Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify guest accounts and `auth` usage on /register #2055

Merged
merged 2 commits into from Jun 7, 2019

Conversation

Projects
None yet
3 participants
@turt2live
Copy link
Member

commented May 30, 2019

Fixes #1980
Fixes #1984

@turt2live turt2live requested a review from matrix-org/spec-core-team May 30, 2019

Show resolved Hide resolved api/client-server/registration.yaml
@@ -194,6 +198,18 @@ paths:
The homeserver requires additional authentication information.
schema:
"$ref": "definitions/auth_response.yaml"
403:

This comment has been minimized.

Copy link
@dbkr

dbkr Jun 5, 2019

Member

grim that this is 403, but if it's what synapse does then it's what the spec needs to say. :(

This comment has been minimized.

Copy link
@turt2live

turt2live Jun 5, 2019

Author Member

sadly, it is what synapse does.

This comment has been minimized.

Copy link
@richvdh

richvdh Jun 7, 2019

Member

what do you think it should be?

I don't necessarily think that, just because synapse does it, that the spec needs to say so. Any client currently relying on it being a 403 is prone to being broken anyway due to relying on unspecified behaviour, so we have the option of making the spec right and fixing synapse later.

This comment has been minimized.

Copy link
@turt2live

turt2live Jun 7, 2019

Author Member

speaking of clients which rely on unspecified behaviour:

           if (e.httpStatus === 403 && e.errcode === "M_UNKNOWN") {
                this.setState({
                    errorText: _t("Registration has been disabled on this homeserver."),
                });
            }

thanks, react-sdk.

I've also spent a fair amount of time re-reading the http spec, and 403 seems like the most correct answer. It doesn't feel right, but a different error code seems more wrong.

@turt2live turt2live requested a review from dbkr Jun 5, 2019

@dbkr

dbkr approved these changes Jun 6, 2019

Copy link
Member

left a comment

lgtm, although a server-side person probably ought to take a look too.

@turt2live turt2live requested a review from matrix-org/spec-core-team Jun 6, 2019

@turt2live

This comment has been minimized.

Copy link
Member Author

commented Jun 6, 2019

asking for server-side review

@@ -194,6 +198,18 @@ paths:
The homeserver requires additional authentication information.
schema:
"$ref": "definitions/auth_response.yaml"
403:

This comment has been minimized.

Copy link
@richvdh

richvdh Jun 7, 2019

Member

what do you think it should be?

I don't necessarily think that, just because synapse does it, that the spec needs to say so. Any client currently relying on it being a 403 is prone to being broken anyway due to relying on unspecified behaviour, so we have the option of making the spec right and fixing synapse later.

@@ -29,7 +29,8 @@ paths:
post:
summary: Register for an account on this homeserver.
description: |-
This API endpoint uses the `User-Interactive Authentication API`_.
This API endpoint uses the `User-Interactive Authentication API`_, except in

This comment has been minimized.

Copy link
@richvdh

richvdh Jun 7, 2019

Member

I'm not entirely convinced that we should be forbidding UIA for guest registration. Why would we not want to allow servers to present a captcha for guest registration?

This comment has been minimized.

Copy link
@turt2live

turt2live Jun 7, 2019

Author Member

only that synapse doesn't permit it, and clients expect to be able to get a guest account without login UX (see: riot registering one in the background for the last N years).

This comment has been minimized.

Copy link
@richvdh

richvdh Jun 7, 2019

Member

I'm still a bit unconvinced, but ok.

@richvdh

richvdh approved these changes Jun 7, 2019

@turt2live turt2live merged commit 906d3cd into master Jun 7, 2019

8 checks passed

buildkite/matrix-doc Build #216 passed (6 minutes, 12 seconds)
Details
ci/circleci: build-dev-scripts Your tests passed on CircleCI!
Details
ci/circleci: build-docs Your tests passed on CircleCI!
Details
ci/circleci: build-swagger Your tests passed on CircleCI!
Details
ci/circleci: check-docs Your tests passed on CircleCI!
Details
ci/circleci: validate-docs Your tests passed on CircleCI!
Details
docs Click details to preview the HTML documentation.
Details
swagger Click to preview the swagger build.
Details

@turt2live turt2live deleted the travis/1.0/registration-clarification branch Jun 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.