Deactivate Identity

[dmitrygashnikov]

Hello! After installing local identity server expiriensed some troubles with deactivating users, server working behind proxy, its registering users and etc. But when someone trying to deactivate himself or admin try to do this - some errors occures, here is homeserver trace of this error:

2018-10-11 12:35:02,988 - synapse.access.http.8008 - 92 - INFO - POST-1808433 - ::ffff:someotherip - 8008 - Received request: POST /_matrix/client/r0/admin/deactivate/@user:riot.riot.ru?access_token=<redacted>
2018-10-11 12:35:02,991 - synapse.storage.txn - 234 - DEBUG - POST-1808433 - [TXN START] {is_server_admin-544ec8}
2018-10-11 12:35:02,991 - synapse.storage.SQL - 100 - DEBUG - POST-1808433 - [SQL] {is_server_admin-544ec8} SELECT admin FROM users WHERE name = ?
2018-10-11 12:35:02,992 - synapse.storage.SQL - 107 - DEBUG - POST-1808433 - [SQL values] {is_server_admin-544ec8} [u'@admin:riot.riot.ru']
2018-10-11 12:35:02,993 - synapse.storage.SQL - 124 - DEBUG - POST-1808433 - [SQL time] {is_server_admin-544ec8} 0.000279 sec
2018-10-11 12:35:02,993 - synapse.storage.txn - 291 - DEBUG - POST-1808433 - [TXN END] {is_server_admin-544ec8} 0.002063 sec
2018-10-11 12:35:02,997 - synapse.storage.txn - 234 - DEBUG - POST-1808433 - [TXN START] {user_get_threepids-544ec9}
2018-10-11 12:35:02,997 - synapse.storage.SQL - 100 - DEBUG - POST-1808433 - [SQL] {user_get_threepids-544ec9} SELECT medium, address, validated_at, added_at FROM user_threepids WHERE user_id = ?
2018-10-11 12:35:02,998 - synapse.storage.SQL - 107 - DEBUG - POST-1808433 - [SQL values] {user_get_threepids-544ec9} [u'@user:riot.riot.ru']
2018-10-11 12:35:02,998 - synapse.storage.SQL - 124 - DEBUG - POST-1808433 - [SQL time] {user_get_threepids-544ec9} 0.000099 sec
2018-10-11 12:35:02,998 - synapse.storage.txn - 291 - DEBUG - POST-1808433 - [TXN END] {user_get_threepids-544ec9} 0.001407 sec
2018-10-11 12:35:03,002 - synapse.handlers.identity - 150 - DEBUG - POST-1808433 - unbinding threepid {'medium': u'email', 'address': u'user@gmail.com'} from @user:riot.riot.ru
2018-10-11 12:35:03,003 - synapse.http.client - 171 - DEBUG - POST-1808433 - HTTP POST {"mxid":"@user:riot.riot.ru","threepid":{"address":"someuser@gmail.com","medium":"email"}} -> https://someip/_matrix/identity/api/v1/3pid/unbind
2018-10-11 12:35:03,003 - synapse.http.client - 94 - INFO - POST-1808433 - Sending request POST https://someip/_matrix/identity/api/v1/3pid/unbind
2018-10-11 12:35:03,026 - twisted - 131 - INFO -  - Starting factory _HTTP11ClientFactory(<function quiescentCallback at 0x7f87da402050>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f87de15cfd0>)
2018-10-11 12:35:03,027 - twisted - 131 - INFO -  - Stopping factory _HTTP11ClientFactory(<function quiescentCallback at 0x7f87da402050>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f87de15cfd0>)
2018-10-11 12:35:03,326 - synapse.http.client - 116 - INFO - POST-1808433 - Error sending request to  POST https://someip/_matrix/identity/api/v1/3pid/unbind: ConnectionRefusedError Connection refused
2018-10-11 12:35:03,327 - synapse.handlers.deactivate_account - 74 - ERROR - POST-1808433 - Failed to remove threepid from ID server
Traceback (most recent call last):
  File "/home/riotadmin/.synapse/lib/python2.7/site-packages/synapse/handlers/deactivate_account.py", line 69, in deactivate_account
    'address': threepid['address'],
ConnectionRefusedError: Connection was refused by other side: 111: Connection refused.
2018-10-11 12:35:03,328 - synapse.http.server - 83 - INFO - POST-1808433 - <SynapseRequest at 0x7f8802652dd0 method='POST' uri='/_matrix/client/r0/admin/deactivate/@user:riot.riot.ru?access_token=<redacted>' clientproto='HTTP/1.0' site=8008> SynapseError: 400 - Failed to remove threepid from ID server 

All ports are opend and still i geting this error, what can cause it? PS sorry for my poor ENG. ><

additional info: matrix-react-sdk version: local installed via git clone riot-web version: 0.16.5 olm version: 2.2.1

[mvgorcum]

This is caused by an incompatibility between the identity server made by matrix.org and the mxisd identity server. Once the servers start to follow the same spec this will be solved.

[erikjohnston]

Synapse correctly handles the case where an identity server doesn't provide that API, but it looks like this is not the case here.

ConnectionRefusedError suggests that one of the identity servers you've configured in the synapse config is not reachable, so either removing that entry or ensuring that identity server is reachable will fix this issue.

Currently we're not very smart with retrying removal of threepids, so if we fail due to a potentially transient error we fail the deactivate account request so that it can be retried by the client.

[ushacow]

Hi! I have synapse 0.33.7 and mxsid connecting to LDAP. I've read about deactivation through the Synapse API but there is error, that it is failed to remove user from threepids. It's not yet implemented as I see due to this one https://github.com/matrix-org/matrix-doc/issues/1194 . So the question is how properly to deactivate user and make user to leave all rooms? This will be very helpful, because we're using it in our company and when somebody is leaving company his/her account should properly deactivate, but we're have to do it via scripts for that user to leave all rooms for example

[maxidorius]

Re-reading the comments made here, just to clarify: this has nothing to do with mxisd directly and can happen even if mxisd is not used, or even if the matrix.org/vector.im servers are used.

[erikjohnston]

Closing this as the issue sounds like a misconfigured identity server (or a transient error if the identity servers were down). Feel free to reopen @dmitrygashnikov if that's not the case.

@ushacow if you've got the identity servers correctly configured, and are seeing a different failure mode than reported, then please open a separate issue :+1:

[ushacow]

Thanks, it is working with synapse 0.33.8. And in homeserver.yaml it should be only one identity server (it was in documentation of mxisd), if there is matrix.org for example is set it will be an error during deactivating (Failed to remove threepid from ID server)

[schiessle]

I have exactly the same problem. The homeserver is matrix.org and the identity server is vector.im and I can't remove any email address or phone number I added. I always get the "Failed to remove threepid" error message. So I'm not sure if this is just a miss-configuration. I expect that both matrix.org and vector.im are configured correctly. Any idea how this could be solved. This looks really bad if you can't remove personal information on the "official" matrix server.

[johappel]

the same here