This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
UIA stages can be completed out-of-order #6704
Description
Description
User-Interactive auth stages can be completed out-of-order, which is not spec-conform.
Steps to reproduce
- POST to
/registerto get a session id - POST to
/register, completing them.login.dummyauth, even though taht is out of order
sorunome@sorunome-desktop ~ $ curl -X POST -H "Content-Type: application/json" -d '{}' https://matrix.org/_matrix/client/r0/register
{
"flows": [
{
"stages": [
"m.login.recaptcha",
"m.login.terms",
"m.login.dummy"
]
},
{
"stages": [
"m.login.recaptcha",
"m.login.terms",
"m.login.email.identity"
]
}
],
"params": {
"m.login.recaptcha": {
"public_key": "6LcgI54UAAAAABGdGmruw6DdOocFpYVdjYBRe4zb"
},
"m.login.terms": {
"policies": {
"privacy_policy": {
"en": {
"name": "Terms and Conditions",
"url": "https://matrix-client.matrix.org/_matrix/consent?v=1.0"
},
"version": "1.0"
}
}
}
},
"session": "EhIvEQDoTuGsTKhslrPQJMpE"
}
sorunome@sorunome-desktop ~ $ curl -X POST -H "Content-Type: application/json" -d '{"auth": {"type": "m.login.dummy", "session": "EhIvEQDoTuGsTKhslrPQJMpE"}}' https://matrix.org/_matrix/client/r0/register
{
"completed": [
"m.login.dummy"
],
"flows": [
{
"stages": [
"m.login.recaptcha",
"m.login.terms",
"m.login.dummy"
]
},
{
"stages": [
"m.login.recaptcha",
"m.login.terms",
"m.login.email.identity"
]
}
],
"params": {
"m.login.recaptcha": {
"public_key": "6LcgI54UAAAAABGdGmruw6DdOocFpYVdjYBRe4zb"
},
"m.login.terms": {
"policies": {
"privacy_policy": {
"en": {
"name": "Terms and Conditions",
"url": "https://matrix-client.matrix.org/_matrix/consent?v=1.0"
},
"version": "1.0"
}
}
}
},
"session": "EhIvEQDoTuGsTKhslrPQJMpE"
}
Version information
current live matrix.org instance
sorunome@sorunome-desktop ~ $ curl https://matrix.org/_matrix/federation/v1/version
{
"server": {
"name": "Synapse",
"version": "1.8.0 (b=matrix-org-hotfixes,a099ab7d3)"
}
}