Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a mechanism for Riot to generate and cache a user password #3600

Closed
lampholder opened this issue Apr 11, 2017 · 7 comments
Closed

Implement a mechanism for Riot to generate and cache a user password #3600

lampholder opened this issue Apr 11, 2017 · 7 comments
Assignees
@lukebarnard1
Labels
A-Guest-Access T-Enhancement
Milestone
RW003

Comments

@lampholder
Copy link
Member

lampholder commented Apr 11, 2017
edited
Loading

The details of the new guest experience for Riot are on the project plan: element-hq/riot-meta/issues/59

We want to improve the experience for users landing as guest by giving them full access to Riot after they've picked a username and successfully completed a (accessible, privacy-concern-sensitive) CAPTCHA.

As part of this, completing registration with a password would be completed at a later stage, so Matrix/Riot need to support the user's existing/operating without a password.

The scope of this task is to make sure this is possible (it might be that no work is required).

If work is required, the 'right way' to implement this is down to the implementor - it could be to modify Synapse/the DB schema, it could be for Riot to generate a throwaway password that is not exposed to the user (or something else entirely).
@lampholder lampholder mentioned this issue Apr 11, 2017
Open
10 tasks
@lukebarnard1
Copy link
Contributor

If work is required, the 'right way' to implement this is down to the implementor

I'm not sure this should hold true... I think we should discuss, design and implement collectively.

@tessgadwa
Copy link

tessgadwa commented Apr 12, 2017 via email

@lampholder
Copy link
Member Author

Okay :)

A summary of discussion so far - we are wedded to the idea of users being able to have full access without having to provide a password, so we would like to implement this by:

  • Riot generating a password for the user and caching it locally (thereby not requiring any changes to the server impl to support passwordless users)
  • Riot prompting the user to provide a password (using whatever combination of encouraging wording and UI works most effectively)

@lampholder
Copy link
Member Author

So that would likely change the scope of this task to - implement a mechanism for Riot to generate and cache a user password, and it can come later in the sequence.

@lampholder lampholder added this to the RW003 milestone Apr 24, 2017
@lukebarnard1 lukebarnard1 changed the title Improve Landing as Guest: Make Riot/Matrix able to handle Passwordless Users Make Riot/Matrix able to handle Passwordless Users Apr 25, 2017
@lukebarnard1
Copy link
Contributor

Ah, well let's change the title to that then :)

@lukebarnard1 lukebarnard1 changed the title Make Riot/Matrix able to handle Passwordless Users Implement a mechanism for Riot to generate and cache a user password Apr 25, 2017
@lukebarnard1 lukebarnard1 mentioned this issue Apr 25, 2017
Closed
@lukebarnard1 lukebarnard1 self-assigned this Apr 25, 2017
@lukebarnard1
Copy link
Contributor

The generation is simple:

generateRandomPassword() {
    // Returns something like "yigddhuo6ucrbeyvh35v78pvi",
    // but not always of the same length
    return Math.random().toString(36).slice(2);
}

As to when we do this, and where this fits in with existing code, I'm not sure. It could easily go into the dialog to choose a mxid/do a capcha before it calls through to hit an InteractiveAuth of some flavour. This needs a bit more thought.

@lukebarnard1
Copy link
Contributor

Done in the initial implementation of mxid dialog matrix-org/matrix-react-sdk#849

su-ex added a commit to SchildiChat/element-web that referenced this issue Feb 24, 2024
@su-ex
Merge tag 'v1.11.36' into sc
4a0c85d 
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* Deprecate customisations in favour of Module API ([\element-hq#25736](element-hq#25736)). Fixes element-hq#25733.
* OIDC: store initial screen in session storage  ([\element-hq#25688](element-hq#25688)). Fixes element-hq#25656. Contributed by @kerryarchibald.
* Allow default_server_config as a fallback config ([\element-hq#25682](element-hq#25682)). Contributed by @ShadowRZ.
* OIDC: remove auth params from url after login attempt ([\element-hq#25664](element-hq#25664)). Contributed by @kerryarchibald.
* feat(faq): remove keyboard shortcuts button ([\element-hq#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq#22625. Contributed by @gefgu.
* GYU: Update banner ([\element-hq#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\element-hq#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq#6942.
* OIDC: Log in ([\element-hq#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\element-hq#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq#4457 and element-hq#8720.
* Autoapprove Element Call oidc requests ([\element-hq#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen.
* Expose and pre-populate thread ID in devtools dialog ([\element-hq#10953](matrix-org/matrix-react-sdk#10953)).
* Hide URL preview if it will be empty ([\element-hq#9029](matrix-org/matrix-react-sdk#9029)).
* Change wording from avatar to profile picture ([\element-hq#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\element-hq#11197](matrix-org/matrix-react-sdk#11197)).
* Consider more user inputs when calculating zxcvbn score ([\element-hq#11180](matrix-org/matrix-react-sdk#11180)).
* GYU: Account Notification Settings ([\element-hq#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq#24567. Contributed by @justjanne.
* Compound Typography pass ([\element-hq#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq#25548.
* OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq#25574. Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\element-hq#3600](matrix-org/matrix-js-sdk#3600)).
* Fix missing metaspace notification badges ([\element-hq#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq#25679.
* Make checkboxes less rounded ([\element-hq#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\element-hq#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\element-hq#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq#25703.
* Avoid trying to set room account data for pinned events as guest ([\element-hq#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\element-hq#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\element-hq#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\element-hq#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq#25718.
* Handle newlines in user pills ([\element-hq#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq#10994.
* Limit width of user menu in space panel ([\element-hq#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq#22627.
* Add isLocation to ComposerEvent analytics events ([\element-hq#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\element-hq#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\element-hq#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq#25683.
* Apply i18n to strings in the html export ([\element-hq#11176](matrix-org/matrix-react-sdk#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\element-hq#11160](matrix-org/matrix-react-sdk#11160)).
* Make event info size consistent with state events ([\element-hq#11181](matrix-org/matrix-react-sdk#11181)).
* Fix markdown content spacing ([\element-hq#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq#25685.
* Fix font-family definition for emojis ([\element-hq#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq#25686.
* Fix spurious error sending receipt in thread errors ([\element-hq#11157](matrix-org/matrix-react-sdk#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\element-hq#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq#25674.
* Only trap escape key for cancel reply if there is a reply ([\element-hq#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq#25640.
* Update linkify to 4.1.1 ([\element-hq#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq#23806.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukebarnard1 lukebarnard1

Labels
A-Guest-Access T-Enhancement
Projects
None yet
Milestone
RW003
Development

No branches or pull requests
4 participants
@jryans @lampholder @tessgadwa @lukebarnard1