Synapse: Soft-logout: when signing in with providing a deviceId, the device display name is lost

Created on 11 Dec 2019  路  6Comments  路  Source: matrix-org/synapse

When signing in again after a soft logout, we can provide a device_id in the request.

But if we do not provide the initial_device_display_name parameter (or if we provide an empty string), Synapse forget the previous display name associated with this deviceId and replace it with the deviceId itself (as a default value ?).

The spec claims that the parameter initial_device_display_name should be ignored if device_id corresponds to a known device: https://matrix.org/docs/spec/client_server/latest#post-matrix-client-r0-login, so this is not the case.

We cannot workaround this issue client side, because, when the user is logged out, he has no possibility to get the previous entered device display name, hence his access token is not valid anymore.

bug
Source
picture bmarty

All 6 comments

I looked into this a bit, and it looks like Synapse will only write the display name the first time the device is created. I haven't seen another place that the display name gets set unless a device update is sent also?

Still looking a bit though...

clokep picture clokep on 29 May 2020

@bmarty Is this only an issue with particular clients? I tried to reproduce this with Riot Web and was unable to.

I attempted to reproduce using the synapse demo setup by:

  1. Set session_lifetime in the configuration to something "short" (I used 5m).
  2. Create an account via Riot Web.
  3. Update the device name to something else, e.g. "My Device".
  4. Wait 5 minutes... 鈴诧笍 and Riot Web shows you a login prompt.
  5. Log back in.
  6. Go back to the Security & Privacy list and see the device name.

While going through this I see the device is still "My Device" -- am I missing something?

clokep picture clokep on 1 Jun 2020

IIRC, this issue was observed using SSO login, I should have mention it in the description.

bmarty picture bmarty on 3 Jun 2020
👍1

Sorry, my memories were wrong. In this case, the user sign in again using their password, using _matrix/client/r0/login, passing the current access token as header, userId, password and deviceId in the body.

Ref: https://github.com/vector-im/riotX-android/blob/4c31e52892d162f6c5e232ab5cff7a033c63b5b0/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/session/signout/SignInAgainTask.kt#L52

bmarty picture bmarty on 3 Jun 2020

Thanks for the clarification @bmarty, I've unfortunately been unable to reproduce this and it looks like the code path is the same as Riot Web.

I didn't see any changes that look like it would have fixed this in the past few months, so I'll poke the rest of the team and see if someone can reproduce though.

clokep picture clokep on 4 Jun 2020

I cannot reproduce on my side too. So let's close this issue

bmarty picture bmarty on 5 Jun 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

matrixbot picture matrixbot  路  5Comments
MurzNN picture MurzNN  路  5Comments
ara4n picture ara4n  路  5Comments
richvdh picture richvdh  路  3Comments
ara4n picture ara4n  路  4Comments