Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Validate 3PIDs during signup & password reset from HS, not IS #1710

Closed
ara4n opened this issue Dec 18, 2016 · 2 comments
Closed

Validate 3PIDs during signup & password reset from HS, not IS #1710

ara4n opened this issue Dec 18, 2016 · 2 comments
Labels
Security z-feature (Deprecated Label) z-p2 (Deprecated Label)

Comments

@ara4n
Copy link
Member

ara4n commented Dec 18, 2016

There's an internal spec document called "Proposal for decoupling 3PID signup validation from discoverable 3PID validation" which proposes a fix for the fact that we use ISes for validating emails both during signup as well as for discovery. In practice, these are very different scenarios and we should use the HS for validating emails.

This would also help us with the branding of sign-up & reset mails.

Submitting this issue to track it properly.

@ara4n
Copy link
Member Author

ara4n commented Dec 20, 2016

On discussion with Dave, we've decided not to incorporate this with the work being done on element-hq/element-web#1903, as it's basically orthogonal.

When we get 'round to do it, we probably want it to be a standalone verification microservice (e.g. another python+sqlite thing; call it sygnoff or something ;). This could the be used both by the IS (whether centralised sygnal or a decentralised future thing) and by the HS as a general verification helper.

Separately, there's also the related issue of supporting 2FA during login (not signup or password reset): https://github.com/vector-im/riot-web/issues/2772. It feels like this might want to also make use of the same hypothetical verification service produced by this bug.

@richvdh
Copy link
Member

richvdh commented Nov 27, 2019

this finally got done by element-hq/element-web#5835 and friends.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Security z-feature (Deprecated Label) z-p2 (Deprecated Label)
Projects
None yet
Development

No branches or pull requests

3 participants