fix: use device_id when registering

TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device
2020-10-18 20:33:12 +02:00 · 2020-10-18 20:33:12 +02:00 · f0a21b6165
commit f0a21b6165
parent fccd3fdb88
23 changed files with 325 additions and 307 deletions
--- a/src/client_server/account.rs
+++ b/src/client_server/account.rs
@ -489,8 +489,8 @@ pub fn change_password_route(
    db: State<'_, Database>,
    body: Ruma<change_password::Request<'_>>,
 ) -> ConduitResult<change_password::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    let mut uiaainfo = UiaaInfo {
        flows: vec![AuthFlow {
@ -504,8 +504,8 @@ pub fn change_password_route(
    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
-            &sender_id,
+            &sender_user,
-            device_id,
+            sender_device,
            auth,
            &uiaainfo,
            &db.users,
@ -517,22 +517,22 @@ pub fn change_password_route(
    // Success!
    } else {
        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(&sender_id, &device_id, &uiaainfo)?;
+        db.uiaa.create(&sender_user, &sender_device, &uiaainfo)?;
        return Err(Error::Uiaa(uiaainfo));
    }
-    db.users.set_password(&sender_id, &body.new_password)?;
+    db.users.set_password(&sender_user, &body.new_password)?;
    // TODO: Read logout_devices field when it's available and respect that, currently not supported in Ruma
    // See: https://github.com/ruma/ruma/issues/107
    // Logout all devices except the current one
    for id in db
        .users
-        .all_device_ids(&sender_id)
+        .all_device_ids(&sender_user)
        .filter_map(|id| id.ok())
-        .filter(|id| id != device_id)
+        .filter(|id| id != sender_device)
    {
-        db.users.remove_device(&sender_id, &id)?;
+        db.users.remove_device(&sender_user, &id)?;
    }
    Ok(change_password::Response.into())
@ -548,9 +548,9 @@ pub fn change_password_route(
    get("/_matrix/client/r0/account/whoami", data = "<body>")
 )]
 pub fn whoami_route(body: Ruma<whoami::Request>) -> ConduitResult<whoami::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    Ok(whoami::Response {
-        user_id: sender_id.clone(),
+        user_id: sender_user.clone(),
    }
    .into())
 }
@ -571,8 +571,8 @@ pub async fn deactivate_route(
    db: State<'_, Database>,
    body: Ruma<deactivate::Request<'_>>,
 ) -> ConduitResult<deactivate::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    let mut uiaainfo = UiaaInfo {
        flows: vec![AuthFlow {
@ -586,8 +586,8 @@ pub async fn deactivate_route(
    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
-            &sender_id,
+            &sender_user,
-            &device_id,
+            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
@ -599,15 +599,15 @@ pub async fn deactivate_route(
    // Success!
    } else {
        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(&sender_id, &device_id, &uiaainfo)?;
+        db.uiaa.create(&sender_user, &sender_device, &uiaainfo)?;
        return Err(Error::Uiaa(uiaainfo));
    }
    // Leave all joined rooms and reject all invitations
    for room_id in db
        .rooms
-        .rooms_joined(&sender_id)
+        .rooms_joined(&sender_user)
-        .chain(db.rooms.rooms_invited(&sender_id))
+        .chain(db.rooms.rooms_invited(&sender_user))
    {
        let room_id = room_id?;
        let event = member::MemberEventContent {
@ -623,10 +623,10 @@ pub async fn deactivate_route(
                event_type: EventType::RoomMember,
                content: serde_json::to_value(event).expect("event is valid, we just created it"),
                unsigned: None,
-                state_key: Some(sender_id.to_string()),
+                state_key: Some(sender_user.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -635,7 +635,7 @@ pub async fn deactivate_route(
    }
    // Remove devices and mark account as deactivated
-    db.users.deactivate_account(&sender_id)?;
+    db.users.deactivate_account(&sender_user)?;
    Ok(deactivate::Response {
        id_server_unbind_result: ThirdPartyIdRemovalStatus::NoSupport,
--- a/src/client_server/backup.rs
+++ b/src/client_server/backup.rs
@ -21,10 +21,10 @@ pub fn create_backup_route(
    db: State<'_, Database>,
    body: Ruma<create_backup::Request>,
 ) -> ConduitResult<create_backup::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let version = db
        .key_backups
-        .create_backup(&sender_id, &body.algorithm, &db.globals)?;
+        .create_backup(&sender_user, &body.algorithm, &db.globals)?;
    Ok(create_backup::Response { version }.into())
 }
@ -37,9 +37,9 @@ pub fn update_backup_route(
    db: State<'_, Database>,
    body: Ruma<update_backup::Request<'_>>,
 ) -> ConduitResult<update_backup::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.key_backups
-        .update_backup(&sender_id, &body.version, &body.algorithm, &db.globals)?;
+        .update_backup(&sender_user, &body.version, &body.algorithm, &db.globals)?;
    Ok(update_backup::Response.into())
 }
@ -52,11 +52,11 @@ pub fn get_latest_backup_route(
    db: State<'_, Database>,
    body: Ruma<get_latest_backup::Request>,
 ) -> ConduitResult<get_latest_backup::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let (version, algorithm) =
        db.key_backups
-            .get_latest_backup(&sender_id)?
+            .get_latest_backup(&sender_user)?
            .ok_or(Error::BadRequest(
                ErrorKind::NotFound,
                "Key backup does not exist.",
@ -64,8 +64,8 @@ pub fn get_latest_backup_route(
    Ok(get_latest_backup::Response {
        algorithm,
-        count: (db.key_backups.count_keys(sender_id, &version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &version)?,
+        etag: db.key_backups.get_etag(sender_user, &version)?,
        version,
    }
    .into())
@ -79,10 +79,10 @@ pub fn get_backup_route(
    db: State<'_, Database>,
    body: Ruma<get_backup::Request<'_>>,
 ) -> ConduitResult<get_backup::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let algorithm = db
        .key_backups
-        .get_backup(&sender_id, &body.version)?
+        .get_backup(&sender_user, &body.version)?
        .ok_or(Error::BadRequest(
            ErrorKind::NotFound,
            "Key backup does not exist.",
@ -90,8 +90,8 @@ pub fn get_backup_route(
    Ok(get_backup::Response {
        algorithm,
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
        version: body.version.to_owned(),
    }
    .into())
@ -105,9 +105,9 @@ pub fn delete_backup_route(
    db: State<'_, Database>,
    body: Ruma<delete_backup::Request>,
 ) -> ConduitResult<delete_backup::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    db.key_backups.delete_backup(&sender_id, &body.version)?;
+    db.key_backups.delete_backup(&sender_user, &body.version)?;
    Ok(delete_backup::Response.into())
 }
@ -121,12 +121,12 @@ pub fn add_backup_keys_route(
    db: State<'_, Database>,
    body: Ruma<add_backup_keys::Request<'_>>,
 ) -> ConduitResult<add_backup_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    for (room_id, room) in &body.rooms {
        for (session_id, key_data) in &room.sessions {
            db.key_backups.add_key(
-                &sender_id,
+                &sender_user,
                &body.version,
                &room_id,
                &session_id,
@ -137,8 +137,8 @@ pub fn add_backup_keys_route(
    }
    Ok(add_backup_keys::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
@ -152,11 +152,11 @@ pub fn add_backup_key_sessions_route(
    db: State<'_, Database>,
    body: Ruma<add_backup_key_sessions::Request>,
 ) -> ConduitResult<add_backup_key_sessions::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    for (session_id, key_data) in &body.sessions {
        db.key_backups.add_key(
-            &sender_id,
+            &sender_user,
            &body.version,
            &body.room_id,
            &session_id,
@ -166,8 +166,8 @@ pub fn add_backup_key_sessions_route(
    }
    Ok(add_backup_key_sessions::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
@ -181,10 +181,10 @@ pub fn add_backup_key_session_route(
    db: State<'_, Database>,
    body: Ruma<add_backup_key_session::Request>,
 ) -> ConduitResult<add_backup_key_session::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.key_backups.add_key(
-        &sender_id,
+        &sender_user,
        &body.version,
        &body.room_id,
        &body.session_id,
@ -193,8 +193,8 @@ pub fn add_backup_key_session_route(
    )?;
    Ok(add_backup_key_session::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
@ -207,9 +207,9 @@ pub fn get_backup_keys_route(
    db: State<'_, Database>,
    body: Ruma<get_backup_keys::Request<'_>>,
 ) -> ConduitResult<get_backup_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let rooms = db.key_backups.get_all(&sender_id, &body.version)?;
+    let rooms = db.key_backups.get_all(&sender_user, &body.version)?;
    Ok(get_backup_keys::Response { rooms }.into())
 }
@ -222,11 +222,11 @@ pub fn get_backup_key_sessions_route(
    db: State<'_, Database>,
    body: Ruma<get_backup_key_sessions::Request>,
 ) -> ConduitResult<get_backup_key_sessions::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let sessions = db
        .key_backups
-        .get_room(&sender_id, &body.version, &body.room_id);
+        .get_room(&sender_user, &body.version, &body.room_id);
    Ok(get_backup_key_sessions::Response { sessions }.into())
 }
@ -239,11 +239,11 @@ pub fn get_backup_key_session_route(
    db: State<'_, Database>,
    body: Ruma<get_backup_key_session::Request>,
 ) -> ConduitResult<get_backup_key_session::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let key_data =
        db.key_backups
-            .get_session(&sender_id, &body.version, &body.room_id, &body.session_id)?;
+            .get_session(&sender_user, &body.version, &body.room_id, &body.session_id)?;
    Ok(get_backup_key_session::Response { key_data }.into())
 }
@ -256,13 +256,14 @@ pub fn delete_backup_keys_route(
    db: State<'_, Database>,
    body: Ruma<delete_backup_keys::Request>,
 ) -> ConduitResult<delete_backup_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    db.key_backups.delete_all_keys(&sender_id, &body.version)?;
+    db.key_backups
        .delete_all_keys(&sender_user, &body.version)?;
    Ok(delete_backup_keys::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
@ -275,14 +276,14 @@ pub fn delete_backup_key_sessions_route(
    db: State<'_, Database>,
    body: Ruma<delete_backup_key_sessions::Request>,
 ) -> ConduitResult<delete_backup_key_sessions::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.key_backups
-        .delete_room_keys(&sender_id, &body.version, &body.room_id)?;
+        .delete_room_keys(&sender_user, &body.version, &body.room_id)?;
    Ok(delete_backup_key_sessions::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
@ -295,14 +296,14 @@ pub fn delete_backup_key_session_route(
    db: State<'_, Database>,
    body: Ruma<delete_backup_key_session::Request>,
 ) -> ConduitResult<delete_backup_key_session::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.key_backups
-        .delete_room_key(&sender_id, &body.version, &body.room_id, &body.session_id)?;
+        .delete_room_key(&sender_user, &body.version, &body.room_id, &body.session_id)?;
    Ok(delete_backup_key_session::Response {
-        count: (db.key_backups.count_keys(sender_id, &body.version)? as u32).into(),
+        count: (db.key_backups.count_keys(sender_user, &body.version)? as u32).into(),
-        etag: db.key_backups.get_etag(sender_id, &body.version)?,
+        etag: db.key_backups.get_etag(sender_user, &body.version)?,
    }
    .into())
 }
--- a/src/client_server/config.rs
+++ b/src/client_server/config.rs
@ -20,7 +20,7 @@ pub fn set_global_account_data_route(
    db: State<'_, Database>,
    body: Ruma<set_global_account_data::Request<'_>>,
 ) -> ConduitResult<set_global_account_data::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let content = serde_json::from_str::<serde_json::Value>(body.data.get())
        .map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Data is invalid."))?;
@ -29,7 +29,7 @@ pub fn set_global_account_data_route(
    db.account_data.update(
        None,
-        sender_id,
+        sender_user,
        event_type.clone().into(),
        &BasicEvent {
            content: CustomEventContent {
@ -51,11 +51,11 @@ pub fn get_global_account_data_route(
    db: State<'_, Database>,
    body: Ruma<get_global_account_data::Request<'_>>,
 ) -> ConduitResult<get_global_account_data::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let data = db
        .account_data
-        .get::<Raw<ruma::events::AnyBasicEvent>>(None, sender_id, body.event_type.clone().into())?
+        .get::<Raw<ruma::events::AnyBasicEvent>>(None, sender_user, body.event_type.clone().into())?
        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
    Ok(get_global_account_data::Response { account_data: data }.into())
--- a/src/client_server/context.rs
+++ b/src/client_server/context.rs
@ -14,9 +14,9 @@ pub fn get_context_route(
    db: State<'_, Database>,
    body: Ruma<get_context::Request<'_>>,
 ) -> ConduitResult<get_context::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
            "You don't have permission to view this room.",
@ -39,7 +39,7 @@ pub fn get_context_route(
    let events_before = db
        .rooms
-        .pdus_until(&sender_id, &body.room_id, base_token)
+        .pdus_until(&sender_user, &body.room_id, base_token)
        .take(
            u32::try_from(body.limit).map_err(|_| {
                Error::BadRequest(ErrorKind::InvalidParam, "Limit value is invalid.")
@ -61,7 +61,7 @@ pub fn get_context_route(
    let events_after = db
        .rooms
-        .pdus_after(&sender_id, &body.room_id, base_token)
+        .pdus_after(&sender_user, &body.room_id, base_token)
        .take(
            u32::try_from(body.limit).map_err(|_| {
                Error::BadRequest(ErrorKind::InvalidParam, "Limit value is invalid.")
--- a/src/client_server/device.rs
+++ b/src/client_server/device.rs
@ -20,11 +20,11 @@ pub fn get_devices_route(
    db: State<'_, Database>,
    body: Ruma<get_devices::Request>,
 ) -> ConduitResult<get_devices::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let devices = db
        .users
-        .all_devices_metadata(sender_id)
+        .all_devices_metadata(sender_user)
        .filter_map(|r| r.ok()) // Filter out buggy devices
        .collect::<Vec<device::Device>>();
@ -33,18 +33,17 @@ pub fn get_devices_route(
 #[cfg_attr(
    feature = "conduit_bin",
-    get("/_matrix/client/r0/devices/<_device_id>", data = "<body>")
+    get("/_matrix/client/r0/devices/<_>", data = "<body>")
 )]
 pub fn get_device_route(
    db: State<'_, Database>,
    body: Ruma<get_device::Request<'_>>,
    _device_id: String,
 ) -> ConduitResult<get_device::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let device = db
        .users
-        .get_device_metadata(&sender_id, &body.body.device_id)?
+        .get_device_metadata(&sender_user, &body.body.device_id)?
        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;
    Ok(get_device::Response { device }.into())
@ -52,39 +51,37 @@ pub fn get_device_route(
 #[cfg_attr(
    feature = "conduit_bin",
-    put("/_matrix/client/r0/devices/<_device_id>", data = "<body>")
+    put("/_matrix/client/r0/devices/<_>", data = "<body>")
 )]
 pub fn update_device_route(
    db: State<'_, Database>,
    body: Ruma<update_device::Request<'_>>,
    _device_id: String,
 ) -> ConduitResult<update_device::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut device = db
        .users
-        .get_device_metadata(&sender_id, &body.body.device_id)?
+        .get_device_metadata(&sender_user, &body.device_id)?
        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;
    device.display_name = body.display_name.clone();
    db.users
-        .update_device_metadata(&sender_id, &body.body.device_id, &device)?;
+        .update_device_metadata(&sender_user, &body.device_id, &device)?;
    Ok(update_device::Response.into())
 }
 #[cfg_attr(
    feature = "conduit_bin",
-    delete("/_matrix/client/r0/devices/<_device_id>", data = "<body>")
+    delete("/_matrix/client/r0/devices/<_>", data = "<body>")
 )]
 pub fn delete_device_route(
    db: State<'_, Database>,
    body: Ruma<delete_device::Request<'_>>,
    _device_id: String,
 ) -> ConduitResult<delete_device::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // UIAA
    let mut uiaainfo = UiaaInfo {
@ -99,8 +96,8 @@ pub fn delete_device_route(
    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
-            &sender_id,
+            &sender_user,
-            &device_id,
+            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
@ -112,11 +109,11 @@ pub fn delete_device_route(
    // Success!
    } else {
        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(&sender_id, &device_id, &uiaainfo)?;
+        db.uiaa.create(&sender_user, &sender_device, &uiaainfo)?;
        return Err(Error::Uiaa(uiaainfo));
    }
-    db.users.remove_device(&sender_id, &body.body.device_id)?;
+    db.users.remove_device(&sender_user, &body.device_id)?;
    Ok(delete_device::Response.into())
 }
@ -129,8 +126,8 @@ pub fn delete_devices_route(
    db: State<'_, Database>,
    body: Ruma<delete_devices::Request<'_>>,
 ) -> ConduitResult<delete_devices::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // UIAA
    let mut uiaainfo = UiaaInfo {
@ -145,8 +142,8 @@ pub fn delete_devices_route(
    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
-            &sender_id,
+            &sender_user,
-            &device_id,
+            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
@ -158,12 +155,12 @@ pub fn delete_devices_route(
    // Success!
    } else {
        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(&sender_id, &device_id, &uiaainfo)?;
+        db.uiaa.create(&sender_user, &sender_device, &uiaainfo)?;
        return Err(Error::Uiaa(uiaainfo));
    }
    for device_id in &body.devices {
-        db.users.remove_device(&sender_id, &device_id)?
+        db.users.remove_device(&sender_user, &device_id)?
    }
    Ok(delete_devices::Response.into())
--- a/src/client_server/keys.rs
+++ b/src/client_server/keys.rs
@ -26,26 +26,40 @@ pub fn upload_keys_route(
    db: State<'_, Database>,
    body: Ruma<upload_keys::Request<'_>>,
 ) -> ConduitResult<upload_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    if let Some(one_time_keys) = &body.one_time_keys {
        for (key_key, key_value) in one_time_keys {
-            db.users
+            db.users.add_one_time_key(
-                .add_one_time_key(sender_id, device_id, key_key, key_value, &db.globals)?;
+                sender_user,
                sender_device,
                key_key,
                key_value,
                &db.globals,
            )?;
        }
    }
    if let Some(device_keys) = &body.device_keys {
        // This check is needed to assure that signatures are kept
-        if db.users.get_device_keys(sender_id, device_id)?.is_none() {
+        if db
-            db.users
+            .users
-                .add_device_keys(sender_id, device_id, device_keys, &db.rooms, &db.globals)?;
+            .get_device_keys(sender_user, sender_device)?
            .is_none()
        {
            db.users.add_device_keys(
                sender_user,
                sender_device,
                device_keys,
                &db.rooms,
                &db.globals,
            )?;
        }
    }
    Ok(upload_keys::Response {
-        one_time_key_counts: db.users.count_one_time_keys(sender_id, device_id)?,
+        one_time_key_counts: db.users.count_one_time_keys(sender_user, sender_device)?,
    }
    .into())
 }
@ -58,7 +72,7 @@ pub fn get_keys_route(
    db: State<'_, Database>,
    body: Ruma<get_keys::Request<'_>>,
 ) -> ConduitResult<get_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut master_keys = BTreeMap::new();
    let mut self_signing_keys = BTreeMap::new();
@ -107,14 +121,14 @@ pub fn get_keys_route(
            }
        }
-        if let Some(master_key) = db.users.get_master_key(user_id, sender_id)? {
+        if let Some(master_key) = db.users.get_master_key(user_id, sender_user)? {
            master_keys.insert(user_id.clone(), master_key);
        }
-        if let Some(self_signing_key) = db.users.get_self_signing_key(user_id, sender_id)? {
+        if let Some(self_signing_key) = db.users.get_self_signing_key(user_id, sender_user)? {
            self_signing_keys.insert(user_id.clone(), self_signing_key);
        }
-        if user_id == sender_id {
+        if user_id == sender_user {
-            if let Some(user_signing_key) = db.users.get_user_signing_key(sender_id)? {
+            if let Some(user_signing_key) = db.users.get_user_signing_key(sender_user)? {
                user_signing_keys.insert(user_id.clone(), user_signing_key);
            }
        }
@ -169,8 +183,8 @@ pub fn upload_signing_keys_route(
    db: State<'_, Database>,
    body: Ruma<upload_signing_keys::Request<'_>>,
 ) -> ConduitResult<upload_signing_keys::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // UIAA
    let mut uiaainfo = UiaaInfo {
@ -185,8 +199,8 @@ pub fn upload_signing_keys_route(
    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
-            &sender_id,
+            &sender_user,
-            &device_id,
+            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
@ -198,13 +212,13 @@ pub fn upload_signing_keys_route(
    // Success!
    } else {
        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(&sender_id, &device_id, &uiaainfo)?;
+        db.uiaa.create(&sender_user, &sender_device, &uiaainfo)?;
        return Err(Error::Uiaa(uiaainfo));
    }
    if let Some(master_key) = &body.master_key {
        db.users.add_cross_signing_keys(
-            sender_id,
+            sender_user,
            &master_key,
            &body.self_signing_key,
            &body.user_signing_key,
@ -224,7 +238,7 @@ pub fn upload_signatures_route(
    db: State<'_, Database>,
    body: Ruma<upload_signatures::Request>,
 ) -> ConduitResult<upload_signatures::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    for (user_id, signed_keys) in &body.signed_keys {
        for (key_id, signed_key) in signed_keys {
@ -234,7 +248,7 @@ pub fn upload_signatures_route(
                    ErrorKind::InvalidParam,
                    "Missing signatures field.",
                ))?
-                .get(sender_id.to_string())
+                .get(sender_user.to_string())
                .ok_or(Error::BadRequest(
                    ErrorKind::InvalidParam,
                    "Invalid user in signatures field.",
@ -263,7 +277,7 @@ pub fn upload_signatures_route(
                    &user_id,
                    &key_id,
                    signature,
-                    &sender_id,
+                    &sender_user,
                    &db.rooms,
                    &db.globals,
                )?;
@ -282,14 +296,14 @@ pub fn get_key_changes_route(
    db: State<'_, Database>,
    body: Ruma<get_key_changes::Request<'_>>,
 ) -> ConduitResult<get_key_changes::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut device_list_updates = HashSet::new();
    device_list_updates.extend(
        db.users
            .keys_changed(
-                &sender_id.to_string(),
+                &sender_user.to_string(),
                body.from
                    .parse()
                    .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid `from`."))?,
@ -302,7 +316,7 @@ pub fn get_key_changes_route(
            .filter_map(|r| r.ok()),
    );
-    for room_id in db.rooms.rooms_joined(sender_id).filter_map(|r| r.ok()) {
+    for room_id in db.rooms.rooms_joined(sender_user).filter_map(|r| r.ok()) {
        device_list_updates.extend(
            db.users
                .keys_changed(
--- a/src/client_server/membership.rs
+++ b/src/client_server/membership.rs
@ -40,7 +40,7 @@ pub async fn join_room_by_id_route(
 ) -> ConduitResult<join_room_by_id::Response> {
    join_room_by_id_helper(
        &db,
-        body.sender_id.as_ref(),
+        body.sender_user.as_ref(),
        &body.room_id,
        &[body.room_id.server_name().to_owned()],
        body.third_party_signed.as_ref(),
@ -68,7 +68,7 @@ pub async fn join_room_by_id_or_alias_route(
    Ok(join_room_by_id_or_alias::Response {
        room_id: join_room_by_id_helper(
            &db,
-            body.sender_id.as_ref(),
+            body.sender_user.as_ref(),
            &room_id,
            &servers,
            body.third_party_signed.as_ref(),
@ -88,14 +88,14 @@ pub async fn leave_room_route(
    db: State<'_, Database>,
    body: Ruma<leave_room::Request<'_>>,
 ) -> ConduitResult<leave_room::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut event = serde_json::from_value::<Raw<member::MemberEventContent>>(
        db.rooms
            .room_state_get(
                &body.room_id,
                &EventType::RoomMember,
-                &sender_id.to_string(),
+                &sender_user.to_string(),
            )?
            .ok_or(Error::BadRequest(
                ErrorKind::BadState,
@ -114,10 +114,10 @@ pub async fn leave_room_route(
            event_type: EventType::RoomMember,
            content: serde_json::to_value(event).expect("event is valid, we just created it"),
            unsigned: None,
-            state_key: Some(sender_id.to_string()),
+            state_key: Some(sender_user.to_string()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
@ -135,7 +135,7 @@ pub async fn invite_user_route(
    db: State<'_, Database>,
    body: Ruma<invite_user::Request<'_>>,
 ) -> ConduitResult<invite_user::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    if let invite_user::IncomingInvitationRecipient::UserId { user_id } = &body.recipient {
        db.rooms.build_and_append_pdu(
@ -153,7 +153,7 @@ pub async fn invite_user_route(
                state_key: Some(user_id.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &body.room_id,
            &db.globals,
            &db.sending,
@ -174,7 +174,7 @@ pub async fn kick_user_route(
    db: State<'_, Database>,
    body: Ruma<kick_user::Request<'_>>,
 ) -> ConduitResult<kick_user::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut event = serde_json::from_value::<Raw<ruma::events::room::member::MemberEventContent>>(
        db.rooms
@ -204,7 +204,7 @@ pub async fn kick_user_route(
            state_key: Some(body.user_id.to_string()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
@ -222,7 +222,7 @@ pub async fn ban_user_route(
    db: State<'_, Database>,
    body: Ruma<ban_user::Request<'_>>,
 ) -> ConduitResult<ban_user::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    // TODO: reason
@ -260,7 +260,7 @@ pub async fn ban_user_route(
            state_key: Some(body.user_id.to_string()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
@ -278,7 +278,7 @@ pub async fn unban_user_route(
    db: State<'_, Database>,
    body: Ruma<unban_user::Request<'_>>,
 ) -> ConduitResult<unban_user::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut event = serde_json::from_value::<Raw<ruma::events::room::member::MemberEventContent>>(
        db.rooms
@ -307,7 +307,7 @@ pub async fn unban_user_route(
            state_key: Some(body.user_id.to_string()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
@ -325,9 +325,9 @@ pub fn forget_room_route(
    db: State<'_, Database>,
    body: Ruma<forget_room::Request<'_>>,
 ) -> ConduitResult<forget_room::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    db.rooms.forget(&body.room_id, &sender_id)?;
+    db.rooms.forget(&body.room_id, &sender_user)?;
    Ok(forget_room::Response::new().into())
 }
@ -340,12 +340,12 @@ pub fn joined_rooms_route(
    db: State<'_, Database>,
    body: Ruma<joined_rooms::Request>,
 ) -> ConduitResult<joined_rooms::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    Ok(joined_rooms::Response {
        joined_rooms: db
            .rooms
-            .rooms_joined(&sender_id)
+            .rooms_joined(&sender_user)
            .filter_map(|r| r.ok())
            .collect(),
    }
@ -360,9 +360,9 @@ pub fn get_member_events_route(
    db: State<'_, Database>,
    body: Ruma<get_member_events::Request<'_>>,
 ) -> ConduitResult<get_member_events::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
            "You don't have permission to view this room.",
@ -388,11 +388,11 @@ pub fn joined_members_route(
    db: State<'_, Database>,
    body: Ruma<joined_members::Request<'_>>,
 ) -> ConduitResult<joined_members::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    if !db
        .rooms
-        .is_joined(&sender_id, &body.room_id)
+        .is_joined(&sender_user, &body.room_id)
        .unwrap_or(false)
    {
        return Err(Error::BadRequest(
@ -420,12 +420,12 @@ pub fn joined_members_route(
 async fn join_room_by_id_helper(
    db: &Database,
-    sender_id: Option<&UserId>,
+    sender_user: Option<&UserId>,
    room_id: &RoomId,
    servers: &[Box<ServerName>],
    _third_party_signed: Option<&IncomingThirdPartySigned>,
 ) -> ConduitResult<join_room_by_id::Response> {
-    let sender_id = sender_id.expect("user is authenticated");
+    let sender_user = sender_user.expect("user is authenticated");
    // Ask a remote server if we don't have this room
    if !db.rooms.exists(&room_id)? && room_id.server_name() != db.globals.server_name() {
@ -439,7 +439,7 @@ async fn join_room_by_id_helper(
                remote_server.clone(),
                federation::membership::create_join_event_template::v1::Request {
                    room_id,
-                    user_id: sender_id,
+                    user_id: sender_user,
                    ver: &[RoomVersionId::Version5, RoomVersionId::Version6],
                },
            )
@ -479,8 +479,8 @@ async fn join_room_by_id_helper(
            "content".to_owned(),
            serde_json::to_value(member::MemberEventContent {
                membership: member::MembershipState::Join,
-                displayname: db.users.displayname(&sender_id)?,
+                displayname: db.users.displayname(&sender_user)?,
-                avatar_url: db.users.avatar_url(&sender_id)?,
+                avatar_url: db.users.avatar_url(&sender_user)?,
                is_direct: None,
                third_party_invite: None,
            })
@ -668,8 +668,8 @@ async fn join_room_by_id_helper(
    } else {
        let event = member::MemberEventContent {
            membership: member::MembershipState::Join,
-            displayname: db.users.displayname(&sender_id)?,
+            displayname: db.users.displayname(&sender_user)?,
-            avatar_url: db.users.avatar_url(&sender_id)?,
+            avatar_url: db.users.avatar_url(&sender_user)?,
            is_direct: None,
            third_party_invite: None,
        };
@ -679,10 +679,10 @@ async fn join_room_by_id_helper(
                event_type: EventType::RoomMember,
                content: serde_json::to_value(event).expect("event is valid, we just created it"),
                unsigned: None,
-                state_key: Some(sender_id.to_string()),
+                state_key: Some(sender_user.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
--- a/src/client_server/message.rs
+++ b/src/client_server/message.rs
@ -21,13 +21,13 @@ pub async fn send_message_event_route(
    db: State<'_, Database>,
    body: Ruma<send_message_event::Request<'_>>,
 ) -> ConduitResult<send_message_event::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // Check if this is a new transaction id
-    if let Some(response) = db
+    if let Some(response) =
-        .transaction_ids
+        db.transaction_ids
-        .existing_txnid(sender_id, device_id, &body.txn_id)?
+            .existing_txnid(sender_user, sender_device, &body.txn_id)?
    {
        // The client might have sent a txnid of the /sendToDevice endpoint
        // This txnid has no response associated with it
@ -63,15 +63,19 @@ pub async fn send_message_event_route(
            state_key: None,
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
        &db.account_data,
    )?;
-    db.transaction_ids
+    db.transaction_ids.add_txnid(
-        .add_txnid(sender_id, device_id, &body.txn_id, event_id.as_bytes())?;
+        sender_user,
        sender_device,
        &body.txn_id,
        event_id.as_bytes(),
    )?;
    Ok(send_message_event::Response::new(event_id).into())
 }
@ -84,9 +88,9 @@ pub fn get_message_events_route(
    db: State<'_, Database>,
    body: Ruma<get_message_events::Request<'_>>,
 ) -> ConduitResult<get_message_events::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
            "You don't have permission to view this room.",
@ -111,7 +115,7 @@ pub fn get_message_events_route(
        get_message_events::Direction::Forward => {
            let events_after = db
                .rooms
-                .pdus_after(&sender_id, &body.room_id, from)
+                .pdus_after(&sender_user, &body.room_id, from)
                .take(limit)
                .filter_map(|r| r.ok()) // Filter out buggy events
                .filter_map(|(pdu_id, pdu)| {
@ -141,7 +145,7 @@ pub fn get_message_events_route(
        get_message_events::Direction::Backward => {
            let events_before = db
                .rooms
-                .pdus_until(&sender_id, &body.room_id, from)
+                .pdus_until(&sender_user, &body.room_id, from)
                .take(limit)
                .filter_map(|r| r.ok()) // Filter out buggy events
                .filter_map(|(pdu_id, pdu)| {
--- a/src/client_server/presence.rs
+++ b/src/client_server/presence.rs
@ -14,19 +14,19 @@ pub fn set_presence_route(
    db: State<'_, Database>,
    body: Ruma<set_presence::Request<'_>>,
 ) -> ConduitResult<set_presence::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    for room_id in db.rooms.rooms_joined(&sender_id) {
+    for room_id in db.rooms.rooms_joined(&sender_user) {
        let room_id = room_id?;
        db.rooms.edus.update_presence(
-            &sender_id,
+            &sender_user,
            &room_id,
            ruma::events::presence::PresenceEvent {
                content: ruma::events::presence::PresenceEventContent {
-                    avatar_url: db.users.avatar_url(&sender_id)?,
+                    avatar_url: db.users.avatar_url(&sender_user)?,
                    currently_active: None,
-                    displayname: db.users.displayname(&sender_id)?,
+                    displayname: db.users.displayname(&sender_user)?,
                    last_active_ago: Some(
                        utils::millis_since_unix_epoch()
                            .try_into()
@ -35,7 +35,7 @@ pub fn set_presence_route(
                    presence: body.presence,
                    status_msg: body.status_msg.clone(),
                },
-                sender: sender_id.clone(),
+                sender: sender_user.clone(),
            },
            &db.globals,
        )?;
--- a/src/client_server/profile.rs
+++ b/src/client_server/profile.rs
@ -23,13 +23,13 @@ pub async fn set_displayname_route(
    db: State<'_, Database>,
    body: Ruma<set_display_name::Request<'_>>,
 ) -> ConduitResult<set_display_name::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.users
-        .set_displayname(&sender_id, body.displayname.clone())?;
+        .set_displayname(&sender_user, body.displayname.clone())?;
    // Send a new membership event and presence update into all joined rooms
-    for room_id in db.rooms.rooms_joined(&sender_id) {
+    for room_id in db.rooms.rooms_joined(&sender_user) {
        let room_id = room_id?;
        db.rooms.build_and_append_pdu(
            PduBuilder {
@ -41,7 +41,7 @@ pub async fn set_displayname_route(
                            .room_state_get(
                                &room_id,
                                &EventType::RoomMember,
-                                &sender_id.to_string(),
+                                &sender_user.to_string(),
                            )?
                            .ok_or_else(|| {
                                Error::bad_database(
@ -57,10 +57,10 @@ pub async fn set_displayname_route(
                })
                .expect("event is valid, we just created it"),
                unsigned: None,
-                state_key: Some(sender_id.to_string()),
+                state_key: Some(sender_user.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -69,13 +69,13 @@ pub async fn set_displayname_route(
        // Presence update
        db.rooms.edus.update_presence(
-            &sender_id,
+            &sender_user,
            &room_id,
            ruma::events::presence::PresenceEvent {
                content: ruma::events::presence::PresenceEventContent {
-                    avatar_url: db.users.avatar_url(&sender_id)?,
+                    avatar_url: db.users.avatar_url(&sender_user)?,
                    currently_active: None,
-                    displayname: db.users.displayname(&sender_id)?,
+                    displayname: db.users.displayname(&sender_user)?,
                    last_active_ago: Some(
                        utils::millis_since_unix_epoch()
                            .try_into()
@ -84,7 +84,7 @@ pub async fn set_displayname_route(
                    presence: ruma::presence::PresenceState::Online,
                    status_msg: None,
                },
-                sender: sender_id.clone(),
+                sender: sender_user.clone(),
            },
            &db.globals,
        )?;
@ -115,13 +115,13 @@ pub async fn set_avatar_url_route(
    db: State<'_, Database>,
    body: Ruma<set_avatar_url::Request<'_>>,
 ) -> ConduitResult<set_avatar_url::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    db.users
-        .set_avatar_url(&sender_id, body.avatar_url.clone())?;
+        .set_avatar_url(&sender_user, body.avatar_url.clone())?;
    // Send a new membership event and presence update into all joined rooms
-    for room_id in db.rooms.rooms_joined(&sender_id) {
+    for room_id in db.rooms.rooms_joined(&sender_user) {
        let room_id = room_id?;
        db.rooms.build_and_append_pdu(
            PduBuilder {
@ -133,7 +133,7 @@ pub async fn set_avatar_url_route(
                            .room_state_get(
                                &room_id,
                                &EventType::RoomMember,
-                                &sender_id.to_string(),
+                                &sender_user.to_string(),
                            )?
                            .ok_or_else(|| {
                                Error::bad_database(
@ -149,10 +149,10 @@ pub async fn set_avatar_url_route(
                })
                .expect("event is valid, we just created it"),
                unsigned: None,
-                state_key: Some(sender_id.to_string()),
+                state_key: Some(sender_user.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -161,13 +161,13 @@ pub async fn set_avatar_url_route(
        // Presence update
        db.rooms.edus.update_presence(
-            &sender_id,
+            &sender_user,
            &room_id,
            ruma::events::presence::PresenceEvent {
                content: ruma::events::presence::PresenceEventContent {
-                    avatar_url: db.users.avatar_url(&sender_id)?,
+                    avatar_url: db.users.avatar_url(&sender_user)?,
                    currently_active: None,
-                    displayname: db.users.displayname(&sender_id)?,
+                    displayname: db.users.displayname(&sender_user)?,
                    last_active_ago: Some(
                        utils::millis_since_unix_epoch()
                            .try_into()
@ -176,7 +176,7 @@ pub async fn set_avatar_url_route(
                    presence: ruma::presence::PresenceState::Online,
                    status_msg: None,
                },
-                sender: sender_id.clone(),
+                sender: sender_user.clone(),
            },
            &db.globals,
        )?;
--- a/src/client_server/push.rs
+++ b/src/client_server/push.rs
@ -20,11 +20,11 @@ pub fn get_pushrules_all_route(
    db: State<'_, Database>,
    body: Ruma<get_pushrules_all::Request>,
 ) -> ConduitResult<get_pushrules_all::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let event = db
        .account_data
-        .get::<ruma::events::push_rules::PushRulesEvent>(None, &sender_id, EventType::PushRules)?
+        .get::<ruma::events::push_rules::PushRulesEvent>(None, &sender_user, EventType::PushRules)?
        .ok_or(Error::BadRequest(
            ErrorKind::NotFound,
            "PushRules event not found.",
--- a/src/client_server/read_marker.rs
+++ b/src/client_server/read_marker.rs
@ -17,7 +17,7 @@ pub fn set_read_marker_route(
    db: State<'_, Database>,
    body: Ruma<set_read_marker::Request<'_>>,
 ) -> ConduitResult<set_read_marker::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let fully_read_event = ruma::events::fully_read::FullyReadEvent {
        content: ruma::events::fully_read::FullyReadEventContent {
@ -27,7 +27,7 @@ pub fn set_read_marker_route(
    };
    db.account_data.update(
        Some(&body.room_id),
-        &sender_id,
+        &sender_user,
        EventType::FullyRead,
        &fully_read_event,
        &db.globals,
@ -36,7 +36,7 @@ pub fn set_read_marker_route(
    if let Some(event) = &body.read_receipt {
        db.rooms.edus.private_read_set(
            &body.room_id,
-            &sender_id,
+            &sender_user,
            db.rooms.get_pdu_count(event)?.ok_or(Error::BadRequest(
                ErrorKind::InvalidParam,
                "Event does not exist.",
@ -46,7 +46,7 @@ pub fn set_read_marker_route(
        let mut user_receipts = BTreeMap::new();
        user_receipts.insert(
-            sender_id.clone(),
+            sender_user.clone(),
            ruma::events::receipt::Receipt {
                ts: Some(SystemTime::now()),
            },
@ -60,7 +60,7 @@ pub fn set_read_marker_route(
        );
        db.rooms.edus.readreceipt_update(
-            &sender_id,
+            &sender_user,
            &body.room_id,
            AnyEvent::Ephemeral(AnyEphemeralRoomEvent::Receipt(
                ruma::events::receipt::ReceiptEvent {
--- a/src/client_server/redact.rs
+++ b/src/client_server/redact.rs
@ -16,7 +16,7 @@ pub async fn redact_event_route(
    db: State<'_, Database>,
    body: Ruma<redact_event::Request<'_>>,
 ) -> ConduitResult<redact_event::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let event_id = db.rooms.build_and_append_pdu(
        PduBuilder {
@ -29,7 +29,7 @@ pub async fn redact_event_route(
            state_key: None,
            redacts: Some(body.event_id.clone()),
        },
-        &sender_id,
+        &sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
--- a/src/client_server/room.rs
+++ b/src/client_server/room.rs
@ -24,7 +24,7 @@ pub async fn create_room_route(
    db: State<'_, Database>,
    body: Ruma<create_room::Request<'_>>,
 ) -> ConduitResult<create_room::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let room_id = RoomId::new(db.globals.server_name());
@ -47,7 +47,7 @@ pub async fn create_room_route(
            }
        })?;
-    let mut content = ruma::events::room::create::CreateEventContent::new(sender_id.clone());
+    let mut content = ruma::events::room::create::CreateEventContent::new(sender_user.clone());
    content.federate = body.creation_content.federate;
    content.predecessor = body.creation_content.predecessor.clone();
    content.room_version = RoomVersionId::Version6;
@ -61,7 +61,7 @@ pub async fn create_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -74,17 +74,17 @@ pub async fn create_room_route(
            event_type: EventType::RoomMember,
            content: serde_json::to_value(member::MemberEventContent {
                membership: member::MembershipState::Join,
-                displayname: db.users.displayname(&sender_id)?,
+                displayname: db.users.displayname(&sender_user)?,
-                avatar_url: db.users.avatar_url(&sender_id)?,
+                avatar_url: db.users.avatar_url(&sender_user)?,
                is_direct: Some(body.is_direct),
                third_party_invite: None,
            })
            .expect("event is valid, we just created it"),
            unsigned: None,
-            state_key: Some(sender_id.to_string()),
+            state_key: Some(sender_user.to_string()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -93,7 +93,7 @@ pub async fn create_room_route(
    // 3. Power levels
    let mut users = BTreeMap::new();
-    users.insert(sender_id.clone(), 100.into());
+    users.insert(sender_user.clone(), 100.into());
    for invite_ in &body.invite {
        users.insert(invite_.clone(), 100.into());
    }
@ -127,7 +127,7 @@ pub async fn create_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -161,7 +161,7 @@ pub async fn create_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -180,7 +180,7 @@ pub async fn create_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -207,7 +207,7 @@ pub async fn create_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
@ -228,7 +228,7 @@ pub async fn create_room_route(
        db.rooms.build_and_append_pdu(
            pdu_builder,
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -251,7 +251,7 @@ pub async fn create_room_route(
                state_key: Some("".to_owned()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -271,7 +271,7 @@ pub async fn create_room_route(
                state_key: Some("".to_owned()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -296,7 +296,7 @@ pub async fn create_room_route(
                state_key: Some(user.to_string()),
                redacts: None,
            },
-            &sender_id,
+            &sender_user,
            &room_id,
            &db.globals,
            &db.sending,
@ -324,9 +324,9 @@ pub fn get_room_event_route(
    db: State<'_, Database>,
    body: Ruma<get_room_event::Request<'_>>,
 ) -> ConduitResult<get_room_event::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
            "You don't have permission to view this room.",
@ -352,7 +352,7 @@ pub async fn upgrade_room_route(
    body: Ruma<upgrade_room::Request<'_>>,
    _room_id: String,
 ) -> ConduitResult<upgrade_room::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    if !matches!(
        body.new_version,
@ -381,7 +381,7 @@ pub async fn upgrade_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        sender_id,
+        sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
@ -408,7 +408,7 @@ pub async fn upgrade_room_route(
    // Send a m.room.create event containing a predecessor field and the applicable room_version
    let mut create_event_content =
-        ruma::events::room::create::CreateEventContent::new(sender_id.clone());
+        ruma::events::room::create::CreateEventContent::new(sender_user.clone());
    create_event_content.federate = federate;
    create_event_content.room_version = body.new_version.clone();
    create_event_content.predecessor = predecessor;
@ -422,7 +422,7 @@ pub async fn upgrade_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        sender_id,
+        sender_user,
        &replacement_room,
        &db.globals,
        &db.sending,
@ -435,17 +435,17 @@ pub async fn upgrade_room_route(
            event_type: EventType::RoomMember,
            content: serde_json::to_value(member::MemberEventContent {
                membership: member::MembershipState::Join,
-                displayname: db.users.displayname(&sender_id)?,
+                displayname: db.users.displayname(&sender_user)?,
-                avatar_url: db.users.avatar_url(&sender_id)?,
+                avatar_url: db.users.avatar_url(&sender_user)?,
                is_direct: None,
                third_party_invite: None,
            })
            .expect("event is valid, we just created it"),
            unsigned: None,
-            state_key: Some(sender_id.to_string()),
+            state_key: Some(sender_user.to_string()),
            redacts: None,
        },
-        sender_id,
+        sender_user,
        &replacement_room,
        &db.globals,
        &db.sending,
@ -480,7 +480,7 @@ pub async fn upgrade_room_route(
                state_key: Some("".to_owned()),
                redacts: None,
            },
-            sender_id,
+            sender_user,
            &replacement_room,
            &db.globals,
            &db.sending,
@ -524,7 +524,7 @@ pub async fn upgrade_room_route(
            state_key: Some("".to_owned()),
            redacts: None,
        },
-        sender_id,
+        sender_user,
        &body.room_id,
        &db.globals,
        &db.sending,
--- a/src/client_server/search.rs
+++ b/src/client_server/search.rs
@ -15,7 +15,7 @@ pub fn search_events_route(
    db: State<'_, Database>,
    body: Ruma<search_events::Request<'_>>,
 ) -> ConduitResult<search_events::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let search_criteria = body.search_categories.room_events.as_ref().unwrap();
    let filter = search_criteria.filter.as_ref().unwrap();
@ -24,7 +24,7 @@ pub fn search_events_route(
    let limit = filter.limit.map_or(10, |l| u64::from(l) as usize);
-    if !db.rooms.is_joined(sender_id, &room_id)? {
+    if !db.rooms.is_joined(sender_user, &room_id)? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
            "You don't have permission to view this room.",
--- a/src/client_server/session.rs
+++ b/src/client_server/session.rs
@ -117,10 +117,10 @@ pub fn logout_route(
    db: State<'_, Database>,
    body: Ruma<logout::Request>,
 ) -> ConduitResult<logout::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
-    db.users.remove_device(&sender_id, device_id)?;
+    db.users.remove_device(&sender_user, sender_device)?;
    Ok(logout::Response::new().into())
 }
@ -142,11 +142,11 @@ pub fn logout_all_route(
    db: State<'_, Database>,
    body: Ruma<logout_all::Request>,
 ) -> ConduitResult<logout_all::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    for device_id in db.users.all_device_ids(sender_id) {
+    for device_id in db.users.all_device_ids(sender_user) {
        if let Ok(device_id) = device_id {
-            db.users.remove_device(&sender_id, &device_id)?;
+            db.users.remove_device(&sender_user, &device_id)?;
        }
    }
--- a/src/client_server/state.rs
+++ b/src/client_server/state.rs
@ -27,7 +27,7 @@ pub async fn send_state_event_for_key_route(
    db: State<'_, Database>,
    body: Ruma<send_state_event_for_key::Request<'_>>,
 ) -> ConduitResult<send_state_event_for_key::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let content = serde_json::from_str::<serde_json::Value>(
        body.json_body
@ -40,7 +40,7 @@ pub async fn send_state_event_for_key_route(
    Ok(send_state_event_for_key::Response::new(
        send_state_event_for_key_helper(
            &db,
-            sender_id,
+            sender_user,
            &body.content,
            content,
            &body.room_id,
@ -62,8 +62,8 @@ pub async fn send_state_event_for_empty_key_route(
    // This just calls send_state_event_for_key_route
    let Ruma {
        body,
-        sender_id,
+        sender_user,
-        device_id: _,
+        sender_device: _,
        json_body,
    } = body;
@ -78,7 +78,7 @@ pub async fn send_state_event_for_empty_key_route(
    Ok(send_state_event_for_empty_key::Response::new(
        send_state_event_for_key_helper(
            &db,
-            sender_id
+            sender_user
                .as_ref()
                .expect("no user for send state empty key rout"),
            &body.content,
@ -99,11 +99,11 @@ pub fn get_state_events_route(
    db: State<'_, Database>,
    body: Ruma<get_state_events::Request>,
 ) -> ConduitResult<get_state_events::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    // Users not in the room should not be able to access the state unless history_visibility is
    // WorldReadable
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        if !matches!(
            db.rooms
                .room_state_get(&body.room_id, &EventType::RoomHistoryVisibility, "")?
@ -144,11 +144,11 @@ pub fn get_state_events_for_key_route(
    db: State<'_, Database>,
    body: Ruma<get_state_events_for_key::Request>,
 ) -> ConduitResult<get_state_events_for_key::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    // Users not in the room should not be able to access the state unless history_visibility is
    // WorldReadable
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        if !matches!(
            db.rooms
                .room_state_get(&body.room_id, &EventType::RoomHistoryVisibility, "")?
@ -193,11 +193,11 @@ pub fn get_state_events_for_empty_key_route(
    db: State<'_, Database>,
    body: Ruma<get_state_events_for_empty_key::Request>,
 ) -> ConduitResult<get_state_events_for_empty_key::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    // Users not in the room should not be able to access the state unless history_visibility is
    // WorldReadable
-    if !db.rooms.is_joined(sender_id, &body.room_id)? {
+    if !db.rooms.is_joined(sender_user, &body.room_id)? {
        if !matches!(
            db.rooms
                .room_state_get(&body.room_id, &EventType::RoomHistoryVisibility, "")?
@ -242,7 +242,7 @@ pub async fn send_state_event_for_key_helper(
    room_id: &RoomId,
    state_key: Option<String>,
 ) -> Result<EventId> {
-    let sender_id = sender;
+    let sender_user = sender;
    if let AnyStateEventContent::RoomCanonicalAlias(canonical_alias) = content {
        let mut aliases = canonical_alias.alt_aliases.clone();
@ -276,7 +276,7 @@ pub async fn send_state_event_for_key_helper(
            state_key,
            redacts: None,
        },
-        &sender_id,
+        &sender_user,
        &room_id,
        &db.globals,
        &db.sending,
--- a/src/client_server/sync.rs
+++ b/src/client_server/sync.rs
@ -33,14 +33,14 @@ pub async fn sync_events_route(
    db: State<'_, Database>,
    body: Ruma<sync_events::Request<'_>>,
 ) -> ConduitResult<sync_events::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // TODO: match body.set_presence {
-    db.rooms.edus.ping_presence(&sender_id)?;
+    db.rooms.edus.ping_presence(&sender_user)?;
    // Setup watchers, so if there's no response, we can wait for them
-    let watcher = db.watch(sender_id, device_id);
+    let watcher = db.watch(sender_user, sender_device);
    let next_batch = db.globals.current_count()?.to_string();
@ -59,16 +59,16 @@ pub async fn sync_events_route(
    // Look for device list updates of this account
    device_list_updates.extend(
        db.users
-            .keys_changed(&sender_id.to_string(), since, None)
+            .keys_changed(&sender_user.to_string(), since, None)
            .filter_map(|r| r.ok()),
    );
-    for room_id in db.rooms.rooms_joined(&sender_id) {
+    for room_id in db.rooms.rooms_joined(&sender_user) {
        let room_id = room_id?;
        let mut non_timeline_pdus = db
            .rooms
-            .pdus_since(&sender_id, &room_id, since)?
+            .pdus_since(&sender_user, &room_id, since)?
            .filter_map(|r| r.ok()); // Filter out buggy events
        // Take the last 10 events for the timeline
@ -85,7 +85,7 @@ pub async fn sync_events_route(
            || db
                .rooms
                .edus
-                .last_privateread_update(&sender_id, &room_id)?
+                .last_privateread_update(&sender_user, &room_id)?
                > since;
        // They /sync response doesn't always return all messages, so we say the output is
@ -110,7 +110,7 @@ pub async fn sync_events_route(
        // since and the current room state, meaning there should be no updates.
        // The inner Option is None when there is an event, but there is no state hash associated
        // with it. This can happen for the RoomCreate event, so all updates should arrive.
-        let first_pdu_after_since = db.rooms.pdus_after(sender_id, &room_id, since).next();
+        let first_pdu_after_since = db.rooms.pdus_after(sender_user, &room_id, since).next();
        let since_state_hash = first_pdu_after_since
            .as_ref()
@ -146,7 +146,7 @@ pub async fn sync_events_route(
        let since_sender_member = since_members.as_ref().map(|since_members| {
            since_members.as_ref().and_then(|members| {
-                members.get(sender_id.as_str()).and_then(|pdu| {
+                members.get(sender_user.as_str()).and_then(|pdu| {
                    serde_json::from_value::<Raw<ruma::events::room::member::MemberEventContent>>(
                        pdu.content.clone(),
                    )
@ -198,7 +198,7 @@ pub async fn sync_events_route(
                match (since_membership, current_membership) {
                    (MembershipState::Leave, MembershipState::Join) => {
                        // A new user joined an encrypted room
-                        if !share_encrypted_room(&db, &sender_id, &user_id, &room_id) {
+                        if !share_encrypted_room(&db, &sender_user, &user_id, &room_id) {
                            device_list_updates.insert(user_id);
                        }
                    }
@ -223,11 +223,11 @@ pub async fn sync_events_route(
                    .filter_map(|user_id| Some(user_id.ok()?))
                    .filter(|user_id| {
                        // Don't send key updates from the sender to the sender
-                        sender_id != user_id
+                        sender_user != user_id
                    })
                    .filter(|user_id| {
                        // Only send keys if the sender doesn't share an encrypted room with the target already
-                        !share_encrypted_room(&db, sender_id, user_id, &room_id)
+                        !share_encrypted_room(&db, sender_user, user_id, &room_id)
                    }),
            );
        }
@ -252,7 +252,7 @@ pub async fn sync_events_route(
                for hero in db
                    .rooms
-                    .all_pdus(&sender_id, &room_id)?
+                    .all_pdus(&sender_user, &room_id)?
                    .filter_map(|pdu| pdu.ok()) // Ignore all broken pdus
                    .filter(|(_, pdu)| pdu.kind == EventType::RoomMember)
                    .map(|(_, pdu)| {
@ -287,7 +287,7 @@ pub async fn sync_events_route(
                    // Filter for possible heroes
                    .filter_map(|u| u)
                {
-                    if heroes.contains(&hero) || hero == sender_id.as_str() {
+                    if heroes.contains(&hero) || hero == sender_user.as_str() {
                        continue;
                    }
@ -305,10 +305,10 @@ pub async fn sync_events_route(
        };
        let notification_count = if send_notification_counts {
-            if let Some(last_read) = db.rooms.edus.private_read_get(&room_id, &sender_id)? {
+            if let Some(last_read) = db.rooms.edus.private_read_get(&room_id, &sender_user)? {
                Some(
                    (db.rooms
-                        .pdus_since(&sender_id, &room_id, last_read)?
+                        .pdus_since(&sender_user, &room_id, last_read)?
                        .filter_map(|pdu| pdu.ok()) // Filter out buggy events
                        .filter(|(_, pdu)| {
                            matches!(
@ -360,7 +360,7 @@ pub async fn sync_events_route(
            account_data: sync_events::AccountData {
                events: db
                    .account_data
-                    .changes_since(Some(&room_id), &sender_id, since)?
+                    .changes_since(Some(&room_id), &sender_user, since)?
                    .into_iter()
                    .filter_map(|(_, v)| {
                        serde_json::from_str(v.json().get())
@ -438,9 +438,9 @@ pub async fn sync_events_route(
    }
    let mut left_rooms = BTreeMap::new();
-    for room_id in db.rooms.rooms_left(&sender_id) {
+    for room_id in db.rooms.rooms_left(&sender_user) {
        let room_id = room_id?;
-        let pdus = db.rooms.pdus_since(&sender_id, &room_id, since)?;
+        let pdus = db.rooms.pdus_since(&sender_user, &room_id, since)?;
        let room_events = pdus
            .filter_map(|pdu| pdu.ok()) // Filter out buggy events
            .map(|(_, pdu)| pdu.to_sync_room_event())
@ -458,7 +458,7 @@ pub async fn sync_events_route(
        let since_member = db
            .rooms
-            .pdus_after(sender_id, &room_id, since)
+            .pdus_after(sender_user, &room_id, since)
            .next()
            .and_then(|pdu| pdu.ok())
            .and_then(|pdu| {
@ -470,7 +470,7 @@ pub async fn sync_events_route(
            })
            .and_then(|state_hash| {
                db.rooms
-                    .state_get(&state_hash, &EventType::RoomMember, sender_id.as_str())
+                    .state_get(&state_hash, &EventType::RoomMember, sender_user.as_str())
                    .ok()?
                    .ok_or_else(|| Error::bad_database("State hash in db doesn't have a state."))
                    .ok()
@ -495,12 +495,12 @@ pub async fn sync_events_route(
                    .filter_map(|user_id| Some(user_id.ok()?))
                    .filter(|user_id| {
                        // Don't send key updates from the sender to the sender
-                        sender_id != user_id
+                        sender_user != user_id
                    })
                    .filter(|user_id| {
                        // Only send if the sender doesn't share any encrypted room with the target
                        // anymore
-                        !share_encrypted_room(&db, sender_id, user_id, &room_id)
+                        !share_encrypted_room(&db, sender_user, user_id, &room_id)
                    }),
            );
        }
@ -511,12 +511,12 @@ pub async fn sync_events_route(
    }
    let mut invited_rooms = BTreeMap::new();
-    for room_id in db.rooms.rooms_invited(&sender_id) {
+    for room_id in db.rooms.rooms_invited(&sender_user) {
        let room_id = room_id?;
        let mut invited_since_last_sync = false;
-        for pdu in db.rooms.pdus_since(&sender_id, &room_id, since)? {
+        for pdu in db.rooms.pdus_since(&sender_user, &room_id, since)? {
            let (_, pdu) = pdu?;
-            if pdu.kind == EventType::RoomMember && pdu.state_key == Some(sender_id.to_string()) {
+            if pdu.kind == EventType::RoomMember && pdu.state_key == Some(sender_user.to_string()) {
                let content = serde_json::from_value::<
                    Raw<ruma::events::room::member::MemberEventContent>,
                >(pdu.content.clone())
@ -554,7 +554,7 @@ pub async fn sync_events_route(
    for user_id in left_encrypted_users {
        let still_share_encrypted_room = db
            .rooms
-            .get_shared_rooms(vec![sender_id.clone(), user_id.clone()])
+            .get_shared_rooms(vec![sender_user.clone(), user_id.clone()])
            .filter_map(|r| r.ok())
            .filter_map(|other_room_id| {
                Some(
@ -574,7 +574,7 @@ pub async fn sync_events_route(
    // Remove all to-device events the device received *last time*
    db.users
-        .remove_to_device_events(sender_id, device_id, since)?;
+        .remove_to_device_events(sender_user, sender_device, since)?;
    let response = sync_events::Response {
        next_batch,
@ -592,7 +592,7 @@ pub async fn sync_events_route(
        account_data: sync_events::AccountData {
            events: db
                .account_data
-                .changes_since(None, &sender_id, since)?
+                .changes_since(None, &sender_user, since)?
                .into_iter()
                .filter_map(|(_, v)| {
                    serde_json::from_str(v.json().get())
@ -605,15 +605,15 @@ pub async fn sync_events_route(
            changed: device_list_updates.into_iter().collect(),
            left: device_list_left.into_iter().collect(),
        },
-        device_one_time_keys_count: if db.users.last_one_time_keys_update(sender_id)? > since
+        device_one_time_keys_count: if db.users.last_one_time_keys_update(sender_user)? > since
            || since == 0
        {
-            db.users.count_one_time_keys(sender_id, device_id)?
+            db.users.count_one_time_keys(sender_user, sender_device)?
        } else {
            BTreeMap::new()
        },
        to_device: sync_events::ToDevice {
-            events: db.users.get_to_device_events(sender_id, device_id)?,
+            events: db.users.get_to_device_events(sender_user, sender_device)?,
        },
    };
@ -644,12 +644,12 @@ pub async fn sync_events_route(
 fn share_encrypted_room(
    db: &Database,
-    sender_id: &UserId,
+    sender_user: &UserId,
    user_id: &UserId,
    ignore_room: &RoomId,
 ) -> bool {
    db.rooms
-        .get_shared_rooms(vec![sender_id.clone(), user_id.clone()])
+        .get_shared_rooms(vec![sender_user.clone(), user_id.clone()])
        .filter_map(|r| r.ok())
        .filter(|room_id| room_id != ignore_room)
        .filter_map(|other_room_id| {
--- a/src/client_server/tag.rs
+++ b/src/client_server/tag.rs
@ -17,11 +17,11 @@ pub fn update_tag_route(
    db: State<'_, Database>,
    body: Ruma<create_tag::Request<'_>>,
 ) -> ConduitResult<create_tag::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut tags_event = db
        .account_data
-        .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_id, EventType::Tag)?
+        .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_user, EventType::Tag)?
        .unwrap_or_else(|| ruma::events::tag::TagEvent {
            content: ruma::events::tag::TagEventContent {
                tags: BTreeMap::new(),
@ -34,7 +34,7 @@ pub fn update_tag_route(
    db.account_data.update(
        Some(&body.room_id),
-        sender_id,
+        sender_user,
        EventType::Tag,
        &tags_event,
        &db.globals,
@ -51,11 +51,11 @@ pub fn delete_tag_route(
    db: State<'_, Database>,
    body: Ruma<delete_tag::Request<'_>>,
 ) -> ConduitResult<delete_tag::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let mut tags_event = db
        .account_data
-        .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_id, EventType::Tag)?
+        .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_user, EventType::Tag)?
        .unwrap_or_else(|| ruma::events::tag::TagEvent {
            content: ruma::events::tag::TagEventContent {
                tags: BTreeMap::new(),
@ -65,7 +65,7 @@ pub fn delete_tag_route(
    db.account_data.update(
        Some(&body.room_id),
-        sender_id,
+        sender_user,
        EventType::Tag,
        &tags_event,
        &db.globals,
@ -82,12 +82,12 @@ pub fn get_tags_route(
    db: State<'_, Database>,
    body: Ruma<get_tags::Request<'_>>,
 ) -> ConduitResult<get_tags::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    Ok(get_tags::Response {
        tags: db
            .account_data
-            .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_id, EventType::Tag)?
+            .get::<ruma::events::tag::TagEvent>(Some(&body.room_id), sender_user, EventType::Tag)?
            .unwrap_or_else(|| ruma::events::tag::TagEvent {
                content: ruma::events::tag::TagEventContent {
                    tags: BTreeMap::new(),
--- a/src/client_server/to_device.rs
+++ b/src/client_server/to_device.rs
@ -16,13 +16,13 @@ pub fn send_event_to_device_route(
    db: State<'_, Database>,
    body: Ruma<send_event_to_device::Request<'_>>,
 ) -> ConduitResult<send_event_to_device::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-    let device_id = body.device_id.as_ref().expect("user is authenticated");
+    let sender_device = body.sender_device.as_ref().expect("user is authenticated");
    // Check if this is a new transaction id
    if db
        .transaction_ids
-        .existing_txnid(sender_id, device_id, &body.txn_id)?
+        .existing_txnid(sender_user, sender_device, &body.txn_id)?
        .is_some()
    {
        return Ok(send_event_to_device::Response.into());
@ -33,7 +33,7 @@ pub fn send_event_to_device_route(
            match target_device_id_maybe {
                to_device::DeviceIdOrAllDevices::DeviceId(target_device_id) => {
                    db.users.add_to_device_event(
-                        sender_id,
+                        sender_user,
                        &target_user_id,
                        &target_device_id,
                        &body.event_type,
@ -47,7 +47,7 @@ pub fn send_event_to_device_route(
                to_device::DeviceIdOrAllDevices::AllDevices => {
                    for target_device_id in db.users.all_device_ids(&target_user_id) {
                        db.users.add_to_device_event(
-                            sender_id,
+                            sender_user,
                            &target_user_id,
                            &target_device_id?,
                            &body.event_type,
@ -64,7 +64,7 @@ pub fn send_event_to_device_route(
    // Save transaction id with empty data
    db.transaction_ids
-        .add_txnid(sender_id, device_id, &body.txn_id, &[])?;
+        .add_txnid(sender_user, sender_device, &body.txn_id, &[])?;
    Ok(send_event_to_device::Response.into())
 }
--- a/src/client_server/typing.rs
+++ b/src/client_server/typing.rs
@ -14,11 +14,11 @@ pub fn create_typing_event_route(
    db: State<'_, Database>,
    body: Ruma<create_typing_event::Request<'_>>,
 ) -> ConduitResult<create_typing_event::Response> {
-    let sender_id = body.sender_id.as_ref().expect("user is authenticated");
+    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    if let Typing::Yes(duration) = body.state {
        db.rooms.edus.typing_add(
-            &sender_id,
+            &sender_user,
            &body.room_id,
            duration.as_millis() as u64 + utils::millis_since_unix_epoch(),
            &db.globals,
@ -26,7 +26,7 @@ pub fn create_typing_event_route(
    } else {
        db.rooms
            .edus
-            .typing_remove(&sender_id, &body.room_id, &db.globals)?;
+            .typing_remove(&sender_user, &body.room_id, &db.globals)?;
    }
    Ok(create_typing_event::Response.into())
--- a/src/ruma_wrapper.rs
+++ b/src/ruma_wrapper.rs
@ -26,8 +26,8 @@ use {
 /// first.
 pub struct Ruma<T: Outgoing> {
    pub body: T::Incoming,
-    pub sender_id: Option<UserId>,
+    pub sender_user: Option<UserId>,
-    pub device_id: Option<Box<DeviceId>>,
+    pub sender_device: Option<Box<DeviceId>>,
    pub json_body: Option<Box<serde_json::value::RawValue>>, // This is None when body is not a valid string
 }
@ -61,7 +61,7 @@ where
                .await
                .expect("database was loaded");
-            let (user_id, device_id) = if T::METADATA.requires_authentication {
+            let (sender_user, sender_device) = if T::METADATA.requires_authentication {
                // Get token from header or query value
                let token = match request
                    .headers()
@ -102,8 +102,8 @@ where
            match <T as Outgoing>::Incoming::try_from(http_request) {
                Ok(t) => Success(Ruma {
                    body: t,
-                    sender_id: user_id,
+                    sender_user,
-                    device_id,
+                    sender_device,
                    // TODO: Can we avoid parsing it again? (We only need this for append_pdu)
                    json_body: utils::string_from_bytes(&body)
                        .ok()
--- a/tests/sytest/sytest-whitelist
+++ b/tests/sytest/sytest-whitelist
@ -83,6 +83,7 @@ POST /register rejects registration of usernames with '|'
 POST /register rejects registration of usernames with '}'
 POST /register rejects registration of usernames with '£'
 POST /register rejects registration of usernames with 'é'
 POST /register returns the same device_id as that in the request
 POST /rooms/:room_id/ban can ban a user
 POST /rooms/:room_id/invite can send an invite
 POST /rooms/:room_id/join can join a room
@ -116,6 +117,7 @@ Typing events appear in incremental sync
 Typing events appear in initial sync
 Uninvited users cannot join the room
 User appears in user directory
 User directory correctly update on display name change
 User in dir while user still shares private rooms
 User in shared private room does appear in user directory
 User is offline if they set_presence=offline in their sync