Password change shows vague "HTTP status 400" message if it doesn't follow policy

[yukiisbored]

Description

When a user change their password to something that doesn't follow the password policy set on the homeserver, Element shows a vague "HTTP status 400" error which causes confusion.

I believe this is an issue on Element side and not Synapse's as taking a peek in the received response for the password change API request, it clearly tells what the issue is:

Transcribed here in case people are unable to read the picture:

{
  "errcode":"M_PASSWORD_NO_SYMBOL",
  "error":"The password must include at least one symbol"
}

Steps to reproduce

• Go to General Settings
• Change your password to something which doesn't follow the password policy
• See vague "HTTP status 400"

Version information

• Platform: Web
• Browser: Chrome
• OS: Windows
• URL: app.element.io

[turt2live]

Where is M_PASSWORD_NO_SYMBOL coming from? This isn't a specified error code, so should not be using the M_ prefix.

[yukiisbored]

Where is M_PASSWORD_NO_SYMBOL coming from? This isn't a specified error code, so should not be using the M_ prefix.

This is the response from my homeserver. I'm currently running Synapse ver 1.27.0.

[yukiisbored]

FYI, I currently only use local accounts handled by Synapse and not an SSO or a centralized db like LDAP.

[yukiisbored]

Reading Synapse codebase, it appears that most error codes has an M_ prefix as you can see here:

https://github.com/matrix-org/synapse/blob/develop/synapse/api/errors.py#L69-L75

[turt2live]

Looks like this is some unstable feature in Synapse based on this MSC: matrix-org/matrix-spec-proposals#2000

I've raised the namespace issue here: matrix-org/synapse#9727

We might be able to use the error message from the server, though we can't reasonably rely on the error codes for now.