diff options
| -rw-r--r-- | changelog.d/18.feature | 1 | ||||
| -rw-r--r-- | docs/sample_config.yaml | 7 | ||||
| -rw-r--r-- | synapse/config/server.py | 13 | ||||
| -rw-r--r-- | synapse/handlers/profile.py | 4 | ||||
| -rw-r--r-- | tests/rest/client/v1/test_profile.py | 1 |
5 files changed, 24 insertions, 2 deletions
diff --git a/changelog.d/18.feature b/changelog.d/18.feature new file mode 100644 index 0000000000..f5aa29a6e8 --- /dev/null +++ b/changelog.d/18.feature @@ -0,0 +1 @@ +Add option `limit_profile_requests_to_known_users` to prevent requirement of a user sharing a room with another user to query their profile information. \ No newline at end of file diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index b4713b687e..7531e3aef8 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -77,6 +77,13 @@ pid_file: DATADIR/homeserver.pid # #require_auth_for_profile_requests: true +# Whether to require a user to share a room with another user in order +# to retrieve their profile information. Only checked on Client-Server +# requests. Profile requests from other servers should be checked by the +# requesting server. Defaults to 'false'. +# +# limit_profile_requests_to_known_users: true + # If set to 'false', requires authentication to access the server's public rooms # directory through the client API. Defaults to 'true'. # diff --git a/synapse/config/server.py b/synapse/config/server.py index 4729b30b36..2ef1d940c4 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -84,6 +84,12 @@ class ServerConfig(Config): "require_auth_for_profile_requests", False, ) + # Whether to require sharing a room with a user to retrieve their + # profile data + self.limit_profile_requests_to_known_users = config.get( + "limit_profile_requests_to_known_users", False, + ) + if "restrict_public_rooms_to_local_users" in config and ( "allow_public_rooms_without_auth" in config or "allow_public_rooms_over_federation" in config @@ -536,6 +542,13 @@ class ServerConfig(Config): # #require_auth_for_profile_requests: true + # Whether to require a user to share a room with another user in order + # to retrieve their profile information. Only checked on Client-Server + # requests. Profile requests from other servers should be checked by the + # requesting server. Defaults to 'false'. + # + # limit_profile_requests_to_known_users: true + # If set to 'false', requires authentication to access the server's public rooms # directory through the client API. Defaults to 'true'. # diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py index 5c493b8d63..5e92c65492 100644 --- a/synapse/handlers/profile.py +++ b/synapse/handlers/profile.py @@ -441,7 +441,7 @@ class BaseProfileHandler(BaseHandler): @defer.inlineCallbacks def check_profile_query_allowed(self, target_user, requester=None): """Checks whether a profile query is allowed. If the - 'require_auth_for_profile_requests' config flag is set to True and a + 'limit_profile_requests_to_known_users' config flag is set to True and a 'requester' is provided, the query is only allowed if the two users share a room. @@ -459,7 +459,7 @@ class BaseProfileHandler(BaseHandler): # be None when this function is called outside of a profile query, e.g. # when building a membership event. In this case, we must allow the # lookup. - if not self.hs.config.require_auth_for_profile_requests or not requester: + if not self.hs.config.limit_profile_requests_to_known_users or not requester: return # Always allow the user to query their own profile. diff --git a/tests/rest/client/v1/test_profile.py b/tests/rest/client/v1/test_profile.py index d932dd3c06..6958430608 100644 --- a/tests/rest/client/v1/test_profile.py +++ b/tests/rest/client/v1/test_profile.py @@ -230,6 +230,7 @@ class ProfilesRestrictedTestCase(unittest.HomeserverTestCase): config = self.default_config() config["require_auth_for_profile_requests"] = True + config["limit_profile_requests_to_known_users"] = True self.hs = self.setup_test_homeserver(config=config) return self.hs |