summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorAndrewFerr <AndrewFerr@users.noreply.github.com>2021-02-19 04:50:41 -0500
committerGitHub <noreply@github.com>2021-02-19 09:50:41 +0000
commit9bc74743d53f4795b8bbd674d2945962a9bb29f9 (patch)
tree049e203bcb3dcb84b16345a4ba885b72521e63e1 /synapse/handlers
parentMerge branch 'master' into develop (diff)
downloadsynapse-9bc74743d53f4795b8bbd674d2945962a9bb29f9.tar.xz
Add configs to make profile data more private (#9203)
Add off-by-default configuration settings to:
- disable putting an invitee's profile info in invite events
- disable profile lookup via federation

Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/message.py8
-rw-r--r--synapse/handlers/profile.py10
2 files changed, 17 insertions, 1 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index c03f6c997b..1b7c065b34 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -387,6 +387,12 @@ class EventCreationHandler:
 
         self.room_invite_state_types = self.hs.config.room_invite_state_types
 
+        self.membership_types_to_include_profile_data_in = (
+            {Membership.JOIN, Membership.INVITE}
+            if self.hs.config.include_profile_data_on_invite
+            else {Membership.JOIN}
+        )
+
         self.send_event = ReplicationSendEventRestServlet.make_client(hs)
 
         # This is only used to get at ratelimit function, and maybe_kick_guest_users
@@ -500,7 +506,7 @@ class EventCreationHandler:
             membership = builder.content.get("membership", None)
             target = UserID.from_string(builder.state_key)
 
-            if membership in {Membership.JOIN, Membership.INVITE}:
+            if membership in self.membership_types_to_include_profile_data_in:
                 # If event doesn't include a display name, add one.
                 profile = self.profile_handler
                 content = builder.content
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py
index 2f62d84fb5..d933dd3f01 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -310,6 +310,16 @@ class ProfileHandler(BaseHandler):
         await self._update_join_states(requester, target_user)
 
     async def on_profile_query(self, args: JsonDict) -> JsonDict:
+        """Handles federation profile query requests.
+        """
+
+        if not self.hs.config.allow_profile_lookup_over_federation:
+            raise SynapseError(
+                403,
+                "Profile lookup over federation is disabled on this homeserver",
+                Codes.FORBIDDEN,
+            )
+
         user = UserID.from_string(args["user_id"])
         if not self.hs.is_mine(user):
             raise SynapseError(400, "User is not hosted on this homeserver")
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-08 16:14:17 +0000