_REPLY2.event, THREAD_REPLY],
+            });
+        await flushHttp(prom);
+        // but while loading the metadata, a new reply has arrived
+        await room.addLiveEvents([THREAD_REPLY3]);
         const thread = room.getThread(THREAD_ROOT_UPDATED.event_id!)!;
         // then the events should still be all in the right order
         expect(thread.events.map((it) => it.getId())).toEqual([
@@ -1208,7 +1330,7 @@ describe("MatrixClient event timelines", function () {
             request.respond(200, function () {
                 return {
                     original_event: root,
-                    chunk: [replies],
+                    chunk: replies,
                     // no next batch as this is the oldest end of the timeline
                 };
             });
@@ -1218,7 +1340,7 @@ describe("MatrixClient event timelines", function () {
         function respondToContext(event: Partial<IEvent> = THREAD_ROOT): ExpectedHttpRequest {
             const request = httpBackend.when(
                 "GET",
-                encodeUri("/_matrix/client/r0/rooms/$roomId/context/$eventId", {
+                encodeUri("/_matrix/client/v3/rooms/$roomId/context/$eventId", {
                     $roomId: roomId,
                     $eventId: event.event_id!,
                 }),
@@ -1236,7 +1358,7 @@ describe("MatrixClient event timelines", function () {
         function respondToEvent(event: Partial<IEvent> = THREAD_ROOT): ExpectedHttpRequest {
             const request = httpBackend.when(
                 "GET",
-                encodeUri("/_matrix/client/r0/rooms/$roomId/event/$eventId", {
+                encodeUri("/_matrix/client/v3/rooms/$roomId/event/$eventId", {
                     $roomId: roomId,
                     $eventId: event.event_id!,
                 }),
@@ -1247,7 +1369,7 @@ describe("MatrixClient event timelines", function () {
         function respondToMessagesRequest(): ExpectedHttpRequest {
             const request = httpBackend.when(
                 "GET",
-                encodeUri("/_matrix/client/r0/rooms/$roomId/messages", {
+                encodeUri("/_matrix/client/v3/rooms/$roomId/messages", {
                     $roomId: roomId,
                 }),
             );
@@ -1338,7 +1460,7 @@ describe("MatrixClient event timelines", function () {
                 expect(room.getPendingEvents()).toHaveLength(1);
             });
 
-            it("should handle thread updates by reordering the thread list", async () => {
+            it("should handle new thread replies by reordering the thread list", async () => {
                 // Test data for a second thread
                 const THREAD2_ROOT = utils.mkEvent({
                     room: roomId,
@@ -1365,7 +1487,7 @@ describe("MatrixClient event timelines", function () {
                     user: userId,
                     type: "m.room.message",
                     content: {
-                        "body": "thread reply",
+                        "body": "thread2 reply",
                         "msgtype": "m.text",
                         "m.relates_to": {
                             // We can't use the const here because we change server support mode for test
@@ -1385,7 +1507,7 @@ describe("MatrixClient event timelines", function () {
                     user: userId,
                     type: "m.room.message",
                     content: {
-                        "body": "thread reply",
+                        "body": "thread reply2",
                         "msgtype": "m.text",
                         "m.relates_to": {
                             // We can't use the const here because we change server support mode for test
@@ -1395,7 +1517,8 @@ describe("MatrixClient event timelines", function () {
                     },
                     event: true,
                 });
-                THREAD_REPLY2.localTimestamp += 1000;
+                // this has to come after THREAD_REPLY which hasn't been instantiated by us
+                THREAD_REPLY2.localTimestamp += 10000000;
 
                 // Test data for the first thread, with the second reply
                 const THREAD_ROOT_UPDATED = {
@@ -1455,10 +1578,8 @@ describe("MatrixClient event timelines", function () {
                 thread.initialEventsFetched = true;
                 const prom = emitPromise(room, ThreadEvent.NewReply);
                 respondToEvent(THREAD_ROOT_UPDATED);
-                respondToEvent(THREAD_ROOT_UPDATED);
-                respondToEvent(THREAD_ROOT_UPDATED);
                 respondToEvent(THREAD2_ROOT);
-                room.addLiveEvents([THREAD_REPLY2]);
+                await room.addLiveEvents([THREAD_REPLY2]);
                 await httpBackend.flushAllExpected();
                 await prom;
                 expect(thread.length).toBe(2);
@@ -1468,6 +1589,132 @@ describe("MatrixClient event timelines", function () {
                     THREAD_ROOT.event_id,
                 ]);
             });
+
+            it("should not reorder the thread list on other thread updates", async () => {
+                // Test data for a second thread
+                const THREAD2_ROOT = utils.mkEvent({
+                    room: roomId,
+                    user: userId,
+                    type: "m.room.message",
+                    content: {
+                        body: "thread root",
+                        msgtype: "m.text",
+                    },
+                    unsigned: {
+                        "m.relations": {
+                            "io.element.thread": {
+                                //"latest_event": undefined,
+                                count: 1,
+                                current_user_participated: true,
+                            },
+                        },
+                    },
+                    event: false,
+                });
+
+                const THREAD2_REPLY = utils.mkEvent({
+                    room: roomId,
+                    user: userId,
+                    type: "m.room.message",
+                    content: {
+                        "body": "thread2 reply",
+                        "msgtype": "m.text",
+                        "m.relates_to": {
+                            // We can't use the const here because we change server support mode for test
+                            rel_type: "io.element.thread",
+                            event_id: THREAD_ROOT.event_id,
+                        },
+                    },
+                    event: false,
+                });
+
+                // @ts-ignore we know this is a defined path for THREAD ROOT
+                THREAD2_ROOT.unsigned["m.relations"]["io.element.thread"].latest_event = THREAD2_REPLY;
+
+                const THREAD_REPLY_REACTION = utils.mkEvent({
+                    room: roomId,
+                    user: userId,
+                    type: "m.reaction",
+                    content: {
+                        "m.relates_to": {
+                            rel_type: RelationType.Annotation,
+                            event_id: THREAD_REPLY.event_id,
+                            key: "🪿",
+                        },
+                    },
+                    event: true,
+                });
+                THREAD_REPLY_REACTION.localTimestamp += 1000;
+
+                // Modified thread root event containing latest thread reply in its unsigned
+                const THREAD_ROOT_UPDATED = {
+                    ...THREAD_ROOT,
+                    unsigned: {
+                        ...THREAD_ROOT.unsigned,
+                        "m.relations": {
+                            ...THREAD_ROOT.unsigned!["m.relations"],
+                            "io.element.thread": {
+                                ...THREAD_ROOT.unsigned!["m.relations"]!["io.element.thread"],
+                                count: 2,
+                                latest_event: THREAD_REPLY,
+                            },
+                        },
+                    },
+                };
+
+                // Response with test data for the thread list request
+                const threadsResponse = {
+                    chunk: [THREAD2_ROOT, THREAD_ROOT],
+                    state: [],
+                    next_batch: RANDOM_TOKEN as string | null,
+                };
+
+                // @ts-ignore
+                client.clientOpts.threadSupport = true;
+                Thread.setServerSideSupport(FeatureSupport.Stable);
+                Thread.setServerSideListSupport(FeatureSupport.Stable);
+                Thread.setServerSideFwdPaginationSupport(FeatureSupport.Stable);
+
+                await client.stopClient(); // we don't need the client to be syncing at this time
+                const room = client.getRoom(roomId)!;
+
+                // Set up room threads
+                const timelineSets = await room!.createThreadsTimelineSets();
+                expect(timelineSets).not.toBeNull();
+                respondToThreads(threadsResponse);
+                respondToThreads(threadsResponse);
+                respondToEvent(THREAD_ROOT);
+                respondToEvent(THREAD2_ROOT);
+                respondToThread(THREAD_ROOT, [THREAD_REPLY]);
+                respondToThread(THREAD2_ROOT, [THREAD2_REPLY]);
+                await flushHttp(room.fetchRoomThreads());
+                const threadIds = room.getThreads().map((thread) => thread.id);
+                expect(threadIds).toContain(THREAD_ROOT.event_id);
+                expect(threadIds).toContain(THREAD2_ROOT.event_id);
+                const [allThreads] = timelineSets!;
+                const timeline = allThreads.getLiveTimeline()!;
+                // Test threads are in chronological order
+                expect(timeline.getEvents().map((it) => it.event.event_id)).toEqual([
+                    THREAD_ROOT.event_id,
+                    THREAD2_ROOT.event_id,
+                ]);
+
+                // Test adding a second event to the first thread
+                const thread = room.getThread(THREAD_ROOT.event_id!)!;
+                thread.initialEventsFetched = true;
+                const prom = emitPromise(room, ThreadEvent.Update);
+                respondToEvent(THREAD_ROOT_UPDATED);
+                respondToEvent(THREAD2_ROOT);
+                await room.addLiveEvents([THREAD_REPLY_REACTION]);
+                await httpBackend.flushAllExpected();
+                await prom;
+                expect(thread.length).toBe(1); // reactions don't count towards the length of a thread
+                // Test thread order is unchanged
+                expect(timeline!.getEvents().map((it) => it.event.event_id)).toEqual([
+                    THREAD_ROOT.event_id,
+                    THREAD2_ROOT.event_id,
+                ]);
+            });
         });
 
         describe("without server compatibility", function () {
@@ -1803,73 +2050,7 @@ describe("MatrixClient event timelines", function () {
             expect(thread.initialEventsFetched).toBeTruthy();
             const timelineSet = thread.timelineSet;
 
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/event/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return THREAD_ROOT;
-                });
-            httpBackend
-                .when("GET", "/rooms/!foo%3Abar/context/" + encodeURIComponent(THREAD_ROOT.event_id!))
-                .respond(200, function () {
-                    return {
-                        start: "start_token",
-                        events_before: [],
-                        event: THREAD_ROOT,
-                        events_after: [],
-                        end: "end_token",
-                        state: [],
-                    };
-                });
-            httpBackend
-                .when(
-                    "GET",
-                    "/_matrix/client/v1/rooms/!foo%3Abar/relations/" +
-                        encodeURIComponent(THREAD_ROOT.event_id!) +
-                        "/" +
-                        encodeURIComponent(THREAD_RELATION_TYPE.name) +
-                        buildRelationPaginationQuery({ dir: Direction.Backward, from: "start_token" }),
-                )
-                .respond(200, function () {
-                    return {
-                        chunk: [],
-                    };
-                });
-            httpBackend
-                .when(
-                    "GET",
-                    "/_matrix/client/v1/rooms/!foo%3Abar/relations/" +
-                        encodeURIComponent(THREAD_ROOT.event_id!) +
-                        "/" +
-                        encodeURIComponent(THREAD_RELATION_TYPE.name) +
-                        buildRelationPaginationQuery({ dir: Direction.Forward, from: "end_token" }),
-                )
-                .respond(200, function () {
-                    return {
-                        chunk: [THREAD_REPLY],
-                    };
-                });
-
-            const timeline = await flushHttp(client.getEventTimeline(timelineSet, THREAD_ROOT.event_id!));
+            const timeline = await client.getEventTimeline(timelineSet, THREAD_ROOT.event_id!);
 
             httpBackend.when("GET", "/sync").respond(200, {
                 next_batch: "s_5_5",

spec/integ/matrix-client-opts.spec.ts

@@ -57,9 +57,7 @@ describe("MatrixClient opts", function () {
                                 type: "m.room.create",
                                 room: roomId,
                                 user: userId,
-                                content: {
-                                    creator: userId,
-                                },
+                                content: {},
                             }),
                         ],
                     },
@@ -94,16 +92,16 @@ describe("MatrixClient opts", function () {
             client.stopClient();
         });
 
-        it("should be able to send messages", function (done) {
+        it("should be able to send messages", async () => {
             const eventId = "$flibble:wibble";
             httpBackend.when("PUT", "/txn1").respond(200, {
                 event_id: eventId,
             });
-            client.sendTextMessage("!foo:bar", "a body", "txn1").then(function (res) {
-                expect(res.event_id).toEqual(eventId);
-                done();
-            });
-            httpBackend.flush("/txn1", 1);
+            const [res] = await Promise.all([
+                client.sendTextMessage("!foo:bar", "a body", "txn1"),
+                httpBackend.flush("/txn1", 1),
+            ]);
+            expect(res.event_id).toEqual(eventId);
         });
 
         it("should be able to sync / get new events", async function () {
@@ -149,7 +147,7 @@ describe("MatrixClient opts", function () {
             client.stopClient();
         });
 
-        it("shouldn't retry sending events", function (done) {
+        it("shouldn't retry sending events", async () => {
             httpBackend.when("PUT", "/txn1").respond(
                 500,
                 new MatrixError({
@@ -157,19 +155,13 @@ describe("MatrixClient opts", function () {
                     error: "Ruh roh",
                 }),
             );
-            client.sendTextMessage("!foo:bar", "a body", "txn1").then(
-                function (res) {
-                    expect(false).toBe(true);
-                },
-                function (err) {
-                    expect(err.errcode).toEqual("M_SOMETHING");
-                    done();
-                },
-            );
-            httpBackend.flush("/txn1", 1);
+
+            await expect(
+                Promise.all([client.sendTextMessage("!foo:bar", "a body", "txn1"), httpBackend.flush("/txn1", 1)]),
+            ).rejects.toThrow("MatrixError: [500] Unknown message");
         });
 
-        it("shouldn't queue events", function (done) {
+        it("shouldn't queue events", async () => {
             httpBackend.when("PUT", "/txn1").respond(200, {
                 event_id: "AAA",
             });
@@ -178,30 +170,38 @@ describe("MatrixClient opts", function () {
             });
             let sentA = false;
             let sentB = false;
-            client.sendTextMessage("!foo:bar", "a body", "txn1").then(function (res) {
+            const messageASendPromise = client.sendTextMessage("!foo:bar", "a body", "txn1").then(function (res) {
                 sentA = true;
+                // We expect messageB to be sent before messageA to ensure as we're
+                // testing that there is no queueing that blocks each other
                 expect(sentB).toBe(true);
             });
-            client.sendTextMessage("!foo:bar", "b body", "txn2").then(function (res) {
+            const messageBSendPromise = client.sendTextMessage("!foo:bar", "b body", "txn2").then(function (res) {
                 sentB = true;
+                // We expect messageB to be sent before messageA to ensure as we're
+                // testing that there is no queueing that blocks each other
                 expect(sentA).toBe(false);
             });
-            httpBackend.flush("/txn2", 1).then(function () {
-                httpBackend.flush("/txn1", 1).then(function () {
-                    done();
-                });
-            });
+            // Allow messageB to succeed first
+            await httpBackend.flush("/txn2", 1);
+            // Then allow messageA to succeed
+            await httpBackend.flush("/txn1", 1);
+
+            // Now await the message send promises to
+            await messageBSendPromise;
+            await messageASendPromise;
         });
 
-        it("should be able to send messages", function (done) {
+        it("should be able to send messages", async () => {
             httpBackend.when("PUT", "/txn1").respond(200, {
                 event_id: "foo",
             });
-            client.sendTextMessage("!foo:bar", "a body", "txn1").then(function (res) {
-                expect(res.event_id).toEqual("foo");
-                done();
-            });
-            httpBackend.flush("/txn1", 1);
+            const [res] = await Promise.all([
+                client.sendTextMessage("!foo:bar", "a body", "txn1"),
+                httpBackend.flush("/txn1", 1),
+            ]);
+
+            expect(res.event_id).toEqual("foo");
         });
     });
 });

spec/integ/matrix-client-retrying.spec.ts

@@ -48,13 +48,13 @@ describe("MatrixClient retrying", function () {
         return httpBackend!.stop();
     });
 
-    xit("should retry according to MatrixScheduler.retryFn", function () {});
+    it.skip("should retry according to MatrixScheduler.retryFn", function () {});
 
-    xit("should queue according to MatrixScheduler.queueFn", function () {});
+    it.skip("should queue according to MatrixScheduler.queueFn", function () {});
 
-    xit("should mark events as EventStatus.NOT_SENT when giving up", function () {});
+    it.skip("should mark events as EventStatus.NOT_SENT when giving up", function () {});
 
-    xit("should mark events as EventStatus.QUEUED when queued", function () {});
+    it.skip("should mark events as EventStatus.QUEUED when queued", function () {});
 
     it("should mark events as EventStatus.CANCELLED when cancelled", function () {
         // send a couple of events; the second will be queued
@@ -130,7 +130,7 @@ describe("MatrixClient retrying", function () {
     });
 
     describe("resending", function () {
-        xit("should be able to resend a NOT_SENT event", function () {});
-        xit("should be able to resend a sent event", function () {});
+        it.skip("should be able to resend a NOT_SENT event", function () {});
+        it.skip("should be able to resend a sent event", function () {});
     });
 });

spec/integ/matrix-client-room-timeline.spec.ts

@@ -85,9 +85,7 @@ describe("MatrixClient room timelines", function () {
                                 type: "m.room.create",
                                 room: roomId,
                                 user: userId,
-                                content: {
-                                    creator: userId,
-                                },
+                                content: {},
                             }),
                         ],
                     },
@@ -163,36 +161,38 @@ describe("MatrixClient room timelines", function () {
         it(
             "should be added immediately after calling MatrixClient.sendEvent " +
                 "with EventStatus.SENDING and the right event.sender",
-            function (done) {
-                client!.on(ClientEvent.Sync, function (state) {
-                    if (state !== "PREPARED") {
-                        return;
-                    }
-                    const room = client!.getRoom(roomId)!;
-                    expect(room.timeline.length).toEqual(1);
+            async () => {
+                const wasMessageAddedPromise = new Promise((resolve) => {
+                    client!.on(ClientEvent.Sync, async (state) => {
+                        if (state !== "PREPARED") {
+                            return;
+                        }
+                        const room = client!.getRoom(roomId)!;
+                        expect(room.timeline.length).toEqual(1);
 
-                    client!.sendTextMessage(roomId, "I am a fish", "txn1");
-                    // check it was added
-                    expect(room.timeline.length).toEqual(2);
-                    // check status
-                    expect(room.timeline[1].status).toEqual(EventStatus.SENDING);
-                    // check member
-                    const member = room.timeline[1].sender;
-                    expect(member?.userId).toEqual(userId);
-                    expect(member?.name).toEqual(userName);
+                        client!.sendTextMessage(roomId, "I am a fish", "txn1");
+                        // check it was added
+                        expect(room.timeline.length).toEqual(2);
+                        // check status
+                        expect(room.timeline[1].status).toEqual(EventStatus.SENDING);
+                        // check member
+                        const member = room.timeline[1].sender;
+                        expect(member?.userId).toEqual(userId);
+                        expect(member?.name).toEqual(userName);
 
-                    httpBackend!.flush("/sync", 1).then(function () {
-                        done();
+                        await httpBackend!.flush("/sync", 1);
+                        resolve(null);
                     });
                 });
-                httpBackend!.flush("/sync", 1);
+                await httpBackend!.flush("/sync", 1);
+                await wasMessageAddedPromise;
             },
         );
 
         it(
             "should be updated correctly when the send request finishes " +
                 "BEFORE the event comes down the event stream",
-            function (done) {
+            async () => {
                 const eventId = "$foo:bar";
                 httpBackend!.when("PUT", "/txn1").respond(200, {
                     event_id: eventId,
@@ -207,28 +207,30 @@ describe("MatrixClient room timelines", function () {
                 ev.unsigned = { transaction_id: "txn1" };
                 setNextSyncData([ev]);
 
-                client!.on(ClientEvent.Sync, function (state) {
-                    if (state !== "PREPARED") {
-                        return;
-                    }
-                    const room = client!.getRoom(roomId)!;
-                    client!.sendTextMessage(roomId, "I am a fish", "txn1").then(function () {
-                        expect(room.timeline[1].getId()).toEqual(eventId);
-                        httpBackend!.flush("/sync", 1).then(function () {
+                const wasMessageAddedPromise = new Promise((resolve) => {
+                    client!.on(ClientEvent.Sync, function (state) {
+                        if (state !== "PREPARED") {
+                            return;
+                        }
+                        const room = client!.getRoom(roomId)!;
+                        client!.sendTextMessage(roomId, "I am a fish", "txn1").then(async () => {
                             expect(room.timeline[1].getId()).toEqual(eventId);
-                            done();
+                            await httpBackend!.flush("/sync", 1);
+                            expect(room.timeline[1].getId()).toEqual(eventId);
+                            resolve(null);
                         });
+                        httpBackend!.flush("/txn1", 1);
                     });
-                    httpBackend!.flush("/txn1", 1);
                 });
-                httpBackend!.flush("/sync", 1);
+                await httpBackend!.flush("/sync", 1);
+                await wasMessageAddedPromise;
             },
         );
 
         it(
             "should be updated correctly when the send request finishes " +
                 "AFTER the event comes down the event stream",
-            function (done) {
+            async () => {
                 const eventId = "$foo:bar";
                 httpBackend!.when("PUT", "/txn1").respond(200, {
                     event_id: eventId,
@@ -243,23 +245,24 @@ describe("MatrixClient room timelines", function () {
                 ev.unsigned = { transaction_id: "txn1" };
                 setNextSyncData([ev]);
 
-                client!.on(ClientEvent.Sync, function (state) {
-                    if (state !== "PREPARED") {
-                        return;
-                    }
-                    const room = client!.getRoom(roomId)!;
-                    const promise = client!.sendTextMessage(roomId, "I am a fish", "txn1");
-                    httpBackend!.flush("/sync", 1).then(function () {
+                const wasMessageAddedPromise = new Promise((resolve) => {
+                    client!.on(ClientEvent.Sync, async (state) => {
+                        if (state !== "PREPARED") {
+                            return;
+                        }
+                        const room = client!.getRoom(roomId)!;
+                        const messageSendPromise = client!.sendTextMessage(roomId, "I am a fish", "txn1");
+                        await httpBackend!.flush("/sync", 1);
                         expect(room.timeline.length).toEqual(2);
                         httpBackend!.flush("/txn1", 1);
-                        promise.then(function () {
-                            expect(room.timeline.length).toEqual(2);
-                            expect(room.timeline[1].getId()).toEqual(eventId);
-                            done();
-                        });
+                        await messageSendPromise;
+                        expect(room.timeline.length).toEqual(2);
+                        expect(room.timeline[1].getId()).toEqual(eventId);
+                        resolve(null);
                     });
                 });
-                httpBackend!.flush("/sync", 1);
+                await httpBackend!.flush("/sync", 1);
+                await wasMessageAddedPromise;
             },
         );
     });
@@ -279,30 +282,29 @@ describe("MatrixClient room timelines", function () {
             });
         });
 
-        it("should set Room.oldState.paginationToken to null at the start" + " of the timeline.", function (done) {
-            client!.on(ClientEvent.Sync, function (state) {
-                if (state !== "PREPARED") {
-                    return;
-                }
-                const room = client!.getRoom(roomId)!;
-                expect(room.timeline.length).toEqual(1);
+        it("should set Room.oldState.paginationToken to null at the start of the timeline.", async () => {
+            const didPaginatePromise = new Promise((resolve) => {
+                client!.on(ClientEvent.Sync, async (state) => {
+                    if (state !== "PREPARED") {
+                        return;
+                    }
+                    const room = client!.getRoom(roomId)!;
+                    expect(room.timeline.length).toEqual(1);
 
-                client!.scrollback(room).then(function () {
+                    await Promise.all([client!.scrollback(room), httpBackend!.flush("/messages", 1)]);
                     expect(room.timeline.length).toEqual(1);
                     expect(room.oldState.paginationToken).toBe(null);
 
                     // still have a sync to flush
-                    httpBackend!.flush("/sync", 1).then(() => {
-                        done();
-                    });
+                    await httpBackend!.flush("/sync", 1);
+                    resolve(null);
                 });
-
-                httpBackend!.flush("/messages", 1);
             });
-            httpBackend!.flush("/sync", 1);
+            await httpBackend!.flush("/sync", 1);
+            await didPaginatePromise;
         });
 
-        it("should set the right event.sender values", function (done) {
+        it("should set the right event.sender values", async () => {
             // We're aiming for an eventual timeline of:
             //
             // 'Old Alice' joined the room
@@ -353,15 +355,17 @@ describe("MatrixClient room timelines", function () {
                 joinMshipEvent,
             ];
 
-            client!.on(ClientEvent.Sync, function (state) {
-                if (state !== "PREPARED") {
-                    return;
-                }
-                const room = client!.getRoom(roomId)!;
-                // sync response
-                expect(room.timeline.length).toEqual(1);
+            const didPaginatePromise = new Promise((resolve) => {
+                client!.on(ClientEvent.Sync, async (state) => {
+                    if (state !== "PREPARED") {
+                        return;
+                    }
+                    const room = client!.getRoom(roomId)!;
+                    // sync response
+                    expect(room.timeline.length).toEqual(1);
+
+                    await Promise.all([client!.scrollback(room), httpBackend!.flush("/messages", 1)]);
 
-                client!.scrollback(room).then(function () {
                     expect(room.timeline.length).toEqual(5);
                     const joinMsg = room.timeline[0];
                     expect(joinMsg.sender?.name).toEqual("Old Alice");
@@ -371,17 +375,15 @@ describe("MatrixClient room timelines", function () {
                     expect(newMsg.sender?.name).toEqual(userName);
 
                     // still have a sync to flush
-                    httpBackend!.flush("/sync", 1).then(() => {
-                        done();
-                    });
+                    await httpBackend!.flush("/sync", 1);
+                    resolve(null);
                 });
-
-                httpBackend!.flush("/messages", 1);
             });
-            httpBackend!.flush("/sync", 1);
+            await httpBackend!.flush("/sync", 1);
+            await didPaginatePromise;
         });
 
-        it("should add it them to the right place in the timeline", function (done) {
+        it("should add it them to the right place in the timeline", async () => {
             // set the list of events to return on scrollback
             sbEvents = [
                 utils.mkMessage({
@@ -396,30 +398,30 @@ describe("MatrixClient room timelines", function () {
                 }),
             ];
 
-            client!.on(ClientEvent.Sync, function (state) {
-                if (state !== "PREPARED") {
-                    return;
-                }
-                const room = client!.getRoom(roomId)!;
-                expect(room.timeline.length).toEqual(1);
+            const didPaginatePromise = new Promise((resolve) => {
+                client!.on(ClientEvent.Sync, async (state) => {
+                    if (state !== "PREPARED") {
+                        return;
+                    }
+                    const room = client!.getRoom(roomId)!;
+                    expect(room.timeline.length).toEqual(1);
+
+                    await Promise.all([client!.scrollback(room), httpBackend!.flush("/messages", 1)]);
 
-                client!.scrollback(room).then(function () {
                     expect(room.timeline.length).toEqual(3);
                     expect(room.timeline[0].event).toEqual(sbEvents[1]);
                     expect(room.timeline[1].event).toEqual(sbEvents[0]);
 
                     // still have a sync to flush
-                    httpBackend!.flush("/sync", 1).then(() => {
-                        done();
-                    });
+                    await httpBackend!.flush("/sync", 1);
+                    resolve(null);
                 });
-
-                httpBackend!.flush("/messages", 1);
             });
-            httpBackend!.flush("/sync", 1);
+            await httpBackend!.flush("/sync", 1);
+            await didPaginatePromise;
         });
 
-        it("should use 'end' as the next pagination token", function (done) {
+        it("should use 'end' as the next pagination token", async () => {
             // set the list of events to return on scrollback
             sbEvents = [
                 utils.mkMessage({
@@ -429,25 +431,24 @@ describe("MatrixClient room timelines", function () {
                 }),
             ];
 
-            client!.on(ClientEvent.Sync, function (state) {
-                if (state !== "PREPARED") {
-                    return;
-                }
-                const room = client!.getRoom(roomId)!;
-                expect(room.oldState.paginationToken).toBeTruthy();
+            const didPaginatePromise = new Promise((resolve) => {
+                client!.on(ClientEvent.Sync, async (state) => {
+                    if (state !== "PREPARED") {
+                        return;
+                    }
+                    const room = client!.getRoom(roomId)!;
+                    expect(room.oldState.paginationToken).toBeTruthy();
 
-                client!.scrollback(room, 1).then(function () {
+                    await Promise.all([client!.scrollback(room, 1), httpBackend!.flush("/messages", 1)]);
                     expect(room.oldState.paginationToken).toEqual(sbEndTok);
-                });
 
-                httpBackend!.flush("/messages", 1).then(function () {
                     // still have a sync to flush
-                    httpBackend!.flush("/sync", 1).then(() => {
-                        done();
-                    });
+                    await httpBackend!.flush("/sync", 1);
+                    resolve(null);
                 });
             });
-            httpBackend!.flush("/sync", 1);
+            await httpBackend!.flush("/sync", 1);
+            await didPaginatePromise;
         });
     });
 

spec/integ/matrix-client-syncing-errors.spec.ts

@@ -0,0 +1,162 @@
+/*
+Copyright 2023 Holi Moli GmbH
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import "fake-indexeddb/auto";
+import fetchMock from "fetch-mock-jest";
+
+import { MatrixClient, ClientEvent, createClient, SyncState } from "../../src";
+
+const makeQueryablePromise = <T = void>(promise: Promise<T>) => {
+    let resolved = false;
+    let rejected = false;
+
+    // Observe the promise, saving the fulfillment in a closure scope.
+    const newPromise = promise.then(
+        (value) => {
+            resolved = true;
+            return value;
+        },
+        (error) => {
+            rejected = true;
+            throw error;
+        },
+    );
+    const isFulfilled = () => {
+        return resolved || rejected;
+    };
+    const isResolved = () => {
+        return resolved;
+    };
+    const isRejected = () => {
+        return rejected;
+    };
+    return { promise: newPromise, isFulfilled, isResolved, isRejected };
+};
+
+const queryablePromise = <T = void>() => {
+    let resolve!: (value: T | PromiseLike<T>) => void;
+    let reject!: (reason?: any) => void;
+
+    const promise = makeQueryablePromise<T>(
+        new Promise<T>((_resolve, _reject) => {
+            resolve = _resolve;
+            reject = _reject;
+        }),
+    );
+
+    return { resolve, reject, ...promise };
+};
+
+describe("MatrixClient syncing errors", () => {
+    const selfUserId = "@alice:localhost";
+    const selfAccessToken = "aseukfgwef";
+    const unknownTokenErrorData = {
+        status: 401,
+        body: {
+            errcode: "M_UNKNOWN_TOKEN",
+            error: "Invalid access token passed.",
+            soft_logout: false,
+        },
+    };
+    let client: MatrixClient | undefined;
+
+    beforeEach(() => {
+        client = createClient({
+            baseUrl: "http://tocal.test.server",
+            userId: selfUserId,
+            accessToken: selfAccessToken,
+            deviceId: "myDevice",
+        });
+    });
+
+    it("should retry, until errors are solved.", async () => {
+        jest.useFakeTimers();
+        fetchMock.config.overwriteRoutes = false;
+        fetchMock
+            .getOnce("end:versions", {}) // first version check without credentials needs to succeed
+            .getOnce("end:versions", 429) // second version check fails with 429 triggering another retry
+            .get("end:versions", {}) // further version checks succeed
+            .getOnce("end:pushrules/", 429) // first pushrules check fails starting retry
+            .get("end:pushrules/", {}) // further pushrules check succeed
+            .catch({}); // all other calls succeed
+
+        const syncEvents = Array.from({ length: 5 }, queryablePromise<SyncState>);
+
+        client!.on(ClientEvent.Sync, (state: SyncState, lastState: SyncState | null) => {
+            let i = 0;
+            for (; i < syncEvents.length && syncEvents[i].isFulfilled(); i++) {
+                // find index of first unfulfilled promise
+            }
+            syncEvents[i].resolve(state);
+        });
+
+        await client!.startClient();
+        expect(await syncEvents[0].promise).toBe(SyncState.Error);
+        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        expect(await syncEvents[1].promise).toBe(SyncState.Error);
+        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        expect(await syncEvents[2].promise).toBe(SyncState.Prepared);
+        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        expect(await syncEvents[3].promise).toBe(SyncState.Syncing);
+        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        expect(await syncEvents[4].promise).toBe(SyncState.Syncing);
+    });
+
+    it("should stop sync keep alive when client is stopped.", async () => {
+        jest.useFakeTimers();
+        fetchMock.config.overwriteRoutes = false;
+        fetchMock
+            .getOnce("end:versions", {}) // first version check without credentials needs to succeed
+            .get("end:versions", unknownTokenErrorData) // further version checks fails with 401
+            .get("end:pushrules/", 401) // fails with 401 without an error. This does happen in practice e.g. with Synapse
+            .post("end:logout", unknownTokenErrorData) // just to keep up a consistent scenario. Does not have a real effect for this testcase
+            .post("end:filter", 401); // just to keep up a consistent scenario. Does not have a real effect for this testcase
+
+        const firstSyncEvent = queryablePromise<SyncState>();
+        const secondSyncEvent = queryablePromise<SyncState>();
+        client!.on(ClientEvent.Sync, (state: SyncState, lastState: SyncState | null) => {
+            if (firstSyncEvent.isFulfilled()) secondSyncEvent.resolve(state);
+            firstSyncEvent.resolve(state);
+        });
+
+        await client!.startClient();
+        const logoutDone = queryablePromise();
+        client!
+            .logout(true)
+            .then(() => {
+                logoutDone.resolve();
+            })
+            .catch((e) => {
+                logoutDone.resolve();
+            });
+
+        const syntState = await firstSyncEvent.promise;
+        expect(syntState).toBe(SyncState.Error);
+        jest.runAllTimers(); // this will skip forward to trigger the keepAlive
+
+        jest.useRealTimers(); // we need real timer for the setTimout below to work
+
+        const timeoutPromise = makeQueryablePromise(new Promise<void>((res) => setTimeout(res, 1)));
+
+        await Promise.race([secondSyncEvent.promise, timeoutPromise.promise]);
+        // when syncing stopped, then the secondSyncEvent will never happen and the promise will not be resolved,
+        /// so the timeoutPromise will be resolved instead
+        expect(timeoutPromise.isFulfilled()).toBe(true);
+        expect(secondSyncEvent.isFulfilled()).toBe(false);
+
+        await logoutDone.promise; // wait for the logout to finish to prevent processing and logging after the test is done.
+    });
+});

spec/integ/matrix-client-syncing.spec.ts

@@ -36,11 +36,16 @@ import {
     NotificationCountType,
     IEphemeral,
     Room,
+    IndexedDBStore,
+    RelationType,
+    EventType,
 } from "../../src";
 import { ReceiptType } from "../../src/@types/read_receipts";
 import { UNREAD_THREAD_NOTIFICATIONS } from "../../src/@types/sync";
 import * as utils from "../test-utils/test-utils";
 import { TestClient } from "../TestClient";
+import { emitPromise, mkEvent, mkMessage } from "../test-utils/test-utils";
+import { THREAD_RELATION_TYPE } from "../../src/models/thread";
 
 describe("MatrixClient syncing", () => {
     const selfUserId = "@alice:localhost";
@@ -81,17 +86,15 @@ describe("MatrixClient syncing", () => {
             presence: {},
         };
 
-        it("should /sync after /pushrules and /filter.", (done) => {
+        it("should /sync after /pushrules and /filter.", async () => {
             httpBackend!.when("GET", "/sync").respond(200, syncData);
 
             client!.startClient();
 
-            httpBackend!.flushAllExpected().then(() => {
-                done();
-            });
+            await httpBackend!.flushAllExpected();
         });
 
-        it("should pass the 'next_batch' token from /sync to the since= param  of the next /sync", (done) => {
+        it("should pass the 'next_batch' token from /sync to the since= param  of the next /sync", async () => {
             httpBackend!.when("GET", "/sync").respond(200, syncData);
             httpBackend!
                 .when("GET", "/sync")
@@ -102,9 +105,7 @@ describe("MatrixClient syncing", () => {
 
             client!.startClient();
 
-            httpBackend!.flushAllExpected().then(() => {
-                done();
-            });
+            await httpBackend!.flushAllExpected();
         });
 
         it("should emit RoomEvent.MyMembership for invite->leave->invite cycles", async () => {
@@ -222,9 +223,122 @@ describe("MatrixClient syncing", () => {
             expect(fires).toBe(3);
         });
 
-        it("should honour lazyLoadMembers if user is not a guest", () => {
-            client!.doesServerSupportLazyLoading = jest.fn().mockResolvedValue(true);
+        it("should emit RoomEvent.MyMembership for knock->leave->knock cycles", async () => {
+            await client!.initCrypto();
 
+            const roomId = "!cycles:example.org";
+
+            // First sync: an knock
+            const knockSyncRoomSection = {
+                knock: {
+                    [roomId]: {
+                        knock_state: {
+                            events: [
+                                {
+                                    type: "m.room.member",
+                                    state_key: selfUserId,
+                                    content: {
+                                        membership: "knock",
+                                    },
+                                },
+                            ],
+                        },
+                    },
+                },
+            };
+            httpBackend!.when("GET", "/sync").respond(200, {
+                ...syncData,
+                rooms: knockSyncRoomSection,
+            });
+
+            // Second sync: a leave (reject of some kind)
+            httpBackend!.when("POST", "/leave").respond(200, {});
+            httpBackend!.when("GET", "/sync").respond(200, {
+                ...syncData,
+                rooms: {
+                    leave: {
+                        [roomId]: {
+                            account_data: { events: [] },
+                            ephemeral: { events: [] },
+                            state: {
+                                events: [
+                                    {
+                                        type: "m.room.member",
+                                        state_key: selfUserId,
+                                        content: {
+                                            membership: "leave",
+                                        },
+                                        prev_content: {
+                                            membership: "knock",
+                                        },
+                                        // XXX: And other fields required on an event
+                                    },
+                                ],
+                            },
+                            timeline: {
+                                limited: false,
+                                events: [
+                                    {
+                                        type: "m.room.member",
+                                        state_key: selfUserId,
+                                        content: {
+                                            membership: "leave",
+                                        },
+                                        prev_content: {
+                                            membership: "knock",
+                                        },
+                                        // XXX: And other fields required on an event
+                                    },
+                                ],
+                            },
+                        },
+                    },
+                },
+            });
+
+            // Third sync: another knock
+            httpBackend!.when("GET", "/sync").respond(200, {
+                ...syncData,
+                rooms: knockSyncRoomSection,
+            });
+
+            // First fire: an initial knock
+            let fires = 0;
+            client!.once(RoomEvent.MyMembership, (room, membership, oldMembership) => {
+                // Room, string, string
+                fires++;
+                expect(room.roomId).toBe(roomId);
+                expect(membership).toBe("knock");
+                expect(oldMembership).toBeFalsy();
+
+                // Second fire: a leave
+                client!.once(RoomEvent.MyMembership, (room, membership, oldMembership) => {
+                    fires++;
+                    expect(room.roomId).toBe(roomId);
+                    expect(membership).toBe("leave");
+                    expect(oldMembership).toBe("knock");
+
+                    // Third/final fire: a second knock
+                    client!.once(RoomEvent.MyMembership, (room, membership, oldMembership) => {
+                        fires++;
+                        expect(room.roomId).toBe(roomId);
+                        expect(membership).toBe("knock");
+                        expect(oldMembership).toBe("leave");
+                    });
+                });
+
+                // For maximum safety, "leave" the room after we register the handler
+                client!.leave(roomId);
+            });
+
+            // noinspection ES6MissingAwait
+            client!.startClient();
+            await httpBackend!.flushAllExpected();
+
+            expect(fires).toBe(3);
+        });
+
+        it("should honour lazyLoadMembers if user is not a guest", () => {
             httpBackend!
                 .when("GET", "/sync")
                 .check((req) => {
@@ -241,8 +355,6 @@ describe("MatrixClient syncing", () => {
         it("should not honour lazyLoadMembers if user is a guest", () => {
             httpBackend!.expectedRequests = [];
             httpBackend!.when("GET", "/versions").respond(200, {});
-            client!.doesServerSupportLazyLoading = jest.fn().mockResolvedValue(true);
-
             httpBackend!
                 .when("GET", "/sync")
                 .check((req) => {
@@ -296,6 +408,46 @@ describe("MatrixClient syncing", () => {
             expect(fires).toBe(1);
         });
 
+        it("should emit ClientEvent.Room when knocked while crypto is disabled", async () => {
+            const roomId = "!knock:example.org";
+
+            // First sync: a knock
+            const knockSyncRoomSection = {
+                knock: {
+                    [roomId]: {
+                        knock_state: {
+                            events: [
+                                {
+                                    type: "m.room.member",
+                                    state_key: selfUserId,
+                                    content: {
+                                        membership: "knock",
+                                    },
+                                },
+                            ],
+                        },
+                    },
+                },
+            };
+            httpBackend!.when("GET", "/sync").respond(200, {
+                ...syncData,
+                rooms: knockSyncRoomSection,
+            });
+
+            // First fire: an initial knock
+            let fires = 0;
+            client!.once(ClientEvent.Room, (room) => {
+                fires++;
+                expect(room.roomId).toBe(roomId);
+            });
+
+            // noinspection ES6MissingAwait
+            client!.startClient();
+            await httpBackend!.flushAllExpected();
+
+            expect(fires).toBe(1);
+        });
+
         it("should work when all network calls fail", async () => {
             httpBackend!.expectedRequests = [];
             httpBackend!.when("GET", "").fail(0, new Error("CORS or something"));
@@ -361,6 +513,7 @@ describe("MatrixClient syncing", () => {
                 join: {},
                 invite: {},
                 leave: {},
+                knock: {},
             },
         };
 
@@ -392,9 +545,7 @@ describe("MatrixClient syncing", () => {
                             type: "m.room.create",
                             room: roomOne,
                             user: selfUserId,
-                            content: {
-                                creator: selfUserId,
-                            },
+                            content: {},
                         }),
                     ],
                 },
@@ -580,9 +731,7 @@ describe("MatrixClient syncing", () => {
                                     type: "m.room.create",
                                     room: roomOne,
                                     user: selfUserId,
-                                    content: {
-                                        creator: selfUserId,
-                                    },
+                                    content: {},
                                 }),
                             ],
                         },
@@ -614,9 +763,7 @@ describe("MatrixClient syncing", () => {
                                     type: "m.room.create",
                                     room: roomTwo,
                                     user: selfUserId,
-                                    content: {
-                                        creator: selfUserId,
-                                    },
+                                    content: {},
                                 }),
                             ],
                         },
@@ -724,7 +871,7 @@ describe("MatrixClient syncing", () => {
         // events that arrive in the incremental sync as if they preceeded the
         // timeline events, however this breaks peeking, so it's disabled
         // (see sync.js)
-        xit("should correctly interpret state in incremental sync.", () => {
+        it.skip("should correctly interpret state in incremental sync.", () => {
             httpBackend!.when("GET", "/sync").respond(200, syncData);
             httpBackend!.when("GET", "/sync").respond(200, nextSyncData);
 
@@ -741,9 +888,9 @@ describe("MatrixClient syncing", () => {
             });
         });
 
-        xit("should update power levels for users in a room", () => {});
+        it.skip("should update power levels for users in a room", () => {});
 
-        xit("should update the room topic", () => {});
+        it.skip("should update the room topic", () => {});
 
         describe("onMarkerStateEvent", () => {
             const normalMessageEvent = utils.mkMessage({
@@ -761,7 +908,6 @@ describe("MatrixClient syncing", () => {
                         room: roomOne,
                         user: otherUserId,
                         content: {
-                            creator: otherUserId,
                             room_version: "9",
                         },
                     });
@@ -840,13 +986,13 @@ describe("MatrixClient syncing", () => {
                     roomVersion: "org.matrix.msc2716v3",
                 },
             ].forEach((testMeta) => {
+                // eslint-disable-next-line jest/valid-title
                 describe(testMeta.label, () => {
                     const roomCreateEvent = utils.mkEvent({
                         type: "m.room.create",
                         room: roomOne,
                         user: otherUserId,
                         content: {
-                            creator: otherUserId,
                             room_version: testMeta.roomVersion,
                         },
                     });
@@ -1374,9 +1520,7 @@ describe("MatrixClient syncing", () => {
                                     type: "m.room.create",
                                     room: roomOne,
                                     user: selfUserId,
-                                    content: {
-                                        creator: selfUserId,
-                                    },
+                                    content: {},
                                 }),
                             ],
                         } as Partial<IJoinedRoom>,
@@ -1473,9 +1617,7 @@ describe("MatrixClient syncing", () => {
                                     type: "m.room.create",
                                     room: roomOne,
                                     user: selfUserId,
-                                    content: {
-                                        creator: selfUserId,
-                                    },
+                                    content: {},
                                 }),
                             ],
                         },
@@ -1589,30 +1731,87 @@ describe("MatrixClient syncing", () => {
                 });
             });
         });
+
+        it("should apply encrypted notification logic for events within the same sync blob", async () => {
+            const roomId = "!room123:server";
+            const syncData = {
+                rooms: {
+                    join: {
+                        [roomId]: {
+                            ephemeral: {
+                                events: [],
+                            },
+                            timeline: {
+                                events: [
+                                    utils.mkEvent({
+                                        room: roomId,
+                                        event: true,
+                                        skey: "",
+                                        type: EventType.RoomEncryption,
+                                        content: {},
+                                    }),
+                                    utils.mkMessage({
+                                        room: roomId,
+                                        user: otherUserId,
+                                        msg: "hello",
+                                    }),
+                                ],
+                            },
+                            state: {
+                                events: [
+                                    utils.mkMembership({
+                                        room: roomId,
+                                        mship: "join",
+                                        user: otherUserId,
+                                    }),
+                                    utils.mkMembership({
+                                        room: roomId,
+                                        mship: "join",
+                                        user: selfUserId,
+                                    }),
+                                    utils.mkEvent({
+                                        type: "m.room.create",
+                                        room: roomId,
+                                        user: selfUserId,
+                                        content: {},
+                                    }),
+                                ],
+                            },
+                        },
+                    },
+                },
+            } as unknown as ISyncResponse;
+
+            httpBackend!.when("GET", "/sync").respond(200, syncData);
+            client!.startClient();
+
+            await Promise.all([httpBackend!.flushAllExpected(), awaitSyncEvent()]);
+
+            const room = client!.getRoom(roomId)!;
+            expect(room).toBeInstanceOf(Room);
+            expect(room.getRoomUnreadNotificationCount(NotificationCountType.Total)).toBe(0);
+        });
     });
 
     describe("of a room", () => {
-        xit(
+        it.skip(
             "should sync when a join event (which changes state) for the user" +
                 " arrives down the event stream (e.g. join from another device)",
             () => {},
         );
 
-        xit("should sync when the user explicitly calls joinRoom", () => {});
+        it.skip("should sync when the user explicitly calls joinRoom", () => {});
     });
 
     describe("syncLeftRooms", () => {
-        beforeEach((done) => {
+        beforeEach(async () => {
             client!.startClient();
 
-            httpBackend!.flushAllExpected().then(() => {
-                // the /sync call from syncLeftRooms ends up in the request
-                // queue behind the call from the running client; add a response
-                // to flush the client's one out.
-                httpBackend!.when("GET", "/sync").respond(200, {});
-
-                done();
-            });
+            await httpBackend!.flushAllExpected();
+            // the /sync call from syncLeftRooms ends up in the request
+            // queue behind the call from the running client; add a response
+            // to flush the client's one out.
+            await httpBackend!.when("GET", "/sync").respond(200, {});
         });
 
         it("should create and use an appropriate filter", () => {
@@ -1873,4 +2072,124 @@ describe("MatrixClient syncing (IndexedDB version)", () => {
         idbClient.stopClient();
         idbHttpBackend.stop();
     });
+
+    it("should query server for which thread a 2nd order relation belongs to and stash in sync accumulator", async () => {
+        const roomId = "!room:example.org";
+
+        async function startClient(client: MatrixClient): Promise<void> {
+            await Promise.all([
+                idbClient.startClient({
+                    // Without this all events just go into the main timeline
+                    threadSupport: true,
+                }),
+                idbHttpBackend.flushAllExpected(),
+                emitPromise(idbClient, ClientEvent.Room),
+            ]);
+        }
+
+        function assertEventsExpected(client: MatrixClient): void {
+            const room = client.getRoom(roomId);
+            const mainTimelineEvents = room!.getLiveTimeline().getEvents();
+            expect(mainTimelineEvents).toHaveLength(1);
+            expect(mainTimelineEvents[0].getContent().body).toEqual("Test");
+
+            const thread = room!.getThread("$someThreadId")!;
+            expect(thread.replayEvents).toHaveLength(1);
+            expect(thread.replayEvents![0].getRelation()!.key).toEqual("🪿");
+        }
+
+        let idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
+            store: new IndexedDBStore({
+                indexedDB: global.indexedDB,
+                dbName: "test",
+            }),
+        });
+        let idbHttpBackend = idbTestClient.httpBackend;
+        let idbClient = idbTestClient.client;
+        await idbClient.store.startup();
+
+        idbHttpBackend.when("GET", "/versions").respond(200, { versions: ["v1.4"] });
+        idbHttpBackend.when("GET", "/pushrules/").respond(200, {});
+        idbHttpBackend.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
+
+        const syncRoomSection = {
+            join: {
+                [roomId]: {
+                    timeline: {
+                        prev_batch: "foo",
+                        events: [
+                            mkMessage({
+                                room: roomId,
+                                user: selfUserId,
+                                msg: "Test",
+                            }),
+                            mkEvent({
+                                room: roomId,
+                                user: selfUserId,
+                                content: {
+                                    "m.relates_to": {
+                                        rel_type: RelationType.Annotation,
+                                        event_id: "$someUnknownEvent",
+                                        key: "🪿",
+                                    },
+                                },
+                                type: "m.reaction",
+                            }),
+                        ],
+                    },
+                },
+            },
+        };
+        idbHttpBackend.when("GET", "/sync").respond(200, {
+            ...syncData,
+            rooms: syncRoomSection,
+        });
+        idbHttpBackend.when("GET", `/rooms/${encodeURIComponent(roomId)}/event/%24someUnknownEvent`).respond(
+            200,
+            mkEvent({
+                room: roomId,
+                user: selfUserId,
+                content: {
+                    "body": "Thread response",
+                    "m.relates_to": {
+                        rel_type: THREAD_RELATION_TYPE.name,
+                        event_id: "$someThreadId",
+                    },
+                },
+                type: "m.room.message",
+            }),
+        );
+
+        await startClient(idbClient);
+        assertEventsExpected(idbClient);
+
+        idbHttpBackend.verifyNoOutstandingExpectation();
+        // Force sync accumulator to persist, reset client, assert it doesn't re-fetch event on next start-up
+        await idbClient.store.save(true);
+        await idbClient.stopClient();
+        await idbClient.store.destroy();
+        await idbHttpBackend.stop();
+
+        idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
+            store: new IndexedDBStore({
+                indexedDB: global.indexedDB,
+                dbName: "test",
+            }),
+        });
+        idbHttpBackend = idbTestClient.httpBackend;
+        idbClient = idbTestClient.client;
+        await idbClient.store.startup();
+
+        idbHttpBackend.when("GET", "/versions").respond(200, { versions: ["v1.4"] });
+        idbHttpBackend.when("GET", "/pushrules/").respond(200, {});
+        idbHttpBackend.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
+        idbHttpBackend.when("GET", "/sync").respond(200, syncData);
+
+        await startClient(idbClient);
+        assertEventsExpected(idbClient);
+
+        idbHttpBackend.verifyNoOutstandingExpectation();
+        await idbClient.stopClient();
+        await idbHttpBackend.stop();
+    });
 });

spec/integ/matrix-client-unread-notifications.spec.ts

@@ -0,0 +1,421 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import "fake-indexeddb/auto";
+
+import HttpBackend from "matrix-mock-request";
+
+import {
+    Category,
+    ClientEvent,
+    EventType,
+    ISyncResponse,
+    MatrixClient,
+    MatrixEvent,
+    NotificationCountType,
+    RelationType,
+    Room,
+    fixNotificationCountOnDecryption,
+} from "../../src";
+import { TestClient } from "../TestClient";
+import { ReceiptType } from "../../src/@types/read_receipts";
+import { mkThread } from "../test-utils/thread";
+import { SyncState } from "../../src/sync";
+
+const userA = "@alice:localhost";
+const userB = "@bob:localhost";
+const selfUserId = userA;
+const selfAccessToken = "aseukfgwef";
+
+function setupTestClient(): [MatrixClient, HttpBackend] {
+    const testClient = new TestClient(selfUserId, "DEVICE", selfAccessToken);
+    const httpBackend = testClient.httpBackend;
+    const client = testClient.client;
+    httpBackend!.when("GET", "/versions").respond(200, {});
+    httpBackend!.when("GET", "/pushrules").respond(200, {});
+    httpBackend!.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
+    return [client, httpBackend];
+}
+
+describe("Notification count fixing", () => {
+    let client: MatrixClient | undefined;
+
+    beforeEach(() => {
+        [client] = setupTestClient();
+    });
+
+    it("doesn't increment notification count for events that can't be found in a room", async () => {
+        const roomId = "!room:localhost";
+
+        client!.startClient({ threadSupport: true });
+        const room = new Room(roomId, client!, selfUserId);
+        jest.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
+
+        const event = new MatrixEvent({
+            room_id: roomId,
+            type: "m.reaction",
+            event_id: "$foo",
+            content: {
+                "m.relates_to": {
+                    rel_type: RelationType.Annotation,
+                    event_id: "$foo",
+                    key: "x",
+                },
+            },
+        });
+
+        jest.spyOn(event, "getPushActions").mockReturnValue({
+            notify: true,
+            tweaks: {},
+        });
+
+        fixNotificationCountOnDecryption(client!, event);
+
+        expect(room.getUnreadNotificationCount(NotificationCountType.Total)).toBe(0);
+    });
+});
+
+describe("MatrixClient syncing", () => {
+    let client: MatrixClient | undefined;
+    let httpBackend: HttpBackend | undefined;
+
+    beforeEach(() => {
+        [client, httpBackend] = setupTestClient();
+    });
+
+    afterEach(() => {
+        httpBackend!.verifyNoOutstandingExpectation();
+        client!.stopClient();
+        return httpBackend!.stop();
+    });
+
+    it("reactions in thread set the correct timeline to unread", async () => {
+        const roomId = "!room:localhost";
+
+        // start the client, and wait for it to initialise
+        httpBackend!.when("GET", "/sync").respond(200, {
+            next_batch: "s_5_3",
+            rooms: {
+                [Category.Join]: {},
+                [Category.Leave]: {},
+                [Category.Invite]: {},
+            },
+        });
+        client!.startClient({ threadSupport: true });
+        await Promise.all([
+            httpBackend?.flushAllExpected(),
+            new Promise<void>((resolve) => {
+                client!.on(ClientEvent.Sync, (state) => state === SyncState.Syncing && resolve());
+            }),
+        ]);
+
+        const room = new Room(roomId, client!, selfUserId);
+        jest.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
+
+        const thread = mkThread({ room, client: client!, authorId: selfUserId, participantUserIds: [selfUserId] });
+        const threadReply = thread.events.at(-1)!;
+        await room.addLiveEvents([thread.rootEvent]);
+
+        // Initialize read receipt datastructure before testing the reaction
+        room.addReceiptToStructure(thread.rootEvent.getId()!, ReceiptType.Read, selfUserId, { ts: 1 }, false);
+        thread.thread.addReceiptToStructure(
+            threadReply.getId()!,
+            ReceiptType.Read,
+            selfUserId,
+            { thread_id: thread.thread.id, ts: 1 },
+            false,
+        );
+        expect(room.getReadReceiptForUserId(selfUserId, false)?.eventId).toEqual(thread.rootEvent.getId());
+        expect(thread.thread.getReadReceiptForUserId(selfUserId, false)?.eventId).toEqual(threadReply.getId());
+
+        const reactionEventId = `$9-${Math.random()}-${Math.random()}`;
+        let lastEvent: MatrixEvent | null = null;
+        jest.spyOn(client! as any, "sendEventHttpRequest").mockImplementation((event) => {
+            lastEvent = event as MatrixEvent;
+            return { event_id: reactionEventId };
+        });
+
+        await client!.sendEvent(roomId, EventType.Reaction, {
+            "m.relates_to": {
+                rel_type: RelationType.Annotation,
+                event_id: threadReply.getId(),
+                key: "",
+            },
+        });
+
+        expect(lastEvent!.getId()).toEqual(reactionEventId);
+        room.handleRemoteEcho(new MatrixEvent(lastEvent!.event), lastEvent!);
+
+        // Our ideal state after this is the following:
+        //
+        // Room: [synthetic: threadroot, actual: threadroot]
+        // Thread: [synthetic: threadreaction, actual: threadreply]
+        //
+        // The reaction and reply are both in the thread, and their receipts should be isolated to the thread.
+        // The reaction has not been acknowledged in a dedicated read receipt message, so only the synthetic receipt
+        // should be updated.
+
+        // Ensure the synthetic receipt for the room has not been updated
+        expect(room.getReadReceiptForUserId(selfUserId, false)?.eventId).toEqual(thread.rootEvent.getId());
+        expect(room.getEventReadUpTo(selfUserId, false)).toEqual(thread.rootEvent.getId());
+        // Ensure the actual receipt for the room has not been updated
+        expect(room.getReadReceiptForUserId(selfUserId, true)?.eventId).toEqual(thread.rootEvent.getId());
+        expect(room.getEventReadUpTo(selfUserId, true)).toEqual(thread.rootEvent.getId());
+        // Ensure the synthetic receipt for the thread has been updated
+        expect(thread.thread.getReadReceiptForUserId(selfUserId, false)?.eventId).toEqual(reactionEventId);
+        expect(thread.thread.getEventReadUpTo(selfUserId, false)).toEqual(reactionEventId);
+        // Ensure the actual receipt for the thread has not been updated
+        expect(thread.thread.getReadReceiptForUserId(selfUserId, true)?.eventId).toEqual(threadReply.getId());
+        expect(thread.thread.getEventReadUpTo(selfUserId, true)).toEqual(threadReply.getId());
+    });
+
+    describe("Stuck unread notifications integration tests", () => {
+        const ROOM_ID = "!room:localhost";
+
+        const syncData = getSampleStuckNotificationSyncResponse(ROOM_ID);
+
+        it("resets notifications if the last event originates from the logged in user", async () => {
+            httpBackend!
+                .when("GET", "/sync")
+                .check((req) => {
+                    expect(req.queryParams!.filter).toEqual("a filter id");
+                })
+                .respond(200, syncData);
+
+            client!.store.getSavedSyncToken = jest.fn().mockResolvedValue("this-is-a-token");
+            client!.startClient({ initialSyncLimit: 1 });
+
+            await httpBackend!.flushAllExpected();
+
+            const room = client?.getRoom(ROOM_ID);
+
+            expect(room).toBeInstanceOf(Room);
+            expect(room?.getUnreadNotificationCount(NotificationCountType.Total)).toBe(0);
+        });
+    });
+
+    function getSampleStuckNotificationSyncResponse(roomId: string): Partial<ISyncResponse> {
+        return {
+            next_batch: "batch_token",
+            rooms: {
+                [Category.Join]: {
+                    [roomId]: {
+                        timeline: {
+                            events: [
+                                {
+                                    content: {
+                                        room_version: "9",
+                                    },
+                                    origin_server_ts: 1,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.create",
+                                    event_id: "$event1",
+                                },
+                                {
+                                    content: {
+                                        avatar_url: "",
+                                        displayname: userB,
+                                        membership: "join",
+                                    },
+                                    origin_server_ts: 2,
+                                    sender: userB,
+                                    state_key: userB,
+                                    type: "m.room.member",
+                                    event_id: "$event2",
+                                },
+                                {
+                                    content: {
+                                        ban: 50,
+                                        events: {
+                                            "m.room.avatar": 50,
+                                            "m.room.canonical_alias": 50,
+                                            "m.room.encryption": 100,
+                                            "m.room.history_visibility": 100,
+                                            "m.room.name": 50,
+                                            "m.room.power_levels": 100,
+                                            "m.room.server_acl": 100,
+                                            "m.room.tombstone": 100,
+                                        },
+                                        events_default: 0,
+                                        historical: 100,
+                                        invite: 0,
+                                        kick: 50,
+                                        redact: 50,
+                                        state_default: 50,
+                                        users: {
+                                            [userA]: 100,
+                                            [userB]: 100,
+                                        },
+                                        users_default: 0,
+                                    },
+                                    origin_server_ts: 3,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.power_levels",
+                                    event_id: "$event3",
+                                },
+                                {
+                                    content: {
+                                        join_rule: "invite",
+                                    },
+                                    origin_server_ts: 4,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.join_rules",
+                                    event_id: "$event4",
+                                },
+                                {
+                                    content: {
+                                        history_visibility: "shared",
+                                    },
+                                    origin_server_ts: 5,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.history_visibility",
+                                    event_id: "$event5",
+                                },
+                                {
+                                    content: {
+                                        guest_access: "can_join",
+                                    },
+                                    origin_server_ts: 6,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.guest_access",
+                                    unsigned: {
+                                        age: 1651569,
+                                    },
+                                    event_id: "$event6",
+                                },
+                                {
+                                    content: {
+                                        algorithm: "m.megolm.v1.aes-sha2",
+                                    },
+                                    origin_server_ts: 7,
+                                    sender: userB,
+                                    state_key: "",
+                                    type: "m.room.encryption",
+                                    event_id: "$event7",
+                                },
+                                {
+                                    content: {
+                                        avatar_url: "",
+                                        displayname: userA,
+                                        is_direct: true,
+                                        membership: "invite",
+                                    },
+                                    origin_server_ts: 8,
+                                    sender: userB,
+                                    state_key: userA,
+                                    type: "m.room.member",
+                                    event_id: "$event8",
+                                },
+                                {
+                                    content: {
+                                        msgtype: "m.text",
+                                        body: "hello",
+                                    },
+                                    origin_server_ts: 9,
+                                    sender: userB,
+                                    type: "m.room.message",
+                                    event_id: "$event9",
+                                },
+                                {
+                                    content: {
+                                        avatar_url: "",
+                                        displayname: userA,
+                                        membership: "join",
+                                    },
+                                    origin_server_ts: 10,
+                                    sender: userA,
+                                    state_key: userA,
+                                    type: "m.room.member",
+                                    event_id: "$event10",
+                                },
+                                {
+                                    content: {
+                                        msgtype: "m.text",
+                                        body: "world",
+                                    },
+                                    origin_server_ts: 11,
+                                    sender: userA,
+                                    type: "m.room.message",
+                                    event_id: "$event11",
+                                },
+                            ],
+                            prev_batch: "123",
+                            limited: false,
+                        },
+                        state: {
+                            events: [],
+                        },
+                        account_data: {
+                            events: [
+                                {
+                                    type: "m.fully_read",
+                                    content: {
+                                        event_id: "$dER5V1RCMxzAhHXQJoMjqyuoxpPtK2X6hCb9T8Jg2wU",
+                                    },
+                                },
+                            ],
+                        },
+                        ephemeral: {
+                            events: [
+                                {
+                                    type: "m.receipt",
+                                    content: {
+                                        $event9: {
+                                            "m.read": {
+                                                [userA]: {
+                                                    ts: 100,
+                                                },
+                                            },
+                                            "m.read.private": {
+                                                [userA]: {
+                                                    ts: 100,
+                                                },
+                                            },
+                                        },
+                                        dER5V1RCMxzAhHXQJoMjqyuoxpPtK2X6hCb9T8Jg2wU: {
+                                            "m.read": {
+                                                [userB]: {
+                                                    ts: 666,
+                                                },
+                                            },
+                                        },
+                                    },
+                                },
+                            ],
+                        },
+                        unread_notifications: {
+                            notification_count: 1,
+                            highlight_count: 0,
+                        },
+                        summary: {
+                            "m.joined_member_count": 2,
+                            "m.invited_member_count": 0,
+                            "m.heroes": [userB],
+                        },
+                    },
+                },
+                [Category.Leave]: {},
+                [Category.Invite]: {},
+                [Category.Knock]: {},
+            },
+        };
+    }
+});

spec/integ/megolm-backup.spec.ts

@@ -1,170 +0,0 @@
-/*
-Copyright 2022 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { Account } from "@matrix-org/olm";
-
-import { logger } from "../../src/logger";
-import { decodeRecoveryKey } from "../../src/crypto/recoverykey";
-import { IKeyBackupInfo, IKeyBackupSession } from "../../src/crypto/keybackup";
-import { TestClient } from "../TestClient";
-import { IEvent } from "../../src";
-import { MatrixEvent, MatrixEventEvent } from "../../src/models/event";
-
-const ROOM_ID = "!ROOM:ID";
-
-const SESSION_ID = "o+21hSjP+mgEmcfdslPsQdvzWnkdt0Wyo00Kp++R8Kc";
-
-const ENCRYPTED_EVENT: Partial<IEvent> = {
-    type: "m.room.encrypted",
-    content: {
-        algorithm: "m.megolm.v1.aes-sha2",
-        sender_key: "SENDER_CURVE25519",
-        session_id: SESSION_ID,
-        ciphertext:
-            "AwgAEjD+VwXZ7PoGPRS/H4kwpAsMp/g+WPvJVtPEKE8fmM9IcT/N" +
-            "CiwPb8PehecDKP0cjm1XO88k6Bw3D17aGiBHr5iBoP7oSw8CXULXAMTkBl" +
-            "mkufRQq2+d0Giy1s4/Cg5n13jSVrSb2q7VTSv1ZHAFjUCsLSfR0gxqcQs",
-    },
-    room_id: "!ROOM:ID",
-    event_id: "$event1",
-    origin_server_ts: 1507753886000,
-};
-
-const CURVE25519_KEY_BACKUP_DATA: IKeyBackupSession = {
-    first_message_index: 0,
-    forwarded_count: 0,
-    is_verified: false,
-    session_data: {
-        ciphertext:
-            "2z2M7CZ+azAiTHN1oFzZ3smAFFt+LEOYY6h3QO3XXGdw" +
-            "6YpNn/gpHDO6I/rgj1zNd4FoTmzcQgvKdU8kN20u5BWRHxaHTZ" +
-            "Slne5RxE6vUdREsBgZePglBNyG0AogR/PVdcrv/v18Y6rLM5O9" +
-            "SELmwbV63uV9Kuu/misMxoqbuqEdG7uujyaEKtjlQsJ5MGPQOy" +
-            "Syw7XrnesSwF6XWRMxcPGRV0xZr3s9PI350Wve3EncjRgJ9IGF" +
-            "ru1bcptMqfXgPZkOyGvrphHoFfoK7nY3xMEHUiaTRfRIjq8HNV" +
-            "4o8QY1qmWGnxNBQgOlL8MZlykjg3ULmQ3DtFfQPj/YYGS3jzxv" +
-            "C+EBjaafmsg+52CTeK3Rswu72PX450BnSZ1i3If4xWAUKvjTpe" +
-            "Ug5aDLqttOv1pITolTJDw5W/SD+b5rjEKg1CFCHGEGE9wwV3Nf" +
-            "QHVCQL+dfpd7Or0poy4dqKMAi3g0o3Tg7edIF8d5rREmxaALPy" +
-            "iie8PHD8mj/5Y0GLqrac4CD6+Mop7eUTzVovprjg",
-        mac: "5lxYBHQU80M",
-        ephemeral: "/Bn0A4UMFwJaDDvh0aEk1XZj3k1IfgCxgFY9P9a0b14",
-    },
-};
-
-const CURVE25519_BACKUP_INFO: IKeyBackupInfo = {
-    algorithm: "m.megolm_backup.v1.curve25519-aes-sha2",
-    version: "1",
-    auth_data: {
-        public_key: "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
-    },
-};
-
-const RECOVERY_KEY = "EsTc LW2K PGiF wKEA 3As5 g5c4 BXwk qeeJ ZJV8 Q9fu gUMN UE4d";
-
-/**
- * start an Olm session with a given recipient
- */
-function createOlmSession(olmAccount: Olm.Account, recipientTestClient: TestClient): Promise<Olm.Session> {
-    return recipientTestClient.awaitOneTimeKeyUpload().then((keys) => {
-        const otkId = Object.keys(keys)[0];
-        const otk = keys[otkId];
-
-        const session = new global.Olm.Session();
-        session.create_outbound(olmAccount, recipientTestClient.getDeviceKey(), otk.key);
-        return session;
-    });
-}
-
-describe("megolm key backups", function () {
-    if (!global.Olm) {
-        logger.warn("not running megolm tests: Olm not present");
-        return;
-    }
-    const Olm = global.Olm;
-    let testOlmAccount: Olm.Account;
-    let aliceTestClient: TestClient;
-
-    const setupTestClient = (): [Account, TestClient] => {
-        const aliceTestClient = new TestClient("@alice:localhost", "xzcvb", "akjgkrgjs");
-        const testOlmAccount = new Olm.Account();
-        testOlmAccount!.create();
-
-        return [testOlmAccount, aliceTestClient];
-    };
-
-    beforeAll(function () {
-        return Olm.init();
-    });
-
-    beforeEach(async function () {
-        [testOlmAccount, aliceTestClient] = setupTestClient();
-        await aliceTestClient!.client.initCrypto();
-        aliceTestClient!.client.crypto!.backupManager.backupInfo = CURVE25519_BACKUP_INFO;
-    });
-
-    afterEach(function () {
-        return aliceTestClient!.stop();
-    });
-
-    it("Alice checks key backups when receiving a message she can't decrypt", function () {
-        const syncResponse = {
-            next_batch: 1,
-            rooms: {
-                join: {
-                    [ROOM_ID]: {
-                        timeline: {
-                            events: [ENCRYPTED_EVENT],
-                        },
-                    },
-                },
-            },
-        };
-
-        return aliceTestClient!
-            .start()
-            .then(() => {
-                return createOlmSession(testOlmAccount, aliceTestClient);
-            })
-            .then(() => {
-                const privkey = decodeRecoveryKey(RECOVERY_KEY);
-                return aliceTestClient!.client!.crypto!.storeSessionBackupPrivateKey(privkey);
-            })
-            .then(() => {
-                aliceTestClient!.httpBackend.when("GET", "/sync").respond(200, syncResponse);
-                aliceTestClient!.expectKeyBackupQuery(ROOM_ID, SESSION_ID, 200, CURVE25519_KEY_BACKUP_DATA);
-                return aliceTestClient!.httpBackend.flushAllExpected();
-            })
-            .then(function (): Promise<MatrixEvent> {
-                const room = aliceTestClient!.client.getRoom(ROOM_ID)!;
-                const event = room.getLiveTimeline().getEvents()[0];
-
-                if (event.getContent()) {
-                    return Promise.resolve(event);
-                }
-
-                return new Promise((resolve, reject) => {
-                    event.once(MatrixEventEvent.Decrypted, (ev) => {
-                        logger.log(`${Date.now()} event ${event.getId()} now decrypted`);
-                        resolve(ev);
-                    });
-                });
-            })
-            .then((event) => {
-                expect(event.getContent()).toEqual("testytest");
-            });
-    });
-});

spec/integ/sliding-sync-sdk.spec.ts

@@ -20,7 +20,7 @@ import { fail } from "assert";
 
 import { SlidingSync, SlidingSyncEvent, MSC3575RoomData, SlidingSyncState, Extension } from "../../src/sliding-sync";
 import { TestClient } from "../TestClient";
-import { IRoomEvent, IStateEvent } from "../../src/sync-accumulator";
+import { IRoomEvent, IStateEvent } from "../../src";
 import {
     MatrixClient,
     MatrixEvent,
@@ -39,9 +39,10 @@ import {
 } from "../../src";
 import { SlidingSyncSdk } from "../../src/sliding-sync-sdk";
 import { SyncApiOptions, SyncState } from "../../src/sync";
-import { IStoredClientOpts } from "../../src/client";
+import { IStoredClientOpts } from "../../src";
 import { logger } from "../../src/logger";
 import { emitPromise } from "../test-utils/test-utils";
+import { defer } from "../../src/utils";
 
 describe("SlidingSyncSdk", () => {
     let client: MatrixClient | undefined;
@@ -120,7 +121,7 @@ describe("SlidingSyncSdk", () => {
             await client!.initCrypto();
             syncOpts.cryptoCallbacks = syncOpts.crypto = client!.crypto;
         }
-        httpBackend!.when("GET", "/_matrix/client/r0/pushrules").respond(200, {});
+        httpBackend!.when("GET", "/_matrix/client/v3/pushrules").respond(200, {});
         sdk = new SlidingSyncSdk(mockSlidingSync, client, testOpts, syncOpts);
     };
 
@@ -153,11 +154,11 @@ describe("SlidingSyncSdk", () => {
             const hasSynced = sdk!.sync();
             await httpBackend!.flushAllExpected();
             await hasSynced;
-            expect(mockSlidingSync!.start).toBeCalled();
+            expect(mockSlidingSync!.start).toHaveBeenCalled();
         });
         it("can stop()", async () => {
             sdk!.stop();
-            expect(mockSlidingSync!.stop).toBeCalled();
+            expect(mockSlidingSync!.stop).toHaveBeenCalled();
         });
     });
 
@@ -187,7 +188,7 @@ describe("SlidingSyncSdk", () => {
                 [roomA]: {
                     name: "A",
                     required_state: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnStateEvent(EventType.RoomName, { name: "A" }, ""),
@@ -202,7 +203,7 @@ describe("SlidingSyncSdk", () => {
                     name: "B",
                     required_state: [],
                     timeline: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnEvent(EventType.RoomMessage, { body: "hello B" }),
@@ -214,7 +215,7 @@ describe("SlidingSyncSdk", () => {
                     name: "C",
                     required_state: [],
                     timeline: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnEvent(EventType.RoomMessage, { body: "hello C" }),
@@ -227,7 +228,7 @@ describe("SlidingSyncSdk", () => {
                     name: "D",
                     required_state: [],
                     timeline: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnEvent(EventType.RoomMessage, { body: "hello D" }),
@@ -263,7 +264,7 @@ describe("SlidingSyncSdk", () => {
                 [roomF]: {
                     name: "#foo:localhost",
                     required_state: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnStateEvent(EventType.RoomCanonicalAlias, { alias: "#foo:localhost" }, ""),
@@ -279,7 +280,7 @@ describe("SlidingSyncSdk", () => {
                     name: "G",
                     required_state: [],
                     timeline: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     ],
@@ -291,7 +292,7 @@ describe("SlidingSyncSdk", () => {
                     name: "H",
                     required_state: [],
                     timeline: [
-                        mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                        mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                         mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                         mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                         mkOwnEvent(EventType.RoomMessage, { body: "live event" }),
@@ -301,67 +302,57 @@ describe("SlidingSyncSdk", () => {
                 },
             };
 
-            it("can be created with required_state and timeline", () => {
+            it("can be created with required_state and timeline", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomA, data[roomA]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomA);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.name).toEqual(data[roomA].name);
-                expect(gotRoom.getMyMembership()).toEqual("join");
-                assertTimelineEvents(gotRoom.getLiveTimeline().getEvents().slice(-2), data[roomA].timeline);
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.name).toEqual(data[roomA].name);
+                expect(gotRoom!.getMyMembership()).toEqual("join");
+                assertTimelineEvents(gotRoom!.getLiveTimeline().getEvents().slice(-2), data[roomA].timeline);
             });
 
-            it("can be created with timeline only", () => {
+            it("can be created with timeline only", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomB, data[roomB]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomB);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.name).toEqual(data[roomB].name);
-                expect(gotRoom.getMyMembership()).toEqual("join");
-                assertTimelineEvents(gotRoom.getLiveTimeline().getEvents().slice(-5), data[roomB].timeline);
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.name).toEqual(data[roomB].name);
+                expect(gotRoom!.getMyMembership()).toEqual("join");
+                assertTimelineEvents(gotRoom!.getLiveTimeline().getEvents().slice(-5), data[roomB].timeline);
             });
 
-            it("can be created with a highlight_count", () => {
+            it("can be created with a highlight_count", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomC, data[roomC]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomC);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.getUnreadNotificationCount(NotificationCountType.Highlight)).toEqual(
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.getUnreadNotificationCount(NotificationCountType.Highlight)).toEqual(
                     data[roomC].highlight_count,
                 );
             });
 
-            it("can be created with a notification_count", () => {
+            it("can be created with a notification_count", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomD, data[roomD]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomD);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.getUnreadNotificationCount(NotificationCountType.Total)).toEqual(
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.getUnreadNotificationCount(NotificationCountType.Total)).toEqual(
                     data[roomD].notification_count,
                 );
             });
 
-            it("can be created with an invited/joined_count", () => {
+            it("can be created with an invited/joined_count", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomG, data[roomG]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomG);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.getInvitedMemberCount()).toEqual(data[roomG].invited_count);
-                expect(gotRoom.getJoinedMemberCount()).toEqual(data[roomG].joined_count);
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.getInvitedMemberCount()).toEqual(data[roomG].invited_count);
+                expect(gotRoom!.getJoinedMemberCount()).toEqual(data[roomG].joined_count);
             });
 
-            it("can be created with live events", () => {
-                let seenLiveEvent = false;
+            it("can be created with live events", async () => {
+                const seenLiveEventDeferred = defer<boolean>();
                 const listener = (
                     ev: MatrixEvent,
                     room?: Room,
@@ -371,43 +362,37 @@ describe("SlidingSyncSdk", () => {
                 ) => {
                     if (timelineData?.liveEvent) {
                         assertTimelineEvents([ev], data[roomH].timeline.slice(-1));
-                        seenLiveEvent = true;
+                        seenLiveEventDeferred.resolve(true);
                     }
                 };
                 client!.on(RoomEvent.Timeline, listener);
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomH, data[roomH]);
+                await emitPromise(client!, ClientEvent.Room);
                 client!.off(RoomEvent.Timeline, listener);
                 const gotRoom = client!.getRoom(roomH);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.name).toEqual(data[roomH].name);
-                expect(gotRoom.getMyMembership()).toEqual("join");
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.name).toEqual(data[roomH].name);
+                expect(gotRoom!.getMyMembership()).toEqual("join");
                 // check the entire timeline is correct
-                assertTimelineEvents(gotRoom.getLiveTimeline().getEvents(), data[roomH].timeline);
-                expect(seenLiveEvent).toBe(true);
+                assertTimelineEvents(gotRoom!.getLiveTimeline().getEvents(), data[roomH].timeline);
+                await expect(seenLiveEventDeferred.promise).resolves.toBeTruthy();
             });
 
-            it("can be created with invite_state", () => {
+            it("can be created with invite_state", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomE, data[roomE]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomE);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.getMyMembership()).toEqual("invite");
-                expect(gotRoom.currentState.getJoinRule()).toEqual(JoinRule.Invite);
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.getMyMembership()).toEqual("invite");
+                expect(gotRoom!.currentState.getJoinRule()).toEqual(JoinRule.Invite);
             });
 
-            it("uses the 'name' field to caluclate the room name", () => {
+            it("uses the 'name' field to caluclate the room name", async () => {
                 mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomF, data[roomF]);
+                await emitPromise(client!, ClientEvent.Room);
                 const gotRoom = client!.getRoom(roomF);
-                expect(gotRoom).toBeDefined();
-                if (gotRoom == null) {
-                    return;
-                }
-                expect(gotRoom.name).toEqual(data[roomF].name);
+                expect(gotRoom).toBeTruthy();
+                expect(gotRoom!.name).toEqual(data[roomF].name);
             });
 
             describe("updating", () => {
@@ -419,33 +404,33 @@ describe("SlidingSyncSdk", () => {
                         name: data[roomA].name,
                     });
                     const gotRoom = client!.getRoom(roomA);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
                     const newTimeline = data[roomA].timeline;
                     newTimeline.push(newEvent);
-                    assertTimelineEvents(gotRoom.getLiveTimeline().getEvents().slice(-3), newTimeline);
+                    assertTimelineEvents(gotRoom!.getLiveTimeline().getEvents().slice(-3), newTimeline);
                 });
 
                 it("can update with a new required_state event", async () => {
                     let gotRoom = client!.getRoom(roomB);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
-                    expect(gotRoom.getJoinRule()).toEqual(JoinRule.Invite); // default
+                    expect(gotRoom!.getJoinRule()).toEqual(JoinRule.Invite); // default
                     mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomB, {
                         required_state: [mkOwnStateEvent("m.room.join_rules", { join_rule: "restricted" }, "")],
                         timeline: [],
                         name: data[roomB].name,
                     });
                     gotRoom = client!.getRoom(roomB);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
-                    expect(gotRoom.getJoinRule()).toEqual(JoinRule.Restricted);
+                    expect(gotRoom!.getJoinRule()).toEqual(JoinRule.Restricted);
                 });
 
                 it("can update with a new highlight_count", async () => {
@@ -456,11 +441,11 @@ describe("SlidingSyncSdk", () => {
                         highlight_count: 1,
                     });
                     const gotRoom = client!.getRoom(roomC);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
-                    expect(gotRoom.getUnreadNotificationCount(NotificationCountType.Highlight)).toEqual(1);
+                    expect(gotRoom!.getUnreadNotificationCount(NotificationCountType.Highlight)).toEqual(1);
                 });
 
                 it("can update with a new notification_count", async () => {
@@ -471,11 +456,11 @@ describe("SlidingSyncSdk", () => {
                         notification_count: 1,
                     });
                     const gotRoom = client!.getRoom(roomD);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
-                    expect(gotRoom.getUnreadNotificationCount(NotificationCountType.Total)).toEqual(1);
+                    expect(gotRoom!.getUnreadNotificationCount(NotificationCountType.Total)).toEqual(1);
                 });
 
                 it("can update with a new joined_count", () => {
@@ -486,11 +471,11 @@ describe("SlidingSyncSdk", () => {
                         joined_count: 1,
                     });
                     const gotRoom = client!.getRoom(roomG);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
-                    expect(gotRoom.getJoinedMemberCount()).toEqual(1);
+                    expect(gotRoom!.getJoinedMemberCount()).toEqual(1);
                 });
 
                 // Regression test for a bug which caused the timeline entries to be out-of-order
@@ -512,7 +497,7 @@ describe("SlidingSyncSdk", () => {
                         initial: true, // e.g requested via room subscription
                     });
                     const gotRoom = client!.getRoom(roomA);
-                    expect(gotRoom).toBeDefined();
+                    expect(gotRoom).toBeTruthy();
                     if (gotRoom == null) {
                         return;
                     }
@@ -530,7 +515,7 @@ describe("SlidingSyncSdk", () => {
                     );
 
                     // we expect the timeline now to be oldTimeline (so the old events are in fact old)
-                    assertTimelineEvents(gotRoom.getLiveTimeline().getEvents(), oldTimeline);
+                    assertTimelineEvents(gotRoom!.getLiveTimeline().getEvents(), oldTimeline);
                 });
             });
         });
@@ -584,7 +569,7 @@ describe("SlidingSyncSdk", () => {
         });
 
         it("emits SyncState.Error immediately when receiving M_UNKNOWN_TOKEN and stops syncing", async () => {
-            expect(mockSlidingSync!.stop).not.toBeCalled();
+            expect(mockSlidingSync!.stop).not.toHaveBeenCalled();
             mockSlidingSync!.emit(
                 SlidingSyncEvent.Lifecycle,
                 SlidingSyncState.RequestFinished,
@@ -595,7 +580,7 @@ describe("SlidingSyncSdk", () => {
                 }),
             );
             expect(sdk!.getSyncState()).toEqual(SyncState.Error);
-            expect(mockSlidingSync!.stop).toBeCalled();
+            expect(mockSlidingSync!.stop).toHaveBeenCalled();
         });
     });
 
@@ -617,7 +602,7 @@ describe("SlidingSyncSdk", () => {
                 name: "Room with Invite",
                 required_state: [],
                 timeline: [
-                    mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                     mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "invite" }, invitee),
@@ -626,9 +611,9 @@ describe("SlidingSyncSdk", () => {
             await httpBackend!.flush("/profile", 1, 1000);
             await emitPromise(client!, RoomMemberEvent.Name);
             const room = client!.getRoom(roomId)!;
-            expect(room).toBeDefined();
+            expect(room).toBeTruthy();
             const inviteeMember = room.getMember(invitee)!;
-            expect(inviteeMember).toBeDefined();
+            expect(inviteeMember).toBeTruthy();
             expect(inviteeMember.getMxcAvatarUrl()).toEqual(inviteeProfile.avatar_url);
             expect(inviteeMember.name).toEqual(inviteeProfile.displayname);
         });
@@ -662,41 +647,30 @@ describe("SlidingSyncSdk", () => {
         });
 
         it("can update device lists", () => {
+            client!.crypto!.processDeviceLists = jest.fn();
             ext.onResponse({
                 device_lists: {
                     changed: ["@alice:localhost"],
                     left: ["@bob:localhost"],
                 },
             });
-            // TODO: more assertions?
+            expect(client!.crypto!.processDeviceLists).toHaveBeenCalledWith({
+                changed: ["@alice:localhost"],
+                left: ["@bob:localhost"],
+            });
         });
 
-        it("can update OTK counts", () => {
-            client!.crypto!.updateOneTimeKeyCount = jest.fn();
+        it("can update OTK counts and unused fallback keys", () => {
+            client!.crypto!.processKeyCounts = jest.fn();
             ext.onResponse({
                 device_one_time_keys_count: {
                     signed_curve25519: 42,
                 },
-            });
-            expect(client!.crypto!.updateOneTimeKeyCount).toHaveBeenCalledWith(42);
-            ext.onResponse({
-                device_one_time_keys_count: {
-                    not_signed_curve25519: 42,
-                    // missing field -> default to 0
-                },
-            });
-            expect(client!.crypto!.updateOneTimeKeyCount).toHaveBeenCalledWith(0);
-        });
-
-        it("can update fallback keys", () => {
-            ext.onResponse({
                 device_unused_fallback_key_types: ["signed_curve25519"],
             });
-            expect(client!.crypto!.getNeedsNewFallback()).toEqual(false);
-            ext.onResponse({
-                device_unused_fallback_key_types: ["not_signed_curve25519"],
-            });
-            expect(client!.crypto!.getNeedsNewFallback()).toEqual(true);
+            expect(client!.crypto!.processKeyCounts).toHaveBeenCalledWith({ signed_curve25519: 42 }, [
+                "signed_curve25519",
+            ]);
         });
     });
 
@@ -734,7 +708,7 @@ describe("SlidingSyncSdk", () => {
                 ],
             });
             globalData = client!.getAccountData(globalType)!;
-            expect(globalData).toBeDefined();
+            expect(globalData).toBeTruthy();
             expect(globalData.getContent()).toEqual(globalContent);
         });
 
@@ -744,7 +718,7 @@ describe("SlidingSyncSdk", () => {
                 name: "Room with account data",
                 required_state: [],
                 timeline: [
-                    mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                     mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     mkOwnEvent(EventType.RoomMessage, { body: "hello" }),
@@ -755,6 +729,7 @@ describe("SlidingSyncSdk", () => {
                 foo: "bar",
             };
             const roomType = "test";
+            await emitPromise(client!, ClientEvent.Room);
             ext.onResponse({
                 rooms: {
                     [roomId]: [
@@ -766,9 +741,9 @@ describe("SlidingSyncSdk", () => {
                 },
             });
             const room = client!.getRoom(roomId)!;
-            expect(room).toBeDefined();
+            expect(room).toBeTruthy();
             const event = room.getAccountData(roomType)!;
-            expect(event).toBeDefined();
+            expect(event).toBeTruthy();
             expect(event.getContent()).toEqual(roomContent);
         });
 
@@ -891,11 +866,9 @@ describe("SlidingSyncSdk", () => {
                 const evType = ev.getType();
                 expect(seen[evType]).toBeFalsy();
                 seen[evType] = true;
-                if (evType === "m.key.verification.start" || evType === "m.key.verification.request") {
-                    expect(ev.isCancelled()).toEqual(true);
-                } else {
-                    expect(ev.isCancelled()).toEqual(false);
-                }
+                expect(ev.isCancelled()).toEqual(
+                    evType === "m.key.verification.start" || evType === "m.key.verification.request",
+                );
             });
             ext.onResponse({
                 next_batch: "45678",
@@ -949,15 +922,16 @@ describe("SlidingSyncSdk", () => {
                 name: "Room with typing",
                 required_state: [],
                 timeline: [
-                    mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                     mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     mkOwnEvent(EventType.RoomMessage, { body: "hello" }),
                 ],
                 initial: true,
             });
+            await emitPromise(client!, ClientEvent.Room);
             const room = client!.getRoom(roomId)!;
-            expect(room).toBeDefined();
+            expect(room).toBeTruthy();
             expect(room.getMember(selfUserId)?.typing).toEqual(false);
             ext.onResponse({
                 rooms: {
@@ -989,7 +963,7 @@ describe("SlidingSyncSdk", () => {
                 name: "Room with typing",
                 required_state: [],
                 timeline: [
-                    mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                     mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     mkOwnEvent(EventType.RoomMessage, { body: "hello" }),
@@ -997,7 +971,7 @@ describe("SlidingSyncSdk", () => {
                 initial: true,
             });
             const room = client!.getRoom(roomId)!;
-            expect(room).toBeDefined();
+            expect(room).toBeTruthy();
             expect(room.getMember(selfUserId)?.typing).toEqual(false);
             ext.onResponse({
                 rooms: {
@@ -1075,7 +1049,7 @@ describe("SlidingSyncSdk", () => {
                 name: "Room with receipts",
                 required_state: [],
                 timeline: [
-                    mkOwnStateEvent(EventType.RoomCreate, { creator: selfUserId }, ""),
+                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                     mkOwnStateEvent(EventType.RoomMember, { membership: "join" }, selfUserId),
                     mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                     {
@@ -1090,12 +1064,13 @@ describe("SlidingSyncSdk", () => {
                 ],
                 initial: true,
             });
+            await emitPromise(client!, ClientEvent.Room);
             const room = client!.getRoom(roomId)!;
-            expect(room).toBeDefined();
+            expect(room).toBeTruthy();
             expect(room.getReadReceiptForUserId(alice, true)).toBeNull();
             ext.onResponse(generateReceiptResponse(alice, roomId, lastEvent.event_id, "m.read", 1234567));
             const receipt = room.getReadReceiptForUserId(alice);
-            expect(receipt).toBeDefined();
+            expect(receipt).toBeTruthy();
             expect(receipt?.eventId).toEqual(lastEvent.event_id);
             expect(receipt?.data.ts).toEqual(1234567);
             expect(receipt?.data.thread_id).toBeFalsy();

spec/integ/sliding-sync.spec.ts

@@ -1161,11 +1161,6 @@ describe("SlidingSync", () => {
             httpBackend!.when("POST", syncUrl).check(pushTxn).respond(200, { pos: "f" }); // missing txn_id
             await httpBackend!.flushAllExpected();
 
-            // attach rejection handlers now else if we do it later Jest treats that as an unhandled rejection
-            // which is a fail.
-            expect(failPromise).rejects.toEqual(gotTxnIds[0]);
-            expect(failPromise2).rejects.toEqual(gotTxnIds[1]);
-
             const okPromise = slidingSync.setListRanges("a", [[0, 20]]);
             let txnId: string | undefined;
             httpBackend!
@@ -1180,8 +1175,12 @@ describe("SlidingSync", () => {
                         txn_id: txnId,
                     };
                 });
-            await httpBackend!.flushAllExpected();
-            await okPromise;
+            await Promise.all([
+                expect(failPromise).rejects.toEqual(gotTxnIds[0]),
+                expect(failPromise2).rejects.toEqual(gotTxnIds[1]),
+                httpBackend!.flushAllExpected(),
+                okPromise,
+            ]);
 
             expect(txnId).toBeDefined();
         });
@@ -1200,7 +1199,6 @@ describe("SlidingSync", () => {
 
             // attach rejection handlers now else if we do it later Jest treats that as an unhandled rejection
             // which is a fail.
-            expect(A).rejects.toEqual(gotTxnIds[0]);
 
             const C = slidingSync.setListRanges("a", [[0, 20]]);
             let pendingC = true;
@@ -1217,9 +1215,12 @@ describe("SlidingSync", () => {
                         txn_id: gotTxnIds[1],
                     };
                 });
-            await httpBackend!.flushAllExpected();
-            // A is rejected, see above
-            expect(B).resolves.toEqual(gotTxnIds[1]); // B is resolved
+            await Promise.all([
+                expect(A).rejects.toEqual(gotTxnIds[0]),
+                httpBackend!.flushAllExpected(),
+                // A is rejected, see above
+                expect(B).resolves.toEqual(gotTxnIds[1]), // B is resolved
+            ]);
             expect(pendingC).toBe(true); // C is pending still
         });
         it("should do nothing for unknown txn_ids", async () => {
@@ -1698,7 +1699,7 @@ describe("SlidingSync", () => {
 });
 
 function timeout(delayMs: number, reason: string): { promise: Promise<never>; cancel: () => void } {
-    let timeoutId: NodeJS.Timeout;
+    let timeoutId: ReturnType<typeof setTimeout>;
     return {
         promise: new Promise((resolve, reject) => {
             timeoutId = setTimeout(() => {

spec/olm-loader.ts

@@ -20,8 +20,8 @@ import { logger } from "../src/logger";
 // try to load the olm library.
 try {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
-    global.Olm = require("@matrix-org/olm");
+    globalThis.Olm = require("@matrix-org/olm");
     logger.log("loaded libolm");
 } catch (e) {
-    logger.warn("unable to run crypto tests: libolm not available");
+    logger.warn("unable to run crypto tests: libolm not available", e);
 }

spec/setupTests.ts

@@ -16,7 +16,7 @@ limitations under the License.
 
 import DOMException from "domexception";
 
-global.DOMException = DOMException;
+global.DOMException = DOMException as typeof global.DOMException;
 
 jest.mock("../src/http-api/utils", () => ({
     ...jest.requireActual("../src/http-api/utils"),

spec/test-utils/AccountDataAccumulator.ts

@@ -0,0 +1,108 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+import { MockOptionsMethodPut } from "fetch-mock";
+
+import { ISyncResponder } from "./SyncResponder";
+
+/**
+ *  An object which intercepts `account_data` get and set requests via fetch-mock.
+ */
+export class AccountDataAccumulator {
+    /**
+     * The account data events to be returned by the sync.
+     * Will be updated when fetchMock intercepts calls to PUT `/_matrix/client/v3/user/:userId/account_data/`.
+     * Will be used by `sendSyncResponseWithUpdatedAccountData`
+     */
+    public accountDataEvents: Map<String, any> = new Map();
+
+    /**
+     * Intercept requests to set a particular type of account data.
+     *
+     * Once it is set, its data is stored (for future return by `interceptGetAccountData` etc) and the resolved promise is
+     * resolved.
+     *
+     * @param accountDataType - type of account data to be intercepted
+     * @param opts - options to pass to fetchMock
+     * @returns a Promise which will resolve (with the content of the account data) once it is set.
+     */
+    public interceptSetAccountData(accountDataType: string, opts?: MockOptionsMethodPut): Promise<any> {
+        return new Promise((resolve) => {
+            // Called when the cross signing key is uploaded
+            fetchMock.put(
+                `express:/_matrix/client/v3/user/:userId/account_data/${accountDataType}`,
+                (url: string, options: RequestInit) => {
+                    const content = JSON.parse(options.body as string);
+                    const type = url.split("/").pop();
+                    // update account data for sync response
+                    this.accountDataEvents.set(type!, content);
+                    resolve(content);
+                    return {};
+                },
+                opts,
+            );
+        });
+    }
+
+    /**
+     * Intercept all requests to get account data
+     */
+    public interceptGetAccountData(): void {
+        fetchMock.get(
+            `express:/_matrix/client/v3/user/:userId/account_data/:type`,
+            (url) => {
+                const type = url.split("/").pop();
+                const existing = this.accountDataEvents.get(type!);
+                if (existing) {
+                    // return it
+                    return {
+                        status: 200,
+                        body: existing,
+                    };
+                } else {
+                    // 404
+                    return {
+                        status: 404,
+                        body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
+                    };
+                }
+            },
+            { overwriteRoutes: true },
+        );
+    }
+
+    /**
+     * Send a sync response the current account data events.
+     */
+    public sendSyncResponseWithUpdatedAccountData(syncResponder: ISyncResponder): void {
+        try {
+            syncResponder.sendOrQueueSyncResponse({
+                next_batch: 1,
+                account_data: {
+                    events: Array.from(this.accountDataEvents, ([type, content]) => ({
+                        type: type,
+                        content: content,
+                    })),
+                },
+            });
+        } catch (err) {
+            // Might fail with "Cannot queue more than one /sync response" if called too often.
+            // It's ok if it fails here, the sync response is cumulative and will contain
+            // the latest account data.
+        }
+    }
+}

spec/test-utils/E2EKeyReceiver.ts

@@ -0,0 +1,164 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import debugFunc from "debug";
+import { Debugger } from "debug";
+import fetchMock from "fetch-mock-jest";
+
+import type { IDeviceKeys, IOneTimeKey } from "../../src/@types/crypto";
+
+/** Interface implemented by classes that intercept `/keys/upload` requests from test clients to catch the uploaded keys
+ *
+ * Common interface implemented by {@link TestClient} and {@link E2EKeyReceiver}
+ */
+export interface IE2EKeyReceiver {
+    /**
+     * get the uploaded ed25519 device key
+     *
+     * @returns base64 device key
+     */
+    getSigningKey(): string;
+
+    /**
+     * get the uploaded curve25519 device key
+     *
+     * @returns base64 device key
+     */
+    getDeviceKey(): string;
+
+    /**
+     * Wait for one-time-keys to be uploaded, then return them.
+     *
+     * @returns Promise for the one-time keys
+     */
+    awaitOneTimeKeyUpload(): Promise<Record<string, IOneTimeKey>>;
+}
+
+/** E2EKeyReceiver: An object which intercepts `/keys/uploads` fetches via fetch-mock.
+ *
+ * It stashes the uploaded keys for use elsewhere in the tests.
+ */
+export class E2EKeyReceiver implements IE2EKeyReceiver {
+    private readonly debug: Debugger;
+
+    private deviceKeys: IDeviceKeys | null = null;
+    private oneTimeKeys: Record<string, IOneTimeKey> = {};
+    private readonly oneTimeKeysPromise: Promise<void>;
+
+    /**
+     * Construct a new E2EKeyReceiver.
+     *
+     * It will immediately register an intercept of `/keys/uploads` requests for the given homeserverUrl.
+     * Only /upload requests made to this server will be intercepted: this allows a single test to use more than one
+     * client and have the keys collected separately.
+     *
+     * @param homeserverUrl - the Homeserver Url of the client under test.
+     */
+    public constructor(homeserverUrl: string) {
+        this.debug = debugFunc(`e2e-key-receiver:[${homeserverUrl}]`);
+
+        // set up a listener for /keys/upload.
+        this.oneTimeKeysPromise = new Promise((resolveOneTimeKeys) => {
+            const listener = (url: string, options: RequestInit) =>
+                this.onKeyUploadRequest(resolveOneTimeKeys, options);
+
+            fetchMock.post(new URL("/_matrix/client/v3/keys/upload", homeserverUrl).toString(), listener);
+        });
+    }
+
+    private async onKeyUploadRequest(onOnTimeKeysUploaded: () => void, options: RequestInit): Promise<object> {
+        const content = JSON.parse(options.body as string);
+
+        // device keys may only be uploaded once
+        if (content.device_keys && Object.keys(content.device_keys).length > 0) {
+            if (this.deviceKeys) {
+                throw new Error("Application attempted to upload E2E device keys multiple times");
+            }
+            this.debug(`received device keys`);
+            this.deviceKeys = content.device_keys;
+        }
+
+        if (content.one_time_keys && Object.keys(content.one_time_keys).length > 0) {
+            // this is a one-time-key upload
+
+            // if we already have a batch of one-time keys, then slow-roll the response,
+            // otherwise the client ends up tight-looping one-time-key-uploads and filling the logs with junk.
+            if (Object.keys(this.oneTimeKeys).length > 0) {
+                this.debug(`received second batch of one-time keys: blocking response`);
+                await new Promise(() => {});
+            }
+
+            this.debug(`received ${Object.keys(content.one_time_keys).length} one-time keys`);
+            Object.assign(this.oneTimeKeys, content.one_time_keys);
+            onOnTimeKeysUploaded();
+        }
+
+        return {
+            one_time_key_counts: {
+                signed_curve25519: Object.keys(this.oneTimeKeys).length,
+            },
+        };
+    }
+
+    /** Get the uploaded Ed25519 key
+     *
+     * If device keys have not yet been uploaded, throws an error
+     */
+    public getSigningKey(): string {
+        if (!this.deviceKeys) {
+            throw new Error("Device keys not yet uploaded");
+        }
+        const keyIds = Object.keys(this.deviceKeys.keys).filter((v) => v.startsWith("ed25519:"));
+        if (keyIds.length != 1) {
+            throw new Error(`Expected exactly 1 ed25519 key uploaded, got ${keyIds}`);
+        }
+        return this.deviceKeys.keys[keyIds[0]];
+    }
+
+    /** Get the uploaded Curve25519 key
+     *
+     * If device keys have not yet been uploaded, throws an error
+     */
+    public getDeviceKey(): string {
+        if (!this.deviceKeys) {
+            throw new Error("Device keys not yet uploaded");
+        }
+        const keyIds = Object.keys(this.deviceKeys.keys).filter((v) => v.startsWith("curve25519:"));
+        if (keyIds.length != 1) {
+            throw new Error(`Expected exactly 1 curve25519 key uploaded, got ${keyIds}`);
+        }
+        return this.deviceKeys.keys[keyIds[0]];
+    }
+
+    /**
+     * If the device keys have already been uploaded, return them. Else return null.
+     */
+    public getUploadedDeviceKeys(): IDeviceKeys | null {
+        return this.deviceKeys;
+    }
+
+    /**
+     * If one-time keys have already been uploaded, return them. Otherwise,
+     * set up an expectation that the keys will be uploaded, and wait for
+     * that to happen.
+     *
+     * @returns Promise for the one-time keys
+     */
+    public async awaitOneTimeKeyUpload(): Promise<Record<string, IOneTimeKey>> {
+        await this.oneTimeKeysPromise;
+        return this.oneTimeKeys;
+    }
+}

spec/test-utils/E2EKeyResponder.ts

@@ -0,0 +1,119 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+
+import { MapWithDefault } from "../../src/utils";
+import { IDownloadKeyResult } from "../../src";
+import { IDeviceKeys } from "../../src/@types/crypto";
+import { E2EKeyReceiver } from "./E2EKeyReceiver";
+
+/**
+ * An object which intercepts `/keys/query` fetches via fetch-mock.
+ */
+export class E2EKeyResponder {
+    private deviceKeysByUserByDevice = new MapWithDefault<string, Map<string, any>>(() => new Map());
+    private e2eKeyReceiversByUser = new Map<string, E2EKeyReceiver>();
+    private masterKeysByUser: Record<string, any> = {};
+    private selfSigningKeysByUser: Record<string, any> = {};
+    private userSigningKeysByUser: Record<string, any> = {};
+
+    /**
+     * Construct a new E2EKeyResponder.
+     *
+     * It will immediately register an intercept of `/keys/query` requests for the given homeserverUrl.
+     * Only /query requests made to this server will be intercepted: this allows a single test to use more than one
+     * client and have the keys collected separately.
+     *
+     * @param homeserverUrl - the Homeserver Url of the client under test.
+     */
+    public constructor(homeserverUrl: string) {
+        // set up a listener for /keys/query.
+        const listener = (url: string, options: RequestInit) => this.onKeyQueryRequest(options);
+        fetchMock.post(new URL("/_matrix/client/v3/keys/query", homeserverUrl).toString(), listener);
+    }
+
+    private onKeyQueryRequest(options: RequestInit) {
+        const content = JSON.parse(options.body as string);
+        const usersToReturn = Object.keys(content["device_keys"]);
+        const response = {
+            device_keys: {} as { [userId: string]: any },
+            master_keys: {} as { [userId: string]: any },
+            self_signing_keys: {} as { [userId: string]: any },
+            user_signing_keys: {} as { [userId: string]: any },
+            failures: {} as { [serverName: string]: any },
+        };
+        for (const user of usersToReturn) {
+            const userKeys = this.deviceKeysByUserByDevice.get(user);
+            if (userKeys !== undefined) {
+                response.device_keys[user] = Object.fromEntries(userKeys.entries());
+            }
+
+            const e2eKeyReceiver = this.e2eKeyReceiversByUser.get(user);
+            if (e2eKeyReceiver !== undefined) {
+                const deviceKeys = e2eKeyReceiver.getUploadedDeviceKeys();
+                if (deviceKeys !== null) {
+                    response.device_keys[user] ??= {};
+                    response.device_keys[user][deviceKeys.device_id] = deviceKeys;
+                }
+            }
+
+            if (this.masterKeysByUser.hasOwnProperty(user)) {
+                response.master_keys[user] = this.masterKeysByUser[user];
+            }
+            if (this.selfSigningKeysByUser.hasOwnProperty(user)) {
+                response.self_signing_keys[user] = this.selfSigningKeysByUser[user];
+            }
+            if (this.userSigningKeysByUser.hasOwnProperty(user)) {
+                response.user_signing_keys[user] = this.userSigningKeysByUser[user];
+            }
+        }
+        return response;
+    }
+
+    /**
+     * Add a set of device keys for return by a future `/keys/query`, as if they had been `/upload`ed
+     *
+     * @param keys - device keys for this device.
+     */
+    public addDeviceKeys(keys: IDeviceKeys) {
+        this.deviceKeysByUserByDevice.getOrCreate(keys.user_id).set(keys.device_id, keys);
+    }
+
+    /** Add a set of cross-signing keys for return by a future `/keys/query`, as if they had been `/keys/device_signing/upload`ed
+     *
+     * @param data cross-signing data
+     */
+    public addCrossSigningData(
+        data: Pick<IDownloadKeyResult, "master_keys" | "self_signing_keys" | "user_signing_keys">,
+    ) {
+        Object.assign(this.masterKeysByUser, data.master_keys);
+        Object.assign(this.selfSigningKeysByUser, data.self_signing_keys);
+        Object.assign(this.userSigningKeysByUser, data.user_signing_keys);
+    }
+
+    /**
+     * Add an E2EKeyReceiver to poll for uploaded keys
+     *
+     * Any keys which have been uploaded to the given `E2EKeyReceiver` at the time of the `/keys/query` request will
+     * be added to the response.
+     *
+     * @param e2eKeyReceiver
+     */
+    public addKeyReceiver(userId: string, e2eKeyReceiver: E2EKeyReceiver) {
+        this.e2eKeyReceiversByUser.set(userId, e2eKeyReceiver);
+    }
+}

spec/test-utils/SyncResponder.ts

@@ -0,0 +1,131 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import debugFunc from "debug";
+import { Debugger } from "debug";
+import fetchMock from "fetch-mock-jest";
+import { MockResponse } from "fetch-mock";
+
+/** Interface implemented by classes that intercept `/sync` requests from test clients
+ *
+ * Common interface implemented by {@link TestClient} and {@link SyncResponder}
+ */
+export interface ISyncResponder {
+    /** Next time we see a sync request (or immediately, if there is one waiting), send the given response
+     *
+     * @param response - response to /sync request
+     */
+    sendOrQueueSyncResponse(response: object): void;
+}
+
+enum SyncResponderState {
+    IDLE,
+    WAITING_FOR_REQUEST,
+    WAITING_FOR_RESPONSE,
+}
+
+/** SyncResponder: An object which intercepts `/sync` fetches via fetch-mock.
+ *
+ * Two modes are possible:
+ *  * A response can be queued up; the next call to `/sync` will return it.
+ *  * If a call to `/sync` arrives before a response is queued, it will block until a call to {@link #sendOrQueueSyncResponse}.
+ */
+export class SyncResponder implements ISyncResponder {
+    private readonly debug: Debugger;
+    private state: SyncResponderState = SyncResponderState.IDLE;
+
+    /*
+     * properties that are only valid in WAITING_FOR_REQUEST
+     */
+
+    /** the response to be sent when the request is made */
+    private pendingResponse: object | null = null;
+
+    /*
+     * properties that are only valid in WAITING_FOR_RESPONSE
+     */
+
+    /** a callback to be called with a response once one is registered.
+     *
+     * It will release the /sync request and update the state.
+     */
+    private onResponseReceived: ((response: object) => void) | null = null;
+
+    /**
+     * Construct a new SyncResponder.
+     *
+     * It will immediately register an intercept of `/sync` requests for the given homeserverUrl.
+     * Only /sync requests made to this server will be intercepted: this allows a single test to use more than one
+     * client and have overlapping /sync requests.
+     *
+     * @param homeserverUrl - the Homeserver Url of the client under test.
+     */
+    public constructor(homeserverUrl: string) {
+        this.debug = debugFunc(`sync-responder:[${homeserverUrl}]`);
+        fetchMock.get("begin:" + new URL("/_matrix/client/v3/sync?", homeserverUrl).toString(), (_url, _options) =>
+            this.onSyncRequest(),
+        );
+    }
+
+    private async onSyncRequest(): Promise<MockResponse> {
+        switch (this.state) {
+            case SyncResponderState.IDLE: {
+                this.debug("Got /sync request: waiting for response to be ready");
+                const res = await new Promise<object>((resolve) => {
+                    this.onResponseReceived = resolve;
+                    this.state = SyncResponderState.WAITING_FOR_RESPONSE;
+                });
+                this.debug("Responding to /sync");
+                this.state = SyncResponderState.IDLE;
+                this.onResponseReceived = null;
+                return res;
+            }
+
+            case SyncResponderState.WAITING_FOR_REQUEST: {
+                this.debug("Got /sync request: responding immediately with queued response");
+                const res = this.pendingResponse!;
+                this.state = SyncResponderState.IDLE;
+                this.pendingResponse = null;
+                return res;
+            }
+
+            default:
+                // we must already be in WAITING_FOR_RESPONSE, ie we already have a /sync request in progress
+                throw new Error(`Got unexpected /sync request in state ${this.state}`);
+        }
+    }
+
+    /** Next time we see a sync request (or immediately, if there is one waiting), send the given response
+     *
+     * @param response - response to /sync request
+     */
+    public sendOrQueueSyncResponse(response: object): void {
+        switch (this.state) {
+            case SyncResponderState.IDLE:
+                this.pendingResponse = response;
+                this.state = SyncResponderState.WAITING_FOR_REQUEST;
+                break;
+
+            case SyncResponderState.WAITING_FOR_RESPONSE:
+                this.onResponseReceived!(response);
+                break;
+
+            default:
+                // we already have a response queued
+                throw new Error(`Cannot queue more than one /sync response`);
+        }
+    }
+}

spec/test-utils/client.ts

@@ -86,7 +86,6 @@ export const mockClientMethodsEvents = () => ({
  * Returns basic mocked client methods related to server support
  */
 export const mockClientMethodsServer = (): Partial<Record<MethodLikeKeys<MatrixClient>, unknown>> => ({
-    doesServerSupportSeparateAddAndBind: jest.fn(),
     getIdentityServerUrl: jest.fn(),
     getHomeserverUrl: jest.fn(),
     getCapabilities: jest.fn().mockReturnValue({}),

spec/test-utils/mockEndpoints.ts

@@ -0,0 +1,92 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+
+import { KeyBackupInfo } from "../../src/crypto-api";
+
+/**
+ * Mock out the endpoints that the js-sdk calls when we call `MatrixClient.start()`.
+ *
+ * @param homeserverUrl - the homeserver url for the client under test
+ */
+export function mockInitialApiRequests(homeserverUrl: string) {
+    fetchMock.getOnce(new URL("/_matrix/client/versions", homeserverUrl).toString(), { versions: ["v1.1"] });
+    fetchMock.getOnce(new URL("/_matrix/client/v3/pushrules/", homeserverUrl).toString(), {});
+    fetchMock.postOnce(new URL("/_matrix/client/v3/user/%40alice%3Alocalhost/filter", homeserverUrl).toString(), {
+        filter_id: "fid",
+    });
+}
+
+/**
+ * Mock the requests needed to set up cross signing
+ *
+ * Return 404 error for `GET _matrix/client/v3/user/:userId/account_data/:type` request
+ * Return `{}` for `POST _matrix/client/v3/keys/signatures/upload` request (named `upload-sigs` for fetchMock check)
+ * Return `{}` for `POST /_matrix/client/(unstable|v3)/keys/device_signing/upload` request (named `upload-keys` for fetchMock check)
+ */
+export function mockSetupCrossSigningRequests(): void {
+    // have account_data requests return an empty object
+    fetchMock.get("express:/_matrix/client/v3/user/:userId/account_data/:type", {
+        status: 404,
+        body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
+    });
+
+    // we expect a request to upload signatures for our device ...
+    fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
+
+    // ... and one to upload the cross-signing keys (with UIA)
+    fetchMock.post(
+        // legacy crypto uses /unstable/; /v3/ is correct
+        {
+            url: new RegExp("/_matrix/client/(unstable|v3)/keys/device_signing/upload"),
+            name: "upload-keys",
+        },
+        {},
+    );
+}
+
+/**
+ * Mock out requests to `/room_keys/version`.
+ *
+ * Returns `404 M_NOT_FOUND` for GET requests until `POST room_keys/version` is called.
+ * Once the POST is done, `GET /room_keys/version` will return the posted backup
+ * instead of 404.
+ *
+ * @param backupVersion - The backup version that will be returned by `POST room_keys/version`.
+ */
+export function mockSetupMegolmBackupRequests(backupVersion: string): void {
+    fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+        status: 404,
+        body: {
+            errcode: "M_NOT_FOUND",
+            error: "No current backup version",
+        },
+    });
+
+    fetchMock.post("path:/_matrix/client/v3/room_keys/version", (url, request) => {
+        const backupData: KeyBackupInfo = JSON.parse(request.body?.toString() ?? "{}");
+        backupData.version = backupVersion;
+        backupData.count = 0;
+        backupData.etag = "zer";
+        fetchMock.get("path:/_matrix/client/v3/room_keys/version", backupData, {
+            overwriteRoutes: true,
+        });
+        return {
+            version: backupVersion,
+        };
+    });
+}

spec/test-utils/oidc.ts

@@ -0,0 +1,53 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { OidcClientConfig } from "../../src";
+import { ValidatedIssuerMetadata } from "../../src/oidc/validate";
+
+/**
+ * Makes a valid OidcClientConfig with minimum valid values
+ * @param issuer used as the base for all other urls
+ * @returns OidcClientConfig
+ */
+export const makeDelegatedAuthConfig = (issuer = "https://auth.org/"): OidcClientConfig => {
+    const metadata = mockOpenIdConfiguration(issuer);
+
+    return {
+        issuer,
+        account: issuer + "account",
+        registrationEndpoint: metadata.registration_endpoint,
+        authorizationEndpoint: metadata.authorization_endpoint,
+        tokenEndpoint: metadata.token_endpoint,
+        metadata,
+    };
+};
+
+/**
+ * Useful for mocking <issuer>/.well-known/openid-configuration
+ * @param issuer used as the base for all other urls
+ * @returns ValidatedIssuerMetadata
+ */
+export const mockOpenIdConfiguration = (issuer = "https://auth.org/"): ValidatedIssuerMetadata => ({
+    issuer,
+    revocation_endpoint: issuer + "revoke",
+    token_endpoint: issuer + "token",
+    authorization_endpoint: issuer + "auth",
+    registration_endpoint: issuer + "registration",
+    jwks_uri: issuer + "jwks",
+    response_types_supported: ["code"],
+    grant_types_supported: ["authorization_code", "refresh_token"],
+    code_challenge_methods_supported: ["S256"],
+});

spec/test-utils/test-data/.gitignore

@@ -0,0 +1 @@
+/env

spec/test-utils/test-data/generate-test-data.py

@@ -0,0 +1,654 @@
+#!/bin/env python
+#
+# Copyright 2023 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+This file is a Python script to generate test data for crypto tests.
+
+To run it:
+
+python -m venv env
+./env/bin/pip install cryptography canonicaljson
+./env/bin/python generate-test-data.py > index.ts
+"""
+
+import base64
+import json
+import base58
+
+from canonicaljson import encode_canonical_json
+from cryptography.hazmat.primitives.asymmetric import ed25519, x25519
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+from cryptography.hazmat.primitives import hashes, padding, hmac
+from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+from random import randbytes, seed
+
+ALICE_DATA = {
+    "TEST_USER_ID": "@alice:localhost",
+    "TEST_DEVICE_ID": "test_device",
+    "TEST_ROOM_ID": "!room:id",
+    # any 32-byte string can be an ed25519 private key.
+    "TEST_DEVICE_PRIVATE_KEY_BYTES": b"deadbeefdeadbeefdeadbeefdeadbeef",
+    # any 32-byte string can be an curve25519 private key.
+    "TEST_DEVICE_CURVE_PRIVATE_KEY_BYTES": b"deadmuledeadmuledeadmuledeadmule",
+
+    "MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"doyouspeakwhaaaaaaaaaaaaaaaaaale",
+    "USER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"useruseruseruseruseruseruseruser",
+    "SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"selfselfselfselfselfselfselfself",
+
+    # Private key for secure key backup. There are some sessions encrypted with this key in megolm-backup.spec.ts
+    "B64_BACKUP_DECRYPTION_KEY": "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=",
+
+    "OTK": "j3fR3HemM16M7CWhoI4Sk5ZsdmdfQHsKL1xuSft6MSw"
+}
+
+BOB_DATA = {
+    "TEST_USER_ID": "@bob:xyz",
+    "TEST_DEVICE_ID": "bob_device",
+    "TEST_ROOM_ID": "!room:id",
+    # any 32-byte string can be an ed25519 private key.
+    "TEST_DEVICE_PRIVATE_KEY_BYTES": b"Deadbeefdeadbeefdeadbeefdeadbeef",
+    # any 32-byte string can be an curve25519 private key.
+    "TEST_DEVICE_CURVE_PRIVATE_KEY_BYTES": b"Deadmuledeadmuledeadmuledeadmule",
+
+    "MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Doyouspeakwhaaaaaaaaaaaaaaaaaale",
+    "USER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Useruseruseruseruseruseruseruser",
+    "SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Selfselfselfselfselfselfselfself",
+
+    # Private key for secure key backup. There are some sessions encrypted with this key in megolm-backup.spec.ts
+    "B64_BACKUP_DECRYPTION_KEY": "DwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=",
+
+    "OTK": "j3fR3HemM16M7CWhoI4Sk5ZsdmdfQHsKL1xuSft6MSw"
+}
+
+def main() -> None:
+    print(
+        f"""\
+/* Test data for cryptography tests
+ *
+ * Do not edit by hand! This file is generated by `./generate-test-data.py`
+ */
+
+import {{ IDeviceKeys, IMegolmSessionData }} from "../../../src/@types/crypto";
+import {{ IDownloadKeyResult, IEvent }} from "../../../src";
+import {{ KeyBackupSession, KeyBackupInfo }} from "../../../src/crypto-api/keybackup";
+
+/* eslint-disable comma-dangle */
+
+// Alice data
+
+{build_test_data(ALICE_DATA)}
+// Bob data
+
+{build_test_data(BOB_DATA, "BOB_")}
+""",
+        end="",
+    )
+
+# Use static seed to have stable random test data upon new generation
+seed(10)
+
+def build_test_data(user_data, prefix = "") -> str:
+    private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+             user_data["TEST_DEVICE_PRIVATE_KEY_BYTES"]
+        )
+
+    device_curve_key = x25519.X25519PrivateKey.from_private_bytes(
+             user_data["TEST_DEVICE_CURVE_PRIVATE_KEY_BYTES"]
+        )
+
+    b64_public_key = encode_base64(
+        private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+
+    device_data = {
+        "algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
+        "device_id":  user_data["TEST_DEVICE_ID"],
+        "keys": {
+            f"curve25519:{user_data['TEST_DEVICE_ID']}": "F4uCNNlcbRvc7CfBz95ZGWBvY1ALniG1J8+6rhVoKS0",
+            f"ed25519:{user_data['TEST_DEVICE_ID']}": b64_public_key,
+        },
+        "signatures": {user_data['TEST_USER_ID']: {}},
+        "user_id": user_data["TEST_USER_ID"],
+    }
+
+    device_data["signatures"][user_data["TEST_USER_ID"]][f"ed25519:{user_data['TEST_DEVICE_ID']}"] = sign_json(
+        device_data, private_key
+    )
+
+    master_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+        user_data["MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_master_public_key = encode_base64(
+        master_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+    b64_master_private_key = encode_base64(user_data["MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES"])
+
+    self_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+        user_data["SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_self_signing_public_key = encode_base64(
+        self_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
+    )
+    b64_self_signing_private_key = encode_base64( user_data["SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES"])
+
+    user_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+         user_data["USER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_user_signing_public_key = encode_base64(
+        user_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
+    )
+    b64_user_signing_private_key = encode_base64(user_data["USER_CROSS_SIGNING_PRIVATE_KEY_BYTES"])
+
+    backup_decryption_key = x25519.X25519PrivateKey.from_private_bytes(
+        base64.b64decode(user_data["B64_BACKUP_DECRYPTION_KEY"])
+    )
+    b64_backup_public_key = encode_base64(
+        backup_decryption_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+
+    backup_data = {
+        "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+        "version": "1",
+        "auth_data": {
+            "public_key": b64_backup_public_key,
+        },
+    }
+    # sign with our device key
+    sig = sign_json(backup_data["auth_data"], private_key)
+    backup_data["auth_data"]["signatures"] = {
+        user_data["TEST_USER_ID"]: {f"ed25519:{user_data['TEST_DEVICE_ID']}": sig}
+    }
+
+    set_of_exported_room_keys = [build_exported_megolm_key(device_curve_key)[0], build_exported_megolm_key(device_curve_key)[0]]
+
+    additional_exported_room_key, additional_exported_ed_key = build_exported_megolm_key(device_curve_key)
+    ratcheted_exported_room_key = symetric_ratchet_step_of_megolm_key(additional_exported_room_key, additional_exported_ed_key)
+
+    otk_to_sign = {
+        "key": user_data['OTK']
+    }
+    # sign our public otk key with our device key
+    otk = sign_json(otk_to_sign, private_key)
+    otks = {
+        user_data["TEST_USER_ID"]: {
+            user_data['TEST_DEVICE_ID']: {
+                 "signed_curve25519:AAAAHQ": {
+                    "key": user_data["OTK"],
+                    "signatures": {
+                        user_data["TEST_USER_ID"]: {f"ed25519:{user_data['TEST_DEVICE_ID']}": otk}
+                    }
+                 }
+            }
+        }
+    }
+
+
+    backed_up_room_key = encrypt_megolm_key_for_backup(additional_exported_room_key, backup_decryption_key.public_key())
+
+    clear_event, encrypted_event = generate_encrypted_event_content(additional_exported_room_key, additional_exported_ed_key, device_curve_key)
+
+    backup_recovery_key = export_recovery_key(user_data["B64_BACKUP_DECRYPTION_KEY"])
+
+    return f"""\
+export const {prefix}TEST_USER_ID = "{user_data['TEST_USER_ID']}";
+export const {prefix}TEST_DEVICE_ID = "{user_data['TEST_DEVICE_ID']}";
+export const {prefix}TEST_ROOM_ID = "{user_data['TEST_ROOM_ID']}";
+
+/** The base64-encoded public ed25519 key for this device */
+export const {prefix}TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64 = "{b64_public_key}";
+
+/** Signed device data, suitable for returning from a `/keys/query` call */
+export const {prefix}SIGNED_TEST_DEVICE_DATA: IDeviceKeys = {json.dumps(device_data, indent=4)};
+
+/** base64-encoded public master cross-signing key */
+export const {prefix}MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "{b64_master_public_key}";
+
+/** base64-encoded private master cross-signing key */
+export const {prefix}MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "{b64_master_private_key}";
+
+/** base64-encoded public self cross-signing key */
+export const {prefix}SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "{b64_self_signing_public_key}";
+
+/** base64-encoded private self signing cross-signing key */
+export const {prefix}SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "{b64_self_signing_private_key}";
+
+/** base64-encoded public user cross-signing key */
+export const {prefix}USER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "{b64_user_signing_public_key}";
+
+/** base64-encoded private user signing cross-signing key */
+export const {prefix}USER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "{b64_user_signing_private_key}";
+
+/** Signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
+export const {prefix}SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
+        json.dumps(build_cross_signing_keys_data(user_data), indent=4)
+};
+
+/** Signed OTKs, returned by `POST /keys/claim` */
+export const {prefix}ONE_TIME_KEYS = { json.dumps(otks, indent=4) };
+
+/** base64-encoded backup decryption (private) key */
+export const {prefix}BACKUP_DECRYPTION_KEY_BASE64 = "{ user_data['B64_BACKUP_DECRYPTION_KEY'] }";
+
+/** Backup decryption key in export format */
+export const {prefix}BACKUP_DECRYPTION_KEY_BASE58 = "{ backup_recovery_key }";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{{roomId}}/{{sessionId}}` */
+export const {prefix}SIGNED_BACKUP_DATA: KeyBackupInfo = { json.dumps(backup_data, indent=4) };
+
+/** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
+export const {prefix}MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = {
+    json.dumps(set_of_exported_room_keys, indent=4)
+};
+
+/** An exported megolm session */
+export const {prefix}MEGOLM_SESSION_DATA: IMegolmSessionData = {
+        json.dumps(additional_exported_room_key, indent=4)
+};
+
+/** A ratcheted version of {prefix}MEGOLM_SESSION_DATA */
+export const {prefix}RATCHTED_MEGOLM_SESSION_DATA: IMegolmSessionData = {
+        json.dumps(ratcheted_exported_room_key, indent=4)
+};
+
+/** The key from {prefix}MEGOLM_SESSION_DATA, encrypted for backup using `m.megolm_backup.v1.curve25519-aes-sha2` algorithm*/
+export const {prefix}CURVE25519_KEY_BACKUP_DATA: KeyBackupSession = {json.dumps(backed_up_room_key, indent=4)};
+
+/** A test clear event */
+export const {prefix}CLEAR_EVENT: Partial<IEvent> = {json.dumps(clear_event, indent=4)};
+
+/** The encrypted CLEAR_EVENT by MEGOLM_SESSION_DATA */
+export const {prefix}ENCRYPTED_EVENT: Partial<IEvent> = {json.dumps(encrypted_event, indent=4)};
+"""
+
+
+def build_cross_signing_keys_data(user_data) -> dict:
+    """Build the signed cross-signing-keys data for return from /keys/query"""
+    master_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+        user_data["MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_master_public_key = encode_base64(
+        master_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+    )
+    self_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+         user_data["SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_self_signing_public_key = encode_base64(
+        self_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
+    )
+    user_signing_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
+         user_data["USER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
+    )
+    b64_user_signing_public_key = encode_base64(
+        user_signing_private_key.public_key().public_bytes(
+            Encoding.Raw, PublicFormat.Raw
+        )
+    )
+    # create without signatures initially
+    cross_signing_keys_data = {
+        "master_keys": {
+             user_data["TEST_USER_ID"]: {
+                "keys": {
+                    f"ed25519:{b64_master_public_key}": b64_master_public_key,
+                },
+                "user_id": user_data["TEST_USER_ID"],
+                "usage": ["master"],
+            }
+        },
+        "self_signing_keys": {
+            user_data["TEST_USER_ID"]: {
+                "keys": {
+                    f"ed25519:{b64_self_signing_public_key}": b64_self_signing_public_key,
+                },
+                "user_id": user_data["TEST_USER_ID"],
+                "usage": ["self_signing"],
+            },
+        },
+        "user_signing_keys": {
+            user_data["TEST_USER_ID"]: {
+                "keys": {
+                    f"ed25519:{b64_user_signing_public_key}": b64_user_signing_public_key,
+                },
+                "user_id": user_data["TEST_USER_ID"],
+                "usage": ["user_signing"],
+            },
+        },
+    }
+    # sign the sub-keys with the master
+    for k in ["self_signing_keys", "user_signing_keys"]:
+        to_sign = cross_signing_keys_data[k][user_data["TEST_USER_ID"]]
+        sig = sign_json(to_sign, master_private_key)
+        to_sign["signatures"] = {
+            user_data["TEST_USER_ID"]: {f"ed25519:{b64_master_public_key}": sig}
+        }
+
+    return cross_signing_keys_data
+
+
+def encode_base64(input_bytes: bytes) -> str:
+    """Encode with unpadded base64"""
+    output_bytes = base64.b64encode(input_bytes)
+    output_string = output_bytes.decode("ascii")
+    return output_string.rstrip("=")
+
+
+def sign_json(json_object: dict, private_key: ed25519.Ed25519PrivateKey) -> str:
+    """
+    Sign the given json object
+
+    Returns the base64-encoded signature of signing `input` following the Matrix
+    JSON signature algorithm [1]
+
+    [1]: https://spec.matrix.org/v1.7/appendices/#signing-details
+    """
+    signatures = json_object.pop("signatures", {})
+    unsigned = json_object.pop("unsigned", None)
+
+    signature = private_key.sign(encode_canonical_json(json_object))
+    signature_base64 = encode_base64(signature)
+
+    json_object["signatures"] = signatures
+    if unsigned is not None:
+        json_object["unsigned"] = unsigned
+
+    return signature_base64
+
+def build_exported_megolm_key(device_curve_key: x25519.X25519PrivateKey) -> tuple[dict, ed25519.Ed25519PrivateKey]:
+    """
+    Creates an exported megolm room key, as per https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#session-export-format
+    that can be imported via importRoomKeys API.
+    Returns the exported key, the matching privat edKey (needed to encrypt)
+    """
+    index = 0
+    private_key = ed25519.Ed25519PrivateKey.from_private_bytes(randbytes(32))
+    # Just use radom bytes for the ratchet parts
+    ratchet = randbytes(32 * 4)
+    # exported key, start with version byte
+    exported_key = bytearray(b'\x01')
+    exported_key += index.to_bytes(4, 'big')
+    exported_key += ratchet
+    # KPub
+    exported_key += private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+
+
+    megolm_export = {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": encode_base64(
+            device_curve_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+        ),
+        "session_id": encode_base64(
+            private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+        ),
+        "session_key": encode_base64(exported_key),
+        "sender_claimed_keys": {
+            "ed25519": encode_base64(ed25519.Ed25519PrivateKey.from_private_bytes(randbytes(32)).public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)),
+        },
+        "forwarding_curve25519_key_chain": [],
+    }
+
+    return megolm_export, private_key
+
+def symetric_ratchet_step_of_megolm_key(previous: dict , megolm_private_key: ed25519.Ed25519PrivateKey) -> dict:
+
+    """
+    Very simple ratchet step from 0 to 1
+    Used to generate a ratcheted key to test unknown message index.
+    """
+    session_key: str = previous["session_key"]
+
+    # Get the megolm R0 from the export format
+    decoded = base64.b64decode(session_key.encode("ascii"))
+    ri = decoded[5:133]
+
+    ri0 = ri[0:32]
+    ri1 = ri[32:64]
+    ri2 = ri[64:96]
+    ri3 = ri[96:128]
+
+    h = hmac.HMAC(ri3, hashes.SHA256())
+    h.update(b'x\03')
+    ri1_3 = h.finalize()
+
+    index = 1
+    private_key = megolm_private_key
+
+    # exported key, start with version byte
+    exported_key = bytearray(b'\x01')
+    exported_key += index.to_bytes(4, 'big')
+    exported_key += ri0
+    exported_key += ri1
+    exported_key += ri2
+    exported_key += ri1_3
+    # KPub
+    exported_key += private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
+
+
+    megolm_export = {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": previous["sender_key"],
+        "session_id": previous["session_id"],
+        "session_key": encode_base64(exported_key),
+        "sender_claimed_keys": previous["sender_claimed_keys"],
+        "forwarding_curve25519_key_chain": [],
+    }
+
+    return megolm_export
+
+def encrypt_megolm_key_for_backup(session_data: dict, backup_public_key: x25519.X25519PublicKey) -> dict:
+
+    """
+    Encrypts an exported megolm key for key backup, using the m.megolm_backup.v1.curve25519-aes-sha2 algorithm.
+    """
+    data = encode_canonical_json(session_data)
+
+    # Generate an ephemeral curve25519 key, and perform an ECDH with the ephemeral key
+    # and the backup’s public key to generate a shared secret.
+    # The public half of the ephemeral key, encoded using unpadded base64,
+    # becomes the ephemeral property of the session_data.
+    ephemeral_keypair = x25519.X25519PrivateKey.from_private_bytes(randbytes(32))
+    shared_secret = ephemeral_keypair.exchange(backup_public_key)
+    ephemeral = encode_base64(ephemeral_keypair.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
+
+    # Using the shared secret, generate 80 bytes by performing an HKDF using SHA-256 as the hash,
+    # with a salt of 32 bytes of 0, and with the empty string as the info.
+    # The first 32 bytes are used as the AES key, the next 32 bytes are used as the MAC key,
+    #  and the last 16 bytes are used as the AES initialization vector.
+    salt = bytes(32)
+    info = b""
+
+    hkdf = HKDF(
+        algorithm=hashes.SHA256(),
+        length=80,
+        salt=salt,
+        info=info,
+    )
+
+    raw_key = hkdf.derive(shared_secret)
+    aes_key = raw_key[:32]
+    mac = raw_key[32:64]
+    iv = raw_key[64:80]
+
+    # Stringify the JSON object, and encrypt it using AES-CBC-256 with PKCS#7 padding.
+    # This encrypted data, encoded using unpadded base64, becomes the ciphertext property of the session_data.
+    cipher = Cipher(algorithms.AES(aes_key), modes.CBC(iv))
+    encryptor = cipher.encryptor()
+    padder = padding.PKCS7(128).padder()
+    padded_data = padder.update(data) + padder.finalize()
+    ct = encryptor.update(padded_data) + encryptor.finalize()
+    cipher_text = encode_base64(ct)
+
+    # Pass the raw encrypted data (prior to base64 encoding) through HMAC-SHA-256 using the MAC key generated above.
+    # The first 8 bytes of the resulting MAC are base64-encoded, and become the mac property of the session_data.
+    h = hmac.HMAC(mac, hashes.SHA256())
+    # h.update(ct)
+    signature = h.finalize()
+    mac = encode_base64(signature[:8])
+
+    encrypted_key = {
+        "first_message_index": 1,
+        "forwarded_count": 0,
+        "is_verified": False,
+        "session_data": {
+            "ciphertext": cipher_text,
+            "ephemeral": ephemeral,
+            "mac": mac
+        }
+
+    }
+
+    return encrypted_key
+
+def generate_encrypted_event_content(exported_key: dict, ed_key: ed25519.Ed25519PrivateKey, curve_key: x25519.X25519PrivateKey) -> tuple[dict, dict]:
+    """
+        Encrypts an event using the given key in session export format.
+        Will not do any ratcheting, just encrypt at index 0.
+    """
+
+    clear_event = {
+        "type": "m.room.message",
+        "room_id": "!room:id",
+        "sender": "@alice:localhost",
+        "content": {
+            "msgtype": "m.text",
+            "body": "Hello world"
+        }
+    }
+
+    session_key: str = exported_key["session_key"]
+
+    # Get the megolm R0 from the export format
+    decoded = base64.b64decode(session_key.encode("ascii"))
+    r0 = decoded[5:133]
+
+    hkdf = HKDF(
+        algorithm=hashes.SHA256(),
+        length=80,
+        salt=bytes(32),
+        info=b"MEGOLM_KEYS",
+    )
+
+    raw_key = hkdf.derive(r0)
+    aes_key = raw_key[:32]
+    mac = raw_key[32:64]
+    aes_iv = raw_key[64:80]
+
+    payload_json = {
+        "room_id": clear_event["room_id"],
+        "type": clear_event["type"],
+        "content": clear_event["content"]
+    }
+
+    payload_string = encode_canonical_json(payload_json)
+
+    cipher = Cipher(algorithms.AES(aes_key), modes.CBC(aes_iv))
+    encryptor = cipher.encryptor()
+    padder = padding.PKCS7(128).padder()
+
+    padded_data = padder.update(payload_string)
+    padded_data += padder.finalize()
+
+    ct = encryptor.update(padded_data) + encryptor.finalize()
+
+    # The ratchet index i, and the cipher-text, are then packed
+    # into a message as described in Message format. Then the entire message
+    # (including the version bytes and all payload bytes) are passed through
+    # HMAC-SHA-256. The first 8 bytes of the MAC are appended to the message.
+    message = bytearray()
+    message += b'\x03'
+    # int tag for index
+    message += b'\x08'
+    # index is 0
+    message += b'\x00'
+    message += b'\x12'
+    # probably works only for short messages
+    message += len(ct).to_bytes(1, 'big')
+    # encrypted data
+    message += ct
+
+    h = hmac.HMAC(mac, hashes.SHA256())
+    h.update(message)
+    signature = h.finalize()
+    mac = signature[:8]
+
+    message += mac
+
+    # Finally, the authenticated message is signed using the Ed25519 keypair;
+    # the 64 byte signature is appended to the message
+    signature = ed_key.sign(bytes(message))
+
+    message += signature
+
+    cipher_text = encode_base64(message)
+
+    encrypted_payload = {
+        "algorithm" : "m.megolm.v1.aes-sha2",
+        "sender_key" : encode_base64(curve_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)),
+        "ciphertext" : cipher_text,
+        "session_id" : exported_key["session_id"],
+        "device_id" : "TEST_DEVICE"
+    }
+
+    encrypted_event = {
+        "type": "m.room.encrypted",
+        "room_id": "!room:id",
+        "sender": "@alice:localhost",
+        "content": encrypted_payload,
+        "event_id": "$event1",
+        "origin_server_ts": 1507753886000,
+    }
+
+    return clear_event, encrypted_event
+
+
+def export_recovery_key(key_b64: str) -> str:
+    """
+        Export a private recovery key as a recovery key that can be presented to users.
+        As per spec https://spec.matrix.org/v1.8/client-server-api/#recovery-key
+    """
+    private_key_bytes = base64.b64decode(key_b64)
+
+    # The 256-bit curve25519 private key is prepended by the bytes 0x8B and 0x01
+    export_bytes = bytearray()
+    export_bytes += b'\x8b'
+    export_bytes += b'\x01'
+
+    export_bytes += private_key_bytes
+
+    # All the bytes in the string above, including the two header bytes,
+    # are XORed together to form a parity byte. This parity byte is appended to the byte string.
+    parity_byte = 0 #b'\x8b' ^ b'\x01'
+    [parity_byte := parity_byte ^ x for x in export_bytes]
+
+    export_bytes += parity_byte.to_bytes(1, 'big')
+
+    # The byte string is encoded using base58
+    recovery_key = base58.b58encode(export_bytes).decode('utf-8')
+
+    split = [recovery_key[i:i + 4] for i in range(0, len(recovery_key), 4)]
+    return ' '.join(split)
+
+
+if __name__ == "__main__":
+    main()

spec/test-utils/test-data/index.ts

@@ -0,0 +1,451 @@
+/* Test data for cryptography tests
+ *
+ * Do not edit by hand! This file is generated by `./generate-test-data.py`
+ */
+
+import { IDeviceKeys, IMegolmSessionData } from "../../../src/@types/crypto";
+import { IDownloadKeyResult, IEvent } from "../../../src";
+import { KeyBackupSession, KeyBackupInfo } from "../../../src/crypto-api/keybackup";
+
+/* eslint-disable comma-dangle */
+
+// Alice data
+
+export const TEST_USER_ID = "@alice:localhost";
+export const TEST_DEVICE_ID = "test_device";
+export const TEST_ROOM_ID = "!room:id";
+
+/** The base64-encoded public ed25519 key for this device */
+export const TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64 = "YI/7vbGVLpGdYtuceQR8MSsKB/QjgfMXM1xqnn+0NWU";
+
+/** Signed device data, suitable for returning from a `/keys/query` call */
+export const SIGNED_TEST_DEVICE_DATA: IDeviceKeys = {
+    "algorithms": [
+        "m.olm.v1.curve25519-aes-sha2",
+        "m.megolm.v1.aes-sha2"
+    ],
+    "device_id": "test_device",
+    "keys": {
+        "curve25519:test_device": "F4uCNNlcbRvc7CfBz95ZGWBvY1ALniG1J8+6rhVoKS0",
+        "ed25519:test_device": "YI/7vbGVLpGdYtuceQR8MSsKB/QjgfMXM1xqnn+0NWU"
+    },
+    "user_id": "@alice:localhost",
+    "signatures": {
+        "@alice:localhost": {
+            "ed25519:test_device": "LmQC/yAUZJmkxZ+3L0nEwvtVWOzjqQqADWBhk+C47SPaFYHeV+E291mgXaSCJVeGltX+HC49Aw7nb6ga7sw0Aw"
+        }
+    }
+};
+
+/** base64-encoded public master cross-signing key */
+export const MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "J+5An10v1vzZpAXTYFokD1/PEVccFnLC61EfRXit0UY";
+
+/** base64-encoded private master cross-signing key */
+export const MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "ZG95b3VzcGVha3doYWFhYWFhYWFhYWFhYWFhYWFhbGU";
+
+/** base64-encoded public self cross-signing key */
+export const SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "aU2+2CyXQTCuDcmWW0EL2bhJ6PdjFW2LbAsbHqf02AY";
+
+/** base64-encoded private self signing cross-signing key */
+export const SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "c2VsZnNlbGZzZWxmc2VsZnNlbGZzZWxmc2VsZnNlbGY";
+
+/** base64-encoded public user cross-signing key */
+export const USER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "g5TC/zjQXyZYuDLZv7a41z5fFVrXpYPypG//AFQj8hY";
+
+/** base64-encoded private user signing cross-signing key */
+export const USER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "dXNlcnVzZXJ1c2VydXNlcnVzZXJ1c2VydXNlcnVzZXI";
+
+/** Signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
+export const SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
+    "master_keys": {
+        "@alice:localhost": {
+            "keys": {
+                "ed25519:J+5An10v1vzZpAXTYFokD1/PEVccFnLC61EfRXit0UY": "J+5An10v1vzZpAXTYFokD1/PEVccFnLC61EfRXit0UY"
+            },
+            "user_id": "@alice:localhost",
+            "usage": [
+                "master"
+            ]
+        }
+    },
+    "self_signing_keys": {
+        "@alice:localhost": {
+            "keys": {
+                "ed25519:aU2+2CyXQTCuDcmWW0EL2bhJ6PdjFW2LbAsbHqf02AY": "aU2+2CyXQTCuDcmWW0EL2bhJ6PdjFW2LbAsbHqf02AY"
+            },
+            "user_id": "@alice:localhost",
+            "usage": [
+                "self_signing"
+            ],
+            "signatures": {
+                "@alice:localhost": {
+                    "ed25519:J+5An10v1vzZpAXTYFokD1/PEVccFnLC61EfRXit0UY": "XfhYEhZmOs8BJdb3viatILBZ/bElsHXEW28V4tIaY5CxrBR0YOym3yZHWmRmypXessHZAKOhZn3yBMXzdajyCw"
+                }
+            }
+        }
+    },
+    "user_signing_keys": {
+        "@alice:localhost": {
+            "keys": {
+                "ed25519:g5TC/zjQXyZYuDLZv7a41z5fFVrXpYPypG//AFQj8hY": "g5TC/zjQXyZYuDLZv7a41z5fFVrXpYPypG//AFQj8hY"
+            },
+            "user_id": "@alice:localhost",
+            "usage": [
+                "user_signing"
+            ],
+            "signatures": {
+                "@alice:localhost": {
+                    "ed25519:J+5An10v1vzZpAXTYFokD1/PEVccFnLC61EfRXit0UY": "6AkD1XM2H0/ebgP9oBdMKNeft7uxsrb0XN1CsjjHgeZCvCTMmv3BHlLiT/Hzy4fe8H+S1tr484dcXN/PIdnfDA"
+                }
+            }
+        }
+    }
+};
+
+/** Signed OTKs, returned by `POST /keys/claim` */
+export const ONE_TIME_KEYS = {
+    "@alice:localhost": {
+        "test_device": {
+            "signed_curve25519:AAAAHQ": {
+                "key": "j3fR3HemM16M7CWhoI4Sk5ZsdmdfQHsKL1xuSft6MSw",
+                "signatures": {
+                    "@alice:localhost": {
+                        "ed25519:test_device": "25djC6Rk6gIgFBMVawY9X9LnY8XMMziey6lKqL8Q5Bbp7T1vw9uk0RE7eKO2a/jNLcYroO2xRztGhBrKz5sOCQ"
+                    }
+                }
+            }
+        }
+    }
+};
+
+/** base64-encoded backup decryption (private) key */
+export const BACKUP_DECRYPTION_KEY_BASE64 = "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
+
+/** Backup decryption key in export format */
+export const BACKUP_DECRYPTION_KEY_BASE58 = "EsTc LW2K PGiF wKEA 3As5 g5c4 BXwk qeeJ ZJV8 Q9fu gUMN UE4d";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
+export const SIGNED_BACKUP_DATA: KeyBackupInfo = {
+    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+    "version": "1",
+    "auth_data": {
+        "public_key": "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
+        "signatures": {
+            "@alice:localhost": {
+                "ed25519:test_device": "KDSNeumirTsd8piI0oVfv/wzg4J4HlEc7rs5XhODFcJ/YAcUdg65ajsZG+rLI0TQOSSGjorJqcrSiSB1HRSCAA"
+            }
+        }
+    }
+};
+
+/** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
+export const MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
+    {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": "WimPd2udAU/1S/+YBpPbmr9L+0H5H+BnAVHSwDxlPGc",
+        "session_id": "FYOoKQSwe4d9jhTZ/LQCZFJINjPEqZ7Or4Z08reP92M",
+        "session_key": "AQAAAABZ0jXQOprFfXe41tIFmAtHxflJp4O2hM/vzQQpOazOCFeWSoW5P3Z9Q+voU3eXehMwyP8/hm/Q8xLP6/PmJdy+71se/17kdFwcDGgLxBWfa4ODM9zlI4EjKbNqmiii5loJ7rBhA/XXaw80m0hfU6zTDX/KrO55J0Pt4vJ0LDa3LBWDqCkEsHuHfY4U2fy0AmRSSDYzxKmezq+GdPK3j/dj",
+        "sender_claimed_keys": {
+            "ed25519": "QdgHgdpDgihgovpPzUiThXur1fbErTFh7paFvNKSgN0"
+        },
+        "forwarding_curve25519_key_chain": []
+    },
+    {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": "WimPd2udAU/1S/+YBpPbmr9L+0H5H+BnAVHSwDxlPGc",
+        "session_id": "mPYSGA2l1tOQiipEDEVYhDSdTSFh2lDW1qpGKYZRxTc",
+        "session_key": "AQAAAAAHwgkB49BTPAEGTCK6degxUIbl8GPG2ugPRYhNtOpNic63u11+baXFfjDw5fmVfD1gJXpQQjGsqrIYioxrB1xzl7mfb942UHhYdaMQZowpp1fSpJVsxR5TddUU2EWifYD9EQsoz8mY1zqoazm4vUP4v9yxaTcUBj2c6HMJCY0gCJj2EhgNpdbTkIoqRAxFWIQ0nU0hYdpQ1taqRimGUcU3",
+        "sender_claimed_keys": {
+            "ed25519": "IrkbT6H+0urDf6wKDSyVC1fh1t84Vz6T62snni86Cog"
+        },
+        "forwarding_curve25519_key_chain": []
+    }
+];
+
+/** An exported megolm session */
+export const MEGOLM_SESSION_DATA: IMegolmSessionData = {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "room_id": "!room:id",
+    "sender_key": "WimPd2udAU/1S/+YBpPbmr9L+0H5H+BnAVHSwDxlPGc",
+    "session_id": "ipdI6Zs/7DzFTEhiA2iGaMDfHkIYCleqXT6L+5e1/co",
+    "session_key": "AQAAAABXGO+Z9jlQJhIL6ByhXrv2BwCIxkhh7MXpKLsYmXkJcWrQlirmXmD79ga1zo+I4DCtEZzyGSpDWXBC6G7ez3H4gDMBam1RE3Jm5tc+oTlIri32UkYgSL0kBkcEnttqmIXBlK8tAfJo3cJnlh7F4ltEOAqrdME6dU0zXTkqXmURqYqXSOmbP+w8xUxIYgNohmjA3x5CGApXql0+i/uXtf3K",
+    "sender_claimed_keys": {
+        "ed25519": "Bhbpt6hqMZlSH4sJV7xiEEEiPVeTWz4Vkujl1EMdIPI"
+    },
+    "forwarding_curve25519_key_chain": []
+};
+
+/** A ratcheted version of MEGOLM_SESSION_DATA */
+export const RATCHTED_MEGOLM_SESSION_DATA: IMegolmSessionData = {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "room_id": "!room:id",
+    "sender_key": "WimPd2udAU/1S/+YBpPbmr9L+0H5H+BnAVHSwDxlPGc",
+    "session_id": "ipdI6Zs/7DzFTEhiA2iGaMDfHkIYCleqXT6L+5e1/co",
+    "session_key": "AQAAAAFXGO+Z9jlQJhIL6ByhXrv2BwCIxkhh7MXpKLsYmXkJcWrQlirmXmD79ga1zo+I4DCtEZzyGSpDWXBC6G7ez3H4gDMBam1RE3Jm5tc+oTlIri32UkYgSL0kBkcEnttqmIUWvpwC7by/yg231+gyzu9lDHAU4ivCj48pt7WGiORWmIqXSOmbP+w8xUxIYgNohmjA3x5CGApXql0+i/uXtf3K",
+    "sender_claimed_keys": {
+        "ed25519": "Bhbpt6hqMZlSH4sJV7xiEEEiPVeTWz4Vkujl1EMdIPI"
+    },
+    "forwarding_curve25519_key_chain": []
+};
+
+/** The key from MEGOLM_SESSION_DATA, encrypted for backup using `m.megolm_backup.v1.curve25519-aes-sha2` algorithm*/
+export const CURVE25519_KEY_BACKUP_DATA: KeyBackupSession = {
+    "first_message_index": 1,
+    "forwarded_count": 0,
+    "is_verified": false,
+    "session_data": {
+        "ciphertext": "r6HRk2/Im2yJe5cLP8R81aVjFWjYWPHpw7TVxphiSK1cdIDZTTK57r6MfU+0i/mTPn+/PosT74OvYwCnehy2d1BPGxhDl8AhPcBu3//Kzlq2o5CssPsw+88gRehkAsPg9Zp5G9sL9to6giltvTWTbsaQpmvv3HLmBOYSFIxvyZrOT/Ffqu325f0IEsKcyV2BdIkw8Ob9Xt+VWoe4MYEGG6y1T8W125zeFgKWI4Ow76uput64H9zZjIo+Cc+hCTO9Ea4EnosSjizCotevkNck7C/zGgfhBikiohROb6SbaZgxicSsEDZ+f7brnri9yP3iXS3PMDHHpa1+XzG2VOG/Y9OQZpkPq+pbLrCC+NWJeJPslDAK5i+RURwzjnPmaHKCRHTq86CwhFyiCDf61MGwCY3xjrmBJg44BCdxWqCx0YJvwsvVqqnl4vTieUfrwThNPsQ81aVkDHvlmrgrTt8icDa8jTJhu34jem+pbRSEM5aJikV4B+zYiLz+dH/v6UpYA2eG8ReOvwpPXp6CAcIlplRPpWbMBeLFVcPkT4KAXTp9exFpB4on4pf8OsaDomlt4qAA0rhAZmhPWPKcU/A0Tz4gyMu54OivVtw1SPj+5Iq+YDQ8jB6Po3ApzMf6fwF9x/FjevbboFB05X2Jr0NrbFqXMOUwXHMgDAGiIWX8+gkmmbaiNWqg2etjN94pobQSGZelb18XGN7kuwMk+Zwk7A",
+        "ephemeral": "q+P1WdRtEiPIEtNuuGrRcueZxUbLnSKdsuTAkxewXgU",
+        "mac": "OibmACbORhI"
+    }
+};
+
+/** A test clear event */
+export const CLEAR_EVENT: Partial<IEvent> = {
+    "type": "m.room.message",
+    "room_id": "!room:id",
+    "sender": "@alice:localhost",
+    "content": {
+        "msgtype": "m.text",
+        "body": "Hello world"
+    }
+};
+
+/** The encrypted CLEAR_EVENT by MEGOLM_SESSION_DATA */
+export const ENCRYPTED_EVENT: Partial<IEvent> = {
+    "type": "m.room.encrypted",
+    "room_id": "!room:id",
+    "sender": "@alice:localhost",
+    "content": {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "sender_key": "WimPd2udAU/1S/+YBpPbmr9L+0H5H+BnAVHSwDxlPGc",
+        "ciphertext": "AwgAEnAkBmciEAyhh1j6DCk29UXJ7kv/kvayUNfuNT0iAioLxcXjFXOZ5ho3jF1/wrytlt0Lb298uMM67OxdVMi+/mMfYpwlvi07P9cIH6CMSj8tyhYoWl0SrKY6tkPf5GWOlRSRRKbziXa96FHXvnA3V2FCAIGtAe3G4ei5RPbhkmKAFBLAen33/D6MjJVqU8Ojr5vTkgls5eyirarlVpsmnH06alDaxO8avrU0NL+Vsw26xvlUQgEMOnUJ",
+        "session_id": "ipdI6Zs/7DzFTEhiA2iGaMDfHkIYCleqXT6L+5e1/co",
+        "device_id": "TEST_DEVICE"
+    },
+    "event_id": "$event1",
+    "origin_server_ts": 1507753886000
+};
+
+// Bob data
+
+export const BOB_TEST_USER_ID = "@bob:xyz";
+export const BOB_TEST_DEVICE_ID = "bob_device";
+export const BOB_TEST_ROOM_ID = "!room:id";
+
+/** The base64-encoded public ed25519 key for this device */
+export const BOB_TEST_DEVICE_PUBLIC_ED25519_KEY_BASE64 = "jmY0h8QS6Te6gxyjOmMc0eKOqmbAtXpVo4CCWFubk50";
+
+/** Signed device data, suitable for returning from a `/keys/query` call */
+export const BOB_SIGNED_TEST_DEVICE_DATA: IDeviceKeys = {
+    "algorithms": [
+        "m.olm.v1.curve25519-aes-sha2",
+        "m.megolm.v1.aes-sha2"
+    ],
+    "device_id": "bob_device",
+    "keys": {
+        "curve25519:bob_device": "F4uCNNlcbRvc7CfBz95ZGWBvY1ALniG1J8+6rhVoKS0",
+        "ed25519:bob_device": "jmY0h8QS6Te6gxyjOmMc0eKOqmbAtXpVo4CCWFubk50"
+    },
+    "user_id": "@bob:xyz",
+    "signatures": {
+        "@bob:xyz": {
+            "ed25519:bob_device": "4ApBs9jaeGyfdYaWRUdBvQAkDyXjACJ9KJ0xLHMgiFT/1yo6VqPTx2iziKGnrBiGhbtKNxEhDPOvZZkBU73cDQ"
+        }
+    }
+};
+
+/** base64-encoded public master cross-signing key */
+export const BOB_MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "KKVOHOB2LsW7hFJwqyzXpA+vp7u5+gaMWUJvBS7mjuA";
+
+/** base64-encoded private master cross-signing key */
+export const BOB_MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "RG95b3VzcGVha3doYWFhYWFhYWFhYWFhYWFhYWFhbGU";
+
+/** base64-encoded public self cross-signing key */
+export const BOB_SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "DaScI3WulBvDjf/d2vdyP5Cgjdypn1c/PSDX23MgN+A";
+
+/** base64-encoded private self signing cross-signing key */
+export const BOB_SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "U2VsZnNlbGZzZWxmc2VsZnNlbGZzZWxmc2VsZnNlbGY";
+
+/** base64-encoded public user cross-signing key */
+export const BOB_USER_CROSS_SIGNING_PUBLIC_KEY_BASE64 = "lXP89FP6zvFH9TSbU1S8uSdAsVawm1NmV6z+Rfr3lEw";
+
+/** base64-encoded private user signing cross-signing key */
+export const BOB_USER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "VXNlcnVzZXJ1c2VydXNlcnVzZXJ1c2VydXNlcnVzZXI";
+
+/** Signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
+export const BOB_SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
+    "master_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:KKVOHOB2LsW7hFJwqyzXpA+vp7u5+gaMWUJvBS7mjuA": "KKVOHOB2LsW7hFJwqyzXpA+vp7u5+gaMWUJvBS7mjuA"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "master"
+            ]
+        }
+    },
+    "self_signing_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:DaScI3WulBvDjf/d2vdyP5Cgjdypn1c/PSDX23MgN+A": "DaScI3WulBvDjf/d2vdyP5Cgjdypn1c/PSDX23MgN+A"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "self_signing"
+            ],
+            "signatures": {
+                "@bob:xyz": {
+                    "ed25519:KKVOHOB2LsW7hFJwqyzXpA+vp7u5+gaMWUJvBS7mjuA": "RxM8iJU6ZkyzQSVtNnXIJMPyEahVsN+fQQTBNKAs+kqySFyXBgchx+8czZaAhJCpXh9gD1nskT4yyFd2eyUXBw"
+                }
+            }
+        }
+    },
+    "user_signing_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:lXP89FP6zvFH9TSbU1S8uSdAsVawm1NmV6z+Rfr3lEw": "lXP89FP6zvFH9TSbU1S8uSdAsVawm1NmV6z+Rfr3lEw"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "user_signing"
+            ],
+            "signatures": {
+                "@bob:xyz": {
+                    "ed25519:KKVOHOB2LsW7hFJwqyzXpA+vp7u5+gaMWUJvBS7mjuA": "jF8fvnPZulrPyh/4E8dNDVBP3iHHl9bRc+rRArVyGzoom+uVrokOck7BN2YmPyCRFZJJx7fgRA1Bveyu+mTVAg"
+                }
+            }
+        }
+    }
+};
+
+/** Signed OTKs, returned by `POST /keys/claim` */
+export const BOB_ONE_TIME_KEYS = {
+    "@bob:xyz": {
+        "bob_device": {
+            "signed_curve25519:AAAAHQ": {
+                "key": "j3fR3HemM16M7CWhoI4Sk5ZsdmdfQHsKL1xuSft6MSw",
+                "signatures": {
+                    "@bob:xyz": {
+                        "ed25519:bob_device": "dlZc9VA/hP980Mxvu9qwi0qJx8VK7sADGOM48CE01YM7K/Mbty9lis/QjtQAWqDg371QyynVRjEzt9qj7eSFCg"
+                    }
+                }
+            }
+        }
+    }
+};
+
+/** base64-encoded backup decryption (private) key */
+export const BOB_BACKUP_DECRYPTION_KEY_BASE64 = "DwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
+
+/** Backup decryption key in export format */
+export const BOB_BACKUP_DECRYPTION_KEY_BASE58 = "EsT5 Sd5m mEXs NQYE ibRe 3q9E 4aXW rHih 5f9J 6rU6 AfwY mASR";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
+export const BOB_SIGNED_BACKUP_DATA: KeyBackupInfo = {
+    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+    "version": "1",
+    "auth_data": {
+        "public_key": "ZRuVWcWlDuvOwZRygccUCD4Avtnt130800I+WQNwwRY",
+        "signatures": {
+            "@bob:xyz": {
+                "ed25519:bob_device": "lDIMj3VC0WazE2FamGHpmbiqKf9Z4pO4qapZ5TL5BnD3c+dvb+2waOEd6pgay/pmrQ6MW4Eu2KDEpe1fnHc3BA"
+            }
+        }
+    }
+};
+
+/** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
+export const BOB_MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
+    {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": "FOvlmz18LLI3k/llCpqRoKT90+gFF8YhuL+v1YBXHlw",
+        "session_id": "/2K+V777vipCxPZ0gpY9qcpz1DYaXwuMRIu0UEP0Wa0",
+        "session_key": "AQAAAAAclzWVMeWBKH+B/WMowa3rb4ma3jEl6n5W4GCs9ue65CruzD3ihX+85pZ9hsV9Bf6fvhjp76WNRajoJYX0UIt7aosjmu0i+H+07hEQ0zqTKpVoSH0ykJ6stAMhdr6Q4uW5crBmdTTBIsqmoWsNJZKKoE2+ldYrZ1lrFeaJbjBIY/9ivle++74qQsT2dIKWPanKc9Q2Gl8LjESLtFBD9Fmt",
+        "sender_claimed_keys": {
+            "ed25519": "F4P7f1Z0RjbiZMgHk1xBCG3KC4/Ng9PmxLJ4hQ13sHA"
+        },
+        "forwarding_curve25519_key_chain": []
+    },
+    {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "room_id": "!room:id",
+        "sender_key": "FOvlmz18LLI3k/llCpqRoKT90+gFF8YhuL+v1YBXHlw",
+        "session_id": "+07YOpSgdZ1X9le3n3NMByw0V1B0H0Djnbm76jgmWoo",
+        "session_key": "AQAAAAAjWfIMo9+BWS8IvhfsQuomxXXXGy11tJs0ej505xxd1RzOIP4ftq3MbZYsfH8kqSMBc2l1Ym2u3Dksv2/nR0zGQeNIgOxeMuwHU3Ry7+DdV1I96blPylVCCn/f5RAy6smKoaeylptPdXgVXmw3YBBUVYpHpm+xCIUUp9foAdb8hftO2DqUoHWdV/ZXt59zTAcsNFdQdB9A4525u+o4JlqK",
+        "sender_claimed_keys": {
+            "ed25519": "OsZMdC1gQ5nPr+L9tuT6xXsaFJkVPkgxP2FexHF1/QM"
+        },
+        "forwarding_curve25519_key_chain": []
+    }
+];
+
+/** An exported megolm session */
+export const BOB_MEGOLM_SESSION_DATA: IMegolmSessionData = {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "room_id": "!room:id",
+    "sender_key": "FOvlmz18LLI3k/llCpqRoKT90+gFF8YhuL+v1YBXHlw",
+    "session_id": "gywydBrIJcJWktC/ic3tunKZM1XZm1MpYiYtdbj8Rpc",
+    "session_key": "AQAAAADZJL7OdM/KHfPzXPZ3CtlLBIlzbwk06dnZTd3bvkcdP5u73rdmThBKdqGA4xzCyxZsHdYLZRrlmD3VwOmNfvWMqYdPxA1X0vs3d172y9EIG8i+N/skJxTRypcVSV9XoinBNIWr/gkyepuAKiQqemlc8J5amD9OkmbVkmnrxP1uyYMsMnQayCXCVpLQv4nN7bpymTNV2ZtTKWImLXW4/EaX",
+    "sender_claimed_keys": {
+        "ed25519": "zBdpQwWYyz1MkZuEUhXqcdMfUNN/B9psLFDDDTJOg64"
+    },
+    "forwarding_curve25519_key_chain": []
+};
+
+/** A ratcheted version of BOB_MEGOLM_SESSION_DATA */
+export const BOB_RATCHTED_MEGOLM_SESSION_DATA: IMegolmSessionData = {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "room_id": "!room:id",
+    "sender_key": "FOvlmz18LLI3k/llCpqRoKT90+gFF8YhuL+v1YBXHlw",
+    "session_id": "gywydBrIJcJWktC/ic3tunKZM1XZm1MpYiYtdbj8Rpc",
+    "session_key": "AQAAAAHZJL7OdM/KHfPzXPZ3CtlLBIlzbwk06dnZTd3bvkcdP5u73rdmThBKdqGA4xzCyxZsHdYLZRrlmD3VwOmNfvWMqYdPxA1X0vs3d172y9EIG8i+N/skJxTRypcVSV9Xoil2JdGx9oPqR0dFVh661Aqs86rJRbQ4IeRiuEm35VMxboMsMnQayCXCVpLQv4nN7bpymTNV2ZtTKWImLXW4/EaX",
+    "sender_claimed_keys": {
+        "ed25519": "zBdpQwWYyz1MkZuEUhXqcdMfUNN/B9psLFDDDTJOg64"
+    },
+    "forwarding_curve25519_key_chain": []
+};
+
+/** The key from BOB_MEGOLM_SESSION_DATA, encrypted for backup using `m.megolm_backup.v1.curve25519-aes-sha2` algorithm*/
+export const BOB_CURVE25519_KEY_BACKUP_DATA: KeyBackupSession = {
+    "first_message_index": 1,
+    "forwarded_count": 0,
+    "is_verified": false,
+    "session_data": {
+        "ciphertext": "d7UVOK17WEVky/8hK0h3HsTQrFMEbKbfqMcl2KtyTWcI9S5gGFWK9Git5BzVRxRggvxQ0c8PDfqL+dr3zHytAMW+71BJqIPQW910vV7SX3IcGylnoUcS3doVkJZiprXytXMP89AKcgv5Dj7mS2ZdvNGE+Atro74bzZ5yot5BrE0ZE5SjoUBPLaLMMu9HopLIV+qx01Rc3F0wmkocSPo51N0nv6wvO5Cst0FiOGHDK6r1pFlgDEJLmBkOyC4e8oMVbKTJzsSQVbJ8tJ37xuhI+T5P0ZlmiqKDqYRp8uh50w+txLEixYhEUunFgCTt1DAmiS9pLNYhLyl1ggwuQjzZe+AV6timbRxNJy18/AEcPomJw7z/pxYIiNLHRKOC13Wp8kGWx9cOgfMQ5KmBuLS8psGiLTBkfWPLOfNYqjbeqAR+OGZQoS6hUjbBYU7QuFa4FOYBHkNB2UqNsdsMb9qB/qs7QGTSb8Lok5YjW1c81BUpmIyKvuqnKma0MZskrpTYGQD2eJDABFCZwLFm+LgDyUTeSiV5xguYztLrHOk8LHKo9M8dIZgoBjeFVJxyjbcXKsVS3aQkMXKCrRlKLqhZTws/ZJwVfW9DbktZ9dT+tRZQvI7tjJofojcLX61AGJDnqUf5+2Gv1tEnmUI953gIzc8NlcFabPOsDsZEODt7MdOCTPT3w29umyhKbCsslpb64LoS/AB2QRPRCgkJS7snRA",
+        "ephemeral": "oO0VX84OUIzm2i/12zAhTWOZT5IFRH5mXaKZ8fXkCgU",
+        "mac": "lEfHlqfJQwU"
+    }
+};
+
+/** A test clear event */
+export const BOB_CLEAR_EVENT: Partial<IEvent> = {
+    "type": "m.room.message",
+    "room_id": "!room:id",
+    "sender": "@alice:localhost",
+    "content": {
+        "msgtype": "m.text",
+        "body": "Hello world"
+    }
+};
+
+/** The encrypted CLEAR_EVENT by MEGOLM_SESSION_DATA */
+export const BOB_ENCRYPTED_EVENT: Partial<IEvent> = {
+    "type": "m.room.encrypted",
+    "room_id": "!room:id",
+    "sender": "@alice:localhost",
+    "content": {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "sender_key": "FOvlmz18LLI3k/llCpqRoKT90+gFF8YhuL+v1YBXHlw",
+        "ciphertext": "AwgAEnA/mEqZm2lSrhoG11OpDqsohGSBJWsudbuoItLlivmpFZQHrKMbE6z/dhCTwUi76vwfRCtf4tyPMD845cqZH1nL0bowq3/awyzZ8Q263Y3WrLfkUTFBU6oPF/IULUFZZuw6kLdfd5g5+uigvqUhFFpICoj7KNHznv4sFNssd00/WgJquZ6PRt6e1v6ANFNiZPAwghIL+kBc6pb8i6MUWt9JnXilJhTqFDHdXiY4qkaKBWbwebC26PYM",
+        "session_id": "gywydBrIJcJWktC/ic3tunKZM1XZm1MpYiYtdbj8Rpc",
+        "device_id": "TEST_DEVICE"
+    },
+    "event_id": "$event1",
+    "origin_server_ts": 1507753886000
+};
+

spec/test-utils/test-utils.ts

@@ -6,9 +6,19 @@ import "../olm-loader";
 
 import { logger } from "../../src/logger";
 import { IContent, IEvent, IEventRelation, IUnsigned, MatrixEvent, MatrixEventEvent } from "../../src/models/event";
-import { ClientEvent, EventType, IPusher, MatrixClient, MsgType } from "../../src";
+import {
+    ClientEvent,
+    EventType,
+    IJoinedRoom,
+    IPusher,
+    ISyncResponse,
+    MatrixClient,
+    MsgType,
+    RelationType,
+} from "../../src";
 import { SyncState } from "../../src/sync";
 import { eventMapperFor } from "../../src/event-mapper";
+import { TEST_ROOM_ID } from "./test-data";
 
 /**
  * Return a promise that is resolved when the client next emits a
@@ -39,6 +49,62 @@ export function syncPromise(client: MatrixClient, count = 1): Promise<void> {
     });
 }
 
+/**
+ * Return a sync response which contains a single room (by default TEST_ROOM_ID), with the members given
+ * @param roomMembers
+ * @param roomId
+ *
+ * @returns the sync response
+ */
+export function getSyncResponse(roomMembers: string[], roomId = TEST_ROOM_ID): ISyncResponse {
+    const roomResponse: IJoinedRoom = {
+        summary: {
+            "m.heroes": [],
+            "m.joined_member_count": roomMembers.length,
+            "m.invited_member_count": roomMembers.length,
+        },
+        state: {
+            events: [
+                mkEventCustom({
+                    sender: roomMembers[0],
+                    type: "m.room.encryption",
+                    state_key: "",
+                    content: {
+                        algorithm: "m.megolm.v1.aes-sha2",
+                    },
+                }),
+            ],
+        },
+        timeline: {
+            events: [],
+            prev_batch: "",
+        },
+        ephemeral: { events: [] },
+        account_data: { events: [] },
+        unread_notifications: {},
+    };
+
+    for (let i = 0; i < roomMembers.length; i++) {
+        roomResponse.state.events.push(
+            mkMembershipCustom({
+                membership: "join",
+                sender: roomMembers[i],
+            }),
+        );
+    }
+
+    return {
+        next_batch: "1",
+        rooms: {
+            join: { [roomId]: roomResponse },
+            invite: {},
+            leave: {},
+            knock: {},
+        },
+        account_data: { events: [] },
+    };
+}
+
 /**
  * Create a spy for an object and automatically spy its methods.
  * @param constr - The class constructor (used with 'new')
@@ -249,6 +315,7 @@ export interface IMessageOpts {
     event?: boolean;
     relatesTo?: IEventRelation;
     ts?: number;
+    unsigned?: IUnsigned;
 }
 
 /**
@@ -258,6 +325,9 @@ export interface IMessageOpts {
  * @param opts.user - The user ID for the event.
  * @param opts.msg - Optional. The content.body for the event.
  * @param opts.event - True to make a MatrixEvent.
+ * @param opts.relatesTo - An IEventRelation relating this to another event.
+ * @param opts.ts - The timestamp of the event.
+ * @param opts.event - True to make a MatrixEvent.
  * @param client - If passed along with opts.event=true will be used to set up re-emitters.
  * @returns The event
  */
@@ -297,6 +367,7 @@ interface IReplyMessageOpts extends IMessageOpts {
  * @param opts.room - The room ID for the event.
  * @param opts.user - The user ID for the event.
  * @param opts.msg - Optional. The content.body for the event.
+ * @param opts.ts - The timestamp of the event.
  * @param opts.replyToMessage - The replied message
  * @param opts.event - True to make a MatrixEvent.
  * @param client - If passed along with opts.event=true will be used to set up re-emitters.
@@ -330,6 +401,73 @@ export function mkReplyMessage(
     return mkEvent(eventOpts, client);
 }
 
+/**
+ * Create a reaction event.
+ *
+ * @param target - the event we are reacting to.
+ * @param client - the MatrixClient
+ * @param userId - the userId of the sender
+ * @param roomId - the id of the room we are in
+ * @param ts - The timestamp of the event.
+ * @returns The event
+ */
+export function mkReaction(
+    target: MatrixEvent,
+    client: MatrixClient,
+    userId: string,
+    roomId: string,
+    ts?: number,
+): MatrixEvent {
+    return mkEvent(
+        {
+            event: true,
+            type: EventType.Reaction,
+            user: userId,
+            room: roomId,
+            content: {
+                "m.relates_to": {
+                    rel_type: RelationType.Annotation,
+                    event_id: target.getId()!,
+                    key: Math.random().toString(),
+                },
+            },
+            ts,
+        },
+        client,
+    );
+}
+
+export function mkEdit(
+    target: MatrixEvent,
+    client: MatrixClient,
+    userId: string,
+    roomId: string,
+    msg?: string,
+    ts?: number,
+) {
+    msg = msg ?? `Edit of ${target.getId()}`;
+    return mkEvent(
+        {
+            event: true,
+            type: EventType.RoomMessage,
+            user: userId,
+            room: roomId,
+            content: {
+                "body": `* ${msg}`,
+                "m.new_content": {
+                    body: msg,
+                },
+                "m.relates_to": {
+                    rel_type: RelationType.Replace,
+                    event_id: target.getId()!,
+                },
+            },
+            ts,
+        },
+        client,
+    );
+}
+
 /**
  * A mock implementation of webstorage
  */
@@ -375,24 +513,31 @@ export async function awaitDecryption(
     // already
     if (event.getClearContent() !== null) {
         if (waitOnDecryptionFailure && event.isDecryptionFailure()) {
-            logger.log(`${Date.now()} event ${event.getId()} got decryption error; waiting`);
+            logger.log(`${Date.now()}: event ${event.getId()} got decryption error; waiting`);
         } else {
             return event;
         }
     } else {
-        logger.log(`${Date.now()} event ${event.getId()} is not yet decrypted; waiting`);
+        logger.log(`${Date.now()}: event ${event.getId()} is not yet decrypted; waiting`);
     }
 
     return new Promise((resolve) => {
-        event.once(MatrixEventEvent.Decrypted, (ev) => {
-            logger.log(`${Date.now()} event ${event.getId()} now decrypted`);
-            resolve(ev);
-        });
+        if (waitOnDecryptionFailure) {
+            event.on(MatrixEventEvent.Decrypted, (ev, err) => {
+                logger.log(`${Date.now()}: MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
+                if (!err) {
+                    resolve(ev);
+                }
+            });
+        } else {
+            event.once(MatrixEventEvent.Decrypted, (ev, err) => {
+                logger.log(`${Date.now()}: MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
+                resolve(ev);
+            });
+        }
     });
 }
 
-export const emitPromise = (e: EventEmitter, k: string): Promise<any> => new Promise((r) => e.once(k, r));
-
 export const mkPusher = (extra: Partial<IPusher> = {}): IPusher => ({
     app_display_name: "app",
     app_id: "123",
@@ -415,3 +560,25 @@ CRYPTO_BACKENDS["rust-sdk"] = (client: MatrixClient) => client.initRustCrypto();
 if (global.Olm) {
     CRYPTO_BACKENDS["libolm"] = (client: MatrixClient) => client.initCrypto();
 }
+
+export const emitPromise = (e: EventEmitter, k: string): Promise<any> => new Promise((r) => e.once(k, r));
+
+/**
+ * Advance the fake timers in a loop until the given promise resolves or rejects.
+ *
+ * Returns the result of the promise.
+ *
+ * This can be useful when there are multiple steps in the code which require an iteration of the event loop.
+ */
+export async function advanceTimersUntil<T>(promise: Promise<T>): Promise<T> {
+    let resolved = false;
+    promise.finally(() => {
+        resolved = true;
+    });
+
+    while (!resolved) {
+        await jest.advanceTimersByTimeAsync(1);
+    }
+
+    return await promise;
+}

spec/test-utils/thread.ts

@@ -18,7 +18,7 @@ import { RelationType } from "../../src/@types/event";
 import { MatrixClient } from "../../src/client";
 import { MatrixEvent, MatrixEventEvent } from "../../src/models/event";
 import { Room } from "../../src/models/room";
-import { Thread } from "../../src/models/thread";
+import { Thread, THREAD_RELATION_TYPE } from "../../src/models/thread";
 import { mkMessage } from "./test-utils";
 
 export const makeThreadEvent = ({
@@ -34,7 +34,7 @@ export const makeThreadEvent = ({
         ...props,
         relatesTo: {
             event_id: rootEventId,
-            rel_type: "m.thread",
+            rel_type: THREAD_RELATION_TYPE.name,
             ["m.in_reply_to"]: {
                 event_id: replyToEventId,
             },
@@ -115,6 +115,26 @@ type MakeThreadProps = {
     ts?: number;
 };
 
+type MakeThreadResult = {
+    /**
+     * Thread model
+     */
+    thread: Thread;
+    /**
+     * Thread root event
+     */
+    rootEvent: MatrixEvent;
+    /**
+     * Events added to the thread
+     */
+    events: MatrixEvent[];
+};
+
+/**
+ * Starts a new thread in a room by creating a message as thread root.
+ * Also creates a Thread model and adds it to the room.
+ * Does not insert the messages into a timeline.
+ */
 export const mkThread = ({
     room,
     client,
@@ -122,7 +142,7 @@ export const mkThread = ({
     participantUserIds,
     length = 2,
     ts = 1,
-}: MakeThreadProps): { thread: Thread; rootEvent: MatrixEvent; events: MatrixEvent[] } => {
+}: MakeThreadProps): MakeThreadResult => {
     const { rootEvent, events } = makeThreadEvents({
         roomId: room.roomId,
         authorId,
@@ -137,7 +157,27 @@ export const mkThread = ({
         room?.reEmitter.reEmit(evt, [MatrixEventEvent.BeforeRedaction]);
     }
 
-    const thread = room.createThread(rootEvent.getId() ?? "", rootEvent, events, true);
+    const thread = room.createThread(rootEvent.getId() ?? "", rootEvent, [rootEvent, ...events], true);
 
     return { thread, rootEvent, events };
 };
+
+/**
+ * Create a thread, and make sure the events are added to the thread and the
+ * room's timeline as if they came in via sync.
+ *
+ * Note that mkThread doesn't actually add the events properly to the room.
+ */
+export const populateThread = ({
+    room,
+    client,
+    authorId,
+    participantUserIds,
+    length = 2,
+    ts = 1,
+}: MakeThreadProps): MakeThreadResult => {
+    const ret = mkThread({ room, client, authorId, participantUserIds, length, ts });
+    ret.thread.initialEventsFetched = true;
+    room.addLiveEvents(ret.events);
+    return ret;
+};

spec/test-utils/webrtc.ts

@@ -30,6 +30,7 @@ import {
     RoomState,
     RoomStateEvent,
     RoomStateEventHandlerMap,
+    SendToDeviceContentMap,
 } from "../../src";
 import { TypedEventEmitter } from "../../src/models/typed-event-emitter";
 import { ReEmitter } from "../../src/ReEmitter";
@@ -122,6 +123,7 @@ export class MockRTCPeerConnection {
     public iceCandidateListener?: (e: RTCPeerConnectionIceEvent) => void;
     public iceConnectionStateChangeListener?: () => void;
     public onTrackListener?: (e: RTCTrackEvent) => void;
+    public onDataChannelListener?: (ev: RTCDataChannelEvent) => void;
     public needsNegotiation = false;
     public readyToNegotiate: Promise<void>;
     private onReadyToNegotiate?: () => void;
@@ -167,6 +169,8 @@ export class MockRTCPeerConnection {
             this.iceConnectionStateChangeListener = listener;
         } else if (type == "track") {
             this.onTrackListener = listener;
+        } else if (type == "datachannel") {
+            this.onDataChannelListener = listener;
         }
     }
     public createDataChannel(label: string, opts: RTCDataChannelInit) {
@@ -231,6 +235,12 @@ export class MockRTCPeerConnection {
             this.negotiationNeededListener();
         }
     }
+
+    public triggerIncomingDataChannel(): void {
+        this.onDataChannelListener?.({ channel: {} } as RTCDataChannelEvent);
+    }
+
+    public restartIce(): void {}
 }
 
 export class MockRTCRtpSender {
@@ -443,13 +453,13 @@ export class MockCallMatrixClient extends TypedEventEmitter<EmittedEvents, Emitt
     >();
     public sendToDevice = jest.fn<
         Promise<{}>,
-        [
-            eventType: string,
-            contentMap: { [userId: string]: { [deviceId: string]: Record<string, any> } },
-            txnId?: string,
-        ]
+        [eventType: string, contentMap: SendToDeviceContentMap, txnId?: string]
     >();
 
+    public isInitialSyncComplete(): boolean {
+        return false;
+    }
+
     public getMediaHandler(): MediaHandler {
         return this.mediaHandler.typed();
     }
@@ -475,6 +485,7 @@ export class MockCallMatrixClient extends TypedEventEmitter<EmittedEvents, Emitt
 
     public getRooms = jest.fn<Room[], []>().mockReturnValue([]);
     public getRoom = jest.fn();
+    public getFoci = jest.fn();
 
     public supportsThreads(): boolean {
         return true;
@@ -498,18 +509,22 @@ export class MockMatrixCall extends TypedEventEmitter<CallEvent, CallEventHandle
     public state = CallState.Ringing;
     public opponentUserId = FAKE_USER_ID_1;
     public opponentDeviceId = FAKE_DEVICE_ID_1;
+    public opponentSessionId = FAKE_SESSION_ID_1;
     public opponentMember = { userId: this.opponentUserId };
     public callId = "1";
     public localUsermediaFeed = {
         setAudioVideoMuted: jest.fn<void, [boolean, boolean]>(),
+        isAudioMuted: jest.fn().mockReturnValue(false),
+        isVideoMuted: jest.fn().mockReturnValue(false),
         stream: new MockMediaStream("stream"),
-    };
+    } as unknown as CallFeed;
     public remoteUsermediaFeed?: CallFeed;
     public remoteScreensharingFeed?: CallFeed;
 
     public reject = jest.fn<void, []>();
     public answerWithCallFeeds = jest.fn<void, [CallFeed[]]>();
     public hangup = jest.fn<void, []>();
+    public initStats = jest.fn<void, []>();
 
     public sendMetadataUpdate = jest.fn<void, []>();
 
@@ -521,6 +536,14 @@ export class MockMatrixCall extends TypedEventEmitter<CallEvent, CallEventHandle
         return this.opponentDeviceId;
     }
 
+    public getOpponentSessionId(): string | undefined {
+        return this.opponentSessionId;
+    }
+
+    public getLocalFeeds(): CallFeed[] {
+        return [this.localUsermediaFeed];
+    }
+
     public typed(): MatrixCall {
         return this as unknown as MatrixCall;
     }
@@ -581,6 +604,7 @@ export function makeMockGroupCallStateEvent(
         "m.type": GroupCallType.Video,
         "m.intent": GroupCallIntent.Prompt,
     },
+    redacted?: boolean,
 ): MatrixEvent {
     return {
         getType: jest.fn().mockReturnValue(EventType.GroupCallPrefix),
@@ -588,6 +612,7 @@ export function makeMockGroupCallStateEvent(
         getTs: jest.fn().mockReturnValue(0),
         getContent: jest.fn().mockReturnValue(content),
         getStateKey: jest.fn().mockReturnValue(groupCallId),
+        isRedacted: jest.fn().mockReturnValue(redacted ?? false),
     } as unknown as MatrixEvent;
 }
 
@@ -600,3 +625,199 @@ export function makeMockGroupCallMemberStateEvent(roomId: string, groupCallId: s
         getStateKey: jest.fn().mockReturnValue(groupCallId),
     } as unknown as MatrixEvent;
 }
+
+export const REMOTE_SFU_DESCRIPTION =
+    "v=0\n" +
+    "o=- 3242942315779688438 1678878001 IN IP4 0.0.0.0\n" +
+    "s=-\n" +
+    "t=0 0\n" +
+    "a=fingerprint:sha-256 EA:30:B2:7F:49:B5:46:D6:40:72:BF:79:95:C1:65:08:6E:35:09:FB:90:89:DA:EF:6B:82:D1:38:8C:25:39:B2\n" +
+    "a=group:BUNDLE 0 1 2\n" +
+    "m=audio 9 UDP/TLS/RTP/SAVPF 111 9 0 8\n" +
+    "c=IN IP4 0.0.0.0\n" +
+    "a=setup:actpass\n" +
+    "a=mid:0\n" +
+    "a=ice-ufrag:obZwzAcRtxwuozPZ\n" +
+    "a=ice-pwd:TWXNaPeyKTTvRLyIQhWHfHlZHJjtcoKs\n" +
+    "a=rtcp-mux\n" +
+    "a=rtcp-rsize\n" +
+    "a=rtpmap:111 opus/48000/2\n" +
+    "a=fmtp:111 minptime=10;usedtx=1;useinbandfec=1\n" +
+    "a=rtcp-fb:111 transport-cc \n" +
+    "a=rtpmap:9 G722/8000\n" +
+    "a=rtpmap:0 PCMU/8000\n" +
+    "a=rtpmap:8 PCMA/8000\n" +
+    "a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01\n" +
+    "a=ssrc:2963372119 cname:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90\n" +
+    "a=ssrc:2963372119 msid:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90 4b811ab6-6926-473d-8ca5-ac45f268c507\n" +
+    "a=ssrc:2963372119 mslabel:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90\n" +
+    "a=ssrc:2963372119 label:4b811ab6-6926-473d-8ca5-ac45f268c507\n" +
+    "a=msid:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90 4b811ab6-6926-473d-8ca5-ac45f268c507\n" +
+    "a=sendrecv\n" +
+    "a=candidate:1155505470 1 udp 2130706431 13.41.173.213 41385 typ host\n" +
+    "a=candidate:1155505470 2 udp 2130706431 13.41.173.213 41385 typ host\n" +
+    "a=candidate:1155505470 1 udp 2130706431 13.41.173.213 40026 typ host\n" +
+    "a=candidate:1155505470 2 udp 2130706431 13.41.173.213 40026 typ host\n" +
+    "a=end-of-candidates\n" +
+    "m=video 9 UDP/TLS/RTP/SAVPF 96 97 102 103 104 106 108 109 98 99 112 116\n" +
+    "c=IN IP4 0.0.0.0\n" +
+    "a=setup:actpass\n" +
+    "a=mid:1\n" +
+    "a=ice-ufrag:obZwzAcRtxwuozPZ\n" +
+    "a=ice-pwd:TWXNaPeyKTTvRLyIQhWHfHlZHJjtcoKs\n" +
+    "a=rtcp-mux\n" +
+    "a=rtcp-rsize\n" +
+    "a=rtpmap:96 VP8/90000\n" +
+    "a=rtcp-fb:96 goog-remb \n" +
+    "a=rtcp-fb:96 transport-cc \n" +
+    "a=rtcp-fb:96 ccm fir\n" +
+    "a=rtcp-fb:96 nack \n" +
+    "a=rtcp-fb:96 nack pli\n" +
+    "a=rtpmap:97 rtx/90000\n" +
+    "a=fmtp:97 apt=96\n" +
+    "a=rtpmap:102 H264/90000\n" +
+    "a=fmtp:102 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42001f\n" +
+    "a=rtcp-fb:102 goog-remb \n" +
+    "a=rtcp-fb:102 transport-cc \n" +
+    "a=rtcp-fb:102 ccm fir\n" +
+    "a=rtcp-fb:102 nack \n" +
+    "a=rtcp-fb:102 nack pli\n" +
+    "a=rtpmap:103 rtx/90000\n" +
+    "a=fmtp:103 apt=102\n" +
+    "a=rtpmap:104 H264/90000\n" +
+    "a=fmtp:104 level-asymmetry-allowed=1;packetization-mode=0;profile-level-id=42001f\n" +
+    "a=rtcp-fb:104 goog-remb \n" +
+    "a=rtcp-fb:104 transport-cc \n" +
+    "a=rtcp-fb:104 ccm fir\n" +
+    "a=rtcp-fb:104 nack \n" +
+    "a=rtcp-fb:104 nack pli\n" +
+    "a=rtpmap:106 H264/90000\n" +
+    "a=fmtp:106 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=42e01f\n" +
+    "a=rtcp-fb:106 goog-remb \n" +
+    "a=rtcp-fb:106 transport-cc \n" +
+    "a=rtcp-fb:106 ccm fir\n" +
+    "a=rtcp-fb:106 nack \n" +
+    "a=rtcp-fb:106 nack pli\n" +
+    "a=rtpmap:108 H264/90000\n" +
+    "a=fmtp:108 level-asymmetry-allowed=1;packetization-mode=0;profile-level-id=42e01f\n" +
+    "a=rtcp-fb:108 goog-remb \n" +
+    "a=rtcp-fb:108 transport-cc \n" +
+    "a=rtcp-fb:108 ccm fir\n" +
+    "a=rtcp-fb:108 nack \n" +
+    "a=rtcp-fb:108 nack pli\n" +
+    "a=rtpmap:109 rtx/90000\n" +
+    "a=fmtp:109 apt=108\n" +
+    "a=rtpmap:98 VP9/90000\n" +
+    "a=fmtp:98 profile-id=0\n" +
+    "a=rtcp-fb:98 goog-remb \n" +
+    "a=rtcp-fb:98 transport-cc \n" +
+    "a=rtcp-fb:98 ccm fir\n" +
+    "a=rtcp-fb:98 nack \n" +
+    "a=rtcp-fb:98 nack pli\n" +
+    "a=rtpmap:99 rtx/90000\n" +
+    "a=fmtp:99 apt=98\n" +
+    "a=rtpmap:112 H264/90000\n" +
+    "a=fmtp:112 level-asymmetry-allowed=1;packetization-mode=1;profile-level-id=64001f\n" +
+    "a=rtcp-fb:112 goog-remb \n" +
+    "a=rtcp-fb:112 transport-cc \n" +
+    "a=rtcp-fb:112 ccm fir\n" +
+    "a=rtcp-fb:112 nack \n" +
+    "a=rtcp-fb:112 nack pli\n" +
+    "a=rtpmap:116 ulpfec/90000\n" +
+    "a=extmap:3 http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01\n" +
+    "a=extmap:4 urn:ietf:params:rtp-hdrext:sdes:mid\n" +
+    "a=extmap:10 urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id\n" +
+    "a=extmap:11 urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id\n" +
+    "a=rid:f recv\n" +
+    "a=rid:h recv\n" +
+    "a=rid:q recv\n" +
+    "a=simulcast:recv f;h;q\n" +
+    "a=ssrc:1212931603 cname:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90\n" +
+    "a=ssrc:1212931603 msid:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90 12905f48-75b9-499f-ba50-fc00f56a86c6\n" +
+    "a=ssrc:1212931603 mslabel:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90\n" +
+    "a=ssrc:1212931603 label:12905f48-75b9-499f-ba50-fc00f56a86c6\n" +
+    "a=msid:dcc3a6d5-37a1-42e7-94a9-d520f20d0c90 12905f48-75b9-499f-ba50-fc00f56a86c6\n" +
+    "a=sendrecv\n" +
+    "m=application 9 UDP/DTLS/SCTP webrtc-datachannel\n" +
+    "c=IN IP4 0.0.0.0\n" +
+    "a=setup:actpass\n" +
+    "a=mid:2\n" +
+    "a=sendrecv\n" +
+    "a=sctp-port:5000\n" +
+    "a=ice-ufrag:obZwzAcRtxwuozPZ\n" +
+    "a=ice-pwd:TWXNaPeyKTTvRLyIQhWHfHlZHJjtcoKs";
+
+export const groupCallParticipantsFourOtherDevices = new Map([
+    [
+        new RoomMember("roomId0", "user1"),
+        new Map([
+            [
+                "deviceId0",
+                {
+                    sessionId: "0",
+                    screensharing: false,
+                },
+            ],
+            [
+                "deviceId1",
+                {
+                    sessionId: "1",
+                    screensharing: false,
+                },
+            ],
+            [
+                "deviceId2",
+                {
+                    sessionId: "2",
+                    screensharing: false,
+                },
+            ],
+        ]),
+    ],
+    [
+        new RoomMember("roomId0", "user2"),
+        new Map([
+            [
+                "deviceId3",
+                {
+                    sessionId: "0",
+                    screensharing: false,
+                },
+            ],
+            [
+                "deviceId4",
+                {
+                    sessionId: "1",
+                    screensharing: false,
+                },
+            ],
+        ]),
+    ],
+]);
+
+export const groupCallParticipantsOneOtherDevice = new Map([
+    [
+        new RoomMember("roomId1", "thisMember"),
+        new Map([
+            [
+                "deviceId0",
+                {
+                    sessionId: "0",
+                    screensharing: false,
+                },
+            ],
+        ]),
+    ],
+    [
+        new RoomMember("roomId1", "opponentMember"),
+        new Map([
+            [
+                "deviceId1",
+                {
+                    sessionId: "1",
+                    screensharing: false,
+                },
+            ],
+        ]),
+    ],
+]);

spec/unit/NamespacedValue.spec.ts

@@ -46,13 +46,7 @@ describe("NamespacedValue", () => {
     });
 
     it("should not permit falsey values for both parts", () => {
-        try {
-            new UnstableValue(null!, null!);
-            // noinspection ExceptionCaughtLocallyJS
-            throw new Error("Failed to fail");
-        } catch (e) {
-            expect((<Error>e).message).toBe("One of stable or unstable values must be supplied");
-        }
+        expect(() => new UnstableValue(null!, null!)).toThrow("One of stable or unstable values must be supplied");
     });
 });
 
@@ -72,12 +66,6 @@ describe("UnstableValue", () => {
     });
 
     it("should not permit falsey unstable values", () => {
-        try {
-            new UnstableValue("stable", null!);
-            // noinspection ExceptionCaughtLocallyJS
-            throw new Error("Failed to fail");
-        } catch (e) {
-            expect((<Error>e).message).toBe("Unstable value must be supplied");
-        }
+        expect(() => new UnstableValue("stable", null!)).toThrow("Unstable value must be supplied");
     });
 });

spec/unit/ToDeviceMessageQueue.spec.ts

@@ -5,6 +5,7 @@ import { getMockClientWithEventEmitter } from "../test-utils/client";
 import { StubStore } from "../../src/store/stub";
 import { IndexedToDeviceBatch } from "../../src/models/ToDeviceMessage";
 import { SyncState } from "../../src/sync";
+import { defer } from "../../src/utils";
 
 describe("onResumedSync", () => {
     let batch: IndexedToDeviceBatch | null;
@@ -58,7 +59,9 @@ describe("onResumedSync", () => {
         queue = new ToDeviceMessageQueue(mockClient);
     });
 
-    it("resends queue after connectivity restored", (done) => {
+    it("resends queue after connectivity restored", async () => {
+        const deferred = defer();
+
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
             expect(store.removeToDeviceBatch).not.toHaveBeenCalled();
@@ -70,26 +73,32 @@ describe("onResumedSync", () => {
         onSendToDeviceSuccess = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(3);
             expect(store.removeToDeviceBatch).toHaveBeenCalled();
-            done();
+            deferred.resolve();
         };
 
         queue.start();
+        return deferred.promise;
     });
 
-    it("does not resend queue if client sync still catching up", (done) => {
+    it("does not resend queue if client sync still catching up", async () => {
+        const deferred = defer();
+
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
             expect(store.removeToDeviceBatch).not.toHaveBeenCalled();
 
             resumeSync(SyncState.Catchup, SyncState.Catchup);
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
-            done();
+            deferred.resolve();
         };
 
         queue.start();
+        return deferred.promise;
     });
 
-    it("does not resend queue if connectivity restored after queue stopped", (done) => {
+    it("does not resend queue if connectivity restored after queue stopped", async () => {
+        const deferred = defer();
+
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
             expect(store.removeToDeviceBatch).not.toHaveBeenCalled();
@@ -98,9 +107,10 @@ describe("onResumedSync", () => {
 
             resumeSync(SyncState.Syncing, SyncState.Catchup);
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
-            done();
+            deferred.resolve();
         };
 
         queue.start();
+        return deferred.promise;
     });
 });

spec/unit/autodiscovery.spec.ts

@@ -15,9 +15,17 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+import fetchMock from "fetch-mock-jest";
 import MockHttpBackend from "matrix-mock-request";
 
+import { AutoDiscoveryAction, M_AUTHENTICATION } from "../../src";
 import { AutoDiscovery } from "../../src/autodiscovery";
+import { OidcError } from "../../src/oidc/error";
+import { makeDelegatedAuthConfig } from "../test-utils/oidc";
+
+// keep to reset the fetch function after using MockHttpBackend
+// @ts-ignore private property
+const realAutoDiscoveryFetch: typeof global.fetch = AutoDiscovery.fetchFn;
 
 describe("AutoDiscovery", function () {
     const getHttpBackend = (): MockHttpBackend => {
@@ -26,6 +34,10 @@ describe("AutoDiscovery", function () {
         return httpBackend;
     };
 
+    afterAll(() => {
+        AutoDiscovery.setFetchFn(realAutoDiscoveryFetch);
+    });
+
     it("should throw an error when no domain is specified", function () {
         getHttpBackend();
         return Promise.all([
@@ -339,7 +351,7 @@ describe("AutoDiscovery", function () {
         function () {
             const httpBackend = getHttpBackend();
             httpBackend.when("GET", "/_matrix/client/versions").respond(200, {
-                not_matrix_versions: ["r0.0.1"],
+                not_matrix_versions: ["v1.1"],
             });
             httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
                 "m.homeserver": {
@@ -368,7 +380,7 @@ describe("AutoDiscovery", function () {
         },
     );
 
-    it("should return SUCCESS when .well-known has a verifiably accurate base_url for " + "m.homeserver", function () {
+    it("should return SUCCESS when .well-known has a verifiably accurate base_url for m.homeserver", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -376,7 +388,7 @@ describe("AutoDiscovery", function () {
                 expect(req.path).toEqual("https://example.org/_matrix/client/versions");
             })
             .respond(200, {
-                versions: ["r0.0.1"],
+                versions: ["v1.1"],
             });
         httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
             "m.homeserver": {
@@ -397,6 +409,10 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: null,
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -412,7 +428,7 @@ describe("AutoDiscovery", function () {
                 expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
             })
             .respond(200, {
-                versions: ["r0.0.1"],
+                versions: ["v1.1"],
             });
         httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
             "m.homeserver": {
@@ -434,6 +450,54 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: null,
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcError.NotSupported,
+                    },
+                };
+
+                expect(conf).toEqual(expected);
+            }),
+        ]);
+    });
+
+    it("should return SUCCESS with authentication error when authentication config is invalid", function () {
+        const httpBackend = getHttpBackend();
+        httpBackend
+            .when("GET", "/_matrix/client/versions")
+            .check((req) => {
+                expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
+            })
+            .respond(200, {
+                versions: ["v1.1"],
+            });
+        httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
+            "m.homeserver": {
+                // Note: we also expect this test to trim the trailing slash
+                base_url: "https://chat.example.org/",
+            },
+            "m.authentication": {
+                invalid: true,
+            },
+        });
+        return Promise.all([
+            httpBackend.flushAllExpected(),
+            AutoDiscovery.findClientConfig("example.org").then((conf) => {
+                const expected = {
+                    "m.homeserver": {
+                        state: "SUCCESS",
+                        error: null,
+                        base_url: "https://chat.example.org",
+                    },
+                    "m.identity_server": {
+                        state: "PROMPT",
+                        error: null,
+                        base_url: null,
+                    },
+                    "m.authentication": {
+                        state: "FAIL_ERROR",
+                        error: OidcError.Misconfigured,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -451,7 +515,7 @@ describe("AutoDiscovery", function () {
                     expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
                 })
                 .respond(200, {
-                    versions: ["r0.0.1"],
+                    versions: ["v1.1"],
                 });
             httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
                 "m.homeserver": {
@@ -496,7 +560,7 @@ describe("AutoDiscovery", function () {
                     expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
                 })
                 .respond(200, {
-                    versions: ["r0.0.1"],
+                    versions: ["v1.1"],
                 });
             httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
                 "m.homeserver": {
@@ -542,7 +606,7 @@ describe("AutoDiscovery", function () {
                     expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
                 })
                 .respond(200, {
-                    versions: ["r0.0.1"],
+                    versions: ["v1.1"],
                 });
             httpBackend.when("GET", "/_matrix/identity/v2").respond(404, {});
             httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
@@ -589,7 +653,7 @@ describe("AutoDiscovery", function () {
                     expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
                 })
                 .respond(200, {
-                    versions: ["r0.0.1"],
+                    versions: ["v1.1"],
                 });
             httpBackend.when("GET", "/_matrix/identity/v2").respond(500, {});
             httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
@@ -625,7 +689,7 @@ describe("AutoDiscovery", function () {
         },
     );
 
-    it("should return SUCCESS when the identity server configuration is " + "verifiably accurate", function () {
+    it("should return SUCCESS when the identity server configuration is verifiably accurate", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -633,7 +697,7 @@ describe("AutoDiscovery", function () {
                 expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
             })
             .respond(200, {
-                versions: ["r0.0.1"],
+                versions: ["v1.1"],
             });
         httpBackend
             .when("GET", "/_matrix/identity/v2")
@@ -664,6 +728,10 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: "https://identity.example.org",
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -671,7 +739,7 @@ describe("AutoDiscovery", function () {
         ]);
     });
 
-    it("should return SUCCESS and preserve non-standard keys from the " + ".well-known response", function () {
+    it("should return SUCCESS and preserve non-standard keys from the .well-known response", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -679,7 +747,7 @@ describe("AutoDiscovery", function () {
                 expect(req.path).toEqual("https://chat.example.org/_matrix/client/versions");
             })
             .respond(200, {
-                versions: ["r0.0.1"],
+                versions: ["v1.1"],
             });
         httpBackend
             .when("GET", "/_matrix/identity/v2")
@@ -716,6 +784,10 @@ describe("AutoDiscovery", function () {
                     "org.example.custom.property": {
                         cupcakes: "yes",
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -794,4 +866,106 @@ describe("AutoDiscovery", function () {
             }),
         ]);
     });
+
+    it("should FAIL_ERROR for unsupported Matrix version", () => {
+        const httpBackend = getHttpBackend();
+        httpBackend.when("GET", "/.well-known/matrix/client").respond(200, {
+            "m.homeserver": {
+                base_url: "https://example.org",
+            },
+        });
+        httpBackend.when("GET", "/_matrix/client/versions").respond(200, {
+            versions: ["r0.6.0"],
+        });
+        return Promise.all([
+            httpBackend.flushAllExpected(),
+            AutoDiscovery.findClientConfig("example.org").then((conf) => {
+                const expected = {
+                    "m.homeserver": {
+                        state: AutoDiscoveryAction.FAIL_ERROR,
+                        error: AutoDiscovery.ERROR_HOMESERVER_TOO_OLD,
+                        base_url: "https://example.org",
+                    },
+                    "m.identity_server": {
+                        state: "PROMPT",
+                        error: null,
+                        base_url: null,
+                    },
+                };
+
+                expect(conf).toEqual(expected);
+            }),
+        ]);
+    });
+
+    describe("m.authentication", () => {
+        const homeserverName = "example.org";
+        const homeserverUrl = "https://chat.example.org/";
+        const issuer = "https://auth.org/";
+
+        beforeAll(() => {
+            // make these tests independent from fetch mocking above
+            AutoDiscovery.setFetchFn(realAutoDiscoveryFetch);
+        });
+
+        beforeEach(() => {
+            fetchMock.resetBehavior();
+            fetchMock.get(`${homeserverUrl}_matrix/client/versions`, { versions: ["v1.1"] });
+
+            fetchMock.get("https://example.org/.well-known/matrix/client", {
+                "m.homeserver": {
+                    // Note: we also expect this test to trim the trailing slash
+                    base_url: "https://chat.example.org/",
+                },
+                "m.authentication": {
+                    issuer,
+                },
+            });
+        });
+
+        it("should return valid authentication configuration", async () => {
+            const config = makeDelegatedAuthConfig(issuer);
+
+            fetchMock.get(`${config.metadata.issuer}.well-known/openid-configuration`, config.metadata);
+            fetchMock.get(`${config.metadata.issuer}jwks`, {
+                status: 200,
+                headers: {
+                    "Content-Type": "application/json",
+                },
+                keys: [],
+            });
+
+            const result = await AutoDiscovery.findClientConfig(homeserverName);
+
+            expect(result[M_AUTHENTICATION.stable!]).toEqual({
+                state: AutoDiscovery.SUCCESS,
+                ...config,
+                signingKeys: [],
+                account: undefined,
+                error: null,
+            });
+        });
+
+        it("should set state to error for invalid authentication configuration", async () => {
+            const config = makeDelegatedAuthConfig(issuer);
+            // authorization_code is required
+            config.metadata.grant_types_supported = ["openid"];
+
+            fetchMock.get(`${config.metadata.issuer}.well-known/openid-configuration`, config.metadata);
+            fetchMock.get(`${config.metadata.issuer}jwks`, {
+                status: 200,
+                headers: {
+                    "Content-Type": "application/json",
+                },
+                keys: [],
+            });
+
+            const result = await AutoDiscovery.findClientConfig(homeserverName);
+
+            expect(result[M_AUTHENTICATION.stable!]).toEqual({
+                state: AutoDiscovery.FAIL_ERROR,
+                error: OidcError.OpSupport,
+            });
+        });
+    });
 });

spec/unit/base64.spec.ts

@@ -0,0 +1,88 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { TextEncoder, TextDecoder } from "util";
+import NodeBuffer from "node:buffer";
+
+import { decodeBase64, encodeBase64, encodeUnpaddedBase64, encodeUnpaddedBase64Url } from "../../src/base64";
+
+describe.each(["browser", "node"])("Base64 encoding (%s)", (env) => {
+    let origBuffer = Buffer;
+
+    beforeAll(() => {
+        if (env === "browser") {
+            origBuffer = Buffer;
+            // @ts-ignore
+            // eslint-disable-next-line no-global-assign
+            Buffer = undefined;
+
+            global.atob = NodeBuffer.atob;
+            global.btoa = NodeBuffer.btoa;
+        }
+    });
+
+    afterAll(() => {
+        // eslint-disable-next-line no-global-assign
+        Buffer = origBuffer;
+        // @ts-ignore
+        global.atob = undefined;
+        // @ts-ignore
+        global.btoa = undefined;
+    });
+
+    it("Should decode properly encoded data", () => {
+        const decoded = new TextDecoder().decode(decodeBase64("ZW5jb2RpbmcgaGVsbG8gd29ybGQ="));
+
+        expect(decoded).toStrictEqual("encoding hello world");
+    });
+
+    it("Should encode unpadded URL-safe base64", () => {
+        const toEncode = "?????";
+        const data = new TextEncoder().encode(toEncode);
+
+        const encoded = encodeUnpaddedBase64Url(data);
+        expect(encoded).toEqual("Pz8_Pz8");
+    });
+
+    it("Should decode URL-safe base64", () => {
+        const decoded = new TextDecoder().decode(decodeBase64("Pz8_Pz8="));
+
+        expect(decoded).toStrictEqual("?????");
+    });
+
+    it("Encode unpadded should not have padding", () => {
+        const toEncode = "encoding hello world";
+        const data = new TextEncoder().encode(toEncode);
+
+        const paddedEncoded = encodeBase64(data);
+        const unpaddedEncoded = encodeUnpaddedBase64(data);
+
+        expect(paddedEncoded).not.toEqual(unpaddedEncoded);
+
+        const padding = paddedEncoded.charAt(paddedEncoded.length - 1);
+        expect(padding).toStrictEqual("=");
+    });
+
+    it("Decode should be indifferent to padding", () => {
+        const withPadding = "ZW5jb2RpbmcgaGVsbG8gd29ybGQ=";
+        const withoutPadding = "ZW5jb2RpbmcgaGVsbG8gd29ybGQ";
+
+        const decodedPad = decodeBase64(withPadding);
+        const decodedNoPad = decodeBase64(withoutPadding);
+
+        expect(decodedPad).toStrictEqual(decodedNoPad);
+    });
+});

spec/unit/content-repo.spec.ts

@@ -33,7 +33,7 @@ describe("ContentRepo", function () {
         it("should return a download URL if no width/height/resize are specified", function () {
             const mxcUri = "mxc://server.name/resourceid";
             expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual(
-                baseUrl + "/_matrix/media/r0/download/server.name/resourceid",
+                baseUrl + "/_matrix/media/v3/download/server.name/resourceid",
             );
         });
 
@@ -44,21 +44,21 @@ describe("ContentRepo", function () {
         it("should return a thumbnail URL if a width/height/resize is specified", function () {
             const mxcUri = "mxc://server.name/resourceid";
             expect(getHttpUriForMxc(baseUrl, mxcUri, 32, 64, "crop")).toEqual(
-                baseUrl + "/_matrix/media/r0/thumbnail/server.name/resourceid" + "?width=32&height=64&method=crop",
+                baseUrl + "/_matrix/media/v3/thumbnail/server.name/resourceid" + "?width=32&height=64&method=crop",
             );
         });
 
         it("should put fragments from mxc:// URIs after any query parameters", function () {
             const mxcUri = "mxc://server.name/resourceid#automade";
             expect(getHttpUriForMxc(baseUrl, mxcUri, 32)).toEqual(
-                baseUrl + "/_matrix/media/r0/thumbnail/server.name/resourceid" + "?width=32#automade",
+                baseUrl + "/_matrix/media/v3/thumbnail/server.name/resourceid" + "?width=32#automade",
             );
         });
 
         it("should put fragments from mxc:// URIs at the end of the HTTP URI", function () {
             const mxcUri = "mxc://server.name/resourceid#automade";
             expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual(
-                baseUrl + "/_matrix/media/r0/download/server.name/resourceid#automade",
+                baseUrl + "/_matrix/media/v3/download/server.name/resourceid#automade",
             );
         });
     });

spec/unit/crypto.spec.ts

@@ -15,11 +15,16 @@ import { sleep } from "../../src/utils";
 import { CRYPTO_ENABLED } from "../../src/client";
 import { DeviceInfo } from "../../src/crypto/deviceinfo";
 import { logger } from "../../src/logger";
-import { MemoryStore } from "../../src";
+import { DeviceVerification, MemoryStore } from "../../src";
 import { RoomKeyRequestState } from "../../src/crypto/OutgoingRoomKeyRequestManager";
 import { RoomMember } from "../../src/models/room-member";
 import { IStore } from "../../src/store";
 import { IRoomEncryption, RoomList } from "../../src/crypto/RoomList";
+import { EventShieldColour, EventShieldReason } from "../../src/crypto-api";
+import { UserTrustLevel } from "../../src/crypto/CrossSigning";
+import { CryptoBackend } from "../../src/common-crypto/CryptoBackend";
+import { EventDecryptionResult } from "../../src/common-crypto/CryptoBackend";
+import * as testData from "../test-utils/test-data";
 
 const Olm = global.Olm;
 
@@ -110,14 +115,25 @@ describe("Crypto", function () {
         expect(Crypto.getOlmVersion()[0]).toEqual(3);
     });
 
+    it("getVersion() should return the current version of the olm library", async () => {
+        const client = new TestClient("@alice:example.com", "deviceid").client;
+        await client.initCrypto();
+
+        const olmVersionTuple = Crypto.getOlmVersion();
+        expect(client.getCrypto()?.getVersion()).toBe(
+            `Olm ${olmVersionTuple[0]}.${olmVersionTuple[1]}.${olmVersionTuple[2]}`,
+        );
+    });
+
     describe("encrypted events", function () {
-        it("provides encryption information", async function () {
+        it("provides encryption information for events from unverified senders", async function () {
             const client = new TestClient("@alice:example.com", "deviceid").client;
             await client.initCrypto();
 
             // unencrypted event
             const event = {
                 getId: () => "$event_id",
+                getSender: () => "@bob:example.com",
                 getSenderKey: () => null,
                 getWireContent: () => {
                     return {};
@@ -127,6 +143,8 @@ describe("Crypto", function () {
             let encryptionInfo = client.getEventEncryptionInfo(event);
             expect(encryptionInfo.encrypted).toBeFalsy();
 
+            expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toBe(null);
+
             // unknown sender (e.g. deleted device), forwarded megolm key (untrusted)
             event.getSenderKey = () => "YmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmI";
             event.getWireContent = () => {
@@ -141,6 +159,11 @@ describe("Crypto", function () {
             expect(encryptionInfo.authenticated).toBeFalsy();
             expect(encryptionInfo.sender).toBeFalsy();
 
+            expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                shieldColour: EventShieldColour.GREY,
+                shieldReason: EventShieldReason.AUTHENTICITY_NOT_GUARANTEED,
+            });
+
             // known sender, megolm key from backup
             event.getForwardingCurve25519KeyChain = () => [];
             event.isKeySourceUntrusted = () => true;
@@ -155,6 +178,11 @@ describe("Crypto", function () {
             expect(encryptionInfo.sender).toBeTruthy();
             expect(encryptionInfo.mismatchedSender).toBeFalsy();
 
+            expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                shieldColour: EventShieldColour.GREY,
+                shieldReason: EventShieldReason.AUTHENTICITY_NOT_GUARANTEED,
+            });
+
             // known sender, trusted megolm key, but bad ed25519key
             event.isKeySourceUntrusted = () => false;
             device.keys["ed25519:FLIBBLE"] = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB";
@@ -165,9 +193,115 @@ describe("Crypto", function () {
             expect(encryptionInfo.sender).toBeTruthy();
             expect(encryptionInfo.mismatchedSender).toBeTruthy();
 
+            expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                shieldColour: EventShieldColour.RED,
+                shieldReason: EventShieldReason.MISMATCHED_SENDER_KEY,
+            });
+
             client.stopClient();
         });
 
+        describe("provides encryption information for events from verified senders", function () {
+            const testDeviceId = testData.BOB_TEST_DEVICE_ID;
+            const testDevice = testData.BOB_SIGNED_TEST_DEVICE_DATA;
+
+            let client: MatrixClient;
+            beforeEach(async () => {
+                client = new TestClient("@alice:example.com", "deviceid").client;
+                await client.initCrypto();
+
+                // mock out the verification check
+                client.crypto!.checkUserTrust = (userId) => new UserTrustLevel(true, false, false);
+            });
+
+            afterEach(() => {
+                client.stopClient();
+            });
+
+            async function buildEncryptedEvent(
+                decryptionResult: Partial<EventDecryptionResult> = {},
+            ): Promise<MatrixEvent> {
+                const mockCryptoBackend = {
+                    decryptEvent: async (event: MatrixEvent): Promise<EventDecryptionResult> => {
+                        return {
+                            claimedEd25519Key: testDevice.keys["ed25519:" + testDeviceId],
+                            clearEvent: {
+                                room_id: "!room_id",
+                                type: "m.room.message",
+                                content: { body: "test" },
+                            },
+                            forwardingCurve25519KeyChain: [],
+                            senderCurve25519Key: testDevice.keys["curve25519:" + testDeviceId],
+                            ...decryptionResult,
+                        };
+                    },
+                } as unknown as CryptoBackend;
+
+                const event = new MatrixEvent({
+                    event_id: "$event_id",
+                    sender: testData.BOB_TEST_USER_ID,
+                    type: "m.room.encrypted",
+                    content: { algorithm: "m.megolm.v1.aes-sha2" },
+                });
+                await event.attemptDecryption(mockCryptoBackend);
+                return event;
+            }
+
+            it("unknown device", async () => {
+                const event = await buildEncryptedEvent();
+                expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                    shieldColour: EventShieldColour.GREY,
+                    shieldReason: EventShieldReason.UNKNOWN_DEVICE,
+                });
+            });
+
+            it("known but unsigned device", async () => {
+                client.crypto!.deviceList.storeDevicesForUser(testData.BOB_TEST_USER_ID, {
+                    [testDeviceId]: {
+                        keys: testDevice.keys,
+                        algorithms: testDevice.algorithms,
+                        verified: DeviceVerification.Unverified,
+                        known: true,
+                    },
+                });
+
+                const event = await buildEncryptedEvent();
+                expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                    shieldColour: EventShieldColour.RED,
+                    shieldReason: EventShieldReason.UNSIGNED_DEVICE,
+                });
+            });
+
+            describe("known and verified device", () => {
+                beforeEach(() => {
+                    client.crypto!.deviceList.storeDevicesForUser(testData.BOB_TEST_USER_ID, {
+                        [testDeviceId]: {
+                            keys: testDevice.keys,
+                            algorithms: testDevice.algorithms,
+                            verified: DeviceVerification.Verified,
+                            known: true,
+                        },
+                    });
+                });
+
+                it("regular key", async () => {
+                    const event = await buildEncryptedEvent();
+                    expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                        shieldColour: EventShieldColour.NONE,
+                        shieldReason: null,
+                    });
+                });
+
+                it("unauthenticated key", async () => {
+                    const event = await buildEncryptedEvent({ untrusted: true });
+                    expect(await client.getCrypto()!.getEncryptionInfoForEvent(event)).toEqual({
+                        shieldColour: EventShieldColour.GREY,
+                        shieldReason: EventShieldReason.AUTHENTICITY_NOT_GUARANTEED,
+                    });
+                });
+            });
+        });
+
         it("doesn't throw an error when attempting to decrypt a redacted event", async () => {
             const client = new TestClient("@alice:example.com", "deviceid").client;
             await client.initCrypto();
@@ -222,7 +356,6 @@ describe("Crypto", function () {
 
         let crypto: Crypto;
         let mockBaseApis: MatrixClient;
-        let mockRoomList: RoomList;
 
         let fakeEmitter: EventEmitter;
 
@@ -256,19 +389,10 @@ describe("Crypto", function () {
                 isGuest: jest.fn(),
                 emit: jest.fn(),
             } as unknown as MatrixClient;
-            mockRoomList = {} as unknown as RoomList;
 
             fakeEmitter = new EventEmitter();
 
-            crypto = new Crypto(
-                mockBaseApis,
-                "@alice:home.server",
-                "FLIBBLE",
-                clientStore,
-                cryptoStore,
-                mockRoomList,
-                [],
-            );
+            crypto = new Crypto(mockBaseApis, "@alice:home.server", "FLIBBLE", clientStore, cryptoStore, []);
             crypto.registerEventHandlers(fakeEmitter as any);
             await crypto.init();
         });
@@ -304,20 +428,24 @@ describe("Crypto", function () {
 
     describe("Key requests", function () {
         let aliceClient: MatrixClient;
+        let secondAliceClient: MatrixClient;
         let bobClient: MatrixClient;
         let claraClient: MatrixClient;
 
         beforeEach(async function () {
             aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
+            secondAliceClient = new TestClient("@alice:example.com", "secondAliceDevice").client;
             bobClient = new TestClient("@bob:example.com", "bobdevice").client;
             claraClient = new TestClient("@clara:example.com", "claradevice").client;
             await aliceClient.initCrypto();
+            await secondAliceClient.initCrypto();
             await bobClient.initCrypto();
             await claraClient.initCrypto();
         });
 
         afterEach(async function () {
             aliceClient.stopClient();
+            secondAliceClient.stopClient();
             bobClient.stopClient();
             claraClient.stopClient();
         });
@@ -377,12 +505,7 @@ describe("Crypto", function () {
                     event.senderCurve25519Key = null;
                     // @ts-ignore private properties
                     event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto!.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
+                    await expect(bobClient.crypto!.decryptEvent(event)).rejects.toBeTruthy();
                 }),
             );
 
@@ -401,7 +524,7 @@ describe("Crypto", function () {
             // the first message can't be decrypted yet, but the second one
             // can
             let ksEvent = await keyshareEventForEvent(aliceClient, events[1], 1);
-            bobClient.crypto!.deviceList.downloadKeys = () => Promise.resolve({});
+            bobClient.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
             bobClient.crypto!.deviceList.getUserByIdentityKey = () => "@alice:example.com";
             await bobDecryptor.onRoomKeyEvent(ksEvent);
             await decryptEventsPromise;
@@ -550,7 +673,7 @@ describe("Crypto", function () {
             aliceClient.crypto!.outgoingRoomKeyRequestManager.sendQueuedRequests();
             jest.runAllTimers();
             await Promise.resolve();
-            expect(aliceSendToDevice).toBeCalledTimes(1);
+            expect(aliceSendToDevice).toHaveBeenCalledTimes(1);
             const txnId = aliceSendToDevice.mock.calls[0][2];
 
             // give the room key request manager time to update the state
@@ -564,21 +687,21 @@ describe("Crypto", function () {
             // cancelAndResend will call sendToDevice twice:
             // the first call to sendToDevice will be the cancellation
             // the second call to sendToDevice will be the key request
-            expect(aliceSendToDevice).toBeCalledTimes(3);
+            expect(aliceSendToDevice).toHaveBeenCalledTimes(3);
             expect(aliceSendToDevice.mock.calls[2][2]).not.toBe(txnId);
         });
 
-        it("should accept forwarded keys which it requested", async function () {
+        it("should accept forwarded keys it requested from one of its own user's other devices", async function () {
             const encryptionCfg = {
                 algorithm: "m.megolm.v1.aes-sha2",
             };
             const roomId = "!someroom";
             const aliceRoom = new Room(roomId, aliceClient, "@alice:example.com", {});
-            const bobRoom = new Room(roomId, bobClient, "@bob:example.com", {});
+            const bobRoom = new Room(roomId, secondAliceClient, "@alice:example.com", {});
             aliceClient.store.storeRoom(aliceRoom);
-            bobClient.store.storeRoom(bobRoom);
+            secondAliceClient.store.storeRoom(bobRoom);
             await aliceClient.setRoomEncryption(roomId, encryptionCfg);
-            await bobClient.setRoomEncryption(roomId, encryptionCfg);
+            await secondAliceClient.setRoomEncryption(roomId, encryptionCfg);
             const events = [
                 new MatrixEvent({
                     type: "m.room.message",
@@ -613,20 +736,16 @@ describe("Crypto", function () {
                     event.senderCurve25519Key = null;
                     // @ts-ignore private properties
                     event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto!.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
+                    await expect(secondAliceClient.crypto!.decryptEvent(event)).rejects.toBeTruthy();
                 }),
             );
 
             const device = new DeviceInfo(aliceClient.deviceId!);
-            bobClient.crypto!.deviceList.getDeviceByIdentityKey = () => device;
-            bobClient.crypto!.deviceList.getUserByIdentityKey = () => "@alice:example.com";
+            device.verified = DeviceInfo.DeviceVerification.VERIFIED;
+            secondAliceClient.crypto!.deviceList.getDeviceByIdentityKey = () => device;
+            secondAliceClient.crypto!.deviceList.getUserByIdentityKey = () => "@alice:example.com";
 
-            const cryptoStore = bobClient.crypto!.cryptoStore;
+            const cryptoStore = secondAliceClient.crypto!.cryptoStore;
             const eventContent = events[0].getWireContent();
             const senderKey = eventContent.sender_key;
             const sessionId = eventContent.session_id;
@@ -642,7 +761,7 @@ describe("Crypto", function () {
                 state: RoomKeyRequestState.Sent,
             });
 
-            const bobDecryptor = bobClient.crypto!.getRoomDecryptor(roomId, olmlib.MEGOLM_ALGORITHM);
+            const bobDecryptor = secondAliceClient.crypto!.getRoomDecryptor(roomId, olmlib.MEGOLM_ALGORITHM);
 
             const decryptEventsPromise = Promise.all(
                 events.map((ev) => {
@@ -651,7 +770,7 @@ describe("Crypto", function () {
             );
             const ksEvent = await keyshareEventForEvent(aliceClient, events[0], 0);
             await bobDecryptor.onRoomKeyEvent(ksEvent);
-            const key = await bobClient.crypto!.olmDevice.getInboundGroupSessionKey(
+            const key = await secondAliceClient.crypto!.olmDevice.getInboundGroupSessionKey(
                 roomId,
                 events[0].getWireContent().sender_key,
                 events[0].getWireContent().session_id,
@@ -720,12 +839,7 @@ describe("Crypto", function () {
                     event.senderCurve25519Key = null;
                     // @ts-ignore private properties
                     event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto!.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
+                    await expect(bobClient.crypto!.decryptEvent(event)).rejects.toBeTruthy();
                 }),
             );
 
@@ -755,7 +869,7 @@ describe("Crypto", function () {
             expect(events[1].getContent().msgtype).not.toBe("m.bad.encrypted");
         });
 
-        it("should accept forwarded keys from one of its own user's other devices", async function () {
+        it("should not accept requested forwarded keys from other users", async function () {
             const encryptionCfg = {
                 algorithm: "m.megolm.v1.aes-sha2",
             };
@@ -800,40 +914,43 @@ describe("Crypto", function () {
                     event.senderCurve25519Key = null;
                     // @ts-ignore private properties
                     event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto!.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
+                    await expect(bobClient.crypto!.decryptEvent(event)).rejects.toBeTruthy();
                 }),
             );
 
-            const device = new DeviceInfo(claraClient.deviceId!);
+            const cryptoStore = bobClient.crypto!.cryptoStore;
+            const eventContent = events[0].getWireContent();
+            const senderKey = eventContent.sender_key;
+            const sessionId = eventContent.session_id;
+            const roomKeyRequestBody = {
+                algorithm: olmlib.MEGOLM_ALGORITHM,
+                room_id: roomId,
+                sender_key: senderKey,
+                session_id: sessionId,
+            };
+            const outgoingReq = await cryptoStore.getOutgoingRoomKeyRequest(roomKeyRequestBody);
+            expect(outgoingReq).toBeDefined();
+            await cryptoStore.updateOutgoingRoomKeyRequest(outgoingReq!.requestId, RoomKeyRequestState.Unsent, {
+                state: RoomKeyRequestState.Sent,
+            });
+
+            const device = new DeviceInfo(aliceClient.deviceId!);
             device.verified = DeviceInfo.DeviceVerification.VERIFIED;
             bobClient.crypto!.deviceList.getDeviceByIdentityKey = () => device;
-            bobClient.crypto!.deviceList.getUserByIdentityKey = () => "@bob:example.com";
+            bobClient.crypto!.deviceList.getUserByIdentityKey = () => "@alice:example.com";
 
             const bobDecryptor = bobClient.crypto!.getRoomDecryptor(roomId, olmlib.MEGOLM_ALGORITHM);
 
-            const decryptEventsPromise = Promise.all(
-                events.map((ev) => {
-                    return awaitEvent(ev, "Event.decrypted");
-                }),
-            );
             const ksEvent = await keyshareEventForEvent(aliceClient, events[0], 0);
-            ksEvent.event.sender = bobClient.getUserId()!;
-            ksEvent.sender = new RoomMember(roomId, bobClient.getUserId()!);
+            ksEvent.event.sender = aliceClient.getUserId()!;
+            ksEvent.sender = new RoomMember(roomId, aliceClient.getUserId()!);
             await bobDecryptor.onRoomKeyEvent(ksEvent);
             const key = await bobClient.crypto!.olmDevice.getInboundGroupSessionKey(
                 roomId,
                 events[0].getWireContent().sender_key,
                 events[0].getWireContent().session_id,
             );
-            expect(key).not.toBeNull();
-            await decryptEventsPromise;
-            expect(events[0].getContent().msgtype).not.toBe("m.bad.encrypted");
-            expect(events[1].getContent().msgtype).not.toBe("m.bad.encrypted");
+            expect(key).toBeNull();
         });
 
         it("should not accept unexpected forwarded keys for a room it's in", async function () {
@@ -884,12 +1001,7 @@ describe("Crypto", function () {
                     event.senderCurve25519Key = null;
                     // @ts-ignore private properties
                     event.claimedEd25519Key = null;
-                    try {
-                        await bobClient.crypto!.decryptEvent(event);
-                    } catch (e) {
-                        // we expect this to fail because we don't have the
-                        // decryption keys yet
-                    }
+                    await expect(bobClient.crypto!.decryptEvent(event)).rejects.toBeTruthy();
                 }),
             );
 
@@ -994,11 +1106,10 @@ describe("Crypto", function () {
 
     describe("Secret storage", function () {
         it("creates secret storage even if there is no keyInfo", async function () {
-            jest.spyOn(logger, "log").mockImplementation(() => {});
+            jest.spyOn(logger, "debug").mockImplementation(() => {});
             jest.setTimeout(10000);
             const client = new TestClient("@a:example.com", "dev").client;
             await client.initCrypto();
-            client.crypto!.getSecretStorageKey = jest.fn().mockResolvedValue(null);
             client.crypto!.isCrossSigningReady = async () => false;
             client.crypto!.baseApis.uploadDeviceSigningKeys = jest.fn().mockResolvedValue(null);
             client.crypto!.baseApis.setAccountData = jest.fn().mockResolvedValue(null);
@@ -1026,7 +1137,7 @@ describe("Crypto", function () {
 
         beforeEach(async () => {
             ensureOlmSessionsForDevices = jest.spyOn(olmlib, "ensureOlmSessionsForDevices");
-            ensureOlmSessionsForDevices.mockResolvedValue({});
+            ensureOlmSessionsForDevices.mockResolvedValue(new Map());
             encryptMessageForDevice = jest.spyOn(olmlib, "encryptMessageForDevice");
             encryptMessageForDevice.mockImplementation(async (...[result, , , , , , payload]) => {
                 result.plaintext = { type: 0, body: JSON.stringify(payload) };
@@ -1220,15 +1331,9 @@ describe("Crypto", function () {
                 setRoomEncryption: jest.fn().mockResolvedValue(undefined),
             } as unknown as RoomList;
 
-            crypto = new Crypto(
-                mockClient,
-                "@alice:home.server",
-                "FLIBBLE",
-                clientStore,
-                cryptoStore,
-                mockRoomList,
-                [],
-            );
+            crypto = new Crypto(mockClient, "@alice:home.server", "FLIBBLE", clientStore, cryptoStore, []);
+            // @ts-ignore we are injecting a mock into a private property
+            crypto.roomList = mockRoomList;
         });
 
         it("should set the algorithm if called for a known room", async () => {

spec/unit/crypto/CrossSigningInfo.spec.ts

@@ -102,9 +102,10 @@ describe("CrossSigningInfo.getCrossSigningKey", function () {
             const info = new CrossSigningInfo(userId, { getCrossSigningKey }, { getCrossSigningKeyCache });
             const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
             expect(pubKey).toEqual(masterKeyPub);
-            expect(getCrossSigningKeyCache.mock.calls.length).toBe(shouldCache ? 1 : 0);
+            expect(getCrossSigningKeyCache).toHaveBeenCalledTimes(shouldCache ? 1 : 0);
             if (shouldCache) {
-                expect(getCrossSigningKeyCache.mock.calls[0][0]).toBe(type);
+                // eslint-disable-next-line jest/no-conditional-expect
+                expect(getCrossSigningKeyCache).toHaveBeenLastCalledWith(type, expect.any(String));
             }
         },
     );
@@ -115,10 +116,10 @@ describe("CrossSigningInfo.getCrossSigningKey", function () {
         const info = new CrossSigningInfo(userId, { getCrossSigningKey }, { storeCrossSigningKeyCache });
         const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
         expect(pubKey).toEqual(masterKeyPub);
-        expect(storeCrossSigningKeyCache.mock.calls.length).toEqual(shouldCache ? 1 : 0);
+        expect(storeCrossSigningKeyCache).toHaveBeenCalledTimes(shouldCache ? 1 : 0);
         if (shouldCache) {
-            expect(storeCrossSigningKeyCache.mock.calls[0][0]).toBe(type);
-            expect(storeCrossSigningKeyCache.mock.calls[0][1]).toBe(testKey);
+            // eslint-disable-next-line jest/no-conditional-expect
+            expect(storeCrossSigningKeyCache).toHaveBeenLastCalledWith(type, testKey);
         }
     });
 

spec/unit/crypto/DeviceList.spec.ts

@@ -129,7 +129,7 @@ describe("DeviceList", function () {
         });
     });
 
-    it("should have an outdated devicelist on an invalidation while an " + "update is in progress", function () {
+    it("should have an outdated devicelist on an invalidation while an update is in progress", async function () {
         const dl = createTestDeviceList();
 
         dl.startTrackingDeviceList("@test1:sw1v.org");
@@ -148,7 +148,8 @@ describe("DeviceList", function () {
         dl.invalidateUserDeviceList("@test1:sw1v.org");
         dl.refreshOutdatedDeviceLists();
 
-        dl.saveIfDirty()
+        await dl
+            .saveIfDirty()
             .then(() => {
                 // the first request completes
                 queryDefer1.resolve({
@@ -159,12 +160,13 @@ describe("DeviceList", function () {
                 });
                 return prom1;
             })
-            .then(() => {
+            .then(async () => {
                 // uh-oh; user restarts before second request completes. The new instance
                 // should know we never got a complete device list.
                 logger.log("Creating new devicelist to simulate app reload");
                 downloadSpy.mockReset();
                 const dl2 = createTestDeviceList();
+                await dl2.load();
                 const queryDefer3 = utils.defer<IDownloadKeyResult>();
                 downloadSpy.mockReturnValue(queryDefer3.promise);
 
@@ -196,7 +198,7 @@ describe("DeviceList", function () {
         downloadSpy.mockReturnValueOnce(queryDefer2.promise);
 
         const prom1 = dl.refreshOutdatedDeviceLists();
-        expect(downloadSpy).toBeCalledTimes(2);
+        expect(downloadSpy).toHaveBeenCalledTimes(2);
         expect(downloadSpy).toHaveBeenNthCalledWith(1, ["@test1:sw1v.org"], {});
         expect(downloadSpy).toHaveBeenNthCalledWith(2, ["@test2:sw1v.org"], {});
         queryDefer1.resolve(utils.deepCopy(signedDeviceList));

spec/unit/crypto/algorithms/megolm.spec.ts

@@ -34,6 +34,7 @@ import { ClientEvent, MatrixClient, RoomMember } from "../../../../src";
 import { DeviceInfo, IDevice } from "../../../../src/crypto/deviceinfo";
 import { DeviceTrustLevel } from "../../../../src/crypto/CrossSigning";
 import { MegolmEncryption as MegolmEncryptionClass } from "../../../../src/crypto/algorithms/megolm";
+import { recursiveMapToObject } from "../../../../src/utils";
 import { sleep } from "../../../../src/utils";
 
 const MegolmDecryption = algorithms.DECRYPTION_CLASSES.get("m.megolm.v1.aes-sha2")!;
@@ -183,14 +184,22 @@ describe("MegolmDecryption", function () {
                     const deviceInfo = {} as DeviceInfo;
                     mockCrypto.getStoredDevice.mockReturnValue(deviceInfo);
 
-                    mockOlmLib.ensureOlmSessionsForDevices.mockResolvedValue({
-                        "@alice:foo": {
-                            alidevice: {
-                                sessionId: "alisession",
-                                device: new DeviceInfo("alidevice"),
-                            },
-                        },
-                    });
+                    mockOlmLib.ensureOlmSessionsForDevices.mockResolvedValue(
+                        new Map([
+                            [
+                                "@alice:foo",
+                                new Map([
+                                    [
+                                        "alidevice",
+                                        {
+                                            sessionId: "alisession",
+                                            device: new DeviceInfo("alidevice"),
+                                        },
+                                    ],
+                                ]),
+                            ],
+                        ]),
+                    );
 
                     const awaitEncryptForDevice = new Promise<void>((res, rej) => {
                         mockOlmLib.encryptMessageForDevice.mockImplementation(() => {
@@ -211,7 +220,7 @@ describe("MegolmDecryption", function () {
                 .then(() => {
                     // check that it called encryptMessageForDevice with
                     // appropriate args.
-                    expect(mockOlmLib.encryptMessageForDevice).toBeCalledTimes(1);
+                    expect(mockOlmLib.encryptMessageForDevice).toHaveBeenCalledTimes(1);
 
                     const call = mockOlmLib.encryptMessageForDevice.mock.calls[0];
                     const payload = call[6];
@@ -357,11 +366,7 @@ describe("MegolmDecryption", function () {
                 } as unknown as DeviceInfo;
 
                 mockCrypto.downloadKeys.mockReturnValue(
-                    Promise.resolve({
-                        "@alice:home.server": {
-                            aliceDevice: aliceDeviceInfo,
-                        },
-                    }),
+                    Promise.resolve(new Map([["@alice:home.server", new Map([["aliceDevice", aliceDeviceInfo]])]])),
                 );
 
                 mockCrypto.checkDeviceTrust.mockReturnValue({
@@ -523,23 +528,32 @@ describe("MegolmDecryption", function () {
         let megolm: MegolmEncryptionClass;
         let room: jest.Mocked<Room>;
 
-        const deviceMap: DeviceInfoMap = {
-            "user-a": {
-                "device-a": new DeviceInfo("device-a"),
-                "device-b": new DeviceInfo("device-b"),
-                "device-c": new DeviceInfo("device-c"),
-            },
-            "user-b": {
-                "device-d": new DeviceInfo("device-d"),
-                "device-e": new DeviceInfo("device-e"),
-                "device-f": new DeviceInfo("device-f"),
-            },
-            "user-c": {
-                "device-g": new DeviceInfo("device-g"),
-                "device-h": new DeviceInfo("device-h"),
-                "device-i": new DeviceInfo("device-i"),
-            },
-        };
+        const deviceMap: DeviceInfoMap = new Map([
+            [
+                "user-a",
+                new Map([
+                    ["device-a", new DeviceInfo("device-a")],
+                    ["device-b", new DeviceInfo("device-b")],
+                    ["device-c", new DeviceInfo("device-c")],
+                ]),
+            ],
+            [
+                "user-b",
+                new Map([
+                    ["device-d", new DeviceInfo("device-d")],
+                    ["device-e", new DeviceInfo("device-e")],
+                    ["device-f", new DeviceInfo("device-f")],
+                ]),
+            ],
+            [
+                "user-c",
+                new Map([
+                    ["device-g", new DeviceInfo("device-g")],
+                    ["device-h", new DeviceInfo("device-h")],
+                    ["device-i", new DeviceInfo("device-i")],
+                ]),
+            ],
+        ]);
 
         beforeEach(() => {
             room = testUtils.mock(Room, "Room") as jest.Mocked<Room>;
@@ -572,8 +586,8 @@ describe("MegolmDecryption", function () {
             //@ts-ignore private member access, gross
             await megolm.encryptionPreparation?.promise;
 
-            for (const userId in deviceMap) {
-                for (const deviceId in deviceMap[userId]) {
+            for (const [userId, devices] of deviceMap) {
+                for (const deviceId of devices.keys()) {
                     expect(mockCrypto.checkDeviceTrust).toHaveBeenCalledWith(userId, deviceId);
                 }
             }
@@ -658,20 +672,20 @@ describe("MegolmDecryption", function () {
         expect(aliceClient.sendToDevice).toHaveBeenCalled();
         const [msgtype, contentMap] = mocked(aliceClient.sendToDevice).mock.calls[0];
         expect(msgtype).toMatch(/^(org.matrix|m).room_key.withheld$/);
-        delete contentMap["@bob:example.com"].bobdevice1.session_id;
-        delete contentMap["@bob:example.com"].bobdevice1["org.matrix.msgid"];
-        delete contentMap["@bob:example.com"].bobdevice2.session_id;
-        delete contentMap["@bob:example.com"].bobdevice2["org.matrix.msgid"];
-        expect(contentMap).toStrictEqual({
-            "@bob:example.com": {
-                bobdevice1: {
+        delete contentMap.get("@bob:example.com")?.get("bobdevice1")?.["session_id"];
+        delete contentMap.get("@bob:example.com")?.get("bobdevice1")?.["org.matrix.msgid"];
+        delete contentMap.get("@bob:example.com")?.get("bobdevice2")?.["session_id"];
+        delete contentMap.get("@bob:example.com")?.get("bobdevice2")?.["org.matrix.msgid"];
+        expect(recursiveMapToObject(contentMap)).toStrictEqual({
+            ["@bob:example.com"]: {
+                ["bobdevice1"]: {
                     algorithm: "m.megolm.v1.aes-sha2",
                     room_id: roomId,
                     code: "m.unverified",
                     reason: "The sender has disabled encrypting to unverified devices.",
                     sender_key: aliceDevice.deviceCurve25519Key,
                 },
-                bobdevice2: {
+                ["bobdevice2"]: {
                     algorithm: "m.megolm.v1.aes-sha2",
                     room_id: roomId,
                     code: "m.blacklisted",
@@ -839,10 +853,10 @@ describe("MegolmDecryption", function () {
         expect(aliceClient.sendToDevice).toHaveBeenCalled();
         const [msgtype, contentMap] = mocked(aliceClient.sendToDevice).mock.calls[0];
         expect(msgtype).toMatch(/^(org.matrix|m).room_key.withheld$/);
-        delete contentMap["@bob:example.com"]["bobdevice"]["org.matrix.msgid"];
-        expect(contentMap).toStrictEqual({
-            "@bob:example.com": {
-                bobdevice: {
+        delete contentMap.get("@bob:example.com")?.get("bobdevice")?.["org.matrix.msgid"];
+        expect(recursiveMapToObject(contentMap)).toStrictEqual({
+            ["@bob:example.com"]: {
+                ["bobdevice"]: {
                     algorithm: "m.megolm.v1.aes-sha2",
                     code: "m.no_olm",
                     reason: "Unable to establish a secure channel.",

spec/unit/crypto/algorithms/olm.spec.ts

@@ -146,18 +146,21 @@ describe("OlmDevice", function () {
                     });
                 },
             } as unknown as MockedObject<MatrixClient>;
-            const devicesByUser = {
-                "@bob:example.com": [
-                    DeviceInfo.fromStorage(
-                        {
-                            keys: {
-                                "curve25519:ABCDEFG": "akey",
+            const devicesByUser = new Map([
+                [
+                    "@bob:example.com",
+                    [
+                        DeviceInfo.fromStorage(
+                            {
+                                keys: {
+                                    "curve25519:ABCDEFG": "akey",
+                                },
                             },
-                        },
-                        "ABCDEFG",
-                    ),
+                            "ABCDEFG",
+                        ),
+                    ],
                 ],
-            };
+            ]);
 
             // start two tasks that try to ensure that there's an olm session
             const promises = Promise.all([
@@ -218,12 +221,8 @@ describe("OlmDevice", function () {
             // There's no required ordering of devices per user, so here we
             // create two different orderings so that each task reserves a
             // device the other task needs before continuing.
-            const devicesByUserAB = {
-                "@bob:example.com": [deviceBobA, deviceBobB],
-            };
-            const devicesByUserBA = {
-                "@bob:example.com": [deviceBobB, deviceBobA],
-            };
+            const devicesByUserAB = new Map([["@bob:example.com", [deviceBobA, deviceBobB]]]);
+            const devicesByUserBA = new Map([["@bob:example.com", [deviceBobB, deviceBobA]]]);
 
             const task1 = alwaysSucceed(olmlib.ensureOlmSessionsForDevices(aliceOlmDevice, baseApis, devicesByUserAB));
 

spec/unit/crypto/backup.spec.ts

@@ -215,6 +215,36 @@ describe("MegolmBackup", function () {
             jest.spyOn(global, "setTimeout").mockRestore();
         });
 
+        test("fail if crypto not enabled", async () => {
+            const client = makeTestClient(cryptoStore);
+            const data = {
+                algorithm: olmlib.MEGOLM_BACKUP_ALGORITHM,
+                version: "1",
+                auth_data: {
+                    public_key: "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
+                },
+            };
+            await expect(client.restoreKeyBackupWithSecretStorage(data)).rejects.toThrow(
+                "End-to-end encryption disabled",
+            );
+        });
+
+        test("fail if given backup has no version", async () => {
+            const client = makeTestClient(cryptoStore);
+            await client.initCrypto();
+            const data = {
+                algorithm: olmlib.MEGOLM_BACKUP_ALGORITHM,
+                auth_data: {
+                    public_key: "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
+                },
+            };
+            const key = Uint8Array.from([1, 2, 3, 4, 5, 6, 7, 8]);
+            await client.getCrypto()!.storeSessionBackupPrivateKey(key, "1");
+            await expect(client.restoreKeyBackupWithCache(undefined, undefined, data)).rejects.toThrow(
+                "Backup version must be defined",
+            );
+        });
+
         it("automatically calls the key back up", function () {
             const groupSession = new Olm.OutboundGroupSession();
             groupSession.create();
@@ -456,6 +486,7 @@ describe("MegolmBackup", function () {
                     client.http.authedRequest = function (method, path, queryParams, data, opts): any {
                         ++numCalls;
                         expect(numCalls).toBeLessThanOrEqual(2);
+                        /* eslint-disable jest/no-conditional-expect */
                         if (numCalls === 1) {
                             expect(method).toBe("POST");
                             expect(path).toBe("/room_keys/version");
@@ -482,6 +513,7 @@ describe("MegolmBackup", function () {
                             reject(new Error("authedRequest called too many times"));
                             return Promise.resolve({});
                         }
+                        /* eslint-enable jest/no-conditional-expect */
                     };
                 }),
                 client.createKeyBackupVersion({

spec/unit/crypto/cross-signing.spec.ts

@@ -24,10 +24,11 @@ import * as olmlib from "../../../src/crypto/olmlib";
 import { MatrixError } from "../../../src/http-api";
 import { logger } from "../../../src/logger";
 import { ICrossSigningKey, ICreateClientOpts, ISignedKey, MatrixClient } from "../../../src/client";
-import { CryptoEvent, IBootstrapCrossSigningOpts } from "../../../src/crypto";
+import { CryptoEvent } from "../../../src/crypto";
 import { IDevice } from "../../../src/crypto/deviceinfo";
 import { TestClient } from "../../TestClient";
 import { resetCrossSigningKeys } from "./crypto-utils";
+import { BootstrapCrossSigningOpts } from "../../../src/crypto-api";
 
 const PUSH_RULES_RESPONSE: Response = {
     method: "GET",
@@ -146,7 +147,7 @@ describe("Cross Signing", function () {
         alice.uploadKeySignatures = async () => ({ failures: {} });
         alice.setAccountData = async () => ({});
         alice.getAccountDataFromServer = async <T extends { [k: string]: any }>(): Promise<T | null> => ({} as T);
-        const authUploadDeviceSigningKeys: IBootstrapCrossSigningOpts["authUploadDeviceSigningKeys"] = async (func) => {
+        const authUploadDeviceSigningKeys: BootstrapCrossSigningOpts["authUploadDeviceSigningKeys"] = async (func) => {
             await func({});
         };
 
@@ -1148,6 +1149,6 @@ describe("userHasCrossSigningKeys", function () {
 
     it("throws an error if crypto is disabled", () => {
         aliceClient["cryptoBackend"] = undefined;
-        expect(() => aliceClient.userHasCrossSigningKeys()).toThrowError("encryption disabled");
+        expect(() => aliceClient.userHasCrossSigningKeys()).toThrow("encryption disabled");
     });
 });

spec/unit/crypto/device-converter.spec.ts

@@ -0,0 +1,58 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { DeviceInfo } from "../../../src/crypto/deviceinfo";
+import { DeviceVerification } from "../../../src";
+import { deviceInfoToDevice } from "../../../src/crypto/device-converter";
+
+describe("device-converter", () => {
+    const userId = "@alice:example.com";
+    const deviceId = "xcvf";
+
+    // All parameters for DeviceInfo initialization
+    const keys = {
+        [`ed25519:${deviceId}`]: "key1",
+        [`curve25519:${deviceId}`]: "key2",
+    };
+    const algorithms = ["algo1", "algo2"];
+    const verified = DeviceVerification.Verified;
+    const signatures = { [userId]: { [deviceId]: "sign1" } };
+    const displayName = "display name";
+    const unsigned = {
+        device_display_name: displayName,
+    };
+
+    describe("deviceInfoToDevice", () => {
+        it("should convert a DeviceInfo to a Device", () => {
+            const deviceInfo = DeviceInfo.fromStorage({ keys, algorithms, verified, signatures, unsigned }, deviceId);
+            const device = deviceInfoToDevice(deviceInfo, userId);
+
+            expect(device.deviceId).toBe(deviceId);
+            expect(device.userId).toBe(userId);
+            expect(device.verified).toBe(verified);
+            expect(device.getIdentityKey()).toBe(keys[`curve25519:${deviceId}`]);
+            expect(device.getFingerprint()).toBe(keys[`ed25519:${deviceId}`]);
+            expect(device.displayName).toBe(displayName);
+        });
+
+        it("should add empty signatures", () => {
+            const deviceInfo = DeviceInfo.fromStorage({ keys, algorithms, verified }, deviceId);
+            const device = deviceInfoToDevice(deviceInfo, userId);
+
+            expect(device.signatures.size).toBe(0);
+        });
+    });
+});