summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2020-03-19 19:15:45 +0000
committerAndrew Morgan <andrew@amorgan.xyz>2020-03-19 19:15:45 +0000
commit1964f11955225161cbe30372787f05478ece687c (patch)
tree2327863c173ea42a93bfabc72d42776b833b9033 /synapse
parentExclude rejected state events when calculating state at backwards extrems (#6... (diff)
parentAdd option to allow profile queries without sharing a room (#6523) (diff)
downloadsynapse-1964f11955225161cbe30372787f05478ece687c.tar.xz
Add option to allow profile queries without sharing a room (#6523)
* commit 'bfb95654c':
  Add option to allow profile queries without sharing a room (#6523)
Diffstat (limited to '')
-rw-r--r--synapse/config/server.py8
-rw-r--r--synapse/handlers/profile.py10
2 files changed, 9 insertions, 9 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py

index 3a8e920bf0..b50149f0d4 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -104,8 +104,8 @@ class ServerConfig(Config):
 
         # Whether to require sharing a room with a user to retrieve their
         # profile data
-        self.limit_profile_requests_to_known_users = config.get(
-            "limit_profile_requests_to_known_users", False
+        self.limit_profile_requests_to_users_who_share_rooms = config.get(
+            "limit_profile_requests_to_users_who_share_rooms", False,
         )
 
         if "restrict_public_rooms_to_local_users" in config and (
@@ -633,12 +633,12 @@ class ServerConfig(Config):
         #
         #require_auth_for_profile_requests: true
 
-        # Whether to require a user to share a room with another user in order
+        # Uncomment to require a user to share a room with another user in order
         # to retrieve their profile information. Only checked on Client-Server
         # requests. Profile requests from other servers should be checked by the
         # requesting server. Defaults to 'false'.
         #
-        # limit_profile_requests_to_known_users: true
+        #limit_profile_requests_to_users_who_share_rooms: true
 
         # If set to 'true', removes the need for authentication to access the server's
         # public rooms directory through the client API, meaning that anyone can
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py

index e8892e1220..75227ae34b 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -496,16 +496,16 @@ class BaseProfileHandler(BaseHandler):
                 be found to be in any room the server is in, and therefore the query
                 is denied.
         """
+
         # Implementation of MSC1301: don't allow looking up profiles if the
         # requester isn't in the same room as the target. We expect requester to
         # be None when this function is called outside of a profile query, e.g.
         # when building a membership event. In this case, we must allow the
         # lookup.
-        if not self.hs.config.limit_profile_requests_to_known_users or not requester:
-            return
-
-        # Always allow the user to query their own profile.
-        if target_user.to_string() == requester.to_string():
+        if (
+            not self.hs.config.limit_profile_requests_to_users_who_share_rooms
+            or not requester
+        ):
             return
 
         # Always allow the user to query their own profile.
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-11 13:05:44 +0000