Add support for multiple Base DNs in LDAP Identity Store (Fix #104)

- Process transactions async with completion parking
- Detect transactions deduplication

application.example.yaml

@@ -64,28 +64,28 @@ storage.provider.sqlite.database: '/path/to/mxisd.db'
 # LDAP Backend #
 ################
 # If you would like to integrate with your AD/Samba/LDAP server,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/ldap.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
 
 
 ###############
 # SQL Backend #
 ###############
 # If you would like to integrate with a MySQL/MariaDB/PostgreQL/SQLite DB,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/sql.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/sql.md
 
 
 ################
 # REST Backend #
 ################
 # If you would like to integrate with an existing web service/webapp,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/rest.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/rest.md
 
 
 #################################################
 # Notifications for invites/addition to profile #
 #################################################
 # If you would like to change the content,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notifications/template-generator.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
 #
 #### E-mail invite sender
 #

build.gradle

@@ -107,8 +107,8 @@ dependencies {
     compile 'com.googlecode.libphonenumber:libphonenumber:8.7.1'
 
     // E-mail sending
-    compile 'com.sun.mail:javax.mail:1.5.6'
+    compile 'com.sun.mail:javax.mail:1.6.2'
-    compile 'javax.mail:javax.mail-api:1.5.6'
+    compile 'javax.mail:javax.mail-api:1.6.2'
 
     // Google Firebase Authentication backend
     compile 'com.google.firebase:firebase-admin:5.3.0'
@@ -139,6 +139,7 @@ dependencies {
 
     testCompile 'junit:junit:4.12'
     testCompile 'com.github.tomakehurst:wiremock:2.8.0'
+    testCompile 'com.unboundid:unboundid-ldapsdk:4.0.9'
 }
 
 springBoot {

docs/features/authentication.md

@@ -74,7 +74,15 @@ See your Identity store [documentation](../stores/README.md) on how to enable th
 
 
 ## Advanced
-The Authentication feature allows users to login to their Homeserver by using their 3PIDs in a configured Identity store.
+The Authentication feature allows users to:
+- Rewrite usernames matching a pattern to be mapped to another username via a 3PID.
+- login to their Homeserver by using their 3PIDs in a configured Identity store.
+
+This feature also allows to work around the following issues:
+- Lowercase all usernames for synapse, allowing case-insensitive login
+- Unable to login on synapse if username is numerical
+- Any generic transformation of username prior to sending to synapse, bypassing the restriction that password providers
+cannot change the localpart being authenticated.
 
 ### Overview
 This is performed by intercepting the Homeserver endpoint `/_matrix/client/r0/login` as depicted below:
@@ -109,10 +117,10 @@ Steps of user authentication using a 3PID:
 4. The response from the Homeserver is sent back to the client, believing it was the HS which directly answered.
 
 ### Requirements
-- [Basic Authentication configured and working](#basic)
-- Reverse proxy setup
-- Homeserver
 - Compatible [Identity store](../stores/README.md)
+- [Basic Authentication configured and working](#basic)
+- Client and Homeserver using the [C2S API r0.4.x](https://matrix.org/docs/spec/client_server/r0.4.0.html) or later
+- Reverse proxy setup
 
 ### Configuration
 #### Reverse Proxy
@@ -153,3 +161,40 @@ In case the hostname is the same as your Matrix domain and `server.name` is not
 `matrix.domain` and will still probably have the correct value.
 
 `value` is the base internal URL of the Homeserver, without any `/_matrix/..` or trailing `/`.
+
+#### Username rewrite
+In mxisd config:
+```yaml
+auth:
+  rewrite:
+    user:
+      rules:
+        - regex: <your regexp>
+          medium: 'your.custom.medium.type'
+```
+`rules` takes a list of rules. Rules have two properties:
+- `regexp`: The regex pattern to match. This **MUST** match the full string. See [Java regex](https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html) for syntax.
+- `medium`: Custom 3PID type that will be used in the 3PID lookup. This can be anything you want and needs to be supported
+by your Identity store config and/or code.
+
+Rules are matched in listed order.
+
+Common regexp patterns:
+- Numerical usernames: `[0-9]+`
+
+##### LDAP Example
+If your users use their numerical employee IDs, which cannot be used with synapse, you can make it work with (relevant config only):
+```yaml
+auth:
+  rewrite:
+    user:
+      rules:
+        - regex: '[0-9]+'
+          medium: 'kmx.employee.id'
+          
+ldap:
+  attribute:
+    threepid:
+      kmx.employee.id:
+        - 'ldapAttributeForEmployeeId'
+```

docs/features/experimental/profile.md

@@ -1,12 +1,16 @@
-# Profile enhancement
+# Profile
-**WARNING**: Alpha feature, not officially supported. Do not use.
+**WARNING**: The following sub-features are considered experimental and not officially supported. Use at your own peril.
 
-This feature allows to enhance a profile query with more info than just Matrix ID and Display name, allowing for custom
+## Public Profile enhancement
-applications to retrieve custom data not currently provided by synapse, per example.
+This feature allows to enhance a public profile query with more info than just Matrix ID and Display name, allowing for
+custom applications to retrieve custom data not currently provided by synapse, per example.
 
-## Configuration
+**WARNING**: This information can be queried without authentication as per the specification. Do not enable unless in a
-### Reverse proxy
+controlled environment.
-#### Apache
+
+### Configuration
+#### Reverse proxy
+##### Apache
 ```apache
 ProxyPassMatch "^/_matrix/client/r0/profile/([^/]+)$" "http://127.0.0.1:8090/_matrix/client/r0/profile/$1"
 ```

docs/features/profile.md

@@ -0,0 +1,10 @@
+# Profile
+The profile feature does not do anything on its own and acts as a support feature for others, allowing to retrieve
+information about a user based on its Matrix ID by querying enabled [Identity stores](../stores/README.md).
+
+Currently supported:
+- Display name
+- 3PIDs
+- Roles/Groups
+
+Experimental sub-features are also available. See [the dedicated document](experimental/profile.md).

docs/getting-started.md

@@ -29,9 +29,10 @@ If you would like a high-level view of the infrastructure and how each feature i
 
 ## Install
 Install via:
+- [Docker image](install/docker.md)
 - [Debian package](install/debian.md)
 - [ArchLinux](install/archlinux.md)
-- [Docker image](install/docker.md)
+- [NixOS](install/nixos.md)
 - [Sources](build.md)
 
 See the [Latest release](https://github.com/kamax-matrix/mxisd/releases/latest) for links to each.

docs/install/nixos.md

@@ -0,0 +1,8 @@
+# NixOS package
+mxisd is available as a NixOS package in the official repos.
+
+It is maintained by [maximilian](https://matrix.to/#/@maximilian:transformierende-gesellschaft.org), a community member.  
+
+Related resources:
+- [NixOS](https://nixos.org/)
+- [The module definition](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/mxisd.nix)

docs/stores/ldap.md

@@ -24,10 +24,13 @@ ldap.connection.host: 'ldapHostnameOrIp'
 ldap.connection.port: 389
 ldap.connection.bindDn: 'CN=My Mxisd User,OU=Users,DC=example,DC=org'
 ldap.connection.bindPassword: 'TheUserPassword'
-ldap.connection.baseDn: 'OU=Users,DC=example,DC=org'
+ldap.connection.baseDNs:
+  - 'OU=Users,DC=example,DC=org'
 ```
 These are standard LDAP connection configuration. mxisd will try to connect on port default port 389 without encryption.
 
+If you would like to use several Base DNs, simply add more entries under `baseDNs`.
+
 ### TLS/SSL connection
 If you would like to use a TLS/SSL connection, use the following configuration options (STARTLS not supported):
 ```yaml

docs/stores/rest.md

@@ -3,38 +3,45 @@ The REST backend allows you to query identity data in existing webapps, like:
 - Forums (phpBB, Discourse, etc.)
 - Custom Identity stores (Keycloak, ...)
 - CRMs (Wordpress, ...)
-- self-hosted clouds (Nextcloud, ownCloud, ...)
+- Self-hosted clouds (Nextcloud, ownCloud, ...)
 
-To integrate this backend with your webapp, you will need to implement three specific REST endpoints detailed below.
+To integrate this backend with your webapp, you will need to implement the REST endpoints described below.
 
 ## Features
-|      Name      | Supported? |
+| Name                                            | Supported? |
-|----------------|------------|
+|-------------------------------------------------|------------|
-| Authentication | Yes        |
+| [Authentication](../features/authentication.md) | Yes        |
-| Directory      | Yes        |
+| [Directory](../features/directory.md)           | Yes        |
-| Identity       | Yes        |
+| [Identity](../features/identity.md)             | Yes        |
-| Profile        | No         |
+| [Profile](../features/profile.md)               | Yes        |
 
 ## Configuration
-| Key                              | Default                                        | Description                                          |
+| Key                                  | Default                                        | Description                                          |
-|----------------------------------|------------------------------------------------|------------------------------------------------------|
+|--------------------------------------|------------------------------------------------|------------------------------------------------------|
-| `rest.enabled`                   | `false`                                        | Globally enable/disable the REST backend             |
+| `rest.enabled`                       | `false`                                        | Globally enable/disable the REST backend             |
-| `rest.host`                      | *None*                                        | Default base URL to use for the different endpoints. |
+| `rest.host`                          | *None*                                         | Default base URL to use for the different endpoints. |
-| `rest.endpoints.auth`            | `/_mxisd/backend/api/v1/auth/login`            | Validate credentials and get user profile            |
+| `rest.endpoints.auth`                | `/_mxisd/backend/api/v1/auth/login`            | Validate credentials and get user profile            |
-| `rest.endpoints.directory`       | `/_mxisd/backend/api/v1/directory/user/search` | Search for users by arbitrary input                  |
+| `rest.endpoints.directory`           | `/_mxisd/backend/api/v1/directory/user/search` | Search for users by arbitrary input                  |
-| `rest.endpoints.identity.single` | `/_mxisd/backend/api/v1/identity/single`       | Endpoint to query a single 3PID                      |
+| `rest.endpoints.identity.single`     | `/_mxisd/backend/api/v1/identity/single`       | Endpoint to query a single 3PID                      |
-| `rest.endpoints.identity.bulk`   | `/_mxisd/backend/api/v1/identity/bulk`         | Endpoint to query a list of 3PID                     |
+| `rest.endpoints.identity.bulk`       | `/_mxisd/backend/api/v1/identity/bulk`         | Endpoint to query a list of 3PID                     |
+| `rest.endpoints.profile.displayName` | `/_mxisd/backend/api/v1/profile/displayName`   | Query the display name for a Matrix ID
+| `rest.endpoints.profile.threepids`   | `/_mxisd/backend/api/v1/profile/threepids`     | Query the 3PIDs for a Matrix ID
+| `rest.endpoints.profile.roles`       | `/_mxisd/backend/api/v1/profile/roles`         | Query the Roles for a Matrix ID
 
 Endpoint values can handle two formats:
 - URL Path starting with `/` that gets happened to the `rest.host`
 - Full URL, if you want each endpoint to go to a specific server/protocol/port
 
+If an endpoint value is configured as an empty string, it will disable that specific feature, essentially bypassing the
+Identity store for that specific query.
+
 `rest.host` is mandatory if at least one endpoint is not a full URL.
 
 ## Endpoints
 ### Authentication
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8
+- Content-Type: `application/json` (JSON)
+- Encoding: `UTF8`
   
 #### Request Body
 ```json
@@ -87,8 +94,9 @@ If the authentication succeed:
 ```
 
 ### Directory
-HTTP method: `POST`
+- Method: `POST`
-Content-type: JSON UTF-8
+- Content-Type: `application/json` (JSON)
+- Encoding: `UTF8`
 
 #### Request Body
 ```json
@@ -113,7 +121,7 @@ If users found:
       "user_id": "UserIdLocalpart"
     },
     {
-      ...
+      "...": "..."
     }
   ]
 }
@@ -129,10 +137,11 @@ If no user found:
 
 ### Identity
 #### Single 3PID lookup
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8  
+- Content-Type: `application/json` (JSON)
+- Encoding: `UTF8`
   
-#### Request Body
+##### Request Body
 ```json
 {
   "lookup": {
@@ -142,7 +151,7 @@ Content-type: JSON UTF-8
 }
 ```
 
-#### Response Body
+##### Response Body
 If a match was found:
 - `lookup.id.type` supported values: `localpart`, `mxid`
 ```json
@@ -164,10 +173,11 @@ If no match was found:
 ```
 
 #### Bulk 3PID lookup
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8  
+- Content-Type: `application/json` (JSON)
+- Encoding: `UTF8`
   
-#### Request Body
+##### Request Body
 ```json
 {
   "lookup": [
@@ -183,7 +193,7 @@ Content-type: JSON UTF-8
 }
 ```
 
-#### Response Body
+##### Response Body
 For all entries where a match was found:
 - `lookup[].id.type` supported values: `localpart`, `mxid`
 ```json
@@ -215,3 +225,46 @@ If no match was found:
   "lookup": []
 }
 ```
+
+### Profile
+#### Request Body
+For all requests, the values are the same:
+- Method: `POST`
+- Content-Type: `application/json` (JSON)
+- Encoding: `UTF8`
+
+With body (example values):
+##### Request Body
+```json
+{
+    "mxid": "@john.doe:example.org",
+    "localpart": "john.doe",
+    "domain": "example.org"
+}
+```
+#### Response Body
+For all responses, the same object structure will be parsed, making the non-relevant fields as optional.
+
+Structure with example values:
+```json
+{
+  "profile": {
+    "display_name": "John Doe",
+    "threepids": [
+      {
+        "medium": "email",
+        "address": "john.doe@example.org"
+      },
+      {
+        "...": "..."
+      }
+    ],
+    "roles": [
+      "DomainUsers",
+      "SalesOrg",
+      "..."
+    ]
+  }
+}
+```
+The base `profile` key is mandatory. `display_name`, `threepids` and `roles` are only to be returned on the relevant request.

docs/threepids/session/session.md

@@ -17,49 +17,63 @@
     - [Sessions disabled](#sessions-disabled)
 
 ## Overview
-When adding an email, a phone number or any other kind of 3PID (Third-Party Identifier) in a Matrix client, 
+When adding an email, a phone number or any other kind of 3PID (Third-Party Identifier) in a Matrix client,
-the identity server is called to validate the 3PID.
+the identity server is contacted to validate the 3PID.
+
+To validate the 3PID the identity server sends a message to the 3PID (e.g. an
+email) with a hyperlink back to a web-page managed by the identity server to
+confirm ownership of the 3PID.
 
 Once this 3PID is validated, the Homeserver will publish the user Matrix ID on the Identity Server and
 add this 3PID to the Matrix account which initiated the request.
 
-## Purpose
 This serves two purposes:
 - Add the 3PID as an administrative/login info for the Homeserver directly
 - Publish, or *Bind*, the 3PID so it can be queried from Homeservers and clients when inviting someone in a room
 by a 3PID, allowing it to be resolved to a Matrix ID.
 
 ## Federation
-Federation is based on the principle that one can get a domain name and serve services and information within that
+In a federated set up, identity servers must cooperate to find the Matrix ID associated with a 3PID.
-domain namespace in a way which can be discovered following a specific protocol or specification.
 
-In the Matrix eco-system, some 3PID can be federated (e.g. emails) while some others cannot (phone numbers).
+Federation is based on the principle that each server is responsible for its own (dns) domain.
-Also, Matrix users might add 3PIDs that would not point to the Identity server that actually holds the 3PID binding.  
+Therefore only those 3PID can be federated that can be distinguished by their
+domain such as email addresses.
+
+Example: a user from Homeserver `example.org` adds an email `john@example.com`.  
+Federated identity servers would try to find the identity server at `example.com` and ask it for the Matrix ID of associated with `john@example.com`.
+
+Nevertheless, Matrix users might add 3PIDs that are not associated to a domain, for example telephone numbers.
+Or they might even add 3PIDs associated to a different domain (such as an email address hosted by gmail).
+Such 3PIDs cannot be resolved in a federated way.
 
 Example: a user from Homeserver `example.org` adds an email `john@gmail.com`.  
 If a federated lookup was performed, Identity servers would try to find the 3PID bind at the `gmail.com` server, and
 not `example.org`.
 
-To allow global publishing of 3PID bindings to be found anywhere within the current protocol specification, one would
+In order to resolve such 3PIDs, i.e. 3PIDs that cannot be resolved in a Federated way, an identity server can be configured such that
-perform a *Remote session* and *Remote bind*, effectively starting a new 3PID session with another Identity server on
+- 3PIDs that cannot be resolved locally or using federation, are fowarded to another global identity server.
-behalf of the user.  
+- registration of new 3PIDs that cannot be looked up in a federated fashion, is forwarded to another global identity server.
+
+By forwarding a 3PIDs registration the identity creates a *Remote session* and *Remote bind*, effectively starting a new 3PID session with another Identity server on
+behalf of the user. 
+
 To ensure lookup works consistency within the current Matrix network, the central Matrix.org Identity Server should be
 used to store *remote* sessions and binds.
 
-On the flip side, at the time of writing, the Matrix specification and the central Matrix.org servers do not allow to
+However, at the time of writing, the Matrix specification and the central Matrix.org servers do not allow to remote a 3PID bind.
-remote a 3PID bind. This means that once a 3PID is published (email, phone number, etc.), it cannot be easily removed
+This means that once a 3PID is published (email, phone number, etc.), it cannot be easily removed
-and would require contacting the Matrix.org administrators for each bind individually.  
+and would require contacting the Matrix.org administrators for each bind individually.
 This poses a privacy, control and security concern, especially for groups/corporations that want to keep a tight control
 on where such identifiers can be made publicly visible.
 
-To ensure full control, validation management rely on two concepts:
+To ensure full control, validation management relies on two concepts:
 - The scope of 3PID being validated
 - The scope of 3PID sessions that should be possible/offered
 
 ### 3PID scope
 3PID can either be scoped as local or remote.
 
-Local means that they can looked up using federation and that such federation call would end up on the local
+Local means that they can be looked up using federation and that such a federation call would end up on the local
 Identity Server.  
 Remote means that they cannot be lookup using federation or that a federation call would not end up on the local
 Identity Server.
@@ -139,7 +153,7 @@ session.policy.validation.forRemote:
 `session.policy.validation` is the core configuration to control what users configured to use your Identity server
 are allowed to do in terms of 3PID sessions.
 
-The policy is divided contains a global on/off switch for 3PID sessions using `.enabled`  
+The policy has a global on/off switch for 3PID sessions using `.enabled`  
 It is also divided into two sections: `forLocal` and `forRemote` which refers to the 3PID scopes.  
 
 Each scope is divided into three parts:

src/main/java/io/kamax/mxisd/MatrixIdentityServerApplication.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/UserIdType.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/as/AppServiceHandler.java

@@ -22,91 +22,190 @@ package io.kamax.mxisd.as;
 
 import com.google.gson.JsonObject;
 import io.kamax.matrix.MatrixID;
+import io.kamax.matrix.ThreePidMedium;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
 import io.kamax.matrix.event.EventKey;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.backend.sql.synapse.Synapse;
+import io.kamax.mxisd.config.ListenerConfig;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.notification.NotificationManager;
 import io.kamax.mxisd.profile.ProfileManager;
+import io.kamax.mxisd.storage.IStorage;
+import io.kamax.mxisd.storage.ormlite.dao.ASTransactionDao;
+import io.kamax.mxisd.util.GsonParser;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import java.util.HashMap;
+import java.io.InputStream;
-import java.util.List;
+import java.time.Instant;
-import java.util.Map;
+import java.util.*;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
 
 @Component
 public class AppServiceHandler {
 
     private final Logger log = LoggerFactory.getLogger(AppServiceHandler.class);
 
+    private final GsonParser parser;
+
+    private String localpart;
     private MatrixConfig cfg;
+    private IStorage store;
     private ProfileManager profiler;
     private NotificationManager notif;
     private Synapse synapse;
 
+    private Map<String, CompletableFuture<String>> transactionsInProgress;
+
     @Autowired
-    public AppServiceHandler(MatrixConfig cfg, ProfileManager profiler, NotificationManager notif, Synapse synapse) {
+    public AppServiceHandler(ListenerConfig lCfg, MatrixConfig cfg, IStorage store, ProfileManager profiler, NotificationManager notif, Synapse synapse) {
         this.cfg = cfg;
+        this.store = store;
         this.profiler = profiler;
         this.notif = notif;
         this.synapse = synapse;
+
+        localpart = lCfg.getLocalpart();
+        parser = new GsonParser();
+        transactionsInProgress = new ConcurrentHashMap<>();
+    }
+
+    public CompletableFuture<String> processTransaction(String txnId, InputStream is) {
+        synchronized (this) {
+            Optional<ASTransactionDao> dao = store.getTransactionResult(localpart, txnId);
+            if (dao.isPresent()) {
+                log.info("AS Transaction {} already processed - returning computed result", txnId);
+                return CompletableFuture.completedFuture(dao.get().getResult());
+            }
+
+            CompletableFuture<String> f = transactionsInProgress.get(txnId);
+            if (Objects.nonNull(f)) {
+                log.info("Returning future for transaction {}", txnId);
+                return f;
+            }
+
+            transactionsInProgress.put(txnId, new CompletableFuture<>());
+        }
+
+        CompletableFuture<String> future = transactionsInProgress.get(txnId);
+
+        Instant start = Instant.now();
+        log.info("Processing AS Transaction {}: start", txnId);
+        try {
+            List<JsonObject> events = GsonUtil.asList(GsonUtil.getArray(parser.parse(is), "events"), JsonObject.class);
+            is.close();
+            log.debug("{} event(s) parsed", events.size());
+
+            processTransaction(events);
+            Instant end = Instant.now();
+            log.info("Processed AS transaction {} in {} ms", txnId, (Instant.now().toEpochMilli() - start.toEpochMilli()));
+
+            String result = "{}";
+
+            try {
+                log.info("Saving transaction details to store");
+                store.insertTransactionResult(localpart, txnId, end, result);
+            } finally {
+                log.debug("Removing CompletedFuture from transaction map");
+                transactionsInProgress.remove(txnId);
+            }
+
+            future.complete(result);
+        } catch (Exception e) {
+            log.error("Unable to properly process transaction {}", txnId, e);
+            future.completeExceptionally(e);
+        }
+
+        log.info("Processing AS Transaction {}: end", txnId);
+        return future;
     }
 
     public void processTransaction(List<JsonObject> eventsJson) {
+        log.info("Processing transaction events: start");
+
         eventsJson.forEach(ev -> {
+            String evId = EventKey.Id.getStringOrNull(ev);
+            if (StringUtils.isBlank(evId)) {
+                log.warn("Event has no ID, skipping");
+                log.debug("Event:\n{}", GsonUtil.getPrettyForLog(ev));
+                return;
+            }
+            log.debug("Event {}: processing start", evId);
+
+            String roomId = EventKey.RoomId.getStringOrNull(ev);
+            if (StringUtils.isBlank(roomId)) {
+                log.debug("Event has no room ID, skipping");
+                return;
+            }
+
+            String senderId = EventKey.Sender.getStringOrNull(ev);
+            if (StringUtils.isBlank(senderId)) {
+                log.debug("Event has no sender ID, skipping");
+                return;
+            }
+            _MatrixID sender = MatrixID.asAcceptable(senderId);
+            log.debug("Sender: {}", senderId);
+
             if (!StringUtils.equals("m.room.member", GsonUtil.getStringOrNull(ev, "type"))) {
+                log.debug("This is not a room membership event, skipping");
                 return;
             }
 
             if (!StringUtils.equals("invite", GsonUtil.getStringOrNull(ev, "membership"))) {
+                log.debug("This is not an invite event, skipping");
                 return;
             }
 
-            String roomId = GsonUtil.getStringOrNull(ev, "room_id");
+            String inviteeId = EventKey.StateKey.getStringOrNull(ev);
-            _MatrixID sender = MatrixID.asAcceptable(GsonUtil.getStringOrNull(ev, "sender"));
+            if (StringUtils.isBlank(inviteeId)) {
-            EventKey.StateKey.findString(ev).ifPresent(id -> {
+                log.warn("Invalid event: No invitee ID, skipping");
-                _MatrixID mxid = MatrixID.asAcceptable(id);
+                return;
-                if (!StringUtils.equals(mxid.getDomain(), cfg.getDomain())) {
+            }
-                    log.debug("Ignoring invite for {}: not a local user");
-                    return;
-                }
-                log.info("Got invite for {}", id);
 
-                boolean wasSent = false;
+            _MatrixID invitee = MatrixID.asAcceptable(inviteeId);
-                List<_ThreePid> tpids = profiler.getThreepids(mxid);
+            if (!StringUtils.equals(invitee.getDomain(), cfg.getDomain())) {
-                if (tpids.isEmpty()) {
+                log.debug("Ignoring invite for {}: not a local user");
-                    log.info("No email found in identity stores for {}", id);
+                return;
+            }
+
+            log.info("Got invite from {} to {}", senderId, inviteeId);
+
+            boolean wasSent = false;
+            List<_ThreePid> tpids = profiler.getThreepids(invitee).stream()
+                    .filter(tpid -> ThreePidMedium.Email.is(tpid.getMedium()))
+                    .collect(Collectors.toList());
+            log.info("Found {} email(s) in identity store for {}", tpids.size(), inviteeId);
+
+            for (_ThreePid tpid : tpids) {
+                log.info("Found Email to notify about room invitation: {}", tpid.getAddress());
+                Map<String, String> properties = new HashMap<>();
+                profiler.getDisplayName(sender).ifPresent(name -> properties.put("sender_display_name", name));
+                try {
+                    synapse.getRoomName(roomId).ifPresent(name -> properties.put("room_name", name));
+                } catch (RuntimeException e) {
+                    log.warn("Could not fetch room name", e);
+                    log.info("Unable to fetch room name: Did you integrate your Homeserver as documented?");
                 }
 
-                for (_ThreePid tpid : tpids) {
+                IMatrixIdInvite inv = new MatrixIdInvite(roomId, sender, invitee, tpid.getMedium(), tpid.getAddress(), properties);
-                    if (!StringUtils.equals("email", tpid.getMedium())) {
+                notif.sendForInvite(inv);
-                        continue;
+                log.info("Notification for invite of {} sent to {}", inviteeId, tpid.getAddress());
-                    }
+                wasSent = true;
+            }
 
-                    log.info("Found an email address to notify about room invitation: {}", tpid.getAddress());
+            log.info("Was notification sent? {}", wasSent);
-                    Map<String, String> properties = new HashMap<>();
-                    profiler.getDisplayName(sender).ifPresent(name -> properties.put("sender_display_name", name));
-                    try {
-                        synapse.getRoomName(roomId).ifPresent(name -> properties.put("room_name", name));
-                    } catch (RuntimeException e) {
-                        log.warn("Unable to fetch room name - Did you provide synapse DB information as documented?");
-                        log.warn("Underlying error:", e);
-                    }
 
-                    IMatrixIdInvite inv = new MatrixIdInvite(roomId, sender, mxid, tpid.getMedium(), tpid.getAddress(), properties);
+            log.debug("Event {}: processing end", evId);
-                    notif.sendForInvite(inv);
-                    wasSent = true;
-                }
-
-                log.info("Was notification sent? {}", wasSent);
-            });
         });
+
+        log.info("Processing transaction events: end");
     }
 
 }

src/main/java/io/kamax/mxisd/auth/AuthManager.java

@@ -20,37 +20,96 @@
 
 package io.kamax.mxisd.auth;
 
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
+import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.i18n.phonenumbers.Phonenumber;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.ThreePid;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
+import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
+import io.kamax.mxisd.config.AuthenticationConfig;
 import io.kamax.mxisd.config.MatrixConfig;
+import io.kamax.mxisd.dns.ClientDnsOverwrite;
+import io.kamax.mxisd.exception.RemoteLoginException;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.lookup.ThreePidMapping;
+import io.kamax.mxisd.lookup.strategy.LookupStrategy;
+import io.kamax.mxisd.util.RestClientUtils;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.io.IOException;
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 
 @Service
 public class AuthManager {
 
-    private Logger log = LoggerFactory.getLogger(AuthManager.class);
+    private static final String TypeKey = "type";
+    private static final String UserKey = "user";
+    private static final String IdentifierKey = "identifier";
+    private static final String ThreepidMediumKey = "medium";
+    private static final String ThreepidAddressKey = "address";
+    private static final String UserIdTypeValue = "m.id.user";
+    private static final String ThreepidTypeValue = "m.id.thirdparty";
 
-    @Autowired
+    private final Logger log = LoggerFactory.getLogger(AuthManager.class);
-    private List<AuthenticatorProvider> providers = new ArrayList<>();
+    private final Gson gson = GsonUtil.get();
 
-    @Autowired
+    private List<AuthenticatorProvider> providers;
     private MatrixConfig mxCfg;
+    private AuthenticationConfig cfg;
+    private InvitationManager invMgr;
+    private ClientDnsOverwrite dns;
+    private LookupStrategy strategy;
+    private CloseableHttpClient client;
 
     @Autowired
-    private InvitationManager invMgr;
+    public AuthManager(
+            AuthenticationConfig cfg,
+            MatrixConfig mxCfg,
+            List<AuthenticatorProvider> providers,
+            LookupStrategy strategy,
+            InvitationManager invMgr,
+            ClientDnsOverwrite dns,
+            CloseableHttpClient client
+    ) {
+        this.cfg = cfg;
+        this.mxCfg = mxCfg;
+        this.providers = new ArrayList<>(providers);
+        this.strategy = strategy;
+        this.invMgr = invMgr;
+        this.dns = dns;
+        this.client = client;
+    }
+
+    public String resolveProxyUrl(URI target) {
+        URIBuilder builder = dns.transform(target);
+        String urlToLogin = builder.toString();
+        log.info("Proxy resolution: {} to {}", target.toString(), urlToLogin);
+        return urlToLogin;
+    }
 
     public UserAuthResult authenticate(String id, String password) {
         _MatrixID mxid = MatrixID.asAcceptable(id);
@@ -92,4 +151,128 @@ public class AuthManager {
         return new UserAuthResult().failure();
     }
 
+    public String proxyLogin(URI target, String body) {
+        JsonObject reqJsonObject = io.kamax.matrix.json.GsonUtil.parseObj(body);
+
+        GsonUtil.findObj(reqJsonObject, IdentifierKey).ifPresent(obj -> {
+            GsonUtil.findString(obj, TypeKey).ifPresent(type -> {
+                if (StringUtils.equals(type, UserIdTypeValue)) {
+                    log.info("Login request is User ID type");
+
+                    if (cfg.getRewrite().getUser().getRules().isEmpty()) {
+                        log.info("No User ID rewrite rules to apply");
+                    } else {
+                        log.info("User ID rewrite rules: checking for a match");
+
+                        String userId = GsonUtil.getStringOrThrow(obj, UserKey);
+                        for (AuthenticationConfig.Rule m : cfg.getRewrite().getUser().getRules()) {
+                            if (m.getPattern().matcher(userId).matches()) {
+                                log.info("Found matching pattern, resolving to 3PID with medium {}", m.getMedium());
+
+                                // Remove deprecated login info on the top object if exists to avoid duplication
+                                reqJsonObject.remove(UserKey);
+                                obj.addProperty(TypeKey, ThreepidTypeValue);
+                                obj.addProperty(ThreepidMediumKey, m.getMedium());
+                                obj.addProperty(ThreepidAddressKey, userId);
+
+                                log.info("Rewrite to 3PID done");
+                            }
+                        }
+
+                        log.info("User ID rewrite rules: done checking rules");
+                    }
+                }
+            });
+        });
+
+        GsonUtil.findObj(reqJsonObject, IdentifierKey).ifPresent(obj -> {
+            GsonUtil.findString(obj, TypeKey).ifPresent(type -> {
+                if (StringUtils.equals(type, ThreepidTypeValue)) {
+                    // Remove deprecated login info if exists to avoid duplication
+                    reqJsonObject.remove(ThreepidMediumKey);
+                    reqJsonObject.remove(ThreepidAddressKey);
+
+                    GsonUtil.findPrimitive(obj, ThreepidMediumKey).ifPresent(medium -> {
+                        GsonUtil.findPrimitive(obj, ThreepidAddressKey).ifPresent(address -> {
+                            log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
+                            strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
+                                obj.remove(ThreepidMediumKey);
+                                obj.remove(ThreepidAddressKey);
+                                obj.addProperty(TypeKey, UserIdTypeValue);
+                                obj.addProperty(UserKey, lookupDataOpt.getMxid().getLocalPart());
+                            });
+                        });
+                    });
+                }
+
+                if (StringUtils.equals(type, "m.id.phone")) {
+                    // Remove deprecated login info if exists to avoid duplication
+                    reqJsonObject.remove(ThreepidMediumKey);
+                    reqJsonObject.remove(ThreepidAddressKey);
+
+                    GsonUtil.findPrimitive(obj, "number").ifPresent(number -> {
+                        GsonUtil.findPrimitive(obj, "country").ifPresent(country -> {
+                            log.info("Login request with phone '{}'-'{}'", country.getAsString(), number.getAsString());
+                            try {
+                                PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
+                                Phonenumber.PhoneNumber phoneNumber = phoneUtil.parse(number.getAsString(), country.getAsString());
+                                String msisdn = phoneUtil.format(phoneNumber, PhoneNumberUtil.PhoneNumberFormat.E164).replace("+", "");
+                                String medium = "msisdn";
+                                strategy.findLocal(medium, msisdn).ifPresent(lookupDataOpt -> {
+                                    obj.remove("country");
+                                    obj.remove("number");
+                                    obj.addProperty(TypeKey, UserIdTypeValue);
+                                    obj.addProperty(UserKey, lookupDataOpt.getMxid().getLocalPart());
+                                });
+                            } catch (NumberParseException e) {
+                                log.error("Not a valid phone number");
+                                throw new RuntimeException(e);
+                            }
+                        });
+                    });
+                }
+            });
+        });
+
+        // invoke 'login' on homeserver
+        HttpPost httpPost = RestClientUtils.post(resolveProxyUrl(target), gson, reqJsonObject);
+        try (CloseableHttpResponse httpResponse = client.execute(httpPost)) {
+            // check http status
+            int status = httpResponse.getStatusLine().getStatusCode();
+            log.info("http status = {}", status);
+            if (status != 200) {
+                // try to get possible json error message from response
+                // otherwise just get returned plain error message
+                String errcode = String.valueOf(httpResponse.getStatusLine().getStatusCode());
+                String error = EntityUtils.toString(httpResponse.getEntity());
+                if (httpResponse.getEntity() != null) {
+                    try {
+                        JsonObject bodyJson = new JsonParser().parse(error).getAsJsonObject();
+                        if (bodyJson.has("errcode")) {
+                            errcode = bodyJson.get("errcode").getAsString();
+                        }
+                        if (bodyJson.has("error")) {
+                            error = bodyJson.get("error").getAsString();
+                        }
+                        throw new RemoteLoginException(status, errcode, error, bodyJson);
+                    } catch (JsonSyntaxException e) {
+                        log.warn("Response body is not JSON");
+                    }
+                }
+                throw new RemoteLoginException(status, errcode, error);
+            }
+
+            // return response
+            HttpEntity entity = httpResponse.getEntity();
+            if (Objects.isNull(entity)) {
+                log.warn("Expected HS to return data but got nothing");
+                return "";
+            } else {
+                return IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
+            }
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
 }

src/main/java/io/kamax/mxisd/auth/UserAuthResult.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/auth/provider/AuthenticatorProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseAuthenticator.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseBackend.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -49,7 +49,7 @@ public class GoogleFirebaseProvider extends GoogleFirebaseBackend implements ITh
     }
 
     private String getMxid(UserRecord record) {
-        return new MatrixID(record.getUid(), domain).getId();
+        return MatrixID.asAcceptable(record.getUid(), domain).getId();
     }
 
     @Override

src/main/java/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -30,6 +30,7 @@ import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.LdapConfig;
+import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.util.GsonUtil;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -87,7 +88,6 @@ public class LdapAuthProvider extends LdapBackend implements AuthenticatorProvid
     public BackendAuthResult authenticate(_MatrixID mxid, String password) {
         log.info("Performing auth for {}", mxid);
 
-
         try (LdapConnection conn = getConn()) {
             bind(conn);
 
@@ -108,62 +108,65 @@ public class LdapAuthProvider extends LdapBackend implements AuthenticatorProvid
             String[] attArray = new String[attributes.size()];
             attributes.toArray(attArray);
 
-            log.debug("Base DN: {}", getBaseDn());
             log.debug("Query: {}", userFilter);
             log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
 
-            try (EntryCursor cursor = conn.search(getBaseDn(), userFilter, SearchScope.SUBTREE, attArray)) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
-                    Entry entry = cursor.get();
-                    String dn = entry.getDn().getName();
-                    log.info("Checking possible match, DN: {}", dn);
 
-                    if (!getAttribute(entry, getUidAtt()).isPresent()) {
+                try (EntryCursor cursor = conn.search(baseDN, userFilter, SearchScope.SUBTREE, attArray)) {
-                        continue;
+                    while (cursor.next()) {
-                    }
+                        Entry entry = cursor.get();
+                        String dn = entry.getDn().getName();
+                        log.info("Checking possible match, DN: {}", dn);
 
-                    log.info("Attempting authentication on LDAP for {}", dn);
+                        if (!getAttribute(entry, getUidAtt()).isPresent()) {
-                    try {
+                            continue;
-                        conn.bind(entry.getDn(), password);
+                        }
-                    } catch (LdapException e) {
-                        log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
-                        return BackendAuthResult.failure();
-                    }
 
-                    Attribute nameAttribute = entry.get(getAt().getName());
+                        log.info("Attempting authentication on LDAP for {}", dn);
-                    String name = nameAttribute != null ? nameAttribute.get().toString() : null;
+                        try {
+                            conn.bind(entry.getDn(), password);
+                        } catch (LdapException e) {
+                            log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
+                            return BackendAuthResult.failure();
+                        }
 
-                    log.info("Authentication successful for {}", entry.getDn().getName());
+                        Attribute nameAttribute = entry.get(getAt().getName());
-                    log.info("DN {} is a valid match", dn);
+                        String name = nameAttribute != null ? nameAttribute.get().toString() : null;
 
-                    // TODO should we canonicalize the MXID?
+                        log.info("Authentication successful for {}", entry.getDn().getName());
-                    BackendAuthResult result = BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
+                        log.info("DN {} is a valid match", dn);
-                    log.info("Processing 3PIDs for profile");
+
-                    getAt().getThreepid().forEach((k, v) -> {
+                        // TODO should we canonicalize the MXID?
-                        log.info("Processing 3PID type {}", k);
+                        BackendAuthResult result = BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
-                        v.forEach(attId -> {
+                        log.info("Processing 3PIDs for profile");
-                            List<String> values = getAttributes(entry, attId);
+                        getAt().getThreepid().forEach((k, v) -> {
-                            log.info("\tAttribute {} has {} value(s)", attId, values.size());
+                            log.info("Processing 3PID type {}", k);
-                            getAttributes(entry, attId).forEach(tpidValue -> {
+                            v.forEach(attId -> {
-                                if (ThreePidMedium.PhoneNumber.is(k)) {
+                                List<String> values = getAttributes(entry, attId);
-                                    tpidValue = getMsisdn(tpidValue).orElse(tpidValue);
+                                log.info("\tAttribute {} has {} value(s)", attId, values.size());
-                                }
+                                getAttributes(entry, attId).forEach(tpidValue -> {
-                                result.withThreePid(new ThreePid(k, tpidValue));
+                                    if (ThreePidMedium.PhoneNumber.is(k)) {
+                                        tpidValue = getMsisdn(tpidValue).orElse(tpidValue);
+                                    }
+                                    result.withThreePid(new ThreePid(k, tpidValue));
+                                });
                             });
                         });
-                    });
 
-                    log.info("Found {} 3PIDs", result.getProfile().getThreePids().size());
+                        log.info("Found {} 3PIDs", result.getProfile().getThreePids().size());
-                    return result;
+                        return result;
+                    }
+                } catch (CursorLdapReferralException e) {
+                    log.warn("Entity for {} is only available via referral, skipping", mxid);
                 }
-            } catch (CursorLdapReferralException e) {
-                log.warn("Entity for {} is only available via referral, skipping", mxid);
             }
 
             log.info("No match were found for {}", mxid);
             return BackendAuthResult.failure();
         } catch (LdapException | IOException | CursorException e) {
-            throw new RuntimeException(e);
+            throw new InternalServerError(e);
         }
     }
 

src/main/java/io/kamax/mxisd/backend/ldap/LdapBackend.java

@@ -59,8 +59,8 @@ public abstract class LdapBackend {
         return cfg;
     }
 
-    protected String getBaseDn() {
+    protected List<String> getBaseDNs() {
-        return cfg.getConnection().getBaseDn();
+        return cfg.getConnection().getBaseDNs();
     }
 
     protected LdapConfig.Attribute getAt() {

src/main/java/io/kamax/mxisd/backend/ldap/LdapDirectoryProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -65,34 +65,37 @@ public class LdapDirectoryProvider extends LdapBackend implements IDirectoryProv
             bind(conn);
 
             LdapConfig.Attribute atCfg = getCfg().getAttribute();
-
             attributes = new ArrayList<>(attributes);
             attributes.add(getUidAtt());
             String[] attArray = new String[attributes.size()];
             attributes.toArray(attArray);
             String searchQuery = buildOrQueryWithFilter(getCfg().getDirectory().getFilter(), "*" + query + "*", attArray);
 
-            log.debug("Base DN: {}", getBaseDn());
             log.debug("Query: {}", searchQuery);
             log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
 
-            try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, attArray)) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
-                    Entry entry = cursor.get();
+
-                    log.info("Found possible match, DN: {}", entry.getDn().getName());
+                try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, attArray)) {
-                    getAttribute(entry, getUidAtt()).ifPresent(uid -> {
+                    while (cursor.next()) {
-                        log.info("DN {} is a valid match", entry.getDn().getName());
+                        Entry entry = cursor.get();
-                        try {
+                        log.info("Found possible match, DN: {}", entry.getDn().getName());
-                            UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
+                        getAttribute(entry, getUidAtt()).ifPresent(uid -> {
-                            entryResult.setUserId(buildMatrixIdFromUid(uid));
+                            log.info("DN {} is a valid match", entry.getDn().getName());
-                            getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
+                            try {
-                            result.addResult(entryResult);
+                                UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
-                        } catch (IllegalArgumentException e) {
+                                entryResult.setUserId(buildMatrixIdFromUid(uid));
-                            log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
+                                getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
-                        }
+                                result.addResult(entryResult);
-                    });
+                            } catch (IllegalArgumentException e) {
+                                log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
+                            }
+                        });
+                    }
                 }
             }
+
         } catch (CursorLdapReferralException e) {
             log.warn("An entry is only available via referral, skipping");
         } catch (IOException | LdapException | CursorException e) {

src/main/java/io/kamax/mxisd/backend/ldap/LdapProfileProvider.java

@@ -69,32 +69,33 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
             bind(conn);
 
             String searchQuery = buildOrQueryWithFilter(getCfg().getProfile().getFilter(), uid, getUidAtt());
-
-            log.debug("Base DN: {}", getBaseDn());
             log.debug("Query: {}", searchQuery);
 
-            try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, getAt().getName())) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
-                    Entry entry = cursor.get();
+                try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, getAt().getName())) {
-                    log.info("Found possible match, DN: {}", entry.getDn().getName());
+                    while (cursor.next()) {
-                    Optional<String> v = getAttribute(entry, getAt().getName()).flatMap(id -> {
+                        Entry entry = cursor.get();
-                        log.info("DN {} is a valid match", entry.getDn().getName());
+                        log.info("Found possible match, DN: {}", entry.getDn().getName());
-                        try {
+                        Optional<String> v = getAttribute(entry, getAt().getName()).flatMap(id -> {
-                            return getAttribute(entry, getAt().getName());
+                            log.info("DN {} is a valid match", entry.getDn().getName());
-                        } catch (IllegalArgumentException e) {
+                            try {
-                            log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
+                                return getAttribute(entry, getAt().getName());
-                            return Optional.empty();
+                            } catch (IllegalArgumentException e) {
-                        }
+                                log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
-                    });
+                                return Optional.empty();
+                            }
+                        });
 
-                    if (v.isPresent()) {
+                        if (v.isPresent()) {
-                        log.info("DN {} is the final match", entry.getDn().getName());
+                            log.info("DN {} is the final match", entry.getDn().getName());
-                        return v;
+                            return v;
+                        }
                     }
+                } catch (CursorLdapReferralException e) {
+                    log.warn("An entry is only available via referral, skipping");
                 }
             }
-        } catch (CursorLdapReferralException e) {
-            log.warn("An entry is only available via referral, skipping");
         } catch (IOException | LdapException | CursorException e) {
             throw new InternalServerError(e);
         }
@@ -111,7 +112,6 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
         try (LdapConnection conn = getConn()) {
             bind(conn);
 
-            log.debug("Base DN: {}", getBaseDn());
             getCfg().getAttribute().getThreepid().forEach((medium, attributes) -> {
                 String[] attArray = new String[attributes.size()];
                 attributes.toArray(attArray);
@@ -120,28 +120,30 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
 
                 log.debug("Query for 3PID {}: {}", medium, searchQuery);
 
-                try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, attArray)) {
+                for (String baseDN : getBaseDNs()) {
-                    while (cursor.next()) {
+                    log.debug("Base DN: {}", baseDN);
-                        Entry entry = cursor.get();
+                    try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, attArray)) {
-                        log.info("Found possible match, DN: {}", entry.getDn().getName());
+                        while (cursor.next()) {
-                        try {
+                            Entry entry = cursor.get();
-                            attributes.stream()
+                            log.info("Found possible match, DN: {}", entry.getDn().getName());
-                                    .flatMap(at -> getAttributes(entry, at).stream())
+                            try {
-                                    .forEach(address -> {
+                                attributes.stream()
-                                        log.info("Found 3PID: {} - {}", medium, address);
+                                        .flatMap(at -> getAttributes(entry, at).stream())
-                                        threePids.add(new ThreePid(medium, address));
+                                        .forEach(address -> {
-                                    });
+                                            log.info("Found 3PID: {} - {}", medium, address);
-                        } catch (IllegalArgumentException e) {
+                                            threePids.add(new ThreePid(medium, address));
-                            log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
+                                        });
+                            } catch (IllegalArgumentException e) {
+                                log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
+                            }
                         }
+                    } catch (CursorLdapReferralException e) {
+                        log.warn("An entry is only available via referral, skipping");
+                    } catch (LdapException | IOException | CursorException e) {
+                        throw new InternalServerError(e);
                     }
-                } catch (CursorLdapReferralException e) {
-                    log.warn("An entry is only available via referral, skipping");
-                } catch (IOException | LdapException | CursorException e) {
-                    throw new InternalServerError(e);
                 }
             });
-
         } catch (IOException | LdapException e) {
             throw new InternalServerError(e);
         }

src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -78,28 +78,30 @@ public class LdapThreePidProvider extends LdapBackend implements IThreePidProvid
         // we merge 3PID specific query with global/specific filter, if one exists.
         String tPidQuery = tPidQueryOpt.get().replaceAll(getCfg().getIdentity().getToken(), value);
         String searchQuery = buildWithFilter(tPidQuery, getCfg().getIdentity().getFilter());
-
-        log.debug("Base DN: {}", getBaseDn());
         log.debug("Query: {}", searchQuery);
         log.debug("Attributes: {}", GsonUtil.build().toJson(getUidAtt()));
 
-        try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, getUidAtt())) {
+        for (String baseDN : getBaseDNs()) {
-            while (cursor.next()) {
+            log.debug("Base DN: {}", baseDN);
-                Entry entry = cursor.get();
-                log.info("Found possible match, DN: {}", entry.getDn().getName());
 
-                Optional<String> data = getAttribute(entry, getUidAtt());
+            try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, getUidAtt())) {
-                if (!data.isPresent()) {
+                while (cursor.next()) {
-                    continue;
+                    Entry entry = cursor.get();
+                    log.info("Found possible match, DN: {}", entry.getDn().getName());
+
+                    Optional<String> data = getAttribute(entry, getUidAtt());
+                    if (!data.isPresent()) {
+                        continue;
+                    }
+
+                    log.info("DN {} is a valid match", entry.getDn().getName());
+                    return Optional.of(buildMatrixIdFromUid(data.get()));
                 }
-
+            } catch (CursorLdapReferralException e) {
-                log.info("DN {} is a valid match", entry.getDn().getName());
+                log.warn("3PID {} is only available via referral, skipping", value);
-                return Optional.of(buildMatrixIdFromUid(data.get()));
+            } catch (IOException | LdapException | CursorException e) {
+                throw new InternalServerError(e);
             }
-        } catch (CursorLdapReferralException e) {
-            log.warn("3PID {} is only available via referral, skipping", value);
-        } catch (IOException | LdapException | CursorException e) {
-            throw new InternalServerError(e);
         }
 
         return Optional.empty();

src/main/java/io/kamax/mxisd/backend/memory/MemoryIdentityStore.java

@@ -148,7 +148,7 @@ public class MemoryIdentityStore implements AuthenticatorProvider, IDirectoryPro
         for (MemoryIdentityConfig id : cfg.getIdentities()) {
             for (MemoryThreePid threepid : id.getThreepids()) {
                 if (req.equals(new ThreePid(threepid.getMedium(), threepid.getAddress()))) {
-                    return Optional.of(new SingleLookupReply(request, new MatrixID(id.getUsername(), mxCfg.getDomain())));
+                    return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(id.getUsername(), mxCfg.getDomain())));
                 }
             }
         }

src/main/java/io/kamax/mxisd/backend/rest/LookupBulkResponseJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/LookupSingleRequestJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/LookupSingleResponseJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/RestAuthProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/RestAuthRequestJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/RestDirectoryProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -62,7 +62,7 @@ public class RestDirectoryProvider extends RestProvider implements IDirectoryPro
 
             UserDirectorySearchResult response = parser.parse(httpResponse, UserDirectorySearchResult.class);
             for (UserDirectorySearchResult.Result result : response.getResults()) {
-                result.setUserId(new MatrixID(result.getUserId(), mxCfg.getDomain()).getId());
+                result.setUserId(MatrixID.asAcceptable(result.getUserId(), mxCfg.getDomain()).getId());
             }
 
             return response;

src/main/java/io/kamax/mxisd/backend/rest/RestProfileProvider.java

@@ -0,0 +1,147 @@
+/*
+ * mxisd - Matrix Identity Server Daemon
+ * Copyright (C) 2018 Kamax Sarl
+ *
+ * https://www.kamax.io/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package io.kamax.mxisd.backend.rest;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonSyntaxException;
+import io.kamax.matrix._MatrixID;
+import io.kamax.matrix._ThreePid;
+import io.kamax.matrix.json.GsonUtil;
+import io.kamax.matrix.json.InvalidJsonException;
+import io.kamax.mxisd.config.rest.RestBackendConfig;
+import io.kamax.mxisd.exception.InternalServerError;
+import io.kamax.mxisd.profile.JsonProfileRequest;
+import io.kamax.mxisd.profile.JsonProfileResult;
+import io.kamax.mxisd.profile.ProfileProvider;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
+import java.util.function.Function;
+
+@Component
+public class RestProfileProvider extends RestProvider implements ProfileProvider {
+
+    private final Logger log = LoggerFactory.getLogger(RestProfileProvider.class);
+
+    public RestProfileProvider(RestBackendConfig cfg) {
+        super(cfg);
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return cfg.isEnabled() && cfg.getEndpoints().getProfile().isPresent();
+    }
+
+    private <T> Optional<T> doRequest(
+            _MatrixID userId,
+            Function<RestBackendConfig.ProfileEndpoints, Optional<String>> endpoint,
+            Function<JsonProfileResult, Optional<T>> value
+    ) {
+        return cfg.getEndpoints().getProfile()
+                // We get the endpoint
+                .flatMap(endpoint)
+                // We only continue if there is a value
+                .filter(StringUtils::isNotBlank)
+                // We use the endpoint
+                .flatMap(url -> {
+                    try {
+                        URIBuilder builder = new URIBuilder(url);
+                        HttpPost req = new HttpPost(builder.build());
+                        req.setEntity(new StringEntity(GsonUtil.get().toJson(new JsonProfileRequest(userId)), ContentType.APPLICATION_JSON));
+                        try (CloseableHttpResponse res = client.execute(req)) {
+                            int sc = res.getStatusLine().getStatusCode();
+                            if (sc == 404) {
+                                log.info("Got 404 - No result found");
+                                return Optional.empty();
+                            }
+
+                            if (sc != 200) {
+                                throw new InternalServerError("Unexpected backed status code: " + sc);
+                            }
+
+                            String body = IOUtils.toString(res.getEntity().getContent(), StandardCharsets.UTF_8);
+                            if (StringUtils.isBlank(body)) {
+                                log.warn("Backend response body is empty/blank, expected JSON object with profile key");
+                                return Optional.empty();
+                            }
+
+                            Optional<JsonObject> pJson = GsonUtil.findObj(GsonUtil.parseObj(body), "profile");
+                            if (!pJson.isPresent()) {
+                                log.warn("Backend response body is invalid, expected JSON object with profile key");
+                                return Optional.empty();
+                            }
+
+                            JsonProfileResult profile = gson.fromJson(pJson.get(), JsonProfileResult.class);
+                            return value.apply(profile);
+                        }
+                    } catch (JsonSyntaxException | InvalidJsonException e) {
+                        log.error("Unable to parse backend response as JSON", e);
+                        throw new InternalServerError(e);
+                    } catch (URISyntaxException e) {
+                        log.error("Unable to build a valid request URL", e);
+                        throw new InternalServerError(e);
+                    } catch (IOException e) {
+                        log.error("I/O Error during backend request", e);
+                        throw new InternalServerError();
+                    }
+                });
+    }
+
+    @Override
+    public Optional<String> getDisplayName(_MatrixID userId) {
+        return doRequest(userId, p -> Optional.ofNullable(p.getDisplayName()), profile -> Optional.ofNullable(profile.getDisplayName()));
+    }
+
+    @Override
+    public List<_ThreePid> getThreepids(_MatrixID userId) {
+        return doRequest(userId, p -> Optional.ofNullable(p.getThreepids()), profile -> {
+            List<_ThreePid> t = new ArrayList<>();
+            if (Objects.nonNull(profile.getThreepids())) {
+                t.addAll(profile.getThreepids());
+            }
+            return Optional.of(t);
+        }).orElseGet(Collections::emptyList);
+    }
+
+    @Override
+    public List<String> getRoles(_MatrixID userId) {
+        return doRequest(userId, p -> Optional.ofNullable(p.getRoles()), profile -> {
+            List<String> t = new ArrayList<>();
+            if (Objects.nonNull(profile.getRoles())) {
+                t.addAll(profile.getRoles());
+            }
+            return Optional.of(t);
+        }).orElseGet(Collections::emptyList);
+    }
+
+}

src/main/java/io/kamax/mxisd/backend/rest/RestProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/backend/rest/RestThreePidProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -60,9 +60,9 @@ public class RestThreePidProvider extends RestProvider implements IThreePidProvi
     // TODO refactor in lookup manager with above FIXME
     private _MatrixID getMxId(UserID id) {
         if (UserIdType.Localpart.is(id.getType())) {
-            return new MatrixID(id.getValue(), mxCfg.getDomain());
+            return MatrixID.asAcceptable(id.getValue(), mxCfg.getDomain());
         } else {
-            return new MatrixID(id.getValue());
+            return MatrixID.asAcceptable(id.getValue());
         }
     }
 

src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java

@@ -85,11 +85,11 @@ public abstract class SqlThreePidProvider implements IThreePidProvider {
                         log.info("Found match: {}", uid);
                         if (StringUtils.equals("uid", cfg.getIdentity().getType())) {
                             log.info("Resolving as localpart");
-                            return Optional.of(new SingleLookupReply(request, new MatrixID(uid, mxCfg.getDomain())));
+                            return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(uid, mxCfg.getDomain())));
                         }
                         if (StringUtils.equals("mxid", cfg.getIdentity().getType())) {
                             log.info("Resolving as MXID");
-                            return Optional.of(new SingleLookupReply(request, new MatrixID(uid)));
+                            return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(uid)));
                         }
 
                         log.info("Identity type is unknown, skipping");

src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlDirectoryProvider.java

@@ -86,7 +86,7 @@ public abstract class GenericSqlDirectoryProvider implements IDirectoryProvider
                     while (rSet.next()) {
                         processRow(rSet).ifPresent(e -> {
                             if (StringUtils.equalsIgnoreCase("localpart", query.getType())) {
-                                e.setUserId(new MatrixID(e.getUserId(), mxCfg.getDomain()).getId());
+                                e.setUserId(MatrixID.asAcceptable(e.getUserId(), mxCfg.getDomain()).getId());
                             }
                             result.addResult(e);
                         });

src/main/java/io/kamax/mxisd/config/AsyncConfig.java

@@ -0,0 +1,36 @@
+/*
+ * mxisd - Matrix Identity Server Daemon
+ * Copyright (C) 2018 Kamax Sarl
+ *
+ * https://www.kamax.io/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package io.kamax.mxisd.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.AsyncSupportConfigurer;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+@Configuration
+public class AsyncConfig extends WebMvcConfigurerAdapter {
+
+    @Override
+    public void configureAsyncSupport(AsyncSupportConfigurer configurer) {
+        configurer.setDefaultTimeout(60 * 60 * 1000); // 1h in milliseconds
+        super.configureAsyncSupport(configurer);
+    }
+
+}

src/main/java/io/kamax/mxisd/config/AuthenticationConfig.java

@@ -0,0 +1,110 @@
+/*
+ * mxisd - Matrix Identity Server Daemon
+ * Copyright (C) 2018 Kamax Sarl
+ *
+ * https://www.kamax.io/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package io.kamax.mxisd.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import javax.annotation.PostConstruct;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+@Configuration
+@ConfigurationProperties(prefix = "auth")
+public class AuthenticationConfig {
+
+    public static class Rule {
+
+        private String regex;
+        private transient Pattern pattern;
+        private String medium;
+
+        public String getRegex() {
+            return regex;
+        }
+
+        public void setRegex(String regex) {
+            this.regex = regex;
+        }
+
+        public Pattern getPattern() {
+            return pattern;
+        }
+
+        public void setPattern(Pattern pattern) {
+            this.pattern = pattern;
+        }
+
+        public String getMedium() {
+            return medium;
+        }
+
+        public void setMedium(String medium) {
+            this.medium = medium;
+        }
+
+    }
+
+    public static class User {
+
+        private List<Rule> rules = new ArrayList<>();
+
+        public List<Rule> getRules() {
+            return rules;
+        }
+
+        public void setRules(List<Rule> mappings) {
+            this.rules = mappings;
+        }
+
+    }
+
+    public static class Rewrite {
+
+        private User user = new User();
+
+        public User getUser() {
+            return user;
+        }
+
+        public void setUser(User user) {
+            this.user = user;
+        }
+
+    }
+
+    private Rewrite rewrite = new Rewrite();
+
+    public Rewrite getRewrite() {
+        return rewrite;
+    }
+
+    public void setRewrite(Rewrite rewrite) {
+        this.rewrite = rewrite;
+    }
+
+    @PostConstruct
+    public void build() {
+        getRewrite().getUser().getRules().forEach(mapping -> mapping.setPattern(Pattern.compile(mapping.getRegex())));
+    }
+
+}

src/main/java/io/kamax/mxisd/config/BulkLookupConfig.java

@@ -23,6 +23,7 @@ package io.kamax.mxisd.config;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 
+import javax.annotation.PostConstruct;
 import java.util.Objects;
 
 @Configuration
@@ -39,6 +40,7 @@ public class BulkLookupConfig {
         this.enabled = enabled;
     }
 
+    @PostConstruct
     public void build() {
         if (Objects.isNull(enabled)) {
             enabled = true;

src/main/java/io/kamax/mxisd/config/DirectoryConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/DnsOverwriteConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/FirebaseConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/ForwardConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/KeyConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/MatrixConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/RecursiveLookupBridgeConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/RecursiveLookupConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/SQLiteStorageConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/ServerConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/SessionConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/StorageConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/ThymeleafConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/ViewConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/ldap/LdapConfig.java

@@ -110,6 +110,7 @@ public abstract class LdapConfig {
         private String bindDn;
         private String bindPassword;
         private String baseDn;
+        private List<String> baseDNs = new ArrayList<>();
 
         public boolean isTls() {
             return tls;
@@ -151,14 +152,24 @@ public abstract class LdapConfig {
             this.bindPassword = bindPassword;
         }
 
+        @Deprecated
         public String getBaseDn() {
             return baseDn;
         }
 
+        @Deprecated
         public void setBaseDn(String baseDn) {
             this.baseDn = baseDn;
         }
 
+        public List<String> getBaseDNs() {
+            return baseDNs;
+        }
+
+        public void setBaseDNs(List<String> baseDNs) {
+            this.baseDNs = baseDNs;
+        }
+
     }
 
     public static class Directory {
@@ -253,11 +264,11 @@ public abstract class LdapConfig {
     private boolean enabled;
     private String filter;
 
-    private Connection connection;
+    private Connection connection = new Connection();
-    private Attribute attribute;
+    private Attribute attribute = new Attribute();
-    private Auth auth;
+    private Auth auth = new Auth();
-    private Directory directory;
+    private Directory directory = new Directory();
-    private Identity identity;
+    private Identity identity = new Identity();
     private Profile profile = new Profile();
 
     protected abstract String getConfigName();
@@ -343,8 +354,14 @@ public abstract class LdapConfig {
             throw new IllegalStateException("LDAP port is not valid");
         }
 
-        if (StringUtils.isBlank(connection.getBaseDn())) {
+        // Backward compatibility with the old option
-            throw new ConfigurationException("ldap.connection.baseDn");
+        if (!StringUtils.isBlank(connection.baseDn)) {
+            connection.getBaseDNs().add(connection.baseDn);
+        }
+
+        if (connection.getBaseDNs().isEmpty()) {
+            throw new ConfigurationException("ldap.connection.baseDNs",
+                    "You must specify at least one Base DN via the singular or plural config option");
         }
 
         if (StringUtils.isBlank(attribute.getUid().getType())) {
@@ -386,7 +403,10 @@ public abstract class LdapConfig {
         log.info("Port: {}", connection.getPort());
         log.info("TLS: {}", connection.isTls());
         log.info("Bind DN: {}", connection.getBindDn());
-        log.info("Base DN: {}", connection.getBaseDn());
+        log.info("Base DNs: {}");
+        for (String baseDN : connection.getBaseDNs()) {
+            log.info("\t- {}", baseDN);
+        }
 
         log.info("Attribute: {}", GsonUtil.get().toJson(attribute));
         log.info("Auth: {}", GsonUtil.get().toJson(auth));

src/main/java/io/kamax/mxisd/config/memory/MemoryIdentityConfig.java

@@ -1,6 +1,6 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2018 Maxime Dor
+ * Copyright (C) 2018 Kamax Sarl
  *
  * https://www.kamax.io/
  *

src/main/java/io/kamax/mxisd/config/memory/MemoryStoreConfig.java

@@ -1,6 +1,6 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2018 Maxime Dor
+ * Copyright (C) 2018 Kamax Sarl
  *
  * https://www.kamax.io/
  *

src/main/java/io/kamax/mxisd/config/memory/MemoryThreePid.java

@@ -1,6 +1,6 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2018 Maxime Dor
+ * Copyright (C) 2018 Kamax Sarl
  *
  * https://www.kamax.io/
  *

src/main/java/io/kamax/mxisd/config/rest/RestBackendConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -30,6 +30,8 @@ import org.springframework.context.annotation.Configuration;
 import javax.annotation.PostConstruct;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.Objects;
+import java.util.Optional;
 
 @Configuration
 @ConfigurationProperties("rest")
@@ -58,11 +60,44 @@ public class RestBackendConfig {
 
     }
 
+    public static class ProfileEndpoints {
+
+        private String displayName;
+        private String threepids;
+        private String roles;
+
+        public String getDisplayName() {
+            return displayName;
+        }
+
+        public void setDisplayName(String displayName) {
+            this.displayName = displayName;
+        }
+
+        public String getThreepids() {
+            return threepids;
+        }
+
+        public void setThreepids(String threepids) {
+            this.threepids = threepids;
+        }
+
+        public String getRoles() {
+            return roles;
+        }
+
+        public void setRoles(String roles) {
+            this.roles = roles;
+        }
+
+    }
+
     public static class Endpoints {
 
         private String auth;
         private String directory;
         private IdentityEndpoints identity = new IdentityEndpoints();
+        private ProfileEndpoints profile;
 
         public String getAuth() {
             return auth;
@@ -88,6 +123,14 @@ public class RestBackendConfig {
             this.identity = identity;
         }
 
+        public Optional<ProfileEndpoints> getProfile() {
+            return Optional.ofNullable(profile);
+        }
+
+        public void setProfile(ProfileEndpoints profile) {
+            this.profile = profile;
+        }
+
     }
 
     private Logger log = LoggerFactory.getLogger(RestBackendConfig.class);
@@ -121,21 +164,21 @@ public class RestBackendConfig {
     }
 
     private String buildEndpointUrl(String endpoint) {
-        if (StringUtils.startsWith(endpoint, "/")) {
+        if (!StringUtils.startsWith(endpoint, "/")) {
-            if (StringUtils.isBlank(getHost())) {
-                throw new ConfigurationException("rest.host");
-            }
-
-            try {
-                new URL(getHost());
-            } catch (MalformedURLException e) {
-                throw new ConfigurationException("rest.host", e.getMessage());
-            }
-
-            return getHost() + endpoint;
-        } else {
             return endpoint;
         }
+
+        if (StringUtils.isBlank(getHost())) {
+            throw new ConfigurationException("rest.host");
+        }
+
+        try {
+            new URL(getHost());
+        } catch (MalformedURLException e) {
+            throw new ConfigurationException("rest.host", e.getMessage());
+        }
+
+        return getHost() + endpoint;
     }
 
     @PostConstruct
@@ -149,6 +192,12 @@ public class RestBackendConfig {
             endpoints.identity.setSingle(buildEndpointUrl(endpoints.identity.getSingle()));
             endpoints.identity.setBulk(buildEndpointUrl(endpoints.identity.getBulk()));
 
+            if (Objects.nonNull(endpoints.profile)) {
+                endpoints.profile.setDisplayName(buildEndpointUrl(endpoints.profile.getDisplayName()));
+                endpoints.profile.setThreepids(buildEndpointUrl(endpoints.profile.getThreepids()));
+                endpoints.profile.setRoles(buildEndpointUrl(endpoints.profile.getRoles()));
+            }
+
             log.info("Host: {}", getHost());
             log.info("Auth endpoint: {}", endpoints.getAuth());
             log.info("Directory endpoint: {}", endpoints.getDirectory());

src/main/java/io/kamax/mxisd/config/threepid/connector/EmailSmtpConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/connector/PhoneTwilioConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/medium/EmailConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/medium/EmailTemplateConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/medium/PhoneSmsTemplateConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/config/threepid/notification/NotificationConfig.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/DefaultExceptionHandler.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/PingController.java

@@ -1,6 +1,6 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2018 Maxime Dor
+ * Copyright (C) 2018 Kamax Sarl
  *
  * https://www.kamax.io/
  *

src/main/java/io/kamax/mxisd/controller/app/v1/AppServiceController.java

@@ -20,13 +20,11 @@
 
 package io.kamax.mxisd.controller.app.v1;
 
-import com.google.gson.JsonObject;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.as.AppServiceHandler;
 import io.kamax.mxisd.config.ListenerConfig;
 import io.kamax.mxisd.exception.HttpMatrixException;
 import io.kamax.mxisd.exception.NotAllowedException;
-import io.kamax.mxisd.util.GsonParser;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -36,7 +34,8 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.List;
+import java.io.IOException;
+import java.util.concurrent.CompletableFuture;
 
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 import static org.springframework.web.bind.annotation.RequestMethod.PUT;
@@ -50,13 +49,11 @@ public class AppServiceController {
     private final ListenerConfig cfg;
 
     private final String notFoundBody;
-    private final GsonParser parser;
     private final AppServiceHandler handler;
 
     @Autowired
     public AppServiceController(ListenerConfig cfg, AppServiceHandler handler) {
         this.notFoundBody = GsonUtil.get().toJson(GsonUtil.makeObj("errcode", "io.kamax.mxisd.AS_NOT_FOUND"));
-        this.parser = new GsonParser();
 
         this.cfg = cfg;
         this.handler = handler;
@@ -89,22 +86,19 @@ public class AppServiceController {
     }
 
     @RequestMapping(value = "/transactions/{txnId:.+}", method = PUT)
-    public Object getTransaction(
+    public CompletableFuture<String> getTransaction(
             HttpServletRequest request,
             @RequestParam(name = "access_token", required = false) String token,
-            @PathVariable String txnId) {
+            @PathVariable String txnId
+    ) {
+        validateToken(token);
+
         try {
-            validateToken(token);
+            log.info("Received AS transaction {}", txnId);
-
+            return handler.processTransaction(txnId, request.getInputStream());
-            log.info("Processing transaction {}", txnId);
+        } catch (IOException e) {
-            List<JsonObject> events = GsonUtil.asList(GsonUtil.getArray(parser.parse(request.getInputStream()), "events"), JsonObject.class);
+            throw new RuntimeException("AS Transaction " + txnId + ": I/O error when getting input", e);
-            handler.processTransaction(events);
-            return "{}";
-        } catch (Throwable e) {
-            log.warn("Unable to properly process transaction", e);
         }
-
-        return "{}";
     }
 
 }

src/main/java/io/kamax/mxisd/controller/auth/v1/AuthController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -20,25 +20,18 @@
 
 package io.kamax.mxisd.controller.auth.v1;
 
-import com.google.gson.*;
+import com.google.gson.Gson;
-import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.gson.JsonElement;
-import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.gson.JsonObject;
-import com.google.i18n.phonenumbers.Phonenumber;
 import io.kamax.mxisd.auth.AuthManager;
 import io.kamax.mxisd.auth.UserAuthResult;
 import io.kamax.mxisd.controller.auth.v1.io.CredentialsValidationResponse;
-import io.kamax.mxisd.dns.ClientDnsOverwrite;
 import io.kamax.mxisd.exception.JsonMemberNotFoundException;
-import io.kamax.mxisd.exception.RemoteLoginException;
-import io.kamax.mxisd.lookup.strategy.LookupStrategy;
 import io.kamax.mxisd.util.GsonParser;
 import io.kamax.mxisd.util.GsonUtil;
-import io.kamax.mxisd.util.RestClientUtils;
+import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
@@ -54,10 +47,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URI;
+import java.nio.charset.StandardCharsets;
 
 @RestController
 @CrossOrigin
-@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
+@RequestMapping(produces = MediaType.APPLICATION_JSON_VALUE)
 public class AuthController {
 
     // TODO export into SDK
@@ -71,23 +65,9 @@ public class AuthController {
     @Autowired
     private AuthManager mgr;
 
-    @Autowired
-    private LookupStrategy strategy;
-
-    @Autowired
-    private ClientDnsOverwrite dns;
-
     @Autowired
     private CloseableHttpClient client;
 
-    private String resolveProxyUrl(HttpServletRequest req) {
-        URI target = URI.create(req.getRequestURL().toString());
-        URIBuilder builder = dns.transform(target);
-        String urlToLogin = builder.toString();
-        log.info("Proxy resolution: {} to {}", target.toString(), urlToLogin);
-        return urlToLogin;
-    }
-
     @RequestMapping(value = "/_matrix-internal/identity/v1/check_credentials", method = RequestMethod.POST)
     public String checkCredentials(HttpServletRequest req) {
         try {
@@ -120,7 +100,9 @@ public class AuthController {
 
     @RequestMapping(value = logV1Url, method = RequestMethod.GET)
     public String getLogin(HttpServletRequest req, HttpServletResponse res) {
-        try (CloseableHttpResponse hsResponse = client.execute(new HttpGet(resolveProxyUrl(req)))) {
+        URI target = URI.create(req.getRequestURL().toString());
+
+        try (CloseableHttpResponse hsResponse = client.execute(new HttpGet(mgr.resolveProxyUrl(target)))) {
             res.setStatus(hsResponse.getStatusLine().getStatusCode());
             return EntityUtils.toString(hsResponse.getEntity());
         } catch (IOException e) {
@@ -130,98 +112,11 @@ public class AuthController {
 
     @RequestMapping(value = logV1Url, method = RequestMethod.POST)
     public String login(HttpServletRequest req) {
+        URI target = URI.create(req.getRequestURL().toString());
         try {
-            JsonObject reqJsonObject = parser.parse(req.getInputStream());
+            return mgr.proxyLogin(target, IOUtils.toString(req.getInputStream(), StandardCharsets.UTF_8));
-
-            // find 3PID in main object
-            GsonUtil.findPrimitive(reqJsonObject, "medium").ifPresent(medium -> {
-                GsonUtil.findPrimitive(reqJsonObject, "address").ifPresent(address -> {
-                    log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
-                    strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
-                        reqJsonObject.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
-                        reqJsonObject.remove("medium");
-                        reqJsonObject.remove("address");
-                    });
-                });
-            });
-
-            // find 3PID in 'identifier' object
-            GsonUtil.findObj(reqJsonObject, "identifier").ifPresent(identifier -> {
-                GsonUtil.findPrimitive(identifier, "type").ifPresent(type -> {
-
-                    if (StringUtils.equals(type.getAsString(), "m.id.thirdparty")) {
-                        GsonUtil.findPrimitive(identifier, "medium").ifPresent(medium -> {
-                            GsonUtil.findPrimitive(identifier, "address").ifPresent(address -> {
-                                log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
-                                strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
-                                    identifier.addProperty("type", "m.id.user");
-                                    identifier.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
-                                    identifier.remove("medium");
-                                    identifier.remove("address");
-                                });
-                            });
-                        });
-                    }
-
-                    if (StringUtils.equals(type.getAsString(), "m.id.phone")) {
-                        GsonUtil.findPrimitive(identifier, "number").ifPresent(number -> {
-                            GsonUtil.findPrimitive(identifier, "country").ifPresent(country -> {
-                                log.info("Login request with phone '{}'-'{}'", country.getAsString(), number.getAsString());
-                                try {
-                                    PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
-                                    Phonenumber.PhoneNumber phoneNumber = phoneUtil.parse(number.getAsString(), country.getAsString());
-                                    String canon_phoneNumber = phoneUtil.format(phoneNumber, PhoneNumberUtil.PhoneNumberFormat.E164).replace("+", "");
-                                    String medium = "msisdn";
-                                    strategy.findLocal(medium, canon_phoneNumber).ifPresent(lookupDataOpt -> {
-                                        identifier.addProperty("type", "m.id.user");
-                                        identifier.addProperty("user", lookupDataOpt.getMxid().getLocalPart());
-                                        identifier.remove("country");
-                                        identifier.remove("number");
-                                    });
-                                } catch (NumberParseException e) {
-                                    throw new RuntimeException(e);
-                                }
-                            });
-                        });
-                    }
-                });
-            });
-
-            // invoke 'login' on homeserver
-            HttpPost httpPost = RestClientUtils.post(resolveProxyUrl(req), gson, reqJsonObject);
-            try (CloseableHttpResponse httpResponse = client.execute(httpPost)) {
-                // check http status
-                int status = httpResponse.getStatusLine().getStatusCode();
-                log.info("http status = {}", status);
-                if (status != 200) {
-                    // try to get possible json error message from response
-                    // otherwise just get returned plain error message
-                    String errcode = String.valueOf(httpResponse.getStatusLine().getStatusCode());
-                    String error = EntityUtils.toString(httpResponse.getEntity());
-                    if (httpResponse.getEntity() != null) {
-                        try {
-                            JsonObject bodyJson = new JsonParser().parse(error).getAsJsonObject();
-                            if (bodyJson.has("errcode")) {
-                                errcode = bodyJson.get("errcode").getAsString();
-                            }
-                            if (bodyJson.has("error")) {
-                                error = bodyJson.get("error").getAsString();
-                            }
-                            throw new RemoteLoginException(status, errcode, error, bodyJson);
-                        } catch (JsonSyntaxException e) {
-                            log.warn("Response body is not JSON");
-                        }
-                    }
-                    throw new RemoteLoginException(status, errcode, error);
-                }
-
-                /// return response
-                JsonObject respJsonObject = parser.parseOptional(httpResponse).get();
-                return gson.toJson(respJsonObject);
-            } catch (IOException e) {
-                throw new RuntimeException(e);
-            }
         } catch (IOException e) {
+            log.error("Unable to read input data from client");
             throw new RuntimeException(e);
         }
     }

src/main/java/io/kamax/mxisd/controller/auth/v1/io/CredentialsValidationResponse.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/directory/v1/UserDirectoryController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/directory/v1/io/UserDirectorySearchRequest.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/directory/v1/io/UserDirectorySearchResult.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/ClientBulkLookupAnswer.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/ClientBulkLookupRequest.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/IdentityAPIv1.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/InvitationController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -73,7 +73,7 @@ class InvitationController {
         for (String key : request.getParameterMap().keySet()) {
             parameters.put(key, request.getParameter(key));
         }
-        IThreePidInvite invite = new ThreePidInvite(new MatrixID(sender), medium, address, roomId, parameters);
+        IThreePidInvite invite = new ThreePidInvite(MatrixID.asAcceptable(sender), medium, address, roomId, parameters);
         IThreePidInviteReply reply = mgr.storeInvite(invite);
 
         return gson.toJson(new ThreePidInviteReplyIO(reply, keyMgr.getPublicKeyBase64(keyMgr.getCurrentIndex()), srvCfg.getPublicUrl()));

src/main/java/io/kamax/mxisd/controller/identity/v1/KeyController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/MappingController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/SessionController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/SessionRestController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/StatusController.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/GenericTokenRequestJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/KeyValidityJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/RequestTokenResponse.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/SessionEmailTokenRequestJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/SessionPhoneTokenRequestJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/SingeLookupReplyJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/SuccessStatusJson.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/io/ThreePidInviteReplyIO.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/controller/identity/v1/remote/RemoteIdentityAPIv1.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/directory/DirectoryManager.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/directory/IDirectoryProvider.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/dns/ClientDnsOverwrite.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/dns/FederationDnsOverwrite.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/exception/BadRequestException.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/exception/ConfigurationException.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/exception/FeatureNotAvailable.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/exception/HttpMatrixException.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as

src/main/java/io/kamax/mxisd/exception/InternalServerError.java

@@ -1,8 +1,8 @@
 /*
  * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
  *
- * https://max.kamax.io/
+ * https://www.kamax.io/
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as