Return error if user tries to send empty login code to API

mautrix_telegram/user.py

@@ -195,7 +195,8 @@ class User(DBUser, AbstractUser, BaseUser):
             if self.tgid:
                 await self.push_bridge_state(BridgeStateEvent.UNKNOWN_ERROR, message=str(e))
         except UnauthorizedError as e:
-            self.log.error(f"Authorization error in start(): {type(e)}: {e}")
+            if delete_unless_authenticated or self.tgid:
+                self.log.error(f"Authorization error in start(): {type(e)}: {e}")
             if self.tgid:
                 await self.push_bridge_state(
                     BridgeStateEvent.BAD_CREDENTIALS,

mautrix_telegram/web/common/auth_api.py

@@ -126,8 +126,10 @@ class AuthAPI(abc.ABC):
                 mxid=user.mxid,
                 state="code",
                 status=200,
-                message="Code requested successfully. Check your SMS "
-                "or Telegram client and enter the code below.",
+                message=(
+                    "Code requested successfully. Check your SMS "
+                    "or Telegram client and enter the code below."
+                ),
             )
         except PhoneNumberInvalidError:
             return self.get_login_response(
@@ -167,8 +169,10 @@ class AuthAPI(abc.ABC):
                 state="request",
                 status=429,
                 errcode="phone_number_flood",
-                error="Your phone number has been temporarily blocked for flooding. "
-                "The ban is usually applied for around a day.",
+                error=(
+                    "Your phone number has been temporarily blocked for flooding. "
+                    "The ban is usually applied for around a day."
+                ),
             )
         except FloodWaitError as e:
             return self.get_login_response(
@@ -176,8 +180,10 @@ class AuthAPI(abc.ABC):
                 state="request",
                 status=429,
                 errcode="flood_wait",
-                error="Your phone number has been temporarily blocked for flooding. "
-                f"Please wait for {format_duration(e.seconds)} before trying again.",
+                error=(
+                    "Your phone number has been temporarily blocked for flooding. "
+                    f"Please wait for {format_duration(e.seconds)} before trying again."
+                ),
             )
         except Exception:
             self.log.exception("Error requesting phone code")
@@ -237,6 +243,14 @@ class AuthAPI(abc.ABC):
     async def post_login_code(
         self, user: User, code: int, password_in_data: bool
     ) -> web.Response | None:
+        if not code:
+            return self.get_login_response(
+                mxid=user.mxid,
+                state="code",
+                status=400,
+                errcode="phone_code_missing",
+                error="You must provide the code from your phone.",
+            )
         try:
             user_info = await user.client.sign_in(code=code)
             await self.postprocess_login(user, user_info)

requirements.txt

@@ -6,7 +6,7 @@ yarl>=1,<2
 mautrix>=0.14.9,<0.15
 #telethon>=1.24,<1.25
 # Fork to make session storage async and update to layer 138
-tulir-telethon==1.25.0a4
+tulir-telethon==1.25.0a5
 asyncpg>=0.20,<0.26
 mako>=1,<2
 setuptools