-
- Downloads
add options to require an access_token to GET /profile and /publicRooms on CS API (#5083)
This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
Showing
- changelog.d/5083.feature 1 addition, 0 deletionschangelog.d/5083.feature
- docs/sample_config.yaml 14 additions, 0 deletionsdocs/sample_config.yaml
- synapse/config/server.py 27 additions, 0 deletionssynapse/config/server.py
- synapse/federation/transport/server.py 10 additions, 0 deletionssynapse/federation/transport/server.py
- synapse/handlers/profile.py 43 additions, 0 deletionssynapse/handlers/profile.py
- synapse/rest/client/v1/profile.py 28 additions, 12 deletionssynapse/rest/client/v1/profile.py
- synapse/rest/client/v1/room.py 6 additions, 0 deletionssynapse/rest/client/v1/room.py
- tests/rest/client/v1/test_profile.py 91 additions, 1 deletiontests/rest/client/v1/test_profile.py
- tests/rest/client/v1/test_rooms.py 32 additions, 0 deletionstests/rest/client/v1/test_rooms.py
Loading
Please register or sign in to comment