Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-23 03:34:08 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update with changes from MSC4170

Browse source
This commit is contained in:
Johannes Marbach 2024-10-07 09:54:48 +02:00
parent ddcc7a6e46
commit 92ef0b08c5
7 changed files with 32 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/client_server/newsfragments/1867.clarification
View file

@ -1 +0,0 @@
Add missing 403 response on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname`.

1
changelogs/client_server/newsfragments/1867.feature Normal file
View file

@ -0,0 +1 @@
Add 403 responses on `/profile/{userId}/avatar_url` and `/profile/{userId}/displayname` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).

1
changelogs/server_server/newsfragments/1867.clarification
View file

@ -1 +0,0 @@
Add missing 403 response on `/query/profile`.

1
changelogs/server_server/newsfragments/1867.feature Normal file
View file

@ -0,0 +1 @@
Add 403 response on `/query/profile` as per [MSC4170](https://github.com/matrix-org/matrix-spec-proposals/pull/4170).

20
content/client-server-api/_index.md
View file

@ -2753,7 +2753,25 @@ re-invited.
{{% http-api spec="client-server" api="profile" %}} {{% http-api spec="client-server" api="profile" %}}
#### Events on Change of Profile Information #### Server behaviour
Homeservers MUST at a minimum allow profile look-up for:
- users that share a room with the requesting user
- users that reside in public rooms known to the homeserver
In all other cases, homeservers MAY deny profile look-up by responding with
403 and an error code of `M_FORBIDDEN`.
When a remote user is queried and the query is not denied per the above,
homeservers SHOULD query the remote server for the user's profile information.
The remote server MAY itself deny profile queries over federation, however.
When the requested user does not exist, homeservers MAY choose whether to
respond with 403 or 404. If the server denies profile look-up in all but the
required cases, 403 is RECOMMENDED.
##### Events on Change of Profile Information
Because the profile display name and avatar information are likely to be Because the profile display name and avatar information are likely to be
used in many places of a client's display, changes to these fields cause used in many places of a client's display, changes to these fields cause

12
data/api/client-server/profile.yaml
View file

@ -14,6 +14,8 @@
openapi: 3.1.0 openapi: 3.1.0
info: info:
title: Matrix Client-Server Profile API title: Matrix Client-Server Profile API
description: |-
foo bar foo bar
version: 1.0.0 version: 1.0.0
paths: paths:
"/profile/{userId}/displayname": "/profile/{userId}/displayname":
@ -99,7 +101,7 @@ paths:
"displayname": "Alice Margatroid" "displayname": "Alice Margatroid"
} }
"403": "403":
x-addedInMatrixVersion: "1.2" x-addedInMatrixVersion: "1.13"
description: The server is unwilling to disclose whether the user exists and/or description: The server is unwilling to disclose whether the user exists and/or
has a display name. has a display name.
content: content:
@ -110,7 +112,7 @@ paths:
response: response:
value: { value: {
"errcode": "M_FORBIDDEN", "errcode": "M_FORBIDDEN",
"error": "Profile lookup over federation is disabled on this homeserver" "error": "Profile lookup is disabled on this homeserver"
} }
"404": "404":
description: There is no display name for this user or this user does not exist. description: There is no display name for this user or this user does not exist.
@ -200,7 +202,7 @@ paths:
"avatar_url": "mxc://matrix.org/SDGdghriugerRg" "avatar_url": "mxc://matrix.org/SDGdghriugerRg"
} }
"403": "403":
x-addedInMatrixVersion: "1.2" x-addedInMatrixVersion: "1.13"
description: The server is unwilling to disclose whether the user exists and/or description: The server is unwilling to disclose whether the user exists and/or
has an avatar URL. has an avatar URL.
content: content:
@ -211,7 +213,7 @@ paths:
response: response:
value: { value: {
"errcode": "M_FORBIDDEN", "errcode": "M_FORBIDDEN",
"error": "Profile lookup over federation is disabled on this homeserver" "error": "Profile lookup is disabled on this homeserver"
} }
"404": "404":
description: There is no avatar URL for this user or this user does not exist. description: There is no avatar URL for this user or this user does not exist.
@ -267,7 +269,7 @@ paths:
response: response:
value: { value: {
"errcode": "M_FORBIDDEN", "errcode": "M_FORBIDDEN",
"error": "Profile lookup over federation is disabled on this homeserver" "error": "Profile lookup is disabled on this homeserver"
} }
"404": "404":
description: There is no profile information for this user or this user does not description: There is no profile information for this user or this user does not

5
data/api/server-server/query.yaml
View file

@ -117,6 +117,9 @@ paths:
Servers may wish to cache the response to this query to avoid requesting the Servers may wish to cache the response to this query to avoid requesting the
information too often. information too often.
Servers MAY deny profile look-up over federation by responding with 403 and an
error code of `M_FORBIDDEN`.
operationId: queryProfile operationId: queryProfile
security: security:
- signedRequest: [] - signedRequest: []
@ -173,7 +176,7 @@ paths:
"avatar_url": "mxc://matrix.org/MyC00lAvatar" "avatar_url": "mxc://matrix.org/MyC00lAvatar"
} }
"403": "403":
x-addedInMatrixVersion: "1.2" x-addedInMatrixVersion: "1.12"
description: The server is unwilling to disclose whether the user exists and/or description: The server is unwilling to disclose whether the user exists and/or
has a display name. has a display name.
content: content: