Internal 3PID requests as urlencoded causing problems with mxisd

[marcialvieira]

Background information

• Dendrite version or git SHA: 0.5.0
• Monolith or Polylith?: Monolith
• SQLite3 or Postgres?: Postgres
• Running in Docker?: Docker (matrixdotorg/dendrite-monolith:latest)
• go version: go1.17

Description

Attempting to associate an email address to an account via 3PID, the request to the identity server (mxisd) is sent as "form-urlencoded" instead of "application/json" causing a failure.

[XNIO-1 task-16] INFO io.kamax.mxisd.http.undertow.handler.BasicHttpHandler - Request POST http://id.homeserver/_matrix/identity/api/v1/validate/email/requestToken - Error M_INVALID_JSON: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $

Captured network data is client_secret=MYlT2A5eS5l1xxaU8QUIi1skJpx3KT9J&email=xxx%40email.com&send_attempt=1

https://github.com/matrix-org/dendrite/blob/master/clientapi/threepid/threepid.go#L62,L74

and it is documented as "application/json".

https://matrix.org/docs/spec/identity_service/r0.2.0#post-matrix-identity-api-v1-validate-email-requesttoken

Steps to reproduce

curl 'http://127.0.0.1:8008/_matrix/client/r0/account/3pid/email/requestToken' -i -H 'content-type: application/json' -H 'Cookie: ph_phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO_posthog=%7B%22distinct_id%22%3A%2217c1429fd3183d-0b60d59a2fc38e-192b1d0f-1ea7ee-17c1429fd3298a%22%2C%22%24device_id%22%3A%2217c1429fd2d6f6-0639b2633da76-192b1d0f-1ea7ee-17c1429fd2e937%22%2C%22appVersion%22%3A%22v1.8.5%22%2C%22appPlatform%22%3A%22Web%20Platform%22%2C%22%24session_recording_enabled%22%3Afalse%2C%22%24active_feature_flags%22%3A%5B%5D%7D' --data-raw '{"email":"xxx@email.com","client_secret":"MYlT2A5eS5l1xxaU8QUIi1skJpx3KT9J","send_attempt":1,"id_server":"identity.homeserver"}'
HTTP/1.1 500 Internal Server Error
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Fri, 08 Oct 2021 23:56:30 GMT
Content-Length: 55

{"errcode":"M_UNKNOWN","error":"Internal Server Error"}

[Agorise]

Yep, we use ma1sd and also can't save an email address in the settings ui...

[kegsay]

Dendrite doesn't fully support adding emails to accounts yet.

    × Can register using an email address
    × Can login with 3pid and password using m.login.password

  Third-Party ID APIs      :  16% (3/19 tests)
    × Can invite existing 3pid
    × Can invite existing 3pid with no ops into a private room
    × Can invite existing 3pid in createRoom
    × Can invite unbound 3pid
    × Can invite unbound 3pid over federation
    × Can invite unbound 3pid with no ops into a private room
    × Can invite unbound 3pid over federation with no ops into a private room
    × Can invite unbound 3pid over federation with users from both servers
    × Can accept unbound 3pid invite after inviter leaves
    × Can accept third party invite with /join
    ✓ 3pid invite join with wrong but valid signature are rejected
    ✓ 3pid invite join valid signature but revoked keys are rejected
    ✓ 3pid invite join valid signature but unreachable ID server are rejected
    × Can bind 3PID via home server
    × Can bind and unbind 3PID via homeserver
    × Can unbind 3PID via homeserver when bound out of band
    × 3PIDs are unbound after account deactivation
    × Can bind and unbind 3PID via /unbind by specifying the identity server
    × Can bind and unbind 3PID via /unbind without specifying the identity server