also add auth_public_rooms option to require auth for CS API /publicRooms

author: Matthew Hodgson <matthew@matrix.org> 2019-04-21 07:16:52 +0100
committer: Matthew Hodgson <matthew@matrix.org> 2019-04-21 09:04:24 +0100
commit: 0d3f9c329ce7c00e1b9f1c1a03b6bec7732f119d (patch)
tree: 107cbdf805cbc6efe675b10ac0b2e14ffc4af689
parent: don't auth profile reqs by default (diff)
download: synapse-0d3f9c329ce7c00e1b9f1c1a03b6bec7732f119d.tar.xz
3 files changed, 20 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 4779f7bcc7..4cfc2468f0 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -73,6 +73,11 @@ pid_file: DATADIR/homeserver.pid
 # endpoints via CS API. this is a workaround in advance of MSC1301 landing
 #auth_profile_reqs: false
 
+# whether to require users to authenticate in order to query /publicRooms
+# endpoints via CS API. this is a workaround in advance of
+# https://github.com/matrix-org/matrix-doc/issues/612 beinig solved
+#auth_public_rooms: false
+
 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
 #gc_thresholds: [700, 10, 10]
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 028695591f..ea84245907 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -75,6 +75,11 @@ class ServerConfig(Config):
         # endpoints via CS API. this is a workaround in advance of MSC1301 landing
         self.auth_profile_reqs = config.get("auth_profile_reqs", False)
 
+        # whether to require users to authenticate in order to query /publicRooms
+        # endpoints via CS API. this is a workaround in advance of
+        # https://github.com/matrix-org/matrix-doc/issues/612 beinig solved
+        self.auth_public_rooms = config.get("auth_public_rooms", False)
+
         # whether to enable search. If disabled, new entries will not be inserted
         # into the search tables and they will not be indexed. Users will receive
         # errors when attempting to search for messages.
@@ -326,6 +331,11 @@ class ServerConfig(Config):
         # endpoints via CS API. this is a workaround in advance of MSC1301 landing
         #auth_profile_reqs: false
 
+        # whether to require users to authenticate in order to query /publicRooms
+        # endpoints via CS API. this is a workaround in advance of
+        # https://github.com/matrix-org/matrix-doc/issues/612 beinig solved
+        #auth_public_rooms: false
+
         # The GC threshold parameters to pass to `gc.set_threshold`, if defined
         #
         #gc_thresholds: [700, 10, 10]
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index 17a1503cdb..e1aaf89eda 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -301,6 +301,11 @@ class PublicRoomListRestServlet(ClientV1RestServlet):
         try:
             yield self.auth.get_user_by_req(request, allow_guest=True)
         except AuthError as e:
+            # option to allow servers in private federations to require auth
+            # when accessing /publicRooms via CS API
+            if self.hs.config.auth_public_rooms:
+                raise e
+
             # We allow people to not be authed if they're just looking at our
             # room list, but require auth when we proxy the request.
             # In both cases we call the auth function, as that has the side
author	Matthew Hodgson <matthew@matrix.org>	2019-04-21 07:16:52 +0100
committer	Matthew Hodgson <matthew@matrix.org>	2019-04-21 09:04:24 +0100
commit	0d3f9c329ce7c00e1b9f1c1a03b6bec7732f119d (patch)
tree	107cbdf805cbc6efe675b10ac0b2e14ffc4af689
parent	don't auth profile reqs by default (diff)
download	synapse-0d3f9c329ce7c00e1b9f1c1a03b6bec7732f119d.tar.xz