From 24749044250ae6fa9d1501acd4fafac2a143cdb2 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Fri, 29 Jan 2021 17:13:21 +0000
Subject: [PATCH 1/3] Prevent email UIA failures from raising a LoginError

To fix an issue with old Riots re-requesting threepid validation tokens, we raised
a LoginError here instead of InteractiveAuthIncompleteError. This is now breaking
the way Tchap logs in - which isn't standard, but also isn't disallowed by the spec.

An easy fix is just to remove the 4 year old workaround.
---
 synapse/handlers/auth.py | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 0e98db22b3b1..31273579648a 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -567,16 +567,6 @@ async def check_ui_auth(
                         session.session_id, login_type, result
                     )
             except LoginError as e:
-                if login_type == LoginType.EMAIL_IDENTITY:
-                    # riot used to have a bug where it would request a new
-                    # validation token (thus sending a new email) each time it
-                    # got a 401 with a 'flows' field.
-                    # (https://github.com/vector-im/vector-web/issues/2447).
-                    #
-                    # Grandfather in the old behaviour for now to avoid
-                    # breaking old riot deployments.
-                    raise
-
                 # this step failed. Merge the error dict into the response
                 # so that the client can have another go.
                 errordict = e.error_dict()

From e8393936428213cb8d64648d5775b9ea5335a4e9 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Fri, 29 Jan 2021 17:20:24 +0000
Subject: [PATCH 2/3] Changelog

---
 changelog.d/9265.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/9265.bugfix

diff --git a/changelog.d/9265.bugfix b/changelog.d/9265.bugfix
new file mode 100644
index 000000000000..f77e4d88dfe5
--- /dev/null
+++ b/changelog.d/9265.bugfix
@@ -0,0 +1 @@
+Prevent password hashes from getting dropped if a client failed threepid validation during a User Interactive Auth stage.
\ No newline at end of file

From f188b695acd67def7d993f1d75269099cf12692d Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Mon, 1 Feb 2021 15:46:34 +0000
Subject: [PATCH 3/3] Update changelog to mention workaround removal

---
 changelog.d/9265.bugfix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog.d/9265.bugfix b/changelog.d/9265.bugfix
index f77e4d88dfe5..34f7bd8ddd06 100644
--- a/changelog.d/9265.bugfix
+++ b/changelog.d/9265.bugfix
@@ -1 +1 @@
-Prevent password hashes from getting dropped if a client failed threepid validation during a User Interactive Auth stage.
\ No newline at end of file
+Prevent password hashes from getting dropped if a client failed threepid validation during a User Interactive Auth stage. Removes a workaround for an ancient bug in Riot Web <v0.7.4.
\ No newline at end of file