Properly handle /v1/store-invite

Catch and handle more exceptions in Base HTTP handler
Properly handle v1 of 3pid/bind
2019-01-16 02:57:40 +01:00 · 2019-01-16 02:57:40 +01:00 · 2019-01-16 02:57:40 +01:00 · 2019-01-16 02:57:40 +01:00 · 2019-01-16 01:31:21 +01:00 · 2019-01-15 06:22:03 +01:00
330 changed files with 7667 additions and 3875 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ out/
 .idea/
 # Local dev config
 /mxisd.yaml
 /application.yaml
 # Local dev storage
--- a/3
+++ b/3
@@ -14,4 +14,5 @@ ENV SQLITE_DATABASE_PATH="/var/mxisd/mxisd.db"
 CMD [ "/start.sh" ]
 ADD src/docker/start.sh /start.sh
-ADD build/libs/mxisd.jar /mxisd.jar
+ADD src/script/mxisd /app/mxisd
 ADD build/libs/mxisd.jar /app/mxisd.jar
--- a/build.gradle
+++ b/build.gradle
@@ -21,9 +21,11 @@
 import java.util.regex.Pattern
 apply plugin: 'java'
-apply plugin: 'org.springframework.boot'
+apply plugin: 'application'
 apply plugin: 'com.github.johnrengelman.shadow'
 apply plugin: 'idea'
-def confFileName = "application.example.yaml"
+def confFileName = "mxisd.example.yaml"
 def distDir = "${project.buildDir}/dist"
 def debBinPath = "/usr/lib/mxisd"
@@ -31,7 +33,8 @@ def debConfPath = "/etc/mxisd"
 def debDataPath = "/var/lib/mxisd"
 def debSystemdPath = "/etc/systemd/system"
-def debConfFileName = "mxisd-sample.yaml"
+def debConfFileName = confFileName
 def debStartScriptFilename = "mxisd"
 def debBuildBasePath = "${project.buildDir}/tmp/debian"
 def debBuildDebianPath = "${debBuildBasePath}/DEBIAN"
@@ -43,6 +46,9 @@ def debBuildSystemdPath = "${debBuildBasePath}${debSystemdPath}"
 def dockerImageName = "kamax/mxisd"
 def dockerImageTag = "${dockerImageName}:${mxisdVersion()}"
 group = 'io.kamax'
 mainClassName = 'io.kamax.mxisd.MxisdStandaloneExec'
 String mxisdVersion() {
    def versionPattern = Pattern.compile("v(\\d+\\.)?(\\d+\\.)?(\\d+)(-.*)?")
@@ -59,38 +65,41 @@ String gitVersion() {
        commandLine = ['git', 'describe', '--tags', '--always', '--dirty']
        standardOutput = out
    }
-    return out.toString().replace(System.lineSeparator(), '');
+    return out.toString().replace(System.lineSeparator(), '')
 }
 buildscript {
    repositories {
-        mavenCentral()
+        jcenter()
    }
    dependencies {
-        classpath 'org.springframework.boot:spring-boot-gradle-plugin:1.5.3.RELEASE'
+        classpath 'com.github.jengelman.gradle.plugins:shadow:4.0.3'
    }
 }
 repositories {
-    mavenCentral()
+    jcenter()
    maven { url "https://kamax.io/maven/releases/" }
    maven { url "https://kamax.io/maven/snapshots/" }
 }
 dependencies {
    // Logging
    compile 'org.slf4j:slf4j-simple:1.7.25'
    // Easy file management
    compile 'commons-io:commons-io:2.5'
-
+    
-    // Spring Boot - standalone app
+    // Config management
-    compile 'org.springframework.boot:spring-boot-starter-web:1.5.10.RELEASE'
+    compile 'org.yaml:snakeyaml:1.23'
    // Thymeleaf for HTML templates
    compile "org.springframework.boot:spring-boot-starter-thymeleaf:1.5.10.RELEASE"
    // Matrix Java SDK
    compile 'io.kamax:matrix-java-sdk:0.0.14-8-g0e57ec6'
    // ORMLite
    compile 'com.j256.ormlite:ormlite-jdbc:5.0'
    // ed25519 handling
    compile 'net.i2p.crypto:eddsa:0.1.0'
@@ -107,15 +116,12 @@ dependencies {
    compile 'com.googlecode.libphonenumber:libphonenumber:8.7.1'
    // E-mail sending
-    compile 'com.sun.mail:javax.mail:1.5.6'
+    compile 'javax.mail:javax.mail-api:1.6.2'
-    compile 'javax.mail:javax.mail-api:1.5.6'
+    compile 'com.sun.mail:javax.mail:1.6.2'
    // Google Firebase Authentication backend
    compile 'com.google.firebase:firebase-admin:5.3.0'
    // ORMLite
    compile 'com.j256.ormlite:ormlite-jdbc:5.0'
    // Connection Pool
    compile 'com.mchange:c3p0:0.9.5.2'
@@ -123,7 +129,7 @@ dependencies {
    compile 'org.xerial:sqlite-jdbc:3.20.0'
    // PostgreSQL
-    compile 'org.postgresql:postgresql:42.1.4'
+    compile 'org.postgresql:postgresql:42.2.5'
    // MariaDB/MySQL
    compile 'org.mariadb.jdbc:mariadb-java-client:2.1.2'
@@ -137,36 +143,28 @@ dependencies {
    // ZT-Exec for exec identity store
    compile 'org.zeroturnaround:zt-exec:1.10'
    // HTTP server
    compile 'io.undertow:undertow-core:2.0.16.Final'
    testCompile 'junit:junit:4.12'
    testCompile 'com.github.tomakehurst:wiremock:2.8.0'
    testCompile 'com.unboundid:unboundid-ldapsdk:4.0.9'
    testCompile 'com.icegreen:greenmail:1.5.9'
 }
-springBoot {
+shadowJar {
-    executable = true
+    baseName = project.name
-
+    classifier = null
-    embeddedLaunchScriptProperties = [
+    version = null
            confFolder: "/etc/default"
    ]
 }
-processResources {
+task debBuild(dependsOn: shadowJar) {
    doLast {
-        copy {
+        String debVersion = mxisdVersion()
-            from('build/resources/main/application.yaml') {
+        println "Version for package: ${debVersion}"
                rename 'application.yaml', 'mxisd.yaml'
            }
            into 'build/resources/main'
        }
    }
 }
 task buildDeb(dependsOn: build) {
    doLast {
        def v = mxisdVersion()
        println "Version for package: ${v}"
        mkdir distDir
        mkdir debBuildBasePath
-        mkdir "${debBuildBasePath}/DEBIAN"
+        mkdir debBuildDebianPath
        mkdir debBuildBinPath
        mkdir debBuildConfPath
        mkdir debBuildDataPath
@@ -177,10 +175,10 @@ task buildDeb(dependsOn: build) {
            into debBuildBinPath
        }
-        ant.chmod(
+        copy {
-                file: "${debBuildBinPath}/mxisd.jar",
+            from "${project.file("src/script/" + debStartScriptFilename)}"
-                perm: 'a+x'
+            into debBuildBinPath
-        )
+        }
        copy {
            from(project.file(confFileName)) {
@@ -189,16 +187,16 @@ task buildDeb(dependsOn: build) {
            into debBuildConfPath
        }
-        ant.replaceregexp(
+        ant.replaceregexp( // FIXME adapt to new config format
                file: "${debBuildConfPath}/${debConfFileName}",
-                match: "key.path:(.*)",
+                match: "key:\\R  path:(.*)",
-                replace: "key.path: '${debDataPath}/signing.key'"
+                replace: "key:\n  path: '${debDataPath}/signing.key'"
        )
-        ant.replaceregexp(
+        ant.replaceregexp( // FIXME adapt to new config format
                file: "${debBuildConfPath}/${debConfFileName}",
-                match: "storage.provider.sqlite.database:(.*)",
+                match: "storage:\\R  provider:\\R    sqlite:\\R      database:(.*)",
-                replace: "storage.provider.sqlite.database: '${debDataPath}/mxisd.db'"
+                replace: "storage:\n  provider:\n    sqlite:\n      database: '${debDataPath}/mxisd.db'"
        )
        copy {
@@ -209,7 +207,7 @@ task buildDeb(dependsOn: build) {
        ant.replace(
                file: "${debBuildDebianPath}/control",
                token: 'Version: 0',
-                value: "Version: ${v}"
+                value: "Version: ${debVersion}"
        )
        ant.replace(
@@ -245,7 +243,7 @@ task buildDeb(dependsOn: build) {
    }
 }
-task dockerBuild(type: Exec, dependsOn: build) {
+task dockerBuild(type: Exec, dependsOn: shadowJar) {
    commandLine 'docker', 'build', '-t', dockerImageTag, project.rootDir
    doLast {
--- a/docs/README.md
+++ b/docs/README.md
@@ -5,6 +5,7 @@
 - Installation
  - [Debian package](install/debian.md)
  - [ArchLinux](install/archlinux.md)
  - [NixOS](install/nixos.md)
  - [Docker](install/docker.md)
  - [From source](install/source.md)
 - [Architecture overview](architecture.md)
@@ -22,4 +23,4 @@
    - [SendGrid](threepids/notification/sendgrid-handler.md)
 - [Sessions](threepids/session/session.md)
  - [Views](threepids/session/session-views.md)
- [FAQ](faq.md)
+- [FAQ](faq.md)
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -1 +1 @@
-theme: jekyll-theme-cayman
+theme: jekyll-theme-hacker
--- a/docs/build.md
+++ b/docs/build.md
@@ -17,9 +17,8 @@ cd mxisd
 ./gradlew build
 ```
-Create a new configuration file by coping `application.example.yaml` to `application.yaml` and edit to your needs.  
+Create a new configuration file by coping `mxisd.example.yaml` to `mxisd.yaml` and edit to your needs.  
-For advanced configuration, see the [Configure section](configure.md).  
+For advanced configuration, see the [Configure section](configure.md).
 **NOTE**: `application.yaml` is also called `mxisd.yaml` in some specific installations.
 Start the server in foreground to validate the build and configuration:
 ```bash
@@ -29,12 +28,14 @@ java -jar build/libs/mxisd.jar
 Ensure the signing key is available:
 ```bash
 $ curl 'http://localhost:8090/_matrix/identity/api/v1/pubkey/ed25519:0'
 {"public_key":"..."}
 ```
 Test basic recursive lookup (requires Internet connection with access to TCP 443):
 ```bash
 $ curl 'http://localhost:8090/_matrix/identity/api/v1/lookup?medium=email&address=mxisd-federation-test@kamax.io'
 {"address":"mxisd-federation-test@kamax.io","medium":"email","mxid":"@mxisd-lookup-test:kamax.io",...}
 ```
@@ -57,7 +58,7 @@ Requirements:
 [Build mxisd](#build) then:
 ```bash
-./gradlew buildDeb 
+./gradlew debBuild
 ```
 You will find the debian package in `build/dist`.  
 Then follow the instruction in the [Debian package](install/debian.md) document.
@@ -70,4 +71,4 @@ Then follow the instruction in the [Debian package](install/debian.md) document.
 Then follow the instructions in the [Docker install](install/docker.md#configure) document.
 ## Next steps
- [Integrate with your infrastructure](getting-started.md#integrate)
+- [Integrate with your infrastructure](getting-started.md#integrate)
--- a/docs/configure.md
+++ b/docs/configure.md
@@ -1,7 +1,6 @@
 # Configuration
 - [Concepts](#concepts)
  - [Syntax](#syntax)
  - [Variables](#variables)
 - [Matrix](#matrix)
 - [Server](#server)
 - [Storage](#storage)
@@ -11,36 +10,15 @@
 ## Concepts
 ### Syntax
-The configuration file is [YAML](http://yaml.org/) based, allowing two types of syntax.
+The configuration file is [YAML](http://yaml.org/) based:
 Properties-like:
 ```yaml
 my.config.item: 'value'
 ```
 Object-like:
 ```yaml
 my:
  config:
    item: 'value'
 ```
 These can also be combined within the same file.  
 Both syntax will be used interchangeably in these documents.
 ### Variables
 It is possible to copy the value of a configuration item into another using the syntax `${config.key.item}`.  
 Example that will copy the value of `matrix.domain` into `server.name`:
 ```yaml
 matrix:
  domain: 'example.org'
 server:
  name: '${matrix.domain}'
 ```
 **WARNING:** mxisd might overwrite/adapt some values during launch. Those changes will not be reflected into copied keys.
 When referencing keys in all documents, a property-like shorthand will be used. The shorthand for the above example would be `my.config.item`
 ## Matrix
 `matrix.domain`
@@ -53,10 +31,12 @@ Namespace to create arbitrary list of Identity servers, usable in other parts of
 Example:
 ```yaml
-matrix.identity.servers:
+matrix:
-  myOtherServers:
+  identity:
-    - 'https://other1.example.org'
+    servers:
-    - 'https://other2.example.org'
+      myOtherServers:
        - 'https://other1.example.org'
        - 'https://other2.example.org'
 ```
 Create a list under the label `root` containing a single Identity server, `https://matrix.org`
@@ -82,19 +62,23 @@ See the dedicated documents:
 Example:
 ```yaml
-notification.handler.email: 'sendgrid'
+notification:
-notification.handler.msisdn: 'raw'
+  handler:
    email: 'sendgrid'
    msisdn: 'raw'
 ```
 - Emails notifications would use the `sendgrid` handler, which define its own configuration under `notification.handlers.sendgrid`
- Phone notification would use the `raw` handler, basic default built-in handler of mxisd
+- Phone notification would use the `raw` handler, basic default built-in handler in mxisd
 ### Handlers
 - `notification.handers.<handler ID>`: Handler-specific configuration for the given handler ID. Repeatable.
 Example:
 ```yaml
-notification.handlers.raw: ...
+notification:
-notification.handlers.sendgrid: ...
+  handlers:
    raw: ...
    sendgrid: ...
 ```
 Built-in:
--- a/docs/features/authentication.md
+++ b/docs/features/authentication.md
@@ -74,7 +74,15 @@ See your Identity store [documentation](../stores/README.md) on how to enable th
 ## Advanced
-The Authentication feature allows users to login to their Homeserver by using their 3PIDs in a configured Identity store.
+The Authentication feature allows users to:
 - Rewrite usernames matching a pattern to be mapped to another username via a 3PID.
 - login to their Homeserver by using their 3PIDs in a configured Identity store.
 This feature also allows to work around the following issues:
 - Lowercase all usernames for synapse, allowing case-insensitive login
 - Unable to login on synapse if username is numerical
 - Any generic transformation of username prior to sending to synapse, bypassing the restriction that password providers
 cannot change the localpart being authenticated.
 ### Overview
 This is performed by intercepting the Homeserver endpoint `/_matrix/client/r0/login` as depicted below:
@@ -109,10 +117,10 @@ Steps of user authentication using a 3PID:
 4. The response from the Homeserver is sent back to the client, believing it was the HS which directly answered.
 ### Requirements
 - [Basic Authentication configured and working](#basic)
 - Reverse proxy setup
 - Homeserver
 - Compatible [Identity store](../stores/README.md)
 - [Basic Authentication configured and working](#basic)
 - Client and Homeserver using the [C2S API r0.4.x](https://matrix.org/docs/spec/client_server/r0.4.0.html) or later
 - Reverse proxy setup
 ### Configuration
 #### Reverse Proxy
@@ -143,9 +151,12 @@ the internal IP of the Homeserver so it can talk to it directly to integrate its
 To do so, put the following configuration in your mxisd configuration:
 ```yaml
-dns.overwrite.homeserver.client:
+dns:
-  - name: 'example.org'
+  overwrite:
-    value: 'http://localhost:8008'
+    homeserver:
      client:
        - name: 'example.org'
          value: 'http://localhost:8008'
 ```
 `name` must be the hostname of the URL that clients use when connecting to the Homeserver.
 You can use `${server.name}` to auto-populate the `value` using the `server.name` configuration option and avoid duplicating it.
@@ -153,3 +164,40 @@ In case the hostname is the same as your Matrix domain and `server.name` is not
 `matrix.domain` and will still probably have the correct value.
 `value` is the base internal URL of the Homeserver, without any `/_matrix/..` or trailing `/`.
 #### Username rewrite
 In mxisd config:
 ```yaml
 auth:
  rewrite:
    user:
      rules:
        - regex: <your regexp>
          medium: 'your.custom.medium.type'
 ```
 `rules` takes a list of rules. Rules have two properties:
 - `regexp`: The regex pattern to match. This **MUST** match the full string. See [Java regex](https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html) for syntax.
 - `medium`: Custom 3PID type that will be used in the 3PID lookup. This can be anything you want and needs to be supported
 by your Identity store config and/or code.
 Rules are matched in listed order.
 Common regexp patterns:
 - Numerical usernames: `[0-9]+`
 ##### LDAP Example
 If your users use their numerical employee IDs, which cannot be used with synapse, you can make it work with (relevant config only):
 ```yaml
 auth:
  rewrite:
    user:
      rules:
        - regex: '[0-9]+'
          medium: 'kmx.employee.id'
 ldap:
  attribute:
    threepid:
      kmx.employee.id:
        - 'ldapAttributeForEmployeeId'
 ```
--- a/docs/features/bridge-integration.md
+++ b/docs/features/bridge-integration.md
@@ -5,16 +5,19 @@ to 3PID queries if no mapping was found, allowing seamless bridging to a network
 This is performed by implementing a specific endpoint on the bridge to map a 3PID lookup to a virtual user.
 **NOTE**: This document is incomplete and might be misleading. In doubt, come in our Matrix room.  
-You can also look at our [Email Bridge README](https://github.com/kamax-io/matrix-appservice-email#mxisd) for an example
+You can also look at our [Email Bridge README](https://github.com/kamax-matrix/matrix-appservice-email#mxisd) for an example
 of working configuration.
 ## Configuration
 ```yaml
-lookup.recursive.bridge.enabled: <boolean>
+lookup:
-lookup.recursive.bridge.recursiveOnly: <boolean>
+  recursive:
-lookup.recursive.bridge.server: <URL to the bridge endpoint for all 3PID medium>
+    bridge:
-lookup.recursive.bridge.mappings:
+      enabled: <boolean>
-  <3PID MEDIUM HERE>: <URL to dedicated bridge for that medium>
+      recursiveOnly: <boolean>
      server: <URL to the bridge endpoint for all 3PID medium>
      mappings:
        <3PID MEDIUM HERE>: <URL to dedicated bridge for that medium>
 ```
--- a/docs/features/directory.md
+++ b/docs/features/directory.md
@@ -123,27 +123,31 @@ the internal IP of the Homeserver so it can talk to it directly to integrate its
 To do so, use the following configuration:
 ```yaml
-dns.overwrite.homeserver.client:
+dns:
-  - name: 'example.org'
+  overwrite:
-    value: 'http://localhost:8008'
+    homeserver:
      client:
        - name: 'example.org'
          value: 'http://localhost:8008'
 ```
-`name` must be the hostname of the URL that clients use when connecting to the Homeserver.  
+- `name` must be the hostname of the URL that clients use when connecting to the Homeserver.
-In case the hostname is the same as your Matrix domain, you can use `${matrix.domain}` to auto-populate the value using
+- `value` is the base internal URL of the Homeserver, without any `/_matrix/..` or trailing `/`.
 the `matrix.domain` configuration option and avoid duplicating it.
 `value` is the base internal URL of the Homeserver, without any `/_matrix/..` or trailing `/`.
 ## Next steps
 ### Homeserver results
 You can configure if the Homeserver should be queried at all when doing a directory search.  
 To disable Homeserver results, set the following in mxisd configuration file:
 ```yaml
-directory.exclude.homeserver: true
+directory:
  exclude:
    homeserver: true
 ```
 ### 3PID exclusion in search
 You can configure if the 3PID should also be included when doing a directory search.
 By default, a search is performed on the 3PIDs. If you would like to not include them:
 ```yaml
-directory.exclude.threepid: true
+directory:
  exclude:
    threepid: true
 ```
--- a/docs/features/experimental/profile.md
+++ b/docs/features/experimental/profile.md
@@ -1,12 +1,16 @@
-# Profile enhancement
+# Profile
-**WARNING**: Alpha feature, not officially supported. Do not use.
+**WARNING**: The following sub-features are considered experimental and not officially supported. Use at your own peril.
-This feature allows to enhance a profile query with more info than just Matrix ID and Display name, allowing for custom
+## Public Profile enhancement
-applications to retrieve custom data not currently provided by synapse, per example.
+This feature allows to enhance a public profile query with more info than just Matrix ID and Display name, allowing for
 custom applications to retrieve custom data not currently provided by synapse, per example.
-## Configuration
+**WARNING**: This information can be queried without authentication as per the specification. Do not enable unless in a
-### Reverse proxy
+controlled environment.
-#### Apache
+
 ### Configuration
 #### Reverse proxy
 ##### Apache
 ```apache
 ProxyPassMatch "^/_matrix/client/r0/profile/([^/]+)$" "http://127.0.0.1:8090/_matrix/client/r0/profile/$1"
 ```
--- a/docs/features/federation.md
+++ b/docs/features/federation.md
@@ -40,10 +40,21 @@ The port must be HTTPS capable which is what you get in a regular setup with a r
 If you would like to disable outbound federation and isolate your identity server from the rest of the Matrix network,
 use the following mxisd configuration options:
 ```yaml
-lookup.recursive.enabled: false
+lookup:
-invite.resolution.recursive: false
+  recursive:
-session.policy.validation.forLocal.toRemote.enabled: false
+    enabled: false
-session.policy.validation.forRemote.toRemote.enabled: false
+invite:
  resolution:
    recursive: false
 session:
  policy:
    validation:
      forLocal:
        toRemote:
          enabled: false
      forRemote:
        toRemote:
          enabled: false
 ``` 
 There is currently no way to selectively disable federation towards specific servers, but this feature is planned.
--- a/docs/features/identity.md
+++ b/docs/features/identity.md
@@ -7,8 +7,9 @@ Implementation of the [Unofficial Matrix Identity Service API](https://kamax.io/
 If you would like to use the central matrix.org Identity server to ensure maximum discovery at the cost of potentially
 leaking all your contacts information, add the following to your configuration:
 ```yaml
-forward.servers:
+forward:
-  - 'matrix-org'
+  servers:
    - 'matrix-org'
 ```
 **NOTE:** You should carefully consider enabling this option, which is discouraged.  
 For more info, see the [relevant issue](https://github.com/kamax-matrix/mxisd/issues/76).
--- a/docs/features/profile.md
+++ b/docs/features/profile.md
@@ -0,0 +1,10 @@
 # Profile
 The profile feature does not do anything on its own and acts as a support feature for others, allowing to retrieve
 information about a user based on its Matrix ID by querying enabled [Identity stores](../stores/README.md).
 Currently supported:
 - Display name
 - 3PIDs
 - Roles/Groups
 Experimental sub-features are also available. See [the dedicated document](experimental/profile.md).
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -29,21 +29,29 @@ If you would like a high-level view of the infrastructure and how each feature i
 ## Install
 Install via:
 - [Docker image](install/docker.md)
 - [Debian package](install/debian.md)
 - [ArchLinux](install/archlinux.md)
- [Docker image](install/docker.md)
+- [NixOS](install/nixos.md)
 - [Sources](build.md)
 See the [Latest release](https://github.com/kamax-matrix/mxisd/releases/latest) for links to each.
 ## Configure
-**NOTE**: please view the install instruction for your platform, as this step might be optional or already handled for you.
+> **NOTE**: Please view the install instruction for your platform, as this step might be optional or already handled for you.
 > **NOTE**: Details about configuration syntax and format are described [here](configure.md)
 Create/edit a minimal configuration (see installer doc for the location):
 ```yaml
-matrix.domain: 'example.org'
+matrix:
-key.path: '/path/to/signing.key.file'
+  domain: 'example.org'
-storage.provider.sqlite.database: '/path/to/mxisd.db'
+key:
  path: '/path/to/signing.key.file'
 storage:
  provider:
    sqlite:
      database: '/path/to/mxisd.db'
 ```  
 - `matrix.domain` should be set to your Homeserver domain (`server_name` in synapse configuration)
 - `key.path` will store the signing keys, which must be kept safe! If the file does not exist, keys will be generated for you.
--- a/docs/install/nixos.md
+++ b/docs/install/nixos.md
@@ -0,0 +1,8 @@
 # NixOS package
 mxisd is available as a NixOS package in the official repos.
 It is maintained by [maximilian](https://matrix.to/#/@maximilian:transformierende-gesellschaft.org), a community member.  
 Related resources:
 - [NixOS](https://nixos.org/)
 - [The module definition](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/mxisd.nix)
--- a/docs/install/source.md
+++ b/docs/install/source.md
@@ -2,37 +2,43 @@
 ## Instructions
 Follow the [build instructions](../build.md) then:
-1. Prepare files and directories:
+### Prepare files and directories:
 ```bash
 # Create a dedicated user
 useradd -r mxisd
 # Create bin directory
 mkdir /opt/mxisd
 # Create config directory and set ownership
-mkdir -p /etc/opt/mxisd
+mkdir -p /etc/mxisd
 chown -R mxisd /etc/opt/mxisd
 # Create data directory and set ownership
-mkdir -p /var/opt/mxisd
+mkdir -p /var/lib/mxisd
-chown -R mxisd /var/opt/mxisd
+chown -R mxisd /var/lib/mxisd
-# Copy <repo root>/build/libs/mxisd.jar to bin directory
+# Create bin directory, copy the jar and launch scriot to bin directory
-cp ./build/libs/mxisd.jar /opt/mxisd/
+mkdir /usr/lib/mxisd
-chown mxisd /opt/mxisd/mxisd.jar
+cp ./build/libs/mxisd.jar /usr/lib/mxisd/
-chmod a+x /opt/mxisd/mxisd.jar
+cp ./src/script/mxisd /usr/lib/mxisd
 chown -R mxisd /usr/lib/mxisd
 chmod a+x /usr/lib/mxisd/mxisd
 # Create symlink for easy exec
-ln -s /opt/mxisd/mxisd.jar /usr/bin/mxisd
+ln -s /usr/lib/mxisd/mxisd /usr/bin/mxisd
 ```
-2. Copy the sample config file `./application.example.yaml` to `/etc/opt/mxisd/mxisd.yaml`, edit to your needs
+
-3. Copy `src/systemd/mxisd.service` to `/etc/systemd/system/` and edit if needed
+### Prepare config file
-4. Enable service for auto-startup
+Copy the sample config file `./mxisd.example.yaml` to `/etc/mxisd/mxisd.yaml`, edit to your needs
 ### Prepare Systemd
 1. Copy `src/systemd/mxisd.service` to `/etc/systemd/system/` and edit if needed
 2. Enable service for auto-startup
 ```bash
 systemctl enable mxisd
 ```
-5. Start mxisd
+
 ### Run
 ```bash
 systemctl start mxisd
 ```
 ## Debug
 mxisd logs to stdout, which is normally sent to `/var/log/syslog` or `/var/log/messages`.
--- a/docs/stores/exec.md
+++ b/docs/stores/exec.md
@@ -68,7 +68,8 @@ We will use the term `Executable` for each lookup/action and `Processor` for eac
 ### Global
 ```yaml
-exec.enabled: <boolean>
+exec:
  enabled: <boolean>
 ```
 Enable/disable the Identity store at a global/default level. Each feature can still be individually enabled/disabled.
@@ -79,7 +80,9 @@ Not all features use all tokens, and each feature might also have its own specif
 They can be set within the following scope:
 ```yaml
-exec.token.<token>: '<value>'
+exec:
  token:
    <token>: '<value>'
 ```
 ---
@@ -184,13 +187,16 @@ The following types are available:
 ### Examples
 #### Basic
 ```yaml
-exec.auth.enabled: true
+exec:
-exec.auth.command: '/opt/mxisd-exec/auth.sh'
+  auth:
-exec.auth.args: ['{localpart}']
+    enabled: true
-exec.auth.input.type: 'plain'
+    command: '/opt/mxisd-exec/auth.sh'
-exec.auth.input.template: '{password}'
+    args: ['{localpart}']
-exec.auth.env:
+    input:
-  DOMAIN: '{domain}'
+      type: 'plain'
      template: '{password}'
  env:
    DOMAIN: '{domain}'
 ```
 With Authentication enabled, run `/opt/mxisd-exec/auth.sh` when validating credentials, providing:
 - A single command-line argument to provide the `localoart` as username 
@@ -243,14 +249,17 @@ See each dedicated [Feature](#features) section.
 ## Authentication
 The Authentication feature can be enabled/disabled using:
 ```yaml
-exec.auth.enabled: <true/false>
+exec:
  auth:
    enabled: <true/false>
 ```
 ---
 This feature provides a single *Executable* under the namespace:
 ```yaml
-exec.auth:
+exec:
  auth:
  ...
 ```
@@ -294,7 +303,9 @@ Default template:
 ## Directory
 The Directory feature can be enabled/disabled using:
 ```yaml
-exec.directory.enabled: <true/false>
+exec:
  directory:
    enabled: <true/false>
 ```
 ---
@@ -303,13 +314,19 @@ Two search types configuration namespace are available, using the same input/out
 By name:
 ```yaml
-exec.directory.search.byName:
+exec:
-  ...
+  directory:
    search:
      byName:
        ...
 ```
 By 3PID:
 ```yaml
-exec.directory.search.byThreepid:
+exec:
-  ...
+  directory:
    search:
      byThreepid:
        ...
 ```
 #### Tokens
@@ -386,8 +403,11 @@ The User ID type will default to `localpart` if:
 ### Bulk lookup
 Configuration namespace:
 ```yaml
-exec.identity.lookup.bulk:
+exec:
-  ...
+  identity:
    lookup:
      bulk:
        ...
 ```
 #### Tokens
@@ -418,7 +438,9 @@ Same as the [REST Identity Store](rest.md).
 ## Profile
 The Profile feature can be enabled/disabled using:
 ```yaml
-exec.profile.enabled: <true/false>
+exec:
  profile:
    enabled: <true/false>
 ```
 ---
@@ -427,20 +449,26 @@ The following *Executable*s namespace are available, share the same input/output
 Get Display name:
 ```yaml
-exec.profile.displayName:
+exec:
-  ...
+  profile:
    displayName:
      ...
 ```
 Get 3PIDs:
 ```yaml
-exec.profile.threePid:
+exec:
-  ...
+  profile:
    threePid:
      ...
 ```
 Get Roles:
 ```yaml
-exec.profile.role:
+exec:
-  ...
+  profile:
    role:
      ...
 ```
--- a/docs/stores/firebase.md
+++ b/docs/stores/firebase.md
@@ -19,35 +19,41 @@ If your client is Riot, you will need a custom version.
 ## Configuration
 ```yaml
-firebase.enabled: <boolean>
+firebase:
  enabled: <boolean>
 ```
 Enable/disable this identity store.
 Example:
 ```yaml
-firebase.enabled: <boolean>
+firebase:
  enabled: <boolean>
 ```
 ---
 ```yaml
-firebase.credentials: <string>
+firebase:
  credentials: <string>
 ```
 Path to the credentials file provided by Google Firebase to use with an external app.
 Example:
 ```yaml
-firebase.credentials: '/path/to/firebase/credentials.json'
+firebase:
  credentials: '/path/to/firebase/credentials.json'
 ```
 ---
 ```yaml
-firebase.database: <string>
+firebase:
  database: <string>
 ```
 URL to your Firebase database.
 Example:
 ```yaml
-firebase.database: 'https://my-project.firebaseio.com/'
+firebase:
  database: 'https://my-project.firebaseio.com/'
 ```
--- a/docs/stores/ldap.md
+++ b/docs/stores/ldap.md
@@ -19,26 +19,34 @@ For NetIQ, replace all the `ldap` prefix in the configuration by `netiq`.
 ### Base
 To use your LDAP backend, add the bare minimum configuration in mxisd config file:
 ```yaml
-ldap.enabled: true
+ldap:
-ldap.connection.host: 'ldapHostnameOrIp'
+  enabled: true
-ldap.connection.port: 389
+  connection:
-ldap.connection.bindDn: 'CN=My Mxisd User,OU=Users,DC=example,DC=org'
+    host: 'ldapHostnameOrIp'
-ldap.connection.bindPassword: 'TheUserPassword'
+    port: 389
-ldap.connection.baseDn: 'OU=Users,DC=example,DC=org'
+    bindDn: 'CN=My Mxisd User,OU=Users,DC=example,DC=org'
    bindPassword: 'TheUserPassword'
    baseDNs:
      - 'OU=Users,DC=example,DC=org'
 ```
 These are standard LDAP connection configuration. mxisd will try to connect on port default port 389 without encryption.
 If you would like to use several Base DNs, simply add more entries under `baseDNs`.
 ### TLS/SSL connection
 If you would like to use a TLS/SSL connection, use the following configuration options (STARTLS not supported):
 ```yaml
-ldap.connection.tls: true
+ldap:
-ldap.connection.port: 12345
+  connection:
    tls: true
    port: 12345
 ```
 ### Filter results
 You can also set a default global filter on any LDAP queries:
 ```yaml
-ldap.filter: '(memberOf=CN=My Matrix Users,OU=Groups,DC=example,DC=org)'
+ldap:
  filter: '(memberOf=CN=My Matrix Users,OU=Groups,DC=example,DC=org)'
 ```
 This example would only return users part of the group called `My Matrix Users`.
 This can be overwritten or append in each specific flow describe below.
@@ -61,8 +69,11 @@ most certainly configure those mappings.
 The following example would set the `sAMAccountName` attribute as a Matrix User ID localpart:
 ```yaml
-ldap.attribute.uid.type: 'uid'
+ldap:
-ldap.attribute.uid.value: 'sAMAccountName'
+  attribute:
    uid:
      type: 'uid'
      value: 'sAMAccountName'
 ```
 #### Display name
@@ -70,7 +81,9 @@ Use `ldap.attribute.name`.
 The following example would set the display name to the value of the `cn` attribute:
 ```yaml
-ldap.attribute.name: 'cn'
+ldap:
  attribute:
    name: 'cn'
 ```
 #### 3PIDs
@@ -79,13 +92,15 @@ You can also change the attribute lists for 3PID, like email or phone numbers.
 The following example would overwrite the [default list of attributes](../../src/main/resources/application.yaml#L67)
 for emails and phone number:
 ```yaml
-ldap.attribute.threepid.email:
+ldap:
-  - 'mail'
+  attribute:
-  - 'otherMailAttribute'
+    threepid:
-
+      email:
-ldap.attribute.threepid.msisdn:
+        - 'mail'
-  - 'phone'
+        - 'otherMailAttribute'
-  - 'otherPhoneAttribute'
+      msisdn:
        - 'phone'
        - 'otherPhoneAttribute'
 ```
 ## Features
@@ -114,8 +129,11 @@ To set a specific filter applied during directory search, use `ldap.directory.fi
 If you would like to use extra attributes in search that are not 3PIDs, like nicknames, group names, employee number:
 ```yaml
-ldap.directory.attribute.other:
+ldap:
-  - 'myNicknameAttribute'
+  directory:
-  - 'memberOf'
+    attribute:
-  - 'employeeNumberAttribute'
+      other:
        - 'myNicknameAttribute'
        - 'memberOf'
        - 'employeeNumberAttribute'
 ```
--- a/docs/stores/rest.md
+++ b/docs/stores/rest.md
@@ -3,38 +3,45 @@ The REST backend allows you to query identity data in existing webapps, like:
 - Forums (phpBB, Discourse, etc.)
 - Custom Identity stores (Keycloak, ...)
 - CRMs (Wordpress, ...)
- self-hosted clouds (Nextcloud, ownCloud, ...)
+- Self-hosted clouds (Nextcloud, ownCloud, ...)
-To integrate this backend with your webapp, you will need to implement three specific REST endpoints detailed below.
+To integrate this backend with your webapp, you will need to implement the REST endpoints described below.
 ## Features
-|      Name      | Supported? |
+| Name                                            | Supported? |
-|----------------|------------|
+|-------------------------------------------------|------------|
-| Authentication | Yes        |
+| [Authentication](../features/authentication.md) | Yes        |
-| Directory      | Yes        |
+| [Directory](../features/directory.md)           | Yes        |
-| Identity       | Yes        |
+| [Identity](../features/identity.md)             | Yes        |
-| Profile        | No         |
+| [Profile](../features/profile.md)               | Yes        |
 ## Configuration
-| Key                              | Default                                        | Description                                          |
+| Key                                  | Default                                        | Description                                          |
-|----------------------------------|------------------------------------------------|------------------------------------------------------|
+|--------------------------------------|------------------------------------------------|------------------------------------------------------|
-| `rest.enabled`                   | `false`                                        | Globally enable/disable the REST backend             |
+| `rest.enabled`                       | `false`                                        | Globally enable/disable the REST backend             |
-| `rest.host`                      | *None*                                        | Default base URL to use for the different endpoints. |
+| `rest.host`                          | *None*                                         | Default base URL to use for the different endpoints. |
-| `rest.endpoints.auth`            | `/_mxisd/backend/api/v1/auth/login`            | Validate credentials and get user profile            |
+| `rest.endpoints.auth`                | `/_mxisd/backend/api/v1/auth/login`            | Validate credentials and get user profile            |
-| `rest.endpoints.directory`       | `/_mxisd/backend/api/v1/directory/user/search` | Search for users by arbitrary input                  |
+| `rest.endpoints.directory`           | `/_mxisd/backend/api/v1/directory/user/search` | Search for users by arbitrary input                  |
-| `rest.endpoints.identity.single` | `/_mxisd/backend/api/v1/identity/single`       | Endpoint to query a single 3PID                      |
+| `rest.endpoints.identity.single`     | `/_mxisd/backend/api/v1/identity/single`       | Endpoint to query a single 3PID                      |
-| `rest.endpoints.identity.bulk`   | `/_mxisd/backend/api/v1/identity/bulk`         | Endpoint to query a list of 3PID                     |
+| `rest.endpoints.identity.bulk`       | `/_mxisd/backend/api/v1/identity/bulk`         | Endpoint to query a list of 3PID                     |
 | `rest.endpoints.profile.displayName` | `/_mxisd/backend/api/v1/profile/displayName`   | Query the display name for a Matrix ID
 | `rest.endpoints.profile.threepids`   | `/_mxisd/backend/api/v1/profile/threepids`     | Query the 3PIDs for a Matrix ID
 | `rest.endpoints.profile.roles`       | `/_mxisd/backend/api/v1/profile/roles`         | Query the Roles for a Matrix ID
 Endpoint values can handle two formats:
 - URL Path starting with `/` that gets happened to the `rest.host`
 - Full URL, if you want each endpoint to go to a specific server/protocol/port
 If an endpoint value is configured as an empty string, it will disable that specific feature, essentially bypassing the
 Identity store for that specific query.
 `rest.host` is mandatory if at least one endpoint is not a full URL.
 ## Endpoints
 ### Authentication
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8
+- Content-Type: `application/json` (JSON)
 - Encoding: `UTF8`
 #### Request Body
 ```json
@@ -87,8 +94,9 @@ If the authentication succeed:
 ```
 ### Directory
-HTTP method: `POST`
+- Method: `POST`
-Content-type: JSON UTF-8
+- Content-Type: `application/json` (JSON)
 - Encoding: `UTF8`
 #### Request Body
 ```json
@@ -113,7 +121,7 @@ If users found:
      "user_id": "UserIdLocalpart"
    },
    {
-      ...
+      "...": "..."
    }
  ]
 }
@@ -129,10 +137,11 @@ If no user found:
 ### Identity
 #### Single 3PID lookup
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8  
+- Content-Type: `application/json` (JSON)
 - Encoding: `UTF8`
-#### Request Body
+##### Request Body
 ```json
 {
  "lookup": {
@@ -142,7 +151,7 @@ Content-type: JSON UTF-8
 }
 ```
-#### Response Body
+##### Response Body
 If a match was found:
 - `lookup.id.type` supported values: `localpart`, `mxid`
 ```json
@@ -164,10 +173,11 @@ If no match was found:
 ```
 #### Bulk 3PID lookup
-HTTP method: `POST`  
+- Method: `POST`
-Content-type: JSON UTF-8  
+- Content-Type: `application/json` (JSON)
 - Encoding: `UTF8`
-#### Request Body
+##### Request Body
 ```json
 {
  "lookup": [
@@ -183,7 +193,7 @@ Content-type: JSON UTF-8
 }
 ```
-#### Response Body
+##### Response Body
 For all entries where a match was found:
 - `lookup[].id.type` supported values: `localpart`, `mxid`
 ```json
@@ -215,3 +225,53 @@ If no match was found:
  "lookup": []
 }
 ```
 ### Profile
 #### Request Body
 For all requests, the values are the same:
 - Method: `POST`
 - Content-Type: `application/json` (JSON)
 - Encoding: `UTF8`
 With body (example values):
 ##### Request Body
 ```json
 {
    "mxid": "@john.doe:example.org",
    "localpart": "john.doe",
    "domain": "example.org"
 }
 ```
 #### Response Body
 For all responses, the same object structure will be parsed, making the non-relevant fields as optional.
 Structure with example values:
 ```json
 {
  "profile": {
    "display_name": "John Doe",
    "threepids": [
      {
        "medium": "email",
        "address": "john.doe@example.org"
      },
      {
        "...": "..."
      }
    ],
    "roles": [
      "DomainUsers",
      "SalesOrg",
      "..."
    ]
  }
 }
 ```
 The base `profile` key is mandatory. `display_name`, `threepids` and `roles` are only to be returned on the relevant request.
 If there is no profile, the following response is expected:
 ```json
 {
  "profile": {}
 }
 ```
--- a/docs/stores/sql.md
+++ b/docs/stores/sql.md
@@ -15,19 +15,21 @@
 Due to the implementation complexity of supporting arbitrary hashing/encoding mechanisms or auth flow, Authentication
 will be out of scope of SQL Identity stores and should be done via one of the other identity stores, typically
-the [REST Identity store](rest.md).
+the [Exec Identity Store](exec.md) or the [REST Identity Store](rest.md).
 ## Configuration
 ### Basic
 ```yaml
-sql.enabled: <boolean>
+sql:
  enabled: <boolean>
 ```
 Enable/disable the identity store
 ---
 ```yaml
-sql.type: <string>
+sql:
  type: <string>
 ```
 Set the SQL backend to use:
 - `sqlite`
@@ -38,14 +40,16 @@ Set the SQL backend to use:
 ### Connection
 #### SQLite
 ```yaml
-sql.connection: <string>
+sql:
  connection: <string>
 ```
 Set the value to the absolute path to the Synapse SQLite DB file.
 Example: `/path/to/sqlite/file.db`
 #### Others
 ```yaml
-sql.connection: //<HOST[:PORT]/DB?user=USER&password=PASS
+sql:
  connection: //<HOST[:PORT]/DB?user=USER&password=PASS
 ```
 Set the connection info for the database by replacing the following values:
 - `HOST`: Hostname of the SQL server
@@ -58,20 +62,23 @@ This follow the JDBC URI syntax. See [official website](https://docs.oracle.com/
 ### Directory
 ```yaml
-sql.directory.enabled: false
+sql:
  directory:
    enabled: false
 ```
 ---
 ```yaml
-sql.directory.query:
+sql:
-  name:
+  directory:
-    type: <string>
+    query:
-    value: <string>
+      name:
-  threepid:
+        type: <string>
-    type: <string>
+        value: <string>
-    value: <string>
+      threepid:
        type: <string>
        value: <string>
 ```
 For each query, `type` can be used to tell mxisd how to process the ID column:
 - `localpart` will append the `matrix.domain` to it
@@ -83,17 +90,21 @@ For each query, `type` can be used to tell mxisd how to process the ID column:
 Example:
 ```yaml
-sql.directory.query:
+sql:
-  name:
+  directory:
-    type: 'localpart'
+    query:
-    value: 'SELECT idColumn, displayNameColumn FROM table WHERE displayNameColumn LIKE ?'
+      name:
-  threepid:
+        type: 'localpart'
-    type: 'localpart'
+        value: 'SELECT idColumn, displayNameColumn FROM table WHERE displayNameColumn LIKE ?'
-    value: 'SELECT idColumn, displayNameColumn FROM table WHERE threepidColumn LIKE ?'
+      threepid:
        type: 'localpart'
        value: 'SELECT idColumn, displayNameColumn FROM table WHERE threepidColumn LIKE ?'
 ```
 ### Identity
 ```yaml
-sql.identity.type: <string>
+sql:
-sql.identity.query: <string>
+  identity:
    type: <string>
    query: <string>
 ```
--- a/docs/stores/synapse.md
+++ b/docs/stores/synapse.md
@@ -14,14 +14,16 @@ Authentication is done by Synapse itself.
 ## Configuration
 ### Basic
 ```yaml
-synapseSql.enabled: <boolean>
+synapseSql:
  enabled: <boolean>
 ```
 Enable/disable the identity store
 ---
 ```yaml
-synapseSql.type: <string>
+synapseSql:
  type: <string>
 ```
 Set the SQL backend to use which is configured in synapse:
 - `sqlite`
@@ -29,14 +31,16 @@ Set the SQL backend to use which is configured in synapse:
 ### SQLite
 ```yaml
-synapseSql.connection: <string>
+synapseSql:
  connection: <string>
 ```
 Set the value to the absolute path to the Synapse SQLite DB file.
 Example: `/path/to/synapse/sqliteFile.db`
 ### PostgreSQL
 ```yaml
-synapseSql.connection: //<HOST[:PORT]/DB?user=USER&password=PASS
+synapseSql:
  connection: //<HOST[:PORT]/DB?user=USER&password=PASS
 ```
 Set the connection info for the database by replacing the following values:
 - `HOST`: Hostname of the SQL server
--- a/docs/stores/wordpress.md
+++ b/docs/stores/wordpress.md
@@ -34,22 +34,29 @@ If this is not the case for your installation, the mxisd URL will need to be app
 ### mxisd
 Enable in the configuration:
 ```yaml
-wordpress.enabled: true
+wordpress:
  enabled: true
 ```
 Configure the URL to your Wordpress installation - see above about added `/index.php`:
 ```yaml
-wordpress.rest.base: 'http://localhost:8080'
+wordpress:
  rest:
    base: 'http://localhost:8080'
 ```
 Configure the SQL connection to your Wordpress database:
 ```yaml
-wordpress.sql.connection: '//127.0.0.1/wordpress?user=root&password=example'
+wordpress:
  sql:
    connection: '//127.0.0.1/wordpress?user=root&password=example'
 ```
 ---
 By default, MySQL database is expected. If you use another database, use:
 ```yaml
-wordpress.sql.type: <string>
+wordpress:
  sql:
    type: <string>
 ```
 With possible values:
 - `mysql`
@@ -61,6 +68,8 @@ With possible values:
 To configure the tables prefix for default queries, in case a custom value was set during Wordpress install:
 ```yaml
-wordpress.sql.tablePrefix: <string>
+wordpress:
  sql:
    tablePrefix: <string>
 ```
 By default, the value is set to `wp_`.
--- a/docs/threepids/medium/email/smtp-connector.md
+++ b/docs/threepids/medium/email/smtp-connector.md
@@ -5,15 +5,17 @@ Connector ID: `smtp`
 ## Configuration
 ```yaml
-threepid.medium.email:
+threepid:
-  identity:
+  medium:
-    from: 'identityServerEmail@example.org'
+    email:
-    name: 'My Identity Server'
+      identity:
-  connectors:
+        from: 'identityServerEmail@example.org'
-    smtp:
+        name: 'My Identity Server'
-      host: 'smtpHostname'
+      connectors:
-      port: 587
+        smtp:
-      tls: 1 # 0 = no STARTLS, 1 = try, 2 = force
+          host: 'smtpHostname'
-      login: 'smtpLogin'
+          port: 587
-      password: 'smtpPassword'
+          tls: 1 # 0 = no STARTLS, 1 = try, 2 = force
          login: 'smtpLogin'
          password: 'smtpPassword'
 ```
--- a/docs/threepids/medium/msisdn/twilio-connector.md
+++ b/docs/threepids/medium/msisdn/twilio-connector.md
@@ -5,7 +5,12 @@ Connector ID: `twilio`
 ## Configuration
 ```yaml
-threepid.medium.msisdn.connectors.twilio.accountSid: 'myAccountSid'
+threepid:
-threepid.medium.msisdn.connectors.twilio.authToken: 'myAuthToken'
+  medium:
-threepid.medium.msisdn.connectors.twilio.number: '+123456789'
+    msisdn:
      connectors:
        twilio:
          accountSid: 'myAccountSid'
          authToken: 'myAuthToken'
          number: '+123456789'
 ```
--- a/docs/threepids/notification/basic-handler.md
+++ b/docs/threepids/notification/basic-handler.md
@@ -18,20 +18,23 @@ This handler can be used with the 3PID types:
 ## Configuration
 Enabled by default or with:
 ```yaml
-notification.handler.email: 'raw'
+notification:
  handler:
    email: 'raw'
 ```
 **WARNING:** Will be consolidated soon, prone to breaking changes.  
 Structure and default values:
 ```yaml
-threepid.medium:
+threepid:
-  email:
+  medium:
-    identity:
+    email:
-      from: ''
+      identity:
-      name: ''
+        from: ''
-    connector: 'smtp'
+        name: ''
-    generator: 'template'
+      connector: 'smtp'
-  msisdn:
+      generator: 'template'
-    connector: 'twilio'
+    msisdn:
-    generator: 'template'
+      connector: 'twilio'
      generator: 'template'
 ```
--- a/docs/threepids/notification/sendgrid-handler.md
+++ b/docs/threepids/notification/sendgrid-handler.md
@@ -1,7 +1,39 @@
 # SendGrid Notification handler
-To be completed. See [raw possible configuration items](https://github.com/kamax-matrix/mxisd/blob/master/src/main/resources/application.yaml#L172).
+> **WARNING:** This section is incomplete and may be misleading. Contact us if guidance is needed.
-Enabled with:
+Enable with:
 ```yaml
-notification.handler.email: 'sendgrid'
+notification:
  handler:
    email: 'sendgrid'
 ```
 Available Configuration keys:
 ```yaml
 notification:
  handlers:
    sendgrid:
      api:
        key: <API key>
      identity:
        from: <Sender email address>
        name: <Sender name>
      templates:
        invite:
          subject: <Subject of the email notification sent for room invites>
          body:
            text: <Path to file containing the raw text part of the email. Do not set to not use one>
            html: <Path to file containing the HTML part of the email. Do not set to not use one>
        session:
          validation:
            local:
              subject: <Subject of the email notification sent for local 3PID sessions>
              body:
                text: <Path to file containing the raw text part of the email. Do not set to not use one>
                html: <Path to file containing the HTML part of the email. Do not set to not use one>
            remote:
              subject: <Subject of the email notification sent for remote 3PID sessions>
              body:
                text: <Path to file containing the raw text part of the email. Do not set to not use one>
                html: <Path to file containing the HTML part of the email. Do not set to not use one>
 ``` 
--- a/docs/threepids/notification/template-generator.md
+++ b/docs/threepids/notification/template-generator.md
@@ -11,16 +11,18 @@ placeholders and also have their own individual set of placeholders.
 ## Configuration
 To configure paths to the various templates:
 ```yaml
-threepid.medium.<YOUR 3PID MEDIUM HERE>:
+threepid:
-  generators:
+  medium:
-    template:
+    <YOUR 3PID MEDIUM HERE>:
-      invite: '/path/to/invite-template.eml'
+      generators:
-      session:
+        template:
-        validation:
+          invite: '/path/to/invite-template.eml'
-          local: '/path/to/validate-local-template.eml'
+          session:
-          remote: 'path/to/validate-remote-template.eml'
+            validation:
-      generic:
+              local: '/path/to/validate-local-template.eml'
-        matrixId: '/path/to/mxid-invite-template.eml'
+              remote: 'path/to/validate-remote-template.eml'
          generic:
            matrixId: '/path/to/mxid-invite-template.eml'
 ```
 The `template` generator is usually the default, so no further configuration is needed.
--- a/docs/threepids/session/session-views.md
+++ b/docs/threepids/session/session-views.md
@@ -1,26 +1,28 @@
 # Web pages for the 3PID sessions
-You can customize the various pages used during a 3PID validation using [Thymeleaf templates](http://www.thymeleaf.org/).
+You can customize the various pages used during a 3PID validation using the options below.
 ## Configuration
 Pseudo-configuration to illustrate the structure:
 ```yaml
 # CONFIGURATION EXAMPLE
 # DO NOT COPY/PASTE THIS IN YOUR CONFIGURATION
-view.session.local:
+view:
-  onTokenSubmit:
+  session:
-    success: '/path/to/session/local/tokenSubmitSuccess-page.html'
+    local:
-    failure: '/path/to/session/local/tokenSubmitFailure-page.html'
+      onTokenSubmit:
-view.session.localRemote:
+        success: '/path/to/session/local/tokenSubmitSuccess-page.html'
-  onTokenSubmit:
+        failure: '/path/to/session/local/tokenSubmitFailure-page.html'
-    success: '/path/to/session/localRemote/tokenSubmitSuccess-page.html'
+    localRemote:
-    failure: '/path/to/session/local/tokenSubmitFailure-page.html'
+      onTokenSubmit:
-view.session.remote:
+        success: '/path/to/session/localRemote/tokenSubmitSuccess-page.html'
-  onRequest:
+        failure: '/path/to/session/local/tokenSubmitFailure-page.html'
-    success: '/path/to/session/remote/requestSuccess-page.html'
+    remote:
-    failure: '/path/to/session/remote/requestFailure-page.html'
+      onRequest:
-  onCheck:
+        success: '/path/to/session/remote/requestSuccess-page.html'
-    success: '/path/to/session/remote/checkSuccess-page.html'
+        failure: '/path/to/session/remote/requestFailure-page.html'
-    failure: '/path/to/session/remote/checkFailure-page.html'
+      onCheck:
        success: '/path/to/session/remote/checkSuccess-page.html'
        failure: '/path/to/session/remote/checkFailure-page.html'
 # CONFIGURATION EXAMPLE
 # DO NOT COPY/PASTE THIS IN YOUR CONFIGURATION
 ```
@@ -55,7 +57,7 @@ client if they do not wish to proceed any further.
 #### Placeholders
 ##### Success
-`<a th:href="${remoteSessionLink}">text</a>` can be used to display the link to start a Remote 3PID session.
+`<a href="${remoteSessionLink}">text</a>` can be used to display the link to start a Remote 3PID session.
 ##### Failure
 No object/placeholder are currently available.
@@ -70,7 +72,7 @@ the remote Identity server and, once that is done, click a link to validate the
 #### Placeholders
 ##### Success
-`<a th:href="${checkLink}">text</a>` can be used to display the link to validate the Remote 3PID session.
+`<a href="${checkLink}">text</a>` can be used to display the link to validate the Remote 3PID session.
 ##### Failure
 No object/placeholder are currently available.
--- a/docs/threepids/session/session.md
+++ b/docs/threepids/session/session.md
@@ -17,49 +17,63 @@
    - [Sessions disabled](#sessions-disabled)
 ## Overview
-When adding an email, a phone number or any other kind of 3PID (Third-Party Identifier) in a Matrix client, 
+When adding an email, a phone number or any other kind of 3PID (Third-Party Identifier) in a Matrix client,
-the identity server is called to validate the 3PID.
+the identity server is contacted to validate the 3PID.
 To validate the 3PID the identity server sends a message to the 3PID (e.g. an
 email) with a hyperlink back to a web-page managed by the identity server to
 confirm ownership of the 3PID.
 Once this 3PID is validated, the Homeserver will publish the user Matrix ID on the Identity Server and
 add this 3PID to the Matrix account which initiated the request.
 ## Purpose
 This serves two purposes:
 - Add the 3PID as an administrative/login info for the Homeserver directly
 - Publish, or *Bind*, the 3PID so it can be queried from Homeservers and clients when inviting someone in a room
 by a 3PID, allowing it to be resolved to a Matrix ID.
 ## Federation
-Federation is based on the principle that one can get a domain name and serve services and information within that
+In a federated set up, identity servers must cooperate to find the Matrix ID associated with a 3PID.
 domain namespace in a way which can be discovered following a specific protocol or specification.
-In the Matrix eco-system, some 3PID can be federated (e.g. emails) while some others cannot (phone numbers).
+Federation is based on the principle that each server is responsible for its own (dns) domain.
-Also, Matrix users might add 3PIDs that would not point to the Identity server that actually holds the 3PID binding.  
+Therefore only those 3PID can be federated that can be distinguished by their
 domain such as email addresses.
 Example: a user from Homeserver `example.org` adds an email `john@example.com`.  
 Federated identity servers would try to find the identity server at `example.com` and ask it for the Matrix ID of associated with `john@example.com`.
 Nevertheless, Matrix users might add 3PIDs that are not associated to a domain, for example telephone numbers.
 Or they might even add 3PIDs associated to a different domain (such as an email address hosted by gmail).
 Such 3PIDs cannot be resolved in a federated way.
 Example: a user from Homeserver `example.org` adds an email `john@gmail.com`.  
 If a federated lookup was performed, Identity servers would try to find the 3PID bind at the `gmail.com` server, and
 not `example.org`.
-To allow global publishing of 3PID bindings to be found anywhere within the current protocol specification, one would
+In order to resolve such 3PIDs, i.e. 3PIDs that cannot be resolved in a Federated way, an identity server can be configured such that
-perform a *Remote session* and *Remote bind*, effectively starting a new 3PID session with another Identity server on
+- 3PIDs that cannot be resolved locally or using federation, are fowarded to another global identity server.
-behalf of the user.  
+- registration of new 3PIDs that cannot be looked up in a federated fashion, is forwarded to another global identity server.
 By forwarding a 3PIDs registration the identity creates a *Remote session* and *Remote bind*, effectively starting a new 3PID session with another Identity server on
 behalf of the user. 
 To ensure lookup works consistency within the current Matrix network, the central Matrix.org Identity Server should be
 used to store *remote* sessions and binds.
-On the flip side, at the time of writing, the Matrix specification and the central Matrix.org servers do not allow to
+However, at the time of writing, the Matrix specification and the central Matrix.org servers do not allow to remote a 3PID bind.
-remote a 3PID bind. This means that once a 3PID is published (email, phone number, etc.), it cannot be easily removed
+This means that once a 3PID is published (email, phone number, etc.), it cannot be easily removed
-and would require contacting the Matrix.org administrators for each bind individually.  
+and would require contacting the Matrix.org administrators for each bind individually.
 This poses a privacy, control and security concern, especially for groups/corporations that want to keep a tight control
 on where such identifiers can be made publicly visible.
-To ensure full control, validation management rely on two concepts:
+To ensure full control, validation management relies on two concepts:
 - The scope of 3PID being validated
 - The scope of 3PID sessions that should be possible/offered
 ### 3PID scope
 3PID can either be scoped as local or remote.
-Local means that they can looked up using federation and that such federation call would end up on the local
+Local means that they can be looked up using federation and that such a federation call would end up on the local
 Identity Server.  
 Remote means that they cannot be lookup using federation or that a federation call would not end up on the local
 Identity Server.
@@ -119,19 +133,22 @@ file unless you want to specifically overwrite them.
 ```yaml
 # CONFIGURATION EXAMPLE
 # DO NOT COPY/PASTE THIS IN YOUR CONFIGURATION
-session.policy.validation.enabled: true
+session:
-session.policy.validation.forLocal:
+  policy:
-  enabled: true
+    validation:
-  toLocal: true
+      enabled: true
-  toRemote:
+      forLocal:
-    enabled: true
+        enabled: true
-    server: 'configExample'  # Not to be included in config! Already present in default config!
+        toLocal: true
-session.policy.validation.forRemote:
+        toRemote:
-  enabled: true
+          enabled: true
-  toLocal: true
+          server: 'configExample'  # Not to be included in config! Already present in default config!
-  toRemote:
+      forRemote:
-    enabled: true
+        enabled: true
-    server: 'configExample'  # Not to be included in config! Already present in default config!
+        toLocal: true
        toRemote:
          enabled: true
          server: 'configExample'  # Not to be included in config! Already present in default config!
 # DO NOT COPY/PASTE THIS IN YOUR CONFIGURATION
 # CONFIGURATION EXAMPLE
 ```
@@ -139,7 +156,7 @@ session.policy.validation.forRemote:
 `session.policy.validation` is the core configuration to control what users configured to use your Identity server
 are allowed to do in terms of 3PID sessions.
-The policy is divided contains a global on/off switch for 3PID sessions using `.enabled`  
+The policy has a global on/off switch for 3PID sessions using `.enabled`  
 It is also divided into two sections: `forLocal` and `forRemote` which refers to the 3PID scopes.  
 Each scope is divided into three parts:
@@ -205,17 +222,20 @@ On the flip side, people with *Remote* 3PID scopes will not be found from other
 Use the following values:
 ```yaml
-session.policy.validation.enabled: true
+session:
-session.policy.validation.forLocal:
+  policy:
-  enabled: true
+    validation:
-  toLocal: true
+      enabled: true
-  toRemote:
+      forLocal:
-    enabled: false
+        enabled: true
-session.policy.validation.forRemote:
+        toLocal: true
-  enabled: true
+        toRemote:
-  toLocal: true
+          enabled: false
-  toRemote:
+      forRemote:
-    enabled: false
+        enabled: true
        toLocal: true
        toRemote:
          enabled: false
 ```
 **IMPORTANT**: When using local-only mode and if you are using synapse, you will also need to enable its dedicated Identity
@@ -231,17 +251,20 @@ Typical use cases:
 Use the following values:
 ```yaml
-session.policy.validation.enabled: true
+session:
-session.policy.validation.forLocal:
+  policy:
-  enabled: true
+    validation:
-  toLocal: false
+      enabled: true
-  toRemote:
+      forLocal:
-    enabled: true
+        enabled: true
-session.policy.validation.forRemote:
+        toLocal: false
-  enabled: true
+        toRemote:
-  toLocal: false
+          enabled: true
-  toRemote:
+      forRemote:
-    enabled: true
+        enabled: true
        toLocal: false
        toRemote:
          enabled: true
 ```
 #### Sessions disabled
@@ -258,5 +281,8 @@ It is therefore recommended to not fully disable sessions but instead restrict s
 Use the following values to enable this mode:
 ```yaml
-session.policy.validation.enabled: false
+session:
  policy:
    validation:
      enabled: false
 ```
--- a/application.example.yaml
+++ b/application.example.yaml
@@ -1,50 +1,46 @@
 # Sample configuration file explaining the minimum required keys to be set to run mxisd
 #
-# For a complete list of options, see https://github.com/kamax-matrix/mxisd
+# For a complete list of options, see https://github.com/kamax-matrix/mxisd/docs/README.md
 #######################
 # Matrix config items #
 #######################
 # Matrix domain, same as the domain configure in your Homeserver configuration.
-# (note: in Synapse Homeserver, the Matrix domain may be defined as 'server_name' in configuration file).
+# NOTE: in Synapse Homeserver, the Matrix domain is defined as 'server_name' in configuration file.
 #
-# This is used to build the various identifiers for identity, auth and directory.
+# This is used to build the various identifiers in all the features.
-matrix.domain: ''
+matrix:
  domain: ''
 ################
 # Signing keys #
 ################
 # Absolute path for the Identity Server signing key.
-# During testing, /var/tmp/mxisd.key is a possible value
+# This is **NOT** your homeserver key.
 # The signing key is auto-generated during execution time if not present.
 #
 # During testing, /var/tmp/mxisd.key is a possible value
 # For production, recommended location shall be one of the following:
 #   - /var/opt/mxisd/sign.key
 #   - /var/local/mxisd/sign.key
 #   - /var/lib/mxisd/sign.key
 #
-# The signing key is auto-generated during execution time if not present.
+key:
-key.path: ''
+  path: ''
-############################
+# Path to the SQLite DB file for mxisd internal storage
 # Persistence config items #
 ############################
 # Configure the storage backend, usually a DB
 # Possible built-in values:
 #   sqlite                      SQLite backend, default
 #
 #storage.backend: 'sqlite'
 # Path to the SQLite DB file
 #
 # Examples:
 #  - /var/opt/mxisd/mxisd.db
 #  - /var/local/mxisd/mxisd.db
 #  - /var/lib/mxisd/mxisd.db
 #
-storage.provider.sqlite.database: '/path/to/mxisd.db'
+storage:
  provider:
    sqlite:
      database: '/path/to/mxisd.db'
 ####################
@@ -52,63 +48,69 @@ storage.provider.sqlite.database: '/path/to/mxisd.db'
 ####################
 #
 # Root/Central servers to be used as final fallback when performing lookups.
-# By default, for privacy reasons, matrix.org servers are not enabled anymore.
+# By default, for privacy reasons, matrix.org servers are not enabled.
 # See the following issue: https://github.com/kamax-matrix/mxisd/issues/76
 #
 # If you would like to use them and trade away your privacy for convenience, uncomment the following option:
 #
-#forward.servers: ['matrix-org']
+#forward:
 #  servers: ['matrix-org']
 ################
 # LDAP Backend #
 ################
 # If you would like to integrate with your AD/Samba/LDAP server,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/ldap.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/ldap.md
 ###############
 # SQL Backend #
 ###############
 # If you would like to integrate with a MySQL/MariaDB/PostgreQL/SQLite DB,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/sql.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/sql.md
 ################
 # REST Backend #
 ################
 # If you would like to integrate with an existing web service/webapp,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/backends/rest.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/stores/rest.md
 #################################################
 # Notifications for invites/addition to profile #
 #################################################
 # If you would like to change the content,
-# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notifications/template-generator.md
+# see https://github.com/kamax-matrix/mxisd/blob/master/docs/threepids/notification/template-generator.md
 #
 #### E-mail invite sender
-#
+threepid:
-# SMTP host
+  medium:
-threepid.medium.email.connectors.smtp.host: "smtp.example.org"
+    email:
      identity:
        # The e-mail to send as.
        from: "matrix-identity@example.org"
-# SMTP port
+      connectors:
-threepid.medium.email.connectors.smtp.port: 587
+        smtp:
          # SMTP host
          host: "smtp.example.org"
-# TLS mode for the connection.
+          # SMTP port
-#
+          port: 587
 # Possible values:
 #  0    Disable TLS entirely
 #  1    Enable TLS if supported by server (default)
 #  2    Force TLS and fail if not available
 #
 #threepid.medium.email.connectors.smtp.tls: 1
-# Login for SMTP
+          # TLS mode for the connection.
-threepid.medium.email.connectors.smtp.login: "matrix-identity@example.org"
+          #
          # Possible values:
          #  0    Disable TLS entirely
          #  1    Enable TLS if supported by server (default)
          #  2    Force TLS and fail if not available
          #
          tls: 1
-# Password for the account
+          # Login for SMTP
-threepid.medium.email.connectors.smtp.password: "ThePassword"
+          login: "matrix-identity@example.org"
-# The e-mail to send as.
+          # Password for the account
-threepid.medium.email.identity.from: "matrix-identity@example.org"
+          password: "ThePassword"
--- a/src/debian/postinst
+++ b/src/debian/postinst
@@ -6,8 +6,8 @@ useradd -r mxisd || true
 # Set permissions for data directory
 chown -R mxisd:mxisd %DEB_DATA_DIR%
-# Create symlink to mxusd
+# Create symlink to mxisd run script
-ln -sfT /usr/lib/mxisd/mxisd.jar /usr/bin/mxisd
+ln -sfT /usr/lib/mxisd/mxisd /usr/bin/mxisd
 # Enable systemd service
 systemctl enable mxisd.service
--- a/src/docker/start.sh
+++ b/src/docker/start.sh
@@ -1,25 +1,34 @@
-#!/usr/bin/env bash
+#!/bin/bash
 if [[ -n "$CONF_FILE_PATH" ]] && [ ! -f "$CONF_FILE_PATH" ]; then
    echo "Generating config file $CONF_FILE_PATH"
    touch "CONF_FILE_PATH"
    if [[ -n "$MATRIX_DOMAIN" ]]; then
        echo "Setting matrix domain to $MATRIX_DOMAIN"
-        echo "matrix.domain: $MATRIX_DOMAIN" >> "$CONF_FILE_PATH"
+        echo "matrix:" >> "$CONF_FILE_PATH"
        echo "  domain: '$MATRIX_DOMAIN'" >> "$CONF_FILE_PATH"
        echo >> "$CONF_FILE_PATH"
    fi
    if [[ -n "$SIGN_KEY_PATH" ]]; then
        echo "Setting signing key path to $SIGN_KEY_PATH"
-        echo "key.path: $SIGN_KEY_PATH" >> "$CONF_FILE_PATH"
+        echo "key:" >> "$CONF_FILE_PATH"
        echo "  path: '$SIGN_KEY_PATH'" >> "$CONF_FILE_PATH"
        echo >> "$CONF_FILE_PATH"
    fi
    if [[ -n "$SQLITE_DATABASE_PATH" ]]; then
        echo "Setting SQLite DB path to $SQLITE_DATABASE_PATH"
-        echo "storage.provider.sqlite.database: $SQLITE_DATABASE_PATH" >> "$CONF_FILE_PATH"
+        echo "storage:" >> "$CONF_FILE_PATH"
        echo "  provider:" >> "$CONF_FILE_PATH"
        echo "    sqlite:" >> "$CONF_FILE_PATH"
        echo "      database: '$SQLITE_DATABASE_PATH'" >> "$CONF_FILE_PATH"
        echo >> "$CONF_FILE_PATH"
    fi
    echo "Starting mxisd..."
    echo
 fi
-exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -Dspring.config.location=/etc/mxisd/ -Dspring.config.name=mxisd -jar /mxisd.jar
+exec java -jar /app/mxisd.jar -c /etc/mxisd/mxisd.yaml
--- a/src/main/java/edazdarevic/commons/net/CIDRUtils.java
+++ b/src/main/java/edazdarevic/commons/net/CIDRUtils.java
@@ -37,6 +37,7 @@ import java.util.List;
 * both IPv4 and IPv6.
 */
 public class CIDRUtils {
    private final String cidr;
    private InetAddress inetAddress;
@@ -44,7 +45,6 @@ public class CIDRUtils {
    private InetAddress endAddress;
    private final int prefixLength;
    public CIDRUtils(String cidr) throws UnknownHostException {
        this.cidr = cidr;
@@ -66,7 +66,6 @@ public class CIDRUtils {
    private void calculate() throws UnknownHostException {
        ByteBuffer maskBuffer;
        int targetSize;
        if (inetAddress.getAddress().length == 4) {
@@ -120,14 +119,9 @@ public class CIDRUtils {
    }
    public String getNetworkAddress() {
        return this.startAddress.getHostAddress();
    }
    public String getBroadcastAddress() {
        return this.endAddress.getHostAddress();
    }
    public boolean isInRange(String ipAddress) throws UnknownHostException {
        InetAddress address = InetAddress.getByName(ipAddress);
        BigInteger start = new BigInteger(1, this.startAddress.getAddress());
@@ -139,4 +133,5 @@ public class CIDRUtils {
        return (st == -1 || st == 0) && (te == -1 || te == 0);
    }
 }
--- a/src/main/java/io/kamax/mxisd/HttpMxisd.java
+++ b/src/main/java/io/kamax/mxisd/HttpMxisd.java
@@ -0,0 +1,114 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.http.undertow.handler.SaneHandler;
 import io.kamax.mxisd.http.undertow.handler.as.v1.AsNotFoundHandler;
 import io.kamax.mxisd.http.undertow.handler.as.v1.AsTransactionHandler;
 import io.kamax.mxisd.http.undertow.handler.auth.RestAuthHandler;
 import io.kamax.mxisd.http.undertow.handler.auth.v1.LoginGetHandler;
 import io.kamax.mxisd.http.undertow.handler.auth.v1.LoginHandler;
 import io.kamax.mxisd.http.undertow.handler.auth.v1.LoginPostHandler;
 import io.kamax.mxisd.http.undertow.handler.directory.v1.UserDirectorySearchHandler;
 import io.kamax.mxisd.http.undertow.handler.identity.v1.*;
 import io.kamax.mxisd.http.undertow.handler.profile.v1.InternalProfileHandler;
 import io.kamax.mxisd.http.undertow.handler.profile.v1.ProfileHandler;
 import io.kamax.mxisd.http.undertow.handler.status.StatusHandler;
 import io.undertow.Handlers;
 import io.undertow.Undertow;
 import io.undertow.server.HttpHandler;
 public class HttpMxisd {
    // Core
    private Mxisd m;
    // I/O
    private Undertow httpSrv;
    public HttpMxisd(MxisdConfig cfg) {
        m = new Mxisd(cfg);
    }
    public void start() {
        m.start();
        HttpHandler asNotFoundHandler = SaneHandler.around(new AsNotFoundHandler(m.getAs()));
        HttpHandler asTxnHandler = SaneHandler.around(new AsTransactionHandler(m.getAs()));
        HttpHandler storeInvHandler = SaneHandler.around(new StoreInviteHandler(m.getConfig().getServer(), m.getInvitationManager(), m.getKeyManager()));
        HttpHandler sessValidateHandler = SaneHandler.around(new SessionValidateHandler(m.getSession(), m.getConfig().getServer(), m.getConfig().getView()));
        httpSrv = Undertow.builder().addHttpListener(m.getConfig().getServer().getPort(), "0.0.0.0").setHandler(Handlers.routing()
                // Status endpoints
                .get(StatusHandler.Path, SaneHandler.around(new StatusHandler()))
                // Authentication endpoints
                .get(LoginHandler.Path, SaneHandler.around(new LoginGetHandler(m.getAuth(), m.getHttpClient())))
                .post(LoginHandler.Path, SaneHandler.around(new LoginPostHandler(m.getAuth())))
                .post(RestAuthHandler.Path, SaneHandler.around(new RestAuthHandler(m.getAuth())))
                // Directory endpoints
                .post(UserDirectorySearchHandler.Path, SaneHandler.around(new UserDirectorySearchHandler(m.getDirectory())))
                // Key endpoints
                .get(KeyGetHandler.Path, SaneHandler.around(new KeyGetHandler(m.getKeyManager())))
                .get(RegularKeyIsValidHandler.Path, SaneHandler.around(new RegularKeyIsValidHandler(m.getKeyManager())))
                .get(EphemeralKeyIsValidHandler.Path, SaneHandler.around(new EphemeralKeyIsValidHandler()))
                // Identity endpoints
                .get(HelloHandler.Path, SaneHandler.around(new HelloHandler()))
                .get(SingleLookupHandler.Path, SaneHandler.around(new SingleLookupHandler(m.getIdentity(), m.getSign())))
                .post(BulkLookupHandler.Path, SaneHandler.around(new BulkLookupHandler(m.getIdentity())))
                .post(StoreInviteHandler.Path, storeInvHandler)
                .post(SessionStartHandler.Path, SaneHandler.around(new SessionStartHandler(m.getSession())))
                .get(SessionValidateHandler.Path, sessValidateHandler)
                .post(SessionValidateHandler.Path, sessValidateHandler)
                .get(SessionTpidGetValidatedHandler.Path, SaneHandler.around(new SessionTpidGetValidatedHandler(m.getSession())))
                .post(SessionTpidBindHandler.Path, SaneHandler.around(new SessionTpidBindHandler(m.getSession(), m.getInvitationManager())))
                .get(RemoteIdentityAPIv1.SESSION_REQUEST_TOKEN, SaneHandler.around(new RemoteSessionStartHandler(m.getSession(), m.getConfig().getView())))
                .get(RemoteIdentityAPIv1.SESSION_CHECK, SaneHandler.around(new RemoteSessionCheckHandler(m.getSession(), m.getConfig().getView())))
                // Profile endpoints
                .get(ProfileHandler.Path, SaneHandler.around(new ProfileHandler(m.getProfile())))
                .get(InternalProfileHandler.Path, SaneHandler.around(new InternalProfileHandler(m.getProfile())))
                // Application Service endpoints
                .get("/_matrix/app/v1/users/**", asNotFoundHandler)
                .get("/users/**", asNotFoundHandler) // Legacy endpoint
                .get("/_matrix/app/v1/rooms/**", asNotFoundHandler)
                .get("/rooms/**", asNotFoundHandler) // Legacy endpoint
                .put(AsTransactionHandler.Path, asTxnHandler)
                .put("/transactions/{" + AsTransactionHandler.ID + "}", asTxnHandler) // Legacy endpoint
        ).build();
        httpSrv.start();
    }
    public void stop() {
        httpSrv.stop();
        m.stop();
    }
 }
--- a/src/main/java/io/kamax/mxisd/Mxisd.java
+++ b/src/main/java/io/kamax/mxisd/Mxisd.java
@@ -0,0 +1,172 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 import io.kamax.matrix.crypto.KeyManager;
 import io.kamax.matrix.crypto.SignatureManager;
 import io.kamax.mxisd.as.AppSvcManager;
 import io.kamax.mxisd.auth.AuthManager;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.backend.sql.synapse.Synapse;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.crypto.CryptoFactory;
 import io.kamax.mxisd.directory.DirectoryManager;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.dns.ClientDnsOverwrite;
 import io.kamax.mxisd.dns.FederationDnsOverwrite;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.lookup.fetcher.IRemoteIdentityServerFetcher;
 import io.kamax.mxisd.lookup.provider.BridgeFetcher;
 import io.kamax.mxisd.lookup.provider.RemoteIdentityServerFetcher;
 import io.kamax.mxisd.lookup.strategy.LookupStrategy;
 import io.kamax.mxisd.lookup.strategy.RecursivePriorityLookupStrategy;
 import io.kamax.mxisd.notification.NotificationHandlerSupplier;
 import io.kamax.mxisd.notification.NotificationHandlers;
 import io.kamax.mxisd.notification.NotificationManager;
 import io.kamax.mxisd.profile.ProfileManager;
 import io.kamax.mxisd.profile.ProfileProviders;
 import io.kamax.mxisd.session.SessionMananger;
 import io.kamax.mxisd.storage.IStorage;
 import io.kamax.mxisd.storage.ormlite.OrmLiteSqlStorage;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import java.util.ServiceLoader;
 public class Mxisd {
    protected MxisdConfig cfg;
    protected CloseableHttpClient httpClient;
    protected IRemoteIdentityServerFetcher srvFetcher;
    protected IStorage store;
    protected KeyManager keyMgr;
    protected SignatureManager signMgr;
    // Features
    protected AuthManager authMgr;
    protected DirectoryManager dirMgr;
    protected LookupStrategy idStrategy;
    protected InvitationManager invMgr;
    protected ProfileManager pMgr;
    protected AppSvcManager asHander;
    protected SessionMananger sessMgr;
    protected NotificationManager notifMgr;
    public Mxisd(MxisdConfig cfg) {
        this.cfg = cfg.build();
    }
    protected void build() {
        httpClient = HttpClients.custom()
                .setUserAgent("mxisd")
                .setMaxConnPerRoute(Integer.MAX_VALUE)
                .setMaxConnTotal(Integer.MAX_VALUE)
                .build();
        srvFetcher = new RemoteIdentityServerFetcher(httpClient);
        store = new OrmLiteSqlStorage(cfg);
        keyMgr = CryptoFactory.getKeyManager(cfg.getKey());
        signMgr = CryptoFactory.getSignatureManager(keyMgr, cfg.getServer());
        ClientDnsOverwrite clientDns = new ClientDnsOverwrite(cfg.getDns().getOverwrite());
        FederationDnsOverwrite fedDns = new FederationDnsOverwrite(cfg.getDns().getOverwrite());
        Synapse synapse = new Synapse(cfg.getSynapseSql());
        BridgeFetcher bridgeFetcher = new BridgeFetcher(cfg.getLookup().getRecursive().getBridge(), srvFetcher);
        ServiceLoader.load(IdentityStoreSupplier.class).iterator().forEachRemaining(p -> p.accept(this));
        ServiceLoader.load(NotificationHandlerSupplier.class).iterator().forEachRemaining(p -> p.accept(this));
        idStrategy = new RecursivePriorityLookupStrategy(cfg.getLookup(), ThreePidProviders.get(), bridgeFetcher);
        pMgr = new ProfileManager(ProfileProviders.get(), clientDns, httpClient);
        notifMgr = new NotificationManager(cfg.getNotification(), NotificationHandlers.get());
        sessMgr = new SessionMananger(cfg.getSession(), cfg.getMatrix(), store, notifMgr, httpClient);
        invMgr = new InvitationManager(cfg.getInvite(), store, idStrategy, signMgr, fedDns, notifMgr);
        authMgr = new AuthManager(cfg, AuthProviders.get(), idStrategy, invMgr, clientDns, httpClient);
        dirMgr = new DirectoryManager(cfg.getDirectory(), clientDns, httpClient, DirectoryProviders.get());
        asHander = new AppSvcManager(cfg, store, pMgr, notifMgr, synapse);
    }
    public MxisdConfig getConfig() {
        return cfg;
    }
    public CloseableHttpClient getHttpClient() {
        return httpClient;
    }
    public IRemoteIdentityServerFetcher getServerFetcher() {
        return srvFetcher;
    }
    public KeyManager getKeyManager() {
        return keyMgr;
    }
    public InvitationManager getInvitationManager() {
        return invMgr;
    }
    public LookupStrategy getIdentity() {
        return idStrategy;
    }
    public AuthManager getAuth() {
        return authMgr;
    }
    public SessionMananger getSession() {
        return sessMgr;
    }
    public DirectoryManager getDirectory() {
        return dirMgr;
    }
    public ProfileManager getProfile() {
        return pMgr;
    }
    public SignatureManager getSign() {
        return signMgr;
    }
    public AppSvcManager getAs() {
        return asHander;
    }
    public NotificationManager getNotif() {
        return notifMgr;
    }
    public void start() {
        build();
    }
    public void stop() {
        // no-op
    }
 }
--- a/src/main/java/io/kamax/mxisd/MxisdStandaloneExec.java
+++ b/src/main/java/io/kamax/mxisd/MxisdStandaloneExec.java
@@ -0,0 +1,69 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.config.YamlConfigLoader;
 import org.apache.commons.lang3.StringUtils;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.Objects;
 public class MxisdStandaloneExec {
    public static void main(String[] args) throws IOException {
        MxisdConfig cfg = null;
        Iterator<String> argsIt = Arrays.asList(args).iterator();
        while (argsIt.hasNext()) {
            String arg = argsIt.next();
            if (StringUtils.equals("-c", arg)) {
                String cfgFile = argsIt.next();
                cfg = YamlConfigLoader.loadFromFile(cfgFile);
                System.out.println("Loaded configuration from " + cfgFile);
            } else {
                System.out.println("Invalid argument: " + arg);
                System.exit(1);
            }
        }
        if (Objects.isNull(cfg)) {
            cfg = YamlConfigLoader.tryLoadFromFile("mxisd.yaml").orElseGet(MxisdConfig::new);
        }
        try {
            HttpMxisd mxisd = new HttpMxisd(cfg);
            Runtime.getRuntime().addShutdownHook(new Thread(() -> {
                mxisd.stop();
                System.out.println("------------- mxisd stopped -------------");
            }));
            mxisd.start();
            System.out.println("------------- mxisd started -------------");
        } catch (Throwable t) {
            t.printStackTrace();
            System.exit(1);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/UserIdType.java
+++ b/src/main/java/io/kamax/mxisd/UserIdType.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/as/AppServiceHandler.java
+++ b/src/main/java/io/kamax/mxisd/as/AppServiceHandler.java
@@ -1,112 +0,0 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.as;
 import com.google.gson.JsonObject;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
 import io.kamax.matrix.event.EventKey;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.backend.sql.synapse.Synapse;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.notification.NotificationManager;
 import io.kamax.mxisd.profile.ProfileManager;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@Component
 public class AppServiceHandler {
    private final Logger log = LoggerFactory.getLogger(AppServiceHandler.class);
    private MatrixConfig cfg;
    private ProfileManager profiler;
    private NotificationManager notif;
    private Synapse synapse;
    @Autowired
    public AppServiceHandler(MatrixConfig cfg, ProfileManager profiler, NotificationManager notif, Synapse synapse) {
        this.cfg = cfg;
        this.profiler = profiler;
        this.notif = notif;
        this.synapse = synapse;
    }
    public void processTransaction(List<JsonObject> eventsJson) {
        eventsJson.forEach(ev -> {
            if (!StringUtils.equals("m.room.member", GsonUtil.getStringOrNull(ev, "type"))) {
                return;
            }
            if (!StringUtils.equals("invite", GsonUtil.getStringOrNull(ev, "membership"))) {
                return;
            }
            String roomId = GsonUtil.getStringOrNull(ev, "room_id");
            _MatrixID sender = MatrixID.asAcceptable(GsonUtil.getStringOrNull(ev, "sender"));
            EventKey.StateKey.findString(ev).ifPresent(id -> {
                _MatrixID mxid = MatrixID.asAcceptable(id);
                if (!StringUtils.equals(mxid.getDomain(), cfg.getDomain())) {
                    log.debug("Ignoring invite for {}: not a local user");
                    return;
                }
                log.info("Got invite for {}", id);
                boolean wasSent = false;
                List<_ThreePid> tpids = profiler.getThreepids(mxid);
                if (tpids.isEmpty()) {
                    log.info("No email found in identity stores for {}", id);
                }
                for (_ThreePid tpid : tpids) {
                    if (!StringUtils.equals("email", tpid.getMedium())) {
                        continue;
                    }
                    log.info("Found an email address to notify about room invitation: {}", tpid.getAddress());
                    Map<String, String> properties = new HashMap<>();
                    profiler.getDisplayName(sender).ifPresent(name -> properties.put("sender_display_name", name));
                    try {
                        synapse.getRoomName(roomId).ifPresent(name -> properties.put("room_name", name));
                    } catch (RuntimeException e) {
                        log.warn("Unable to fetch room name - Did you provide synapse DB information as documented?");
                        log.warn("Underlying error:", e);
                    }
                    IMatrixIdInvite inv = new MatrixIdInvite(roomId, sender, mxid, tpid.getMedium(), tpid.getAddress(), properties);
                    notif.sendForInvite(inv);
                    wasSent = true;
                }
                log.info("Was notification sent? {}", wasSent);
            });
        });
    }
 }
--- a/src/main/java/io/kamax/mxisd/as/AppSvcManager.java
+++ b/src/main/java/io/kamax/mxisd/as/AppSvcManager.java
@@ -0,0 +1,223 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.as;
 import com.google.gson.JsonObject;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
 import io.kamax.matrix.event.EventKey;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.backend.sql.synapse.Synapse;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.exception.HttpMatrixException;
 import io.kamax.mxisd.exception.NotAllowedException;
 import io.kamax.mxisd.notification.NotificationManager;
 import io.kamax.mxisd.profile.ProfileManager;
 import io.kamax.mxisd.storage.IStorage;
 import io.kamax.mxisd.storage.ormlite.dao.ASTransactionDao;
 import io.kamax.mxisd.util.GsonParser;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.io.InputStream;
 import java.time.Instant;
 import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 public class AppSvcManager {
    private transient final Logger log = LoggerFactory.getLogger(AppSvcManager.class);
    private final GsonParser parser;
    private MatrixConfig cfg;
    private IStorage store;
    private ProfileManager profiler;
    private NotificationManager notif;
    private Synapse synapse;
    private Map<String, CompletableFuture<String>> transactionsInProgress;
    public AppSvcManager(MxisdConfig cfg, IStorage store, ProfileManager profiler, NotificationManager notif, Synapse synapse) {
        this.cfg = cfg.getMatrix();
        this.store = store;
        this.profiler = profiler;
        this.notif = notif;
        this.synapse = synapse;
        parser = new GsonParser();
        transactionsInProgress = new ConcurrentHashMap<>();
    }
    public AppSvcManager withToken(String token) {
        if (StringUtils.isBlank(token)) {
            throw new HttpMatrixException(401, "M_UNAUTHORIZED", "No HS token");
        }
        if (!StringUtils.equals(cfg.getListener().getToken().getHs(), token)) {
            throw new NotAllowedException("Invalid HS token");
        }
        return this;
    }
    public CompletableFuture<String> processTransaction(String txnId, InputStream is) {
        if (StringUtils.isEmpty(txnId)) {
            throw new IllegalArgumentException("Transaction ID cannot be empty");
        }
        synchronized (this) {
            Optional<ASTransactionDao> dao = store.getTransactionResult(cfg.getListener().getLocalpart(), txnId);
            if (dao.isPresent()) {
                log.info("AS Transaction {} already processed - returning computed result", txnId);
                return CompletableFuture.completedFuture(dao.get().getResult());
            }
            CompletableFuture<String> f = transactionsInProgress.get(txnId);
            if (Objects.nonNull(f)) {
                log.info("Returning future for transaction {}", txnId);
                return f;
            }
            transactionsInProgress.put(txnId, new CompletableFuture<>());
        }
        CompletableFuture<String> future = transactionsInProgress.get(txnId);
        Instant start = Instant.now();
        log.info("Processing AS Transaction {}: start", txnId);
        try {
            List<JsonObject> events = GsonUtil.asList(GsonUtil.getArray(parser.parse(is), "events"), JsonObject.class);
            is.close();
            log.debug("{} event(s) parsed", events.size());
            processTransaction(events);
            Instant end = Instant.now();
            String result = "{}";
            try {
                log.info("Saving transaction details to store");
                store.insertTransactionResult(cfg.getListener().getLocalpart(), txnId, end, result);
            } finally {
                log.debug("Removing CompletedFuture from transaction map");
                transactionsInProgress.remove(txnId);
            }
            log.info("Processed AS transaction {} in {} ms", txnId, (Instant.now().toEpochMilli() - start.toEpochMilli()));
            future.complete(result);
        } catch (Exception e) {
            log.error("Unable to properly process transaction {}", txnId, e);
            future.completeExceptionally(e);
        }
        log.info("Processing AS Transaction {}: end", txnId);
        return future;
    }
    public void processTransaction(List<JsonObject> eventsJson) {
        log.info("Processing transaction events: start");
        eventsJson.forEach(ev -> {
            String evId = EventKey.Id.getStringOrNull(ev);
            if (StringUtils.isBlank(evId)) {
                log.warn("Event has no ID, skipping");
                log.debug("Event:\n{}", GsonUtil.getPrettyForLog(ev));
                return;
            }
            log.debug("Event {}: processing start", evId);
            String roomId = EventKey.RoomId.getStringOrNull(ev);
            if (StringUtils.isBlank(roomId)) {
                log.debug("Event has no room ID, skipping");
                return;
            }
            String senderId = EventKey.Sender.getStringOrNull(ev);
            if (StringUtils.isBlank(senderId)) {
                log.debug("Event has no sender ID, skipping");
                return;
            }
            _MatrixID sender = MatrixID.asAcceptable(senderId);
            log.debug("Sender: {}", senderId);
            if (!StringUtils.equals("m.room.member", GsonUtil.getStringOrNull(ev, "type"))) {
                log.debug("This is not a room membership event, skipping");
                return;
            }
            if (!StringUtils.equals("invite", GsonUtil.getStringOrNull(ev, "membership"))) {
                log.debug("This is not an invite event, skipping");
                return;
            }
            String inviteeId = EventKey.StateKey.getStringOrNull(ev);
            if (StringUtils.isBlank(inviteeId)) {
                log.warn("Invalid event: No invitee ID, skipping");
                return;
            }
            _MatrixID invitee = MatrixID.asAcceptable(inviteeId);
            if (!StringUtils.equals(invitee.getDomain(), cfg.getDomain())) {
                log.debug("Ignoring invite for {}: not a local user");
                return;
            }
            log.info("Got invite from {} to {}", senderId, inviteeId);
            boolean wasSent = false;
            List<_ThreePid> tpids = profiler.getThreepids(invitee).stream()
                    .filter(tpid -> ThreePidMedium.Email.is(tpid.getMedium()))
                    .collect(Collectors.toList());
            log.info("Found {} email(s) in identity store for {}", tpids.size(), inviteeId);
            for (_ThreePid tpid : tpids) {
                log.info("Found Email to notify about room invitation: {}", tpid.getAddress());
                Map<String, String> properties = new HashMap<>();
                profiler.getDisplayName(sender).ifPresent(name -> properties.put("sender_display_name", name));
                try {
                    synapse.getRoomName(roomId).ifPresent(name -> properties.put("room_name", name));
                } catch (RuntimeException e) {
                    log.warn("Could not fetch room name", e);
                    log.info("Unable to fetch room name: Did you integrate your Homeserver as documented?");
                }
                IMatrixIdInvite inv = new MatrixIdInvite(roomId, sender, invitee, tpid.getMedium(), tpid.getAddress(), properties);
                notif.sendForInvite(inv);
                log.info("Notification for invite of {} sent to {}", inviteeId, tpid.getAddress());
                wasSent = true;
            }
            log.info("Was notification sent? {}", wasSent);
            log.debug("Event {}: processing end", evId);
        });
        log.info("Processing transaction events: end");
    }
 }
--- a/src/main/java/io/kamax/mxisd/auth/AuthManager.java
+++ b/src/main/java/io/kamax/mxisd/auth/AuthManager.java
@@ -20,37 +20,92 @@
 package io.kamax.mxisd.auth;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 import com.google.i18n.phonenumbers.NumberParseException;
 import com.google.i18n.phonenumbers.PhoneNumberUtil;
 import com.google.i18n.phonenumbers.Phonenumber;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.ThreePid;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.AuthenticationConfig;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.dns.ClientDnsOverwrite;
 import io.kamax.mxisd.exception.RemoteLoginException;
 import io.kamax.mxisd.invitation.InvitationManager;
 import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.strategy.LookupStrategy;
 import io.kamax.mxisd.util.RestClientUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import java.io.IOException;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
@Service
 public class AuthManager {
-    private Logger log = LoggerFactory.getLogger(AuthManager.class);
+    private static final String TypeKey = "type";
    private static final String UserKey = "user";
    private static final String IdentifierKey = "identifier";
    private static final String ThreepidMediumKey = "medium";
    private static final String ThreepidAddressKey = "address";
    private static final String UserIdTypeValue = "m.id.user";
    private static final String ThreepidTypeValue = "m.id.thirdparty";
-    @Autowired
+    private transient final Logger log = LoggerFactory.getLogger(AuthManager.class);
-    private List<AuthenticatorProvider> providers = new ArrayList<>();
+    private final Gson gson = GsonUtil.get(); // FIXME replace
-    @Autowired
+    private List<AuthenticatorProvider> providers;
    private MatrixConfig mxCfg;
-
+    private AuthenticationConfig cfg;
    @Autowired
    private InvitationManager invMgr;
    private ClientDnsOverwrite dns;
    private LookupStrategy strategy;
    private CloseableHttpClient client;
    public AuthManager(
            MxisdConfig cfg,
            List<? extends AuthenticatorProvider> providers,
            LookupStrategy strategy,
            InvitationManager invMgr,
            ClientDnsOverwrite dns,
            CloseableHttpClient client
    ) {
        this.cfg = cfg.getAuth();
        this.mxCfg = cfg.getMatrix();
        this.providers = new ArrayList<>(providers);
        this.strategy = strategy;
        this.invMgr = invMgr;
        this.dns = dns;
        this.client = client;
    }
    public String resolveProxyUrl(URI target) {
        URIBuilder builder = dns.transform(target);
        String urlToLogin = builder.toString();
        log.info("Proxy resolution: {} to {}", target.toString(), urlToLogin);
        return urlToLogin;
    }
    public UserAuthResult authenticate(String id, String password) {
        _MatrixID mxid = MatrixID.asAcceptable(id);
@@ -92,4 +147,128 @@ public class AuthManager {
        return new UserAuthResult().failure();
    }
    public String proxyLogin(URI target, String body) {
        JsonObject reqJsonObject = io.kamax.matrix.json.GsonUtil.parseObj(body);
        GsonUtil.findObj(reqJsonObject, IdentifierKey).ifPresent(obj -> {
            GsonUtil.findString(obj, TypeKey).ifPresent(type -> {
                if (StringUtils.equals(type, UserIdTypeValue)) {
                    log.info("Login request is User ID type");
                    if (cfg.getRewrite().getUser().getRules().isEmpty()) {
                        log.info("No User ID rewrite rules to apply");
                    } else {
                        log.info("User ID rewrite rules: checking for a match");
                        String userId = GsonUtil.getStringOrThrow(obj, UserKey);
                        for (AuthenticationConfig.Rule m : cfg.getRewrite().getUser().getRules()) {
                            if (m.getPattern().matcher(userId).matches()) {
                                log.info("Found matching pattern, resolving to 3PID with medium {}", m.getMedium());
                                // Remove deprecated login info on the top object if exists to avoid duplication
                                reqJsonObject.remove(UserKey);
                                obj.addProperty(TypeKey, ThreepidTypeValue);
                                obj.addProperty(ThreepidMediumKey, m.getMedium());
                                obj.addProperty(ThreepidAddressKey, userId);
                                log.info("Rewrite to 3PID done");
                            }
                        }
                        log.info("User ID rewrite rules: done checking rules");
                    }
                }
            });
        });
        GsonUtil.findObj(reqJsonObject, IdentifierKey).ifPresent(obj -> {
            GsonUtil.findString(obj, TypeKey).ifPresent(type -> {
                if (StringUtils.equals(type, ThreepidTypeValue)) {
                    // Remove deprecated login info if exists to avoid duplication
                    reqJsonObject.remove(ThreepidMediumKey);
                    reqJsonObject.remove(ThreepidAddressKey);
                    GsonUtil.findPrimitive(obj, ThreepidMediumKey).ifPresent(medium -> {
                        GsonUtil.findPrimitive(obj, ThreepidAddressKey).ifPresent(address -> {
                            log.info("Login request with medium '{}' and address '{}'", medium.getAsString(), address.getAsString());
                            strategy.findLocal(medium.getAsString(), address.getAsString()).ifPresent(lookupDataOpt -> {
                                obj.remove(ThreepidMediumKey);
                                obj.remove(ThreepidAddressKey);
                                obj.addProperty(TypeKey, UserIdTypeValue);
                                obj.addProperty(UserKey, lookupDataOpt.getMxid().getLocalPart());
                            });
                        });
                    });
                }
                if (StringUtils.equals(type, "m.id.phone")) {
                    // Remove deprecated login info if exists to avoid duplication
                    reqJsonObject.remove(ThreepidMediumKey);
                    reqJsonObject.remove(ThreepidAddressKey);
                    GsonUtil.findPrimitive(obj, "number").ifPresent(number -> {
                        GsonUtil.findPrimitive(obj, "country").ifPresent(country -> {
                            log.info("Login request with phone '{}'-'{}'", country.getAsString(), number.getAsString());
                            try {
                                PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
                                Phonenumber.PhoneNumber phoneNumber = phoneUtil.parse(number.getAsString(), country.getAsString());
                                String msisdn = phoneUtil.format(phoneNumber, PhoneNumberUtil.PhoneNumberFormat.E164).replace("+", "");
                                String medium = "msisdn";
                                strategy.findLocal(medium, msisdn).ifPresent(lookupDataOpt -> {
                                    obj.remove("country");
                                    obj.remove("number");
                                    obj.addProperty(TypeKey, UserIdTypeValue);
                                    obj.addProperty(UserKey, lookupDataOpt.getMxid().getLocalPart());
                                });
                            } catch (NumberParseException e) {
                                log.error("Not a valid phone number");
                                throw new RuntimeException(e);
                            }
                        });
                    });
                }
            });
        });
        // invoke 'login' on homeserver
        HttpPost httpPost = RestClientUtils.post(resolveProxyUrl(target), gson, reqJsonObject);
        try (CloseableHttpResponse httpResponse = client.execute(httpPost)) {
            // check http status
            int status = httpResponse.getStatusLine().getStatusCode();
            log.info("http status = {}", status);
            if (status != 200) {
                // try to get possible json error message from response
                // otherwise just get returned plain error message
                String errcode = String.valueOf(httpResponse.getStatusLine().getStatusCode());
                String error = EntityUtils.toString(httpResponse.getEntity());
                if (httpResponse.getEntity() != null) {
                    try {
                        JsonObject bodyJson = new JsonParser().parse(error).getAsJsonObject();
                        if (bodyJson.has("errcode")) {
                            errcode = bodyJson.get("errcode").getAsString();
                        }
                        if (bodyJson.has("error")) {
                            error = bodyJson.get("error").getAsString();
                        }
                        throw new RemoteLoginException(status, errcode, error, bodyJson);
                    } catch (JsonSyntaxException e) {
                        log.warn("Response body is not JSON");
                    }
                }
                throw new RemoteLoginException(status, errcode, error);
            }
            // return response
            HttpEntity entity = httpResponse.getEntity();
            if (Objects.isNull(entity)) {
                log.warn("Expected HS to return data but got nothing");
                return "";
            } else {
                return IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/auth/AuthProviders.java
+++ b/src/main/java/io/kamax/mxisd/auth/AuthProviders.java
@@ -0,0 +1,42 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2017 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.auth;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 public class AuthProviders {
    private static final List<Supplier<? extends AuthenticatorProvider>> suppliers = new ArrayList<>();
    public static void register(Supplier<? extends AuthenticatorProvider> supplier) {
        suppliers.add(supplier);
    }
    public static List<? extends AuthenticatorProvider> get() {
        return suppliers.stream().map(Supplier::get).collect(Collectors.toList());
    }
 }
--- a/src/main/java/io/kamax/mxisd/auth/UserAuthResult.java
+++ b/src/main/java/io/kamax/mxisd/auth/UserAuthResult.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/auth/provider/AuthenticatorProvider.java
+++ b/src/main/java/io/kamax/mxisd/auth/provider/AuthenticatorProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/IdentityStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/IdentityStoreSupplier.java
@@ -0,0 +1,29 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend;
 import io.kamax.mxisd.Mxisd;
 import java.util.function.Consumer;
 public interface IdentityStoreSupplier extends Consumer<Mxisd> {
 }
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecAuthStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecAuthStore.java
@@ -33,20 +33,16 @@ import io.kamax.mxisd.exception.InternalServerError;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.Objects;
 import java.util.Optional;
@Component
 public class ExecAuthStore extends ExecStore implements AuthenticatorProvider {
-    private final Logger log = LoggerFactory.getLogger(ExecAuthStore.class);
+    private transient final Logger log = LoggerFactory.getLogger(ExecAuthStore.class);
    private ExecConfig.Auth cfg;
    @Autowired
    public ExecAuthStore(ExecConfig cfg) {
        this.cfg = Objects.requireNonNull(cfg.getAuth());
    }
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecDirectoryStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecDirectoryStore.java
@@ -24,22 +24,19 @@ import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.mxisd.config.ExecConfig;
 import io.kamax.mxisd.config.MatrixConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchRequest;
+import io.kamax.mxisd.config.MxisdConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
+import io.kamax.mxisd.directory.DirectoryProvider;
-import io.kamax.mxisd.directory.IDirectoryProvider;
+import io.kamax.mxisd.http.io.UserDirectorySearchRequest;
 import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
-@Component
+public class ExecDirectoryStore extends ExecStore implements DirectoryProvider {
 public class ExecDirectoryStore extends ExecStore implements IDirectoryProvider {
    private ExecConfig.Directory cfg;
    private MatrixConfig mxCfg;
-    @Autowired
+    public ExecDirectoryStore(MxisdConfig cfg) {
-    public ExecDirectoryStore(ExecConfig cfg, MatrixConfig mxCfg) {
+        this(cfg.getExec().getDirectory(), cfg.getMatrix());
        this(cfg.getDirectory(), mxCfg);
    }
    public ExecDirectoryStore(ExecConfig.Directory cfg, MatrixConfig mxCfg) {
@@ -47,11 +44,6 @@ public class ExecDirectoryStore extends ExecStore implements IDirectoryProvider
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    private UserDirectorySearchResult search(ExecConfig.Process cfg, UserDirectorySearchRequest request) {
        if (StringUtils.isEmpty(cfg.getCommand())) {
            return UserDirectorySearchResult.empty();
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecIdentityStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecIdentityStore.java
@@ -40,8 +40,6 @@ import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.Collections;
 import java.util.List;
@@ -49,15 +47,13 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Collectors;
@Component
 public class ExecIdentityStore extends ExecStore implements IThreePidProvider {
-    private final Logger log = LoggerFactory.getLogger(ExecIdentityStore.class);
+    private transient final Logger log = LoggerFactory.getLogger(ExecIdentityStore.class);
    private final ExecConfig.Identity cfg;
    private final MatrixConfig mxCfg;
    @Autowired
    public ExecIdentityStore(ExecConfig cfg, MatrixConfig mxCfg) {
        this(cfg.getIdentity(), mxCfg);
    }
@@ -67,11 +63,6 @@ public class ExecIdentityStore extends ExecStore implements IThreePidProvider {
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecIdentityStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecIdentityStoreSupplier.java
@@ -0,0 +1,56 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.exec;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class ExecIdentityStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getExec().getAuth().isEnabled()) {
            AuthProviders.register(() -> new ExecAuthStore(cfg.getExec()));
        }
        if (cfg.getExec().getDirectory().isEnabled()) {
            DirectoryProviders.register(() -> new ExecDirectoryStore(cfg));
        }
        if (cfg.getExec().getIdentity().isEnabled()) {
            ThreePidProviders.register(() -> new ExecIdentityStore(cfg.getExec(), cfg.getMatrix()));
        }
        if (cfg.getExec().getProfile().isEnabled()) {
            ProfileProviders.register(() -> new ExecProfileStore(cfg.getExec()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecProfileStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecProfileStore.java
@@ -28,19 +28,15 @@ import io.kamax.mxisd.profile.JsonProfileRequest;
 import io.kamax.mxisd.profile.JsonProfileResult;
 import io.kamax.mxisd.profile.ProfileProvider;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
@Component
 public class ExecProfileStore extends ExecStore implements ProfileProvider {
    private ExecConfig.Profile cfg;
    @Autowired
    public ExecProfileStore(ExecConfig cfg) {
        this(cfg.getProfile());
    }
@@ -49,11 +45,6 @@ public class ExecProfileStore extends ExecStore implements ProfileProvider {
        this.cfg = cfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    private Optional<JsonProfileResult> getFull(_MatrixID userId, ExecConfig.Process cfg) {
        Processor<Optional<JsonProfileResult>> p = new Processor<>(cfg);
--- a/src/main/java/io/kamax/mxisd/backend/exec/ExecStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/exec/ExecStore.java
@@ -47,7 +47,7 @@ public class ExecStore {
        return GsonUtil.get().toJson(o);
    }
-    private final Logger log = LoggerFactory.getLogger(ExecStore.class);
+    private transient final Logger log = LoggerFactory.getLogger(ExecStore.class);
    private Supplier<ProcessExecutor> executorSupplier = () -> new ProcessExecutor().readOutput(true);
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseAuthenticator.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseAuthenticator.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -29,6 +29,7 @@ import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.UserIdType;
 import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.FirebaseConfig;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -38,10 +39,14 @@ import java.util.concurrent.TimeUnit;
 public class GoogleFirebaseAuthenticator extends GoogleFirebaseBackend implements AuthenticatorProvider {
-    private Logger log = LoggerFactory.getLogger(GoogleFirebaseAuthenticator.class);
+    private transient final Logger log = LoggerFactory.getLogger(GoogleFirebaseAuthenticator.class);
    private PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
    public GoogleFirebaseAuthenticator(FirebaseConfig cfg) {
        this(cfg.isEnabled(), cfg.getCredentials(), cfg.getDatabase());
    }
    public GoogleFirebaseAuthenticator(boolean isEnabled, String credsPath, String db) {
        super(isEnabled, "AuthenticationProvider", credsPath, db);
    }
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseBackend.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseBackend.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -35,7 +35,7 @@ import java.io.IOException;
 public class GoogleFirebaseBackend {
-    private Logger log = LoggerFactory.getLogger(GoogleFirebaseBackend.class);
+    private transient final Logger log = LoggerFactory.getLogger(GoogleFirebaseBackend.class);
    private boolean isEnabled;
    private FirebaseAuth fbAuth;
@@ -60,7 +60,9 @@ public class GoogleFirebaseBackend {
    private FirebaseCredential getCreds(String credsPath) throws IOException {
        if (StringUtils.isNotBlank(credsPath)) {
-            return FirebaseCredentials.fromCertificate(new FileInputStream(credsPath));
+            try (FileInputStream is = new FileInputStream(credsPath)) {
                return FirebaseCredentials.fromCertificate(is);
            }
        } else {
            return FirebaseCredentials.applicationDefault();
        }
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -25,6 +25,7 @@ import com.google.firebase.tasks.OnFailureListener;
 import com.google.firebase.tasks.OnSuccessListener;
 import io.kamax.matrix.MatrixID;
 import io.kamax.matrix.ThreePidMedium;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
@@ -40,16 +41,20 @@ import java.util.concurrent.TimeUnit;
 public class GoogleFirebaseProvider extends GoogleFirebaseBackend implements IThreePidProvider {
-    private Logger log = LoggerFactory.getLogger(GoogleFirebaseProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(GoogleFirebaseProvider.class);
    private String domain;
    public GoogleFirebaseProvider(MxisdConfig cfg) {
        this(cfg.getFirebase().isEnabled(), cfg.getFirebase().getCredentials(), cfg.getFirebase().getDatabase(), cfg.getMatrix().getDomain());
    }
    public GoogleFirebaseProvider(boolean isEnabled, String credsPath, String db, String domain) {
        super(isEnabled, "ThreePidProvider", credsPath, db);
        this.domain = domain;
    }
    private String getMxid(UserRecord record) {
-        return new MatrixID(record.getUid(), domain).getId();
+        return MatrixID.asAcceptable(record.getUid(), domain).getId();
    }
    @Override
--- a/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/firebase/GoogleFirebaseStoreSupplier.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2018 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -18,21 +18,26 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd.spring;
+package io.kamax.mxisd.backend.firebase;
-import io.kamax.mxisd.exception.ConfigurationException;
+import io.kamax.mxisd.Mxisd;
-import org.springframework.boot.diagnostics.AbstractFailureAnalyzer;
+import io.kamax.mxisd.auth.AuthProviders;
-import org.springframework.boot.diagnostics.FailureAnalysis;
+import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.lookup.ThreePidProviders;
-public class ConfigurationFailureAnalyzer extends AbstractFailureAnalyzer<ConfigurationException> {
+public class GoogleFirebaseStoreSupplier implements IdentityStoreSupplier {
    @Override
-    protected FailureAnalysis analyze(Throwable rootFailure, ConfigurationException cause) {
+    public void accept(Mxisd mxisd) {
-        String message = cause.getMessage();
+        accept(mxisd.getConfig());
-        if (cause.getDetailedMessage().isPresent()) {
+    }
-            message += " - " + cause.getDetailedMessage().get();
+
    public void accept(MxisdConfig cfg) {
        if (cfg.getFirebase().isEnabled()) {
            AuthProviders.register(() -> new GoogleFirebaseAuthenticator(cfg.getFirebase()));
            ThreePidProviders.register(() -> new GoogleFirebaseProvider(cfg));
        }
        return new FailureAnalysis(message, "Double check the key value", cause);
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapAuthProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -30,6 +30,7 @@ import io.kamax.mxisd.auth.provider.AuthenticatorProvider;
 import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.LdapConfig;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.util.GsonUtil;
 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
@@ -42,8 +43,6 @@ import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.HashSet;
@@ -51,14 +50,12 @@ import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@Component
 public class LdapAuthProvider extends LdapBackend implements AuthenticatorProvider {
-    private Logger log = LoggerFactory.getLogger(LdapAuthProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(LdapAuthProvider.class);
    private PhoneNumberUtil phoneUtil = PhoneNumberUtil.getInstance();
    @Autowired
    public LdapAuthProvider(LdapConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
@@ -87,7 +84,6 @@ public class LdapAuthProvider extends LdapBackend implements AuthenticatorProvid
    public BackendAuthResult authenticate(_MatrixID mxid, String password) {
        log.info("Performing auth for {}", mxid);
        try (LdapConnection conn = getConn()) {
            bind(conn);
@@ -108,62 +104,65 @@ public class LdapAuthProvider extends LdapBackend implements AuthenticatorProvid
            String[] attArray = new String[attributes.size()];
            attributes.toArray(attArray);
            log.debug("Base DN: {}", getBaseDn());
            log.debug("Query: {}", userFilter);
            log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
-            try (EntryCursor cursor = conn.search(getBaseDn(), userFilter, SearchScope.SUBTREE, attArray)) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
                    Entry entry = cursor.get();
                    String dn = entry.getDn().getName();
                    log.info("Checking possible match, DN: {}", dn);
-                    if (!getAttribute(entry, getUidAtt()).isPresent()) {
+                try (EntryCursor cursor = conn.search(baseDN, userFilter, SearchScope.SUBTREE, attArray)) {
-                        continue;
+                    while (cursor.next()) {
-                    }
+                        Entry entry = cursor.get();
                        String dn = entry.getDn().getName();
                        log.info("Checking possible match, DN: {}", dn);
-                    log.info("Attempting authentication on LDAP for {}", dn);
+                        if (!getAttribute(entry, getUidAtt()).isPresent()) {
-                    try {
+                            continue;
-                        conn.bind(entry.getDn(), password);
+                        }
                    } catch (LdapException e) {
                        log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
                        return BackendAuthResult.failure();
                    }
-                    Attribute nameAttribute = entry.get(getAt().getName());
+                        log.info("Attempting authentication on LDAP for {}", dn);
-                    String name = nameAttribute != null ? nameAttribute.get().toString() : null;
+                        try {
                            conn.bind(entry.getDn(), password);
                        } catch (LdapException e) {
                            log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
                            return BackendAuthResult.failure();
                        }
-                    log.info("Authentication successful for {}", entry.getDn().getName());
+                        Attribute nameAttribute = entry.get(getAt().getName());
-                    log.info("DN {} is a valid match", dn);
+                        String name = nameAttribute != null ? nameAttribute.get().toString() : null;
-                    // TODO should we canonicalize the MXID?
+                        log.info("Authentication successful for {}", entry.getDn().getName());
-                    BackendAuthResult result = BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
+                        log.info("DN {} is a valid match", dn);
-                    log.info("Processing 3PIDs for profile");
+
-                    getAt().getThreepid().forEach((k, v) -> {
+                        // TODO should we canonicalize the MXID?
-                        log.info("Processing 3PID type {}", k);
+                        BackendAuthResult result = BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
-                        v.forEach(attId -> {
+                        log.info("Processing 3PIDs for profile");
-                            List<String> values = getAttributes(entry, attId);
+                        getAt().getThreepid().forEach((k, v) -> {
-                            log.info("\tAttribute {} has {} value(s)", attId, values.size());
+                            log.info("Processing 3PID type {}", k);
-                            getAttributes(entry, attId).forEach(tpidValue -> {
+                            v.forEach(attId -> {
-                                if (ThreePidMedium.PhoneNumber.is(k)) {
+                                List<String> values = getAttributes(entry, attId);
-                                    tpidValue = getMsisdn(tpidValue).orElse(tpidValue);
+                                log.info("\tAttribute {} has {} value(s)", attId, values.size());
-                                }
+                                getAttributes(entry, attId).forEach(tpidValue -> {
-                                result.withThreePid(new ThreePid(k, tpidValue));
+                                    if (ThreePidMedium.PhoneNumber.is(k)) {
                                        tpidValue = getMsisdn(tpidValue).orElse(tpidValue);
                                    }
                                    result.withThreePid(new ThreePid(k, tpidValue));
                                });
                            });
                        });
                    });
-                    log.info("Found {} 3PIDs", result.getProfile().getThreePids().size());
+                        log.info("Found {} 3PIDs", result.getProfile().getThreePids().size());
-                    return result;
+                        return result;
                    }
                } catch (CursorLdapReferralException e) {
                    log.warn("Entity for {} is only available via referral, skipping", mxid);
                }
            } catch (CursorLdapReferralException e) {
                log.warn("Entity for {} is only available via referral, skipping", mxid);
            }
            log.info("No match were found for {}", mxid);
            return BackendAuthResult.failure();
        } catch (LdapException | IOException | CursorException e) {
-            throw new RuntimeException(e);
+            throw new InternalServerError(e);
        }
    }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapBackend.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapBackend.java
@@ -45,7 +45,7 @@ public abstract class LdapBackend {
    public static final String UID = "uid";
    public static final String MATRIX_ID = "mxid";
-    private Logger log = LoggerFactory.getLogger(LdapBackend.class);
+    private transient final Logger log = LoggerFactory.getLogger(LdapBackend.class);
    private LdapConfig cfg;
    private MatrixConfig mxCfg;
@@ -59,8 +59,8 @@ public abstract class LdapBackend {
        return cfg;
    }
-    protected String getBaseDn() {
+    protected List<String> getBaseDNs() {
-        return cfg.getConnection().getBaseDn();
+        return cfg.getConnection().getBaseDNs();
    }
    protected LdapConfig.Attribute getAt() {
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapDirectoryProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -22,9 +22,9 @@ package io.kamax.mxisd.backend.ldap;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.LdapConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
+import io.kamax.mxisd.directory.DirectoryProvider;
 import io.kamax.mxisd.directory.IDirectoryProvider;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import io.kamax.mxisd.util.GsonUtil;
 import org.apache.directory.api.ldap.model.cursor.CursorException;
 import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException;
@@ -35,28 +35,19 @@ import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
-@Component
+public class LdapDirectoryProvider extends LdapBackend implements DirectoryProvider {
 public class LdapDirectoryProvider extends LdapBackend implements IDirectoryProvider {
-    private Logger log = LoggerFactory.getLogger(LdapDirectoryProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(LdapDirectoryProvider.class);
    @Autowired
    public LdapDirectoryProvider(LdapConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
    @Override
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }
    protected UserDirectorySearchResult search(String query, List<String> attributes) {
        UserDirectorySearchResult result = new UserDirectorySearchResult();
        result.setLimited(false);
@@ -65,32 +56,34 @@ public class LdapDirectoryProvider extends LdapBackend implements IDirectoryProv
            bind(conn);
            LdapConfig.Attribute atCfg = getCfg().getAttribute();
            attributes = new ArrayList<>(attributes);
            attributes.add(getUidAtt());
            String[] attArray = new String[attributes.size()];
            attributes.toArray(attArray);
            String searchQuery = buildOrQueryWithFilter(getCfg().getDirectory().getFilter(), "*" + query + "*", attArray);
            log.debug("Base DN: {}", getBaseDn());
            log.debug("Query: {}", searchQuery);
            log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
-            try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, attArray)) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
-                    Entry entry = cursor.get();
+
-                    log.info("Found possible match, DN: {}", entry.getDn().getName());
+                try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, attArray)) {
-                    getAttribute(entry, getUidAtt()).ifPresent(uid -> {
+                    while (cursor.next()) {
-                        log.info("DN {} is a valid match", entry.getDn().getName());
+                        Entry entry = cursor.get();
-                        try {
+                        log.info("Found possible match, DN: {}", entry.getDn().getName());
-                            UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
+                        getAttribute(entry, getUidAtt()).ifPresent(uid -> {
-                            entryResult.setUserId(buildMatrixIdFromUid(uid));
+                            log.info("DN {} is a valid match", entry.getDn().getName());
-                            getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
+                            try {
-                            result.addResult(entryResult);
+                                UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
-                        } catch (IllegalArgumentException e) {
+                                entryResult.setUserId(buildMatrixIdFromUid(uid));
-                            log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
+                                getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
-                        }
+                                result.addResult(entryResult);
-                    });
+                            } catch (IllegalArgumentException e) {
                                log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
                            }
                        });
                    }
                }
            }
        } catch (CursorLdapReferralException e) {
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapProfileProvider.java
@@ -36,8 +36,6 @@ import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
@@ -45,21 +43,14 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
@Component
 public class LdapProfileProvider extends LdapBackend implements ProfileProvider {
-    private transient Logger log = LoggerFactory.getLogger(LdapProfileProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(LdapProfileProvider.class);
    @Autowired
    public LdapProfileProvider(LdapConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
    @Override
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }
    @Override
    public Optional<String> getDisplayName(_MatrixID userId) {
        String uid = buildUidFromMatrixId(userId);
@@ -69,32 +60,33 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
            bind(conn);
            String searchQuery = buildOrQueryWithFilter(getCfg().getProfile().getFilter(), uid, getUidAtt());
            log.debug("Base DN: {}", getBaseDn());
            log.debug("Query: {}", searchQuery);
-            try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, getAt().getName())) {
+            for (String baseDN : getBaseDNs()) {
-                while (cursor.next()) {
+                log.debug("Base DN: {}", baseDN);
-                    Entry entry = cursor.get();
+                try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, getAt().getName())) {
-                    log.info("Found possible match, DN: {}", entry.getDn().getName());
+                    while (cursor.next()) {
-                    Optional<String> v = getAttribute(entry, getAt().getName()).flatMap(id -> {
+                        Entry entry = cursor.get();
-                        log.info("DN {} is a valid match", entry.getDn().getName());
+                        log.info("Found possible match, DN: {}", entry.getDn().getName());
-                        try {
+                        Optional<String> v = getAttribute(entry, getAt().getName()).flatMap(id -> {
-                            return getAttribute(entry, getAt().getName());
+                            log.info("DN {} is a valid match", entry.getDn().getName());
-                        } catch (IllegalArgumentException e) {
+                            try {
-                            log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
+                                return getAttribute(entry, getAt().getName());
-                            return Optional.empty();
+                            } catch (IllegalArgumentException e) {
-                        }
+                                log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
-                    });
+                                return Optional.empty();
                            }
                        });
-                    if (v.isPresent()) {
+                        if (v.isPresent()) {
-                        log.info("DN {} is the final match", entry.getDn().getName());
+                            log.info("DN {} is the final match", entry.getDn().getName());
-                        return v;
+                            return v;
                        }
                    }
                } catch (CursorLdapReferralException e) {
                    log.warn("An entry is only available via referral, skipping");
                }
            }
        } catch (CursorLdapReferralException e) {
            log.warn("An entry is only available via referral, skipping");
        } catch (IOException | LdapException | CursorException e) {
            throw new InternalServerError(e);
        }
@@ -111,7 +103,6 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
        try (LdapConnection conn = getConn()) {
            bind(conn);
            log.debug("Base DN: {}", getBaseDn());
            getCfg().getAttribute().getThreepid().forEach((medium, attributes) -> {
                String[] attArray = new String[attributes.size()];
                attributes.toArray(attArray);
@@ -120,28 +111,30 @@ public class LdapProfileProvider extends LdapBackend implements ProfileProvider
                log.debug("Query for 3PID {}: {}", medium, searchQuery);
-                try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, attArray)) {
+                for (String baseDN : getBaseDNs()) {
-                    while (cursor.next()) {
+                    log.debug("Base DN: {}", baseDN);
-                        Entry entry = cursor.get();
+                    try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, attArray)) {
-                        log.info("Found possible match, DN: {}", entry.getDn().getName());
+                        while (cursor.next()) {
-                        try {
+                            Entry entry = cursor.get();
-                            attributes.stream()
+                            log.info("Found possible match, DN: {}", entry.getDn().getName());
-                                    .flatMap(at -> getAttributes(entry, at).stream())
+                            try {
-                                    .forEach(address -> {
+                                attributes.stream()
-                                        log.info("Found 3PID: {} - {}", medium, address);
+                                        .flatMap(at -> getAttributes(entry, at).stream())
-                                        threePids.add(new ThreePid(medium, address));
+                                        .forEach(address -> {
-                                    });
+                                            log.info("Found 3PID: {} - {}", medium, address);
-                        } catch (IllegalArgumentException e) {
+                                            threePids.add(new ThreePid(medium, address));
-                            log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
+                                        });
                            } catch (IllegalArgumentException e) {
                                log.warn("Bind was found but type {} is not supported", getAt().getUid().getType());
                            }
                        }
                    } catch (CursorLdapReferralException e) {
                        log.warn("An entry is only available via referral, skipping");
                    } catch (LdapException | IOException | CursorException e) {
                        throw new InternalServerError(e);
                    }
                } catch (CursorLdapReferralException e) {
                    log.warn("An entry is only available via referral, skipping");
                } catch (IOException | LdapException | CursorException e) {
                    throw new InternalServerError(e);
                }
            });
        } catch (IOException | LdapException e) {
            throw new InternalServerError(e);
        }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapStoreSupplier.java
@@ -0,0 +1,47 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.ldap;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class LdapStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getLdap().isEnabled()) {
            AuthProviders.register(() -> new LdapAuthProvider(cfg.getLdap(), cfg.getMatrix()));
            DirectoryProviders.register(() -> new LdapDirectoryProvider(cfg.getLdap(), cfg.getMatrix()));
            ThreePidProviders.register(() -> new LdapThreePidProvider(cfg.getLdap(), cfg.getMatrix()));
            ProfileProviders.register(() -> new LdapProfileProvider(cfg.getLdap(), cfg.getMatrix()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/LdapThreePidProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -37,27 +37,20 @@ import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
@Component
 public class LdapThreePidProvider extends LdapBackend implements IThreePidProvider {
-    private Logger log = LoggerFactory.getLogger(LdapThreePidProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(LdapThreePidProvider.class);
    public LdapThreePidProvider(LdapConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
    @Override
    public boolean isEnabled() {
        return getCfg().isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
@@ -78,28 +71,30 @@ public class LdapThreePidProvider extends LdapBackend implements IThreePidProvid
        // we merge 3PID specific query with global/specific filter, if one exists.
        String tPidQuery = tPidQueryOpt.get().replaceAll(getCfg().getIdentity().getToken(), value);
        String searchQuery = buildWithFilter(tPidQuery, getCfg().getIdentity().getFilter());
        log.debug("Base DN: {}", getBaseDn());
        log.debug("Query: {}", searchQuery);
        log.debug("Attributes: {}", GsonUtil.build().toJson(getUidAtt()));
-        try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, getUidAtt())) {
+        for (String baseDN : getBaseDNs()) {
-            while (cursor.next()) {
+            log.debug("Base DN: {}", baseDN);
                Entry entry = cursor.get();
                log.info("Found possible match, DN: {}", entry.getDn().getName());
-                Optional<String> data = getAttribute(entry, getUidAtt());
+            try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, getUidAtt())) {
-                if (!data.isPresent()) {
+                while (cursor.next()) {
-                    continue;
+                    Entry entry = cursor.get();
                    log.info("Found possible match, DN: {}", entry.getDn().getName());
                    Optional<String> data = getAttribute(entry, getUidAtt());
                    if (!data.isPresent()) {
                        continue;
                    }
                    log.info("DN {} is a valid match", entry.getDn().getName());
                    return Optional.of(buildMatrixIdFromUid(data.get()));
                }
-
+            } catch (CursorLdapReferralException e) {
-                log.info("DN {} is a valid match", entry.getDn().getName());
+                log.warn("3PID {} is only available via referral, skipping", value);
-                return Optional.of(buildMatrixIdFromUid(data.get()));
+            } catch (IOException | LdapException | CursorException e) {
                throw new InternalServerError(e);
            }
        } catch (CursorLdapReferralException e) {
            log.warn("3PID {} is only available via referral, skipping", value);
        } catch (IOException | LdapException | CursorException e) {
            throw new InternalServerError(e);
        }
        return Optional.empty();
--- a/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapAuthProvider.java
@@ -23,9 +23,7 @@ package io.kamax.mxisd.backend.ldap.netiq;
 import io.kamax.mxisd.backend.ldap.LdapAuthProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.netiq.NetIqLdapConfig;
 import org.springframework.stereotype.Component;
@Component
 public class NetIqLdapAuthProvider extends LdapAuthProvider {
    public NetIqLdapAuthProvider(NetIqLdapConfig cfg, MatrixConfig mxCfg) {
--- a/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapDirectoryProvider.java
@@ -23,9 +23,7 @@ package io.kamax.mxisd.backend.ldap.netiq;
 import io.kamax.mxisd.backend.ldap.LdapDirectoryProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.netiq.NetIqLdapConfig;
 import org.springframework.stereotype.Component;
@Component
 public class NetIqLdapDirectoryProvider extends LdapDirectoryProvider {
    public NetIqLdapDirectoryProvider(NetIqLdapConfig cfg, MatrixConfig mxCfg) {
--- a/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapProfileProvider.java
@@ -24,13 +24,9 @@ import io.kamax.matrix._MatrixID;
 import io.kamax.mxisd.backend.ldap.LdapProfileProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.netiq.NetIqLdapConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class NetIqLdapProfileProvider extends LdapProfileProvider {
    @Autowired
    public NetIqLdapProfileProvider(NetIqLdapConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapStoreSupplier.java
@@ -0,0 +1,47 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.ldap.netiq;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class NetIqLdapStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getNetiq().isEnabled()) {
            AuthProviders.register(() -> new NetIqLdapAuthProvider(cfg.getNetiq(), cfg.getMatrix()));
            DirectoryProviders.register(() -> new NetIqLdapDirectoryProvider(cfg.getNetiq(), cfg.getMatrix()));
            ThreePidProviders.register(() -> new NetIqLdapThreePidProvider(cfg.getNetiq(), cfg.getMatrix()));
            ProfileProviders.register(() -> new NetIqLdapProfileProvider(cfg.getNetiq(), cfg.getMatrix()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/ldap/netiq/NetIqLdapThreePidProvider.java
@@ -23,9 +23,7 @@ package io.kamax.mxisd.backend.ldap.netiq;
 import io.kamax.mxisd.backend.ldap.LdapThreePidProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.ldap.netiq.NetIqLdapConfig;
 import org.springframework.stereotype.Component;
@Component
 public class NetIqLdapThreePidProvider extends LdapThreePidProvider {
    public NetIqLdapThreePidProvider(NetIqLdapConfig cfg, MatrixConfig mxCfg) {
--- a/src/main/java/io/kamax/mxisd/backend/memory/MemoryIdentityStore.java
+++ b/src/main/java/io/kamax/mxisd/backend/memory/MemoryIdentityStore.java
@@ -31,8 +31,8 @@ import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.memory.MemoryIdentityConfig;
 import io.kamax.mxisd.config.memory.MemoryStoreConfig;
 import io.kamax.mxisd.config.memory.MemoryThreePid;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
+import io.kamax.mxisd.directory.DirectoryProvider;
-import io.kamax.mxisd.directory.IDirectoryProvider;
+import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import io.kamax.mxisd.lookup.SingleLookupReply;
 import io.kamax.mxisd.lookup.SingleLookupRequest;
 import io.kamax.mxisd.lookup.ThreePidMapping;
@@ -41,8 +41,6 @@ import io.kamax.mxisd.profile.ProfileProvider;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -51,15 +49,13 @@ import java.util.Optional;
 import java.util.function.Function;
 import java.util.function.Predicate;
-@Component
+public class MemoryIdentityStore implements AuthenticatorProvider, DirectoryProvider, IThreePidProvider, ProfileProvider {
 public class MemoryIdentityStore implements AuthenticatorProvider, IDirectoryProvider, IThreePidProvider, ProfileProvider {
-    private final Logger logger = LoggerFactory.getLogger(MemoryIdentityStore.class);
+    private transient final Logger logger = LoggerFactory.getLogger(MemoryIdentityStore.class);
    private final MatrixConfig mxCfg;
    private final MemoryStoreConfig cfg;
    @Autowired
    public MemoryIdentityStore(MatrixConfig mxCfg, MemoryStoreConfig cfg) {
        this.mxCfg = mxCfg;
        this.cfg = cfg;
@@ -148,7 +144,7 @@ public class MemoryIdentityStore implements AuthenticatorProvider, IDirectoryPro
        for (MemoryIdentityConfig id : cfg.getIdentities()) {
            for (MemoryThreePid threepid : id.getThreepids()) {
                if (req.equals(new ThreePid(threepid.getMedium(), threepid.getAddress()))) {
-                    return Optional.of(new SingleLookupReply(request, new MatrixID(id.getUsername(), mxCfg.getDomain())));
+                    return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(id.getUsername(), mxCfg.getDomain())));
                }
            }
        }
--- a/src/main/java/io/kamax/mxisd/backend/memory/MemoryIdentityStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/memory/MemoryIdentityStoreSupplier.java
@@ -0,0 +1,51 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.memory;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 import java.util.function.Supplier;
 public class MemoryIdentityStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getMemory().isEnabled()) {
            Supplier<MemoryIdentityStore> supplier = () -> new MemoryIdentityStore(cfg.getMatrix(), cfg.getMemory());
            AuthProviders.register(supplier);
            DirectoryProviders.register(supplier);
            ThreePidProviders.register(supplier);
            ProfileProviders.register(supplier);
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupBulkResponseJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupBulkResponseJson.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleRequestJson.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleResponseJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/LookupSingleResponseJson.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestAuthProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -27,15 +27,11 @@ import io.kamax.mxisd.config.rest.RestBackendConfig;
 import io.kamax.mxisd.util.RestClientUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
@Component
 public class RestAuthProvider extends RestProvider implements AuthenticatorProvider {
    @Autowired
    public RestAuthProvider(RestBackendConfig cfg) {
        super(cfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestAuthRequestJson.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestAuthRequestJson.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestDirectoryProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -23,21 +23,18 @@ package io.kamax.mxisd.backend.rest;
 import io.kamax.matrix.MatrixID;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.rest.RestBackendConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchRequest;
+import io.kamax.mxisd.directory.DirectoryProvider;
 import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
 import io.kamax.mxisd.directory.IDirectoryProvider;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.http.io.UserDirectorySearchRequest;
 import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import io.kamax.mxisd.util.RestClientUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
-@Component
+public class RestDirectoryProvider extends RestProvider implements DirectoryProvider {
 public class RestDirectoryProvider extends RestProvider implements IDirectoryProvider {
    private MatrixConfig mxCfg;
@@ -46,11 +43,6 @@ public class RestDirectoryProvider extends RestProvider implements IDirectoryPro
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled() && StringUtils.isNotBlank(cfg.getEndpoints().getDirectory());
    }
    private UserDirectorySearchResult search(String by, String query) {
        UserDirectorySearchRequest request = new UserDirectorySearchRequest(query);
        request.setBy(by);
@@ -62,7 +54,7 @@ public class RestDirectoryProvider extends RestProvider implements IDirectoryPro
            UserDirectorySearchResult response = parser.parse(httpResponse, UserDirectorySearchResult.class);
            for (UserDirectorySearchResult.Result result : response.getResults()) {
-                result.setUserId(new MatrixID(result.getUserId(), mxCfg.getDomain()).getId());
+                result.setUserId(MatrixID.asAcceptable(result.getUserId(), mxCfg.getDomain()).getId());
            }
            return response;
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestProfileProvider.java
@@ -0,0 +1,140 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonSyntaxException;
 import io.kamax.matrix._MatrixID;
 import io.kamax.matrix._ThreePid;
 import io.kamax.matrix.json.GsonUtil;
 import io.kamax.matrix.json.InvalidJsonException;
 import io.kamax.mxisd.config.rest.RestBackendConfig;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.profile.JsonProfileRequest;
 import io.kamax.mxisd.profile.JsonProfileResult;
 import io.kamax.mxisd.profile.ProfileProvider;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.function.Function;
 public class RestProfileProvider extends RestProvider implements ProfileProvider {
    private transient final Logger log = LoggerFactory.getLogger(RestProfileProvider.class);
    public RestProfileProvider(RestBackendConfig cfg) {
        super(cfg);
    }
    private <T> Optional<T> doRequest(
            _MatrixID userId,
            Function<RestBackendConfig.ProfileEndpoints, Optional<String>> endpoint,
            Function<JsonProfileResult, Optional<T>> value
    ) {
        return cfg.getEndpoints().getProfile()
                // We get the endpoint
                .flatMap(endpoint)
                // We only continue if there is a value
                .filter(StringUtils::isNotBlank)
                // We use the endpoint
                .flatMap(url -> {
                    try {
                        URIBuilder builder = new URIBuilder(url);
                        HttpPost req = new HttpPost(builder.build());
                        req.setEntity(new StringEntity(GsonUtil.get().toJson(new JsonProfileRequest(userId)), ContentType.APPLICATION_JSON));
                        try (CloseableHttpResponse res = client.execute(req)) {
                            int sc = res.getStatusLine().getStatusCode();
                            if (sc == 404) {
                                log.info("Got 404 - No result found");
                                return Optional.empty();
                            }
                            if (sc != 200) {
                                throw new InternalServerError("Unexpected backed status code: " + sc);
                            }
                            String body = IOUtils.toString(res.getEntity().getContent(), StandardCharsets.UTF_8);
                            if (StringUtils.isBlank(body)) {
                                log.warn("Backend response body is empty/blank, expected JSON object with profile key");
                                return Optional.empty();
                            }
                            Optional<JsonObject> pJson = GsonUtil.findObj(GsonUtil.parseObj(body), "profile");
                            if (!pJson.isPresent()) {
                                log.warn("Backend response body is invalid, expected JSON object with profile key");
                                return Optional.empty();
                            }
                            JsonProfileResult profile = gson.fromJson(pJson.get(), JsonProfileResult.class);
                            return value.apply(profile);
                        }
                    } catch (JsonSyntaxException | InvalidJsonException e) {
                        log.error("Unable to parse backend response as JSON", e);
                        throw new InternalServerError(e);
                    } catch (URISyntaxException e) {
                        log.error("Unable to build a valid request URL", e);
                        throw new InternalServerError(e);
                    } catch (IOException e) {
                        log.error("I/O Error during backend request", e);
                        throw new InternalServerError();
                    }
                });
    }
    @Override
    public Optional<String> getDisplayName(_MatrixID userId) {
        return doRequest(userId, p -> Optional.ofNullable(p.getDisplayName()), profile -> Optional.ofNullable(profile.getDisplayName()));
    }
    @Override
    public List<_ThreePid> getThreepids(_MatrixID userId) {
        return doRequest(userId, p -> Optional.ofNullable(p.getThreepids()), profile -> {
            List<_ThreePid> t = new ArrayList<>();
            if (Objects.nonNull(profile.getThreepids())) {
                t.addAll(profile.getThreepids());
            }
            return Optional.of(t);
        }).orElseGet(Collections::emptyList);
    }
    @Override
    public List<String> getRoles(_MatrixID userId) {
        return doRequest(userId, p -> Optional.ofNullable(p.getRoles()), profile -> {
            List<String> t = new ArrayList<>();
            if (Objects.nonNull(profile.getRoles())) {
                t.addAll(profile.getRoles());
            }
            return Optional.of(t);
        }).orElseGet(Collections::emptyList);
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestStoreSupplier.java
@@ -0,0 +1,47 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.rest;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class RestStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getRest().isEnabled()) {
            AuthProviders.register(() -> new RestAuthProvider(cfg.getRest()));
            DirectoryProviders.register(() -> new RestDirectoryProvider(cfg.getRest(), cfg.getMatrix()));
            ThreePidProviders.register(() -> new RestThreePidProvider(cfg.getRest(), cfg.getMatrix()));
            ProfileProviders.register(() -> new RestProfileProvider(cfg.getRest()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/rest/RestThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/rest/RestThreePidProvider.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2017 Kamax Sarl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -35,8 +35,6 @@ import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.util.ArrayList;
@@ -44,14 +42,12 @@ import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@Component
 public class RestThreePidProvider extends RestProvider implements IThreePidProvider {
-    private Logger log = LoggerFactory.getLogger(RestThreePidProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(RestThreePidProvider.class);
    private MatrixConfig mxCfg; // FIXME should be done in the lookup manager
    @Autowired
    public RestThreePidProvider(RestBackendConfig cfg, MatrixConfig mxCfg) {
        super(cfg);
        this.mxCfg = mxCfg;
@@ -60,17 +56,12 @@ public class RestThreePidProvider extends RestProvider implements IThreePidProvi
    // TODO refactor in lookup manager with above FIXME
    private _MatrixID getMxId(UserID id) {
        if (UserIdType.Localpart.is(id.getType())) {
-            return new MatrixID(id.getValue(), mxCfg.getDomain());
+            return MatrixID.asAcceptable(id.getValue(), mxCfg.getDomain());
        } else {
-            return new MatrixID(id.getValue());
+            return MatrixID.asAcceptable(id.getValue());
        }
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
--- a/src/main/java/io/kamax/mxisd/backend/sql/BuiltInDriverLoader.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/BuiltInDriverLoader.java
@@ -0,0 +1,55 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2019 Kamax Sàrl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql;
 import org.apache.commons.lang3.StringUtils;
 public class BuiltInDriverLoader implements DriverLoader {
    @Override
    public void accept(String s) {
        String className = null;
        if (StringUtils.equals("sqlite", s)) {
            className = "org.sqlite.JDBC";
        }
        if (StringUtils.equals("postgresql", s)) {
            className = "org.postgresql.Driver";
        }
        if (StringUtils.equals("mariadb", s)) {
            className = "org.mariadb.jdbc.Driver";
        }
        if (StringUtils.equals("mysql", s)) {
            className = "org.mariadb.jdbc.Driver";
        }
        if (StringUtils.isNotEmpty(className)) {
            try {
                Class.forName(className);
            } catch (ClassNotFoundException e) {
                throw new RuntimeException(e);
            }
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/DriverLoader.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/DriverLoader.java
@@ -0,0 +1,26 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2019 Kamax Sàrl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql;
 import java.util.function.Consumer;
 public interface DriverLoader extends Consumer<String> {
 }
--- a/src/main/java/io/kamax/mxisd/MatrixIdentityServerApplication.java
+++ b/src/main/java/io/kamax/mxisd/MatrixIdentityServerApplication.java
@@ -1,8 +1,8 @@
 /*
 * mxisd - Matrix Identity Server Daemon
- * Copyright (C) 2017 Maxime Dor
+ * Copyright (C) 2019 Kamax Sàrl
 *
- * https://max.kamax.io/
+ * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
@@ -18,16 +18,21 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-package io.kamax.mxisd;
+package io.kamax.mxisd.backend.sql;
-import org.springframework.boot.SpringApplication;
+import java.util.Objects;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
+import java.util.ServiceLoader;
-@SpringBootApplication
+public class Drivers {
 public class MatrixIdentityServerApplication {
-    public static void main(String[] args) {
+    private static ServiceLoader<DriverLoader> svcLoader;
-        SpringApplication.run(MatrixIdentityServerApplication.class, args);
+
    public static void load(String type) {
        if (Objects.isNull(svcLoader)) {
            svcLoader = ServiceLoader.load(DriverLoader.class);
        }
        svcLoader.iterator().forEachRemaining(drv -> drv.accept(type));
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlConnectionPool.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlConnectionPool.java
@@ -37,11 +37,15 @@ public class SqlConnectionPool {
    private ComboPooledDataSource ds;
    public SqlConnectionPool(SqlConfig cfg) {
        Drivers.load(cfg.getType());
        ds = new ComboPooledDataSource();
        ds.setJdbcUrl("jdbc:" + cfg.getType() + ":" + cfg.getConnection());
        ds.setMinPoolSize(1);
        ds.setMaxPoolSize(10);
        ds.setAcquireIncrement(2);
        ds.setAcquireRetryAttempts(10);
        ds.setAcquireRetryDelay(1000);
    }
    public Connection get() throws SQLException {
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlProfileProvider.java
@@ -39,7 +39,7 @@ import java.util.Optional;
 public abstract class SqlProfileProvider implements ProfileProvider {
-    private Logger log = LoggerFactory.getLogger(SqlProfileProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(SqlProfileProvider.class);
    private SqlConfig.Profile cfg;
@@ -50,11 +50,6 @@ public abstract class SqlProfileProvider implements ProfileProvider {
        this.pool = new SqlConnectionPool(cfg);
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public Optional<String> getDisplayName(_MatrixID user) {
        String stmtSql = cfg.getDisplayName().getQuery();
--- a/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/SqlThreePidProvider.java
@@ -41,7 +41,7 @@ import java.util.Optional;
 public abstract class SqlThreePidProvider implements IThreePidProvider {
-    private Logger log = LoggerFactory.getLogger(SqlThreePidProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(SqlThreePidProvider.class);
    private SqlConfig cfg;
    private MatrixConfig mxCfg;
@@ -54,11 +54,6 @@ public abstract class SqlThreePidProvider implements IThreePidProvider {
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
@@ -85,11 +80,11 @@ public abstract class SqlThreePidProvider implements IThreePidProvider {
                        log.info("Found match: {}", uid);
                        if (StringUtils.equals("uid", cfg.getIdentity().getType())) {
                            log.info("Resolving as localpart");
-                            return Optional.of(new SingleLookupReply(request, new MatrixID(uid, mxCfg.getDomain())));
+                            return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(uid, mxCfg.getDomain())));
                        }
                        if (StringUtils.equals("mxid", cfg.getIdentity().getType())) {
                            log.info("Resolving as MXID");
-                            return Optional.of(new SingleLookupReply(request, new MatrixID(uid)));
+                            return Optional.of(new SingleLookupReply(request, MatrixID.asAcceptable(uid)));
                        }
                        log.info("Identity type is unknown, skipping");
--- a/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlAuthProvider.java
@@ -27,20 +27,19 @@ import io.kamax.mxisd.config.sql.generic.GenericSqlProviderConfig;
 import io.kamax.mxisd.invitation.InvitationManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class GenericSqlAuthProvider implements AuthenticatorProvider {
-    private Logger log = LoggerFactory.getLogger(GenericSqlAuthProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(GenericSqlAuthProvider.class);
    @Autowired
    private GenericSqlProviderConfig cfg;
    @Autowired
    private InvitationManager invMgr;
    public GenericSqlAuthProvider(GenericSqlProviderConfig cfg, InvitationManager invMgr) {
        this.cfg = cfg;
        this.invMgr = invMgr;
    }
    @Override
    public boolean isEnabled() {
        return cfg.getAuth().isEnabled();
--- a/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlDirectoryProvider.java
@@ -25,9 +25,9 @@ import io.kamax.mxisd.backend.sql.SqlConnectionPool;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.sql.SqlConfig;
 import io.kamax.mxisd.config.sql.generic.GenericSqlProviderConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
+import io.kamax.mxisd.directory.DirectoryProvider;
 import io.kamax.mxisd.directory.IDirectoryProvider;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -38,11 +38,11 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Optional;
-import static io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult.Result;
+import static io.kamax.mxisd.http.io.UserDirectorySearchResult.Result;
-public abstract class GenericSqlDirectoryProvider implements IDirectoryProvider {
+public class GenericSqlDirectoryProvider implements DirectoryProvider {
-    private Logger log = LoggerFactory.getLogger(GenericSqlDirectoryProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(GenericSqlDirectoryProvider.class);
    protected SqlConfig cfg;
    protected MatrixConfig mxCfg;
@@ -55,11 +55,6 @@ public abstract class GenericSqlDirectoryProvider implements IDirectoryProvider
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return cfg.getDirectory().isEnabled();
    }
    protected void setParameters(PreparedStatement stmt, String searchTerm) throws SQLException {
        for (int i = 1; i <= stmt.getParameterMetaData().getParameterCount(); i++) {
            stmt.setString(i, searchTerm);
@@ -86,7 +81,7 @@ public abstract class GenericSqlDirectoryProvider implements IDirectoryProvider
                    while (rSet.next()) {
                        processRow(rSet).ifPresent(e -> {
                            if (StringUtils.equalsIgnoreCase("localpart", query.getType())) {
-                                e.setUserId(new MatrixID(e.getUserId(), mxCfg.getDomain()).getId());
+                                e.setUserId(MatrixID.asAcceptable(e.getUserId(), mxCfg.getDomain()).getId());
                            }
                            result.addResult(e);
                        });
--- a/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlProfileProvider.java
@@ -22,9 +22,7 @@ package io.kamax.mxisd.backend.sql.generic;
 import io.kamax.mxisd.backend.sql.SqlProfileProvider;
 import io.kamax.mxisd.config.sql.generic.GenericSqlProviderConfig;
 import org.springframework.stereotype.Component;
@Component
 public class GenericSqlProfileProvider extends SqlProfileProvider {
    public GenericSqlProfileProvider(GenericSqlProviderConfig cfg) {
--- a/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlStoreSupplier.java
@@ -0,0 +1,51 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql.generic;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class GenericSqlStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        if (mxisd.getConfig().getSql().getAuth().isEnabled()) {
            AuthProviders.register(() -> new GenericSqlAuthProvider(mxisd.getConfig().getSql(), mxisd.getInvitationManager()));
        }
        if (mxisd.getConfig().getSql().getDirectory().isEnabled()) {
            DirectoryProviders.register(() -> new GenericSqlDirectoryProvider(mxisd.getConfig().getSql(), mxisd.getConfig().getMatrix()));
        }
        if (mxisd.getConfig().getSql().getIdentity().isEnabled()) {
            ThreePidProviders.register(() -> new GenericSqlThreePidProvider(mxisd.getConfig().getSql(), mxisd.getConfig().getMatrix()));
        }
        if (mxisd.getConfig().getSql().getProfile().isEnabled()) {
            ProfileProviders.register(() -> new GenericSqlProfileProvider(mxisd.getConfig().getSql()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/generic/GenericSqlThreePidProvider.java
@@ -23,13 +23,9 @@ package io.kamax.mxisd.backend.sql.generic;
 import io.kamax.mxisd.backend.sql.SqlThreePidProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.sql.generic.GenericSqlProviderConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class GenericSqlThreePidProvider extends SqlThreePidProvider {
    @Autowired
    public GenericSqlThreePidProvider(GenericSqlProviderConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/sql/synapse/Synapse.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/synapse/Synapse.java
@@ -22,19 +22,15 @@ package io.kamax.mxisd.backend.sql.synapse;
 import io.kamax.mxisd.backend.sql.SqlConnectionPool;
 import io.kamax.mxisd.config.sql.synapse.SynapseSqlProviderConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.util.Optional;
@Component
 public class Synapse {
    private SqlConnectionPool pool;
    @Autowired
    public Synapse(SynapseSqlProviderConfig sqlCfg) {
        this.pool = new SqlConnectionPool(sqlCfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlDirectoryProvider.java
@@ -24,32 +24,15 @@ import io.kamax.mxisd.backend.sql.generic.GenericSqlDirectoryProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.sql.generic.GenericSqlProviderConfig;
 import io.kamax.mxisd.config.sql.synapse.SynapseSqlProviderConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import javax.annotation.PostConstruct;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.util.Objects;
@Component
 public class SynapseSqlDirectoryProvider extends GenericSqlDirectoryProvider {
    @Autowired
    public SynapseSqlDirectoryProvider(SynapseSqlProviderConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
    @Override
    protected void setParameters(PreparedStatement stmt, String searchTerm) throws SQLException {
        stmt.setString(1, "%" + searchTerm + "%");
    }
    @PostConstruct
    public void build() {
        if (!isEnabled()) {
            return;
        }
        GenericSqlProviderConfig.Type queries = cfg.getDirectory().getQuery();
        if (Objects.isNull(queries.getName().getValue())) {
@@ -60,4 +43,9 @@ public class SynapseSqlDirectoryProvider extends GenericSqlDirectoryProvider {
        }
    }
    @Override
    protected void setParameters(PreparedStatement stmt, String searchTerm) throws SQLException {
        stmt.setString(1, "%" + searchTerm + "%");
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlProfileProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlProfileProvider.java
@@ -22,13 +22,9 @@ package io.kamax.mxisd.backend.sql.synapse;
 import io.kamax.mxisd.backend.sql.SqlProfileProvider;
 import io.kamax.mxisd.config.sql.synapse.SynapseSqlProviderConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class SynapseSqlProfileProvider extends SqlProfileProvider {
    @Autowired
    public SynapseSqlProfileProvider(SynapseSqlProviderConfig cfg) {
        super(cfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlStoreSupplier.java
@@ -0,0 +1,51 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.sql.synapse;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MxisdConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 import io.kamax.mxisd.profile.ProfileProviders;
 public class SynapseSqlStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd mxisd) {
        accept(mxisd.getConfig());
    }
    public void accept(MxisdConfig cfg) {
        if (cfg.getSynapseSql().getDirectory().isEnabled()) {
            DirectoryProviders.register(() -> new SynapseSqlDirectoryProvider(cfg.getSynapseSql(), cfg.getMatrix()));
        }
        if (cfg.getSynapseSql().getIdentity().isEnabled()) {
            ThreePidProviders.register(() -> new SynapseSqlThreePidProvider(cfg.getSynapseSql(), cfg.getMatrix()));
        }
        if (cfg.getSynapseSql().getProfile().isEnabled()) {
            ProfileProviders.register(() -> new SynapseSqlProfileProvider(cfg.getSynapseSql()));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/sql/synapse/SynapseSqlThreePidProvider.java
@@ -23,13 +23,9 @@ package io.kamax.mxisd.backend.sql.synapse;
 import io.kamax.mxisd.backend.sql.SqlThreePidProvider;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.sql.synapse.SynapseSqlProviderConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class SynapseSqlThreePidProvider extends SqlThreePidProvider {
    @Autowired
    public SynapseSqlThreePidProvider(SynapseSqlProviderConfig cfg, MatrixConfig mxCfg) {
        super(cfg, mxCfg);
    }
--- a/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressAuthProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressAuthProvider.java
@@ -28,17 +28,13 @@ import io.kamax.mxisd.auth.provider.BackendAuthResult;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@Component
 public class WordpressAuthProvider implements AuthenticatorProvider {
-    private final Logger log = LoggerFactory.getLogger(WordpressAuthProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(WordpressAuthProvider.class);
    private WordpressRestBackend wordpress;
    @Autowired
    public WordpressAuthProvider(WordpressRestBackend wordpress) {
        this.wordpress = wordpress;
    }
--- a/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressDirectoryProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressDirectoryProvider.java
@@ -23,13 +23,11 @@ package io.kamax.mxisd.backend.wordpress;
 import io.kamax.matrix.MatrixID;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.wordpress.WordpressConfig;
-import io.kamax.mxisd.controller.directory.v1.io.UserDirectorySearchResult;
+import io.kamax.mxisd.directory.DirectoryProvider;
 import io.kamax.mxisd.directory.IDirectoryProvider;
 import io.kamax.mxisd.exception.InternalServerError;
 import io.kamax.mxisd.http.io.UserDirectorySearchResult;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -37,27 +35,20 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Optional;
-@Component
+public class WordpressDirectoryProvider implements DirectoryProvider {
 public class WordpressDirectoryProvider implements IDirectoryProvider {
-    private final Logger log = LoggerFactory.getLogger(WordpressDirectoryProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(WordpressDirectoryProvider.class);
    private WordpressConfig cfg;
    private WordressSqlBackend wordpress;
    private MatrixConfig mxCfg;
    @Autowired
    public WordpressDirectoryProvider(WordpressConfig cfg, WordressSqlBackend wordpress, MatrixConfig mxCfg) {
        this.cfg = cfg;
        this.wordpress = wordpress;
        this.mxCfg = mxCfg;
    }
    @Override
    public boolean isEnabled() {
        return wordpress.isEnabled();
    }
    protected void setParameters(PreparedStatement stmt, String searchTerm) throws SQLException {
        for (int i = 1; i <= stmt.getParameterMetaData().getParameterCount(); i++) {
            stmt.setString(i, "%" + searchTerm + "%");
--- a/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressRestBackend.java
+++ b/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressRestBackend.java
@@ -34,15 +34,12 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
@Component
 public class WordpressRestBackend {
-    private final Logger log = LoggerFactory.getLogger(WordpressRestBackend.class);
+    private transient final Logger log = LoggerFactory.getLogger(WordpressRestBackend.class);
    private final String jsonPath = "/wp-json";
    private final String jwtPath = "/jwt-auth/v1";
@@ -54,7 +51,6 @@ public class WordpressRestBackend {
    private String token;
    @Autowired
    public WordpressRestBackend(WordpressConfig cfg, CloseableHttpClient client) {
        this.cfg = cfg;
        this.client = client;
--- a/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressStoreSupplier.java
+++ b/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressStoreSupplier.java
@@ -0,0 +1,48 @@
 /*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2018 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package io.kamax.mxisd.backend.wordpress;
 import io.kamax.mxisd.Mxisd;
 import io.kamax.mxisd.auth.AuthProviders;
 import io.kamax.mxisd.backend.IdentityStoreSupplier;
 import io.kamax.mxisd.config.MatrixConfig;
 import io.kamax.mxisd.config.wordpress.WordpressConfig;
 import io.kamax.mxisd.directory.DirectoryProviders;
 import io.kamax.mxisd.lookup.ThreePidProviders;
 public class WordpressStoreSupplier implements IdentityStoreSupplier {
    @Override
    public void accept(Mxisd m) {
        WordpressConfig wpCfg = m.getConfig().getWordpress();
        MatrixConfig mxCfg = m.getConfig().getMatrix();
        if (m.getConfig().getWordpress().isEnabled()) {
            WordpressRestBackend restBackend = new WordpressRestBackend(wpCfg, m.getHttpClient());
            WordressSqlBackend sqlBackend = new WordressSqlBackend(wpCfg);
            AuthProviders.register(() -> new WordpressAuthProvider(restBackend));
            DirectoryProviders.register(() -> new WordpressDirectoryProvider(wpCfg, sqlBackend, mxCfg));
            ThreePidProviders.register(() -> new WordpressThreePidProvider(mxCfg, wpCfg, sqlBackend));
        }
    }
 }
--- a/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressThreePidProvider.java
+++ b/src/main/java/io/kamax/mxisd/backend/wordpress/WordpressThreePidProvider.java
@@ -31,8 +31,6 @@ import io.kamax.mxisd.lookup.ThreePidMapping;
 import io.kamax.mxisd.lookup.provider.IThreePidProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -42,27 +40,20 @@ import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
@Component
 public class WordpressThreePidProvider implements IThreePidProvider {
-    private final Logger log = LoggerFactory.getLogger(WordpressThreePidProvider.class);
+    private transient final Logger log = LoggerFactory.getLogger(WordpressThreePidProvider.class);
    private MatrixConfig mxCfg;
    private WordpressConfig cfg;
    private WordressSqlBackend wordpress;
    @Autowired
    public WordpressThreePidProvider(MatrixConfig mxCfg, WordpressConfig cfg, WordressSqlBackend wordpress) {
        this.mxCfg = mxCfg;
        this.cfg = cfg;
        this.wordpress = wordpress;
    }
    @Override
    public boolean isEnabled() {
        return wordpress.isEnabled();
    }
    @Override
    public boolean isLocal() {
        return true;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Max Dor	3e22301af7	Properly handle /v1/store-invite	2019-01-16 02:57:40 +01:00
Max Dor	2b202323c0	Catch and handle more exceptions in Base HTTP handler	2019-01-16 02:57:40 +01:00
Max Dor	4ec05f518e	Properly handle v1 of 3pid/bind	2019-01-16 02:57:40 +01:00
Max Dor	6da68298b0	Fix invalid paths	2019-01-16 02:57:40 +01:00
Max Dor	aecaafdeca	Set theme jekyll for github pages	2019-01-16 01:31:21 +01:00
Max Dor	d885932f45	Fix loading failures of JDBC drivers for SQL-based Identity stores	2019-01-15 06:22:03 +01:00
Max Dor	c689a3f161	Fix classpath resources config	2019-01-13 00:30:52 +01:00
Max Dor	7805112548	Fix #110	2019-01-11 23:07:58 +01:00
Max Dor	3e89f0bc5e	Fix #109	2019-01-11 23:07:52 +01:00
Max Dor	c6b8f7d48e	Better handle of File reading / Input Streams	2019-01-11 23:02:57 +01:00
Max Dor	83377ebee0	Protect against NPE	2019-01-11 22:08:35 +01:00
Max Dor	2aa6e4d142	Fix missing .html from Spring to Undertow port	2019-01-11 22:08:22 +01:00
Max Dor	82a1a3df68	Fix invalid parsing of 3PID medium configs	2019-01-11 21:44:51 +01:00
Max Dor	7ec11ba8cf	Use NetIQ config for NetIQ identity store instead of generic LDAP one	2019-01-07 04:32:12 +01:00
Max Dor	9317c11434	Use sane handler for all endpoints	2019-01-07 04:25:29 +01:00
Max Dor	b257a0275f	Properly handle signing Key ID format	2019-01-07 04:19:53 +01:00
Max Dor	2aaa04062f	Fix tests	2019-01-07 03:13:12 +01:00
Max Dor	54c3014568	Port distributions and start scripts to Undertow	2019-01-07 03:01:46 +01:00
Max Dor	c3ca73f576	Port documentation about Thymeleaf	2019-01-07 03:01:46 +01:00
Max Dor	4185b644b7	Continue structural port from Spring Boot to Undertow - Configuration options - Configuration documentation	2019-01-07 03:01:46 +01:00
Max Dor	ace5918342	Continue structural port from Spring Boot to Undertow - Notification template generator - Add tests for email notification handler	2019-01-07 03:01:46 +01:00
Max Dor	7ad985fead	Continue structural port from Spring Boot to Undertow	2019-01-07 03:01:46 +01:00
Max Dor	6a376db322	Formatting (no-op)	2019-01-07 03:01:46 +01:00
Max Dor	950f7c931c	Be consistent about testing package	2019-01-07 03:01:46 +01:00
Max Dor	d160a44509	Port default configuration values	2019-01-07 03:01:46 +01:00
Max Dor	05493da27c	Start structural port from Spring Boot to Undertow	2019-01-07 03:01:46 +01:00
Max Dor	df44428a85	Fix #106	2019-01-04 19:26:45 +01:00
Max Dor	e6f9c30611	Add support for multiple Base DNs in LDAP Identity Store (Fix #104 )	2018-12-23 00:06:15 +01:00
Max Dor	06b2c787d3	Remove unused reference	2018-12-22 04:03:44 +01:00
Max Dor	5645f69208	Add better support for AS transactions (Fix #97 ) - Process transactions async with completion parking - Detect transactions deduplication	2018-12-22 03:52:02 +01:00
Max Dor	92cf5c6b21	Add support for Profile feature in REST Identity store (Fix #91 )	2018-12-21 19:21:15 +01:00
Max Dor	ad1b91f370	Proper HTTP encoding for username rewrite	2018-12-21 16:48:29 +01:00
Max Dor	e9c29f1c03	Add support for username rewrite (Fix #103 )	2018-12-21 14:22:51 +01:00
Max Dor	f13748abeb	Fix #101 The default value was never initialized due to a missing annotation	2018-11-30 02:53:30 +01:00
Max Dor	7208c7e456	Fix #100	2018-11-30 00:18:05 +01:00
Max Dor	8857f636d6	Fix deprecated method calls	2018-11-28 13:18:22 +01:00
Max Dor	d9fc41e8c7	Merge pull request #88 from stygianguest/patch-1	2018-11-28 12:55:21 +01:00
Max Dor	da08e0b4ad	Add more debug statements for experimental AS-mode for Matrix ID invites	2018-11-27 23:39:37 +01:00
Max Dor	11fc8f08b0	Add reference to the new community NixOS package	2018-11-25 20:11:19 +01:00
Max Dor	af4d734105	Merge pull request #96 from abeluck/patch-1 Fix broken links in example configuration	2018-11-22 13:12:38 +01:00
Abel Luck	0f4f5ac81b	Fix broken links in example configuration	2018-11-22 11:42:13 +00:00
Max Dor	8c4ddd2e65	Make Exec ID Store test scripts compatible with more *nix systems	2018-11-16 16:06:59 +01:00
Max Dor	cb8049b54a	Set appropriate copyright owner and website	2018-11-14 03:56:47 +01:00
Gideon Smeding	29017fbe1e	Reworking the introduction of the session documentation	2018-10-13 16:43:06 +02:00
Gideon Smeding	20a4d8dd91	Minor corrections for session.md	2018-09-23 23:20:27 +02:00
		`@@ -1 +1 @@`
			`theme: jekyll-theme-cayman`				`theme: jekyll-theme-hacker`