Allow /versions to optionally accept authentication

According to MSC2046. Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
2026-03-23 19:44:09 +01:00 · 2024-02-22 15:32:01 +01:00 · 2024-02-22 15:32:01 +01:00 · c5074f2a1f
parent c4e69d8cb1
commit c5074f2a1f
2 changed files with 33 additions and 5 deletions
--- a/data/api/client-server/versions.yaml
+++ b/data/api/client-server/versions.yaml
@ -34,11 +34,21 @@ paths:
        which has not yet landed in the spec. For example, a feature currently
        undergoing the proposal process may appear here and eventually be taken
        off this list once the feature lands in the spec and the server deems it
-        reasonable to do so. Servers may wish to keep advertising features here
-        after they've been released into the spec to give clients a chance to
-        upgrade appropriately. Additionally, clients should avoid using unstable
-        features in their stable releases.
+        reasonable to do so. Servers can choose to enable some features only for
+        some users, so clients should include authentication in the request to
+        get all the features available for the logged-in user. If no
+        authentication is provided, the server should only return the features
+        available to all users. Servers may wish to keep advertising features
+        here after they've been released into the spec to give clients a chance
+        to upgrade appropriately. Additionally, clients should avoid using
+        unstable features in their stable releases.
      operationId: getVersions
+      security:
+        - {}
+        - accessToken: []
+      x-changedInMatrixVersion:
+        "1.10": |
+          This endpoint can behave differently when authentication is provided.
      responses:
        "200":
          description: The versions supported by the server.
@ -89,3 +99,6 @@ servers:
        default: localhost:8008
      basePath:
        default: /_matrix/client
+components:
+  securitySchemes:
+    $ref: definitions/security.yaml
--- a/layouts/partials/openapi/render-operation.html
+++ b/layouts/partials/openapi/render-operation.html
@ -59,7 +59,22 @@
  </tr>
 <tr>
  <th>Requires authentication:</th>
-  <td>{{ if $operation_data.security }}Yes{{ else }}No{{ end }}</td>
+  {{/*
+    Authentication is optional if one of these is true:
+      - the security key is not set
+      - the security value contains an empty object
+  */}}
+  {{ $requires_authentication := 1 }}
+  {{ if $operation_data.security }}
+    {{ range $operation_data.security }}
+      {{ if eq (len (index $operation_data.security 0)) 0 }}
+        {{ $requires_authentication = 0 }}
+      {{ end }}
+    {{ end }}
+  {{ else }}
+    {{ $requires_authentication = 0 }}
+  {{ end }}
+  <td>{{ if $requires_authentication }}Yes{{ else }}No{{ end }}</td>
 </tr>
 </table>