From 92ef0b08c5a361495253526a1d05c2e2d09da726 Mon Sep 17 00:00:00 2001 From: Johannes Marbach Date: Mon, 7 Oct 2024 09:54:48 +0200 Subject: [PATCH] Update with changes from MSC4170 --- .../newsfragments/1867.clarification | 1 - .../client_server/newsfragments/1867.feature | 1 + .../newsfragments/1867.clarification | 1 - .../server_server/newsfragments/1867.feature | 1 + content/client-server-api/_index.md | 20 ++++++++++++++++++- data/api/client-server/profile.yaml | 12 ++++++----- data/api/server-server/query.yaml | 5 ++++- 7 files changed, 32 insertions(+), 9 deletions(-) delete mode 100644 changelogs/client_server/newsfragments/1867.clarification create mode 100644 changelogs/client_server/newsfragments/1867.feature delete mode 100644 changelogs/server_server/newsfragments/1867.clarification create mode 100644 changelogs/server_server/newsfragments/1867.feature diff --git a/changelogs/client_server/newsfragments/1867.clarification b/changelogs/client_server/newsfragments/1867.clarification deleted file mode 100644 index 61fca659..00000000 --- a/changelogs/client_server/newsfragments/1867.clarification +++ /dev/null @@ -1 +0,0 @@ -Add missing 403 response on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname`. diff --git a/changelogs/client_server/newsfragments/1867.feature b/changelogs/client_server/newsfragments/1867.feature new file mode 100644 index 00000000..24d6aa52 --- /dev/null +++ b/changelogs/client_server/newsfragments/1867.feature @@ -0,0 +1 @@ +Add 403 responses on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170). diff --git a/changelogs/server_server/newsfragments/1867.clarification b/changelogs/server_server/newsfragments/1867.clarification deleted file mode 100644 index b1f7da62..00000000 --- a/changelogs/server_server/newsfragments/1867.clarification +++ /dev/null @@ -1 +0,0 @@ -Add missing 403 response on `/query/profile`. diff --git a/changelogs/server_server/newsfragments/1867.feature b/changelogs/server_server/newsfragments/1867.feature new file mode 100644 index 00000000..8217afb3 --- /dev/null +++ b/changelogs/server_server/newsfragments/1867.feature @@ -0,0 +1 @@ +Add 403 response on `/query/profile` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170). diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md index e9efe8ec..0fd5f6b0 100644 --- a/content/client-server-api/_index.md +++ b/content/client-server-api/_index.md @@ -2753,7 +2753,25 @@ re-invited. {{% http-api spec="client-server" api="profile" %}} -#### Events on Change of Profile Information +#### Server behaviour + +Homeservers MUST at a minimum allow profile look-up for: + +- users that share a room with the requesting user +- users that reside in public rooms known to the homeserver + +In all other cases, homeservers MAY deny profile look-up by responding with +403 and an error code of `M_FORBIDDEN`. + +When a remote user is queried and the query is not denied per the above, +homeservers SHOULD query the remote server for the user's profile information. +The remote server MAY itself deny profile queries over federation, however. + +When the requested user does not exist, homeservers MAY choose whether to +respond with 403 or 404. If the server denies profile look-up in all but the +required cases, 403 is RECOMMENDED. + +##### Events on Change of Profile Information Because the profile display name and avatar information are likely to be used in many places of a client's display, changes to these fields cause diff --git a/data/api/client-server/profile.yaml b/data/api/client-server/profile.yaml index 1f74c972..7680e6f8 100644 --- a/data/api/client-server/profile.yaml +++ b/data/api/client-server/profile.yaml @@ -14,6 +14,8 @@ openapi: 3.1.0 info: title: Matrix Client-Server Profile API + description: |- + foo bar foo bar version: 1.0.0 paths: "/profile/{userId}/displayname": @@ -99,7 +101,7 @@ paths: "displayname": "Alice Margatroid" } "403": - x-addedInMatrixVersion: "1.2" + x-addedInMatrixVersion: "1.13" description: The server is unwilling to disclose whether the user exists and/or has a display name. content: @@ -110,7 +112,7 @@ paths: response: value: { "errcode": "M_FORBIDDEN", - "error": "Profile lookup over federation is disabled on this homeserver" + "error": "Profile lookup is disabled on this homeserver" } "404": description: There is no display name for this user or this user does not exist. @@ -200,7 +202,7 @@ paths: "avatar_url": "mxc://matrix.org/SDGdghriugerRg" } "403": - x-addedInMatrixVersion: "1.2" + x-addedInMatrixVersion: "1.13" description: The server is unwilling to disclose whether the user exists and/or has an avatar URL. content: @@ -211,7 +213,7 @@ paths: response: value: { "errcode": "M_FORBIDDEN", - "error": "Profile lookup over federation is disabled on this homeserver" + "error": "Profile lookup is disabled on this homeserver" } "404": description: There is no avatar URL for this user or this user does not exist. @@ -267,7 +269,7 @@ paths: response: value: { "errcode": "M_FORBIDDEN", - "error": "Profile lookup over federation is disabled on this homeserver" + "error": "Profile lookup is disabled on this homeserver" } "404": description: There is no profile information for this user or this user does not diff --git a/data/api/server-server/query.yaml b/data/api/server-server/query.yaml index 0e80df60..8e17ea8d 100644 --- a/data/api/server-server/query.yaml +++ b/data/api/server-server/query.yaml @@ -117,6 +117,9 @@ paths: Servers may wish to cache the response to this query to avoid requesting the information too often. + + Servers MAY deny profile look-up over federation by responding with 403 and an + error code of `M_FORBIDDEN`. operationId: queryProfile security: - signedRequest: [] @@ -173,7 +176,7 @@ paths: "avatar_url": "mxc://matrix.org/MyC00lAvatar" } "403": - x-addedInMatrixVersion: "1.2" + x-addedInMatrixVersion: "1.12" description: The server is unwilling to disclose whether the user exists and/or has a display name. content: