Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Calling the deactivation API without rate limiting causes room inconsistencies #16290

Open
matrixbot opened this issue Dec 21, 2023 · 0 comments

Comments

@matrixbot
Copy link
Collaborator

matrixbot commented Dec 21, 2023

This issue has been migrated from #16290.


Description

When bulk removing users in the IdM (keycloak), at the same time multiple requests will be sent to the /_synapse/admin/v1/deactivate/<user_id> endpoint to deactivate (erase=true) the concerning accounts in synapse.

When not rate limiting these delete requests, the erasure can have the following side effect for a subset of the deactivated users:

  • user unset their display name
  • user left the room
  • user joined the room

These hulls of deactivated accounts then sit in the room as regular members. Manually calling the deactivate endpoint again will remove them from the room again, but they shouldn't be rejoining in the first place.

Steps to reproduce

  • Have a room with about 1k users (authenticated via OIDC) all auto-joining into a shared public, non-encrypted room
  • In a for loop without wait times call the deactivate endpoint for 20-30 users
  • Watch them unsetting their display name and leaving
  • Some will shortly after rejoin the room

Homeserver

selfhosted

Synapse Version

1.89.0

Installation Method

Docker (matrixdotorg/synapse)

Database

postgresql, single instance

Workers

Single process

Platform

x86 (64 bit) VM

Configuration

  • Presence is enabled
  • Message retention is enabled
  purge_jobs:
    - longest_max_lifetime: 2d
      interval: 1h
    - shortest_max_lifetime: 2d
      interval: 1d

Relevant log output

Only the api call to the deactivate endpoint is logged.

Anything else that would be useful to know?

No response

@matrixbot matrixbot changed the title Dummy issue Calling the deactivation API without rate limiting causes room inconsistencies Dec 22, 2023
@matrixbot matrixbot reopened this Dec 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant