feat(oauth): expose session expiration errors when requesting login with a QR code

Johennes · poljar · commit fccafd8c8068 · 2025-11-26T09:50:11.000+01:00
Signed-off-by: Johannes Marbach &lt;n0-0ne+github@mailbox.org&gt;
diff --git a/bindings/matrix-sdk-ffi/CHANGELOG.md b/bindings/matrix-sdk-ffi/CHANGELOG.md
@@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.
 
 ### Breaking changes
 
+- Add `HumanQrLoginError::NotFound` for non-existing / expired rendezvous sessions
+  ([#5898](https://github.com/matrix-org/matrix-rust-sdk/pull/5898))
 - Add `HumanQrGrantLoginError::NotFound` for non-existing / expired rendezvous sessions
   ([#5898](https://github.com/matrix-org/matrix-rust-sdk/pull/5898))
 - The `LatestEventValue::Local` type gains 2 new fields: `sender` and `profile`.
diff --git a/bindings/matrix-sdk-ffi/src/qr_code.rs b/bindings/matrix-sdk-ffi/src/qr_code.rs
@@ -284,6 +284,8 @@ pub enum HumanQrLoginError {
     CheckCodeAlreadySent,
     #[error("The check code could not be sent.")]
     CheckCodeCannotBeSent,
+    #[error("The rendezvous session was not found and might have expired")]
+    NotFound,
 }
 
 impl From<qrcode::QRCodeLoginError> for HumanQrLoginError {
@@ -331,6 +333,8 @@ impl From<qrcode::QRCodeLoginError> for HumanQrLoginError {
             | QRCodeLoginError::UserIdDiscovery(_)
             | QRCodeLoginError::SecretImport(_)
             | QRCodeLoginError::ServerReset(_) => HumanQrLoginError::Unknown,
+
+            QRCodeLoginError::NotFound => HumanQrLoginError::NotFound,
         }
     }
 }
diff --git a/crates/matrix-sdk/CHANGELOG.md b/crates/matrix-sdk/CHANGELOG.md
@@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.
 
 ### Features
 
+- Add `QRCodeLoginError::NotFound` for non-existing / expired rendezvous sessions
+  ([#5898](https://github.com/matrix-org/matrix-rust-sdk/pull/5898))
 - Add `QRCodeGrantLoginError::NotFound` for non-existing / expired rendezvous sessions
   ([#5898](https://github.com/matrix-org/matrix-rust-sdk/pull/5898))
 - Improve logging around key history bundles when joining a room.
diff --git a/crates/matrix-sdk/src/authentication/oauth/qrcode/login.rs b/crates/matrix-sdk/src/authentication/oauth/qrcode/login.rs
@@ -511,6 +511,7 @@ mod test {
         UnexpectedMessage,
         UnexpectedMessageInsteadOfSecrets,
         RefuseSecrets,
+        LetSessionExpire,
     }
 
     /// The possible token responses.
@@ -953,17 +954,37 @@ mod test {
         alice_behavior: AliceBehaviour,
     ) -> Result<(), QRCodeLoginError> {
         let server = MatrixMockServer::new().await;
+        let expiration = match alice_behavior {
+            AliceBehaviour::LetSessionExpire => Duration::from_secs(2),
+            _ => Duration::MAX,
+        };
         let rendezvous_server =
-            MockedRendezvousServer::new(server.server(), "abcdEFG12345", Duration::MAX).await;
+            MockedRendezvousServer::new(server.server(), "abcdEFG12345", expiration).await;
         let (sender, receiver) = tokio::sync::oneshot::channel();
 
         let oauth_server = server.oauth();
-        oauth_server.mock_server_metadata().ok().expect(1).named("server_metadata").mount().await;
-        oauth_server.mock_registration().ok().expect(1).named("registration").mount().await;
+        let expected_calls = match alice_behavior {
+            AliceBehaviour::LetSessionExpire => 0,
+            _ => 1,
+        };
+        oauth_server
+            .mock_server_metadata()
+            .ok()
+            .expect(expected_calls)
+            .named("server_metadata")
+            .mount()
+            .await;
+        oauth_server
+            .mock_registration()
+            .ok()
+            .expect(expected_calls)
+            .named("registration")
+            .mount()
+            .await;
         oauth_server
             .mock_device_authorization()
             .ok()
-            .expect(1)
+            .expect(expected_calls)
             .named("device_authorization")
             .mount()
             .await;
@@ -1017,7 +1038,12 @@ mod test {
                 }
             }
         });
-        let _alice_task = spawn(async move { grant_login(alice, receiver, alice_behavior).await });
+
+        if !matches!(alice_behavior, AliceBehaviour::LetSessionExpire) {
+            let _alice_task =
+                spawn(async move { grant_login(alice, receiver, alice_behavior).await });
+        }
+
         login_bob.await
     }
 
@@ -1026,18 +1052,39 @@ mod test {
         alice_behavior: AliceBehaviour,
     ) -> Result<(), QRCodeLoginError> {
         let server = MatrixMockServer::new().await;
+        let expiration = match alice_behavior {
+            AliceBehaviour::LetSessionExpire => Duration::from_secs(2),
+            _ => Duration::MAX,
+        };
         let rendezvous_server =
-            MockedRendezvousServer::new(server.server(), "abcdEFG12345", Duration::MAX).await;
+            MockedRendezvousServer::new(server.server(), "abcdEFG12345", expiration).await;
+
         let (qr_sender, qr_receiver) = tokio::sync::oneshot::channel();
         let (cctx_sender, cctx_receiver) = tokio::sync::oneshot::channel();
 
         let oauth_server = server.oauth();
-        oauth_server.mock_server_metadata().ok().expect(1).named("server_metadata").mount().await;
-        oauth_server.mock_registration().ok().expect(1).named("registration").mount().await;
+        let expected_calls = match alice_behavior {
+            AliceBehaviour::LetSessionExpire => 0,
+            _ => 1,
+        };
+        oauth_server
+            .mock_server_metadata()
+            .ok()
+            .expect(expected_calls)
+            .named("server_metadata")
+            .mount()
+            .await;
+        oauth_server
+            .mock_registration()
+            .ok()
+            .expect(expected_calls)
+            .named("registration")
+            .mount()
+            .await;
         oauth_server
             .mock_device_authorization()
             .ok()
-            .expect(1)
+            .expect(expected_calls)
             .named("device_authorization")
             .mount()
             .await;
@@ -1107,9 +1154,13 @@ mod test {
             }
         });
 
-        let _alice_task = spawn(async move {
-            grant_login_with_generated_qr(&alice, qr_receiver, cctx_receiver, alice_behavior).await
-        });
+        if !matches!(alice_behavior, AliceBehaviour::LetSessionExpire) {
+            let _alice_task = spawn(async move {
+                grant_login_with_generated_qr(&alice, qr_receiver, cctx_receiver, alice_behavior)
+                    .await
+            });
+        }
+
         bob_login.await
     }
 
@@ -1243,6 +1294,21 @@ mod test {
         assert_eq!(reason, LoginFailureReason::DeviceNotFound);
     }
 
+    #[async_test]
+    async fn test_qr_login_session_expired() {
+        let result = test_failure(TokenResponse::Ok, AliceBehaviour::LetSessionExpire).await;
+
+        assert_matches!(result, Err(QRCodeLoginError::NotFound));
+    }
+
+    #[async_test]
+    async fn test_generated_qr_login_session_expired() {
+        let result =
+            test_generated_failure(TokenResponse::Ok, AliceBehaviour::LetSessionExpire).await;
+
+        assert_matches!(result, Err(QRCodeLoginError::NotFound));
+    }
+
     #[async_test]
     async fn test_device_authorization_endpoint_missing() {
         let server = MatrixMockServer::new().await;
diff --git a/crates/matrix-sdk/src/authentication/oauth/qrcode/mod.rs b/crates/matrix-sdk/src/authentication/oauth/qrcode/mod.rs
@@ -86,7 +86,11 @@ pub enum QRCodeLoginError {
 
     /// An error happened while exchanging messages with the other device.
     #[error(transparent)]
-    SecureChannel(#[from] SecureChannelError),
+    SecureChannel(SecureChannelError),
+
+    /// The rendezvous session was not found and might have expired.
+    #[error("The rendezvous session was not found and might have expired")]
+    NotFound,
 
     /// The cross-process refresh lock failed to be initialized.
     #[error(transparent)]
@@ -118,6 +122,23 @@ pub enum QRCodeLoginError {
     ServerReset(crate::Error),
 }
 
+impl From<SecureChannelError> for QRCodeLoginError {
+    fn from(e: SecureChannelError) -> Self {
+        match e {
+            SecureChannelError::RendezvousChannel(HttpError::Api(ref boxed)) => {
+                if let FromHttpResponseError::Server(api_error) = boxed.as_ref()
+                    && let Some(ErrorKind::NotFound) =
+                        api_error.as_client_api_error().and_then(|e| e.error_kind())
+                {
+                    return Self::NotFound;
+                }
+                Self::SecureChannel(e)
+            }
+            e => Self::SecureChannel(e),
+        }
+    }
+}
+
 /// The error type for failures while trying to grant log in to a new device
 /// using a QR code.
 #[derive(Debug, Error)]

Original file line number	Diff line number	Diff line change
`@@ -284,6 +284,8 @@ pub enum HumanQrLoginError {`
`284`	`284`	`CheckCodeAlreadySent,`
`285`	`285`	`#[error("The check code could not be sent.")]`
`286`	`286`	`CheckCodeCannotBeSent,`
	`287`	`+ #[error("The rendezvous session was not found and might have expired")]`
	`288`	`+ NotFound,`
`287`	`289`	`}`
`288`	`290`
`289`	`291`	`impl From<qrcode::QRCodeLoginError> for HumanQrLoginError {`
`@@ -331,6 +333,8 @@ impl From<qrcode::QRCodeLoginError> for HumanQrLoginError {`
`331`	`333`	`\| QRCodeLoginError::UserIdDiscovery(_)`
`332`	`334`	`\| QRCodeLoginError::SecretImport(_)`
`333`	`335`	`\| QRCodeLoginError::ServerReset(_) => HumanQrLoginError::Unknown,`
	`336`	`+`
	`337`	`+ QRCodeLoginError::NotFound => HumanQrLoginError::NotFound,`
`334`	`338`	`}`
`335`	`339`	`}`
`336`	`340`	`}`