Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Requested operation has changed during the UI authentication session - when trying to deactivate user with erasure #7471

Closed
Twi1ightSparkle opened this issue May 12, 2020 · 5 comments
Closed

Requested operation has changed during the UI authentication session - when trying to deactivate user with erasure #7471

Twi1ightSparkle opened this issue May 12, 2020 · 5 comments
Assignees
@clokep
Labels
z-bug (Deprecated Label)

Comments

@Twi1ightSparkle
Copy link

Twi1ightSparkle commented May 12, 2020
edited
Loading

Description

Deactivating an account with "Please forget all messages I have sent when my account is deactivated" checked does not work. You get the error "There was a problem communicating with the server. Please try again."

Network tab show 401 for deactivate, then 200, then 403.

The spinner thing goes on forever (at least a couple of hours before I gave up)

I tested this with an almost new account with very few messages. A customer also reported this, awaiting rageshake from them. My rageshake is linked

https://newvector.zammad.com/#ticket/zoom/3216
(customer email copy-pasted to my rageshake)

Steps to reproduce

  • Create a matrix.org
  • Settings
  • Deactivate Account
  • Check "Please forget all messages I have sent when my account is deactivated"
  • Enter password
  • Click Continue

Version information

Matrix.org, account deletion does work on my Modular server

  • Homeserver: matrix.org

  • Version: "1.12.4 (b=matrix-org-hotfixes,309e30bae)"

  • Install method:

  • Platform:
@Twi1ightSparkle Twi1ightSparkle added the z-bug (Deprecated Label) label May 12, 2020
@Twi1ightSparkle
Copy link
Author

Synapse logs added to rageshake

@anoadragon453 anoadragon453 changed the title Deactivate account on with delete messages don't work Requested operation has changed during the UI authentication session - when trying to deactivate user with erasure May 12, 2020
@anoadragon453
Copy link
Member

So this is happening because Riot starts the User-Interactive Authentication Session with:

{"erase": false}

then, after the erase checkbox is checked and the user enters their password,

{
  "auth": {
    "session": "yyy",
    "type": "m.login.password",
    "user": "@xxx:matrix.org",
    "identifier": {
      "type": "m.id.user",
      "user": "@xxx:matrix.org"
    },
    "password": "xxx"
  },
  "erase": true
}

Now that erase is true, Synapse complains with:

{
  "errcode": "M_UNKNOWN",
  "error": "Requested operation has changed during the UI authentication session."
}

I'm not sure if this should be initially fixed from the Synapse or Riot side, but we'll need to inform clients that there's a potential breaking change if they were relying on changing the UIAA parameters mid-way through an authentication session, as Riot is doing here.

This check was introduced in #7068. Unfortunately, even after #7455 which relaxed the requirements a bit, this is still a problem in certain cases (but again, maybe a client problem rather than a server one).

This occurs on matrix.org as it is running v1.13.0rc - the check is not a part of v1.12.4.

@richvdh
Copy link
Member

richvdh commented May 12, 2020

I feel pretty strongly that riot is at fault for (a) moving the goalposts mid-operation and (b) not giving the user a better error

@anoadragon453 anoadragon453 mentioned this issue May 12, 2020
Closed
@clokep
Copy link
Member

clokep commented May 12, 2020

See also #7452.

@clokep clokep self-assigned this May 12, 2020
@clokep clokep mentioned this issue May 12, 2020
Merged
@clokep
Copy link
Member

clokep commented May 13, 2020

This should be fixed in 1.13.0 as of #7483.

@clokep clokep closed this as completed May 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@clokep clokep

Labels
z-bug (Deprecated Label)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@clokep @anoadragon453 @richvdh @Twi1ightSparkle