diff --git a/changelog.d/6523.feature b/changelog.d/6523.feature
new file mode 100644
index 0000000000..798fa143df
--- /dev/null
+++ b/changelog.d/6523.feature
@@ -0,0 +1 @@
+Add option `limit_profile_requests_to_users_who_share_rooms` to prevent requirement of a local user sharing a room with another user to query their profile information.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 05cd1750e6..fb6f84f6f3 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -54,12 +54,12 @@ pid_file: DATADIR/homeserver.pid
#
#require_auth_for_profile_requests: true
-# Whether to require a user to share a room with another user in order
+# Uncomment to require a user to share a room with another user in order
# to retrieve their profile information. Only checked on Client-Server
# requests. Profile requests from other servers should be checked by the
# requesting server. Defaults to 'false'.
#
-# limit_profile_requests_to_known_users: true
+#limit_profile_requests_to_users_who_share_rooms: true
# If set to 'true', removes the need for authentication to access the server's
# public rooms directory through the client API, meaning that anyone can
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 3a8e920bf0..b50149f0d4 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -104,8 +104,8 @@ class ServerConfig(Config):
# Whether to require sharing a room with a user to retrieve their
# profile data
- self.limit_profile_requests_to_known_users = config.get(
- "limit_profile_requests_to_known_users", False
+ self.limit_profile_requests_to_users_who_share_rooms = config.get(
+ "limit_profile_requests_to_users_who_share_rooms", False,
)
if "restrict_public_rooms_to_local_users" in config and (
@@ -633,12 +633,12 @@ class ServerConfig(Config):
#
#require_auth_for_profile_requests: true
- # Whether to require a user to share a room with another user in order
+ # Uncomment to require a user to share a room with another user in order
# to retrieve their profile information. Only checked on Client-Server
# requests. Profile requests from other servers should be checked by the
# requesting server. Defaults to 'false'.
#
- # limit_profile_requests_to_known_users: true
+ #limit_profile_requests_to_users_who_share_rooms: true
# If set to 'true', removes the need for authentication to access the server's
# public rooms directory through the client API, meaning that anyone can
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py
index e8892e1220..75227ae34b 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -496,16 +496,16 @@ class BaseProfileHandler(BaseHandler):
be found to be in any room the server is in, and therefore the query
is denied.
"""
+
# Implementation of MSC1301: don't allow looking up profiles if the
# requester isn't in the same room as the target. We expect requester to
# be None when this function is called outside of a profile query, e.g.
# when building a membership event. In this case, we must allow the
# lookup.
- if not self.hs.config.limit_profile_requests_to_known_users or not requester:
- return
-
- # Always allow the user to query their own profile.
- if target_user.to_string() == requester.to_string():
+ if (
+ not self.hs.config.limit_profile_requests_to_users_who_share_rooms
+ or not requester
+ ):
return
# Always allow the user to query their own profile.
diff --git a/tests/rest/client/v1/test_profile.py b/tests/rest/client/v1/test_profile.py
index 6088bce154..8df58b4a63 100644
--- a/tests/rest/client/v1/test_profile.py
+++ b/tests/rest/client/v1/test_profile.py
@@ -237,7 +237,7 @@ class ProfilesRestrictedTestCase(unittest.HomeserverTestCase):
config = self.default_config()
config["require_auth_for_profile_requests"] = True
- config["limit_profile_requests_to_known_users"] = True
+ config["limit_profile_requests_to_users_who_share_rooms"] = True
self.hs = self.setup_test_homeserver(config=config)
return self.hs
@@ -310,6 +310,7 @@ class OwnProfileUnrestrictedTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock):
config = self.default_config()
config["require_auth_for_profile_requests"] = True
+ config["limit_profile_requests_to_users_who_share_rooms"] = True
self.hs = self.setup_test_homeserver(config=config)
return self.hs
|
