From 5f9cdcb4b4d0c0e074c4689138faf1bd34574afe Mon Sep 17 00:00:00 2001
From: Benoit Marty <benoitm@matrix.org>
Date: Thu, 21 Nov 2019 10:29:16 +0100
Subject: [PATCH] Login screens: Doc: add msisdn stage

---
 docs/signup.md | 192 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 190 insertions(+), 2 deletions(-)

diff --git a/docs/signup.md b/docs/signup.md
index 7d35f6b19b..e4c33fb415 100644
--- a/docs/signup.md
+++ b/docs/signup.md
@@ -368,13 +368,13 @@ User is proposed to accept T&C and he accepts them
 
 User is proposed to prove he is not a robot and he does it:
 
-> curl -X POST --data $'{"auth":{"response":"03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q","session":"iLHmdwNlXZoREDACTEDoouwMi","type":"m.login.recaptcha"},"initial_device_display_name":"Mobile device"}' 'https://matrix.org/_matrix/client/r0/register'
+> curl -X POST --data $'{"auth":{"response":"03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q","session":"xptUYoREDACTEDogOWAGVnbJQ","type":"m.login.recaptcha"},"initial_device_display_name":"Mobile device"}' 'https://matrix.org/_matrix/client/r0/register'
 
 ```json
 {
   "auth": {
     "response": "03AOLTBLSiGS9GhFDpAMblJ2nlXOmHXqAYJ5OvHCPUjiVLBef3k9snOYI_BDC32-t4D2jv-tpvkaiEI_uloobFd9RUTPpJ7con2hMddbKjSCYqXqcUQFhzhbcX6kw8uBnh2sbwBe80_ihrHGXEoACXQkL0ki1Q0uEtOeW20YBRjbNABsZPpLNZhGIWC0QVXnQ4FouAtZrl3gOAiyM-oG3cgP6M9pcANIAC_7T2P2amAHbtsTlSR9CsazNyS-rtDR9b5MywdtnWN9Aw8fTJb8cXQk_j7nvugMxzofPjSOrPKcr8h5OqPlpUCyxxnFtag6cuaPSUwh43D2L0E-ZX7djzaY2Yh_U2n6HegFNPOQ22CJmfrKwDlodmAfMPvAXyq77n3HpoREDACTEDo3830RHF4BfkGXUaZjctgg-A1mvC17hmQmQpkG7IhDqyw0onU-0vF_-ehCjq_CcQEDpS_O3uiHJaG5xGf-0rhLm57v_wA3deugbsZuO4uTuxZZycN_mKxZ97jlDVBetl9hc_5REPbhcT1w3uzTCSx7Q",
-    "session": "iLHmdwNlXZoREDACTEDoouwMi",
+    "session": "xptUYoREDACTEDogOWAGVnbJQ",
     "type": "m.login.recaptcha"
   },
   "initial_device_display_name": "Mobile device"
@@ -393,3 +393,191 @@ User is proposed to prove he is not a robot and he does it:
 ```
 
 The account is created!
+
+### Step 5: MSISDN
+
+Some homeservers may require the user to enter MSISDN.
+
+On matrix.org, it's not required, and not even optional, but it's still possible for the app to add a MSIS+Dn during the registration.
+
+The user enter a phone number and select a country, the `client_secret` is generated by the application
+
+> curl -X POST --data $'{"client_secret":"d3e285f6-972a-496c-9a22-7915a2db57c7","send_attempt":1,"country":"FR","phone_number":"+33611223344"}'  'https://matrix.org/_matrix/client/r0/register/msisdn/requestToken'
+
+```json
+{
+  "client_secret": "d3e285f6-972a-496c-9a22-7915a2db57c7",
+  "send_attempt": 1,
+  "country": "FR",
+  "phone_number": "+33611223344"
+}
+```
+
+If the msisdn is already associated to another account, you will received an error:
+
+```json
+{
+  "errcode": "M_THREEPID_IN_USE",
+  "error": "Phone number is already in use"
+}
+```
+
+If it is not the case, the homeserver send the SMS and returns some data, especially a `sid` and a `submit_url`:
+
+```json
+{
+  "msisdn": "33611223344",
+  "intl_fmt": "+336 11 22 33 44",
+  "success": true,
+  "sid": "1678881798",
+  "submit_url": "https:\/\/matrix.org\/_matrix\/client\/unstable\/add_threepid\/msisdn\/submit_token"
+}
+```
+
+When you execute the register request, with the received `sid`, you get an error since the MSISDN is not validated yet:
+
+> curl -X POST --data $'{"auth":{"type":"m.login.msisdn","session":"xptUYoREDACTEDogOWAGVnbJQ","threepid_creds":{"client_secret":"d3e285f6-972a-496c-9a22-7915a2db57c7","sid":"1678881798"}}}' 'https://matrix.org/_matrix/client/r0/register'
+
+
+```json
+  "auth": {
+    "type": "m.login.msisdn",
+    "session": "xptUYoREDACTEDogOWAGVnbJQ",
+    "threepid_creds": {
+      "client_secret": "d3e285f6-972a-496c-9a22-7915a2db57c7",
+      "sid": "1678881798"
+    }
+  }
+}
+```
+
+There is an issue on Synapse, which return a 401, it sends too much data along with the classical MatrixError fields:
+
+```json
+{
+  "session": "xptUYoREDACTEDogOWAGVnbJQ",
+  "flows": [
+    {
+      "stages": [
+        "m.login.recaptcha",
+        "m.login.terms",
+        "m.login.dummy"
+      ]
+    },
+    {
+      "stages": [
+        "m.login.recaptcha",
+        "m.login.terms",
+        "m.login.email.identity"
+      ]
+    }
+  ],
+  "params": {
+    "m.login.recaptcha": {
+      "public_key": "6LcgI54UAAAAABGdGmruw6DdOocFpYVdjYBRe4zb"
+    },
+    "m.login.terms": {
+      "policies": {
+        "privacy_policy": {
+          "version": "1.0",
+          "en": {
+            "name": "Terms and Conditions",
+            "url": "https:\/\/matrix.org\/_matrix\/consent?v=1.0"
+          }
+        }
+      }
+    }
+  },
+  "completed": [],
+  "error": "",
+  "errcode": "M_UNAUTHORIZED"
+}
+```
+
+The user receive the SMS, he can enter the SMS code in the app, which is sent using the "submit_url" received ie the response of the `requestToken` request:
+
+> curl -X POST --data $'{"client_secret":"d3e285f6-972a-496c-9a22-7915a2db57c7","sid":"1678881798","token":"123456"}' 'https://matrix.org/_matrix/client/unstable/add_threepid/msisdn/submit_token'
+
+```json
+{
+  "client_secret": "d3e285f6-972a-496c-9a22-7915a2db57c7",
+  "sid": "1678881798",
+  "token": "123456"
+}
+```
+
+If the code is not correct, we get a 200 with:
+
+```json
+{
+  "success": false
+}
+```
+
+And if the code is correct we get a 200 with:
+
+```json
+{
+  "success": true
+}
+```
+
+We can now execute the registration request, to the homeserver
+
+> curl -X POST --data $'{"auth":{"type":"m.login.msisdn","session":"xptUYoREDACTEDogOWAGVnbJQ","threepid_creds":{"client_secret":"d3e285f6-972a-496c-9a22-7915a2db57c7","sid":"1678881798"}}}' 'https://matrix.org/_matrix/client/r0/register'
+
+```json
+{
+  "auth": {
+    "type": "m.login.msisdn",
+    "session": "xptUYoREDACTEDogOWAGVnbJQ",
+    "threepid_creds": {
+      "client_secret": "d3e285f6-972a-496c-9a22-7915a2db57c7",
+      "sid": "1678881798"
+    }
+  }
+}
+```
+
+Now the homeserver consider that the `m.login.msisdn` step is completed (401):
+
+```json
+{
+  "session": "xptUYoREDACTEDogOWAGVnbJQ",
+  "flows": [
+    {
+      "stages": [
+        "m.login.recaptcha",
+        "m.login.terms",
+        "m.login.dummy"
+      ]
+    },
+    {
+      "stages": [
+        "m.login.recaptcha",
+        "m.login.terms",
+        "m.login.email.identity"
+      ]
+    }
+  ],
+  "params": {
+    "m.login.recaptcha": {
+      "public_key": "6LcgI54UAAAAABGdGmruw6DdOocFpYVdjYBRe4zb"
+    },
+    "m.login.terms": {
+      "policies": {
+        "privacy_policy": {
+          "version": "1.0",
+          "en": {
+            "name": "Terms and Conditions",
+            "url": "https:\/\/matrix.org\/_matrix\/consent?v=1.0"
+          }
+        }
+      }
+    }
+  },
+  "completed": [
+    "m.login.msisdn"
+  ]
+}
+```