Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure we advertise registration as disabled when MSC3861 is enabled #17661

Merged
merged 6 commits into from
Feb 18, 2025
Merged

Make sure we advertise registration as disabled when MSC3861 is enabled #17661

merged 6 commits into from
Feb 18, 2025
+45 −5

Conversation

sandhose
Copy link
Member

@sandhose sandhose commented Sep 4, 2024
edited
Loading

This has been a problem with Element Web, as it will proble /register with an empty body, which gave this error:

curl -d '{}' -HContent-Type:application/json /_matrix/client/v3/register

{"errcode": "M_UNKNOWN",
 "error": "Invalid username"}

And Element Web would choke on it. This changes that so we reply instead:

{"errcode": "M_FORBIDDEN",
 "error": "Registration has been disabled. Only m.login.application_service registrations are allowed."}

Also adds a test for this.

See element-hq/element-web#27993

@sandhose sandhose requested a review from a team as a code owner September 4, 2024 09:41
@sandhose
Newsfile

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
bf84bbf
@sandhose sandhose mentioned this pull request Sep 4, 2024
Closed
@anoadragon453
Rename *.fix -> *.bugfix

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
1a94f27
anoadragon453
anoadragon453 approved these changes Sep 10, 2024
View reviewed changes
Copy link
Member

@anoadragon453 anoadragon453 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code change looks fine. Could you point to where in the MSCs it says this endpoint should return an errcode of M_FORBIDDEN?

tests/handlers/test_oauth_delegation.py
Comment on lines +640 to +644
self.expect_forbidden(
"POST",
"/_matrix/client/v3/register",
{"username": "alice", "password": "hunter2"},
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a test that checks that this endpoint still returns a 200 when an AS attempts to register a user?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a test to cover that

@sandhose
Copy link
Member Author

The code change looks fine. Could you point to where in the MSCs it says this endpoint should return an errcode of M_FORBIDDEN?

This is aligned with the spec: a 403 should be raised when registration is disabled

https://spec.matrix.org/v1.13/client-server-api/#post_matrixclientv3register

@sandhose sandhose enabled auto-merge (squash) February 18, 2025 14:17
@sandhose sandhose merged commit f7bc63e into develop Feb 18, 2025
39 checks passed
@sandhose sandhose deleted the quenting/msc3861-better-register-error branch February 18, 2025 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anoadragon453 anoadragon453

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sandhose @anoadragon453