search

kamax-matrix / matrix-synapse-rest-password-provider

Password Provider for Synapse fetching data from a REST endpoint
GNU Affero General Public License v3.0
36 stars 42 forks source link

In check_password #51: TypeError: list indices must be integers or slices, not str #10

Closed menturion closed 5 years ago

menturion commented 5 years ago

I am getting the following error in the log file:

2019-04-23 15:46:31,940 - synapse.http.server - 112 - ERROR - POST-8 - Failed handle request via 'LoginRestServlet': <XForwardedForRequest at 0x7f2888f2ce48 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site=8008>
Traceback (most recent call last):
  File "/root/synapse/env/lib/python3.6/site-packages/synapse/http/server.py", line 81, in wrapped_request_handler
    yield h(self, request)
  File "/root/synapse/env/lib/python3.6/site-packages/synapse/http/server.py", line 316, in _async_render
    callback_return = yield callback(request, **kwargs)
  File "/root/synapse/env/lib/python3.6/site-packages/synapse/rest/client/v1/login.py", line 149, in on_POST
    result = yield self._do_other_login(login_submission)
  File "/root/synapse/env/lib/python3.6/site-packages/synapse/rest/client/v1/login.py", line 246, in _do_other_login
    login_submission,
  File "/root/synapse/env/lib/python3.6/site-packages/synapse/handlers/auth.py", line 679, in validate_login
    qualified_user_id, password,
  File "/root/synapse/env/lib/python3.6/site-packages/twisted/internet/defer.py", line 1418, in _inlineCallbacks
    result = g.send(result)
  File "/root/synapse/env/lib/python3.6/site-packages/rest_auth_provider.py", line 51, in check_password
    if not r["auth"]:
TypeError: list indices must be integers or slices, not str

The response body of the Matrix API is as follows: "{"errcode":"M_UNKNOWN","error":"Internal server error"}"

maxidorius commented 5 years ago

So far all I see is the expected behaviour: the configuration does not point towards a valid base URL and the login attempt fails.

Synapse does not return anything meaningful even thought this return the exact error.

menturion commented 5 years ago

Thanks for your reply. Which base URL do you mean? -1- The Matrix base URL? -2- Or the endpoint URL defined in the password provider config?

Both URLs work and respond correctly in other test scenarios.

maxidorius commented 5 years ago

I meant the 2nd URL if your list.

What is different in this test scenario compared to the other ones?

menturion commented 5 years ago

In the other test scenario I send the request ({'user':{'id':user_id, 'password':password}}) directly to the implemented endpoint (-2-) through an PHP script (cURL) and get the correct JSON response according to your module description.

maxidorius commented 5 years ago

Please show all the log lines relevant to the attempt in synapse; you only show the stacktrace, so it's not really possible to tell you what could be wrong at this point.

menturion commented 5 years ago

I just got the problem.

Obviously Matrix is building a matrix ID by adding the prefix "@" and adding the postfix ":localhost" in my case to the "user_id".

However, I built a password provider endpoint that requires an email for authentication and returns a matrix ID if the authentication succeeds. This results into the following ID @mail@address.com:localhost which is send to the password provider endpoint. And thus the login fails.

Is there any way to disable Matrix from adding a pre- and postfix to the user_id (here: [email address] for authentication)? Or do I have to strip the pre- and postfix before authentication?

maxidorius commented 5 years ago

No option for it I'm afraid.

menturion commented 5 years ago

So it might be a useful config option for your module which would tell your password provider to send an email address to the endpoint by stripping the pre- and postfix at line #46 in your code (def check_password ...)?

maxidorius commented 5 years ago

That's not a possible option: email has a specific meaning in Matrix, especially for the prime use case of this password provider: mxisd.

The current format must remain to accomodate for all use cases within the ecosystem.

menturion commented 5 years ago

What I mean is that some password providers (e.g. existing user database, with email and hashed PWD credentials) might need an email address to authenticate the user and return the corresponding Matrix ID upon authencation.

Otherwise the user would have two different credentials. One with the email address (legacy) and one with the user ID for Matrix (new).

Nevertheless, many thanks for your help! I solved it by stripping the ID to get the entered email address for authenication.

maxidorius commented 5 years ago

Otherwise the user would have two different credentials. One with the email address (legacy) and one with the user ID for Matrix (new).

That is precisely the point, and is a valid scenario from a Matrix point of view. Therefore, this password provider has to support it also. That it's not the case in your system is for you to deal with, but a Matrix ID, a username and an email are to be considered two different credentials in Matrix, with potentially three different outcomes or requirements.

Thank you for the follow up, closing this issue now.