This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
Deactivating account with {erase: true} fails with internal server error #12257
Description
Description
When attempting GDPR-compliant user deactivation using POST /_synapse/admin/v1/deactivate/@user:domain.tld with {erase: true}, the request fails with M_UNKNOWN and ValueError: mxc URI '' did not match expected format appears in the homeserver log file. Without the erase parameter, deletion works.
Interestingly, when deleting multiple accounts in a row with {erase: true}, they are not kicked from their rooms, but as soon as we then delete a single additional user with {erase: false}, the user parter kicks in and immediately also kicks all the users for which deletion previously failed.
I'm unsure whether this is relevant, but some details about our setup:
- We run https://github.com/matrix-org/matrix-synapse-ldap3 against OpenLDAP as our authentication backend
- All accounts are provisioned using using the user creation/modification admin API and do not have a password set in Synapse (since authentication is done against LDAP)
- When a user is removed from our organization, our backend tools delete the account both in Synapse and in LDAP (We've tested that ordering makes no difference, i.e., the error doesn't disappear if we keep the LDAP entry around until Synapse is done with the deactivation)
Steps to reproduce
- provision a user account through the admin API with no password (we set just
displaynameand the email address in the POST body) - (you may log in as that user, or don't, this appears to make no difference)
- use the deactivate account API with
{erase: true}to deactivate the account - see that the request fails and that you can still log in with that user account (although all active sessions were terminated), and the account is still member of its rooms
Server logs showing two deletion failures with the erase option and one success without it
2022-03-20 17:16:25,248 - synapse.http.server - 100 - ERROR - POST-40008 - Failed handle request via 'DeactivateAccountRestServlet': <XForwardedForRequest at 0x7fb22425afd0 method='POST' uri='/_synapse/admin/v1/deactivate/@testaccount1:domain.tld' clientproto='HTTP/1.0' site='8008'>
Traceback (most recent call last):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/caches/descriptors.py", line 313, in _wrapped
ret = cache.get(cache_key, callback=invalidate_callback)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/caches/deferred_cache.py", line 176, in get
raise KeyError()
KeyError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py", line 269, in _async_render_wrapper
callback_return = await self._async_render(request)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py", line 471, in _async_render
callback_return = await raw_callback_return
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/rest/admin/users.py", line 616, in on_POST
result = await self._deactivate_account_handler.deactivate_account(
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/deactivate_account.py", line 139, in deactivate_account
await self._profile_handler.set_avatar_url(
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/profile.py", line 306, in set_avatar_url
if not await self.check_avatar_size_and_mime_type(new_avatar_url):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/twisted/internet/defer.py", line 1660, in _inlineCallbacks
result = current_context.run(gen.send, result)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/profile.py", line 348, in check_avatar_size_and_mime_type
server_name, _, media_id = parse_and_validate_mxc_uri(mxc)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/stringutils.py", line 188, in parse_and_validate_mxc_uri
raise ValueError("mxc URI %r did not match expected format" % (mxc,))
ValueError: mxc URI '' did not match expected format
2022-03-20 17:16:25,261 - synapse.access.http.8008 - 427 - INFO - POST-40008 - 127.0.0.1 - 8008 - {@backendbot:domain.tld} Processed request: 0.169sec/0.001sec (0.044sec, 0.005sec) (0.012sec/0.101sec/17) 55B 500 "POST /_synapse/admin/v1/deactivate/@testaccount1:domain.tld HTTP/1.0" "python-requests/2.26.0" [0 dbevts]
2022-03-20 17:19:12,819 - synapse.storage.databases.main.event_push_actions - 608 - INFO - event_push_action_stream_orderings-561 - Searching for stream ordering 1 month ago
2022-03-20 17:19:12,840 - synapse.storage.databases.main.event_push_actions - 612 - INFO - event_push_action_stream_orderings-561 - Found stream ordering 1 month ago: it's 14461
2022-03-20 17:19:12,840 - synapse.storage.databases.main.event_push_actions - 615 - INFO - event_push_action_stream_orderings-561 - Searching for stream ordering 1 day ago
2022-03-20 17:19:12,854 - synapse.storage.databases.main.event_push_actions - 619 - INFO - event_push_action_stream_orderings-561 - Found stream ordering 1 day ago: it's 14619
2022-03-20 17:26:34,757 - synapse.http.server - 100 - ERROR - POST-40121 - Failed handle request via 'DeactivateAccountRestServlet': <XForwardedForRequest at 0x7fb20c7bed30 method='POST' uri='/_synapse/admin/v1/deactivate/@testaccount2:domain.tld' clientproto='HTTP/1.0' site='8008'>
Traceback (most recent call last):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/caches/descriptors.py", line 313, in _wrapped
ret = cache.get(cache_key, callback=invalidate_callback)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/caches/deferred_cache.py", line 176, in get
raise KeyError()
KeyError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py", line 269, in _async_render_wrapper
callback_return = await self._async_render(request)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/http/server.py", line 471, in _async_render
callback_return = await raw_callback_return
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/rest/admin/users.py", line 616, in on_POST
result = await self._deactivate_account_handler.deactivate_account(
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/deactivate_account.py", line 139, in deactivate_account
await self._profile_handler.set_avatar_url(
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/profile.py", line 306, in set_avatar_url
if not await self.check_avatar_size_and_mime_type(new_avatar_url):
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/twisted/internet/defer.py", line 1660, in _inlineCallbacks
result = current_context.run(gen.send, result)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/handlers/profile.py", line 348, in check_avatar_size_and_mime_type
server_name, _, media_id = parse_and_validate_mxc_uri(mxc)
File "/opt/venvs/matrix-synapse/lib/python3.8/site-packages/synapse/util/stringutils.py", line 188, in parse_and_validate_mxc_uri
raise ValueError("mxc URI %r did not match expected format" % (mxc,))
ValueError: mxc URI '' did not match expected format
2022-03-20 17:26:34,762 - synapse.access.http.8008 - 427 - INFO - POST-40121 - 127.0.0.1 - 8008 - {@backendbot:domain.tld} Processed request: 0.064sec/0.001sec (0.016sec, 0.004sec) (0.006sec/0.037sec/12) 55B 500 "POST /_synapse/admin/v1/deactivate/@testaccount2:domain.tld HTTP/1.0" "python-requests/2.26.0" [0 dbevts]
2022-03-20 17:26:39,320 - synapse.handlers.deactivate_account - 220 - INFO - user_parter_loop-1 - Starting user parter
2022-03-20 17:26:39,329 - synapse.handlers.deactivate_account - 226 - INFO - user_parter_loop-1 - User parter parting '@testaccount1:domain.tld'
2022-03-20 17:26:39,329 - synapse.handlers.deactivate_account - 240 - INFO - user_parter_loop-1 - User parter parting '@testaccount1:domain.tld' from '!<redacted>:domain.tld'
2022-03-20 17:26:39,553 - synapse.handlers.deactivate_account - 196 - INFO - POST-40127 - Rejected invite for deactivated user '@testaccount2:domain.tld' in room '!<redacted>:domain.tld'
2022-03-20 17:26:39,623 - synapse.handlers.deactivate_account - 240 - INFO - user_parter_loop-1 - User parter parting '@testaccount1:domain.tld' from '!<redacted>:domain.tld'
2022-03-20 17:26:39,847 - synapse.handlers.deactivate_account - 196 - INFO - POST-40127 - Rejected invite for deactivated user '@testaccount2:domain.tld' in room '!<redacted>:domain.tld'
2022-03-20 17:26:39,972 - synapse.handlers.deactivate_account - 240 - INFO - user_parter_loop-1 - User parter parting '@testaccount1:domain.tld' from '!<redacted>:domain.tld'
2022-03-20 17:26:40,011 - synapse.access.http.8008 - 427 - INFO - POST-40127 - 127.0.0.1 - 8008 - {@backendbot:domain.tld} Processed request: 0.726sec/0.016sec (0.040sec, 0.027sec) (0.053sec/0.229sec/30) 37B 200 "POST /_synapse/admin/v1/deactivate/@testaccount2:domain.tld HTTP/1.0" "python-requests/2.26.0" [0 dbevts]
2022-03-20 17:26:40,169 - synapse.handlers.deactivate_account - 240 - INFO - user_parter_loop-1 - User parter parting '@testaccount1:domain.tld' from '!<redacted>:domain.tld'
2022-03-20 17:26:40,412 - synapse.handlers.deactivate_account - 229 - INFO - user_parter_loop-1 - User parter finished parting '@testaccount1:domain.tld'
2022-03-20 17:26:40,420 - synapse.handlers.deactivate_account - 226 - INFO - user_parter_loop-1 - User parter parting '@testaccount2:domain.tld'
2022-03-20 17:26:40,446 - synapse.handlers.deactivate_account - 229 - INFO - user_parter_loop-1 - User parter finished parting '@testaccount2:domain.tld'
2022-03-20 17:26:40,451 - synapse.handlers.deactivate_account - 230 - INFO - user_parter_loop-1 - User parter finished: stopping
Version information
- Homeserver: (withheld)
If not matrix.org:
-
Version: 1.54.0 on Python 3.8.10
-
Install method: debian package
matrix-synapse-py3 1.54.0+focal1
- Platform: Ubuntu Server 20.04.4 LTS, VM