summary refs log tree commit diff
path: root/synapse/rest/client/v1/profile.py
diff options
context:
space:
mode:
authorAmber Brown <hawkowl@atleastfornow.net>2019-05-08 16:29:45 -0500
committerAmber Brown <hawkowl@atleastfornow.net>2019-05-08 16:29:45 -0500
commitfaee1e9baba74b08fb991d57effd06f87147fc76 (patch)
treeb15c6241318be63f4043c018964b2f7382b65738 /synapse/rest/client/v1/profile.py
parentMerge remote-tracking branch 'origin/develop' into shhs (diff)
parentFix bogus imports in tests (#5154) (diff)
downloadsynapse-faee1e9baba74b08fb991d57effd06f87147fc76.tar.xz
Merge remote-tracking branch 'origin/develop' into shhs
Diffstat (limited to 'synapse/rest/client/v1/profile.py')
-rw-r--r--synapse/rest/client/v1/profile.py40


1 files changed, 28 insertions, 12 deletions
diff --git a/synapse/rest/client/v1/profile.py b/synapse/rest/client/v1/profile.py

index a23edd8fe5..eac1966c5e 100644
--- a/synapse/rest/client/v1/profile.py
+++ b/synapse/rest/client/v1/profile.py
@@ -31,11 +31,17 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
 
     @defer.inlineCallbacks
     def on_GET(self, request, user_id):
+        requester_user = None
+
+        if self.hs.config.require_auth_for_profile_requests:
+            requester = yield self.auth.get_user_by_req(request)
+            requester_user = requester.user
+
         user = UserID.from_string(user_id)
 
-        displayname = yield self.profile_handler.get_displayname(
-            user,
-        )
+        yield self.profile_handler.check_profile_query_allowed(user, requester_user)
+
+        displayname = yield self.profile_handler.get_displayname(user)
 
         ret = {}
         if displayname is not None:
@@ -74,11 +80,17 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
 
     @defer.inlineCallbacks
     def on_GET(self, request, user_id):
+        requester_user = None
+
+        if self.hs.config.require_auth_for_profile_requests:
+            requester = yield self.auth.get_user_by_req(request)
+            requester_user = requester.user
+
         user = UserID.from_string(user_id)
 
-        avatar_url = yield self.profile_handler.get_avatar_url(
-            user,
-        )
+        yield self.profile_handler.check_profile_query_allowed(user, requester_user)
+
+        avatar_url = yield self.profile_handler.get_avatar_url(user)
 
         ret = {}
         if avatar_url is not None:
@@ -116,14 +128,18 @@ class ProfileRestServlet(ClientV1RestServlet):
 
     @defer.inlineCallbacks
     def on_GET(self, request, user_id):
+        requester_user = None
+
+        if self.hs.config.require_auth_for_profile_requests:
+            requester = yield self.auth.get_user_by_req(request)
+            requester_user = requester.user
+
         user = UserID.from_string(user_id)
 
-        displayname = yield self.profile_handler.get_displayname(
-            user,
-        )
-        avatar_url = yield self.profile_handler.get_avatar_url(
-            user,
-        )
+        yield self.profile_handler.check_profile_query_allowed(user, requester_user)
+
+        displayname = yield self.profile_handler.get_displayname(user)
+        avatar_url = yield self.profile_handler.get_avatar_url(user)
 
         ret = {}
         if displayname is not None:

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-17 07:56:34 +0000