You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When bulk removing users in the IdM (keycloak), at the same time multiple requests will be sent to the /_synapse/admin/v1/deactivate/<user_id> endpoint to deactivate (erase=true) the concerning accounts in synapse.
When not rate limiting these delete requests, the erasure can have the following side effect for a subset of the deactivated users:
user unset their display name
user left the room
user joined the room
These hulls of deactivated accounts then sit in the room as regular members. Manually calling the deactivate endpoint again will remove them from the room again, but they shouldn't be rejoining in the first place.
Steps to reproduce
Have a room with about 1k users (authenticated via OIDC) all auto-joining into a shared public, non-encrypted room
In a for loop without wait times call the deactivate endpoint for 20-30 users
Watch them unsetting their display name and leaving
This issue has been migrated from #16290.
Description
When bulk removing users in the IdM (keycloak), at the same time multiple requests will be sent to the
/_synapse/admin/v1/deactivate/<user_id>
endpoint to deactivate (erase=true) the concerning accounts in synapse.When not rate limiting these delete requests, the erasure can have the following side effect for a subset of the deactivated users:
These hulls of deactivated accounts then sit in the room as regular members. Manually calling the deactivate endpoint again will remove them from the room again, but they shouldn't be rejoining in the first place.
Steps to reproduce
Homeserver
selfhosted
Synapse Version
1.89.0
Installation Method
Docker (matrixdotorg/synapse)
Database
postgresql, single instance
Workers
Single process
Platform
x86 (64 bit) VM
Configuration
Relevant log output
Anything else that would be useful to know?
No response
The text was updated successfully, but these errors were encountered: