From 16773f5e4a1966db16a25df4b1be71eddd27281d Mon Sep 17 00:00:00 2001
From: gnieto <gnieto.talo@gmail.com>
Date: Tue, 10 Jun 2025 13:37:04 +0200
Subject: [PATCH] Do not send empty auth when setting up cross-signing keys
 (#29914)

* Do not send empty auth when setting up cross-signing keys

My understanding from the spec is that no auth parameter should be sent
when starting a UIA flow. [This section](https://spec.matrix.org/v1.14/client-server-api/#user-interactive-api-in-the-rest-api)
says that "A client should first make a request with no auth parameter"
and this is not what element-web is doing (since it is sending an auth parameter with
an empty dictionary).

In the upload cross-signing keys endpoint
[documentation](https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keysdevice_signingupload_request_authentication-data)
it says that type may be omitted if session is set, but in this specific
case neither of the fields is set.

* fixup! Do not send empty auth when setting up cross-signing keys
---
 src/CreateCrossSigning.ts       | 4 ++--
 test/CreateCrossSigning-test.ts | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/CreateCrossSigning.ts b/src/CreateCrossSigning.ts
index c8e7aa3e73..5f6f3e48aa 100644
--- a/src/CreateCrossSigning.ts
+++ b/src/CreateCrossSigning.ts
@@ -38,10 +38,10 @@ export async function createCrossSigning(cli: MatrixClient): Promise<void> {
 
 export async function uiAuthCallback(
     matrixClient: MatrixClient,
-    makeRequest: (authData: AuthDict) => Promise<void>,
+    makeRequest: (authData: AuthDict | null) => Promise<void>,
 ): Promise<void> {
     try {
-        await makeRequest({});
+        await makeRequest(null);
     } catch (error) {
         if (!(error instanceof MatrixError) || !error.data || !error.data.flows) {
             // Not a UIA response
diff --git a/test/CreateCrossSigning-test.ts b/test/CreateCrossSigning-test.ts
index cd2bf904cd..09bb3b5a63 100644
--- a/test/CreateCrossSigning-test.ts
+++ b/test/CreateCrossSigning-test.ts
@@ -45,7 +45,7 @@ describe("CreateCrossSigning", () => {
 
         const makeRequest = jest.fn();
         await authUploadDeviceSigningKeys!(makeRequest);
-        expect(makeRequest).toHaveBeenCalledWith({});
+        expect(makeRequest).toHaveBeenCalledWith(null);
     });
 
     it("should prompt user if upload failed with UIA", async () => {