Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

POST /_matrix/client/v3/account/3pid isn't spec compliant #13690

Open
DMRobertson opened this issue Sep 1, 2022 · 1 comment
Open

POST /_matrix/client/v3/account/3pid isn't spec compliant #13690

DMRobertson opened this issue Sep 1, 2022 · 1 comment
Labels
A-3PID 3rd party identifiers: e.g. email, phone number A-Spec-Compliance places where synapse does not conform to the spec O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. Z-Cleanup Things we want to get rid of, but aren't actively causing pain

Comments

@DMRobertson
Copy link
Contributor

DMRobertson commented Sep 1, 2022
edited
Loading

  1. Endpoint accepts unspecced threePidCreds field as well as specced three_pid_creds.

synapse/synapse/rest/client/account.py

Line 591 in 5f2e43b

threepid_creds = body.get("threePidCreds") or body.get("three_pid_creds")

  1. The spec says an id_access_token and id_server are required in ThreePidCredentials, but Synapse does not enforce the existence of (or even use) those fields.

This endpoint is deprecated so I suggest we fix this by removing the endpoint altogether.
@DMRobertson DMRobertson added A-Spec-Compliance places where synapse does not conform to the spec S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. O-Uncommon Most users are unlikely to come across this or unexpected workflow Z-Cleanup Things we want to get rid of, but aren't actively causing pain labels Sep 1, 2022
@DMRobertson DMRobertson changed the title POST _matrix/client/3pid accepts unspecced threePidCreds field as well as specced three_pid_creds POST /_matrix/client/3pid accepts unspecced threePidCreds field as well as specced three_pid_creds Sep 1, 2022
@DMRobertson DMRobertson changed the title POST /_matrix/client/3pid accepts unspecced threePidCreds field as well as specced three_pid_creds POST /_matrix/client/3pid isn't spec complaint Sep 1, 2022
@DMRobertson DMRobertson changed the title POST /_matrix/client/3pid isn't spec complaint POST /_matrix/client/3pid isn't spec compliant Sep 1, 2022
@DMRobertson DMRobertson mentioned this issue Sep 1, 2022
Closed
14 tasks
@DMRobertson DMRobertson changed the title POST /_matrix/client/3pid isn't spec compliant POST /_matrix/client/account/3pid isn't spec compliant Sep 15, 2022
@DMRobertson DMRobertson changed the title POST /_matrix/client/account/3pid isn't spec compliant POST /_matrix/client/v3/account/3pid isn't spec compliant Sep 15, 2022
@DMRobertson
Copy link
Contributor Author

This endpoint is deprecated so I suggest we fix this by removing the endpoint altogether.

I have searched the last two weeks of application logs from matrix.org for the pattern 'POST /_matrix/client/[^/]*/account/3pid HTTP/1.1'. There were no matches. We should probably not remove this until the spec formally removes it.

@DMRobertson DMRobertson mentioned this issue Sep 16, 2022
Open
@clokep clokep mentioned this issue Sep 21, 2022
Merged
@MadLittleMods MadLittleMods added the A-3PID 3rd party identifiers: e.g. email, phone number label Apr 25, 2023
@matrixbot matrixbot mentioned this issue Dec 21, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-3PID 3rd party identifiers: e.g. email, phone number A-Spec-Compliance places where synapse does not conform to the spec O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. Z-Cleanup Things we want to get rid of, but aren't actively causing pain
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MadLittleMods @DMRobertson