Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement cancelling 3pid invites #625

Closed
ara4n opened this issue Jan 13, 2016 · 7 comments
Closed

Implement cancelling 3pid invites #625

ara4n opened this issue Jan 13, 2016 · 7 comments

Comments

@ara4n
Copy link
Member

ara4n commented Jan 13, 2016

Blocked on support from synapse (matrix-org/synapse#1473)

@ara4n
Copy link
Member Author

ara4n commented Sep 12, 2018

I have no idea why we've never done this; it should be trivial - surely we just delete the 3PID invite from the DAG. Does it even need synapse changes?

@ara4n
Copy link
Member Author

ara4n commented Sep 12, 2018

yeah, i just deleted a stuck one via /devtools by setting the body of the 3pid invite state event to {} and it dutifully disappeared. the only nastiness is that you end up with

screenshot 2018-09-12 at 11 53 35

in the timeline, plus the empty state event obviously hangs around forever, but that's a problem of https://github.com/matrix-org/matrix-doc/issues/456

@ara4n
Copy link
Member Author

ara4n commented Sep 12, 2018

see also #5490

@turt2live
Copy link
Member

Wouldn't you'd also need to invalidate the invite in the IS so it doesn't try and say the user can join?

@ara4n
Copy link
Member Author

ara4n commented Sep 12, 2018

You could, but i'm not sure it's the end of the world, given the IS will try exchange the 3pid invite for a real invite, which will fail because the 3pid invite will have been deleted (aka replaced by {})

@thomas4019
Copy link

Any update on this?

@gdvine
Copy link

gdvine commented Jan 30, 2019

This is an important security feature actually, as 3PID unaccepted invites hang around forever and are impossible to revoke currently. So if a user wishes to disinvite a user that never had a chance to accept, he/she can't and a user who should not have access to a room can join undesired at any time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants