Merge remote-tracking branch 'upstream/develop' into develop

2025-12-01 04:43:29 +03:00 · 2019-10-15 11:12:00 -03:00
parent 42a07de9a7 aead855470
commit d47d1d8f26
14 changed files with 1000 additions and 321 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,113 @@
 Changes in [2.4.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.4.1) (2019-10-01)
 ================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.4.0...v2.4.1)
 * Upgrade deps
   [\#1046](https://github.com/matrix-org/matrix-js-sdk/pull/1046)
 * Ignore crypto events with no content
   [\#1043](https://github.com/matrix-org/matrix-js-sdk/pull/1043)
 Changes in [2.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.4.0) (2019-09-27)
 ================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.4.0-rc.1...v2.4.0)
 * Clean Yarn cache during release
   [\#1045](https://github.com/matrix-org/matrix-js-sdk/pull/1045)
 Changes in [2.4.0-rc.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.4.0-rc.1) (2019-09-25)
 ==========================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.2...v2.4.0-rc.1)
 * Remove id_server from creds for interactive auth
   [\#1044](https://github.com/matrix-org/matrix-js-sdk/pull/1044)
 * Remove IS details from requestToken to HS
   [\#1041](https://github.com/matrix-org/matrix-js-sdk/pull/1041)
 * Add support for sending MSISDN tokens to alternate URLs
   [\#1040](https://github.com/matrix-org/matrix-js-sdk/pull/1040)
 * Add separate 3PID add and bind APIs
   [\#1038](https://github.com/matrix-org/matrix-js-sdk/pull/1038)
 * Bump eslint-utils from 1.4.0 to 1.4.2
   [\#1037](https://github.com/matrix-org/matrix-js-sdk/pull/1037)
 * Handle WebRTC security errors as non-fatal
   [\#1036](https://github.com/matrix-org/matrix-js-sdk/pull/1036)
 * Check for r0.6.0 support in addition to unstable feature flags
   [\#1035](https://github.com/matrix-org/matrix-js-sdk/pull/1035)
 * Update room members on member event redaction
   [\#1030](https://github.com/matrix-org/matrix-js-sdk/pull/1030)
 * Support hidden read receipts
   [\#1028](https://github.com/matrix-org/matrix-js-sdk/pull/1028)
 * Do 3pid lookups in lowercase
   [\#1029](https://github.com/matrix-org/matrix-js-sdk/pull/1029)
 * Add Synapse admin functions for deactivating a user
   [\#1027](https://github.com/matrix-org/matrix-js-sdk/pull/1027)
 * Fix addPendingEvent with pending event order == chronological
   [\#1026](https://github.com/matrix-org/matrix-js-sdk/pull/1026)
 * Add AutoDiscovery.getRawClientConfig() for easy .well-known lookups
   [\#1024](https://github.com/matrix-org/matrix-js-sdk/pull/1024)
 * Don't convert errors to JSON if they are JSON already
   [\#1025](https://github.com/matrix-org/matrix-js-sdk/pull/1025)
 * Send id_access_token to HS for use in proxied IS requests
   [\#1022](https://github.com/matrix-org/matrix-js-sdk/pull/1022)
 * Clean up JSON handling in identity server requests
   [\#1023](https://github.com/matrix-org/matrix-js-sdk/pull/1023)
 * Use the v2 (hashed) lookup for identity server queries
   [\#1021](https://github.com/matrix-org/matrix-js-sdk/pull/1021)
 * Add getIdServer() & doesServerRequireIdServerParam()
   [\#1018](https://github.com/matrix-org/matrix-js-sdk/pull/1018)
 * Make requestToken endpoints work without ID Server
   [\#1019](https://github.com/matrix-org/matrix-js-sdk/pull/1019)
 * Fix setIdentityServer
   [\#1016](https://github.com/matrix-org/matrix-js-sdk/pull/1016)
 * Change ICE fallback server and make fallback opt-in
   [\#1015](https://github.com/matrix-org/matrix-js-sdk/pull/1015)
 * Throw an exception if trying to do an ID server request with no ID server
   [\#1014](https://github.com/matrix-org/matrix-js-sdk/pull/1014)
 * Add setIdentityServerUrl
   [\#1013](https://github.com/matrix-org/matrix-js-sdk/pull/1013)
 * Add matrix base API to report an event
   [\#1011](https://github.com/matrix-org/matrix-js-sdk/pull/1011)
 * Fix POST body for v2 IS requests
   [\#1010](https://github.com/matrix-org/matrix-js-sdk/pull/1010)
 * Add API for bulk lookup on the Identity Server
   [\#1009](https://github.com/matrix-org/matrix-js-sdk/pull/1009)
 * Remove deprecated authedRequestWithPrefix and requestWithPrefix
   [\#1000](https://github.com/matrix-org/matrix-js-sdk/pull/1000)
 * Add API for checking IS account info
   [\#1007](https://github.com/matrix-org/matrix-js-sdk/pull/1007)
 * Support rewriting push rules when our internal defaults change
   [\#1006](https://github.com/matrix-org/matrix-js-sdk/pull/1006)
 * Upgrade dependencies
   [\#1005](https://github.com/matrix-org/matrix-js-sdk/pull/1005)
 Changes in [2.3.2](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.3.2) (2019-09-16)
 ================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.2-rc.1...v2.3.2)
 * [Release] Fix addPendingEvent with pending event order == chronological
   [\#1034](https://github.com/matrix-org/matrix-js-sdk/pull/1034)
 Changes in [2.3.2-rc.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.3.2-rc.1) (2019-09-13)
 ==========================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.1...v2.3.2-rc.1)
 * Synapse admin functions to release
   [\#1033](https://github.com/matrix-org/matrix-js-sdk/pull/1033)
 * [To Release] Add matrix base API to report an event
   [\#1032](https://github.com/matrix-org/matrix-js-sdk/pull/1032)
 Changes in [2.3.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.3.1) (2019-09-12)
 ================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.1-rc.1...v2.3.1)
 * No changes since rc.1
 Changes in [2.3.1-rc.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.3.1-rc.1) (2019-09-11)
 ==========================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.0...v2.3.1-rc.1)
 * Update room members on member event redaction
   [\#1031](https://github.com/matrix-org/matrix-js-sdk/pull/1031)
 Changes in [2.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v2.3.0) (2019-08-05)
 ================================================================================================
 [Full Changelog](https://github.com/matrix-org/matrix-js-sdk/compare/v2.3.0-rc.1...v2.3.0)
--- a/README.md
+++ b/README.md
@@ -322,13 +322,13 @@ To provide the Olm library in a browser application:
 To provide the Olm library in a node.js application:
- * ``yarn add https://packages.matrix.org/npm/olm/olm-3.0.0.tgz``
+ * ``yarn add https://packages.matrix.org/npm/olm/olm-3.1.4.tgz``
   (replace the URL with the latest version you want to use from
    https://packages.matrix.org/npm/olm/)
 * ``global.Olm = require('olm');`` *before* loading ``matrix-js-sdk``.
 If you want to package Olm as dependency for your node.js application, you can
-use ``yarn add https://packages.matrix.org/npm/olm/olm-3.0.0.tgz``. If your
+use ``yarn add https://packages.matrix.org/npm/olm/olm-3.1.4.tgz``. If your
 application also works without e2e crypto enabled, add ``--optional`` to mark it
 as an optional dependency.
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "matrix-js-sdk",
-  "version": "2.3.0",
+  "version": "2.4.1",
  "description": "Matrix Client-Server SDK for Javascript",
  "main": "index.js",
  "scripts": {
@@ -54,11 +54,11 @@
  "dependencies": {
    "another-json": "^0.2.0",
    "babel-runtime": "^6.26.0",
-    "bluebird": "^3.5.0",
+    "bluebird": "^3.7.0",
    "browser-request": "^0.3.3",
    "bs58": "^4.0.1",
    "content-type": "^1.0.2",
-    "loglevel": "1.6.1",
+    "loglevel": "^1.6.4",
    "qs": "^6.5.2",
    "request": "^2.88.0",
    "unhomoglyph": "^1.0.2"
@@ -75,19 +75,19 @@
    "eslint": "^5.12.0",
    "eslint-config-google": "^0.7.1",
    "eslint-plugin-babel": "^5.3.0",
-    "exorcist": "^0.4.0",
+    "exorcist": "^1.0.1",
    "expect": "^1.20.2",
    "istanbul": "^0.4.5",
    "jsdoc": "^3.5.5",
    "lolex": "^1.5.2",
    "matrix-mock-request": "^1.2.3",
-    "mocha": "^5.2.0",
+    "mocha": "^6.2.1",
    "mocha-jenkins-reporter": "^0.4.0",
-    "olm": "https://packages.matrix.org/npm/olm/olm-3.1.0.tgz",
+    "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz",
-    "rimraf": "^2.5.4",
+    "rimraf": "^3.0.0",
-    "source-map-support": "^0.4.11",
+    "source-map-support": "^0.5.13",
-    "sourceify": "^0.1.0",
+    "sourceify": "^1.0.0",
-    "terser": "^4.0.0",
+    "terser": "^4.3.8",
    "watchify": "^3.11.1"
  },
  "browserify": {
--- a/release.sh
+++ b/release.sh
@@ -195,6 +195,11 @@ if [ $dodist -eq 0 ]; then
    pushd "$builddir"
    git clone "$projdir" .
    git checkout "$rel_branch"
    # We use Git branch / commit dependencies for some packages, and Yarn seems
    # to have a hard time getting that right. See also
    # https://github.com/yarnpkg/yarn/issues/4734. As a workaround, we clean the
    # global cache here to ensure we get the right thing.
    yarn cache clean
    yarn install
    # We haven't tagged yet, so tell the dist script what version
    # it's building
--- a/src/base-apis.js
+++ b/src/base-apis.js
@@ -993,10 +993,13 @@ MatrixBaseApis.prototype.roomInitialSync = function(roomId, limit, callback) {
 * @param {string} rrEventId ID of the event tracked by the read receipt. This is here
 * for convenience because the RR and the RM are commonly updated at the same time as
 * each other. Optional.
 * @param {object} opts Options for the read markers.
 * @param {object} opts.hidden True to hide the read receipt from other users. <b>This
 * property is currently unstable and may change in the future.</b>
 * @return {module:client.Promise} Resolves: the empty object, {}.
 */
 MatrixBaseApis.prototype.setRoomReadMarkersHttpRequest =
-                                function(roomId, rmEventId, rrEventId) {
+                                function(roomId, rmEventId, rrEventId, opts) {
    const path = utils.encodeUri("/rooms/$roomId/read_markers", {
        $roomId: roomId,
    });
@@ -1004,6 +1007,7 @@ MatrixBaseApis.prototype.setRoomReadMarkersHttpRequest =
    const content = {
        "m.fully_read": rmEventId,
        "m.read": rrEventId,
        "m.hidden": Boolean(opts ? opts.hidden : false),
    };
    return this._http.authedRequest(
@@ -1335,10 +1339,16 @@ MatrixBaseApis.prototype.getThreePids = function(callback) {
 };
 /**
 * Add a 3PID to your homeserver account and optionally bind it to an identity
 * server as well. An identity server is required as part of the `creds` object.
 *
 * This API is deprecated, and you should instead use `addThreePidOnly`
 * for homeservers that support it.
 *
 * @param {Object} creds
 * @param {boolean} bind
 * @param {module:client.callback} callback Optional.
- * @return {module:client.Promise} Resolves: TODO
+ * @return {module:client.Promise} Resolves: on success
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
 MatrixBaseApis.prototype.addThreePid = function(creds, bind, callback) {
@@ -1352,6 +1362,75 @@ MatrixBaseApis.prototype.addThreePid = function(creds, bind, callback) {
    );
 };
 /**
 * Add a 3PID to your homeserver account. This API does not use an identity
 * server, as the homeserver is expected to handle 3PID ownership validation.
 *
 * You can check whether a homeserver supports this API via
 * `doesServerSupportSeparateAddAndBind`.
 *
 * @param {Object} data A object with 3PID validation data from having called
 * `account/3pid/<medium>/requestToken` on the homeserver.
 * @return {module:client.Promise} Resolves: on success
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
 MatrixBaseApis.prototype.addThreePidOnly = function(data) {
    const path = "/account/3pid/add";
    return this._http.authedRequest(
        undefined, "POST", path, null, data, {
            prefix: httpApi.PREFIX_UNSTABLE,
        },
    );
 };
 /**
 * Bind a 3PID for discovery onto an identity server via the homeserver. The
 * identity server handles 3PID ownership validation and the homeserver records
 * the new binding to track where all 3PIDs for the account are bound.
 *
 * You can check whether a homeserver supports this API via
 * `doesServerSupportSeparateAddAndBind`.
 *
 * @param {Object} data A object with 3PID validation data from having called
 * `validate/<medium>/requestToken` on the identity server. It should also
 * contain `id_server` and `id_access_token` fields as well.
 * @return {module:client.Promise} Resolves: on success
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
 MatrixBaseApis.prototype.bindThreePid = function(data) {
    const path = "/account/3pid/bind";
    return this._http.authedRequest(
        undefined, "POST", path, null, data, {
            prefix: httpApi.PREFIX_UNSTABLE,
        },
    );
 };
 /**
 * Unbind a 3PID for discovery on an identity server via the homeserver. The
 * homeserver removes its record of the binding to keep an updated record of
 * where all 3PIDs for the account are bound.
 *
 * @param {string} medium The threepid medium (eg. 'email')
 * @param {string} address The threepid address (eg. 'bob@example.com')
 *        this must be as returned by getThreePids.
 * @return {module:client.Promise} Resolves: on success
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
 MatrixBaseApis.prototype.unbindThreePid = function(medium, address) {
    const path = "/account/3pid/unbind";
    const data = {
        medium,
        address,
        id_server: this.getIdentityServerUrl(true),
    };
    return this._http.authedRequest(
        undefined, "POST", path, null, data, {
            prefix: httpApi.PREFIX_UNSTABLE,
        },
    );
 };
 /**
 * @param {string} medium The threepid medium (eg. 'email')
 * @param {string} address The threepid address (eg. 'bob@example.com')
@@ -1753,10 +1832,11 @@ MatrixBaseApis.prototype.registerWithIdentityServer = function(hsOpenIdToken) {
 };
 /**
- * Requests an email verification token directly from an Identity Server.
+ * Requests an email verification token directly from an identity server.
 *
- * Note that the Homeserver offers APIs to proxy this API for specific
+ * This API is used as part of binding an email for discovery on an identity
- * situations, allowing for better feedback to the user.
+ * server. The validation data that results should be passed to the
 * `bindThreePid` method to complete the binding process.
 *
 * @param {string} email The email address to request a token for
 * @param {string} clientSecret A secret binary string generated by the client.
@@ -1768,12 +1848,12 @@ MatrixBaseApis.prototype.registerWithIdentityServer = function(hsOpenIdToken) {
 * @param {string} nextLink Optional If specified, the client will be redirected
 *                 to this link after validation.
 * @param {module:client.callback} callback Optional.
- * @param {string} identityAccessToken The `access_token` field of the Identity
+ * @param {string} identityAccessToken The `access_token` field of the identity
- * Server `/account/register` response (see {@link registerWithIdentityServer}).
+ * server `/account/register` response (see {@link registerWithIdentityServer}).
 *
 * @return {module:client.Promise} Resolves: TODO
 * @return {module:http-api.MatrixError} Rejects: with an error response.
- * @throws Error if no Identity Server is set
+ * @throws Error if no identity server is set
 */
 MatrixBaseApis.prototype.requestEmailToken = async function(
    email,
@@ -1815,7 +1895,75 @@ MatrixBaseApis.prototype.requestEmailToken = async function(
 };
 /**
- * Submits an MSISDN token to the identity server
+ * Requests a MSISDN verification token directly from an identity server.
 *
 * This API is used as part of binding a MSISDN for discovery on an identity
 * server. The validation data that results should be passed to the
 * `bindThreePid` method to complete the binding process.
 *
 * @param {string} phoneCountry The ISO 3166-1 alpha-2 code for the country in
 *                 which phoneNumber should be parsed relative to.
 * @param {string} phoneNumber The phone number, in national or international
 *                 format
 * @param {string} clientSecret A secret binary string generated by the client.
 *                 It is recommended this be around 16 ASCII characters.
 * @param {number} sendAttempt If an identity server sees a duplicate request
 *                 with the same sendAttempt, it will not send another SMS.
 *                 To request another SMS to be sent, use a larger value for
 *                 the sendAttempt param as was used in the previous request.
 * @param {string} nextLink Optional If specified, the client will be redirected
 *                 to this link after validation.
 * @param {module:client.callback} callback Optional.
 * @param {string} identityAccessToken The `access_token` field of the Identity
 * Server `/account/register` response (see {@link registerWithIdentityServer}).
 *
 * @return {module:client.Promise} Resolves: TODO
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 * @throws Error if no identity server is set
 */
 MatrixBaseApis.prototype.requestMsisdnToken = async function(
    phoneCountry,
    phoneNumber,
    clientSecret,
    sendAttempt,
    nextLink,
    callback,
    identityAccessToken,
 ) {
    const params = {
        client_secret: clientSecret,
        country: phoneCountry,
        phone_number: phoneNumber,
        send_attempt: sendAttempt,
        next_link: nextLink,
    };
    try {
        const response = await this._http.idServerRequest(
            undefined, "POST", "/validate/msisdn/requestToken",
            params, httpApi.PREFIX_IDENTITY_V2, identityAccessToken,
        );
        // TODO: Fold callback into above call once v1 path below is removed
        if (callback) callback(null, response);
        return response;
    } catch (err) {
        if (err.cors === "rejected" || err.httpStatus === 404) {
            // Fall back to deprecated v1 API for now
            // TODO: Remove this path once v2 is only supported version
            // See https://github.com/vector-im/riot-web/issues/10443
            logger.warn("IS doesn't support v2, falling back to deprecated v1");
            return await this._http.idServerRequest(
                callback, "POST", "/validate/msisdn/requestToken",
                params, httpApi.PREFIX_IDENTITY_V1,
            );
        }
        if (callback) callback(err);
        throw err;
    }
 };
 /**
 * Submits a MSISDN token to the identity server
 *
 * This is used when submitting the code sent by SMS to a phone number.
 * The ID server has an equivalent API for email but the js-sdk does
@@ -1865,6 +2013,41 @@ MatrixBaseApis.prototype.submitMsisdnToken = async function(
    }
 };
 /**
 * Submits a MSISDN token to an arbitrary URL.
 *
 * This is used when submitting the code sent by SMS to a phone number in the
 * newer 3PID flow where the homeserver validates 3PID ownership (as part of
 * `requestAdd3pidMsisdnToken`). The homeserver response may include a
 * `submit_url` to specify where the token should be sent, and this helper can
 * be used to pass the token to this URL.
 *
 * @param {string} url The URL to submit the token to
 * @param {string} sid The sid given in the response to requestToken
 * @param {string} clientSecret A secret binary string generated by the client.
 *                 This must be the same value submitted in the requestToken call.
 * @param {string} msisdnToken The MSISDN token, as enetered by the user.
 *
 * @return {module:client.Promise} Resolves: Object, currently with no parameters.
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
 MatrixBaseApis.prototype.submitMsisdnTokenOtherUrl = function(
    url,
    sid,
    clientSecret,
    msisdnToken,
 ) {
    const params = {
        sid: sid,
        client_secret: clientSecret,
        token: msisdnToken,
    };
    return this._http.requestOtherUrl(
        undefined, "POST", url, undefined, params,
    );
 };
 /**
 * Gets the V2 hashing information from the identity server. Primarily useful for
 * lookups.
@@ -1916,15 +2099,23 @@ MatrixBaseApis.prototype.identityHashedLookup = async function(
        // Abuse the olm hashing
        const olmutil = new global.Olm.Utility();
        params["addresses"] = addressPairs.map(p => {
-            const hashed = olmutil.sha256(`${p[0]} ${p[1]} ${params['pepper']}`)
+            const addr = p[0].toLowerCase(); // lowercase to get consistent hashes
            const med = p[1].toLowerCase();
            const hashed = olmutil.sha256(`${addr} ${med} ${params['pepper']}`)
                .replace(/\+/g, '-').replace(/\//g, '_'); // URL-safe base64
            // Map the hash to a known (case-sensitive) address. We use the case
            // sensitive version because the caller might be expecting that.
            localMapping[hashed] = p[0];
            return hashed;
        });
        params["algorithm"] = "sha256";
    } else if (hashes['algorithms'].includes('none')) {
        params["addresses"] = addressPairs.map(p => {
-            const unhashed = `${p[0]} ${p[1]}`;
+            const addr = p[0].toLowerCase(); // lowercase to get consistent hashes
            const med = p[1].toLowerCase();
            const unhashed = `${addr} ${med}`;
            // Map the unhashed values to a known (case-sensitive) address. We use
            // the case sensitive version because the caller might be expecting that.
            localMapping[unhashed] = p[0];
            return unhashed;
        });
--- a/src/client.js
+++ b/src/client.js
@@ -2192,11 +2192,17 @@ MatrixClient.prototype.sendHtmlEmote = function(roomId, body, htmlBody, callback
 * Send a receipt.
 * @param {Event} event The event being acknowledged
 * @param {string} receiptType The kind of receipt e.g. "m.read"
 * @param {object} opts Additional content to send alongside the receipt.
 * @param {module:client.callback} callback Optional.
 * @return {module:client.Promise} Resolves: TODO
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
-MatrixClient.prototype.sendReceipt = function(event, receiptType, callback) {
+MatrixClient.prototype.sendReceipt = function(event, receiptType, opts, callback) {
    if (typeof(opts) === 'function') {
        callback = opts;
        opts = {};
    }
    if (this.isGuest()) {
        return Promise.resolve({}); // guests cannot send receipts so don't bother.
    }
@@ -2207,7 +2213,7 @@ MatrixClient.prototype.sendReceipt = function(event, receiptType, callback) {
        $eventId: event.getId(),
    });
    const promise = this._http.authedRequest(
-        callback, "POST", path, undefined, {},
+        callback, "POST", path, undefined, opts || {},
    );
    const room = this.getRoom(event.getRoomId());
@@ -2220,17 +2226,32 @@ MatrixClient.prototype.sendReceipt = function(event, receiptType, callback) {
 /**
 * Send a read receipt.
 * @param {Event} event The event that has been read.
 * @param {object} opts The options for the read receipt.
 * @param {boolean} opts.hidden True to prevent the receipt from being sent to
 * other users and homeservers. Default false (send to everyone). <b>This
 * property is unstable and may change in the future.</b>
 * @param {module:client.callback} callback Optional.
 * @return {module:client.Promise} Resolves: TODO
 * @return {module:http-api.MatrixError} Rejects: with an error response.
 */
-MatrixClient.prototype.sendReadReceipt = async function(event, callback) {
+MatrixClient.prototype.sendReadReceipt = async function(event, opts, callback) {
    if (typeof(opts) === 'function') {
        callback = opts;
        opts = {};
    }
    if (!opts) opts = {};
    const eventId = event.getId();
    const room = this.getRoom(event.getRoomId());
    if (room && room.hasPendingEvent(eventId)) {
        throw new Error(`Cannot set read receipt to a pending event (${eventId})`);
    }
-    return this.sendReceipt(event, "m.read", callback);
+
    const addlContent = {
        "m.hidden": Boolean(opts.hidden),
    };
    return this.sendReceipt(event, "m.read", addlContent, callback);
 };
 /**
@@ -2243,9 +2264,14 @@ MatrixClient.prototype.sendReadReceipt = async function(event, callback) {
 * @param {string} rrEvent the event tracked by the read receipt. This is here for
 * convenience because the RR and the RM are commonly updated at the same time as each
 * other. The local echo of this receipt will be done if set. Optional.
 * @param {object} opts Options for the read markers
 * @param {object} opts.hidden True to hide the receipt from other users and homeservers.
 * <b>This property is unstable and may change in the future.</b>
 * @return {module:client.Promise} Resolves: the empty object, {}.
 */
-MatrixClient.prototype.setRoomReadMarkers = async function(roomId, rmEventId, rrEvent) {
+MatrixClient.prototype.setRoomReadMarkers = async function(
    roomId, rmEventId, rrEvent, opts,
 ) {
    const room = this.getRoom(roomId);
    if (room && room.hasPendingEvent(rmEventId)) {
        throw new Error(`Cannot set read marker to a pending event (${rmEventId})`);
@@ -2263,7 +2289,7 @@ MatrixClient.prototype.setRoomReadMarkers = async function(roomId, rmEventId, rr
        }
    }
-    return this.setRoomReadMarkersHttpRequest(roomId, rmEventId, rrEventId);
+    return this.setRoomReadMarkersHttpRequest(roomId, rmEventId, rrEventId, opts);
 };
 /**
@@ -3452,7 +3478,9 @@ MatrixClient.prototype.requestPasswordMsisdnToken = function(phoneCountry, phone
 MatrixClient.prototype._requestTokenFromEndpoint = async function(endpoint, params) {
    const postParams = Object.assign({}, params);
-    if (this.idBaseUrl) {
+    // If the HS supports separate add and bind, then requestToken endpoints
    // don't need an IS as they are all validated by the HS directly.
    if (!await this.doesServerSupportSeparateAddAndBind() && this.idBaseUrl) {
        const idServerUrl = url.parse(this.idBaseUrl);
        if (!idServerUrl.host) {
            throw new Error("Invalid ID server URL: " + this.idBaseUrl);
@@ -4128,7 +4156,7 @@ MatrixClient.prototype.stopClient = function() {
    global.clearTimeout(this._checkTurnServersTimeoutID);
 };
-/*
+/**
 * Get the API versions supported by the server, along with any
 * unstable APIs it supports
 * @return {Promise<object>} The server /versions response
@@ -4148,7 +4176,7 @@ MatrixClient.prototype.getVersions = async function() {
    return this._serverVersionsCache;
 };
-/*
+/**
 * Query the server to see if it support members lazy loading
 * @return {Promise<boolean>} true if server supports lazy loading
 */
@@ -4162,7 +4190,7 @@ MatrixClient.prototype.doesServerSupportLazyLoading = async function() {
        || (unstableFeatures && unstableFeatures["m.lazy_load_members"]);
 };
-/*
+/**
 * Query the server to see if the `id_server` parameter is required
 * when registering with an 3pid, adding a 3pid or resetting password.
 * @return {Promise<boolean>} true if id_server parameter is required
@@ -4170,6 +4198,13 @@ MatrixClient.prototype.doesServerSupportLazyLoading = async function() {
 MatrixClient.prototype.doesServerRequireIdServerParam = async function() {
    const response = await this.getVersions();
    const versions = response["versions"];
    // Supporting r0.6.0 is the same as having the flag set to false
    if (versions && versions.includes("r0.6.0")) {
        return false;
    }
    const unstableFeatures = response["unstable_features"];
    if (unstableFeatures["m.require_identity_server"] === undefined) {
        return true;
@@ -4178,7 +4213,7 @@ MatrixClient.prototype.doesServerRequireIdServerParam = async function() {
    }
 };
-/*
+/**
 * Query the server to see if the `id_access_token` parameter can be safely
 * passed to the homeserver. Some homeservers may trigger errors if they are not
 * prepared for the new parameter.
@@ -4187,15 +4222,30 @@ MatrixClient.prototype.doesServerRequireIdServerParam = async function() {
 MatrixClient.prototype.doesServerAcceptIdentityAccessToken = async function() {
    const response = await this.getVersions();
    const versions = response["versions"];
    const unstableFeatures = response["unstable_features"];
    if (unstableFeatures["m.id_access_token"] === undefined) {
        return false;
    }
-    return unstableFeatures["m.id_access_token"];
+    return (versions && versions.includes("r0.6.0"))
        || (unstableFeatures && unstableFeatures["m.id_access_token"]);
 };
-/*
+/**
 * Query the server to see if it supports separate 3PID add and bind functions.
 * This affects the sequence of API calls clients should use for these operations,
 * so it's helpful to be able to check for support.
 * @return {Promise<boolean>} true if separate functions are supported
 */
 MatrixClient.prototype.doesServerSupportSeparateAddAndBind = async function() {
    const response = await this.getVersions();
    const versions = response["versions"];
    const unstableFeatures = response["unstable_features"];
    return (versions && versions.includes("r0.6.0"))
        || (unstableFeatures && unstableFeatures["m.separate_add_and_bind"]);
 };
 /**
 * Get if lazy loading members is being used.
 * @return {boolean} Whether or not members are lazy loaded by this client
 */
@@ -4203,7 +4253,7 @@ MatrixClient.prototype.hasLazyLoadMembersEnabled = function() {
    return !!this._clientOpts.lazyLoadMembers;
 };
-/*
+/**
 * Set a function which is called when /sync returns a 'limited' response.
 * It is called with a room ID and returns a boolean. It should return 'true' if the SDK
 * can SAFELY remove events from this room. It may not be safe to remove events if there
--- a/src/crypto/OlmDevice.js
+++ b/src/crypto/OlmDevice.js
@@ -594,6 +594,11 @@ OlmDevice.prototype.encryptMessage = async function(
        'readwrite', [IndexedDBCryptoStore.STORE_SESSIONS],
        (txn) => {
            this._getSession(theirDeviceIdentityKey, sessionId, txn, (sessionInfo) => {
                const sessionDesc = sessionInfo.session.describe();
                console.log(
                    "Session ID " + sessionId + " to " +
                    theirDeviceIdentityKey + ": " + sessionDesc,
                );
                res = sessionInfo.session.encrypt(payloadString);
                this._saveSession(theirDeviceIdentityKey, sessionInfo, txn);
            });
@@ -621,6 +626,11 @@ OlmDevice.prototype.decryptMessage = async function(
        'readwrite', [IndexedDBCryptoStore.STORE_SESSIONS],
        (txn) => {
            this._getSession(theirDeviceIdentityKey, sessionId, txn, (sessionInfo) => {
                const sessionDesc = sessionInfo.session.describe();
                console.log(
                    "Session ID " + sessionId + " to " +
                    theirDeviceIdentityKey + ": " + sessionDesc,
                );
                payloadString = sessionInfo.session.decrypt(messageType, ciphertext);
                sessionInfo.lastReceivedMessageTs = Date.now();
                this._saveSession(theirDeviceIdentityKey, sessionInfo, txn);
--- a/src/crypto/index.js
+++ b/src/crypto/index.js
@@ -951,6 +951,15 @@ Crypto.prototype.forceDiscardSession = function(roomId) {
 *   the device query is always inhibited as the members are not tracked.
 */
 Crypto.prototype.setRoomEncryption = async function(roomId, config, inhibitDeviceQuery) {
    // ignore crypto events with no algorithm defined
    // This will happen if a crypto event is redacted before we fetch the room state
    // It would otherwise just throw later as an unknown algorithm would, but we may
    // as well catch this here
    if (!config.algorithm) {
        console.log("Ignoring setRoomEncryption with no algorithm");
        return;
    }
    // if state is being replayed from storage, we might already have a configuration
    // for this room as they are persisted as well.
    // We just need to make sure the algorithm is initialized in this case.
--- a/src/crypto/store/localStorage-crypto-store.js
+++ b/src/crypto/store/localStorage-crypto-store.js
@@ -17,7 +17,7 @@ limitations under the License.
 import Promise from 'bluebird';
 import logger from '../../logger';
-import MemoryCryptoStore from './memory-crypto-store.js';
+import MemoryCryptoStore from './memory-crypto-store';
 /**
 * Internal module. Partial localStorage backed storage for e2e.
--- a/src/interactive-auth.js
+++ b/src/interactive-auth.js
@@ -174,16 +174,19 @@ InteractiveAuth.prototype = {
            // The email can be validated out-of-band, but we need to provide the
            // creds so the HS can go & check it.
            if (this._emailSid) {
-                const idServerParsedUrl = url.parse(
+                const creds = {
-                    this._matrixClient.getIdentityServerUrl(),
+                    sid: this._emailSid,
-                );
+                    client_secret: this._clientSecret,
                };
                if (await this._matrixClient.doesServerRequireIdServerParam()) {
                    const idServerParsedUrl = url.parse(
                        this._matrixClient.getIdentityServerUrl(),
                    );
                    creds.id_server = idServerParsedUrl.host;
                }
                authDict = {
                    type: EMAIL_STAGE_TYPE,
-                    threepid_creds: {
+                    threepid_creds: creds,
                        sid: this._emailSid,
                        client_secret: this._clientSecret,
                        id_server: idServerParsedUrl.host,
                    },
                };
            }
        }
--- a/src/models/event-timeline-set.js
+++ b/src/models/event-timeline-set.js
@@ -92,6 +92,13 @@ function EventTimelineSet(room, opts) {
 }
 utils.inherits(EventTimelineSet, EventEmitter);
 /**
 * Get all the timelines in this set
 * @return {module:models/event-timeline~EventTimeline[]} the timelines in this set
 */
 EventTimelineSet.prototype.getTimelines = function() {
    return this._timelines;
 };
 /**
 * Get the filter object this timeline set is filtered on, if any
 * @return {?Filter} the optional filter for this timelineSet
--- a/src/models/room.js
+++ b/src/models/room.js
@@ -1057,6 +1057,18 @@ Room.prototype._addLiveEvent = function(event, duplicateStrategy) {
        const redactedEvent = this.getUnfilteredTimelineSet().findEventById(redactId);
        if (redactedEvent) {
            redactedEvent.makeRedacted(event);
            // If this is in the current state, replace it with the redacted version
            if (redactedEvent.getStateKey()) {
                const currentStateEvent = this.currentState.getStateEvents(
                    redactedEvent.getType(),
                    redactedEvent.getStateKey(),
                );
                if (currentStateEvent.getId() === redactedEvent.getId()) {
                    this.currentState.setStateEvents([redactedEvent]);
                }
            }
            this.emit("Room.redaction", event, this);
            // TODO: we stash user displaynames (among other things) in
--- a/src/webrtc/call.js
+++ b/src/webrtc/call.js
@@ -1370,24 +1370,36 @@ module.exports.createNewMatrixCall = function(client, roomId, options) {
            return getUserMedia.apply(w.navigator, arguments);
        };
    }
-    webRtc.RtcPeerConnection = (
+
-        w.RTCPeerConnection || w.webkitRTCPeerConnection || w.mozRTCPeerConnection
+    // Firefox throws on so little as accessing the RTCPeerConnection when operating in
-    );
+    // a secure mode. There's some information at https://bugzilla.mozilla.org/show_bug.cgi?id=1542616
-    webRtc.RtcSessionDescription = (
+    // though the concern is that the browser throwing a SecurityError will brick the
-        w.RTCSessionDescription || w.webkitRTCSessionDescription ||
+    // client creation process.
-        w.mozRTCSessionDescription
+    try {
-    );
+        webRtc.RtcPeerConnection = (
-    webRtc.RtcIceCandidate = (
+            w.RTCPeerConnection || w.webkitRTCPeerConnection || w.mozRTCPeerConnection
-        w.RTCIceCandidate || w.webkitRTCIceCandidate || w.mozRTCIceCandidate
+        );
-    );
+        webRtc.RtcSessionDescription = (
-    webRtc.vendor = null;
+            w.RTCSessionDescription || w.webkitRTCSessionDescription ||
-    if (w.mozRTCPeerConnection) {
+            w.mozRTCSessionDescription
-        webRtc.vendor = "mozilla";
+        );
-    } else if (w.webkitRTCPeerConnection) {
+        webRtc.RtcIceCandidate = (
-        webRtc.vendor = "webkit";
+            w.RTCIceCandidate || w.webkitRTCIceCandidate || w.mozRTCIceCandidate
-    } else if (w.RTCPeerConnection) {
+        );
-        webRtc.vendor = "generic";
+        webRtc.vendor = null;
        if (w.mozRTCPeerConnection) {
            webRtc.vendor = "mozilla";
        } else if (w.webkitRTCPeerConnection) {
            webRtc.vendor = "webkit";
        } else if (w.RTCPeerConnection) {
            webRtc.vendor = "generic";
        }
    } catch (e) {
        logger.error("Failed to set up WebRTC object: possible browser interference?");
        logger.error(e);
        return null;
    }
    if (!webRtc.RtcIceCandidate || !webRtc.RtcSessionDescription ||
            !webRtc.RtcPeerConnection || !webRtc.getUserMedia) {
        return null; // WebRTC is not supported.
--- a/yarn.lock
+++ b/yarn.lock