From 1d6501b6ecae194e5b105c513bb412548f1d0ab6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 29 Aug 2019 13:51:38 -0600 Subject: [PATCH 01/11] What if we allowed homeservers to deal with their own business? --- proposals/0000-id_server-now-optional.md | 57 ++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 proposals/0000-id_server-now-optional.md diff --git a/proposals/0000-id_server-now-optional.md b/proposals/0000-id_server-now-optional.md new file mode 100644 index 00000000..a066cf6b --- /dev/null +++ b/proposals/0000-id_server-now-optional.md @@ -0,0 +1,57 @@ +# Proposal to make the `id_server` parameter on client-server APIs optional + +In order to better protect the privacy of of a user, Matrix is wanting to shift to +a model where identity servers have less control over the affairs of the homeserver. +Identity servers are currently used to reset the passwords of users on a given homeserver +as an identity verification technique, however there is no reason why the homeserver +itself can't handle the verification. This proposal allows for a homeserver to verify +the identity of users itself, without the use of an identity server. + +## Proposal + +The `id_server` parameter is to become optional on the following endpoints: + +* `/_matrix/client/:version/account/3pid/:medium/requestToken` +* `/_matrix/client/:version/register/:medium/requestToken` +* `/_matrix/client/:version/account/password/:medium/requestToken` + +The `id_server` parameter is additionally deprecated with intentions of being removed +in a future specification release on the `/register/:medium` and `/account/password/:medium` +endpoints. Once appropriate adoption has been achieved, the specification can safely +remove the parameter as supported. The reason for this deprecation is to completely +remove the identity server's ability to be involved in password resets/registration. +Users wishing to bind their 3rd party identifiers can do so after registration, and +clients can automate this if they so desire. + +Similarly, `bind_email` and `bind_msisdn` are deprecated with intentions to be removed +in a future specification version on `/register`. The flags have no effect if no `id_server` +is being used. + +As per [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140), an `id_access_token` +is required only if an `id_server` is supplied. + +Although not specified as required in the specification currently, the `id_server` +as part of User-Interactive Authentication is also optional if this proposal is accepted. +When the client requests a token without an `id_server`, it should not specify an +`id_server` in UIA. + +Homeservers can reuse HTTP 400 `M_SERVER_NOT_TRUSTED` as an error code on the `/requestToken` +endpoints listed above if they do not trust the identity server the user is supplying. + +In order to allow client implementations to determine if the homeserver they are developed +against supports `id_server` being optional, an unstable feature flag of `m.require_identity_server` +is to be added to `/versions`. When the flag is `false` or not present, clients must assume +that the homeserver requires an `id_server` (ie: it has not yet considered it optional). +If this proposal is accepted, clients are expected to use the supported specification versions +the homeserver advertises instead of the feature flag's presence. + +## Tradeoffs + +Homeservers may have to set up MSISDN/email support to their implementations. This is believed +to be of minimal risk compared to allowing the identity server to continue being involved +with password reset/registration. + +## Security considerations + +The identity server was previously involved with affairs only the homeserver cares about. +This is no longer the case. From 4e43024039e10ade0ec4e40b2396dcfa69b743b6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 29 Aug 2019 13:54:53 -0600 Subject: [PATCH 02/11] Assign number --- ...0-id_server-now-optional.md => 2263-homeserver-pw-resets.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename proposals/{0000-id_server-now-optional.md => 2263-homeserver-pw-resets.md} (96%) diff --git a/proposals/0000-id_server-now-optional.md b/proposals/2263-homeserver-pw-resets.md similarity index 96% rename from proposals/0000-id_server-now-optional.md rename to proposals/2263-homeserver-pw-resets.md index a066cf6b..8db52572 100644 --- a/proposals/0000-id_server-now-optional.md +++ b/proposals/2263-homeserver-pw-resets.md @@ -1,4 +1,4 @@ -# Proposal to make the `id_server` parameter on client-server APIs optional +# MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets In order to better protect the privacy of of a user, Matrix is wanting to shift to a model where identity servers have less control over the affairs of the homeserver. From 16bb3bd8b522e506501f3bfbcf5dd91046a40a25 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 29 Aug 2019 13:59:48 -0600 Subject: [PATCH 03/11] Add an unstable feature flag to MSC2140 for clients to detect support --- proposals/2140-terms-of-service-2.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/proposals/2140-terms-of-service-2.md b/proposals/2140-terms-of-service-2.md index 9f96a00b..93259143 100644 --- a/proposals/2140-terms-of-service-2.md +++ b/proposals/2140-terms-of-service-2.md @@ -170,7 +170,7 @@ This endpoint does *not* require authentication. #### `POST $prefix/terms`: Requests to this endpoint have a single key, `user_accepts` whose value is -a list of URLs (given by the `url` field in the GET response) of documents that +a list of URLs (given by the `url` field in the GET response) of documents that the user has agreed to: ```json @@ -277,6 +277,16 @@ Clients may add IS bindings for 3PIDs that already exist on the user's Homeserver account by using the `POST /_matrix/client/r0/account/3pid` to re-add the 3PID. +### Unstable feature flag for transition + +In order to allow client implementations to determine if the homeserver they are developed +against supports `id_access_token`, an unstable feature flag of `m.id_access_token` +is to be added to `/versions`. When the flag is `false` or not present, clients must assume +that the homeserver does not support being given `id_access_token` and may receive an error +for doing so. Clients are expected to use the supported specification versions the homeserver +advertises instead of the feature flag's presence once this proposal is included in a release +of the specification. + ## Tradeoffs The Identity Service API previously did not require authentication, and OpenID From 6d5e90b1d6d01aef3afa2e630222007b4e281bb4 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 29 Aug 2019 14:51:32 -0600 Subject: [PATCH 04/11] Apply suggestions from code review Co-Authored-By: Matthew Hodgson --- proposals/2263-homeserver-pw-resets.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/proposals/2263-homeserver-pw-resets.md b/proposals/2263-homeserver-pw-resets.md index 8db52572..1bb55da0 100644 --- a/proposals/2263-homeserver-pw-resets.md +++ b/proposals/2263-homeserver-pw-resets.md @@ -1,6 +1,6 @@ # MSC2263: Give homeservers the ability to handle their own 3PID registrations/password resets -In order to better protect the privacy of of a user, Matrix is wanting to shift to +In order to better protect the privacy of a user, Matrix is wanting to shift to a model where identity servers have less control over the affairs of the homeserver. Identity servers are currently used to reset the passwords of users on a given homeserver as an identity verification technique, however there is no reason why the homeserver @@ -15,7 +15,7 @@ The `id_server` parameter is to become optional on the following endpoints: * `/_matrix/client/:version/register/:medium/requestToken` * `/_matrix/client/:version/account/password/:medium/requestToken` -The `id_server` parameter is additionally deprecated with intentions of being removed +The `id_server` parameter is additionally deprecated with intention of being removed in a future specification release on the `/register/:medium` and `/account/password/:medium` endpoints. Once appropriate adoption has been achieved, the specification can safely remove the parameter as supported. The reason for this deprecation is to completely @@ -23,7 +23,7 @@ remove the identity server's ability to be involved in password resets/registrat Users wishing to bind their 3rd party identifiers can do so after registration, and clients can automate this if they so desire. -Similarly, `bind_email` and `bind_msisdn` are deprecated with intentions to be removed +Similarly, `bind_email` and `bind_msisdn` are deprecated with intention to be removed in a future specification version on `/register`. The flags have no effect if no `id_server` is being used. From 1a6eb9a4131a0683f095c142934bc45b8a2a71ad Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 29 Aug 2019 15:19:12 -0600 Subject: [PATCH 05/11] Update proposals/2263-homeserver-pw-resets.md Co-Authored-By: J. Ryan Stinnett --- proposals/2263-homeserver-pw-resets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/2263-homeserver-pw-resets.md b/proposals/2263-homeserver-pw-resets.md index 1bb55da0..564d1e45 100644 --- a/proposals/2263-homeserver-pw-resets.md +++ b/proposals/2263-homeserver-pw-resets.md @@ -40,7 +40,7 @@ endpoints listed above if they do not trust the identity server the user is supp In order to allow client implementations to determine if the homeserver they are developed against supports `id_server` being optional, an unstable feature flag of `m.require_identity_server` -is to be added to `/versions`. When the flag is `false` or not present, clients must assume +is to be added to `/versions`. When the flag is `true` or not present, clients must assume that the homeserver requires an `id_server` (ie: it has not yet considered it optional). If this proposal is accepted, clients are expected to use the supported specification versions the homeserver advertises instead of the feature flag's presence. From f8780e23955e5f8a70b108daa0e6428f5ab9e7a6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Fri, 30 Aug 2019 04:44:39 -0600 Subject: [PATCH 06/11] add note about edit --- proposals/2140-terms-of-service-2.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/2140-terms-of-service-2.md b/proposals/2140-terms-of-service-2.md index 93259143..177da4d6 100644 --- a/proposals/2140-terms-of-service-2.md +++ b/proposals/2140-terms-of-service-2.md @@ -1,5 +1,7 @@ # MSC2140: Terms of Service API for Identity Servers and Integration Managers +*Note*: This MSC was added to in [MSC2264](https://github.com/matrix-org/matrix-doc/pull/2264) + [MSC1692](https://github.com/matrix-org/matrix-doc/issues/1692) introduces a method for homeservers to require that users read and agree to certain documents before being permitted to use the service. This proposal introduces a From b36fe24f1b719d8650de39187f112ebe0fada041 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Fri, 30 Aug 2019 08:27:44 -0600 Subject: [PATCH 08/11] Let's not doubly remove things --- proposals/2263-homeserver-pw-resets.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/proposals/2263-homeserver-pw-resets.md b/proposals/2263-homeserver-pw-resets.md index 564d1e45..3b58af17 100644 --- a/proposals/2263-homeserver-pw-resets.md +++ b/proposals/2263-homeserver-pw-resets.md @@ -23,9 +23,8 @@ remove the identity server's ability to be involved in password resets/registrat Users wishing to bind their 3rd party identifiers can do so after registration, and clients can automate this if they so desire. -Similarly, `bind_email` and `bind_msisdn` are deprecated with intention to be removed -in a future specification version on `/register`. The flags have no effect if no `id_server` -is being used. +Note that `bind_email` and `bind_msisdn` on `/register` have already been removed +by [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140). As per [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140), an `id_access_token` is required only if an `id_server` is supplied. From 52e6868f5095d16bd3c72f73d797b208ebe2d1fc Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 3 Sep 2019 15:03:41 -0600 Subject: [PATCH 09/11] Remove bind_* params on /register as per MSC2140 See https://github.com/matrix-org/matrix-doc/pull/2140 See https://github.com/matrix-org/matrix-doc/issues/2253 --- api/client-server/registration.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/api/client-server/registration.yaml b/api/client-server/registration.yaml index 71177d0c..8bb9a027 100644 --- a/api/client-server/registration.yaml +++ b/api/client-server/registration.yaml @@ -95,18 +95,6 @@ paths: should be authenticated, but is instead used to authenticate the ``register`` call itself. "$ref": "definitions/auth_data.yaml" - bind_email: - type: boolean - description: |- - If true, the server binds the email used for authentication to - the Matrix ID with the identity server. - example: false - bind_msisdn: - type: boolean - description: |- - If true, the server binds the phone number used for authentication - to the Matrix ID with the identity server. - example: false username: type: string description: |- From caf46db6e797cddffd205b1d81d4b1eb3a3c79e9 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 3 Sep 2019 15:04:58 -0600 Subject: [PATCH 10/11] Changelog --- changelogs/client_server/newsfragments/2279.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/client_server/newsfragments/2279.feature diff --git a/changelogs/client_server/newsfragments/2279.feature b/changelogs/client_server/newsfragments/2279.feature new file mode 100644 index 00000000..a1fdf168 --- /dev/null +++ b/changelogs/client_server/newsfragments/2279.feature @@ -0,0 +1 @@ +Remove ``bind_msisdn`` and ``bind_email`` from ``/register`` now that the identity server's bind endpoint requires authentication. From 9574f3c8d0efa062f1d077b7590e29ea073d02d9 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Wed, 4 Sep 2019 14:12:00 +0100 Subject: [PATCH 11/11] update to the new deployment of Giles Signed-off-by: Stuart Mumford --- .circleci/config.yml | 2 +- pyproject.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b37478bf..bf4404ce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -121,4 +121,4 @@ workflows: notify: webhooks: - - url: https://giles.cadair.com/circleci + - url: https://giles.cadair.dev/circleci diff --git a/pyproject.toml b/pyproject.toml index b53982b8..060a44fc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,9 +1,9 @@ -[ tool.giles ] +[ tool.gilesbot ] - [ tool.giles.circleci_artifacts.docs ] + [ tool.gilesbot.circleci_artifacts.docs ] url = "gen/index.html" message = "Click details to preview the HTML documentation." - [ tool.giles.circleci_artifacts.swagger ] + [ tool.gilesbot.circleci_artifacts.swagger ] url = "client-server/index.html" message = "Click to preview the swagger build."