Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Well known lookups should be to port 443 only. #6095

Merged
merged 3 commits into from
May 18, 2022
Merged

Well known lookups should be to port 443 only. #6095

merged 3 commits into from
May 18, 2022

Conversation

michaelkaye
Copy link
Contributor

@michaelkaye michaelkaye commented May 18, 2022
edited

Type of change

  • Feature
  • Bugfix
  • Technical
  • Other :

Content

Per https://spec.matrix.org/unstable/client-server-api/#well-known-uri, step two:

1. Extract the server name from the user’s Matrix ID by splitting the Matrix ID at the first colon.
2. Extract the hostname from the server name.
3. Make a GET request to https://hostname/.well-known/matrix/client.

The hostname should not include a port, and should not query https://hostname:port/.well-known/matrix/client.

We achieve this by removing the port from the server_name before making a well-known lookup.

Additionally, I have renamed "getDomain" to "getServerName" as that is closer to the meaning of the second half of the matrix ID (after the first colon)

Motivation and context

There were originally issues with unit tests running against servers on non-standard ports (eg http://localhost:8080). These would then attempt to lookup well-known data by accessing https://localhost:8080/ (NB: https). These would fail because the port was listening for plain http.

This attempts to fix those tests by following the well-known resolution steps fully, and removing the port. This causes lookups against eg https://localhost:443/ instead, which in the test cases, is generally not responding with valid data.

This is also closer to the specification.

Tests

Tests continue to work; login has become faster for hosts over http because the timeout attempting to connect has been removed.

However, we should be aware that this is a change in behaviour and may possibly cause some servers with an interesting configuration to have issues, eg if your server_name is target-domain.com:8443 and you host your well-known at https://target-domain.com:8443/ not https://target-domain.com:443/.

Tested devices

  • Physical
  • Emulator
  • OS version(s):

Checklist

@michaelkaye
Well-known lookups should not include the port of a server.
7efd41e
@michaelkaye
Rename 'getDomain' to 'getServerName'.
e66284f 
In the context of matrix IDs, this removes the leading @name: leaving the hostname or hostname and port.
@michaelkaye
Changelog.d
9c99d12
@michaelkaye
Copy link
Contributor Author

michaelkaye commented May 18, 2022
edited

I'm not 100% sure this is the right change, but given the reading of the spec I believe so. However, the other clients also handle well-known the old way.

iOS does this here: https://github.com/vector-im/element-ios/blob/develop/RiotSwiftUI/Modules/Authentication/Common/Service/MatrixSDK/AuthenticationService.swift#L230

(which is to make the request to the homeserver url without removing the port)

There is also a commented out section here, which talks about doing a lookup based on the matrix ID:
https://github.com/vector-im/element-ios/blob/develop/RiotSwiftUI/Modules/Authentication/Common/Service/MatrixSDK/AuthenticationService.swift#L150

(I'm unable to test actual behaviour due to lack of iOS device)

Element Web makes a https request with the specified port:

https://github.com/matrix-org/matrix-js-sdk/blob/develop/src/autodiscovery.ts#L270

eg entering your username as @michaelk:matrix.org:80 will perform a discovery request to matrix.org:80/.well-known and expect the endpoint to talk TLS - you can see a spinner if you try it.

@michaelkaye
Copy link
Contributor Author

Hydrogen is making a request to eg https://hydrogen.element.io/null/_matrix/client/r0/login when i give my homeserver as eg "matrix.org:8080", so disreguarding that as it doesn't appear to be implemented yet.

@michaelkaye
Copy link
Contributor Author

If we don't want to go this way, we could perhaps add a much shorter timeout on the well-known lookup

@github-actions
Copy link

Unit Test Results

122 files  122 suites   2m 3s ⏱️
205 tests 205 ✔️ 0 💤 0
690 runs  690 ✔️ 0 💤 0

Results for commit 9c99d12.

bmarty
bmarty approved these changes May 18, 2022
View reviewed changes
Copy link
Member

@bmarty bmarty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@michaelkaye michaelkaye marked this pull request as ready for review May 18, 2022 15:30
@michaelkaye michaelkaye merged commit 5260e72 into develop May 18, 2022
@michaelkaye michaelkaye deleted the michaelk/correct_well_known_behaviour branch May 18, 2022 15:50
@github-actions
Copy link

Matrix SDK

Integration Tests Results:

  • [org.matrix.android.sdk.session]
    = passed=20 failures=0 errors=0 skipped=3
  • [org.matrix.android.sdk.account]
    = passed=3 failures=0 errors=0 skipped=2
  • [org.matrix.android.sdk.internal]
    = passed=5 failures=1 errors=0 skipped=0
  • [org.matrix.android.sdk.ordering]
    = passed=16 failures=0 errors=0 skipped=0
  • [org.matrix.android.sdk.PermalinkParserTest]
    = passed=2 failures=0 errors=0 skipped=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmarty bmarty bmarty approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@michaelkaye @bmarty