From 1a0b8b35f8c6125dd8081506f6c93f3e20889209 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Thu, 21 Nov 2019 10:42:06 +0100 Subject: [PATCH] Login screens: Doc: adapt log to correct logs and fix typo --- docs/signup.md | 71 +++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 42 deletions(-) diff --git a/docs/signup.md b/docs/signup.md index e4c33fb415..f241edeba0 100644 --- a/docs/signup.md +++ b/docs/signup.md @@ -1,30 +1,23 @@ # Sign up to a homeserver -This document describes the flow of registration to a homeserver. Examples come from the matrix.org homeserver, and the logs come from Riot-Android. +This document describes the flow of registration to a homeserver. Examples come from the `matrix.org` homeserver. -Note that it contains bugs: - - "password" and "initial_device_display_name" values are sent a bit too much - - the first received "sessionId" is not reused - - The order of stages returned by the homeserver is not strictly followed - -Ref: https://matrix.org/docs/spec/client_server/latest#account-registration-and-management +*Ref*: https://matrix.org/docs/spec/client_server/latest#account-registration-and-management ## Sign up flows ### First step -Client request the sign-up flows, once the homeserver is chosen by the user and its url is knwon (in the example it's https://matrix.org) +Client request the sign-up flows, once the homeserver is chosen by the user and its url is known (in the example it's `https://matrix.org`) -> curl -X POST --data $'{"initial_device_display_name":"Mobile device","x_show_msisdn":true}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{}' 'https://matrix.org/_matrix/client/r0/register' ```json { - "initial_device_display_name": "Mobile device", - "x_show_msisdn": true } ``` -401 +We get the flows with a 401, which also means the the registration is possible on this homeserver. ```json { @@ -66,18 +59,19 @@ Client request the sign-up flows, once the homeserver is chosen by the user and ### Step 1: entering user name and password -The app is displaying a form with login and password. Only the login is sent for the first request +The app is displaying a form to enter username and password. -> curl -X POST --data $'{"initial_device_display_name":"Mobile device","username":"alice"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"initial_device_display_name":"Mobile device","username":"alice","password": "weak_password"}' 'https://matrix.org/_matrix/client/r0/register' ```json { "initial_device_display_name": "Mobile device", - "username": "alice" + "username": "alice", + "password": "weak_password" } ``` -401 +401. Note that the `session` value has changed (because we did not provide the previous value in the request body), but it's ok, we will use the new value for the next steps. ```json { @@ -119,6 +113,8 @@ The app is displaying a form with login and password. Only the login is sent for #### If username already exists +We get a 400: + ```json { "errcode": "M_USER_IN_USE", @@ -130,17 +126,14 @@ The app is displaying a form with login and password. Only the login is sent for User is proposed to enter an email. We skip this step. -> curl -X POST --data $'{"auth":{"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.dummy"},"initial_device_display_name":"Mobile device","password":"azerty","username":"alice"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"auth":{"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.dummy"}}' 'https://matrix.org/_matrix/client/r0/register' ```json { "auth": { "session": "xptUYoREDACTEDogOWAGVnbJQ", "type": "m.login.dummy" - }, - "initial_device_display_name": "Mobile device", - "password": "password_REDACTED", - "username":"alice" + } } ``` @@ -189,6 +182,8 @@ User is proposed to enter an email. We skip this step. ### Step 2 bis: we enter an email +We request a token to the homeserver. The `client_secret` is generated by the application + > curl -X POST --data $'{"client_secret":"53e679ea-oRED-ACTED-92b8-3012c49c6cfa","email":"alice@yopmail.com","send_attempt":0}' 'https://matrix.org/_matrix/client/r0/register/email/requestToken' ```json @@ -209,7 +204,7 @@ User is proposed to enter an email. We skip this step. And -> curl -X POST --data $'{"auth":{"threepid_creds":{"client_secret":"53e679ea-oRED-ACTED-92b8-3012c49c6cfa","sid":"qlBCREDACTEDEtgxD"},"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.email.identity"},"initial_device_display_name":"Mobile device","password":"password_REDACTED","username":"alice"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"auth":{"threepid_creds":{"client_secret":"53e679ea-oRED-ACTED-92b8-3012c49c6cfa","sid":"qlBCREDACTEDEtgxD"},"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.email.identity"}}' 'https://matrix.org/_matrix/client/r0/register' ```json { @@ -220,14 +215,11 @@ And }, "session": "xptUYoREDACTEDogOWAGVnbJQ", "type": "m.login.email.identity" - }, - "initial_device_display_name": "Mobile device", - "password": "password_REDACTED", - "username": "alice" + } } ``` -401 +We get 401 since the email is not validated yet: ```json { @@ -238,7 +230,7 @@ And The app is now polling on -> curl -X POST --data $'{"auth":{"threepid_creds":{"client_secret":"53e679ea-oRED-ACTED-92b8-3012c49c6cfa","sid":"qlBCREDACTEDEtgxD"},"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.email.identity"},"initial_device_display_name":"Mobile device","password":"password_REDACTED","username":"alice"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"auth":{"threepid_creds":{"client_secret":"53e679ea-oRED-ACTED-92b8-3012c49c6cfa","sid":"qlBCREDACTEDEtgxD"},"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.email.identity"}}' 'https://matrix.org/_matrix/client/r0/register' ```json { @@ -249,17 +241,14 @@ The app is now polling on }, "session": "xptUYoREDACTEDogOWAGVnbJQ", "type": "m.login.email.identity" - }, - "initial_device_display_name": "Mobile device", - "password": "password_REDACTED", - "username": "alice" + } } ``` -We click on the link received by email https://matrix.org/_matrix/client/unstable/registration/email/submit_token?token=vtQjQIZfwdoREDACTEDozrmKYSWlCXsJ&client_secret=53e679ea-oRED-ACTED-92b8-3012c49c6cfa&sid=qlBCREDACTEDEtgxD which contains: -- A token vtQjQIZfwdoREDACTEDozrmKYSWlCXsJ -- a client secret: 53e679ea-oRED-ACTED-92b8-3012c49c6cfa -- A sid: qlBCREDACTEDEtgxD +We click on the link received by email `https://matrix.org/_matrix/client/unstable/registration/email/submit_token?token=vtQjQIZfwdoREDACTEDozrmKYSWlCXsJ&client_secret=53e679ea-oRED-ACTED-92b8-3012c49c6cfa&sid=qlBCREDACTEDEtgxD` which contains: +- A `token` vtQjQIZfwdoREDACTEDozrmKYSWlCXsJ +- The `client_secret`: 53e679ea-oRED-ACTED-92b8-3012c49c6cfa +- A `sid`: qlBCREDACTEDEtgxD Once the link is clicked, the registration request (polling) returns a 401 with the following content: @@ -308,15 +297,14 @@ Once the link is clicked, the registration request (polling) returns a 401 with User is proposed to accept T&C and he accepts them -> curl -X POST --data $'{"auth":{"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.terms"},"initial_device_display_name":"Mobile device"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"auth":{"session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.terms"}}' 'https://matrix.org/_matrix/client/r0/register' ```json { "auth": { "session": "xptUYoREDACTEDogOWAGVnbJQ", "type": "m.login.terms" - }, - "initial_device_display_name": "Mobile device" + } } ``` @@ -368,7 +356,7 @@ User is proposed to accept T&C and he accepts them User is proposed to prove he is not a robot and he does it: -> curl -X POST --data $'{"auth":{"response":"03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q","session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.recaptcha"},"initial_device_display_name":"Mobile device"}' 'https://matrix.org/_matrix/client/r0/register' +> curl -X POST --data $'{"auth":{"response":"03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q","session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.recaptcha"}}' 'https://matrix.org/_matrix/client/r0/register' ```json { @@ -376,8 +364,7 @@ User is proposed to prove he is not a robot and he does it: "response": "03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q", "session": "xptUYoREDACTEDogOWAGVnbJQ", "type": "m.login.recaptcha" - }, - "initial_device_display_name": "Mobile device" + } } ```