-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC2181: Add an Error Code for Signaling a Deactivated User #2181
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
otherwise this lgtm
Did you mean to leave a feedback as well? Edit: Found his comment in my email. It was:
Which has already been discussed below :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a sane thing to have, but there are a few bits that don't sit right with me.
|
||
Currently, when a user attempts to log in, they will receive an `M_FORBIDDEN` | ||
errcode if their password is incorrect. However, if the user's account is | ||
deactivated, they will also receive an `M_FORBIDDEN`, leaving clients in a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: What do homeservers do if the user is deactivated and somebody tries to log in with an incorrect password? Is the homeserver expected to retain the password forever? If the password is not retained, should all attempts to login as a deactivated user return the deactivated error (which may have some privacy implications?).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should still return M_USER_DEACTIVATED
. Password hashes are wiped (at least in Synapse) upon user deactivation.
which may have some privacy implications?
Privacy implications are here whether password hashes are retained or not, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem with shifting it so that you need to login to see if you're deactivated, is that we already have tons of deactivated users whose password hashes have been cleared.
Also worth noting reddit's APIs allow you to tell if any user has been shadowbanned, something that ideally even the user wouldn't know, and that doesn't seem to have caused their service any harm. https://nullprogram.com/am-i-shadowbanned/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... also by nature of being deactivated you shouldn't be allowed back in. Why would we let people get that far into the process without telling them to go away? I think the proposed approach is fine
I think this is trending towards the proposed solution, so @mscbot fcp merge |
Team member @anoadragon453 has proposed to merge this. The next step is review by the rest of the tagged people: Concerns:
Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
Co-Authored-By: Hubert Chathi <hubert@uhoreg.ca>
@mscbot concern Users who log in with 3PIDs won't be told they're deactivated. 3PIDs are deleted upon deactivation (https://github.com/matrix-org/synapse/blob/32e7c9e7f20b57dd081023ac42d6931a8da9b3a3/synapse/handlers/deactivate_account.py#L92) so how do we tell those users they were deactivated? |
@mscbot resolve Users who log in with 3PIDs won't be told they're deactivated. Implementations can hash user's 3PIDs instead of removing them, thus allowing them to continue to check if a user is deactivated without keeping personal information about. |
…rix-doc into anoa/user_deactivated_msc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assuming that it just defines a new error code, I'm fine with the proposal. I'm not sure why we don't at least recommend servers to use this error code, though.
🔔 This is now entering its final comment period, as per the review above. 🔔 |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
This has an implementation so bumping it to spec-pr-missing: matrix-org/synapse#5686 |
Spec PR has been created: #2234 |
Spec PR for [MSC 2181](#2181). Adds the `M_USER_DEACTIVATED` error code and a short description to the client-server API.
Rendered
PRs: #2234