Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Riot does not validate identity server #3629

Closed
turt2live opened this issue Apr 13, 2017 · 7 comments
Closed

Riot does not validate identity server #3629

turt2live opened this issue Apr 13, 2017 · 7 comments
Assignees
@turt2live
Labels
A-Registration P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@turt2live
Copy link
Member

turt2live commented Apr 13, 2017
edited
Loading

Bountysource

Description

Identity servers aren't validated, and apparently are perfectly okay for Riot/Synapse. In our case, users get confused occasionally and enter our homeserver domain name as the homeserver and identity server, making it impossible to add emails/phone numbers in the future.

Steps to reproduce

  • Create an account with an identity server that doesn't exist

I would have expected Riot to warn/error about the identity server not existing/being unavailable.

Log: not sent

Version information

  • Platform: web (in-browser)
  • Browser: Chrome 57
  • OS: Windows 10
  • URL: riot.im/develop and tang.ents.ca (v0.9.8-3-g76f140c6-dirty)
@lampholder
Copy link
Member

This is horrible :(

@lampholder lampholder added T-Defect S-Critical Prevents work, causes data loss and/or has no workaround P1 A-Registration labels Apr 20, 2017
@ara4n
Copy link
Member

ara4n commented Apr 22, 2017

it's horrible, but i'm not sure it's critical (by the definition that critical == bug which makes the whole app broken for all users).

@ara4n ara4n added S-Major Severely degrades major functionality or product features, with no satisfactory workaround and removed S-Critical Prevents work, causes data loss and/or has no workaround labels Apr 22, 2017
@lampholder
Copy link
Member

Agreed.

@t3chguy t3chguy mentioned this issue Nov 21, 2017
Closed
@turt2live
Copy link
Member Author

Updated original post for the bounty :)

@turt2live
Copy link
Member Author

Another $15 is being thrown in to get this fixed.

@turt2live
Copy link
Member Author

Head's up that this is still an issue in 1.0.0: using the custom server option doesn't stop you from typing a nonsensical URL for the identity server.

The identity server is otherwise validated using .well-known.

@n1trux n1trux mentioned this issue Mar 25, 2019
Closed
@turt2live turt2live self-assigned this Apr 11, 2019
@turt2live turt2live mentioned this issue May 3, 2019
Merged
@turt2live turt2live mentioned this issue May 21, 2019
Merged
@turt2live
Copy link
Member Author

Fixed by matrix-org/matrix-react-sdk#3001 - it won't make it into 1.2.0, but should be in the next regularly scheduled release.

Will reallocate the $25 bounty to some other riot-web issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turt2live turt2live

Labels
A-Registration P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @ara4n @lampholder