-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regression: login breaks for accounts with uppercase username #167
Comments
likely caused by #163 ? |
Hello and thanks for reporting this. Just so I am clear (it's a little hard to follow the info across the issues), you upgraded to synapse 1.62.0, and after that login attempts for users with old, historical usernames containing capital letters began to fail, correct? |
Correct. Specifically
It's mostly what we wrote on the issue; since what Since synapse has some fallback compatibility code, after the login fails it moves on to trying something with macaroons (see: https://github.com/matrix-org/synapse/blob/96cf81e312407f0caba1b45ba9899906b1dcc098/synapse/api/auth.py#L417 ) In a nutshellDepending on how you look at this, it can be a: SPEC bug, Synapse bug (I incline towards this), or a
Cheers, |
Thanks for the info-I just still have one question, which is: what error message/error code are you seeing when the request to |
This meaningless thing:
As described, it tries the regular flow, then goes on with the macaroons, which ofc can't be deseralised because it's been ages since that got retired, so the result is: the token is not valid, aka https://http.cat/401 |
Great thanks! |
We have landed a fix in #168 which should address the issue. |
Description
co-written with @evilham
Our ldap matrix instance did ldap case insensitive login which means that it was unaffected by #165
Steps to reproduce
With synapse 1.62.0 this change in matrix-synapse-ldap3 breaks ldap login for similar setups when historical users have uppercase letters.
This is a very old installation before https://spec.matrix.org/v1.3/appendices/#user-identifiers and it does not seem to be a migration to lowercase usernames.
Homeserver
selfhosted homeserver instance
Synapse Version
{"server_version":"1.62.0","python_version":"3.9.2"}
Installation Method
Debian packages from packages.matrix.org
Platform
Debian 11 Linux
Relevant log output
If you want to look at
homeserver.log
there are in element-hq/element-web#22859Anything else that would be useful to know?
This is what we get on our database on a login attempt:
This inconsistency means that the
INNER JOIN
in this query fails and the login proceeds with trying the macaroon which is not going to workOn this line:
https://github.com/matrix-org/synapse/blob/96cf81e312407f0caba1b45ba9899906b1dcc098/synapse/storage/databases/main/registration.py#L547
And trying to fix the query with
LOWER(users.name)
is not enough. Client fails onfilters
endpoint with error403
with response{"errcode":"M_FORBIDDEN","error":"Cannot create filters for other users"}
. Other endpoints might have similar issuesAs a temporary workaround we are rolling back the python package matrix-synapse-ldap3 this way (it's a debian package):
As shown in reproducing the bug, looks like it is a problem related to how synapse server deals with case insensitive user IDs and not to the matrix-synapse-ldap3 python package.
The text was updated successfully, but these errors were encountered: