OpenID S-S API crashes when trying to verify a token

MTRNord commented 2 years ago

Description

OpenID token verification fails with workers enabled. (Discovered using FOSDEM jitsi in the test session)

AttributeError: 'GenericWorkerSlavedStore' object has no attribute 'get_user_id_for_open_id_token'
2022-01-24 19:09:56,077 - synapse.federation.federation_server - 1340 - WARNING - POST-26380 - No handler registered for query type client_keys
2022-01-24 19:10:00,026 - synapse.http.server - 100 - ERROR - GET-21972 - Failed handle request via 'OpenIdUserInfo': <SynapseRequest at 0x7f5a5c2003a0 method='GET' uri='/_matrix/federation/v1/openid/userinfo?access_token=<redacted>' clientproto='HTTP/1.1' site='2123'>
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/synapse/http/server.py", line 269, in _async_render_wrapper
    callback_return = await self._async_render(request)
  File "/usr/lib/python3.9/site-packages/synapse/http/server.py", line 471, in _async_render
    callback_return = await raw_callback_return
  File "/usr/lib/python3.9/site-packages/synapse/federation/transport/server/_base.py", line 306, in new_func
    response = await func(
  File "/usr/lib/python3.9/site-packages/synapse/federation/transport/server/__init__.py", line 275, in on_GET
    user_id = await self.handler.on_openid_userinfo(token)
  File "/usr/lib/python3.9/site-packages/synapse/federation/federation_server.py", line 943, in on_openid_userinfo
    return await self.store.get_user_id_for_open_id_token(token, ts_now_ms)
AttributeError: 'GenericWorkerSlavedStore' object has no attribute 'get_user_id_for_open_id_token'

Steps to reproduce

Enable workers
Get a clientside openid token
Try to verify it on the S-S API
Above error is happening.

Version information

Homeserver: nordgedanken.dev

If not matrix.org:

Version: {"server_version":"1.51.0rc2","python_version":"3.9.9"}
Install method: Gentoo packages (Basically install from source using the tags.)
Platform: Gentoo, Baremetal on a Hetzner server running on zfs.

MTRNord commented 2 years ago

Possibly relevant information: To the account in question, an SSO login was added after creation. So this has both SSO and password login.

MTRNord commented 2 years ago

This was caused by a misconfigured reverse-proxy. I used a catch-all regex by accident. After fixing the config it works.

squahtx commented 2 years ago

I'm going to keep the issue open since @clokep says we ought to either support this endpoint on workers, or 400.

We probably won't get around to fixing this before FOSDEM since it arises from a config issue.

clokep commented 2 years ago

I'm going to keep the issue open since @clokep says we ought to either support this endpoint on workers, or 400.

Pretty much -- it is weird that the worker even responds to this if it isn't supported!

matrix-org / synapse