synapse requires unspecified user for m.login.password UI auth
#5665
Comments
richvdh
added
the
A-Spec-Compliance
|
Note that riot-web currently relies on the broken impl working (element-hq/element-web#10312) |
|
Also applies to |
This is no longer true: riot-web submits both formats, and should continue to work when we fix this. |
|
FTR RiotX uses the |
|
It's obviously easy to do so, but I'm having to work around this in riot web now. |
|
So, riot-web has been sending both user and identifier for a while. Can the user parameter be removed as a requirement and just be optional, so that clients correctly implementing the spec can work with synapse? |
|
(Making this optional will not break clients) |
|
Also, riot-web is still broken with password changes: https://github.com/matrix-org/matrix-react-sdk/blob/0fcbe40becf8f2c3d0bc684728cf1f4646986e44/src/components/views/settings/ChangePassword.js#L144 |
While working on #5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
While working on matrix-org#5665 I found myself digging into the `Ratelimiter` class and seeing that it was both: * Rather undocumented, and * causing a *lot* of config checks This PR attempts to refactor and comment the `Ratelimiter` class, as well as encourage config file accesses to only be done at instantiation. Best to be reviewed commit-by-commit.
|
#8182 is one part of this and is currently in review. |
richvdh
changed the title
user for m.login.password UI auth
@turt2live: please can you help me out here: I can't figure out which endpoint is being called with what parameters, and what the correct behaviour is. (it sounds like a separate problem: better to open a separate issue?) |
|
Between that PR and the others (matrix-org/matrix-react-sdk#4667 and company) there's a fairly wide range of endpoints. The |
|
The undocumented |
|
@turt2live: ok, to save readers of this issue (including myself) trying to reverse-engineer the problem from react-sdk PRs, please can you try to give some specific examples. The spec says Again I think this is orthogonal to |
|
I don't have the context to be able to write up that issue anymore, sorry. |
|
ok, I'm going to fix the |
The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
The spec requires synapse to support `identifier` dicts for `m.login.password` user-interactive auth, which it did not (instead, it required an undocumented `user` parameter.) To fix this properly, we need to pull the code that interprets `identifier` into `AuthHandler.validate_login` so that it can be called from the UIA code. Fixes #5665.
The spec says that the client should submit a dict including an
identifierobject. In practice, synapse requires you to instead to just submit auserfield, so the dict looks like:The text was updated successfully, but these errors were encountered: