New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot invite appservice users which do not (yet) exist #7922

Closed
turt2live opened this Issue Dec 20, 2018 · 6 comments

Comments

4 participants
@turt2live
Copy link
Member

turt2live commented Dec 20, 2018

Appservices typically follow this sort of flow:

  1. User invites @_example_user:localhost to a room.
  2. Homeserver finds out that @_example_user:localhost doesn't exist, but is in the namespace for an appservice.
  3. Homeserver queries the appservice so it can create the user
  4. Appservice creates the user
  5. Homeserver finishes processing the invite, sending it to the appservice

Recently we added a proof of life check to see if a user exists before proceeding with the invite though (matrix-org/matrix-react-sdk#2317). This fails on Synapse because the user query isn't done, so the request for a profile fails, which means Riot won't try and invite the user, which means the steps above mean nothing because they aren't executed.

TLDR: Synapse needs to hit the appservice's /users endpoint for profile lookups too.

@turt2live

This comment has been minimized.

Copy link
Member

turt2live commented Dec 20, 2018

(reported as the user-facing bug - will open a synapse issue to track the backend issue)

@valentinab25

This comment has been minimized.

Copy link

valentinab25 commented Jan 4, 2019

We also have this problem. We are using mxisd as our identity server ( as a synapse password provider integrated with our LDAP ). Since 0.17.8 no new users can be invited in any rooms. We can find the user, but on the SEND INVITES button we receive the error:

Failed to invite the following users to the TEST room:
@LDAPUID:OUR_HOMESERVER: User @LDAPUID:OUR_HOMESERVER does not exist

@maxidor

This comment has been minimized.

Copy link

maxidor commented Jan 4, 2019

This issue is not limited to appservices but to at least the following set of existing tools:

  • Password providers
  • mxisd
  • Profile enhancers or Gateways which may return 404 at their own discretion as allowed by the profile endpoint spec even if a profile exists

A more detailed explanation of why this needs to be rolled back is available on the PR.

@lampholder

This comment has been minimized.

Copy link
Member

lampholder commented Jan 8, 2019

A spec change is being discussed as to the merits of checking /profile and how we might enhance this API (or add a new one) to handle checking whether a user exists. However, we've decided that for now we can power through client side if we:

  • expose a warning when you try and invite a mxid we can't confirm exists (but let you continue with the invite if you wish)
  • make this warning optional, to be configured on either a per user or per riot deploy basis

@turt2live turt2live self-assigned this Jan 11, 2019

@turt2live turt2live added this to In Progress in Workflow Jan 11, 2019

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this issue Jan 11, 2019

Give a route for retrying invites for users which may not exist
Fixes vector-im/riot-web#7922

This supports the current style of errors (M_NOT_FOUND) as well as the errors presented by MSC1797: matrix-org/matrix-doc#1797
@turt2live

This comment has been minimized.

Copy link
Member

turt2live commented Jan 11, 2019

matrix-org/matrix-react-sdk#2434 implements the behaviour @lampholder describes. For those looking to have it always work regardless of account setting, add this to your config.json:

"settingDefaults": {
    "alwaysInviteUnknownUsers": true
}

@turt2live turt2live moved this from In Progress to In Review in Workflow Jan 11, 2019

@turt2live

This comment has been minimized.

Copy link
Member

turt2live commented Jan 14, 2019

@turt2live turt2live closed this Jan 14, 2019

@turt2live turt2live moved this from In Review to In Test in Workflow Jan 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment